$clean = array();
$clean['username'] = _check_username($_POST['username']);
$clean['num'] = _check_num($_POST['num']);
$clean['sex'] = _check_sex($_POST['sex']);
_checkdate($_POST['birth_m'], $_POST['birth_d'], $_POST['birth_y']);
_checkdate($_POST['start_time_m'], $_POST['start_time_d'], $_POST['start_time_y']);
$clean['birth'] = $_POST['birth_y'] . '-' . $_POST['birth_m'] . '-' . $_POST['birth_d'];
$clean['start_time'] = $_POST['start_time_y'] . '-' . $_POST['start_time_m'] . '-' . $_POST['start_time_d'];
$clean['gm_grade'] = _time_to_grade($_POST['start_time_y'], $_POST['start_time_m']);
$clean['contact'] = _check_contact($_POST['contact']);
$clean['address'] = _check_address_ex($_POST['address']);
$clean['subject'] = _check_subject($_POST['subject']);
$clean['type'] = _check_type($_POST['type']);
$clean['photoname'] = _check_photo();
//判断是否已经注册
_is_repeat("SELECT gm_num FROM gm_user WHERE gm_num = '{$clean['num']}'", '该学号已经被注册!如有问题请咨询管理员!');
$newpassword = _check_password($_system['initial_password']);
if (_query("INSERT INTO gm_user(\r\n\t\t\t\t\t\t\t\t\tgm_username,\r\n\t\t\t\t\t\t\t\t\tgm_num,\r\n\t\t\t\t\t\t\t\t\tgm_password,\r\n\t\t\t\t\t\t\t\t\tgm_reg_time,\r\n\t\t\t\t\t\t\t\t\tgm_last_time,\r\n\t\t\t\t\t\t\t\t\tgm_last_ip) \r\n\t\t\t\t\t\t\t\tVALUES(\r\n\t\t\t\t\t\t\t\t\t'{$clean['username']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['num']}',\r\n\t\t\t\t\t\t\t\t\t'{$newpassword}',\r\n\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}')") and _query("INSERT INTO gm_stuinfo(\r\n\t\t\t\t\t\t\t\t\tgm_username,\r\n\t\t\t\t\t\t\t\t\tgm_num,\r\n\t\t\t\t\t\t\t\t\tgm_sex,\r\n\t\t\t\t\t\t\t\t\tgm_birth,\r\n\t\t\t\t\t\t\t\t\tgm_start_time,\r\n\t\t\t\t\t\t\t\t\tgm_grade,\r\n\t\t\t\t\t\t\t\t\tgm_contact,\r\n\t\t\t\t\t\t\t\t\tgm_address,\r\n\t\t\t\t\t\t\t\t\tgm_subject,\r\n\t\t\t\t\t\t\t\t\tgm_type,\r\n\t\t\t\t\t\t\t\t\tgm_photoname) \r\n\t\t\t\t\t\t\t\tVALUES(\r\n\t\t\t\t\t\t\t\t\t'{$clean['username']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['num']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['sex']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['birth']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['start_time']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['gm_grade']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['contact']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['address']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['subject']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['type']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['photoname']}')")) {
_location('你的信息已经提交,请耐心等待审核!', 'login.php');
} else {
_alert_back('注册失败!有问题请咨询管理员!');
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>计算机学院研究生档案管理--注册</title>
<link rel="stylesheet" type="text/css" href="styles/basic.css" />
//可以通过唯一标识符来防止恶意注册,伪装表单跨站攻击等等
//这个存放如数据库的唯一标识符还可以用来,登录cookies验证
$_clean['uniqid'] = _check_uniqid($_SESSION['uniqid'], $_POST['uniqid']);
//active也是一个唯一标识符,用来刚注册的用户进行激活处理,之后才可登录
$_clean['active'] = _sha1_uniqid();
$_clean['username'] = _check_username($_POST['username'], 2, 20);
$_clean['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6);
$_clean['question'] = _check_question($_POST['question'], 2, 20);
$_clean['answer'] = _check_answer($_POST['question'], $_POST['answer'], 2, 20);
$_clean['sex'] = _check_sex($_POST['sex']);
$_clean['face'] = _check_face($_POST['face']);
$_clean['email'] = _check_email($_POST['email']);
$_clean['qq'] = _check_qq($_POST['qq']);
//在新增之前,判断用户名是否被注册
$_sql = "SELECT gu_username FROM gu_user WHERE gu_username='******'username']}' LIMIT 1";
