所以我将我的IPB安装设置为奴隶,并将PHPFox安装为我的主人。 当我登录PHPFox时,我将使用的所有信息都被放入cookie中,因为它是支持的。当我去我的论坛时,我仍然可以看到所有信息的cookie,但我还没有登录...这是为什么?
PHPFox和IPB都使用md5哈希和salt。唯一的区别是IPB中的盐是5长和PHPFox 3.但是我认为没有任何说法,因为它在IPS连接中再次被哈希
这是我在模板文件中输入的代码:
{if Phpfox::isUser() && !Phpfox::getUserBy('profile_page_id')}
<?php
setcookie( 'ipscm_user', Phpfox::getUserBy('user_name'), time()+60*60*24*30, '/' );
setcookie( 'ipscm_pass', Phpfox::getLib('hash')->setHash('password'), time()+60*60*24*30, '/' );
setcookie( 'ipsconnect_' . md5( $url . 'ipsconnect.php' ), '1', time()+60*60*24*30, '/' );
?>
{/if}
这是我的IPSConnect.php文件。有没有办法关闭调试模式,所以我可以看看是否有任何错误? include.php文件连接到数据库并检查用户是否匹配表。当我在包含文件中打印时,所有信息都是正确的。
<?php
/**
*
* @class ipsConnect
* @brief This is where you put the code for your application
*
*/
class ipsConnect
{
/**
* Constructor
*
* Use this to do any initiation required by your application
*/
public function __construct()
{
$this->secret_key = '----';
require_once 'include.php';
$this->url = 'http://www.simgoodies.com/com';
$this->url_to_this_file = $this->url . '/ipsconnect.php';
$this->db = $db;
}
/**
* Process Login
*
* @param string Identifier - may be 'id', 'email' or 'username'
* @param string Value for identifier (for example, the user's ID number)
* @param string The password, md5 encoded
* @param string md5( IPS Connect Key (see login method) . Identifier Value )
* @param string Redirect URL, Base64 encoded
* @param string md5( IPS Connect Key . $redirect )
* @return mixed If the redirect URL is provided, this function should redirect the user to that URL with three additional paramaters:
* connect_status value from below
* connect_id the ID number in this app
* connect_username the username
* connect_displayname the display name
* connect_email the email address
* connect_unlock If the account is locked, the number of seconds until it unlocks
* If blank, will output to screen a JSON object with the same parameters
* Values:
* SUCCESS login successful
* WRONG_AUTH Password incorrect
* NO_USER Identifier did not match member account
* MISSING_DATA Identifier or password was blank
* ACCOUNT_LOCKED Account has been locked by brute-force prevention
* VALIDATING Account has not been validated
*/
public function login( $identifier, $identifierValue, $md5Password, $key, $redirect, $redirectHash )
{
if ( $redirect )
{
$redirect = ( ( $key == md5( $this->masterKey . $identifierValue ) ) and ( $redirectHash == md5( $this->masterKey . $redirect ) ) ) ? $redirect : base64_encode( $this->url );
}
if ( !$identifier or !$identifierValue or !$md5Password )
{
$this->_return( $redirect, array( 'connect_status' => 'MISSING_DATA' ) );
}
switch ( $identifier )
{
case 'id':
$user = $this->db->query( "SELECT * FROM phpfox_user WHERE user_id=" . intval( $identifierValue ) )->fetch_array();
break;
case 'username':
$user = $this->db->query( "SELECT * FROM phpfox_user WHERE user_name='". $this->db->escape_string( $identifierValue ) ."'" )->fetch_array();
break;
case 'email':
$user = $this->db->query( "SELECT * FROM phpfox_user WHERE email='". $this->db->escape_string( $identifierValue ) ."'" )->fetch_array();
break;
}
echo "Tester";
echo $user['user_name'];
if ( isset( $user['user_id'] ) )
{
if ( $md5Password == $user['password'] )
{
if ( $redirect )
{
setcookie( 'ipscm_user', $user['user_name'], time()+60*60*24*30, '/' );
setcookie( 'ipscm_pass', $user['password'], time()+60*60*24*30, '/' );
setcookie( 'ipsconnect_' . md5( $this->url_to_this_file ), '1', time()+60*60*24*30, '/' );
}
$this->_return( $redirect, array( 'connect_status' => 'SUCCESS', 'connect_id' => $user['user_id'], 'connect_username' => $user['user_name'], 'connect_displayname' => $user['user_name'], 'connect_email' => $user['email'], 'connect_unlock' => 0 ) );
}
else
{
$this->_return( $redirect, array( 'connect_status' => 'WRONG_AUTH', 'connect_id' => $user['user_id'], 'connect_username' => $user['user_name'], 'connect_displayname' => $user['user_name'], 'connect_email' => $user['email'], 'connect_unlock' => 0 ) );
