uc.php

论坛代码网增加免费空间业务

<?php

define('UC_VERSION', '1.0.0');

define('API_DELETEUSER', 1);
define('API_RENAMEUSER', 1);
define('API_GETTAG', 1);
define('API_SYNLOGIN', 1);
define('API_SYNLOGOUT', 1);
define('API_UPDATEPW', 1);
define('API_UPDATEBADWORDS', 1);
define('API_UPDATEHOSTS', 1);
define('API_UPDATEAPPS', 1);
define('API_UPDATECLIENT', 1);
define('API_UPDATECREDIT', 1);
define('API_GETCREDITSETTINGS', 1);
define('API_UPDATECREDITSETTINGS', 1);

define('API_RETURN_SUCCEED', '1');
define('API_RETURN_FAILED', '-1');
define('API_RETURN_FORBIDDEN', '-2');

error_reporting(7);
set_magic_quotes_runtime(0);

define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());

define('IN_DISCUZ', TRUE);
define('DISCUZ_ROOT', substr(dirname(__FILE__), 0, -3));
define('UC_CLIENT_ROOT', DISCUZ_ROOT.'./uc_client/');

$_DCACHE = array();

require_once DISCUZ_ROOT.'./config.inc.php';

$code = $_GET['code'];
parse_str(authcode($code, 'DECODE', UC_KEY), $get);
if(MAGIC_QUOTES_GPC) {
	$get = dstripslashes($get);
}

if(time() - $get['time'] > 3600) {
	exit('Authracation has expiried');
}
if(empty($get)) {
	exit('Invalid Request');
}
$action = $get['action'];
$timestamp = time();

if($action == 'test') {
	exit(API_RETURN_SUCCEED);

} elseif($action == 'deleteuser') {

	!API_DELETEUSER && exit(API_RETURN_FORBIDDEN);

	require_once DISCUZ_ROOT.'./include/db_'.$database.'.class.php';

	$db = new dbstuff;
	$db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, true, $dbcharset);
	unset($dbhost, $dbuser, $dbpw, $dbname, $pconnect);

	$uids = $get['ids'];
	$threads = array();

	$query = $db->query("SELECT f.fid, t.tid FROM {$tablepre}threads t LEFT JOIN {$tablepre}forums f ON t.fid=f.fid WHERE t.authorid IN ($uids) ORDER BY f.fid");
	while($thread = $db->fetch_array($query)) {
		$threads[$thread['fid']] .= ($threads[$thread['fid']] ? ',' : '').$thread['tid'];
	}

	if($threads) {
		require_once DISCUZ_ROOT.'./forumdata/cache/cache_settings.php';
		foreach($threads as $fid => $tids) {
			$query = $db->query("SELECT attachment, thumb, remote FROM {$tablepre}attachments WHERE tid IN ($tids)");
			while($attach = $db->fetch_array($query)) {
				@unlink($_DCACHE['settings']['attachdir'].'/'.$attach['attachment']);
				$attach['thumb'] && @unlink($_DCACHE['settings']['attachdir'].'/'.$attach['attachment'].'.thumb.jpg');
			}

			foreach(array('threads', 'threadsmod', 'relatedthreads', 'posts', 'polls', 'polloptions', 'trades', 'activities', 'activityapplies', 'debates', 'debateposts', 'attachments', 'favorites', 'mythreads', 'myposts', 'subscriptions', 'typeoptionvars', 'forumrecommend') as $value) {
				$db->query("DELETE FROM {$tablepre}$value WHERE tid IN ($tids)", 'UNBUFFERED');
			}

			require_once DISCUZ_ROOT.'./include/post.func.php';
			updateforumcount($fid);
		}
		if($globalstick && $stickmodify) {
			require_once DISCUZ_ROOT.'./include/cache.func.php';
			updatecache('globalstick');
		}
	}

	$query = $db->query("DELETE FROM {$tablepre}members WHERE uid IN ($uids)");
	$db->query("DELETE FROM {$tablepre}access WHERE uid IN ($uids)", 'UNBUFFERED');
	$db->query("DELETE FROM {$tablepre}memberfields WHERE uid IN ($uids)", 'UNBUFFERED');
	$db->query("DELETE FROM {$tablepre}favorites WHERE uid IN ($uids)", 'UNBUFFERED');
	$db->query("DELETE FROM {$tablepre}moderators WHERE uid IN ($uids)", 'UNBUFFERED');
	$db->query("DELETE FROM {$tablepre}subscriptions WHERE uid IN ($uids)", 'UNBUFFERED');

	$query = $db->query("SELECT uid, attachment, thumb, remote FROM {$tablepre}attachments WHERE uid IN ($uids)");
	while($attach = $db->fetch_array($query)) {
		@unlink($_DCACHE['settings']['attachdir'].'/'.$attach['attachment']);
		$attach['thumb'] && @unlink($_DCACHE['settings']['attachdir'].'/'.$attach['attachment'].'.thumb.jpg');
	}
	$db->query("DELETE FROM {$tablepre}attachments WHERE uid IN ($uids)");

	$db->query("DELETE FROM {$tablepre}posts WHERE authorid IN ($uids)");
	$db->query("DELETE FROM {$tablepre}trades WHERE sellerid IN ($uids)");

	exit(API_RETURN_SUCCEED);

} elseif($action == 'renameuser') {

	!API_RENAMEUSER && exit(API_RETURN_FORBIDDEN);

	require_once DISCUZ_ROOT.'./include/db_'.$database.'.class.php';

