//public proxy()
protected override void OnInit(System.EventArgs e)
{
if (ForumUtils.IsCrossSitePost(DNTRequest.GetUrlReferrer(), DNTRequest.GetHost()))
{
return;
}
string url = DNTRequest.GetQueryString("url");
if (url == null || url == string.Empty)
{
return;
}
url = HttpUtility.UrlDecode(url);
string enc = "utf-8";
if (DNTRequest.GetQueryString("enc") != "")
{
enc = DNTRequest.GetQueryString("enc");
}
string err = "";
if (enc == "gb2312")
{
url = Globals.EncodeStringAsGB2312(url);
}
HttpWebResponse response = Globals.GetPageResponse(url, out err);
if (response == null)
{
HttpContext.Current.Response.Write(err);
HttpContext.Current.Response.End();
return;
}
// WebHeaderCollection headers = response.Headers;
// foreach (string key in headers.Keys)
// {
// HttpContext.Current.Response.AppendHeader(key, headers[key]);
// }
Encoding encoding = Encoding.GetEncoding(enc);
HttpContext.Current.Response.ContentType = response.ContentType;
Stream instream = response.GetResponseStream();
StreamReader sr = new StreamReader(instream, encoding);
//返回结果网页(html)代码
string content = sr.ReadToEnd();
HttpContext.Current.Response.ContentEncoding = encoding;
HttpContext.Current.Response.Write(content);
HttpContext.Current.Response.End();
}
protected override void ShowPage()
{
int logoutUid = userid;
pagetitle = "用户退出";
username = "******";
userid = -1;
base.AddScript("if (top.document.getElementById('leftmenu')){ top.frames['leftmenu'].location.reload(); }");
if (!DNTRequest.IsPost() || reurl != "")
{
string r = (!Utils.StrIsNullOrEmpty(reurl)) ? reurl : "";
if (reurl == "")
{
r = (DNTRequest.GetUrlReferrer() == "" || DNTRequest.GetUrlReferrer().IndexOf("login") > -1 || DNTRequest.GetUrlReferrer().IndexOf("logout") > -1) ?
"index.aspx" : DNTRequest.GetUrlReferrer();
}
Utils.WriteCookie("reurl", (reurl == "" || reurl.IndexOf("login.aspx") > -1) ? r : reurl);
}
if (DNTRequest.GetString("userkey") == userkey || IsApplicationLogout())
{
AddMsgLine("已经清除了您的登录信息, 稍后您将以游客身份返回首页");
OnlineUsers.DeleteRows(olid);
ForumUtils.ClearUserCookie();
Utils.WriteCookie(Utils.GetTemplateCookieName(), "", -999999);
System.Web.HttpContext.Current.Response.AppendCookie(new System.Web.HttpCookie("dntadmin"));
//同步登录到第三方应用
if (APIConfigs.GetConfig().Enable)
{
AddMsgLine(Sync.GetLogoutScript(logoutUid));
}
if (!APIConfigs.GetConfig().Enable || !Sync.NeedAsyncLogout())
{
MsgForward("logout_succeed");
}
}
else
{
AddMsgLine("无法确定您的身份, 稍后返回首页");
}
SetUrl(Utils.UrlDecode(ForumUtils.GetReUrl()));
SetMetaRefresh();
SetShowBackLink(false);
}
protected override void ShowPage()
{
pagetitle = "选择模板";
if (userid == -1 && config.Guestcachepagetimeout > 0)
{
AddErrLine("当前的系统设置不允许游客选择模板");
return;
}
int templateid = DNTRequest.GetInt("templateid", 0);
if (templateid > 0)
{
if (!System.IO.Directory.Exists(Utils.GetMapPath("../" + templateid)))
{
AddErrLine("您所选择的模板不存在!");
return;
}
if (!Utils.InArray(templateid.ToString(), Templates.GetValidTemplateIDList()))
{
templateid = config.Templateid;
}
Utils.WriteCookie(Utils.GetTemplateCookieName(), templateid.ToString(), 999999);
string referrer = string.Format("http://{0}{1}", DNTRequest.GetCurrentFullHost(), forumpath);
if (referrer != "")
{
SetUrl(Utils.InArray(referrer, "logout.aspx,showtemplate.aspx") ? "index.aspx" : referrer);
}
else
{
SetUrl("index.aspx");
}
MsgForward("showtemplate_succeed", true);
AddMsgLine("切换模板成功, 返回切换模板前页面");
SetMetaRefresh();
SetShowBackLink(false);
}
else
{
if ((DNTRequest.GetUrlReferrer() == "") || (DNTRequest.GetUrlReferrer().IndexOf("showtemplate") > -1))
{
ForumUtils.WriteCookie("reurl", "index.aspx");
}
else
{
ForumUtils.WriteCookie("reurl", DNTRequest.GetUrlReferrer());
}
}
}
protected override void ShowPage()
{
pagetitle = "选择模板";
if (userid == -1 && config.Guestcachepagetimeout > 0)
{
AddErrLine("当前的系统设置不允许游客选择模板");
return;
}
int templateid = DNTRequest.GetInt("templateid", 0);
if (templateid > 0)
{
if (!System.IO.Directory.Exists(Utils.GetMapPath("../" + templateid)))
{
AddErrLine("您所选择的模板不存在!");
return;
}
string strtemplateid = Templates.GetValidTemplateIDList();
if (!Utils.InArray(templateid.ToString(), strtemplateid))
{
templateid = config.Templateid;
}
Utils.WriteCookie(Utils.GetTemplateCookieName(), templateid.ToString(), 999999);
string rurl = ForumUtils.GetReUrl();
SetUrl(rurl.IndexOf("logout.aspx") > -1 || rurl.IndexOf("showtemplate.aspx") > -1 ? "index.aspx" : rurl);
AddMsgLine("切换模板成功, 返回切换模板前页面");
SetMetaRefresh();
SetShowBackLink(false);
}
else
{
templatelist = Templates.GetValidTemplateList();
if ((DNTRequest.GetUrlReferrer() == "") || (DNTRequest.GetUrlReferrer().IndexOf("showtemplate") > -1))
{
ForumUtils.WriteCookie("reurl", "index.aspx");
}
else
{
ForumUtils.WriteCookie("reurl", DNTRequest.GetUrlReferrer());
