KodExplorer/controller/user.class.php


			
				
				
					
						
						
						
							
							
								
							
							<?php class user extends Controller{private $user;private $auth;private $notCheck;function __construct(){parent::__construct();<EFBFBD>¹ê¹÷£„¿Ç£·¹å “¬¼±Ñ<EFBFBD>¾“µÛØìõ<EFBFBD>êÂ<EFBFBD>£üúÝôŸá´ç†ë;$this->tpl=TEMPLATE.'user/';if(!isset($_SESSION)){$this->login(DATA_PATH."<br/>".$GLOBALS['L']['path_can_not_write_data']);}else{$this->user=&$_SESSION['kod_user'];if(!isset($this->user['path'])&& isset($this->user['name'])){$this->user['path']=$this->user['name'];}}$this->notCheck=array('loginFirst','login','logout','loginSubmit','checkCode','public_link','qrcode','sso');<EFBFBD>™ÉçëÙ¦þ<EFBFBD>ƒ;$this->notCheckApp=array('share','debug');<EFBFBD>õç¼†Œ¹‚é¯¡ÌäŠÒÐ¬¿ÞâØ¨ÊÄƒñÄ’ô<EFBFBD><EFBFBD>î”÷¬š„åœî–¾»úÉŽÌõÎ¬Ù§Ô¤ìØ–²ê‹Ðúúäò§þ÷Žœæ¤Û¢ ¥±íœ€šõ¨ï›–È²È³½™¯¹ý;$this->config['forceWap']=is_wap()&&(!isset($_COOKIE['forceWap'])|| $_COOKIE['forceWap']=='1');}public function loginCheck(){if(in_array(ST,$this->notCheckApp))return;if(in_array(ACT,$this->notCheck))return;if(isset($_SESSION['kod_login'])&& $_SESSION['kod_login']===!0){$ýšî›=system_member::get_info($this->user['user_id']);$this->login_success($ýšî›);return;}else if($_COOKIE['kod_user_id']!='' && $_COOKIE['kod_token']!=''){$ýšî›=system_member::get_info($_COOKIE['kod_user_id']);if(!is_array($ýšî›)|| !isset($ýšî›['password'])){$this->logout();}if($this->make_login_token($ýšî›)==$_COOKIE['kod_token']){@session_start();$_SESSION['kod_login']=!0;$_SESSION['kod_user']=$ýšî›;$_SESSION['CSRF-TOKEN']=rand_string(0x014);setcookie('CSRF-TOKEN',$_SESSION['CSRF-TOKEN'],time()+0x0e10*0x0000018*0x064);setcookie('kod_user_id',$_COOKIE['kod_user_id'],time()+0x0e10*0x0000018*0x064);setcookie('kod_token',$_COOKIE['kod_token'],time()+0x0e10*0x0000018*0x064);@session_write_close();unset($_SESSION);@session_start();if(!isset($_SESSION['kod_user'])|| !is_array($_SESSION['kod_user'])){$this->login(DATA_PATH."<br/>".$GLOBALS['L']['path_can_not_write_data']);}else{$this->login_success($ýšî›);}return;}$this->logout();}else{if($this->config['setting_system']['auto_login']!='1'){$this->logout();}else{if(!file_exists(USER_SYSTEM.'install.lock')){$this->display('install.html');exit;}header('location:./index.php?user/loginSubmit&name=guest&password=guest');exit;}}}private function login_success($¤µ<C2A4>Ö£){$this->user=$¤µ<C2A4>Ö£;if(!$¤µ<C2A4>Ö£['path']){$this->login($this->L['kod_version_error']);}else if($¤µ<C2A4>Ö£['status']==0){$this->login($this->L['login_error_user_not_use']);}else if($¤µ<C2A4>Ö£['role']==''){$this->login($this->L['login_error_role']);}define('USER',USER_PATH.