function signup($first_name, $last_name, $email, $password1, $password2, $user_name)
{
global $db;
//echo ' Signup Function Entered ';
//check if passwords match
//echo ' checking password ';
if ($password1 != $password2) {
//echo 'password';
return 'password';
}
//check if email is in the system already
//echo ' checking email ';
$bad_email = check_email($email);
if ($bad_email) {
//echo 'email';
return 'email';
}
//check if username already exists
//echo ' checking username ';
$bad_username = check_username($user_name);
if ($bad_username) {
//echo ' username ';
return 'username';
}
$user_type = 'user';
//echo ' Starting query ';
//echo ' attempting password hash ';
$hashed_password = password_hash($password1, PASSWORD_BCRYPT);
//echo ' password hash successful ';
$query = 'INSERT INTO users VALUES (NULL, :user_type, :first_name, :last_name, :email, :user_name, :password, NULL)';
$statement = $db->prepare($query);
$statement->bindValue(':user_type', $user_type);
$statement->bindValue(':first_name', $first_name);
$statement->bindValue(':last_name', $last_name);
$statement->bindValue(':email', $email);
$statement->bindValue(':user_name', $user_name);
$statement->bindValue(':password', $hashed_password);
//var_dump($statement);
//echo 'Query Ready';
try {
//echo 'Attempting query';
$statement->execute();
//echo 'success';
return 'success';
} catch (PDOException $ex) {
//echo 'database error';
//echo $ex;
return 'error';
}
}
/**
* sendVerify 发送验证码
* @author:xjw129xjt(肖骏涛) xjt@ourstu.com
*/
public function sendVerify()
{
$aAccount = $cUsername = I('post.account', '', 'op_t');
$aType = I('post.type', '', 'op_t');
$aType = $aType == 'mobile' ? 'mobile' : 'email';
$aAction = I('post.action', 'config', 'op_t');
if (!check_reg_type($aType)) {
$str = $aType == 'mobile' ? L('_PHONE_') : L('_EMAIL_');
$this->error($str . L('_ERROR_OPTIONS_CLOSED_') . L('_EXCLAMATION_'));
}
if (empty($aAccount)) {
$this->error(L('_ERROR_ACCOUNT_CANNOT_EMPTY_'));
}
check_username($cUsername, $cEmail, $cMobile);
$time = time();
if ($aType == 'mobile') {
$resend_time = modC('SMS_RESEND', '60', 'USERCONFIG');
if ($time <= session('verify_time') + $resend_time) {
$this->error(L('_ERROR_WAIT_1_') . ($resend_time - ($time - session('verify_time'))) . L('_ERROR_WAIT_2_'));
}
}
if ($aType == 'email' && empty($cEmail)) {
$this->error(L('_ERROR__EMAIL_'));
}
if ($aType == 'mobile' && empty($cMobile)) {
$this->error(L('_ERROR_PHONE_'));
}
$checkIsExist = UCenterMember()->where(array($aType => $aAccount))->find();
if ($checkIsExist) {
$str = $aType == 'mobile' ? L('_PHONE_') : L('_EMAIL_');
$this->error(L('_ERROR_USED_1_') . $str . L('_ERROR_USED_2_') . L('_EXCLAMATION_'));
}
$verify = D('Verify')->addVerify($aAccount, $aType);
if (!$verify) {
$this->error(L('_ERROR_FAIL_SEND_') . L('_EXCLAMATION_'));
}
$res = A(ucfirst($aAction))->doSendVerify($aAccount, $verify, $aType);
if ($res === true) {
if ($aType == 'mobile') {
session('verify_time', $time);
}
$this->success(L('_ERROR_SUCCESS_SEND_'));
} else {
$this->error($res);
}
}
/**
* sendVerify 发送验证码
* @author:xjw129xjt(肖骏涛) xjt@ourstu.com
*/
public function sendVerify()
{
$aAccount = $cUsername = I('post.account', '', 'op_t');
$aType = I('post.type', '', 'op_t');
$aType = $aType == 'mobile' ? 'mobile' : 'email';
$aAction = I('post.action', 'config', 'op_t');
if (!check_reg_type($aType)) {
$str = $aType == 'mobile' ? '手机' : '邮箱';
$this->error($str . '选项已关闭!');
}
if (empty($aAccount)) {
$this->error('帐号不能为空');
}
check_username($cUsername, $cEmail, $cMobile);
$time = time();
if ($aType == 'mobile') {
$resend_time = modC('SMS_RESEND', '60', 'USERCONFIG');
if ($time <= session('verify_time') + $resend_time) {
$this->error('请' . ($resend_time - ($time - session('verify_time'))) . '秒后再发');
}
}
if ($aType == 'email' && empty($cEmail)) {
$this->error('请验证邮箱格式是否正确');
}
if ($aType == 'mobile' && empty($cMobile)) {
$this->error('请验证手机格式是否正确');
}
$checkIsExist = UCenterMember()->where(array($aType => $aAccount))->find();
if ($checkIsExist) {
$str = $aType == 'mobile' ? '手机' : '邮箱';
$this->error('该' . $str . '已被其他用户使用!');
}
$verify = D('Verify')->addVerify($aAccount, $aType);
if (!$verify) {
$this->error('发送失败!');
}
$res = A(ucfirst($aAction))->doSendVerify($aAccount, $verify, $aType);
if ($res === true) {
if ($aType == 'mobile') {
session('verify_time', $time);
}
$this->success('发送成功,请查收');
} else {
$this->error($res);
}
}
function _validate_fields($real_name, $username, $userpass, $userpass2, $email, $email2, $email_updates)
{
global $testing;
// Make sure that password and confirmed password are equal.
if ($userpass != $userpass2) {
return _("The passwords you entered were not equal.");
}
// Make sure that email and confirmed email are equal.
if ($email != $email2) {
return _("The e-mail addresses you entered were not equal.");
}
// Do some validity-checks on inputted username, password, e-mail and real name
$err = check_username($username, TRUE);
if ($err != '') {
return $err;
}
// In testing mode, a fake email address is constructed using
// 'localhost' as the domain. check_email_address() incorrectly
// thinks the domain should end in a 2-4 character top level
// domain, so disable the address check for testing.
if (!$testing) {
$err = check_email_address($email);
if ($err != '') {
return $err;
}
}
if (empty($userpass) || empty($real_name)) {
return _("You did not completely fill out the form.");
}
// Make sure that the requested username is not already taken.
// Use non-strict validation, which will return TRUE if the username
// is the same as an existing one, or differs only by case or trailing
// whitespace.
if (User::is_valid_user($username, FALSE)) {
return _("That user name already exists, please try another.");
}
// TODO: The above check only validates against users in the DP database.
// It's possible that there are usernames already registered with the
// underlying forum software (like 'Anonymous') or are disallowed in the
// forum software which, if used, will cause account creation to fail in
// activate.php.
return '';
}
/**
* sendVerify 发送验证码
* @author:xjw129xjt(肖骏涛) xjt@ourstu.com
*/
public function sendVerify()
{
$aAccount = $cUsername = I('post.account', '', 'op_t');
#=》获取邮件地址或是手机号码
$aType = I('post.type', '', 'op_t');
$aType = $aType == 'mobile' ? 'mobile' : 'email';
#=》获取注册的方式,邮件或是手机
$aAction = I('post.action', 'config', 'op_t');
if (!check_reg_type($aType)) {
$str = $aType == 'mobile' ? '手机' : '邮箱';
$this->error($str . '选项已关闭!');
}
if (empty($aAccount)) {
$this->error('帐号不能为空');
}
check_username($cUsername, $cEmail, $cMobile, $cCompany);
if ($aType == 'email' && empty($cEmail)) {
$this->error('请验证邮箱格式是否正确');
}
if ($aType == 'mobile' && empty($cMobile)) {
$this->error('请验证手机格式是否正确');
}
$checkIsExist = UCenterMember()->where(array($aType => $aAccount))->find();
if ($checkIsExist) {
$str = $aType == 'mobile' ? '手机' : '邮箱';
$this->error('该' . $str . '已被其他用户使用!');
}
#=>添加一条验证记录,并返回产生的随机数
$verify = D('Verify')->addVerify($aAccount, $aType);
if (!$verify) {
$this->error('发送失败!');
}
#=> 实例化当前模块的控制器
$res = A(ucfirst($aAction))->doSendVerify($aAccount, $verify, $aType);
if ($res === true) {
$this->success('发送成功,请查收');
} else {
$this->error($res);
}
}
function get_shared_data($user)
{
global $mysql, $username;
