/**
* 获取身份验证方式
*
* @param unknown $user_id
* @return array
*/
function get_validate_types($user_id)
{
// 获取用户信息,判断用户是否验证了手机、邮箱
$sql = "select user_id, user_name, email, mobile_phone from " . $GLOBALS['ecs']->table('users') . " where user_id = '" . $user_id . "'";
$user = $GLOBALS['user'];
$user_info = $user->get_profile_by_id($user_id);
$email = $user_info['email'];
$mobile_phone = $user_info['mobile_phone'];
$email_validate = $user_info['email_validated'];
$mobile_validate = $user_info['mobile_validated'];
$row = $GLOBALS['db']->getRow($sql);
if ($row == false) {
show_message('您输入的账户名不存在,请核对后重新输入。', $_LANG['relogin_lnk'], 'findPwd.php', 'error');
}
$validate_types = array();
if (isset($mobile_phone) && !empty($mobile_phone) && $mobile_validate == 1) {
$_SESSION[VT_MOBILE_VALIDATE] = $mobile_phone;
// 处理手机号,不让前台显示
$mobile_phone = encrypt_mobile($mobile_phone);
$validate_types[] = array('type' => 'mobile_phone', 'name' => '已验证的手机号码', 'value' => $mobile_phone);
}
if (isset($email) && !empty($email) && $email_validate == 1) {
$_SESSION[VT_EMAIL_VALIDATE] = $email;
$email = encrypt_email($email);
$validate_types[] = array('type' => 'email', 'name' => '邮箱', 'value' => $email);
}
if (count($validate_types) == 0) {
$validate_types[] = array('type' => 'password', 'name' => '登录密码验证', 'value' => $_SESSION['user_name']);
}
return $validate_types;
}
$select_inv = sql_query('SELECT sender, receiver, status FROM invite_codes WHERE code = ' . sqlesc($invite)) or sqlerr(__FILE__, __LINE__);
$rows = mysqli_num_rows($select_inv);
$assoc = mysqli_fetch_assoc($select_inv);
if ($rows == 0) {
stderr("Error", "Invite not found.\nPlease request a invite from one of our members.");
}
if ($assoc["receiver"] != 0) {
stderr("Error", "Invite already taken.\nPlease request a new one from your inviter.");
}
$secret = mksecret();
$wantpasshash = make_passhash($secret, md5($wantpassword));
$editsecret = !$arr[0] ? "" : make_passhash_login_key();
$wanthintanswer = md5($hintanswer);
check_banned_emails($email);
$user_frees = TIME_NOW + 14 * 86400;
$emails = encrypt_email($email);
$new_user = sql_query("INSERT INTO users (username, passhash, secret, passhint, hintanswer, editsecret, birthday, invitedby, email, added, last_access, last_login, time_offset, dst_in_use, free_switch) VALUES (" . implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $birthday, $passhint, $wanthintanswer, (int) $assoc['sender'], $emails, TIME_NOW, TIME_NOW, TIME_NOW, $time_offset, $dst_in_use['tm_isdst'], $user_frees))) . ")");
sql_query("INSERT INTO usersachiev (id, username) VALUES (" . sqlesc($id) . ", " . sqlesc($wantusername) . ")") or sqlerr(__FILE__, __LINE__);
sql_query("UPDATE usersachiev SET invited=invited+1 WHERE id =" . sqlesc($assoc['sender'])) or sqlerr(__FILE__, __LINE__);
$message = "Welcome New {$INSTALLER09['site_name']} Member : - " . htmlsafechars($wantusername) . "";
if (!$new_user) {
if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) {
stderr("Error", "Username already exists!");
}
}
//===send PM to inviter
$sender = (int) $assoc["sender"];
$added = TIME_NOW;
$msg = sqlesc("Hey there [you] ! :wave:\nIt seems that someone you invited to {$INSTALLER09['site_name']} has arrived ! :clap2: \n\n Please go to your [url={$INSTALLER09['baseurl']}/invite.php]Invite page[/url] to confirm them so they can log in.\n\ncheers\n");
$subject = sqlesc("Someone you invited has arrived!");
sql_query("INSERT INTO messages (sender, subject, receiver, msg, added) VALUES (0, {$subject}, " . sqlesc($sender) . ", {$msg}, {$added})") or sqlerr(__FILE__, __LINE__);
/**
* veifyEmail()
* 绑定邮箱,给邮箱发送验证邮件
* @param id 邮件验证id
* @param code 验证码
*/
public function verifyEmail()
{
$id = I('id', false, 'int');
$code = I('code', false, '/^\\w{32}/');
if ($id && $code) {
$map['id'] = $id;
$map['code'] = $code;
$map['type'] = 1;
$info = M('Code')->where($map)->Field('use_id,content')->find();
if ($info) {
M('Code')->where('id=%d', $id)->delete();
$email = $info['content'];
import('Common.Encrypt', COMMON_PATH, '.php');
if (get_user_by_email($email)) {
$this->error('此邮箱已经绑定过账号!');
} else {
$User = M('User');
$user = $User->field('name,email')->getById($info['use_id']);
if ($User->where('id=%d', $info['use_id'])->setField('email', encrypt_email($email))) {
//首次绑定邮件
if (!$user['email']) {
$user['email'] = $email;
send_mail($user, L('MAIL_FIRST', array('name' => $user['name'])), C('MAIL_NOTIFY'));
}
$this->success('绑定成功!', '/');
} else {
$this->error('邮箱绑定失败!');
}
}
} else {
$this->error('验证信息已不存在!');
}
} else {
$this->error('信息不完整');
}
}
/**
* 根据邮箱查找用户
* @method get_user_by_email($email)
* @param $email 邮箱
* @return int 返回对应用户的id
*/
function get_user_by_email($email)
{
if (strpos($email, '@') == 1) {
$q1 = '`email` LIKE "' . substr_replace($email, '%', 1, 0) . '"';
$q2 = 'length(`email`)<' . (strlen($email) + 23);
$condition = $q1 . ' AND ' . $q2;
$id = M('User')->where($condition)->getField('id');
} else {
import('Common.Encrypt', COMMON_PATH, '.php');
$en_email = encrypt_email($email);
$id = M('User')->getFieldByEmail($en_email, 'id');
}
return $id;
}