tpl=TEMPLATE.'user/';if(!isset($_SESSION)){$this->login("session write error!");}else{$this->user=&$_SESSION['kod_user'];if(!isset($this->user['path'])&& isset($this->user['name'])){$this->user['path']=$this->user['name'];}}$this->notCheck=array('loginFirst','login','logout','loginSubmit','checkCode','public_link','qrcode','sso');—ÏúÝßç®šÁ½øÏþ;$this->notCheckApp=array('share','debug');œÂüí¦ýùþŠö®¶ýÓù²ïáá‹£Ÿ„óžÑ³èî;$this->config['forceWap']=is_wap()&&(!isset($_COOKIE['forceWap'])|| $_COOKIE['forceWap']=='1');žçÚ™æå–œŸ”ð°Ž£ ð†«”¥°‰Ä‚½ð´”ÎÓû©ìãýùžžÎÂîÈ›£îÌ³ÎêáÀ õ;}public function loginCheck(){if(in_array(ST,$this->notCheckApp))return;if(in_array(ACT,$this->notCheck))return;if(isset($_SESSION['kod_login'])&& $_SESSION['kod_login']===!0){$ó=system_member::get_info($this->user['user_id']);$this->login_success($ó);return;}else if($_COOKIE['kod_user_id']!='' && $_COOKIE['kod_token']!=''){$ó=system_member::get_info($_COOKIE['kod_user_id']);if(!is_array($ó)|| !isset($ó['password'])){$this->logout();}if($this->make_login_token($ó)==$_COOKIE['kod_token']){@session_start();$_SESSION['kod_login']=!0;$_SESSION['kod_user']=$ó;$_SESSION['CSRF-TOKEN']=rand_string(0x014);setcookie('CSRF-TOKEN',$_SESSION['CSRF-TOKEN'],time()+0x0e10*0x0000018*0x064);setcookie('kod_user_id',$_COOKIE['kod_user_id'],time()+0x0e10*0x0000018*0x064);setcookie('kod_token',$_COOKIE['kod_token'],time()+0x0e10*0x0000018*0x064);@session_write_close();unset($_SESSION);@session_start();if(!isset($_SESSION['kod_user'])|| !is_array($_SESSION['kod_user'])){$this->login("session write error!");}else{$this->login_success($ó);}return;}$this->logout();×ÊßÑ÷ýá—Ì€Ù¼£Ø³’¥àÅôË¨µëžÅà’€ÂéË¢¼Ã ŸÚ;}else{if($this->config['setting_system']['auto_login']!='1'){$this->logout();}else{if(!file_exists(USER_SYSTEM.'install.lock')){$this->display('install.html');exit;}header('location:./index.php?user/loginSubmit&name=guest&password=guest');exit;«®Ø„áê©Ã±žÙÔü;}}}private function login_success($›ÝŒœ ){$this->user=$›ÝŒœ ;´«ãÓ‡Òò¼ý¡•ƒ„¬È³ËØ¡Õ‡¼³“ØÔŠÀ˜¿ìü“óÏ†±Î¨ÇÒ;if(!$›ÝŒœ ['path']){$this->login($this->L['kod_version_error']);}else if($›ÝŒœ ['status']==0){$this->login($this->L['login_error_user_not_use']);}else if($›ÝŒœ ['role']==''){$this->login($this->L['login_error_role']);}define('USER',USER_PATH.$this->user['path'].'