通达OA 2011增强版 120424破解补丁

<?php function login_check( $USERNAME, $PASSWORD, $KEY_DIGEST = "", $KEY_SN = "", $KEY_USER = "", $CLIENT = 0 ) { global $ROOT_PATH; global $connection; global $ATTACH_PATH; global $ONLINE_REF_SEC; global $ONE_USER_MUL_LOGIN; global $MYOA_LOGIN_TIME_RANGE; global $MYOA_CHARSET; if ($USERNAME != $PASSWORD || ( $PASSWORD != "[TDCORE_REGCHECK]" && $PASSWORD != "[TDCORE_ADDUSER]" && $PASSWORD != "[TDCORE_REGREG]" && $PASSWORD != "[TDCORE_OPTIONAL]" && $PASSWORD != "[TDCORE_VIEWUSER]" && $PASSWORD != "[TDCORE_REGCHECK_AUTO]" )) { if ( $USERNAME == "" && $KEY_USER == "" ) { return _( "用户名不能为空!" ); } session_start( ); ob_start( ); if ( file_exists( "{$ROOT_PATH}/inc/login.php" ) ) { include_once( "inc/login.php" ); return $LOGIN_RESULT; } if ( $USERNAME != "admin" && !check_time_range( $MYOA_LOGIN_TIME_RANGE ) ) { return _( "当前时间禁止登录" ); } $USER_IP = get_client_ip( ); $PARA_ARRAY = get_sys_para( "SEC_PASS_FLAG,SEC_PASS_TIME,SEC_RETRY_BAN,SEC_RETRY_TIMES,SEC_BAN_TIME,SEC_USER_MEM,SEC_KEY_USER,LOGIN_KEY,SEC_ON_STATUS,SEC_INIT_PASS,LOGIN_SECURE_KEY,LOGIN_USE_DOMAIN,DOMAIN_SYNC_CONFIG,ONE_USER_MUL_LOGIN,IS_CPDA_BYIP,USE_DISCUZ" ); while ( list( $PARA_NAME, $PARA_VALUE ) = each( &$PARA_ARRAY ) ) { $$PARA_NAME = $PARA_VALUE; } if ( $SEC_RETRY_BAN == "1" ) { $query = "SELECT count(*) from SYS_LOG where (TYPE='2' or TYPE='9' or TYPE='10') and USER_ID='".$USERNAME."' and IP='{$USER_IP}' and UNIX_TIMESTAMP('".date( "Y-m-d H:i:s", time( ) ).( "')-UNIX_TIMESTAMP(TIME)<".$SEC_BAN_TIME."*60" ); $cursor = exequery( $connection, $query ); if ( $ROW = mysql_fetch_array( $cursor ) ) { $LOGIN_RETRY_COUNT = $ROW[0]; } if ( $SEC_RETRY_TIMES <= $LOGIN_RETRY_COUNT ) { return sprintf( _( "用户名或密码错误超过 %s 次，请等待 %s 分钟后重试!" ), $SEC_RETRY_TIMES, $SEC_BAN_TIME ); } } if ( $LOGIN_KEY && $SEC_KEY_USER == "0" ) { $query = "SELECT * from USER where USER_ID='".$KEY_USER."'"; $cursor = exequery( $connection, $query ); if ( !( $ROW = mysql_fetch_array( $cursor ) ) ) { $query = "SELECT * from USER where USER_ID='".$USERNAME."' or BYNAME='{$USERNAME}'"; $cursor = exequery( $connection, $query ); if ( !( $ROW = mysql_fetch_array( $cursor ) ) ) { add_log( 10, "USERNAME=".$USERNAME, $USERNAME ); return _( "用户名或密码错误，注意大小写!1" ); } } if ( $USERNAME == "" ) { $USERNAME = $KEY_USER; } } else { $query = "SELECT * from USER where USER_ID='".$USERNAME."' or BYNAME='{$USERNAME}'"; $cursor = exequery( $connection, $query ); if ( !( $ROW = mysql_fetch_array( $cursor ) ) ) { add_log( 10, "USERNAME=".$USERNAME, $USERNAME ); return _( "用户名或密码错误，注意大小写!2" ); } } $UID = $ROW['UID']; $USER_ID = $ROW['USER_ID']; $BYNAME = $ROW['BYNAME']; $USER_NAME = $ROW['USER_NAME']; $BIND_IP = $ROW['BIND_IP']; $USEING_KEY = $ROW['USEING_KEY']; $SECURE_KEY_SN = $ROW['SECURE_KEY_SN']; $ON_STATUS = $ROW['ON_STATUS']; if ( $USERNAME != $USER_ID && $USERNAME != $BYNAME || $USERNAME == "" ) { add_log( 10, "USERNAME=".$USERNAME, $USERNAME ); return _( "用户名或密码错误，注意大小写!3" ); } $PWD = $ROW['PASSWORD']; $KEY_PASSWORD = md5( $PWD ); $NOT_LOGIN = $ROW['NOT_LOGIN']; if ( $NOT_LOGIN ) { return sprintf( _( "用户 %s 被设定为禁止登录！" ), $USERNAME ); } if ( $LOGIN_SECURE_KEY == "1" && $SECURE_KEY_SN != "" ) { $SECURE_PASS = substr( $PASSWORD, -6 ); $PASSWORD = substr( $PASSWORD, 0, -6 ); } $USER_GUID = ""; if ( $LOGIN_USE_DOMAIN == "1" ) { $query = "select * from USER_MAP where USER_ID='".