function passwordCheck($original, $check) { if ($original != $check) { errorform('password'); } else { emailcheck(); } }
function signnow($email, $pass, $pass2) { if (emailcheck($email) == true) { echo "Email is already Taken"; return false; } if (strlen($pass) < 4) { echo "Password must be at least 4 chars."; return false; } if ($pass != $pass2) { echo "Passwords do not match"; return false; } if (makeaccount($email, $pass) == false) { echo "An Error has Occured"; return false; } return true; }
if (isset($_GET['do'], $_POST['username'], $_POST['userpwd'], $_POST['repwd'], $_POST['useremail']) && $_GET['do'] == "reg") { $uname = strAddslashes(trim($_POST['username'])); $checkname = usernameCheck($uname); if (!empty($checkname)) { die("1 " . $checkname); } $passwd = stripslashes(trim($_POST['userpwd'])); $repasswd = stripslashes(trim($_POST['repwd'])); if (strlen($passwd) < 6 || strlen($passwd) > 18) { die("1 密码长度应控制在6至18个字符之间。"); } if ($passwd != $repasswd) { die("1 两次输入的密码不一致。"); } $email = strtolower(trim($_POST['useremail'])); if (strlen($email) > 45 || !emailcheck($email)) { die("1 电子邮件地址不合法。"); } $actionTime = time(); $actionIp = getClientIP(); $DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname); if ($DB->fetch_one("SELECT COUNT(`bid`) FROM `" . $table_black . "` WHERE `uname`='" . $actionIp . "'") != 0) { echo "1 很抱歉,系统拒绝了您的注册!请与管理员联系。"; } else { if ($DB->fetch_one("SELECT COUNT(`uid`) FROM `" . $table_member . "` WHERE lower(`name`)='" . strtolower($uname) . "'") != 0) { echo "1 用户昵称已被占用"; } else { if ($DB->fetch_one("SELECT COUNT(`uid`) FROM `" . $table_member . "` WHERE `email` = '" . $email . "'") != 0) { echo "1 电子邮箱地址已被注册"; } else { $passport_info['name'] = $uname;
<li> <a href = "index.php">Sign In</a> </li> </ul> </nav> <div id = "content"> <h2>To reset your password, enter the email address you use to sign in.</h2> <?php $mess = ""; if (isset($_POST['SubButton'])) { $userNameIn = trim($_POST['myUname']); $userNameIn = mysqli_real_escape_string($con, $userNameIn); //now veriy the username and password if (emailcheck($userNameIn)) { $count = 0; //check if the username and password exists in the database $sql = "Call SP_COUNT_Aegis_Email('" . $userNameIn . "',@count);select @count as c"; if (mysqli_multi_query($con, $sql)) { do { // Store first result set if ($result = mysqli_store_result($con)) { // Fetch one and one row while ($row = mysqli_fetch_row($result)) { $count = $row[0]; //the second result is the count. It overwrites the first $count value. } // Free result set mysqli_free_result($result); }
$reppasswd = stripslashes(trim($_POST['reppasswd'])); if (!empty($newpasswd)) { if (strlen($newpasswd) < 6 || strlen($newpasswd) > 18) { die("1 新密码长度应控制在6至18个字符之间。"); } if ($newpasswd != $reppasswd) { die("1 两次输入的新密码不一致。"); } if ($newpasswd == $oldpasswd) { die("1 新密码不能与当前密码一样。"); } $profileArr['password'] = md5($newpasswd); $profileArr['securekey'] = createSecureKey(9); } $useremail = strtolower(trim($_POST['useremail'])); if (strlen($useremail) > 45 || !emailcheck($useremail)) { die("1 电子邮件地址不合法。"); } $DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname); $userArr = $TB->getMemberInfo("`uid`", $loginArr['uid']); if ($userArr['password'] == md5($oldpasswd)) { if ($userArr['email'] != $useremail) { if ($DB->fetch_one("SELECT COUNT(`uid`) FROM `" . $table_member . "` WHERE `email`='" . $useremail . "'") != 0) { $DB->close(); die("1 电子邮箱地址已被占用"); } $profileArr['email'] = $useremail; } if (isset($profileArr)) { if ($DB->query($DB->update_sql("`" . $table_member . "`", $profileArr, "`uid`=" . $userArr['uid']))) { echo "0 相关信息已成功修改!";
function addemail($email, $listid) { if (email_is_valid($email)) { $emailid = emailcheck($email); if ($emailid) { echo $emailid; if (subcheck($emailid, $listid) != true) { subadd($emailid, $listid); } } else { $emailid = emailadd($email); emailprop($emailid); subadd($emailid, $listid); } } }
