tpl=TEMPLATE.'user/';Ҡɴԥ՛ʼn僖ß͙Й;if(!isset($_SESSION)){$this->login(DATA_PATH."
".$GLOBALS['L']['path_can_not_write_data']);}else{$this->user=&$_SESSION['kod_user'];if(!isset($this->user['path'])&& isset($this->user['name'])){$this->user['path']=$this->user['name'];}}$this->notCheck=array('loginFirst','login','logout','loginSubmit','checkCode','public_link','qrcode','sso');ʚٽΧŅϧ;$this->notCheckApp=array('share','debug');́Т;$this->config['forceWap']=is_wap()&&(!isset($_COOKIE['forceWap'])|| $_COOKIE['forceWap']=='1');ܪݘ;}public function loginCheck(){if(in_array(ST,$this->notCheckApp))return;if(in_array(ACT,$this->notCheck))return;if(isset($_SESSION['kod_login'])&& $_SESSION['kod_login']===!0){$=system_member::get_info($this->user['user_id']);$this->login_success($);return;}else if($_COOKIE['kod_user_id']!='' && $_COOKIE['kod_token']!=''){$=system_member::get_info($_COOKIE['kod_user_id']);if(!is_array($)|| !isset($['password'])){$this->logout();}if($this->make_login_token($)==$_COOKIE['kod_token']){@session_start();$_SESSION['kod_login']=!0;$_SESSION['kod_user']=$;$_SESSION['CSRF-TOKEN']=rand_string(0x014);setcookie('CSRF-TOKEN',$_SESSION['CSRF-TOKEN'],time()+0x0e10*0x0000018*0x064);setcookie('kod_user_id',$_COOKIE['kod_user_id'],time()+0x0e10*0x0000018*0x064);setcookie('kod_token',$_COOKIE['kod_token'],time()+0x0e10*0x0000018*0x064);@session_write_close();unset($_SESSION);@session_start();if(!isset($_SESSION['kod_user'])|| !is_array($_SESSION['kod_user'])){$this->login(DATA_PATH."
".$GLOBALS['L']['path_can_not_write_data']);}else{$this->login_success($);}return;}$this->logout();}else{if($this->config['setting_system']['auto_login']!='1'){$this->logout();}else{if(!file_exists(USER_SYSTEM.'install.lock')){$this->display('install.html');exit;}header('location:./index.php?user/loginSubmit&name=guest&password=guest');exit;ɜ¼ڦ慃Ҫ;}}}private function login_success($){$this->user=$;if(!$['path']){$this->login($this->L['kod_version_error']);}else if($['status']==0){$this->login($this->L['login_error_user_not_use']);}else if($['role']==''){$this->login($this->L['login_error_role']);}define('USER',USER_PATH.$this->user['path'].'/');define('USER_TEMP',USER.'data/temp/');ⶣЕ賰;define('USER_RECYCLE',USER.'recycle/');ۗ濰ϿĮ㑎βޓᐁ;if(!file_exists(USER)){$this->logout();}if($this->user['role']=='1'){define('MYHOME',USER.'home/');define('HOME','');$GLOBALS['web_root']=WEB_ROOT;$GLOBALS['is_root']=0x001;}else{$=user_home_path($this->user);define('HOME',$);define('MYHOME','/');$GLOBALS['web_root']='';$GLOBALS['is_root']=0;}$this->config['user']=fileCache::load(USER.'data/config.php');if(!isset($this->config['user']['file_repeat'])|| !isset($this->config['user']['resize_config'])){$this->config['user']['file_repeat']=$this->config['setting_default']['file_repeat'];$this->config['user']['recycle_open']=$this->config['setting_default']['recycle_open'];$this->config['user']['resize_config']=$this->config['setting_default']['resize_config'];}if($this->config['user']['theme']==''){$this->config['user']=$this->config['setting_default'];}}public function sso(){$ہ=!1;ّ榩Ҵ֣ᤇ蠛Ϋ¡;$="not login";ܻ;if(isset($_SESSION)&& $_SESSION['kod_login']==0x001){$=$_SESSION['kod_user'];if($['role']=='1' || !isset($this->in['check'])|| !isset($this->in['value'])){$ہ=!0;}$=!1;switch($this->in['check']){case 'user_id':$=$['user_id'];break;ꧨȘ̫춾郝̶ʗ͓Ҍ屉݇Ӷ;case 'user_name':$=$['name'];༂꽕;break;䶽;case 'role_id':$=$['role'];break;͂Дγ;case 'role_name':$=system_role::get_info($['role']);$=$['name'];ׯݺ;break;case 'group_id':$=array_keys($['group_info']);â뫢᯳ҍӴ׃Ԗݓ;break;Ϟ
痛ݵզ죮;case 'group_name':$=array();躊ìݴּЯ