}
}
else
{
$this->_return( $redirect, array( 'connect_status' => 'NO_USER' ) );
}
}
/**
* Process Logout
*
* @param int ID number
* @param string md5( IPS Connect Key (see login method) . ID number )
* @param string Redirect URL, Base64 encoded
* @param string md5( IPS Connect Key . $redirect )
* @return mixed If the redirect URL is provided, this function should redirect the user to that URL
* If blank, will output blank screen
*/
public function logout( $id, $key, $redirect, $redirectHash )
{
// Check key
if ( $key != md5( $this->secret_key . $id ) )
{
$this->_return( base64_encode( $this->url ) );
}
setcookie( 'ipscm_user', '', -1, '/' );
setcookie( 'ipscm_pass', '', -1, '/' );
setcookie( 'ipsconnect_' . md5( $this->url_to_this_file ), '0', time()+60*60*24*30, '/' );
// Return
if ( $redirect )
{
$redirect = ( $redirectHash == md5( $this->masterKey . $redirect ) ) ? $redirect : base64_encode( $this->url );
}
$this->_return( $redirect );
}
/**
* Register a new account
*
* @param string Key - this can be anything which is known only to the applications. Never reveal this key publically.
* For IPS Community Suite installs, this key can be obtained in the Login Management page in the ACP
* @param string Username
* @param string Display name
* @param string The password, md5 encoded
* @param string Email address
* @param string If set, this account should be considered to be waiting for email validation. If this is the case, a URL is provided which will be the URL from which the user to resend the email.
* @return void Outputs to screen JSON object with 2 parameters
'status' One of the following values:
BAD_KEY The key provided was invalid
SUCCESS Account created
EMAIL_IN_USE Email is already in use
USERNAME_IN_USE Username is already in use
BAD_KEY Key was invalid
MISSING_DATA Not all data was provided
FAIL Other error
'id' with master ID number (0 if fail) - if user already exists, will provide ID of existing user
*/
public function register( $key, $username, $displayname, $md5Password, $email, $revalidateurl )
{
// Check key
if ( $key != $this->secret_key )
{
echo json_encode( array( 'status' => 'BAD_KEY', 'user_id' => 0 ) );
exit;
}
if ( !$email or !$md5Password )
{
echo json_encode( array( 'status' => 'MISSING_DATA', 'user_id' => 0 ) );
exit;
}
// Create the account
$this->db->query( "INSERT INTO phpfox_user ( user_name, email, password ) VALUES ( '". $this->db->escape_string( $username ) ."', '". $this->db->escape_string( $email ) ."', '". $this->db->escape_string( $md5Password ) ."' )" );
// Return
echo json_encode( array( 'status' => 'FAIL', 'user_id' => 0 ) );
exit;
}
/**
* Validate Cookie Data
*
* @param string JSON encoded cookie data
* @return void Outputs to screen a JSON object with the bollowing properties:
* connect_status SUCCESS, VALIDATING (successful, but account has not been validated) or FAIL
* connect_id the ID number in this app
* connect_username the username
* connect_displayname the display name
* connect_email the email address
*/
public function cookies( $data )
{
$cookies = json_decode( stripslashes( urldecode( $data ) ), TRUE );
if ( isset( $cookies['ipscm_user'] ) )
{
if ( $user = $this->db->query( "SELECT * FROM phpfox_user WHERE user_name='". $this->db->escape_string( $cookies['ipscm_user'] ) ."'" )->fetch_array() )
{
if ( $user['password'] == $cookies['ipscm_pass'] )
{
echo json_encode( array( 'connect_status' => 'SUCCESS', 'connect_id' => $user['user_id'], 'connect_username' => $user['user_name'], 'connect_displayname' => $user['user_name'], 'connect_email' => $user['email'] ) );
exit;
}
}
}
echo json_encode( array( 'connect_status' => 'FAIL' ) );
exit;
}
/**
* Check data
*
* @param string Key - this can be anything which is known only to the applications. Never reveal this key publically.
