骑士cms(74cms)个人版 整合UC
1.安装74cms完成后登录总后台在菜单条工具选项中添加uc整合菜单。
在admin/templates/sys/admin_left_tools.htm这个文件中添加
<li >
<a href="admin_uc_setting.php" target="mainFrame" >整合UCenter </a>
</li>
2.在admin目录下创建 admin_uc_setting.php这个文件,内容如下
<?php
define('IN_QISHI', true);
require_once(dirname(__FILE__).'/../data/config.php');
require_once(dirname(__FILE__).'/include/admin_common.inc.php');
require_once(ADMIN_ROOT_PATH.'include/admin_uc_fun.php');
$act = !empty($_REQUEST['act']) ? trim($_REQUEST['act']) : 'uc_install';
check_permissions($_SESSION['admin_purview'],"UCenter");
if($act=='uc_install')
{
//include('data/config.php');
$UC_config=array(
'appid'=>UC_APPID,
'ucapi'=>UC_API,
'ucip'=>UC_IP,
'uckey'=>UC_KEY,
'ucconnect'=>UC_CONNECT,
'ucdbhost'=>UC_DBHOST,
'ucdbuser'=>UC_DBUSER,
'ucdbpw'=>UC_DBPW,
'ucdbname'=>UC_DBNAME,
'ucdbtablepre'=>UC_DBTABLEPRE,
);
$smarty->assign('uc_config',$UC_config);
$smarty->assign('pageheader',"74CMS 管理中心 - 整合UCenter");
$smarty->display('uc/admin_uc_setting.htm');
}
else if($act=='uc_set_save')
{
//print_r($_POST['uc_config']);
if(uc_write_config($_POST['uc_config'],dirname(__FILE__).'/../data/config.php')){adminmsg('修改成功!',2);}else{
adminmsg('修改失败!');
};
}
?>
3.创建admin_uc_setting.php这个文件中使用的函数文件admin_uc_fun.php,内容如下
<?php
if(!defined('IN_QISHI'))
{
die('Access Denied!');
}
function uc_open($url, $limit = 0, $post = '', $cookie = '', $bysocket = FALSE, $ip = '', $timeout = 15, $block = true)
{
$return = '';
$matches = parse_url($url);
$host = $matches['host'];
$path = $matches['path'] ? $matches['path'].($matches['query'] ? '?'.$matches['query'] : '') : '/';
$port = !empty($matches['port']) ? $matches['port'] : 80;
if($post)
{
$out = "POST $path HTTP/1.0\r\n";
$out .= "Accept: */*\r\n";
$out .= "Accept-Language: zh-cn\r\n";
$out .= "Content-Type: application/x-www-form-urlencoded\r\n";
$out .= "User-Agent: $_SERVER[HTTP_USER_AGENT]\r\n";
$out .= "Host: $host\r\n";
$out .= 'Content-Length: '.strlen($post)."\r\n";
$out .= "Connection: Close\r\n";
$out .= "Cache-Control: no-cache\r\n";
$out .= "Cookie: $cookie\r\n\r\n";
$out .= $post;
}else{
$out = "GET $path HTTP/1.0\r\n";
$out .= "Accept: */*\r\n";
$out .= "Accept-Language: zh-cn\r\n";
$out .= "User-Agent: $_SERVER[HTTP_USER_AGENT]\r\n";
$out .= "Host: $host\r\n";
$out .= "Connection: Close\r\n";
$out .= "Cookie: $cookie\r\n\r\n";
}
$fp = @fsockopen(($host ? $host : $ip), $port, $errno, $errstr, $timeout);
if(!$fp)
{
return '';
}else{
stream_set_blocking($fp, $block);
stream_set_timeout($fp, $timeout);
@fwrite($fp,$out);
$status = stream_get_meta_data($fp);
if(!$status['timed_out'])
{
while (!feof($fp))
{
if(($header = @fgets($fp)) && ($header == "\r\n" || $header == "\n"))
{
break;
}
}
$stop = false;
while(!feof($fp) && !$stop)
{
$data = fread($fp, ($limit == 0 || $limit > 8192 ? 8192 : $limit));
$return .= $data;
if($limit)
{
$limit -= strlen($data);
$stop = $limit <= 0;
}
}
}
@fclose($fp);
return $return;
}
}
function uc_write_config($config, $file)
{
$success = false;
if(!empty($config)){
foreach ($config as $key =>$value){
$$key=$value;
}
}
//list($appauthkey,
$appid, $ucdbhost, $ucdbname, $ucdbuser, $ucdbpw, $ucdbcharset,
$uctablepre, $uccharset, $ucapi, $ucip) = explode('|', $config);
if($content = file_get_contents($file))
{
$content = trim($content);
$content = substr($content, -2) == '?>' ? substr($content, 0, -2) : $content;
$link = mysql_connect($ucdbhost, $ucdbuser, $ucdbpw, 1);
$uc_connnect = $link && mysql_select_db($ucdbname, $link) ? 'mysql' : '';
$content = uc_insert_config($content, "/define\('UC_CONNECT',\s*'.*?'\);/i", "define('UC_CONNECT', '$uc_connnect');");
$content = uc_insert_config($content, "/define\('UC_DBHOST',\s*'.*?'\);/i", "define('UC_DBHOST', '$ucdbhost');");