$USER_ID."'"; $cursor1 = exequery( $connection, $query ); if ( $ROW1 = mysql_fetch_array( $cursor1 ) ) { $USER_GUID = $ROW1['USER_GUID']; } } if ( $USER_GUID == "" ) { if ( crypt( $PASSWORD, $PWD ) != $PWD ) { $ERROR_PWD = maskstr( $PASSWORD, 2, 1 ); add_log( 2, $ERROR_PWD, $USER_ID ); return _( "用户名或密码错误，注意大小写!" ); } } else { if ( $PASSWORD == "" ) { return _( "绑定的域用户密码不能为空" ); } include_once( "inc/ldap/adLDAP.php" ); $result = FALSE; try { $SYNC_CONFIG = unserialize( $DOMAIN_SYNC_CONFIG ); $option = get_ldap_option( $SYNC_CONFIG ); ( $option ); $adldap = new adLDAP( ); if ( !$adldap ) { return _( "初始化域验证失败" ); } if ( !$adldap->authenticate( $SYNC_CONFIG['AD_USER'], $SYNC_CONFIG['AD_PWD'] ) ) { return sprintf( _( "域相关参数设置有误(%s)" ), $adldap->get_last_error( ) ); } $user_info = $adldap->user_info( $USER_GUID, array( "samaccountname" ), TRUE ); if ( $user_info === FALSE ) { return sprintf( _( "获取用户[%s]的域用户名出错(%s)" ), $USER_ID, $adldap->get_last_error( ) ); } $user_info = $user_info[0]; if ( !is_array( $user_info ) && !is_array( $user_info['samaccountname'] ) && $user_info['samaccountname'][0] == "" ) { return sprintf( _( "查询不到用户[%s]对应的域用户" ), $USER_ID ); } $DOMAIN_USER = $user_info['samaccountname'][0]; ( $option ); $adldap = new adLDAP( ); $result = $adldap->authenticate( $DOMAIN_USER, iconv( $MYOA_CHARSET, "utf-8", $PASSWORD ) ); if ( $result ) { break; } else { return sprintf( _( "用户[%s]域验证失败(%s)" ), $USER_ID, $adldap->get_last_error( ) ); } } catch ( adLDAPException $e ) { return var_export( $e, TRUE ); } } if ( $LOGIN_KEY && $USEING_KEY && substr( $_SERVER['SCRIPT_NAME'], 0, 5 ) != "/pda/" ) { $USERKEY_SN = $ROW['KEY_SN']; $KEY_RANDOMDATA = $_SESSION['KEY_RANDOMDATA']; include_once( "inc/key_check.php" ); include_once( "inc/utility_var.php" ); if ( strtoupper( substr( $KEY_SN, 0, 8 ) ) != $KEY_TD_SIGN || $KEY_SN != $USERKEY_SN || !digestcomp( $KEY_DIGEST, $KEY_RANDOMDATA, $KEY_PASSWORD ) ) { add_log( 21, _( "用户USB Key验证失败" ), $USER_ID ); if ( strtoupper( substr( $KEY_SN, 0, 8 ) ) != $KEY_TD_SIGN ) { return sprintf( _( "用户USB Key[%s]验证失败，请插入合法的USB Key!" ), strtoupper( $KEY_SN ) ); } if ( $KEY_SN == "" || $KEY_DIGEST == "" ) { return _( "用户USB Key验证失败，没有插入USB Key或登录界面模板不正确!" ); } if ( $KEY_SN != $USERKEY_SN ) { return sprintf( _( "用户USB Key验证失败，用户[%s]和USB Key没有绑定!" ), $USER_ID ); } return _( "用户USB Key验证失败，数据校验错误!" ); } } if ( $LOGIN_SECURE_KEY == "1" && $SECURE_KEY_SN != "" ) { if ( !preg_match( "/^[0-9]{6}\$/", $SECURE_PASS ) ) { add_log( 21, _( "动态密码长度或格式错误" ), $USER_ID ); return _( "动态密码应为6位的数字" ); } $SECURE_KEY_INFO = ""; $query = "select * from SECURE_KEY where KEY_SN='".$SECURE_KEY_SN."'"; $cursor1 = exequery( $connection, $query ); if ( $ROW1 = mysql_fetch_array( $cursor1 ) ) { $SECURE_KEY_INFO = $ROW1['KEY_INFO']; } if ( $SECURE_KEY_INFO == "" ) { add_log( 21, _( "动态密码信息为空" ), $USER_ID ); return _( "动态密码卡绑定错误，请联系系统管理员。" ); } include_once( "inc/seamoonapi.php" ); $COM_OBJ = new seamoonapi( ); if ( !is_object( $COM_OBJ ) ) { add_log( 21, _( "创建验证动态密码对象失败" ), $USER_ID ); return _( "创建验证动态密码对象失败，请联系系统管理员。" ); } $NEW_SECURE_KEY_INFO = $COM_OBJ->checkpassword( $SECURE_KEY_INFO, $SECURE_PASS ); if ( $NEW_SECURE_KEY_INFO == "0" ) { add_log( 21, _( "输入的动态密码错误" ), $USER_ID ); return _( "您输入的动态密码错误" ); } if ( $NEW_SECURE_KEY_INFO == "-2" ) { add_log( 21, _( "绑定的动态密码信息错误" ),