# does the user exist in the database?
if (check_username($user)) {
$this->foreign_username = $user;
} else {
$this->foreign_username = $username;
}
# get all shared folders for the given user
$query = "SELECT id, childof, name, public FROM folder WHERE public='1' AND deleted!='1' AND user='******' ORDER BY name";
if ($mysql->query($query)) {
# make two arrays:
# 1) $children containing arrays with children. the keys of these arrays are the id's of the parents
# 2) $folders containing arrays with folder settings (id, childof, name, public)
$shared_children = array();
while ($row = mysql_fetch_assoc($mysql->result)) {
$this->folders[$row['id']] = $row;
if (!isset($this->children[$row['childof']])) {
$this->children[$row['childof']] = array();
}
array_push($this->children[$row['childof']], $row['id']);
array_push($shared_children, $row['id']);
}
$this->children[0] = array();
# the childof fields of each folder with no parent is being set to 0, so it becomes a child of the root folder
foreach ($this->folders as $value) {
if (in_array($value['childof'], $shared_children)) {
continue;
} else {
array_push($this->children[0], $value['id']);
$this->folders[$value['id']]['childof'] = 0;
}
}
} else {
message($mysql->error);
}
}
public function getLocal($username, $password)
{
$aUsername = $username;
check_username($aUsername, $email, $mobile, $type);
$map = array();
switch ($type) {
case 1:
$map['username'] = $username;
break;
case 2:
$map['email'] = $username;
break;
case 3:
$map['mobile'] = $username;
break;
case 4:
$map['id'] = $username;
break;
default:
return 0;
//参数错误
}
/* 获取用户数据 */
$user = $this->where($map)->find();
if (is_array($user) && $user['status']) {
/* 验证用户密码 */
if (think_ucenter_md5($password, UC_AUTH_KEY) === $user['password']) {
return $user;
//登录成功,返回用户ID
} else {
return false;
//密码错误
}
} else {
return false;
//用户不存在或被禁用
}
}
function save_profile()
{
global $db, $user, $current_user, $globals, $admin_mode, $site_key, $bio_max;
$errors = 0;
// benjami: control added (2005-12-22)
$new_pass = false;
$messages = array();
$form_hash = md5($site_key . $user->id . $current_user->user_id);
if (isset($_POST['disabledme']) && intval($_POST['disable']) == 1 && $_POST['form_hash'] == $form_hash && $_POST['user_id'] == $current_user->user_id) {
$old_user_login = $user->username;
$old_user_id = $user->id;
$user->disable(true);
Log::insert('user_delete', $old_user_id, $old_user_id);
syslog(LOG_NOTICE, "Meneame, disabling {$old_user_id} ({$old_user_login}) by {$current_user->user_login} -> {$user->username} ");
$current_user->Logout(get_user_uri($user->username));
die;
}
if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id && !$admin_mode) {
return;
}
if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) {
array_push($messages, _('Falta la clave de control'));
$errors++;
}
if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
$newname = trim($_POST['username']);
if (strlen($newname) < 3) {
array_push($messages, _('nombre demasiado corto'));
$errors++;
}
if (!check_username($newname)) {
array_push($messages, _('nombre de usuario erróneo, caracteres no admitidos'));
$errors++;
} elseif (user_exists($newname, $user->id)) {
array_push($messages, _('el usuario ya existe'));
$errors++;
} else {
$user->username = $newname;
}
}
if (!empty($_POST['bio']) || $user->bio) {
$bio = clean_text($_POST['bio'], 0, false, $bio_max);
if ($bio != $user->bio) {
$user->bio = $bio;
}
}
if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) {
array_push($messages, _('el correo electrónico no es correcto'));
$errors++;
} elseif (!$admin_mode && trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']), false)) {
array_push($messages, _('ya existe otro usuario con esa dirección de correo'));
$errors++;
} else {
$user->email = trim($_POST['email']);
}
$user->url = htmlspecialchars(clean_input_url($_POST['url']));
// Check IM address
if (!empty($_POST['public_info'])) {
$_POST['public_info'] = htmlspecialchars(clean_input_url($_POST['public_info']));
$public = $db->escape($_POST['public_info']);
$im_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_public_info='{$public}'"));
if ($im_count > 0) {
array_push($messages, _('ya hay otro usuario con la misma dirección de MI, no se ha grabado'));
$_POST['public_info'] = '';
$errors++;
}
}
$user->phone = $_POST['phone'];
$user->public_info = htmlspecialchars(clean_input_url($_POST['public_info']));
// End check IM address
if ($user->id == $current_user->user_id) {
// Check phone number
if (!empty($_POST['phone'])) {
if (!preg_match('/^\\+[0-9]{9,16}$/', $_POST['phone'])) {
array_push($messages, _('número telefónico erróneo, no se ha grabado'));
$_POST['phone'] = '';
$errors++;
} else {
$phone = $db->escape($_POST['phone']);
$phone_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_phone='{$phone}'"));
if ($phone_count > 0) {
array_push($messages, _('ya hay otro usuario con el mismo número, no se ha grabado'));
$_POST['phone'] = '';
$errors++;
}
}
}
$user->phone = $_POST['phone'];
// End check phone number
}
// Verifies adsense code
if ($globals['external_user_ads']) {
$_POST['adcode'] = trim($_POST['adcode']);
$_POST['adchannel'] = trim($_POST['adchannel']);
if (!empty($_POST['adcode']) && $user->adcode != $_POST['adcode']) {
if (!preg_match('/pub-[0-9]{16}$/', $_POST['adcode'])) {
array_push($messages, _('código AdSense incorrecto, no se ha grabado'));
$_POST['adcode'] = '';
$errors++;
} else {
$adcode_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_adcode='" . $_POST['adcode'] . "'"));
if ($adcode_count > 0) {
array_push($messages, _('ya hay otro usuario con la misma cuenta, no se ha grabado'));
$_POST['adcode'] = '';
$errors++;
}
}
}
if (!empty($_POST['adcode']) && !empty($_POST['adchannel']) && $user->adchannel != $_POST['adchannel']) {
if (!preg_match('/^[0-9]{10,12}$/', $_POST['adchannel'])) {
array_push($messages, _('canal AdSense incorrecto, no se ha grabado'));
$_POST['adchannel'] = '';
$errors++;
}
}
$user->adcode = $_POST['adcode'];
$user->adchannel = $_POST['adchannel'];
}
$user->names = clean_text($_POST['names']);
if (!empty($_POST['password']) || !empty($_POST['password2'])) {
if (!check_password($_POST["password"])) {
array_push($messages, _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números'));
$errors = 1;
} else {
if (trim($_POST['password']) !== trim($_POST['password2'])) {
array_push($messages, _('las claves no son iguales, no se ha modificado'));
$errors = 1;
} else {
$new_pass = trim($_POST['password']);
$user->pass = UserAuth::hash($new_pass);
array_push($messages, _('La clave se ha cambiado'));
$pass_changed = true;
}
}
}
if ($admin_mode && !empty($_POST['user_level'])) {
$user->level = $db->escape($_POST['user_level']);
}
if ($admin_mode && !empty($_POST['karma']) && is_numeric($_POST['karma']) && $_POST['karma'] > 4 && $_POST['karma'] <= 20) {
$user->karma = $_POST['karma'];
}
$user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4;
// Manage avatars upload
if (!empty($_FILES['image']['tmp_name'])) {
if (avatars_check_upload_size('image')) {
$avatar_mtime = avatars_manage_upload($user->id, 'image');
if (!$avatar_mtime) {
array_push($messages, _('error guardando la imagen'));
$errors = 1;
$user->avatar = 0;
} else {
$user->avatar = $avatar_mtime;
}
} else {
array_push($messages, _('el tamaño de la imagen excede el límite'));
$errors = 1;
$user->avatar = 0;
}
} elseif ($_POST['avatar_delete']) {
