private function _validate_form()
{
// 先验证用户名和密码
$this->load->library('form_validation');
$this->form_validation->set_message('required', '请输入{field}');
$this->form_validation->set_rules('username', '用户名', array('required', array('is_username', function ($str) {
if (is_username($str) || is_email($str) || is_phone($str)) {
return true;
}
$this->form_validation->set_message('is_username', '无效{field}');
return false;
})));
$this->form_validation->set_rules('password', '密码', array('required', array('is_password', function ($str) {
if (!is_password($str)) {
$this->form_validation->set_message('is_password', '无效{field}');
return false;
}
return true;
})));
if (!$this->form_validation->run()) {
return FALSE;
}
$this->form_validation->reset_validation();
$this->form_validation->set_message('required', '请输入{field}');
$this->form_validation->set_rules('captcha', '验证码', 'trim|required|callback_check_captcha');
return $this->form_validation->run();
}
/**
* 构造函数
*/
public function __construct()
{
$this->db = pc_base::load_model('member_model');
pc_base::load_app_func('global');
/*获取系统配置*/
$this->settings = getcache('settings', 'admin');
$this->applist = getcache('applist', 'admin');
if (isset($_GET) && is_array($_GET) && count($_GET) > 0) {
foreach ($_GET as $k => $v) {
if (!in_array($k, array('m', 'c', 'a'))) {
$_POST[$k] = $v;
}
}
}
if (isset($_POST['appid'])) {
$this->appid = intval($_POST['appid']);
} else {
exit('0');
}
if (isset($_POST['data'])) {
parse_str(sys_auth($_POST['data'], 'DECODE', $this->applist[$this->appid]['authkey']), $this->data);
if (empty($this->data) || !is_array($this->data)) {
exit('0');
}
if (!get_magic_quotes_gpc()) {
$this->data = new_addslashes($this->data);
}
if (isset($this->data['username']) && $this->data['username'] != '' && is_username($this->data['username']) == false) {
exit('-5');
}
if (isset($this->data['email']) && $this->data['username'] != '' && is_email($this->data['email']) == false) {
exit('-5');
}
if (isset($this->data['password']) && $this->data['password'] != '' && (is_password($this->data['password']) == false || is_badword($this->data['password']))) {
exit('-5');
}
if (isset($this->data['newpassword']) && $this->data['newpassword'] != '' && (is_password($this->data['newpassword']) == false || is_badword($this->data['newpassword']))) {
exit('-5');
}
} else {
exit('0');
}
if (isset($GLOBALS['HTTP_RAW_POST_DATA'])) {
$this->data['avatardata'] = $GLOBALS['HTTP_RAW_POST_DATA'];
//if($this->applist[$this->appid]['authkey'] != $this->data['ps_auth_key']) {
// exit('0');
//}
}
}
/**
* 检查管理员名称
* @param array $data 管理员数据
*/
function checkuserinfo($data)
{
if (!is_array($data)) {
showmessage(L('parameters_error'));
return false;
} elseif (!is_username($data['username'])) {
showmessage(L('username_illegal'));
return false;
} elseif (empty($data['email']) || !is_email($data['email'])) {
showmessage(L('email_illegal'));
return false;
} elseif (empty($data['roleid'])) {
return false;
}
return $data;
}
public function save()
{
$token = $this->input->post('token', TRUE);
if ($token != $_SESSION['token']) {
msg_url(L('edit_02'), 'javascript:history.back();');
}
$userinfo['nichen'] = $this->input->post('usernichen', TRUE, TRUE);
$userinfo['email'] = $this->input->post('useremail', TRUE, TRUE);
$userinfo['tel'] = $this->input->post('usertel', TRUE, TRUE);
$userinfo['qq'] = $this->input->post('userqq', TRUE, TRUE);
$userinfo['sex'] = intval($this->input->post('usersex'));
$userinfo['city'] = $this->input->post('usercity', TRUE, TRUE);
$userinfo['qianm'] = $this->input->post('userqianm', TRUE);
