function currentuser()
{
global $m_cookie, $db, $tblprefix, $onlineip, $nouserinfos, $timestamp, $sessionexists;
$this->cumonthadd_reset();
//将所有会员的月交互数量置为0
$memberid = 0;
if (!empty($m_cookie['userauth'])) {
@(list($memberpwd, $memberid) = maddslashes(explode("\t", authcode($m_cookie['userauth'], 'DECODE')), 1));
if (empty($memberid) || $memberid != intval($memberid)) {
mclearcookie('userauth');
}
} else {
list($memberpwd, $memberid) = array('', 0);
}
$sessionexists = 0;
$msid = isset($m_cookie['msid']) ? $m_cookie['msid'] : '';
if ($msid) {
if ($memberid) {
$sqlstr = "SELECT ms.* FROM {$tblprefix}msession ms,{$tblprefix}members m\n\t\t\t\t\tWHERE ms.mid=m.mid AND ms.msid='{$msid}' AND onlineip='{$onlineip}' AND m.mid='{$memberid}' AND m.password='******'";
} else {
$sqlstr = "SELECT * FROM {$tblprefix}msession WHERE msid='{$msid}' AND onlineip='{$onlineip}'";
}
if ($msession = $db->fetch_one($sqlstr)) {
$sessionexists = 1;
if ($memberid) {
$msession = array_merge($msession, $db->fetch_one("SELECT * FROM {$tblprefix}members WHERE mid='{$msession['mid']}'"));
} else {
$msession = array_merge($msession, $nouserinfos);
}
}
}
if (!$sessionexists) {
if ($memberid) {
if (!($msession = $db->fetch_one("SELECT * FROM {$tblprefix}members WHERE mid='{$memberid}' AND password='******'"))) {
mclearcookie('userauth');
} else {
$msession['mslastactive'] = $msession['lastolupdate'] = $timestamp;
}
}
$msession['msid'] = random(6);
if (empty($msession['mid'])) {
$msession = array_merge($msession, $nouserinfos);
}
}
if (empty($m_cookie['msid']) || $msession['msid'] != $m_cookie['msid']) {
msetcookie('msid', $msession['msid']);
}
$this->info = $msession;
$this->updatesession();
}
$msg = convert_encoding($mcharset, 'gb2312', $msg);
}
$msg = rawurlencode($msg);
$url = $msgcode_gate == 1 ? "http://sms.eshang8.cn/api/?esname={$id}&key=pw&phone={$mobile}&msg={$msg}&smskind=1" : "http://service.winic.org/sys_port/gateway/?id={$id}&pwd={$pw}&to={$mobile}&content={$msg}&time={$timestamp}";
include M_ROOT . 'include/http.cls.php';
$http = new http();
$http->timeout = 60;
$msg = $http->fetchtext($url);
if ($msgcode_gate == 1) {
$msg = $msg === '0';
} else {
$msg = explode("/", $msg);
$msg = $msg[0] === '000';
}
if ($msg) {
msetcookie('08cms_msgcode', authcode("{$timestamp}\t{$msgcode}", 'ENCODE'));
} else {
$info = array('time' => -1, 'text' => 'msgcode_send_err');
}
} else {
$info = array('time' => 1, 'text' => 'donot_repeat_operate');
}
}
} else {
$info = array('time' => 0, 'text' => 'mobile_format_fail');
}
}
ajax_info($info);
break;
case 'dirname':
if (empty($value)) {
}
} elseif ($action == 'vote') {
$inajax = empty($inajax) ? 0 : 1;
$cid = empty($cid) ? 0 : max(0, intval($cid));
if (!$cid) {
cumessage('choosevoteobject');
}
if (!($row = $db->fetch_one("SELECT * FROM {$tblprefix}offers WHERE cid='{$cid}'"))) {
cumessage('choosevoteobject', $forward);
}
if (!($commu = read_cache('commu', $row['cid']))) {
cumessage('setcomitem', $forward);
