<?php
//定義操作頁面
define('CURscrīpt', 'logging');
//包含公用檔案
require_once './include/common.inc.php';
//包含misc函數檔案
require_once DISCUZ_ROOT.'./include/misc.func.php';
//判斷動作
//登出
if($action == 'logout' && !empty($formhash) && $formhash == FORMHASH) {
//清除cookies
clearcookies();
//重設使用者狀態為遊客
$groupid = 7;
$discuz_uid = 0;
//清除使用者名稱密碼
$discuz_user = $discuz_pw = '';
//重設頁面樣式
$styleid = $_DCACHE['settings']['styleid'];
//顯示登出成功頁面
showmessage('logout_succeed', dreferer());
}
//登陸
elseif($action == 'login') {
//判斷使用者是否為遊客
if($discuz_uid) {
//顯示登陸成功頁面
showmessage('login_succeed', $indexname);
}
//登陸使用者名稱的欄位名
$field = isset($loginfield) && $loginfield == 'uid' ? 'uid' : 'username';
//驗證碼檢查
//get secure code checking status (pos. -2)
$seccodecheck = substr(sprintf('%05b', $seccodestatus), -2, 1);
//判斷是否為提交登陸
if(!submitcheck('loginsubmit', 1, $seccodecheck)) {
//顯示登陸頁面
$discuz_action = 6;
$referer = dreferer();
$thetimenow = '(GMT '.($timeoffset > 0 ? '+' : '').$timeoffset.') '.
gmdate("$dateformat $timeformat", $timestamp + $timeoffset * 3600).
$styleselect = '';
$query = $db->query("SELECT styleid, name FROM {$tablepre}styles WHERE available='1'");
while($styleinfo = $db->fetch_array($query)) {
$styleselect .= "<option value=\"$styleinfo[styleid]\">$styleinfo[name]</option>\n";
}
$_DCOOKIE['cookietime'] = isset($_DCOOKIE['cookietime']) ? $_DCOOKIE['cookietime'] : 2592000;
$cookietimecheck = array((isset($_DCOOKIE['cookietime']) ? intval($_DCOOKIE['cookietime']) : 2592000) => 'checked');
if($seccodecheck) {
$seccode = random(4, 1);
}
include template('login');
} else {
//處理登陸
//使用者資訊置空
$discuz_uid = 0;
$discuz_user = $discuz_pw = $discuz_secques = $md5_password = '';
$member = array();
//判斷是否被限制登陸,返回0,1,2,3。聲明在misc.func.php
$loginperm = logincheck();
if(!$loginperm) {
//顯示限制登陸
showmessage('login_strike');
}
//安全提問處理,返回一串字元或空。聲明在global.func.php
$secques = quescrypt($questionid, $answer);
//判斷是否安全提問頁面登陸
if(isset($loginauth)) {
$field = 'username';
$password = 'VERIFIED';
list($username, $md5_password) = explode("\t", authcode($loginauth, 'DECODE'));
} else {
$md5_password = md5($password);
$password = preg_replace("/^(.{".round(strlen($password) / 4)."})(.+?)(.{".round(strlen($password) / 6)."})$/s", "http://www.cnblogs.com/kuyuecs/admin/file://1***//3", $password);
}
//查詢資料表members,usergroups
$query = $db->query("SELECT m.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw, m.secques AS discuz_secques,
m.adminid, m.groupid, m.styleid AS styleidmem, m.lastvisit, m.lastpost, u.allowinvisible
FROM {$tablepre}members m LEFT JOIN {$tablepre}usergroups u USING (groupid)
WHERE m.$field='$username'");
//取出使用者認證資訊包括UID,使用者名稱,密碼,安全提問,系統管理權限,使用者組ID,頁面風格,上次訪問,最後發帖,是否允許隱藏
$member = $db->fetch_array($query);
//驗證登陸
if($member['discuz_uid'] && $member['discuz_pw'] == $md5_password) {
//驗證安全提問
if($member['discuz_secques'] == $secques) {
//安全提問匹配
//從數組中將變數匯入到當前的符號表
extract($member);
//處理使用者名稱
$discuz_userss = $discuz_user;
$discuz_user = addslashes($discuz_user);
//判斷隱藏模式
if(($allowinvisible && $loginmode == 'invisible') || $loginmode == 'normal') {
//更新members表使用者現在的模式:隱藏或普通
$db->query("UPDATE {$tablepre}members SET invisible='".($loginmode == 'invisible' ? 1 : 0)."' WHERE uid='$member[discuz_uid]'", 'UNBUFFERED');
}
$styleid = intval(empty($_POST['styleid']) ? ($styleidmem ? $styleidmem :
$_DCACHE['settings']['styleid']) : $_POST['styleid']);
$cookietime = intval(isset($_POST['cookietime']) ? $_POST['cookietime'] :
($_DCOOKIE['cookietime'] ? $_DCOOKIE['cookietime'] : 0));
//寫cookie
dsetcookie('cookietime', $cookietime, 31536000);
dsetcookie('auth', authcode("$discuz_pw\t$discuz_secques\t$discuz_uid", 'ENCODE'), $cookietime);
$sessionexists = 0;
//判斷是否為等待驗證會員
if($groupid == 8) {
showmessage('login_succeed_inactive_member', 'memcp.php');
} else {
showmessage('login_succeed', dreferer());
}
} elseif(empty($secques)) {
//安全提問不匹配且安全提問不為空白
$username = dhtmlspecialchars($member['discuz_user']);
$loginmode = dhtmlspecialchars($loginmode);
$styleid = intval($styleid);
$cookietime = intval($cookietime);
//加密已接受的使用者名稱和密碼
$loginauth = authcode(addslashes($member['discuz_user'])."\t".addslashes($member['discuz_pw']), 'ENCODE');
//顯示回答安全提問
include template('login_secques');
dexit();
}
}
//產生密碼錯誤記錄檔記錄
$errorlog = "<?PHP exit('Access Denied'); ?>\t".$timestamp."\t".
dhtmlspecialchars($member['discuz_user'] ? $member['discuz_user'] : stripslashes($username))."\t".
$password."\t".
($secques ? "Ques #".dhtmlspecialchars($questionid) : '')."\t".
$onlineip."\n";
loginfailed($loginperm);
//日誌記錄加入記錄檔
@$fp = fopen(DISCUZ_ROOT.'./forumdata/illegallog.php', 'a');
@flock($fp, 2);
@fwrite($fp, $errorlog);
@fclose($fp);
//顯示登陸出錯頁面
showmessage('login_invalid', NULL, 'HALTED');
}
}
else {
showmessage('undefined_action');
}
?>