logincheck.php

通达和信达OA 密钥认证模块 请先备份OA系统

<?php
/*********************/
/*                   */
/*  Version : 5.1.0  */
/*  Author  : RM     */
/*  Comment : 071223 */
/*                   */
/*********************/

function re_login_button( )
{
		echo "<br>\r\n<div align=\"center\">\r\n  <input type=\"button\" value=\"重新登录\" class=\"BigButton\" onclick=\"location='/'\">\r\n</div>\r\n";
}

function md5_hmac( $RandomData, $Password )
{
		$iPad = "";
		$i = 0;
		for ( ;	$i < 64;	++$i	)
		{
				$iPad .= "6";
		}
		$oPad = "";
		$i = 0;
		for ( ;	$i < 64;	++$i	)
		{
				$oPad .= "\\";
		}
		$KLen = strlen( $Password );
		$iResult = "";
		$i = 0;
		for ( ;	$i < 64;	++$i	)
		{
				if ( $i < $KLen )
				{
						$iResult .= $iPad[$i] ^ $Password[$i];
				}
				else
				{
						$iResult .= $iPad[$i];
				}
		}
		$iResult .= $RandomData;
		$iResult = md5( $iResult );
		$Test = hexstr2array( $iResult );
		$iResult = "";
		$Num = count( $Test );
		$i = 0;
		for ( ;	$i < $Num;	++$i	)
		{
				$iResult .= chr( $Test[$i] );
		}
		$oResult = "";
		$i = 0;
		for ( ;	$i < 64;	++$i	)
		{
				if ( $i < $KLen )
				{
						$oResult .= $oPad[$i] ^ $Password[$i];
				}
				else
				{
						$oResult .= $oPad[$i];
				}
		}
		$oResult .= $iResult;
		return strtoupper( md5( $oResult ) );
}

function hexstr2array( $HexStr )
{
		$HEX = "0123456789ABCDEF";
		$Str = strtoupper( $HexStr );
		$Len = strlen( $Str );
		$i = 0;
		for ( ;	$i < $Len / 2;	++$i	)
		{
				$NumHigh = strpos( $HEX, $Str[$i * 2] );
				$NumLow = strpos( $HEX, $Str[$i * 2 + 1] );
				$Ret[] = $NumHigh * 16 + $NumLow;
		}
		return $Ret;
}

include_once( "inc/reg_check.php" );
if ( $OA_REG_ON != 2 )
{
		exit( );
}
include_once( "inc/conn.php" );
include_once( "inc/utility.php" );
include_once( "inc/utility_all.php" );
session_start( );
ob_start( );
$CUR_TIME = date( "Y-m-d H:i:s", time( ) );
echo "\r\n<html>\r\n<head>\r\n<title>系统登录</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=gb2312\">\r\n<link rel=\"stylesheet\" type=\"text/css\" href=\"/theme/1/style.css\">\r\n</head>\r\n\r\n<body class=\"bodycolor\" topmargin=\"5\">\r\n\r\n";
$key1 = "1234567890";
if ( $_POST )
{
		$RndData = $_SESSION['RndData'];
		$Server_Digest = md5_hmac( $RndData, $key1 );
		$Client_Digest = $_POST['Client_Digest'];
}
if ( $Server_Digest == $Client_Digest )
{
		$key_ok = True;
}
else
{
		$key_ok = False;
}
$query = "SELECT * from SYS_PARA where PARA_NAME='LOGIN_KEY' OR PARA_NAME='SEC_KEY_USER'";
$cursor = exequery( $connection, $query );
while ( $ROW = mysql_fetch_array( $cursor ) )
{
		$PARA_NAME = $ROW['PARA_NAME'];
		$PARA_VALUE = $ROW['PARA_VALUE'];
		if ( $PARA_NAME == "LOGIN_KEY" )
		{
				$LOGIN_KEY = $PARA_VALUE;
		}
		else if ( $PARA_NAME == "SEC_KEY_USER" )
		{
				$SEC_KEY_USER = $PARA_VALUE;
		}
}
if ( $LOGIN_KEY )
{
		if ( $SEC_KEY_USER && $USERNAME == "" )
		{
				message( "错误", "您必须输入用户名！" );
				button_back( );
				exit( );
		}
		if ( $key_ok )
		{
				$query = "SELECT * from USER where `KEY_SN` = '{$snID}'";
				$cursor = exequery( $connection, $query );
				if ( $ROW = mysql_fetch_array( $cursor ) )
				{
						$USER_ID = $ROW['USER_ID'];
						$USEING_KEY = $ROW['USEING_KEY'];
						if ( $SEC_KEY_USER && $USERNAME != $USER_ID )
						{
								message( "错误", "用户名、Ukey不一致！" );
								button_back( );
								exit( );
						}
						else
						{
								$USERNAME = $USER_ID;
						}
				}
				else
				{
						message( "错误", "此Ukey未绑定用户！" );
						button_back( );
						exit( );
				}
		}
		else
		{
				$query = "SELECT * from USER where `USER_ID` = '{$USERNAME}'";
				$cursor = exequery( $connection, $query );
				if ( $ROW = mysql_fetch_array( $cursor ) )
				{
						$USER_ID = $ROW['USER_ID'];
						$USEING_KEY = $ROW['USEING_KEY'];
						if ( $USEING_KEY )
						{
								message( "错误", "Ukey错误！" );
								button_back( );
								exit( );
						}
				}
		}
}
$LOGIN_MSG = login_check( $USERNAME, $PASSWORD );
if ( $LOGIN_MSG != "1" )
{
		message( "错误", $LOGIN_MSG );
		re_login_button( );
		exit( );
}
$query = "SELECT * from USER where USER_ID='{$LOGIN_USER_ID}'";
$cursor = exequery( $connection, $query );
if ( $ROW = mysql_fetch_array( $cursor ) )
{
		$MENU_TYPE = $ROW['MENU_TYPE'];
}
if ( $MENU_TYPE == 1 || stristr( $HTTP_USER_AGENT, "Opera" ) || stristr( $HTTP_USER_AGENT, "Firefox" ) || stristr( $HTTP_USER_AGENT, "MSIE 5.0" ) || stristr( $HTTP_USER_AGENT, "TencentTraveler" ) )
{
		header( "location:general" );
		exit( );
}
echo "<s";
echo "cript>\r\nfunction goto_oa()\r\n{\r\n\tlocation=\"general/index.php\";\r\n}\r\nwindow.setTimeout('goto_oa();',3000);\r\nvar open_flag=window.open(\"general/index.php\",'";
echo md5( $USERNAME ).time( );
echo "',\"menubar=0,toolbar=";
if ( $MENU_TYPE == 2 )
{
		echo "1";
}
else
{
		echo "0";
}
echo ",status=1,resizable=1\");\r\nif(open_flag== null)\r\n   goto_oa();\r\nelse\r\n{\r\n   focus();\r\n   window.opener =window.self;\r\n   window.close();\r\n}\r\n</script>\r\n\r\n<div class=big1>正在进入OA系统，请稍候...</div>\r\n\r\n</body>\r\n</html>\r\n";
?>