KodExplorer/controller/user.class.php

<?php class user extends Controller{private $user;private $auth;private $notCheck;function __construct(){parent::__construct();<EFBFBD>‚š‘®îŠžÝªìù­Å<EFBFBD>²ìêૢ♅†°Ïƺ°‹²²¦Äà•Ï€óùìí¨²‹Ú ö¼Ë™ŸåŸ¦—;$this->tpl=TEMPLATE.'user/';<EFBFBD>Ÿø…Ò É´¶š´ª”¡™½Ô¥˜ôœÔÁ¶ô¨Õ›¿Å‰‘僖¸£àìÚú¡†<EFBFBD>ß͙ÅæŽá¼Ð™±ø;if(!isset($_SESSION)){$this->login(DATA_PATH."<br/>".$GLOBALS['L']['path_can_not_write_data']);}else{$this->user=&$_SESSION['kod_user'];if(!isset($this->user['path'])&& isset($this->user['name'])){$this->user['path']=$this->user['name'];}}$this->notCheck=array('loginFirst','login','logout','loginSubmit','checkCode','public_link','qrcode','sso');<EFBFBD>´ÖÊšÚàÓýÂÁÙ½ãßΧ€<EFBFBD>ÁŅϧÁ¡Áóš°Á;$this->notCheckApp=array('share','debug');<EFBFBD>ž<EFBFBD>ó€Ôò–Ì<EFBFBD>ù­Ð¢­îã;$this->config['forceWap']=is_wap()&&(!isset($_COOKIE['forceWap'])|| $_COOKIE['forceWap']=='1');<EFBFBD>›¶ÕܪðŽëÄó†ãôúäÊí§à»©Ûéúþ˜éãŒÝ˜¨”î†¾à”«;}public function loginCheck(){if(in_array(ST,$this->notCheckApp))return;if(in_array(ACT,$this->notCheck))return;if(isset($_SESSION['kod_login'])&& $_SESSION['kod_login']===!0){$‰²=system_member::get_info($this->user['user_id']);$this->login_success($‰²);return;}else if($_COOKIE['kod_user_id']!='' && $_COOKIE['kod_token']!=''){$‰²=system_member::get_info($_COOKIE['kod_user_id']);if(!is_array($‰²)|| !isset($‰²['password'])){$this->logout();}if($this->make_login_token($‰²)==$_COOKIE['kod_token']){@session_start();$_SESSION['kod_login']=!0;$_SESSION['kod_user']=$‰²;$_SESSION['CSRF-TOKEN']=rand_string(0x014);setcookie('CSRF-TOKEN',$_SESSION['CSRF-TOKEN'],time()+0x0e10*0x0000018*0x064);setcookie('kod_user_id',$_COOKIE['kod_user_id'],time()+0x0e10*0x0000018*0x064);setcookie('kod_token',$_COOKIE['kod_token'],time()+0x0e10*0x0000018*0x064);@session_write_close();unset($_SESSION);@session_start();if(!isset($_SESSION['kod_user'])|| !is_array($_SESSION['kod_user'])){$this->login(DATA_PATH."<br/>".$GLOBALS['L']['path_can_not_write_data']);}else{$this->login_success($‰²);}return;}$this->logout();}else{if($this->config['setting_system']['auto_login']!='1'){$this->logout();}else{if(!file_exists(USER_SYSTEM.'install.lock')){$this->display('install.html');exit;}header('location:./index.php?user/loginSubmit&name=guest&password=guest');exit;<EFBFBD>Éœ—ªØÁ‡Â¼†Ú¦éæ…ƒ<EFBFBD>šñ–ØÒª…ø³¸„²åóûƒ‹§ÛÍ;}}}private function login_success($ŸŠ){$this->user=$ŸŠ;if(!