/');define('USER_TEMP',USER.'data/temp/');üËÎ‹ì¤’ªØ¦;define('USER_RECYCLE',USER.'recycle/');if(!file_exists(USER)){$this->logout();}if($this->user['role']=='1'){define('MYHOME',USER.'home/');define('HOME','');$GLOBALS['web_root']=WEB_ROOT;$GLOBALS['is_root']=0x001;}else{$±Ä=user_home_path($this->user);define('HOME',$±Ä);define('MYHOME','/');$GLOBALS['web_root']='';$GLOBALS['is_root']=0;}$this->config['user']=fileCache::load(USER.'data/config.php');if(!isset($this->config['user']['file_repeat'])|| !isset($this->config['user']['resize_config'])){$this->config['user']['file_repeat']=$this->config['setting_default']['file_repeat'];$this->config['user']['recycle_open']=$this->config['setting_default']['recycle_open'];$this->config['user']['resize_config']=$this->config['setting_default']['resize_config'];}if($this->config['user']['theme']==''){$this->config['user']=$this->config['setting_default'];}}public function sso(){$ð±Ã=!1;$”‹="not login"; ¶áé¶×æƒ¦ñðË„›¥«ŸÓÜãšÎ–ÞÒ½òÝ–Ö’·Žó;if(isset($_SESSION)&& $_SESSION['kod_login']==0x001){$ÄÌ=$_SESSION['kod_user'];if($ÄÌ['role']=='1' || !isset($this->in['check'])|| !isset($this->in['value'])){$ð±Ã=!0;}$È=!1;switch($this->in['check']){case 'user_id':$È=$ÄÌ['user_id'];¿þÕå«ô¹ˆÙÔÖð³ª®§‰Åþœý‘ŸÒÝ¨›Ñ£Õ’£«÷Î¡±Öú†®ëº;break;ááàþßí€Áí¨ÜÀË³ÒîÞÊ½€ü•;case 'user_name':$È=$ÄÌ['name'];ç¾„ €æ;break;case 'role_id':$È=$ÄÌ['role'];Ç±ýï¾¼Â‘¬¢Üê£Ù€ŸÝÄˆâ½âó¾â»¯ñƒàïóï¯°³ÀÝÕÈø÷É™ÖŽ¡ó;break;Õ£ñ¸Þ¡«á‚œÖòË‡¦Œä;case 'role_name':$ª®õ£÷=system_role::get_info($ÄÌ['role']);$È=$ª®õ£÷['name'];îøà¡Î„;break;case 'group_id':$È=array_keys($ÄÌ['group_info']);break;Æ·Ï«›¥Ñ§‹ÎÒ¹Åõ±Õð¹‡;case 'group_name':$È=array();ƒ‚í—ŠÑÌ½˜…Žµ°©ÚƒÑåÑ¥ —›ÑíŒôî¾ÞñÁÌŠÌž×;foreach($ÄÌ['group_info'] as $·=>$™ìŽÂ){$’•¯=system_group::get_info($·);ûÕ£êã¯ßÓí¾Å°ŒÐüª¨ˆá†¡Ï•ä™§ùÉŒ´š‰‹;$È[]=$’•¯['name'];}break;ÔÃÛ”‰Œ Ú‰Ëƒ’®Š³þ ˜˜Ç’áÔÇüÞÒºÓÂ¨©†„½Þêš«î¬ÙùàØšøñâŒÔ·ÓÑ—§êêµ•ðºÒ‚Ë²íåÞÜ“¸×;default:break;í…ÔúÚÏ¤÷ºâð¥Ó¬øÖ÷¬;}if(!$ð±Ã&& $È!=!1){if((is_string($È)&& $È==$this->in['value'])||(is_array($È)&& in_array($this->in['value'],$È))){$ð±Ã=!0;}else{$”‹=$this->in['check'].' not accessed, It\'s must be "'.$this->in['value'].'"';}}}if($ð±Ã){@session_name('KOD_SESSION_SSO');@session_id($_COOKIE['KOD_SESSION_SSO']);@session_start();$_SESSION[$this->in['app']]='success';@session_write_close();header('location:'.$this->in['link']);exit;}$this->login($”‹);}public function public_link(){$Þ‹¢=$this->config['setting_system']['system_password'];ç×ëÕÜÁÑ·Î¡åó™¡„ü’ªÑ¿¤¨·Ðì—ÛŠ ŠñøõÈÖ·šŽ‡¼ôúÖ–þÓ©ª¥èÎÎ¡Ÿ»;$ûËÂ=$this->in['fid'];$µ–Ìý=Mcrypt::decode($ûËÂ,$Þ‹¢);ûŒÕ;if(strlen($µ–Ìý)==0){show_json($this->L['error'],!1);}$ˆ‡ˆ‚=isset($_GET['download']);file_put_out($µ–Ìý,$ˆ‡ˆ‚);}public function common_js(){$¨š=ob_get_clean();$»¡³ó=BASIC_PATH;ÖìÑ¤ë¾©…»¶Û¿‰´ÇŒæù´û«;$Þ±=USER_PATH;$éöµ×=GROUP_PATH;ˆ„ÈÃ»¥ñú¯§Â»Ž¼ï¸›ÌÖùþ’Ùè‰ÀÒé„ÚíÍŸ©ó‘¤£;if(!