Beispiel #1
1
function levelup($id)
{
    $con = mysqli_connect("localhost", "u242089643_jucy", "gksdid1!");
    if (!$con) {
        die('연결 안됨: ' . mysqli_error());
    } else {
        mysqli_select_db($con, "u242089643_tdc");
    }
    $check = checkuser($id, $con);
    if ($check != "empty") {
        $resultset = mysqli_query($con, "update user_info set user_level = 10 where id = '{$id}'");
        mysqli_close($con);
        return array(array("success"));
    }
    mysqli_close($con);
    return array(array("empty"));
}
Beispiel #2
0
function checkmailvalid($to, $title, $body)
{
    $a = checkuser();
    $username = $a[0];
    if ($username == "") {
        echo '-15';
        exit;
    }
    $time = time();
    date_default_timezone_set('Asia/Shanghai');
    writelog("[" . date("r", $time) . "][E-mail send to {$to} from {$username}] [Title: {$title}] {$body}\n");
}
Beispiel #3
0
function checksmsvalid($phone, $text)
{
    $a = checkuser();
    $username = $a[0];
    if ($username == "") {
        echo '-15';
        exit;
    }
    dbconnect();
    $time = time();
    $statement = "select number from capubbs.sms where username='******' && {$time}-timestamp<1800";
    $results = mysql_query($statement);
    if (mysql_num_rows($results) >= 2) {
        echo '-22';
        exit;
    }
    $ip = @$_SERVER['REMOTE_ADDR'];
    $statement = "insert into capubbs.sms values (null,'{$username}','{$phone}','{$text}','{$ip}',{$time})";
    mysql_query($statement);
    writelog("[SMS send to {$phone}] {$text}\n");
}
$db_database = "printinginfo";
$db_username = "******";
$db_password = "******";
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) {
    die("unable to connect to MySQL : " . mysql_error());
}
mysql_select_db($db_database) or die("Unable to select database:" . mysql_error());
if ($_POST['l_username']) {
    $username = $_POST['l_username'];
    $pass = $_POST['l_pass'];
    if ($username == "admin" && $pass == "admin") {
        session_start();
        header("Location: http://www.riteshvaryani.uphero.com/admin.php?username={$username}");
    } else {
        if (!checkuser($username, $db_server) && $username != null && $pass != null) {
            $query = "SELECT password FROM userinfo where username='******'";
            $result = mysql_query($query, $db_server);
            while ($row = mysql_fetch_array($result)) {
                $ans = $row['password'];
            }
            if ($ans == $pass) {
                session_start();
                header("Location: http://www.riteshvaryani.uphero.com/12.php?username={$username}");
            } else {
                echo "Wrong username or password.";
            }
        } else {
            echo "Wrong username or password.";
        }
    }
Beispiel #5
0
function check_user($username, $password)
{
    $username = safe_convert(addslashes($username));
    //2007-1-20 Security Fix
    $password = safe_convert(addslashes($password));
    //2007-1-20 Security Fix
    $userdetail = checkuser($username, $password);
    if (!$userdetail) {
        xml_error("Authentification failed by the conbination of provided username ({$username}) and password.");
    } else {
        return $userdetail;
    }
}
Beispiel #6
0
        $u = $post['user'];
        $users[$u] = loaduser($u, 1);
        if ($post['thread'] == $id) {
            $quotemsg = "[quote={$users[$u]['name']}]{$post['text']}[/quote]\r\n";
        }
    }
    print "\n\t\t\t<body>\n\t\t\t{$tccellh} width=150>&nbsp</td>{$tccellh} colspan=2>&nbsp<tr>\n\t\t\t{$tccell1}><b>{$passhint}</td> {$tccell2l} colspan=2>\n\t\t\t{$altloginjs}\n\t\t\t<b>Username:</b> {$inpt}=username VALUE=\"" . htmlspecialchars($username) . "\" SIZE=25 MAXLENGTH=25 autocomplete=\"off\">\n\n\t\t\t<!