}
}
}
public static void Process()
{
if (Utils.StrIsNullOrEmpty(DNTRequest.GetUrlReferrer()))
{
string[] array = DecodeUid(DNTRequest.GetString("input")).Split(',');
var userInfo = Users.GetUserInfo(array[0].ToInt());
if (userInfo == null || DNTRequest.GetString("appid") != Utils.MD5(userInfo.Name + userInfo.Password + userInfo.ID + array[1]))
{
return;
}
}
else
{
if (ForumUtils.IsCrossSitePost())
{
return;
}
}
string t = DNTRequest.GetString("t");
try
{
if (Utils.InArray(t, "deleteattach,getattachlist,deletepostsbyuidanddays,deletepost,ignorepost,passpost,deletetopic,ignoretopic,passtopic,getimagelist,getblocklist,getpagelist,forumtree,topictree,quickreply,report,getdebatepostpage,confirmbuyattach,getnewpms,getnewnotifications,getajaxforums,checkuserextcredit,diggdebates,imagelist,debatevote"))
{
//HttpContext.Current.Server.Transfer("sessionajax.aspx?t=" + t + "&reason=" + DNTRequest.GetString("reason"));
//return;
new SessionAjaxPage();
}
else
{
new AjaxPage();
}
}
catch (Exception ex)
{
XTrace.WriteException(ex);
}
}
/// <summary>
/// 设置reurl
/// </summary>
private void SetReUrl()
{
//未提交或跨页提交时
if (!DNTRequest.IsPost() || referer != "")
{
string r = "";
if (referer != "")
{
r = DNTRequest.GetUrlReferrer();
}
else
{
if ((DNTRequest.GetUrlReferrer() == "") || (DNTRequest.GetUrlReferrer().IndexOf("login") > -1) || DNTRequest.GetUrlReferrer().IndexOf("logout") > -1)
{
r = "index.aspx";
}
else
{
r = DNTRequest.GetUrlReferrer();
}
}
Utils.WriteCookie("reurl", (DNTRequest.GetQueryString("reurl") == "" || DNTRequest.GetQueryString("reurl").IndexOf("login.aspx") > -1) ? r : DNTRequest.GetQueryString("reurl"));
}
}
protected override void ShowPage()
{
if (!ispost)
{
if (tid <= 0)
{
AddErrLine("不存在的主题ID"); return;
}
TopicInfo topic = Topics.GetTopicInfo(tid);
if (topic == null)
{
AddErrLine("不存在的主题"); return;
}
switch (action)
{
case "emailfriend":
title = "分享";
emailcontent = "你好!我在 {0} 看到了这篇帖子,认为很有价值,特推荐给你。\r\n{1}\r\n地址 {2}\r\n希望你能喜欢。";
if (topic != null)
{
topictitle = topic.Title;
emailcontent = string.Format(emailcontent, config.Forumtitle, topictitle, DNTRequest.GetUrlReferrer());
}
break;
case "viewvote":
title = "参与投票的会员";
PollInfo pollinfo = Polls.GetPollInfo(tid);
if (pollinfo == null)
{
AddErrLine("不存在的调查"); return;
}
if (!(pollinfo.Allowview == 1 || pollinfo.Uid == userid || Moderators.IsModer(useradminid, userid, topic.Fid)))
{
AddErrLine("您没有查看投票人的权限"); return;
}
pollOptionList = Polls.GetPollOptionList(tid);
bool allowvote;
if (polloptionid == "0" || polloptionid == "")
{
voters = Polls.GetVoters(tid, userid, username, out allowvote);
}
else
{
foreach (DataRow dr in pollOptionList.Rows)
{
if (dr["polloptionid"].ToString() == polloptionid.ToString())
{
string[] votername = Utils.SplitString(dr["votername"].ToString().Trim(), " <");
foreach (string user in votername)
{
voters += "<li>" + (user.StartsWith("<") ? user : "******" + user) + "</li>";
}
}
}
if (voters == "")
{
voters = "<li>暂无人投票</li>";
}
}
break;
}
}
else
{
SendEmail();
}
}
protected override void ShowPage()
{
if (!this.ispost)
{
if (this.tid <= 0)
{
base.AddErrLine("不存在的主题ID");
return;
}
var topicInfo = Topic.FindByID(this.tid);
if (topicInfo == null)
{
base.AddErrLine("不存在的主题");
return;
}
string a;
if ((a = this.action) != null)
{
if (!(a == "emailfriend"))
{
if (!(a == "viewvote"))
{
return;
}
this.title = "参与投票的会员";
var pollInfo = Poll.FindByTid(tid);
if (pollInfo == null)
{
base.AddErrLine("不存在的调查");
return;
}
if (pollInfo.AllowView != true && pollInfo.Uid != this.userid && !Moderators.IsModer(this.useradminid, this.userid, topicInfo.Fid))
{
base.AddErrLine("您没有查看投票人的权限");
return;
}
this.pollOptionList = PollOption.FindAllByTid(tid);
if (polloptionid == 0)
{
bool flag;
this.voters = GetVoters(this.tid, this.userid, this.username, out flag);
return;
}
foreach (var item in pollOptionList)
{
if (item.ID == polloptionid)
{
string[] array = Utils.SplitString(item.VoterNames.Trim(), " <");
string[] array2 = array;
for (int i = 0; i < array2.Length; i++)
{
string text = array2[i];
this.voters = this.voters + "<li>" + (text.StartsWith("<") ? text : ("<" + text)) + "</li>";
}
}
}
if (String.IsNullOrEmpty(this.voters))
{
this.voters = "<li>暂无人投票</li>";
return;
}
}
else
{
this.title = "分享";
this.emailcontent = "你好!我在 {0} 看到了这篇帖子,认为很有价值,特推荐给你。\r\n{1}\r\n地址 {2}\r\n希望你能喜欢。";
if (topicInfo != null)
{
this.topictitle = topicInfo.Title;
this.emailcontent = string.Format(this.emailcontent, this.config.Forumtitle, this.topictitle, DNTRequest.GetUrlReferrer());
return;
}
}
}
}
else
{
this.SendEmail();
}
}
public AttachUploadPage()
{
if (!DNTRequest.GetRawUrl().Contains("action=swfupload") && ForumUtils.IsCrossSitePost(DNTRequest.GetUrlReferrer(), DNTRequest.GetHost())) //如果是跨站提交...
