DiscuzX/upload/source/plugin/wechat/wechat.inc.php

306 lines
11 KiB
PHP
Raw Normal View History

2016-12-15 08:20:54 -05:00
<?php
/**
* [Discuz!] (C)2001-2099 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: wechat.inc.php 35958 2016-05-24 02:34:37Z nemohou $
*/
if (!defined('IN_DISCUZ')) {
exit('Access Denied');
}
$_G['wechat']['setting'] = unserialize($_G['setting']['mobilewechat']);
define('IN_WECHAT', strpos($_SERVER['HTTP_USER_AGENT'], 'MicroMessenger') !== false);
require_once DISCUZ_ROOT . './source/plugin/wechat/wechat.lib.class.php';
require_once DISCUZ_ROOT . './source/plugin/wechat/wechat.class.php';
require_once DISCUZ_ROOT . './source/plugin/wechat/wsq.class.php';
require_once DISCUZ_ROOT . './source/discuz_version.php';
list($openid, $sid) = explode("\t", authcode(base64_decode($_GET['key']), 'DECODE', $_G['config']['security']['authkey']));
$keyenc = urlencode($_GET['key']);
$ac = $_GET['ac'] ? $_GET['ac'] : 'bind';
if($_GET['fromapp'] == 'index') {
$op = 'access';
} else {
$op = $_GET['op'];
}
$preferer = parse_url($_GET['referer']);
if(!$preferer['host'] || $preferer['host'] != 'wsq.discuz.com' && $preferer['host'] != 'wsq.discuz.qq.com') {
$_GET['referer'] = '';
}
$selfurl = $_G['siteurl'].'plugin.php?id=wechat&mobile=2&key='.$keyenc.($_GET['referer'] ? '&referer='.urlencode($_GET['referer']) : '').($_GET['username'] ? '&username='.urlencode($_GET['username']) : '').'&ac=';
if(!$_G['wechat']['setting']['wechat_qrtype'] && IN_WECHAT && !$openid) {
if($_G['wechat']['setting']['wechat_mtype'] != 2) {
if(!empty($_G['cookie']['wechatopenid'])) {
$openid = authcode($_G['cookie']['wechatopenid'], 'DECODE', $_G['config']['security']['authkey']);
}
if(!$openid) {
showmessage('wechat:wechat_undefined');
}
} else {
$wechat_client = new WeChatClient($_G['wechat']['setting']['wechat_appId'], $_G['wechat']['setting']['wechat_appsecret']);
$openid = !empty($_G['cookie']['wechatopenid']) ? authcode($_G['cookie']['wechatopenid'], 'DECODE', $_G['config']['security']['authkey']) : '';
if(!$openid) {
if(empty($_GET['oauth'])) {
$redirect_uri = $wechat_client->getOauthConnectUri($selfurl.$ac.'&oauth=yes');
dheader('location: '.$redirect_uri);
} else {
$tockeninfo = $wechat_client->getAccessTokenByCode($_GET['code']);
$openid = $tockeninfo['openid'];
dsetcookie('wechatopenid', authcode($openid, 'ENCODE', $_G['config']['security']['authkey']), 86400);
}
}
}
} elseif($openid) {
dsetcookie('wechatopenid', authcode($openid, 'ENCODE', $_G['config']['security']['authkey']), 86400);
}
wsq::report('loginevent');
require_once libfile('function/member');
if($openid) {
if($ac == 'qqbind') {
WeChatHook::bindOpenId($_G['uid'], $openid);
wsq::report('bind');
$ac = 'bind';
}
$wechatuser = C::t('#wechat#common_member_wechat')->fetch_by_openid($openid);
if(!$wechatuser) {
if($_G['uid']) {
clearcookies();
dheader('location: '. $selfurl.$ac);
}
if($_G['wechat']['setting']['wechat_allowregister'] && $_G['wechat']['setting']['wechat_allowfastregister'] && $_G['wechat']['setting']['wechat_mtype'] == 2) {
$authcode = C::t('#wechat#mobile_wechat_authcode')->fetch($sid);
$uid = WeChat::register(WeChat::getnewname($openid), 1);
if($uid) {
WeChatHook::bindOpenId($uid, $openid, 1);
if($sid) {
C::t('#wechat#mobile_wechat_authcode')->update($sid, array('uid' => $uid, 'status' => 1));
}
}
wsq::report('register');
}
}
}
if($op == 'access') {
$redirect = WeChat::redirect();
if($redirect) {
dheader('location: '.$redirect);
}
}
if($sid) {