}
if (empty($commu['ucvote'])) {
if (!empty($commu['setting']['nouservote']) && !$memberid) {
cumessage('loginmember', $forward);
}
if (empty($commu['setting']['repeatvote'])) {
if (empty($m_cookie['08cms_cuid_' . $commu['cuid'] . '_vote_' . $aid . '_' . $cid])) {
msetcookie('08cms_cuid_' . $commu['cuid'] . '_vote_' . $aid . '_' . $cid, '1', 365 * 24 * 3600);
} else {
cumessage('dontnrepeatvote', $forward);
}
}
$option = empty($option) ? 1 : min(5, max(1, intval($option)));
$db->query("UPDATE {$tblprefix}offers SET votes{$option} = votes{$option} + 1 WHERE cid='{$cid}'", 'SILENT');
cumessage($inajax ? 'succeed' : 'votesucceed', $forward);
} else {
include M_ROOT . $commu['ucvote'];
}
}
$forward = empty($forward) ? M_REFERER : $forward;
$forwardstr = '&forward=' . rawurlencode($forward);
$inajax = empty($inajax) ? 0 : 1;
$aid = empty($aid) ? 0 : max(0, intval($aid));
!$aid && cumessage('choosearchive');
!($commu = read_cache('commu', 2)) && cumessage('choosecommuitem');
if (empty($commu['ucadd'])) {
!$curuser->pmbypmids('cuadd', $commu['setting']['apmid']) && cumessage('younoscorepermis');
$score = empty($score) ? 0 : max(0, intval($score));
$scorearr = empty($commu['setting']['scorestr']) ? array() : array_filter(explode(',', $commu['setting']['scorestr']));
if (!in_array($score, $scorearr)) {
cumessage('scoreoptionerr');
}
if (empty($commu['setting']['repeat']) || !empty($commu['setting']['repeattime'])) {
if (empty($m_cookie['08cms_cuid_' . $commu['cuid'] . '_' . $aid])) {
msetcookie('08cms_cuid_' . $commu['cuid'] . '_' . $aid, '1', empty($commu['setting']['repeat']) ? 365 * 24 * 3600 : $commu['setting']['repeattime'] * 60);
} else {
cumessage(empty($commu['setting']['repeat']) ? 'norepeatoper' : 'overquick', $forward);
}
}
$aedit = new cls_arcedit();
$aedit->set_aid($aid);
$aedit->basic_data();
!$aedit->aid && cumessage('choosearchive');
!$aedit->archive['checked'] && cumessage('poinarcnoche');
$aedit->updatefield('avgscore', round(($aedit->archive['avgscore'] * $aedit->archive['scores'] + $score) / ($aedit->archive['scores'] + 1), 2), 'main');
//平均分
if (!empty($commu['setting']['pics']) && isset($aedit->archive['score_' . $score])) {
$aedit->updatefield('score_' . $score, $aedit->archive['score_' . $score] + 1, 'main');
}
$aedit->arc_nums('scores', 1, 1);
function mclearcookie($ckname = 'userauth')
{
if ($ckname == 'userauth') {
global $memberid, $memberpwd, $curuser;
msetcookie('userauth', '', -86400 * 365);
$memberid = 0;
$memberpwd = '';
unset($curuser);
} else {
msetcookie($ckname, '', -86400 * 365);
}
}
if ($autocheck == 2) {
$confirmid = random(6);
$confirmstr = "{$timestamp}\t2\t{$confirmid}";
$subarr['confirmstr'] = $confirmstr;
}
foreach (array('main', 'sub', 'custom') as $var) {
foreach (${$var . 'arr'} as $k => $v) {
$newuser->updatefield($k, $v, $var);
}
}
$newuser->autoinit();
$newuser->updatedb();
unset($newuser);
cms_spread(empty($_REQUEST['uid']) ? '' : stripslashes($_REQUEST['uid']), 1);
