PageRenderTime 60ms CodeModel.GetById 29ms RepoModel.GetById 0ms app.codeStats 0ms

/admin/cpanel.share.php

https://github.com/gcao/bbs
PHP | 285 lines | 240 code | 38 blank | 7 comment | 52 complexity | d2c9921559ad45be9d64195ae887424a MD5 | raw file
    

  1. <?php

    2. 

  2. 

    3. 

  3. /*

    4. 

  4. [Discuz!] (C)2001-2009 Comsenz Inc.

    5. 

  5. This is NOT a freeware, use is subject to license terms

    6. 

  6. 

    7. 

  7. $Id: cpanel.share.php 20964 2009-11-04 03:18:22Z zhaoxiongfei $

    8. 

  8. */

    9. 

  9. 

    10. 

  10. if(!defined('IN_DISCUZ')) {

    11. 

  11. 	exit('Access Denied');

    12. 

  12. }

    13. 

  13. 

    14. 

  14. class AdminSession {

    15. 

  15. 

    16. 

  16. 	var $uid = 0;

    17. 

  17. 	var $panel = 0;

    18. 

  18. 	var $inadmincp = false;

    19. 

  19. 	var $isfounder = false;

    20. 

  20. 	var $cpaccess = 0;

    21. 

  21. 	var $checkip = 1;

    22. 

  22. 	var $logfile = 'cplog';

    23. 

  23. 	var $timelimit;

    24. 

  24. 	var $errorcount = 0;

    25. 

  25. 	var $storage = array();

    26. 

  26. 	var $db = null;

    27. 

  27. 	var $tablepre = '';

    28. 

  28. 

    29. 

  29. 	function adminsession($uid, $groupid, $adminid, $ip) {

    30. 

  30. 

    31. 

  31. 		global $adminipaccess, $db, $tablepre;

    32. 

  32. 

    33. 

  33. 		$this->panel = defined('IN_ADMINCP') ? 1 : (defined('IN_MODCP') ? 2 : -1);

    34. 

  34. 

    35. 

  35. 		$this->inadmincp = defined('IN_ADMINCP');

    36. 

  36. 		$this->uid = $uid;

    37. 

  37. 		$this->timelimit = time() - 1800;

    38. 

  38. 		$this->db = &$db;

    39. 

  39. 		$this->tablepre = &$tablepre;

    40. 

  40. 

    41. 

  41. 		if($uid < 1 || $adminid < 1 || ($this->inadmincp && $adminid != 1)) {

    42. 

  42. 			$cpaccess = 0;

    43. 

  43. 		}elseif($this->inadmincp && $adminipaccess && !ipaccess($ip, $adminipaccess)) {

    44. 

  44. 			$cpaccess = 2;

    45. 

  45. 		} else {

    46. 

  46. 			$session = $this->_loadsession($uid, $ip, $GLOBALS['admincp']['checkip']);

    47. 

  47. 			$this->errorcount = $session['errorcount'];

    48. 

  48. 			$this->storage = $session['storage'];

    49. 

  49. 			if(empty($session)) {

    50. 

  50. 				$this->creatsession($uid, $adminid, $ip);

    51. 

  51. 				$cpaccess = 1;

    52. 

  52. 			} elseif($session['errorcount'] == -1) {

    53. 

  53. 				$this->update();

    54. 

  54. 				$cpaccess = 3;

    55. 

  55. 			} elseif($session['errorcount'] <= 3) {

    56. 

  56. 				$cpaccess = 1;

    57. 

  57. 			} else {

    58. 

  58. 				$cpaccess = -1;

    59. 

  59. 			}

    60. 

  60. 		}

    61. 

  61. 

    62. 

  62. 		if($cpaccess == 0) {

    63. 

  63. 			//clearcookies();

    64. 

  64. 			showmessage('admin_cpanel_noaccess', 'logging.php?action=login', 'HALTED');

    65. 

  65. 		} elseif($cpaccess == 2) {

    66. 

  66. 			showmessage('admin_cpanel_noaccess_ip', NULL, 'HALTED');

    67. 

  67. 		} elseif($cpaccess == -1) {

    68. 

  68. 			showmessage('admin_cpanel_locked', NULL, 'HALTED');

    69. 

  69. 		}

    70. 

  70. 

    71. 

  71. 		$this->cpaccess = $cpaccess;

    72. 

  72. 

    73. 

  73. 	}

    74. 

  74. 

    75. 

