function Login($username = '', $password = '', $autoLogin = 0) { $loginSql = "SELECT id,adminLevel,userName,email,userPwd,validated,avatarImg,avatarImg_s,signature FROM " . $this->tbUser . " WHERE 1=1"; $loginSql .= strpos($username, '@') ? " AND email='{$username}'" : " AND userName='******'"; $row = $this->db->FirstRow($loginSql); if ($row && $row['userPwd'] == OCEncrypt($password)) { if (MAIL_AUTH && $row['validated'] == 0) { $this->ToValidate($row['email']); } else { $this->db->Execute("DELETE FROM " . $this->tbSession . " WHERE expires<" . time()); $ocKey = OCEncrypt($row['id'] . '-' . $row['userName'] . '-' . $row['userPwd']); if ($autoLogin == 1) { $this->expiryTime = 360 * 86400; } OCSetCookie('ocKey', $ocKey, time() + $this->expiryTime); $token = OCEncrypt(substr($ocKey, 0, 5) . time()); $data = serialize(array('userId' => $row['id'], 'adminLevel' => $row['adminLevel'], 'userName' => $row['userName'], 'avatarImg' => $row['avatarImg'], 'avatarImg_s' => $row['avatarImg_s'], 'signature' => $row['signature'])); $sqlValue = array('userId' => $row['id'], 'ocKey' => $ocKey, 'token' => $token, 'ip' => IP(), 'data' => $data, 'expires' => time() + $this->expiryTime, 'updateTime' => time(), 'addTime' => time()); $sessionExisted = $this->db->FirstValue("SELECT COUNT(*) FROM " . $this->tbSession . " WHERE ocKey='{$ocKey}'"); if ($sessionExisted > 0) { $this->db->AutoExecute($this->tbSession, $sqlValue, 'UPDATE', " ocKey='{$ocKey}'"); } else { $this->db->AutoExecute($this->tbSession, $sqlValue); } $this->db->Execute("UPDATE " . $this->tbUser . " SET loginTime='" . time() . "' where id={$row['id']}"); } return true; } else { return false; } }
if (empty($userpwd) || !preg_match('/^.{6,20}$/', $userpwd)) { ShowError('密码应为6-20位字符', $url['register'], '重新填写'); } $tbUser = $db->tbPrefix . 'user'; //用户是否存在 $userExisted = $db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE userName='******'"); if ($userExisted > 0) { ShowError("用户{$username}已存在", $url['register'], '重新填写'); } //邮箱是否存在 $emailExisted = $db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE email='{$email}'"); if ($emailExisted > 0) { ShowError("邮箱{$email}已存在", $url['register'], '重新填写'); } //入库 $executeArr = array('userName' => $username, 'userPwd' => OCEncrypt($userpwd), 'email' => $email, 'phone' => $phone, 'addTime' => time()); if ($db->AutoExecute($tbUser, $executeArr)) { if (!empty($inviteRow)) { $regUserId = $db->LastId(); $db->Execute("UPDATE {$tbInviteReg} SET isUsed=1,regUserId='{$regUserId}',regTime='" . time() . "' WHERE id='{$inviteRow[id]}'"); } //自动登录 $user->Login($username, $userpwd, 1); ShowSuccess('注册成功', $url['root']); } else { ShowError('出错了,请与管理员联系'); } break; default: if ($user->userId > 0) { ShowError('您已登录,不能进行注册!');
} $tbUser = $db->tbPrefix . 'user'; //用户是否存在 $userExisted = $db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE userName='******'"); if ($userExisted > 0) { ShowError("用户{$username}已存在", $url['register'], '重新填写'); } //邮箱是否存在 $emailExisted = $db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE email='{$email}'"); if ($emailExisted > 0) { ShowError("邮箱{$email}已存在", $url['register'], '重新填写'); } //邮箱验证key $validateKey = OCEncrypt($username . $email . time() . rand(100000, 999999)); //入库 $executeArr = array('userName' => $username, 'userPwd' => OCEncrypt($userpwd), 'email' => $email, 'validated' => MAIL_AUTH ? 0 : 1, 'validateKey' => $validateKey, 'addTime' => time()); if ($db->AutoExecute($tbUser, $executeArr)) { if (!empty($inviteRow)) { $regUserId = $db->LastId(); //邀请奖励 $pointAward = intval($pointConfig['award']['invitereg']); // if($pointAward>0){ // $db->Execute("UPDATE {$tbUser} SET hotNum=hotNum+1,creditPoint=creditPoint+{$pointAward},rankPoint=rankPoint+{$pointAward} WHERE id='{$inviteRow[userId]}'"); // Remind('用户 <a href="'.UrlUser($regUserId,$username).'">'.$username.'</a> 通过你的邀请注册,已奖励你 '.$pointAward.' 积分',$inviteRow['userId']); // } $db->Execute("UPDATE {$tbInviteReg} SET isUsed=1,regUserEmail='{$email}',regUserName='******',regTime='" . time() . "' WHERE id='{$inviteRow[id]}'"); } if (MAIL_AUTH) { $validateUrl = UrlValidate($validateKey); //邮件验证 SendMail($email, "来自{$show[sitename]}的验证邮件", "你好,<br />感谢注册{$show[sitename]}({$show[sitedesc]}),请点击下面的链接激活您的账号:<br /><a target='_blank' href='{$validateUrl}'>{$validateUrl}</a><br />如果无法点击,请复制到浏览器地址栏直接访问。<br /><a href='" . URL_ROOT . "' target='_blank'>{$show[sitename]}</a>");
$cPass = Val('cPass', 'POST'); if (!empty($email) || !preg_match('/^(\\w+\\.)*?\\w+@(\\w+\\.)+\\w+$/', $email)) { if ($email != $u_data[0][email] && empty($cPass) && empty($oldPass) && empty($newPass)) { $data = array('email' => $email); if ($db->AutoExecute($tbUser, $data, 'UPDATE', 'userName="******"')) { ShowSuccess('恭喜您,修改邮箱成功!', URL_ROOT . '/user/x_user'); } else { ShowError('修改失败,请联系管理员', 'mailto:sky@03sec.com'); } } elseif ($email == $u_data && empty($cPass) && empty($oldPass) && empty($newPass)) { ShowError('您没有做任何修改', 'javascript:history.go(-1)'); } else { if ($newPass == $cPass) { $oldp = $u_data[0][userPwd]; if (OCEncrypt($oldPass) == $oldp) { $data = array('email' => $email, 'userPwd' => OCEncrypt($cPass)); if ($db->AutoExecute($tbUser, $data, 'UPDATE', 'userName="******"')) { ShowSuccess('恭喜您,修改资料成功!!', URL_ROOT . '/logout', '重新登录'); } else { ShowError('修改失败,请联系管理员', 'mailto:sky@03sec.com'); } } else { ShowError('旧密码填写错误,如不需要修改密码,请为空', 'javascript:history.go(-1)'); } } else { ShowError('两次密码不一样,请重新输入', 'javascript:history.go(-1)'); } } } else { ShowError('email不可为空或者邮箱格式不正确,请重新输入', 'javascript:history.go(-1)'); }