_is_repeat($_sql, '对不起,此用户名已被注册!');
//新增用户
_query("INSERT INTO gu_user(\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_uniqid,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_active,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_username,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_password,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_question,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_answer,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_sex,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_face,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_email,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_qq,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_reg_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_last_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_last_ip\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\t\tVALUES(\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['face']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['qq']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_SERVER['REMOTE_ADDR']}'\t\t\t\t\t\t\t\t\n\t\t\t\t \t\t\t\t\t\t\t\t\t\t\t\t)");
if (_affected_rows() == 1) {
//关闭
_close();
//销毁session
_session_destroy();
//跳转
_location('恭喜你!注册成功!', 'active.php?active=' . $_clean['active']);
} else {
//关闭
_close();
//销毁session
_session_destroy();
//跳转
$_clean['username'] = _check_username($_POST['username']);
$_clean['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6);
$_clean['question'] = _check_question($_POST['question'], 2, 20);
$_clean['answer'] = _check_answer($_POST['question'], $_POST['answer'], 2, 20);
$_clean['sex'] = _check_sex($_POST['sex']);
$_clean['face'] = _check_face($_POST['face']);
$_clean['email'] = _check_email($_POST['email'], 5, 40);
$_clean['qq'] = _check_qq($_POST['qq']);
$_clean['url'] = _check_url($_POST['url'], 40);
//print_r($_clean);
//首先获取本机名
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
//通过本机名获取Ip
$ip = gethostbyname("{$hostname}");
//在新增之前,要判断用户名是否重复
_is_repeat("select tg_username from tg_user where tg_username='******'username']}' limit 1", "对不起,该用户名已被注册");
//新增用户
//在双引号里直接放变量是可以的,比如$_username,但如果是数组,就必须加上{},比如{$_clean['username']}
_query("insert into tg_user(\n\t\t\t\t\t\t\t\t\t\ttg_uniqid,\n\t\t\t\t\t\t\t\t\t\ttg_active,\n\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\ttg_password,\n\t\t\t\t\t\t\t\t\t\ttg_question,\n\t\t\t\t\t\t\t\t\t\ttg_answer,\n\t\t\t\t\t\t\t\t\t\ttg_sex,\n\t\t\t\t\t\t\t\t\t\ttg_face,\n\t\t\t\t\t\t\t\t\t\ttg_email,\n\t\t\t\t\t\t\t\t\t\ttg_qq,\n\t\t\t\t\t\t\t\t\t\ttg_url,\n\t\t\t\t\t\t\t\t\t\ttg_reg_time,\n\t\t\t\t\t\t\t\t\t\ttg_last_time,\n\t\t\t\t\t\t\t\t\t\ttg_last_ip\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\tvalues(\n\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['qq']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t'{$ip}'\n\t\t\t\t\t\t\t\t\t)");
if (_affected_rows() == 1) {
//获取刚刚新增的id
$_clean['id'] = _insert_id();
//关闭
_close();
//_session_destroy();
//生成xml
_set_xml('new.xml', $_clean);
//跳转
_location('恭喜你,注册成功', 'active.php?active=' . $_clean['active']);
} else {
_close();
*/
if ($_GET['action'] == register) {
require 'includes/registe.inc.php';
_check_code($_POST['code'], $_SESSION['code']);
$_data['username'] = _checkusername($_POST['username'], 2, 20);
$_data['userpwd'] = _checkpassword($_POST['pwd'], $_POST['pwd1']);
$_data['email'] = _checkemail($_POST['email']);
$_data['lastlogin'] = time();
$_data['credits'] = 80;
$_data['active'] = sha1(uniqid(rand(), true));
//判断用户名是否被注册
$pass = DB_PRE . 'ask_user';
$query = "SELECT username FROM {$pass} WHERE username='******'username']}'";