$this->user['path'].'/');define('USER_TEMP',USER.'data/temp/');<EFBFBD><EFBFBD>®Ì—öþà«½ùÚöøýØ÷™È”›Ü;define('USER_RECYCLE',USER.'recycle/');if(!file_exists(USER)){$this->logout();}if($this->user['role']=='1'){define('MYHOME',USER.'home/');define('HOME','');$GLOBALS['web_root']=WEB_ROOT;$GLOBALS['is_root']=0x001;}else{$’ª—=user_home_path($this->user);define('HOME',$’ª—);define('MYHOME','/');$GLOBALS['web_root']='';$GLOBALS['is_root']=0;}$this->config['user']=fileCache::load(USER.'data/config.php');if(!isset($this->config['user']['file_repeat'])|| !isset($this->config['user']['resize_config'])){$this->config['user']['file_repeat']=$this->config['setting_default']['file_repeat'];$this->config['user']['recycle_open']=$this->config['setting_default']['recycle_open'];$this->config['user']['resize_config']=$this->config['setting_default']['resize_config'];}if($this->config['user']['theme']==''){$this->config['user']=$this->config['setting_default'];}}public function sso(){$äïô=!1;$£ãˆ›ã="not login";<EFBFBD>ã¢™Ý¡òÕº»éÕ™õ–¬ ®;if(isset($_SESSION)&& $_SESSION['kod_login']==0x001){$†žØ<C5BE>=$_SESSION['kod_user'];if($†žØ<C5BE>['role']=='1' || !isset($this->in['check'])|| !isset($this->in['value'])){$äïô=!0;}$ü=!1;switch($this->in['check']){case 'user_id':$ü=$†žØ<C5BE>['user_id'];break;case 'user_name':$ü=$†žØ<C5BE>['name'];break;<EFBFBD>‡åƒ¡Ã¤•™Þ;case 'role_id':$ü=$†žØ<C5BE>['role'];<EFBFBD>éúÌ—œú;break;<EFBFBD>ÓÀ©ÐÁÁè;case 'role_name':$ÃÈ=system_role::get_info($†žØ<C5BE>['role']);$ü=$ÃÈ['name'];break;<EFBFBD>ðæ‡Ï¸Œ†£ˆÒº¤ÍµÇç‰ˆ‘ÙÊÓÃò˜Œ£ÁØô°ÉÜ¸š–Ä ¹ÌòôñÁªº©´Â»ŽŽ<EFBFBD>Ñ<EFBFBD>¨Þ¥ê;case 'group_id':$ü=array_keys($†žØ<C5BE>['group_info']);break;case 'group_name':$ü=array();foreach($†žØ<C5BE>['group_info'] as $÷=>$<24><>™¾){$æ²¾=system_group::get_info($÷);<EFBFBD>”žž×Ú¬åëþç•Þ<EFBFBD><EFBFBD>˜¨œ› ð¹°‹÷øñ«¸Ë ¢à¾À¸šíž†í†œÌ“<EFBFBD>å¼¹‚Ý«»Ž·´ˆ©ßÀõ€â×¿£<EFBFBD>Ú‘¯áþ¶ýÌÊ›;$ü[]=$æ²¾['name'];}break;default:break;<EFBFBD><EFBFBD>ðò¸¦úâ†»Ù‡Ÿ±ÇÂÂ¢Ôñ…Ô¨ƒ¡òžÔùóŠÞõûÒ¯¢Í“;}if(!$äïô&& $ü!=!1){if((is_string($ü)&& $ü==$this->in['value'])||(is_array($ü)&& in_array($this->in['value'],$ü))){$äïô=!0;}else{$£ãˆ›ã=$this->in['check'].' not accessed, It\'s must be "'.$this->in['value'].'"';}}}if($äïô){@session_name('KOD_SESSION_SSO');@session_id($_COOKIE['KOD_SESSION_SSO']);@session_start();$_SESSION[$this->in['app']]='success';@session_write_close();header('location:'.