if ($autocheck == 1) {
msetcookie('userauth', authcode("{$md5_password}\t{$mid}", 'ENCODE'));
if ($enable_pptout && !empty($pptout_file) && !empty($pptout_url)) {
$action = 'login';
$username = $mname;
include M_ROOT . './include/pptout/' . $pptout_file . '.php';
header('location:' . $url);
exit;
}
} elseif ($autocheck == 2) {
mailto($email, 'member_active_subject', 'member_active_content', array('mid' => $mid, 'mname' => $mname, 'url' => "{$cms_abs}tools/memactive.php?action=emailactive&mid={$mid}&id={$confirmid}"));
}
if (!$forward || preg_match('/\\bregister.php(\\?|#|$)/i', $forward)) {
$forward = 'index.php';
}
message(!$autocheck ? 'userchecking' : ($autocheck == 2 ? 'emailactiving' : 'memberregistersucce'), $forward);
}
tpl_refresh($tplname);
@(include M_ROOT . "template/{$templatedir}/pcache/{$tplname}.php");
$_content = ob_get_contents();
ob_clean();
mexit($_content);
}
} else {
load_cache('mcfields');
include_once M_ROOT . "./include/fields.cls.php";
include_once M_ROOT . "./include/upload.cls.php";
include_once M_ROOT . "./include/cheader.inc.php";
include_once M_ROOT . "./include/mcuedit.cls.php";
$inajax ? aheader() : _header();
if (!empty($mcommu['setting']['norepeat']) || !empty($mcommu['setting']['repeattime'])) {
if (empty($m_cookie['08cms_mcuid_' . $mcommu['cuid'] . '_' . $mid])) {
msetcookie('08cms_mcuid_' . $mcommu['cuid'] . '_' . $mid, '1', !empty($mcommu['setting']['norepeat']) ? 365 * 24 * 3600 : $mcommu['setting']['repeattime'] * 60);
} else {
mcmessage(empty($mcommu['setting']['norepeat']) ? 'addcommentoverquick' : 'dorepeataddcomment', axaction(2, M_REFERER));
}
}
if (!($maxfloorid = $db->result_one("SELECT MAX(floorid) FROM {$tblprefix}mcomments WHERE mid='{$mid}'"))) {
$maxfloorid = 0;
}
$maxfloorid++;
$quoteids = '';
if ($qtid && ($r = $db->fetch_one("SELECT quoteids FROM {$tblprefix}mcomments WHERE mid='{$mid}' AND cid='{$qtid}'"))) {
$quoteids = ($r['quoteids'] ? $r['quoteids'] . ',' : '') . $qtid;
}
$db->query("INSERT INTO {$tblprefix}mcomments SET\n\t\t\tmid='{$mid}',\n\t\t\tmname='" . $actuser->info['mname'] . "',\n\t\t\tcuid='{$mcommu['cuid']}',\n\t\t\tfromid='{$memberid}',\n\t\t\tfromname='" . $curuser->info['mname'] . "',\n\t\t\tchecked='" . ($mcommu['setting']['autocheck'] ? 1 : 0) . "',\n\t\t\tfloorid = '{$maxfloorid}',\n\t\t\tquoteids = '{$quoteids}',\n\t\t\tcreatedate='{$timestamp}'\n\t\t\t");
if ($cid = $db->insert_id()) {
$uedit = new cls_mcuedit();
$errtimes++ < $maxerrtimes || message('mloginerrtimes');
$cantimes = $maxerrtimes - $errtimes;
$md5_password = md5(md5($password));
$enable_uc && (include_once M_ROOT . './include/ucenter/uc.inc.php');
$curuser->activeuserbyname($username);
if ($curuser->info['mid'] && ($enable_uc || $curuser->info['password'] == $md5_password)) {
//是本站会员,检查更新密码
if ($curuser->info['password'] != $md5_password) {
$curuser->updatefield('password', $md5_password);
}
if ($curuser->info['checked'] == 1) {
$curuser->updatefield('lastvisit', $timestamp);
