API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 21st, 2016
159
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.78 KB | None | 0 0
raw download clone embed print report
  1. <?PHP
  2. /* -----------------------------------------------------
  3. Bo-Blog 2 : The Blog Reloaded.
  4. <<A Bluview Technology Product>>
  5. 禁止使用Windows记事本修改文件,由此造成的一切使用不正常恕不解答!
  6. PHP+MySQL blog system.
  7. Code: Bob Shen
  8. Offical site: http://www.bo-blog.com
  9. Copyright (c) Bob Shen 中国-上海
  10. In memory of my university life
  11. ------------------------------------------------------- */
  12.  
  13. if (!defined('VALIDREQUEST')) die ('Access Denied.');
  14.  
  15. acceptrequest('job', 1);
  16.  
  17. if (!$job) {
  18. $urlreturn=($_SERVER['HTTP_REFERER']=='') ? "index.php" : $_SERVER['HTTP_REFERER'];
  19. $m_b=new getblogs;
  20. $jobs="login.php?job=verify";
  21. $actionnow="{$lnc[253]} [<a href=\"login.php?job=register\">{$lnc[254]}</a>]";
  22. $formbody.=$t->set('form_eachline', array('text'=>"*{$lnc[132]}", 'formelement'=>"<input name='username' type='text' id='username' size='24' class='text' /><input type='hidden' name='urlreturn' value='{$urlreturn}' />"));
  23. $formbody.=$t->set('form_eachline', array('text'=>"*{$lnc[133]}", 'formelement'=>"<input type='password' class='text' size='24' name='password' id='password' />"));
  24.  
  25. if ($mbcon['enableopenid']=='1') {
  26. $formbody.=$t->set('form_eachline', array('text'=>"", 'formelement'=>"{$lnc[314]}:"));
  27. $formbody.=$t->set('form_eachline', array('text'=>"OpenID", 'formelement'=>"<input name='openid_url' type='text' id='openid_url' size='32' class='text' />"));
  28. }
  29.  
  30. $formbody.=$t->set('form_eachline', array('text'=>'&nbsp;', 'formelement'=>"<input name=\"savecookie\" type=\"checkbox\" id=\"savecookie\" value=\"1\" checked='checked' />{$lnc[284]}"));
  31. plugin_runphp('loginform');
  32. if ($config['loginvalidation']==1) {
  33. $rand=rand (0,100000);
  34. $formbody.=$t->set('form_eachline', array('text'=>"*{$lnc[249]}", 'formelement'=>"<span id='securityimagearea'><img src='inc/securitycode.php?rand={$rand}' alt='' title='{$lnc[250]}'/></span> <input name='securitycode' type='text' id='securitycode' size='16' class='text' /> {$lnc[251]} [<a href=\"javascript: refreshsecuritycode('securityimagearea', 'securitycode');\">{$lnc[283]}</a>]"));
  35. }
  36. $section_body_main=$t->set('register', array('title'=>$actionnow, 'job'=>$jobs, 'registerbody'=>$formbody));
  37. announcebar();
  38. $bodymenu=$t->set('mainpage', array('pagebar'=>'', 'iftoppage'=>'none', 'ifbottompage'=>'none', 'ifannouncement'=>$ifannouncement, 'topannounce'=>$topannounce, 'mainpart'=>$section_body_main, 'currentpage'=>'', 'previouspageurl'=>'', 'nextpageurl'=>'', 'turningpages'=>'', 'totalpages'=>'', 'previouspageexists'=>'', 'nextpageexists'=>''));
  39. }
  40.  
