DedeBIZ
/
DedeV6
Прати 2
Волим 0
Креирај огранак 0
Код Захтеви за спајање 0 Издања 31 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2938 Комити
3 Гране
93MB
Дрво: 026944470d
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from '026944470d'
${ noResults }
DedeV6/src/user/config.php

223 lines
8.4KB
Датотека Blame Историја 

  1. <?php

  2. /**

  3.  * 会员配置

  4.  * 

  5.  * @version        $id:config.php 8:38 2010年7月9日 tianya $

  6.  * @package        DedeBIZ.User

  7.  * @copyright      Copyright (c) 2022 DedeBIZ.COM

  8.  * @license        GNU GPL v2 (https://www.dedebiz.com/license)

  9.  * @link           https://www.dedebiz.com

  10.  */

  11. define('DEDEUSER', true);

  12. require_once(dirname(__FILE__).'/../system/common.inc.php');

  13. //针对会员中心操作进行XSS过滤

  14. function XSSClean($val)

  15. {

  16.     global $cfg_soft_lang;

  17.     if ($cfg_soft_lang == 'gb2312') gb2utf8($val);

  18.     if (is_array($val)) {

  19.         foreach ($val as $key => $value) {

  20.             if (in_array($key, array('tags', 'body', 'dede_fields', 'dede_addonfields', 'dopost', 'introduce'))) continue;

  21.             $val[$key] = XSSClean($val[$key]);

  22.         }

  23.         return $val;

  24.     }

  25.     if ($cfg_soft_lang == 'gb2312') utf82gb($val);

  26.     return RemoveXss($val);

  27. }

  28. $_GET = XSSClean($_GET);

  29. $_POST = XSSClean($_POST);

  30. $_REQUEST = XSSClean($_REQUEST);

  31. $_COOKIE = XSSClean($_COOKIE);

  32. 

  33. require_once(DEDEINC.'/filter.inc.php');

  34. require_once(DEDEINC.'/memberlogin.class.php');

  35. require_once(DEDEINC.'/dedetemplate.class.php');

  36. //检查CSRF

  37. function CheckCSRF()

  38. {

  39.     $cc_csrf_token_check = GetCookie("dede_csrf_token");

  40.     if (

  41.         !(isset($_POST['_csrf_token'], $cc_csrf_token_check) && is_string($_POST['_csrf_token']) && is_string($cc_csrf_token_check) && hash_equals($_POST['_csrf_token'], $cc_csrf_token_check))

  42.     ) {

  43.         ShowMsg('刷新页面重新提交,请不要发布重复文档', '-1');

  44.         exit();

  45.     }

  46.     DropCookie("dede_csrf_token");

  47. }

  48. //生成CSRF校验token,在比较重要的表单中应该要加上这个token校验

  49. $cc_csrf_token = GetCookie("dede_csrf_token");

  50. if (!isset($GLOBALS['csrf_token']) || $GLOBALS['csrf_token'] === null) {

  51.     if (

  52.         isset($cc_csrf_token) && is_string($cc_csrf_token)

  53.         && preg_match('#^[0-9a-f]{32}$#iS', $cc_csrf_token) === 1

  54.     ) {

  55.         $GLOBALS['csrf_token'] = $cc_csrf_token;

  56.     } else {

  57.         $GLOBALS['csrf_token'] = md5(uniqid(mt_rand(), TRUE));

  58.     }

  59. }

  60. if (strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST') {

  61.     PutCookie('dede_csrf_token', $GLOBALS['csrf_token'], 7200, '/');

  62. }

  63. //获得当前脚本名称,如果系统被禁用了$_SERVER变量,请自行修改这个选项

  64. $dedeNowurl = $s_scriptName = '';

  65. $dedeNowurl = GetCurUrl();

  66. $dedeNowurls = explode('?', $dedeNowurl);

  67. $s_scriptName = $dedeNowurls[0];

  68. $menutype = '';

  69. $menutype_son = '';

  70. $gourl = empty($gourl) ? "" : RemoveXSS($gourl);

