Ejemplo n.º 1
0
function AddGbook($add)
{
    global $empire, $dbtbpre, $level_r, $public_r;
    //验证IP
    eCheckAccessDoIp('gbook');
    CheckCanPostUrl();
    //验证来源
    $bid = (int) getcvar('gbookbid');
    if (empty($bid)) {
        $bid = intval($add[bid]);
    }
    $name = RepPostStr(trim($add[name]));
    $email = RepPostStr($add[email]);
    $call = RepPostStr($add[call]);
    $lytext = RepPostStr($add[lytext]);
    if (empty($bid) || empty($name) || empty($email) || !trim($lytext)) {
        printerror("EmptyGbookname", "history.go(-1)", 1);
    }
    if (!chemail($email)) {
        printerror("EmailFail", "history.go(-1)", 1);
    }
    //验证码
    $keyvname = 'checkgbookkey';
    if ($public_r['gbkey_ok']) {
        ecmsCheckShowKey($keyvname, $add['key'], 1);
    }
    $lasttime = getcvar('lastgbooktime');
    if ($lasttime) {
        if (time() - $lasttime < $public_r['regbooktime']) {
            printerror("GbOutTime", "", 1);
        }
    }
    //版面是否存在
    $br = $empire->fetch1("select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='{$bid}';");
    if (empty($br[bid])) {
        printerror("EmptyGbook", "history.go(-1)", 1);
    }
    //权限
    if ($br['groupid']) {
        $user = islogin();
        if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) {
            printerror("HaveNotEnLevel", "history.go(-1)", 1);
        }
    }
    $lytime = date("Y-m-d H:i:s");
    $ip = egetip();
    $userid = (int) getcvar('mluserid');
    $username = RepPostVar(getcvar('mlusername'));
    $sql = $empire->query("insert into {$dbtbpre}enewsgbook(name,email,`call`,lytime,lytext,retext,bid,ip,checked,userid,username) values('{$name}','{$email}','{$call}','{$lytime}','{$lytext}','','{$bid}','{$ip}','{$br['checked']}','{$userid}','{$username}');");
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    if ($sql) {
        esetcookie("lastgbooktime", time(), time() + 3600 * 24);
        //设置最后发表时间
        $reurl = DoingReturnUrl("../tool/gbook/?bid={$bid}", $add['ecmsfrom']);
        printerror("AddGbookSuccess", $reurl, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Ejemplo n.º 2
0
function EditSafeInfo($add)
{
    global $empire, $dbtbpre, $public_r;
    $user_r = islogin();
    //是否登陆
    $userid = $user_r[userid];
    $username = $user_r[username];
    $rnd = $user_r[rnd];
    //邮箱
    $email = trim($add['email']);
    if (!$email || !chemail($email)) {
        printerror("EmailFail", "history.go(-1)", 1);
    }
    $email = RepPostStr($email);
    //验证原密码
    $oldpassword = RepPostVar($add[oldpassword]);
    if (!$oldpassword) {
        printerror('FailOldPassword', '', 1);
    }
    $add[password] = RepPostVar($add[password]);
    $num = 0;
    $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,password,salt') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}'");
    if (empty($ur['userid'])) {
        printerror('FailOldPassword', '', 1);
    }
    if (!eDoCkMemberPw($oldpassword, $ur['password'], $ur['salt'])) {
        printerror('FailOldPassword', '', 1);
    }
    //邮箱
    $pr = $empire->fetch1("select regemailonly from {$dbtbpre}enewspublic limit 1");
    if ($pr['regemailonly']) {
        $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' and " . egetmf('userid') . "<>'{$userid}' limit 1");
        if ($num) {
            printerror("ReEmailFail", "history.go(-1)", 1);
        }
    }
    //密码
    $a = '';
    $salt = '';
    $truepassword = '';
    if ($add[password]) {
        if ($add[password] !== $add[repassword]) {
            printerror('NotRepassword', 'history.go(-1)', 1);
        }
        $salt = eReturnMemberSalt();
        $password = eDoMemberPw($add[password], $salt);
        $a = "," . egetmf('password') . "='{$password}'," . egetmf('salt') . "='{$salt}'";
        $truepassword = $add[password];
    }
    $sql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('email') . "='{$email}'" . $a . " where " . egetmf('userid') . "='{$userid}'");
    if ($sql) {
        //易通行系统
        DoEpassport('editpassword', $userid, $username, $truepassword, $salt, $email, $user_r['groupid'], '');
        printerror("EditInfoSuccess", "../member/EditInfo/EditSafeInfo.php", 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Ejemplo n.º 3
0
function EditSafeInfo($add)
{
    global $empire, $user_tablename, $public_r, $user_userid, $user_username, $user_password, $user_dopass, $user_email, $user_salt, $user_saltnum, $dbtbpre, $user_group;
