if(!defined('IN_UC'))
{
error_reporting(0);
set_magic_quotes_runtime(0);
defined('MAGIC_QUOTES_GPC') || define('MAGIC_QUOTES_GPC',get_magic_quotes_gpc());
$_DCACHE = $get = $post = array();
$code = @$_GET['code'];
parse_str(_authcode($code,'DECODE',UC_KEY),$get);
if(MAGIC_QUOTES_GPC)
{
$get = _stripslashes($get);
}
$timestamp = time();
if($timestamp - $get['time'] > 3600) {
exit('Authracation has expiried');
}
if(empty($get)) {
exit('Invalid Request');
}
$action = $get['action'];
require_once UC_CLIENT_ROOT.'/lib/xml.class.php';
$post = xml_unserialize(file_get_contents('php://input'));
if(in_array($get['action'],array('test','deleteuser','renameuser','gettag','synlogin','synlogout','updatepw','updatebadwords','updatehosts','updateapps','updateclient','updatecredit','getcreditsettings','updatecreditsettings')))
{
$uc_note = new uc_note();
exit($uc_note->$get['action']($get,$post));
}else{
exit(API_RETURN_FAILED);
}
//note include 通知方式
} else {
exit('Invalid Request');
}
class uc_note
{
var $dbconfig = '';
var $db = '';
var $appdir = '';
var $tablepre = 'dede_';
function _serialize($arr,$htmlon = 0)
{
if(!function_exists('xml_serialize'))
{
include_once UC_CLIENT_ROOT.'/lib/xml.class.php';
}
return xml_serialize($arr,$htmlon);
}
function uc_note()
{
$this->appdir = DEDEROOT;
$this->dbconfig = DEDEINC.'/common.inc.php';
$this->db = $GLOBALS['dsql'];
$this->tablepre = $GLOBALS['cfg_dbprefix'];
}
function get_uids($uids)
{
include UC_CLIENT_ROOT.'/client.php';
$members = explode(",",$uids);
empty($members) && exit(API_RETURN_FORBIDDEN);
/*$members_username = array();
foreach($members as $id)
{
$row = uc_get_user($id,1);
$members_username[] = $row[1];
}
$comma_temps = implode(",$members_username);
empty($comma_temps) && exit(API_RETURN_FORBIDDEN);
$comma_uids = array();*/
//$row = $this->db->SetQuery("SELECT mid FROM `dede_member` WHERE userid IN ($comma_temps)");
$this->db->SetQuery("SELECT mid FROM `dede_member` WHERE mid IN ($uids)");
$this->db->Execute();
while($row = $this->db->GetArray())
{
$comma_uids[] = $row['mid'];
}
empty($comma_uids) && exit(API_RETURN_FORBIDDEN);
return implode(",$comma_uids);
}
function test($get,$post)
{
return API_RETURN_SUCCEED;
}
function deleteuser($get,$post)
{
$uids = $this->get_uids($get['ids']);
!API_DELETEUSER && exit(API_RETURN_FORBIDDEN);
//note 用户删除 API 接口
$rs = $this->db->ExecuteNoneQuery2("DELETE FROM `dede_member` WHERE mid IN ($uids) AND matt<>10 limit 1");
if($rs > 0)
{
$this->db->ExecuteNoneQuery("DELETE FROM `dede_member_tj` WHERE mid IN ($uids) limit 1");
$this->db->ExecuteNoneQuery("DELETE FROM `dede_member_space` WHERE mid IN ($uids) limit 1");
$this->db->ExecuteNoneQuery("DELETE FROM `dede_member_company` WHERE mid IN ($uids) limit 1");
$this->db->ExecuteNoneQuery("DELETE FROM `dede_member_person` WHERE mid IN ($uids) limit 1");
//删除用户相关数据
$this->db->ExecuteNoneQuery("DELETE FROM `dede_member_stow` WHERE mid IN ($uids) ");
$this->db->ExecuteNoneQuery("DELETE FROM `dede_member_flink` WHERE mid IN ($uids) ");
$this->db->ExecuteNoneQuery("DELETE FROM `dede_member_guestbook` WHERE mid IN ($uids) ");
$this->db->ExecuteNoneQuery("DELETE FROM `dede_member_operation` WHERE mid IN ($uids) ");
$this->db->ExecuteNoneQuery("DELETE FROM `dede_member_pms` WHERE toid IN ($uids) OR fromid IN ($uids) ");
$this->db->ExecuteNoneQuery("DELETE FROM `dede_member_friends` WHERE mid IN ($uids) OR fid IN ($uids) ");
$this->db->ExecuteNoneQuery("DELETE FROM `dede_member_vhistory` WHERE mid IN ($uids) OR vid IN ($uids) ");
$this->db->ExecuteNoneQuery("DELETE FROM `dede_feedback` WHERE mid IN ($uids) ");
$this->db->ExecuteNoneQuery("UPDATE `dede_archives` SET mid='0' WHERE mid IN ($uids)");
}
else
{
exit(API_RETURN_FORBIDDEN);
}