-- Hack around autocomplete, fake inputs (don't use these in the file) -->\n\t\t\t<input style=\"display:none;\" type=\"text\"     name=\"__f__usernm__\">\n\t\t\t<input style=\"display:none;\" type=\"password\" name=\"__f__passwd__\">\n\n\t\t\t<b>Password:</b> {$inpp}=password SIZE=13 MAXLENGTH=64 autocomplete=\"off\">\n\t\t\t</span><tr>\n\t\t\t{$tccell1}><b>Reply:</td>\n\t\t\t{$tccell2l} width=800px valign=top>\n\t\t\t{$txta}=message ROWS=21 COLS={$numcols} style=\"width: 100%; max-width: 800px; resize:vertical;\">" . htmlspecialchars($quotemsg, ENT_QUOTES) . "</TEXTAREA></td>\n\t\t{$tccell2l} width=*>" . moodlist(filter_int($moodid)) . "</td><tr>\n\t\t<tr>\n\t\t\t{$tccell1}>&nbsp</td>{$tccell2l} colspan=2>\n\t\t\t{$inph}=action VALUE=postreply>\n\t\t\t{$inph}=id VALUE={$id}>\n\t\t\t{$inph}=valid value=\"" . md5($_SERVER['REMOTE_ADDR'] . $id . "sillysaltstring") . "\">\n\t\t\t{$inps}=submit VALUE=\"Submit reply\">\n\t\t\t{$inps}=preview VALUE=\"Preview reply\"></td>\n\t\t<tr>{$tccell1}><b>Options:</b></td>{$tccell2l} colspan=2>\n\t\t\t{$inpc}=\"nosmilies\" id=\"nosmilies\" value=\"1\"><label for=\"nosmilies\">Disable Smilies</label> -\n\t\t\t{$inpc}=\"nolayout\" id=\"nolayout\" value=\"1\"><label for=\"nolayout\">Disable Layout</label> -\n\t\t\t{$inpc}=\"nohtml\" id=\"nohtml\" value=\"1\"><label for=\"nohtml\">Disable HTML</label></td></tr>\n\t\t\t{$modoptions}\n\t\t\t{$tblend}\n\t\t\t<br>\n\t\t\t{$tblstart}{$postlist}{$tblend}\n\t\t</table>\n\t\t\t</form>\n\t\t{$fonttag}<a href=index.php>{$boardname}</a> - <a href=forum.php?id={$forumid}>{$forum['title']}</a> - {$thread['title']}";
} elseif (!$_POST['action']) {
    print $header;
    print "{$tccell1}>You are not allowed to post in this thread.\n\t\t<br>" . redirect("index.php", 'return to the index page', 0) . "</table>";
}
if ($_POST['action'] == 'postreply' && !($banned && $log) && $id > 0) {
    if ($log && !$password) {
        $userid = $loguserid;
    } else {
        $userid = checkuser($username, $password);
    }
    $error = '';
    if ($userid == -1) {
        $error = "Either you didn't enter an existing username, or you haven't entered the right password for the username.";
    } else {
        $user = @$sql->fetchq("SELECT * FROM users WHERE id='{$userid}'");
        if ($thread['closed']) {
            $error = 'The thread is closed and no more replies can be posted.';
        }
        if ($user['powerlevel'] < $forum['minpowerreply']) {
            $error = 'Replying in this forum is restricted, and you are not allowed to post in this forum.';
        }
        if (!$message) {
            $error = "You didn't enter anything in the post.";
        }
Beispiel #7
0
function checkuser($username, $name)
{
    global $dbm;
    $sqlstr = "select * from " . TB_PREFIX . "user_list where uname='{$username}'";
    $user = $dbm->scalar($sqlstr);
    if (count($user) > 0 && $user['uid'] != "") {
        $name .= "_" . rand(1000, 9999);
        return checkuser($name, $username);
    } else {
        return $username;
    }
}
        return 1;
    }
}
$db_hostname = "localhost";
$db_database = "printdoc";
$db_username = "******";
$db_password = "";
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) {
    die("unable to connect to MySQL : " . mysql_error());
}
mysql_select_db($db_database) or die("Unable to select database:" . mysql_error());
if ($_POST['l_username']) {
    $username = $_POST['l_username'];
    $pass = $_POST['l_pass'];
    if (!checkuser($username, $db_server) && $username != "" && $pass != "") {
        $query = "SELECT password FROM userinfo where username='******'";
        $result = mysql_query($query, $db_server);
        while ($row = mysql_fetch_array($result)) {
            $ans = $row['password'];
        }
        if ($ans === MD5($pass)) {
            session_start();
            header("Location: http://localhost/project/1.php");
        } else {
            echo "Wrong username or password.";
        }
    } else {
        echo "Wrong username or password.";
    }
}
 // PREPARE
 ///////////////////////////////////
 if (!$loginform) {
     if ($loginsession) {
         $loginform[username] = $loginsession[user_login];
         $loginform[userpassword] = $loginsession[user_password];
     } elseif ($cookie_user_id && $cookie_user_password) {
         $user = getuser($cookie_user_id);
         $loginform[username] = $user[user_login];
         $loginform[userpassword] = $cookie_user_password;
     }
 }
 ///////////////////////////////////
 // CHECK
 ///////////////////////////////////
 $login = checkuser($logout);
 ///////////////////////////////////
 // LOGIN SUCCESSFULL ??????
