Пример #1
0
        public static OAuthAccessTokenInfo GetConnectAccessTokenInfo()
        {
            var config = DiscuzCloudConfigInfo.Current;
            var list   = new List <DiscuzOAuthParameter>();

            list.Add(new DiscuzOAuthParameter("client_ip", DNTRequest.GetIP()));
            var    discuzOAuth = new DiscuzOAuth();
            string postData    = "";

            //var oAuthUrl = discuzOAuth.GetOAuthUrl(ACCESS_TOKEN_URL, "POST", config.Connectappid, config.Connectappkey, Utils.GetCookie("connect", "token"), Utils.GetCookie("connect", "secret"), DNTRequest.GetString("con_oauth_verifier"), "", list, out postData);
            var request         = HttpContext.Current.Request;
            var Session         = HttpContext.Current.Session;
            var oAuthUrl        = discuzOAuth.GetOAuthUrl(ACCESS_TOKEN_URL, "POST", config.Connectappid, config.Connectappkey, Session["connect_token"] + "", Session["connect_secret"] + "", DNTRequest.GetString("con_oauth_verifier"), "", list, out postData);
            var httpWebResponse = Utils.GetHttpWebResponse(oAuthUrl, postData);
            OAuthAccessTokenInfo result;

            try
            {
                var connectResponse = JavaScriptConvert.DeserializeObject <ConnectResponse <OAuthAccessTokenInfo> >(httpWebResponse);
                result = connectResponse.Result;
            }
            catch (Exception ex)
            {
                XTrace.WriteException(ex);

                //XTrace.WriteLine(oAuthUrl);
                XTrace.WriteLine(httpWebResponse);
                XTrace.WriteLine("IP {0}, token {1}, secret {2}, verifier {3}, sid {4}, url {5}", DNTRequest.GetIP(), Session["connect_token"], Session["connect_secret"], DNTRequest.GetString("con_oauth_verifier"), Session.SessionID, request.Url);

                result = null;
            }
            return(result);
        }
Пример #2
0
        public ActionResult reg(RegisterModel model, string returnUrl)
        {
            if (ModelState.IsValid)
            {
                if (!_validateCodeService.CheckCode(model.ValidCode))
                {
                    return(AlertMsg("验证码不正确", Request.UrlReferrer.PathAndQuery));
                }


                if (_accountInfoTask.ExistsEmail(model.Email))
                {
                    return(AlertMsg("电子邮箱已存在", Request.UrlReferrer.PathAndQuery));
                }

                var ipAddress = DNTRequest.GetIP();
                var userInfo  = _accountInfoTask.Register(model.Email, model.Password, model.Email, ipAddress, "", DNTRequest.GetIP());
                FormsAuthServiceCookie.SignIn(model.Email, false);

                return(string.IsNullOrEmpty(returnUrl)
                          ? Redirect(Url.Action("Index", "Home"))
                          : Redirect(returnUrl));
            }
            return(AlertMsg("注册出错,请联系管理员", Request.UrlReferrer.ToString()));
        }
Пример #3
0
        public ActionResult login(UserLogOnModel model)
        {
            if (!_validateCodeService.CheckCode(model.ValidCode))
            {
                _validateCodeService.ClearSession();
                return(Json(new { result = false, message = "验证码不正确" }, JsonRequestBehavior.AllowGet));
            }

            var userInfo = _accountInfoTask.GetAccount(model.Account);

            if (userInfo == null)
            {
                return(Json(new { result = false, message = "用户不存在" }, JsonRequestBehavior.AllowGet));
            }

            if (userInfo.Password != CryptTools.HashPassword(model.Password))
            {
                return(Json(new { result = false, message = "用户名或密码不正确" }, JsonRequestBehavior.AllowGet));
            }

            // 添加登录日志

            _accountLoginLogTask.Add(new AccountLoginLog
            {
                Account    = userInfo.Account,
                CreateDate = DateTime.Now,
                IP         = DNTRequest.GetIP(),
            });
            // 更新购物车


            FormsAuthServiceCookie.SignIn(model.Account, false);
            return(Json(new { result = true, message = string.Empty }, JsonRequestBehavior.AllowGet));
        }
Пример #4
0
        /// <summary>
        /// 获取QQ Connect 授权页面地址
        /// </summary>
        /// <param name="userId"></param>
        /// <returns></returns>
        public static string GetConnectLoginPageUrl(int userId)
        {
            DiscuzCloudConfigInfo       config    = DiscuzCloudConfigs.GetConfig();
            List <DiscuzOAuthParameter> paramList = new List <DiscuzOAuthParameter>();

            paramList.Add(new DiscuzOAuthParameter("client_ip", DNTRequest.GetIP()));
            paramList.Add(new DiscuzOAuthParameter("type", userId > 0 ? "loginbind" : "login"));

            DiscuzOAuth oauth           = new DiscuzOAuth();
            string      queryStr        = "";
            string      requestTokenUrl = oauth.GetOAuthUrl(REQUEST_TOKEN_URL, "POST", config.Connectappid, config.Connectappkey,
                                                            "", "", "", oauthCallback, paramList, out queryStr);

            string response = Utils.GetHttpWebResponse(requestTokenUrl, queryStr);

            try
            {
                ConnectResponse <OAuthTokenInfo> tokenInfo = JavaScriptConvert.DeserializeObject <ConnectResponse <OAuthTokenInfo> >(response);
                Utils.WriteCookie("connect", "token", tokenInfo.Result.Token);
                Utils.WriteCookie("connect", "secret", tokenInfo.Result.Secret);

                string authorizeUrl = oauth.GetOAuthUrl(AUTHORIZE_URL, "GET", config.Connectappid,
                                                        config.Connectappkey, tokenInfo.Result.Token,
                                                        tokenInfo.Result.Secret, "", oauthCallback,
                                                        new List <DiscuzOAuthParameter>(), out queryStr);
                return(authorizeUrl + "?" + queryStr);
            }
            catch
            {
                return("?Failed to get tmptoken");
            }
        }
Пример #5
0
        /// <summary>
        /// 解除用户QQ绑定
        /// </summary>
        /// <param name="openId"></param>
        /// <returns></returns>
        public static int UnbindUserConnectInfo(string openId)
        {
            DiscuzCloudConfigInfo config          = DiscuzCloudConfigs.GetConfig();
            UserConnectInfo       userConnectInfo = DiscuzCloud.GetUserConnectInfo(openId);

            if (userConnectInfo == null)
            {
                return(-1);
            }

            List <DiscuzOAuthParameter> paramList = new List <DiscuzOAuthParameter>();

            paramList.Add(new DiscuzOAuthParameter("client_ip", DNTRequest.GetIP()));

            DiscuzOAuth oauth     = new DiscuzOAuth();
            string      queryStr  = "";
            string      unbindUrl = oauth.GetOAuthUrl(UNBIND_URL, "POST", config.Connectappid, config.Connectappkey, userConnectInfo.Token, userConnectInfo.Secret,
                                                      "", "", paramList, out queryStr);

            string response = Utils.GetHttpWebResponse(unbindUrl, queryStr);