$content = uc_insert_config($content, "/define\('UC_DBUSER',\s*'.*?'\);/i", "define('UC_DBUSER', '$ucdbuser');");
$content = uc_insert_config($content, "/define\('UC_DBPW',\s*'.*?'\);/i", "define('UC_DBPW', '$ucdbpw');");
$content = uc_insert_config($content, "/define\('UC_DBNAME',\s*'.*?'\);/i", "define('UC_DBNAME', '$ucdbname');");
$content = uc_insert_config($content, "/define\('UC_DBCHARSET',\s*'.*?'\);/i", "define('UC_DBCHARSET', 'GBK');");
$content = uc_insert_config($content, "/define\('UC_DBTABLEPRE',\s*'.*?'\);/i", "define('UC_DBTABLEPRE', '$ucdbtablepre');");
$content = uc_insert_config($content, "/define\('UC_DBCONNECT',\s*'.*?'\);/i", "define('UC_DBCONNECT', '0');");
$content = uc_insert_config($content, "/define\('UC_KEY',\s*'.*?'\);/i", "define('UC_KEY', '$uckey');");
$content = uc_insert_config($content, "/define\('UC_API',\s*'.*?'\);/i", "define('UC_API', '$ucapi');");
$content = uc_insert_config($content, "/define\('UC_CHARSET',\s*'.*?'\);/i", "define('UC_CHARSET', 'gb2312');");
$content = uc_insert_config($content, "/define\('UC_IP',\s*'.*?'\);/i", "define('UC_IP', '$ucip');");
$content = uc_insert_config($content, "/define\('UC_APPID',\s*'?.*?'?\);/i", "define('UC_APPID', '$appid');");
$content = uc_insert_config($content, "/define\('UC_PPP',\s*'?.*?'?\);/i", "define('UC_PPP', '20');");
$content .= "\r\n".'?>';
if(@file_put_contents($file, $content))
{
$success = true;
}
}
return $success;
}
function uc_insert_config($s, $find, $replace)
{
if(preg_match($find, $s))
{
$s = preg_replace($find, $replace, $s);
}else{
$s .= "\r\n".$replace;
}
return $s;
}
?>
将admin_uc_fun.php这个文件放到admin/include目录下。
4.在admin/templates/下创建uc目录,并创建admin_uc_setting.htm这个文件,文件内容如下;
{#include file="sys/admin_header.htm"#}
<div class="admin_main_nr_dbox">
<div class="toptip">
<h2>提示:</h2>
<p>
整合UCenter完毕后自动生成以下配置信息,多数情况修无需编辑此信息。
</p>
</div>
<div class="toptit">编辑UCenter整合信息</div>
<table width="100%" border="0" cellspacing="0" cellpadding="4">
<tr>
<td style=" line-height:220%; color:#666666; padding-left:15px;">
<form id="form1" name="form1" method="post" action="?act=uc_set_save">
<table>
<tr>
<td colspan="2" align="left">应用ID:{#$uc_config.appid#}</td>
</tr>
<tr>
<td><input type="text" name="uc_config[appid]"
value="{#$uc_config.appid#}" class="input_text_200" /></td>
<td>填写UCenter添加应用的id。</td>
</tr>
<tr>
<td colspan="2" align="left">服务端地址:</td>
</tr>
<tr>
<td width="200"><input type="text" name="uc_config[ucapi]"
value="{#$uc_config.ucapi#}" class="input_text_200"/></td>
<td>在您 UCenter地址或者目录改变的情况下,修改此项,一般情况请不要改动
例如: http://www.site.com/ucenter (最后不要加'/')。</td>
</tr>
<tr>
<td colspan="2" align="left">服务端 IP:</td>
</tr>
<tr>
<td><input type="text" name="uc_config[ucip]" value="{#$uc_config.ucip#}" class="input_text_200" /></td>
<td>正常情况下留空即可。如果由于域名解析问题导致 UCenter 与该应用通信失败,请尝试设置为该应用所在服务器的 IP 地址。</td>
</tr>
<tr>
<td colspan="2" align="left">通信密钥:</td>
</tr>
<tr>
<td><input type="text" name="uc_config[uckey]"
value="{#$uc_config.uckey#}" class="input_text_200"/></td>
<td>只允许使用英文字母及数字,限 64 字节。应用端的通信密钥必须与此设置保持一致,否则该应用将无法与 UCenter 正常通信</td>
</tr>
<tr>
<td colspan="2" align="left">连接方式:</td>
</tr>
<tr>
<td>
<select name="uc_config[ucconnect]"
onChange="if(this.value==''){document.getElementById('ucmysql').style.display
= 'none';}else{document.getElementById('ucmysql').style.display = '';}"
style=" width:207px;font-size:12px;">
<option value="mysql" {#if $uc_config.ucconnect eq 'mysql'#}selected="selected"{#/if#}> 数据库方式(MySQL) </option>
<option value="" {#if $uc_config.ucconnect eq ''#}selected="selected"{#/if#}> 接口方式(fsockopen) </option>
</select>
</td>
<td>请根据您的服务器网络环境选择适当的连接方式</td>
</tr>
<tr>
<td colspan="2">