_is_repeat($query, '对不起用户名已经被注册了');
$query = "SELECT email FROM {$pass} WHERE email='{$_data['email']}'";
_is_repeat($query, '对不起该邮箱已经被注册了');
//
$query = "INSERT INTO {$pass}(\n\tactive,\n\tusername,\n\tpassword,\n\temail,\n\tgroupid,\n\tcredits,\n\tregip,\n\tlastlogin,\n\tbday\n\t)\n\tVALUES(\n\t'{$_data['active']}',\n\t'{$_data['username']}',\n\t'{$_data['userpwd']}',\n\t'{$_data['email']}',\n\t7,\n\t'{$_data['credits']}',\n\t'{$_SERVER["REMOTE_ADDR"]}',\n\t'{$_data['lastlogin']}',\n\tNOW()\n\t)";
_query($query);
/*
* 判断是否注册成功
*/
if (mysql_affected_rows() == 1) {
// $login=array('lzuname'=>$_data['username'],'lzupwd'=>$_data['userpwd']);
// session_register(login);
// _location('欢迎注册成功','index.php');
$useremail = $_data['email'];
$body = $_data['active'];
//_location('注册成功',"location:includes/stmp.func.php?email='{$_data['email']}'&emailbody=$body");
header("location:includes/stmp.func.php?email={$useremail}&emailbody={$body}&num=1");
} else {
if (@$_GET['action'] == 'register') {
//为了防止恶意注册,跨站攻击
_check_code($_POST['code'], $_SESSION['code']);
//引入验证文件
include ROOT_PATH . 'includes/check.func.php';
//创建一个空数组,用来存放提交过来的合法数据
$_clean = array();
//可以通过唯一标示符来防止恶意注册,伪装表单跨站攻击等
//这个存放入数据库的唯一标识符还有第二个用处,就是登录cookies验证
$_clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']);
$_clean['username'] = _check_username(@$_POST['username'], 2, 20);
$_clean['password'] = _check_password(@$_POST['password'], @$_POST['notpassword'], 6);
$_clean['role_id'] = $_POST['role_id'];
$_clean['phone'] = $_POST['phone'];
//在新增之前,要判断用户名是否重复
_is_repeat("SELECT username FROM tb_admin WHERE username='******'username']}' LIMIT 1", '对不起,此用户已被注册');
//新增用户 //在双引号里,直接放变量是可以的,比如$_username,但如果是数组,就必须加上{} ,比如 {$_clean['username']}
_query("INSERT INTO tb_admin (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tuniqid,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tpassword,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tphone,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trole_id,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\treg_time\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['phone']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['role_id']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW()\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)");
//关闭
if (_affected_rows() == 1) {
_close();
_location('恭喜你,注册成功,等待超级管理员审核', '../index.php');
} else {
_close();
_location('很遗憾,注册失败!', 'register.php');
}
} else {
$_SESSION['uniqid'] = $_uniqid = _sha1_uniqid();
}
?>
<div id="register">
$_clean = array();
//protect from illegal registration by unique identifier
$_clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']);
// For a registered user to activate the account
$_clean['active'] = _sha1_uniqid();
$_clean['username'] = _check_username($_POST['username']);
$_clean['password'] = _check_password($_POST['password'], $_POST['notpassword']);
$_clean['question'] = _check_question($_POST['question']);
$_clean['answer'] = _check_answer($_POST['question'], $_POST['answer']);
$_clean['sex'] = _check_sex($_POST['sex']);
$_clean['profile'] = _check_profile($_POST['profile']);
$_clean['email'] = _check_email($_POST['email']);
$_clean['msn'] = _check_msn($_POST['msn']);
$_clean['url'] = _check_url($_POST['url']);
//check whether this username has been registered
_is_repeat("select tg_username from tg_user where tg_username = '******'username']}'limit 1", 'This username has been registered');
//insert information into database
//Between double quotation marks, a variable's name could be used; However, an array element can't.
