Home Explore Help
Sign In
S.H.I.E.L.D.
/
sso_smartcost-php
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
sso_smartcos...
/
protected
/
controller
/
ApiController_old.php

ApiController_old.php 41 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * MainController
    5. 

  5.  * Feel free to delete the methods and replace them with your own code.
    6. 

  6.  *
    7. 

  7.  * @author darkredz
    8. 

  8.  */
    9. 

  9. class ApiController extends DooController {
    10. 

  10. 

  11.     private $username, $config, $data;
    12. 

  12. 

  13.     public function __construct() {
    14. 

  14. //	parent::__construct();
    15. 

  15. //	$this->config = pc_base::load_config('system');
    16. 

  16. //	/* 判断应用字符集和phpsso字符集是否相同,如果不相同,转换用户名为phpsso所用字符集 */
    17. 

  17. //	$this->username = isset($this->data['username']) ? $this->data['username'] : '';
    18. 

  18. //
    19. 

  19. //	if ($this->username && CHARSET != $this->applist[$this->appid]['charset']) {
    20. 

  20. //	    if ($this->applist[$this->appid]['charset'] == 'utf-8') { //判断应用字符集是否为utf-8编码
    21. 

  21. //		//应用字符集如果是utf-8,并且用户名是utf-8编码,转换用户名为phpsso字符集,如果为英文,is_utf8返回false,不进行转换
    22. 

  22. //		if (is_utf8($this->username)) {
    23. 

  23. //		    $this->username = iconv($this->applist[$this->appid]['charset'], CHARSET, $this->username);
    24. 

  24. //		}
    25. 

  25. //	    } else {
    26. 

  26. //		if (!is_utf8($this->username)) {
    27. 

  27. //		    $this->username = iconv($this->applist[$this->appid]['charset'], CHARSET, $this->username);
    28. 

  28. //		}
    29. 

  29. //	    }
    30. 

  30. //	}
    31. 

  31. //	$authstr = $this->authcode($_POST['data']);
    32. 

  32. ////	$authstr = $this->authcode($this->params['authstr']);
    33. 

  33. //	$ddddd = explode('&', urldecode($authstr));
    34. 

  34. //	foreach ($ddddd as $k => $v) {
    35. 

  35. //	    list($key, $val) = explode('=', $v);
    36. 

  36. //	    $this->$key = $val;
    37. 

  37. //	}
    38. 

  38.     }
    39. 

  39. 

  40.     /**
    41. 

  41.      * 用户注册
    42. 

  42.      * @param string $username 	用户名
    43. 

  43.      * @param string $password 	密码
    44. 

  44.      * @param string $email		email
    45. 

  45.      * @return int {-1:用户名已经存在 ;-2:email已存在;-4:用户名禁止注册;-5:邮箱禁止注册;-6:uc注册失败;int(uid):成功}
    46. 

  46.      */
    47. 

  47.     public function register() {
    48. 

  48.         $this->random = isset($this->data['random']) && !empty($this->data['random']) ? $this->data['random'] : create_randomstr(6);
    49. 

  49.         $this->password = isset($this->data['password']) ? create_password($this->data['password'], $this->random) : '';
    50. 

  50.         $this->email = isset($this->data['email']) ? $this->data['email'] : '';
    51. 

  51.         $this->type = isset($this->appid) ? 'app' : 'connect';
    52. 

  52.         $this->regip = isset($this->data['regip']) ? $this->data['regip'] : '';
    53. 

  53.         $this->appid = isset($this->appid) ? $this->appid : '';
    54. 

  54.         $this->appname = $this->applist[$this->appid]['name'];
    55. 

  55. 

  56.         $checkname = $this->checkname(1);
    57. 

  57.         if ($checkname == -1) {
    58. 

  58.             exit('-1');
    59. 

  59.         } elseif ($checkname == -4) {
    60. 

  60.             exit('-4');
    61. 

  61.         }
    62. 

  62. 

  63.         $checkemail = $this->checkemail(1);
    64. 

  64.         if ($checkemail == -1) {
    65. 

  65.             exit('-2');
    66. 

  66.         } elseif ($checkemail == -5) {
    67. 

  67.             exit('-5');
    68. 

  68.         }
    69. 

  69. 

  70.         //UCenter会员注册
    71. 

  71.         $ucuserid = 0;
    72. 

  72.         if ($this->config['ucuse']) {
    73. 

  73.             pc_base::load_config('uc_config');
    74. 

  74.             require_once PHPCMS_PATH . 'api/uc_client/client.php';
    75. 

  75.             $uid = uc_user_register($this->username, $this->data['password'], $this->email, $this->random);
    76. 

  76.             if (is_numeric($uid)) {
    77. 

  77.                 switch ($uid) {
    78. 

  78.                     case '-3':
    79. 

  79.                         exit('-1');
    80. 

  80.                         break;
    81. 

  81.                     case '-6':
    82. 

  82.                         exit('-2');
    83. 

  83.                         break;
    84. 

  84.                     case '-2':
    85. 

  85.                         exit('-4');
    86. 

  86.                         break;
    87. 

  87.                     case '-5':
    88. 

  88.                         exit('-5');
    89. 

  89.                         break;
    90. 

  90.                     case '-1':
    91. 

  91.                         exit('-4');
    92. 

  92.                         break;
    93. 

  93.                     case '-4':
    94. 

  94.                         exit('-5');
    95. 

  95.                         break;
    96. 

  96.                     default :
    97. 

  97.                         $ucuserid = $uid;
    98. 

  98.                         break;
    99. 

  99.                 }
    100. 

  100.             } else {
    101. 

  101.                 exit('-6');
    102. 

  102.             }
    103. 

  103.         }
    104. 

  104. 

  105.         $data = array(
    106. 

  106.             'username' => $this->username,
    107. 

  107.             'password' => $this->password,
    108. 

  108.             'email' => $this->email,
    109. 

  109.             'regip' => $this->regip,
    110. 

  110.             'regdate' => SYS_TIME,
    111. 

  111.             'lastdate' => SYS_TIME,
    112. 

  112.             'appname' => $this->appname,
    113. 

  113.             'type' => $this->type,
    114. 

  114.             'random' => $this->random,
    115. 

  115.             'ucuserid' => $ucuserid
    116. 

  116.         );
    117. 

  117.         $uid = $this->db->insert($data, 1);
    118. 

  118.         /* 插入消息队列 */
    119. 

  119.         $noticedata = $data;
    120. 

  120.         $noticedata['uid'] = $uid;
    121. 

  121.         messagequeue::add('member_add', $noticedata);
    122. 

  122.         exit("$uid"); //exit($uid) 不可以If status is an integer, that value will also be used as the exit status.
    123. 

  123.     }
    124. 

  124. 

  125.     /**
    126. 

  126.      * 编辑用户,可以不传入旧密码和新密码
    127. 

  127.      * 如果传入新密码,则修改密码为新密码
    128. 

  128.      * @param string $username		用户名
    129. 

  129.      * @param string $password		旧密码
    130. 

  130.      * @param string $newpassword	新密码
    131. 

  131.      * @param string $email			email
    132. 

  132.      * @param string $random		密码随机数
    133. 

  133.      * @return int {-1:用户不存在;-2:旧密码错误;-3:email已经存在 ;1:成功;0:未作修改}
    134. 

  134.      */
    135. 

  135.     public function edit() {
    136. 

  136.         header("Content-type: text/html; charset=utf-8");
    137. 

  137.         $authstr = $this->authcode($_POST['data']);
    138. 

  138. //	var_dump($authstr);
    139. 

  139.         $ddddd = explode('&', urldecode($authstr));
    140. 

  140. //	var_dump($ddddd);
    141. 

  141.         foreach ($ddddd as $k => $v) {
    142. 

  142.             list($key, $val) = explode('=', $v);
    143. 

  143.             $TmpArray[$key] = $val;
    144. 

  144.         }
    145. 