if (empty($userinfo['nichen']) || !is_username($userinfo['nichen'], 1)) {
msg_url(L('edit_03'), 'javascript:history.back();');
}
if (empty($userinfo['email']) || !is_email($userinfo['email'])) {
msg_url(L('edit_04'), 'javascript:history.back();');
}
if (empty($userinfo['tel']) || !is_tel($userinfo['tel'])) {
msg_url(L('edit_05'), 'javascript:history.back();');
}
if (!empty($userinfo['qq']) && !is_qq($userinfo['qq'])) {
msg_url(L('edit_06'), 'javascript:history.back();');
}
//判断昵称是否注册
$nichen = $this->db->query("select id from " . CS_SqlPrefix . "user where nichen='" . $userinfo['nichen'] . "' and id!=" . $_SESSION['cscms__id'] . "")->row();
if ($nichen) {
msg_url(L('edit_07'), 'javascript:history.back();');
}
//判断邮箱是否注册
$email = $this->db->query("select id from " . CS_SqlPrefix . "user where email='" . $userinfo['email'] . "' and id!=" . $_SESSION['cscms__id'] . "")->row();
if ($email) {
msg_url(L('edit_08'), 'javascript:history.back();');
}
//判断手机是否注册
$tel = $this->db->query("select id from " . CS_SqlPrefix . "user where tel='" . $userinfo['tel'] . "' and id!=" . $_SESSION['cscms__id'] . "")->row();
if ($tel) {
msg_url(L('edit_09'), 'javascript:history.back();');
}
//修改入库
$this->CsdjDB->get_update('user', $_SESSION['cscms__id'], $userinfo);
msg_url(L('edit_10'), 'javascript:history.back();');
}
private function _checkuserinfo($data, $is_edit=0) {
if(!is_array($data)){
showmessage(L('need_more_param'));return false;
} elseif (!is_username($data['username']) && !$is_edit){
showmessage(L('username_format_incorrect'));return false;
} elseif (!isset($data['userid']) && $is_edit) {
showmessage(L('username_format_incorrect'));return false;
} elseif (empty($data['email']) || !is_email($data['email'])){
showmessage(L('email_format_incorrect'));return false;
}
return $data;
}
/**
* 检查用户昵称
* @param string $nickname 昵称
* @return $status {0:已存在;1:成功}
*/
public function public_checknickname_ajax()
{
$nickname = isset($_GET['nickname']) && trim($_GET['nickname']) && is_username(trim($_GET['nickname'])) ? trim($_GET['nickname']) : exit('0');
if (CHARSET != 'utf-8') {
$nickname = iconv('utf-8', CHARSET, $nickname);
$nickname = addslashes($nickname);
}
//首先判断会员审核表
$this->verify_db = pc_base::load_model('member_verify_model');
if ($this->verify_db->get_one(array('nickname' => $nickname))) {
exit('0');
}
if (isset($_GET['userid'])) {
$userid = intval($_GET['userid']);
//如果是会员修改,而且NICKNAME和原来优质一致返回1,否则返回0
$info = get_memberinfo($userid);
if ($info['nickname'] == $nickname) {
//未改变
exit('1');
} else {
//已改变,判断是否已有此名
$where = array('nickname' => $nickname);
$res = $this->db->get_one($where);
if ($res) {
exit('0');
} else {
exit('1');
}
}
} else {
$where = array('nickname' => $nickname);
$res = $this->db->get_one($where);
if ($res) {
exit('0');
} else {
exit('1');
}
}
}
public function login()
{
$this->_session_start();
//获取用户siteid
$siteid = isset($_REQUEST['siteid']) && trim($_REQUEST['siteid']) ? intval($_REQUEST['siteid']) : 1;
//定义站点id常量
if (!defined('SITEID')) {
define('SITEID', $siteid);
}
if (isset($_POST['dosubmit'])) {
if (empty($_SESSION['connectid'])) {
//判断验证码
$code = isset($_POST['code']) && trim($_POST['code']) ? trim($_POST['code']) : showmessage(L('input_code'), HTTP_REFERER);
if ($_SESSION['code'] != strtolower($code)) {
showmessage(L('code_error'), HTTP_REFERER);
}
}
//echo $_POST['username'];
//die;
$username = isset($_POST['username']) && is_username($_POST['username']) ? trim($_POST['username']) : showmessage(L('username_empty'), HTTP_REFERER);
