uc.php

Discuz功能源码（开源）

<?php

define('IN_DISCUZ', TRUE);

define('UC_CLIENT_VERSION', '1.5.0');
define('UC_CLIENT_RELEASE', '20081212');

define('API_DELETEUSER', 1);
define('API_RENAMEUSER', 1);
define('API_GETTAG', 1);
define('API_SYNLOGIN', 1);
define('API_SYNLOGOUT', 1);
define('API_UPDATEPW', 1);
define('API_UPDATEBADWORDS', 1);
define('API_UPDATEHOSTS', 1);
define('API_UPDATEAPPS', 1);
define('API_UPDATECLIENT', 1);
define('API_UPDATECREDIT', 1);
define('API_GETCREDITSETTINGS', 1);
define('API_GETCREDIT', 1);
define('API_UPDATECREDITSETTINGS', 1);

define('API_RETURN_SUCCEED', '1');
define('API_RETURN_FAILED', '-1');
define('API_RETURN_FORBIDDEN', '-2');

define('DISCUZ_ROOT', substr(dirname(__FILE__), 0, -3));

if(!defined('IN_UC')) {

	error_reporting(0);
	set_magic_quotes_runtime(0);

	defined('MAGIC_QUOTES_GPC') || define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
	include_once DISCUZ_ROOT.'./config.inc.php';

	$_DCACHE = $get = $post = array();

	$code = @$_GET['code'];
	parse_str(_authcode($code, 'DECODE', UC_KEY), $get);
	if(MAGIC_QUOTES_GPC) {
		$get = _stripslashes($get);
	}

	$timestamp = time();
	if($timestamp - $get['time'] > 3600) {
		exit('Authracation has expiried');
	}
	if(empty($get)) {
		exit('Invalid Request');
	}
	$action = $get['action'];

	require_once DISCUZ_ROOT.'./uc_client/lib/xml.class.php';
	$post = xml_unserialize(file_get_contents('php://input'));

	if(in_array($get['action'], array('test', 'deleteuser', 'renameuser', 'gettag', 'synlogin', 'synlogout', 'updatepw', 'updatebadwords', 'updatehosts', 'updateapps', 'updateclient', 'updatecredit', 'getcreditsettings', 'updatecreditsettings'))) {
		require_once DISCUZ_ROOT.'./include/db_'.$database.'.class.php';
		$GLOBALS['db'] = new dbstuff;
		$GLOBALS['db']->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, true, $dbcharset);
		$GLOBALS['tablepre'] = $tablepre;
		unset($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
		$uc_note = new uc_note();
		exit($uc_note->$get['action']($get, $post));
	} else {
		exit(API_RETURN_FAILED);
	}

} else {

	/*$uc_note = new uc_note('../', '../config.inc.php');
	$uc_note->deleteuser('3');*/
	define('DISCUZ_ROOT', $app['extra']['apppath']);
	include DISCUZ_ROOT.'./config.inc.php';
	require_once DISCUZ_ROOT.'./include/db_'.$database.'.class.php';
	$GLOBALS['db'] = new dbstuff;
	$GLOBALS['db']->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, true, $dbcharset);
	$GLOBALS['tablepre'] = $tablepre;
	unset($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
}

class uc_note {

	var $db = '';
	var $tablepre = '';
	var $appdir = '';

	function _serialize($arr, $htmlon = 0) {
		if(!function_exists('xml_serialize')) {
			include_once DISCUZ_ROOT.'./uc_client/lib/xml.class.php';
		}
		return xml_serialize($arr, $htmlon);
	}

	function uc_note() {
		$this->appdir = DISCUZ_ROOT;
		$this->db = $GLOBALS['db'];
		$this->tablepre = $GLOBALS['tablepre'];
	}

	function test($get, $post) {
		return API_RETURN_SUCCEED;
	}

	function deleteuser($get, $post) {
		$uids = $get['ids'];
		!API_DELETEUSER && exit(API_RETURN_FORBIDDEN);

		$threads = array();