  41. if ($job=='adminlog') {
  42. $t=new template;
  43. $jobs="login.php?job=adminverify";
  44. $actionnow=$lnc[273];
  45. $formbody.=$t->set('form_eachline', array('text'=>$lnc[274], 'formelement'=>$lnc[275]));
  46. $formbody.=$t->set('form_eachline', array('text'=>"*{$lnc[132]}", 'formelement'=>"<input type='text' class='text' size='16' name='username' value='{$userdetail['username']}' disabled='disabled' />"));
  47. $formbody.=$t->set('form_eachline', array('text'=>"*{$lnc[133]}", 'formelement'=>"<input type='password' class='text' size='16' name='ipassword' />"));
  48. $section_body_main=$t->set('register', array('title'=>$actionnow, 'job'=>$jobs, 'registerbody'=>$formbody));
  49. announcebar();
  50. $bodymenu=$t->set('mainpage', array('pagebar'=>$pagebar, 'iftoppage'=>'none', 'ifbottompage'=>'none', 'ifannouncement'=>$ifannouncement, 'topannounce'=>$topannounce, 'mainpart'=>$section_body_main, 'currentpage'=>'', 'previouspageurl'=>'', 'nextpageurl'=>'', 'turningpages'=>'', 'totalpages'=>'', 'previouspageexists'=>'', 'nextpageexists'=>''));
  51. }
  52.  
  53. if ($job=='adminverify') {
  54. acceptrequest('ipassword');
  55. $password=md5($_POST['ipassword']);
  56. $username=safe_convert(mystrtolower($userdetail['username']));
  57. $try=$blog->getbyquery("SELECT * FROM `{$db_prefix}user` WHERE LOWER(username)='{$username}'");
  58. if (!is_array($try)) {
  59. catcherror ($lnc[276]);
  60. } elseif ($try['userpsw']!=$password) {
  61. catcherror ($lnc[276]);
  62. }
  63. if ($db_defaultsessdir!=1) session_save_path("./{$db_tmpdir}");
  64. session_cache_limiter("private, must-revalidate");
  65. session_start();
  66. $_SESSION['admin_userid']=$try['userid'];
  67. $_SESSION['admin_psw']=$try['userpsw'];
  68. catchsuccess ($lnc[277], "{$lnc[278]}|admin.php");
  69. exit();
  70. }
  71.  
  72. if (($job=='register' || $job=='doregister') && $logstat==1) catcherror($lnc[130]);
  73. if (($job=='modpro' || $job=='domodpro') && ($logstat!=1 || $userdetail['userid']==-1)) catcherror($lnc[131]);
  74.  
  75. if ($job=='register' || $job=='modpro') {
  76. if ($config['registeron']!='1' && $job=='register') {
  77. catcherror($config['registeroffmess']);
  78. }
  79. $t=new template;
  80. if ($job=='register') {
  81. $actionnow=$lnc[79];
  82. $jobs="login.php?job=doregister";
  83. $formbody.=$t->set('form_eachline', array('text'=>"", 'formelement'=>"<p style=\"color: red; font-weight: bold;\">Lưu ý: Dòng có * bắt buộc phải nhập</p>"));
  84. $formbody.=$t->set('form_eachline', array('text'=>"*Tên tài khoản", 'formelement'=>"<input type='text' class='text' size='16' name='username' />"));
  85. $formbody.=$t->set('form_eachline', array('text'=>"*Mật khẩu", 'formelement'=>"<input type='password' class='text' size='16' name='password' />"));
  86. $formbody.=$t->set('form_eachline', array('text'=>"*{$lnc[134]}", 'formelement'=>"<input type='password' class='text' size='16' name='confirmpsw' />"));
  87. }
  88. if ($job=='modpro') {
  89. $jobs="login.php?job=domodpro";
  90. $actionnow=$lnc[90];
  91. $formbody.=$t->set('form_eachline', array('text'=>"*{$lnc[135]}", 'formelement'=>"<input type='password' class='text' size='16' name='password' /> {$lnc[137]}"));
  92. $formbody.=$t->set('form_eachline', array('text'=>"*{$lnc[136]}", 'formelement'=>"<input type='password' class='text' size='16' name='newpsw' /> {$lnc[137]}"));
  93. $formbody.=$t->set('form_eachline', array('text'=>"*{$lnc[138]}", 'formelement'=>"<input type='password' class='text' size='16' name='confirmpsw' /> {$lnc[137]}"));
  94. }
  95. $formbody.=$t->set('form_eachline', array('text'=>$lnc[139], 'formelement'=>"<input type='text' class='text' size='16' name='email' value='".stripslashes($userdetail['email'])."'/>"));
  96. if (($job=='register' && $mbcon['regadvance']=='1') || $job=='modpro') {