$password = isset($_POST['password']) && trim($_POST['password']) ? trim($_POST['password']) : showmessage(L('password_empty'), HTTP_REFERER);
$cookietime = intval($_POST['cookietime']);
$synloginstr = '';
//同步登陆js代码
if (pc_base::load_config('system', 'phpsso')) {
$this->_init_phpsso();
$status = $this->client->ps_member_login($username, $password);
$memberinfo = unserialize($status);
//print_r($memberinfo);
//die;
// dprint_r($status);die;
if (isset($memberinfo['uid'])) {
//查询帐号
$r = $this->db->get_one(array('phpssouid' => $memberinfo['uid']));
if (!$r) {
//插入企业详细信息,企业不存在 插入企业
$info = array('phpssouid' => $memberinfo['uid'], 'username' => $memberinfo['username'], 'password' => $memberinfo['password'], 'encrypt' => $memberinfo['random'], 'email' => $memberinfo['email'], 'regip' => $memberinfo['regip'], 'regdate' => $memberinfo['regdate'], 'lastip' => $memberinfo['lastip'], 'lastdate' => $memberinfo['lastdate'], 'groupid' => $this->_get_usergroup_bypoint(), 'modelid' => 10);
//如果是connect用户
if (!empty($_SESSION['connectid'])) {
$userinfo['connectid'] = $_SESSION['connectid'];
}
if (!empty($_SESSION['from'])) {
$userinfo['from'] = $_SESSION['from'];
}
unset($_SESSION['connectid'], $_SESSION['from']);
$this->db->insert($info);
unset($info);
$r = $this->db->get_one(array('phpssouid' => $memberinfo['uid']));
}
$password = $r['password'];
$synloginstr = $this->client->ps_member_synlogin($r['phpssouid']);
} else {
if ($status == -1) {
//用户不存在
showmessage(L('user_not_exist'), 'index.php?m=member&c=index&a=login');
} elseif ($status == -2) {
//密码错误
showmessage(L('password_error'), 'index.php?m=member&c=index&a=login');
} else {
showmessage(L('login_failure'), 'index.php?m=member&c=index&a=login');
}
}
} else {
//密码错误剩余重试次数
$this->times_db = pc_base::load_model('times_model');
$rtime = $this->times_db->get_one(array('username' => $username));
if ($rtime['times'] > 4) {
$minute = 60 - floor((SYS_TIME - $rtime['logintime']) / 60);
showmessage(L('wait_1_hour', array('minute' => $minute)));
}
//查询帐号
$r = $this->db->get_one(array('username' => $username));
if (!$r) {
showmessage(L('user_not_exist'), 'index.php?m=member&c=index&a=login');
}
//验证用户密码
$password = md5(md5(trim($password)) . $r['encrypt']);
if ($r['password'] != $password) {
$ip = ip();
if ($rtime && $rtime['times'] < 5) {
$times = 5 - intval($rtime['times']);
$this->times_db->update(array('ip' => $ip, 'times' => '+=1'), array('username' => $username));
} else {
$this->times_db->insert(array('username' => $username, 'ip' => $ip, 'logintime' => SYS_TIME, 'times' => 1));
$times = 5;
}
showmessage(L('password_error', array('times' => $times)), 'index.php?m=member&c=index&a=login', 3000);
}
$this->times_db->delete(array('username' => $username));
}
//如果用户被锁定
if ($r['islock']) {
showmessage(L('user_is_lock'));
}
$userid = $r['userid'];
$groupid = $r['groupid'];
$username = $r['username'];
$nickname = empty($r['nickname']) ? $username : $r['nickname'];
$updatearr = array('lastip' => ip(), 'lastdate' => SYS_TIME);
//vip过期,更新vip和企业组
if ($r['overduedate'] < SYS_TIME) {
$updatearr['vip'] = 0;
}
//检查用户积分,更新新用户组,除去邮箱认证、禁止访问、游客组用户、vip用户,如果该用户组不允许自助升级则不进行该操作
if ($r['point'] >= 0 && !in_array($r['groupid'], array('1', '7', '8')) && empty($r[vip])) {
$grouplist = getcache('grouplist');
if (!empty($grouplist[$r['groupid']]['allowupgrade'])) {
$check_groupid = $this->_get_usergroup_bypoint($r['point']);
if ($check_groupid != $r['groupid']) {
$updatearr['groupid'] = $groupid = $check_groupid;
}
}
}
//如果是connect用户
if (!empty($_SESSION['connectid'])) {
$updatearr['connectid'] = $_SESSION['connectid'];