  145. //	debug_zval_dump($TmpArray);
    146. 

  146. //	比对 旧密码 回答问题
    147. 

  147. //	getuserinfo
    148. 

  148. //	$this->email = isset($this->data['email']) ? $this->data['email'] : '';
    149. 

  149. //	$this->uid = isset($this->data['uid']) ? $this->data['uid'] : '';
    150. 

  150. //
    151. 

  151.         $userinfo = $this->__getuserinfo($TmpArray['uid']);
    152. 

  152. //	var_dump($userinfo);
    153. 

  153. //	// 不为空
    154. 

  154. //	string(1) "3" refcount(1)
    155. 

  155. //	["password"] =>
    156. 

  156. //	string(6) "dddddd" refcount(1)
    157. 

  157. //	["newpassword"] =>
    158. 

  158. //	string(6) "wwwwww" refcount(1)
    159. 

  159. //	["useranswer"] =>
    160. 

  160. //	if (isset($TmpArray['password']) && !empty($TmpArray['password'])) {
    161. 

  161. //
    162. 

  162. //	}
    163. 

  163. //	if (isset($TmpArray['newpassword']) && !empty($TmpArray['newpassword'])) {
    164. 

  164. //	    $this->data['randomstr'] = $this->create_randomstr();
    165. 

  165. //	    $this->data['newpasswd'] = $this->create_password($TmpArray['newpassword'], $this->data['randomstr']);
    166. 

  166. //	}
    167. 

  167. //
    168. 

  168. //	$this->random = !empty($this->data['random']) ? $this->data['random'] : $userinfo['random'];
    169. 

  169. //	if (isset($this->data['newpassword']) && !empty($this->data['newpassword'])) {
    170. 

  170. //	    $this->newpassword = create_password($this->data['newpassword'], $this->random);
    171. 

  171. //	}
    172. 

  172. //
    173. 

  173.         if (!$userinfo) {
    174. 

  174.             exit('-1');
    175. 

  175.         }
    176. 

  176.         $passworld = $this->create_password($TmpArray['password'], $userinfo[0]['salt']);
    177. 

  177.         if (isset($this->password) && !empty($this->password) && ($passworld != $userinfo[0]['userpasswd'])) {
    178. 

  178.             exit('-2');
    179. 

  179.         }
    180. 

  180. //	echo urldecode($TmpArray['useranswer']) . '|' . $userinfo[0]['useranswer'];
    181. 

  181.         if ($TmpArray['useranswer'] && ($userinfo[0]['useranswer'] != $TmpArray['useranswer'])) {
    182. 

  182.             exit('-3');
    183. 

  183.         }
    184. 

  184.         $this->data['randomstr'] = $this->create_randomstr();
    185. 

  185.         $this->data['newpasswd'] = $this->create_password($TmpArray['newpassword'], $this->data['randomstr']);
    186. 

  186.         Doo::loadModel('users');
    187. 

  187.         $objuser = new Users();
    188. 

  188.         $objuser->userpasswd = $this->data['newpasswd'];
    189. 

  189.         $objuser->salt = $this->data['randomstr'];
    190. 

  190.         $RetValue = $objuser->update(array('where' => 'id=' . $TmpArray['uid'] . ' AND useranswer=\'' . $TmpArray['useranswer'] . '\''));
    191. 

  191.         return $RetValue;
    192. 

  192. //
    193. 

  193. //	$data = array();
    194. 

  194. //	$data['appname'] = $this->applist[$this->appid]['name'];
    195. 

  195. //
    196. 

  196. //	if (!empty($this->email) && $userinfo['email'] != $this->email) {
    197. 

  197. //	    $data['email'] = $this->email;
    198. 

  198. //	}
    199. 

  199. //
    200. 

  200. //	if (isset($this->newpassword) && $userinfo['password'] != $this->newpassword) {
    201. 

  201. //	    $data['password'] = $this->newpassword;
    202. 

  202. //	    $data['random'] = $this->random;
    203. 

  203. //	}
    204. 

  204.     }
    205. 

  205. 

  206.     /**
    207. 

  207.      * 生成随机字符串
    208. 

  208.      * @param string $lenth 长度
    209. 

  209.      * @return string 字符串
    210. 

  210.      */
    211. 

  211.     function create_randomstr($lenth = 6) {
    212. 

  212.         return $this->random($lenth, '123456789abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ');
    213. 

  213.     }
    214. 

  214. 

  215.     /**
    216. 

  216.      *
    217. 

  217.      * @param $password 密码
    218. 

  218.      * @param $random 随机数
    219. 

  219.      */
    220. 

  220.     function create_password($password = '', $random = '') {
    221. 

  221.         if (empty($random)) {
    222. 

  222.             $array['random'] = $this->create_randomstr();
    223. 

  223.             $array['password'] = md5(md5($password) . $array['random']);
    224. 

  224.             return $array;
    225. 

  225.         }
    226. 

  226.         return md5(md5($password) . $random);
    227. 

  227.     }
    228. 

  228. 

  229.     /**
    230. 

  230.      * 随机字符串函数
    231. 

  231.      * @param $password 密码
    232. 

  232.      * @param $random 随机数
    233. 

  233.      */
    234. 

  234.     function random($length, $chars = '0123456789') {
    235. 

  235.         $hash = '';
    236. 

  236.         $max = strlen($chars) - 1;
    237. 

  237.         for ($i = 0; $i < $length; $i++) {
    238. 

  238.             $hash .= $chars[mt_rand(0, $max)];
    239. 

  239.         }
    240. 

  240.         return $hash;
    241. 

  241.     }
    242. 

  242. 

  243.     /**
    244. 

  244.      * 删除用户
    245. 

  245.      * @param string {$uid:用户id;$username:用户名;$email:email}
    246. 

  246.      * @return array {-1:删除失败;>0:删除成功}
    247. 

  247.      */
    248. 

  248.     public function delete() {
    249. 

  249.         $this->uid = isset($this->data['uid']) ? $this->data['uid'] : '';
    250. 

  250.         $this->email = isset($this->data['email']) ? $this->data['email'] : '';
    251. 

  251. 

  252.         if ($this->uid > 0 || is_array($this->uid)) {
    253. 

  253.             $where = to_sqls($this->uid, '', 'uid');
    254. 

  254. 

  255.             //ucenter部份
    256. 

  256.             if ($this->config['ucuse']) {
    257. 

  257.                 pc_base::load_config('uc_config');
    258. 

  258.                 require_once PHPCMS_PATH . 'api/uc_client/client.php';
    259. 

  259.                 $s = $this->db->select($where, 'ucuserid');
    260. 

  260.                 if ($s) {
    261. 

  261.                     $uc_data = array();
    262. 

  262.                     foreach ($s as $k => $v) {
    263. 

  263.                         $uc_data[$k] = $v['ucuserid'];
    264. 

  264.                     }
    265. 

  265.                     if (!empty($uc_data))
    266. 

  266.                         $r = uc_user_delete($uc_data);
    267. 

  267.                     if (!$r) {
    268. 

  268.                         exit('-1');
    269. 

  269.                     }
    270. 

  270.                 } else {
    271. 

  271.                     exit('-1');
    272. 

  272.                 }
    273. 

  273.             }
    274. 

  274. 

  275.             /* 插入消息队列 */
    276. 

  276.             $noticedata['uids'] = $this->uid;
    277. 

  277.             messagequeue::add('member_delete', $noticedata);
    278. 

  278. 

  279.             $this->db->delete($where);
    280. 

  280.             exit('1');
    281. 

  281.         } elseif (!empty($this->username)) {
    282. 

  282.             $this->db->delete(array('username' => $this->username));
    283. 

  283.             exit('2');
    284. 

  284.         } elseif (!empty($this->email)) {
    285. 

  285.             $this->db->delete(array('email' => $this->email));
    286. 

  286.             exit('3');
    287. 

  287.         } else {
    288. 