  97. $formbody.=$t->set('form_eachline', array('text'=>'*Số điện thoại', 'formelement'=>"<input type='text' class='text' size='16' name='skype' value='".stripslashes($userdetail['skype'])."'/>"));
  98. $formbody.=$t->set('form_eachline', array('text'=>'Họ & Tên', 'formelement'=>"<input type='text' class='text' size='16' name='homepage' value='".stripslashes($userdetail['homepage'])."'/>"));
  99. $formbody.=$t->set('form_eachline', array('text'=>'Năm sinh', 'formelement'=>"<select name='birthday'>
  100. <option value=''>Chọn</option>
  101. <option value='2005'>2005</option>
  102. <option value='2004'>2004</option>
  103. <option value='2003'>2003</option>
  104. <option value='2002'>2002</option>
  105. <option value='2001'>2001</option>
  106. <option value='2000'>2000</option>
  107. <option value='1999'>1999</option>
  108. <option value='1998'>1998</option>
  109. <option value='1997'>1997</option>
  110. <option value='1996'>1996</option>
  111. <option value='1995'>1995</option>
  112. <option value='1994'>1994</option>
  113. <option value='1993'>1993</option>
  114. <option value='1992'>1992</option>
  115. <option value='1991'>1991</option>
  116. <option value='1990'>1990</option>
  117. <option value='1989'>1989</option>
  118. <option value='1988'>1988</option>
  119. <option value='1987'>1987</option>
  120. <option value='1986'>1986</option>
  121. <option value='1985'>1985</option>
  122. <option value='1984'>1984</option>
  123. <option value='1983'>1983</option>
  124. <option value='1982'>1982</option>
  125. <option value='1981'>1981</option>
  126. <option value='1980'>1980</option>
  127. <option value='1979'>1979</option>
  128. <option value='1978'>1978</option>
  129. <option value='1977'>1977</option>
  130. <option value='1976'>1976</option>
  131. <option value='1975'>1975</option>
  132. <option value='1974'>1974</option>
  133. <option value='1973'>1973</option>
  134. <option value='1972'>1972</option>
  135. <option value='1971'>1971</option>
  136. <option value='1970'>1970</option>
  137. <option value='1969'>1969</option>
  138. <option value='1968'>1968</option>
  139. <option value='1967'>1967</option>
  140. <option value='1966'>1966</option>
  141. <option value='1965'>1965</option>
  142. <option value='1964'>1964</option>
  143. <option value='1963'>1963</option>
  144. <option value='1962'>1962</option>
  145. <option value='1961'>1961</option>
  146. <option value='1960'>1960</option>
  147. <option value='1959'>1959</option>
  148. <option value='1958'>1958</option>
  149. <option value='1957'>1957</option>
  150. <option value='1956'>1956</option>
  151. <option value='1955'>1955</option>
  152. <option value='1954'>1954</option>
  153. <option value='1953'>1953</option>
  154. <option value='1952'>1952</option>
  155. <option value='1951'>1951</option>
  156. <option value='1950'>1950</option>
  157. </select>"));
  158. $formbody.=$t->set('form_eachline', array('text'=>'Nghề nghiệp', 'formelement'=>"<input type='text' class='text' size='16' name='msn' value='".stripslashes($userdetail['msn'])."'/>"));
  159. $formbody.=$t->set('form_eachline', array('text'=>$lnc[146], 'formelement'=>"<select name='from'>
  160. <option value=''>Chọn</option>
  161. <option value='An Giang'>An Giang</option>
  162. <option value='Bà Rịa Vũng Tàu'>Bà Rịa - Vũng Tàu</option>
  163. <option value='Bắc Giang'>Bắc Giang</option>
  164. <option value='Bắc Giang'>Bắc Giang</option>
  165. <option value='Bạc Liêu'>Bạc Liêu</option>
  166. <option value='Bắc Ninh'>Bắc Ninh</option>
  167. <option value='Bến Tre'>Bến Tre</option>
  168. <option value='Bình Định'>Bình Định</option>
  169. <option value='Bình Dương'>Bình Dương</option>
  170. <option value='Bình Phước'>Bình Phước</option>
  171. <option value='Bình Thuận'>Bình Thuận</option>
  172. <option value='Cà Mau'>Cà Mau</option>
  173. <option value='Cao Bằng'>Cao Bằng</option>
  174. <option value='Đà Nẵng'>Đà Nẵng</option>
  175. <option value='Đắk Lắk'>Đắk Lắk</option>