$curuser->updatefield('lastip', $onlineip);
$curuser->updatedb();
$memberid = $curuser->info['mid'];
msetcookie('userauth', authcode("{$md5_password}\t" . $curuser->info['mid'], 'ENCODE'), $expires);
if ($enable_pptout && !empty($pptout_file) && !empty($pptout_url)) {
include M_ROOT . './include/pptout/' . $pptout_file . '.php';
header('location:' . $url);
exit;
}
login_safecheck($username, 0, 1);
if (!$forward || preg_match('/\\b(?:login|register).php(\\?|#|$)/i', $forward)) {
$forward = 'adminm.php';
}
message('loginsucceed', axaction(2, $forward));
} elseif ($curuser->info['checked'] == 2) {
//需要重新激活的会员
message('outmemberactive', axaction(0, 'tools/memactive.php?ppt=1&username='******'&password='******'&forward=' . rawurlencode($forward)));
} else {
message('nocheckmember', axaction(1, $forward));
<?php
include_once dirname(dirname(__FILE__)) . '/include/general.inc.php';
include_once M_ROOT . './include/common.fun.php';
include_once M_ROOT . "./include/arcedit.cls.php";
$aid = empty($aid) ? 0 : max(0, intval($aid));
$forward = rawurlencode(M_REFERER);
!$aid && message('choosegoods');
empty($memberid) && message('nousnopurchasepermi');
$aedit = new cls_arcedit();
$aedit->set_aid($aid);
$aedit->basic_data();
empty($cid) && ($cid = 0);
!($aid = $aedit->aid) && message('choosegoods');
!($commu = read_cache('commu', $aedit->channel['cuid'])) && (!$aedit->channel['offer'] || !($ocommu = read_cache('commu', $aedit->channel['offer'])) || !($commu = read_cache('commu', $ocommu['setting']['purchase']))) && message('noavailableitemoper');
$commu['cclass'] != 'purchase' && message('noavailableitemoper');
!$curuser->pmbypmids('cuadd', $commu['setting']['apmid']) && message('younoitempermis');
$goods = empty($m_cookie["goods_{$memberid}"]) ? array() : explode(';', $m_cookie["goods_{$memberid}"]);
$cartmaxlimited && count($goods) > $cartmaxlimited && message('carovermaxgoodamo', "cart.php?forward={$forward}");
foreach ($goods as $v) {
$tmp = explode(',', $v);
($tmp[1] ? $tmp[0] == $cid : $tmp[0] == $aid) && message('goodalreadyexist', "cart.php?forward={$forward}");
}
$cid && !($mid = $db->result_one("SELECT mid FROM {$tblprefix}offers WHERE aid={$aid} AND cid = {$cid}")) && message('choosegoods');
$tmp = $cid ? "{$cid},{$mid},1" : "{$aid},0,1";
//第二个参数为商家id,0表网站商品,第3个参数为数量
msetcookie("goods_{$memberid}", empty($m_cookie["goods_{$memberid}"]) ? $tmp : $m_cookie["goods_{$memberid}"] . ';' . $tmp);
message('goodsaddfinish', "cart.php?forward={$forward}");
$userinfos['regip'] = empty($userinfos['regip']) ? onlineip() : $userinfos['regip'];
$userinfos['regdate'] = empty($userinfos['regdate']) ? $timestamp : $userinfos['regdate'];
foreach (array('mname', 'password', 'email', 'regip', 'regdate') as $var) {
$sqlstr .= (empty($sqlstr) ? '' : ',') . "{$var}='{$userinfos[$var]}'";
}
$sqlstr .= ",checked='2'";
$db->query("INSERT INTO {$tblprefix}members SET {$sqlstr}");
//没有写入模型记录//没有初始化积分
$userinfos['mid'] = $db->insert_id();