return API_RETURN_SUCCEED;
}
function renameuser($get,$post)
{
$uids = $this->get_uids($get['ids']);
$usernameold = $get['oldusername'];
$usernamenew = $get['newusername'];
if(!API_RENAMEUSER)
{
return API_RETURN_FORBIDDEN;
}
//note 获取标签 API 接口
$rs = $this->db->ExecuteNoneQuery2("UPDATE `dede_member` SET userid='$usernamenew' WHERE userid='$usernamenew' AND matt<>10 limit 1");
if($rs > 0)
{
$this->db->ExecuteNoneQuery("UPDATE `dede_archives` SET writer='$usernamenew' WHERE writer='$usernamenew'");
$this->db->ExecuteNoneQuery("UPDATE `dede_member_pms` SET floginid=REPLACE(floginid,'t$usernameold','t$usernamenew'),tologinid=REPLACE(tologinid,'t$usernamenew')");
$row = $this->db->GetOne("SHOW TABLE STATUS");
$db_tables = $row['Name']; unset($row);
if(in_array($this->tablepre.'guestbook',$db_tables))
{
$this->db->ExecuteNoneQuery("UPDATE `dede_guestbook` SET uname='$usernamenew' WHERE uname='$usernamenew'");
}
if(in_array($this->tablepre.'story_books',$db_tables))
{
$this->db->ExecuteNoneQuery("UPDATE `dede_story_books` SET author='$usernamenew' WHERE author='$usernamenew'");
}
if(in_array($this->tablepre.'groups',$db_tables))
{
$this->db->ExecuteNoneQuery("UPDATE `dede_groups` SET creater='$usernamenew' WHERE creater='$usernamenew'");
$this->db->ExecuteNoneQuery("UPDATE `dede_group_threads` SET author='$usernamenew' WHERE author='$usernamenew'");
$this->db->ExecuteNoneQuery("UPDATE `dede_group_user` SET username='$usernamenew' WHERE username='$usernamenew'");
$this->db->ExecuteNoneQuery("UPDATE `dede_group_posts` SET author='$usernamenew' WHERE author='$usernamenew'");
$this->db->ExecuteNoneQuery("UPDATE `dede_group_guestbook` SET uname='$usernamenew' WHERE uname='$usernamenew'");
$this->db->ExecuteNoneQuery("UPDATE `dede_groups` SET ismaster=REPLACE(ismaster,'t$usernamenew')");
}
return API_RETURN_SUCCEED;
}
else
{
return API_RETURN_FORBIDDEN;
}
}
function gettag($get,$post)
{
$name = $get['id'];
if(!API_GETTAG)
{
return API_RETURN_FORBIDDEN;
}
//note 获取标签 API 接口
$name = trim($name);
if(empty($name) || !preg_match('/^([x7f-xff_-]|w|s)+$/',$name) || strlen($name) > 20)
{
return API_RETURN_FAILED;
}
$row = $this->db->GetOne("SELECT `total`,`id` FROM `dede_tagindex` WHERE `tag`='$name'");
if(!is_array($row))
{
return API_RETURN_FAILED;
}
$tpp = $row['total'] > 10 ? 10 : $row['total'];
$ids = array();
$this->db->SetQuery("SELECT aid FROM `dede_taglist` WHERE `tid`='$row[id]' AND arcrank>-1");
$this->db->Execute();
while($row = $this->db->GetArray())
{
$ids[] = $row['aid'];
}
if(empty($ids))
{
return API_RETURN_FAILED;
}
$aids = implode(",$ids);
include_once DEDEINC.'/channelunit.func.php';
$archives_list = array();
$this->db->SetQuery("SELECT arc.*,tp.typedir,tp.typename,tp.isdefault,tp.defaultname,tp.namerule,tp.namerule2,tp.ispart,tp.moresite,tp.siteurl,tp.sitepath
FROM `dede_archives` arc LEFT JOIN `dede_arctype` tp ON arc.typeid=tp.id WHERE arc.id IN($aids) ORDER BY id DESC LIMIT $tpp");
$this->db->Execute();
while($row = $this->db->GetArray())
{
$row['url'] = GetFileUrl($row['id'],$row['typeid'],$row['senddate'],$row['title'],$row['ismake'],$row['arcrank'],$row['namerule'],$row['typedir'],$row['money'],$row['filename'],$row['moresite'],$row['siteurl'],$row['sitepath']);
$row['url'] = !ereg('http:',$row['url']) ? $GLOBALS['cfg_basehost'].$row['url'] : $row['url'];
if(!empty($row['url']))
{
$archives_list[] = array('title' => $row['title'],'writer' => $row['writer'],'pubdate' => $row['pubdate'],'url' => $row['url']);
}
}
$return = array($name,$archives_list);
return $this->_serialize($return,1);
}
function synlogin($get,$post)
{
$uid = $get['uid'];
$username = $get['username'];
if(!API_SYNLOGIN)
{
return API_RETURN_FORBIDDEN;
}
//note 同步登录 API 接口
