<?php
/*
[UCenter Home] (C) 2007-2008 Comsenz Inc.
$Id: uc.php 10988 2009-01-19 05:44:31Z zhengqingpeng $
*/
define('UC_CLIENT_VERSION', '1.5.0'); //note UCenter °æ±¾±êʶ
define('UC_CLIENT_RELEASE', '20081212');
define('API_DELETEUSER', 1); //Óû§É¾³ý API ½Ó¿Ú¿ª¹Ø
define('API_RENAMEUSER', 1); //Óû§ÃûÐÞ¸Ä API ½Ó¿Ú¿ª¹Ø
define('API_GETTAG', 1); //»ñÈ¡±êÇ© API ½Ó¿Ú¿ª¹Ø
define('API_SYNLOGIN', 1); //ͬ²½µÇ¼ API ½Ó¿Ú¿ª¹Ø
define('API_SYNLOGOUT', 1); //ͬ²½µÇ³ö API ½Ó¿Ú¿ª¹Ø
define('API_UPDATEPW', 1); //¸ü¸ÄÓû§ÃÜÂë ¿ª¹Ø
define('API_UPDATEBADWORDS', 1); //¸üйؼü×ÖÁÐ±í ¿ª¹Ø
define('API_UPDATEHOSTS', 1); //¸üÐÂHOSTÎļþ ¿ª¹Ø
define('API_UPDATEAPPS', 1); //¸üÐÂÓ¦ÓÃÁÐ±í ¿ª¹Ø
define('API_UPDATECLIENT', 1); //¸üпͻ§¶Ë»º´æ ¿ª¹Ø
define('API_UPDATECREDIT', 1); //¸üÐÂÓû§»ý·Ö ¿ª¹Ø
define('API_GETCREDIT', 1); //Ïò UC Ìṩ»ý·Ö ¿ª¹Ø
define('API_GETCREDITSETTINGS', 1); //Ïò UC Ìṩ»ý·ÖÉèÖà ¿ª¹Ø
define('API_UPDATECREDITSETTINGS', 1); //¸üÐÂÓ¦Óûý·ÖÉèÖà ¿ª¹Ø
define('API_ADDFEED', 1); //Ïò UCHome Ìí¼Ófeed ¿ª¹Ø
define('API_RETURN_SUCCEED', '1');
define('API_RETURN_FAILED', '-1');
define('API_RETURN_FORBIDDEN', '-2');
define('IN_UCHOME', TRUE);
define('S_ROOT', substr(dirname(__FILE__), 0, -3));
$_SGLOBAL = $_SCONFIG = $_SBLOCK = $_TPL = $_SCOOKIE = $space = array();
//»ñȡʱ¼ä
$_SGLOBAL['timestamp'] = time();
if(defined('IN_UC')) {
global $_SGLOBAL, $_SCONFIG, $_SC, $space, $_SCOOKIE, $_SBLOCK, $_TPL;
include_once S_ROOT.'./config.php';
include_once S_ROOT.'./data/data_config.php';
include_once S_ROOT.'./source/function_common.php';
//Á´½ÓÊý¾Ý¿â
dbconnect();
} else {
error_reporting(0);
set_magic_quotes_runtime(0);
defined('MAGIC_QUOTES_GPC') || define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
include_once S_ROOT.'./config.php';
include_once S_ROOT.'./data/data_config.php';
include_once S_ROOT.'./source/function_common.php';
//Á´½ÓÊý¾Ý¿â
dbconnect();
$get = $post = array();
$code = @$_GET['code'];
parse_str(authcode($code, 'DECODE', UC_KEY), $get);
if(MAGIC_QUOTES_GPC) {
$get = sstripslashes($get);
}
if($_SGLOBAL['timestamp'] - $get['time'] > 3600) {
exit('Authracation has expiried');
}
if(empty($get)) {
exit('Invalid Request');
}
include_once S_ROOT.'./uc_client/lib/xml.class.php';
$post = xml_unserialize(file_get_contents('php://input'));
if(in_array($get['action'], array('test', 'deleteuser', 'renameuser', 'gettag', 'synlogin', 'synlogout', 'updatepw', 'updatebadwords', 'updatehosts', 'updateapps', 'updateclient', 'updatecredit', 'getcredit', 'getcreditsettings', 'updatecreditsettings', 'addfeed'))) {
$uc_note = new uc_note();
echo $uc_note->$get['action']($get, $post);
exit();
} else {
exit(API_RETURN_FAILED);
}
}
class uc_note {
var $dbconfig = '';
var $db = '';
var $tablepre = '';
var $appdir = '';
function _serialize($arr, $htmlon = 0) {
if(!function_exists('xml_serialize')) {
include_once S_ROOT.'./uc_client/lib/xml.class.php';
}
return xml_serialize($arr, $htmlon);
}
function uc_note() {
global $_SGLOBAL, $_SC;
$this->appdir = substr(dirname(__FILE__), 0, -3);