    $user_r = islogin();
    //是否登陆
    $userid = $user_r[userid];
    $username = $user_r[username];
    $rnd = $user_r[rnd];
    //邮箱
    $email = trim($add['email']);
    if (!$email || !chemail($email)) {
        printerror("EmailFail", "history.go(-1)", 1);
    }
    $email = RepPostStr($email);
    $email = doUtfAndGbk($email, 0);
    //验证原密码
    $oldpassword = RepPostVar($add[oldpassword]);
    if (!$oldpassword) {
        printerror('FailOldPassword', '', 1);
    }
    $a = '';
    $sa = '';
    $add[password] = RepPostVar($add[password]);
    $password = doUtfAndGbk($add[password], 0);
    $oldpassword = doUtfAndGbk($oldpassword, 0);
    if (empty($user_dopass)) {
        $password = md5($password);
        $oldpassword = md5($oldpassword);
    } elseif ($user_dopass == 2) {
        $salt = make_password($user_saltnum);
        $password = md5(md5($password) . $salt);
        $sa = "," . $user_salt . "='{$salt}'";
    } elseif ($user_dopass == 3) {
        $password = substr(md5($password), 8, 16);
        $oldpassword = substr(md5($oldpassword), 8, 16);
    }
    $num = 0;
    //双重md5
    if ($user_dopass == 2) {
        $ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . " from " . $user_tablename . " where " . $user_userid . "='{$userid}'");
        $oldpassword = md5(md5($oldpassword) . $ur[$user_salt]);
        $num = 0;
        if ($oldpassword == $ur[$user_password]) {
            $num = 1;
        }
        if (empty($ur[$user_userid])) {
            $num = 0;
        }
    } else {
        $num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_userid . "='{$userid}' and " . $user_password . "='" . $oldpassword . "'");
    }
    if (!$num) {
        printerror('FailOldPassword', '', 1);
    }
    //邮箱
    $pr = $empire->fetch1("select regemailonly from {$dbtbpre}enewspublic limit 1");
    if ($pr['regemailonly']) {
        $num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_email . "='{$email}' and " . $user_userid . "<>'{$userid}' limit 1");
        if ($num) {
            printerror("ReEmailFail", "history.go(-1)", 1);
        }
    }
    //密码
    if ($add[password]) {
        if ($add[password] !== $add[repassword]) {
            printerror('NotRepassword', 'history.go(-1)', 1);
        }
        $a = "," . $user_password . "='" . $password . "'" . $sa;
    }
    $sql = $empire->query("update " . $user_tablename . " set " . $user_email . "='{$email}'" . $a . " where " . $user_userid . "='{$userid}'");
    if ($sql) {
        printerror("EditInfoSuccess", "../member/EditInfo/EditSafeInfo.php", 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Ejemplo n.º 4
0
function register($add)
{
    global $empire, $dbtbpre, $public_r, $ecms_config;
    //关闭注册
    if ($public_r['register_ok']) {
        printerror('CloseRegister', '', 1);
    }
    //验证时间段允许操作
    eCheckTimeCloseDo('reg');
    //验证IP
    eCheckAccessDoIp('register');
    if (!empty($ecms_config['member']['registerurl'])) {
        Header("Location:" . $ecms_config['member']['registerurl']);
        exit;
    }
    //已经登陆不能注册
    if (getcvar('mluserid')) {
        printerror('LoginToRegister', '', 1);
    }
    CheckCanPostUrl();
    //验证来源
    $username = trim($add['username']);
    $password = trim($add['password']);
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    $email = RepPostStr($add['email']);
    if (!$username || !$password || !$email) {
        printerror("EmptyMember", "history.go(-1)", 1);
    }
    $tobind = (int) $add['tobind'];
    //验证码
    $keyvname = 'checkregkey';
    if ($public_r['regkey_ok']) {
        ecmsCheckShowKey($keyvname, $add['key'], 1);
    }
    $user_groupid = eReturnMemberDefGroupid();
    $groupid = (int) $add['groupid'];
    $groupid = empty($groupid) ? $user_groupid : $groupid;
    CheckMemberGroupCanReg($groupid);
    //IP
    $regip = egetip();
    $regipport = egetipport();
    //用户字数
    $pr = $empire->fetch1("select min_userlen,max_userlen,min_passlen,max_passlen,regretime,regclosewords,regemailonly from {$dbtbpre}enewspublic limit 1");
    $userlen = strlen($username);
    if ($userlen < $pr[min_userlen] || $userlen > $pr[max_userlen]) {
        printerror('FaiUserlen', '', 1);
    }
    //密码字数
    $passlen = strlen($password);
    if ($passlen < $pr[min_passlen] || $passlen > $pr[max_passlen]) {
        printerror('FailPasslen', '', 1);
