function submitcheck($var, $checksec = 0)
{
global $_SGLOBAL, $_SCONFIG;
if (!empty($_POST[$var]) && $_SERVER['REQUEST_METHOD'] == 'POST') {
if ((empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST'])) && $_POST['formhash'] == formhash()) {
if (empty($_SCONFIG['noseccode']) && $checksec) {
if (!empty($_POST['seccode'])) {
if (ckseccode($_POST['seccode'])) {
return true;
}
showmessage('incorrect_code');
}
return false;
} else {
return true;
}
} else {
showmessage('submit_invalid');
}
} else {
return false;
}
}
<?php
/**
* @package iCMS
* @copyright 2007-2010, iDreamSoft
* @license http://www.idreamsoft.com iDreamSoft
* @author coolmoo <*****@*****.**>
*/
require_once dirname(__FILE__) . '/config.php';
if (empty($_POST['do'])) {
$iCMS->comment((int) $_GET['indexId'], (int) $_GET['mId'], (int) $_GET['sortId']);
} elseif ($_POST['do'] == 'save') {
require_once iPATH . 'include/UI.class.php';
$frame = $_POST['iframe'] ? true : false;
ckseccode($_POST['seccode']) && javascript::json(0, 'error:seccode', $frame);
//去除链接
// $contents = preg_replace("/(<a[ \t\r\n]{1,}href=[\"']{0,}http:\/\/[^\/]([^>]*)>)|(<\/a>)/isU","",stripslashes($_POST['commentext']));
// $contents = addslashes(dhtmlspecialchars($contents));
$contents = dhtmlspecialchars($_POST['commentext']);
$title = dhtmlspecialchars($_POST['title']);
$username = dhtmlspecialchars($_POST['username']);
$indexId = (int) $_POST['indexId'];
$sortId = (int) $_POST['sortId'];
$mId = (int) $_POST['mId'];
$quote = (int) $_POST['quote'];
$reply = (int) $_POST['reply'];
$floor = (int) $_POST['floor'];
$anonymous = (int) $_POST['anonymous'];
empty($contents) && javascript::json(0, 'comment:empty', $frame);
WordFilter($username) && javascript::json(0, 'filter:username', $frame);
WordFilter($contents) && javascript::json(0, 'filter:content', $frame);
/**
* @package iCMS V3.1
* @copyright 2007-2009, iDreamSoft
* @license http://www.idreamsoft.cn iDreamSoft
* @author coolmoo <*****@*****.**>
*/
require_once "global.php";
$do = $_GET['do'];
if (empty($do)) {
require_once iPATH . "include/function/template.php";
$iCMS->comment((int) $_GET['aid'], (int) $_GET['mid'], (int) $_GET['sortid']);
} else {
if ($do == 'replay') {
$frame = $_POST['iframe'] ? true : false;
if ($_POST['action'] == 'save') {
ckseccode($_POST['seccode']) && msgJson(0, 'error:seccode', $frame);
$username = dhtmlspecialchars($_POST['username']);
$password = trim($_POST['password']);
$iseditor = (int) $_POST['iseditor'];
// //去除链接
$commentext = preg_replace("/(<a[ \t\r\n]{1,}href=[\"']{0,}http:\\/\\/[^\\/]([^>]*)>)|(<\\/a>)/isU", "", stripslashes($_POST['commentext']));
$commentext = str_replace(array('<p> </p>', '<p style="margin: 9px 3px; color: #000000; line-height: 20px; text-align: left"> </p>'), '', $commentext);
$commentext = $iseditor ? addslashes(sechtml($commentext)) : addslashes(dhtmlspecialchars($commentext));
$title = dhtmlspecialchars($_POST['title']);
$aid = (int) $_POST['aid'];
$sortid = (int) $_POST['sortid'];
$mid = (int) $_POST['mid'];
$quote = (int) $_POST['quote'];
WordFilter($username) && msgJson(0, 'filter:username', $frame);
WordFilter($commentext) && msgJson(0, 'filter:content', $frame);
WordFilter($title) && msgJson(0, 'filter:title', $frame);
function DoRegister()
{
if (MEMBER_ID != 0 and false == $this->IsAdmin) {
$this->Messager('您已经是注册用户,无需再注册!', -1);
}
$regstatus = jsg_member_register_check_status();
if ($regstatus['error']) {
$this->Messager($regstatus['error'], null);
}
$message = array();
$timestamp = time();
$noemail = 0;
$sms_ckret = 0;
if ($this->_sms_register()) {
$sms_bind_num = $this->Post['sms_bind_num'];
$sms_bind_key = $this->Post['sms_bind_key'];
$sms_ckret = sms_check_bind_key($sms_bind_num, $sms_bind_key);
if ($sms_ckret) {
$this->Messager($sms_ckret, -1);
}
$noemail = jconf::get('sms', 'register_verify', 'noemail');
if ($noemail) {
$this->Post['email'] = $sms_bind_num . '@139.com';
}
}
if ($this->Config['seccode_enable'] == 1 && $this->Config['seccode_register']) {
if (!ckseccode(@$_POST['seccode'])) {
$this->Messager("验证码输入错误", -1);
}
} elseif ($this->Config['seccode_enable'] > 1 && $this->Config['seccode_register'] && $this->yxm_title && $this->Config['seccode_pub_key'] && $this->Config['seccode_pri_key']) {
$YinXiangMa_response = jlogic('seccode')->CheckYXM(@$_POST['add_YinXiangMa_challenge'], @$_POST['add_YXM_level'][0], @$_POST['add_YXM_input_result']);
if ($YinXiangMa_response != "true") {
$this->Messager("验证码输入错误", -1);
}
}
$inviter_member = array();
$invite_code = $this->Post['invite_code'] ? $this->Post['invite_code'] : $this->Get['invite_code'];
$check_result = jsg_member_register_check_invite($invite_code);
if ($regstatus['invite_enable'] && !$regstatus['normal_enable']) {
if (!$invite_code) {
$this->Messager("本站目前需要有好友邀请链接才能注册。<br><br>看看<a href=\"?mod=topic&code=top\">达人榜</a>中有没有你认识的人,让他给你发一个好友邀请。", null);
}
if (!$check_result) {
$this->Messager("对不起,您访问的邀请链接不正确或者因邀请数已满而失效,请重新与邀请人索取链接。", null);
}
}
if ($check_result['uid'] > 0) {
$inviter_member = jsg_member_info($check_result['uid']);
}
if (!$inviter_member && $this->Config['register_invite_input']) {
$inviter_member = jsg_member_info($this->Post['inviter_nickname'], 'nickname');
}
$password = $this->Post['password'];
$email = $this->Post['email'];
$username = $nickname = $this->Post['nickname'];
if (strlen($password) < 5) {
$this->Messager("密码过短,请设置至少5位", -1);
}
if ($password != $this->Post['password2']) {