<table id="ucmysql" >
<tr>
<td colspan="2" align="left">数据库服务器:</td>
</tr>
<tr>
<td width="200">
<input type="text" name="uc_config[ucdbhost]"
value="{#$uc_config.ucdbhost#}"
class="input_text_200"/> </td>
<td>默认:localhost, 如果 MySQL 端口不是默认的 3306,请填写如下形式:127.0.0.1:端口号</td>
</tr>
<tr>
<td colspan="2" align="left">数据库用户名:</td>
</tr>
<tr>
<td>
<input type="text" name="uc_config[ucdbuser]"
value="{#$uc_config.ucdbuser#}" class="input_text_200"/>
</td>
<td>登录uc服务端的数据库用户名</td>
</tr>
<tr>
<td colspan="2" align="left">数据库密码:</td>
</tr>
<tr>
<td>
<input type="text" name="uc_config[ucdbpw]" value="{#$uc_config.ucdbpw#}" class="input_text_200"/>
</td>
<td>登录uc服务端数据库使用的密码</td>
</tr>
<tr>
<td colspan="2" align="left">数据库名:</td>
</tr>
<tr>
<td>
<input type="text" name="uc_config[ucdbname]"
value="{#$uc_config.ucdbname#}" class="input_text_200"/>
</td>
<td>uc服务端的数据库名称。</td>
</tr>
<tr>
<td colspan="2" align="left">数据库表前缀:</td>
</tr>
<tr>
<td>
<input type="text" name="uc_config[ucdbtablepre]"
value="{#$uc_config.ucdbtablepre#}" class="input_text_200"/>
</td>
<td>uc服务端使用的数据库表前缀</td>
</tr>
</table>
</td>
</tr>
<tr>
<td colspan="2" align="left">正确的配置信息:</td>
</tr>
<tr>
<td>
<textarea onFocus="this.select()" style="width:200px; height:100px;
font-size:14px; font-family: Arial, Helvetica, sans-serif">
define('UC_CONNECT', '{#$uc_config.ucconnect#}');
define('UC_DBHOST', '{#$uc_config.ucdbhost#}');
define('UC_DBUSER', '{#$uc_config.ucdbuser#}');
define('UC_DBPW', '********');
define('UC_DBNAME', '{#$uc_config.ucdbname#}');
define('UC_DBCHARSET', '{#$uc_config.ucdbcharest#}');
define('UC_DBTABLEPRE', '{#$uc_config.ucdbtablepre#}');
define('UC_DBCONNECT', '0');
define('UC_KEY', '{#$uc_config.uckey#}');
define('UC_API', '{#$uc_config.ucapi#}');
define('UC_CHARSET', '{#$uc_config.uccharest#}');
define('UC_IP', '{#$uc_config.ucip#}');
define('UC_APPID', '{#$uc_config.ucappid#}');
define('UC_PPP', '20');
</textarea>
</td>
<td>当应用的 UCenter 配置信息丢失时可复制左侧的代码到应用的配置文件中</td>
</tr>
<tr>
<td height="88" colspan="2">
<input name="save" type="submit" class="admin_submit" value="修改"/></td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</div>
{#include file="sys/admin_footer.htm"#}
</body>
</html>
5..在后台工具中配置ucenter的内容,如没出现选项,可更新缓存后。如图:
6.在plus目录下ajax_user.php找到这个文件,在文件内容替换成
<?php
define('IN_QISHI', true);
require_once(dirname(dirname(__FILE__)).'/include/plus.common.inc.php');
include_once(QISHI_ROOT_PATH.'api/uc_client/client.php');//引入uc
$act = !empty($_REQUEST['act']) ? trim($_REQUEST['act']) : '';
//获取用户数据
function getpassport($username, $password) {
$passport = array();
$ucresult = uc_user_login($username, $password);
if($ucresult[0] > 0) {
$passport['uid'] = $ucresult[0];
$passport['username'] = $ucresult[1];
$passport['email'] = $ucresult[3];
}
return $passport;
}
if($act =='do_login')
{
$username=isset($_REQUEST['username'])?trim($_REQUEST['username']):"";
$password=isset($_REQUEST['password'])?trim($_REQUEST['password']):"";
$expire=isset($_POST['expire'])?intval($_POST['expire']):"";
$account_type=1;
if (preg_match("/^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$/",$username))
{
$account_type=2;
}
elseif (preg_match("/^(13|15|18)\d{9}$/",$username))
{
$account_type=3;
}
$url=isset($_POST['url'])?$_POST['url']:"";
if (strcasecmp(QISHI_DBCHARSET,"utf8")!=0)
{
$username=iconv("utf-8",QISHI_DBCHARSET,$username);
$password=iconv("utf-8",QISHI_DBCHARSET,$password);
}
$captcha=get_cache('captcha');
if ($captcha['verify_userlogin']=="1")
{
$postcaptcha=$_POST['postcaptcha'];
if ($captcha['captcha_lang']=="cn" && strcasecmp(QISHI_DBCHARSET,"utf8")!=0)
{
$postcaptcha=iconv("utf-8",QISHI_DBCHARSET,$postcaptcha);
}
if
(empty($postcaptcha) || empty($_SESSION['imageCaptcha_content']) ||
