if (isset($_GET['action']) && $_GET['action'] == 'modify') {
//为了防止恶意注册,跨站攻击
_check_code($_POST['code'], $_SESSION['code']);
if (!!($_rows = _fetch_array("select tg_uniqid from tg_user where tg_username='******'username']}' limit 1"))) {
//为了防止cookie伪造,还要比对一下唯一标示符uniqid()
_uniqid($_rows['tg_uniqid'], $_COOKIE['uniqid']);
//引入验证文件
include ROOT_PATH . 'includes/check.func.php';
//创建一个空数组,用来存放提交过来的合法数据
$_clean = array();
$_clean['password'] = _check_modify_password($_POST['password'], 6);
$_clean['sex'] = _check_sex($_POST['sex']);
$_clean['face'] = _check_face($_POST['face']);
$_clean['email'] = _check_email($_POST['email'], 5, 40);
$_clean['qq'] = _check_qq($_POST['qq']);
$_clean['url'] = _check_url($_POST['url'], 40);
$_clean['switch'] = $_POST['switch'];
$_clean['autograph'] = _check_autograph($_POST['autograph'], 200);
//修改资料
if (empty($_clean['password'])) {
_query("update tg_user set \n\t\t\t\t\t\t\t\t\t\t\ttg_sex='{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_face='{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_email='{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_qq='{$_clean['qq']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_url='{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_switch='{$_clean['switch']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_autograph='{$_clean['autograph']}'\n\t\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t\ttg_username='******'username']}'\n\t\t\t\t\t\t\t\t\t\t");
} else {
_query("update tg_user set \n\t\t\t\t\t\t\t\t\t\t\ttg_password='******'password']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_sex='{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_face='{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_email='{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_qq='{$_clean['qq']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_url='{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_switch='{$_clean['switch']}',\n\t\t\t\t\t\t\t\t\t\t\ttg_autograph='{$_clean['autograph']}'\n\t\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\t\ttg_username='******'username']}'\n\t\t\t\t\t\t\t\t\t\t");
}
}
//判断是否修改成功
if (_affected_rows() == 1) {
//关闭
_close();
//_session_destroy();
//跳转
//可以通过唯一标识符 来防止表单恶意注册 跨站攻击
include root . 'includes/register.php';
/*定义一个变量存放 各字段的值*/
$_clear = array();
/*字段在验证成功后 将字符串 返回出来 并赋值给 $_clear 相应的字段 -->验证并赋值*/
$_clear['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']);
$_clear['active'] = _sha1_uniqid();
$_clear['username'] = _check_username($_POST['username']);
$_clear['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6);
$_clear['question'] = _check_questions($_POST['passt'], 4, 20);
$_clear['anwser'] = _check_anwser($_POST['passt'], $_POST['passd'], 4, 20);
$_clean['sex'] = $_POST['sex'];
$_clean['face'] = $_POST['face'];
$_clear['email'] = _check_email($_POST['email']);
$_clear['qq'] = _check_qq($_POST['qq']);
$_clear['url'] = _check_url($_POST['url']);
print_r($_clear);
} else {
//提交前
//这个存入数据库的唯一标识符还有第二个用处 就是cookie登陆验证 验证cookie的标识符和数据库的标识符是否相等
$_SESSION['uniqid'] = $_uniqid = _sha1_uniqid();
echo $_SESSION['uniqid'];
}
//唯一标识符 有两个参数 参数一rand() :每次产生的长度是随机的 参数二:是否带小数 true/false
//最后用md5加密32位 或者shal() 40位
//echo md5(uniqid(rand(),true ));
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
//引入注册检查过滤的函数库
include ROOT_PATH . 'includes/check.func.php';
//用一个数组保存表单提交个数据
$clean = array();
//生成一个激活id
$clean['active'] = sha1(uniqid(rand(), true));
$clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']);
$clean['username'] = _check_username($_POST['username'], 2, 20);
$clean['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6);
$clean['sex'] = _mysql_string($_POST['sex']);
$clean['facesrc'] = _mysql_string($_POST['facesrc']);
$clean['passt'] = _check_pwd_question($_POST['passt'], 2, 8);
$clean['passd'] = _check_pwd_answer($_POST['passt'], $_POST['passd'], 2, 8);
$clean['email'] = _check_email($_POST['email'], 6, 40);
$clean['qq'] = _check_qq($_POST['qq']);
$clean['url'] = _check_url($_POST['url']);
//防止重复注册
_is_repeat("SELECT * FROM tg_user WHERE tg_username = '******'username']}'", "用户名重复,请重新注册!");
_query("INSERT INTO tg_user (\r\n tg_uniqid,\r\n tg_username,\r\n tg_password,\r\n tg_question,\r\n tg_answer,\r\n tg_email,\r\n tg_qq,\r\n tg_url,\r\n tg_active,\r\n tg_sex,\r\n tg_face,\r\n tg_reg_time,\r\n tg_last_time,\r\n tg_last_ip\r\n ) values (\r\n '{$clean['uniqid']}',\r\n '{$clean['username']}',\r\n '{$clean['password']}',\r\n '{$clean['passt']}',\r\n '{$clean['passd']}',\r\n '{$clean['email']}',\r\n '{$clean['qq']}',\r\n '{$clean['url']}',\r\n '{$clean['active']}',\r\n '{$clean['sex']}',\r\n '{$clean['facesrc']}',\r\n NOW(),\r\n NOW(),\r\n '{$_SERVER['REMOTE_ADDR']}'\r\n )");
if (_affect_rows() != 1) {
_closeDB();
_session_destroy();
_location("注册失败,请重新注册!", 'register.php');
} else {
_closeDB();
_session_destroy();
_location("恭喜您,注册成功,点击跳转到激活页面!", 'active.php?active=' . $clean['active']);
}
} else {
//生成uniqid
$_SESSION['uniqid'] = $uniqid = sha1(uniqid(rand(), true));