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
$result = $this->db->GetOne("SELECT mid,pwd FROM `dede_member` WHERE `userid` like '$username' AND matt<>10");
if(is_array($result))
{
include_once DEDEINC.'/memberlogin.class.php';
$cfg_ml = new MemberLogin(86400);
$cfg_ml->PutLoginInfo($result['mid']);
}
else
{
//如果没有激活,则自动添加该用户到数据库,并设置已激活状态的cookie
//会员的默认金币
$dfscores = 0;
$dfmoney = 0;
$dfrank = $this->db->GetOne("Select money,scores From `dede_arcrank` where rank='10' ");
if(is_array($dfrank))
{
$dfmoney = $dfrank['money'];
$dfscores = $dfrank['scores'];
}
$jointime = time();
$logintime = time();
$joinip = $get['regip'];
$loginip = $get['regip'];
$pwd = $get['password'];
$spaceSta = ($cfg_mb_spacesta < 0 ? $cfg_mb_spacesta : 0);
$mtype='个人';
$email=$get['email'];
$inQuery = "INSERT INTO `dede_member` (`mtype`,`userid`,`pwd`,`uname`,`sex`,`rank`,`money`,`email`,`scores`,`matt`,`spacesta`,`face`,`safequestion`,`safeanswer`,`jointime`,`joinip`,`logintime`,`loginip` )
VALUES ('$mtype','$username','$pwd','保密','10','$dfmoney','$email','$dfscores','0','$spaceSta','','$jointime','$joinip','$logintime','$loginip'); ";
if($this->db->ExecuteNoneQuery($inQuery))
{
$mid = $this->db->GetLastID();
//写入默认会员详细资料
$space='person';
//写入默认统计数据
$membertjquery = "INSERT INTO `dede_member_tj` (`mid`,`article`,`album`,`archives`,`homecount`,`pagecount`,`feedback`,`friend`,`stow`)
VALUES ('$mid','0'); ";
$this->db->ExecuteNoneQuery($membertjquery);
//写入默认空间配置数据
$spacequery = "Insert Into `dede_member_space`(`mid`,`pagesize`,`spacename`,`spacelogo`,`spacestyle`,`sign`,`spacenews`)
Values('$mid','$username的空间','$space',''); ";
$this->db->ExecuteNoneQuery($spacequery);
//写入其它默认数据
$this->db->ExecuteNoneQuery("INSERT INTO `dede_member_flink`(mid,title,url) VALUES('$mid','织梦内容管理系统','http://www.dedecms.com'); ");
include_once DEDEINC.'/membermodel.cls.php';
$membermodel = new membermodel($mtype);
$modid=$membermodel->modid;
$modelform = $this->db->getOne("select * from dede_member_model where id='$modid' ");
$this->db->ExecuteNoneQuery("INSERT INTO `{$membermodel->table}` (`mid`) VALUES ('$mid');");
//----------------------------------------------
//模拟登录
//---------------------------
include_once DEDEINC.'/memberlogin.class.php';
$cfg_ml = new MemberLogin(7*3600);
$cfg_ml->PutLoginInfo($mid);
}
}
}
function synlogout($get,$post)
{
if(!API_SYNLOGOUT)
{
return API_RETURN_FORBIDDEN;
}
//note 同步登出 API 接口
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
include_once DEDEINC.'/memberlogin.class.php';
$cfg_ml = new MemberLogin();
$cfg_ml->ExitCookie();
}
function updatepw($get,$post)
{
if(!API_UPDATEPW)
{
return API_RETURN_FORBIDDEN;
}
$username = $get['username'];
$password = $get['password'];
//note 修改密码 API 接口
$newpw = md5($password);
$this->db->ExecuteNoneQuery("UPDATE `dede_member` SET `pwd`='$newpw' WHERE `userid`='$username'");
return API_RETURN_SUCCEED;
}
function updatebadwords($get,$post)
{
if(!API_UPDATEBADWORDS)
{
return API_RETURN_FORBIDDEN;
}
$row = $this->db->GetOne("SELECT `value` FROM `dede_sysconfig` WHERE `varname`='cfg_replacestr'");
$badwords = isset($row['value']) ? explode(",$row['value']) : array();
if(is_array($post))
{
foreach($post as $k => $v)
{
if(in_array($v['find'],$badwords)) continue;
$badwords[] = $v['find'];
}
}
$badwords_comma = !empty($badwords) ? implode(",$badwords) : '';
$this->db->ExecuteNoneQuery("UPDATE `dede_sysconfig` SET `value`='$badwords_comma' WHERE `varname`='cfg_replacestr'");
$cachefile = DEDEDATA.'/config.cache.inc.php';
if(!is_writeable($cachefile))
{
return API_RETURN_FORBIDDEN;
}
$fp = fopen($cachefile,'w');
$this->db->SetQuery("SELECT `varname`,`type`,`value`,`groupid` From `dede_sysconfig` order by aid asc ");
$this->db->Execute();
$s = '
|