strcasecmp($_SESSION['imageCaptcha_content'],$postcaptcha)!=0)
{
unset($_SESSION['imageCaptcha_content']);
exit("errcaptcha");
}
}
require_once(QISHI_ROOT_PATH.'include/fun_user.php');
if ($username && $password)
{
$user=get_user_inusername($username);
if(empty($user)){
//修改64-72行同步获取用户源
if(!$passport = getpassport($username, $password)) {
exit("login_failure_please_re_login");
}else{
user_register($passport['username'],$password,2,$passport['email'],true,$passport['uid']);
}
}
$login=user_login($username,$password,$account_type,true,$expire);
$url=$url?$url:$login['qs_login'];
if ($login['qs_login'])
{
/*uc同步登录*/
if(defined('UC_API')){
$login['uc_login']=uc_user_synlogin($_SESSION['uid']);
}
exit($login['uc_login']."<script
language=\"javascript\"
type=\"text/javascript\">window.location.href=\"".$url."\";</script>");
}
else
{
exit("err");
}
}
exit("err");
}
elseif ($act=='do_reg')
{
$captcha=get_cache('captcha');
if ($captcha['verify_userreg']=="1")
{
$postcaptcha=$_POST['postcaptcha'];
if ($captcha['captcha_lang']=="cn" && strcasecmp(QISHI_DBCHARSET,"utf8")!=0)
{
$postcaptcha=iconv("utf-8",QISHI_DBCHARSET,$postcaptcha);
}
if
(empty($postcaptcha) || empty($_SESSION['imageCaptcha_content']) ||
strcasecmp($_SESSION['imageCaptcha_content'],$postcaptcha)!=0)
{
exit("err");
}
}
require_once(QISHI_ROOT_PATH.'include/fun_user.php');
$username = isset($_POST['username'])?trim($_POST['username']):exit("err");
$password = isset($_POST['password'])?trim($_POST['password']):exit("err");
$member_type = isset($_POST['member_type'])?intval($_POST['member_type']):exit("err");
$email = isset($_POST['email'])?trim($_POST['email']):exit("err");
if (strcasecmp(QISHI_DBCHARSET,"utf8")!=0)
{
$username=iconv("utf-8",QISHI_DBCHARSET,$username);
$password=iconv("utf-8",QISHI_DBCHARSET,$password);
}
$register=user_register($username,$password,$member_type,$email);
if ($register>0)
{
$ucjs="";
$login_js=user_login($username,$password);
/*uc注册*/
if(defined('UC_API')){
$uid=uc_user_register($username,$password,$email);
if($uid>0)$ucjs=uc_user_synlogin($uid);//uc登录通知
}
$mailconfig=get_cache('mailconfig');
if ($mailconfig['set_reg']=="1")
{
dfopen($_CFG['site_domain'].$_CFG['site_dir']."plus/asyn_mail.php?uid=".$_SESSION['uid']."&key=".asyn_userkey($_SESSION['uid'])."&sendemail=".$email."&sendusername=".$username."&sendpassword=".$password."&act=reg");
}
//$ucjs=$login_js['uc_login'];
$qsurl=$login_js['qs_login'];
$qsjs="<script language=\"javascript\" type=\"text/javascript\">window.location.href=\"".$qsurl."\";</script>";
if ($ucjs || $qsurl)
{
exit($ucjs.$qsjs);
}
else
{
exit("err");
}
}
else
{
exit("err");
}
}
elseif($act =='check_usname')
{
require_once(QISHI_ROOT_PATH.'include/fun_user.php');
$usname=trim($_REQUEST['usname']);
if (strcasecmp(QISHI_DBCHARSET,"utf8")!=0)
{
$usname=iconv("utf-8",QISHI_DBCHARSET,$usname);
}
if(defined('UC_API')){
if(uc_user_checkname($usname)>0){
exit("true");
}else{
exit("false");
}
}else{
$user=get_user_inusername($usname);
empty($user)?exit("true"):exit("false");
}
}
elseif($act == 'check_email')
{
require_once(QISHI_ROOT_PATH.'include/fun_user.php');
$email=trim($_REQUEST['email']);
if (strcasecmp(QISHI_DBCHARSET,"utf8")!=0)
{
$email=iconv("utf-8",QISHI_DBCHARSET,$email);
}
if(defined('UC_API')){
if(uc_user_checkemail($email)>0){
exit("true");
}else{
exit("false");
}
}else{
$user=get_user_inemail($email);
empty($user)?exit("true"):exit("false");
}
}
elseif ($act=="top_loginform")
{
$contents='';
if ($_COOKIE['QS']['username'] && $_COOKIE['QS']['password'])
{
$tpl='../templates/'.$_CFG['template_dir']."plus/top_login_success.htm";
}
else
{
$tpl='../templates/'.$_CFG['template_dir']."plus/top_login_form.htm";