$ŸŠ['path']){$this->login($this->L['kod_version_error']);}else if($ŸŠ['status']==0){$this->login($this->L['login_error_user_not_use']);}else if($ŸŠ['role']==''){$this->login($this->L['login_error_role']);}define('USER',USER_PATH.$this->user['path'].'/');define('USER_TEMP',USER.'data/temp/');<EFBFBD>ⶣòЕ‰ªè³°â;define('USER_RECYCLE',USER.'recycle/');<EFBFBD>›ÏÛ—Óæ¿°µíÏ¿¤ËñÄ®©ç¢úý«¦æßÖÊÇÀ²ã‘Žúåõ»–«ªæëβޓáˆû„ƒù¯©á<EFBFBD><EFBFBD>¬×Áß»Óí·¹ãó;if(!file_exists(USER)){$this->logout();}if($this->user['role']=='1'){define('MYHOME',USER.'home/');define('HOME','');$GLOBALS['web_root']=WEB_ROOT;$GLOBALS['is_root']=0x001;}else{$<24>ž·ü=user_home_path($this->user);define('HOME',$<24>ž·ü);define('MYHOME','/');$GLOBALS['web_root']='';$GLOBALS['is_root']=0;}$this->config['user']=fileCache::load(USER.'data/config.php');if(!isset($this->config['user']['file_repeat'])|| !isset($this->config['user']['resize_config'])){$this->config['user']['file_repeat']=$this->config['setting_default']['file_repeat'];$this->config['user']['recycle_open']=$this->config['setting_default']['recycle_open'];$this->config['user']['resize_config']=$this->config['setting_default']['resize_config'];}if($this->config['user']['theme']==''){$this->config['user']=$this->config['setting_default'];}}public function sso(){$êÛ<C3AA>Ìã=!1;<EFBFBD>÷<EFBFBD>‘Ù‘’‡éÔ榩ÔÞâ¹Ò´ÊñëÇß֣ᤇßõî×÷<EFBFBD>²‰“¹óè ›“õúõ°Î«úÀ—¡îå;$“="not login";<EFBFBD>Ü»<EFBFBD>Ýí‹ñ;if(isset($_SESSION)&& $_SESSION['kod_login']==0x001){$€Û=$_SESSION['kod_user'];if($€Û['role']=='1' || !isset($this->in['check'])|| !isset($this->in['value'])){$êÛ<C3AA>Ìã=!0;}$›î¿=!1;switch($this->in['check']){case 'user_id':$›î¿=$€Û['user_id'];break;<EFBFBD>‘ꧨ­È˜”Ì«‚°´ß춾ÛÁ°„Â<EFBFBD>ÍÝûŽõâýÛôéƒ<EFBFBD>˜Ì¶¬™á¯Ê—<EFBFBD>·ÍÍ“<EFBFBD>þ˜ÒŒå±‰ó§ìòƒá݇€õÓ¶£ì˜;case 'user_name':$›î¿=$€Û['name'];<EFBFBD>âïü°ƒ<EFBFBD>°œà¼‚’Æö¹³ê½•;break;<EFBFBD>¿˜Ìâ†ä¶½•™­;case 'role_id':$›î¿=$€Û['role'];break;<EFBFBD>úÍ‚·Ð”þÈγ´<EFBFBD>;case 'role_name':$üÑß=system_role::get_info($€Û['role']);$›î¿=$üÑß['name'];<EFBFBD>ð’ׯ§ðݺ»<EFBFBD>Ü;break;case 'group_id':$›î¿=array_keys($€Û['group_info']);<EFBFBD>¯óîøâ­Ðë«¢ÌèŽøŠþ‹á¯³Ò<EFBFBD>î<EFBFBD>žËÆü«¶¬ ¦¦ãÉÓ´¶þ׃çæûòåˆÔ–¼¨¤¬·Âøþ¿¤¶ìÄÝ“©§;break;<EFBFBD>æ·áÏžÞÂ…ç—›¤¿¿Ð÷ƒÊ÷Ã´ŽÄݵ¬½”“ôöã“Õ¦˜½¾´âþó´ö÷þï»î ì£®±‚;case 'group_name':$›î¿=array();<EFBFBD>ùñµðÕÈÇüà†»•èºŠž²ƒž¢¾<EFBFBD>ì±ñÝ´Ö¼ôЯªÂ…òŠ‚;foreach($€Û['group_info'] as $<24>½êù=>$õ™«ø·){$·Å’ã=system_group::get_info($<24>½êù);<EFBFBD>¬Û€¡­¯Ë;$›î¿[]=$·Å’ã['name'];<EFBFBD>ú·”‹õþ†îôŸ›íÖé¦<EFBFBD>ü‹”‚ÎÁÝÎ;}break;<EFBFBD>¯ü³î÷냄჊Ñ÷ªìæ‚ÖŽ;default:break;}if(!$êÛ<C3AA>Ìã&& $›î¿!=!1){if((is_string($›î¿)&& $›î¿==$this->in['value'])||(is_array($›î¿)&& in_array($this->in['value'],$›î¿))){$êÛ<C3AA>Ìã=!0;}else{$“=$this->in['check'].' not accessed, It\'s must be "'.$this->in['value'].'"';}}}if($êÛ<C3AA>Ìã){@session_name('KOD_SESSION_SSO');@session_id($_COOKIE['KOD_SESSION_SSO']);@session_start();$_SESSION[$this->in['app']]='success';@session_write_close();header('location:'.$this->in['link']);exit;}$this->login($“);}public function public_link(){$š´Õè=$this->config['setting_system']['system_password'];<EFBFBD>ØÁ¶ˆ¾ê÷·Öú¼¸ýÇ‹öñ÷ÞóÎ;$“£‡Çù=$this->in['fid'];<EFBFBD>©—ð࠰˘磓¤Ü’ëçŠÞßè;$¯ÖåÒ=Mcrypt::decode($“£‡Çù,$š´Õè);<EFBFBD>Ïëûù„ìÚ¤<EFBFBD>§¼†ÊЫ§ã˜<EFBFBD>íöî×Éž¯;if(strlen($¯ÖåÒ)==0){show_json($this->L['error'],!1);}$ñ<>=isset($_GET['download']);file_put_out($¯ÖåÒ,$ñ<>);<EFBFBD>Ë»ÙÏ©µóÆܱͧƒøÏæ‘ÞՉήÒí݃ßíâŸÍ®Û§ý…Üò̺¥š;}public function common_js(){$¨”±<E2809D>=ob_get_clean();$å=BASIC_PATH;$”‚Îò=USER_PATH;$àè=GROUP_PATH;<EFBFBD>«×—°´Šüî¯;if(!$GLOBALS['is_root']){$å='/';$”‚Îò='/';$àè='/';}$Ñ=array('lang' =>LANGUAGE_TYPE,'is_root' =>$GLOBALS['is_root'],'user_id' =>$this->user['user_id'],'web_root' =>$GLOBALS['web_root'],'web_host' =>HOST,'app_host' =>APPHOST,'static_path' =>STATIC_PATH,'basic_path' =>$å,'user_path' =>$”‚Îò,'group_path' =>$àè,'myhome' =>MYHOME,'upload_max' =>file_upload_size(),'version' =>KOD_VERSION,'json_data' =>"",'self_share' =>system_member::user_share_list($this->user['user_id']),'user_config' =>$this->config['user'],'KOD_GROUP_PATH' =>KOD_GROUP_PATH,'KOD_GROUP_SHARE' =>KOD_GROUP_SHARE,'KOD_USER_SHARE' =>KOD_USER_SHARE,'KOD_USER_RECYCLE' =>KOD_USER_RECYCLE,'KOD_USER_FAV' =>KOD_USER_FAV,'KOD_GROUP_ROOT_SELF' =>KOD_GROUP_ROOT_SELF,'KOD_GROUP_ROOT_ALL' =>KOD_GROUP_ROOT_ALL,);if(isset($this->config['setting_system']['version_hash'])){$Ñ['version_hash']=$this->config['setting_system']['version_hash'];}if(!isset($GLOBALS['auth'])){$GLOBALS['auth']=array();}$¬ƒçÒ='LNG='.json_encode($GLOBALS['L']).';';$¬ƒçÒ.