 ///////////////////////////////////
 if (!is_array($login)) {
     #######LOGIN FAILED#######
     if ($login == "1") {
         eval("\$inc[action] = \"" . gettemplate("fail.login.noexistinguser") . "\";");
     } elseif ($login == "2") {
         eval("\$inc[action] = \"" . gettemplate("fail.login.blockeduser") . "\";");
     } elseif ($login == "3") {
         eval("\$inc[action] = \"" . gettemplate("fail.login.wrongpassword") . "\";");
     } elseif ($login == "4") {
         eval("\$inc[action] = \"" . gettemplate("fail.login.usernotactiv") . "\";");
     } elseif ($login == "5") {
         eval("\$inc[action] = \"" . gettemplate("logout") . "\";");
 function testcheckuser()
 {
     $id = "123";
     return checkuser($id);
 }
Beispiel #11
0
    //验证是否受保护、创始人、有站点设置权限的人禁止找回密码方式修改密码
    $founderarr = explode(',', $_SC['founder']);
    if ($space['flag'] || in_array($space['uid'], $founderarr) || checkperm('admin')) {
        showmessage('reset_passwd_account_invalid');
    }
    if (!@(include_once S_ROOT . './uc_client/client.php')) {
        showmessage('system_error');
    }
    if (uc_user_edit(addslashes($space['username']), $_POST['newpasswd1'], $_POST['newpasswd1'], $space['email'], 1) > 0) {
        updatetable('spacefield', array('authstr' => ''), array('uid' => $uid));
    }
    showmessage('修改密码成功,请用新密码登录,谢谢!', 'space.php?do=home', 2);
}
if ($op == 'reset') {
    $query = $_SGLOBAL['db']->query('SELECT s.username, sf.email, sf.authstr FROM ' . tname('space') . ' s, ' . tname('spacefield') . " sf WHERE s.uid='{$_GET['uid']}' AND sf.uid=s.uid");
    $space = $_SGLOBAL['db']->fetch_array($query);
    checkuser($_GET['id'], $space);
}
include template('do_lostpasswd');
//验证地址地否有效
function checkuser($id, $space)
{
    global $_SGLOBAL;
    if (empty($space)) {
        showmessage('user_does_not_exist');
    }
    list($dateline, $operation, $idstring) = explode("\t", $space['authstr']);
    if ($dateline < $_SGLOBAL['timestamp'] - 86400 * 3 || $operation != 1 || $idstring != $id) {
        showmessage('getpasswd_illegal');
    }
}
Beispiel #12
0
$facebook = new Facebook(array('appId' => '366885740127144', 'secret' => 'c4c08662da673dbb6af4538b6481ead3', 'cookie' => true));
$user = $facebook->getUser();
if ($user) {
    try {
        $user_profile = $facebook->api('/me');
        $fbid = $user_profile['id'];
        // To Get Facebook ID
        $fbuname = $user_profile['username'];
        // To Get Facebook Username
        $fbfullname = $user_profile['name'];
        // To Get Facebook full name
        $femail = $user_profile['email'];
        // To Get Facebook email ID
        /* ---- Session Variables -----*/
        $_SESSION['FBID'] = $fbid;
        $_SESSION['USERNAME'] = $fbuname;
        $_SESSION['FULLNAME'] = $fbfullname;
        $_SESSION['EMAIL'] = $femail;
        checkuser($fbid, $fbuname, $fbfullname, $femail);
        // To update local DB
    } catch (FacebookApiException $e) {
        error_log($e);
        $user = null;
    }
}
if ($user) {
    header("Location: home5.php");
} else {
    $loginUrl = $facebook->getLoginUrl(array('scope' => 'email', 'user_about_me'));
    header("Location: " . $loginUrl);
