From 3923b9a9c368842e54951888186b9842b9f30711 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Discuz=E5=BA=94=E7=94=A8=E4=B8=AD=E5=BF=83?=
 <1453650@qq.com>
Date: Mon, 1 Mar 2021 01:23:20 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=89=8B=E6=9C=BA=E7=AB=AFQQ?=
 =?UTF-8?q?=E4=BA=92=E8=81=94=E6=97=A0=E6=B3=95=E5=AE=8C=E6=88=90=E8=B4=A6?=
 =?UTF-8?q?=E5=8F=B7=E6=B3=A8=E5=86=8C=E7=9A=84BUG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 upload/source/class/class_member.php          |  8 ++++--
 .../source/module/member/member_connect.php   |  5 +++-
 .../module/member/member_connect_register.php |  5 ++--
 .../source/plugin/qqconnect/connect.class.php | 25 +++++++++++++++++++
 4 files changed, 38 insertions(+), 5 deletions(-)

diff --git a/upload/source/class/class_member.php b/upload/source/class/class_member.php
index d6ec24643..a66f072be 100644
--- a/upload/source/class/class_member.php
+++ b/upload/source/class/class_member.php
@@ -374,9 +374,13 @@ class register_ctl {
 				}
 			} elseif(!$this->setting['regstatus']) {
 				if($this->setting['regconnect']) {
-					dheader('location:connect.php?mod=login&op=init&referer=forum.php&statfrom=login_simple');
+					//不是QQ互联登录则跳转到QQ互联，避免越权完成普通注册
+					if(CURMODULE != 'connect'){
+						dheader('location:connect.php?mod=login&op=init&referer=forum.php&statfrom=login_simple');
+					}
+				}else{
+					showmessage(!$this->setting['regclosemessage'] ? 'register_disable' : str_replace(array("\r", "\n"), '', $this->setting['regclosemessage']));
 				}
-				showmessage(!$this->setting['regclosemessage'] ? 'register_disable' : str_replace(array("\r", "\n"), '', $this->setting['regclosemessage']));
 			}
 		}
 
diff --git a/upload/source/module/member/member_connect.php b/upload/source/module/member/member_connect.php
index 412b841dc..ec1fe7bfd 100644
--- a/upload/source/module/member/member_connect.php
+++ b/upload/source/module/member/member_connect.php
@@ -95,7 +95,10 @@ if($_GET['action'] == 'login') { // debug 已有账号，绑定我的账号走
 		$ctl_obj->setting['secqaa']['status'] = $_G['setting']['secqaa']['status'];
 	}
 
-	$ctl_obj->setting['ignorepassword'] = 1;
+	//兼容手机端有填写密码的情况
+	if(!defined('IN_MOBILE') || empty($_GET[$_G['setting']['reginput']['password']])) {
+		$ctl_obj->setting['ignorepassword'] = 1;
+	}
 	$ctl_obj->setting['checkuinlimit'] = 1;
 	$ctl_obj->setting['strongpw'] = 0;
 	$ctl_obj->setting['pwlength'] = 0;
diff --git a/upload/source/module/member/member_connect_register.php b/upload/source/module/member/member_connect_register.php
index c3e2cfe40..739697e73 100644
--- a/upload/source/module/member/member_connect_register.php
+++ b/upload/source/module/member/member_connect_register.php
@@ -12,7 +12,8 @@ if(!defined('IN_DISCUZ')) {
 }
 
 $from_connect = $_G['setting']['connect']['allow'] ? 1 : 0;
-$regname = 'connect';
+//PC用的 $regname，手机用的 $_G['setting']['regname']
+$_G['setting']['regname'] = $regname = 'connect';
 
 if(empty($_POST)) {
 
@@ -88,7 +89,7 @@ if(empty($_POST)) {
 		'conopenid' => $conopenid,
 		'conispublishfeed' => $conispublishfeed,
 		'conispublisht' => $conispublisht,
-		'conisregister' => '1',
+		'conisregister' => $this->setting['ignorepassword'] ? '1' : '0',
 		'conisqzoneavatar' => '0',
 		'conisfeed' => '1',
 		'conisqqshow' => '0',
diff --git a/upload/source/plugin/qqconnect/connect.class.php b/upload/source/plugin/qqconnect/connect.class.php
index 1a6c3b7d5..e8793d6e4 100644
--- a/upload/source/plugin/qqconnect/connect.class.php
+++ b/upload/source/plugin/qqconnect/connect.class.php
@@ -283,4 +283,29 @@ class mobileplugin_qqconnect extends plugin_qqconnect_base {
 		}
 	}
 
+}
+
+class mobileplugin_qqconnect_member extends mobileplugin_qqconnect {
+
+	function connect_member() {
+		global $_G, $seccodecheck, $secqaacheck, $connect_guest;
+
+		if($this->allow) {
+			if($_G['uid'] && $_G['member']['conisbind']) {
+				dheader('location: '.$_G['siteurl'].'index.php');
+			}
+			$connect_guest = array();
+			if($_G['connectguest'] && (submitcheck('regsubmit', 0, $seccodecheck, $secqaacheck) || submitcheck('loginsubmit', 1, $seccodestatus))) {
+				if(!$_GET['auth_hash']) {
+					$_GET['auth_hash'] = $_G['cookie']['con_auth_hash'];
+				}
+				$conopenid = authcode($_GET['auth_hash']);
+				$connect_guest = C::t('#qqconnect#common_connect_guest')->fetch($conopenid);
+				if(!$connect_guest) {
+					dsetcookie('con_auth_hash');
+					showmessage('qqconnect:connect_login_first');
+				}
+			}
+		}
+	}
 }
\ No newline at end of file
-- 
Gitee