$user->avatar = 0;
avatars_remove($user->id);
}
// Reset avatar for the logged user
if ($current_user->user_id == $user->id) {
$current_user->user_avatar = $user->avatar;
}
if (!$errors) {
if (empty($user->ip)) {
$user->ip = $globals['user_ip'];
}
$user->store();
$user->read();
if (!$admin_mode && ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $new_pass)) {
$current_user->Authenticate($user->username, $new_pass);
}
array_push($messages, _('datos actualizados'));
}
return $messages;
}
<input type="submit" name="create" value="Create"> <?php
echo $message1;
?>
</td>
</tr>
</table>
</form>
</div>
<div style="border: 1px solid #bbb; margin: 10px; padding: 10px;">
<h2 class="caption">Delete User</h2>
<?php
if ($delete == 'Delete') {
if (check_username($existing_user)) {
if ($noconfirm) {
$query = sprintf("DELETE FROM user WHERE md5(username)=md5('%s')", $mysql->escape($existing_user));
if ($mysql->query($query)) {
$message2 = "User {$existing_user} deleted.<br>";
} else {
message($mysql->error);
}
$query = sprintf("DELETE FROM bookmark WHERE md5(user)=md5('%s')", $mysql->escape($existing_user));
if (!$mysql->query($query)) {
message($mysql->error);
}
$query = sprintf("DELETE FROM folder WHERE md5(user)=md5('%s')", $mysql->escape($existing_user));
if (!$mysql->query($query)) {
message($mysql->error);
}
/**
* saveUsername 修改用户名
* @author:xjw129xjt(肖骏涛) xjt@ourstu.com
*/
public function saveUsername()
{
$aUsername = $cUsername = I('post.username', '', 'op_t');
if (!check_reg_type('username')) {
$this->error('用户名选项已关闭!');
}
//判断是否登录
if (!is_login()) {
$this->error('请登录后操作!');
}
//判断提交的用户名是否为空
if (empty($aUsername)) {
$this->error('用户名不能为空!');
}
check_username($cUsername, $cEmail, $cMobile);
if (empty($cUsername)) {
!empty($cEmail) && ($str = '邮箱');
!empty($cMobile) && ($str = '手机');
$this->error('用户名不能为' . $str);
}
//验证用户名是否是字母和数字
preg_match("/^[a-zA-Z0-9_]{4,32}\$/", $aUsername, $match);
if (!$match) {
$this->error('用户名只允许英文字母和数字');
}
$uid = get_uid();
$mUcenter = UCenterMember();
//判断用户是否已设置用户名
$username = $mUcenter->where(array('id' => $uid))->getField('username');
if (empty($username)) {
//判断修改的用户名是否已存在
$id = $mUcenter->where(array('username' => $aUsername))->getField('id');
if ($id) {
$this->error('该用户名已经存在!');
} else {
//修改用户名
$rs = $mUcenter->where(array('id' => $uid))->save(array('username' => $aUsername));
if (!$rs) {
$this->error('设置失败!');
}
$this->success('设置成功!', 'refresh');
}
}
$this->error('用户名已经确定不允许修改!');
}
$languages = forum_list_langs();
$form['language'] = pun_trim($_POST['form']['language']);
if (!in_array($form['language'], $languages)) {
message($lang_common['Bad request']);
}
}
if ($pun_user['is_admmod']) {
$form['admin_note'] = pun_trim($_POST['admin_note']);
// Are we allowed to change usernames?
if ($pun_user['g_id'] == PUN_ADMIN || $pun_user['g_moderator'] == '1' && $pun_user['g_mod_rename_users'] == '1') {
$form['username'] = pun_trim($_POST['req_username']);
if ($form['username'] != $old_username) {
// Check username
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/register.php';
$errors = array();
check_username($form['username'], $id);
if (!empty($errors)) {
message($errors[0]);
}
$username_updated = true;
}
}
// We only allow administrators to update the post count
if ($pun_user['g_id'] == PUN_ADMIN) {
$form['num_posts'] = intval($_POST['num_posts']);
}
}
if ($pun_config['o_regs_verify'] == '0' || $pun_user['is_admmod']) {
require PUN_ROOT . 'include/email.php';
// Validate the email address
$form['email'] = strtolower(trim($_POST['req_email']));
function checkProfile($request)
{
$userid = $_SESSION['user']['id'];
$errors = FALSE;
if (empty($request['user_email'])) {
$errors .= 'The email address field cannot be empty. Check Profile<br />';
}
if (empty($request['user_name'])) {
$errors .= 'The username field cannot be empty.<br />';
}
if (!preg_match('/^[a-zA-Z0-9\\._%\\-]+@[a-zA-Z0-9.\\_%\\-]+\\.[a-zA-Z0-9]{2,6}$/i', $request['user_email'])) {
$errors .= 'The email address is not properly formatted (i.e. <em>youremail@yourdomain.com</em>).<br />';
}
if (!preg_match('/^[[:space:]a-zA-Z0-9\'\\.*#\\/\\_;:\\-]{6,30}$/i', $request['user_name'])) {
$errors .= 'The User Name must have a minimum of 6 characters, with a maximum of 30; And cannot contain certain special characters.<br />';
}
if (isset($request['user_pass']) and !empty($request['user_pass'])) {
if (empty($request['user_pass2'])) {
$errors .= 'The confirm password field cannot be empty.<br />';
}
if (strlen($request['user_pass']) > 30 || strlen($request['user_pass']) < 6) {
$errors .= 'The Password must have a minimum of 6 characters, with a maximum of 30.<br />';
}
if (strcasecmp($request['user_pass'], $request['user_pass2']) != 0) {
$errors .= 'The Passwords submitted do not match.<br />';
}
}
// check if user_name is in use.
if ($request['user_name'] != $_SESSION['user']['username']) {
if (check_username($request['user_name'])) {
$errors .= 'The user name you have selected is already in use in our system. Please chose another<br />';
}
}
//check if email address is in use.
if ($request['user_email'] != $_SESSION['user']['email']) {
if (check_email($request['user_email'], $userid)) {
$errors .= 'The email you have entered ( ' . $email . ' ) is already in use in our system.<br />';
}
}
// PROFILE and SHIPPING INFORMATION
if (empty($request['user_fname'])) {
$errors .= 'The first name field cannot be empty.<br />';
}
if (empty($request['user_lname'])) {
$errors .= 'The last name field cannot be empty.<br />';
}
if (empty($request['user_addr1'])) {
$errors .= 'The address field cannot be empty.<br />';
}
if (empty($request['user_city'])) {
$errors .= 'The city field cannot be empty.<br />';
}
if (empty($request['user_state']) or $request['user_state'] == '0') {
$errors .= 'Please select your state.<br />';
}
if (empty($request['user_zc1'])) {
$errors .= 'The zip code field cannot be empty.<br />';
}
if (empty($request['user_phone1']) or empty($request['user_phone2']) or empty($request['user_phone3'])) {
$errors .= 'The main phone number field cannot be empty.<br />';
}
if (!preg_match('/^[0-9]{5,5}$/i', $request['user_zc1'])) {
$errors .= 'The first zip code field is not properly formatted. Must be 5 numbers only.<br />';
}
if (!empty($request['user_zc2']) and !preg_match('/^[0-9]{4,4}$/i', $request['user_zc2'])) {
$errors .= 'The second zip code field is not properly formatted. Must be 5 numbers only.<br />';
}
if (!preg_match('/^[0-9]{3,3}$/i', $request['user_phone1'])) {
$errors .= 'The first main phone number field is not properly formatted. Must be 3 numbers only.<br />';
}
if (!preg_match('/^[0-9]{3,3}$/i', $request['user_phone2'])) {
$errors .= 'The second main phone number field is not properly formatted. Must be 3 numbers only.<br />';
}
if (!preg_match('/^[0-9]{4,4}$/i', $request['user_phone3'])) {
$errors .= 'The third main phone number field is not properly formatted. Must be 4 numbers only.<br />';
}
if (!empty($request['user_phone4']) and !empty($request['user_phone5']) and !empty($request['user_phone6'])) {
if (!preg_match('/^[0-9]{3,3}$/i', $request['user_phone4'])) {
$errors .= 'The first alt phone number field is not properly formatted. Must be 3 numbers only.<br />';
}
if (!preg_match('/^[0-9]{3,3}$/i', $request['user_phone5'])) {
$errors .= 'The second alt phone number field is not properly formatted. Must be 3 numbers only.<br />';
}
if (!preg_match('/^[0-9]{4,4}$/i', $request['user_phone6'])) {
