user.php 7.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262
  1. <?php
  2. /*
  3. [UCenter] (C)2001-2099 Comsenz Inc.
  4. This is NOT a freeware, use is subject to license terms
  5. $Id: user.php 1082 2011-04-07 06:42:14Z svn_project_zhangjie $
  6. */
  7. !defined('IN_UC') && exit('Access Denied');
  8. define('UC_USER_CHECK_USERNAME_FAILED', -1);
  9. define('UC_USER_USERNAME_BADWORD', -2);
  10. define('UC_USER_USERNAME_EXISTS', -3);
  11. define('UC_USER_EMAIL_FORMAT_ILLEGAL', -4);
  12. define('UC_USER_EMAIL_ACCESS_ILLEGAL', -5);
  13. define('UC_USER_EMAIL_EXISTS', -6);
  14. class usercontrol extends base {
  15. function __construct() {
  16. $this->usercontrol();
  17. }
  18. function usercontrol() {
  19. parent::__construct();
  20. $this->load('user');
  21. $this->app = $this->cache['apps'][UC_APPID];
  22. }
  23. // -1 未开启
  24. function onsynlogin() {
  25. $this->init_input();
  26. $uid = $this->input('uid');
  27. if($this->app['synlogin']) {
  28. if($this->user = $_ENV['user']->get_user_by_uid($uid)) {
  29. $synstr = '';
  30. foreach($this->cache['apps'] as $appid => $app) {
  31. if($app['synlogin'] && $app['appid'] != $this->app['appid']) {
  32. $synstr .= '<script type="text/javascript" src="'.$app['url'].'/api/uc.php?time='.$this->time.'&code='.urlencode($this->authcode('action=synlogin&username='.$this->user['username'].'&uid='.$this->user['uid'].'&password='.$this->user['password']."&time=".$this->time, 'ENCODE', $app['authkey'])).'"></script>';
  33. }
  34. }
  35. return $synstr;
  36. }
  37. }
  38. return '';
  39. }
  40. function onsynlogout() {
  41. $this->init_input();
  42. if($this->app['synlogin']) {
  43. $synstr = '';
  44. foreach($this->cache['apps'] as $appid => $app) {
  45. if($app['synlogin'] && $app['appid'] != $this->app['appid']) {
  46. $synstr .= '<script type="text/javascript" src="'.$app['url'].'/api/uc.php?time='.$this->time.'&code='.urlencode($this->authcode('action=synlogout&time='.$this->time, 'ENCODE', $app['authkey'])).'"></script>';
  47. }
  48. }
  49. return $synstr;
  50. }
  51. return '';
  52. }
  53. function onregister() {
  54. $this->init_input();
  55. $username = $this->input('username');
  56. $password = $this->input('password');
  57. $email = $this->input('email');
  58. $questionid = $this->input('questionid');
  59. $answer = $this->input('answer');
  60. $regip = $this->input('regip');
  61. if(($status = $this->_check_username($username)) < 0) {
  62. return $status;
  63. }
  64. if(($status = $this->_check_email($email)) < 0) {
  65. return $status;
  66. }
  67. $uid = $_ENV['user']->add_user($username, $password, $email, 0, $questionid, $answer, $regip);
  68. return $uid;
  69. }
  70. function onedit() {
  71. $this->init_input();
  72. $username = $this->input('username');
  73. $oldpw = $this->input('oldpw');
  74. $newpw = $this->input('newpw');
  75. $email = $this->input('email');
  76. $ignoreoldpw = $this->input('ignoreoldpw');
  77. $questionid = $this->input('questionid');
  78. $answer = $this->input('answer');
  79. if(!$ignoreoldpw && $email && ($status = $this->_check_email($email, $username)) < 0) {
  80. return $status;
  81. }
  82. $status = $_ENV['user']->edit_user($username, $oldpw, $newpw, $email, $ignoreoldpw, $questionid, $answer);
  83. if($newpw && $status > 0) {
  84. $this->load('note');
  85. $_ENV['note']->add('updatepw', 'username='.urlencode($username).'&password=');
  86. $_ENV['note']->send();
  87. }
  88. return $status;
  89. }
  90. function onlogin() {
  91. $this->init_input();
  92. $isuid = $this->input('isuid');
  93. $username = $this->input('username');
  94. $password = $this->input('password');
  95. $checkques = $this->input('checkques');
  96. $questionid = $this->input('questionid');
  97. $answer = $this->input('answer');
  98. if($isuid == 1) {
  99. $user = $_ENV['user']->get_user_by_uid($username);
  100. } elseif($isuid == 2) {
  101. $user = $_ENV['user']->get_user_by_email($username);
  102. } else {
  103. $user = $_ENV['user']->get_user_by_username($username);
  104. }
  105. $passwordmd5 = preg_match('/^\w{32}$/', $password) ? $password : md5($password);
  106. if(empty($user)) {
  107. $status = -1;
  108. } elseif($user['password'] != md5($passwordmd5.$user['salt'])) {
  109. $status = -2;
  110. } elseif($checkques && $user['secques'] != '' && $user['secques'] != $_ENV['user']->quescrypt($questionid, $answer)) {
  111. $status = -3;