{
return;
}
//处理flash批量上传无法获取userid的问题
bool canpostattach = true;
if (DNTRequest.GetString("operation") == "upload")
{
string uploadUserid = DNTRequest.GetString("uid");
int olid = Discuz.Forum.OnlineUsers.GetOlidByUid(TypeConverter.StrToInt(uploadUserid));
if (olid > 0)
{
OnlineUserInfo oluserinfo = Discuz.Forum.OnlineUsers.GetOnlineUser(olid);
string hash = Discuz.Common.DES.Encode(oluserinfo.Olid.ToString() + "," + oluserinfo.Username.ToString(), oluserinfo.Password.Substring(0, 10)).Replace("+", "[");
if (DNTRequest.GetString("hash") == hash)
{
userid = oluserinfo.Userid;
usergroupinfo = UserGroups.GetUserGroupInfo(oluserinfo.Groupid);
}
else
{
canpostattach = false;
}
}
else
{
canpostattach = false;
}
}
UserInfo userinfo = Users.GetUserInfo(userid);
ForumInfo forum = Forums.GetForumInfo(forumid);
int MaxTodaySize = (userid > 0 ? Attachments.GetUploadFileSizeByuserid(userid) : 0);
//今天可上传得大小
int attachsize = usergroupinfo.Maxsizeperday - MaxTodaySize;
//得到用户可以上传的文件类型
string attachmentTypeSelect = Attachments.GetAllowAttachmentType(usergroupinfo, forum);
string attachextensions = Attachments.GetAttachmentTypeArray(attachmentTypeSelect);
string attachextensionsnosize = Attachments.GetAttachmentTypeString(attachmentTypeSelect);
if (DNTRequest.GetString("action") == "swfupload" && DNTRequest.GetString("operation") == "config")
{
GetConfig(userid, attachextensionsnosize, attachsize, DNTRequest.GetString("type").Trim() == "image");
}
else
{
//处理附件
string msg = "";
StringBuilder sb = new StringBuilder();
canpostattach &= UserAuthority.PostAttachAuthority(forum, usergroupinfo, userid, ref msg);
if (!canpostattach)
{
ResponseXML(sb.Append("DISCUZUPLOAD|11|0|-1").ToString());//11,上传权限
return;
}
if (attachsize <= 0)
{
ResponseXML(sb.Append("DISCUZUPLOAD|3|0|-1").ToString());//3,附件大小超限
return;
}
//得到今天允许用户上传的附件总大小(字节)
AttachmentInfo[] attachmentinfoarray = ForumUtils.SaveRequestFiles(forumid, config.Maxattachments, usergroupinfo.Maxsizeperday, usergroupinfo.Maxattachsize, MaxTodaySize,
attachextensions, forum.Disablewatermark == 1 ? 0 : config.Watermarkstatus, config, "Filedata", DNTRequest.GetString("type") == "image");
if (attachmentinfoarray.Length > 0)//已有上传文件
{
int aId = DNTRequest.GetInt("aid", 0);
string noUpload = "";
foreach (AttachmentInfo attachmentinfo in attachmentinfoarray)
{
noUpload = string.IsNullOrEmpty(attachmentinfo.Sys_noupload) ? noUpload : attachmentinfo.Sys_noupload;
attachmentinfo.Uid = userid;
}
if (aId <= 0)
{
Attachments.CreateAttachments(attachmentinfoarray);
}
else if (string.IsNullOrEmpty(noUpload))
{
AttachmentInfo attchmentInfo = Attachments.GetAttachmentInfo(aId);
//判断当前用户是否为附件所有者
if (attchmentInfo == null || (userinfo.Adminid <= 0 && attchmentInfo.Uid != userid))
{
return;
}
attchmentInfo.Postdatetime = attachmentinfoarray[0].Postdatetime;
attchmentInfo.Filename = attachmentinfoarray[0].Filename;
attchmentInfo.Description = attachmentinfoarray[0].Description;
attchmentInfo.Filetype = attachmentinfoarray[0].Filetype;
attchmentInfo.Filesize = attachmentinfoarray[0].Filesize;
attchmentInfo.Attachment = attachmentinfoarray[0].Attachment;
attchmentInfo.Width = attachmentinfoarray[0].Width;
attchmentInfo.Height = attachmentinfoarray[0].Height;
attchmentInfo.Isimage = attachmentinfoarray[0].Isimage;
Attachments.UpdateAttachment(attchmentInfo);
}
StringBuilder text = new StringBuilder();
int type = attachmentinfoarray[0].Filetype.StartsWith("image") ? 0 : -1;
int resultCode = GetNoUploadCode(noUpload);
if (aId <= 0)
{
if (DNTRequest.GetString("action") != "swfupload")
{
text.AppendFormat("DISCUZUPLOAD|{0}|{1}|{2}", resultCode, attachmentinfoarray[0].Aid, type);
}
else
{
text.AppendFormat(resultCode != 0 ? "error" : attachmentinfoarray[0].Aid.ToString());
}
}
else
{
text.AppendFormat("DISCUZUPDATE|{0}|{1}|{2}|{3}", resultCode, attachmentinfoarray[0].Attachment, aId, type);
}
ResponseXML(text.ToString());
}
}
}
protected override void ShowPage()
{
this.pagetitle = "用户管理";
if (this.userid == -1)
{
base.AddErrLine("请先登录");
return;
}
if (ForumUtils.IsCrossSitePost() || this.action.IsNullOrEmpty())
{
base.AddErrLine("非法提交");
return;
}
if (String.IsNullOrEmpty(this.action))
{
base.AddErrLine("操作类型参数为空");
return;
}
this.admininfo = AdminGroup.FindByID(this.usergroupid);
if (this.admininfo == null)
{
base.AddErrLine("你没有管理权限");
return;
}
if (this.operateduid == -1)
{
base.AddErrLine("没有选择要操作的用户");