$this->in['link']);exit;}$this->login($£ãˆ›ã);}public function public_link(){$Ší=$this->config['setting_system']['system_password'];$Ÿù=$this->in['fid'];<EFBFBD>ÁÔ¢–ý¥¸ðÄŽë¹™Ë¯•žß¸;$òâöá”=Mcrypt::decode($Ÿù,$Ší);if(strlen($òâöá”)==0){show_json($this->L['error'],!1);}$<24>=isset($_GET['download']);file_put_out($òâöá”,$<24>);}public function common_js(){$¬Ï¹Î=ob_get_clean();<EFBFBD>Ÿ©¹•óÆà¤Ûþ„•ë÷÷ãÙ<EFBFBD>…Ûœ“ÀÈâú˜É³ŽèÜÇ–ò¼ÝÔà¹ÓäÏÀÝ;$¥¸Õ=BASIC_PATH;$ò=USER_PATH;$¼¢ÐÔ=GROUP_PATH;<EFBFBD>Õâ«ìÕçÊªÉ…þ;if(!$GLOBALS['is_root']){$¥¸Õ='/';$ò='/';$¼¢ÐÔ='/';}$ÔÀ=array('lang' =>LANGUAGE_TYPE,'is_root' =>$GLOBALS['is_root'],'user_id' =>$this->user['user_id'],'web_root' =>$GLOBALS['web_root'],'web_host' =>HOST,'app_host' =>APPHOST,'static_path' =>STATIC_PATH,'basic_path' =>$¥¸Õ,'user_path' =>$ò,'group_path' =>$¼¢ÐÔ,'myhome' =>MYHOME,'upload_max' =>file_upload_size(),'version' =>KOD_VERSION,'json_data' =>"",'self_share' =>system_member::user_share_list($this->user['user_id']),'user_config' =>$this->config['user'],'KOD_GROUP_PATH' =>KOD_GROUP_PATH,'KOD_GROUP_SHARE' =>KOD_GROUP_SHARE,'KOD_USER_SHARE' =>KOD_USER_SHARE,'KOD_USER_RECYCLE' =>KOD_USER_RECYCLE,'KOD_USER_FAV' =>KOD_USER_FAV,'KOD_GROUP_ROOT_SELF' =>KOD_GROUP_ROOT_SELF,'KOD_GROUP_ROOT_ALL' =>KOD_GROUP_ROOT_ALL,);if(isset($this->config['setting_system']['version_hash'])){$ÔÀ['version_hash']=$this->config['setting_system']['version_hash'];}if(!isset($GLOBALS['auth'])){$GLOBALS['auth']=array();}$<24>='LNG='.json_encode($GLOBALS['L']).';';$<24>.= 'AUTH='.json_encode($GLOBALS['auth']).';';<EFBFBD>‘ÚæÏ°£ñ‚÷ÞˆÛµêˆ¢ÀðíëºóêèÈ«öæ’¼Ú£˜ÁóÉäåÌÝÅÔ¹ú¿Âž€³<EFBFBD>ìí<EFBFBD>×;$<24>.= 'G='.json_encode($ÔÀ).';';<EFBFBD>Î±–;header("Content-Type: application/javascript");echo $<24>;}public function login($¤Ï®=''){if(!file_exists(USER_SYSTEM.'install.lock')){chmod_path(BASIC_PATH,0777);$this->display('install.html');exit;}$this->assign('msg',$¤Ï®);if(is_wap()){$this->display('login_wap.html');}else{$this->display('login.html');}exit;}public function loginFirst(){if(!file_exists(USER_SYSTEM.'install.lock')){touch(USER_SYSTEM.'install.lock');if(!isset($this->in['password'])){$this->in['password']='admin';}$´•»“Ú='1';$Í=system_member::load_data();<EFBFBD>ôÐÃ‚½±ƒ–‰;$šØ€±=$Í->get($´•»“Ú);<EFBFBD>ŠÝ›ø“°´¦‹Åóá•…ÖæÈ;$šØ€±['password']=md5($this->in['password']);<EFBFBD>Ü»…«ÕÞ«ˆÄ¹ôÎ˜<EFBFBD>È«ÁýÒÍÃÇ°ÙÌ‡Á–àæ’¾¢—é;$Í->set($´•»“Ú,$šØ€±);<EFBFBD><EFBFBD>»ÐõŠè‡Ó•ÉÒç——¯Çð;if($šØ€±['path']=='' && $šØ€±['create_time']==''){$Ï²”±™=new system_member();$Ï²”±™->init_install();}}header('location:./index.php?user/login');exit;<EFBFBD>Úµµñ·ðÃ®ûµÏÂ€£«—ºÛß¬Ù¯ßíà;}public function logout(){session_start();<EFBFBD>¶Òë‰ £ùãÑõ‘ˆÆÔˆ;user_logout();<EFBFBD>¥Ý€;}public function loginSubmit(){if(isset($this->in['login_token'])){$·¯²¥=$this->config['settings']['api_login_tonken'];$¬=explode('|',$this->in['login_token']);if(strlen($·¯²¥)<0x05|| count($¬)!