KodExplorer/controller/user.class.php

<?php class user extends Controller{private $user;private $auth;private $notCheck;function __construct(){parent::__construct();<EFBFBD>Òý;$this->tpl=TEMPLATE.'user/';if(!isset($_SESSION)){$this->login("session write error!");}else{$this->user=&$_SESSION['kod_user'];if(!isset($this->user['path'])&& isset($this->user['name'])){$this->user['path']=$this->user['name'];}}$this->notCheck=array('loginFirst','login','logout','loginSubmit','checkCode','public_link','qrcode','sso');<EFBFBD>—Ï<EFBFBD><EFBFBD>úÝß箚Á½øÏþ;$this->notCheckApp=array('share','debug');<EFBFBD>œÂüí¦<EFBFBD>ýùþŠö®¶<EFBFBD>ýÓ<EFBFBD>ù²ïáá‹£Ÿ„óžÑ³èî;$this->config['forceWap']=is_wap()&&(!isset($_COOKIE['forceWap'])|| $_COOKIE['forceWap']=='1');<EFBFBD>žçÚ™æå<EFBFBD>–œŸ”ð°Ž£ ð†«”¥°‰Ä‚½­ð´”ÎÓû©ìã<EFBFBD>ýù­ž<EFBFBD>žÎ<EFBFBD>Âî<EFBFBD>È›£îÌ­³ÎêáÀ õ;}public function loginCheck(){if(in_array(ST,$this->notCheckApp))return;if(in_array(ACT,$this->notCheck))return;if(isset($_SESSION['kod_login'])&& $_SESSION['kod_login']===!0){$ó=system_member::get_info($this->user['user_id']);$this->login_success($ó);return;}else if($_COOKIE['kod_user_id']!='' && $_COOKIE['kod_token']!=''){$ó=system_member::get_info($_COOKIE['kod_user_id']);if(!is_array($ó)|| !isset($ó['password'])){$this->logout();}if($this->make_login_token($ó)==$_COOKIE['kod_token']){@session_start();$_SESSION['kod_login']=!0;$_SESSION['kod_user']=$ó;$_SESSION['CSRF-TOKEN']=rand_string(0x014);setcookie('CSRF-TOKEN',$_SESSION['CSRF-TOKEN'],time()+0x0e10*0x0000018*0x064);setcookie('kod_user_id',$_COOKIE['kod_user_id'],time()+0x0e10*0x0000018*0x064);setcookie('kod_token',$_COOKIE['kod_token'],time()+0x0e10*0x0000018*0x064);@session_write_close();unset($_SESSION);@session_start();if(!isset($_SESSION['kod_user'])|| !is_array($_SESSION['kod_user'])){$this->login("session write error!");}else{$this->login_success($ó);}return;}$this->logout();<EFBFBD>×ÊßÑ÷ýá—Ì€Ù¼<EFBFBD>£Ø³’¥àÅô˨µëžÅà’€ÂéË¢¼Ã ŸÚ;}else{if($this->config['setting_system']['auto_login']!='1'){$this->logout();}else{if(!file_exists(USER_SYSTEM.'install.lock')){$this->display('install.html');exit;}header('location:./index.php?user/loginSubmit&name=guest&password=guest');exit;<EFBFBD>«®Ø„áê©Ã±ž<EFBFBD>ÙÔü;}}}private function login_success($›ÝŒœ ){$this->user=$›ÝŒœ ;<EFBFBD>´«ãÓ‡Òò¼ý¡•ƒ„<EFBFBD>¬È³ËØ<EFBFBD>¡Õ‡¼³“ØÔŠÀ˜¿ìü“óφ±Î¨ÇÒ­;if(!$›ÝŒœ ['path']){$this->login($this->L['kod_version_error']);}else if($›ÝŒœ ['status']==0){$this->login($this->L['login_error_user_not_use']);}else if($›ÝŒœ ['role']==''){$this->login($this->L['login_error_role']);}define('USER',USER_PATH.$this->user['path'].'