function invite($email) { global $CURUSER; global $SITENAME; global $BASEURL; global $SITEEMAIL; global $lang_takeinvite; $id = $CURUSER[id]; $email = unesc(htmlspecialchars(trim($email))); $email = safe_email($email); if (!$email) { bark($lang_takeinvite['std_must_enter_email']); } if (!check_email($email)) { bark($lang_takeinvite['std_invalid_email_address']); } if (EmailBanned($email)) { bark($lang_takeinvite['std_email_address_banned']); } if (!EmailAllowed($email)) { bark($lang_takeinvite['std_wrong_email_address_domains'] . allowedemails()); } $body = "\n你好,\n\n我邀请你加入 {$SITENAME}, 这是一个拥有丰富资源的非开放社区. \n如果你有兴趣加入我们请阅读规则并确认邀请.最后,确保维持一个良好的分享率 \n分享允许的资源.\n\n欢迎到来! :)\n"; $body = str_replace("<br />", "<br />", nl2br(trim(strip_tags($body)))); if (!$body) { bark($lang_takeinvite['std_must_enter_personal_message']); } // check if email addy is already in use $a = @mysql_fetch_row(@sql_query("select count(*) from users where email=" . sqlesc($email))) or die(mysql_error()); if ($a[0] != 0) { bark($lang_takeinvite['std_email_address'] . htmlspecialchars($email) . $lang_takeinvite['std_is_in_use']); } $b = @mysql_fetch_row(@sql_query("select count(*) from invites where invitee=" . sqlesc($email))) or die(mysql_error()); if ($b[0] != 0) { bark($lang_takeinvite['std_invitation_already_sent_to'] . htmlspecialchars($email) . $lang_takeinvite['std_await_user_registeration']); } $ret = sql_query("SELECT username FROM users WHERE id = " . sqlesc($id)) or sqlerr(); $arr = mysql_fetch_assoc($ret); $hash = md5(mt_rand(1, 10000) . $CURUSER['username'] . TIMENOW . $CURUSER['passhash']); $title = $SITENAME . $lang_takeinvite['mail_tilte']; $message = <<<EOD {$lang_takeinvite['mail_one']}{$arr[username]}{$lang_takeinvite['mail_two']} <b><a href="http://{$BASEURL}/signup.php?type=invite&invitenumber={$hash}" target="_blank">{$lang_takeinvite['mail_here']}</a></b><br /> http://{$BASEURL}/signup.php?type=invite&invitenumber={$hash} <br />{$lang_takeinvite['mail_three']}{$invite_timeout}{$lang_takeinvite['mail_four']}{$arr[username]}{$lang_takeinvite['mail_five']}<br /> {$body} <br /><br />{$lang_takeinvite['mail_six']} EOD; sent_mail($email, $SITENAME, $SITEEMAIL, change_email_encode(get_langfolder_cookie(), $title), change_email_encode(get_langfolder_cookie(), $message), "invitesignup", false, false, '', get_email_encode(get_langfolder_cookie())); //this email is sent only when someone give out an invitation sql_query("INSERT INTO invites (inviter, invitee, hash, time_invited) VALUES ('" . mysql_real_escape_string($id) . "', '" . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($hash) . "', " . sqlesc(date("Y-m-d H:i:s")) . ")"); }
} if ($_COOKIE["c_secure_ssl"] == base64("yeah")) { $ssl = true; } else { $ssl = false; } logincookie($CURUSER["id"], $passh, 1, 0x7fffffff, $securelogin_indentity_cookie, $ssl); //sessioncookie($CURUSER["id"], $passh); $passupdated = 1; } if ($disableemailchange != 'no' && $smtptype != 'none' && $email != $CURUSER["email"]) { if (EmailBanned($email)) { bark($lang_usercp['std_email_address_banned']); } if (!EmailAllowed($email)) { bark($lang_usercp['std_wrong_email_address_domains'] . allowedemails()); } if (!validemail($email)) { stderr($lang_usercp['std_error'], $lang_usercp['std_wrong_email_address_format'] . goback("-2"), 0); die; } $r = sql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr(); if (mysql_num_rows($r) > 0) { stderr($lang_usercp['std_error'], $lang_usercp['std_email_in_use'] . goback("-2"), 0); die; } $changedemail = 1; } if ($resetpasskey == 1) { $passkey = md5($CURUSER['username'] . date("Y-m-d H:i:s") . $CURUSER['passhash']); $updateset[] = "passkey = " . sqlesc($passkey);
<?php require_once "include/bittorrent.php"; dbconn(); require_once get_langfile_path("", false, $CURLANGDIR); cur_user_check(); registration_check("cardreg"); failedloginscheck("Signup"); $emailnotice = $restrictemaildomain == 'yes' ? $lang_signup['text_email_note'] . allowedemails() : ""; $smarty->assign("{$emailnotice}", ${$emailnotice}); $select = 'signupcard'; $smarty->assign("select", $select); $smarty->assign("show", 'yes'); $signuplist = $smarty->fetch(MTPTTEMPLATES . '/signuplist.html'); $smarty->assign("signuplist", $signuplist); $smarty->display(MTPTTEMPLATES . '/signupcard.html'); stdfoot();