* For IPS Community Suite installs, this key can be obtained in the Login Management page in the ACP
* @param int If provided, do not throw an error if the "existing user" is the user with this ID
* @param string Username
* @param string Display Name
* @param string Email address
* @return void Outputs to screen a JSON object with four properties (status, username, displayname, email) - 'status' will say "SUCCESS" - the remainding 3 properties will each contain a boolean value, or NULL if no value was provided.
* The boolean value indicates if it is OK to register a new account with that data (this may be because there is no existing user with that, or the app allows duplicates of that data)
* If the key is incorrect - 'status' will be "BAD_KEY" and the remaining 3 parameters will all be NULL.
*/
public function check( $key, $id, $username, $displayname, $email )
{
$return = array( 'user_name' => NULL, 'user_name' => NULL, 'email' => NULL );
// Check key
if ( $key != $this->secret_key )
{
echo json_encode( array_merge( array( 'status' => 'BAD_KEY' ), $return ) );
exit;
}
// Check username
if ( $username )
{
if ( $user = $this->db->query( "SELECT * FROM phpfox_user WHERE user_name='". $this->db->escape_string( $username ) ."'" )->fetch_array() )
{
$return['user_name'] = FALSE;
}
else
{
$return['user_name'] = TRUE;
}
}
// Check displayname
if ( $displayname )
{
if ( $username == $displayname )
{
$return['displayname'] = $return['username'];
}
else
{
if ( $user = $this->db->query( "SELECT * FROM phpfox_user WHERE user_name='". $this->db->escape_string( $displayname ) ."'" )->fetch_array() )
{
$return['displayname'] = FALSE;
}
else
{
$return['displayname'] = TRUE;
}
}
}
// Check Email
if ( $email )
{
if ( $user = $this->db->query( "SELECT * FROM phpfox_user WHERE email='". $this->db->escape_string( $email ) ."'" )->fetch_array() )
{
$return['email'] = FALSE;
}
else
{
$return['email'] = TRUE;
}
}
// Return
echo json_encode( array_merge( array( 'status' => 'SUCCESS' ), $return ) );
exit;
}
/**
* Change account data
*
* @param int ID number
* @param string md5( IPS Connect Key (see login method) . ID number )
* @param string New username (blank means do not change)
* @param string New displayname (blank means do not change)
* @param string New email address (blank means do not change)
* @param string New password, md5 encoded (blank means do not change)
* @param string Redirect URL, Base64 encoded
* @param string md5( IPS Connect Key . $redirect )
* @return mixed If the redirect URL is provided, this function should redirect the user to that URL with a single paramater - 'status'
* If blank, will output to screen a JSON object with the same parameter
* Values:
* BAD_KEY Invalid Key
* NO_USER ID number not match any member account
* SUCCESS Information changed successfully
* USERNAME_IN_USE The chosen username was in use and as a result NO information was changed
* DISPLAYNAME_IN_USE The chosen username was in use and as a result NO information was changed
* EMAIL_IN_USE The chosen username was in use and as a result NO information was changed
* MISSING_DATA No details to be changed were provided
*/
public function change( $id, $key, $username, $displayname, $email, $md5Password, $redirect, $redirectHash )
{
if ( $key != md5( $this->secret_key . $id ) )
{
$this->_return( base64_encode( $this->url ), array( 'status' => 'BAD_KEY' ) );
}
if ( $redirect )
{
$redirect = ( $redirectHash == md5( $this->masterKey . $redirect ) ) ? $redirect : base64_encode( $this->url );
}
$user = $this->db->query( "SELECT * FROM phpfox_user WHERE user_name='". $this->db->escape_string( $_COOKIE['ipscm_user'] ) ."'" )->fetch_array();
if ( !isset( $user['user_id'] ) )
{
$this->_return( $redirect, array( 'status' => 'NO_USER' ) );
}
$update = array();
if ( $username and $username != $user['user_name'] )
{
if ( $_user = $this->db->query( "SELECT * FROM phpfox_user WHERE user_name='". $this->db->escape_string( $username ) ."'" )->fetch_array() )