  176. <option value='Đắk Nông'>Đắk Nông</option>
  177. <option value='Điện Biên'>Điện Biên</option>
  178. <option value='Đồng Nai'>Đồng Nai</option>
  179. <option value='Đồng Tháp'>Đồng Tháp</option>
  180. <option value='Gia Lai'>Gia Lai</option>
  181. <option value='Hà Giang'>Hà Giang</option>
  182. <option value='Hà Nam'>Hà Nam</option>
  183. <option value='Hà Nội'>Hà Nội</option>
  184. <option value='Hà Tĩnh'>Hà Tĩnh</option>
  185. <option value='Hải Dương'>Hải Dương</option>
  186. <option value='Hải Phòng'>Hải Phòng</option>
  187. <option value='Hậu Giang'>Hậu Giang</option>
  188. <option value='Hòa Bình'>Hòa Bình</option>
  189. <option value='Hưng Yên'>Hưng Yên</option>
  190. <option value='Khánh Hòa'>Khánh Hòa</option>
  191. <option value='Kiên Giang'>Kiên Giang</option>
  192. <option value='Kon Tum'>Kon Tum</option>
  193. <option value='Lai Châu'>Lai Châu</option>
  194. <option value='Lâm Đồng'>Lâm Đồng</option>
  195. <option value='Lạng Sơn'>Lạng Sơn</option>
  196. <option value='Lào Cai'>Lào Cai</option>
  197. <option value='Long An'>Long An</option>
  198. <option value='Nam Định'>Nam Định</option>
  199. <option value='Nghệ An'>Nghệ An</option>
  200. <option value='Ninh Bình'>Ninh Bình</option>
  201. <option value='Ninh Thuận'>Ninh Thuận</option>
  202. <option value='Phú Thọ'>Phú Thọ</option>
  203. <option value='Quảng Bình'>Quảng Bình</option>
  204. <option value='Quảng Nam'>Quảng Nam</option>
  205. <option value='Quảng Ngãi'>Quảng Ngãi</option>
  206. <option value='Quảng Ninh'>Quảng Ninh</option>
  207. <option value='Quảng Trị'>Quảng Trị</option>
  208. <option value='Sóc Trăng'>Sóc Trăng</option>
  209. <option value='Sơn La'>Sơn La</option>
  210. <option value='Tây Ninh'>Tây Ninh</option>
  211. <option value='Thái Bình'>Thái Bình</option>
  212. <option value='Thái Nguyên'>Thái Nguyên</option>
  213. <option value='Thanh Hóa'>Thanh Hóa</option>
  214. <option value='Thừa Thiên Huế'>Thừa Thiên Huế</option>
  215. <option value='Tiền Giang'>Tiền Giang</option>
  216. <option value='TP HCM'>TP. HCM</option>
  217. <option value='Trà Vinh'>Trà Vinh</option>
  218. <option value='Tuyên Quang'>Tuyên Quang</option>
  219. <option value='Vĩnh Long'>Vĩnh Long</option>
  220. <option value='Vĩnh Phúc'>Vĩnh Phúc</option>
  221. <option value='Yên Bái'>Yên Bái</option>
  222. <option value='Phú Yên'>Phú Yên</option>
  223. </select>"));
  224. $sex_sel=array('0'=>$lnc[141], '1'=>$lnc[142], '2'=>$lnc[143]);
  225. $sex_choice=array('0'=>'', '1'=>'', '2'=>'');
  226. $tmp_gender=$userdetail['gender'];
  227. $sex_choice[$tmp_gender]="checked=checked";
  228. $formbody.=$t->set('form_eachline', array('text'=>$lnc[144], 'formelement'=>"<input type='radio' name='gender' value='1' {$sex_choice[1]}/>{$lnc[142]} <input type='radio' name='gender' value='2' {$sex_choice[2]}/>{$lnc[143]} "));
  229. }
  230. plugin_runphp('registerform');
  231. if ($job=='register' && $config['registervalidation']==1) {
  232. $rand=rand (0,100000);
  233. $formbody.=$t->set('form_eachline', array('text'=>$lnc[249], 'formelement'=>"<span id='securityimagearea'><img src='inc/securitycode.php?rand={$rand}' alt='' title='{$lnc[250]}'/></span> <input name='securitycode' type='text' id='securitycode' size='16' class='text' /> {$lnc[251]} [<a href=\"javascript: refreshsecuritycode('securityimagearea', 'securitycode');\">{$lnc[283]}</a>]"));
  234. }
  235. $section_body_main=$t->set('register', array('title'=>$actionnow, 'job'=>$jobs, 'registerbody'=>$formbody));
  236. announcebar();
  237. $bodymenu=$t->set('mainpage', array('pagebar'=>$pagebar, 'iftoppage'=>'none', 'ifbottompage'=>'none', 'ifannouncement'=>$ifannouncement, 'topannounce'=>$topannounce, 'mainpart'=>$section_body_main, 'currentpage'=>'', 'previouspageurl'=>'', 'nextpageurl'=>'', 'turningpages'=>'', 'totalpages'=>'', 'previouspageexists'=>'', 'nextpageexists'=>''));
  238. }
  239.  