$errors .= 'The third alt phone number field is not properly formatted. Must be 4 numbers only.<br />';
}
}
// return
return $errors;
}
<div class="container box">
<div class="row">
<div class="col-xs-12">
<?php
echo "<h2>" . $ini['app_title'] . "</h2>";
if (isset($_POST['user'])) {
$username = $_POST['user'];
$passwd = $_POST['pwd'];
if ($use_metadata) {
$meta_model = new meta_model();
$meta_model->user = $username;
$meta_model->email = $_POST['email'];
$meta_model->name = $_POST['name'];
$meta_model->mailkey = random_password(8);
}
if (!check_username($username) || !check_password_quality($passwd)) {
?>
<div class="alert alert-danger">
<?php
echo "<p>User <em>" . htmlspecialchars($username) . "</em> is invalid!.</p>";
} else {
?>
<div class="alert alert-info">
<?php
if (!$htpasswd->user_exists($username)) {
$htpasswd->user_add($username, $passwd);
echo "<p>User <em>" . htmlspecialchars($username) . "</em> created.</p>";
} else {
$htpasswd->user_update($username, $passwd);
echo "<p>User <em>" . htmlspecialchars($username) . "</em> changed.</p>";
}
} else {
?>
<li><a href="./index.php">Login</a></li>
<?php
}
?>
</ul>
<!-- Menu ends here. -->
</div>
<!-- Main content starts here. -->
<div id="main">
<?php
if (isset($_GET['user']) && check_username($user)) {
?>
<!-- Folders starts here. -->
<div class="folders" style="width: <?php
echo $column_width_folder;
?>
; height: <?php
echo $table_height;
?>
;">
<?php
require_once ABSOLUTE_PATH . "folders.php";
$tree = new folder($user);
<?php
require_once "./header.php";
$secret = "dDWUc72sCcs20cXskcw";
$reg_register = set_post_bool_var('reg_register', false);
$reg_username = set_post_string_var('reg_username');
$reg_email = set_post_string_var('reg_email');
$confirm = set_get_string_var('confirm');
if ($reg_register) {
if ($reg_username != "") {
if (check_username($reg_username)) {
echo '<div style="color:red;">$username is an already registered user. Choose another one.</div>' . "\n";
$username = false;
} else {
$username = $reg_username;
}
} else {
echo '<div style="color:red;">Please enter a Username.</div>' . "\n";
$username = false;
}
if (isset($_POST['reg_password1']) && $_POST['reg_password1'] != "" && isset($_POST['reg_password2']) && $_POST['reg_password2'] != "") {
if (md5($_POST['reg_password1']) != md5($_POST['reg_password2'])) {
echo '<div style="color:red;">Passwords do not match.</div>' . "\n";
$password = false;
} else {
$password = md5($_POST['reg_password1']);
}
} else {
echo '<div style="color:red;">Please fill out both password fields.</div>' . "\n";
$password = false;
}
function account_update()
{
$update_result = 1;
$username = isset($_POST["username"]) ? $_POST["username"] : "";
$password = isset($_POST["password"]) ? $_POST["password"] : "";
$email = isset($_POST["email"]) ? $_POST["email"] : "";
$avatar = isset($_POST["avatar"]) ? $_POST["avatar"] : "";
$bio = isset($_POST["bio"]) ? $_POST["bio"] : "";
// social networks
$twitter = isset($_POST["twitter"]) ? $_POST["twitter"] : "";
$facebook = isset($_POST["facebook"]) ? $_POST["facebook"] : "";
$tumblr = isset($_POST["tumblr"]) ? $_POST["tumblr"] : "";
$livejournal = isset($_POST["livejournal"]) ? $_POST["livejournal"] : "";
$googleplus = isset($_POST["googleplus"]) ? $_POST["googleplus"] : "";
$wordpress = isset($_POST["wordpress"]) ? $_POST["wordpress"] : "";
$blogger = isset($_POST["blogger"]) ? $_POST["blogger"] : "";
// instant messaging
$im_friends_only = isset($_POST["im_friends_only"]) ? $_POST["im_friends_only"] : "";
$kik = isset($_POST["kik"]) ? $_POST["kik"] : "";
$google_talk = isset($_POST["google_talk"]) ? $_POST["google_talk"] : "";
$yahoo_messenger = isset($_POST["yahoo_messenger"]) ? $_POST["yahoo_messenger"] : "";
$msn_messenger = isset($_POST["msn_messenger"]) ? $_POST["msn_messenger"] : "";
$aol_instant_messenger = isset($_POST["aol_instant_messenger"]) ? $_POST["aol_instant_messenger"] : "";
$icq = isset($_POST["icq"]) ? $_POST["icq"] : "";
// notifications
$notify_messages = isset($_POST["notify_messages"]) ? $_POST["notify_messages"] : "";
$notify_comments = isset($_POST["notify_comments"]) ? $_POST["notify_comments"] : "";
$notify_other_comments = isset($_POST["notify_other_comments"]) ? $_POST["notify_other_comments"] : "";
$notify_new_friends = isset($_POST["notify_new_friends"]) ? $_POST["notify_new_friends"] : "";
$notify_friends_posts = isset($_POST["notify_friends_posts"]) ? $_POST["notify_friends_posts"] : "";
$notify_likes = isset($_POST["notify_likes"]) ? $_POST["notify_likes"] : "";
$default_post_privacy = isset($_POST["default_post_privacy"]) ? $_POST["default_post_privacy"] : "";
$default_post_status = isset($_POST["default_post_status"]) ? $_POST["default_post_status"] : "";
$show_friends = isset($_POST["show_friends"]) ? $_POST["show_friends"] : "";
$show_friend_of = isset($_POST["show_friend_of"]) ? $_POST["show_friend_of"] : "";
$messages_friends_only = isset($_POST["messages_friends_only"]) ? $_POST["messages_friends_only"] : "";
$user_tags = isset($_POST["tags"]) ? $_POST["tags"] : "";
$clauses = array();
if ($username != "" && $email != "") {
if (check_username($username)) {
// first fetch the existing user record
$mysqli = db_connect();
$sql = "SELECT * FROM Users WHERE Id='" . $mysqli->real_escape_string($_SESSION["user_id"]) . "'";
$result = $mysqli->query($sql);
if ($result->num_rows > 0) {
// check the new username is not already used
// but ONLY do this if they have changed from the logged in session username
$user_check = true;
if ($username != $_SESSION["user_name"]) {
$result = $mysqli->query("SELECT Id FROM Users WHERE UPPER(Username)=UPPER('" . $mysqli->real_escape_string($username) . "')");
if ($result->num_rows > 0) {
$user_check = false;
}
}
if ($user_check) {
// if password has been reset we can change the username
if (strlen($password) > 0 && $username != $_SESSION["user_name"]) {
$cancel_validation = false;
$clauses[] = "Username='******'";
} else {
if ($username != $_SESSION["user_name"]) {
$update_result = -7;
}
}
// only do any of this if we are still ok
if ($update_result >= 0) {
// if password has been entered, change it
if ($password != "") {
$enc_password = crypt($password, $username);
$clauses[] = "Password='******'";
}
$clauses[] = "Email='" . $mysqli->real_escape_string($email) . "'";
if ($_FILES["avatar"]["size"] > 0) {
$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = strtolower(end(explode(".", $_FILES["avatar"]["name"])));
if ($_FILES["avatar"]["size"] < 4096 * 1024) {
if (in_array($extension, $allowedExts)) {
$destination_filename = realpath("avatars") . "/" . $_SESSION["user_id"] . "." . $extension;
$destination_filename_64 = realpath("avatars") . "/" . $_SESSION["user_id"] . "_64." . $extension;
if (file_exists($destination_filename)) {
unlink($destination_filename);
}
if (file_exists($destination_filename_64)) {
unlink($destination_filename_64);
}
move_uploaded_file($_FILES["avatar"]["tmp_name"], $destination_filename);
// make a 64 pixel version
include "resize_class.php";
$resizeObj = new resize($destination_filename);
$resizeObj->resizeImage(64, 64, "crop");
$resizeObj->saveImage(realpath("avatars") . "/" . $_SESSION["user_id"] . "_64." . $extension, 100);
// remove the original
if (file_exists(realpath($destination_filename))) {
unlink(realpath($destination_filename));
}
$_SESSION["user_avatar"] = realpath("avatars") . "/" . $_SESSION["user_id"] . "_64." . $extension;