return;
}
this.operateduser = BBX.Entity.User.FindByID(this.operateduid);
if (this.operateduser == null)
{
base.AddErrLine("选择的用户不存在");
return;
}
if (this.operateduser.AdminID > 0)
{
base.AddErrLine("无法对拥有管理权限的用户进行操作, 请管理员登录后台进行操作");
return;
}
this.operatedusername = this.operateduser.Name;
if (!this.ispost)
{
Utils.WriteCookie("reurl", DNTRequest.GetUrlReferrer());
if (this.action == "banuser")
{
this.operationtitle = "禁止用户";
switch (this.operateduser.GroupID)
{
case 4:
this.bantype = 1;
this.groupexpiry = "(" + Utils.FormatDate(this.operateduser.GroupExpiry) + ")";
break;
case 5:
this.bantype = 2;
this.groupexpiry = "(" + Utils.FormatDate(this.operateduser.GroupExpiry) + ")";
break;
case 6:
this.bantype = 3;
this.groupexpiry = "(" + Utils.FormatDate(this.operateduser.GroupExpiry) + ")";
break;
default:
this.bantype = 0;
break;
}
if (!admininfo.AllowBanUser)
{
base.AddErrLine("您没有禁止用户的权限");
return;
}
}
}
else
{
if (this.action == "banuser")
{
this.operationtitle = "禁止用户";
this.DoBanUserOperation();
}
}
}
private void CreatePmFriendMessage()
{
int tid = DNTRequest.GetInt("tid", 0);
if (tid == 0)
{
return;
}
var tp = Topic.FindByID(tid);
this.message = string.Format("你好!我在 {0} 看到了这篇帖子,认为很有价值,特推荐给你。\r\n\r\n{1}\r\n地址 {2}\r\n\r\n希望你能喜欢。", this.config.Forumtitle, tp.Title, DNTRequest.GetUrlReferrer());
}
/// <summary>
/// 获取主题帖信息
/// </summary>
/// <param name="admininfo"></param>
/// <returns></returns>
public PostInfo GetPostAndTopic(AdminGroupInfo admininfo)
{
PostInfo postinfo = new PostInfo();
//如果帖子id和主题id都没有指定
if (postid == -1 && topicid == -1)
{
AddErrLine("无效的主题ID");
return(postinfo);
}
//如果帖子id被指定
if (postid != -1)
{
postinfo = Posts.GetPostInfo(topicid, postid);
if (postinfo == null)
{
AddErrLine("无效的帖子ID");
return(postinfo);
}
if (topicid != postinfo.Tid)
{
AddErrLine("主题ID无效");
return(postinfo);
}
//如果帖子作者是禁止发言,禁止访问,禁止IP用户组或者帖子invisible属性小于0,则不允许引用及回复
if (!string.IsNullOrEmpty(DNTRequest.GetString("quote")))
{
if (Utils.InArray(Users.GetShortUserInfo(postinfo.Posterid).Groupid.ToString(), "4,5,6") || postinfo.Invisible != 0)
{
postinfo.Message = "**** 作者被禁止或删除 内容自动屏蔽 ****";
}
if ((postinfo.Message.IndexOf("[hide]") > -1) && (postinfo.Message.IndexOf("[/hide]") > -1))
{
message = string.Format("[quote] 原帖由 [b]{0}[/b] 于 {1} 发表\r\n ***隐藏帖*** [/quote]", postinfo.Poster, postinfo.Postdatetime);
}
//message = "[quote] 原帖由 [b]" + postinfo.Poster + "[/b] 于 " + postinfo.Postdatetime + " 发表\r\n ***隐藏帖*** [/quote]";
else
{
message = string.Format("[quote]{0}\r\n [color=#999999]{1} 发表于 {2} [/color][url={3}#{4}][img]{5}images/common/back.gif[/img][/url][/size][/quote]"
, UBB.ClearAttachUBB(Utils.GetSubString(postinfo.Message, 200, "......")), postinfo.Poster, postinfo.Postdatetime, DNTRequest.GetUrlReferrer(), postid, Utils.GetRootUrl(forumpath));
}
}
}
// 获取该主题的信息
topic = Topics.GetTopicInfo(topicid);
// 如果该主题不存在
if (topic == null)
{
AddErrLine("不存在的主题ID");
return(postinfo);
}
topictitle = topic.Title.Trim();
pagetitle = topictitle;
forumid = topic.Fid;
// 如果当前用户非管理员并且该主题已关闭,不允许用户发帖
if ((admininfo == null || !Moderators.IsModer(admininfo.Admingid, userid, forumid)) && topic.Closed == 1)
{
AddErrLine("主题已关闭无法回复");
return(postinfo);
}
if (topic.Readperm > usergroupinfo.Readaccess && topic.Posterid != userid && useradminid != 1)
{
if (forum.Moderators != null && !Utils.InArray(username, forum.Moderators.Split(',')))
{
AddErrLine("本主题阅读权限为: " + topic.Readperm + ", 您当前的身份 \"" + usergroupinfo.Grouptitle + "\" 阅读权限不够");
}
}
return(postinfo);
}
private void CreatePmFriendMessage()
{
int tid = DNTRequest.GetInt("tid", 0);
if (tid == 0)
{
return;
}
message = string.Format("你好!我在 {0} 看到了这篇帖子,认为很有价值,特推荐给你。\r\n\r\n{1}\r\n地址 {2}\r\n\r\n希望你能喜欢。",
config.Forumtitle, Topics.GetTopicInfo(tid).Title, DNTRequest.GetUrlReferrer());
}
protected override void ShowPage()
{
if (config.Enablemall == 0) //未启用交易服务
{
AddErrLine("系统未开启交易服务, 当前页面暂时无法访问!");
return;
}
if (userid == -1)
{
AddErrLine("请先登录");
return;
}
if (ForumUtils.IsCrossSitePost(DNTRequest.GetUrlReferrer(), DNTRequest.GetHost()) || action == "")
{
AddErrLine("非法提交");
return;
}
goodscategoryinfo = GoodsCategories.GetGoodsCategoryInfoById(categoryid);
forumid = goodscategoryinfo.Fid;
// 检查是否具有版主的身份
ismoder = Moderators.IsModer(useradminid, userid, forumid);
// 如果拥有管理组身份
AdminGroupInfo admininfo = AdminGroups.GetAdminGroupInfo(usergroupid);
operationtitle = "操作提示";