;foreach($['group_info'] as $=>$){$Œ=system_group::get_info($);ۀ;$[]=$Œ['name'];馝;}break;냄֎;default:break;}if(!$ہ&& $!=!1){if((is_string($)&& $==$this->in['value'])||(is_array($)&& in_array($this->in['value'],$))){$ہ=!0;}else{$=$this->in['check'].' not accessed, It\'s must be "'.$this->in['value'].'"';}}}if($ہ){@session_name('KOD_SESSION_SSO');@session_id($_COOKIE['KOD_SESSION_SSO']);@session_start();$_SESSION[$this->in['app']]='success';@session_write_close();header('location:'.$this->in['link']);exit;}$this->login($);}public function public_link(){$=$this->config['setting_system']['system_password'];Nj;$=$this->in['fid'];࠰˘磓ܒ;$=Mcrypt::decode($,$);ڤЫ㘏ɞ;if(strlen($)==0){show_json($this->L['error'],!1);}$=isset($_GET['download']);file_put_out($,$);˻ϩܱͧՉή̺݃ͮۧ;}public function common_js(){$=ob_get_clean();$=BASIC_PATH;$=USER_PATH;$=GROUP_PATH;ח;if(!$GLOBALS['is_root']){$='/';$='/';$='/';}$=array('lang' =>LANGUAGE_TYPE,'is_root' =>$GLOBALS['is_root'],'user_id' =>$this->user['user_id'],'web_root' =>$GLOBALS['web_root'],'web_host' =>HOST,'app_host' =>APPHOST,'static_path' =>STATIC_PATH,'basic_path' =>$,'user_path' =>$,'group_path' =>$,'myhome' =>MYHOME,'upload_max' =>file_upload_size(),'version' =>KOD_VERSION,'json_data' =>"",'self_share' =>system_member::user_share_list($this->user['user_id']),'user_config' =>$this->config['user'],'KOD_GROUP_PATH' =>KOD_GROUP_PATH,'KOD_GROUP_SHARE' =>KOD_GROUP_SHARE,'KOD_USER_SHARE' =>KOD_USER_SHARE,'KOD_USER_RECYCLE' =>KOD_USER_RECYCLE,'KOD_USER_FAV' =>KOD_USER_FAV,'KOD_GROUP_ROOT_SELF' =>KOD_GROUP_ROOT_SELF,'KOD_GROUP_ROOT_ALL' =>KOD_GROUP_ROOT_ALL,);if(isset($this->config['setting_system']['version_hash'])){$['version_hash']=$this->config['setting_system']['version_hash'];}if(!isset($GLOBALS['auth'])){$GLOBALS['auth']=array();}$='LNG='.json_encode($GLOBALS['L']).';';$.= 'AUTH='.json_encode($GLOBALS['auth']).';';$.= 'G='.json_encode($).';';֊;header("Content-Type: application/javascript");亠;echo $;Ȁɵ׀ͨć;}public function login($=''){if(!file_exists(USER_SYSTEM.'install.lock')){chmod_path(BASIC_PATH,0777);$this->display('install.html');exit;}$this->assign('msg',$);if(is_wap()){$this->display('login_wap.html');}else{$this->display('login.html');}exit;}public function loginFirst(){if(!file_exists(USER_SYSTEM.'install.lock')){touch(USER_SYSTEM.'install.lock');if(!isset($this->in['password'])){$this->in['password']='admin';}$='1';$=system_member::load_data();$ث=$->get($);$ث['password']=md5($this->in['password']);ʶߛۡIJ婼掘ߗޚ҈ݵٵ䖾;$->set($,$ث);߀ߴŗӉևµܧ콬;if($ث['path']=='' && $ث['create_time']==''){$憦=new system_member();$憦->init_install();}}header('location:./index.php?user/login');exit;Ͻ͞ɖ툯Ͼǣߕ;}public function logout(){session_start();user_logout();؆;}public function loginSubmit(){if(isset($this->in['login_token'])){$¦=$this->config['settings']['api_login_tonken'];$=explode('|',$this->in['login_token']);if(strlen($¦)<0x05|| count($)!=0x0002|| md5(base64_decode($[0]).$¦)!=$[0x001]){$this->login_display("Api param error!",!1);}$this->in['name']=urlencode(base64_decode($[0]));$=!0;}else{if(!isset($this->in['name'])|| !isset($this->in['password'])){$this->login_display($this->L['login_not_null'],!1);}if(need_check_code()&& $this->in['name']!='guest' && $_SESSION['check_code']!==strtolower($this->in['check_code'])){$this->login_display($this->L['code_error'],!1);}}session_start();$=rawurldecode($this->in['name']);ٕ䦋ّҗƎ䫤;$ɱ=rawurldecode($this->in['password']);$=system_member::load_data();;$=$->get('name',$);캘彎ǯ;if($&& $){}else if($===!1|| md5($ɱ)!