  288.             exit('-1');
    289. 

  289.         }
    290. 

  290.     }
    291. 

  291. 

  292.     /**
    293. 

  293.      * 获取用户信息
    294. 

  294.      * @param string {$uid:用户id;$username:用户名;$email:email}
    295. 

  295.      * @return array {-1:用户不存在;array(userinfo):用户信息}
    296. 

  296.      */
    297. 

  297.     private function __getuserinfo($uid) {
    298. 

  298.         if ($uid > 0) {
    299. 

  299.             $r = Doo::db()->find('users', array(
    300. 

  300.                 'where' => 'id=?',
    301. 

  301.                 'param' => array($uid),
    302. 

  302.                 'asArray' => TRUE
    303. 

  303.                     )
    304. 

  304.             );
    305. 

  305.         } elseif (!empty($this->username)) {
    306. 

  306.             $r = $this->db->get_one(array('username' => $this->username));
    307. 

  307.         } elseif (!empty($this->email)) {
    308. 

  308.             $r = $this->db->get_one(array('email' => $this->email));
    309. 

  309.         } else {
    310. 

  310.             return false;
    311. 

  311.         }
    312. 

  312.         return $r;
    313. 

  313.     }
    314. 

  314. 

  315.     function getuserlist(){
    316. 

  316.     	
    317. 

  317.     	$authstr = $this->authcode($_POST['data']);
    318. 

  318.     	
    319. 

  319.     	$ddddd = explode('&', urldecode($authstr));
    320. 

  320.         foreach ($ddddd as $k => $v) {
    321. 

  321.             list($key, $val) = explode('=', $v);
    322. 

  322.             $this->$key = $val;
    323. 

  323.         }
    324. 

  324. 

  325.     	$r = Doo::db()->find('users', array(
    326. 

  326.     			'select'=>'id,username',
    327. 

  327.                 'where' => 'id in ( '.$this->uid.' )',
    328. 

  328.                 'param' => array($this->uid),
    329. 

  329.                 'asArray' => TRUE
    330. 

  330.                     )
    331. 

  331.          );
    332. 

  332.          exit(json_encode($r));
    333. 

  333.     }
    334. 

  334.     
    335. 

  335.     /**
    336. 

  336.      * 获取用户信息
    337. 

  337.      * @param string {$uid:用户id;$username:用户名;$email:email}
    338. 

  338.      * @return array {-1:用户不存在;array(userinfo):用户信息}
    339. 

  339.      */
    340. 

  340.     public function getuserinfo() {
    341. 

  341.         // TODO:远程字符串解析提取出来做成函数
    342. 

  342.         $authstr = $this->authcode($_POST['data']);
    343. 

  343.         $ddddd = explode('&', urldecode($authstr));
    344. 

  344.         foreach ($ddddd as $k => $v) {
    345. 

  345.             list($key, $val) = explode('=', $v);
    346. 

  346.             $TmpArray[$key] = $val;
    347. 

  347.             $this->$key = $val;
    348. 

  348.         }
    349. 

  349.         $uid = $TmpArray['uid'];
    350. 

  350. //	var_dump($uid);
    351. 

  351.         if ($uid > 0) {
    352. 

  352.             $r = Doo::db()->find('users', array(
    353. 

  353.                 'where' => 'id=?',
    354. 

  354.                 'param' => array($uid),
    355. 

  355.                 'asArray' => TRUE
    356. 

  356.                     )
    357. 

  357.             );
    358. 

  358.         } elseif (!empty($this->username)) {
    359. 

  359.             $r = Doo::db()->find('users', array(
    360. 

  360.                 'where' => 'username=?',
    361. 

  361.                 'param' => array($this->username),
    362. 

  362.                 'asArray' => TRUE
    363. 

  363.                     )
    364. 

  364.             );
    365. 

  365.         } elseif (!empty($this->email)) {
    366. 

  366.             $r = $this->db->get_one(array('email' => $this->email));
    367. 

  367.         } else {
    368. 

  368.             return false;
    369. 

  369.         }
    370. 

  370.         if ($this->username) {
    371. 

  371.             exit(json_encode($r));
    372. 

  372.         } else {
    373. 

  373.             exit(json_encode($r));
    374. 

  374.         }
    375. 

  375.     }
    376. 

  376. 

  377.     function isMail($mail) {
    378. 

  378.         // if (preg_match("/^([a-zA-Z0-9_-])+@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9\-\.])+/", $mail))
    379. 

  379. 		if (filter_var($mail, FILTER_VALIDATE_EMAIL)){
    380. 

  380.             return true;
    381. 

  381.         }else{
    382. 

  382.             return false;
    383. 

  383. 		}
    384. 

  384.     }
    385. 

  385. 

  386.     public function checkauth(){
    387. 

  387.     	$authstr = $this->authcode($_POST['data']);
    388. 

  388.     	$ddddd = explode('&', urldecode($authstr));
    389. 

  389.         foreach ($ddddd as $k => $v) {
    390. 

  390.             list($key, $val) = explode('=', $v);
    391. 

  391.             $this->$key = $val;
    392. 

  392.         }
    393. 

  393.         $k=explode('_', $this->auth);
    394. 

  394.         $userinfo = Doo::db()->find('users', array(
    395. 

  395.                'select' => 'id,keys_auth',
    396. 

  396.                'where' => 'id=?',
    397. 

  397.                'param' => array($k[0]),
    398. 

  398.                    ));
    399. 

  399.         if(empty($userinfo[0]->keys_auth)){
    400. 

  400.         	echo '2';die;           
    401. 

  401.         }
    402. 

  402.         
    403. 

  403. 		$dd = explode('_', $userinfo[0]->keys_auth);
    404. 

  404. 		
    405. 

  405. 		Doo::loadModel('users');
    406. 

  406. 	    $users = new Users();
    407. 

  407. 		
    408. 

  408. 		if(!isset($dd[1])){
    409. 

  409. 			
    410. 

  410. 	        $users->keys_auth=$k[1]."_1";
    411. 

  411. 	        $users->update(array('where' => 'id=?', 'param' => array($k[0])));
    412. 

  412. 			
    413. 

  413. 		}else{
    414. 

  414. 			//过程认证完成           
    415. 

  415. 			if(isset($k[2])){
    416. 

  416. 	            $users->keys_auth="";
    417. 

  417. 	            $users->update(array('where' => 'id=?', 'param' => array($k[0])));
    418. 

  418. 			}
    419. 

  419. 		}           
    420. 

  420.         if($dd[0]==$k[1]){
    421. 

  421.         	echo '1';die;
    422. 

  422.         }else{
    423. 

  423.         	echo '2';die;
    424. 

  424.         }
    425. 

  425.     }
    426. 

  426.     
    427. 

  427.     /**
    428. 

  428.      * 用户登录
    429. 

  429.      * @param string $username	用户名
    430. 

  430.      * @param string $password	密码
    431. 

  431.      * @return array {-2;密码错误;-1:用户不存在;array(userinfo):用户信息}
    432. 

  432.      */
    433. 

  433.     public function login() {
    434. 

  434.         $authstr = $this->authcode($_POST['data']);
    435. 

  435.         $ddddd = explode('&', urldecode($authstr));
    436. 

  436.         foreach ($ddddd as $k => $v) {
    437. 

  437.             list($key, $val) = explode('=', $v);
    438. 

  438.             $this->$key = $val;
    439. 

  439.         }
    440. 

  440.         if ($this->isMail($this->email)) {
    441. 

  441.             $userinfo = Doo::db()->find('users', array(
    442. 

  442.                 'select' => 'id,username,userpasswd,useremail,salt,actstate,bank,keys_auth',
    443. 

  443.                 'where' => 'useremail=?',
    444. 

  444.                 'param' => array($this->email),
    445. 

  445.                     ));
    446. 

  446.         }
    447. 

  447.         if ($this->username) {
    448. 