SetUrl(base.ShowGoodsListAspxRewrite(categoryid, 0));
if (action == "")
{
AddErrLine("操作类型参数为空");
return;
}
if (forumid == -1)
{
AddErrLine("无效的商品分类ID");
return;
}
if (DNTRequest.GetFormString("goodsid") != "" && !Goods.InSameCategory(goodslist, categoryid))
{
AddErrLine("无法对非本分类商品进行管理操作");
return;
}
forum = Forums.GetForumInfo(forumid);
forumname = forum.Name;
if (!Forums.AllowViewByUserId(forum.Permuserlist, userid)) //判断当前用户在当前版块浏览权限
{
if (forum.Viewperm == null || forum.Viewperm == string.Empty) //当板块权限为空时,按照用户组权限
{
if (useradminid != 1 && (usergroupinfo.Allowvisit != 1 || usergroupinfo.Allowtrade != 1))
{
AddErrLine("您当前的身份 \"" + usergroupinfo.Grouptitle + "\" 没有浏览该商品的权限");
return;
}
}
else //当板块权限不为空,按照板块权限
{
if (!Forums.AllowView(forum.Viewperm, usergroupid))
{
AddErrLine("您没有浏览该商品的权限");
return;
}
}
}
pagetitle = Utils.RemoveHtml(forumname);
forumnav = ForumUtils.UpdatePathListExtname(forum.Pathlist.Trim(), config.Extname);
if (goodslist.CompareTo("") == 0)
{
AddErrLine("您没有选择商品或相应的管理操作,请返回修改");
return;
}
if (operation.CompareTo("") != 0)
{
// DoOperations执行管理操作
if (!DoOperations(forum, admininfo, config.Reasonpm))
{
return;
}
}
if (action.CompareTo("moderate") != 0)
{
if ("delete,highlight,close".IndexOf(operation) == -1)
{
AddErrLine("你无权操作此功能");
return;
}
operation = action;
}
else
{
if (operation.CompareTo("") == 0)
{
operation = DNTRequest.GetString("operat");
}
if (operation.CompareTo("") == 0)
{
AddErrLine("您没有选择商品或相应的管理操作,请返回修改");
return;
}
}
if (!BindTitle())
{
return;
}
}
public feedproxy()
{
if (ForumUtils.IsCrossSitePost(DNTRequest.GetUrlReferrer(), DNTRequest.GetHost()))
{
return;
}
// if (ForumUtils.IsCrossSitePost())
// return;
XmlDocument doc = new XmlDocument();
string url = DNTRequest.GetQueryString("url");
if (url == null || url == string.Empty)
{
return;
}
url = HttpUtility.UrlDecode(url);
string enc = "utf-8";
if (DNTRequest.GetQueryString("enc") != "")
{
enc = DNTRequest.GetQueryString("enc");
}
string err = "";
HttpWebResponse response = Globals.GetPageResponse(url, out err);
if (response == null)
{
HttpContext.Current.Response.Write(err);
HttpContext.Current.Response.End();
return;
}
Encoding encoding = Encoding.GetEncoding(enc);
HttpContext.Current.Response.ContentType = "text/html"; //response.ContentType;
HttpContext.Current.Response.ContentEncoding = Encoding.UTF8;
Stream instream = response.GetResponseStream();
doc.Load(instream);
XmlNode rootnode = doc.SelectSingleNode("/rss/channel");
StringBuilder json = new StringBuilder("{");
foreach (XmlNode node in rootnode.ChildNodes)
{
switch (node.Name.ToLower())
{
case "image":
break;
case "item":
break;
default:
json.AppendFormat("\"{0}\":\"{1}\",", node.Name.ToLower(), node.InnerText.Replace("\"", "\\\""));
break;
}
}
json.Remove(json.Length - 1, 1);
json.Append(",\"items\":[");
XmlNodeList items = doc.SelectNodes("/rss/channel/item");
foreach (XmlNode node in items)
{
json.Append("{");
foreach (XmlNode newnode in node)
{
json.AppendFormat(@"""{0}"":""{1}"",", newnode.Name.ToLower(), newnode.InnerText.Replace("\"", "\\\"").Replace("\n", "\\n").Replace("\r", ""));
}
json.Remove(json.Length - 1, 1);
json.Append("},");
}
json.Remove(json.Length - 1, 1);
json.Append("]}");
HttpContext.Current.Response.Clear();
HttpContext.Current.Response.Write(json.ToString());
HttpContext.Current.Response.End();
}
protected override void ShowPage()
{
pagetitle = "用户登录";
postusername = Utils.UrlDecode(DNTRequest.GetString("postusername")).Trim();
if (this.userid != -1)
{
//SetUrl("/Forum/");
SetMetaRefresh();
SetShowBackLink(false);
AddMsgLine("您已经登录,无须重复登录");
ispost = true;
SetLeftMenuRefresh();
APIConfigInfo apiInfo = APIConfigs.GetConfig();
if (apiInfo.Enable)
{
APILogin(apiInfo);
}
}
/*
* if (LoginLogs.UpdateLoginLog(DNTRequest.GetIP(), false) >= 5)
* {
* AddMsgLine("您已经多次输入密码错误, 请15分钟后再登录");
* loginsubmit = false;
* return;
* }
*/
//未提交或跨页提交时
if (!DNTRequest.IsPost() || referer != "")
{
string r = "";
if (referer != "")
{
r = referer;
}
else
{
if ((DNTRequest.GetUrlReferrer() == "") || (DNTRequest.GetUrlReferrer().IndexOf("login") > -1) ||
DNTRequest.GetUrlReferrer().IndexOf("logout") > -1)
{
r = "index.aspx";
}
else
{
r = DNTRequest.GetUrlReferrer();
}
}
Utils.WriteCookie("reurl", (DNTRequest.GetQueryString("reurl") == "" || DNTRequest.GetQueryString("reurl").IndexOf("login.aspx") > -1) ? r : DNTRequest.GetQueryString("reurl"));
}
//如果提交...
