Mirror
/
zyx0814-dzzoffice
mirror of https://github.com/zyx0814/dzzoffice.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
209 Commits
2 Branches
10 Tags
64 MiB
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
zyx0814-dzzoffice/misc/seccode.php

102 lines
6.2 KiB
Raw Permalink Blame History

<?php
if (!defined('IN_DZZ')) {
exit('Access Denied');
}
require_once libfile('function/seccode');
$action = $_GET['action'] ?? '';
if ($action == 'update') {
$message = '';
if ($_G['setting']['seccodestatus']) {
$rand = random(5, 1);
$flashcode = '';
$idhash = isset($_GET['idhash']) && preg_match('/^\w+$/', $_GET['idhash']) ? $_GET['idhash'] : '';
$ani = $_G['setting']['seccodedata']['animator'] ? '_ani' : '';
if ($_G['setting']['seccodedata']['type'] == 2) {
$message = '<span id="seccodeswf_' . $idhash . '"></span>' . (extension_loaded('ming') ? "<script type=\"text/javascript\" reload=\"1\">\ndocument.getElementById('seccodeswf_$idhash').innerHTML='" . lang('seccode_image' . $ani . '_tips') . "' + AC_FL_RunContent(
'width', '" . $_G['setting']['seccodedata']['width'] . "', 'height', '" . $_G['setting']['seccodedata']['height'] . "', 'src', 'misc.php?mod=seccode&update=$rand&idhash=$idhash',
'quality', 'high', 'wmode', 'transparent', 'bgcolor', '#ffffff',
'align', 'middle', 'menu', 'false', 'allowScriptAccess', 'sameDomain');\n</script>" :
"<script type=\"text/javascript\" reload=\"1\">\ndocument.getElementById('seccodeswf_$idhash').innerHTML='" . lang('seccode_image' . $ani . '_tips') . "' + AC_FL_RunContent(
'width', '" . $_G['setting']['seccodedata']['width'] . "', 'height', '" . $_G['setting']['seccodedata']['height'] . "', 'src', '$_G[siteurl]static/image/seccode/flash/flash2.swf',
'FlashVars', 'sFile=" . rawurlencode("$_G[siteurl]misc.php?mod=seccode&update=$rand&idhash=$idhash") . "', 'menu', 'false', 'allowScriptAccess', 'sameDomain', 'swLiveConnect', 'true', 'wmode', 'transparent');\n</script>");
} elseif ($_G['setting']['seccodedata']['type'] == 3) {
$flashcode = "<span id=\"seccodeswf_$idhash\"></span><script type=\"text/javascript\" reload=\"1\">\ndocument.getElementById('seccodeswf_$idhash').innerHTML='" . lang('seccode_sound_tips') . "' + AC_FL_RunContent(
'id', 'seccodeplayer_$idhash', 'name', 'seccodeplayer_$idhash', 'width', '0', 'height', '0', 'src', '$_G[siteurl]static/image/seccode/flash/flash1.swf',
'FlashVars', 'sFile=" . rawurlencode("$_G[siteurl]misc.php?mod=seccode&update=$rand&idhash=$idhash") . "', 'menu', 'false', 'allowScriptAccess', 'sameDomain', 'swLiveConnect', 'true', 'wmode', 'transparent');\n</script>";
$message = $flashcode . '<span style="padding:2px"><img border="0" style="vertical-align:middle" src="static/image/common/seccodeplayer.gif" /> <a href="javascript:;" onclick="window.document.seccodeplayer_{idhash}.SetVariable(\'isPlay\', 1)">' . lang(' play_verification_code') . '</a></span>';
} else {
if (!is_numeric($_G['setting']['seccodedata']['type'])) {
$codefile = libfile('seccode/' . $_G['setting']['seccodedata']['type'], 'class');
$class = $_G['setting']['seccodedata']['type'];
if (file_exists($codefile)) {
@include_once $codefile;
$class = 'seccode_' . $class;
if (class_exists($class)) {
$code = new $class();
if (method_exists($code, 'make')) {
include template('common/header_ajax');
$code->make($_GET['idhash']);
include template('common/footer_ajax');
exit;
}
}
}
exit;
} else {
$message = '<img onclick="updateseccode(\'' . $idhash . '\')" width="' . $_G['setting']['seccodedata']['width'] . '" height="' . $_G['setting']['seccodedata']['height'] . '" src="misc.php?mod=seccode&update=' . $rand . '&idhash=' . $idhash . '" class="img-seccode" title="' . lang('refresh_verification_code') . '" alt="" />';
}
}
}
include template('common/header_ajax');
echo lang($message, array('flashcode' => $flashcode, 'idhash' => $idhash));
include template('common/footer_ajax');
} elseif ($action == 'check') {
include template('common/header_ajax');
echo check_seccode($_GET['secverify'], $_GET['idhash']) ? 'succeed' : 'invalid';
include template('common/footer_ajax');
} else {
$refererhost = parse_url(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
$refererhost['host'] = ($refererhost['host'] ?? '') . (!empty($refererhost['port']) ? (':' . $refererhost['port']) : '');
if (($_G['setting']['seccodedata']['type'] < 2 && ($refererhost['host'] != $_SERVER['HTTP_HOST'])) || !$_G['setting']['seccodestatus'] || (($_G['setting']['seccodedata']['type'] == 2 && !extension_loaded('ming') && $_POST['fromFlash'] != 1 || $_G['setting']['seccodedata']['type'] == 3 && $_GET['fromFlash'] != 1))) {
exit('Access Denied');
}
$seccode = make_seccode($_GET['idhash']);
if (!isset($_G['setting']['nocacheheaders'])) {
@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
}
require_once libfile('class/seccode');
$code = new seccode();
$code->code = $seccode;
$code->type = (in_array($_G['setting']['seccodedata']['type'], array(2, 3))) ? 0 : $_G['setting']['seccodedata']['type'];
$code->width = $_G['setting']['seccodedata']['width'];
$code->height = $_G['setting']['seccodedata']['height'];
$code->background = $_G['setting']['seccodedata']['background'];
$code->adulterate = $_G['setting']['seccodedata']['adulterate'];
$code->ttf = $_G['setting']['seccodedata']['ttf'];
$code->angle = $_G['setting']['seccodedata']['angle'];
$code->warping = $_G['setting']['seccodedata']['warping'];
$code->scatter = $_G['setting']['seccodedata']['scatter'];
$code->color = $_G['setting']['seccodedata']['color'];
$code->size = $_G['setting']['seccodedata']['size'];
$code->shadow = $_G['setting']['seccodedata']['shadow'];
$code->animator = $_G['setting']['seccodedata']['animator'];
$code->fontpath = DZZ_ROOT . './static/image/seccode/font/';
$code->datapath = DZZ_ROOT . './static/image/seccode/';
$code->includepath = DZZ_ROOT . './core/class/';
$code->display();
}
?>