}
** This file is part of the nuBuilder source package and is licensed under the
** GPLv3. For support on developing in nuBuilder, please visit the nuBuilder
** wiki and forums. For details on contributing a patch for nuBuilder, please
** visit the `Project Contributions' forum.
**
**   Website:  http://www.nubuilder.com
**   Wiki:     http://wiki.nubuilder.com
**   Forums:   http://forums.nubuilder.com
*/
include $GLOBALS['StartingDirectory'] . "/database.php";
include "general.php";
include "editlibrary.php";
$setup = setup();
$uniq = uniqid(1);
//------------ validate user
$ck = checkuser($access);
if ($ck == '') {
    return;
}
$GLOBALS['ArrayName'][] = '';
jinclude("general");
$t = RunQuery("SELECT * FROM sysscreen WHERE ssQuery = 'SCANYREPORT'");
$r = mysql_fetch_object($t);
$PHPjavascript = $r->ssJavaScript;
if ($PHPjavascript != '') {
    print "<script type='text/javascript'  language='javascript'>\n\n\n";
    print $PHPjavascript;
    print "\n\n\n</script>\n\n";
}
//-----get information for this report
$table = RunQuery("SELECT * FROM sysreport WHERE sysreportID = '{$id}'");
Beispiel #14
0
    $session = $helper->getSessionFromRedirect();
} catch (FacebookRequestException $ex) {
    // When Facebook returns an error
} catch (Exception $ex) {
    // When validation fails or other local issues
}
// see if we have a session
if (isset($session)) {
    // graph api request for user data
    $request = new FacebookRequest($session, 'GET', '/me');
    $response = $request->execute();
    // get response
    $graphObject = $response->getGraphObject();
    $fbid = $graphObject->getProperty('id');
    // To Get Facebook ID
    $fbfullname = $graphObject->getProperty('name');
    // To Get Facebook full name
    $femail = $graphObject->getProperty('email');
    // To Get Facebook email ID
    /* ---- Session Variables -----*/
    $_SESSION['FBID'] = $fbid;
    $_SESSION['FULLNAME'] = $fbfullname;
    $_SESSION['EMAIL'] = $femail;
    $_SESSION['loged_user_name'] = $_SESSION['FULLNAME'];
    checkuser($fbid, $fbfullname, $_SESSION['EMAIL']);
    /* ---- header location after session ----*/
    header("Location: http://www.maverickgame.com/maverick-user-profile");
} else {
    $loginUrl = $helper->getLoginUrl();
    header("Location: " . $loginUrl);
}
Beispiel #15
0
function deldownload()
{
    $res = checkuser();
    $rights = intval($res[1]);
    if ($rights == 0) {
        echo '-18';
        exit;
    }
    $id = @$_POST['id'];
    dbconnect();
    $statement = "delete from capubbs.downloads where id={$id}";
    mysql_query($statement);
    echo mysql_errno();
    exit;
}
Beispiel #16
0
     while ($f = $dir->read()) {
         if (preg_match("#^addon#i", $f)) {
             include @dirname(__FILE__) . "/" . $f;
         }
     }
     $login = checkuser();
 }
 ###############
 if ($action == "deleteaccount") {
     if ($form[yes]) {
         $db->query_str("UPDATE {$tab['user']} SET activated='0' WHERE id='{$login['id']}'");
         eval("\$mail_body \t= \"" . gettemplate("profil.mail.deleteaccount.body") . "\";");
         eval("\$mail_subject \t= \"" . gettemplate("profil.mail.deleteaccount.subject") . "\";");
         eval("\$mail_header \t= \"" . gettemplate("profil.mail.deleteaccount.header") . "\";");
         $sendmail->mail($login[reg_email], $mail_subject, $mail_body, $mail_header);
         checkuser(1);
         header("LOCATION: index.php");
     }
     if ($form[no]) {
         unset($inc[action]);
     }
 }
 ###############
 if ($action == "save_avatar") {
     $avatarpic = $HTTP_POST_FILES[avatarpic];
     $avatarpic_name = $avatarpic[name];
     $avatarpic_path = $avatarpic[tmp_name];
     $avatarpic_type = $avatarpic[type];
     $avatarpic_size = $avatarpic[size];
     if ($form[unlink]) {