}
$contents=file_get_contents($tpl);
$contents=str_replace('{#$activate_username#}',$_SESSION['activate_username'],$contents);
$contents=str_replace('{#$site_name#}',$_CFG['site_name'],$contents);
$contents=str_replace('{#$username#}',$_COOKIE['QS']['username'],$contents);
$contents=str_replace('{#$site_template#}',$_CFG['site_template'],$contents);
$contents=str_replace('{#$user_url#}',url_rewrite('QS_login'),$contents);
$contents=str_replace('{#$reg_url#}',$_CFG['site_dir']."user/user_reg.php",$contents);
$contents=str_replace('{#$activate_url#}',$_CFG['site_dir']."user/user_reg.php?act=activate",$contents);
if
($_SESSION['username'] && $_SESSION['uid'] &&
empty($_SESSION['uqqid']) && $_CFG['qq_apiopen']=="1")
{
$html=" <img
src=\"{$_CFG['site_template']}images/75.gif\"
align=\"absmiddle\"/>";
$html.="<a href=\"{$_CFG['site_dir']}user/qqconnect.php?act=binding\" >绑定QQ帐号</a>";
$contents=str_replace('{#$qqconnect#}',$html,$contents);
}
elseif (empty($_COOKIE['QS']['username']) && $_CFG['qq_apiopen']=="1")
{
$html=" <img
src=\"{$_CFG['site_template']}images/75.gif\"
align=\"absmiddle\"/>";
$html.="<a href=\"{$_CFG['site_dir']}user/qqconnect.php\" >用QQ帐号登录</a>";
$contents=str_replace('{#$qqconnect#}',$html,$contents);
}
else
{
$contents=str_replace('{#$qqconnect#}',"",$contents);
}
exit($contents);
}
elseif ($act=="loginform")
{
$contents='';
if ($_COOKIE['QS']['username'] && $_COOKIE['QS']['password'])
{
$tpl='../templates/'.$_CFG['template_dir']."plus/login_success.htm";
}
else
{
$tpl='../templates/'.$_CFG['template_dir']."plus/login_form.htm";
}
$contents=file_get_contents($tpl);
$contents=str_replace('{#$activate_username#}',$_SESSION['activate_username'],$contents);
$contents=str_replace('{#$site_name#}',$_CFG['site_name'],$contents);
$contents=str_replace('{#$username#}',$_COOKIE['QS']['username'],$contents);
$contents=str_replace('{#$site_template#}',$_CFG['site_template'],$contents);
$contents=str_replace('{#$user_url#}',url_rewrite('QS_login'),$contents);
$contents=str_replace('{#$reg_url#}',$_CFG['site_dir']."user/user_reg.php",$contents);
$contents=str_replace('{#$activate_url#}',$_CFG['site_dir']."user/user_reg.php?act=activate",$contents);
exit($contents);
}
?>
如有不同可查看代码仔细进行替换。
7.在user目录下找到login.php的文件,在if($act == 'logout')27行后添加
if(defined('UC_API')){
$logoutjs.=uc_user_synlogout();
}这个,以同步登出。
8.在api目录下建立uc.php文件,如有此文件可,相应进行内容对比替换。内容如下
<?php
define('IN_QISHI', TRUE);
include_once (dirname(__FILE__)."/../include/common.inc.php");
require_once(QISHI_ROOT_PATH.'include/mysql.class.php');
$qsdb = new mysql($dbhost,$dbuser,$dbpass,$dbname);
unset($dbhost,$dbuser,$dbpass,$dbname);
define('UC_CLIENT_VERSION', '1.5.0'); //note UCenter 版本标识
define('UC_CLIENT_RELEASE', '20081031');
define('API_DELETEUSER', 1); //note 用户删除 API 接口开关
define('API_RENAMEUSER', 1); //note 用户改名 API 接口开关
define('API_GETTAG', 1); //note 获取标签 API 接口开关
define('API_SYNLOGIN', 1); //note 同步登录 API 接口开关
define('API_SYNLOGOUT', 1); //note 同步登出 API 接口开关
define('API_UPDATEPW', 1); //note 更改用户密码 开关
define('API_UPDATEBADWORDS', 1); //note 更新关键字列表 开关
define('API_UPDATEHOSTS', 1); //note 更新域名解析缓存 开关
define('API_UPDATEAPPS', 1); //note 更新应用列表 开关
define('API_UPDATECLIENT', 1); //note 更新客户端缓存 开关
define('API_UPDATECREDIT', 1); //note 更新用户积分 开关
define('API_GETCREDITSETTINGS', 1); //note 向 UCenter 提供积分设置 开关
define('API_GETCREDIT', 1); //note 获取用户的某项积分 开关
define('API_UPDATECREDITSETTINGS', 1); //note 更新应用积分设置 开关
define('API_RETURN_SUCCEED', '1');
define('API_RETURN_FAILED', '-1');
define('API_RETURN_FORBIDDEN', '-2');
define('UC_CLIENT_ROOT', QISHI_ROOT_PATH.'api/uc_client');
//note 普通的 http 通知方式
if(!defined('IN_UC'))
{
error_reporting(0);