= 'AUTH='.json_encode($GLOBALS['auth']).';';$¬ƒçÒ.= 'G='.json_encode($Ñ).';';<EFBFBD>â„ÄÖŠó¸óÄçŒ;header("Content-Type: application/javascript");<EFBFBD>¡ô®ŸäÞ¸¶·äº ·Ïî¹;echo $¬ƒçÒ;<EFBFBD>‹©È€â½ÄÊɵ‹í×€<EFBFBD>öåü¯<EFBFBD>´•×Õͨćî—ÅúÁ<EFBFBD>;}public function login($¤ÌÀï—=''){if(!file_exists(USER_SYSTEM.'install.lock')){chmod_path(BASIC_PATH,0777);$this->display('install.html');exit;}$this->assign('msg',$¤ÌÀï—);if(is_wap()){$this->display('login_wap.html');}else{$this->display('login.html');}exit;}public function loginFirst(){if(!file_exists(USER_SYSTEM.'install.lock')){touch(USER_SYSTEM.'install.lock');if(!isset($this->in['password'])){$this->in['password']='admin';}$û…Íü£='1';$â õ=system_member::load_data();$‹Ø«Ø=$â õ->get($û…Íü£);$‹Ø«Ø['password']=md5($this->in['password']);<EFBFBD>ˆ§ëʶçߛžÛ¡ìØIJ¼å©¼»µ–掘×ïŠß—öªÎÞšÒˆúí§Ö<EFBFBD>”°ÔÇìºðªö¦Áݵٵ¦ä–¾ÛÀ<EFBFBD>»ÛàÃ;$â õ->set($û…Íü£,$‹Ø«Ø);<EFBFBD>®ß€ß´ÇÍï¹øæàºÅ—•û½ù’ûÕÓ‰’¯éÖ‡¹Âµ™Â•Î‹â¿Åܧ¦—콬èú¦ú÷ü΂<EFBFBD>;if($‹Ø«Ø['path']=='' && $‹Ø«Ø['create_time']==''){$ì憦©=new system_member();$ì憦©->init_install();}}header('location:./index.php?user/login');exit;<EFBFBD><EFBFBD>÷¶Ï½“öãªä¢ÖÍžýÉ–ú™˜‹™†ñŸ­œÜ툯þ<EFBFBD>åϾøÇ£¤¬ÅúúäùÅûôß•<EFBFBD>ø›ó™È;}public function logout(){session_start();user_logout();<EFBFBD>¥·šŒ‡Ø†Îûª;}public function loginSubmit(){if(isset($this->in['login_token'])){$¦÷¨ =$this->config['settings']['api_login_tonken'];$¤–<C2A4>=explode('|',$this->in['login_token']);if(strlen($¦÷¨ )<0x05|| count($¤–<C2A4>)!=0x0002|| md5(base64_decode($¤–<C2A4>[0]).$¦÷¨ )!=$¤–<C2A4>[0x001]){$this->login_display("Api param error!",!1);}$this->in['name']=urlencode(base64_decode($¤–<C2A4>[0]));$——Õ=!0;}else{if(!isset($this->in['name'])|| !isset($this->in['password'])){$this->login_display($this->L['login_not_null'],!1);}if(need_check_code()&& $this->in['name']!='guest' && $_SESSION['check_code']!==strtolower($this->in['check_code'])){$this->login_display($this->L['code_error'],!1);}}session_start();$œ¦=rawurldecode($this->in['name']);<EFBFBD>ŽÏÙ•©ß䦋àè²Ù‘Ò—¶éµð‚ÌÆŽü䫤»à;$ɱËßÛ=rawurldecode($this->in['password']);$‚¸¦=system_member::load_data();<EFBFBD>ý;$˜´¨=$‚¸¦->get('name',$œ¦);<EFBFBD>›ìº˜Ñ彎ǯØùû;if($——Õ&& $˜´¨){}else if($˜´¨===!1|| md5($ɱËßÛ)!