            DeleteUserConnectInfo(openId);
            Utils.WriteCookie("bindconnect", "");
            return(1);
        }
Пример #6
0
        /// <summary>
        /// Cookie中没有用户ID或则存的的用户ID无效时在在线表中增加一个游客.
        /// </summary>
        public static OnlineUserInfo CreateGuestUser(int timeout)
        {
            OnlineUserInfo onlineuserinfo = new OnlineUserInfo();

            onlineuserinfo.Userid         = -1;
            onlineuserinfo.Username       = "******";
            onlineuserinfo.Nickname       = "游客";
            onlineuserinfo.Password       = "";
            onlineuserinfo.Groupid        = 7;
            onlineuserinfo.Olimg          = GetGroupImg(7);
            onlineuserinfo.Adminid        = 0;
            onlineuserinfo.Invisible      = 0;
            onlineuserinfo.Ip             = DNTRequest.GetIP();
            onlineuserinfo.Lastposttime   = "1900-1-1 00:00:00";
            onlineuserinfo.Lastpostpmtime = "1900-1-1 00:00:00";
            onlineuserinfo.Lastsearchtime = "1900-1-1 00:00:00";
            onlineuserinfo.Lastupdatetime = Utils.GetDateTime();
            onlineuserinfo.Action         = 0;
            onlineuserinfo.Lastactivity   = 0;
            onlineuserinfo.Verifycode     = ForumUtils.CreateAuthStr(5, false);

            int olid = Add(onlineuserinfo, timeout);

            onlineuserinfo.Olid = olid;

            return(onlineuserinfo);
        }
Пример #7
0
        void RESTServer_Load(object sender, EventArgs e)
        {
            List <DNTParam> parameters = GetParamsFromRequest(HttpContext.Current.Request);
            APIConfigInfo   apiInfo    = APIConfigs.GetConfig();

            if (!apiInfo.Enable)
            {
                RESTServerResponse(Util.CreateErrorMessage(ErrorType.API_EC_SERVICE, parameters));
                return;
            }

            //查找匹配客户端配置信息
            ApplicationInfo           appInfo       = null;
            ApplicationInfoCollection appcollection = apiInfo.AppCollection;

            foreach (ApplicationInfo newapp in appcollection)
            {
                if (newapp.APIKey == DNTRequest.GetString("api_key"))
                {
                    appInfo = newapp;
                    break;
                }
            }

            if (appInfo == null)
            {
                RESTServerResponse(Util.CreateErrorMessage(ErrorType.API_EC_APPLICATION, parameters));
                return;
            }

            //check request ip
            string ip = DNTRequest.GetIP();

            if (appInfo.IPAddresses != null && appInfo.IPAddresses.Trim() != string.Empty && !Utils.InIPArray(ip, appInfo.IPAddresses.Split(',')))
            {
                RESTServerResponse(Util.CreateErrorMessage(ErrorType.API_EC_BAD_IP, parameters));
                return;
            }

            string sig = GetSignature(parameters, appInfo.Secret);

            if (sig != DNTRequest.GetString("sig"))
            {
                //输出签名错误
                RESTServerResponse(Util.CreateErrorMessage(ErrorType.API_EC_SIGNATURE, parameters));
                return;
            }

            string method = DNTRequest.GetString("method").Trim().ToLower();

            //如果客户端未指定方法名称
            if (string.IsNullOrEmpty(method))
            {
                RESTServerResponse(Util.CreateErrorMessage(ErrorType.API_EC_METHOD, parameters));
                return;
            }

            RESTServerResponse(CommandManager.Run(new CommandParameter(method, parameters, appInfo)));
        }
Пример #8
0
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!Page.IsPostBack)
            {
                config = GeneralConfigs.GetConfig();

                // 如果IP访问列表有设置则进行判断
                if (config.Adminipaccess.Trim() != "")
                {
                    string[] regctrl = Utils.SplitString(config.Adminipaccess, "\n");
                    if (!Utils.InIPArray(DNTRequest.GetIP(), regctrl))
                    {
                        Context.Response.Redirect(BaseConfigs.GetForumPath + "admin/syslogin.aspx");
                        return;
                    }
                }

                //获取当前用户的在线信息
                OnlineUserInfo oluserinfo = new OnlineUserInfo();
                try
                {
                    oluserinfo = OnlineUsers.UpdateInfo(config.Passwordkey, config.Onlinetimeout);
                }
                catch
                {
                    Thread.Sleep(2000);
                    oluserinfo = OnlineUsers.UpdateInfo(config.Passwordkey, config.Onlinetimeout);
                }


                #region 进行权限判断

                UserGroupInfo usergroupinfo = AdminUserGroups.AdminGetUserGroupInfo(oluserinfo.Groupid);
                if (oluserinfo.Userid <= 0 || usergroupinfo.Radminid != 1)
                {
                    Context.Response.Redirect(BaseConfigs.GetForumPath + "admin/syslogin.aspx");
                    return;
                }

                string secques = Users.GetUserInfo(oluserinfo.Userid).Secques;
                // 管理员身份验证
                if (Context.Request.Cookies["dntadmin"] == null || Context.Request.Cookies["dntadmin"]["key"] == null || ForumUtils.GetCookiePassword(Context.Request.Cookies["dntadmin"]["key"].ToString(), config.Passwordkey) != (oluserinfo.Password + secques + oluserinfo.Userid.ToString()))
                {
                    Context.Response.Redirect(BaseConfigs.GetForumPath + "admin/syslogin.aspx");
                    return;
                }
                else
                {
                    Context.AddAdminCookie(config, oluserinfo, secques);
                    //HttpCookie cookie = HttpContext.Current.Request.Cookies["dntadmin"];
                    //cookie.Values["key"] = ForumUtils.SetCookiePassword(oluserinfo.Password + secques + oluserinfo.Userid.ToString(), config.Passwordkey);
                    //cookie.Expires = DateTime.Now.AddMinutes(30);
                    //HttpContext.Current.Response.AppendCookie(cookie);
                }

                #endregion
            }
        }
Пример #9
0
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!Page.IsPostBack)
            {
                config = GeneralConfigs.GetConfig();
                string sysloginPage = Shove._Web.Utility.GetUrl() + "admin/syslogin.aspx";

                // 如果IP访问列表有设置则进行判断
                if (config.Adminipaccess.Trim() != "")
                {
                    string[] regctrl = Utils.SplitString(config.Adminipaccess, "\n");
                    if (!Utils.InIPArray(DNTRequest.GetIP(), regctrl))
                    {
                        Context.Response.Redirect(sysloginPage);
                        return;
                    }
                }

                #region 进行权限判断

                int userid = Discuz.Forum.Users.GetUserIDFromCookie();

                if (userid <= 0)
                {
                    Context.Response.Redirect(sysloginPage);
                    return;
                }

                UserInfo u = Discuz.Forum.Users.GetUserInfo(userid);

                if (u.Adminid < 1 || u.Groupid < 1)
                {
                    Context.Response.Redirect(sysloginPage);
                    return;
                }



                UserGroupInfo usergroupinfo = AdminUserGroups.AdminGetUserGroupInfo(u.Groupid);
                if (usergroupinfo.Radminid != 1)
                {
                    Context.Response.Redirect(sysloginPage);
                    return;
                }

                this.userid      = u.Uid;
                this.username    = u.Username;
                this.usergroupid = u.Groupid;
                this.useradminid = (short)usergroupinfo.Radminid;
                this.grouptitle  = usergroupinfo.Grouptitle;
                this.ip          = DNTRequest.GetIP();

                #endregion
            }
        }
Пример #10
0
        /// <summary>
        /// 检查cookie是否有效
        /// </summary>
        /// <returns></returns>
        public bool CheckCookie()
        {
            string sysloginPage = Shove._Web.Utility.GetUrl() + "/admin/syslogin.aspx";

            config = GeneralConfigs.GetConfig();

            // 如果IP访问列表有设置则进行判断
            if (config.Adminipaccess.Trim() != "")
            {
                string[] regctrl = Utils.SplitString(config.Adminipaccess, "\n");
                if (!Utils.InIPArray(DNTRequest.GetIP(), regctrl))
                {
                    Context.Response.Redirect(sysloginPage);
                    return(false);
                }
            }

            #region 进行权限判断

            int userid = Discuz.Forum.Users.GetUserIDFromCookie();

            if (userid <= 0)
            {
                Context.Response.Redirect(sysloginPage);
                return(false);
            }