$clauses[] = "Avatar='avatars/" . $_SESSION["user_id"] . "_64." . $extension . "'";
} else {
// wrong file extensin / format
$update_result = -6;
}
} else {
// file too big
$update_result = -5;
}
}
// Bio Text
$clauses[] = "Bio=\"" . $mysqli->real_escape_string($bio) . "\"";
// Social Network URLs
$clauses[] = "Twitter='" . $mysqli->real_escape_string($twitter) . "'";
$clauses[] = "Facebook='" . $mysqli->real_escape_string($facebook) . "'";
$clauses[] = "Tumblr='" . $mysqli->real_escape_string($tumblr) . "'";
$clauses[] = "GooglePlus='" . $mysqli->real_escape_string($googleplus) . "'";
$clauses[] = "Wordpress='" . $mysqli->real_escape_string($wordpress) . "'";
$clauses[] = "Blogger='" . $mysqli->real_escape_string($blogger) . "'";
$clauses[] = "LiveJournal='" . $mysqli->real_escape_string($livejournal) . "'";
// IM
$clauses[] = $im_friends_only != "" ? "IMFriendsOnly=" . $mysqli->real_escape_string($im_friends_only) : "IMFriendsOnly=0";
$clauses[] = "KIK='" . $mysqli->real_escape_string($kik) . "'";
$clauses[] = "YahooMessenger='" . $mysqli->real_escape_string($yahoo_messenger) . "'";
$clauses[] = "GoogleTalk='" . $mysqli->real_escape_string($google_talk) . "'";
$clauses[] = "AOLInstantMessenger='" . $mysqli->real_escape_string($aol_instant_messenger) . "'";
$clauses[] = "MSNMessenger='" . $mysqli->real_escape_string($msn_messenger) . "'";
$clauses[] = "ICQ='" . $mysqli->real_escape_string($icq) . "'";
$clauses[] = $notify_messages != "" ? "NotifyMessages=" . $mysqli->real_escape_string($notify_messages) : "NotifyMessages=0";
$clauses[] = $notify_comments != "" ? "NotifyComments=" . $mysqli->real_escape_string($notify_comments) : "NotifyComments=0";
$clauses[] = $notify_other_comments != "" ? "NotifyOtherComments=" . $mysqli->real_escape_string($notify_other_comments) : "NotifyOtherComments=0";
$clauses[] = $notify_new_friends != "" ? "NotifyNewFriends=" . $mysqli->real_escape_string($notify_new_friends) : "NotifyNewFriends=0";
$clauses[] = $notify_friends_posts != "" ? "NotifyFriendsPosts=" . $mysqli->real_escape_string($notify_friends_posts) : "NotifyFriendsPosts=0";
$clauses[] = $notify_likes != "" ? "NotifyLikes=" . $mysqli->real_escape_string($notify_likes) : "NotifyLikes=0";
$clauses[] = $default_post_privacy != "" ? "DefaultPostPrivacy=" . $mysqli->real_escape_string($default_post_privacy) : "DefaultPostPrivacy=0";
$clauses[] = $default_post_status != "" ? "DefaultPostStatus=" . $mysqli->real_escape_string($default_post_status) : "DefaultPostStatus=0";
$clauses[] = $show_friends != "" ? "ShowFriends=" . $mysqli->real_escape_string($show_friends) : "ShowFriends=0";
$clauses[] = $show_friend_of != "" ? "ShowFriendOf=" . $mysqli->real_escape_string($show_friend_of) : "ShowFriendOf=0";
$clauses[] = $messages_friends_only != "" ? "MessagesFriendsOnly=" . $mysqli->real_escape_string($messages_friends_only) : "MessagesFriendsOnly=1";
$clauses[] = "Edited=Now()";
$clauses[] = "IPEdited='" . $mysqli->real_escape_string($_SERVER["REMOTE_ADDR"]) . "'";
// join the clauses together to make the SQL update
$sql_clauses = implode(",", $clauses);
$sql = "UPDATE Users SET " . $sql_clauses . " WHERE Id=" . $mysqli->real_escape_string($_SESSION["user_id"]);
$mysqli->query($sql);
// reset session variables
$_SESSION["user_name"] = $username;
$_SESSION["user_email"] = $email;
// remove the existing user tags
$mysqli->query("DELETE FROM UserTags WHERE UserId=" . $mysqli->real_escape_string($_SESSION["user_id"]));
// break the tags up into individual terms
$tags = explode(",", $user_tags);
if (count($tags) > 0) {
// trim all tags
$tags = array_map("trim", $tags);
foreach ($tags as $tag) {
if ($tag != "") {
$tag = strtolower($tag);
$tag_id = 0;
// find out if the tag exists
$sql = "SELECT * FROM Tags WHERE Name='" . $mysqli->real_escape_string($tag) . "'";
$result = $mysqli->query($sql);
if ($result->num_rows > 0) {
// if it does exist, get it's ID
$row = @$result->fetch_assoc();
$tag_id = $row["Id"];
} else {
// if it does not exist, add it, and get the ID
$sql = "INSERT INTO Tags (Name) VALUES ('" . $mysqli->real_escape_string($tag) . "')";
$mysqli->query($sql);
$tag_id = $mysqli->insert_id;
}
// add the tag to the UserTags list
$mysqli->query("INSERT INTO UserTags (UserId,TagId,Created) VALUES (" . $mysqli->real_escape_string($_SESSION["user_id"]) . "," . $mysqli->real_escape_string($tag_id) . ",Now())");
}
}
}
// end tags section
}
} else {
// username is already used
$update_result = -4;
}
} else {
// cannot find record
$update_result = -3;
}
} else {
// username does not pass checks
$update_result = -2;
}
} else {
// missing form info
$update_result = -1;
}
return $update_result;
}
$type=clean_input_string($_REQUEST['type']);
$name=clean_input_string($_GET['name']);
function check_spammer_email($name) {
// f**k spammers
$re_test = Array();
preg_match("/.*(outlook.com)|(fr)|(co.uk)|(ru)|(ua)|(aol.com)|(.tk)|(hotmail.*)$/i", $name, $re_test);
if($re_test)
return true;
}
#echo "$type, $name...";
switch ($type) {
case 'username':
if (!check_username(trim($_GET['name']))) {
echo _('caracteres inválidos o no comienzan con una letra');
return;
}
if (strlen($name)<3) {
echo _('nombre demasiado corto');
return;
}
if (strlen($name)>24) {
echo _('nombre demasiado largo');
return;
}
if(!($current_user->user_id > 0 && $current_user->user_login == $name) && user_exists($name)) {
echo _('el usuario ya existe');
return;
}
/**
* 验证会员数据
*/
function check_user($field_name, $field_data, $user_data = array())
{
//开始数据验证
$user_data[$field_name] = $field_data;
$res = array('status' => 1, 'info' => '', 'data' => '');
//用于返回的数据
if (trim($user_data['user_name']) == '' && $field_name == 'user_name') {
$field_item['field_name'] = 'user_name';
$field_item['error'] = EMPTY_ERROR;
$res['status'] = 0;
$res['data'] = $field_item;
return $res;
}
if (!check_username($user_data['user_name']) && $field_name == 'user_name') {
$field_item['field_name'] = 'user_name';
$field_item['error'] = FORMAT_ERROR;
$res['status'] = 0;
$res['data'] = $field_item;
return $res;
}
if ($field_name == 'user_name') {
if ($GLOBALS['db']->getOne("select count(*) from " . DB_PREFIX . "user where user_name = '" . strim($user_data['user_name']) . "' and id <> " . intval($user_data['id'])) == 0) {
//载入会员整合
$integrate_code = strim(app_conf("INTEGRATE_CODE"));
if ($integrate_code != '') {
$integrate_file = APP_ROOT_PATH . "system/integrate/" . $integrate_code . "_integrate.php";
if (file_exists($integrate_file)) {
require_once $integrate_file;
$integrate_class = $integrate_code . "_integrate";
$integrate_obj = new $integrate_class();
}
}
//同步整合
if ($integrate_obj) {
if ($integrate_obj->check_user(strim($user_data['user_name']))) {
$field_item['field_name'] = 'user_name';
$field_item['error'] = EXIST_ERROR;
$res['status'] = 0;
$res['data'] = $field_item;
return $res;
}
}
} else {
$field_item['field_name'] = 'user_name';
$field_item['error'] = EXIST_ERROR;
$res['status'] = 0;
$res['data'] = $field_item;
}
return $res;
}
if ($field_name == 'email') {
if ($GLOBALS['db']->getOne("select count(*) from " . DB_PREFIX . "user where email = '" . trim($user_data['email']) . "' and id <> " . intval($user_data['id'])) == 0) {
//载入会员整合
$integrate_code = strim(app_conf("INTEGRATE_CODE"));
if ($integrate_code != '') {
$integrate_file = APP_ROOT_PATH . "system/integrate/" . $integrate_code . "_integrate.php";
if (file_exists($integrate_file)) {