//A pair of braces are used to fix this problem
_insert("INSERT INTO tg_user (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_uniqid,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_active,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_password,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_question,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_answer,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_sex,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_profile,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_email,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_msn,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_url,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_reg_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_ip\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['profile']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['msn']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)");
//_SERVER["REMOTE_ADDR"] would acquire the current login IP address
if (_affected_rows() == 1) {
//receive the id number in the previous "insert" statement
$_clean['id'] = _insert_id();
_close();
//_session_destroy();
//XML
_set_xml('new.xml', $_clean);
//skip to main page
_location('congratulation, registration succeed', 'active.php?active=' . $_clean['active']);
} else {
//用一个数组保存表单提交个数据
$clean = array();
//生成一个激活id
$clean['active'] = sha1(uniqid(rand(), true));
$clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']);
$clean['username'] = _check_username($_POST['username'], 2, 20);
$clean['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6);
$clean['sex'] = _mysql_string($_POST['sex']);
$clean['facesrc'] = _mysql_string($_POST['facesrc']);
$clean['passt'] = _check_pwd_question($_POST['passt'], 2, 8);
$clean['passd'] = _check_pwd_answer($_POST['passt'], $_POST['passd'], 2, 8);
$clean['email'] = _check_email($_POST['email'], 6, 40);
$clean['qq'] = _check_qq($_POST['qq']);
$clean['url'] = _check_url($_POST['url']);
//防止重复注册
_is_repeat("SELECT * FROM tg_user WHERE tg_username = '******'username']}'", "用户名重复,请重新注册!");
_query("INSERT INTO tg_user (\r\n tg_uniqid,\r\n tg_username,\r\n tg_password,\r\n tg_question,\r\n tg_answer,\r\n tg_email,\r\n tg_qq,\r\n tg_url,\r\n tg_active,\r\n tg_sex,\r\n tg_face,\r\n tg_reg_time,\r\n tg_last_time,\r\n tg_last_ip\r\n ) values (\r\n '{$clean['uniqid']}',\r\n '{$clean['username']}',\r\n '{$clean['password']}',\r\n '{$clean['passt']}',\r\n '{$clean['passd']}',\r\n '{$clean['email']}',\r\n '{$clean['qq']}',\r\n '{$clean['url']}',\r\n '{$clean['active']}',\r\n '{$clean['sex']}',\r\n '{$clean['facesrc']}',\r\n NOW(),\r\n NOW(),\r\n '{$_SERVER['REMOTE_ADDR']}'\r\n )");
if (_affect_rows() != 1) {
_closeDB();
_session_destroy();
_location("注册失败,请重新注册!", 'register.php');
} else {
_closeDB();
_session_destroy();
_location("恭喜您,注册成功,点击跳转到激活页面!", 'active.php?active=' . $clean['active']);
}
} else {
//生成uniqid
$_SESSION['uniqid'] = $uniqid = sha1(uniqid(rand(), true));
}
?>
<?php
if (@$_GET['action'] == 'register') {
include 'includes/register_func.php';
$_clean = array();
$_clean['username'] = _check_username($_POST['username']);
$_clean['password'] = _check_password($_POST['password'], $_POST['repassword']);
$_clean['email'] = $_POST['email'];
_is_repeat("SELECT username FROM members WHERE username='******'username']}' LIMIT 1", '对不起,此用户已被注册');
//新增用户//在双引号里直接放变量是可以的但如果是数组标量就必须加上{}
mysql_query("INSERT INTO members(\n\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\tpassword,\n\t\t\t\t\t\t\t\temail,\n\t\t\t\t\t\t\t\tregtime\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t VALUES(\n\t\t\t\t\t\t \t\t'{$_clean['username']}',\n\t\t\t\t\t\t \t\t'{$_clean['password']}',\n\t\t\t\t\t\t \t\t'{$_clean['email']}',\n\t\t\t\t\t\t \t\t NOW()\n\t\t\t\t\t\t \t\t)");
if (_affect_row() == 1) {
_close();
//跳转
_location('注册成功', 'class_it.php');
} else {
_close();
//跳转
_location('注册失败', 'class_it.php');
}
}
//可以通过唯一标识符来防止恶意注册,伪装表单跨站攻击等。
//这个存放入数据库的唯一标识符还有第二个用处,就是登录cookies验证
