其实就是url参数里有论坛用户名,访问这个链接就自动登录了,挺危险的吧,不过有时候有点用也。
// 自动登录
$fxusername = addslashes(trim($_GET['username'])); // 从url里获取的用户名
$minfo = C::t('common_member')->fetch_by_username($fxusername);
if(!empty($minfo)) {
$uid = $minfo['uid'];
$member = getuserbyuid($uid);
if($member) {
loadcache('usergroups');
$usergroups = $_G['cache']['usergroups'][$member['groupid']]['grouptitle'];
$param = array('username' => $_G['member']['username'], 'usergroup' => $usergroups);
require_once libfile('function/member');
setloginstatus($member, 1296000);
DB::query("UPDATE ".DB::table('common_member_status')." SET lastip='".$_G['clientip']."', lastvisit='".TIMESTAMP."', lastactivity='".TIMESTAMP."' WHERE uid='$uid'");
$ucsynlogin = '';
if($_G['setting']['allowsynlogin']) {
loaducenter();
$ucsynlogin = uc_user_synlogin($uid);
}
}
}
// 自动登录