Server : nginx/1.22.1
System : Linux iZwz9daxib3w3i063fw434Z 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64
User : www ( 1000)
PHP Version : 5.6.40
Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
Directory :  /www/wwwroot/www.jkmold.com/phpsso_server/api/
Upload File :
Current Directory [ Writeable ] Root Directory [ Writeable ]


Current File : /www/wwwroot/www.jkmold.com/phpsso_server/api/uc.php
<?php

error_reporting(0);

define('PHPCMS_PATH', dirname(__FILE__).'/../');

if(!defined('IN_PHPCMS')) include PHPCMS_PATH.'/phpcms/base.php';



define('UC_KEY', pc_base::load_config('system', 'uc_key'));

define('UCUSE', pc_base::load_config('system', 'ucuse'));

if(UC_KEY=='' || UCUSE==0){exit('please check uc config!');}



define('API_RETURN_SUCCEED', '1');

define('API_RETURN_FAILED', '-1');

define('API_RETURN_FORBIDDEN', '-2');



$get = $post = array();



$code = @$_GET['code'];

parse_str(authcode($code, 'DECODE', UC_KEY), $get);



if(SYS_TIME - $get['time'] > 3600) exit('Authracation has expiried');

if(empty($get)) exit('Invalid Request');



include dirname(__FILE__).'/uc_client/lib/xml.class.php';

$post = xml_unserialize(file_get_contents('php://input'));





$action = $get['action'];



if(in_array($get['action'], array('test', 'deleteuser', 'renameuser', 'gettag', 'synlogin', 'synlogout', 'updatepw', 'updatebadwords', 'updatehosts', 'updateapps', 'updateclient', 'updatecredit', 'getcreditsettings', 'updatecreditsettings'))) {

	$uc_note = new uc_note();

	header('Content-type: text/html; charset='.pc_base::load_config('system', 'charset'));

	echo $uc_note->$get['action']($get, $post);

	exit();

} else {

	exit(API_RETURN_FAILED);

}



class uc_note {

	

	private $member_db, $uc_db, $applist;

	

	function __construct() {

		$this->member_db = pc_base::load_model('member_model');

		pc_base::load_sys_class('uc_model', 'model', 0);

		$db_config = get_uc_database();

		$this->uc_db = new uc_model($db_config);

		$this->applist = getcache('applist', 'admin');

	}

	

	//测试通信

	public function test() {

		return API_RETURN_SUCCEED;

	}

	

	//删除用户

	public function deleteuser($get,$post) {

		pc_base::load_app_func('global', 'admin');

		pc_base::load_app_class('messagequeue', 'admin' , 0);

 		$ids = new_stripslashes($get['ids']);

		$ids = array_map('intval',explode(',',$ids));

		$ids = implode(',',$ids);

		$s = $this->member_db->select("ucuserid in ($ids)", "uid");

		$this->member_db->delete("ucuserid in ($ids)");

		$noticedata['uids'] = array();

		if ($s) {

			foreach ($s as $key=>$v) {

				$noticedata['uids'][$key] = $v['uid'];

			}

		} else {

			return API_RETURN_FAILED;

		}

		messagequeue::add('member_delete', $noticedata);

		return API_RETURN_SUCCEED;

	}

	

	//更改用户密码

	public function updatepw($get,$post) {

		$username = $get['username'];

		$r = $this->uc_db->get_one(array('username'=>$username));

		if ($r) {

			$this->member_db->update(array('password'=>$r['password'], 'random'=>$r['salt']), array('username'=>$username));

		}

		return API_RETURN_SUCCEED;

	}

	

	//更改一个用户的用户名

	public function renameuser($get, $post) {

		return API_RETURN_SUCCEED;

	}

	

	//同步登录

	public function synlogin($get,$post) {

		header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');

		$uid = intval($get['uid']);

		if (empty($uid)) return API_RETURN_FAILED;

		

		//获取UC中用户的信息

		$r = $this->uc_db->get_one(array('uid'=>$uid));



		if ($data = $this->member_db->get_one(array('ucuserid'=>$uid))) {//当用户存在时,获取用户的登陆信息