		$query = $this->db->query("SELECT f.fid, t.tid FROM ".$this->tablepre."threads t LEFT JOIN ".$this->tablepre."forums f ON t.fid=f.fid WHERE t.authorid IN ($uids) ORDER BY f.fid");
		while($thread = $this->db->fetch_array($query)) {
			$threads[$thread['fid']] .= ($threads[$thread['fid']] ? ',' : '').$thread['tid'];
		}

		if($threads) {
			require_once $this->appdir.'./forumdata/cache/cache_settings.php';
			foreach($threads as $fid => $tids) {
				$query = $this->db->query("SELECT attachment, thumb, remote FROM ".$this->tablepre."attachments WHERE tid IN ($tids)");
				while($attach = $this->db->fetch_array($query)) {
					@unlink($_DCACHE['settings']['attachdir'].'/'.$attach['attachment']);
					$attach['thumb'] && @unlink($_DCACHE['settings']['attachdir'].'/'.$attach['attachment'].'.thumb.jpg');
				}

				foreach(array('threads', 'threadsmod', 'relatedthreads', 'posts', 'polls', 'polloptions', 'trades', 'activities', 'activityapplies', 'debates', 'debateposts', 'attachments', 'favorites', 'mythreads', 'myposts', 'subscriptions', 'typeoptionvars', 'forumrecommend') as $value) {
					$this->db->query("DELETE FROM ".$this->tablepre."$value WHERE tid IN ($tids)", 'UNBUFFERED');
				}

				require_once $this->appdir.'./include/post.func.php';
				updateforumcount($fid);
			}
			if($globalstick && $stickmodify) {
				require_once $this->appdir.'./include/cache.func.php';
				updatecache('globalstick');
			}
		}

		$query = $this->db->query("DELETE FROM ".$this->tablepre."members WHERE uid IN ($uids)");
		$this->db->query("DELETE FROM ".$this->tablepre."access WHERE uid IN ($uids)", 'UNBUFFERED');
		$this->db->query("DELETE FROM ".$this->tablepre."memberfields WHERE uid IN ($uids)", 'UNBUFFERED');
		$this->db->query("DELETE FROM ".$this->tablepre."favorites WHERE uid IN ($uids)", 'UNBUFFERED');
		$this->db->query("DELETE FROM ".$this->tablepre."moderators WHERE uid IN ($uids)", 'UNBUFFERED');
		$this->db->query("DELETE FROM ".$this->tablepre."subscriptions WHERE uid IN ($uids)", 'UNBUFFERED');

		$query = $this->db->query("SELECT uid, attachment, thumb, remote FROM ".$this->tablepre."attachments WHERE uid IN ($uids)");
		while($attach = $this->db->fetch_array($query)) {
			@unlink($_DCACHE['settings']['attachdir'].'/'.$attach['attachment']);
			$attach['thumb'] && @unlink($_DCACHE['settings']['attachdir'].'/'.$attach['attachment'].'.thumb.jpg');
		}
		$this->db->query("DELETE FROM ".$this->tablepre."attachments WHERE uid IN ($uids)");

		$this->db->query("DELETE FROM ".$this->tablepre."posts WHERE authorid IN ($uids)");
		$this->db->query("DELETE FROM ".$this->tablepre."trades WHERE sellerid IN ($uids)");

		return API_RETURN_SUCCEED;
	}

	function renameuser($get, $post) {
		$uid = $get['uid'];
		$usernameold = $get['oldusername'];
		$usernamenew = $get['newusername'];
		if(!API_RENAMEUSER) {
			return API_RETURN_FORBIDDEN;
		}