<?php require dirname(__FILE__) . "/global.php"; $DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname); $where = ""; if (isset($_GET['te'], $_GET['wd']) && !empty($_GET['wd'])) { $keyword = strAddslashes(strtolower(trim($_GET['wd']))); if ($_GET['te'] == "uid" && is_numeric($keyword) && $keyword >= 1) { $where = "WHERE `uid` = " . $keyword; } if ($_GET['te'] == "name") { $where = "WHERE lower(`name`) LIKE '" . $keyword . "%'"; } if ($_GET['te'] == "email" && emailcheck($keyword)) { $where = "WHERE `email` = '" . $keyword . "'"; } } $MemberArr = $QA->getMember($where, $page, 30); $DB->close(); unset($DB, $QA); $tmp =& myTpl("user_list.html"); $tmp->assign('codeName', $code_name); $tmp->assign('codeVersion', $code_version); $tmp->assign('siteName', $site_name); $tmp->assign('siteDomain', $site_domain); $tmp->assign('siteCatalog', $site_catalog); $tmp->assign('MemberArr', $MemberArr); $tmp->output();
if (isset($_SERVER['HTTP_REFERER'])) { $backUrl = $_SERVER['HTTP_REFERER']; } else { $backUrl = "./"; } header("location:" . $backUrl); } else { if (isset($_GET['do']) && $_GET['do'] == "login") { if (isset($_POST['login-user'], $_POST['login-pwd'])) { $loginUser = strAddslashes(trim($_POST['login-user'])); $loginPwd = stripslashes(trim($_POST['login-pwd'])); if (strlen($loginUser) < 2 || strlen($loginUser) > 45 || strlen($loginPwd) < 6 || strlen($loginPwd) > 18) { echo "0 用户名或者密码不符合要求"; } else { $DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname); if (!emailcheck($loginUser)) { $LoginType = "lower(`name`)"; } else { $LoginType = "`email`"; } $userArr = $TB->getMemberInfo($LoginType, strtolower($loginUser)); if (!empty($userArr['uid'])) { if ($userArr['password'] == md5($loginPwd)) { $loginTime = time(); $loginIp = getClientIP(); loginCookie($userArr['uid'], $userArr['name'], $userArr['groupid'], $loginIp, $loginTime); $loginInfo['securekey'] = createSecureKey(10); $loginInfo['lastdate'] = $loginTime; $loginInfo['lastip'] = $loginIp; if ($userArr['lastdate'] != date("Y.m.d")) { $loginInfo['integral'] = array("`integral`+1");
function do2fa($data, $user) { $mailmode = ''; $tfa = null; $err = ''; $msg = ''; $res = emailcheck($user); if ($res != null) { $msg = $res; $ans = get2fa($user, '', 0, 0); goto skipo; } $setup = getparam('Setup', false); if ($setup === 'Setup') { // rand() included as part of the entropy $ans = get2fa($user, 'setup', rand(1073741824, 2147483647), 0); $mailmode = 'Setup'; } else { $can = getparam('Cancel', false); if ($can === 'Cancel') { $ans = get2fa($user, 'untest', 0, 0); $mailmode = 'Cancel'; } else { $value = getparam('Value', false); $test = getparam('Test', false); if ($test === 'Test' and $value !== null) { $ans = get2fa($user, 'test', 0, $value); $mailmode = 'Test'; } else { $nw = getparam('New', false); if ($nw === 'New' and $value !== null) { $ans = get2fa($user, 'new', rand(1073741824, 2147483647), $value); $mailmode = 'New'; } else { $rem = getparam('Remove', false); if ($rem === 'Remove' and $value !== null) { $ans = get2fa($user, 'remove', 0, $value); $mailmode = 'Remove'; } else { $ans = get2fa($user, '', 0, 0); } } } } } skipo: if ($ans['STATUS'] != 'ok') { $err = 'DBERR'; } else { if (isset($ans['2fa_error'])) { $err = $ans['2fa_error']; } if ($mailmode != '' and $err == '') { $ans2 = userSettings($user); if ($ans2['STATUS'] != 'ok') { dbdown(); } // Should be no other reason? if (!isset($ans2['email'])) { $err = 'An error occurred, check your details below'; } else { $email = $ans2['email']; $emailinfo = getOpts($user, emailOptList()); if ($emailinfo['STATUS'] != 'ok') { $err = 'An error occurred, check your details below'; } else { if ($mailmode === 'Setup') { twofaSetup($email, zeip(), $emailinfo); } else { if ($mailmode === 'Test') { twofaEnabled($email, zeip(), $emailinfo); } else { if ($mailmode === 'New') { twofaSetup($email, zeip(), $emailinfo); } else { if ($mailmode === 'Cancel') { twofaCancel($email, zeip(), $emailinfo); } else { if ($mailmode === 'Remove') { twofaRemove($email, zeip(), $emailinfo); } } } } } } } } } if (isset($ans['2fa_status'])) { $tfa = $ans['2fa_status']; } if ($msg == '' && isset($ans['2fa_msg'])) { $msg = $ans['2fa_msg']; } $pg = set_2fa($data, $user, $tfa, $ans, $err, $msg); return $pg; }