$db->query("INSERT INTO {$tblprefix}members_sub SET mid='{$userinfos['mid']}'");
}
empty($_GET['forward']) || header("Location: {$_GET['forward']}");
exit;
} elseif ($_GET['action'] == 'logout') {
msetcookie('msid', '', -86400 * 365);
msetcookie('userauth', '', -86400 * 365);
empty($_GET['forward']) || header("Location: {$_GET['forward']}");
exit;
}
function passport_decrypt($txt, $key)
{
$txt = passport_key(base64_decode($txt), $key);
$tmp = '';
for ($i = 0; $i < strlen($txt); $i++) {
$md5 = $txt[$i];
$tmp .= $txt[++$i] ^ $md5;
}
return $tmp;
}
function passport_key($txt, $encrypt_key)
{
function closure($clear = 0, $aid = 0, $table = 'archives')
{
global $db, $tblprefix, $curuser, $m_cookie;
$ckey = $curuser->info['msid'] . '_upload';
$ids = implode(',', $this->ufids);
empty($m_cookie[$ckey]) || ($ids = $m_cookie[$ckey] . ($ids ? ",{$ids}" : ''));
if ($clear) {
//表ID对应数组
$tids = array('archives' => 1, 'farchives' => 2, 'members' => 3, 'marchives' => 4, 'comments' => 16, 'replys' => 17, 'offers' => 18, 'mcomments' => 32, 'mreplys' => 33);
$tid = $table && isset($tids[$table]) ? $tids[$table] : 0;
//防止别人修改cookie注入MySQL
if (preg_match('/^\\d+(?:,\\d+)*$/', $ids)) {
if ($aid) {
$tid && $db->query("UPDATE {$tblprefix}userfiles SET aid={$aid},tid={$tid} WHERE aid=0 AND ufid IN ({$ids})", 'UNBUFFERED');
} elseif ($clear == 1) {
$query = $db->query("SELECT url FROM {$tblprefix}userfiles WHERE mid={$curuser->info['mid']} AND ufid IN ({$ids})");
while ($item = $db->fetch_array($query)) {
@unlink(local_file($item['url']));
}
$db->query("DELETE FROM {$tblprefix}userfiles WHERE ufid IN ({$ids})", 'UNBUFFERED');
}
}
msetcookie($ckey, '', -31536000);
} else {
msetcookie($ckey, $ids, 31536000);
}
}
function synlogin($get, $post)
{
if (!API_SYNLOGIN) {
return API_RETURN_FORBIDDEN;
}
require_once M_ROOT . './include/general.fun.php';
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
$mname = $get['username'];
if ($cmember = $this->db->fetch_one("SELECT mid,mname,password,email FROM " . $this->tablepre . "members WHERE mname='{$mname}' AND checked=1")) {
msetcookie('userauth', authcode("{$cmember['password']}\t{$cmember['mid']}", 'ENCODE'), 2592000);
} else {
mclearcookie();
}
}
# $ordersn = date('Ymd')."-$memberid-".date('His').'-'.random(6,1);
$ordersn = date("Ymd-{$memberid}-His-") . random(6, 1);
} while ($db->fetch_one("SELECT oid FROM {$tblprefix}orders WHERE ordersn='{$ordersn}' LIMIT 0,1"));
$db->query("INSERT INTO {$tblprefix}orders SET\n\t\t\t\tordersn='{$ordersn}',\n\t\t\t\torderfee='{$orderfee}',\n\t\t\t\tshipingmode='{$spmd['0']}',\n\t\t\t\tshipingfee='{$spmd['1']}',\n\t\t\t\ttotalfee='{$totalfee}',\n\t\t\t\tmid='{$memberid}',\n\t\t\t\tmname='" . $curuser->info['mname'] . "',\n\t\t\t\ttomid='{$oid}',\n\t\t\t\ttomname='{$tomname}',\n\t\t\t\tpaymode='-1',\n\t\t\t\tcreatedate='{$timestamp}'\n\t\t\t\t{$sqlstr}\n\t\t\t\t");
if ($nid = $db->insert_id()) {
//统计库存量与商品统计及会员统计
$c_upload->closure(1, $nid, 'orders');