{
$this->_return( $redirect, array( 'status' => 'USERNAME_IN_USE' ) );
}
$update['user_name'] = $this->db->escape_string( $username );
}
if ( !$username and $displayname and $displayname != $user['user_name'] )
{
if ( $_user = $this->db->query( "SELECT * FROM phpfox_user WHERE user_name='". $this->db->escape_string( $displayname ) ."'" )->fetch_array() )
{
$this->_return( $redirect, array( 'status' => 'DISPLAYNAME_IN_USE' ) );
}
$update['user_name'] = $this->db->escape_string( $displayname );
}
if ( $email and $email != $user['email'] )
{
if ( $_user = $this->db->query( "SELECT * FROM phpfox_user WHERE email='". $this->db->escape_string( $email ) ."'" )->fetch_array() )
{
$this->_return( $redirect, array( 'status' => 'DISPLAYNAME_IN_USE' ) );
}
$update['email'] = $this->db->escape_string( $email );
}
if ( $md5Password )
{
$update['password'] = md5( $md5Password );
}
if ( empty( $update ) )
{
$this->_return( $redirect, array( 'status' => 'MISSING_DATA' ) );
}
$update['user_name'] = isset( $update['user_name'] ) ? $update['user_name'] : $user['user_name'];
$update['email'] = isset( $update['email'] ) ? $update['email'] : $user['email'];
$update['password'] = isset( $update['password'] ) ? $update['password'] : $user['password'];
$this->db->query( "UPDATE phpfox_user SET user_name='{$update['username']}', email='{$update['email']}', password='{$update['password']}' WHERE user_id={$user['user_id']};" );
if ( $redirect )
{
setcookie( 'ipscm_pass', $update['password'], time()+60*60*24*30, '/' );
}
$success = TRUE;
$this->_return( $redirect, array( 'status' => 'SUCCESS' ) );
}
/**
* Account is validated
*
* @param int ID number
* @param string md5( IPS Connect Key (see login method) . ID number )
*/
public function validate( $id, $key )
{
if ( $key != md5( $this->secret_key . $id ) )
{
echo json_encode( array( 'status' => 'BAD_KEY' ) );
}
echo json_encode( array( 'status' => 'SUCCESS' ) );
}
/**
* Delete account(s)
*
* @param array ID Numbers
* @param string md5( IPS Connect Key (see login method) . json_encode( ID number ) )
*/
public function delete( $ids, $key )
{
if ( $key != md5( $this->secret_key . json_encode( $ids ) ) )
{
echo json_encode( array( 'status' => 'BAD_KEY' ) );
}
foreach ( json_decode( $ids, TRUE ) as $id )
{
$id = intval( $id );
$this->db->query( "DELETE FROM phpfox_user WHERE id={$id};" );
}
echo json_encode( array( 'status' => 'SUCCESS' ) );
}
/**
* Handle redirect / output
*
* @param string Redirect URL, Base64 encoded
* @param array Params
* @return null Outputs to screen or redirects
*/
protected function _return( $redirect, $params=array() )
{
if ( $redirect )
{
header( 'Location: ' . base64_decode( $redirect ) . ( ( isset( $_REQUEST['noparams'] ) and $_REQUEST['noparams'] ) ? '' : ( '&' . http_build_query( $params ) ) ) );
exit;
}
else
{
if ( !empty( $params ) )
{
echo json_encode( $params );
}
exit;
}
}
}
/**
*
* Map - can modify to add additional parameters, but the IPS Community Suite will only send the defaults
*
*/
$map = array(
'login' => array( 'idType', 'id', 'password', 'key', 'redirect', 'redirectHash' ),
'logout' => array( 'id', 'key', 'redirect', 'redirectHash' ),
'register' => array( 'key', 'username', 'displayname', 'password', 'email', 'revalidateurl' ),
'cookies' => array( 'data' ),
'check' => array( 'key', 'id', 'username', 'displayname', 'email' ),
'change' => array( 'id', 'key', 'username', 'displayname', 'email', 'password', 'redirect', 'redirectHash' ),
'validate' => array( 'id', 'key' ),
'delete' => array( 'id', 'key' )
);
/**
*
* Process Logic - do not modify
*
*/
$ipsConnect = new ipsConnect();
if ( isset( $_REQUEST['act'] ) and isset( $map[ $_REQUEST['act'] ] ) )
{
$params = array();
foreach ( $map[ $_REQUEST['act'] ] as $k )
{
if ( isset( $_REQUEST[ $k ] ) )
{
$params[ $k ] = $_REQUEST[ $k ];
}
else
{
$params[ $k ] = '';
}
}
call_user_func_array( array( $ipsConnect, $_REQUEST['act'] ), $params );
}
exit;