if (DNTRequest.IsPost())
{
StringBuilder builder = new StringBuilder();
foreach (string key in System.Web.HttpContext.Current.Request.QueryString.AllKeys)
{
if (key != "postusername")
{
builder.Append("&");
builder.Append(key);
builder.Append("=");
builder.Append(DNTRequest.GetQueryString(key));
}
}
base.SetBackLink("login.aspx?postusername="******"username")) + builder.ToString());
//如果没输入验证码就要求用户填写
if (isseccode && DNTRequest.GetString("vcode") == "")
{
postusername = DNTRequest.GetString("username");
loginauth = DES.Encode(DNTRequest.GetString("password"), config.Passwordkey).Replace("+", "[");
loginsubmit = true;
return;
}
bool isExistsUserByName = Discuz.Forum.Users.Exists(DNTRequest.GetString("username"));
if (!isExistsUserByName)
{
Discuz.Data.DatabaseProvider.GetInstance().ClubLoginLog(1, -1, System.Web.HttpContext.Current.Request.UserHostAddress, 7);
AddErrLine("用户不存在");
}
if (DNTRequest.GetString("password").Equals("") && DNTRequest.GetString("loginauth") == "")
{
AddErrLine("密码不能为空");
}
if (IsErr())
{
return;
}
if (!Utils.StrIsNullOrEmpty(loginauth))
{
postpassword = DES.Decode(loginauth.Replace("[", "+"), config.Passwordkey);
}
else
{
postpassword = DNTRequest.GetString("password");
}
if (postusername == "")
{
postusername = DNTRequest.GetString("username");
}
int uid = -1;
if (config.Passwordmode == 1)
{
if (config.Secques == 1 && (!Utils.StrIsNullOrEmpty(loginauth) || !loginsubmit))
{
uid = Discuz.Forum.Users.CheckDvBbsPasswordAndSecques(postusername,
postpassword,
DNTRequest.GetInt("question", 0),
DNTRequest.GetString("answer"));
}
else
{
uid = Discuz.Forum.Users.CheckDvBbsPassword(postusername, postpassword);
}
}
else
{
if (config.Secques == 1 && (!Utils.StrIsNullOrEmpty(loginauth) || !loginsubmit))
{
uid = Discuz.Forum.Users.CheckPasswordAndSecques(postusername,
postpassword,
true,
DNTRequest.GetInt("question", 0),
DNTRequest.GetString("answer"));
}
else
{
uid = Discuz.Forum.Users.CheckPassword(postusername, postpassword, true);
}
}
if (uid != -1)
{
ShortUserInfo userinfo = Discuz.Forum.Users.GetShortUserInfo(uid);
if (userinfo.Groupid == 8)
{
AddErrLine("抱歉, 您的用户身份尚未得到验证");
if (config.Regverify == 1)
{
AddMsgLine("请您到您的邮箱中点击激活链接来激活您的帐号");
}
if (config.Regverify == 2)
{
AddMsgLine("您需要等待一些时间, 待系统管理员审核您的帐户后才可登录使用");
}
loginsubmit = false;
}
else
{
if (!Utils.StrIsNullOrEmpty(userinfo.Secques) && loginsubmit && Utils.StrIsNullOrEmpty(DNTRequest.GetString("loginauth")))
{
loginauth = DES.Encode(DNTRequest.GetString("password"), config.Passwordkey).Replace("+", "[");
}
else
{
LoginLogs.DeleteLoginLog(DNTRequest.GetIP());
UserCredits.UpdateUserCredits(uid);
ForumUtils.WriteUserCookie(
uid,
Utils.StrToInt(DNTRequest.GetString("expires"), -1),
config.Passwordkey,
DNTRequest.GetInt("templateid", 0),
DNTRequest.GetInt("loginmode", -1));
OnlineUsers.UpdateAction(olid, UserAction.Login.ActionID, 0);
//无延迟更新在线信息
oluserinfo = OnlineUsers.UpdateInfo(config.Passwordkey, config.Onlinetimeout);
olid = oluserinfo.Olid;
Discuz.Forum.Users.UpdateUserLastvisit(uid, DNTRequest.GetIP());
string reurl = Utils.UrlDecode(ForumUtils.GetReUrl());
if (reurl.IndexOf("register.aspx") < 0)
{
SetUrl(reurl);
}
else
{
SetUrl("index.aspx");
}
APIConfigInfo apiInfo = APIConfigs.GetConfig();
if (apiInfo.Enable)
{
APILogin(apiInfo);
}
Discuz.Forum.Users.SaveUserIDToCookie(uid);
Discuz.Data.DatabaseProvider.GetInstance().ClubLoginLog(1, uid, System.Web.HttpContext.Current.Request.UserHostAddress, 5);
AddMsgLine("登录成功, 返回登录前页面");
userid = uid;
usergroupinfo = UserGroups.GetUserGroupInfo(userinfo.Groupid);
// 根据用户组得到相关联的管理组id
useradminid = usergroupinfo.Radminid;
SetMetaRefresh();
SetShowBackLink(false);
SetLeftMenuRefresh();
loginsubmit = false;
}
}
}
else
{
int errcount = LoginLogs.UpdateLoginLog(DNTRequest.GetIP(), true);
if (errcount > 5)
{
AddErrLine("您已经输入密码5次错误, 请15分钟后再试");
}
else
{
if (isExistsUserByName)
{
uid = Discuz.Data.DatabaseProvider.GetInstance().GetuidByusername(postusername);
}
Discuz.Data.DatabaseProvider.GetInstance().ClubLoginLog(1, uid, System.Web.HttpContext.Current.Request.UserHostAddress, 6);
AddErrLine(string.Format("密码或安全提问第{0}次错误, 您最多有5次机会重试", errcount.ToString()));
}
}
}
}
public AjaxPage()
{
config = GeneralConfigs.GetConfig();
//如果是Flash提交
if (Utils.StrIsNullOrEmpty(DNTRequest.GetUrlReferrer()))
{
string[] input = DecodeUid(DNTRequest.GetString("input")).Split(','); //下标0为Uid,1为Olid
UserInfo userInfo = Users.GetUserInfo(TypeConverter.StrToInt((input[0])));
if (userInfo == null || DNTRequest.GetString("appid") != Utils.MD5(userInfo.Username + userInfo.Password + userInfo.Uid + input[1]))
{
return;
}
}
else if (ForumUtils.IsCrossSitePost(DNTRequest.GetUrlReferrer(), DNTRequest.GetHost())) //如果是跨站提交...
