bootstrap.app.inc.php 7.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200
  1. <?php
  2. /**
  3. * [WeEngine System] Copyright (c) 2014 WE7.CC
  4. * WeEngine is NOT a free software, it under the license terms, visited http://www.we7.cc/ for more details.
  5. */
  6. defined('IN_IA') or exit('Access Denied');
  7. load()->app('common');
  8. load()->app('template');
  9. load()->model('mc');
  10. load()->model('app');
  11. load()->model('account');
  12. load()->model('attachment');
  13. load()->model('permission');
  14. load()->model('module');
  15. $_W['uniacid'] = intval($_GPC['i']);
  16. if(empty($_W['uniacid'])) {
  17. $_W['uniacid'] = intval($_GPC['weid']);
  18. }
  19. if(empty($_W['uniacid'])) {
  20. header('HTTP/1.1 404 Not Found');
  21. header("status: 404 Not Found");
  22. exit;
  23. }
  24. $_W['uniaccount'] = $_W['account'] = uni_fetch($_W['uniacid']);
  25. if (!empty($_W['uniaccount']['endtime']) && TIMESTAMP > $_W['uniaccount']['endtime'] && !in_array($_W['uniaccount']['endtime'], array(USER_ENDTIME_GROUP_EMPTY_TYPE, USER_ENDTIME_GROUP_UNLIMIT_TYPE))) {
  26. message('抱歉,您的平台账号服务已过期,请及时联系管理员');
  27. }
  28. if (app_pass_visit_limit()) {
  29. message('API(访问流量限制)已用完,请联系管理员进行分配或去商城进行购买!');
  30. }
  31. $_W['acid'] = $_W['uniaccount']['acid'];
  32. $isdel_account = pdo_get('account', array('isdeleted' => 1, 'acid' => $_W['acid']));
  33. if (!empty($isdel_account)) {
  34. message('指定公众号已被删除');
  35. }
  36. if (!empty($_W['account']['setting']['bind_domain']) && !empty($_W['account']['setting']['bind_domain']['domain']) && strpos($_W['account']['setting']['bind_domain']['domain'], $_SERVER['HTTP_HOST']) === false) {
  37. header('Location:' . $_W['account']['setting']['bind_domain']['domain']. $_SERVER['REQUEST_URI']);
  38. exit;
  39. }
  40. $_W['session_id'] = '';
  41. if (isset($_GPC['state']) && !empty($_GPC['state']) && strexists($_GPC['state'], 'we7sid-')) {
  42. $pieces = explode('-', $_GPC['state']);
  43. $_W['session_id'] = $pieces[1];
  44. unset($pieces);
  45. }
  46. if (empty($_W['session_id'])) {
  47. $_W['session_id'] = $_COOKIE[session_name()];
  48. }
  49. if (empty($_W['session_id'])) {
  50. $_W['session_id'] = "{$_W['uniacid']}-" . random(20) ;
  51. $_W['session_id'] = md5($_W['session_id']);
  52. setcookie(session_name(), $_W['session_id'], 0, '/');
  53. }
  54. session_id($_W['session_id']);
  55. load()->classs('wesession');
  56. WeSession::start($_W['uniacid'], CLIENT_IP);
  57. if (!empty($_GPC['j'])) {
  58. $acid = intval($_GPC['j']);
  59. $_W['account'] = account_fetch($acid);
  60. if (is_error($_W['account'])) {
  61. $_W['account'] = account_fetch($_W['acid']);
  62. } else {
  63. $_W['acid'] = $acid;
  64. }
  65. $_SESSION['__acid'] = $_W['acid'];
  66. $_SESSION['__uniacid'] = $_W['uniacid'];
  67. }
  68. if (!empty($_SESSION['__acid']) && $_SESSION['__uniacid'] == $_W['uniacid']) {
  69. $_W['acid'] = intval($_SESSION['__acid']);
  70. $_W['account'] = account_fetch($_W['acid']);
  71. }
  72. if (strpos($_SERVER['QUERY_STRING'], 'favicon.ico') === false && ((!empty($_SESSION['acid']) && $_W['acid'] != $_SESSION['acid']) ||
  73. (!empty($_SESSION['uniacid']) && $_W['uniacid'] != $_SESSION['uniacid']))) {
  74. $keys = array_keys($_SESSION);
  75. foreach ($keys as $key) {
  76. unset($_SESSION[$key]);
  77. }
  78. unset($keys, $key);
  79. }
  80. $_SESSION['acid'] = $_W['acid'];
  81. $_SESSION['uniacid'] = $_W['uniacid'];
  82. if (!empty($_SESSION['openid'])) {
  83. $_W['openid'] = $_SESSION['openid'];
  84. $_W['fans'] = mc_fansinfo($_W['openid']);
  85. $_W['fans']['from_user'] = $_W['fans']['openid'] = $_W['openid'];
  86. }
  87. if (!empty($_SESSION['uid']) || (!empty($_W['fans']) && !empty($_W['fans']['uid']))) {
  88. $uid = intval($_SESSION['uid']);
  89. if (empty($uid)) {
  90. $uid = $_W['fans']['uid'];
  91. }
  92. _mc_login(array('uid' => $uid));
  93. unset($uid);
  94. }
  95. if (empty($_W['openid']) && !empty($_SESSION['oauth_openid'])) {
  96. $_W['openid'] = $_SESSION['oauth_openid'];