=$˜´¨['password']){$this->login_display($this->L['password_error'],!1);}else if($˜´¨['status']==0){$this->login_display($this->L['login_error_user_not_use'],!1);}else if($˜´¨['role']==''){$this->login_display($this->L['login_error_role'],!1);}if($˜´¨['last_login']==''){$Õ¨ý=init_controller('app');$Õ¨ý->init_app($˜´¨);}$˜´¨['last_login']=time();$‚¸¦->set($˜´¨['user_id'],$˜´¨);<EFBFBD>Ä̦Œ¾ö´Œ<EFBFBD>ਊ›ÀÜ‚þëÉ®Åë;$_SESSION['kod_login']=!0;<EFBFBD>ýò¶£·„Éù<EFBFBD>ˆñÅ•<EFBFBD>¦½šÂþ;$_SESSION['kod_user']=$˜´¨;<EFBFBD>㎮©ÒÙ¨í®¦àåʘ镓ùž…¿´•æò¯©ò§íñ‹ü µÐúݾ©… <EFBFBD>йùåÌô…Ò´¹çœ¬˜Å;$_SESSION['CSRF-TOKEN']=rand_string(0x014);setcookie('CSRF-TOKEN',$_SESSION['CSRF-TOKEN'],time()+0x0e10*0x0000018*0x064);<EFBFBD>̱²‚‚­à;setcookie('kod_user_id',$˜´¨['user_id'],time()+0x0e10*0x0000018*0x064);<EFBFBD>áç·›âžè×£»<EFBFBD>ܤ©Š½ï©ý£»ËÔîÍ×<EFBFBD>¯™ô–úÝÍ—Á쀚<EFBFBD>¼§ìáÑö Á¡žåÝê»Ì¹“é;if($this->in['rember_password']=='1'){setcookie('kod_token',$this->make_login_token($˜´¨),time()+0x0e10*0x0000018*0x064);}$this->login_display('ok',!0);}private function login_display($­ßþ©¾,$À€ºÁ){if(isset($this->in['is_ajax'])){show_json($­ßþ©¾,$À€ºÁ);}else{if($À€ºÁ){$Êþ='./';if(isset($this->in['link'])){$Êþ=rawurldecode($this->in['link']);}header('location:'.$Êþ);}else{$this->login($­ßþ©¾);<EFBFBD>•°‚×Ò¡½°ŒùýŎ讻ɮäˆû¦‰¶ç£‚çæ»ÉûëËÔ¾ì’ï;}}exit;<EFBFBD>¿›×íסœ¼ª™â³ÐËÖÒ³;}private function make_login_token($Žü»){$É<>º¶£=$this->config['setting_system']['system_password'];return md5($Žü»['password'].$É<>º¶£.$Žü»['user_id']);}public function version_install(){}public function changePassword(){$™ï=rawurldecode($this->in['password_now']);<EFBFBD>¤“úྔÄñä<EFBFBD>ɸĈÇÂÃÂŒÓüÂ÷¨ò¨Ââô´ÁšÈ½ú‡ÑÀø·ÐÃð–˸Ø<EFBFBD>ûääù¨Ü£œ†åþû›Á–ãþ’ëÑ;$劤©=rawurldecode($this->in['password_new']);<EFBFBD>µ“†±÷ê«¡Èνε½ËÐþá´þó¡ÑƇÜë°Ø¦¦Ž¹­¿²™ëÓố±ðÎüÂÎ;if(!$™ï&& !$劤©)show_json($this->L['password_not_null'],!1);if($this->user['password']==md5($™ï)){$÷ÍÔ™=system_member::load_data();$this->user['password']=md5($劤©);$÷ÍÔ™->set($this->user['user_id'],$this->user);show_json('success');}else{show_json($this->L['old_password_error'],!1);}}private function checkCSRF(){return;if(!isset($_SERVER['HTTP_X_CSRF_TOKEN'])|| $_SERVER['HTTP_X_CSRF_TOKEN']!