/2018-HITCTF-Final/web2/html/main/source/plugin/wechat/login.inc.php

https://github.com/SniperOJ/Attack-Defense-Challenges · PHP · 139 lines · 124 code · 9 blank · 6 comment · 40 complexity · c5f28e9fdbd4f904809309fca0e78075 MD5 · raw file 

    

  1. <?php

    2. 

  2. 

    3. 

  3. /**

    4. 

  4.  *      [Discuz!] (C)2001-2099 Comsenz Inc.

    5. 

  5.  *      This is NOT a freeware, use is subject to license terms

    6. 

  6.  *

    7. 

  7.  *      $Id: login.inc.php 34989 2014-09-24 07:22:03Z nemohou $

    8. 

  8.  */

    9. 

  9. if (!defined('IN_DISCUZ')) {

    10. 

  10. 	exit('Access Denied');

    11. 

  11. }

    12. 

  12. if(!$_G['wechat']['setting']) {

    13. 

  13. 	$_G['wechat']['setting'] = unserialize($_G['setting']['mobilewechat']);

    14. 

  14. }

    15. 

  15. 

    16. 

  16. if(!$_G['wechat']['setting']['wechat_qrtype']) {

    17. 

  17. 	showmessage('undefined_action');

    18. 

  18. }

    19. 

  19. 

    20. 

  20. if(!$_G['wechat']['setting']['wsq_siteid']) {

    21. 

  21. 	showmessage('wechat:wechat_login_closed');

    22. 

  22. }

    23. 

  23. 

    24. 

  24. require_once DISCUZ_ROOT . './source/plugin/wechat/wsq.class.php';

    25. 

  25. 

    26. 

  26. $ac = !empty($_GET['ac']) ? $_GET['ac'] : 'login';

    27. 

  27. 

    28. 

  28. if($ac == 'login') {

    29. 

  29. 	$qrauth = $_G['cookie']['qrauth'] ? authcode(base64_decode($_G['cookie']['qrauth']), 'DECODE', $_G['config']['security']['authkey']) : '';

    30. 

  30. 	if($_G['uid'] && !$qrauth) {

    31. 

  31. 		$showtip = true;

    32. 

  32. 		if(in_array('qqconnect', $_G['setting']['plugins']['available'])) {

    33. 

  33. 			$connect = C::t('#qqconnect#common_member_connect')->fetch($_G['uid']);

    34. 

  34. 			if($connect['conisregister']) {

    35. 

  35. 				$showtip = false;

    36. 

  36. 			}

    37. 

  37. 		}

    38. 

  38. 		if($showtip) {

    39. 

  39. 			dsetcookie('qrauth', '', -1);

    40. 

  40. 			showmessage('wechat:wechat_member_bind_qrauth_lost');

    41. 

  41. 		}

    42. 

  42. 	}

    43. 

  43. 	$url = wsq::qrconnectUrl($_G['uid'], dreferer());

    44. 

  44. 	dheader('location: '.$url);

    45. 

  45. } elseif($ac == 'callback') {

    46. 

  46. 	if(!wsq::checksign($_GET) || $_G['uid'] && $_GET['siteuid'] != $_G['uid']) {

    47. 

  47. 		showmessage('wechat:wechat_member_auth_fail');

    48. 

  48. 	}

    49. 

  49. 	require_once libfile('function/member');

    50. 

  50. 	if($_GET['siteuid'] && ($member = getuserbyuid($_GET['siteuid'], 1))) {

    51. 

  51. 		setloginstatus($member, 1296000);

    52. 

  52. 		if(!C::t('#wechat#common_member_wechatmp')->fetch($member['uid'])) {

    53. 

  53. 			C::t('#wechat#common_member_wechatmp')->insert(array('uid' => $_G['uid'], 'openid' => $_GET['openid'], 'status' => $_G['cookie']['qrauth'] ? 1: 0), false, true);

    54. 

  54. 		}

    55. 

  55. 

    56. 

  56. 		dheader('location: '.($_GET['referer'] ? $_GET['referer'] : $_G['siteurl']));

    57. 

  57. 	} else {

    58. 

  58. 		require_once DISCUZ_ROOT . './source/plugin/wechat/wechat.class.php';

    59. 

  59. 		require_once DISCUZ_ROOT . './source/plugin/wechat/wechat.lib.class.php';

    60. 

  60. 		$defaultusername = WeChatEmoji::clear($_GET['nickname']);

    61. 

  61. 		if(!$_G['wechat']['setting']['wechat_allowfastregister']) {

    62. 

  62. 			redirectregister($defaultusername);

    63. 

  63. 		}

    64. 

  64. 

    65. 

  65. 		loaducenter();

    66. 

  66. 		$user = uc_get_user($defaultusername);

    67. 

  67. 		if(!empty($user)) {

    68. 

  68. 			$defaultusername = cutstr($defaultusername, 7, '').'_'.random(5);

    69. 

  69. 		}

    70. 

  70. 		$uid = WeChat::register($defaultusername, 1, 8);

    71. 

  71. 		if(!$uid) {

    72. 

  72. 			redirectregister($defaultusername);

    73. 

