1<?php
2
3/*
4	[UCenter] (C)2001-2099 Comsenz Inc.
5	This is NOT a freeware, use is subject to license terms
6
7	$Id: user.php 1174 2014-11-03 04:38:12Z hypowang $
8*/
9
10!defined('IN_UC') && exit('Access Denied');
11
12define('UC_USER_CHECK_USERNAME_FAILED', -1);
13define('UC_USER_USERNAME_BADWORD', -2);
14define('UC_USER_USERNAME_EXISTS', -3);
15define('UC_USER_EMAIL_FORMAT_ILLEGAL', -4);
16define('UC_USER_EMAIL_ACCESS_ILLEGAL', -5);
17define('UC_USER_EMAIL_EXISTS', -6);
18
19class usercontrol extends base {
20
21
22	function __construct() {
23		$this->usercontrol();
24	}
25
26	function usercontrol() {
27		parent::__construct();
28		$this->load('user');
29		$this->app = $this->cache['apps'][UC_APPID];
30	}
31
32	function onsynlogin() {
33		$this->init_input();
34		$uid = $this->input('uid');
35		if($this->app['synlogin']) {
36			if($this->user = $_ENV['user']->get_user_by_uid($uid)) {
37				$synstr = '';
38				foreach($this->cache['apps'] as $appid => $app) {
39					if($app['synlogin'] && $app['appid'] != $this->app['appid']) {
40						$synstr .= '<script type="text/javascript" src="'.$app['url'].'/api/uc.php?time='.$this->time.'&code='.urlencode($this->authcode('action=synlogin&username='.$this->user['username'].'&uid='.$this->user['uid'].'&password='.$this->user['password']."&time=".$this->time, 'ENCODE', $app['authkey'])).'"></script>';
41					}
42				}
43				return $synstr;
44			}
45		}
46		return '';
47	}
48
49	function onsynlogout() {
50		$this->init_input();
51		if($this->app['synlogin']) {
52			$synstr = '';
53			foreach($this->cache['apps'] as $appid => $app) {
54				if($app['synlogin'] && $app['appid'] != $this->app['appid']) {
55					$synstr .= '<script type="text/javascript" src="'.$app['url'].'/api/uc.php?time='.$this->time.'&code='.urlencode($this->authcode('action=synlogout&time='.$this->time, 'ENCODE', $app['authkey'])).'"></script>';
56				}
57			}
58			return $synstr;
59		}
60		return '';
61	}
62
63	function onregister() {
64		$this->init_input();
65		$username = $this->input('username');
66		$password =  $this->input('password');
67		$email = $this->input('email');
68		$questionid = $this->input('questionid');
69		$answer = $this->input('answer');
70		$regip = $this->input('regip');
71
72		if(($status = $this->_check_username($username)) < 0) {
73			return $status;
74		}
75		if(($status = $this->_check_email($email)) < 0) {
76			return $status;
77		}
78		$uid = $_ENV['user']->add_user($username, $password, $email, 0, $questionid, $answer, $regip);
79		return $uid;
80	}
81
82	function onedit() {
83		$this->init_input();
84		$username = $this->input('username');
85		$oldpw = $this->input('oldpw');
86		$newpw = $this->input('newpw');
87		$email = $this->input('email');
88		$ignoreoldpw = $this->input('ignoreoldpw');
89		$questionid = $this->input('questionid');
90		$answer = $this->input('answer');
91
92		if(!$ignoreoldpw && $email && ($status = $this->_check_email($email, $username)) < 0) {
93			return $status;
94		}
95		$status = $_ENV['user']->edit_user($username, $oldpw, $newpw, $email, $ignoreoldpw, $questionid, $answer);
96
97		if($newpw && $status > 0) {
98			$this->load('note');
99			$_ENV['note']->add('updatepw', 'username='.urlencode($username).'&password=');
100			$_ENV['note']->send();
101		}
102		return $status;
103	}
104
105	function onlogin() {
106		$this->init_input();
107		$isuid = $this->input('isuid');
108		$username = $this->input('username');
109		$password = $this->input('password');
110		$checkques = $this->input('checkques');
111		$questionid = $this->input('questionid');
112		$answer = $this->input('answer');
113		$ip = $this->input('ip');
114
115		$this->settings['login_failedtime'] = is_null($this->settings['login_failedtime']) ? 5 : $this->settings['login_failedtime'];
116
117		if($ip && $this->settings['login_failedtime'] && !$loginperm = $_ENV['user']->can_do_login($username, $ip)) {
118			$status = -4;
119			return array($status, '', $password, '', 0);
120		}
121
122		if($isuid == 1) {
123			$user = $_ENV['user']->get_user_by_uid($username);
124		} elseif($isuid == 2) {
125			$user = $_ENV['user']->get_user_by_email($username);
126		} else {
127			$user = $_ENV['user']->get_user_by_username($username);
128		}
129
130		$passwordmd5 = preg_match('/^\w{32}$/', $password) ? $password : md5($password);
131		if(empty($user)) {
132			$status = -1;
133		} elseif($user['password'] != md5($passwordmd5.$user['salt'])) {
134			$status = -2;
135		} elseif($checkques && $user['secques'] != $_ENV['user']->quescrypt($questionid, $answer)) {
136			$status = -3;
137		} else {