$this->Messager("两次输入的密码不相同", -1);
}
if ($GLOBALS['_J']['plugins']['func']['reg']) {
hookscript('reg', 'funcs', array('param' => $this->Post, 'step' => 'check'), 'reg');
}
$uid = jsg_member_register($nickname, $password, $email);
if ($uid < 1) {
$regconf = jconf::get('register');
$rets = array('0' => '【注册失败】有可能是站点关闭了注册功能', '-1' => '帐户/昵称 不合法,含有不允许注册的字符,请尝试更换一个。', '-2' => '帐户/昵称 不允许注册,含有被保留的字符,请尝试更换一个。', '-3' => '帐户/昵称 已经存在了,请尝试更换一个。', '-4' => 'Email 不合法,请输入正确的Email地址。', '-5' => 'Email 不允许注册,请尝试更换一个。', '-6' => 'Email 已经存在了,请尝试更换一个。', '-7' => '您的IP地址 ' . $GLOBALS['_J']['client_ip'] . ' 已经被限制注册了(一个IP地址 ' . $regconf['time_html'] . ' 之内,最多只能注册 ' . $regconf['limit'] . ' 个用户),请稍后再试或联系管理员');
$this->Messager($rets[$uid], null);
}
$datas = array();
$datas['uid'] = $uid;
if ($this->_sms_register()) {
$datas['phone'] = $sms_bind_num;
}
jtable('members')->update($datas);
if ($this->_sms_register()) {
$_sms_info = _sms_client_user($sms_bind_num);
$_sms_sets = array('uid' => $uid, 'username' => $username, 'bind_key' => 0, 'bind_key_time' => 0, 'try_bind_times' => '+1', 'last_try_bind_time' => $timestamp);
sms_client_user_update($_sms_sets, $_sms_info);
}
if ($inviter_member) {
jsg_member_register_by_invite($inviter_member['uid'], $uid, $check_result);
}
$rets = jsg_member_login($uid, $password, 'uid');
$redirect_to = jget('referer');
if (!$redirect_to || $redirect_to == $this->Config['site_url']) {
if ($this->Config['reg_email_verify']) {
$redirect_to = jurl('index.php?mod=member&code=setverify&ids=' . $uid . '&from=reg');
} elseif ($this->Config['reg_step3_radio']) {
$redirect_to = jurl('index.php?mod=member&code=follow_channel');
} elseif ($this->Config['reg_step4_radio']) {
$redirect_to = jurl('index.php?mod=member&code=follow_member');
} elseif ($this->Config['reg_step5_radio']) {
$redirect_to = jurl('index.php?mod=member&code=add_face');
} elseif ($this->Config['reg_step6_radio']) {
$redirect_to = jurl('index.php?mod=member&code=member_profile');
} elseif ($this->Config['reg_step7_radio']) {
$redirect_to = jurl('index.php?mod=member&code=do_first_topic');
} else {
$redirect_to = jurl('index.php?mod=topic');
}
}
$this->Messager(NULL, $redirect_to, 0);
}
capi_showmessage_by_data('user_name_is_not_legitimate');
}
@(include_once S_ROOT . './uc_client/client.php');
$ucresult = uc_user_checkname($username);
if ($ucresult == -1) {
capi_showmessage_by_data('user_name_is_not_legitimate');
} elseif ($ucresult == -2) {
capi_showmessage_by_data('include_not_registered_words');
} elseif ($ucresult == -3) {
capi_showmessage_by_data('user_name_already_exists');
} else {
capi_showmessage_by_data('succeed');
}
} elseif ($op == "checkseccode") {
include_once S_ROOT . './source/function_cp.php';
if (ckseccode(trim($_REQUEST['seccode']))) {
capi_showmessage_by_data('succeed');
} else {
capi_showmessage_by_data('incorrect_code');
}
} elseif ($op == "seccode") {
//验证码
$seccode = mkseccode();
//设定cookie
capi_showmessage_by_data("rest_success", 0, array("seccode_auth" => rawurlencode(authcode($seccode, 'ENCODE')), "seccode" => $seccode));
}
//生成随机
function mkseccode()
{
$seccode = random(6, 1);
$s = sprintf('%04s', base_convert($seccode, 10, 24));
if ($_SGLOBAL['supe_uid'] != $blog['uid'] && !checkperm('manageblog')) {
showmessage('no_authority_operation_of_the_log');
}
}
//添加编辑操作
if (submitcheck('blogsubmit')) {
if (empty($blog['blogid'])) {
$blog = array();
} else {
if (!checkperm('allowblog')) {
ckspacelog();
showmessage('no_authority_to_add_log');
}
}
//验证码
if (checkperm('seccode') && !ckseccode($_POST['seccode'])) {
showmessage('incorrect_code');
}
include_once S_ROOT . './source/function_blog.php';
if ($newblog = blog_post($_POST, $blog)) {
if (empty($blog) && $newblog['topicid']) {
$url = 'space.php?do=topic&topicid=' . $newblog['topicid'] . '&view=blog';
} else {
$url = 'space.php?uid=' . $newblog['uid'] . '&do=blog&id=' . $newblog['blogid'];
}
showmessage('do_success', $url, 0);
} else {
showmessage('that_should_at_least_write_things');
}
}
if ($_GET['op'] == 'delete') {
<?php
/**
* @package iCMS V3.1
* @copyright 2007-2009, iDreamSoft
* @license http://www.idreamsoft.cn iDreamSoft
* @author coolmoo <*****@*****.**>
*/
header('Content-Type: text/html; charset=utf-8');
require_once dirname(__FILE__) . '/../global.php';
require_once iPATH . "admin/admin.class.php";
require_once iPATH . "admin/function.php";
require_once iPATH . 'admin/admincp.lang.php';
$iCMS->rewrite = false;
unset($_keywords);
$do = $_GET['do'];
$operation = !empty($_GET['operation']) && is_string($_GET['operation']) ? trim($_GET['operation']) : '';
$frames = isset($_GET['frames']) ? $_GET['frames'] : $_POST['frames'];
$action = $_POST['action'];
$Admin = new Admin();
$_GET['do'] == 'logout' && $Admin->logout(__SELF__);
if ($action == "login") {
ckseccode($_POST['seccode']) && alert('验证码错误!');
$username = $_POST['username'];
$password = md5($_POST['password']);
}
$Admin->checklogin($username, $password);
admincp_log();
$Admin->MP("ADMINCP", "ADMINCP_Permission_Denied");
$menu_array = (include iPATH . 'admin/menu.array.php');
}
include_once template('all_activate');
} elseif ($op == 'checkcollegeid') {
include_once S_ROOT . '../lib/db.class.php';
include_once S_ROOT . '../model/base.php';
$collegeid = trim($_GET['collegeid']);
if (empty($collegeid)) {
showmessage('collegeid_is_null');
}
$result = check_collegeid($collegeid);
if ($result == -1) {