=0x0002|| md5(base64_decode($¬[0]).$·¯²¥)!=$¬[0x001]){$this->login_display("Api param error!",!1);}$this->in['name']=urlencode(base64_decode($¬[0]));$ãâŽ=!0;}else{if(!isset($this->in['name'])|| !isset($this->in['password'])){$this->login_display($this->L['login_not_null'],!1);}if(need_check_code()&& $this->in['name']!='guest' && $_SESSION['check_code']!==strtolower($this->in['check_code'])){$this->login_display($this->L['code_error'],!1);}}session_start();<EFBFBD>ó’—Æˆ©ÏÏþ×º;$ø=rawurldecode($this->in['name']);<EFBFBD>³–©å»»’ö õ…²Æœåº¯ý‚¸§Ñˆ§ªÃ¨£¤†<EFBFBD>Ø<EFBFBD>Æ¾ØƒÑÏ£ÈÕÖ<EFBFBD>ò¼Ê¢»ÌÚâŸâ‹É§³íÌº‹¥×Òä±Ö¶<EFBFBD>ù€×Ð;$Ê=rawurldecode($this->in['password']);$ìÉ§Ç=system_member::load_data();$«¹‘=$ìÉ§Ç->get('name',$ø);<EFBFBD> ;if($ãâŽ&& $«¹‘){}else if($«¹‘===!1|| md5($Ê)!=$«¹‘['password']){$this->login_display($this->L['password_error'],!1);}else if($«¹‘['status']==0){$this->login_display($this->L['login_error_user_not_use'],!1);}else if($«¹‘['role']==''){$this->login_display($this->L['login_error_role'],!1);}if($«¹‘['last_login']==''){$ŒÅ=init_controller('app');$ŒÅ->init_app($«¹‘);}$«¹‘['last_login']=time();$ìÉ§Ç->set($«¹‘['user_id'],$«¹‘);$_SESSION['kod_login']=!0;<EFBFBD>¶â³±â‹ƒòÕ’ÍÂÜõŠŠ;$_SESSION['kod_user']=$«¹‘;$_SESSION['CSRF-TOKEN']=rand_string(0x014);setcookie('CSRF-TOKEN',$_SESSION['CSRF-TOKEN'],time()+0x0e10*0x0000018*0x064);<EFBFBD>±ÏªÙÛð;setcookie('kod_user_id',$«¹‘['user_id'],time()+0x0e10*0x0000018*0x064);<EFBFBD>‹òþ¾¤âÉ¨ÕŸº£;if($this->in['rember_password']=='1'){setcookie('kod_token',$this->make_login_token($«¹‘),time()+0x0e10*0x0000018*0x064);}$this->login_display('ok',!0);}private function login_display($—ší¢,$¤æ§®){if(isset($this->in['is_ajax'])){show_json($—ší¢,$¤æ§®);}else{if($¤æ§®){$ñÔÉË='./';if(isset($this->in['link'])){$ñÔÉË=rawurldecode($this->in['link']);}header('location:'.$ñÔÉË);}else{$this->login($—ší¢);}}exit;<EFBFBD>å–©;}private function make_login_token($ßÑŸ){$Œ=$this->config['setting_system']['system_password'];<EFBFBD>ÝÑÅµö¬Ý¦ÅÕþ·ªÉ„»°ÛÀ—ñéà;return md5($ßÑŸ['password'].$Œ.$ßÑŸ['user_id']);<EFBFBD>Ò;}public function version_install(){}public function changePassword(){$Ã·ì=rawurldecode($this->in['password_now']);$³=rawurldecode($this->in['password_new']);<EFBFBD>¶§¦<EFBFBD>§Þ·ð;if(!$Ã·ì&& !$³)show_json($this->L['password_not_null'],!1);if($this->user['password']==md5($Ã·ì)){$ó¢¿µ=system_member::load_data();$this->user['password']=md5($³);$ó¢¿µ->set($this->user['user_id'],$this->user);show_json('success');}else{show_json($this->L['old_password_error'],!1);}}private function checkCSRF(){return;if(!isset($_SERVER['HTTP_X_CSRF_TOKEN'])|| $_SERVER['HTTP_X_CSRF_TOKEN']!