$this->dbconfig = S_ROOT.'./config.php';
$this->db = $_SGLOBAL['db'];
$this->tablepre = $_SC['tablepre'];
}
function test($get, $post) {
return API_RETURN_SUCCEED;
}
function deleteuser($get, $post) {
global $_SGLOBAL;
if(!API_DELETEUSER) {
return API_RETURN_FORBIDDEN;
}
//note Óû§É¾³ý API ½Ó¿Ú
include_once S_ROOT.'./source/function_delete.php';
//»ñµÃÓû§
$uids = $get['ids'];
$query = $_SGLOBAL['db']->query("SELECT uid FROM ".tname('member')." WHERE uid IN ($uids)");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
deletespace($value['uid'], 1);
}
return API_RETURN_SUCCEED;
}
function renameuser($get, $post) {
global $_SGLOBAL;
if(!API_RENAMEUSER) {
return API_RETURN_FORBIDDEN;
}
//±à¼Óû§
$old_username = $get['oldusername'];
$new_username = $get['newusername'];
$_SGLOBAL['db']->query("UPDATE ".tname('member')." SET username='$new_username' WHERE username='$old_username'");
$_SGLOBAL['db']->query("UPDATE ".tname('thread')." SET username='$new_username' WHERE username='$old_username'");
$_SGLOBAL['db']->query("UPDATE ".tname('tagspace')." SET username='$new_username' WHERE username='$old_username'");
$_SGLOBAL['db']->query("UPDATE ".tname('space')." SET username='$new_username' WHERE username='$old_username'");
$_SGLOBAL['db']->query("UPDATE ".tname('session')." SET username='$new_username' WHERE username='$old_username'");
$_SGLOBAL['db']->query("UPDATE ".tname('post')." SET username='$new_username' WHERE username='$old_username'");
$_SGLOBAL['db']->query("UPDATE ".tname('poke')." SET fromusername='$new_username' WHERE fromusername='$old_username'");
$_SGLOBAL['db']->query("UPDATE ".tname('notification')." SET author='$new_username' WHERE author='$old_username'");
$_SGLOBAL['db']->query("UPDATE ".tname('friend')." SET fusername='$new_username' WHERE fusername='$old_username'");
$_SGLOBAL['db']->query("UPDATE ".tname('feed')." SET username='$new_username' WHERE username='$old_username'");
$_SGLOBAL['db']->query("UPDATE ".tname('doing')." SET username='$new_username' WHERE username='$old_username'");
$_SGLOBAL['db']->query("UPDATE ".tname('comment')." SET author='$new_username' WHERE author='$old_username'");
$_SGLOBAL['db']->query("UPDATE ".tname('blog')." SET username='$new_username' WHERE username='$old_username'");
$_SGLOBAL['db']->query("UPDATE ".tname('album')." SET username='$new_username' WHERE username='$old_username'");
return API_RETURN_SUCCEED;
}
function gettag($get, $post) {
global $_SGLOBAL;
if(!API_GETTAG) {
return API_RETURN_FORBIDDEN;
}
$name = trim($get['id']);
if(empty($name) || !preg_match('/^([\x7f-\xff_-]|\w)+$/', $name) || strlen($name) > 20) {
return API_RETURN_FAILED;
}
$tag = $_SGLOBAL['db']->fetch_array($_SGLOBAL['db']->query("SELECT * FROM ".tname('tag')." WHERE tagname='$name'"));
if($tag['closed']) {
return API_RETURN_FAILED;
}
$PHP_SELF = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
$siteurl = 'http://'.$_SERVER['HTTP_HOST'].preg_replace("/\/+(api)?\/*$/i", '', substr($PHP_SELF, 0, strrpos($PHP_SELF, '/'))).'/';