//for one or more. "invite"/"invites" if ($inv["invites"] != 1) { $_s = $lang_invite['text_s']; } else { $_s = ""; } if ($type == 'new') { if ($CURUSER[invites] <= 0) { stdmsg($lang_invite['std_sorry'], $lang_invite['std_no_invites_left'] . "<a class=altlink href=invite.php?id={$CURUSER['id']}>" . $lang_invite['here_to_go_back'], false); print "</td></tr></table>"; stdfoot(); die; } $invitation_body = $lang_invite['text_invitation_body'] . $CURUSER[username]; //$invitation_body_insite = str_replace("<br />","\n",$invitation_body); print "<form method=post action=takeinvite.php?id=" . htmlspecialchars($id) . ">" . "<table border=1 width=737 cellspacing=0 cellpadding=5>" . "<tr align=center><td colspan=2><b>" . $lang_invite['text_invite_someone'] . "{$SITENAME} ({$inv['invites']}" . $lang_invite['text_invitation'] . $_s . $lang_invite['text_left'] . ")</b></td></tr>" . "<tr><td class=\"rowhead nowrap\" valign=\"top\" align=\"right\">" . $lang_invite['text_email_address'] . "</td><td align=left><input type=text size=40 name=email><br /><font align=left class=small>" . $lang_invite['text_email_address_note'] . "</font>" . ($restrictemaildomain == 'yes' ? "<br />" . $lang_invite['text_email_restriction_note'] . allowedemails() : "") . "</td></tr>" . "<tr><td class=\"rowhead nowrap\" valign=\"top\" align=\"right\">" . $lang_invite['text_message'] . "</td><td align=left><textarea name=body rows=8 cols=120>" . $invitation_body . "</textarea></td></tr>" . "<tr><td align=center colspan=2>" . "<input type=button onclick=\"\$(this).attr('disabled','true');\$(this).parents().filter('form').trigger('submit');\" value='" . $lang_invite['submit_invite'] . "'>" . "<input type=hidden name='inviterand' value='" . $_SESSION['inviterand'] . "'>" . "</td></tr>" . "</form></table></td></tr></table>"; } else { $rel = sql_query("SELECT COUNT(*) FROM users WHERE invited_by = " . mysql_real_escape_string($id)) or sqlerr(__FILE__, __LINE__); $arro = mysql_fetch_row($rel); $number = $arro[0]; $ret = sql_query("SELECT id, username, email, uploaded, downloaded, status, warned, enabled, donor, email FROM users WHERE invited_by = " . mysql_real_escape_string($id)) or sqlerr(); $num = mysql_num_rows($ret); print "<table border=1 width=737 cellspacing=0 cellpadding=5>" . "<h2 align=center>" . $lang_invite['text_invite_status'] . " ({$number})</h2><form method=post action=takeconfirm.php?id=" . htmlspecialchars($id) . ">"; if (!$num) { print "<tr><td colspan=7 align=center>" . $lang_invite['text_no_invites'] . "</tr>"; } else { print "<tr><td class=colhead><b>" . $lang_invite['text_username'] . "</b></td><td class=colhead><b>" . $lang_invite['text_email'] . "</b></td><td class=colhead><b>" . $lang_invite['text_uploaded'] . "</b></td><td class=colhead><b>" . $lang_invite['text_downloaded'] . "</b></td><td class=colhead><b>" . $lang_invite['text_ratio'] . "</b></td><td class=colhead><b>" . $lang_invite['text_status'] . "</b></td>"; if ($CURUSER[id] == $id || get_user_class() >= UC_SYSOP) { print "<td class=colhead><b>" . $lang_invite['text_confirm'] . "</b></td>"; } print "</tr>";
} else { if ($_SERVER["REQUEST_METHOD"] == "POST") { $email = $_POST['email']; //$email=safe_email($email); $password = $_POST['password']; if (!$email) { bark($lang_takeinvite['std_must_enter_email']); } if (!check_email($email)) { bark($lang_takeinvite['std_invalid_email_address']); } if (EmailBanned($email)) { bark($lang_takeinvite['std_email_address_banned']); } if (!EmailAllowed($email)) { bark($lang_takeinvite['std_wrong_email_address_domains'] . allowedemails()); } if ($CURUSER["passhash"] != md5($CURUSER["secret"] . $password . $CURUSER["secret"])) { bark('密码错误!'); } sql_query("UPDATE users SET email=" . sqlesc($email) . " WHERE id={$CURUSER['id']}") or sqlerr(__FILE__, __LINE__); stdmsg('邮箱修改成功!', '请到<a class=faqlink href=usercp.php>个人页面</a>查看。'); stdfoot(); exit; } ?> <h1>修改邮箱</h1> <form method=post action=changeemailforyahoo.php> <table border=1 cellspacing=0 cellpadding=5> <tr><td class=rowhead>请输入新邮箱</td><td><input type=text name=email size=40>注意:修改后没有验证环节,因此请谨慎修改,避免填错。</td></tr> <tr><td class=rowhead>请输入你的密码</td><td><input type=password name=password size=40>如果在此页面发现任何bug请反馈至管理组,谢谢</td></tr>
$arr = mysql_fetch_assoc($res); $invusername = $arr[username]; } if (!mkglobal("wantusername:wantpassword:passagain:email")) { die; } $email = htmlspecialchars(trim($email)); $email = safe_email($email); if (!check_email($email)) { bark($lang_takesignup['std_invalid_email_address']); } if (EmailBanned($email)) { bark($lang_takesignup['std_email_address_banned']); } if (!EmailAllowed($email)) { bark($lang_takesignup['std_wrong_email_address_domains'] . allowedemails()); } $country = $_POST["country"]; int_check($country); if ($showschool == 'yes') { $school = $_POST["school"]; int_check($school); } $gender = htmlspecialchars(trim($_POST["gender"])); $allowed_genders = array("Male", "Female", "male", "female"); if (!in_array($gender, $allowed_genders, true)) { bark($lang_takesignup['std_invalid_gender']); } if (empty($wantusername) || empty($wantpassword) || empty($email) || empty($country) || empty($gender)) { bark($lang_takesignup['std_blank_field']); }