switch.inc.php
6.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
<?php
/**
* [Discuz!] (C)2001-2099 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: switch.inc.php 29558 2012-04-18 10:17:22Z monkey $
*/
if(!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if(!$_G['uid']) {
showmessage('not_loggedin', NULL, array(), array('login' => 1));
}
$myrepeatsusergroups = (array)dunserialize($_G['cache']['plugin']['myrepeats']['usergroups']);
if(!empty($_GET['list'])) {
if(in_array('', $myrepeatsusergroups)) {
$myrepeatsusergroups = array();
}
$userlist = array();
if(!in_array($_G['groupid'], $myrepeatsusergroups)) {
$userlist = get_rrepeats($_G['username']);
$count = count($userlist);
if(!$count) {
unset($_G['setting']['plugins']['spacecp']['myrepeats:memcp']);
}
}
foreach(C::t('#myrepeats#myrepeats')->fetch_all_by_uid($_G['uid']) as $user) {
$userlist[$user['username']] = $user['username'];
}
$list = '<ul>';
foreach($userlist as $user) {
if(!$user) {
continue;
}
$list .= '<li><a href="plugin.php?id=myrepeats:switch&username='.rawurlencode($user).'&formhash='.FORMHASH.'" onclick="showWindow(\'myrepeat\', this.href);return false;">'.$user.'</a></li>';
}
$list .= '<li><a href="home.php?mod=spacecp&ac=plugin&id=myrepeats:memcp">'.lang('plugin/myrepeats', 'memcp').'</a></li>';
include template('common/header_ajax');
echo $list;
include template('common/footer_ajax');
exit;
}
if($_GET['formhash'] != FORMHASH) {
showmessage('undefined_action');
}
$referer = dreferer();
if(in_array('', $myrepeatsusergroups)) {
$myrepeatsusergroups = array();
}
if(!in_array($_G['groupid'], $myrepeatsusergroups)) {
$users = C::t('#myrepeats#myrepeats')->fetch_all_by_username($_G['username']);
if(!$users) {
showmessage('myrepeats:usergroup_disabled');
} else {
$permusers = array();
foreach($users as $user) {
$permusers[] = $user['uid'];
}
$member = C::t('common_member')->fetch_by_username($_GET['username']);
if(!$member || !in_array($member['uid'], $permusers)) {
showmessage('myrepeats:usergroup_disabled');
}
}
}
require_once libfile('function/member');
$_G['myrepeats_loginperm'] = logincheck($_GET['username']);
if(!$_G['myrepeats_loginperm']) {
showmessage('myrepeats:login_strike', '', array('loginperm' => $_G['myrepeats_loginperm']));
}
if(!empty($_GET['authorfirst']) && submitcheck('myrepeatssubmit')) {
$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], 'username', $_G['clientip']);
$_G['myrepeats_ucresult'] = $result['ucresult'];
if($result['status'] > 0) {
$logindata = addslashes(authcode($_GET['password']."\t".$_GET['questionid']."\t".$_GET['answer'], 'ENCODE', $_G['config']['security']['authkey']));
if(C::t('#myrepeats#myrepeats')->count_by_uid_username($_G['uid'], $_GET['username'])) {
C::t('#myrepeats#myrepeats')->update_logindata_by_uid_username($_G['uid'], $_GET['username'], $logindata);
} else {
C::t('#myrepeats#myrepeats')->insert(array(
'uid' => $_G['uid'],
'username' => $_GET[username],
'logindata' => $logindata,
'comment' => ''
));
}
} else {
myrepeats_loginfailure($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer']);
}
}
$user = C::t('#myrepeats#myrepeats')->fetch_all_by_uid_username($_G['uid'], $_GET['username']);
$user = current($user);
$olddiscuz_uid = $_G['uid'];
$olddiscuz_user = $_G['username'];
$olddiscuz_userss = $_G['member']['username'];
if(!$user) {
$newuid = C::t('common_member')->fetch_uid_by_username($_GET['username']);
if(C::t('#myrepeats#myrepeats')->count_by_uid_username($newuid, $olddiscuz_userss)) {
$username = htmlspecialchars($_GET['username']);
include template('myrepeats:switch_login');
exit;
}
showmessage('myrepeats:user_nonexistence');
} elseif($user['locked']) {
showmessage('myrepeats:user_locked', '', array('user' => $_GET['username']));
}
list($password, $questionid, $answer) = explode("\t", authcode($user['logindata'], 'DECODE', $_G['config']['security']['authkey']));
$result = userlogin($_GET['username'], $password, $questionid, $answer, 'username', $_G['clientip']);
$_G['myrepeats_ucresult'] = $result['ucresult'];
if($result['status'] > 0) {
setloginstatus($result['member'], 2592000);
C::t('#myrepeats#myrepeats')->update_lastswitch_by_uid_username($olddiscuz_uid, $_GET['username'], TIMESTAMP);
$ucsynlogin = $_G['setting']['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
dsetcookie('mrn', '');
dsetcookie('mrd', '');
$comment = $user['comment'] ? '('.$user['comment'].') ' : '';
showmessage('myrepeats:login_succeed', $referer, array('user' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'comment' => $comment), array('showmsg' => 1, 'showdialog' => 1, 'locationtime' => 3, 'extrajs' => $ucsynlogin));
} elseif($result['status'] == -1) {
clearcookies();
$_G['myrepeats_ucresult']['username'] = addslashes($_G['myrepeats_ucresult']['username']);
$_G['username'] = '';
$_G['uid'] = 0;
$auth = authcode($_G['myrepeats_ucresult']['username']."\t".formhash(), 'ENCODE');
showmessage('myrepeats:login_activation', 'member.php?mod='.$_G['setting']['regname'].'&action=activation&auth='.rawurlencode($auth).'&referer='.rawurlencode($referer), array('user' => $_G['myrepeats_ucresult']['username']), array('showmsg' => 1, 'showdialog' => 1, 'locationtime' => 3));
} else {
myrepeats_loginfailure($_GET['username'], $password, $questionid, $answer);
}
function myrepeats_loginfailure($username, $password, $questionid, $answer) {
global $_G;
$password = preg_replace("/^(.{".round(strlen($password) / 4)."})(.+?)(.{".round(strlen($password) / 6)."})$/s", "\\1***\\3", $password);
$errorlog = dhtmlspecialchars(
TIMESTAMP."\t".
($_G['myrepeats_ucresult']['username'] ? $_G['myrepeats_ucresult']['username'] : stripslashes($username))."\t".
$password."\t".
"Ques #".intval($questionid)."\t".
$_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($username);
$fmsg = $_G['myrepeats_ucresult']['uid'] == '-3' ? (empty($questionid) || $answer == '' ? 'login_question_empty' : 'login_question_invalid') : 'login_invalid';
if($_G['myrepeats_loginperm'] > 1) {
showmessage('myrepeats:'.$fmsg, '', array('loginperm' => $_G['myrepeats_loginperm']));
} elseif($_G['myrepeats_loginperm'] == -1) {
showmessage('myrepeats:login_password_invalid');
} else {
showmessage('myrepeats:login_strike');
}
}
function get_rrepeats($username) {
$users = C::t('#myrepeats#myrepeats')->fetch_all_by_username($username);
$uids = array();
foreach($users as $user) {
$uids[] = $user['uid'];
}
$userlist = array();
foreach(C::t('common_member')->fetch_all($uids) as $user) {
$userlist[$user['username']] = $user['username'];
}
return $userlist;
}
?>