            UserInfo u = Discuz.Forum.Users.GetUserInfo(userid);

            if (u.Adminid < 1 || u.Groupid < 1)
            {
                Context.Response.Redirect(sysloginPage);
                return(false);
            }



            UserGroupInfo usergroupinfo = AdminUserGroups.AdminGetUserGroupInfo(u.Groupid);
            if (usergroupinfo.Radminid != 1)
            {
                Context.Response.Redirect(sysloginPage);
                return(false);
            }

            this.userid      = u.Uid;
            this.username    = u.Username;
            this.usergroupid = u.Groupid;
            this.useradminid = (short)usergroupinfo.Radminid;
            this.grouptitle  = usergroupinfo.Grouptitle;
            this.ip          = DNTRequest.GetIP();

            #endregion

            return(true);
        }
Пример #11
0
        protected void LoadSystemInf()
        {
            #region 检测系统信息

            Response.Expires      = 0;
            Response.CacheControl = "no-cache";

            //取得页面执行开始时间
            DateTime stime = DateTime.Now;

            //取得服务器相关信息
            servername.Text  = Server.MachineName;
            serverip.Text    = Request.ServerVariables["LOCAL_ADDR"];
            server_name.Text = Request.ServerVariables["SERVER_NAME"];

            int build, major, minor, revision;
            build          = Environment.Version.Build;
            major          = Environment.Version.Major;
            minor          = Environment.Version.Minor;
            revision       = Environment.Version.Revision;
            servernet.Text = ".NET CLR  " + major + "." + minor + "." + build + "." + revision;
            serverms.Text  = Environment.OSVersion.ToString();

            serversoft.Text = Request.ServerVariables["SERVER_SOFTWARE"];
            serverport.Text = Request.ServerVariables["SERVER_PORT"];
            serverout.Text  = Server.ScriptTimeout.ToString();
            //语言应该是浏览者信息, 1.0 final 修改
            cl.Text         = Request.ServerVariables["HTTP_ACCEPT_LANGUAGE"];
            servertime.Text = DateTime.Now.ToString();
            //serverppath.Text = Request.ServerVariables["APPL_PHYSICAL_PATH"];
            servernpath.Text = Request.ServerVariables["PATH_TRANSLATED"];
            serverhttps.Text = Request.ServerVariables["HTTPS"];

            //取得用户浏览器信息
            HttpBrowserCapabilities bc = Request.Browser;
            ie.Text      = bc.Browser.ToString();
            cookies.Text = bc.Cookies.ToString();
            frames.Text  = bc.Frames.ToString();
            javaa.Text   = bc.JavaApplets.ToString();
            javas.Text   = bc.EcmaScriptVersion.ToString();
            ms.Text      = bc.Platform.ToString();
            vbs.Text     = bc.VBScript.ToString();
            vi.Text      = bc.Version.ToString();

            //取得浏览者ip地址,1.0 final 加入
            cip.Text = DNTRequest.GetIP(); // Request.ServerVariables["REMOTE_ADDR"];

            //取得页面执行结束时间
            DateTime etime = DateTime.Now;

            //计算页面执行时间
            runtime.Text = ((etime - stime).TotalMilliseconds).ToString();

            #endregion
        }
Пример #12
0
 private void LoginUser(IUser userInfo)
 {
     ForumUtils.WriteUserCookie(userInfo.ID, TypeConverter.StrToInt(DNTRequest.GetString("expires"), -1), this.config.Passwordkey, DNTRequest.GetInt("templateid", 0), DNTRequest.GetInt("loginmode", -1));
     this.oluserinfo    = OnlineUsers.UpdateInfo(this.config.Passwordkey, this.config.Onlinetimeout, userInfo.ID, "");
     this.olid          = this.oluserinfo.Olid;
     this.username      = userInfo.Name;
     this.userid        = userInfo.ID;
     this.usergroupinfo = UserGroup.FindByID(userInfo.GroupID);
     this.useradminid   = this.usergroupinfo.RadminID;
     Utils.WriteCookie("bindconnect", "1");
     OnlineUsers.UpdateAction(this.olid, UserAction.Login.ActionID, 0);
     LoginLogs.DeleteLoginLog(DNTRequest.GetIP());
     Users.UpdateUserCreditsAndVisit(userInfo.ID, DNTRequest.GetIP());
 }
Пример #13
0
        /// <summary>
        /// 校验用户是否可以访问论坛
        /// </summary>
        /// <returns></returns>
        private bool ValidateUserPermission()
        {
            if (onlineusercount >= config.Maxonlines && useradminid != 1 && pagename != "login.aspx" && pagename != "logout.aspx")
            {
                ShowMessage("抱歉,目前访问人数太多,你暂时无法访问论坛.", 0);
                return(false);
            }

            if (usergroupinfo.Allowvisit != 1 && useradminid != 1 && pagename != "login.aspx" && pagename != "register.aspx" && pagename != "logout.aspx" && pagename != "activationuser.aspx" && pagename != "getpassword.aspx")
            {
                ShowMessage("抱歉, 您所在的用户组不允许访问论坛", 2);
                return(false);
            }

            // 如果IP访问列表有设置则进行判断
            if (config.Ipaccess.Trim() != "")
            {
                string[] regctrl = Utils.SplitString(config.Ipaccess, "\n");
                if (!Utils.InIPArray(DNTRequest.GetIP(), regctrl))
                {
                    ShowMessage("抱歉, 系统设置了IP访问列表限制, 您无法访问本论坛", 0);
                    return(false);
                }
            }


            // 如果IP访问列表有设置则进行判断
            if (config.Ipdenyaccess.Trim() != "")
            {
                string[] regctrl = Utils.SplitString(config.Ipdenyaccess, "\n");
                if (Utils.InIPArray(DNTRequest.GetIP(), regctrl))
                {
                    ShowMessage("由于您严重违反了论坛的相关规定, 已被禁止访问.", 2);
                    return(false);
                }
            }

            // 如果当前用户请求页面不是登录页面并且当前用户非管理员并且论坛设定了时间段,当时间在其中的一个时间段内,则跳转到论坛登录页面
            if (useradminid != 1 && pagename != "login.aspx" && pagename != "logout.aspx" && usergroupinfo.Disableperiodctrl != 1)
            {
                if (Scoresets.BetweenTime(config.Visitbanperiods))
                {
                    ShowMessage("在此时间段内不允许访问本论坛", 2);
                    return(false);
                }
            }
            return(true);
        }
Пример #14
0
        private void Submit_CategoryInfo()
        {
            if (!OnlineUsers.CheckUserVerifyCode(olid, DNTRequest.GetString("vcode")))
            {
                completeinfo = "验证码错误,请重新输入";
                return;
            }
            if (commentcontent == "")
            {
                completeinfo = "请输入评论内容";
                return;
            }

            SpacePostInfo __spacepostinfo = BlogProvider.GetSpacepostsInfo(Space.Data.DbProvider.GetInstance().GetSpacePost(postid));

            if (__spacepostinfo.CommentStatus == 1)
            {
                completeinfo = "当前日志不允许评论";
                return;
            }
            if ((__spacepostinfo.CommentStatus == 2) && (userid < 1))
            {
                completeinfo = "当前日志仅允许注册用户评论";
                return;
            }

            SpaceCommentInfo __spacecommentinfo = new SpaceCommentInfo();

            __spacecommentinfo.PostID       = postid;
            __spacecommentinfo.Author       = Utils.HtmlEncode(commentauthor != ""?commentauthor:"匿名");
            __spacecommentinfo.Email        = Utils.HtmlEncode(commentemail);
            __spacecommentinfo.Url          = commenturl;
            __spacecommentinfo.Ip           = DNTRequest.GetIP();
            __spacecommentinfo.PostDateTime = DateTime.Now;
            __spacecommentinfo.Content      = Utils.HtmlEncode(ForumUtils.BanWordFilter(commentcontent));
            __spacecommentinfo.ParentID     = 0;
            __spacecommentinfo.Uid          = (commentauthor == username) ? userid: -1;
            __spacecommentinfo.PostTitle    = Utils.HtmlEncode(ForumUtils.BanWordFilter(__spacepostinfo.Title));