<?php require dirname(__FILE__) . "/global.php"; if (isset($_GET['action']) && $_GET['action'] == "update") { if (isset($_POST['T'], $_POST['E'], $_POST['S'], $_POST['P'], $_POST['A'], $_POST['U'], $_POST['W'])) { $mail_send_type = $_POST['T']; $send_email_address = strtolower(trim($_POST['E'])); if (empty($send_email_address) || !emailcheck($send_email_address)) { die("<script>alert('发件人邮箱错误');</script>"); } $smtp_server = strtolower(trim($_POST['S'])); $smtp_port = trim($_POST['P']); $smtp_auth = $_POST['A']; $smtp_user = stripslashes(trim($_POST['U'])); $smtp_password = stripslashes(trim($_POST['W'])); if ($mail_send_type == "smtp") { if (empty($smtp_server)) { die("<script>alert('SMTP服务器不能为空');</script>"); } if (!is_numeric($smtp_port)) { die("<script>alert('SMTP端口错误');</script>"); } } else { $smtp_server = ""; $smtp_port = "25"; $smtp_auth = "true"; $smtp_user = ""; $smtp_password = ""; } $config_str = "<?php"; $config_str .= "\n";
inactive($no); } if (isset($_POST['submit'])) { $userid = sql_escape($_POST['userid']); $email = sql_escape($_POST['email2']); $password = md5(sql_escape($_POST['password'])); $email2 = sql_escape($_POST['email2']); $password2 = md5(sql_escape($_POST['password2'])); $fname = sql_escape($_POST['fname']); $lname = sql_escape($_POST['lname']); $cno = sql_escape($_POST['cno']); $bank = sql_escape($_POST['bank']); $accno = sql_escape($_POST['accno']); $add = sql_escape($_POST['add']); $quali = sql_escape($_POST['quali']); $re = emailcheck($email); if ($password != $password2) { echo "<script type='text/javascript'>alert('Passwords do not match');</script>"; } elseif ($re != 'yes') { if ($email == '') { $update = "UPDATE `user` SET `first_name`='{$fname}',`last_name`='{$lname}',`contact_number`='{$cno}',`Address`='{$add}' WHERE user_id='{$userid}'"; registerc($update); } else { $update = "UPDATE `user` SET `first_name`='{$fname}',`last_name`='{$lname}',`email`='{$email}',`contact_number`='{$cno}',`Address`='{$add}' WHERE user_id='{$userid}'"; registerc($update); } if ($_POST['password'] != '') { $update = "UPDATE `user` SET `password`='{$password}' WHERE user_id='{$userid}'"; registerc($update); } $mc = "UPDATE `medical_c` SET `acc_no`='{$accno}',`bank`='{$bank}', `qualifications`= '{$quali}' WHERE `user_id`='{$userid}'";
} } elseif (isset($_POST['submit3'])) { $email = sql_escape($_POST['email']); $password = md5(sql_escape($_POST['password'])); $email2 = sql_escape($_POST['email2']); $password2 = md5(sql_escape($_POST['password2'])); $fname = sql_escape($_POST['fname']); $lname = sql_escape($_POST['lname']); $sex = sql_escape($_POST['sex']); $cno = sql_escape($_POST['cno']); $quali = sql_escape($_POST['quali']); $add = sql_escape($_POST['add']); $bank = sql_escape($_POST['bank']); $accno = sql_escape($_POST['accno']); $dob = sql_escape($_POST['year']) . '-' . sql_escape($_POST['month']) . '-' . sql_escape($_POST['day']); $check = emailcheck($email); $checkno = numbercheck($cno); if ($check == 'yes') { echo '<script>alert("Email already exists!");</script>'; } elseif ($checkno == 'yes') { echo '<script>alert("Contact number already exists!");</script>'; } else { $insert = "INSERT INTO `user`(`first_name`, `last_name`, `email`, `gender`, `user_type`, `is_active`, `password`, `contact_number`, `Address`,`dob`) VALUES ('{$fname}', '{$lname}','{$email}','{$sex}', 'G', '2', '{$password}', '{$cno}', '{$add}','{$dob}')"; $result = register($insert); $medcon = "INSERT INTO `medical_c`( `user_id`, `qualifications`, `acc_no`, `bank`) VALUES ('{$result['0']}', '{$quali}','{$accno}','{$bank}')"; $result2 = registerc($medcon); echo "<script type='text/javascript'>alert('" . $result2[1] . "')</script>"; } } require_once "includes/header.php"; //require_once("includes/header2.php");