  75. 	function _loadsession($uid, $ip, $checkip = 1) {

    76. 

  76. 

    77. 

  77. 		$session = array();

    78. 

  78. 

    79. 

  79. 		$query = $this->db->query("SELECT uid, adminid, panel, ip, dateline, errorcount, storage FROM {$this->tablepre}adminsessions

    80. 

  80. 			WHERE uid='$uid' ".($checkip ? "AND ip='$ip'" : '')." AND panel='{$this->panel}' AND dateline>'{$this->timelimit}'", 'SILENT');

    81. 

  81. 

    82. 

  82. 		if(!$this->db->error()) {

    83. 

  83. 			$session = $this->db->fetch_array($query);

    84. 

  84. 			if(isset($session['storage'])) {

    85. 

  85. 				$session['storage'] = $session['storage'] ? unserialize(base64_decode($session['storage'])) : array();

    86. 

  86. 			}

    87. 

  87. 		} else {

    88. 

  88. 			$this->db->query("DROP TABLE IF EXISTS {$this->tablepre}adminsessions");

    89. 

  89. 			$this->db->query("CREATE TABLE {$this->tablepre}adminsessions (

    90. 

  90. 				uid mediumint(8) UNSIGNED NOT NULL default '0',

    91. 

  91. 				adminid smallint(6) unsigned NOT NULL DEFAULT '0',

    92. 

  92. 				panel tinyint(1) NOT NULL DEFAULT '0',

    93. 

  93. 				ip varchar(15) NOT NULL default '',

    94. 

  94. 				dateline int(10) unsigned NOT NULL default '0',

    95. 

  95. 				errorcount tinyint(1) NOT NULL default '0',

    96. 

  96. 				`storage` mediumtext NOT NULL,

    97. 

  97. 				PRIMARY KEY (`uid`, `panel`))".(mysql_get_server_info() > '4.1' ? " ENGINE=MYISAM DEFAULT CHARSET=$GLOBALS[dbcharset]" : " TYPE=MYISAM")

    98. 

  98. 				);

    99. 

  99. 		}

    100. 

  100. 		return $session;

    101. 

  101. 	}

    102. 

  102. 

    103. 

  103. 	function creatsession($uid, $adminid, $ip) {

    104. 

  104. 		$url_forward = !empty($_SERVER['QUERY_STRING']) ? addslashes($_SERVER['QUERY_STRING']) : '';

    105. 

  105. 		$this->destroy($uid);

    106. 

  106. 		$this->db->query("INSERT INTO {$this->tablepre}adminsessions (uid, adminid, panel, ip, dateline, errorcount)

    107. 

  107. 			VALUES ('$uid', '$adminid', '$this->panel', '$ip', '".time()."', '0')");

    108. 

  108. 		$this->set('url_forward', $url_forward, true);

    109. 

  109. 	}

    110. 

  110. 

    111. 

  111. 	function destroy($uid = 0) {

    112. 

  112. 		empty($uid) && $uid = $this->uid;

    113. 

  113. 		$this->db->query("DELETE FROM {$this->tablepre}adminsessions WHERE (uid='$uid' AND panel='$this->panel') OR dateline<'$this->timelimit'");

    114. 

  114. 	}

    115. 

  115. 

    116. 

  116. 	function _loadstorage() {

    117. 

  117. 		$storage = $this->db->result_first("SELECT storage FROM {$this->tablepre}adminsessions WHERE uid='{$this->uid}' AND panel='$this->panel'");

    118. 

  118. 		if(!empty($storage)) {

    119. 

  119. 			$this->storage = unserialize(base64_decode($storage));

    120. 

  120. 		} else {

    121. 

  121. 			$this->storage = array();

    122. 

  122. 		}

    123. 

  123. 	}

    124. 

  124. 

    125. 

  125. 	function isfounder($user = '') {

    126. 

  126. 		$user = empty($user) ? array('uid' => $GLOBALS['discuz_uid'], 'adminid' => $GLOBALS['adminid'], 'username' => $GLOBALS['discuz_userss']) : $user;

    127. 

  127. 		$founders = str_replace(' ', '', $GLOBALS['forumfounders']);

    128. 

  128. 		if($user['adminid'] <> 1) {

    129. 

  129. 			return FALSE;

    130. 

  130. 		} elseif(empty($founders)) {

    131. 

  131. 			return TRUE;

    132. 

  132. 		} elseif(strexists(",$founders,", ",$user[uid],")) {

    133. 

  133. 			return TRUE;

    134. 