            Space.Data.DbProvider.GetInstance().AddSpaceComment(__spacecommentinfo);
            Space.Data.DbProvider.GetInstance().CountUserSpaceCommentCountByUserID(__spacepostinfo.Uid, 1);
            Space.Data.DbProvider.GetInstance().CountSpaceCommentCountByPostID(postid, 1);

            if (DNTRequest.GetString("notice") == "true")
            {
                SendSpaceCommentNotice(__spacecommentinfo);
            }
        }
Пример #15
0
        /// <summary>
        /// 创建主题帖信息
        /// </summary>
        /// <param name="topicinfo"></param>
        /// <returns></returns>
        public PostInfo CreatePost(TopicInfo topicinfo)
        {
            PostInfo postinfo = new PostInfo();

            postinfo.Fid      = forumid;
            postinfo.Tid      = topicinfo.Tid;
            postinfo.Poster   = username;
            postinfo.Posterid = userid;
            postinfo.Title    = useradminid == 1 ? Utils.HtmlEncode(posttitle) :
                                postinfo.Title = Utils.HtmlEncode(ForumUtils.BanWordFilter(posttitle));
            postinfo.Postdatetime              = curdatetime;
            postinfo.Message     = message;
            postinfo.Ip          = DNTRequest.GetIP();
            postinfo.Invisible   = UserAuthority.GetTopicPostInvisible(forum, useradminid, userid, usergroupinfo, postinfo);
            postinfo.Usesig      = TypeConverter.StrToInt(DNTRequest.GetString("usesig"));
            postinfo.Htmlon      = (usergroupinfo.Allowhtml == 1 && (TypeConverter.StrToInt(DNTRequest.GetString("htmlon")) == 1)) ? 1 : 0;
            postinfo.Smileyoff   = (smileyoff == 0 && forum.Allowsmilies == 1) ? TypeConverter.StrToInt(DNTRequest.GetString("smileyoff")) : smileyoff;
            postinfo.Bbcodeoff   = (usergroupinfo.Allowcusbbcode == 1 && forum.Allowbbcode == 1) ? postinfo.Bbcodeoff = TypeConverter.StrToInt(DNTRequest.GetString("bbcodeoff")) : 1;
            postinfo.Parseurloff = TypeConverter.StrToInt(DNTRequest.GetString("parseurloff"));
            postinfo.Topictitle  = topicinfo.Title;

            //if (Utils.GetCookie("lasttopictitle") == Utils.MD5(postinfo.Title) || Utils.GetCookie("lasttopicmessage") == Utils.MD5(postinfo.Message))
            //{
            //    AddErrLine("请勿重复发帖");
            //    return postinfo;
            //}

            try
            {
                postinfo.Pid = Posts.CreatePost(postinfo);
                Utils.WriteCookie("lasttopictitle", Utils.MD5(postinfo.Title));
                Utils.WriteCookie("lasttopicmessage", Utils.MD5(postinfo.Message));
            }
            catch
            {
                TopicAdmins.DeleteTopics(topicinfo.Tid.ToString(), false);
                AddErrLine("帖子保存出现异常");
            }

            //创建投票
            if (createpoll)
            {
                msg = Polls.CreatePoll(DNTRequest.GetFormString("PollItemname"), DNTRequest.GetString("multiple") == "on" ? 1 : 0,
                                       DNTRequest.GetInt("maxchoices", 1), DNTRequest.GetString("visiblepoll") == "on" ? 1 : 0, DNTRequest.GetString("allowview") == "on" ? 1 : 0,
                                       enddatetime, topicinfo.Tid, pollitem, userid);
            }
            return(postinfo);
        }
Пример #16
0
        private void DoBanUserOperation()
        {
            string actions = string.Empty;
            string reason  = DNTRequest.GetString("reason");

            if (reason == string.Empty)
            {
                AddErrLine("请填写操作原因");
                return;
            }
            switch (DNTRequest.GetInt("bantype", -1))
            {
            case 0:
                //正常状态
                Discuz.Forum.Users.UpdateUserGroup(operateduid, UserCredits.GetCreditsUserGroupID(operateduser.Credits).Groupid);
                actions = "解除禁止用户";
                AddMsgLine("已根据金币将用户归组, 将返回之前页面");
                break;

            case 1:
                //禁止发言
                Discuz.Forum.Users.UpdateUserGroup(operateduid, 4);
                actions = "禁止用户发言";
                AddMsgLine("已成功禁止所选用户发言, 将返回之前页面");
                break;

            case 2:
                //禁止发言
                Discuz.Forum.Users.UpdateUserGroup(operateduid, 5);
                actions = "禁止用户访问";
                AddMsgLine("已成功禁止所选用户访问, 将返回之前页面");
                break;

            default:
                AddErrLine("错误的禁止类型");
                return;
            }

            AdminModeratorLogs.InsertLog(userid.ToString(), username, usergroupid.ToString(), usergroupinfo.Grouptitle,
                                         DNTRequest.GetIP(),
                                         DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"), "0", string.Empty, "0",
                                         string.Empty,
                                         actions, reason);

            RedirectURL();
        }
Пример #17
0
        public static string GetConnectLoginPageUrl(int userId)
        {
            var config = DiscuzCloudConfigInfo.Current;
            var list   = new List <DiscuzOAuthParameter>();

            list.Add(new DiscuzOAuthParameter("client_ip", DNTRequest.GetIP()));
            list.Add(new DiscuzOAuthParameter("type", (userId > 0) ? "loginbind" : "login"));
            DiscuzOAuth discuzOAuth = new DiscuzOAuth();
            string      text        = "";
            string      callback    = DiscuzCloud.oauthCallback;
            var         request     = HttpContext.Current.Request;
            var         referrer    = request.UrlReferrer;

            if (referrer != null && !referrer.PathAndQuery.StartsWith("/logout.aspx", StringComparison.OrdinalIgnoreCase) &&
                !referrer.PathAndQuery.StartsWith("/login.aspx", StringComparison.OrdinalIgnoreCase) &&
                !referrer.PathAndQuery.StartsWith("/register.aspx", StringComparison.OrdinalIgnoreCase) &&
                !referrer.PathAndQuery.StartsWith("/connect.aspx", StringComparison.OrdinalIgnoreCase))
            {
                callback += "&url=" + referrer.PathAndQuery;
            }
            XTrace.WriteLine(callback);
            string oAuthUrl        = discuzOAuth.GetOAuthUrl(REQUEST_TOKEN_URL, "POST", config.Connectappid, config.Connectappkey, "", "", "", callback, list, out text);
            string httpWebResponse = Utils.GetHttpWebResponse(oAuthUrl, text);
            string result;

            try
            {
                var connectResponse = JavaScriptConvert.DeserializeObject <ConnectResponse <OAuthTokenInfo> >(httpWebResponse);