  240. if ($job=='doregister' || $job=='domodpro') {
  241. acceptrequest('password,confirmpsw,email,homepage,gender,qq,msn,birthday,skype,from,intro,avatartype,avatarvalue', 0, 'post');
  242. extract_forbidden();
  243. if ($job=='doregister') {
  244. acceptrequest('username', 0, 'post');
  245. if ($config['registervalidation']==1) {
  246. acceptrequest('securitycode');
  247. if ($db_defaultsessdir!=1) session_save_path("./{$db_tmpdir}");
  248. session_cache_limiter("private, must-revalidate");
  249. session_start();
  250. if ($securitycode=='' || strtolower($securitycode)!=strtolower($_SESSION['code'])) catcherror($lnc[165]);
  251. }
  252. $username=trimplus(safe_convert($username));
  253. if ($username==='') catcherror ($lnc[154]);
  254. if (strlen($username)<$mbcon['minusenamelen'] || strlen($username)>$mbcon['maxusenamelen']) catcherror ($lnc[155]);
  255. if ($password==='' || $password!=$confirmpsw || strlen($password)<$mbcon['minpswlen']) catcherror ($lnc[156]);
  256. else $password=md5($password);
  257. $usercheck=mystrtolower($username);
  258. $try=$blog->getbyquery("SELECT userid FROM `{$db_prefix}user` WHERE LOWER(username)='{$usercheck}'");
  259. if (is_array($try)) catcherror ($lnc[157]);
  260. if (preg_search($username, $forbidden['banword']) || preg_search($username, $forbidden['keep'])) catcherror ($lnc[158]);
  261. } else {
  262. if ($password!=='') {
  263. if (md5($password)!=$userdetail['userpsw']) catcherror ($lnc[159]);
  264. acceptrequest('newpsw', 0, 'post');
  265. if ($newpsw==='' || $newpsw!=$confirmpsw || strlen($newpsw)<$mbcon['minpswlen']) catcherror ($lnc[160]);
  266. $userdetail['userpsw']=md5($newpsw); //PSW Changed here
  267. }
  268. }
  269. $email=trimplus(safe_convert($email));
  270. $homepage=trimplus(safe_convert($homepage));
  271. $gender=floor($gender);
  272. $qq=floor($qq);
  273. $birthday=trimplus(safe_convert($birthday));
  274. $msn=trimplus(safe_convert($msn));
  275. $skype=trimplus(safe_convert($skype));
  276. $from=trimplus(safe_convert($from));
  277. $intro=trimplus(safe_convert($intro));
  278. $avatartype=floor($avatartype);
  279. $avatarvalue=basename(trimplus(safe_convert($avatarvalue)));
  280. $avatarall="{$avatartype}|{$avatarvalue}";
  281. if (preg_search($intro, $forbidden['banword'])) catcherror ($lnc[161]);
  282. plugin_runphp('registerprocess');
  283.  