showmessage('collegeid_is_invalid');
} elseif ($result == -2) {
showmessage('collegeid_is_not_legitimate');
} elseif ($result == -3) {
showmessage('collegeid_is_active');
} elseif ($result == -4) {
showmessage('email_not_exist');
} elseif ($result == -5) {
showmessage('mail_not_adequent');
} else {
showmessage('succeed');
}
} elseif ($op == "checkseccode") {
include_once S_ROOT . './source/function_cp.php';
if (ckseccode(trim($_GET['seccode']))) {
showmessage('succeed');
} else {
showmessage('incorrect_code');
}
}
function DoLogin()
{
if ($this->Config['seccode_enable'] == 1 && $this->Config['seccode_login']) {
if (!ckseccode(@$_POST['seccode'])) {
$this->Messager("验证码输入错误", -1);
}
} elseif ($this->Config['seccode_enable'] > 1 && $this->Config['seccode_login'] && $this->yxm_title && $this->Config['seccode_pub_key'] && $this->Config['seccode_pri_key']) {
$YinXiangMa_response = jlogic('seccode')->CheckYXM(@$_POST['YinXiangMa_challenge'], @$_POST['YXM_level'][0], @$_POST['YXM_input_result']);
if ($YinXiangMa_response != "true") {
$this->Messager("验证码输入错误", -1);
}
}
if ($this->Username == "" || $this->Password == "") {
$this->Messager("无法登录,用户名或密码不能为空", -1);
}
$username = $this->Username;
$password = $this->Password;
$referer = jget('referer');
if (!$referer) {
$referer = jsg_getcookie('referer');
}
$rets = jsg_member_login($username, $password);
$uid = (int) $rets['uid'];
if ($uid < 1) {
$this->Messager($rets['error'], null);
}
$member = jsg_member_info(MEMBER_ID);
$this->Config['reg_email_verify'] == 1 && $member['email_checked'] == 0 && ($referer = 'index.php?mod=member&code=setverify&ids=' . $uid);
$this->Config['email_must_be_true'] == 2 && $member['email_checked'] == 0 && ($referer = 'index.php?mod=member&code=setverify&ids=' . $uid);
if ($this->Config['extcredits_enable'] && $uid > 0) {
update_credits_by_action('login', $uid);
}
Load::logic('other');
$otherLogic = new OtherLogic();
$sql = "SELECT m.id as medal_id,m.medal_img,m.medal_name,m.medal_depict,m.conditions,u.dateline,y.apply_id\r\n\t\t\t\tFROM " . TABLE_PREFIX . "medal m\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "user_medal u ON (u.medalid = m.id AND u.uid = '{$uid}')\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "medal_apply y ON (y.medal_id = m.id AND y.uid = '{$uid}')\r\n\t\t\t\tWHERE m.is_open = 1\r\n\t\t\t\tORDER BY u.dateline DESC,m.id";
$query = $this->DatabaseHandler->Query($sql);
while (false != ($rs = $query->GetRow())) {
$rs['conditions'] = unserialize($rs['conditions']);
if (in_array($rs['conditions']['type'], array('topic', 'reply', 'tag', 'invite', 'fans', 'sign')) && !$rs['dateline']) {
$result .= $otherLogic->autoCheckMedal($rs['medal_id'], $uid);
}
}
$redirecto = $referer ? $referer : referer();
$redirecto = str_replace('#', '', $redirecto);
if ($this->Post['loginType'] == 'share') {
$redirecto = $this->Post['return_url'];
$this->Messager(null, $redirecto, 0);
}
if ($this->Post['loginType'] == 'show_login') {
$this->Messager(NULL, $redirecto, 0);
}
if ($rets['uc_syn_html']) {
$this->Messager("登录成功{$rets['uc_syn_html']}", $redirecto, 3);
} else {
$this->Messager(null, $redirecto);
}
}
* @license http://www.idreamsoft.com iDreamSoft
* @author coolmoo <*****@*****.**>
*/
/*************设置public目录路径**************/
/** ../ 表示global.php文件位于上层目录 */
define('iCMSPATH', '../');
/*********************************************/
/*********************************************/
require_once dirname(__FILE__) . '/' . iCMSPATH . 'global.php';
define('uPATH', dirname(strtr(__FILE__, '\\', '/')) . "/");
define('__USERCP__', __SELF__ . '?mo');
require_once iPATH . 'include/member.class.php';
require_once iPATH . 'admin/function.php';
require_once iPATH . 'include/UI.class.php';
if ($_POST['action'] == "login") {
ckseccode($_POST['seccode'], 'U') && javascript::alert('验证码错误!');
}
member::checklogin();
class UserCP
{
function __construct()
{
global $iCMS, $firstcount, $pagenav;
$this->iCMS =& $iCMS;
$this->pagenav =& $pagenav;
$this->firstcount =& $firstcount;
$this->uiBasePath = $iCMS->config['publicURL'] . '/ui';
$this->module = $_GET['mo'] ? $_GET['mo'] : '';
$this->action = isset($_GET['do']) ? $_GET['do'] : $_POST['do'];
$this->param = isset($_GET['param']) ? $_GET['param'] : $_POST['param'];
empty($this->action) && ($this->action = 'manage');
function quickregister_interface($quickcollegeid, $quickpassword)
{
//先是验证是否已经激活
$collegeid = trim($quickcollegeid);
$collegepw = $quickpassword;
$verifyname = verifycollegeid($collegeid, $collegepw);
$res_json = array();
if ($verifyname == -1) {
$res_json = array('status' => "error", "reason" => 'collegeid_is_null');
} elseif ($verifyname == -2) {
$res_json = array('status' => 'error', 'reason' => 'collegepassword_is_null');
}
if (empty($verifyname->out->string)) {
$res_json = array('status' => 'error', 'reason' => 'verify_fail');
}
$username = $collegeid;
$password = $collegepw;
$query = $_SGLOBAL['db']->query("SELECT identifier,identifier_not_use, realname,birthday, sex, defaultemail, isactive, emaildateline FROM " . tname('baseprofile') . " WHERE collegeid='{$collegeid}' and (usertype like binary '教师' or (usertype between 1 and 5) or usertype like binary '学生') limit 1");
$one = $_SGLOBAL['db']->fetch_array($query);
$id = $one['identifier_not_use'];
$realname = $one['realname'];
$birthday_exist = $one['birthday'];
if (strlen($id) == 18) {
$birthday_id = substr($id, 6, 8);