	$db = new dbstuff;
	$db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, true, $dbcharset);
	unset($dbhost, $dbuser, $dbpw, $dbname, $pconnect);

	$uid = $get['uid'];
	$usernameold = $get['oldusername'];
	$usernamenew = $get['newusername'];

	$db->query("UPDATE {$tablepre}announcements SET author='$usernamenew' WHERE author='$usernameold'");
	$db->query("UPDATE {$tablepre}banned SET admin='$usernamenew' WHERE admin='$usernameold'");
	$db->query("UPDATE {$tablepre}forums SET lastpost=REPLACE(lastpost, '\t$usernameold', '\t$usernamenew')");
	$db->query("UPDATE {$tablepre}members SET username='$usernamenew' WHERE uid='$uid'");
	$db->query("UPDATE {$tablepre}pms SET msgfrom='$usernamenew' WHERE msgfromid='$uid'");
	$db->query("UPDATE {$tablepre}posts SET author='$usernamenew' WHERE authorid='$uid'");
	$db->query("UPDATE {$tablepre}threads SET author='$usernamenew' WHERE authorid='$uid'");
	$db->query("UPDATE {$tablepre}threads SET lastposter='$usernamenew' WHERE lastposter='$usernameold'");
	$db->query("UPDATE {$tablepre}threadsmod SET username='$usernamenew' WHERE uid='$uid'");
	exit(API_RETURN_SUCCEED);

} elseif($action == 'gettag') {

	!API_GETTAG && exit(API_RETURN_FORBIDDEN);

	require_once DISCUZ_ROOT.'./include/db_'.$database.'.class.php';

	$db = new dbstuff;
	$db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, true, $dbcharset);
	unset($dbhost, $dbuser, $dbpw, $dbname, $pconnect);

	$name = trim($get['id']);
	if(empty($name) || !preg_match('/^([\x7f-\xff_-]|\w|\s)+$/', $name) || strlen($name) > 20) {
		exit(API_RETURN_FAILED);
	}

	require_once DISCUZ_ROOT.'./include/misc.func.php';

	$tag = $db->fetch_first("SELECT * FROM {$tablepre}tags WHERE tagname='$name'");
	if($tag['closed']) {
		exit(API_RETURN_FAILED);
	}

	$tpp = 10;
	$PHP_SELF = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
	$boardurl = 'http://'.$_SERVER['HTTP_HOST'].preg_replace("/\/+(api)?\/*$/i", '', substr($PHP_SELF, 0, strrpos($PHP_SELF, '/'))).'/';
	$query = $db->query("SELECT t.* FROM {$tablepre}threadtags tt LEFT JOIN {$tablepre}threads t ON t.tid=tt.tid AND t.displayorder>='0' WHERE tt.tagname='$name' ORDER BY tt.tid DESC LIMIT $tpp");
	$threadlist = array();
	while($tagthread = $db->fetch_array($query)) {
		if($tagthread['tid']) {
			$threadlist[] = array(
				'subject' => $tagthread['subject'],
				'uid' => $tagthread['authorid'],
				'username' => $tagthread['author'],
				'dateline' => $tagthread['dateline'],
				'url' => $boardurl.'viewthread.php?tid='.$tagthread['tid'],
			);
		}
	}

	$return = array($name, $threadlist);
	echo uc_serialize($return, 1);

} elseif($action == 'synlogin') {

	!API_SYNLOGIN && exit(API_RETURN_FORBIDDEN);

	require_once DISCUZ_ROOT.'./include/db_'.$database.'.class.php';
	require_once DISCUZ_ROOT.'./forumdata/cache/cache_settings.php';

	$db = new dbstuff;
	$db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, true, $dbcharset);
	unset($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
	$cookietime = 2592000;
	$discuz_auth_key = md5($_DCACHE['settings']['authkey'].$_SERVER['HTTP_USER_AGENT']);
	header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
	$uid = intval($get['uid']);
	$query = $db->query("SELECT username, uid, password, secques FROM {$tablepre}members WHERE uid='$uid'");
	if($member = $db->fetch_array($query)) {
		dsetcookie('sid', '', -86400 * 365);
		dsetcookie('cookietime', $cookietime, 31536000);
		dsetcookie('auth', authcode("$member[password]\t$member[secques]\t$member[uid]", 'ENCODE', $discuz_auth_key), $cookietime);
	} else {
		dsetcookie('cookietime', $cookietime, 31536000);
		dsetcookie('loginuser', $get['username'], $cookietime);
		dsetcookie('activationauth', authcode($get['username'], 'ENCODE', $discuz_auth_key), $cookietime);
	}

} elseif($action == 'synlogout') {

	!API_SYNLOGOUT && exit(API_RETURN_FORBIDDEN);

	header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
	dsetcookie('auth', '', -86400 * 365);
	dsetcookie('sid', '', -86400 * 365);
	dsetcookie('loginuser', '', -86400 * 365);
	dsetcookie('activationauth', '', -86400 * 365);

} elseif($action == 'updatepw') {

	!API_UPDATEPW && exit(API_RETURN_FORBIDDEN);

	require_once DISCUZ_ROOT.'./include/db_'.$database.'.class.php';
	$db = new dbstuff;
	$db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, true, $dbcharset);
	unset($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
	
	$username = $get['username'];
	$password = $get['password'];
	$newpw = md5(time().rand(100000, 999999));
	$db->query("UPDATE {$tablepre}members SET password='$newpw' WHERE username='$username'");
	exit(API_RETURN_SUCCEED);

} elseif($action == 'updatebadwords') {

	!API_UPDATEBADWORDS && exit(API_RETURN_FORBIDDEN);