  448.             $userinfo = Doo::db()->find('users', array(
    449. 

  449.                 'select' => 'id,username,userpasswd,useremail,salt,actstate,bank,keys_auth',
    450. 

  450.                 'where' => 'username=?',
    451. 

  451.                 'param' => array($this->username),
    452. 

  452.                     ));
    453. 

  453.         }
    454. 

  454.         if (empty($userinfo))
    455. 

  455.             exit('-22');
    456. 

  456.         if (!empty($userinfo) && $userinfo[0]->userpasswd == $this->create_password($this->userpasswd, $userinfo[0]->salt)) {
    457. 

  457.             //登录成功更新用户最近登录时间和ip
    458. 

  458.             Doo::loadModel('users');
    459. 

  459.             $users = new Users();
    460. 

  460.             $key=$this->random_k(8);
    461. 

  461.             $users->keys_auth=$key;
    462. 

  462.             $users->lastloginip = ip2long($this->clientIP());
    463. 

  463.             $users->lastlogintime = time();
    464. 

  464.             $users->update(array('where' => 'id=?', 'param' => array($userinfo[0]->id)));
    465. 

  465.             $userinfo[0]->keys_auth=$key;
    466. 

  466. //	    $this->LoginSetCookie($userinfo);
    467. 

  467. //            $res = '<script type="text/javascript" src="http://192.168.1.140:8012/zhsso/api/synlogin/' . $userinfo[0]->username . '"></script>';\
    468. 

  468.             Doo::loadModel('userswitch');
    469. 

  469.             $userswitch = new UserSwitch();
    470. 

  470.             $usArray = $userswitch->getOne(array('select' => 'actime', 'where' => 'uid=?', 'param' => array($userinfo[0]->id), 'asArray' => TRUE));
    471. 

  471.             if (!$usArray['actime'])
    472. 

  472.                 exit('-3');
    473. 

  473.             echo json_encode($userinfo);
    474. 

  474.             die();
    475. 

  475.         } else {
    476. 

  476.             exit('-2');
    477. 

  477.         }
    478. 

  478.     }
    479. 

  479. 

  480.     public function scLogin(){
    481. 

  481.     	$authstr = $this->authcode($_POST['data']);
    482. 

  482.         $ddddd = explode('&', urldecode($authstr));
    483. 

  483.         foreach ($ddddd as $k => $v) {
    484. 

  484.             list($key, $val) = explode('=', $v);
    485. 

  485.             $this->$key = $val;
    486. 

  486.         }
    487. 

  487.         if ($this->isMail($this->email)) {
    488. 

  488.             $userinfo = Doo::db()->find('users', array(
    489. 

  489.                 'select' => 'id,username,userpasswd,useremail,salt,actstate,keys_auth',
    490. 

  490.                 'where' => 'useremail=?',
    491. 

  491.                 'param' => array($this->email),
    492. 

  492.                     ));
    493. 

  493.         }
    494. 

  494.         if ($this->username) {
    495. 

  495.             $userinfo = Doo::db()->find('users', array(
    496. 

  496.                 'select' => 'id,username,userpasswd,useremail,salt,actstate,keys_auth',
    497. 

  497.                 'where' => 'username=?',
    498. 

  498.                 'param' => array($this->username),
    499. 

  499.                     ));
    500. 

  500.         }
    501. 

  501.         if (empty($userinfo))
    502. 

  502.             exit('-22');
    503. 

  503.         if (!empty($userinfo) && $userinfo[0]->userpasswd == $this->create_password($this->userpasswd, $userinfo[0]->salt)) {
    504. 

  504.             //登录成功更新用户最近登录时间和ip
    505. 

  505.             Doo::loadModel('users');
    506. 

  506.             $users = new Users();
    507. 

  507.             $key=$this->random_k(8);
    508. 

  508.             $users->keys_auth=$key;
    509. 

  509.             $users->lastloginip = ip2long($this->clientIP());
    510. 

  510.             $users->lastlogintime = time();
    511. 

  511.             $users->update(array('where' => 'id=?', 'param' => array($userinfo[0]->id)));
    512. 

  512.             $userinfo[0]->keys_auth=$key;
    513. 

  513. //	    $this->LoginSetCookie($userinfo);
    514. 

  514. //            $res = '<script type="text/javascript" src="http://192.168.1.140:8012/zhsso/api/synlogin/' . $userinfo[0]->username . '"></script>';\
    515. 

  515.             Doo::loadModel('userswitch');
    516. 

  516.             Doo::loadModel('scUser');
    517. 

  517.             $scUser=new scUser();
    518. 

  518.             $userswitch = new UserSwitch();
    519. 

  519.             $usArray = $userswitch->getOne(array('select' => 'actime', 'where' => 'uid=?', 'param' => array($userinfo[0]->id), 'asArray' => TRUE));
    520. 

  520.             $scU=$scUser->find(array('where' => 'uid='.$userinfo[0]->id, 'asArray' => TRUE));
    521. 

  521.             $scU[0]['userName']=$userinfo[0]->username;$scU[0]['userpasswd']=$userinfo[0]->userpasswd;$scU[0]['useremail']=$userinfo[0]->useremail;
    522. 

  522.             if (!$usArray['actime'])
    523. 

  523.                 exit('-3');
    524. 

  524.             echo json_encode($scU);
    525. 

  525.             die();
    526. 

  526.         } else {
    527. 

  527.             exit('-2');
    528. 

  528.         }
    529. 

  529.     }
    530. 

  530.     
    531. 

  531.     /**
    532. 

  532.      * 同步登陆
    533. 

  533.      * @param string $uid	用户id
    534. 

  534.      * @return string javascript用户同步登陆js
    535. 

  535.      */
    536. 

  536.     public function synlogin() {
    537. 

  537.         //判断本应用是否开启同步登陆
    538. 

  538.         if ($this->applist[$this->appid]['synlogin']) {
    539. 

  539.             $this->uid = isset($this->data['uid']) ? $this->data['uid'] : '';
    540. 

  540.             $this->password = isset($this->data['password']) ? $this->data['password'] : '';
    541. 

  541. 

  542.             $res = '';
    543. 

  543.             //ucenter登陆部份
    544. 

  544.             if ($this->config['ucuse']) {
    545. 

  545.                 pc_base::load_config('uc_config');
    546. 

  546.                 require_once PHPCMS_PATH . 'api/uc_client/client.php';
    547. 

  547.                 $r = $this->db->get_one(array('uid' => $this->uid), "ucuserid");
    548. 

  548.                 if ($r['ucuserid'])
    549. 

  549.                     $res .= uc_user_synlogin($r['ucuserid']);
    550. 

  550.             }
    551. 

  551. 

  552.             foreach ($this->applist as $v) {
    553. 

  553.                 if (!$v['synlogin'])
    554. 

  554.                     continue;
    555. 

  555.                 if ($v['appid'] != $this->appid) {
    556. 

  556.                     $tmp_s = strstr($v['url'] . $v['apifilename'], '?') ? '&' : '?';
    557. 

  557.                     $res .= '<script type="text/javascript" src="' . $v['url'] . $v['apifilename'] . $tmp_s . 'time=' . SYS_TIME . '&code=' . urlencode(sys_auth('action=synlogin&username=' . $this->username . '&uid=' . $this->uid . '&password=' . $this->password . "&time=" . SYS_TIME, 'ENCODE', $v['authkey'])) . '" reload="1"></script>';
    558. 

  558.                 }
    559. 

  559.             }
    560. 

  560.             exit($res);
    561. 

  561.         } else {
    562. 

  562.             exit('0');
    563. 

  563.         }
    564. 

  564.     }
    565. 

  565. 

  566.     /**
    567. 

  567.      * 同步退出
    568. 

  568.      * @return string javascript用户同步退出js
    569. 

  569.      */
    570. 

  570.     public function synlogout() {
    571. 

  571.         if ($this->applist[$this->appid]['synlogin']) {
    572. 

