Skip to content

whatsns内容付费问答系统
whatsns内容付费问答系统

huangxuan258 / whatsns内容付费问答系统
2021-04-29 05:05:01同步失败

通知 3
Star 2
Fork 1
whatsns内容付费问答系统
whatsns内容付费问答系统

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 72c65132 编写于 作者: huangxuan258's avatar huangxuan258
浏览文件
操作

升级前端登录存储机制,废弃cookie存储以免带来存储漏洞

上级 6f48c94d
隐藏空白更改
内联 并排
Showing with 130 addition and 97 deletion
application/models/User_model.php
浏览文件 @ 72c65132
......@@ -354,75 +354,68 @@ class User_model extends CI_Model {
}
function refresh($uid, $islogin = 1, $cookietime = 0) {
$uid=intval($uid);
@$sid = tcookie ( 'sid' );
global $user;
$query = $this->db->select ( '*' )->from ( 'user' )->join ( 'usergroup', 'usergroup.groupid=user.groupid' )->where ( array (
'user.uid' => $uid
'user.uid' => $uid
) )->get ();
$user = $query->row_array ();
$this->db->set ( 'lastlogin', time () )->where ( array (
'uid' => $uid
'uid' => $uid
) )->update ( 'user' );
$this->db->where ( array (
'uid' => $uid,
'time<' => time ()
'time<' => time ()
) )->delete ( 'session' );
$data = array (
'sid' => $sid,
'uid' => $uid,
'islogin' => $islogin,
'ip' => getip (),
'time' => time ()
);
$this->db->replace ( 'session', $data );
$password = $user ['password'];
$auth = authcode ( "$uid\t$password", 'ENCODE' );
if ($cookietime)
tcookie ( 'auth', $auth, $cookietime );
else
tcookie ( 'auth', $auth );
if(!$_SESSION){
session_start();
}
$_SESSION['loginuid']=$uid;
$_SESSION['loginpassword']=$password;
$user ['newmsg'] = 0;
}
// function refresh($uid, $islogin = 1, $cookietime = 0) {
// $uid=intval($uid);
// @$sid = tcookie ( 'sid' );
// global $user;
tcookie ( 'loginuser', '' );
$user ['newmsg'] = 0;
}
// $query = $this->db->select ( '*' )->from ( 'user' )->join ( 'usergroup', 'usergroup.groupid=user.groupid' )->where ( array (
// 'user.uid' => $uid
// ) )->get ();
// $user = $query->row_array ();
// $this->db->set ( 'lastlogin', time () )->where ( array (
// 'uid' => $uid
// ) )->update ( 'user' );
// $this->db->where ( array (
// 'uid' => $uid,
// 'time<' => time ()
// ) )->delete ( 'session' );
// $data = array (
// 'sid' => $sid,
// 'uid' => $uid,
// 'islogin' => $islogin,
// 'ip' => getip (),
// 'time' => time ()
// );
// $this->db->replace ( 'session', $data );
// $password = $user ['password'];
// $auth = authcode ( "$uid\t$password", 'ENCODE' );
// if ($cookietime)
// tcookie ( 'auth', $auth, $cookietime );
// else
// tcookie ( 'auth', $auth );
// tcookie ( 'loginuser', '' );
// $user ['newmsg'] = 0;
// }
function refresh_session_time($sid, $uid) {
$lastrefresh = intval ( tcookie ( "lastrefresh" ) );
if (! $lastrefresh) {
if ($uid) {
$data = array (
'time' => time ()
);
$this->db->where ( 'sid', $sid );
$this->db->update ( 'session', $data );
} else {
$query = $this->db->get_where ( 'session', array (
'sid' => $sid
) );
$session = $query->row_array ();
if ($session) {
$data = array (
'time' => time ()
);
$this->db->where ( 'sid', $sid );
$this->db->update ( 'session', $data );
} else {
// $this->db->where ( 'uid', $uid );
// $this->db->delete ( 'session' );
$data = array (
'sid' => $sid,
'ip' => $this->input->ip_address (),
'time' => time ()
);
$this->db->insert ( 'session', $data );
}
}
tcookie ( "lastrefresh", '1', 60 );
}
}
/* 添加用户,本函数需要返回uid */
......@@ -489,6 +482,7 @@ class User_model extends CI_Model {
}