138			$status = $user['uid'];
139		}
140		if($ip && $this->settings['login_failedtime'] && $status <= 0) {
141			$_ENV['user']->loginfailed($username, $ip);
142		}
143		$merge = $status != -1 && !$isuid && $_ENV['user']->check_mergeuser($username) ? 1 : 0;
144		return array($status, $user['username'], $password, $user['email'], $merge);
145	}
146
147	function onlogincheck() {
148		$this->init_input();
149		$username = $this->input('username');
150		$ip = $this->input('ip');
151		return $_ENV['user']->can_do_login($username, $ip);
152	}
153
154	function oncheck_email() {
155		$this->init_input();
156		$email = $this->input('email');
157		return $this->_check_email($email);
158	}
159
160	function oncheck_username() {
161		$this->init_input();
162		$username = $this->input('username');
163		if(($status = $this->_check_username($username)) < 0) {
164			return $status;
165		} else {
166			return 1;
167		}
168	}
169
170	function onget_user() {
171		$this->init_input();
172		$username = $this->input('username');
173		if(!$this->input('isuid')) {
174			$status = $_ENV['user']->get_user_by_username($username);
175		} else {
176			$status = $_ENV['user']->get_user_by_uid($username);
177		}
178		if($status) {
179			return array($status['uid'],$status['username'],$status['email']);
180		} else {
181			return 0;
182		}
183	}
184
185
186	function ongetprotected() {
187		$this->init_input();
188		$protectedmembers = $this->db->fetch_all("SELECT uid,username FROM ".UC_DBTABLEPRE."protectedmembers GROUP BY username");
189		return $protectedmembers;
190	}
191
192	function ondelete() {
193		$this->init_input();
194		$uid = $this->input('uid');
195		return $_ENV['user']->delete_user($uid);
196	}
197
198	function onaddprotected() {
199		$this->init_input();
200		$username = $this->input('username');
201		$admin = $this->input('admin');
202		$appid = $this->app['appid'];
203		$usernames = (array)$username;
204		foreach($usernames as $username) {
205			$user = $_ENV['user']->get_user_by_username($username);
206			$uid = $user['uid'];
207			$this->db->query("REPLACE INTO ".UC_DBTABLEPRE."protectedmembers SET uid='$uid', username='$username', appid='$appid', dateline='{$this->time}', admin='$admin'", 'SILENT');
208		}
209		return $this->db->errno() ? -1 : 1;
210	}
211
212	function ondeleteprotected() {
213		$this->init_input();
214		$username = $this->input('username');
215		$appid = $this->app['appid'];
216		$usernames = (array)$username;
217		foreach($usernames as $username) {
218			$this->db->query("DELETE FROM ".UC_DBTABLEPRE."protectedmembers WHERE username='$username' AND appid='$appid'");
219		}
220		return $this->db->errno() ? -1 : 1;
221	}
222
223	function onmerge() {
224		$this->init_input();
225		$oldusername = $this->input('oldusername');
226		$newusername = $this->input('newusername');
227		$uid = $this->input('uid');
228		$password = $this->input('password');
229		$email = $this->input('email');
230		if(($status = $this->_check_username($newusername)) < 0) {
231			return $status;
232		}
233		$uid = $_ENV['user']->add_user($newusername, $password, $email, $uid);
234		$this->db->query("DELETE FROM ".UC_DBTABLEPRE."mergemembers WHERE appid='".$this->app['appid']."' AND username='$oldusername'");
235		return $uid;
236	}
237
238	function onmerge_remove() {
239		$this->init_input();
240		$username = $this->input('username');
241		$this->db->query("DELETE FROM ".UC_DBTABLEPRE."mergemembers WHERE appid='".$this->app['appid']."' AND username='$username'");
242		return NULL;
243	}
244
245	function _check_username($username) {
246		$username = addslashes(trim(stripslashes($username)));
247		if(!$_ENV['user']->check_username($username)) {
248			return UC_USER_CHECK_USERNAME_FAILED;
249		} elseif(!$_ENV['user']->check_usernamecensor($username)) {
250			return UC_USER_USERNAME_BADWORD;
251		} elseif($_ENV['user']->check_usernameexists($username)) {
252			return UC_USER_USERNAME_EXISTS;
253		}
254		return 1;
255	}
256
257	function _check_email($email, $username = '') {
258		if(empty($this->settings)) {
259			$this->settings = $this->cache('settings');
260		}
261		if(!$_ENV['user']->check_emailformat($email)) {
262			return UC_USER_EMAIL_FORMAT_ILLEGAL;
263		} elseif(!$_ENV['user']->check_emailaccess($email)) {
264			return UC_USER_EMAIL_ACCESS_ILLEGAL;
265		} elseif(!$this->settings['doublee'] && $_ENV['user']->check_emailexists($email, $username)) {
266			return UC_USER_EMAIL_EXISTS;
267		} else {
268			return 1;
269		}
270	}
271
272	function onuploadavatar() {
273	}
274
275	function onrectavatar() {
276	}
277	function flashdata_decode($s) {
278	}
279}
280
281?>