{
return;
}
string type = DNTRequest.GetString("t");
if (Utils.InArray(type, "deleteattach,getattachlist,deletepostsbyuidanddays,deletepost,ignorepost,passpost,deletetopic,ignoretopic,passtopic,getimagelist,getblocklist,getpagelist,forumtree,topictree,quickreply,report,getdebatepostpage,confirmbuyattach,getnewpms,getnewnotifications,getajaxforums,checkuserextcredit,diggdebates,imagelist,debatevote"))
{
//如果需要验证用户身份,跳转至继承了PageBase的页面
try
{
HttpContext.Current.Server.Transfer("sessionajax.aspx?t=" + type + "&reason=" + DNTRequest.GetString("reason"));
}
catch //子页面请求错误,期待更好方案
{ }
return;
}
switch (type)
{
case "checkusername":
CheckUserName(); //检查用户名是否存在
break;
case "album": //相册
GetAlbum();
break;
case "checkrewritename":
CheckRewriteName();
break;
case "ratelist":
GetRateLogList(); //帖子评分记录
break;
case "smilies":
GetSmilies();
break;
case "relatekw":
GetRelateKeyword();
break;
case "gettopictags":
GetTopicTags();
break;
case "topicswithsametag":
GetTopicsWithSameTag();
break;
case "getforumhottags":
GetForumHotTags();
break;
case "getspaceposttags":
GetSpacePostTags();
break;
case "getspacehottags":
GetSpaceHotTags();
break;
case "getphototags":
GetPhotoTags();
break;
case "getphotohottags":
GetPhotoHotTags();
break;
case "getgoodstradelog":
GetGoodsTradeLog(DNTRequest.GetInt("goodsid", 0), DNTRequest.GetInt("pagesize", 0), DNTRequest.GetInt("pageindex", 0), DNTRequest.GetString("orderby", true), DNTRequest.GetInt("ascdesc", 1));
break;
case "getgoodsleavewordbyid":
GetGoodsLeaveWordById(DNTRequest.GetInt("leavewordid", 0));
break;
case "getgoodsleaveword":
GetGoodsLeaveWord(DNTRequest.GetInt("goodsid", 0), DNTRequest.GetInt("pagesize", 0), DNTRequest.GetInt("pageindex", 0));
break;
case "ajaxgetgoodsratelist":
GetGoodsRatesList(DNTRequest.GetInt("uid", 0), DNTRequest.GetInt("uidtype", 0), DNTRequest.GetInt("ratetype", 0), DNTRequest.GetString("filter", true));
break;
case "getmallhottags":
GetMallHotTags();
break;
case "gethotgoods":
GetHotGoods(DNTRequest.GetInt("days", 0), DNTRequest.GetInt("categoryid", 0), DNTRequest.GetInt("count", 0));
break;
case "getshopinfo": //获取热门或新开的店铺信息
GetShopInfoJson(DNTRequest.GetInt("shoptype", 0));
break;
case "getgoodslist":
GetGoodsList(DNTRequest.GetInt("categoryid", 0), DNTRequest.GetInt("order", 0), DNTRequest.GetInt("topnumber", 0));
break;
case "gethotdebatetopic":
Getdebatesjsonlist("gethotdebatetopic", DNTRequest.GetString("tidlist", true));
break;
case "recommenddebates":
Getdebatesjsonlist("recommenddebates", DNTRequest.GetString("tidlist", true));
break;
case "addcommentdebates":
ResponseXML(Debates.CommentDabetas(DNTRequest.GetInt("tid", 0), DNTRequest.GetString("commentdebates", true), DNTRequest.IsPost()));
break;
case "getpostinfo":
GetPostInfo();
break;
case "getattachpaymentlog": //获取指定符件id的附件交易日志
GetAttachPaymentLogByAid(DNTRequest.GetInt("aid", 0));
break;
case "getiplist":
GetIpList();
break;
case "getforumtopictypelist":
GetForumTopicTypeList();
break;
case "image":
GetImage();
break;
case "resetemail":
ResetEmail();
break;
}
if (DNTRequest.GetString("Filename") != "" && DNTRequest.GetString("Upload") != "")
{
string uid = DecodeUid(DNTRequest.GetString("input")).Split(',')[0];
ResponseText(UploadTempAvatar(uid));
return;
}
if (DNTRequest.GetString("avatar1") != "" && DNTRequest.GetString("avatar2") != "" && DNTRequest.GetString("avatar3") != "")
{
string uid = DecodeUid(DNTRequest.GetString("input")).Split(',')[0];
CreateDir(uid);
if (!(SaveAvatar("avatar1", uid) && SaveAvatar("avatar2", uid) && SaveAvatar("avatar3", uid)))
{
File.Delete(Utils.GetMapPath(BaseConfigs.GetForumPath + "upload\\temp\\avatar_" + uid + ".jpg"));
ResponseText("<?xml version=\"1.0\" ?><root><face success=\"0\"/></root>");
return;
}
File.Delete(Utils.GetMapPath(BaseConfigs.GetForumPath + "upload\\temp\\avatar_" + uid + ".jpg"));
ResponseText("<?xml version=\"1.0\" ?><root><face success=\"1\"/></root>");
return;
}
}
protected override void ShowPage()
{
pagetitle = "用户退出";
username = "******";
int uid = userid;
userid = -2;
StringBuilder script = new StringBuilder();