  71. //检查是否开放会员功能

  72. if ($cfg_mb_open == 'N') {

  73.     if (defined('AJAXLOGIN')) {

  74.         if ($format === 'json') {

  75.             echo json_encode(array(

  76.                 "code" => -1,

  77.                 "msg" => "网站关闭了会员功能,您无法浏览此页面",

  78.                 "data" => null,

  79.             ));

  80.             exit;

  81.         } else {

  82.             die('');

  83.         }

  84.     } else {

  85.         ShowMsg("网站关闭了会员功能,您无法浏览此页面", "/");

  86.         exit();

  87.     }

  88. }

  89. $keeptime = isset($keeptime) && is_numeric($keeptime) ? $keeptime : -1;

  90. $cfg_ml = new MemberLogin($keeptime);

  91. //检查收件箱

  92. function PmRead(){

  93.     global $dsql, $cfg_ml;

  94.     $query = "SELECT * FROM `#@__member_pms` WHERE folder LIKE 'outbox' AND isadmin='1'";

  95.     $dsql->SetQuery($query);

  96.     $dsql->Execute();

  97.     while ($row = $dsql->GetArray()) {

  98.         $row2 = $dsql->GetOne("SELECT * FROM `#@__member_pms` WHERE fromid = '$row[id]' AND toid='{$cfg_ml->M_ID}'");

  99.         if (!is_array($row2)) {

  100.             $row3 = "INSERT INTO `#@__member_pms` (`floginid`,`fromid`,`toid`,`tologinid`,`folder`,`subject`,`sendtime`,`writetime`,`hasview`,`isadmin`,`message`) VALUES ('admin','{$row['id']}','{$cfg_ml->M_ID}','{$cfg_ml->M_LoginID}','inbox','{$row['subject']}','{$row['sendtime']}','{$row['writetime']}','{$row['hasview']}','{$row['isadmin']}','{$row['message']}')";

  101.             $dsql->ExecuteNoneQuery($row3);

  102.         }

  103.     }

  104. }

  105. //判断会员是否登录

  106. $myurl = '';

  107. if ($cfg_ml->IsLogin()) {

  108.     $myurl = $cfg_memberurl."/index.php?uid=".urlencode($cfg_ml->M_LoginID);

  109.     if (!preg_match("#^http[s]?:#i", $myurl)) $myurl = $cfg_basehost.$myurl;

  110.     if ($cfg_ml->fields['face'] == "") {

  111.         $cfg_ml->fields['face'] = $cfg_cmsurl."/static/web/img/admin.png";

  112.     }

  113.     PmRead();

  114. }

  115. //有没新短信

  116. $pms = $dsql->GetOne("SELECT COUNT(*) AS nums FROM `#@__member_pms` WHERE toid='{$cfg_ml->M_ID}' AND `hasview`=0 AND folder = 'inbox'");

  117. /**

  118.  *  检查会员是否有权限进行某个操作

  119.  *

  120.  * @param     int  $rank  权限值

  121.  * @param     int  $money  金币

  122.  * @return    void

  123.  */

  124. function CheckRank($rank = 0, $money = 0)

  125. {

  126.     global $cfg_ml, $cfg_memberurl, $cfg_mb_spacesta,$dsql;

  127.     if (!$cfg_ml->IsLogin()) {

  128.         header("Location:{$cfg_memberurl}/login.php?gourl=".urlencode(GetCurUrl()));

  129.         exit();

  130.     } else {

  131.         if ($cfg_mb_spacesta == '-10') {

  132.             //var_dump($cfg_ml->fields);

  133.             //如果启用注册邮件验证

  134.             if ($cfg_ml->fields['spacesta'] == '-10' && !preg_match("#edit_baseinfo.php$#", GetCurUrl())) {

  135.                 if (empty($cfg_ml->fields['email'])) {

  136.                     ShowMsg("邮箱地址为空,请设置一个邮箱地址", "edit_baseinfo.php");

  137.                     exit;

  138.                 }

  139.                 $msg = "<p>您未进行邮件验证,发送验证邮件后请登录邮箱进行确认</p><a href='{$cfg_memberurl}/index_do.php?fmdo=sendMail' class='btn btn-success btn-sm'>发送</a><a href='javascript:history.go(-1);' class='btn btn-outline-success btn-sm'>返回</a>";