$GLOBALS['is_root']){$»¡³ó='/';$Þ±='/';$éöµ×='/';}$æÞÇ=array('lang' =>LANGUAGE_TYPE,'is_root' =>$GLOBALS['is_root'],'user_id' =>$this->user['user_id'],'web_root' =>$GLOBALS['web_root'],'web_host' =>HOST,'app_host' =>APPHOST,'static_path' =>STATIC_PATH,'basic_path' =>$»¡³ó,'user_path' =>$Þ±,'group_path' =>$éöµ×,'myhome' =>MYHOME,'upload_max' =>file_upload_size(),'version' =>KOD_VERSION,'json_data' =>"",'self_share' =>system_member::user_share_list($this->user['user_id']),'user_config' =>$this->config['user'],'KOD_GROUP_PATH' =>KOD_GROUP_PATH,'KOD_GROUP_SHARE' =>KOD_GROUP_SHARE,'KOD_USER_SHARE' =>KOD_USER_SHARE,'KOD_USER_RECYCLE' =>KOD_USER_RECYCLE,'KOD_USER_FAV' =>KOD_USER_FAV,'KOD_GROUP_ROOT_SELF' =>KOD_GROUP_ROOT_SELF,'KOD_GROUP_ROOT_ALL' =>KOD_GROUP_ROOT_ALL,);if(isset($this->config['setting_system']['version_hash'])){$æÞÇ['version_hash']=$this->config['setting_system']['version_hash'];}if(!isset($GLOBALS['auth'])){$GLOBALS['auth']=array();}$ÎÖ='LNG='.json_encode($GLOBALS['L']).';';$ÎÖ.= 'AUTH='.json_encode($GLOBALS['auth']).';';µå¢Ç¿ŒÑÏÌ¤¹Ñ€§ Ñ”²õ·êÝ–³;$ÎÖ.= 'G='.json_encode($æÞÇ).';';header("Content-Type: application/javascript");Ð®—¶ÑÞõÝ±Å«Õ€ý;echo $ÎÖ;öø³©ïë•Í‚È;}public function login($èÓ³¹=''){if(!file_exists(USER_SYSTEM.'install.lock')){chmod_path(BASIC_PATH,0777);$this->display('install.html');exit;}$this->assign('msg',$èÓ³¹);if(is_wap()){$this->display('login_wap.html');}else{$this->display('login.html');}exit;}public function loginFirst(){if(!file_exists(USER_SYSTEM.'install.lock')){touch(USER_SYSTEM.'install.lock');if(!isset($this->in['password'])){$this->in['password']='admin';}$Ê='1';$Ôªç²Ü=system_member::load_data();$³®ÜŠ=$Ôªç²Ü->get($Ê);Ï°;$³®ÜŠ['password']=md5($this->in['password']);$Ôªç²Ü->set($Ê,$³®ÜŠ);ŽŸŠàˆÞ”Âàß´¶‹œéç;if($³®ÜŠ['path']=='' && $³®ÜŠ['create_time']==''){$È›ø=new system_member();$È›ø->init_install();}}header('location:./index.php?user/login');exit;}public function logout(){session_start(); ÓÔßï–î¡Ï˜€;user_logout();Ä˜Ï¬‚¸÷ËÔñòúÁ–£áê÷ÂÚ²ê°‚„±çß”¬ï¬üœ¯¶”ú‹†í†È…ª«ï£îË²¡¶ã¤»;}public function loginSubmit(){if(isset($this->in['login_token'])){$Œ=$this->config['settings']['api_login_tonken'];$ª¹=explode('|',$this->in['login_token']);if(strlen($Œ)<0x05|| count($ª¹)!