set_magic_quotes_runtime(0);
defined('MAGIC_QUOTES_GPC') || define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
$_DCACHE = $get = $post = array();
$code = @$_GET['code'];
parse_str(_authcode($code, 'DECODE', UC_KEY), $get);
if(MAGIC_QUOTES_GPC)
{
$get = _stripslashes($get);
}
$timestamp = time();
if($timestamp - $get['time'] > 3600) {
exit('Authracation has expiried');
}
if(empty($get)) {
exit('Invalid Request');
}
$action = $get['action'];
require_once UC_CLIENT_ROOT.'/lib/xml.class.php';
$post = xml_unserialize(file_get_contents('php://input'));
if(in_array($get['action'],
array('test', 'deleteuser', 'renameuser', 'gettag', 'synlogin',
'synlogout', 'updatepw', 'updatebadwords', 'updatehosts', 'updateapps',
'updateclient', 'updatecredit', 'getcreditsettings',
'updatecreditsettings')))
{
$uc_note = new uc_note();
exit($uc_note->$get['action']($get, $post));
}else{
exit(API_RETURN_FAILED);
}
//note include 通知方式
} else {
exit('Invalid Request');
}
class uc_note
{
var $dbconfig = '';
var $db = '';
var $appdir = '';
var $tablepre = '';
function _serialize($arr, $htmlon = 0)
{
if(!function_exists('xml_serialize'))
{
include_once UC_CLIENT_ROOT.'/lib/xml.class.php';
}
return xml_serialize($arr, $htmlon);
}
function uc_note()
{
$this->appdir = QISHI_ROOT_PATH;
$this->dbconfig = QISHI_ROOT_PATH.'data/config.php';
$this->db = $GLOBALS['qsdb'];
$this->tablepre = $GLOBALS['pre'];
}
function test($get, $post)
{
return API_RETURN_SUCCEED;
}
function deleteuser($get, $post)
{
!API_DELETEUSER && exit(API_RETURN_FORBIDDEN);
/* include_once(QISHI_ROOT_PATH.'api/uc_client/client.php');
$uc_uid_arr=explode(",",$uids);
foreach($uc_uid_arr as $uc_uid)
{
$uc_user_arr=uc_get_user(intval($uc_uid),1);
$usname_arr[]=$uc_user_arr[1];
}
//file_put_contents("test.txt", var_export($usname_arr, true), LOCK_EX);
foreach($usname_arr as $usname)
{
$this->db->query("DELETE FROM ".table('members')." WHERE username='".$usname."'");
} */
return API_RETURN_SUCCEED;
}
function renameuser($get, $post) {
$uid = $get['uid'];
$usernameold = $get['oldusername'];
$usernamenew = $get['newusername'];
if(!API_RENAMEUSER) {
return API_RETURN_FORBIDDEN;
}
return API_RETURN_SUCCEED;
}
function synlogin($get,$post)
{
global $QS_cookiedomain,$QS_cookiepath;
$username = $get['username'];
if(!API_SYNLOGIN)
{
return API_RETURN_FORBIDDEN;
}
//note 同步登录 API 接口\
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
$result=$this->db->getone("SELECT * FROM ".$this->tablepre."members WHERE username='".$username."' LIMIT 1 ");
if(is_array($result))
{
setcookie('QS[uid]',$result['uid'], time()+3600*24,$QS_cookiepath,$QS_cookiedomain);
setcookie('QS[username]',$result['username'], time()+3600*24,$QS_cookiepath,$QS_cookiedomain);
setcookie('QS[password]',$result['password'], time()+3600*24,$QS_cookiepath,$QS_cookiedomain);
}
else
{
$_SESSION['activate_username']=$username;
$_SESSION['uid'] = '';
$_SESSION['username'] = '';
$_SESSION['utype']='';
setcookie('QS[uid]','', time()-3600,$QS_cookiepath,$QS_cookiedomain);
setcookie('QS[username]','', time()-3600,$QS_cookiepath,$QS_cookiedomain);
setcookie('QS[password]','', time()-3600,$QS_cookiepath,$QS_cookiedomain);
setcookie('QS[utype]','', time()-3600,$QS_cookiepath,$QS_cookiedomain);
file_put_contents("1.txt", var_export($_SESSION, true), LOCK_EX);
}
}
function synlogout($get, $post)
{
global $QS_cookiepath,$QS_cookiedomain;
if(!API_SYNLOGOUT)
{
return API_RETURN_FORBIDDEN;
}
//note 同步登出 API 接口
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
$_SESSION['uid'] = '';
$_SESSION['username'] = '';
$_SESSION['utype']='';
setcookie('QS[uid]','', time()-3600,$QS_cookiepath,$QS_cookiedomain);
setcookie('QS[username]','', time()-3600,$QS_cookiepath,$QS_cookiedomain);