function adduserapi($username, $password, $email = '', $groupid = 7, $uid = 0, $phone = 0) {
$password = md5 ( $password );
if ($uid) {
$data = array (
'uid' => $uid,
......@@ -532,6 +526,12 @@ class User_model extends CI_Model {
$uid = $this->db->insert_id ();
}
if(FROMUC){
//更新用户密码
$salt=random(6);//加盐
$newpwd=md5($password.$salt);
$this->db->query("update ".$this->db->dbprefix."user set salt='$salt' , password='$newpwd' where uid=$uid ");
}
return $uid;
}
// 更新注册邀请码
......@@ -721,16 +721,19 @@ class User_model extends CI_Model {
$tables = array (
'question',
'topic',
'ask_articlecomment',
'articlecomment',
'answer'
);
$this->db->where_in ( 'authorid', explode ( ',', $uids ) );
$this->db->delete ( $tables );
$this->db->set ( 'answers', 'answers-1', FALSE )->where_in ( 'authorid', explode ( ',', $uids ) )->update ( 'question' );
}
$_uids = explode ( ',', $uids );
$this->db->where_in('uid',$_uids)->delete('tag_item');
$this->db->where_in('authorid',$_uids)->delete('doing');
if(strstr($uids,',')){
$uids = explode ( ',', $uids );
}
$this->db->where_in('uid',$uids)->delete('tag_item');
$this->db->where_in('authorid',$uids)->delete('doing');
}
function logout() {
......@@ -747,6 +750,19 @@ class User_model extends CI_Model {
'uid' => $user ['uid'],
'time<' => $lasttime ['time']
) )->delete ( 'session' );
if(!$_SESSION){
//开启 Session
session_start();
}
// 删除所有 Session 变量
$_SESSION = array();
//判断 cookie 中是否保存 Session ID
if(isset($_COOKIE[session_name()])){
setcookie(session_name(),'',time()-3600, '/');
}
//彻底销毁 Session
session_destroy();
}
function save_code($code,$codename="code") {
if (! isset ( $_SESSION )) {
......
plugin/qqlogin/callback.php
浏览文件 @ 72c65132
......@@ -50,8 +50,10 @@ $openid = $qc->get_openid ();
$qc = new QC ( $token, $openid );
if(isset($_SESSION)){
if($_SESSION['uid']){
$uid=$_SESSION['uid'];
if($_SESSION['loginuid']){
$uid=$_SESSION['loginuid'];
add_auth ( $token, $openid, $uid );
header ( "Location:" . url('user/mycategory') );
......@@ -62,20 +64,26 @@ if(isset($_SESSION)){
$user = get_by_openid ( $openid, $token );
$uid = $user ['uid'];
if ($user) {
add_auth ( $token, $openid, $uid );
refresh ( $user );
if (! isset ( $_SESSION )) {
session_start ();
}
if(isset($_SESSION ['forward'])){
header("Location:".$_SESSION ['forward']);
}else{
$forward = isset ( $_SERVER ['HTTP_REFERER'] ) ? $_SERVER ['HTTP_REFERER'] : SITE_URL;
if(strstr($forward,'graph.qq.com')){
$forward=SITE_URL;
}
header ( "Location:" . $forward );
}
exit ();
} else {
if (! $setting ['allow_register']) {
header ( "Content-Type: text/html;charset=utf-8" );
exit ( "系统注册功能暂时处于关闭状态!" );
......@@ -392,12 +400,14 @@ function refresh($user) {
$uid = $user ['uid'];
$password = $user ['password'];
$time = time ();
$sid = tcookie ( 'sid' );
$db->query ( "UPDATE " . DB_TABLEPRE . "user SET `lastlogin`=$time WHERE `uid`=$uid" ); //更新最后登录时间
$db->query ( "REPLACE INTO " . DB_TABLEPRE . "session (sid,uid,islogin,ip,`time`) VALUES ('$sid',$uid,1,'" . getip () . "',$time)" );
$auth = authcode ( "$uid\t$password", 'ENCODE' );
tcookie ( 'auth', $auth );
tcookie ( 'loginuser', '' );
if(!$_SESSION){
session_start();
}
$_SESSION['loginuid']=$uid;
$_SESSION['loginpassword']=$password;
}
?>
plugin/sinalogin/callback.php
浏览文件 @ 72c65132
......@@ -57,15 +57,19 @@ if ($token_arr) {
$c = new SaeTClientV2 ( WB_AKEY, WB_SKEY, $token );