=0x0002|| md5(base64_decode($ª¹[0]).$Œ)!=$ª¹[0x001]){$this->login_display("Api param error!",!1);}$this->in['name']=urlencode(base64_decode($ª¹[0]));$Ö=!0;}else{if(!isset($this->in['name'])|| !isset($this->in['password'])){$this->login_display($this->L['login_not_null'],!1);}if(need_check_code()&& $this->in['name']!='guest' && $_SESSION['check_code']!==strtolower($this->in['check_code'])){$this->login_display($this->L['code_error'],!1);}}session_start();$í=rawurldecode($this->in['name']);$ø=rawurldecode($this->in['password']);;$ª¸æÎ§=system_member::load_data();$É=$ª¸æÎ§->get('name',$í);¦ûúÁ¦´Ìýëô…Ù²ˆÓõøÓƒðþ¼×Íä‹Ï¯õµœ²™ÝØÍ«×º¡Ü”ÓäçÊÞ¼ÎÏ»‹¨‰ð´Ù ª¾ÇÂ×¦œ¦Ñóà;if($Ö&& $É){}else if($É===!1|| md5($ø)!=$É['password']){$this->login_display($this->L['password_error'],!1);}else if($É['status']==0){$this->login_display($this->L['login_error_user_not_use'],!1);}else if($É['role']==''){$this->login_display($this->L['login_error_role'],!1);}if($É['last_login']==''){$ÑõÇ·Þ=init_controller('app');$ÑõÇ·Þ->init_app($É);}$É['last_login']=time();$ª¸æÎ§->set($É['user_id'],$É);$_SESSION['kod_login']=!0;$_SESSION['kod_user']=$É;$_SESSION['CSRF-TOKEN']=rand_string(0x014);ìàÞÄºþïÊ¾·Ž–Ýª½°Ÿž¤ð”ì¨òþ¿à§åÎ·ÇûƒëÍë£Ûƒ‚‡À³§ßØ˜ôÅÁèÄ;setcookie('CSRF-TOKEN',$_SESSION['CSRF-TOKEN'],time()+0x0e10*0x0000018*0x064);setcookie('kod_user_id',$É['user_id'],time()+0x0e10*0x0000018*0x064);Þõà¦¤Ü©ÑÈ÷¾ì;if($this->in['rember_password']=='1'){setcookie('kod_token',$this->make_login_token($É),time()+0x0e10*0x0000018*0x064);}$this->login_display('ok',!0);}private function login_display($ÂïÜ„,$„ä){if(isset($this->in['is_ajax'])){show_json($ÂïÜ„,$„ä);}else{if($„ä){$œÙÁÞÃ='./';if(isset($this->in['link'])){$œÙÁÞÃ=rawurldecode($this->in['link']);}header('location:'.$œÙÁÞÃ);}else{$this->login($ÂïÜ„);}}exit;Š›¤êÁÉÇëœ‘äÛþ¹žî—£“›;}private function make_login_token($){$âÑ—=$this->config['setting_system']['system_password'];return md5($['password'].$âÑ—.$['user_id']);ˆƒüí¿÷¶¬”Ç’ïÇÌ¶ã²Éþ»Ù·ž«ÏÄ†È§Ë¤½ºäµð’É¹¤ºðÊ·Ôü‚Ô¸Û×ˆÝœŽ¦ÃòèÚÎ‘žàÛ×†;}public function version_install(){}public function changePassword(){$Ø=rawurldecode($this->in['password_now']);ÍÞ“¢˜ï°ï÷Ž;$´=rawurldecode($this->in['password_new']);¹Õ‰’óêíÌð…¦;if(!$Ø&& !$´)show_json($this->L['password_not_null'],!1);if($this->user['password']==md5($Ø)){$æ·¶ÅË=system_member::load_data();$this->user['password']=md5($´);$æ·¶ÅË->set($this->user['user_id'],$this->user);show_json('success');}else{show_json($this->L['old_password_error'],!1);}}private function checkCSRF(){return;ŠÎ´˜Û¼ÍâõçãËðöÀÛäÍê´¶Ñëí˜¸ÇöôÑÆªê£æ;if(!isset($_SERVER['HTTP_X_CSRF_TOKEN'])|| $_SERVER['HTTP_X_CSRF_TOKEN']!