setcookie('QS[password]','', time()-3600,$QS_cookiepath,$QS_cookiedomain);
setcookie('QS[utype]','', time()-3600,$QS_cookiepath,$QS_cookiedomain);
$_SESSION['activate_username']="";
}
function updatepw($get, $post)//当用户更改用户密码时,此接口负责接受 UCenter 发来的新密码。
{
if(!API_UPDATEPW)
{
return API_RETURN_FORBIDDEN;
}
//note 修改密码 API 接口
$username = $get['username'];
$password = $get['password'];
if ($username && $password)
{
$result=$this->db->getone("SELECT * FROM ".$this->tablepre."members WHERE username='".$username."' LIMIT 1 ");
$md5password=md5(md5($password).$result['pwd_hash']);
$this->db->query("UPDATE
".$this->tablepre."members SET password='".$md5password."' WHERE
username='".$username."' LIMIT 1 ");
}
return API_RETURN_SUCCEED;
}
function updatehosts($get, $post)//当 UCenter 的域名解析设置变更时,此接口负责通知所有应用程序更新后的域名解析设置内容。
{
if(!API_UPDATEHOSTS)
{
return API_RETURN_FORBIDDEN;
}
//note 理新HOST缓存 API 接口
$cachefile = UC_CLIENT_ROOT.'/data/cache/hosts.php';
$fp = fopen($cachefile, 'w');
$s = "<?php\r\n";
$s .= '$_CACHE[\'hosts\'] = '.var_export($post, TRUE).";\r\n";
fwrite($fp, $s);
fclose($fp);
return API_RETURN_SUCCEED;
}
function updateapps($get, $post)//当 UCenter 的应用程序列表变更时,此接口负责通知所有应用程序更新后的应用程序列表。
{
if(!API_UPDATEAPPS)
{
return API_RETURN_FORBIDDEN;
}
$UC_API = $post['UC_API'];
//note 写 app 缓存文件
$cachefile = UC_CLIENT_ROOT.'/data/cache/apps.php';
$fp = fopen($cachefile, 'w');
$s = "<?php\r\n";
$s .= '$_CACHE[\'apps\'] = '.var_export($post, TRUE).";\r\n";
fwrite($fp, $s);
fclose($fp);
return API_RETURN_SUCCEED;
}
function updateclient($get, $post)//当 UCenter 的基本设置信息变更时,此接口负责通知所有应用程序更新后的基本设置内容。
{
if(!API_UPDATECLIENT)
{
return API_RETURN_FORBIDDEN;
}
$cachefile = UC_CLIENT_ROOT.'/data/cache/settings.php';
$fp = fopen($cachefile, 'w');
$s = '<?php'."\r\n";
$s .= '$_CACHE[\'settings\'] = '.var_export($post, TRUE).";\r\n";
fwrite($fp, $s);
fclose($fp);
return API_RETURN_SUCCEED;
}
}
function _authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
$ckey_length = 4;
$key = md5($key ? $key : UC_KEY);
$keya = md5(substr($key, 0, 16));
$keyb = md5(substr($key, 16, 16));
$keyc
= $ckey_length ? ($operation == 'DECODE' ? substr($string, 0,
$ckey_length): substr(md5(microtime()), -$ckey_length)) : '';
$cryptkey = $keya.md5($keya.$keyc);
$key_length = strlen($cryptkey);
$string
= $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length))
: sprintf('%010d', $expiry ? $expiry + time() :
0).substr(md5($string.$keyb), 0, 16).$string;
$string_length = strlen($string);
$result = '';
$box = range(0, 255);
$rndkey = array();
for($i = 0; $i <= 255; $i++) {
$rndkey[$i] = ord($cryptkey[$i % $key_length]);
}
for($j = $i = 0; $i < 256; $i++) {
$j = ($j + $box[$i] + $rndkey[$i]) % 256;
$tmp = $box[$i];
$box[$i] = $box[$j];
$box[$j] = $tmp;
}
for($a = $j = $i = 0; $i < $string_length; $i++) {
$a = ($a + 1) % 256;
$j = ($j + $box[$a]) % 256;
$tmp = $box[$a];
$box[$a] = $box[$j];
$box[$j] = $tmp;
$result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
}
if($operation == 'DECODE') {
if((substr($result,
0, 10) == 0 || substr($result, 0, 10) - time() > 0) &&
substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0,
16)) {
return substr($result, 26);
} else {
return '';
}
} else {
return $keyc.str_replace('=', '', base64_encode($result));
}
}
function _stripslashes($string) {
if(is_array($string)) {
foreach($string as $key => $val) {
$string[$key] = _stripslashes($val);
}
} else {
$string = stripslashes($string);
}
return $string;
}
?>
9.在目录下放uc_client文件夹。及内容。后可进行测试。
注意如果74cms不能同步dzx2.5看看是不是禁止了cookie。
骑士cms(74cms)个人版 整合UC的更多相关文章
- 骑士CMS<6.0.48 模板注入文件包含漏洞复现及遇到的坑
1.坑 payload:variable=1&tpl=<?php phpinfo(); ob_flush();?>/r/n<qscms/company_show 列表名=&q ...