$authcode = C::t('#wechat#mobile_wechat_authcode')->fetch($sid);
if($authcode) {
if($_GET['confirm'] == 'delete') {
C::t('#wechat#mobile_wechat_authcode')->delete($authcode['sid']);
wechat_setloginstatus($authcode['uid'], false);
include template('wechat:wechat_bind_confirm');
exit;
}
if($wechatuser && !$authcode['uid']) {
$member = getuserbyuid($wechatuser['uid'], 1);
if(empty($_GET['confirm']) && (!$_G['wechat']['setting']['wechat_confirmtype'] && $member['adminid'] > 0 || $_G['wechat']['setting']['wechat_confirmtype'] == 1)) {
wsq::report('showauthorized');
include template('wechat:wechat_bind_confirm');
exit;
}
setloginstatus($member, 1296000);
C::t('#wechat#mobile_wechat_authcode')->update($sid, array('uid' => $wechatuser['uid'], 'status' => 1));
wechat_setloginstatus($wechatuser['uid'], true);
wsq::report('authorized');
} elseif($authcode['uid']) {
$member = getuserbyuid($authcode['uid'], 1);
if(empty($_GET['confirm']) && (!$_G['wechat']['setting']['wechat_confirmtype'] && $member['adminid'] > 0 || $_G['wechat']['setting']['wechat_confirmtype'] == 1)) {
wsq::report('showauthorized');
include template('wechat:wechat_bind_confirm');
exit;
}
if($wechatuser) {
C::t('#wechat#common_member_wechat')->delete($wechatuser['uid']);
wsq::report('unbind');
}
setloginstatus($member, 1296000);
C::t('#wechat#mobile_wechat_authcode')->update($sid, array('status' => 1));
WeChatHook::bindOpenId($authcode['uid'], $openid);
wsq::report('bind');
$wechatuser = C::t('#wechat#common_member_wechat')->fetch_by_openid($openid);
wechat_setloginstatus($authcode['uid'], true);
wsq::report('authorized');
}
}
} elseif($wechatuser) {
$member = getuserbyuid($wechatuser['uid'], 1);
setloginstatus($member, 1296000);
wechat_setloginstatus($wechatuser['uid'], true);
}
if($ac == 'bind' && $_G['wechat']['setting']['wechat_qrtype']) {
if(!$_G['uid'] && IN_WECHAT && $_G['wechat']['setting']['wechat_allowfastregister']) {
$ac = 'wxregister';
}
list($_GET['username'], $wxopenid) = explode("\t", base64_decode($_GET['username']));
$_GET['username'] = substr(WeChatEmoji::clear($_GET['username']), 0, 15);
}
if($ac == 'bind') {
define('IN_MOBILE', 2);
if($_G['wechat']['setting']['wechat_qrtype'] && $_GET['referer']) {
$_GET['referer'] = str_replace('&state=siteregister', '&state=backlogin', $_GET['referer']);
dheader('location: '.$_GET['referer']);
}
if($_G['wechat']['setting']['wechat_mtype'] == 2) {
$defaultusername = WeChat::getnewname($openid);
} else {
$defaultusername = $_G['wechat']['setting']['wechat_qrtype'] ? $_GET['username'] : 'wx_'.random(5);
}
$defaultusername = htmlspecialchars($defaultusername);
$connecturl = $_G['setting']['connect']['allow'] && !$_G['setting']['bbclosed'] ? $_G['siteurl'].'connect.php?mod=login&op=init&referer='.urlencode($selfurl.'qqbind').'&statfrom=login_simple' : '';
if(IN_WECHAT) {
if(!$_G['uid']) {
include template('wechat:wechat_bind');
} else {
$redirect = WeChat::redirect();
if($redirect) {
dheader('location: '.$redirect);
} else {
dheader('location: '.$_G['siteurl']);
}
}
} else {
dheader('location: '.$_G['siteurl'].'member.php?mod=logging&action=login&referer='.dreferer());
}
} elseif($ac == 'login' && submitcheck('submit')) {
if(!($loginperm = logincheck($_GET['username']))) {
showmessage('login_strike');
}
if(!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
showmessage('profile_passwd_illegal');
}
if(DISCUZ_VERSION < 'X3.0') {
$_GET['username'] = WeChatEmoji::clear($_GET['username']);
}