$gcookie = empty($m_cookie["goods_{$memberid}"]) ? array() : explode(';', $m_cookie["goods_{$memberid}"]);
$ncookie = array();
foreach ($gcookie as $v) {
$tmp = explode(',', $v);
if ($tmp[1] != $oid) {
$ncookie[] = $v;
}
}
msetcookie("goods_{$memberid}", join(';', $ncookie));
//更新cookie
$sqlstr = array();
/* foreach($nums as $k => $v)$sqlstr[] = "('$k','$v')";
$sqlstr = ($oid ? "REPLACE INTO {$tblprefix}offers (cid,storage) VALUES " : "REPLACE INTO {$tblprefix}archives_sub (aid,storage) VALUES ") . join(',', $sqlstr);
$sqlstr = ($oid ? "REPLACE INTO {$tblprefix}offers (cid,storage) VALUES " : "REPLACE INTO {$tblprefix}archives_sub (aid,storage) VALUES ") . join(',', $sqlstr);
$db->query($sqlstr);//更新库存*/
$table = $oid ? 'offers' : 'archives_sub';
$key = $oid ? 'cid' : 'aid';
foreach ($nums as $k => $v) {
$sqlstr = "UPDATE {$tblprefix}{$table} SET storage={$v} WHERE {$key}={$k}";
$db->query($sqlstr);
//更新库存
}
$sqlstr = array();
$mname = $curuser->info['mname'];
<?php
define('NOROBOT', TRUE);
include_once dirname(dirname(__FILE__)) . '/include/general.inc.php';
!defined('M_COM') && exit('No Permisson');
$timestamp = time();
$x_size = empty($regcode_width) ? 60 : $regcode_width;
$y_size = empty($regcode_height) ? 20 : $regcode_height;
$nmsg = random(4, 1);
msetcookie('08cms_regcode', authcode($timestamp . "\t" . $nmsg, 'ENCODE'));
if (function_exists('imagecreate') && function_exists('imagecolorallocate') && function_exists('imagepng') && function_exists('imagesetpixel') && function_exists('imageString') && function_exists('imagedestroy') && function_exists('imagefilledrectangle') && function_exists('imagerectangle')) {
$aimg = imagecreate($x_size, $y_size);
$back = imagecolorallocate($aimg, 255, 255, 255);
$border = imagecolorallocate($aimg, 183, 216, 239);
imagefilledrectangle($aimg, 0, 0, $x_size - 1, $y_size - 1, $back);
imagerectangle($aimg, 0, 0, $x_size - 1, $y_size - 1, $border);
for ($i = 1; $i <= 20; $i++) {
$dot = imagecolorallocate($aimg, mt_rand(150, 255), mt_rand(150, 255), mt_rand(150, 255));
imagesetpixel($aimg, mt_rand(2, $x_size - 2), mt_rand(2, $y_size - 2), $dot);
}
for ($i = 1; $i <= 10; $i++) {
imageString($aimg, 1, $i * $x_size / 12 + mt_rand(1, 3), mt_rand(1, 13), '.', imageColorAllocate($aimg, mt_rand(150, 255), mt_rand(150, 255), mt_rand(150, 255)));
}
for ($i = 0; $i < strlen($nmsg); $i++) {
imageString($aimg, mt_rand(4, 5), $i * $x_size / 4 + mt_rand(1, 5), mt_rand(1, 6), $nmsg[$i], imageColorAllocate($aimg, mt_rand(50, 255), mt_rand(0, 120), mt_rand(50, 255)));
}
header("Pragma:no-cache");
header("Cache-control:no-cache");
header("Content-type: image/png");
imagepng($aimg);
imagedestroy($aimg);
$fields =& $initfields;
foreach ($fields as $k => $field) {
if ($field['available'] && $field['issearch']) {
$a_field->init(1);
$a_field->field = $field;
$a_field->trsearch();
}
}
unset($a_field);
}
mtrbasic(lang('indays'), 'indays', $indays);
mtrbasic(lang('outdays'), 'outdays', $outdays);