/');define('USER_TEMP',USER.'data/temp/');<EFBFBD>üË΋줒ªØ¦;define('USER_RECYCLE',USER.'recycle/');if(!file_exists(USER)){$this->logout();}if($this->user['role']=='1'){define('MYHOME',USER.'home/');define('HOME','');$GLOBALS['web_root']=WEB_ROOT;$GLOBALS['is_root']=0x001;}else{$±Ä=user_home_path($this->user);define('HOME',$±Ä);define('MYHOME','/');$GLOBALS['web_root']='';$GLOBALS['is_root']=0;}$this->config['user']=fileCache::load(USER.'data/config.php');if(!isset($this->config['user']['file_repeat'])|| !isset($this->config['user']['resize_config'])){$this->config['user']['file_repeat']=$this->config['setting_default']['file_repeat'];$this->config['user']['recycle_open']=$this->config['setting_default']['recycle_open'];$this->config['user']['resize_config']=$this->config['setting_default']['resize_config'];}if($this->config['user']['theme']==''){$this->config['user']=$this->config['setting_default'];}}public function sso(){$ð±Ã=!1;$”‹="not login";<EFBFBD> ¶áé¶×惦ñðË„›¥«ŸÓÜãšÎ–ÞÒ½òÝ–Ö’·Žó;if(isset($_SESSION)&& $_SESSION['kod_login']==0x001){$ÄÌ=$_SESSION['kod_user'];if($ÄÌ['role']=='1' || !isset($this->in['check'])|| !isset($this->in['value'])){$ð±Ã=!0;}$È=!1;switch($this->in['check']){case 'user_id':$È=$ÄÌ['user_id'];<EFBFBD>¿þÕå«ô¹ˆÙÔÖ𳪮§‰Åþœý<EFBFBD>‘ŸÒݨ›Ñ£Õ’£«÷Ρ±Öú†®ëº;break;<EFBFBD>ááàþßí<EFBFBD>€Áí¨ÜÀ˳ÒîÞʽ€ü•;case 'user_name':$È=$ÄÌ['name'];<EFBFBD>ç¾<EFBFBD>„ €æ;break;case 'role_id':$È=$ÄÌ['role'];<EFBFBD><EFBFBD>DZýï<EFBFBD>¾¼Â‘¬¢Üê£Ù€ŸÝĈ<EFBFBD>â<EFBFBD>½âó¾â»¯ñƒàïóﯰ³ÀÝÕ<EFBFBD>Èø÷ə֎¡ó;break;<EFBFBD>Õ£ñ¸Þ¡«á‚œÖòˇ¦Œä;case 'role_name':$ª®õ£÷=system_role::get_info($ÄÌ['role']);$È=$ª®õ£÷['name'];<EFBFBD>îøà¡Î„;break;case 'group_id':$È=array_keys($ÄÌ['group_info']);break;<EFBFBD>Æ·Ï<EFBFBD>«›¥Ñ§‹ÎÒ¹Åõ±Õð¹‡;case 'group_name':$È=array();<EFBFBD>ƒ‚í—ŠÑ̽˜…Žµ°©ÚƒÑåÑ¥ —›Ñí<EFBFBD>Œôî¾ÞñÁÌŠÌž×;foreach($ÄÌ['group_info'] as $·=>$™ìŽÂ){$’•¯=system_group::get_info($·);<EFBFBD>ûÕ£êã¯ßÓí¾Å°ŒÐüª¨ˆá†¡Ï•ä™§ùÉŒ´š‰‹;$È[]=$’•¯['name'];}break;<EFBFBD>ÔÃÛ”‰Œ Ú‰Ëƒ’®Š³þ ˜˜Ç’áÔÇüÞÒºÓ¨©†„½<EFBFBD><EFBFBD>Þêš«î¬ÙùàØšøñâŒÔ·ÓÑ—§<EFBFBD>ê굕ðºÒ‚˲íåÞÜ“¸×;default:break;<EFBFBD>í…ÔúÚ<EFBFBD>Ï­¤÷º<EFBFBD>âð¥Ó¬øÖ÷¬;}if(!$ð±Ã&& $È!=!1){if((is_string($È)&& $È==$this->in['value'])||(is_array($È)&& in_array($this->in['value'],$È))){$ð±Ã=!0;}else{$”‹=$this->in['check'].' not accessed, It\'s must be "'.$this->in['value'].'"';}}}if($ð±Ã){@session_name('KOD_SESSION_SSO');@session_id($_COOKIE['KOD_SESSION_SSO']);@session_start();$_SESSION[$this->in['app']]='success';@session_write_close();header('location:'.