		$this->db->query("UPDATE ".$this->tablepre."announcements SET author='$usernamenew' WHERE author='$usernameold'");
		$this->db->query("UPDATE ".$this->tablepre."banned SET admin='$usernamenew' WHERE admin='$usernameold'");
		$this->db->query("UPDATE ".$this->tablepre."forums SET lastpost=REPLACE(lastpost, '\t$usernameold', '\t$usernamenew')");
		$this->db->query("UPDATE ".$this->tablepre."members SET username='$usernamenew' WHERE uid='$uid'");
		$this->db->query("UPDATE ".$this->tablepre."posts SET author='$usernamenew' WHERE authorid='$uid'");
		$this->db->query("UPDATE ".$this->tablepre."threads SET author='$usernamenew' WHERE authorid='$uid'");
		$this->db->query("UPDATE ".$this->tablepre."threads SET lastposter='$usernamenew' WHERE lastposter='$usernameold'");
		$this->db->query("UPDATE ".$this->tablepre."threadsmod SET username='$usernamenew' WHERE uid='$uid'");
		return API_RETURN_SUCCEED;
	}

	function gettag($get, $post) {
		$name = $get['id'];
		if(!API_GETTAG) {
			return API_RETURN_FORBIDDEN;
		}

		$name = trim($name);
		if(empty($name) || !preg_match('/^([\x7f-\xff_-]|\w|\s)+$/', $name) || strlen($name) > 20) {
			return API_RETURN_FAILED;
		}

		require_once $this->appdir.'./include/misc.func.php';

		$tag = $this->db->fetch_first("SELECT * FROM ".$this->tablepre."tags WHERE tagname='$name'");
		if($tag['closed']) {
			return API_RETURN_FAILED;
		}

		$tpp = 10;
		$PHP_SELF = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
		$boardurl = 'http://'.$_SERVER['HTTP_HOST'].preg_replace("/\/+(api)?\/*$/i", '', substr($PHP_SELF, 0, strrpos($PHP_SELF, '/'))).'/';
		$query = $this->db->query("SELECT t.* FROM ".$this->tablepre."threadtags tt LEFT JOIN ".$this->tablepre."threads t ON t.tid=tt.tid AND t.displayorder>='0' WHERE tt.tagname='$name' ORDER BY tt.tid DESC LIMIT $tpp");
		$threadlist = array();
		while($tagthread = $this->db->fetch_array($query)) {
			if($tagthread['tid']) {
				$threadlist[] = array(
					'subject' => $tagthread['subject'],
					'uid' => $tagthread['authorid'],
					'username' => $tagthread['author'],
					'dateline' => $tagthread['dateline'],
					'url' => $boardurl.'viewthread.php?tid='.$tagthread['tid'],
				);
			}
		}

		$return = array($name, $threadlist);
		return $this->_serialize($return, 1);
	}

	function synlogin($get, $post) {
		$uid = $get['uid'];
		$username = $get['username'];
		if(!API_SYNLOGIN) {
			return API_RETURN_FORBIDDEN;
		}

		require_once $this->appdir.'./forumdata/cache/cache_settings.php';

		$cookietime = 2592000;
		$discuz_auth_key = md5($_DCACHE['settings']['authkey'].$_SERVER['HTTP_USER_AGENT']);
		header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
		$uid = intval($uid);
		$query = $this->db->query("SELECT username, uid, password, secques FROM ".$this->tablepre."members WHERE uid='$uid'");
		if($member = $this->db->fetch_array($query)) {
			_setcookie('sid', '', -86400 * 365);
			_setcookie('cookietime', $cookietime, 31536000);
			_setcookie('auth', _authcode("$member[password]\t$member[secques]\t$member[uid]", 'ENCODE', $discuz_auth_key), $cookietime);
		} else {
			_setcookie('cookietime', $cookietime, 31536000);
			_setcookie('loginuser', $username, $cookietime);
			_setcookie('activationauth', _authcode($username, 'ENCODE', $discuz_auth_key), $cookietime);
		}
	}

	function synlogout($get, $post) {
		if(!API_SYNLOGOUT) {
			return API_RETURN_FORBIDDEN;
		}

		header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
		_setcookie('auth', '', -86400 * 365);
		_setcookie('sid', '', -86400 * 365);
		_setcookie('loginuser', '', -86400 * 365);
		_setcookie('activationauth', '', -86400 * 365);
	}