  572.             $res = '';
    573. 

  573.             //ucenter登陆部份
    574. 

  574.             if ($this->config['ucuse']) {
    575. 

  575.                 pc_base::load_config('uc_config');
    576. 

  576.                 require_once PHPCMS_PATH . 'api/uc_client/client.php';
    577. 

  577.                 $res .= uc_user_synlogout();
    578. 

  578.             }
    579. 

  579.             foreach ($this->applist as $v) {
    580. 

  580.                 if (!$v['synlogin'])
    581. 

  581.                     continue;
    582. 

  582.                 if ($v['appid'] != $this->appid) {
    583. 

  583.                     $tmp_s = strstr($v['url'] . $v['apifilename'], '?') ? '&' : '?';
    584. 

  584.                     $res .= '<script type="text/javascript" src="' . $v['url'] . $v['apifilename'] . $tmp_s . 'time=' . SYS_TIME . '&code=' . urlencode(sys_auth('action=synlogout&time=' . SYS_TIME, 'ENCODE', $v['authkey'])) . '" reload="1"></script>';
    585. 

  585.                 }
    586. 

  586.             }
    587. 

  587.             exit($res);
    588. 

  588.         } else {
    589. 

  589.             exit;
    590. 

  590.         }
    591. 

  591.     }
    592. 

  592. 

  593.     /**
    594. 

  594.      * 获取应用列表
    595. 

  595.      */
    596. 

  596.     public function getapplist() {
    597. 

  597.         $applist = getcache('applist', 'admin');
    598. 

  598.         exit(serialize($applist));
    599. 

  599.     }
    600. 

  600. 

  601.     /**
    602. 

  602.      * 获取积分兑换规则
    603. 

  603.      */
    604. 

  604.     public function getcredit($return = '') {
    605. 

  605.         $creditcache = getcache('creditlist', 'admin');
    606. 

  606.         foreach ($creditcache as $v) {
    607. 

  607.             if ($v['fromid'] == $this->appid) {
    608. 

  608.                 $creditlist[$v['from'] . '_' . $v['to']] = $v;
    609. 

  609.             }
    610. 

  610.         }
    611. 

  611.         if ($return) {
    612. 

  612.             return $creditlist;
    613. 

  613.         } else {
    614. 

  614.             exit(serialize($creditlist));
    615. 

  615.         }
    616. 

  616.     }
    617. 

  617. 

  618.     /**
    619. 

  619.      * 兑换积分
    620. 

  620.      * @param int $uid			phpssouid
    621. 

  621.      * @param int $from			本系统积分类型id
    622. 

  622.      * @param int $toappid 		目标系统应用appid
    623. 

  623.      * @param int $to			目标系统积分类型id
    624. 

  624.      * @param int $credit		本系统扣除积分数
    625. 

  625.      * @return bool 			{1:成功;0:失败}
    626. 

  626.      */
    627. 

  627.     public function changecredit() {
    628. 

  628.         $this->uid = isset($this->data['uid']) ? $this->data['uid'] : exit('0');
    629. 

  629.         $this->toappid = isset($this->data['toappid']) ? $this->data['toappid'] : exit('0');
    630. 

  630.         $this->from = isset($this->data['from']) ? $this->data['from'] : exit('0');
    631. 

  631.         $this->to = isset($this->data['to']) ? $this->data['to'] : exit('0');
    632. 

  632.         $this->credit = isset($this->data['credit']) ? $this->data['credit'] : exit('0');
    633. 

  633.         $this->appname = $this->applist[$this->appid]['name'];
    634. 

  634.         $outcredit = $this->getcredit(1);
    635. 

  635.         //目标系统积分增加数
    636. 

  636.         $this->credit = floor($this->credit * $outcredit[$this->from . '_' . $this->to]['torate'] / $outcredit[$this->from . '_' . $this->to]['fromrate']);
    637. 

  637. 

  638.         /* 插入消息队列 */
    639. 

  639.         $noticedata['appname'] = $this->appname;
    640. 

  640.         $noticedata['uid'] = $this->uid;
    641. 

  641.         $noticedata['toappid'] = $this->toappid;
    642. 

  642.         $noticedata['totypeid'] = $this->to;
    643. 

  643.         $noticedata['credit'] = $this->credit;
    644. 

  644.         messagequeue::add('change_credit', $noticedata);
    645. 

  645.         exit('1');
    646. 

  646.     }
    647. 

  647. 

  648.     /**
    649. 

  649.      * 检查用户名
    650. 

  650.      * @param string $username	用户名
    651. 

  651.      * @return int {-4:用户名禁止注册;-1:用户名已经存在 ;1:成功}
    652. 

  652.      */
    653. 

  653.     public function checkname($is_return = 0) {
    654. 

  654.         if (empty($this->username)) {
    655. 

  655.             if ($is_return) {
    656. 

  656.                 return -1;
    657. 

  657.             } else {
    658. 

  658.                 exit('-1');
    659. 

  659.             }
    660. 

  660.         }
    661. 

  661.         //非法关键词判断
    662. 

  662.         $denyusername = $this->settings['denyusername'];
    663. 

  663.         if (is_array($denyusername)) {
    664. 

  664.             $denyusername = implode("|", $denyusername);
    665. 

  665.             $pattern = '/^(' . str_replace(array('\\*', ' ', "\|"), array('.*', '', '|'), preg_quote($denyusername, '/')) . ')$/i';
    666. 

  666.             if (preg_match($pattern, $this->username)) {
    667. 

  667.                 if ($is_return) {
    668. 

  668.                     return -4;
    669. 

  669.                 } else {
    670. 

  670.                     exit('-4');
    671. 

  671.                 }
    672. 

  672.             }
    673. 

  673.         }
    674. 

  674. 

  675.         //UCenter部分
    676. 

  676.         if ($this->config['ucuse']) {
    677. 

  677.             pc_base::load_config('uc_config');
    678. 

  678.             require_once PHPCMS_PATH . 'api/uc_client/client.php';
    679. 

  679.             $rs = uc_user_checkname($this->username);
    680. 

  680.             if ($rs < 1) {
    681. 

  681.                 exit('-4');
    682. 

  682.             }
    683. 

  683.         }
    684. 

  684. 

  685.         $r = $this->db->get_one(array('username' => $this->username));
    686. 

  686.         if ($is_return) {
    687. 

  687.             return !empty($r) ? -1 : 1;
    688. 

  688.         } else {
    689. 

  689.             echo!empty($r) ? -1 : 1;
    690. 

  690.             exit;
    691. 

  691.         }
    692. 

  692.     }
    693. 

  693. 

  694.     /**
    695. 

  695.      * 检查email
    696. 

  696.      * @param string $email	email
    697. 

  697.      * @return int {-1:email已经存在 ;-5:邮箱禁止注册;1:成功}
    698. 

  698.      */
    699. 

  699.     public function checkemail($is_return = 0) {
    700. 

  700.         $this->email = isset($this->email) ? $this->email : isset($this->data['email']) ? $this->data['email'] : '';
    701. 

  701.         if (empty($this->email)) {
    702. 

  702.             if ($is_return) {
    703. 

  703.                 return -1;
    704. 

  704.             } else {
    705. 

  705.                 exit('-1');
    706. 

  706.             }
    707. 

  707.         }
    708. 

  708.         //非法关键词判断
    709. 

  709.         $denyemail = $this->settings['denyemail'];
    710. 

  710.         if (is_array($denyemail)) {
    711. 

  711.             $denyemail = implode("|", $denyemail);
    712. 

  712.             $pattern = '/^(' . str_replace(array('\\*', ' ', "\|"), array('.*', '', '|'), preg_quote($denyemail, '/')) . ')$/i';
    713. 

  713.             if (preg_match($pattern, $this->email)) {
    714. 

  714.                 if ($is_return) {
    715. 

  715.                     return -5;
    716. 

  716.                 } else {
    717. 