$this->in['link']);exit;}$this->login($”‹);}public function public_link(){$Þ‹¢=$this->config['setting_system']['system_password'];<EFBFBD>ç×ëÕÜÁѷΡåó™¡„ü’ªÑ¿¤¨·Ðì—Û<EFBFBD>Š ŠñøõÈÖ·šŽ‡¼ôúÖ–þÓ©ª¥èÎΡŸ»;$ûËÂ=$this->in['fid'];$µ–Ìý=Mcrypt::decode($ûËÂ,$Þ‹¢);<EFBFBD>ûŒÕ;if(strlen($µ–Ìý)==0){show_json($this->L['error'],!1);}$ˆ­‡ˆ‚=isset($_GET['download']);file_put_out($µ–Ìý,$ˆ­‡ˆ‚);}public function common_js(){$¨š=ob_get_clean();$»¡³ó<C2B3>=BASIC_PATH;<EFBFBD>ÖìѤ뾩…»¶Û­¿‰´ÇŒæù´<EFBFBD>û«;$<24>Þ±=USER_PATH;$éöµ×=GROUP_PATH;<EFBFBD>ˆ„Èû¥ñú¯§Â»Ž¼ï<EFBFBD>¸›ÌÖùþ’Ùè‰<EFBFBD>ÀÒé„ÚíÍŸ©ó‘¤£;if(!$GLOBALS['is_root']){$»¡³ó<C2B3>='/';$<24>Þ±='/';$éöµ×='/';}$æÞÇ=array('lang' =>LANGUAGE_TYPE,'is_root' =>$GLOBALS['is_root'],'user_id' =>$this->user['user_id'],'web_root' =>$GLOBALS['web_root'],'web_host' =>HOST,'app_host' =>APPHOST,'static_path' =>STATIC_PATH,'basic_path' =>$»¡³ó<C2B3>,'user_path' =>$<24>Þ±,'group_path' =>$éöµ×,'myhome' =>MYHOME,'upload_max' =>file_upload_size(),'version' =>KOD_VERSION,'json_data' =>"",'self_share' =>system_member::user_share_list($this->user['user_id']),'user_config' =>$this->config['user'],'KOD_GROUP_PATH' =>KOD_GROUP_PATH,'KOD_GROUP_SHARE' =>KOD_GROUP_SHARE,'KOD_USER_SHARE' =>KOD_USER_SHARE,'KOD_USER_RECYCLE' =>KOD_USER_RECYCLE,'KOD_USER_FAV' =>KOD_USER_FAV,'KOD_GROUP_ROOT_SELF' =>KOD_GROUP_ROOT_SELF,'KOD_GROUP_ROOT_ALL' =>KOD_GROUP_ROOT_ALL,);if(isset($this->config['setting_system']['version_hash'])){$æÞÇ['version_hash']=$this->config['setting_system']['version_hash'];}if(!isset($GLOBALS['auth'])){$GLOBALS['auth']=array();}$ÎÖ='LNG='.json_encode($GLOBALS['L']).';';$ÎÖ.= 'AUTH='.json_encode($GLOBALS['auth']).';';<EFBFBD>µå¢Ç¿ŒÑÏ̤¹Ñ€§  Ñ”²õ·êÝ–³;$ÎÖ.= 'G='.json_encode($æÞÇ).';';header("Content-Type: application/javascript");<EFBFBD>Ю—¶ÑÞõݱūՀý;echo $ÎÖ;<EFBFBD>öø³©ïë•Í‚È;}public function login($èÓ³¹=''){if(!file_exists(USER_SYSTEM.'install.lock')){chmod_path(BASIC_PATH,0777);$this->display('install.html');exit;}$this->assign('msg',$èÓ³¹);if(is_wap()){$this->display('login_wap.html');}else{$this->display('login.html');}exit;}public function loginFirst(){if(!file_exists(USER_SYSTEM.'install.lock')){touch(USER_SYSTEM.'install.lock');if(!isset($this->in['password'])){$this->in['password']='admin';}$Ê='1';$Ôªç²Ü=system_member::load_data();$³®ÜŠ=$Ôªç²Ü->get($Ê);<EFBFBD>Ï°;$³®ÜŠ['password']=md5($this->in['password']);$Ôªç²Ü->set($Ê,$³®ÜŠ);<EFBFBD>ŽŸŠàˆÞ”Âàß´¶‹œéç;if($³®ÜŠ['path']=='' && $³®ÜŠ['create_time']==''){$È›ø=new system_member();$È›ø->init_install();}}header('location:./index.php?user/login');exit;}public function logout(){session_start();<EFBFBD> ÓÔßï–î<EFBFBD>¡Ï˜€;user_logout();<EFBFBD>Ä<EFBFBD>˜Ï¬‚¸÷ËÔñòúÁ–£áê÷ÂÚ<EFBFBD>²ê°‚„±çß”¬ï¬üœ¯¶”ú‹†í†È…ª«ï£î˲¡¶ã¤»;}public function loginSubmit(){if(isset($this->in['login_token'])){$Œ=$this->config['settings']['api_login_tonken'];$ª¹=explode('|',$this->in['login_token']);if(strlen($Œ)<0x05|| count($ª¹)!