                //Utils.WriteCookie("connect", "token", connectResponse.Result.Token);
                //Utils.WriteCookie("connect", "secret", connectResponse.Result.Secret);
                var Session = HttpContext.Current.Session;
                Session["connect_token"]  = connectResponse.Result.Token;
                Session["connect_secret"] = connectResponse.Result.Secret;
                XTrace.WriteLine("IP {0}, token {1}, secret {2}, verifier {3}, sid {4}, url {5}", DNTRequest.GetIP(), Session["connect_token"], Session["connect_secret"], DNTRequest.GetString("con_oauth_verifier"), Session.SessionID, request.Url);

                string oAuthUrl2 = discuzOAuth.GetOAuthUrl(AUTHORIZE_URL, "GET", config.Connectappid, config.Connectappkey, connectResponse.Result.Token, connectResponse.Result.Secret, "", callback, new List <DiscuzOAuthParameter>(), out text);
                result = oAuthUrl2 + "?" + text;
            }
            catch (Exception ex)
            {
                XTrace.WriteException(ex);
                result = "?Failed to get tmptoken";
            }
            return(result);
        }
Пример #18
0
 /// <summary>
 /// 登录操作
 /// </summary>
 /// <param name="userInfo"></param>
 private void LoginUser(ShortUserInfo userInfo)
 {
     #region 无延迟更新在线信息和相关用户信息
     ForumUtils.WriteUserCookie(userInfo.Uid, TypeConverter.StrToInt(DNTRequest.GetString("expires"), -1),
                                config.Passwordkey, DNTRequest.GetInt("templateid", 0), DNTRequest.GetInt("loginmode", -1));
     oluserinfo    = OnlineUsers.UpdateInfo(config.Passwordkey, config.Onlinetimeout, userInfo.Uid, "");
     olid          = oluserinfo.Olid;
     username      = userInfo.Username;
     userid        = userInfo.Uid;
     usergroupinfo = UserGroups.GetUserGroupInfo(userInfo.Groupid);
     useradminid   = usergroupinfo.Radminid;   // 根据用户组得到相关联的管理组id
     Utils.WriteCookie("bindconnect", "true"); //将当前登录用户是否绑定QQ互联的状态设置为true
     OnlineUsers.UpdateAction(olid, UserAction.Login.ActionID, 0);
     LoginLogs.DeleteLoginLog(DNTRequest.GetIP());
     Users.UpdateUserCreditsAndVisit(userInfo.Uid, DNTRequest.GetIP());
     #endregion
 }
Пример #19
0
        private void ReSendMail(int uid, string username, string email)
        {
            string Authstr = ForumUtils.CreateAuthStr(20);

            Discuz.Forum.Users.UpdateAuthStr(uid, Authstr, 2);

            string        title = config.Forumtitle + " 取回密码说明";
            StringBuilder body  = new StringBuilder();

            body.Append(username);
            body.Append("您好!<BR />这封信是由 ");
            body.Append(config.Forumtitle);
            body.Append(" 发送的.<BR /><BR />您收到这封邮件,是因为在我们的论坛上这个邮箱地址被登记为用户邮箱,且该用户请求使用 Email 密码重置功能所致.");
            body.Append("<BR /><BR />----------------------------------------------------------------------");
            body.Append("<BR />重要!");
            body.Append("<BR /><BR />----------------------------------------------------------------------");
            body.Append("<BR /><BR />如果您没有提交密码重置的请求或不是我们论坛的注册用户,请立即忽略并删除这封邮件.只在您确认需要重置密码的情况下,才继续阅读下面的内容.");
            body.Append("<BR /><BR />----------------------------------------------------------------------");
            body.Append("<BR />密码重置说明");
            body.Append("<BR /><BR />----------------------------------------------------------------------");
            body.Append("<BR /><BR />您只需在提交请求后的三天之内,通过点击下面的链接重置您的密码:");
            body.Append("<BR /><BR /><a href=" + GetForumPath() + "/setnewpassword.aspx?uid=" + uid + "&id=" + Authstr +
                        " target=_blank>");
            body.Append(GetForumPath());
            body.Append("/setnewpassword.aspx?uid=");
            body.Append(uid);
            body.Append("&id=");
            body.Append(Authstr);
            body.Append("</a>");

            body.Append("<BR /><BR />(如果上面不是链接形式,请将地址手工粘贴到浏览器地址栏再访问)");
            body.Append("<BR /><BR />上面的页面打开后,输入新的密码后提交,之后您即可使用新的密码登录论坛了.您可以在用户控制面板中随时修改您的密码.");
            body.Append("<BR /><BR />本请求提交者的 IP 为 ");
            body.Append(DNTRequest.GetIP());
            body.Append("<BR /><BR /><BR /><BR />");
            body.Append("<BR />此致 <BR /><BR />");
            body.Append(config.Forumtitle);
            body.Append(" 管理团队.");
            body.Append("<BR />");
            body.Append(GetForumPath());
            body.Append("<BR /><BR />");


            Emails.DiscuzSmtpMailToUser(email, title, body.ToString());
        }
Пример #20
0
        public UserControlsPageBase()
        {
            config = GeneralConfigs.GetConfig();

            // 如果IP访问列表有设置则进行判断
            if (config.Adminipaccess.Trim() != "")
            {
                string[] regctrl = Utils.SplitString(config.Adminipaccess, "\n");
                if (!Utils.InIPArray(DNTRequest.GetIP(), regctrl))
                {
                    Context.Response.Redirect(BaseConfigs.GetForumPath + "admin/syslogin.aspx");
                    return;
                }
            }

            // 获取用户信息
            OnlineUserInfo oluserinfo    = OnlineUsers.UpdateInfo(config.Passwordkey, config.Onlinetimeout);
            UserGroupInfo  usergroupinfo = AdminUserGroups.AdminGetUserGroupInfo(oluserinfo.Groupid);

            if (oluserinfo.Userid <= 0 || usergroupinfo.Radminid != 1)
            {
                Context.Response.Redirect(BaseConfigs.GetForumPath + "admin/syslogin.aspx");
                return;
            }

            string secques = Users.GetUserInfo(oluserinfo.Userid).Secques;

            // 管理员身份验证
            if (Context.Request.Cookies["dntadmin"] == null || Context.Request.Cookies["dntadmin"]["key"] == null ||
                ForumUtils.GetCookiePassword(Context.Request.Cookies["dntadmin"]["key"].ToString(), config.Passwordkey) != (oluserinfo.Password + secques + oluserinfo.Userid.ToString()))
            {
                Context.Response.Redirect(BaseConfigs.GetForumPath + "admin/syslogin.aspx");
                return;
            }
            else
            {
                HttpCookie cookie = HttpContext.Current.Request.Cookies["dntadmin"];
                cookie.Values["key"]    = ForumUtils.SetCookiePassword(oluserinfo.Password + secques + oluserinfo.Userid.ToString(), config.Passwordkey);
                cookie.Values["userid"] = oluserinfo.Userid.ToString();
                cookie.Expires          = DateTime.Now.AddMinutes(30);
                HttpContext.Current.Response.AppendCookie(cookie);
            }
        }
Пример #21
0
        public static int UnbindUserConnectInfo(string openId)
        {
            DiscuzCloudConfigInfo config          = DiscuzCloudConfigInfo.Current;
            UserConnect           userConnectInfo = DiscuzCloud.GetUserConnectInfo(openId);

            if (userConnectInfo == null)
            {
                return(-1);
            }
            List <DiscuzOAuthParameter> list = new List <DiscuzOAuthParameter>();

            list.Add(new DiscuzOAuthParameter("client_ip", DNTRequest.GetIP()));
            DiscuzOAuth discuzOAuth = new DiscuzOAuth();
            string      postData    = "";
            string      oAuthUrl    = discuzOAuth.GetOAuthUrl(UNBIND_URL, "POST", config.Connectappid, config.Connectappkey, userConnectInfo.Token, userConnectInfo.Secret, "", "", list, out postData);

            Utils.GetHttpWebResponse(oAuthUrl, postData);
            DiscuzCloud.DeleteUserConnectInfo(openId);
            Utils.WriteCookie("bindconnect", "");
            return(1);
        }
Пример #22
0
        protected void Page_Load(object sender, EventArgs e)
        {
            config = GeneralConfigs.GetConfig();