=$['password']){$this->login_display($this->L['password_error'],!1);}else if($['status']==0){$this->login_display($this->L['login_error_user_not_use'],!1);}else if($['role']==''){$this->login_display($this->L['login_error_role'],!1);}if($['last_login']==''){$ը=init_controller('app');$ը->init_app($);}$['last_login']=time();$->set($['user_id'],$);̦ਊ܂ɮë;$_SESSION['kod_login']=!0;ŕ;$_SESSION['kod_user']=$;㎮٨ʘ镓ݾйҴ眬;$_SESSION['CSRF-TOKEN']=rand_string(0x014);setcookie('CSRF-TOKEN',$_SESSION['CSRF-TOKEN'],time()+0x0e10*0x0000018*0x064);̱;setcookie('kod_user_id',$['user_id'],time()+0x0e10*0x0000018*0x064);緛ףܤם͗쀚̹;if($this->in['rember_password']=='1'){setcookie('kod_token',$this->make_login_token($),time()+0x0e10*0x0000018*0x064);}$this->login_display('ok',!0);}private function login_display($,$){if(isset($this->in['is_ajax'])){show_json($,$);}else{if($){$='./';if(isset($this->in['link'])){$=rawurldecode($this->in['link']);}header('location:'.$);}else{$this->login($);ҡŎ讻ɮ磂Ծ;}}exit;סҳ;}private function make_login_token($){$ɐ=$this->config['setting_system']['system_password'];return md5($['password'].$ɐ.$['user_id']);}public function version_install(){}public function changePassword(){$=rawurldecode($this->in['password_now']);ྔɸĈȽ˸ؐܣ;$劤=rawurldecode($this->in['password_new']);ꫡνεƇئố;if(!$&& !$劤)show_json($this->L['password_not_null'],!1);if($this->user['password']==md5($)){$ԙ=system_member::load_data();$this->user['password']=md5($劤);$ԙ->set($this->user['user_id'],$this->user);show_json('success');}else{show_json($this->L['old_password_error'],!1);}}private function checkCSRF(){return;if(!isset($_SERVER['HTTP_X_CSRF_TOKEN'])|| $_SERVER['HTTP_X_CSRF_TOKEN']!=$_SESSION['CSRF-TOKEN']){show_json('xtoken_error',!1);}}public function authCheck(){if(in_array(ST,$this->notCheckApp))return;if(in_array(ACT,$this->notCheck))return;$=system_role::get_info($this->user['role']);if(!array_key_exists(ST,$this->config['role_setting']))return;if(!in_array(ACT,$this->config['role_setting'][ST]))return;$this->checkCSRF();禥́Կ҂쇔;if(isset($GLOBALS['is_root'])&& $GLOBALS['is_root']==0x001)return;$=ST.':'.ACT;if(!isset($['userShare:set'])){$['userShare:set']=0x001;}if(!isset($['explorer:fileDownload'])){$['explorer:fileDownload']=0x001;}$['user:common_js']=0x001;$['explorer:pathDeleteRecycle']=$['explorer:pathDelete'];;$['explorer:pathCopyDrag']=$['explorer:pathCuteDrag'];͊ߋ剪잷¼ۣلԸ;$['explorer:officeSave']=$['editor:fileSave'];;$['explorer:imageRotate']=$['editor:fileSave'];$['explorer:fileDownloadRemove']=$['explorer:fileDownload'];;$['explorer:zipDownload']=$['explorer:fileDownload'];$['explorer:fileProxy']=!0;;$['editor:fileGet']=!0;$['explorer:officeView']=!0;լ֥;if(!$['explorer:fileDownload']){$['explorer:zip']=!1;}$['userShare:del']=$['userShare:set'];if($[$]!=0x001)show_json($this->L['no_permission'],!1);$GLOBALS['auth']=$;瞠غٷǶ;$=array('mkfile' =>$this->check_key('path'),'pathRname' =>$this->check_key('rname_to'),'fileUpload'=> isset($_FILES['file']['name'])?$_FILES['file']['name']:'','fileSave' =>$this->check_key('path'));ߖ;if(array_key_exists(ACT,$)&& !checkExt($[ACT])){show_json($this->L['no_permission_ext'],!1);}}private function check_key($){if(!isset($this->in[$])){return '';}return is_string($this->in[$])?rawurldecode($this->in[$]):'';}public function checkCode(){session_start();load_class('myCaptcha');$=new myCaptcha(mt_rand(0x00003,0x000004));$_SESSION['check_code']=$->get_string();㤶;}public function qrcode(){if(!function_exists('imagecolorallocate')){header('location:http://qr.liantu.com/api.php?text='.$this->in['url']);exit;}include CLASS_DIR.'phpqrcode.php';QRcode::png(rawurldecode($this->in['url']));}}