=0x0002|| md5(base64_decode($ª¹[0]).$Œ)!=$ª¹[0x001]){$this->login_display("Api param error!",!1);}$this->in['name']=urlencode(base64_decode($ª¹[0]));$Ö=!0;}else{if(!isset($this->in['name'])|| !isset($this->in['password'])){$this->login_display($this->L['login_not_null'],!1);}if(need_check_code()&& $this->in['name']!='guest' && $_SESSION['check_code']!==strtolower($this->in['check_code'])){$this->login_display($this->L['code_error'],!1);}}session_start();$í=rawurldecode($this->in['name']);$ø=rawurldecode($this->in['password']);<EFBFBD><EFBFBD>;$ª¸æΧ=system_member::load_data();$É=$ª¸æΧ->get('name',$í);<EFBFBD>¦ûúÁ¦´Ìýëô…Ù²ˆÓõøÓƒðþ¼×Íä‹Ï¯õµ<EFBFBD>œ²™ÝØͫ׺¡Ü”ÓäçÊÞ¼ÎÏ»‹¨‰ð´Ù ª<EFBFBD>¾ÇÂצœ¦Ñóà;if($Ö&& $É){}else if($É===!1|| md5($ø)!=$É['password']){$this->login_display($this->L['password_error'],!1);}else if($É['status']==0){$this->login_display($this->L['login_error_user_not_use'],!1);}else if($É['role']==''){$this->login_display($this->L['login_error_role'],!1);}if($É['last_login']==''){$ÑõÇ·Þ=init_controller('app');$ÑõÇ·Þ->init_app($É);}$É['last_login']=time();$ª¸æΧ->set($É['user_id'],$É);$_SESSION['kod_login']=!0;$_SESSION['kod_user']=$É;$_SESSION['CSRF-TOKEN']=rand_string(0x014);<EFBFBD>ì<EFBFBD>àÞĺþïʾ·Ž–ݪ½°Ÿž¤ð”ì¨òþ¿<EFBFBD>à§åηǭûƒ­ëÍë£Ûƒ‚‡À³§ßؘôÅÁèÄ;setcookie('CSRF-TOKEN',$_SESSION['CSRF-TOKEN'],time()+0x0e10*0x0000018*0x064);setcookie('kod_user_id',$É['user_id'],time()+0x0e10*0x0000018*0x064);<EFBFBD>ÞõতܩÑÈ÷¾ì;if($this->in['rember_password']=='1'){setcookie('kod_token',$this->make_login_token($É),time()+0x0e10*0x0000018*0x064);}$this->login_display('ok',!0);}private function login_display($ÂïÜ„,$„ä){if(isset($this->in['is_ajax'])){show_json($ÂïÜ„,$„ä);}else{if($„ä){$œÙÁÞÃ='./';if(isset($this->in['link'])){$œÙÁÞÃ=rawurldecode($this->in['link']);}header('location:'.$œÙÁÞÃ);}else{$this->login($ÂïÜ„);}}exit;<EFBFBD>Š›¤êÁÉÇ뜑äÛþ¹žî—£“›;}private function make_login_token($<24>){$âÑ—=$this->config['setting_system']['system_password'];return md5($<24>['password'].$âÑ—.$<24>['user_id']);<EFBFBD>ˆƒü­í¿÷¶¬”Ç’ïÇÌ<EFBFBD>¶ã²Éþ»Ù·ž«ÏĆȧ<EFBFBD>ˤ½ºäµð’ɹ¤º<EFBFBD>ðÊ·Ôü‚Ô¸Û<EFBFBD>׈ݜŽ¦Ã<EFBFBD>òèڭΑžàÛ׆;}public function version_install(){}public function changePassword(){$Ø=rawurldecode($this->in['password_now']);<EFBFBD>ÍÞ“¢˜ï°ï÷Ž<EFBFBD>;$´=rawurldecode($this->in['password_new']);<EFBFBD>¹<EFBFBD>Õ‰’óêíÌð…¦;if(!$Ø&& !