mtabfooter('searchsubmit', lang('search'));
if (submitcheck('searchsubmit')) {
if ($search_repeat) {
empty($m_cookie['08cms_search_time']) ? msetcookie('08cms_search_time', '1', $search_repeat) : mcmessage('searchoverquick');
}
$pagetmp = $page;
do {
$query = $db->query("SELECT a.* {$fromstr} {$wherestr} {$orderstr} LIMIT " . ($pagetmp - 1) * $mrowpp . ",{$mrowpp}");
$pagetmp--;
} while (!$db->num_rows($query) && $pagetmp);
$itemarchive = '';
$no = $pagetmp * $mrowpp;
while ($archive = $db->fetch_array($query)) {
$no++;
$archive['arcurl'] = view_arcurl($archive);
$archive['subject'] = "<a href=\"{$archive['arcurl']}\" target=\"_blank\">" . mhtmlspecialchars($archive['subject']) . "</a>";
$archive['catalog'] = $catalogs[$archive['caid']]['title'];
$archive['createdate'] = date("{$dateformat} {$timeformat}", $archive['createdate']);
$itemarchive .= "<tr><td class=\"item\" width=\"40\">{$no}</td>\n" . "<td class=\"item2\">{$archive['subject']}</td>\n" . "<td align=\"center\" class=\"item\">{$archive['catalog']}</td>\n" . "<td align=\"center\" class=\"item\">{$archive['mname']}</td>\n" . "<td align=\"center\" class=\"item\" width=\"110\">{$archive['createdate']}</td></tr>\n";
$submitstr .= makesubmitstr('npassword', 1, 0, 0, 15);
$submitstr .= makesubmitstr('npassword2', 1, 0, 0, 15);
$submitstr .= tr_regcode('login');
tabfooter('bmemberpwd');
check_submit_func($submitstr);
} else {
if (!regcode_pass('login', empty($regcode) ? '' : trim($regcode))) {
mcmessage('regcodeerror', '?action=memberpwd');
}
$opassword = trim($opassword);
$npassword = trim($npassword);
$npassword2 = trim($npassword2);
if (md5(md5($opassword)) != $curuser->info['password']) {
mcmessage('oldpasserror', '?action=memberpwd');
}
if ($npassword != $npassword2) {
mcmessage('notsamepwd', '?action=memberpwd');
}
if (!$npassword || strlen($npassword) > 15 || $npassword != addslashes($npassword)) {
mcmessage('memberpwdillegal', '?action=memberpwd');
}
if ($enable_uc) {
include_once M_ROOT . './include/ucenter/uc.inc.php';
}
$npassword = md5(md5($npassword));
$curuser->updatefield('password', $npassword, 'main');
$curuser->updatedb();
msetcookie('userauth', authcode("{$npassword}\t{$memberid}", 'ENCODE'));
// msetcookie('userauth',authcode("$npassword\t$memberid",'ENCODE'),31536000);
mcmessage('mempassmodsuc', '?action=memberpwd');
}
function cms_spread($uid, $mode = 0)
{
global $db, $tblprefix, $onlineip, $timestamp, $curuser, $m_cookie;
if (empty($uid) && $mode == 1) {
$uid = empty($m_cookie['spread_uid']) ? '' : $m_cookie['spread_uid'];
} else {
$uid = trim($uid);
}
if (empty($uid) || !($commu = read_cache('commu', 9)) || empty($commu['available']) || empty($commu['setting'][$mode])) {
return;
}
$user = new cls_userinfo();
$user->activeuserbyname($uid);
if (!($mid = $user->info['mid']) || $mid == $curuser->info['mid']) {
return;
}
$s =& $commu['setting'][$mode];
$ip = ip2long($onlineip);
$time = getdate($timestamp);