            // 如果IP访问列表有设置则进行判断
            if (config.Adminipaccess.Trim() != "")
            {
                string[] regctrl = Utils.SplitString(config.Adminipaccess, "\n");
                if (!Utils.InIPArray(DNTRequest.GetIP(), regctrl))
                {
                    Context.Response.Redirect("syslogin.aspx");
                    return;
                }
            }

            #region 进行权限判断

            int userid = Discuz.Forum.Users.GetUserIDFromCookie();

            if (userid <= 0)
            {
                Context.Response.Redirect("syslogin.aspx");
                return;
            }

            UserInfo u = Discuz.Forum.Users.GetUserInfo(userid);

            if (u.Adminid > 0 && u.Groupid > 0)
            {
                return;
            }
            else
            {
                Context.Response.Redirect("syslogin.aspx");
                return;
            }

            #endregion
        }
Пример #23
0
        protected void LoadSystemInf()
        {
            base.Response.Expires      = 0;
            base.Response.CacheControl = "no-cache";
            DateTime now = DateTime.Now;

            this.servername.Text  = base.Server.MachineName;
            this.serverip.Text    = base.Request.ServerVariables["LOCAL_ADDR"];
            this.server_name.Text = base.Request.ServerVariables["SERVER_NAME"];
            int build    = Environment.Version.Build;
            int major    = Environment.Version.Major;
            int minor    = Environment.Version.Minor;
            int revision = Environment.Version.Revision;

            this.servernet.Text   = ".NET CLR  " + major + "." + minor + "." + build + "." + revision;
            this.serverms.Text    = Environment.OSVersion.ToString();
            this.serversoft.Text  = base.Request.ServerVariables["SERVER_SOFTWARE"];
            this.serverport.Text  = base.Request.ServerVariables["SERVER_PORT"];
            this.serverout.Text   = base.Server.ScriptTimeout.ToString();
            this.cl.Text          = base.Request.ServerVariables["HTTP_ACCEPT_LANGUAGE"];
            this.servertime.Text  = DateTime.Now.ToString();
            this.servernpath.Text = base.Request.ServerVariables["PATH_TRANSLATED"];
            this.serverhttps.Text = base.Request.ServerVariables["HTTPS"];
            HttpBrowserCapabilities browser = base.Request.Browser;

            this.ie.Text      = browser.Browser.ToString();
            this.cookies.Text = browser.Cookies.ToString();
            this.frames.Text  = browser.Frames.ToString();
            this.javaa.Text   = browser.JavaApplets.ToString();
            this.javas.Text   = browser.EcmaScriptVersion.ToString();
            this.ms.Text      = browser.Platform.ToString();
            this.vbs.Text     = browser.VBScript.ToString();
            this.vi.Text      = browser.Version.ToString();
            this.cip.Text     = DNTRequest.GetIP();
            DateTime now2 = DateTime.Now;

            this.runtime.Text = (now2 - now).TotalMilliseconds.ToString();
        }
Пример #24
0
        /// <summary>
        /// 根据IP查找用户
        /// </summary>
        /// <param name="ip">ip地址</param>
        /// <returns>用户信息</returns>
        public static string CheckRegisterDateDiff(string ip)
        {
            ShortUserInfo userinfo = Discuz.Data.Users.GetShortUserInfoByIP(ip);

            if (GeneralConfigs.GetConfig().Regctrl > 0 && userinfo != null)
            {
                int Interval = Utils.StrDateDiffHours(userinfo.Joindate, GeneralConfigs.GetConfig().Regctrl);
                if (Interval <= 0)
                {
                    return("抱歉, 系统设置了IP注册间隔限制, 您必须在 " + (Interval * -1) + " 小时后才可以注册");
                }
            }

            if (GeneralConfigs.GetConfig().Ipregctrl.Trim() != "" && Utils.InIPArray(DNTRequest.GetIP(), Utils.SplitString(GeneralConfigs.GetConfig().Ipregctrl, "\n")) && userinfo != null)
            {
                int Interval = Utils.StrDateDiffHours(userinfo.Joindate, 72);
                if (Interval < 0)
                {
                    return("抱歉, 系统设置了特殊IP注册限制, 您必须在 " + (Interval * -1) + " 小时后才可以注册");
                }
            }
            return(null);
        }
Пример #25
0
        /// <summary>
        /// 获取当前Oauth用户的accessTokenInfo
        /// </summary>
        /// <returns></returns>
        public static OAuthAccessTokenInfo GetConnectAccessTokenInfo()
        {
            DiscuzCloudConfigInfo       config    = DiscuzCloudConfigs.GetConfig();
            List <DiscuzOAuthParameter> paramList = new List <DiscuzOAuthParameter>();

            paramList.Add(new DiscuzOAuthParameter("client_ip", DNTRequest.GetIP()));

            DiscuzOAuth oauth          = new DiscuzOAuth();
            string      queryStr       = "";
            string      accessTokenUrl = oauth.GetOAuthUrl(ACCESS_TOKEN_URL, "POST", config.Connectappid, config.Connectappkey,
                                                           Utils.GetCookie("connect", "token"), Utils.GetCookie("connect", "secret"),
                                                           DNTRequest.GetString("con_oauth_verifier"), "", paramList, out queryStr);
            string response = Utils.GetHttpWebResponse(accessTokenUrl, queryStr);

            try
            {
                ConnectResponse <OAuthAccessTokenInfo> accessTokenInfo = JavaScriptConvert.DeserializeObject <ConnectResponse <OAuthAccessTokenInfo> >(response);
                return(accessTokenInfo.Result);
            }
            catch
            {
                return(null);
            }
        }
Пример #26
0
        /// <summary>
        /// 构造函数
        /// </summary>
        public ArchiverPage()
        {
            config = GeneralConfigs.GetConfig();

            if (config.Archiverstatus == 2 && DNTRequest.IsSearchEnginesGet())//启用,但当用户从搜索引擎点击时自动转向动态页面
            {
                string url = OrganizeURL(HttpContext.Current.Request.Url);
                HttpContext.Current.Response.Redirect(url);
            }

            if (config.Archiverstatus == 3 && DNTRequest.IsBrowserGet())            //启用,但当用户使用浏览器访问时自动转向动态页面
            {
                string url = OrganizeURL(HttpContext.Current.Request.Url);
                HttpContext.Current.Response.Redirect(url);
            }

            int onlineusercount = OnlineUsers.GetOnlineAllUserCount();

            if (onlineusercount >= config.Maxonlines)
            {
                ShowError("抱歉,目前访问人数太多,你暂时无法访问论坛.", 0);
            }

            if (config.Nocacheheaders == 1)
            {
                HttpContext.Current.Response.Buffer          = true;
                HttpContext.Current.Response.ExpiresAbsolute = DateTime.Now.AddDays(-1);
                HttpContext.Current.Response.Cache.SetExpires(DateTime.Now.AddDays(-1));
                HttpContext.Current.Response.Expires      = 0;
                HttpContext.Current.Response.CacheControl = "no-cache";
                HttpContext.Current.Response.Cache.SetNoStore();
            }

            OnlineUserInfo oluserinfo = OnlineUsers.UpdateInfo(config.Passwordkey, config.Onlinetimeout);

            userid      = oluserinfo.Userid;
            useradminid = oluserinfo.Adminid;


            // 如果论坛关闭且当前用户请求页面不是登录页面且用户非管理员, 则跳转至论坛关闭信息页
            if (config.Closed == 1 && oluserinfo.Adminid != 1)
            {
                ShowError("", 1);
            }

            usergroupinfo = UserGroups.GetUserGroupInfo(oluserinfo.Groupid);