  284. if ($job=='doregister') {
  285. $maxrecord=$blog->getsinglevalue("{$db_prefix}maxrec");
  286. $currentuserid=$maxrecord['maxuserid']+1;
  287. $imajikan=time();
  288. $blog->query("INSERT INTO `{$db_prefix}user` VALUES ('{$currentuserid}', '{$username}', '{$password}', '{$imajikan}', '1', '{$email}', '{$homepage}', '{$qq}', '{$msn}', '{$intro}', '{$gender}', '{$skype}', '{$from}', '{$birthday}', '{$userdetail['ip']}', '{$avatarall}','','','')");
  289. $blog->query("UPDATE `{$db_prefix}maxrec` SET `maxuserid`=`maxuserid`+1");
  290. $blog->query("UPDATE `{$db_prefix}counter` SET `users`=`users`+1");
  291. @setcookie ('userid', $currentuserid);
  292. @setcookie ('userpsw', $password);
  293. catchsuccess($lnc[162], "{$lnc[163]}|index.php");
  294. } else {
  295. $blog->query("UPDATE `{$db_prefix}user` SET `userpsw`='{$userdetail['userpsw']}', `email`='{$email}', homepage='{$homepage}', qq='{$qq}', msn='{$msn}', intro='{$intro}', gender='{$gender}', skype='{$skype}', `fromplace`='{$from}', birthday='{$birthday}', avatar='{$avatarall}' WHERE `userid`='{$userdetail['userid']}'");
  296. @setcookie ('userid', '', time()-3600);
  297. @setcookie ('userpsw', '', time()-3600);
  298. @setcookie ('userid', $userdetail['userid']);
  299. @setcookie ('userpsw', $userdetail['userpsw']);
  300. catchsuccess($lnc[164], "{$lnc[163]}|index.php");
  301. }
  302. }
  303.  
  304.  
  305. if ($job=='verify') {
  306. acceptrequest('savecookie,securitycode,urlreturn,openid_url');
  307. if ($config['loginvalidation']==1) {
  308. if ($db_defaultsessdir!=1) session_save_path("./{$db_tmpdir}");
  309. session_cache_limiter("private, must-revalidate");
  310. session_start();
  311. if ($securitycode=='' || strtolower($securitycode)!=strtolower($_SESSION['code'])) catcherror($lnc[165]);
  312. }
  313.  
  314. if ($openid_url) {
  315. if ($mbcon['enableopenid']!='1') catcherror($lnc[315].$lnc[319]);
  316. $openid = $openid_url;
  317. $process_url = "{$config['blogurl']}/login.php?job=openidverify&savecookie={$savecookie}&urlreturn=".urlencode($urlreturn)."&securitycode={$securitycode}";
  318. prepareOpenID($openid, $process_url);
  319. exit();
  320. }
  321.  
  322. $password=md5($_POST['password']);
  323. $username=safe_convert(mystrtolower($_POST['username']));
  324. plugin_runphp('loginprocess');
  325. $try=$blog->getbyquery("SELECT * FROM `{$db_prefix}user` WHERE LOWER(username)='{$username}' AND `userpsw`='{$password}'");
  326. if (!is_array($try)) {
  327. catcherror ($lnc[166]);
  328. } else {
  329.  
  330.  
  331. //die($try['nganluong_time']);
  332. $userid=$try['userid'];
  333. if ($savecookie==0) {
  334. setcookie ('userid', $userid);
  335. setcookie ('userpsw', $password);
  336. } else {
  337. $savecookielong=3600*24*30;
  338. setcookie ('userid', $userid, time()+$savecookielong);
  339. setcookie ('userpsw', $password, time()+$savecookielong);
  340. }
  341. $redirection=array("{$lnc[309]}|{$urlreturn}", "{$lnc[163]}|index.php");
  342. if ($try['usergroup']=='2') {
  343. $redirection[]="{$lnc[107]}|admin.php";
  344. $redirection[]="{$lnc[108]}|write.php?act=edit";
  345. }
  346. $savecookielong = 3600*24*30;
  347. setcookie ('nganluong_time', $try['nganluong_time'],time()+$savecookielong);
  348. setcookie ('nganluong_time_end', $try['nganluong_time_end'],time()+$savecookielong);
  349.  