  97. $_W['fans'] = array(
  98. 'openid' => $_SESSION['oauth_openid'],
  99. 'from_user' => $_SESSION['oauth_openid'],
  100. 'follow' => 0
  101. );
  102. }
  103. $_W['oauth_account'] = $_W['account']['oauth'] = array(
  104. 'key' => $_W['account']['key'],
  105. 'secret' => $_W['account']['secret'],
  106. 'acid' => $_W['account']['acid'],
  107. 'type' => $_W['account']['type'],
  108. 'level' => $_W['account']['level'],
  109. 'support_oauthinfo' => $_W['account']->supportOauthInfo,
  110. 'support_jssdk' => $_W['account']->supportJssdk,
  111. );
  112. $unisetting = uni_setting_load();
  113. if (empty($unisetting['oauth']) && $_W['account']->typeSign == 'account' && $_W['account']['level'] != ACCOUNT_SERVICE_VERIFY) {
  114. $global_oauth = uni_account_global_oauth();
  115. $unisetting['oauth'] = (array)$global_oauth['oauth'];
  116. }
  117. if (!empty($unisetting['oauth']['account'])) {
  118. $oauth = account_fetch($unisetting['oauth']['account']);
  119. if (!empty($oauth) && $_W['account']['level'] <= $oauth['level']) {
  120. $_W['oauth_account'] = $_W['account']['oauth'] = array(
  121. 'key' => $oauth['key'],
  122. 'secret' => $oauth['secret'],
  123. 'acid' => $oauth['acid'],
  124. 'type' => $oauth['type'],
  125. 'level' => $oauth['level'],
  126. 'support_oauthinfo' => $oauth->supportOauthInfo,
  127. 'support_jssdk' => $oauth->supportJssdk,
  128. );
  129. unset($oauth);
  130. }
  131. }
  132. if($controller != 'utility') {
  133. $_W['token'] = token();
  134. }
  135. if (!empty($_W['account']['oauth']) && $_W['account']['oauth']['support_oauthinfo'] && empty($_W['isajax'])) {
  136. if (($_W['platform'] == 'account' && !$_GPC['logout'] && empty($_W['openid']) && ($controller != 'auth' || ($controller == 'auth' && !in_array($action, array('forward', 'oauth'))))) ||
  137. ($_W['platform'] == 'account' && !$_GPC['logout'] && empty($_SESSION['oauth_openid']) && ($controller != 'auth'))) {
  138. $state = 'we7sid-'.$_W['session_id'];
  139. if (empty($_SESSION['dest_url'])) {
  140. $_SESSION['dest_url'] = urlencode($_W['siteurl']);
  141. }
  142. $str = '';
  143. if(uni_is_multi_acid()) {
  144. $str = "&j={$_W['acid']}";
  145. }
  146. $oauth_type = 'snsapi_base';
  147. if ($controller == 'entry' && !empty($_GPC['m'])) {
  148. $module_info = module_fetch($_GPC['m']);
  149. if ($module_info['oauth_type'] == OAUTH_TYPE_USERINFO) {
  150. $oauth_type = 'snsapi_userinfo';
  151. }
  152. }
  153. $oauth_url = uni_account_oauth_host();
  154. $url = $oauth_url . "app/index.php?i={$_W['uniacid']}{$str}&c=auth&a=oauth&scope=" . $oauth_type;
  155. $callback = urlencode($url);
  156. $oauth_account = WeAccount::create($_W['account']['oauth']);
  157. if ($oauth_type == 'snsapi_base') {
  158. $forward = $oauth_account->getOauthCodeUrl($callback, $state);
  159. } else {
  160. $forward = $oauth_account->getOauthUserInfoUrl($callback, $state);
  161. }
  162. header('Location: ' . $forward);
  163. exit();
  164. }
  165. }
  166. $_W['account']['groupid'] = $_W['uniaccount']['groupid'];
  167. $_W['account']['qrcode'] = tomedia('qrcode_'.$_W['acid'].'.jpg').'?time='.$_W['timestamp'];
  168. $_W['account']['avatar'] = tomedia('headimg_'.$_W['acid'].'.jpg').'?time='.$_W['timestamp'];
  169. if ($_W['platform'] == 'account' && $_W['account']->supportJssdk && $controller != 'utility') {
  170. if (!empty($unisetting['jsauth_acid'])) {
  171. $jsauth_acid = $unisetting['jsauth_acid'];
  172. } else {
  173. if ($_W['account']['level'] < ACCOUNT_SUBSCRIPTION_VERIFY && !empty($unisetting['oauth']['account'])) {
  174. $jsauth_acid = $unisetting['oauth']['account'];
  175. } else {
  176. $jsauth_acid = $_W['acid'];
  177. }
  178. }
  179. if (!empty($jsauth_acid)) {
  180. $account_api = WeAccount::create($jsauth_acid);
  181. if (!empty($account_api)) {
  182. $_W['account']['jssdkconfig'] = $account_api->getJssdkConfig();
  183. $_W['account']['jsauth_acid'] = $jsauth_acid;
  184. }
  185. }
  186. unset($jsauth_acid, $account_api);
  187. }
  188. $_W['attachurl'] = attachment_set_attach_url();