} elseif (strlen($id) == 16) {
$birthday_id = '19' . substr($id, 6, 6);
}
if ($one) {
$wheresql = "0";
if ($id) {
$wheresql .= " or identifier_not_use='" . $id . "'";
}
if (strlen($birthday_exist) == 8) {
$wheresql .= " or (realname='" . $realname . "' and birthday='" . $birthday_exist . "')";
}
if ($birthday_id) {
$wheresql .= " or (realname='" . $realname . "' and birthday='" . $birthday_id . "')";
}
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('baseprofile') . " WHERE {$wheresql}");
$flagnotactive = 0;
$flagactive = 0;
$userlines = $recordids = array();
$c_uid = 0;
while ($row = $_SGLOBAL['db']->fetch_array($query)) {
$userlines[] = $row;
if ($row['isactive'] == '1') {
$flagactive = 1;
} else {
$flagnotactive = 1;
$recordids[] = $row['userid'];
}
if ($row['uid']) {
if (!$c_uid) {
$c_uid = $row['uid'];
} elseif ($c_uid != $row['uid']) {
$act_err = 1;
}
}
}
//如果一个人激活了多个ihome账号时,系统将向ihome邮箱发送检查邮件
if ($act_err) {
$title = cplang('active_different_uids_title');
$content = $collegeid . " " . $realname . " " . cplang('active_different_uids_content');
$cid = inserttable('mailcron', array('email' => '*****@*****.**'), 1);
$setarr = array('cid' => $cid, 'subject' => addslashes(stripslashes($title)), 'message' => addslashes(stripslashes($content)), 'dateline' => $_GLOBAL['timestamp']);
inserttable('mailqueue', $setarr);
}
//如果既有激活的 也有没激活的 更新没激活的信息
if ($flagactive == 1 && $flagnotactive == 1) {
$useridlist = implode(',', $recordids);
$_SGLOBAL['db']->query("UPDATE " . tname('baseprofile') . " SET isactive=1, uid={$c_uid} WHERE userid in ({$useridlist})");
foreach ($userlines as $value) {
if ($value['isactive'] != '1') {
if ($value['academy']) {
if ($value['usertype'] == '教师' || $value['usertype'] == 5 || $value['usertype'] == 4) {
$workinfo = array('uid' => $c_uid, 'type' => 'work', 'title' => '北京航空航天大学', 'subtitle' => $value['academy'], 'startyear' => $value['startyear'], 'city' => '北京');
inserttable('spaceinfo', $workinfo, 1);
}
if (strlen($value['collegeid']) != 5 && strlen($value['collegeid']) != 6) {
if (!in_array($value['collegeid'], $collegeids)) {
$collegeids[] = $value['collegeid'];
$eduinfo = array('uid' => $c_uid, 'type' => 'edu', 'title' => '北京航空航天大学', 'subtitle' => $value['academy'], 'startyear' => $value['startyear']);
inserttable('spaceinfo', $eduinfo, 1);
}
}
}
}
}
$res_json = array("status" => "error", "indentifier is active");
} elseif ($flagactive == 1) {
$res_json = array("status" => "error", "indentifier is active");
}
} else {
$res_json = array('status' => "error", "reason" => "Please use correct register method!");
}
if ($_SCONFIG['seccode_register']) {
include_once S_ROOT . '../source/function_cp.php';
if (!ckseccode($_POST['quickseccode'])) {
$res_json = array("status" => "error", "reason" => 'incorrect_code');
}
}
if (!@(include_once S_ROOT . '../uc_client/client.php')) {
$res_json = array("status" => "error", "reason" => 'system_error');
}
$email = isemail(trim($_POST['quickemail'])) ? trim($_POST['quickemail']) : '';
if (empty($email)) {
$res_json = array('status' => 'error', 'reason' => 'email_format_is_wrong');
}
if ($count = getcount('space', array('username' => $username))) {
$res_json = array('status' => 'error', 'reason' => 'user_name_already_exists');
}
if ($count = getcount('spacefield', array('email' => $email))) {
$res_json = array('status' => 'error', 'reason' => 'email_has_been_registered');
}
$onlineip = getonlineip();
if ($_SCONFIG['regipdate']) {
$query = $_SGLOBAL['db']->query("SELECT dateline FROM " . tname('space') . " WHERE regip='{$onlineip}' ORDER BY dateline DESC LIMIT 1");
if ($value = $_SGLOBAL['db']->fetch_array($query)) {
if ($_SGLOBAL['timestamp'] - $value['dateline'] < $_SCONFIG['regipdate'] * 3600) {
$res_json = array('status' => 'regip_has_been_registered');
}
}
}
//验证完成
//创建新用户.开始
$newuid = uc_user_register($username, $password, $email);
if ($newuid <= 0) {
if ($newuid == -1) {
$res_json = array('status' => 'error', 'reason' => 'user_name_is_not_legitimate');
} elseif ($newuid == -2) {
$res_json = array('status' => 'error', 'reason' => 'include_not_registered_words');
} elseif ($newuid == -3) {
$res_json = array('status' => 'error', 'reason' => 'user_name_already_exists');
} elseif ($newuid == -4) {
$res_json = array('status' => 'error', 'reason' => 'email_format_is_wrong');
} elseif ($newuid == -5) {
$res_json = array('status' => 'error', 'reason' => 'email_not_registered');
} elseif ($newuid == -6) {
$res_json = array('status' => 'error', 'reason' => 'email_has_been_registered');
} else {
$res_json = array('status' => 'error', 'reason' => 'register_error');
}
} else {
//检查uid是否在ucenter里面,如果不在,就采取野蛮方式插入新纪录
$q = $_SGLOBAL['db']->query("SELECT uid FROM ihomeuser_members WHERE uid='{$newuid}'");
$members_match = $_SGLOBAL['db']->fetch_array($q);
$members_match = $members_match['uid'];
$q = $_SGLOBAL['db']->query("SELECT uid FROM ihomeuser_memberfields WHERE uid='{$newuid}'");
$memberfields_match = $_SGLOBAL['db']->fetch_array($q);
$memberfields_match = $memberfields_match['uid'];
if (!$members_match && !$memberfields_match) {
$salt = substr(uniqid(rand()), -6);
$hhpassword = md5(md5($password) . $salt);
$sqladd = "uid='" . intval($newuid) . "',";
$sqladd .= " secques='',";
$_SGLOBAL['db']->query("INSERT INTO ihomeuser_members SET {$sqladd} username='******', password='******', email='{$email}', regip='" . $_SERVER["HTTP_X_FORWARDED_FOR"] . "', regdate='" . time() . "', salt='{$salt}'");