  350. catchsuccess ("{$lnc[167]} ".$username, $redirection);
  351. }
  352. }
  353.  
  354. if ($job=='openidverify') {
  355. if ($mbcon['enableopenid']!='1') catcherror($lnc[315].$lnc[319]);
  356. $openidresult=completeOpenID();
  357. acceptrequest('savecookie,securitycode,urlreturn');
  358. if ($config['loginvalidation']==1) {
  359. if ($db_defaultsessdir!=1) session_save_path("./{$db_tmpdir}");
  360. session_cache_limiter("private, must-revalidate");
  361. session_start();
  362. if ($securitycode=='' || strtolower($securitycode)!=strtolower($_SESSION['code'])) catcherror($lnc[165]);
  363. }
  364. if ($savecookie==0) {
  365. setcookie ('openid_url_id', $openidresult['openidurl']);
  366. } else {
  367. $savecookielong=3600*24*30;
  368. setcookie ('openid_url_id', $openidresult['openidurl'], time()+$savecookielong);
  369. }
  370. $redirection=array("{$lnc[309]}|{$urlreturn}", "{$lnc[163]}|index.php");
  371. catchsuccess ("{$lnc[317]} ".$openidresult['openidurl'], $redirection);
  372. }
  373.  
  374. if ($job=='logout') {
  375. plugin_runphp('logoutprocess');
  376. define ('isLogout', 1);
  377. setcookie ('userid', '', time()-3600);
  378. setcookie ('userpsw', '', time()-3600);
  379. setcookie ('openid_url_id', '', time()-3600);
  380. setcookie ('bloglanguage', '', time()-3600);
  381. setcookie ('blogtemplate', '', time()-3600);
  382. catchsuccess ($lnc[168], "{$lnc[163]}|index.php");
  383. }
  384.  
  385. if ($job=='applylink') {
  386. checkpermission ('ApplyLink');
  387. $mycode1="<a href=\"{$config['blogurl']}\" target=\"_blank\" title=\"{$config['blogname']}\">{$config['blogname']}</a>";
  388. $mycode2="<a href=\"{$config['blogurl']}\" target=\"_blank\"><img src=\"{$config['bloglogo']}\" title=\"{$config['blogname']}\" alt=\"{$config['blogname']}\" border=\"0\"/></a>";
  389. $mycode1=htmlspecialchars($mycode1);
  390. $mycode2=htmlspecialchars($mycode2);
  391. $t=new template;
  392. $actionnow=$lnc[109];
  393. $jobs="login.php?job=doapplylink";
  394. $formbody.=$t->set('form_eachline', array('text'=>"*{$lnc[169]}", 'formelement'=>"<input type='text' class='text' size='20' name='sitename' />"));
  395. $formbody.=$t->set('form_eachline', array('text'=>"*{$lnc[170]}", 'formelement'=>"<input type='text' class='text' size='30' name='siteurl' />"));
  396. $formbody.=$t->set('form_eachline', array('text'=>$lnc[171], 'formelement'=>"<input type='text' class='text' size='30' name='sitelogo' /> {$lnc[172]}"));
  397. $formbody.=$t->set('form_eachline', array('text'=>$lnc[173], 'formelement'=>"<input type='text' class='text' size='30' name='siteintro' /> {$lnc[174]}"));
  398. $formbody.=$t->set('form_eachline', array('text'=>$lnc[175], 'formelement'=>"{$lnc[176]}<br/><ul><li>{$lnc[177]}<br/><textarea class='text' cols='40' rows='2' name='sitemycode1'>{$mycode1}</textarea></li><li>{$lnc[178]}<br/><textarea class='text' cols='40' rows='2' name='sitemycode2'>{$mycode2}</textarea></li></ul>"));
  399. if ($config['applylinkvalidation']==1) {
  400. $rand=rand (0,100000);
  401. $formbody.=$t->set('form_eachline', array('text'=>$lnc[249], 'formelement'=>"<span id='securityimagearea'><img src='inc/securitycode.php?rand={$rand}' alt='' title='{$lnc[250]}'/></span> <input name='securitycode' type='text' id='securitycode' size='16' class='text' /> {$lnc[251]} [<a href=\"javascript: refreshsecuritycode('securityimagearea', 'securitycode');\">{$lnc[283]}</a>]"));
  402. }
  403. $section_body_main=$t->set('register', array('title'=>$actionnow, 'job'=>$jobs, 'registerbody'=>$formbody));
  404. announcebar();
  405. $bodymenu=$t->set('mainpage', array('pagebar'=>$pagebar, 'iftoppage'=>'none', 'ifbottompage'=>'none', 'ifannouncement'=>$ifannouncement, 'topannounce'=>$topannounce, 'mainpart'=>$section_body_main, 'currentpage'=>'', 'previouspageurl'=>'', 'nextpageurl'=>'', 'turningpages'=>'', 'totalpages'=>'', 'previouspageexists'=>'', 'nextpageexists'=>''));
  406. }
  407.  