}
if (!empty($_SESSION['from'])) {
$updatearr['from'] = $_SESSION['from'];
}
unset($_SESSION['connectid'], $_SESSION['from']);
$this->db->update($updatearr, array('userid' => $userid));
if (!isset($cookietime)) {
$get_cookietime = param::get_cookie('cookietime');
}
$_cookietime = $cookietime ? intval($cookietime) : ($get_cookietime ? $get_cookietime : 0);
$cookietime = $_cookietime ? SYS_TIME + $_cookietime : 0;
$gxw_auth_key = md5(pc_base::load_config('system', 'auth_key') . $this->http_user_agent);
$gxw_auth = sys_auth($userid . "\t" . $password, 'ENCODE', $gxw_auth_key);
param::set_cookie('auth', $gxw_auth, $cookietime);
param::set_cookie('_userid', $userid, $cookietime);
param::set_cookie('_username', $username, $cookietime);
param::set_cookie('_groupid', $groupid, $cookietime);
param::set_cookie('_nickname', $nickname, $cookietime);
param::set_cookie('_status', $status, $cookietime);
//param::set_cookie('cookietime', $_cookietime, $cookietime);
$forward = isset($_POST['forward']) && !empty($_POST['forward']) ? urldecode($_POST['forward']) : 'index.php?m=member&c=index';
showmessage(L('login_success') . $synloginstr, $forward);
} else {
$setting = pc_base::load_config('system');
$forward = isset($_GET['forward']) && trim($_GET['forward']) ? urlencode($_GET['forward']) : '';
$siteid = isset($_REQUEST['siteid']) && trim($_REQUEST['siteid']) ? intval($_REQUEST['siteid']) : 1;
$siteinfo = siteinfo($siteid);
include template('member', 'login');
}
}
public function register()
{
$this->_session_start();
//加载用户模块配置
$member_setting = getcache('member_setting');
if (!$member_setting['allowregister']) {
showmessage(L('deny_register'), 'index.php?m=member&c=index&a=login');
}
//获取用户siteid
$siteid = isset($_REQUEST['siteid']) && trim($_REQUEST['siteid']) ? intval($_REQUEST['siteid']) : 1;
//定义站点id常量
if (!defined('SITEID')) {
define('SITEID', $siteid);
}
header("Cache-control: private");
if (isset($_POST['dosubmit'])) {
if (empty($_SESSION['connectid']) && $_SESSION['code'] != strtolower($_POST['code'])) {
showmessage(L('code_error'));
}
$userinfo = array();
$userinfo['encrypt'] = create_randomstr(6);
$userinfo['username'] = isset($_POST['username']) && is_username($_POST['username']) ? $_POST['username'] : exit('0');
$userinfo['nickname'] = isset($_POST['nickname']) && is_username($_POST['nickname']) ? $_POST['nickname'] : '';
$userinfo['email'] = isset($_POST['email']) && is_email($_POST['email']) ? $_POST['email'] : exit('0');
$userinfo['password'] = isset($_POST['password']) ? $_POST['password'] : exit('0');
$userinfo['email'] = isset($_POST['email']) && is_email($_POST['email']) ? $_POST['email'] : exit('0');
$userinfo['modelid'] = isset($_POST['modelid']) ? intval($_POST['modelid']) : 10;
$userinfo['regip'] = ip();
$userinfo['point'] = $member_setting['defualtpoint'] ? $member_setting['defualtpoint'] : 0;
$userinfo['amount'] = $member_setting['defualtamount'] ? $member_setting['defualtamount'] : 0;
$userinfo['regdate'] = $userinfo['lastdate'] = SYS_TIME;
$userinfo['siteid'] = $siteid;
$userinfo['connectid'] = isset($_SESSION['connectid']) ? $_SESSION['connectid'] : '';
$userinfo['from'] = isset($_SESSION['from']) ? $_SESSION['from'] : '';
unset($_SESSION['connectid'], $_SESSION['from']);
if ($member_setting['enablemailcheck']) {
//是否需要邮件验证
$userinfo['groupid'] = 7;
} elseif ($member_setting['registerverify']) {
//是否需要管理员审核
$userinfo['modelinfo'] = isset($_POST['info']) ? array2string($_POST['info']) : '';
$this->verify_db = pc_base::load_model('member_verify_model');