$query = $_SGLOBAL['db']->query("SELECT b.*
FROM ".tname('tagblog')." tb, ".tname('blog')." b
WHERE b.blogid=tb.blogid AND tb.tagid='$tag[tagid]' AND b.friend=0
ORDER BY b.dateline DESC
LIMIT 0,10");
$bloglist = array();
while($value = $_SGLOBAL['db']->fetch_array($query)) {
$bloglist[] = array(
'subject' => $value['subject'],
'uid' => $value['uid'],
'username' => $value['username'],
'dateline' => $value['dateline'],
'url' => $siteurl."space.php?uid=$value[uid]&do=blog&id=$value[blogid]",
'spaceurl' => $siteurl."space.php?uid=$value[uid]"
);
}
$return = array($name, $bloglist);
return $this->_serialize($return, 1);
}
function synlogin($get, $post) {
global $_SGLOBAL;
if(!API_SYNLOGIN) {
return API_RETURN_FORBIDDEN;
}
//note ͬ²½µÇ¼ API ½Ó¿Ú
obclean();
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
$cookietime = 31536000;
$uid = intval($get['uid']);
$query = $_SGLOBAL['db']->query("SELECT uid, username, password FROM ".tname('member')." WHERE uid='$uid'");
if($member = $_SGLOBAL['db']->fetch_array($query)) {
include_once S_ROOT.'./source/function_space.php';
$member = saddslashes($member);
$space = insertsession($member);
//ÉèÖÃcookie
ssetcookie('auth', authcode("$member[password]\t$member[uid]", 'ENCODE'), $cookietime);
}
ssetcookie('loginuser', $get['username'], $cookietime);
}
function synlogout($get, $post) {
global $_SGLOBAL;
if(!API_SYNLOGOUT) {
return API_RETURN_FORBIDDEN;
}
//note ͬ²½µÇ³ö API ½Ó¿Ú
obclean();
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
clearcookie();
}
function updatepw($get, $post) {
global $_SGLOBAL;
if(!API_UPDATEPW) {
return API_RETURN_FORBIDDEN;
}
$username = $get['username'];
$newpw = md5(time().rand(100000, 999999));
$_SGLOBAL['db']->query("UPDATE ".tname('member')." SET password='$newpw' WHERE username='$username'");
return API_RETURN_SUCCEED;
}
function updatebadwords($get, $post) {
global $_SGLOBAL;
if(!API_UPDATEBADWORDS) {
return API_RETURN_FORBIDDEN;
}
$data = array();
if(is_array($post)) {
foreach($post as $k => $v) {
$data['findpattern'][$k] = $v['findpattern'];
$data['replace'][$k] = $v['replacement'];
}
}
$cachefile = S_ROOT.'./uc_client/data/cache/badwords.php';
$fp = fopen($cachefile, 'w');
$s = "<?php\r\n";
$s .= '$_CACHE[\'badwords\'] = '.var_export($data, TRUE).";\r\n";
fwrite($fp, $s);
fclose($fp);
return API_RETURN_SUCCEED;
}
function updatehosts($get, $post) {
global $_SGLOBAL;
if(!API_UPDATEHOSTS) {
return API_RETURN_FORBIDDEN;
}
$cachefile = S_ROOT.'./uc_client/data/cache/hosts.php';
$fp = fopen($cachefile, 'w');
$s = "<?php\r\n";
$s .= '$_CACHE[\'hosts\'] = '.var_export($post, TRUE).";\r\n";
fwrite($fp, $s);
fclose($fp);
return API_RETURN_SUCCEED;
}
function updateapps($get, $post) {
global $_SGLOBAL;
if(!API_UPDATEAPPS) {
return API_RETURN_FORBIDDEN;
}
$UC_API = '';
if($post['UC_API']) {
$UC_API = $post['UC_API'];
unset($post['UC_API']);
}
$cachefile = S_ROOT.'./uc_client/data/cache/apps.php';
$fp = fopen($cachefile, 'w');
$s = "<?php\r\n";