  408. if ($job=='doapplylink') {
  409. checkpermission ('ApplyLink');
  410. acceptrequest('sitename,siteurl,sitelogo,siteintro');
  411. if ($config['applylinkvalidation']==1) {
  412. acceptrequest('securitycode');
  413. if ($db_defaultsessdir!=1) session_save_path("./{$db_tmpdir}");
  414. session_cache_limiter("private, must-revalidate");
  415. session_start();
  416. if ($securitycode=='' || strtolower($securitycode)!=strtolower($_SESSION['code'])) catcherror($lnc[165]);
  417. }
  418. $sitename=safe_convert(trimplus($sitename));
  419. $siteurl=safe_convert(trimplus($siteurl));
  420. $sitelogo=safe_convert(trimplus($sitelogo));
  421. $siteintro=safe_convert(trimplus($siteintro));
  422. if (!$sitename || !$siteurl) catcherror ($lnc[179]);
  423. $siteurl=urlconvert($siteurl);
  424. $sitelogo=urlconvert($sitelogo);
  425. $siteid=time().rand(0,10);
  426. if (preg_search($sitename, $forbidden['banword']) || preg_search($siteintro, $forbidden['banword']) || preg_search($siteurl, $forbidden['banword']) || preg_search($sitename, $forbidden['suspect']) || preg_search($siteintro, $forbidden['suspect']) || preg_search($siteurl, $forbidden['suspect'])) catcherror($lnc[214]);
  427. $addline="<?PHP exit();?><|>$siteid<|>$sitename<|>$siteurl<|>$sitelogo<|>$siteintro<|>\n";
  428. $filename="data/cache_applylinks.php";
  429. $oldcontent=@readfromfile($filename);
  430. $content=$addline.$oldcontent;
  431. if (!writetofile($filename, $content)) catcherror ($lnc[7].$filename);
  432. else catchsuccess ($lnc[180], "{$lnc[163]}|index.php");
  433. }
  434.  
  435. if ($job=='ajaxverify') {
  436. acceptrequest('savecookie,securitycode');
  437. $savecookie=floor($savecookie);
  438. if ($config['loginvalidation']==1) {
  439. if ($db_defaultsessdir!=1) session_save_path("./{$db_tmpdir}");
  440. session_cache_limiter("private, must-revalidate");
  441. session_start();
  442. if ($securitycode=='' || strtolower($securitycode)!=strtolower($_SESSION['code'])) catcherror($lnc[165]);
  443. }
  444. $password=md5($_POST['password']);
  445. $username=safe_convert(mystrtolower($_POST['username']));
  446. $try=$blog->getbyquery("SELECT * FROM `{$db_prefix}user` WHERE LOWER(username)='{$username}' AND `userpsw`='{$password}'");
  447. if (!is_array($try)) {
  448. catcherror ($lnc[166]);
  449. } else {
  450. $userid=$try['userid'];
  451. catchsuccess ("{$userid}-{$password}-{$savecookie}");
  452. }
  453. }
  454.  
  455. if ($job=='ajaxloginsuccess') {
  456. if ($permission['CP']==1) $destine=array("{$lnc[163]}|index.php", "{$lnc[107]}|admin.php");
  457. else $destine="{$lnc[163]}|index.php";
  458. catchsuccess("{$lnc[167]} ".$userdetail['username'], $destine);
  459. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!