require_once $integrate_file;
$integrate_class = $integrate_code . "_integrate";
$integrate_obj = new $integrate_class();
}
}
//同步整合
if ($integrate_obj) {
if ($integrate_obj->check_email(strim($user_data['email']))) {
$field_item['field_name'] = 'email';
$field_item['error'] = EXIST_ERROR;
$res['status'] = 0;
$res['data'] = $field_item;
return $res;
}
}
} else {
$field_item['field_name'] = 'email';
$field_item['error'] = EXIST_ERROR;
$res['status'] = 0;
$res['data'] = $field_item;
return $res;
}
}
if ($field_name == 'email' && trim($user_data['email']) == '') {
$field_item['field_name'] = 'email';
$field_item['error'] = EMPTY_ERROR;
$res['status'] = 0;
$res['data'] = $field_item;
return $res;
}
if ($field_name == 'email' && !check_email(strim($user_data['email']))) {
$field_item['field_name'] = 'email';
$field_item['error'] = FORMAT_ERROR;
$res['status'] = 0;
$res['data'] = $field_item;
return $res;
}
if ($field_name == 'mobile' && !check_mobile(strim($user_data['mobile']))) {
$field_item['field_name'] = 'mobile';
$field_item['error'] = FORMAT_ERROR;
$res['status'] = 0;
$res['data'] = $field_item;
return $res;
}
if ($field_name == 'mobile' && $user_data['mobile'] != '' && $GLOBALS['db']->getOne("select count(*) from " . DB_PREFIX . "user where mobile = '" . trim($user_data['mobile']) . "' and id <> " . intval($user_data['id'])) > 0) {
$field_item['field_name'] = 'mobile';
$field_item['error'] = EXIST_ERROR;
$res['status'] = 0;
$res['data'] = $field_item;
return $res;
}
return $res;
}
/**
* checkAccount ajax验证用户帐号是否符合要求
* @author:xjw129xjt(肖骏涛) xjt@ourstu.com
*/
public function checkAccount()
{
$aAccount = I('post.account', '', 'op_t');
$aType = I('post.type', '', 'op_t');
if (empty($aAccount)) {
$this->error(L('_EMPTY_CANNOT_') . L('_EXCLAMATION_'));
}
check_username($aAccount, $email, $mobile, $aUnType);
$mUcenter = UCenterMember();
switch ($aType) {
case 'username':
empty($aAccount) && $this->error(L('_ERROR_USERNAME_FORMAT_') . L('_EXCLAMATION_'));
$length = mb_strlen($aAccount, 'utf-8');
// 当前数据长度
if ($length < modC('USERNAME_MIN_LENGTH', 2, 'USERCONFIG') || $length > modC('USERNAME_MAX_LENGTH', 32, 'USERCONFIG')) {
$this->error(L('_ERROR_USERNAME_LENGTH_1_') . modC('USERNAME_MIN_LENGTH', 2, 'USERCONFIG') . '-' . modC('USERNAME_MAX_LENGTH', 32, 'USERCONFIG') . L('_ERROR_USERNAME_LENGTH_2_'));
}
$id = $mUcenter->where(array('username' => $aAccount))->getField('id');
if ($id) {
$this->error(L('_ERROR_USERNAME_EXIST_2_'));
}
preg_match("/^[a-zA-Z0-9_]{" . modC('USERNAME_MIN_LENGTH', 2, 'USERCONFIG') . "," . modC('USERNAME_MAX_LENGTH', 32, 'USERCONFIG') . "}\$/", $aAccount, $result);
if (!$result) {
$this->error(L('_ERROR_USERNAME_ONLY_PERMISSION_'));
}
break;
case 'email':
empty($email) && $this->error(L('_ERROR_EMAIL_FORMAT_') . L('_EXCLAMATION_'));
$length = mb_strlen($email, 'utf-8');
// 当前数据长度
if ($length < 4 || $length > 32) {
$this->error(L('_ERROR_EMAIL_EXIST_'));
}
$id = $mUcenter->where(array('email' => $email))->getField('id');
if ($id) {
// $this->error(L('_ERROR_EMAIL_LENGTH_LIMIT_'));
$this->error(L('_ERROR_EMAIL_EXIST_'));
}
break;
case 'mobile':
empty($mobile) && $this->error(L('_ERROR_PHONE_FORMAT_'));
$id = $mUcenter->where(array('mobile' => $mobile))->getField('id');
if ($id) {
$this->error(L('_ERROR_PHONE_EXIST_'));
}
break;
}
$this->success(L('_SUCCESS_VERIFY_'));
}
require_once 'common/config/conf.php';
require_once 'common/functions.php';
isset($_POST['username']) ? $username = $_POST['username'] : ($username = null);
isset($_POST['passwd']) ? $passwd = $_POST['passwd'] : ($passwd = null);
//检查用户名
function check_username()
{
$dbh = mysql::getInstance();
$username = $dbh->select('blog_users', ['username' => $_GET['username']]);
if ($username) {
//该用户已存在
echo 201;
} else {
//该用户不存在
echo 404;
}
}
if (isset($_GET['username']) ? $_GET['username'] : false) {
check_username();
}
//用户注册
//TODO: 注册后的操作
if ($username != null && $passwd != null) {
$dbh = mysql::getInstance();
if ($dbh->insert('blog_users', ['id' => getUuid(), 'username' => $username, 'passwd' => $passwd])) {
setcookie('username', $username, COOKIE_EXPIRE);
header("location:http://localhost:8080/blog/index.php");
} else {
echo 'it false';
}
}
/**
* checkAccount ajax验证用户帐号是否符合要求
* @author:xjw129xjt(肖骏涛) xjt@ourstu.com
*/
public function checkAccount()
{
$aAccount = I('post.account', '', 'op_t');
$aType = I('post.type', '', 'op_t');
if (empty($aAccount)) {
$this->error('不能为空!');
}
check_username($aAccount, $email, $mobile, $aUnType);
$mUcenter = UCenterMember();
switch ($aType) {
case 'username':
empty($aAccount) && $this->error('用户名格式不正确!');
$length = mb_strlen($aAccount, 'utf-8');
// 当前数据长度
if ($length < 4 || $length > 30) {
$this->error('用户名长度在4-30之间');
}
$id = $mUcenter->where(array('username' => $aAccount))->getField('id');
if ($id) {
$this->error('该用户名已经存在!');
}
preg_match("/^[a-zA-Z0-9_]{1,30}\$/", $aAccount, $result);
if (!$result) {
$this->error('只允许字母和数字和下划线!');
}
break;
case 'email':
empty($email) && $this->error('邮箱格式不正确!');
$length = mb_strlen($email, 'utf-8');
// 当前数据长度
if ($length < 4 || $length > 32) {
$this->error('邮箱长度在4-32之间');
}
$id = $mUcenter->where(array('email' => $email))->getField('id');
if ($id) {
$this->error('该邮箱已经存在!');
}
break;
case 'mobile':
empty($mobile) && $this->error('手机格式不正确!');
$id = $mUcenter->where(array('mobile' => $mobile))->getField('id');
if ($id) {
$this->error('该手机号已经存在!');
}
break;
}
$this->success('验证成功');
}
session_start();
//记得检测是否退出消除session
header("Content-Type:text/html;charset=utf-8");
if ($_GET['action'] == "logout") {
unset($_SESSION['UID']);
unset($_SESSION['username']);
echo '注销登录成功!点击此处 <a href="login.html">登录</a>';
exit;
}
define('IN_TG', true);
require './includes/check.func.php';
require './includes/mysql.func.php';
if ($_POST['submit'] !== '登录') {
exit('无权访问此页面!');
}
$username = check_username($_POST['username']);
$password = md5(check_password($_POST['password']));
DB::contect();
$sql = "select uid from user where username='******' and password='******' limit 1";
$result = mysql_query($sql);
if ($res = mysql_fetch_array($result)) {
$_SESSION['username'] = $username;
$_SESSION['UID'] = $res['uid'];
//待改进,3秒后自动跳转主页(js)
echo $username, ' 欢迎你!进入 <a href="home.php">用户中心</a><br />';
echo "三秒后跳转...\n<meta http-equiv='refresh' content='3; url=http:home.php'>";
echo '点击此处 <a href="login.php?action=logout">注销</a> 登录!<br />';
exit;
//数据库类Db在销毁对象实例的时候会自动关闭数据库连接的
} else {
exit('登录失败!点击此处 <a href="javascript:history.back(-1);">返回</a> 重试');
}
$email = strtolower(trim($_GET['email']));
if ($email && $email != $member['email']) {
checkemail($_GET['email']);
$setarr['email'] = $email;
}
//验证用户名
if ($nickname = trim($_GET['nickname'])) {
$nicknamelen = dstrlen($nickname);
if ($nicknamelen < 3) {
showmessage('profile_nickname_tooshort');
}
if ($nicknamelen > 30) {
showmessage('profile_nickname_toolong');
}
if (!check_username(addslashes(trim(stripslashes($nickname))))) {
showmessage('profile_nickname_illegal');
}
if ($nickname != $member['nickname'] && C::t('user')->fetch_by_nickname($nickname)) {
showmessage('用户名已经被注册');
}
$setarr['nickname'] = trim($_GET['nickname']);
} else {
$setarr['nickname'] = '';
}
//如果输入手机号码,检查手机号码不能重复
$phone = trim($_GET['phone']);
if ($phone) {
if (!preg_match("/^\\d+\$/", $phone)) {
showmessage('用户手机号码不合法');
}
public function check_for_errors()
{
global $lang_register, $lang_prof_reg, $lang_common, $lang_antispam, $lang_antispam_questions;