$_SGLOBAL['db']->query("INSERT INTO ihomeuser_memberfields SET uid='{$newuid}'");
}
$setarr = array('uid' => $newuid, 'username' => $username, 'password' => md5($password));
inserttable('member', $setarr, 0, true);
//add action log
inserttable('actionlog', array('uid' => "{$newuid}", 'dateline' => "{$_SGLOBAL['timestamp']}", 'action' => 'register', 'value' => 'quick'));
include_once S_ROOT . './source/function_space.php';
$space = space_open($newuid, $username, 0, $email);
//默认好友
$flog = $inserts = $fuids = $pokes = array();
if (!empty($_SCONFIG['defaultfusername'])) {
$query = $_SGLOBAL['db']->query("SELECT uid,username FROM " . tname('space') . " WHERE\tusername IN (" . simplode(explode(',', $_SCONFIG['defaultfusername'])) . ")");
while ($value = $_SGLOBAL['db']->fetch_array($query)) {
$value = saddslashes($value);
$fuids[] = $value['uid'];
$inserts[] = "('{$newuid}','{$value['uid']}','{$value['username']}','1','{$_SGLOBAL['timestamp']}')";
$inserts[] = "('{$value['uid']}','{$newuid}','{$username}','1','{$_SGLOBAL['timestamp']}')";
$pokes[] = "('{$newuid}','{$value['uid']}','{$value['username']}','" . addslashes($_SCONFIG['defaultpoke']) . "','{$_SGLOBAL['timestamp']}')";
$flog[] = "('{$value['uid']}','{$newuid}','add','{$_SGLOBAL['timestamp']}')";
}
if ($inserts) {
$_SGLOBAL['db']->query("REPLACE INTO " . tname('friend') . " (uid,fuid,fusername,status,dateline) VALUES " . implode(',', $inserts));
$_SGLOBAL['db']->query("REPLACE INTO " . tname('poke') . " (uid,fromuid,fromusername,note,dateline) VALUES " . implode(',', $pokes));
$_SGLOBAL['db']->query("REPLACE INTO " . tname('friendlog') . " (uid,fuid,action,dateline) VALUES " . implode(',', $flog));
//添加到附加表
$friendstr = empty($fuids) ? '' : implode(',', $fuids);
updatetable('space', array('friendnum' => count($fuids), 'pokenum' => count($pokes)), array('uid' => $newuid));
updatetable('spacefield', array('friend' => $friendstr, 'feedfriend' => $friendstr), array('uid' => $newuid));
//更新默认用户好友缓存
include_once S_ROOT . '../source/function_cp.php';
foreach ($fuids as $fuid) {
friend_cache($fuid);
}
}
}
//好友邀请
if ($invitearr) {
include_once S_ROOT . '../source/function_cp.php';
invite_update($invitearr['id'], $setarr['uid'], $setarr['username'], $invitearr['uid'], $invitearr['username'], $app);
//如果提交的邮箱地址与邀请相符的则直接通过邮箱验证
if ($invitearr['email'] == $email) {
updatetable('spacefield', array('emailcheck' => 1), array('uid' => $newuid));
}
//统计更新
include_once S_ROOT . '../source/function_cp.php';
if ($app) {
updatestat('appinvite');
} else {
updatestat('invite');
}
}
//标记为已激活,并反写uid
if ($recordids) {
$useridlist = implode(',', $recordids);
$_SGLOBAL['db']->query("UPDATE " . tname('baseprofile') . " SET isactive=1, uid={$newuid} WHERE userid in ({$useridlist})");
}
$insertinfo = array('identifier' => $one['identifier'], 'realname' => $realname, 'defaultemail' => $one['defaultemail']);
//获得用户生日数据
//$decid = M_decode($value['identifier'], aeskeyA);
$UserBirthday = '';
if ($birthday_id) {
$UserBirthday = $birthday_id;
} elseif ($birthday_exist) {
$UserBirthday = $birthday_exist;
}
if ($UserBirthday) {
$insertinfo['birthyear'] = intval(substr($UserBirthday, 0, 4));
$insertinfo['birthmonth'] = intval(substr($UserBirthday, 4, 2));
$insertinfo['birthday'] = intval(substr($UserBirthday, 6, 2));
}
if ($one['sex'] == '男') {
$sexc = 1;
} else {
if ($one['sex'] == '女') {
$sexc = 2;
} else {
$sexc = 0;
}
}
$insertinfo['sex'] = $sexc;
//print_r($insertinfo);exit();
//更新spacefield
updatetable('spacefield', $insertinfo, array('uid' => $newuid));
if ($insertinfo['birthyear'] && $insertinfo['birthmonth'] && $insertinfo['birthday']) {
$_SGLOBAL['db']->query("INSERT INTO " . tname('spaceinfo') . " (type,subtype,uid,friend) VALUES ('base','birth'," . $newuid . ",3)");
}
//更新space
$space = array('uid' => $newuid, 'name' => $realname, 'namestatus' => 1);
//print_r($space);
//exit();
updatetable('space', $space, array('uid' => $newuid));
foreach ($userlines as $value) {
if ($value['isactive'] != '1') {
if ($value['academy']) {
if ($value['usertype'] == '教师' || $value['usertype'] == 5 || $value['usertype'] == 4) {
$workinfo = array('uid' => $newuid, 'type' => 'work', 'title' => '北京航空航天大学', 'subtitle' => $value['academy'], 'startyear' => $value['startyear'], 'city' => '北京');
inserttable('spaceinfo', $workinfo, 1);
}
if (strlen($value['collegeid']) != 5 && strlen($value['collegeid']) != 6) {
if (!empty($value['class']) && !empty($value['startyear'])) {
$eduinfo = array('uid' => $newuid, 'type' => 'edu', 'title' => '北京航空航天大学', 'subtitle' => $value['academy'] . $value['startyear'] . '级' . $value['class'] . '班', 'startyear' => $value['startyear']);
$tagname = $value['startyear'] . '年' . $value['class'] . '班';
auto_join($newuid, $tagname, $_SGLOBAL['db']);
inserttable('spaceinfo', $eduinfo, 1);
}
}
}
}
}
//毕业校友的就业信息
$query1 = $_SGLOBAL['db']->query("SELECT * FROM " . tname('stuemp') . " WHERE collegeid='{$value['collegeid']}'");
if ($value1 = $_SGLOBAL['db']->fetch_array($query1)) {
$setarr1 = array('uid' => $newuid, 'type' => 'work', 'title' => $value['unit'], 'province' => $value['province'], 'city' => $value['city']);
inserttable('spaceinfo', $setarr1, 1);
}
//变更记录
if ($_SCONFIG['my_status']) {
inserttable('userlog', array('uid' => $newuid, 'action' => 'add', 'dateline' => $_SGLOBAL['timestamp']), 0, true);
}
//创建新用户结束