  717.                     exit('-5');
    718. 

  718.                 }
    719. 

  719.             }
    720. 

  720.         }
    721. 

  721. 

  722.         //UCenter部分
    723. 

  723.         if ($this->config['ucuse']) {
    724. 

  724.             pc_base::load_config('uc_config');
    725. 

  725.             require_once PHPCMS_PATH . 'api/uc_client/client.php';
    726. 

  726.             $rs = uc_user_checkemail($this->email);
    727. 

  727.             if ($rs < 1) {
    728. 

  728.                 exit('-5');
    729. 

  729.             }
    730. 

  730.         }
    731. 

  731. 

  732.         $r = $this->db->get_one(array('email' => $this->email));
    733. 

  733.         if ($is_return) {
    734. 

  734.             return !empty($r) ? -1 : 1;
    735. 

  735.         } else {
    736. 

  736.             !empty($r) ? exit('-1') : exit('1');
    737. 

  737.         }
    738. 

  738.     }
    739. 

  739. 

  740.     /**
    741. 

  741.      *  上传头像处理
    742. 

  742.      *  传入头像压缩包,解压到指定文件夹后删除非图片文件
    743. 

  743.      */
    744. 

  744.     public function uploadavatar() {
    745. 

  745.         //根据用户id创建文件夹
    746. 

  746.         $encodestr = $this->authcode(rawurldecode($this->params['authstr']));
    747. 

  747.         if (isset($encodestr)) {
    748. 

  748.             $this->uid = $encodestr;
    749. 

  749.         } else {
    750. 

  750.             exit('0');
    751. 

  751.         }
    752. 

  752.         $dir1 = ceil($this->uid / 10000);
    753. 

  753.         $dir2 = ceil($this->uid % 10000 / 1000);
    754. 

  754.         //创建图片存储文件夹
    755. 

  755.         $avatarfile = 'data/avatar/';
    756. 

  756.         $dir = $avatarfile . $dir1 . '/' . $dir2 . '/' . $this->uid . '/';
    757. 

  757.         if (!file_exists($dir)) {
    758. 

  758.             mkdir($dir, 0777, true);
    759. 

  759.         }
    760. 

  760.         //存储flashpost图片
    761. 

  761.         $this->data['avatardata'] = $GLOBALS['HTTP_RAW_POST_DATA'];
    762. 

  762.         $filename = Doo::conf()->SITE_PATH . $dir . $this->uid . '.zip';
    763. 

  763.         file_put_contents($filename, $this->data['avatardata']);
    764. 

  764. 

  765.         //解压缩文件
    766. 

  766.         Doo::loadClass('pclzip.lib');
    767. 

  767. //	pc_base::load_app_class('pclzip', 'phpsso', 0);
    768. 

  768.         $archive = new PclZip($filename);
    769. 

  769.         if ($archive->extract(PCLZIP_OPT_PATH, $dir) == 0) {
    770. 

  770.             die("Error : " . $archive->errorInfo(true));
    771. 

  771.         }
    772. 

  772.         // 判断文件安全,删除压缩包和非jpg图片
    773. 

  773.         $avatararr = array('180x180.jpg', '30x30.jpg', '45x45.jpg', '90x90.jpg');
    774. 

  774.         if ($handle = opendir($dir)) {
    775. 

  775.             while (false !== ($file = readdir($handle))) {
    776. 

  776.                 if ($file !== '.' && $file !== '..') {
    777. 

  777.                     if (!in_array($file, $avatararr)) {
    778. 

  778.                         @unlink($dir . $file);
    779. 

  779.                     } else {
    780. 

  780.                         $info = @getimagesize($dir . $file);
    781. 

  781.                         if (!$info || $info[2] != 2) {
    782. 

  782.                             @unlink($dir . $file);
    783. 

  783.                         }
    784. 

  784.                     }
    785. 

  785.                 }
    786. 

  786.             }
    787. 

  787.             closedir($handle);
    788. 

  788.         }
    789. 

  789. //	$this->db->update(array('avatar' => 1), array('uid' => $this->uid));
    790. 

  790.         exit('1');
    791. 

  791.     }
    792. 

  792. 

  793.     /**
    794. 

  794.      *  存储支付方式
    795. 

  795.      *
    796. 

  796.      */
    797. 

  797.     public function setPayWay() {
    798. 

  798. 

  799.         $authstr = $this->authcode($_POST['data']);
    800. 

  800. //	var_dump($authstr);
    801. 

  801.         $ddddd = explode('&', urldecode($authstr));
    802. 

  802. //	var_dump($ddddd);
    803. 

  803.         foreach ($ddddd as $k => $v) {
    804. 

  804.             list($key, $val) = explode(' = ', $v);
    805. 

  805.             $TmpArray[$key] = $val;
    806. 

  806.         }
    807. 

  807. //	var_dump($TmpArray);
    808. 

  808.         Doo::loadModel('users_payway');
    809. 

  809.         $upayway = new UsersPayway();
    810. 

  810.         $upayway->uid = $TmpArray['uid'];
    811. 

  811.         $upayway->idbank = $TmpArray['idbank'];
    812. 

  812.         $upayway->idalipay = $TmpArray['alipay'];
    813. 

  813.         $upayway->idtenpay = $TmpArray['tenpay'];
    814. 

  814.         if ($upayway->insert())
    815. 

  815.             exit('1');
    816. 

  816.     }
    817. 

  817. 

  818.     /**
    819. 

  819.      *  实名认证
    820. 

  820.      *
    821. 

  821.      */
    822. 

  822.     public function setVerify() {
    823. 

  823.         Doo::loadModel('users_verify');
    824. 

  824.     }
    825. 

  825. 

  826.     /**
    827. 

  827.      *  删除用户头像
    828. 

  828.      *  @return {0:失败;1:成功}
    829. 

  829.      */
    830. 

  830.     public function deleteavatar() {
    831. 

  831.         //根据用户id创建文件夹
    832. 

  832.         if (isset($this->data['uid'])) {
    833. 

  833.             $this->uid = $this->data['uid'];
    834. 

  834.         } else {
    835. 

  835.             exit('0');
    836. 

  836.         }
    837. 

  837. 

  838.         $dir1 = ceil($this->uid / 10000);
    839. 

  839.         $dir2 = ceil($this->uid % 10000 / 1000);
    840. 

  840. 

  841.         //图片存储文件夹
    842. 

  842.         $avatarfile = pc_base::load_config('system', 'upload_path') . 'avatar/';
    843. 

  843.         $dir = $avatarfile . $dir1 . '/' . $dir2 . '/' . $this->uid . '/';
    844. 

  844.         $this->db->update(array('avatar' => 0), array('uid' => $this->uid));
    845. 

  845.         if (!file_exists($dir)) {
    846. 

  846.             exit('1');
    847. 

  847.         } else {
    848. 

  848.             if ($handle = opendir($dir)) {
    849. 

  849.                 while (false !== ($file = readdir($handle))) {
    850. 

  850.                     if ($file !== '.' && $file !== '..') {
    851. 

  851.                         @unlink($dir . $file);
    852. 

  852.                     }
    853. 

  853.                 }
    854. 

  854.                 closedir($handle);
    855. 

  855.                 @rmdir($dir);
    856. 

  856.                 exit('1');
    857. 

  857.             }
    858. 

  858.         }
    859. 

  859.     }
    860. 

  860. 

  861.     /**
    862. 

  862.      *
    863. 

  863.      * @param type $string
    864. 

  864.      * @param type $operation
    865. 

  865.      * @param type $key
    866. 

  866.      * @param type $expiry
    867. 

  867.      * @return string
    868. 

  868.      */
    869. 

  869.     function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
    870. 

  870.         $ckey_length = 4;
    871. 

  871.         $key = md5($key != '' ? $key : Doo::conf()->AUTHKEY);
    872. 

  872.         $keya = md5(substr($key, 0, 16));
    873. 