            // 如果不允许访问论坛则转向到tools/ban.htm
            if (usergroupinfo.Allowvisit != 1)
            {
                ShowError("抱歉, 您所在的用户组不允许访问论坛", 2);
            }
            // 如果IP访问列表有设置则进行判断
            if (config.Ipaccess.Trim() != "")
            {
                string[] regctrl = Utils.SplitString(config.Ipaccess, "\n");
                if (!Utils.InIPArray(DNTRequest.GetIP(), regctrl))
                {
                    ShowError("抱歉, 系统设置了IP访问列表限制, 您无法访问本论坛", 0);
                    return;
                }
            }


            // 如果IP访问列表有设置则进行判断
            if (config.Ipdenyaccess.Trim() != "")
            {
                string[] regctrl = Utils.SplitString(config.Ipdenyaccess, "\n");
                if (Utils.InIPArray(DNTRequest.GetIP(), regctrl))
                {
                    ShowError("由于您严重违反了论坛的相关规定, 已被禁止访问.", 2);
                    return;
                }
            }

            // 如果当前用户请求页面不是登录页面并且当前用户非管理员并且论坛设定了时间段,当时间在其中的一个时间段内,则跳转到论坛登录页面
            if (oluserinfo.Adminid != 1 && DNTRequest.GetPageName() != "login.aspx")
            {
                if (Scoresets.BetweenTime(config.Visitbanperiods))
                {
                    ShowError("在此时间段内不允许访问本论坛", 2);
                    return;
                }
            }

            HttpContext.Current.Response.Write("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n");

            if (config.Seokeywords != "")
            {
                HttpContext.Current.Response.Write("<meta name=\"keywords\" content=\"" + config.Seokeywords + "\" />\r\n");
            }
            if (config.Seodescription != "")
            {
                HttpContext.Current.Response.Write("<meta name=\"description\" content=\"" + config.Seodescription + "\" />\r\n");
            }
            HttpContext.Current.Response.Write(config.Seohead.Trim());
            HttpContext.Current.Response.Write("\r\n<link href=\"dntarchiver.css\" rel=\"stylesheet\" type=\"text/css\" />");

            if (config.Archiverstatus == 0)
            {
                ShowError("系统禁止使用Archiver", 3);
                HttpContext.Current.Response.End();
                return;
            }
        }
Пример #27
0
        protected void Origin_Page_Load(object sender, EventArgs e)
        {
            UserName.Attributes.Remove("class");
            PassWord.Attributes.Remove("class");
            UserName.AddAttributes("style", "width:200px");
            PassWord.AddAttributes("style", "width:200px");

            config = GeneralConfigs.GetConfig();

            OnlineUserInfo oluserinfo = Discuz.Forum.OnlineUsers.UpdateInfo(config.Passwordkey, config.Onlinetimeout);

            olid = oluserinfo.Olid;

            if (!Page.IsPostBack)
            {
                #region 如果IP访问列表有设置则进行判断
                if (config.Adminipaccess.Trim() != "")
                {
                    string[] regctrl = Utils.SplitString(config.Adminipaccess, "\n");
                    if (!Utils.InIPArray(DNTRequest.GetIP(), regctrl))
                    {
                        StringBuilder sb = new StringBuilder();
                        sb.Append("<br /><br /><div style=\"width:100%\" align=\"center\"><div align=\"center\" style=\"width:600px; border:1px dotted #FF6600; background-color:#FFFCEC; margin:auto; padding:20px;\">");
                        sb.Append("<img src=\"images/hint.gif\" border=\"0\" alt=\"提示:\" align=\"absmiddle\" />&nbsp; 您的IP地址不在系统允许的范围之内</div></div>");
                        Response.Write(sb.ToString());
                        Response.End();
                        return;
                    }
                }
                #endregion

                #region 用户身份判断
                UserGroupInfo usergroupinfo = AdminUserGroups.AdminGetUserGroupInfo(oluserinfo.Groupid);
                if (oluserinfo.Userid <= 0 || usergroupinfo.Radminid != 1)
                {
                    string message = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">";
                    message += "<html xmlns=\"http://www.w3.org/1999/xhtml\"><head><title>无法确认您的身份</title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">";
                    message += "<link href=\"styles/default.css\" type=\"text/css\" rel=\"stylesheet\"></head><script type=\"text/javascript\">if(top.location!=self.location){top.location.href = \"syslogin.aspx\";}</script><body><br /><br /><div style=\"width:100%\" align=\"center\">";
                    message += "<div align=\"center\" style=\"width:600px; border:1px dotted #FF6600; background-color:#FFFCEC; margin:auto; padding:20px;\"><img src=\"images/hint.gif\" border=\"0\" alt=\"提示:\" align=\"absmiddle\" width=\"11\" height=\"13\" /> &nbsp;";
                    message += "无法确认您的身份, 请<a href=\"../login.aspx\">登录</a></div></div></body></html>";
                    Response.Write(message);
                    Response.End();
                    return;
                }
                #endregion


                #region 判断安装目录文件信息
                if (IsExistsSetupFile())
                {
                    string message = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">";
                    message += "<html xmlns=\"http://www.w3.org/1999/xhtml\"><head><title>请将您的安装目录即install/目录下的文件全部删除, 以免其它用户运行安装该程序!</title><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">";
                    message += "<link href=\"styles/default.css\" type=\"text/css\" rel=\"stylesheet\"></head><script type=\"text/javascript\">if(top.location!=self.location){top.location.href = \"syslogin.aspx\";}</script><body><br /><br /><div style=\"width:100%\" align=\"center\">";
                    message += "<div align=\"center\" style=\"width:660px; border:1px dotted #FF6600; background-color:#FFFCEC; margin:auto; padding:20px;\"><img src=\"images/hint.gif\" border=\"0\" alt=\"提示:\" align=\"absmiddle\" width=\"11\" height=\"13\" /> &nbsp;";
                    message += "请将您的安装目录(install/)下和升级目录(upgrade/)下的.aspx文件及bin/Discuz.Install.dll全部删除, 以免其它用户运行安装或升级程序!</div></div></body></html>";
                    Response.Write(message);
                    Response.End();
                    return;
                }
                #endregion


                #region 显示相关页面登陆提交信息
                if (Context.Request.Cookies["dntadmin"] == null || Context.Request.Cookies["dntadmin"]["key"] == null ||
                    ForumUtils.GetCookiePassword(Context.Request.Cookies["dntadmin"]["key"].ToString(), config.Passwordkey) !=
                    (oluserinfo.Password + Discuz.Forum.Users.GetUserInfo(oluserinfo.Userid).Secques + oluserinfo.Userid.ToString()))
                {
                    Msg.Text = "<IMG alt=\"提示:\" src=\"images/warning.gif\" align=\"absMiddle\" border=\"0\" width=\"16\" height=\"16\">请重新进行管理员登录";
                }

                if (oluserinfo.Userid > 0 && usergroupinfo.Radminid == 1 && oluserinfo.Username.Trim() != "")
                {
                    UserName.Text = oluserinfo.Username;
                    UserName.AddAttributes("readonly", "true");
                    UserName.CssClass = "nofocus";
                    UserName.Attributes.Add("onfocus", "this.className='nofocus';");
                    UserName.Attributes.Add("onblur", "this.className='nofocus';");
                }

                if (DNTRequest.GetString("result") == "1")
                {
                    Msg.Text = "<IMG alt=\"提示:\" src=\"images/warning.gif\" align=\"absMiddle\" border=\"0\" width=\"16\" height=\"16\"><font color=\"red\">用户不存在或密码错误</font>";
                    return;
                }

                if (DNTRequest.GetString("result") == "2")
                {
                    Msg.Text = "<IMG alt=\"提示:\" src=\"images/warning.gif\" align=\"absMiddle\" border=\"0\" width=\"16\" height=\"16\"><font color=\"red\">用户不是管理员身分,因此无法登陆后台</font>";
                    return;
                }