  73. 		}

    74. 

  74. 		C::t('#wechat#common_member_wechatmp')->insert(array('uid' => $uid, 'openid' => $_GET['openid'], 'status' => 0), false, true);

    75. 

  75. 		$url = wsq::userregisterUrl($uid, $_GET['openid'], $_GET['openidsign'], $_GET['referer']);

    76. 

  76. 		dheader('location: '.$url);

    77. 

  77. 	}

    78. 

  78. } elseif($ac == 'regcallback' && $_G['uid']) {

    79. 

  79. 	list($openid, $openidsign, $qrreferer) = explode("\t", authcode(base64_decode($_GET['auth']), 'DECODE'));

    80. 

  80. 	if(!$openid) {

    81. 

  81. 		showmessage('wechat:wechat_member_auth_fail');

    82. 

  82. 	}

    83. 

  83. 	C::t('#wechat#common_member_wechatmp')->insert(array('uid' => $_G['uid'], 'openid' => $openid, 'status' => 1), false, true);

    84. 

  84. 	$url = wsq::userregisterUrl($_G['uid'], $openid, $openidsign, $qrreferer);

    85. 

  85. 	dheader('location: '.$url);

    86. 

  86. } elseif($ac == 'regverify' && $_G['uid']) {

    87. 

  87. 	if(!wsq::checksign($_GET)) {

    88. 

  88. 		showmessage('wechat:wechat_member_auth_fail');

    89. 

  89. 	}

    90. 

  90. 	if($_GET['code']) {

    91. 

  91. 		showmessage('wechat:wechat_member_register_faild');

    92. 

  92. 	}

    93. 

  93. 	$member = C::t('#wechat#common_member_wechatmp')->fetch($_G['uid']);

    94. 

  94. 	if(!$member) {

    95. 

  95. 		showmessage('wechat:wechat_member_register_faild');

    96. 

  96. 	}

    97. 

  97. 	$groupid = $_G['wechat']['setting']['wechat_newusergroupid'] ? $_G['wechat']['setting']['wechat_newusergroupid'] : $_G['setting']['newusergroupid'];

    98. 

  98. 	C::t('common_member')->update($_G['uid'], array('groupid' => $groupid));

    99. 

  99. 	dheader('location: '.($_G['referer'] ? $_GET['referer'] : $_G['siteurl']));

    100. 

  100. } elseif($ac == 'wxlogin') {

    101. 

  101. 	unset($_GET['mapifrom'], $_GET['charset']);

    102. 

  102. 	if(wsq::checksign($_GET)) {

    103. 

  103. 		$member = getuserbyuid($_GET['siteuid'], 1);

    104. 

  104. 		if($member) {

    105. 

  105. 			require_once libfile('function/member');

    106. 

  106. 			setloginstatus($member, 1296000);

    107. 

  107. 		}

    108. 

  108. 	}

    109. 

  109. } elseif($ac == 'wxregverify') {

    110. 

  110. 	if(!wsq::checksign($_GET)) {

    111. 

  111. 		showmessage('wechat:wechat_member_auth_fail');

    112. 

  112. 	}

    113. 

  113. 	$member = getuserbyuid($_GET['siteuid'], 1);

    114. 

  114. 	if($member) {

    115. 

  115. 		require_once libfile('function/member');

    116. 

  116. 		setloginstatus($member, 1296000);

    117. 

  117. 	}

    118. 

  118. 	if($_G['cookie']['wxnewuser']) {

    119. 

  119. 		$groupid = $_G['wechat']['setting']['wechat_newusergroupid'] ? $_G['wechat']['setting']['wechat_newusergroupid'] : $_G['setting']['newusergroupid'];

    120. 

  120. 		C::t('common_member')->update($_G['uid'], array('groupid' => $groupid));

    121. 

  121. 		dsetcookie('wxnewuser', '', -1);

    122. 

  122. 	}

    123. 

  123. 	dheader('location: '.($_GET['referer'] ? $_GET['referer'] : $_G['siteurl']));

    124. 

  124. } else {

    125. 

  125. 	showmessage('undefined_action');

    126. 

  126. }

    127. 

  127. 

    128. 

  128. function redirectregister($username) {

    129. 

  129. 	global $_G;

    130. 

  130. 	$defaultusername = substr($username, 0, 15);

    131. 

  131. 	loaducenter();

    132. 

  132. 	$user = uc_get_user($defaultusername);

    133. 

  133. 	if(!empty($user)) {

    134. 

  134. 		$defaultusername = cutstr($defaultusername, 7, '').'_'.random(5);

    135. 

  135. 	}

    136. 

  136. 	$auth = urlencode(base64_encode(authcode($_GET['openid']."\t".$_GET['openidsign']."\t".$_GET['referer'], 'ENCODE')));

    137. 

  137. 	$referer = urlencode($_G['siteurl'].'plugin.php?id=wechat:login&ac=regcallback&auth='.$auth);

    138. 

  138. 	dheader('location: '.$_G['siteurl'].'member.php?mod='.$_G['setting']['regname'].'&referer='.$referer.'&defaultusername='.urlencode($defaultusername));

    139. 

  139. }
    140.