  112. } else {
  113. $status = $user['uid'];
  114. }
  115. $merge = $status != -1 && !$isuid && $_ENV['user']->check_mergeuser($username) ? 1 : 0;
  116. return array($status, $user['username'], $password, $user['email'], $merge);
  117. }
  118. function oncheck_email() {
  119. $this->init_input();
  120. $email = $this->input('email');
  121. return $this->_check_email($email);
  122. }
  123. function oncheck_username() {
  124. $this->init_input();
  125. $username = $this->input('username');
  126. if(($status = $this->_check_username($username)) < 0) {
  127. return $status;
  128. } else {
  129. return 1;
  130. }
  131. }
  132. function onget_user() {
  133. $this->init_input();
  134. $username = $this->input('username');
  135. if(!$this->input('isuid')) {
  136. $status = $_ENV['user']->get_user_by_username($username);
  137. } else {
  138. $status = $_ENV['user']->get_user_by_uid($username);
  139. }
  140. if($status) {
  141. return array($status['uid'],$status['username'],$status['email']);
  142. } else {
  143. return 0;
  144. }
  145. }
  146. function ongetprotected() {
  147. $protectedmembers = $this->db->fetch_all("SELECT uid,username FROM ".UC_DBTABLEPRE."protectedmembers GROUP BY username");
  148. return $protectedmembers;
  149. }
  150. function ondelete() {
  151. $this->init_input();
  152. $uid = $this->input('uid');
  153. return $_ENV['user']->delete_user($uid);
  154. }
  155. function onaddprotected() {
  156. $this->init_input();
  157. $username = $this->input('username');
  158. $admin = $this->input('admin');
  159. $appid = $this->app['appid'];
  160. $usernames = (array)$username;
  161. foreach($usernames as $username) {
  162. $user = $_ENV['user']->get_user_by_username($username);
  163. $uid = $user['uid'];
  164. $this->db->query("REPLACE INTO ".UC_DBTABLEPRE."protectedmembers SET uid='$uid', username='$username', appid='$appid', dateline='{$this->time}', admin='$admin'", 'SILENT');
  165. }
  166. return $this->db->errno() ? -1 : 1;
  167. }
  168. function ondeleteprotected() {
  169. $this->init_input();
  170. $username = $this->input('username');
  171. $appid = $this->app['appid'];
  172. $usernames = (array)$username;
  173. foreach($usernames as $username) {
  174. $this->db->query("DELETE FROM ".UC_DBTABLEPRE."protectedmembers WHERE username='$username' AND appid='$appid'");
  175. }
  176. return $this->db->errno() ? -1 : 1;
  177. }
  178. function onmerge() {
  179. $this->init_input();
  180. $oldusername = $this->input('oldusername');
  181. $newusername = $this->input('newusername');
  182. $uid = $this->input('uid');
  183. $password = $this->input('password');
  184. $email = $this->input('email');
  185. if(($status = $this->_check_username($newusername)) < 0) {
  186. return $status;
  187. }
  188. $uid = $_ENV['user']->add_user($newusername, $password, $email, $uid);
  189. $this->db->query("DELETE FROM ".UC_DBTABLEPRE."mergemembers WHERE appid='".$this->app['appid']."' AND username='$oldusername'");
  190. return $uid;
  191. }
  192. function onmerge_remove() {
  193. $this->init_input();
  194. $username = $this->input('username');
  195. $this->db->query("DELETE FROM ".UC_DBTABLEPRE."mergemembers WHERE appid='".$this->app['appid']."' AND username='$username'");
  196. return NULL;
  197. }
  198. function _check_username($username) {
  199. $username = addslashes(trim(stripslashes($username)));
  200. if(!$_ENV['user']->check_username($username)) {
  201. return UC_USER_CHECK_USERNAME_FAILED;
  202. } elseif(!$_ENV['user']->check_usernamecensor($username)) {
  203. return UC_USER_USERNAME_BADWORD;
  204. } elseif($_ENV['user']->check_usernameexists($username)) {
  205. return UC_USER_USERNAME_EXISTS;
  206. }
  207. return 1;
  208. }
  209. function _check_email($email, $username = '') {
  210. if(empty($this->settings)) {
  211. $this->settings = $this->cache('settings');
  212. }
  213. if(!$_ENV['user']->check_emailformat($email)) {
  214. return UC_USER_EMAIL_FORMAT_ILLEGAL;
  215. } elseif(!$_ENV['user']->check_emailaccess($email)) {
  216. return UC_USER_EMAIL_ACCESS_ILLEGAL;
  217. } elseif(!$this->settings['doublee'] && $_ENV['user']->check_emailexists($email, $username)) {
  218. return UC_USER_EMAIL_EXISTS;
  219. } else {
  220. return 1;
  221. }
  222. }
  223. function onuploadavatar() {
  224. }
  225. function onrectavatar() {
  226. }
  227. function flashdata_decode($s) {
  228. }
  229. }
  230. ?>