define('script', 'register'); //引入公共文件 下面这种方法比较快 require dirname(__FILE__) . '/includes/common.php'; if ($_GET['action'] == 'register') { //get可以获取url的参数 /*验证验证码是否正确 post获取表单提交的内容 因为表单是以post形式提交的*/ _check_code($_POST['yzm'], $_SESSION['code']); //可以通过唯一标识符 来防止表单恶意注册 跨站攻击 include root . 'includes/register.php'; /*定义一个变量存放 各字段的值*/ $_clear = array(); /*字段在验证成功后 将字符串 返回出来 并赋值给 $_clear 相应的字段 -->验证并赋值*/ $_clear['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']); $_clear['active'] = _sha1_uniqid(); $_clear['username'] = _check_username($_POST['username']); $_clear['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6); $_clear['question'] = _check_questions($_POST['passt'], 4, 20); $_clear['anwser'] = _check_anwser($_POST['passt'], $_POST['passd'], 4, 20); $_clean['sex'] = $_POST['sex']; $_clean['face'] = $_POST['face']; $_clear['email'] = _check_email($_POST['email']); $_clear['qq'] = _check_qq($_POST['qq']); $_clear['url'] = _check_url($_POST['url']); print_r($_clear); } else { //提交前 //这个存入数据库的唯一标识符还有第二个用处 就是cookie登陆验证 验证cookie的标识符和数据库的标识符是否相等 $_SESSION['uniqid'] = $_uniqid = _sha1_uniqid(); echo $_SESSION['uniqid']; } //唯一标识符 有两个参数 参数一rand() :每次产生的长度是随机的 参数二:是否带小数 true/false
<?php /* * 关俊鹏 * 2012/7/28 *修改 加入了login.inc.php的包涵 和转跳的页面 */ session_start(); error_reporting(0); header("Content-Type: text/html; charset=UTF-8"); //如有必要一定要设置成utf-8 require 'common.inc.php'; //转换成硬路径 require 'login.inc.php'; $_data['secret1'] = _check_password($_POST['secret1']); $_data['secret2'] = _check_password($_POST['secret2']); $pass = DB_PRE . 'ask_user'; $_sql = "SELECT * FROM {$pass} where uid='{$login['lzuuid']}' AND password='******'secret1']}'"; if (_fetch_array($_sql)) { $query = "update {$pass} SET\n\t password='******'secret2']}'\n where uid='{$login['lzuuid']}'"; _query($query); echo '<a href="../personnav.php">密码修改成功</a>'; } else { _alert_back("密码不正确!"); }
$clean['username'] = _check_username($_POST['username']); $clean['num'] = _check_num($_POST['num']); $clean['sex'] = _check_sex($_POST['sex']); _checkdate($_POST['birth_m'], $_POST['birth_d'], $_POST['birth_y']); _checkdate($_POST['start_time_m'], $_POST['start_time_d'], $_POST['start_time_y']); $clean['birth'] = $_POST['birth_y'] . '-' . $_POST['birth_m'] . '-' . $_POST['birth_d']; $clean['start_time'] = $_POST['start_time_y'] . '-' . $_POST['start_time_m'] . '-' . $_POST['start_time_d']; $clean['gm_grade'] = _time_to_grade($_POST['start_time_y'], $_POST['start_time_m']); $clean['contact'] = _check_contact($_POST['contact']); $clean['address'] = _check_address_ex($_POST['address']); $clean['subject'] = _check_subject($_POST['subject']); $clean['type'] = _check_type($_POST['type']); $clean['photoname'] = _check_photo(); //判断是否已经注册 _is_repeat("SELECT gm_num FROM gm_user WHERE gm_num = '{$clean['num']}'", '该学号已经被注册!如有问题请咨询管理员!'); $newpassword = _check_password($_system['initial_password']); if (_query("INSERT INTO gm_user(\r\n\t\t\t\t\t\t\t\t\tgm_username,\r\n\t\t\t\t\t\t\t\t\tgm_num,\r\n\t\t\t\t\t\t\t\t\tgm_password,\r\n\t\t\t\t\t\t\t\t\tgm_reg_time,\r\n\t\t\t\t\t\t\t\t\tgm_last_time,\r\n\t\t\t\t\t\t\t\t\tgm_last_ip) \r\n\t\t\t\t\t\t\t\tVALUES(\r\n\t\t\t\t\t\t\t\t\t'{$clean['username']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['num']}',\r\n\t\t\t\t\t\t\t\t\t'{$newpassword}',\r\n\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}')") and _query("INSERT INTO gm_stuinfo(\r\n\t\t\t\t\t\t\t\t\tgm_username,\r\n\t\t\t\t\t\t\t\t\tgm_num,\r\n\t\t\t\t\t\t\t\t\tgm_sex,\r\n\t\t\t\t\t\t\t\t\tgm_birth,\r\n\t\t\t\t\t\t\t\t\tgm_start_time,\r\n\t\t\t\t\t\t\t\t\tgm_grade,\r\n\t\t\t\t\t\t\t\t\tgm_contact,\r\n\t\t\t\t\t\t\t\t\tgm_address,\r\n\t\t\t\t\t\t\t\t\tgm_subject,\r\n\t\t\t\t\t\t\t\t\tgm_type,\r\n\t\t\t\t\t\t\t\t\tgm_photoname) \r\n\t\t\t\t\t\t\t\tVALUES(\r\n\t\t\t\t\t\t\t\t\t'{$clean['username']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['num']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['sex']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['birth']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['start_time']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['gm_grade']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['contact']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['address']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['subject']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['type']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['photoname']}')")) { _location('你的信息已经提交,请耐心等待审核!', 'login.php'); } else { _alert_back('注册失败!有问题请咨询管理员!'); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>计算机学院研究生档案管理--注册</title> <link rel="stylesheet" type="text/css" href="styles/basic.css" /> <link rel="stylesheet" type="text/css" href="styles/register.css" />