<?php require dirname(__FILE__) . "/global.php"; if (isset($_GET['do']) && $_GET['do'] == "send") { if (isset($_POST['username'], $_POST['useremail'])) { $username = strAddslashes(trim($_POST['username'])); $checkname = usernameCheck($username); $email = strtolower(trim($_POST['useremail'])); if (!empty($checkname) || !emailcheck($email)) { echo "1 用户昵称或者电子邮件不正确。"; } else { $newKey = createSecureKey(9); $DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname); $userArr = $TB->getMemberInfo("lower(`name`)", strtolower($username)); if ($userArr['email'] == $email) { $secureArr['securekey'] = $newKey; $DB->query($DB->update_sql("`" . $table_member . "`", $secureArr, "`uid`=" . $userArr['uid'])); $mail_title = $userArr['name'] . ",您的临时识别码"; $mail_body = "您的临时识别码:" . $newKey; if (sendEmail($userArr['email'], $mail_title, $mail_body)) { echo "0 " . $userArr['uid']; } else { echo "1 识别码发送失败!请重试。"; } } else { echo "1 用户昵称与电子邮件不匹配。"; } $DB->close(); } } } else {
function dosettings($data, $user) { $err = ''; $chg = getparam('Change', false); $check = false; switch ($chg) { case 'EMail': $email = getparam('email', false); $res = bademail($email); if ($res != null) { $err = $res; } else { $pass = getparam('pass', false); $twofa = getparam('2fa', false); $ans = userSettings($user, $email, null, $pass, $twofa); $err = 'EMail changed'; $check = true; } break; case 'Address': if (!isset($data['info']['u_multiaddr'])) { $res = emailcheck($user); if ($res != null) { $err = $res; } else { $addr = getparam('baddr', false); $addrarr = array(array('addr' => $addr)); $pass = getparam('pass', false); $twofa = getparam('2fa', false); $ans = userSettings($user, null, $addrarr, $pass, $twofa); $err = 'Payout address changed'; $check = true; } } break; case 'Password': $res = emailcheck($user); if ($res != null) { $err = $res; } else { $oldpass = getparam('oldpass', false); $pass1 = getparam('pass1', false); $pass2 = getparam('pass2', false); $twofa = getparam('2fa', false); if (!safepass($pass1)) { $err = 'Unsafe password. ' . passrequires(); } elseif ($pass1 != $pass2) { $err = "Passwords don't match"; } else { $ans = setPass($user, $oldpass, $pass1, $twofa); $err = 'Password changed'; $check = true; } } break; } $doemail = false; if ($check === true) { if ($ans['STATUS'] != 'ok') { $err = $ans['STATUS']; if ($ans['ERROR'] != '') { $err .= ': ' . $ans['ERROR']; } } else { $doemail = true; } } $ans = userSettings($user); if ($ans['STATUS'] != 'ok') { dbdown(); } // Should be no other reason? if (isset($ans['email'])) { $email = $ans['email']; } else { $email = ''; } // Use the first one - updating will expire all others if (isset($ans['rows']) and $ans['rows'] > 0) { $addr = $ans['addr:0']; } else { $addr = ''; } if ($doemail) { if ($email == '') { if ($err != '') { $err .= '<br>'; } $err .= 'An error occurred, check your details below'; goto iroiroattanoyo; } $emailinfo = getOpts($user, emailOptList()); if ($emailinfo['STATUS'] != 'ok') { if ($err != '') { $err .= '<br>'; } $err .= 'An error occurred, check your details below'; goto iroiroattanoyo; } switch ($chg) { case 'EMail': if (isset($_SESSION['old_set_email'])) { $old = $_SESSION['old_set_email']; } else { $old = null; } emailAddressChanged($email, zeip(), $emailinfo, $old); break; case 'Address': payoutAddressChanged($email, zeip(), $emailinfo); break; case 'Password': passChanged($email, zeip(), $emailinfo); break; } } iroiroattanoyo: $pg = settings($data, $user, $email, $addr, $err); return $pg; }