$res_json = array('status' => 'correct', 'uid' => $newuid, 'username' => $username, 'password' => $password, 'email' => $email);
}
//自动为用户添加好友
if ($userlines) {
autobefriends($userlines, $newuid, $_POST['username']);
}
echo json_encode($res_json);
return json_encode($res_json);
}
<?php
/**
* @package iCMS
* @copyright 2007-2010, iDreamSoft
* @license http://www.idreamsoft.com iDreamSoft
* @author coolmoo <*****@*****.**>
*/
require_once dirname(__FILE__) . '/../global.php';
define('__ADMINCP__', __SELF__ . '?mo');
error_reporting(E_ALL ^ E_NOTICE);
iCMS_DB::$show_errors = true;
require_once iPATH . 'include/member.class.php';
require_once iPATH . 'include/forum.class.php';
require_once iPATH . 'admin/function.php';
require_once iPATH . 'admin/admincp.lang.php';
require_once iPATH . 'include/UI.class.php';
require_once iPATH . 'admin/menu.class.php';
require_once iPATH . 'admin/admincp.class.php';
//admincp_log();
if ($_POST['action'] == "login") {
ckseccode($_POST['seccode'], 'B') && javascript::alert("验证码错误!", 'js:parent.$("#seccodeimg").click();');
}
member::$isAdmin = true;
member::checklogin();
member::MP("ADMINCP", "ADMINCP_Permission_Denied");
function Login()
{
$username = trim(jget('username'));
$password = jget('password');
if ($this->Config['seccode_enable'] == 1 && $this->Config['seccode_login']) {
if (!ckseccode(@$_POST['seccode'])) {
json_error("验证码输入错误");
}
} elseif ($this->Config['seccode_enable'] > 1 && $this->Config['seccode_login'] && $this->yxm_title && $this->Config['seccode_pub_key'] && $this->Config['seccode_pri_key']) {
$YinXiangMa_response = jlogic('seccode')->CheckYXM(@$_POST['YinXiangMa_challenge'], @$_POST['YXM_level'][0], @$_POST['YXM_input_result']);
if ($YinXiangMa_response != "true") {
json_error("验证码输入错误");
}
}
if ($username == "" || $password == "") {
json_error("无法登录,用户名或密码不能为空");
}
if ($this->Config['login_by_uid']) {
is_numeric($username) && json_error("禁止使用UID登录");
}
if ($GLOBALS['_J']['plugins']['func']['login']) {
hookscript('login', 'funcs', array('param' => $this->Post, 'step' => 'check'), 'login');
}
$referer = jget('referer');
if (!$referer) {
$referer = jsg_getcookie('referer');
}
$rets = jsg_member_login($username, $password);
$uid = (int) $rets['uid'];
if ($uid < 1) {
json_error($rets['error']);
}
$member = jsg_member_info($uid);
$this->Config['email_must_be_true'] == 2 && $member['email_checked'] == 0 && ($referer = 'index.php?mod=member&code=setverify&ids=' . $uid);
if ($this->Config['extcredits_enable'] && $uid > 0) {
update_credits_by_action('login', $uid);
}
Load::logic('other');
$otherLogic = new OtherLogic();
$sql = "SELECT m.id as medal_id,m.medal_img,m.medal_name,m.medal_depict,m.conditions,u.dateline,y.apply_id\r\n\t\t\t\tFROM " . TABLE_PREFIX . "medal m\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "user_medal u ON (u.medalid = m.id AND u.uid = '{$uid}')\r\n\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "medal_apply y ON (y.medal_id = m.id AND y.uid = '{$uid}')\r\n\t\t\t\tWHERE m.is_open = 1\r\n\t\t\t\tORDER BY u.dateline DESC,m.id";
$query = $this->DatabaseHandler->Query($sql);
while (false != ($rs = $query->GetRow())) {
$rs['conditions'] = unserialize($rs['conditions']);
if (in_array($rs['conditions']['type'], array('topic', 'reply', 'tag', 'invite', 'fans')) && !$rs['dateline']) {
$result .= $otherLogic->autoCheckMedal($rs['medal_id'], $uid);
}
}
$redirecto = $referer ? $referer : referer();
if (!$redirecto || strpos($redirecto, 'login') !== false) {
$redirecto = "index.php?";
}
$redirecto = str_replace('#', '', $redirecto);
if ($rets['uc_syn_html']) {
json_result("登录成功{$rets['uc_syn_html']}", $redirecto);
} else {
json_result('登录成功', $redirecto);
}
}
$url_plus = "uid={$uid}&invite={$invite}";
}
//没有登录表单
$_SGLOBAL['nologinform'] = 1;
if (capi_submitcheck('loginsubmit')) {
$password = $_REQUEST['password'];
$username = trim($_REQUEST['username']);
$cookietime = intval($_REQUEST['cookietime']);
$cookiecheck = $cookietime ? ' checked' : '';
$membername = $username;
if (empty($_REQUEST['username'])) {
capi_showmessage_by_data('users_were_not_empty_please_re_login');
}
if ($_SCONFIG['seccode_login']) {
include_once S_ROOT . './source/function_cp.php';
if (!ckseccode($_REQUEST['seccode'])) {
$_SGLOBAL['input_seccode'] = 1;
include template('do_login');
exit;
}
}
//同步获取用户源
if (!($passport = getpassport($username, $password))) {
capi_showmessage_by_data('login_failure_please_re_login', 1, 'do.php?ac=' . $_SCONFIG['login_action']);
}
$setarr = array('uid' => $passport['uid'], 'username' => addslashes($passport['username']), 'password' => md5("{$passport['uid']}|{$_SGLOBAL['timestamp']}"));
include_once S_ROOT . './source/function_space.php';
//开通空间
$query = $_SGLOBAL['db']->query("SELECT s.*, sf.* FROM " . tname('space') . " s LEFT JOIN " . tname('spacefield') . " sf ON sf.uid=s.uid WHERE s.uid='{$setarr['uid']}'");
if (!($space = $_SGLOBAL['db']->fetch_array($query))) {
$space = space_open($setarr['uid'], $setarr['username'], 0, $passport['email']);
break;
case 'login':
$iCMS->assign('forward', __REF__);
$iCMS->iPrint("usercp/login.htm", "login");
break;
case 'logout':
set_cookie("user", '', -31536000);
set_cookie("seccode", '', -31536000);
set_cookie("username", '', -31536000);
break;
default:
require_once iPATH . 'include/UI.class.php';
$action = $_POST['action'];
//$forward= $_POST['forward'];
if ($action == 'register') {
