PageRenderTime 59ms CodeModel.GetById 24ms RepoModel.GetById 1ms app.codeStats 0ms

/model/admin.php

https://github.com/alin40404/UCenter
PHP | 130 lines | 109 code | 15 blank | 6 comment | 30 complexity | 00a44b03e2bbebcbfb94a5afde0d3eed MD5 | raw file
  1. <?php
  2. /*
  3. [UCenter] (C)2001-2099 Comsenz Inc.
  4. This is NOT a freeware, use is subject to license terms
  5. $Id: admin.php 1098 2011-05-19 01:28:17Z svn_project_zhangjie $
  6. */
  7. !defined('IN_UC') && exit('Access Denied');
  8. class adminbase extends base {
  9. var $cookie_status = 1;
  10. function __construct() {
  11. $this->adminbase();
  12. }
  13. function adminbase() {
  14. parent::__construct();
  15. $this->cookie_status = isset($_COOKIE['sid']) ? 1 : 0;
  16. $sid = $this->cookie_status ? getgpc('sid', 'C') : rawurlencode(getgpc('sid', 'R'));
  17. $this->view->sid = $this->sid_decode($sid) ? $sid : '';
  18. $this->view->assign('sid', $this->view->sid);
  19. $this->view->assign('iframe', getgpc('iframe'));
  20. $a = getgpc('a');
  21. if(!(getgpc('m') =='user' && ($a == 'login' || $a == 'logout'))) {
  22. $this->check_priv();
  23. }
  24. }
  25. function check_priv() {
  26. $username = $this->sid_decode($this->view->sid);
  27. if(empty($username)) {
  28. header('Location: '.UC_API.'/admin.php?m=user&a=login&iframe='.getgpc('iframe', 'G').($this->cookie_status ? '' : '&sid='.$this->view->sid));
  29. exit;
  30. } else {
  31. $this->user['isfounder'] = $username == 'UCenterAdministrator' ? 1 : 0;
  32. if(!$this->user['isfounder']) {
  33. $admin = $this->db->fetch_first("SELECT a.*, m.* FROM ".UC_DBTABLEPRE."admins a LEFT JOIN ".UC_DBTABLEPRE."members m USING(uid) WHERE a.username='$username'");
  34. if(empty($admin)) {
  35. header('Location: '.UC_API.'/admin.php?m=user&a=login&iframe='.getgpc('iframe', 'G').($this->cookie_status ? '' : '&sid='.$this->view->sid));
  36. exit;
  37. } else {
  38. $this->user = $admin;
  39. $this->user['username'] = $username;
  40. $this->user['admin'] = 1;
  41. $this->view->sid = $this->sid_encode($username);
  42. $this->setcookie('sid', $this->view->sid, 86400);
  43. }
  44. } else {
  45. $this->user['username'] = 'UCenterAdministrator';
  46. $this->user['admin'] = 1;
  47. $this->view->sid = $this->sid_encode($this->user['username']);
  48. $this->setcookie('sid', $this->view->sid, 86400);
  49. }
  50. $this->view->assign('user', $this->user);
  51. }
  52. }
  53. function is_founder($username) {
  54. return $this->user['isfounder'];
  55. }
  56. function writelog($action, $extra = '') {
  57. $log = htmlspecialchars($this->user['username']."\t".$this->onlineip."\t".$this->time."\t$action\t$extra");
  58. $logfile = UC_ROOT.'./data/logs/'.gmdate('Ym', $this->time).'.php';
  59. if(@filesize($logfile) > 2048000) {
  60. PHP_VERSION < '4.2.0' && mt_srand((double)microtime() * 1000000);
  61. $hash = '';
  62. $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz';
  63. for($i = 0; $i < 4; $i++) {
  64. $hash .= $chars[mt_rand(0, 61)];
  65. }
  66. @rename($logfile, UC_ROOT.'./data/logs/'.gmdate('Ym', $this->time).'_'.$hash.'.php');
  67. }
  68. if($fp = @fopen($logfile, 'a')) {
  69. @flock($fp, 2);
  70. @fwrite($fp, "<?PHP exit;?>\t".str_replace(array('<?', '?>', '<?php'), '', $log)."\n");
  71. @fclose($fp);
  72. }
  73. }
  74. function fetch_plugins() {
  75. $plugindir = UC_ROOT.'./plugin';
  76. $d = opendir($plugindir);
  77. while($f = readdir($d)) {
  78. if($f != '.' && $f != '..' && is_dir($plugindir.'/'.$f)) {
  79. $pluginxml = $plugindir.$f.'/plugin.xml';
  80. $plugins[] = xml_unserialize($pluginxml);
  81. }
  82. }
  83. }
  84. function _call($a, $arg) {
  85. if(method_exists($this, $a) && $a{0} != '_') {
  86. $this->$a();
  87. } else {
  88. exit('Method does not exists');
  89. }
  90. }
  91. function sid_encode($username) {
  92. $ip = $this->onlineip;
  93. $agent = $_SERVER['HTTP_USER_AGENT'];
  94. $authkey = md5($ip.$agent.UC_KEY);
  95. $check = substr(md5($ip.$agent), 0, 8);
  96. return rawurlencode($this->authcode("$username\t$check", 'ENCODE', $authkey, 1800));
  97. }
  98. function sid_decode($sid) {
  99. $ip = $this->onlineip;
  100. $agent = $_SERVER['HTTP_USER_AGENT'];
  101. $authkey = md5($ip.$agent.UC_KEY);
  102. $s = $this->authcode(rawurldecode($sid), 'DECODE', $authkey, 1800);
  103. if(empty($s)) {
  104. return FALSE;
  105. }
  106. @list($username, $check) = explode("\t", $s);
  107. if($check == substr(md5($ip.$agent), 0, 8)) {
  108. return $username;
  109. } else {
  110. return FALSE;
  111. }
  112. }
  113. }
  114. ?>