Discuz new single-point forum (not dependent on ucenter)

Source: Internet
Author: User
Tags md5 encryption

Discuz itself provides a Ucenter user center to enable single sign-on.

However, there are several problems with other applications to log on to Discuz single-point:

Requires 2 activations. May cause the server unresponsive, the forum display the latest user can not sync updates, the official website does not provide other language API

such as


The section code is provided here. Save the following PHP code under the BBS root folder such as go.php

<?php/**
* Zj53hao 20140418 External Program Single Sign-on to Discuz (Sync register and login to Discuz) Http://blog.csdn.net/zj53hao */define (' Norobot ', FALSE);d efine (' Adminscript ', basename (__file__));d efine (' curscript ', ' admin ');d efine (' Hooktype ', ' hookscript ');d efine (' Apptypeid ', 0);//define (' Curmodule ', $mod); require './source/class/class_core.php '; $discuz = C::app (); $discuz->init (); Require libfile (' function/member '); require libfile (' class/member '); Runhooks (); $newusername = Trim ($_get[') Newusername '); $newpassword = ' www.xxxx.com ';//trim ($_get[' newpassword '); $newemail = Isset ($_get[' newemail '])?

Strtolower (Trim ($_get[' newemail ')): $newusername. ' @xxx. com '; if (! $newusername | |! $newemail) {showmessage (' You are not currently logged in to the XXX network and are temporarily visiting the forum as a visitor only ');} The following sentences prevent 3rd party from forging $time= (int) ($_get["Time"); $curdate = time (); $seckey = $time. $newusername. ' Www.xxx.com '; $seckey = MD5 ($seckey); if ($curdate-$time >1200 | | $seckey!=$_get[' code ') {showmessage (' Submit_ Invalid ');} $_g[' uid ']= '; $userid =c::t (' Common_member ')->fetch_uid_by_username ($newusername); $_server[' request_method ' = ' post ';//The register needs to simulate post to prevent 2 checks from $_get[' formhash '] = Formhash ();//Prevent 2 checks from $_g[' group ' [ ' Seccode ']= ';//Prevent 2-times check not through if (! $userid) {//No corresponding user is found to invoke $_get[' regsubmit ']= ' yes '; $_get[' infloat ']= ' yes '; $_get[' lssubmit ']= ' yes '; $ctl _obj = new Register_ctl (); $ctl _obj->setting = $_g[' setting '); $ctl _obj->template = ' member/register '; $_get['. $ctl _obj->setting[' reginput ' [' username ']]= $newusername; $_get['. $ctl _obj->setting[' reginput ' [' Password ']]= $newpassword; $_get[''. $ctl _obj->setting[' reginput ' [' Password2 ']]= $newpassword; $_get['. $ctl _obj->setting[' reginput ' [' email ']] = $newemail; $ctl _obj->on_register ();} Uc_user_synlogout (); $_g[' groupid '] = $_g[' member ' [' groupid '] = 7;$_g[' uid '] = $_g[' member ' [' uid '] = 0;$_g[' Username '] = $_g[' member ' [' username '] = $_g[' member ' [' password '] = '; Login $_get[' loginsubmit ']= ' yes '; $_get[' lssubmit ']= '; $_get[' username ']= $newusername; $_get[' password ']= $ NewPassword; $ctl _obj = new Logging_ctl (); $ctl _obj->setting = $_g[' setting ']; $ctl _obj->template = ' member/login '; $ctl _obj- >on_login ();?

>



The main principle is that other Web applications jump to the URL and take the username. and login check string. Such as

Http://xxx.

Com/bbs/go.php?newusername=yyyyy&time=1397870932&code=d525745a6c196cb44049c7624bd28ece


Infer whether the user exists in the forum.

Does not exist then call the brochure module. There is a login to the new user, assuming that the user was also toggled before the other user was logged in.

It uses its own code to prevent malicious submissions from 3rd parties and removes the test code for the forum itself through a temporary switch.

$seckey = $time. $newusername. ' Www.xxx.com ';
Mainly with Linux timestamp and user name. Plus two parties negotiated a secret key to MD5 encryption. The validation passes after the match. The same string will only work in 1200 seconds.


Now it's effective for discuzX3. The other version number is not tested.

Discuz new single-point forum (not dependent on ucenter)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.