         $olduseravatar = $db->query_str("SELECT * FROM {$tab['avatar']} WHERE userid=1 LIMIT 1");
Beispiel #17
0
$helper = new FacebookRedirectLoginHelper($redirect_url);
$session = $helper->getSessionFromRedirect();
try {
    $session = $helper->getSessionFromRedirect();
} catch (FacebookRequestException $ex) {
    // When Facebook returns an error
} catch (\Exception $ex) {
    // When validation fails or other local issues
}
if ($session) {
    // Logged in
}
if (isset($session)) {
    // graph api request for user data
    $request = new FacebookRequest($session, 'GET', '/me?fields=id,email,first_name,middle_name,last_name');
    $response = $request->execute();
    $graph = $response->getGraphObject(GraphUser::className());
    $_SESSION['FBID'] = $graph->getId();
    $_SESSION['NAME'] = $graph->getName();
    $_SESSION['FIRST_NAME'] = $graph->getFirstName();
    $_SESSION['MIDDLE_NAME'] = $graph->getMiddleName();
    $_SESSION['LAST_NAME'] = $graph->getLastName();
    $_SESSION['EMAIL'] = $graph->getEmail();
    checkuser($_SESSION['EMAIL'], $_SESSION['FBID'], $_SESSION['FIRST_NAME'], $_SESSION['MIDDLE_NAME'], $_SESSION['LAST_NAME'], $_SESSION['username'], $db);
    header("location:" . $return_url);
} else {
    $loginUrl = $helper->getLoginUrl();
    header("location:" . $loginUrl);
    exit;
}
$db->close();
<?php

include 'modules.php';
session_start();
header("Location: index.php");
if (checkuser($_SESSION['FBID'])) {
    header("Location: errorpage.php");
} else {
    if (!isset($_SESSION['FBID'])) {
        header("Location: index.php");
    }
}
?>
<!DOCTYPE html>
<html>
<head>
  <meta charset="ISO-8859-1">
  <title>Contestent Profiles</title>
  <link rel="stylesheet"
  href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
  <script
  src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
  <script
  src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
  <link rel="stylesheet" href="css/index.css" type="text/css">
  <link rel="stylesheet" href="css/registration.css" type="text/css">
  <script>
  $(document).ready(function () {
    $('.applyPosition :checkbox').change(function () {
      var $cs=$(this).closest('.applyPosition').find(':checkbox:checked');
      if ($cs.length > 4) {
Beispiel #19
0
<?php

session_start();
require "dbase/dbFunction.php";
$cmd = $_POST['cmd'];
switch ($cmd) {
    case 'checkNameExist':
        $name = $_POST['name'];
        $res = checkuser("name", $name);
        echo $res;
        break;
    case 'checkEmailExist':
        $email = $_POST['email'];
        $res = checkuser("email", $email);
        echo $res;
        break;
    case 'getUserPos':
        if (isset($_SESSION['name'])) {
            $name = $_SESSION['name'];
            $res = getUserPos($name);
            echo $res;
        } else {
            echo "0 0";
        }
        break;
    case 'setUserPos':
        if (isset($_SESSION['name'])) {
            $name = $_SESSION['name'];
            $longitude = $_POST['longitude'];
            $latitude = $_POST['latitude'];
            $res = setUserPos($longitude, $latitude);
Beispiel #20
0
    }
}
function filexist($filename)
{
    if (file_exists('../cache/' . $filename)) {
        unlink('../cache/' . $filename);
        echo '0';
    } else {
        echo '1';
    }
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'user1') {
    echo checkuser($_REQUEST['captcha']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'user') {
    echo checkuser($_REQUEST['username']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'mail') {
    echo checkmail($_REQUEST['email']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'userc') {
    echo checkuserc($_REQUEST['username']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'mailc') {
    echo checkmailc($_REQUEST['email']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'df') {