$user = array();
$user['errors'] = '';
// Check that someone from this IP didn't register a user within the last hour (DoS prevention)
$already_registered = DB::for_table('users')->where('registration_ip', get_remote_address())->where_gt('registered', time() - 3600)->find_one();
if ($already_registered) {
message($lang_register['Registration flood']);
}
$user['username'] = feather_trim($this->request->post('req_user'));
$user['email1'] = strtolower(feather_trim($this->request->post('req_email1')));
if ($this->config['o_regs_verify'] == '1') {
$email2 = strtolower(feather_trim($this->request->post('req_email2')));
$user['password1'] = random_pass(12);
$password2 = $user['password1'];
} else {
$user['password1'] = feather_trim($this->request->post('req_password1'));
$password2 = feather_trim($this->request->post('req_password2'));
}
// Validate username and passwords
$user['errors'] = check_username($user['username'], $user['errors']);
if (feather_strlen($user['password1']) < 6) {
$user['errors'][] = $lang_prof_reg['Pass too short'];
} elseif ($user['password1'] != $password2) {
$user['errors'][] = $lang_prof_reg['Pass not match'];
}
// Antispam feature
$question = $this->request->post('captcha_q') ? trim($this->request->post('captcha_q')) : '';
$answer = $this->request->post('captcha') ? strtoupper(trim($this->request->post('captcha'))) : '';
$lang_antispam_questions_array = array();
foreach ($lang_antispam_questions as $k => $v) {
$lang_antispam_questions_array[md5($k)] = strtoupper($v);
}
if (empty($lang_antispam_questions_array[$question]) || $lang_antispam_questions_array[$question] != $answer) {
$user['errors'][] = $lang_antispam['Robot test fail'];
}
// Validate email
require FEATHER_ROOT . 'include/email.php';
if (!is_valid_email($user['email1'])) {
$user['errors'][] = $lang_common['Invalid email'];
} elseif ($this->config['o_regs_verify'] == '1' && $user['email1'] != $email2) {
$user['errors'][] = $lang_register['Email not match'];
}
// Check if it's a banned email address
if (is_banned_email($user['email1'])) {
if ($this->config['p_allow_banned_email'] == '0') {
$user['errors'][] = $lang_prof_reg['Banned email'];
}
$user['banned_email'] = 1;
// Used later when we send an alert email
}
// Check if someone else already has registered with that email address
$dupe_list = array();
$dupe_mail = DB::for_table('users')->select('username')->where('email', $user['email1'])->find_many();
if ($dupe_mail) {
if ($this->config['p_allow_dupe_email'] == '0') {
$user['errors'][] = $lang_prof_reg['Dupe email'];
}
foreach ($dupe_mail as $cur_dupe) {
$dupe_list[] = $cur_dupe['username'];
}
}
// Make sure we got a valid language string
if ($this->request->post('language')) {
$user['language'] = preg_replace('%[\\.\\\\/]%', '', $this->request->post('language'));
if (!file_exists(FEATHER_ROOT . 'lang/' . $user['language'] . '/common.php')) {
message($lang_common['Bad request'], '404');
}
} else {
$user['language'] = $this->config['o_default_lang'];
}
return $user;
}
include '../config.php';
header('Content-Type: text/plain; charset=UTF-8');
$type = clean_input_string($_REQUEST['type']);
$name = clean_input_string($_GET["name"]);
#echo "$type, $name...";
switch ($type) {
case 'username':
if (strlen($name) < 3) {
echo _('nombre demasiado corto');
return;
}
if (strlen($name) > 24) {
echo _('nombre demasiado largo');
return;
}
if (!check_username($name)) {
echo _('caracteres inválidos');
return;
}
if (!($current_user->user_id > 0 && $current_user->user_login == $name) && user_exists($name)) {
echo _('el usuario ya existe');
return;
}
echo "OK";
break;
case 'email':
if (!check_email($name)) {
echo _('dirección de correo no válida');
return;
}
if (!($current_user->user_id > 0 && $current_user->user_email == $name) && email_exists($name)) {
function save_profile() {
global $db, $user, $current_user, $globals, $admin_mode;
$errors = 0; // benjami: control added (2005-12-22)
if(!isset($_POST['save_profile']) || !isset($_POST['process']) ||
($_POST['user_id'] != $current_user->user_id && !$admin_mode) ) return;
if(!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
if (strlen(trim($_POST['username']))<3) {
echo '<p class="form-error">'._('nombre demasiado corto').'</p>';
$errors++;
}
if(!check_username($_POST['username'])) {
echo '<p class="form-error">'._('Nombre de usuario erróneo, caracteres no admitidos').'</p>';
$errors++;
} elseif (user_exists(trim($_POST['username'])) ) {
echo '<p class="form-error">'._('El usuario ya existe').'</p>';
$errors++;
} else {
$user->username=trim($_POST['username']);
}
}
if(!check_email(trim($_POST['email']))) {
echo '<p class="form-error">'._('El correo electrónico no es correcto').'</p>';
$errors++;
} elseif (!$admin_mode && trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']))) {
echo '<p class="form-error">'. _('ya existe otro usuario con esa dirección de correo'). '</p>';
$errors++;
} else {
$user->email=trim($_POST['email']);
}
$user->url=htmlspecialchars(trim($_POST['url']));
$user->names=trim($_POST['names']);
if(!empty($_POST['password']) || !empty($_POST['password2'])) {
if($_POST['password'] !== $_POST['password2']) {
echo '<p class="form-error">'._('Las claves no son iguales, no se ha modificado').'</p>';
$errors = 1;
} else {
$user->pass=trim($_POST['password']);
echo '<p>'._('La clave se ha cambiado').'</p>';
}
}
if ($admin_mode && !empty($_POST['user_level'])) {
$user->level=$db->escape($_POST['user_level']);
}
if ($admin_mode && !empty($_POST['karma']) && is_numeric($_POST['karma']) && $_POST['karma'] > 4 && $_POST['karma'] <= 20) {
$user->karma=$_POST['karma'];
}
// Manage avatars upload
if (!empty($_FILES['image']['tmp_name']) ) {
if(avatars_check_upload_size($user->id, 'image')) {
if (!avatars_manage_upload($user->id, 'image')) {
echo '<p class="form-error">'._('Error guardando la imagen').'</p>';
$errors = 1;
$user->avatar = 0;
} else {
$user->avatar = 1;
}
} else {
echo '<p class="form-error">'._('El tamaño de la imagen excede el límite').'</p>';
$errors = 1;
$user->avatar = 0;
}
}
if (!$errors) { // benjami: "if" added (2005-12-22)
if (empty($user->ip)) {
$user->ip=$globals['user_ip'];
}
$user->store();
$user->read();
if (!$admin_mode)
$current_user->Authenticate($user->username, $user->pass);
echo '<p class="form-act">'._('Datos actualizados').'</p>';
}
}
public function doLogin()
{
$aUsername = $username = I('post.username', '', 'op_t');
$aPassword = I('post.password', '', 'op_t');
$aVerify = I('post.verify', '', 'op_t');
$aRemember = I('post.remember', 0, 'intval');
/* 检测验证码 */
if (check_verify_open('login')) {
if (!check_verify($aVerify)) {
$res['info'] = "验证码输入错误。";
return $res;
}
}
/* 调用UC登录接口登录 */
check_username($aUsername, $email, $mobile, $aUnType);
if (!check_reg_type($aUnType)) {
$res['info'] = "该类型未开放登录。";
}
$uid = UCenterMember()->login($username, $aPassword, $aUnType);
if (0 < $uid) {
//UC登录成功
/* 登录用户 */
$Member = D('Member');
$args['uid'] = $uid;
$args = array('uid' => $uid, 'nickname' => $username);
check_and_add($args);
if ($Member->login($uid, $aRemember == 1)) {
//登录用户
//TODO:跳转到登录前页面
if (UC_SYNC && $uid != 1) {
//同步登录到UC
$ref = M('ucenter_user_link')->where(array('uid' => $uid))->find();
$html = '';
$html = uc_user_synlogin($ref['uc_uid']);
}
$oc_config = (include_once './OcApi/oc_config.php');
if ($oc_config['SSO_SWITCH']) {
include_once './OcApi/OCenter/OCenter.php';
$OCApi = new \OCApi();