$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $_G['setting']['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']);
if($result['status'] <= 0) {
loginfailed($_GET['username']);
failedip();
showmessage('login_invalid', '', array('loginperm' => $loginperm - 1));
}
if(!$_G['wechat']['setting']['wechat_qrtype']) {
if($wechatuser) {
if($result['member']['uid'] != $wechatuser['uid']) {
showmessage('wechat:wechat_openid_exists');
}
wechat_setloginstatus($result['member']['uid'], true);
} else {
WeChatHook::bindOpenId($result['member']['uid'], $openid);
wsq::report('bind');
}
setloginstatus($result['member'], 1296000);
showmessage('wechat:wechat_member_bind_succeed', $selfurl.'bind');
} else {
C::t('#wechat#common_member_wechatmp')->insert(array('uid' => $result['member']['uid'], 'openid' => $_GET['wxopenid'], 'status' => 1), false, true);
wsq::report('bind');
$url = wsq::wxuserregisterUrl($result['member']['uid']);
showmessage('wechat:wechat_member_bind_succeed', $url);
}
} elseif(($ac == 'register' && submitcheck('submit') || $ac == 'wxregister') && $_G['wechat']['setting']['wechat_allowregister']) {
if($wechatuser) {
showmessage('wechat:wechat_openid_exists');
} else {
if($_G['wechat']['setting']['wechat_qrtype']) {
$mpmember = C::t('#wechat#common_member_wechatmp')->fetch_by_openid($wxopenid ? $wxopenid : $_GET['wxopenid']);
$mpmembers = C::t('common_member')->fetch_all(array_keys($mpmember));
if ($mpmembers) {
$memberfirst = array_shift($mpmembers);
$member = getuserbyuid($memberfirst['uid'], 1);
if($member) {
setloginstatus($member, 1296000);
$url = wsq::wxuserregisterUrl($memberfirst['uid']);
if ($ac == 'wxregister') {
dheader('location: ' . $url);
} else {
showmessage('wechat:wechat_member_register_succeed', $url);
}
}
}
}
if(DISCUZ_VERSION < 'X3.0' && $_G['inajax']) {
$_GET['username'] = WeChatEmoji::clear($_GET['username']);
}
if($ac == 'wxregister') {
loaducenter();
$user = uc_get_user($_GET['username']);
if(!empty($user)) {
$_GET['username'] = cutstr($_GET['username'], 7, '').'_'.random(5);
}
}
$uid = WeChat::register($_GET['username'], $ac == 'wxregister');
if($uid && $_GET['avatar']) {
WeChat::syncAvatar($uid, $_GET['avatar']);
}
if(!$_G['wechat']['setting']['wechat_qrtype']) {
WeChatHook::bindOpenId($uid, $openid, 1);
wsq::report('register');
showmessage('wechat:wechat_member_register_succeed', $selfurl.'bind&confirm=yes');
} else {
C::t('#wechat#common_member_wechatmp')->insert(array('uid' => $uid, 'openid' => $wxopenid ? $wxopenid : $_GET['wxopenid'], 'status' => 0), false, true);
wsq::report('register');
$url = wsq::wxuserregisterUrl($uid);
if($ac == 'wxregister') {
dheader('location: '.$url);
} else {
showmessage('wechat:wechat_member_register_succeed', $url);
}
}
}
} elseif($ac == 'logout') {
if($_GET['hash'] == formhash()) {
wechat_setloginstatus($_G['uid'], false);
clearcookies();
}
mobile_core::result(array());
} elseif($ac == 'unbind') {
if($_GET['hash'] == formhash()) {
if($wechatuser) {
C::t('#wechat#common_member_wechat')->delete($wechatuser['uid']);
wsq::report('unbind');
}
clearcookies();
}
mobile_core::result(array());
} elseif($ac == 'unbindmp') {
if($_G['wechat']['setting']['wechat_qrtype'] && $_GET['hash'] == formhash()) {
C::t('#wechat#common_member_wechatmp')->delete($_GET['uid']);
}
mobile_core::result(array());
} else {
showmessage('undefined_action');
}
function wechat_setloginstatus($uid, $login) {
C::t('#wechat#common_member_wechat')->update($uid, array('status' => $login ? 2 : 1));
}