  873.         $keyb = md5(substr($key, 16, 16));
    874. 

  874.         $keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0, $ckey_length) : substr(md5(microtime()), -$ckey_length)) : '';
    875. 

  875. 

  876.         $cryptkey = $keya . md5($keya . $keyc);
    877. 

  877.         $key_length = strlen($cryptkey);
    878. 

  878. 

  879.         $string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0) . substr(md5($string . $keyb), 0, 16) . $string;
    880. 

  880.         $string_length = strlen($string);
    881. 

  881. 

  882.         $result = '';
    883. 

  883.         $box = range(0, 255);
    884. 

  884. 

  885.         $rndkey = array();
    886. 

  886.         for ($i = 0; $i <= 255; $i++) {
    887. 

  887.             $rndkey[$i] = ord($cryptkey[$i % $key_length]);
    888. 

  888.         }
    889. 

  889. 

  890.         for ($j = $i = 0; $i < 256; $i++) {
    891. 

  891.             $j = ($j + $box[$i] + $rndkey[$i]) % 256;
    892. 

  892.             $tmp = $box[$i];
    893. 

  893.             $box[$i] = $box[$j];
    894. 

  894.             $box[$j] = $tmp;
    895. 

  895.         }
    896. 

  896. 

  897.         for ($a = $j = $i = 0; $i < $string_length; $i++) {
    898. 

  898.             $a = ($a + 1) % 256;
    899. 

  899.             $j = ($j + $box[$a]) % 256;
    900. 

  900.             $tmp = $box[$a];
    901. 

  901.             $box[$a] = $box[$j];
    902. 

  902.             $box[$j] = $tmp;
    903. 

  903.             $result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
    904. 

  904.         }
    905. 

  905. 

  906.         if ($operation == 'DECODE') {
    907. 

  907.             if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26) . $keyb), 0, 16)) {
    908. 

  908.                 return substr($result, 26);
    909. 

  909.             } else {
    910. 

  910.                 return '';
    911. 

  911.             }
    912. 

  912.         } else {
    913. 

  913.             return $keyc . str_replace(' = ', '', base64_encode($result));
    914. 

  914.         }
    915. 

  915.     }
    916. 

  916. 

  917.     public function LoginSetCookie() {
    918. 

  918. //        if (empty($this->params['username']))
    919. 

  919. //            return FALSE;
    920. 

  920.         $user = Doo::db()->find('users', array(
    921. 

  921.             'where' => 'username = ?',
    922. 

  922.             'param' => array($this->params['username']),
    923. 

  923.                 ));
    924. 

  924. //        if (empty($user))
    925. 

  925. //            return FALSE;
    926. 

  926.         header('P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"');
    927. 

  927. //        header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
    928. 

  928. //        setcookie(Doo::conf()->COOKIEPRE . 'auth', '', 0, '/', '192.168.1.140', 0);
    929. 

  929. //        setcookie(Doo::conf()->COOKIEPRE . '_userid', '', 0, '/', '192.168.1.140', 0);
    930. 

  930. //        setcookie(Doo::conf()->COOKIEPRE . '_username', '', 0, '/', '192.168.1.140', 0);
    931. 

  931. //        setcookie(Doo::conf()->COOKIEPRE_WK . 'auth', '', 0, '/', '192.168.1.140', 0);
    932. 

  932. //        setcookie(Doo::conf()->COOKIEPRE_WK . '_userid', '', 0, '/', '192.168.1.140', 0);
    933. 

  933. //        setcookie(Doo::conf()->COOKIEPRE_WK . '_username', '', 0, '/', '192.168.1.140', 0);
    934. 

  934. //        setcookie(Doo::conf()->COOKIEPRE_WD . 'auth', '', 0, '/', '192.168.1.106', 0);
    935. 

  935. //        setcookie(Doo::conf()->COOKIEPRE_WD . '_userid', '', 0, '/', '192.168.1.106', 0);
    936. 

  936. //        setcookie(Doo::conf()->COOKIEPRE_WD . '_username', '', 0, '/', '192.168.1.106', 0);
    937. 

  937.         // 通行证
    938. 

  938.         setcookie(Doo::conf()->COOKIEPRE . 'auth', $this->authcode($user[0]->id . "\t" . $this->clientIP(), 'ENCODE'), 0, '/', '192.168.1.140', 0);
    939. 

  939.         setcookie(Doo::conf()->COOKIEPRE . '_userid', $this->authcode($user[0]->id, 'ENCODE'), 0, '/', '192.168.1.140', 0);
    940. 

  940.         setcookie(Doo::conf()->COOKIEPRE . '_username', $this->authcode($user[0]->username, 'ENCODE'), 0, '/', '192.168.1.140', 0);
    941. 

  941.         // 文库
    942. 

  942. //        setcookie(Doo::conf()->COOKIEPRE_WK . 'auth', $this->authcode($user[0]->id . "\t" . $this->clientIP(), 'ENCODE'), 0, '/', '192.168.1.140', 0);
    943. 

  943. //        setcookie(Doo::conf()->COOKIEPRE_WK . '_userid', $this->authcode($user[0]->id, 'ENCODE'), 0, '/', '192.168.1.140', 0);
    944. 

  944. //        setcookie(Doo::conf()->COOKIEPRE_WK . '_username', $this->authcode($user[0]->username, 'ENCODE'), 0, '/', '192.168.1.140', 0);
    945. 

  945.         // 问答
    946. 

  946. //        setcookie(Doo::conf()->COOKIEPRE_WD . 'auth', $this->authcode($user[0]->id . "\t" . $this->clientIP(), 'ENCODE'), 0, '/', 'local_zhask.com', 0);
    947. 

  947. //        setcookie(Doo::conf()->COOKIEPRE_WD . '_userid', $this->authcode($user[0]->id, 'ENCODE'), 0, '/', 'local_zhask.com', 0);
    948. 

  948. //        setcookie(Doo::conf()->COOKIEPRE_WD . '_username', $this->authcode($user[0]->username, 'ENCODE'), 0, '/', 'local_zhask.com', 0);
    949. 

  949. //        setcookie("test", 'sdfsdfsdfsdf', time() + 3600, '/', '192.168.1.106');
    950. 

  950.     }
    951. 

  951. 

  952. //    public function nsetcookie($name) {
    953. 

  953. //        $user = Doo::db()->find('users', array(
    954. 

  954. //            'where' => 'username = ?',
    955. 

  955. //            'param' => array($name),
    956. 

  956. //                ));
    957. 

  957. //        setcookie(Doo::conf()->COOKIEPRE . 'auth', $this->authcode($user[0]->id . "\t" . $this->clientIP(), 'ENCODE'), 0, '/', '192.168.1.140', 0);
    958. 

  958. //        setcookie(Doo::conf()->COOKIEPRE . '_userid', $this->authcode($user[0]->id, 'ENCODE'), 0, '/', '192.168.1.140', 0);
    959. 

  959. //        setcookie(Doo::conf()->COOKIEPRE . '_username', $this->authcode($user[0]->username, 'ENCODE'), 0, '/', '192.168.1.140', 0);
    960. 

  960. //        // 文库
    961. 

  961. //        setcookie(Doo::conf()->COOKIEPRE_WK . 'auth', $this->authcode($user[0]->id . "\t" . $this->clientIP(), 'ENCODE'), 0, '/', '192.168.1.140', 0);
    962. 

  962. //        setcookie(Doo::conf()->COOKIEPRE_WK . '_userid', $this->authcode($user[0]->id, 'ENCODE'), 0, '/', '192.168.1.140', 0);
    963. 

  963. //        setcookie(Doo::conf()->COOKIEPRE_WK . '_username', $this->authcode($user[0]->username, 'ENCODE'), 0, '/', '192.168.1.140', 0);
    964. 

  964. //        // 问答
    965. 