    echo deletfile($_REQUEST['df']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'fe') {
    echo filexist($_REQUEST['fe']);
Beispiel #21
0
    }
}
?>
        <div class='sform' >
            <form method="POST" action="<?php 
echo $_SERVER['PHP_SELF'];
?>
" enctype="multipart/form-data">
                <br/>User Name:<br/>
                &nbsp;<input type='text' class="tb" name='username' maxlength='50'/>
                <input type="submit" style="background:#FFFFFF;border-style:outset;border-width:1px;color:#0000FF" name="CheckAvailability" value="Check Availability"/>
                <br/>
                <?php 
if (isset($_POST['CheckAvailability'])) {
    if (!empty($_POST['username'])) {
        checkuser($_POST['username']);
    } else {
        echo "<script language=\"javascript\" type=\"text/javascript\">";
        echo "alert('Fill in user name to check :)')";
        echo "</script>";
    }
}
?>
                 <br/>Name:&nbsp;&nbsp;<br/>
                <input type='text' class="tb" name='name'  maxlength='50'/><br/>
                 <br/>Password:&nbsp;&nbsp;<br/>
                <input type="password" class="tb" name="password"  maxlength='50'/><br/>(minimum length 6 letters)<br/>
                <br/>Confirm Password:&nbsp;&nbsp;<br/>
                <input type="password" class="tb" name="password_check" maxlength='50'/>
                <br/>DOB:<br/>
                <?php 
Beispiel #22
0
-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link href="/assets/css/bootstrap.min.css" rel="stylesheet">
<link href="/assets/css/nivo-slider.css" rel="stylesheet">
<link href="/assets/css/dark.css" rel="stylesheet">
<link href="/assets/css/eventCalendar.css" rel="stylesheet">
<link href="/assets/css/eventCalendar_theme_responsive.css" rel="stylesheet">
<link href="/assets/css/lightbox.css" rel="stylesheet">
<link href="/assets/css/style.css" rel="stylesheet">
<link rel="shortcut icon" href="/assets/images/capu.jpg">
</head>
<body>
<?php 
require_once '../lib.php';
$res = checkuser();
$username = $res[0];
$rights = intval($res[1]);
date_default_timezone_set("Asia/Shanghai");
dbconnect();
$statement = "select * from capubbs.mainpage where id=0";
$results = mysql_query($statement);
$imgs = array();
$imgthumbs = array();
$imgtxts = array();
while ($res = mysql_fetch_array($results)) {
    array_push($imgs, $res[2]);
    array_push($imgthumbs, $res[3]);
    array_push($imgtxts, $res[4]);
}
$imgnum = count($imgs);
Beispiel #23
0
     if (!$auth_code->validate($code)) {
         $param['msg'] = '校验码错误,请重新输入';
         $param['codeNum'] = FAILURE_NUM;
         showTpl($smarty, $param);
         exit;
     }
 }
 $soapData = array();
 $soap = new Soap_xjt();
 $result = $soap->login($account, $pwd, $soapData);
 if ($result) {
     $_SESSION['login_failure'] = 0;
     //修改失败次数为0
     $_SESSION['userData'] = $soapData;
     $u_ary = array('login_failure' => 0);
     if (!checkuser($account)) {
         $u_ary['m_account'] = $account;
         $u_ary['m_pwd'] = '';
         $u_ary['m_name'] = $soapData['AccName'];
         $u_ary['m_school'] = $soapData['schName'];
         $u_ary['m_group'] = 2;
         //普通用户
         $db->insert(TABLE_CZECH_MEMBER, $u_ary);
     }
     $strsql = 'select * from ' . TABLE_CZECH_MEMBER . ' where m_account = \'' . $account . '\'';
     $rows = $db->fetchRow($strsql);
     $session_id = md5(time() + rand(10, 99));
     $i_ary = array('session_id' => $session_id, 'm_id' => $rows['m_id'], 'start_time' => time(), 'end_time' => time() + $system_config['cookie_time']);
     $db->insert(TABLE_CZECH_SESSION, $i_ary);
     //保存COOKIE
     setcookie('session_id', $session_id, time() + $system_config['cookie_time'], '/', $system_config['cookie_domain'], 0);
Beispiel #24
0
    }
    checkuser($_POST['id'], $member['authstr']);