$´)show_json($this->L['password_not_null'],!1);if($this->user['password']==md5($Ø)){$æ·¶ÅË=system_member::load_data();$this->user['password']=md5($´);$æ·¶ÅË->set($this->user['user_id'],$this->user);show_json('success');}else{show_json($this->L['old_password_error'],!1);}}private function checkCSRF(){return;<EFBFBD>ŠÎ´˜Û¼Í­âõçãËðöÀÛä<EFBFBD>Íê´¶Ñë호ÇöôÑƪê£æ;if(!isset($_SERVER['HTTP_X_CSRF_TOKEN'])|| $_SERVER['HTTP_X_CSRF_TOKEN']!=$_SESSION['CSRF-TOKEN']){show_json('xtoken_error',!1);}}public function authCheck(){if(in_array(ST,$this->notCheckApp))return;if(in_array(ACT,$this->notCheck))return;$Ðʯ=system_role::get_info($this->user['role']);if(!array_key_exists(ST,$this->config['role_setting']))return;if(!in_array(ACT,$this->config['role_setting'][ST]))return;$this->checkCSRF();if(isset($GLOBALS['is_root'])&& $GLOBALS['is_root']==0x001)return;$ª¥¼‡‹=ST.':'.ACT;<EFBFBD>þŒÈëúà¥Âך•ŸÅ<EFBFBD>­º“÷é̦æ÷Ì£þØîÔÏîà˜ÛÜù<EFBFBD>ŸÒœµñᶴ<EFBFBD>ðLjە¯Â<EFBFBD>ûæŒÔÖá¤Åý¢;if(!isset($Ðʯ['userShare:set'])){$Ðʯ['userShare:set']=0x001;}if(!isset($Ðʯ['explorer:fileDownload'])){$Ðʯ['explorer:fileDownload']=0x001;}$Ðʯ['user:common_js']=0x001;$Ðʯ['explorer:pathDeleteRecycle']=$Ðʯ['explorer:pathDelete'];$Ðʯ['explorer:pathCopyDrag']=$Ðʯ['explorer:pathCuteDrag'];$Ðʯ['explorer:officeSave']=$Ðʯ['editor:fileSave'];$Ðʯ['explorer:imageRotate']=$Ðʯ['editor:fileSave'];<EFBFBD>õû£­°³Ÿø»;$Ðʯ['explorer:fileDownloadRemove']=$Ðʯ['explorer:fileDownload'];<EFBFBD>¾›æ¦¨¼üŠáÃÍŸåíÖŠ®;$Ðʯ['explorer:zipDownload']=$Ðʯ['explorer:fileDownload'];<EFBFBD>ÝíÒ<EFBFBD>¡ñˆÜí–È­²¯ÓÚìÐå;$Ðʯ['explorer:fileProxy']=!0;<EFBFBD>íú¢Å…ѨÏö‡¾;$Ðʯ['editor:fileGet']=!0;<EFBFBD>½Ÿ½«¶†Ù趭ģþªò”Þá<EFBFBD>‚;$Ðʯ['explorer:officeView']=!0;if(!$Ðʯ['explorer:fileDownload']){$Ðʯ['explorer:zip']=!1;}$Ðʯ['userShare:del']=$Ðʯ['userShare:set'];if($Ðʯ[$ª¥¼‡‹]!=0x001)show_json($this->L['no_permission'],!1);$GLOBALS['auth']=$Ðʯ;$ÐäË×=array('mkfile' =>$this->check_key('path'),'pathRname' =>$this->check_key('rname_to'),'fileUpload'=> isset($_FILES['file']['name'])?$_FILES['file']['name']:'','fileSave' =>$this->check_key('path'));if(array_key_exists(ACT,$ÐäË×)&& !checkExt($ÐäË×[ACT])){show_json($this->L['no_permission_ext'],!1);}}private function check_key($î){if(!isset($this->in[$î])){return '';}return is_string($this->in[$î])?rawurldecode($this->in[$î]):'';}public function checkCode(){session_start();load_class('myCaptcha');<EFBFBD><EFBFBD>ÄÇÚ®þˆó¢‡ž;$œ=new myCaptcha(mt_rand(0x00003,0x000004));<EFBFBD>€ŸÀÔð¥ Èɸ·Í<EFBFBD>Æ<EFBFBD>ŽŒ×èºÖñ®øùÍ<EFBFBD>–ˇÂ̧;$_SESSION['check_code']=$œ->get_string();}public function qrcode(){if(!function_exists('imagecolorallocate')){header('location:http://qr.liantu.com/api.php?text='.$this->in['url']);exit;}include CLASS_DIR.'phpqrcode.php';QRcode::png(rawurldecode($this->in['url']));}}