$sid = tcookie ( 'sid' );
$auth = tcookie ( 'auth' );
$user = array ();
if(!isset($_SESSION)){
session_start();
list ( $uid, $password ) = empty ( $auth ) ? array (
0,
0
) : taddslashes ( explode ( "\t", authcode ( $auth, 'DECODE' ) ), 1 );
}
$uid=0;
$password='';
if($_SESSION['loginuid']){
$uid=intval($_SESSION['loginuid']);
}
if($_SESSION['loginpassword']){
$password=$_SESSION['loginpassword'];
}
if ($uid && $password) {
$user = get_user ( $uid );
if ($password != $user ['password']) {
......@@ -93,6 +97,9 @@ if ($token_arr) {
header("Location:".$_SESSION ['forward']);
}else{
$forward = isset ( $_SERVER ['HTTP_REFERER'] ) ? $_SERVER ['HTTP_REFERER'] : SITE_URL;
if(strstr($forward,'graph.qq.com')){
$forward=SITE_URL;
}
header ( "Location:" . $forward );
}
exit ();
......@@ -447,15 +454,15 @@ function refresh($user) {
global $db, $setting;
$uid = $user ['uid'];
$password = $user ['password'];
$time = time ();
$sid = tcookie ( 'sid' );
$db->query ( "UPDATE " . DB_TABLEPRE . "user SET `lastlogin`=$time WHERE `uid`=$uid" ); // 更新最后登录时间
$db->query ( "REPLACE INTO " . DB_TABLEPRE . "session (sid,uid,islogin,ip,`time`) VALUES ('$sid',$uid,1,'" . getip () . "',$time)" );
$auth = authcode ( "$uid\t$password", 'ENCODE' );
tcookie ( 'auth', $auth );
tcookie ( 'loginuser', '' );
$db->query ( "UPDATE " . DB_TABLEPRE . "user SET `lastlogin`=$time WHERE `uid`=$uid" ); //更新最后登录时间
if(!$_SESSION){
session_start();
}
$_SESSION['loginuid']=$uid;
$_SESSION['loginpassword']=$password;
}
?>
system/core/Controller.php
浏览文件 @ 72c65132
......@@ -190,18 +190,21 @@ class CI_Controller {
$usergroup = $this->usergroup = $this->cache->load ( 'usergroup', 'groupid' );
}
function init_user() {
@$sid = tcookie ( 'sid' );
@$auth = tcookie ( 'auth' );
global $user;
$user = array ();
@list ( $uid, $password ) = empty ( $auth ) ? array (
0,
0
) : taddslashes ( explode ( "\t", authcode ( $auth, 'DECODE' ) ), 1 );
if (! $sid) {
$sid = substr ( md5 ( time () . $this->input->ip_address () . random ( 6 ) ), 16, 16 );
tcookie ( 'sid', $sid, 1800 );
if(!$_SESSION){
session_start();
}
$uid=0;
$password='';
if($_SESSION['loginuid']){
$uid=intval($_SESSION['loginuid']);
}
if($_SESSION['loginpassword']){
$password=$_SESSION['loginpassword'];
}
$this->load->model ( 'user_model' );
if ($uid && $password) {
$user = $this->user_model->get_by_uid ( $uid, 0 );
......@@ -225,13 +228,11 @@ class CI_Controller {
exit ( "您已被网站管理员拉黑" );
}
if ($user ['uid'] && $user ['invatecode'] == null) {
$this->user_model->sendinvatecodetouid ( $user ['uid'] );
}
$this->user_model->refresh_session_time ( $sid, $user ['uid'] );
$user ['sid'] = $sid;
$user ['ip'] = $this->input->ip_address ();
$user ['ip'] =getip();
$user ['uid'] && $user ['loginuser'] = $user ['username'];
$user ['avatar'] = get_avatar_dir ( $user ['uid'] );
......@@ -240,16 +241,15 @@ class CI_Controller {
// 如果用户登录,且携带邀请被邀请注册的邀请码,则自动成为被邀请人
// frominvatecode
if (! isset ( $user ['frominvatecode'] )) {
// 如果不存在则绑定
if (! isset ( $_SESSION )) {
session_start ();
}
if (isset ( $_SESSION ['invatecode'] ) && $user ['invatecode'] != $_SESSION ['invatecode']) {
$this->user_model->updateinvatecode ( $user ['uid'], $_SESSION ['invatecode'] );
unset ( $_SESSION ['invatecode'] );
}
}
}else{
session_destroy();
}
}
/**
*
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册