unset($userinfo['lastdate'], $userinfo['connectid'], $userinfo['from']);
$this->verify_db->insert($userinfo);
showmessage(L('operation_success'), 'index.php?m=member&c=index&a=register&t=3');
} else {
//查看当前模型是否开启了短信验证功能
$model_field_cache = getcache('model_field_' . $userinfo['modelid'], 'model');
if (isset($model_field_cache['mobile']) && $model_field_cache['mobile']['disabled'] == 0) {
$mobile = $_POST['info']['mobile'];
if (!preg_match('/^1([0-9]{10})/', $mobile)) {
showmessage(L('input_right_mobile'));
}
$sms_report_db = pc_base::load_model('sms_report_model');
$posttime = SYS_TIME - 300;
$where = "`mobile`='{$mobile}' AND `posttime`>'{$posttime}'";
$r = $sms_report_db->get_one($where);
if (!$r || $r['id_code'] != $_POST['mobile_verify']) {
showmessage(L('error_sms_code'));
}
}
$userinfo['groupid'] = $this->_get_usergroup_bypoint($userinfo['point']);
}
if (pc_base::load_config('system', 'phpsso')) {
$this->_init_phpsso();
$status = $this->client->ps_member_register($userinfo['username'], $userinfo['password'], $userinfo['email'], $userinfo['regip'], $userinfo['encrypt']);
if ($status > 0) {
$userinfo['phpssouid'] = $status;
//传入phpsso为明文密码,加密后存入phpcms_v9
$password = $userinfo['password'];
$userinfo['password'] = password($userinfo['password'], $userinfo['encrypt']);
$userid = $this->db->insert($userinfo, 1);
if ($member_setting['choosemodel']) {
//如果开启选择模型
//通过模型获取会员信息
require_once CACHE_MODEL_PATH . 'member_input.class.php';
require_once CACHE_MODEL_PATH . 'member_update.class.php';
$member_input = new member_input($userinfo['modelid']);
$user_model_info = $member_input->get($_POST['info']);
$user_model_info['userid'] = $userid;
//插入会员模型数据
$this->db->set_model($userinfo['modelid']);
$this->db->insert($user_model_info);
}
if ($userid > 0) {
//执行登陆操作
if (!$cookietime) {
$get_cookietime = param::get_cookie('cookietime');
}
$_cookietime = $cookietime ? intval($cookietime) : ($get_cookietime ? $get_cookietime : 0);
$cookietime = $_cookietime ? TIME + $_cookietime : 0;
if ($userinfo['groupid'] == 7) {
param::set_cookie('_username', $userinfo['username'], $cookietime);
param::set_cookie('email', $userinfo['email'], $cookietime);
} else {
$phpcms_auth_key = md5(pc_base::load_config('system', 'auth_key') . $this->http_user_agent);
$phpcms_auth = sys_auth($userid . "\t" . $userinfo['password'], 'ENCODE', $phpcms_auth_key);
param::set_cookie('auth', $phpcms_auth, $cookietime);
param::set_cookie('_userid', $userid, $cookietime);
param::set_cookie('_username', $userinfo['username'], $cookietime);
param::set_cookie('_nickname', $userinfo['nickname'], $cookietime);
param::set_cookie('_groupid', $userinfo['groupid'], $cookietime);
param::set_cookie('cookietime', $_cookietime, $cookietime);
}
}
//如果需要邮箱认证
if ($member_setting['enablemailcheck']) {
pc_base::load_sys_func('mail');
$phpcms_auth_key = md5(pc_base::load_config('system', 'auth_key'));
$code = sys_auth($userid . '|' . $phpcms_auth_key, 'ENCODE', $phpcms_auth_key);
$url = APP_PATH . "index.php?m=member&c=index&a=register&code={$code}&verify=1";
$message = $member_setting['registerverifymessage'];
$message = str_replace(array('{click}', '{url}', '{username}', '{email}', '{password}'), array('<a href="' . $url . '">' . L('please_click') . '</a>', $url, $userinfo['username'], $userinfo['email'], $password), $message);
sendmail($userinfo['email'], L('reg_verify_email'), $message);
//设置当前注册账号COOKIE,为第二步重发邮件所用
param::set_cookie('_regusername', $userinfo['username'], $cookietime);
param::set_cookie('_reguserid', $userid, $cookietime);