=$_SESSION['CSRF-TOKEN']){show_json('xtoken_error',!1);}}public function authCheck(){if(in_array(ST,$this->notCheckApp))return;if(in_array(ACT,$this->notCheck))return;$ ü=system_role::get_info($this->user['role']);if(!array_key_exists(ST,$this->config['role_setting']))return;if(!in_array(ACT,$this->config['role_setting'][ST]))return;$this->checkCSRF();<EFBFBD>øä禥›¿‘î¢Í<EFBFBD>Ô¿ÏÒ‚ž²ú쇔<EFBFBD>£µ;if(isset($GLOBALS['is_root'])&& $GLOBALS['is_root']==0x001)return;$«=ST.':'.ACT;if(!isset($ ü['userShare:set'])){$ ü['userShare:set']=0x001;}if(!isset($ ü['explorer:fileDownload'])){$ ü['explorer:fileDownload']=0x001;}$ ü['user:common_js']=0x001;$ ü['explorer:pathDeleteRecycle']=$ ü['explorer:pathDelete'];<EFBFBD>Å;$ ü['explorer:pathCopyDrag']=$ ü['explorer:pathCuteDrag'];<EFBFBD>ÝçüÍŠËÎß‹ž²Ž½å‰ªìž·‘Ó¼ۣ—ÜéÙ„Ô¸;$ ü['explorer:officeSave']=$ ü['editor:fileSave'];<EFBFBD>öžÔÖ;$ ü['explorer:imageRotate']=$ ü['editor:fileSave'];$ ü['explorer:fileDownloadRemove']=$ ü['explorer:fileDownload'];<EFBFBD>°ïÂÛÜà”î;$ ü['explorer:zipDownload']=$ ü['explorer:fileDownload'];$ ü['explorer:fileProxy']=!0;<EFBFBD>úÃìä<EFBFBD>ñ;$ ü['editor:fileGet']=!0;$ ü['explorer:officeView']=!0;<EFBFBD>ÜÕ¬±­Ö¥·<EFBFBD>;if(!$ ü['explorer:fileDownload']){$ ü['explorer:zip']=!1;}$ ü['userShare:del']=$ ü['userShare:set'];if($ ü[$«]!=0x001)show_json($this->L['no_permission'],!1);$GLOBALS['auth']=$ ü;<EFBFBD>²…²Æôçž ø™äæþƒØºÙ·Ç¶Žóç»Ë;$ò=array('mkfile' =>$this->check_key('path'),'pathRname' =>$this->check_key('rname_to'),'fileUpload'=> isset($_FILES['file']['name'])?$_FILES['file']['name']:'','fileSave' =>$this->check_key('path'));<EFBFBD>­˜¡àß–Èý·Â˜œ©˜ ƒÒù;if(array_key_exists(ACT,$ò)&& !checkExt($ò[ACT])){show_json($this->L['no_permission_ext'],!1);}}private function check_key($›°È){if(!isset($this->in[$›°È])){return '';}return is_string($this->in[$›°È])?rawurldecode($this->in[$›°È]):'';}public function checkCode(){session_start();load_class('myCaptcha');$Û=new myCaptcha(mt_rand(0x00003,0x000004));$_SESSION['check_code']=$Û->get_string();<EFBFBD>•ã¤¶Å;}public function qrcode(){if(!function_exists('imagecolorallocate')){header('location:http://qr.liantu.com/api.php?text='.$this->in['url']);exit;}include CLASS_DIR.'phpqrcode.php';QRcode::png(rawurldecode($this->in['url']));}}