- 怎么修复网站漏洞 骑士cms的漏洞修复方案
骑士CMS是国内公司开发的一套开源人才网站系统,使用PHP语言开发以及mysql数据库的架构,2019年1月份被某安全组织检测出漏洞,目前最新版本4.2存在高危网站漏洞,通杀SQL注入漏洞,利用该网站 ...
- drupal7整合Discuz康盛UC用户中心ucenter,ucuser模块
drupal7整合Discuz康盛UC用户中心ucenter,ucuser模块Drupal7整合UC用户心的模块,ucenter,康盛这个用户中心我就不多说了哈.参考了以前不知在哪里下载的一个drup ...
- 骑士cms-通读全文-代码审计
版本号:3.5.1 下载地址:http://103.45.101.75:66/2/201412/74cms.rar 1.审计方法 通读审计 1.1查看文件结构 首先需要看看有哪些文件和文件夹,寻找名称 ...
- 帝国cms7.0整合百度编辑器ueditor教程
帝国cms7.0整合百度编辑器ueditor教程开始 1.根据自己使用的帝国cms版本编码下载对应的ueditor版本 下载地址 http://ueditor.baidu.com/website/do ...
- 帝国cms7.5整合百度编辑器ueditor教程
1.根据自己使用的帝国cms版本编码下载对应的ueditor版本 下载地址 http://ueditor.baidu.com/website/download.html#ueditor 2.解压附件, ...
- [红日安全]Web安全Day3 - CSRF实战攻防
本文由红日安全成员: Once 编写,如有不当,还望斧正. 大家好,我们是红日安全-Web安全攻防小组.此项目是关于Web安全的系列文章分享,还包含一个HTB靶场供大家练习,我们给这个项目起了一个名字 ...
- ecshop init.php文件分析(转)
<?php /** * ECSHOP 前台公用文件 */ //防止非法调用 defined-判断常量是否已定义,如果没返回false if (!defined('IN_ECS')) { die( ...
- ecshop init.php文件分析
1. ecshop init.php文件分析 2. <?php 3. 4. /** 5. * ECSHOP 前台公用文件 6. * ===================== ...
随机推荐
- 逻辑卷管理LVM (Logical Volume Manager)
什么是LVM? LVM(Logical Volume Manager)逻辑卷管理,是一种将一个或多个硬盘的分区在逻辑上集合,相当于一个大硬盘来使用,当硬盘的空间不够使用的时候,可以继续将其它的硬盘的 ...
- mongodb的基本操作与插入文档(document)
一.mongodb的基本操作: 1.查看mongodb当前所有的databases : show dbs 2.选择数据库(database) : use databaseName(该数据库不存在则会自 ...
- postgres-toolkit (A Victorinox for PostgreSQL DBA )
postgres-toolkit A collection of scripts and utilities to manage PostgreSQL servers. Allows DBA to p ...
- C++向量(Vector)
向量Vector: 向量 vector 是一种对象实体, 能够容纳许多其他类型相同的元素, 因此又被称为容器. 与string相同, vector 同属于STL(Standard Template L ...
- iis access denied, you do not have permission.
this kind of problems are usually caused by some IIS configuration issues, like application pool set ...
- 20145207 《Java程序设计》第一周学习总结
不好意思,来晚了 别的先不说,先道个歉,放假前跟娄老师多少发生点矛盾,望原谅. 假期忙实习还有一些其他事情,为了认真对待这门课,把剩下的时间留下来,争取一天一章来弥补. 由于没选课加上另一门课没开 ...
- nyist 518 取球游戏
http://acm.nyist.net/JudgeOnline/problem.php?pid=518 取球游戏 时间限制:1000 ms | 内存限制:65535 KB 难度:2 描述 今 ...
- C#: log4net
log4net.dll是apache发布的用来记录log的dll文件 这里举个例子相信大家就知道怎么用了,新建一个console项目,添加log4net.dll后再添加应用程序配置文件 <?xm ...
- sql over开窗函数,
sql over开窗函数, 1.使用over子句与rows_number()以及聚合函数进行使用,可以进行编号以及各种操作.而且利用over子句的分组效率比group by子句的效率更高. 2.在订单 ...
- 使用Sqlserver Management Studio 导入导出 Excel的方法
之前 帮同事 导入sql server数据 本来打算用 C# 写程序导入的 后来发现网上的方法 貌似 都会对版本 限制来限制去的 看的我好头晕(吐槽一下 难道就没有一个 普遍的方法嘛, ...