require dirname(__FILE__) . '/includes/common.inc.php'; //登录状态 _login_state(); global $_system; //开始处理登录状态 if (isset($_GET['action']) && $_GET['action'] == 'login') { //为了防止恶意注册,跨站攻击 if (!empty($_system['code'])) { _check_code($_POST['code'], $_SESSION['code']); } //引入验证文件 include ROOT_PATH . 'includes/login.func.php'; //接收数据 $_clean = array(); $_clean['username'] = _check_username($_POST['username'], 2, 20); $_clean['password'] = _check_password($_POST['password'], 6); $_clean['time'] = _check_time($_POST['time']); //print_r($_clean); //到数据库验证 //用户名密码正确,且已经激活了账户的 if (!!($_rows = _fetch_array("select tg_username,tg_uniqid,tg_level from tg_user where tg_username='******'username']}' and tg_password='******'password']}' and tg_active='' limit 1"))) { //登录成功后,记录登录信息 //首先获取本机名 $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']); //通过本机名获取Ip $ip = gethostbyname("{$hostname}"); _query("update tg_user set \n\t\t\t\t\t\t\t\t\t\ttg_last_time=NOW(),\n\t\t\t\t\t\t\t\t\t\ttg_last_ip='{$ip}',\n\t\t\t\t\t\t\t\t\t\ttg_login_count=tg_login_count+1\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\ttg_username='******'tg_username']}'\n\t\t\t\t\t\t\t\t\t"); //_session_destroy(); //清楚验证码的session _setcookie($_rows['tg_username'], $_rows['tg_uniqid'], $_clean['time']); if ($_rows['tg_level'] == 1) { $_SESSION['admin'] = $_rows['tg_username'];
define('SCRIPT', 'stu_data_s'); //引入公共文件 require dirname(__FILE__) . '/includes/common.inc.php'; //判断登录状态和权限 _login_state(1); //个人信息 if ($_GET['action'] == 'aboutme') { $row = _fetch_array("SELECT * FROM gm_stuinfo AS s INNER JOIN gm_user AS u ON s.gm_num=u.gm_num WHERE s.gm_num='{$_SESSION['num']}'"); } //修改密码 if ($_GET['action'] == 'pass_modify') { //引入验证文件 include ROOT_PATH . 'includes/register.func.php'; $clean = array(); $clean['password'] = _check_password($_POST['password']); $clean['newpassword'] = _check_password($_POST['newpassword']); //判断旧密码是否正确 if (!_num_rows("SELECT gm_num FROM gm_user WHERE gm_active='1' AND gm_num = '{$_SESSION['num']}' AND gm_password = '******'password']}'")) { _alert_back('原密码不正确!'); } if (_query("UPDATE gm_user SET gm_password = '******'newpassword']}' WHERE gm_active='1' AND gm_num = '{$_SESSION['num']}'")) { $string = "密码修改成功!\\n用户名:{$_SESSION['username']}\\n登录帐号:{$_SESSION['num']}\\n密码:{$_POST['newpassword']}"; _alert_back($string); } else { _alert_back('密码修改失败!'); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
<body> <?php require ROOT_PATH . 'includes/admin_header.inc.php'; //判断是否提交了 if (@$_GET['action'] == 'register') { //为了防止恶意注册,跨站攻击 _check_code($_POST['code'], $_SESSION['code']); //引入验证文件 include ROOT_PATH . 'includes/check.func.php'; //创建一个空数组,用来存放提交过来的合法数据 $_clean = array(); //可以通过唯一标示符来防止恶意注册,伪装表单跨站攻击等 //这个存放入数据库的唯一标识符还有第二个用处,就是登录cookies验证 $_clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']); $_clean['username'] = _check_username(@$_POST['username'], 2, 20); $_clean['password'] = _check_password(@$_POST['password'], @$_POST['notpassword'], 6); $_clean['role_id'] = $_POST['role_id']; $_clean['phone'] = $_POST['phone']; //在新增之前,要判断用户名是否重复 _is_repeat("SELECT username FROM tb_admin WHERE username='******'username']}' LIMIT 1", '对不起,此用户已被注册'); //新增用户 //在双引号里,直接放变量是可以的,比如$_username,但如果是数组,就必须加上{} ,比如 {$_clean['username']} _query("INSERT INTO tb_admin (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tuniqid,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tpassword,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tphone,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trole_id,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\treg_time\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['phone']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['role_id']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW()\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)"); //关闭 if (_affected_rows() == 1) { _close(); _location('恭喜你,注册成功,等待超级管理员审核', '../index.php'); } else { _close(); _location('很遗憾,注册失败!', 'register.php'); } } else {