$s .= '$_CACHE[\'apps\'] = '.var_export($post, TRUE).";\r\n";
fwrite($fp, $s);
fclose($fp);
//ÅäÖÃÎļþ
if($UC_API && is_writeable(S_ROOT.'./config.php')) {
$configfile = trim(file_get_contents(S_ROOT.'./config.php'));
$configfile = substr($configfile, -2) == '?>' ? substr($configfile, 0, -2) : $configfile;
$configfile = preg_replace("/define\('UC_API',\s*'.*?'\);/i", "define('UC_API', '$UC_API');", $configfile);
if($fp = @fopen(S_ROOT.'./config.php', 'w')) {
@fwrite($fp, trim($configfile));
@fclose($fp);
}
}
return API_RETURN_SUCCEED;
}
function updateclient($get, $post) {
global $_SGLOBAL;
if(!API_UPDATECLIENT) {
return API_RETURN_FORBIDDEN;
}
$cachefile = S_ROOT.'./uc_client/data/cache/settings.php';
$fp = fopen($cachefile, 'w');
$s = "<?php\r\n";
$s .= '$_CACHE[\'settings\'] = '.var_export($post, TRUE).";\r\n";
fwrite($fp, $s);
fclose($fp);
return API_RETURN_SUCCEED;
}
function updatecredit($get, $post) {
global $_SGLOBAL;
if(!API_UPDATECREDIT) {
return API_RETURN_FORBIDDEN;
}
$amount = $get['amount'];
$uid = intval($get['uid']);
$_SGLOBAL['db']->query("UPDATE ".tname('space')." SET credit=credit+'$amount' WHERE uid='$uid'");
return API_RETURN_SUCCEED;
}
function getcredit($get, $post) {
global $_SGLOBAL;
if(!API_GETCREDIT) {
return API_RETURN_FORBIDDEN;
}
$uid = intval($get['uid']);
$credit = getcount('space', array('uid'=>$uid), 'credit');
return $credit;
}
function getcreditsettings($get, $post) {
global $_SGLOBAL;
if(!API_GETCREDITSETTINGS) {
return API_RETURN_FORBIDDEN;
}
$credits = array();
$credits[1] = array(lang('credit'), lang('credit_unit'));
return $this->_serialize($credits);
}
function updatecreditsettings($get, $post) {
global $_SGLOBAL;
if(!API_UPDATECREDITSETTINGS) {
return API_RETURN_FORBIDDEN;
}
$outextcredits = array();
foreach($get['credit'] as $appid => $credititems) {
if($appid == UC_APPID) {
foreach($credititems as $value) {
$outextcredits[$value['appiddesc'].'|'.$value['creditdesc']] = array(
'creditsrc' => $value['creditsrc'],
'title' => $value['title'],
'unit' => $value['unit'],
'ratio' => $value['ratio']
);
}
}
}
$cachefile = S_ROOT.'./uc_client/data/cache/creditsettings.php';
$fp = fopen($cachefile, 'w');
$s = "<?php\r\n";
$s .= '$_CACHE[\'creditsettings\'] = '.var_export($outextcredits, TRUE).";\r\n";
fwrite($fp, $s);
fclose($fp);
return API_RETURN_SUCCEED;
}
function addfeed($get, $post) {
global $_SGLOBAL;
if(!API_ADDFEED) {
return API_RETURN_FORBIDDEN;
}
$_SGLOBAL['supe_uid'] = intval($post['uid']);
$_SGLOBAL['supe_username'] = trim($post['username']);
$images = array($post['image_1'],$post['image_2'],$post['image_3'],$post['image_4']);
$image_links = array($post['image_1_link'],$post['image_2_link'],$post['image_3_link'],$post['image_4_link']);
include_once(S_ROOT.'./source/function_cp.php');
return feed_add($post['icon'], $post['title_template'], $post['title_data'], $post['body_template'], $post['body_data'], $post['body_general'], $images, $image_links, $post['target_ids'], '', $post['appid']);
}
}