    uc_user_edit(addslashes($member['username']), $_POST['newpasswd'], $_POST['newpasswd'], $_POST['email'], 1);
    updatetable('members', array('authstr' => ''), array('uid' => $_POST['uid']));
    showmessage('getpasswd_succeed', geturl('action/login'));
}
$_GET['op'] = trim($_GET['op']);
if ($_GET['op'] == 'reset') {
    $_GET['uid'] = intval($_GET['uid']);
    $_GET['id'] = trim($_GET['id']);
    $query = $_SGLOBAL['db']->query("SELECT uid, username, authstr FROM " . tname('members') . " WHERE uid='{$_GET['uid']}'");
    $member = $_SGLOBAL['db']->fetch_array($query);
    if (empty($member)) {
        showmessage('user_does_not_exist', geturl('action/login'));
    }
    $user = uc_get_user($member['username']);
    checkuser($_GET['id'], $member['authstr']);
}
include template('site_lostpasswd');
//验证地址地否有效
function checkuser($id, $space)
{
    global $_SGLOBAL;
    if (empty($space)) {
        showmessage('link_failure', geturl('action/login'));
    }
    list($dateline, $operation, $idstring) = explode("\t", $space);
    if ($dateline < $_SGLOBAL['timestamp'] - 86400 * 3 || $operation != 1 || $idstring != $id) {
        showmessage('getpasswd_illegal');
    }
}
Beispiel #25
0
function check_user_pw($username, $password)
{
    $userdetail = checkuser($username, $password);
    if (!$userdetail) {
        xml_error("Authentification failed by the conbination of provided username ({$username}) and password.");
    } else {
        return $userdetail;
    }
}
Beispiel #26
0
    $thisboard = getboard($boardid);
}
if ($threadid) {
    $thisthread = getthread($threadid);
}
if (!$boardid && $threadid) {
    $thisboard = getboard($thisthread[parent_boardid]);
}
/////////////////////////////////////////////////
#############################
if ($action) {
    #######
    if ($action == "markallread") {
        if ($login[id]) {
            $query_str = $db->query_str("UPDATE {$tab['user']} SET last_forum_read='" . time() . "' WHERE id='{$login['id']}'");
            $login = checkuser();
        }
    }
    #######
    if ($action == "checkpassword") {
        if (!checkboardpassword($form[boardpassword], $thisboard)) {
            eval("\$failpassword =\"" . gettemplate("forum.boardpassword.wrong") . "\";");
        } else {
            $boardpassword_c[$thisboard[id]] = $thisboard[board_password];
        }
    }
    #######
    if ($action == nonotify) {
        if ($notifyid) {
            list($threadid) = $db->query("SELECT threadid FROM {$tab['forum_notify']} WHERE id='{$notifyid}' AND userid='{$login['id']}'");
            if (!($thread = getthread($threadid))) {
Beispiel #27
0
$mysql_pass = $config_db_password;
$mysql_server = $config_db_host;
$mysql_port = $config_db_port;
$mysql_dbname = $config_db_database;
$connect = mysql_connect($mysql_server, $mysql_user, $mysql_pass) or die(mysql_error());
mysql_select_db("{$mysql_dbname}") or die(mysql_error());
function checkuser($user, $password)
{
    $result = mysql_query("select user from users where user='******' and password=password('{$password}')") or die(mysql_error());
    return mysql_num_rows($result);
}
function authuser()
{
    header('WWW-Authenticate: Basic realm="Authenticate: SQUID Traffic Inspection System"');
    header('HTTP/1.0 401 Unauthorized');
    echo error401();
    exit;
}
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    authuser();
} else {
    if (checkuser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
        $authuser = $_SERVER['PHP_AUTH_USER'];
        $result = mysql_query("select admin from users where user='******'") or die(mysql_error());
        $admin = mysql_result($result, "admin");
        $_SESSION['session_username'] = $_SERVER['PHP_AUTH_USER'];
        $_SESSION['session_admin'] = $admin;
    } else {
        authuser();
    }
}