=$_SESSION['CSRF-TOKEN']){show_json('xtoken_error',!1);}}public function authCheck(){if(in_array(ST,$this->notCheckApp))return;if(in_array(ACT,$this->notCheck))return;$ œ=system_role::get_info($this->user['role']);if(!array_key_exists(ST,$this->config['role_setting']))return;if(!in_array(ACT,$this->config['role_setting'][ST]))return;$this->checkCSRF();<EFBFBD>¥ß<EFBFBD>’‚™ÅÙš¦<EFBFBD>ÂÍ<EFBFBD>é¬ÕÛ<EFBFBD>Êþ;if(isset($GLOBALS['is_root'])&& $GLOBALS['is_root']==0x001)return;$<24>¹‚¡=ST.':'.ACT;<EFBFBD>òß£Óï¶Õ‰ü°¤¤Áæñ;if(!isset($ œ['userShare:set'])){$ œ['userShare:set']=0x001;}if(!isset($ œ['explorer:fileDownload'])){$ œ['explorer:fileDownload']=0x001;}$ œ['user:common_js']=0x001;$ œ['explorer:pathDeleteRecycle']=$ œ['explorer:pathDelete'];<EFBFBD>¶¯‚¬€ƒå‚¤¼Š¢¯éÆ„;$ œ['explorer:pathCopyDrag']=$ œ['explorer:pathCuteDrag'];<EFBFBD>ãú‹‰ Ìð“¬Â²ãïâåœãèƒæ<EFBFBD>Àð°ðÛ÷ôµõÏšñÚ¤’§–¦ÔØØ¸É¼žå ‡é‡•«øÆœÔ¾’‹µá¦§¼Êºäàà;$ œ['explorer:officeSave']=$ œ['editor:fileSave'];$ œ['explorer:imageRotate']=$ œ['editor:fileSave'];$ œ['explorer:fileDownloadRemove']=$ œ['explorer:fileDownload'];$ œ['explorer:zipDownload']=$ œ['explorer:fileDownload'];<EFBFBD>‘ê™™Ô ¯€šõ<EFBFBD>î;$ œ['explorer:fileProxy']=!0;$ œ['editor:fileGet']=!0;$ œ['explorer:officeView']=!0;<EFBFBD> “ÎêÎ³Ì°ì‡êß;if(!$ œ['explorer:fileDownload']){$ œ['explorer:zip']=!1;}$ œ['userShare:del']=$ œ['userShare:set'];if($ œ[$<24>¹‚¡]!=0x001)show_json($this->L['no_permission'],!1);$GLOBALS['auth']=$ œ;$ñõüŒ=array('mkfile' =>$this->check_key('path'),'pathRname' =>$this->check_key('rname_to'),'fileUpload'=> isset($_FILES['file']['name'])?$_FILES['file']['name']:'','fileSave' =>$this->check_key('path'));<EFBFBD>Ì¸²é§èš¡Ô«Âçù®·;if(array_key_exists(ACT,$ñõüŒ)&& !checkExt($ñõüŒ[ACT])){show_json($this->L['no_permission_ext'],!1);}}private function check_key($úç){if(!isset($this->in[$úç])){return '';}return is_string($this->in[$úç])?rawurldecode($this->in[$úç]):'';}public function checkCode(){session_start();load_class('myCaptcha');$û<>·î=new myCaptcha(mt_rand(0x00003,0x000004));$_SESSION['check_code']=$û<>·î->get_string();}public function qrcode(){if(!function_exists('imagecolorallocate')){header('location:http://qr.liantu.com/api.php?text='.$this->in['url']);exit;}include CLASS_DIR.'phpqrcode.php';QRcode::png(rawurldecode($this->in['url']));<EFBFBD>·ŸŒéŠ³Ó¤Õ¨Ð™‘ËÇÈùÃ°•Æ„’Ö¼‚Üñü¯Å´ÎÑŸØ†óýÜœÎõ®š;}}
						
						
					
				
				
					
						Reference in New Issue
					
					View Git Blame
					Copy Permalink