  134. 		} elseif(!is_numeric($user['username']) && strexists(",$founders,", ",$user[username],")) {

    135. 

  135. 			return TRUE;

    136. 

  136. 		} else {

    137. 

  137. 			return FALSE;

    138. 

  138. 		}

    139. 

  139. 	}

    140. 

  140. 

    141. 

  141. 	function set($varname, $value, $updatedb = false) {

    142. 

  142. 		$this->storage[$varname] = $value;

    143. 

  143. 		$updatedb && $this->update();

    144. 

  144. 	}

    145. 

  145. 

    146. 

  146. 	function get($varname, $fromdb = false) {

    147. 

  147. 		$return = null;

    148. 

  148. 		$fromdb && $this->_loadstorage();

    149. 

  149. 		if(isset($this->storage[$varname])) {

    150. 

  150. 			$return = $this->storage[$varname];

    151. 

  151. 		}

    152. 

  152. 		return $return;

    153. 

  153. 	}

    154. 

  154. 

    155. 

  155. 	function clear($updatedb = false) {

    156. 

  156. 		$this->storage = array();

    157. 

  157. 		$updatedb && $this->update();

    158. 

  158. 	}

    159. 

  159. 

    160. 

  160. 	function update() {

    161. 

  161. 		if($this->uid) {

    162. 

  162. 			$timestamp = time();

    163. 

  163. 			$storage = !empty($this->storage) ? base64_encode((serialize($this->storage))) : '';

    164. 

  164. 			$this->db->query("UPDATE {$this->tablepre}adminsessions SET dateline='$timestamp', errorcount='{$this->errorcount}', storage='{$storage}'

    165. 

  165. 				WHERE uid='{$this->uid}' AND panel='$this->panel'", 'UNBUFFERED');

    166. 

  166. 		}

    167. 

  167. 	}

    168. 

  168. }

    169. 

  169. 

    170. 

  170. function acpmsg($message, $url = '', $type = '', $extra = '') {

    171. 

  171. 	if(defined('IN_ADMINCP')) {

    172. 

  172. 		!defined('CPHEADER_SHOWN') && cpheader();

    173. 

  173. 		cpmsg($message, $url, $type, $extra);

    174. 

  174. 	} else {

    175. 

  175. 		showmessage($message, $url, $extra);

    176. 

  176. 	}

    177. 

  177. }

    178. 

  178. 

    179. 

  179. function savebanlog($username, $origgroupid, $newgroupid, $expiration, $reason) {

    180. 

  180. 	global $discuz_userss, $groupid, $onlineip, $timestamp, $forum, $reason;

    181. 

  181. 	writelog('banlog', dhtmlspecialchars("$timestamp\t$discuz_userss\t$groupid\t$onlineip\t$username\t$origgroupid\t$newgroupid\t$expiration\t$reason"));

    182. 

  182. }

    183. 

  183. 

    184. 

  184. function clearlogstring($str) {

    185. 

  185. 	if(!empty($str)) {

    186. 

  186. 		if(!is_array($str)) {

    187. 

  187. 			$str = dhtmlspecialchars(trim($str));

    188. 

  188. 			$str = str_replace(array("\t", "\r\n", "\n", "   ", "  "), ' ', $str);

    189. 

  189. 		} else {

    190. 

  190. 			foreach ($str as $key => $val) {

    191. 

  191. 				$str[$key] = clearlogstring($val);

    192. 

  192. 			}

    193. 

  193. 		}

    194. 

  194. 	}

    195. 

  195. 	return $str;

    196. 

  196. }

    197. 

  197. 

    198. 

  198. function implodearray($array, $skip = array()) {

    199. 

  199. 	$return = '';

    200. 

  200. 	if(is_array($array) && !empty($array)) {

    201. 

  201. 		foreach ($array as $key => $value) {

    202. 

  202. 			if(empty($skip) || !in_array($key, $skip)) {

    203. 

  203. 				if(is_array($value)) {

    204. 

  204. 					$return .= "$key={".implodearray($value, $skip)."}; ";

    205. 

  205. 				} else {

    206. 

  206. 					$return .= "$key=$value; ";

    207. 

  207. 				}

    208. 

  208. 			}

    209. 

  209. 		}

    210. 

  210. 	}

    211. 

  211. 	return $return;

    212. 

  212. }

    213. 

  213. 

    214. 

  214. function deletethreads($tids = array()) {

    215. 