    }
    if ($add['repassword'] !== $password) {
        printerror('NotRepassword', '', 1);
    }
    if (!chemail($email)) {
        printerror('EmailFail', '', 1);
    }
    if (strstr($username, '|') || strstr($username, '*')) {
        printerror('NotSpeWord', '', 1);
    }
    //同一IP注册
    eCheckIpRegTime($regip, $pr['regretime']);
    //保留用户
    toCheckCloseWord($username, $pr['regclosewords'], 'RegHaveCloseword');
    $username = RepPostStr($username);
    //重复用户
    $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
    if ($num) {
        printerror('ReUsername', '', 1);
    }
    //重复邮箱
    if ($pr['regemailonly']) {
        $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' limit 1");
        if ($num) {
            printerror('ReEmailFail', '', 1);
        }
    }
    //注册时间
    $lasttime = time();
    $registertime = eReturnAddMemberRegtime();
    $rnd = make_password(20);
    //产生随机密码
    $userkey = eReturnMemberUserKey();
    //密码
    $truepassword = $password;
    $salt = eReturnMemberSalt();
    $password = eDoMemberPw($password, $salt);
    //审核
    $checked = ReturnGroupChecked($groupid);
    if ($checked && $public_r['regacttype'] == 1) {
        $checked = 0;
    }
    //验证附加表必填项
    $mr['add_filepass'] = ReturnTranFilepass();
    $fid = GetMemberFormId($groupid);
    $member_r = ReturnDoMemberF($fid, $add, $mr, 0, $username);
    $sql = $empire->query("insert into " . eReturnMemberTable() . "(" . eReturnInsertMemberF('username,password,rnd,email,registertime,groupid,userfen,userdate,money,zgroupid,havemsg,checked,salt,userkey') . ") values('{$username}','{$password}','{$rnd}','{$email}','{$registertime}','{$groupid}','{$public_r['reggetfen']}','0','0','0','0','{$checked}','{$salt}','{$userkey}');");
    //取得userid
    $userid = $empire->lastid();
    //附加表
    $addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'");
    if (!$addr[userid]) {
        $spacestyleid = ReturnGroupSpaceStyleid($groupid);
        $sql1 = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,spacestyleid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$spacestyleid}','{$regip}','{$lasttime}','{$regip}','1','{$regipport}','{$regipport}'" . $member_r[1] . ");");
    }
    //更新附件
    UpdateTheFileOther(6, $userid, $mr['add_filepass'], 'member');
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    //绑定帐号
    if ($tobind) {
        MemberConnect_BindUser($userid);
    }
    if ($sql) {
        //邮箱激活
        if ($checked == 0 && $public_r['regacttype'] == 1) {
            include 'class/member_actfun.php';
            SendActUserEmail($userid, $username, $email);
        }
        //审核
        if ($checked == 0) {
            $location = DoingReturnUrl("../../", $_POST['ecmsfrom']);
            printerror("RegisterSuccessCheck", $location, 1);
        }
        $logincookie = 0;
        if ($ecms_config['member']['regcookietime']) {
            $logincookie = time() + $ecms_config['member']['regcookietime'];
        }
        $r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
        $set1 = esetcookie("mlusername", $username, $logincookie);
        $set2 = esetcookie("mluserid", $userid, $logincookie);
        $set3 = esetcookie("mlgroupid", $groupid, $logincookie);
        $set4 = esetcookie("mlrnd", $rnd, $logincookie);
        //验证符
        qGetLoginAuthstr($userid, $username, $rnd, $groupid, $logincookie);
        //登录附加cookie
        AddLoginCookie($r);
        $location = "../member/cp/";
        $returnurl = getcvar('returnurl');
        if ($returnurl && !strstr($returnurl, "e/member/iframe") && !strstr($returnurl, "e/member/register") && !strstr($returnurl, "enews=exit")) {
            $location = $returnurl;
        }
        $set5 = esetcookie("returnurl", "");
        //易通行系统
        DoEpassport('reg', $userid, $username, $truepassword, $salt, $email, $groupid, $registertime);
        $location = DoingReturnUrl($location, $_POST['ecmsfrom']);
        printerror("RegisterSuccess", $location, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Ejemplo n.º 5
0
function DoRegSend($add)
{
    global $empire, $dbtbpre, $public_r;
    if ($public_r['regacttype'] != 1) {
        printerror('CloseRegAct', '', 1);
    }
    $username = trim($add[username]);
    $password = trim($add[password]);
    $email = trim($add[email]);
    $newemail = trim($add[newemail]);
    if (!$username || !$password || !$email) {