ckseccode($_POST['seccode']) && javascript::json('seccode', 'error:seccode');
$username = dhtmlspecialchars($_POST['username']);
$email = dhtmlspecialchars($_POST['email']);
!preg_match("/^([\\w\\.-]+)@([a-zA-Z0-9-]+)(\\.[a-zA-Z\\.]+)\$/i", $email) && javascript::json('email', 'register:emailerror');
WordFilter($username) && javascript::json('username', 'filter:username');
iCMS_DB::getValue("SELECT uid FROM `#iCMS@__members` where `username`='{$username}'") && javascript::json('username', 'register:usernameusr');
$password = md5(trim($_POST['password']));
$pwdrepeat = md5(trim($_POST['pwdrepeat']));
$password != $pwdrepeat && javascript::json('pwdrepeat', 'register:different');
$gender = intval($_POST['gender']);
$nickname = dhtmlspecialchars($_POST['nickname']);
cstrlen($nickname) > 12 && javascript::json(0, 'register:nicknamelong');
$info = array();
$_POST['icq'] && ($info['icq'] = intval($_POST['icq']));
$_POST['home'] && ($info['home'] = dhtmlspecialchars(stripslashes($_POST['home'])));
$_POST['year'] && ($info['year'] = intval($_POST['year']));
function SmsSend()
{
if (!sms_init()) {
$this->Messager('还没有开启手机短信功能', null);
}
$act_name = '请输入手机验证码';
$rets = array();
$key = jget('key', 'txt');
$gsms = jget('sms', 'txt');
if ($key && $gsms) {
$sms = $gsms;
$act_name = '请重新输入手机验证码';
} else {
if ($this->Config['seccode_enable'] == 1 && $this->Config['seccode_password']) {
if (!ckseccode(@$_POST['seccode'])) {
$this->Messager("验证码输入错误", -1);
}
} elseif ($this->Config['seccode_enable'] > 1 && $this->Config['seccode_password'] && $this->yxm_title && $this->Config['seccode_pub_key'] && $this->Config['seccode_pri_key']) {
$YinXiangMa_response = jlogic('seccode')->CheckYXM(@$_POST['add_YinXiangMa_challenge'], @$_POST['add_YXM_level'][0], @$_POST['add_YXM_input_result']);
if ($YinXiangMa_response != "true") {
$this->Messager("验证码输入错误", -1);
}
}
$sms = jpost('sms', 'txt');
$rets = sms_send_verify($sms);
}
if ($rets['error']) {
$this->Messager($rets['result']);
} else {
include template('get_password_sms_send');
}
}
<?php
require_once "global.php";
require_once iPATH . "include/function/template.php";
$do = $_GET['do'];
if (empty($do)) {
$iCMS->iPrint("iSYSTEM", "register");
} elseif ($do == 'post') {
if ($_POST['action'] == 'save') {
ckseccode($_POST['seccode']) && msgJson('seccode', 'error:seccode');
$username = dhtmlspecialchars($_POST['username']);
WordFilter($username) && msgJson('username', 'filter:username');
cstrlen($username) < 3 && msgJson('username', 'register:usernameShort');
cstrlen($username) > 12 && msgJson('username', 'register:usernameLong');
$iCMS->db->getValue("SELECT uid FROM `#iCMS@__members` where `username`='{$username}'") && msgJson('username', 'register:usernameusr');
$password = md5(trim($_POST['password']));
$pwdrepeat = md5(trim($_POST['pwdrepeat']));
$password != $pwdrepeat && msgJson('pwdrepeat', 'register:different');
$_POST['email'] && !eregi("^([_\\.0-9a-z-]+)@([0-9a-z][0-9a-z-]+)\\.([a-z]{2,6})\$", $_POST['email']) && msgJson('email', 'register:emailerror');
$email = $_POST['email'];
$gender = intval($_POST['gender']);
$nickname = dhtmlspecialchars($_POST['nickname']);
// cstrlen($info['nickname'])>12 && msgJson(0,'register:nicknamelong');
$_POST['icq'] && ($info['icq'] = intval($_POST['icq']));
$_POST['home'] && ($info['home'] = dhtmlspecialchars(stripslashes($_POST['home'])));
$_POST['year'] && ($info['year'] = intval($_POST['year']));
$_POST['month'] && ($info['month'] = intval($_POST['month']));
$_POST['day'] && ($info['day'] = intval($_POST['day']));
$_POST['from'] && ($info['from'] = dhtmlspecialchars(stripslashes($_POST['from'])));
$_POST['signature'] && ($info['signature'] = dhtmlspecialchars(stripslashes($_POST['signature'])));
$info = empty($info) ? '' : addslashes(serialize($info));
if ($topicid) {
$topic = topic_get($topicid);
}
if ($topic) {
$actives = array('share' => ' class="active"');
}
$_SGLOBAL['refer'] = 'space.php?do=share&view=me';
$type = 'link';
$_GET['op'] = 'link';
break;
}
// add share
if (submitcheck('sharesubmit')) {
$_POST['topicid'] = topic_check($_POST['topicid'], 'share');
//Verification code
if ($type == 'link' && checkperm('seccode') && !ckseccode($_POST['seccode'])) {
showmessage('incorrect_code');
}
if (empty($_POST['refer'])) {
$_POST['refer'] = "space.php?do=share&view=me";
}
if ($type == 'link') {
$link = shtmlspecialchars(trim($_POST['link']));
if ($link) {
if (!preg_match("/^(http|ftp|https|mms)\\:\\/\\/.{4,300}\$/i", $link)) {
$link = '';
}
}
if (empty($link)) {
showmessage('url_incorrect_format');
}
if ($status == -1) {
//视频认证
if ($tospace['videostatus']) {
ckvideophoto('friend', $tospace);
}
if (empty($_SGLOBAL['check_bot'])) {
$before_time = $_SGLOBAL['timestamp'] - 10 * 60;
$query = $_SGLOBAL['db']->query("select count(*) from " . tname('friend') . " where status = 0 and dateline > {$before_time}");
if ($item = $_SGLOBAL['db']->fetch_array($query)) {
if ($item['count(*)'] >= 10) {
$_SGLOBAL['check_bot'] = 1;
}
}
}
if (submitcheck('addsubmit')) {
if ($_SGLOBAL['check_bot'] && !ckseccode($_POST['seccode'])) {
showmessage('incorrect_code');
}
$setarr = array('uid' => $_SGLOBAL['supe_uid'], 'fuid' => $uid, 'fusername' => addslashes($tospace['username']), 'gid' => intval($_POST['gid']), 'note' => getstr($_POST['note'], 50, 1, 1), 'dateline' => $_SGLOBAL['timestamp']);
inserttable('friend', $setarr);
//if I am a publicpage, and the user follow me, then be friends directly.