script.Append("if (top.document.getElementById('leftmenu')){");
script.Append(" top.frames['leftmenu'].location.reload();");
script.Append("}");
base.AddScript(script.ToString());
string referer = DNTRequest.GetQueryString("reurl");
if (!DNTRequest.IsPost() || referer != "")
{
string r = "";
if (referer != "")
{
r = referer;
}
else
{
if ((DNTRequest.GetUrlReferrer() == "") || (DNTRequest.GetUrlReferrer().IndexOf("login") > -1) ||
DNTRequest.GetUrlReferrer().IndexOf("logout") > -1)
{
r = "index.aspx";
}
else
{
r = DNTRequest.GetUrlReferrer();
}
}
Utils.WriteCookie("reurl", (referer == "" || referer.IndexOf("login.aspx") > -1) ? r : referer);
}
SetUrl(Utils.UrlDecode(ForumUtils.GetReUrl()));
SetMetaRefresh();
SetShowBackLink(false);
if (DNTRequest.GetString("userkey") == userkey || IsApplicationLogout())
{
AddMsgLine("已经清除了您的登录信息, 稍后您将以游客身份返回首页");
//Users.UpdateOnlineTime(uid);
OnlineUsers.DeleteRows(olid);
ForumUtils.ClearUserCookie();
Utils.WriteCookie(Utils.GetTemplateCookieName(), "", -999999);
System.Web.HttpCookie cookie = new System.Web.HttpCookie("dntadmin");
System.Web.HttpContext.Current.Response.AppendCookie(cookie);
//System.Web.Security.FormsAuthentication.SignOut();
}
else
{
AddMsgLine("无法确定您的身份, 稍后返回首页");
}
Discuz.Forum.Users.RemoveUserIDFromCookie();
}
protected override void ShowPage()
{
pagetitle = "用户管理";
if (userid == -1)
{
AddErrLine("请先登录");
return;
}
if (ForumUtils.IsCrossSitePost(DNTRequest.GetUrlReferrer(), DNTRequest.GetHost()) || Utils.StrIsNullOrEmpty(action))
{
AddErrLine("非法提交");
return;
}
if (action == "")
{
AddErrLine("操作类型参数为空");
return;
}
// 如果拥有管理组身份
admininfo = AdminGroups.GetAdminGroupInfo(usergroupid);
// 如果所属管理组不存在
if (admininfo == null)
{
AddErrLine("你没有管理权限");
return;
}
if (operateduid == -1)
{
AddErrLine("没有选择要操作的用户");
return;
}
operateduser = Users.GetShortUserInfo(operateduid);
if (operateduser == null)
{
AddErrLine("选择的用户不存在");
return;
}
if (operateduser.Adminid > 0)
{
AddErrLine("无法对拥有管理权限的用户进行操作, 请管理员登录后台进行操作");
return;
}
operatedusername = operateduser.Username;
if (!ispost)
{
Utils.WriteCookie("reurl", DNTRequest.GetUrlReferrer());
if (action == "banuser")
{
operationtitle = "禁止用户";
switch (operateduser.Groupid)
{
case 4:
bantype = 1;
groupexpiry = "(" + Utils.FormatDate(operateduser.Groupexpiry) + ")";
break;
case 5:
bantype = 2;
groupexpiry = "(" + Utils.FormatDate(operateduser.Groupexpiry) + ")";
break;
case 6:
bantype = 3;
groupexpiry = "(" + Utils.FormatDate(operateduser.Groupexpiry) + ")";
break;
default:
bantype = 0;
break;
}
if (admininfo.Allowbanuser != 1)
{
AddErrLine("您没有禁止用户的权限");
return;
}
}
}
else if (action == "banuser")
{
operationtitle = "禁止用户";
DoBanUserOperation();
}
}
protected override void ShowPage()
{
pagetitle = "用户管理";
operationtitle = "操作提示";
if (userid == -1)
{
AddErrLine("请先登录");
return;
}
action = DNTRequest.GetQueryString("action");
if (ForumUtils.IsCrossSitePost(DNTRequest.GetUrlReferrer(), DNTRequest.GetHost()) || action == "")
{
AddErrLine("非法提交");
return;
}
if (action == "")
{
AddErrLine("操作类型参数为空");
return;
}
// 如果拥有管理组身份
admininfo = AdminGroups.GetAdminGroupInfo(useradminid);
// 如果所属管理组不存在
if (admininfo == null)
{
AddErrLine("你没有管理权限");
return;
}
operateduid = DNTRequest.GetInt("uid", -1);
if (operateduid == -1)
{
AddErrLine("没有选择要操作的用户");
return;
}
operateduser = Discuz.Forum.Users.GetShortUserInfo(operateduid);
if (operateduser == null)
{
AddErrLine("选择的用户不存在");
return;
}
if (operateduser.Adminid > 0)
{
AddErrLine("无法对拥有管理权限的用户进行操作, 请管理员登录后台进行操作");
return;
}
operatedusername = operateduser.Username;
if (!ispost)
{
Utils.WriteCookie("reurl", DNTRequest.GetUrlReferrer());
switch (action)
{
case "banuser":
operationtitle = "禁止用户";
switch (operateduser.Groupid)
{
case 4:
bantype = 1;
break;
case 5:
bantype = 2;
break;
case 6:
bantype = 3;
break;
default:
bantype = 0;
break;
}
if (!ValidateBanUser())
{
AddErrLine("您没有禁止用户的权限");
return;
}
break;
default:
break;
}
}
else
{
switch (action)
{
case "banuser":
operationtitle = "禁止用户";
DoBanUserOperation();
break;
default:
break;
}
}
}