  965. //        setcookie(Doo::conf()->COOKIEPRE_WD . 'auth', $this->authcode($user[0]->id . "\t" . $this->clientIP(), 'ENCODE'), 0, '/', 'local_zhask.com', 0);
    966. 

  966. //        setcookie(Doo::conf()->COOKIEPRE_WD . '_userid', $this->authcode($user[0]->id, 'ENCODE'), 0, '/', 'local_zhask.com', 0);
    967. 

  967. //        setcookie(Doo::conf()->COOKIEPRE_WD . '_username', $this->authcode($user[0]->username, 'ENCODE'), 0, '/', 'local_zhask.com', 0);
    968. 

  968. //    }
    969. 

  969.     public function getBank() {
    970. 

  970.         // TODO:远程字符串解析提取出来做成函数
    971. 

  971.         $authstr = $this->authcode($_POST['data']);
    972. 

  972.         $ddddd = explode('&', urldecode($authstr));
    973. 

  973.         foreach ($ddddd as $k => $v) {
    974. 

  974.             list($key, $val) = explode('=', $v);
    975. 

  975.             $TmpArray[$key] = $val;
    976. 

  976.             $this->$key = $val;
    977. 

  977.         }
    978. 

  978.         $uid = $TmpArray['uid'];
    979. 

  979.         if ($uid > 0) {
    980. 

  980.             $r = Doo::db()->find('users', array(
    981. 

  981.                 'select' => 'bank',
    982. 

  982.                 'where' => 'id=?',
    983. 

  983.                 'param' => array($uid),
    984. 

  984.                 'asArray' => TRUE
    985. 

  985.                     )
    986. 

  986.             );
    987. 

  987.         }
    988. 

  988.         exit(json_encode(array($r[0]['bank'])));
    989. 

  989.     }
    990. 

  990. 

  991.     public function getPayOrder() {
    992. 

  992.         // TODO:远程字符串解析提取出来做成函数
    993. 

  993.         $authstr = $this->authcode($_POST['data']);
    994. 

  994.         $ddddd = explode('&', urldecode($authstr));
    995. 

  995.         foreach ($ddddd as $k => $v) {
    996. 

  996.             list($key, $val) = explode('=', $v);
    997. 

  997.             $TmpArray[$key] = $val;
    998. 

  998.             $this->$key = $val;
    999. 

  999.         }
    1000. 

  1000.         $uid = $TmpArray['uid'];
    1001. 

  1001.         if ($uid > 0) {
    1002. 

  1002.             $r = Doo::db()->find('pay', array(
    1003. 

  1003.                 'where' => 'userid=?',
    1004. 

  1004.                 'param' => array($uid),
    1005. 

  1005.                 'asArray' => TRUE
    1006. 

  1006.                     )
    1007. 

  1007.             );
    1008. 

  1008.         }
    1009. 

  1009.         exit(json_encode($r));
    1010. 

  1010.     }
    1011. 

  1011. 

  1012.     public function madd() {
    1013. 

  1013.         // TODO:认证,变量判断
    1014. 

  1014.         $authstr = $this->authcode($_POST['data']);
    1015. 

  1015.         $ddddd = explode('&', urldecode($authstr));
    1016. 

  1016.         foreach ($ddddd as $k => $v) {
    1017. 

  1017.             list($key, $val) = explode('=', $v);
    1018. 

  1018.             $TmpArray[$key] = $val;
    1019. 

  1019.             $this->$key = $val;
    1020. 

  1020.         }
    1021. 

  1021.         $uid = $TmpArray['uid'];
    1022. 

  1022.         if ($uid > 0) {
    1023. 

  1023.             $usersArray = Doo::db()->find('users', array(
    1024. 

  1024.                 'where' => 'id=?',
    1025. 

  1025.                 'param' => array($uid),
    1026. 

  1026.                 'asArray' => TRUE
    1027. 

  1027.                     )
    1028. 

  1028.             );
    1029. 

  1029.             if (empty($usersArray)) {
    1030. 

  1030.                 exit('0');
    1031. 

  1031.             } else {
    1032. 

  1032.                 $usersObject = Doo::loadModel('users', TRUE);
    1033. 

  1033.                 $usersObject->id = $usersArray[0]['id'];
    1034. 

  1034.                 $usersObject->bank = new DooDbExpression('bank+' . $this->bank);
    1035. 

  1035.                 if ($usersObject->update()) {
    1036. 

  1036.                     //TODO:写入日志
    1037. 

  1037.                     exit('1');
    1038. 

  1038.                 } else {
    1039. 

  1039.                     exit('0');
    1040. 

  1040.                 }
    1041. 

  1041.             }
    1042. 

  1042.         } else {
    1043. 

  1043.             exit('0');
    1044. 

  1044.         }
    1045. 

  1045.     }
    1046. 

  1046. 

  1047.     public function msub() {
    1048. 

  1048.         // TODO:远程字符串解析提取出来做成函数
    1049. 

  1049.         $authstr = $this->authcode($_POST['data']);
    1050. 

  1050.         $ddddd = explode('&', urldecode($authstr));
    1051. 

  1051.         foreach ($ddddd as $k => $v) {
    1052. 

  1052.             list($key, $val) = explode('=', $v);
    1053. 

  1053.             $TmpArray[$key] = $val;
    1054. 

  1054.             $this->$key = $val;
    1055. 

  1055.         }
    1056. 

  1056.         $uid = $TmpArray['uid'];
    1057. 

  1057.         if ($uid > 0) {
    1058. 

  1058.             $usersArray = Doo::db()->find('users', array(
    1059. 

  1059.                 'where' => 'id=?',
    1060. 

  1060.                 'param' => array($uid),
    1061. 

  1061.                 'asArray' => TRUE
    1062. 

  1062.                     )
    1063. 

  1063.             );
    1064. 

  1064.             if (empty($usersArray)) {
    1065. 

  1065.                 exit('0');
    1066. 

  1066.             } else {
    1067. 

  1067.                 if ($usersArray[0]['bank'] < $this->bank) {
    1068. 

  1068.                     exit('-1');
    1069. 

  1069.                 }
    1070. 

  1070.                 $usersObject = Doo::loadModel('users', TRUE);
    1071. 

  1071.                 $usersObject->id = $usersArray[0]['id'];
    1072. 

  1072.                 $usersObject->bank = new DooDbExpression('bank-' . $this->bank);
    1073. 

  1073.                 if ($usersObject->update()) {
    1074. 

  1074.                     //TODO:写入日志
    1075. 

  1075.                     exit('1');
    1076. 

  1076.                 } else {
    1077. 

  1077.                     exit('0');
    1078. 

  1078.                 }
    1079. 

  1079.             }
    1080. 

  1080.         } else {
    1081. 

  1081.             exit('0');
    1082. 

  1082.         }
    1083. 

  1083.     }
    1084. 

  1084. 

  1085. /**
    1086. 

  1086. 	 * random 获取字符串
    1087. 

  1087. 	 * @param int $length
    1088. 

  1088. 	 * @return string $hash
    1089. 

  1089. 	 */
    1090. 

  1090. 	public function random_k($length = 6, $type = 0) {
    1091. 

  1091. 		$hash = '';
    1092. 

  1092. 		$chararr = array ('ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz', '0123456789', '23456789ABCDEFGHJKLMNPQRSTUVWXYZ' );
    1093. 

  1093. 		$chars = $chararr [$type];
    1094. 

  1094. 		$max = strlen ( $chars ) - 1;
    1095. 

  1095. 		PHP_VERSION < '4.2.0' && mt_srand ( ( double ) microtime () * 1000000 );
    1096. 

  1096. 		for($i = 0; $i < $length; $i ++) {
    1097. 

  1097. 			$hash .= $chars [mt_rand ( 0, $max )];
    1098. 

  1098. 		}
    1099. 

  1099. 		return $hash;
    1100. 

  1100. 	}
    1101. 

  1101.     
    1102. 

  1102. }
    1103. 

  1103. 

  1104. ?>
    1105.