  140.                 ShowMsg($msg, "javascript:;");

  141.                 exit;

  142.             }

  143.         }

  144.         if ($cfg_ml->M_Rank < $rank) {

  145.             $needname = '';

  146.             if ($cfg_ml->M_Rank == 0) {

  147.                 $row = $dsql->GetOne("SELECT membername FROM `#@__arcrank` WHERE `rank`='$rank'");

  148.                 $myname = "注册会员";

  149.                 $needname = $row['membername'];

  150.             } else {

  151.                 $dsql->SetQuery("SELECT membername From `#@__arcrank` WHERE `rank`='$rank' OR `rank`='".$cfg_ml->M_Rank."' ORDER BY `rank` DESC");

  152.                 $dsql->Execute();

  153.                 $row = $dsql->GetObject();

  154.                 $needname = $row->membername;

  155.                 if ($row = $dsql->GetObject()) {

  156.                     $myname = $row->membername;

  157.                 } else {

  158.                     $myname = "注册会员";

  159.                 }

  160.             }

  161.             ShowMsg("需要".$needname."才能浏览本页面,您目前等级是".$myname."", "-1");

  162.             exit();

  163.         } else if ($cfg_ml->M_Money < $money) {

  164.             ShowMsg("需要".$money."金币才能浏览本页面,您目前金币".$cfg_ml->M_Money."个", "-1");

  165.             exit();

  166.         }

  167.     }

  168. }

  169. /**

  170.  *  更新文档统计

  171.  *

  172.  * @access    public

  173.  * @param     int  $channelid  栏目模型id

  174.  * @return    mixed

  175.  */

  176. function countArchives($channelid)

  177. {

  178.     global $cfg_ml, $dsql;

  179.     $id = (int)$channelid;

  180.     if ($cfg_ml->IsLogin()) {

  181.         $channeltype = array(1 => 'article', 2 => 'album', 3 => 'soft', -8 => 'infos');

  182.         if (isset($channeltype[$id])) {

  183.             $_field = $channeltype[$id];

  184.         } else {

  185.             $_field = 'articles';

  186.         }

  187.         $row = $dsql->GetOne("SELECT COUNT(*) AS nums FROM `#@__archives` WHERE channel='$id' AND mid='".$cfg_ml->M_ID."'");

  188. 

  189.         $dsql->ExecuteNoneQuery("UPDATE `#@__member_tj` SET ".$_field."='".$row['nums']."' WHERE mid='".$cfg_ml->M_ID."'");

  190.     } else {

  191.         return FALSE;

  192.     }

  193. }

  194. //安全提示问题,这两句不要修改

  195. $safequestions = array();

  196. $safequestions[0] = '没安全提示问题';

  197. //下面的设置可以手工修改

  198. $safequestions[1] = '您最喜欢的格言什么';

  199. $safequestions[2] = '您家乡的名称是什么';

  200. $safequestions[3] = '您读的小学叫什么';

  201. $safequestions[4] = '您的父亲叫什么名字';

  202. $safequestions[5] = '您的母亲叫什么名字';

  203. $safequestions[6] = '您最喜欢的偶像是谁';

  204. $safequestions[7] = '您最喜欢的歌曲是什么';

  205. //以下不要修改

  206. function GetSafequestion($selid=0,$formname='safequestion')

  207. {

  208. 	global $safequestions;

  209. 	$safequestions_form = "<select name='$formname' id='$formname' class='form-control'>";

  210. 	foreach($safequestions as $k=>$v)

  211. 	{

  212. 	 	if ($k==$selid) $safequestions_form .= "<option value='$k' selected>$v</option>\r\n";

  213. 	 	else $safequestions_form .= "<option value='$k'>$v</option>\r\n";

  214. 	}

  215. 	$safequestions_form .= "</select>\r\n";

  216. 	return $safequestions_form;

  217. }

  218. $enabledChannels = MemberLogin::GetEnabledChannels();

  219. function UserInclude($file)

  220. {

  221.     return DEDEMEMBER.'/'.$file;

  222. }

  223. ?>