*/ session_start(); define('IN_TG', true); //引入公共文件 //定义一个常量,用来指定本页的内容 define('SCRIPT', 'member_PSW_modify'); //引入公共文件 require dirname(__FILE__) . '/../../includes/common.inc.php'; //引入验证文件 include ROOT_PATH . 'includes/check.func.php'; //修改资料 if ($_GET['action'] == "modify") { //为了防止恶意注册,跨站攻击 $_clean = array(); $_clean['password1'] = _check_modify_password(@$_POST['password1'], 6); $_clean['password'] = _check_password(@$_POST['password2'], @$_POST['password3'], 6); if (!!($_rows = _fetch_array("SELECT uniqid FROM tb_user WHERE username='******'username']}' AND password='******'password1']}' LIMIT 1"))) { //为了防止cookies伪造,还要比对一下唯一标识符uniqid() uniqid($_rows['uniqid'], $_COOKIE['uniqid']); _query("UPDATE tb_user \n\t\t\t\t\tSET\n\t\t\t\t\tpassword = '******'password']}' \n\t\t\t\t\tWHERE \n\t\t\t\t\tusername='******'username']}'\t\n\t\t\t\t\t"); } //判断是否修改成功 if (_affected_rows() == 1) { _close(); _session_destroy(); _location('恭喜你,密码修改成功!', 'db_member_PSW_modify.php'); } else { _close(); _session_destroy(); _location('很遗憾,密码修改失败!', 'db_member_PSW_modify.php'); }
_alert_back("已经登录了!"); } /* *用户登陆 * */ if ($_GET['action'] == login) { /* * 这儿应该有js 用户端的验证 * 包括没有js验证 * 最后加上 */ require ROOT_PATH . 'includes/login.inc.php'; $_data = array(); $_data['username'] = _check_username($_POST['username']); $_data['userpwd'] = _check_password($_POST['userpwd']); /* * 验证 * */ $pass = DB_PRE . 'ask_user'; $_sql = "SELECT * FROM {$pass} where username='******'username']}' AND password='******'userpwd']}'"; if (!!($result = _fetch_array($_sql))) { if ($result['active'] != NULL) { _alert_back("用户未激活,请到邮箱激活"); } $logintime = time() + 28800; $login = array('lzuname' => $_data['username'], 'lzupwd' => $_data['userpwd'], 'lzuuid' => $result['uid'], 'lastlogin' => $logintime); session_register(login); $_sql_1 = "UPDATE {$pass} SET is_login=1 WHERE username='******'lzuname']}'"; mysql_query($_sql_1);
//flag login state _login_state(); //whether the form is submitted if (isset($_POST['action'])) { if ($_POST['action'] == 'register') { //protect from illegal registration _check_code($_POST['code'], $_SESSION['RandCode']); //include register.func.php include ROOT_PATH . 'includes/check.func.php'; $_clean = array(); //protect from illegal registration by unique identifier $_clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']); // For a registered user to activate the account $_clean['active'] = _sha1_uniqid(); $_clean['username'] = _check_username($_POST['username']); $_clean['password'] = _check_password($_POST['password'], $_POST['notpassword']); $_clean['question'] = _check_question($_POST['question']); $_clean['answer'] = _check_answer($_POST['question'], $_POST['answer']); $_clean['sex'] = _check_sex($_POST['sex']); $_clean['profile'] = _check_profile($_POST['profile']); $_clean['email'] = _check_email($_POST['email']); $_clean['msn'] = _check_msn($_POST['msn']); $_clean['url'] = _check_url($_POST['url']); //check whether this username has been registered _is_repeat("select tg_username from tg_user where tg_username = '******'username']}'limit 1", 'This username has been registered'); //insert information into database //Between double quotation marks, a variable's name could be used; However, an array element can't. //A pair of braces are used to fix this problem _insert("INSERT INTO tg_user (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_uniqid,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_active,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_password,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_question,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_answer,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_sex,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_profile,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_email,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_msn,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_url,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_reg_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_ip\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['profile']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['msn']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)"); //_SERVER["REMOTE_ADDR"] would acquire the current login IP address if (_affected_rows() == 1) {