  215. 	global $db, $tablepre, $losslessdel, $creditspolicy;

    216. 

  216. 

    217. 

  217. 	static $cleartable = array(

    218. 

  218. 		'threadsmod', 'relatedthreads', 'posts', 'polls',

    219. 

  219. 		'polloptions', 'trades', 'activities', 'activityapplies', 'debates',

    220. 

  220. 		'debateposts', 'attachments', 'favorites', 'typeoptionvars', 'forumrecommend', 'postposition'

    221. 

  221. 	);

    222. 

  222. 	$threadsdel = 0;

    223. 

  223. 	if($tids = implodeids($tids)) {

    224. 

  224. 		$auidarray = array();

    225. 

  225. 		$query = $db->query("SELECT uid, attachment, dateline, thumb, remote FROM {$tablepre}attachments WHERE tid IN ($tids)");

    226. 

  226. 		while($attach = $db->fetch_array($query)) {

    227. 

  227. 			dunlink($attach['attachment'], $attach['thumb'], $attach['remote']);

    228. 

  228. 			if($attach['dateline'] > $losslessdel) {

    229. 

  229. 				$auidarray[$attach['uid']] = !empty($auidarray[$attach['uid']]) ? $auidarray[$attach['uid']] + 1 : 1;

    230. 

  230. 			}

    231. 

  231. 		}

    232. 

  232. 

    233. 

  233. 		if($auidarray) {

    234. 

  234. 			updateattachcredits('-', $auidarray, $creditspolicy['postattach']);

    235. 

  235. 		}

    236. 

  236. 

    237. 

  237. 		foreach($cleartable as $tb) {

    238. 

  238. 			$db->query("DELETE FROM {$tablepre}$tb WHERE tid IN ($tids)", 'UNBUFFERED');

    239. 

  239. 		}

    240. 

  240. 

    241. 

  241. 		$db->query("DELETE FROM {$tablepre}threads WHERE tid IN ($tids)");

    242. 

  242. 		$threadsdel = $db->affected_rows();

    243. 

  243. 	}

    244. 

  244. 	return $threadsdel;

    245. 

  245. }

    246. 

  246. 

    247. 

  247. function undeletethreads($tids) {

    248. 

  248. 	global $db, $tablepre, $creditspolicy;

    249. 

  249. 	$threadsundel = 0;

    250. 

  250. 	if($tids && is_array($tids)) {

    251. 

  251. 		$tids = '\''.implode('\',\'', $tids).'\'';

    252. 

  252. 

    253. 

  253. 		$tuidarray = $ruidarray = $fidarray = array();

    254. 

  254. 		$query = $db->query("SELECT fid, first, authorid FROM {$tablepre}posts WHERE tid IN ($tids)");

    255. 

  255. 		while($post = $db->fetch_array($query)) {

    256. 

  256. 			if($post['first']) {

    257. 

  257. 				$tuidarray[] = $post['authorid'];

    258. 

  258. 			} else {

    259. 

  259. 				$ruidarray[] = $post['authorid'];

    260. 

  260. 			}

    261. 

  261. 			if(!in_array($post['fid'], $fidarray)) {

    262. 

  262. 				$fidarray[] = $post['fid'];

    263. 

  263. 			}

    264. 

  264. 		}

    265. 

  265. 		if($tuidarray) {

    266. 

  266. 			updatepostcredits('+', $tuidarray, $creditspolicy['post']);

    267. 

  267. 		}

    268. 

  268. 		if($ruidarray) {

    269. 

  269. 			updatepostcredits('+', $ruidarray, $creditspolicy['reply']);

    270. 

  270. 		}

    271. 

  271. 

    272. 

  272. 		$db->query("UPDATE {$tablepre}posts SET invisible='0' WHERE tid IN ($tids)", 'UNBUFFERED');

    273. 

  273. 		$db->query("UPDATE {$tablepre}threads SET displayorder='0', moderated='1' WHERE tid IN ($tids)");

    274. 

  274. 		$threadsundel = $db->affected_rows();

    275. 

  275. 

    276. 

  276. 		updatemodlog($tids, 'UDL');

    277. 

  277. 		updatemodworks('UDL', $threadsundel);

    278. 

  278. 

    279. 

  279. 		foreach($fidarray as $fid) {

    280. 

  280. 			updateforumcount($fid);

    281. 

  281. 		}

    282. 

  282. 	}

    283. 

  283. 	return $threadsundel;

    284. 

  284. }

    285. 

  285. ?>
    286.