$_clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']);
//active也是一个唯一标识符,用来刚注册的用户进行激活处理,方可登录。
$_clean['active'] = _sha1_uniqid();
$_clean['username'] = _check_username($_POST['username'], 2, 20);
$_clean['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6);
$_clean['question'] = _check_question($_POST['question'], 2, 20);
$_clean['answer'] = _check_answer($_POST['question'], $_POST['answer'], 2, 20);
$_clean['sex'] = _check_sex($_POST['sex']);
$_clean['face'] = _check_face($_POST['face']);
$_clean['email'] = _check_email($_POST['email'], 6, 40);
$_clean['qq'] = _check_qq($_POST['qq']);
$_clean['url'] = _check_url($_POST['url'], 40);
//在新增之前,要判断用户名是否重复
_is_repeat("SELECT tg_username FROM tg_user WHERE tg_username='******'username']}' LIMIT 1", '对不起,此用户已被注册');
//新增用户 //在双引号里,直接放变量是可以的,比如$_username,但如果是数组,就必须加上{} ,比如 {$_clean['username']}
_query("INSERT INTO tg_user (\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_uniqid,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_active,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_password,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_question,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_answer,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_sex,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_face,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_email,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_qq,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_url,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_reg_time,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_time,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_ip\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t) \r\n\t\t\t\t\t\t\t\t\t\t\t\tVALUES (\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['face']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['qq']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['url']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}'\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)");
if (_affected_rows() == 1) {
//获取刚刚新增的ID
$_clean['id'] = _insert_id();
_close();
//_session_destroy();
//生成XML
_set_xml('new.xml', $_clean);
_location('恭喜你,注册成功!', 'active.php?active=' . $_clean['active']);
} else {
_close();
//_session_destroy();
_location('很遗憾,注册失败!', 'register.php');
}
$res = _query("SELECT * FROM gm_user WHERE gm_active='1' ORDER BY gm_level DESC,gm_num LIMIT {$pagenum},{$pagesize}");
}
//查看个人
} elseif ($_GET['action'] == 'one' and $_POST['num'] != '') {
$res = _query("SELECT * FROM gm_user WHERE gm_active='1' AND (gm_num LIKE '%{$_POST['num']}%' OR gm_username LIKE '%{$_POST['num']}%')");
$pagesize = $num = _num_rows_list($res);
}
//添加管理员
if ($_GET['action'] == 'addadmin') {
//引入验证文件
include ROOT_PATH . 'includes/register.func.php';
$clean = array();
$clean['num'] = _check_num($_POST['num']);
$clean['password'] = _check_password($_POST['password']);
//判断是否已经注册
_is_repeat("SELECT gm_num FROM gm_user WHERE gm_num = '{$clean['num']}'", '该帐号已经被注册!');
if (_query("INSERT INTO gm_user(\r\n\t\t\t\t\t\t\t\t\tgm_active,\r\n\t\t\t\t\t\t\t\t\tgm_level,\r\n\t\t\t\t\t\t\t\t\tgm_username,\r\n\t\t\t\t\t\t\t\t\tgm_num,\r\n\t\t\t\t\t\t\t\t\tgm_password,\r\n\t\t\t\t\t\t\t\t\tgm_reg_time,\r\n\t\t\t\t\t\t\t\t\tgm_last_time,\r\n\t\t\t\t\t\t\t\t\tgm_last_ip) \r\n\t\t\t\t\t\t\t\tVALUES(\r\n\t\t\t\t\t\t\t\t\t'1',\r\n\t\t\t\t\t\t\t\t\t'2',\r\n\t\t\t\t\t\t\t\t\t'admin',\r\n\t\t\t\t\t\t\t\t\t'{$clean['num']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['password']}',\r\n\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}')")) {
$string = "添加成功!\\n用户名:admin\\n登录帐号:{$clean['num']}\\n密码:{$_POST['password']}";
_alert_back($string);
} else {
_alert_back('添加失败!');
}
}
//修改密码
if ($_GET['action'] == 'pass_modify') {
//引入验证文件
include ROOT_PATH . 'includes/register.func.php';
$clean = array();
$clean['password'] = _check_password($_POST['password']);
$clean['newpassword'] = _check_password($_POST['newpassword']);
//判断旧密码是否正确