$time = mktime(0, 0, 0, $time['mon'], $time['mday'], $time['year']);
$record = $db->result_one("SELECT COUNT(*) FROM {$tblprefix}spreads WHERE mid='{$mid}' AND ip={$ip} AND mode={$mode} AND time>{$time}");
if ($s['value'] && (!$s['count'] || $s['count'] > $db->result_one("SELECT COUNT(*) FROM {$tblprefix}spreads WHERE mid='{$mid}' AND time>{$time}")) && !$record) {
$user->updatecrids(array($s['crid'] => $s['value']), 1);
}
$record || $db->query("INSERT INTO {$tblprefix}spreads(mid,ip,mode,time) VALUES('{$mid}',{$ip},{$mode},{$timestamp})");
$mode ? mclearcookie('spread_uid') : msetcookie('spread_uid', $uid);
}
if (!($field = @$fields[$fname]) || $field['datatype'] != 'vote') {
message('choosevoteitem');
}
if ($type == 'archives' && !$field['mcommon']) {
$tbl = $type . "_{$typeid}";
} elseif ($type == 'members') {
$tbl = $type . ($field['mcommon'] ? '_sub' : "_{$typeid}");
} elseif ($type == 'farchives') {
$tbl = $type . "_{$typeid}";
}
if ($field['nohtml'] && !$memberid) {
message('nousernooperatepermis', M_REFERER);
}
if ($field['mode'] || $field['length']) {
if (empty($m_cookie['voted_' . $type . $id . '_' . $fname . '_timelimit'])) {
msetcookie('voted_' . $type . $id . '_' . $fname . '_timelimit', '1', $field['mode'] ? 365 * 24 * 3600 : $field['length'] * 60);
} else {
message($field['mode'] ? 'norepeatoper' : 'overquick', M_REFERER);
}
}
$valid0 = false;
foreach ($vopids as $vid => $opids) {
if (!($vote = @$votes[$vid]) || $vote['enddate'] && $vote['enddate'] < $timestamp) {
continue;
}
$valid = false;
foreach ($opids as $opid) {
if (isset($vote['options'][$opid])) {
$vote['options'][$opid]['votenum'] = @$vote['options'][$opid]['votenum'] + 1;
$valid = true;
}
$comstr .= ",password='******'";
$comstr .= ",email='{$email}'";
$comstr .= ",mtcid=1";
$comstr .= ",mchid='{$mchid}'";
foreach ($currencys as $crid => $currency) {
$currency['available'] && $currency['initial'] && ($comstr .= ",currency" . $crid . "='" . $currency['initial'] . "'");
}
$autocheck == 1 && ($comstr .= ",checked='1'");
$comstr .= ",regip='{$onlineip}'";
$comstr .= ",regdate='{$timestamp}'";
$db->query("INSERT INTO {$tblprefix}members SET {$comstr}");
if ($mid = $db->insert_id()) {
$substr = "mid='{$mid}'";
if ($autocheck == 2) {
$confirmid = random(6);
$confirmstr = "{$timestamp}\t2\t{$confirmid}";
$substr .= ",confirmstr='" . $confirmstr . "'";
}
$db->query("INSERT INTO {$tblprefix}members_sub SET {$substr}");
$db->query("INSERT INTO {$tblprefix}members_{$mchid} SET mid='{$mid}'");
if ($autocheck == 1) {
msetcookie('userauth', authcode(md5(md5($password)) . "\t{$mid}", 'ENCODE'));
} elseif ($autocheck == 2) {
mailto($email, 'member_active_subject', 'member_active_content', array('mid' => $mid, 'mname' => $mname, 'url' => "{$cms_abs}tools/memactive.php?action=emailactive&mid={$mid}&id={$confirmid}"));
}
mcmessage(!$autocheck ? 'userchecking' : ($autocheck == 2 ? 'emailactiving' : 'memactivesucceed'), $forward);
} else {
mcmessage('memactfai', $forward);
}
}
}