                if (DNTRequest.GetString("result") == "3")
                {
                    Msg.Text = "<IMG alt=\"提示:\" src=\"images/warning.gif\" align=\"absMiddle\" border=\"0\" width=\"16\" height=\"16\"><font color=\"red\">验证码错误,请重新输入</font>";
                    return;
                }

                if (DNTRequest.GetString("result") == "4")
                {
                    Msg.Text = "";
                    return;
                }
                #endregion
            }

            if (Page.IsPostBack)
            {
                VerifyLoginInf();//对提供的信息进行验证
            }
            else
            {
                Response.Redirect("syslogin.aspx?result=4");
            }
        }
        private void GivenMedal_Click(object sender, EventArgs e)
        {
            #region 给予勋章

            if (this.CheckCookie())
            {
                int uid = DNTRequest.GetInt("uid", -1);
                Users.UpdateMedals(uid, DNTRequest.GetString("medalid"), userid, username, DNTRequest.GetIP(), reason.Text.Trim());

                if (DNTRequest.GetString("codition") == "")
                {
                    Session["codition"] = null;
                }
                else
                {
                    Session["codition"] = DNTRequest.GetString("codition").Replace("^", "'");
                }

                base.RegisterStartupScript("PAGE", "window.location.href='global_edituser.aspx?uid=" + uid + "&condition=" + DNTRequest.GetString("condition") + "';");
            }

            #endregion
        }
Пример #29
0
        public void VerifyLoginInf()
        {
            if (!Discuz.Forum.OnlineUsers.CheckUserVerifyCode(olid, DNTRequest.GetString("vcode")))
            {
                Response.Redirect("syslogin.aspx?result=3");
                return;
            }

            UserInfo userInfo = null;

            if (config.Passwordmode == 1)
            {
                userInfo = Users.GetUserInfo(Users.CheckDvBbsPassword(DNTRequest.GetString("username"), DNTRequest.GetString("password")));
            }
            else if (config.Passwordmode == 0)
            {
                userInfo = Users.GetUserInfo(Users.CheckPassword(DNTRequest.GetString("username"), Utils.MD5(DNTRequest.GetString("password")), false));
            }
            else//第三方加密验证模式
            {
                userInfo = Users.CheckThirdPartPassword(DNTRequest.GetString("username"), DNTRequest.GetString("password"), -1, null);
            }

            if (userInfo != null)
            {
                UserGroupInfo usergroupinfo = AdminUserGroups.AdminGetUserGroupInfo(userInfo.Groupid);

                if (usergroupinfo.Radminid == 1)
                {
                    ForumUtils.WriteUserCookie(userInfo.Uid, 1440, GeneralConfigs.GetConfig().Passwordkey);

                    //UserGroupInfo userGroupInfo = AdminUserGroups.AdminGetUserGroupInfo(userInfo.Groupid);

                    HttpCookie cookie = new HttpCookie("dntadmin");
                    cookie.Values["key"] = ForumUtils.SetCookiePassword(userInfo.Password + userInfo.Secques + userInfo.Uid, config.Passwordkey);
                    cookie.Expires       = DateTime.Now.AddMinutes(30);
                    HttpContext.Current.Response.AppendCookie(cookie);

                    AdminVistLogs.InsertLog(userInfo.Uid, userInfo.Username, userInfo.Groupid, usergroupinfo.Grouptitle, DNTRequest.GetIP(), "后台管理员登陆", "");

                    try
                    {
                        SoftInfo.LoadSoftInfo();
                    }
                    catch
                    {
                        Response.Write("<script type=\"text/javascript\">top.location.href='index.aspx';</script>");
                        Response.End();
                    }

                    //升级general.config文件
                    try
                    {
                        GeneralConfigs.Serialiaze(GeneralConfigs.GetConfig(), Server.MapPath("../config/general.config"));
                    }
                    catch { }

                    Response.Write("<script type=\"text/javascript\">top.location.href='index.aspx';</script>");
                    Response.End();
                }
                else
                {
                    Response.Redirect("syslogin.aspx?result=2");
                }
            }
            else
            {
                Response.Redirect("syslogin.aspx?result=1");
            }
        }
Пример #30
0
        private void DoBanUserOperation()
        {
            ispost = false;
            string actions = "";
            string title   = "";

            //判断后台是否设置必须输入理由, 0-不需要 1-必须
            if (usergroupinfo.Reasonpm == 1 && Utils.StrIsNullOrEmpty(DNTRequest.GetString("reason")))
            {
                titlemessage = true;
                AddErrLine("请填写操作原因");
                return;
            }
            int    banexpirynew = DNTRequest.GetFormInt("banexpirynew", -1);
            string expday       = (banexpirynew == 0) ? "29990101" : string.Format("{0:yyyyMMdd}", DateTime.Now.AddDays(banexpirynew));

            switch (DNTRequest.GetInt("bantype", -1))
            {
            case 0:    //正常状态
                //Users.UpdateUserGroup(operateduid, UserCredits.GetCreditsUserGroupId(operateduser.Credits).Groupid);
                Users.UpdateBanUser(CreditsFacade.GetCreditsUserGroupId(operateduser.Credits).Groupid, "0", operateduid);
                title   = string.Format("取消对 <a href=\"../../userinfo-{1}.aspx\" target=\"_blank\">{0}</a> 的禁止", operatedusername, operateduid);
                actions = "取消禁止";
                break;

            case 1:    //禁止发言
                //Users.UpdateUserGroup(operateduid, 4);
                Users.UpdateBanUser(4, expday, operateduid);
                title   = string.Format("禁止 <a href=\"../../userinfo-{1}.aspx\" target=\"_blank\">{0}</a> 发言", operatedusername, operateduid);
                actions = "禁止发言";
                break;

            case 2:    //禁止访问
                //Users.UpdateUserGroup(operateduid, 5);
                Users.UpdateBanUser(5, expday, operateduid);
                title   = string.Format("禁止 <a href=\"../../userinfo-{1}.aspx\" target=\"_blank\">{0}</a> 访问", operatedusername, operateduid);
                actions = "禁止访问";
                break;

            default:
                titlemessage = true;
                actions      = "错误的禁止类型";
                AddErrLine("错误的禁止类型");
                return;
            }

            AdminModeratorLogs.InsertLog(userid.ToString(), username, usergroupid.ToString(), usergroupinfo.Grouptitle, DNTRequest.GetIP(),
                                         DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"), "0", "", "0", title, actions, DNTRequest.GetString("reason").Trim());
            // 收件箱
            //if (DNTRequest.GetFormInt("sendmessage", 0) == 1)
            //{
            //    PrivateMessageInfo privatemessageinfo = new PrivateMessageInfo();
            //    privatemessageinfo.Message = Utils.HtmlEncode(string.Format("这是由论坛系统自动发送的通知短消息。操作理由: {0}\r\n\r\n如果您对本管理操作有异议,请与我取得联系。", DNTRequest.GetString("reason").Trim()));
            //    privatemessageinfo.Subject = Utils.HtmlEncode("您被执行 " + actions + " 操作");
            //    privatemessageinfo.Msgto = operateduser.Username;
            //    privatemessageinfo.Msgtoid = operateduid;
            //    privatemessageinfo.Msgfrom = username;
            //    privatemessageinfo.Msgfromid = userid;
            //    privatemessageinfo.New = 1;
            //    privatemessageinfo.Postdatetime = Utils.GetDateTime();
            //    privatemessageinfo.Folder = 0;
            //    PrivateMessages.CreatePrivateMessage(privatemessageinfo, 0);
            //}

            ispost = true;
            SetShowBackLink(false);
            SetUrl(Utils.UrlDecode(ForumUtils.GetReUrl()));
            SetMetaRefresh();
            MsgForward("useradmin_succeed", true);
        }