//by xuxing@ihome. 2013-4-28
if ($_SGLOBAL['member']['groupid'] == 3 && in_array($uid, explode(',', $_SGLOBAL['member']['aud']))) {
//showmessage($space['uid'].'---'.$space['username'].'----'.$tospace['uid'].'---'.$tospace['username']);
friend_update($tospace['uid'], $tospace['username'], $space['uid'], $space['username'], 'add', 0);
notification_add($tospace['uid'], 'friend', cplang('note_friend_add'));
showmessage('friends_add', $_POST['refer'], 1, array($_SN[$tospace['uid']]));
exit;
}
//end by xuxing.
//发送邮件通知
case 'logout':
member::cleancookie();
break;
default:
require_once iPATH . 'include/UI.class.php';
$action = $_POST['action'];
//$forward= $_POST['forward'];
if ($action == 'register') {
ckseccode($_POST['seccode'], 'U') && javascript::json('seccode', 'error:seccode');
$username = dhtmlspecialchars($_POST['username']);
!preg_match("/^([\\w\\.-]+)@([a-zA-Z0-9-]+)(\\.[a-zA-Z\\.]+)\$/i", $username) && javascript::json('username', 'register:emailerror');
iCMS_DB::getValue("SELECT uid FROM `#iCMS@__members` where `username`='{$username}'") && javascript::json('username', 'register:emailusr');
$password = md5(trim($_POST['password']));
$pwdrepeat = md5(trim($_POST['pwdrepeat']));
$password != $pwdrepeat && javascript::json('pwdrepeat', 'register:different');
$nickname = dhtmlspecialchars($_POST['nickname']);
cstrlen($nickname) > 12 && javascript::json(0, 'register:nicknamelong');
iCMS_DB::query("INSERT INTO `#iCMS@__members` (`groupid`,`username`,`password`,`nickname`,`gender`,`info`,`power`,`cpower`,`regtime`,`lastip`,`lastlogintime`,`logintimes`,`post`,`type`,`status`) VALUES ('4','{$username}','{$password}', '{$nickname}','2','','','','" . time() . "','" . getip() . "', '" . time() . "','0','0','0','1') ");
$uid = iCMS_DB::$insert_id;
//设置为登陆状态
member::set_user_cookie($username, $password, $nickname);
javascript::json(1, 'register:finish');
} elseif ($action == "login") {
ckseccode($_POST['seccode'], 'U') && javascript::json(0, 'error:seccode');
if (member::checklogin(true)) {
javascript::json(1, 'login:success');
} else {
javascript::json(0, 'login:failed');
}
}
}
}
} elseif ($op == "checkfreshmanseccode") {
include_once S_ROOT . './source/function_cp.php';
if (ckseccode(trim($_GET['freshmanseccode']))) {
showmessage('succeed');
} else {
showmessage('incorrect_code');
}
}
if (submitcheck('freshmanregistersubmit')) {
//接收信息
$realname = trim($_POST['freshmanrealname']);
$birthday = trim($_POST['freshmanbirthday']);
$email = trim($_POST['freshmanemail']);
include_once S_ROOT . './source/function_cp.php';
if (!ckseccode($_POST['freshmanseccode'])) {
showmessage('incorrect_code');
}
//验证信息
$email = isemail($email) ? $email : '';
if (empty($email)) {
showmessage('email_format_is_wrong');
}
if ($_SCONFIG['checkemail']) {
if ($count = getcount('spacefield', array('email' => $email))) {
showmessage('email_has_been_registered');
}
}
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('baseprofile') . " WHERE realname='{$realname}' and birthday='{$birthday}' and startyear={$ThisYear} limit 1");
$bp = $_SGLOBAL['db']->fetch_array($query);
if (empty($bp)) {
if ($uid && $code && !$reward['credit']) {
$m_space = getspace($uid);
if ($code == space_key($m_space, $app)) {
//验证通过
$invitearr['uid'] = $uid;
$invitearr['username'] = $m_space['username'];
}
$url_plus = "uid={$uid}&app={$app}&code={$code}";
} elseif ($uid && $invite) {
include_once S_ROOT . './source/function_cp.php';
$invitearr = invite_get($uid, $invite);
$url_plus = "uid={$uid}&invite={$invite}";
}
if ($_SCONFIG['seccode_login']) {
include_once S_ROOT . './source/function_cp.php';
if (!ckseccode($_POST['seccode'])) {
$_SGLOBAL['input_seccode'] = 1;
include template('do_login');
exit;
}
}
$query = $_SGLOBAL['db']->query("SELECT * FROM " . tname('member') . " WHERE username='******'");
$value = $_SGLOBAL['db']->fetch_array($query);
if (empty($value)) {
showmessage('login_failure_please_re_login', 'do.php?ac=' . $_SCONFIG['login_action']);
}
$password = $value[2];
//同步获取用户源
if (!($passport = getpassport($username, $password))) {
showmessage('login_failure_please_re_login', 'do.php?ac=' . $_SCONFIG['login_action']);
}
if ($_SGLOBAL['supe_uid'] != $bwzt['uid'] && !checkperm('managebwzt')) {
capi_showmessage_by_data('no_authority_operation_of_the_log');
}
}
//添加编辑操作
if (capi_submitcheck('bwztsubmit')) {
if (empty($bwzt['bwztid'])) {
$bwzt = array();
} else {
if (!checkperm('allowbwzt')) {
ckspacelog();
capi_showmessage_by_data('no_authority_to_add_log');
}
}
//验证码
if (checkperm('seccode') && !ckseccode($_REQUEST['seccode'])) {
capi_showmessage_by_data('incorrect_code');
}
include_once S_ROOT . './source/function_bwzt.php';
if ($op == 'alterstatus') {
if ($newbwztstatus = bwzt_alterstatus($_GET['status'], $bwzt)) {
capi_showmessage_by_data('do_success', 0, $newbwztstatus);
} else {
capi_showmessage_by_data('alter_status_failed');
}
}
if ($newbwzt = bwzt_post($_POST, $bwzt)) {
if (empty($bwzt) && $newbwzt['topicid']) {
$url = 'space.php?do=topic&topicid=' . $newbwzt['topicid'] . '&view=bwzt';
} else {
$url = 'space.php?uid=' . $newbwzt['uid'] . '&do=bwzt&id=' . $newbwzt['bwztid'];