$html = $OCApi->ocSynLogin($uid);
}
$res['status'] = 1;
$res['info'] = $html;
//$this->success($html, get_nav_url(C('AFTER_LOGIN_JUMP_URL')));
} else {
$res['info'] = $Member->getError();
}
} else {
//登录失败
switch ($uid) {
case -1:
$res['info'] = '用户不存在或被禁用!';
break;
//系统级别禁用
//系统级别禁用
case -2:
$res['info'] = '密码错误!';
break;
default:
$res['info'] = $uid;
break;
// 0-接口参数错误(调试阶段使用)
}
}
return $res;
}
function save_profile()
{
global $db, $user, $current_user, $globals, $site_key;
$errors = 0;
// benjami: control added (2005-12-22)
$pass_changed = false;
$messages = '';
$form_hash = md5($site_key . $user->id . mnminclude);
if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id) {
return;
}
if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) {
$messages .= '<p class="form-error">' . _('Falta la clave de control') . '</p>';
$errors++;
}
if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
if (strlen(trim($_POST['username'])) < 3) {
$messages .= '<p class="form-error">' . _('nombre demasiado corto') . '</p>';
$errors++;
}
if (!check_username($_POST['username'])) {
$messages .= '<p class="form-error">' . _('nombre de usuario erróneo, caracteres no admitidos') . '</p>';
$errors++;
} elseif (user_exists(trim($_POST['username']))) {
$messages .= '<p class="form-error">' . _('el usuario ya existe') . '</p>';
$errors++;
} else {
$user->username = trim($_POST['username']);
}
}
if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) {
$messages .= '<p class="form-error">' . _('el correo electrónico no es correcto') . '</p>';
$errors++;
} elseif (trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']))) {
$messages .= '<p class="form-error">' . _('ya existe otro usuario con esa dirección de correo') . '</p>';
$errors++;
}
$user->url = htmlspecialchars(clean_input_url($_POST['url']));
$user->names = clean_text($_POST['names']);
if (!empty($_POST['password']) || !empty($_POST['password2'])) {
if (!check_password($_POST["password"])) {
$messages .= '<p class="form-error">' . _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números') . '</p>';
$errors = 1;
} else {
if (trim($_POST['password']) !== trim($_POST['password2'])) {
$messages .= '<p class="form-error">' . _('las claves no son iguales, no se ha modificado') . '</p>';
$errors = 1;
} else {
$user->pass = md5(trim($_POST['password']));
$messages .= '<p class="form-error">' . _('La clave se ha cambiado') . '</p>';
$pass_changed = true;
}
}
}
$user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4;
// Manage avatars upload
if (!empty($_FILES['image']['tmp_name'])) {
if (avatars_check_upload_size('image')) {
$avatar_mtime = avatars_manage_upload($user->id, 'image');
if (!$avatar_mtime) {
$messages .= '<p class="form-error">' . _('error guardando la imagen') . '</p>';
$errors = 1;
$user->avatar = 0;
} else {
$user->avatar = $avatar_mtime;
}
} else {
$messages .= '<p class="form-error">' . _('el tamaño de la imagen excede el límite') . '</p>';
$errors = 1;
$user->avatar = 0;
}
}
if (!$errors) {
if (empty($user->ip)) {
$user->ip = $globals['user_ip'];
}
$user->store();
$user->read();
if ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $pass_changed) {
$current_user->Authenticate($user->username, $user->pass);
}
$messages .= '<p class="form-error">' . _('datos actualizados') . '</p>';
}
return $messages;
}
if (!empty($result)) {
message($lang->t('Registration flood'));
}
unset($result, $query, $params);
$username = pun_trim($_POST['req_user']);
$email1 = strtolower(trim($_POST['req_email1']));
if ($pun_config['o_regs_verify'] == '1') {
$email2 = strtolower(trim($_POST['req_email2']));
$password1 = random_pass(8);
$password2 = $password1;
} else {
$password1 = pun_trim($_POST['req_password1']);
$password2 = pun_trim($_POST['req_password2']);
}
// Validate username and passwords
check_username($username);
if (pun_strlen($password1) < 4) {
$errors[] = $lang->t('Pass too short');
} else {
if ($password1 != $password2) {
$errors[] = $lang->t('Pass not match');
}
}
// Validate email
require PUN_ROOT . 'include/email.php';
if (!is_valid_email($email1)) {
$errors[] = $lang->t('Invalid email');
} else {
if ($pun_config['o_regs_verify'] == '1' && $email1 != $email2) {
$errors[] = $lang->t('Email not match');
}
function check_user_fields() {
global $globals, $db;
$error = false;
if(check_ban_proxy()) {
register_error(_("IP no permitida"));
$error=true;
}
if(!isset($_POST["username"]) || strlen($_POST["username"]) < 3) {
register_error(_("nombre de usuario erróneo, debe ser de 3 o más caracteres alfanuméricos"));
$error=true;
}
if(!check_username($_POST["username"])) {
register_error(_("nombre de usuario erróneo, caracteres no admitidos o no comienzan con una letra"));
$error=true;
}
if(user_exists(trim($_POST["username"])) ) {
register_error(_("el usuario ya existe"));
$error=true;
}
if(!check_email(trim($_POST["email"]))) {
register_error(_("el correo electrónico no es correcto"));
$error=true;
}
if(email_exists(trim($_POST["email"])) ) {
register_error(_("dirección de correo duplicada, o fue usada recientemente"));
$error=true;
}
if(preg_match('/[ \']/', $_POST["password"]) || preg_match('/[ \']/', $_POST["password2"]) ) {
register_error(_("caracteres inválidos en la clave"));
$error=true;
}
if(! check_password($_POST["password"])) {
register_error(_("clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números"));
$error=true;
}
if($_POST["password"] !== $_POST["password2"] ) {
register_error(_("las claves no coinciden"));
$error=true;
}
$hasStandard = false;
foreach ($globals['standards'] as &$val) {
if ($val['id'] == $_POST['standard']) {
$hasStandard = true;
}
}
if (!$hasStandard) {
print_r($_POST);
register_error("A norma enviada non coincide");
$error=true;
}
// Check registers from the same IP network
$user_ip = $globals['form_user_ip'];
$ip_classes = explode(".", $user_ip);
// From the same IP
$registered = (int) $db->get_var("select count(*) from logs where log_date > date_sub(now(), interval 24 hour) and log_type in ('user_new', 'user_delete') and log_ip = '$user_ip'");
if($registered > 0) {
syslog(LOG_NOTICE, "Meneame, register not accepted by IP address ($_POST[username]) $user_ip");
register_error(_("para registrar otro usuario desde la misma dirección debes esperar 24 horas"));
$error=true;
}
if ($error) return false;
// Check class
// nnn.nnn.nnn
$ip_class = $ip_classes[0] . '.' . $ip_classes[1] . '.' . $ip_classes[2] . '.%';
$registered = (int) $db->get_var("select count(*) from logs where log_date > date_sub(now(), interval 6 hour) and log_type in ('user_new', 'user_delete') and log_ip like '$ip_class'");
if($registered > 0) {
syslog(LOG_NOTICE, "Meneame, register not accepted by IP class ($_POST[username]) $ip_class");
register_error(_("para registrar otro usuario desde la misma red debes esperar 6 horas"). " ($ip_class)");
$error=true;
}
if ($error) return false;
// Check class
// nnn.nnn
$ip_class = $ip_classes[0] . '.' . $ip_classes[1] . '.%';
$registered = (int) $db->get_var("select count(*) from logs where log_date > date_sub(now(), interval 1 hour) and log_type in ('user_new', 'user_delete') and log_ip like '$ip_class'");
if($registered > 2) {
syslog(LOG_NOTICE, "Meneame, register not accepted by IP class ($_POST[username]) $ip_class");
register_error(_("para registrar otro usuario desde la misma red debes esperar unos minutos") . " ($ip_class)");
$error=true;
}
if ($error) return false;
return true;
}