/** * 获取身份验证方式 * * @param unknown $user_id * @return array */ function get_validate_types($user_id) { // 获取用户信息,判断用户是否验证了手机、邮箱 $sql = "select user_id, user_name, email, mobile_phone from " . $GLOBALS['ecs']->table('users') . " where user_id = '" . $user_id . "'"; $user = $GLOBALS['user']; $user_info = $user->get_profile_by_id($user_id); $email = $user_info['email']; $mobile_phone = $user_info['mobile_phone']; $email_validate = $user_info['email_validated']; $mobile_validate = $user_info['mobile_validated']; $row = $GLOBALS['db']->getRow($sql); if ($row == false) { show_message('您输入的账户名不存在,请核对后重新输入。', $_LANG['relogin_lnk'], 'findPwd.php', 'error'); } $validate_types = array(); if (isset($mobile_phone) && !empty($mobile_phone) && $mobile_validate == 1) { $_SESSION[VT_MOBILE_VALIDATE] = $mobile_phone; // 处理手机号,不让前台显示 $mobile_phone = encrypt_mobile($mobile_phone); $validate_types[] = array('type' => 'mobile_phone', 'name' => '已验证的手机号码', 'value' => $mobile_phone); } if (isset($email) && !empty($email) && $email_validate == 1) { $_SESSION[VT_EMAIL_VALIDATE] = $email; $email = encrypt_email($email); $validate_types[] = array('type' => 'email', 'name' => '邮箱', 'value' => $email); } if (count($validate_types) == 0) { $validate_types[] = array('type' => 'password', 'name' => '登录密码验证', 'value' => $_SESSION['user_name']); } return $validate_types; }
$select_inv = sql_query('SELECT sender, receiver, status FROM invite_codes WHERE code = ' . sqlesc($invite)) or sqlerr(__FILE__, __LINE__); $rows = mysqli_num_rows($select_inv); $assoc = mysqli_fetch_assoc($select_inv); if ($rows == 0) { stderr("Error", "Invite not found.\nPlease request a invite from one of our members."); } if ($assoc["receiver"] != 0) { stderr("Error", "Invite already taken.\nPlease request a new one from your inviter."); } $secret = mksecret(); $wantpasshash = make_passhash($secret, md5($wantpassword)); $editsecret = !$arr[0] ? "" : make_passhash_login_key(); $wanthintanswer = md5($hintanswer); check_banned_emails($email); $user_frees = TIME_NOW + 14 * 86400; $emails = encrypt_email($email); $new_user = sql_query("INSERT INTO users (username, passhash, secret, passhint, hintanswer, editsecret, birthday, invitedby, email, added, last_access, last_login, time_offset, dst_in_use, free_switch) VALUES (" . implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $birthday, $passhint, $wanthintanswer, (int) $assoc['sender'], $emails, TIME_NOW, TIME_NOW, TIME_NOW, $time_offset, $dst_in_use['tm_isdst'], $user_frees))) . ")"); sql_query("INSERT INTO usersachiev (id, username) VALUES (" . sqlesc($id) . ", " . sqlesc($wantusername) . ")") or sqlerr(__FILE__, __LINE__); sql_query("UPDATE usersachiev SET invited=invited+1 WHERE id =" . sqlesc($assoc['sender'])) or sqlerr(__FILE__, __LINE__); $message = "Welcome New {$INSTALLER09['site_name']} Member : - " . htmlsafechars($wantusername) . ""; if (!$new_user) { if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) { stderr("Error", "Username already exists!"); } } //===send PM to inviter $sender = (int) $assoc["sender"]; $added = TIME_NOW; $msg = sqlesc("Hey there [you] ! :wave:\nIt seems that someone you invited to {$INSTALLER09['site_name']} has arrived ! :clap2: \n\n Please go to your [url={$INSTALLER09['baseurl']}/invite.php]Invite page[/url] to confirm them so they can log in.\n\ncheers\n"); $subject = sqlesc("Someone you invited has arrived!"); sql_query("INSERT INTO messages (sender, subject, receiver, msg, added) VALUES (0, {$subject}, " . sqlesc($sender) . ", {$msg}, {$added})") or sqlerr(__FILE__, __LINE__);
/** * veifyEmail() * 绑定邮箱,给邮箱发送验证邮件 * @param id 邮件验证id * @param code 验证码 */ public function verifyEmail() { $id = I('id', false, 'int'); $code = I('code', false, '/^\\w{32}/'); if ($id && $code) { $map['id'] = $id; $map['code'] = $code; $map['type'] = 1; $info = M('Code')->where($map)->Field('use_id,content')->find(); if ($info) { M('Code')->where('id=%d', $id)->delete(); $email = $info['content']; import('Common.Encrypt', COMMON_PATH, '.php'); if (get_user_by_email($email)) { $this->error('此邮箱已经绑定过账号!'); } else { $User = M('User'); $user = $User->field('name,email')->getById($info['use_id']); if ($User->where('id=%d', $info['use_id'])->setField('email', encrypt_email($email))) { //首次绑定邮件 if (!$user['email']) { $user['email'] = $email; send_mail($user, L('MAIL_FIRST', array('name' => $user['name'])), C('MAIL_NOTIFY')); } $this->success('绑定成功!', '/'); } else { $this->error('邮箱绑定失败!'); } } } else { $this->error('验证信息已不存在!'); } } else { $this->error('信息不完整'); } }
/** * 根据邮箱查找用户 * @method get_user_by_email($email) * @param $email 邮箱 * @return int 返回对应用户的id */ function get_user_by_email($email) { if (strpos($email, '@') == 1) { $q1 = '`email` LIKE "' . substr_replace($email, '%', 1, 0) . '"'; $q2 = 'length(`email`)<' . (strlen($email) + 23); $condition = $q1 . ' AND ' . $q2; $id = M('User')->where($condition)->getField('id'); } else { import('Common.Encrypt', COMMON_PATH, '.php'); $en_email = encrypt_email($email); $id = M('User')->getFieldByEmail($en_email, 'id'); } return $id; }