        printerror("EmptyRegAct", "history.go(-1)", 1);
    }
    //验证码
    $key = $add['key'];
    $keyvname = 'checkregsendkey';
    ecmsCheckShowKey($keyvname, $key, 1);
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    $username = RepPostStr($username);
    $email = RepPostStr($email);
    $newemail = RepPostStr($newemail);
    if (!chemail($email)) {
        printerror("EmailFail", "history.go(-1)", 1);
    }
    if ($newemail) {
        if (!chemail($newemail)) {
            printerror("EmailFail", "history.go(-1)", 1);
        }
        $sendemail = $newemail;
    } else {
        $sendemail = $email;
    }
    //密码
    $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,salt,password') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
    if (!$ur['userid']) {
        printerror("ErrorRegActUser", "history.go(-1)", 1);
    }
    if (!eDoCkMemberPw($password, $ur['password'], $ur['salt'])) {
        printerror("ErrorRegActUser", "history.go(-1)", 1);
    }
    $r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
    $useremail = $r['email'];
    if (!$r['userid'] || $useremail != $email) {
        printerror("ErrorRegActUser", "history.go(-1)", 1);
    }
    if ($r['checked']) {
        printerror("HaveRegActUser", '', 1);
    }
    $addr = $empire->fetch1("select userid,authstr from {$dbtbpre}enewsmemberpub where userid='" . $r['userid'] . "' limit 1");
    $ar = explode('||', $addr['authstr']);
    if (!$addr['userid'] || !$addr['authstr'] || $ar[1] != 2) {
        printerror("HaveRegActUser", '', 1);
    }
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    SendActUserEmail($r['userid'], $username, $sendemail);
}
Ejemplo n.º 6
0
function DoRegSend($add)
{
    global $empire, $dbtbpre, $public_r, $user_tablename, $user_username, $user_userid, $user_email, $user_password, $user_dopass, $user_salt, $user_checked;
    if ($public_r['regacttype'] != 1) {
        printerror('CloseRegAct', '', 1);
    }
    $username = trim($add[username]);
    $password = trim($add[password]);
    $email = trim($add[email]);
    $newemail = trim($add[newemail]);
    if (!$username || !$password || !$email) {
        printerror("EmptyRegAct", "history.go(-1)", 1);
    }
    //ÑéÖ¤Âë
    $key = $add['key'];
    $keyvname = 'checkregsendkey';
    ecmsCheckShowKey($keyvname, $key, 1);
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    $username = RepPostStr($username);
    $email = RepPostStr($email);
    $newemail = RepPostStr($newemail);
    if (!chemail($email)) {
        printerror("EmailFail", "history.go(-1)", 1);
    }
    if ($newemail) {
        if (!chemail($newemail)) {
            printerror("EmailFail", "history.go(-1)", 1);
        }
        $sendemail = $newemail;
    } else {
        $sendemail = $email;
    }
    //±àÂëת»»
    $utfusername = doUtfAndGbk($username, 0);
    $password = doUtfAndGbk($password, 0);
    //ÃÜÂë
    if (empty($user_dopass)) {
        $password = md5($password);
    }
    if ($user_dopass == 3) {
        $password = substr(md5($password), 8, 16);
    }
    //Ë«ÖØmd5
    $num = 0;
    if ($user_dopass == 2) {
        $ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
        $password = md5(md5($password) . $ur[$user_salt]);
        $num = 0;
        if ($password == $ur[$user_password]) {
            $num = 1;
        }
        if (empty($ur[$user_userid])) {
            $num = 0;
        }
    } else {
        $num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_username . "='{$utfusername}' and " . $user_password . "='" . $password . "' limit 1");
    }
    if (!$num) {
        printerror("ErrorRegActUser", "history.go(-1)", 1);
    }
    $r = $empire->fetch1("select * from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
    $utfemail = doUtfAndGbk($r[$user_email], 1);
    if (!$r[$user_userid] || $utfemail != $email) {
        printerror("ErrorRegActUser", "history.go(-1)", 1);
    }
    if ($r[$user_checked]) {
        printerror("HaveRegActUser", '', 1);
    }
    $addr = $empire->fetch1("select userid,authstr from {$dbtbpre}enewsmemberadd where userid='" . $r[$user_userid] . "' limit 1");
    $ar = explode('||', $addr['authstr']);
    if (!$addr['userid'] || !$addr['authstr'] || $ar[1] != 2) {
        printerror("HaveRegActUser", '', 1);
    }
    ecmsEmptyShowKey($keyvname);
    //Çå¿ÕÑéÖ¤Âë
    SendActUserEmail($r[$user_userid], $username, $sendemail);
}