=$_SESSION['CSRF-TOKEN']){show_json('xtoken_error',!1);}}public function authCheck(){if(in_array(ST,$this->notCheckApp))return;if(in_array(ACT,$this->notCheck))return;$ÐÊ¯=system_role::get_info($this->user['role']);if(!array_key_exists(ST,$this->config['role_setting']))return;if(!in_array(ACT,$this->config['role_setting'][ST]))return;$this->checkCSRF();if(isset($GLOBALS['is_root'])&& $GLOBALS['is_root']==0x001)return;$ª¥¼‡‹=ST.':'.ACT;þŒÈëúà¥Â×š•ŸÅÂº“÷éÌ¦æ÷Ì£þØîÔÏîà˜ÛÜùŸÒœµñá¶´ðÇˆÛ•¯ÂûæŒÔÖá¤ÅÃ½¢;if(!isset($ÐÊ¯['userShare:set'])){$ÐÊ¯['userShare:set']=0x001;}if(!isset($ÐÊ¯['explorer:fileDownload'])){$ÐÊ¯['explorer:fileDownload']=0x001;}$ÐÊ¯['user:common_js']=0x001;$ÐÊ¯['explorer:pathDeleteRecycle']=$ÐÊ¯['explorer:pathDelete'];$ÐÊ¯['explorer:pathCopyDrag']=$ÐÊ¯['explorer:pathCuteDrag'];$ÐÊ¯['explorer:officeSave']=$ÐÊ¯['editor:fileSave'];$ÐÊ¯['explorer:imageRotate']=$ÐÊ¯['editor:fileSave'];õû£°³Ÿø»;$ÐÊ¯['explorer:fileDownloadRemove']=$ÐÊ¯['explorer:fileDownload'];¾›æ¦¨¼üŠáÃÍŸåíÖŠ®;$ÐÊ¯['explorer:zipDownload']=$ÐÊ¯['explorer:fileDownload'];ÝíÒ¡ñˆÜí–È²¯ÓÚìÐå;$ÐÊ¯['explorer:fileProxy']=!0;íú¢Å…Ñ¨Ïö‡¾;$ÐÊ¯['editor:fileGet']=!0;½Ÿ½«¶†Ùè¶Ä£þªò”Þá‚;$ÐÊ¯['explorer:officeView']=!0;if(!$ÐÊ¯['explorer:fileDownload']){$ÐÊ¯['explorer:zip']=!1;}$ÐÊ¯['userShare:del']=$ÐÊ¯['userShare:set'];if($ÐÊ¯[$ª¥¼‡‹]!=0x001)show_json($this->L['no_permission'],!1);$GLOBALS['auth']=$ÐÊ¯;$ÐäË×=array('mkfile' =>$this->check_key('path'),'pathRname' =>$this->check_key('rname_to'),'fileUpload'=> isset($_FILES['file']['name'])?$_FILES['file']['name']:'','fileSave' =>$this->check_key('path'));if(array_key_exists(ACT,$ÐäË×)&& !checkExt($ÐäË×[ACT])){show_json($this->L['no_permission_ext'],!1);}}private function check_key($î){if(!isset($this->in[$î])){return '';}return is_string($this->in[$î])?rawurldecode($this->in[$î]):'';}public function checkCode(){session_start();load_class('myCaptcha');ÄÇÚ®þˆó¢‡ž;$œ=new myCaptcha(mt_rand(0x00003,0x000004));€ŸÀÔð¥ ÈÉ¸·ÍÆŽŒ×èºÖñ®øùÍ–Ë‡ÂÌ§;$_SESSION['check_code']=$œ->get_string();}public function qrcode(){if(!function_exists('imagecolorallocate')){header('location:http://qr.liantu.com/api.php?text='.$this->in['url']);exit;}include CLASS_DIR.'phpqrcode.php';QRcode::png(rawurldecode($this->in['url']));}}