			$this->member_db->update(array('lastip'=>$r['lastloginip'], 'lastdate'=>$r['lastlogindate']), array('uid'=>$data['uid']));

		} else { //当用户不存在是注册新用户

			$datas = $data = array('username'=>$r['username'], 'password'=>$r['password'], 'random'=>$r['salt'], 'email'=>$r['email'], 'regip'=>$r['regip'], 'regdate'=>$r['regdate'],  'lastdate'=>$r['lastlogindate'], 'appname'=>'ucenter', 'type'=>'app');

			$datas['ucuserid'] = $uid;

			$datas['lastip'] = $r['lastloginip'];

			if ($s = $this->member_db->get_one(array('username'=>$r['username']))) {

				$this->member_db->update($datas, array('uid'=>$s['uid']));

				$data['uid'] = $s;

			} else {

				$data['uid'] = $this->member_db->insert($datas, true);

			}

			//向所有的应用中发布新用户注册通知

			pc_base::load_app_func('global', 'admin');

			pc_base::load_app_class('messagequeue', 'admin' , 0);

			messagequeue::add('member_add', $data);

		}

	

		//输出应用登陆

		$res = '';

		foreach($this->applist as $v) {

			if (!$v['synlogin']) continue;

			$f = strstr($v['url'].$v['apifilename'], '?') ? '&' : '?';

			$res .= '<script type="text/javascript" src="'.$v['url'].$v['apifilename'].$f.'time='.SYS_TIME.'&code='.urlencode(sys_auth('action=synlogin&username=&uid='.$data['uid'].'&password=&time='.SYS_TIME, 'ENCODE', $v['authkey'])).'" reload="1"></script>';

		}

		header("Content-type: text/javascript");

		return format_js($res);

	}

	

	//同步退出登录

	public function synlogout($get, $post) {

		$res = '';

		foreach($this->applist as $v) {

			if($v['appid'] != $this->appid) {

				$f = strstr($v['url'].$v['apifilename'], '?') ? '&' : '?';

				$res .= '<script type="text/javascript" src="'.$v['url'].$v['apifilename'].$f.'time='.SYS_TIME.'&code='.urlencode(sys_auth('action=synlogout&time='.SYS_TIME, 'ENCODE', $v['authkey'])).'" reload="1"></script>';

			}

		}

		header("Content-type: text/javascript");

		return format_js($res);

	}

	

	//当 UCenter 的应用程序列表变更时

	public function updateapps() {

		return API_RETURN_SUCCEED;

	}

}



function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {



	$ckey_length = 4;



	$key = md5($key ? $key : UC_KEY);

	$keya = md5(substr($key, 0, 16));

	$keyb = md5(substr($key, 16, 16));

	$keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0, $ckey_length): substr(md5(microtime()), -$ckey_length)) : '';



	$cryptkey = $keya.md5($keya.$keyc);

	$key_length = strlen($cryptkey);



	$string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string;

	$string_length = strlen($string);



	$result = '';

	$box = range(0, 255);



	$rndkey = array();

	for($i = 0; $i <= 255; $i++) {

		$rndkey[$i] = ord($cryptkey[$i % $key_length]);

	}



	for($j = $i = 0; $i < 256; $i++) {

		$j = ($j + $box[$i] + $rndkey[$i]) % 256;

		$tmp = $box[$i];

		$box[$i] = $box[$j];

		$box[$j] = $tmp;

	}



	for($a = $j = $i = 0; $i < $string_length; $i++) {

		$a = ($a + 1) % 256;

		$j = ($j + $box[$a]) % 256;

		$tmp = $box[$a];

		$box[$a] = $box[$j];

		$box[$j] = $tmp;

		$result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));

	}



	if($operation == 'DECODE') {

		if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) {

			return substr($result, 26);

		} else {

			return '';

		}

	} else {

		return $keyc.str_replace('=', '', base64_encode($result));

	}



}



function uc_serialize($arr, $htmlon = 0) {

	include_once UC_CLIENT_ROOT.'./lib/xml.class.php';

	return xml_serialize($arr, $htmlon);

}



function uc_unserialize($s) {

	include_once UC_CLIENT_ROOT.'./lib/xml.class.php';

	return xml_unserialize($s);

}