param::set_cookie('_reguseruid', $userinfo['phpssouid'], $cookietime);
showmessage(L('operation_success'), 'index.php?m=member&c=index&a=register&t=2');
} else {
//如果不需要邮箱认证、直接登录其他应用
$synloginstr = $this->client->ps_member_synlogin($userinfo['phpssouid']);
showmessage(L('operation_success') . $synloginstr, 'index.php?m=member&c=index&a=init');
}
}
} else {
showmessage(L('enable_register') . L('enable_phpsso'), 'index.php?m=member&c=index&a=login');
}
showmessage(L('operation_failure'), HTTP_REFERER);
} else {
if (!pc_base::load_config('system', 'phpsso')) {
showmessage(L('enable_register') . L('enable_phpsso'), 'index.php?m=member&c=index&a=login');
}
if (!empty($_GET['verify'])) {
$code = isset($_GET['code']) ? trim($_GET['code']) : showmessage(L('operation_failure'), 'index.php?m=member&c=index');
$phpcms_auth_key = md5(pc_base::load_config('system', 'auth_key'));
$code_res = sys_auth($code, 'DECODE', $phpcms_auth_key);
$code_arr = explode('|', $code_res);
$userid = isset($code_arr[0]) ? $code_arr[0] : '';
$userid = is_numeric($userid) ? $userid : showmessage(L('operation_failure'), 'index.php?m=member&c=index');
$this->db->update(array('groupid' => $this->_get_usergroup_bypoint()), array('userid' => $userid));
showmessage(L('operation_success'), 'index.php?m=member&c=index');
} elseif (!empty($_GET['protocol'])) {
include template('member', 'protocol');
} else {
//过滤非当前站点会员模型
$modellist = getcache('member_model', 'commons');
foreach ($modellist as $k => $v) {
if ($v['siteid'] != $siteid || $v['disabled']) {
unset($modellist[$k]);
}
}
if (empty($modellist)) {
showmessage(L('site_have_no_model') . L('deny_register'), HTTP_REFERER);
}
//是否开启选择会员模型选项
if ($member_setting['choosemodel']) {
$first_model = array_pop(array_reverse($modellist));
$modelid = isset($_GET['modelid']) && in_array($_GET['modelid'], array_keys($modellist)) ? intval($_GET['modelid']) : $first_model['modelid'];
if (array_key_exists($modelid, $modellist)) {
//获取会员模型表单
require CACHE_MODEL_PATH . 'member_form.class.php';
$member_form = new member_form($modelid);
$this->db->set_model($modelid);
$forminfos = $forminfos_arr = $member_form->get();
//万能字段过滤
foreach ($forminfos as $field => $info) {
if ($info['isomnipotent']) {
unset($forminfos[$field]);
} else {
if ($info['formtype'] == 'omnipotent') {
foreach ($forminfos_arr as $_fm => $_fm_value) {
if ($_fm_value['isomnipotent']) {
$info['form'] = str_replace('{' . $_fm . '}', $_fm_value['form'], $info['form']);
}
}
$forminfos[$field]['form'] = $info['form'];
}
}
}
$formValidator = $member_form->formValidator;
}
}
$description = $modellist[$modelid]['description'];
include template('member', 'register');
}
}
}
public function check()
{
$field = $this->input->get_post('field', TRUE, TRUE);
//需要查询的字段
$data = $this->input->get_post('param', TRUE, TRUE);
//需要查询的字段
if (empty($field) || empty($data)) {
exit('{"status":"n","info":"' . get_bm(L('reg_27')) . '"}');
}
//判断保留用户名
$ymext = explode('|', Home_Ymext);
if ($field == 'name' && in_array($data, $ymext)) {
exit('{"status":"n","info":"' . get_bm(L('reg_28')) . '"}');
}
//判断用户名格式
if ($field == 'name' && !is_username($data)) {
exit('{"status":"n","info":"' . get_bm(L('reg_29')) . '"}');
}
//判断邮箱格式
if ($field == 'email' && !is_email($data)) {
exit('{"status":"n","info":"' . get_bm(L('reg_30')) . '"}');
}
//判断手机号码格式
if ($field == 'tel' && !preg_match('/^1([0-9]{9})/', $data)) {
exit('{"status":"n","info":"' . get_bm(L('reg_31')) . '"}');
}
//判断需要查询的字段是否存在
if (!$this->db->field_exists($field, CS_SqlPrefix . 'user')) {
exit('{"status":"n","info":"' . get_bm(L('reg_32')) . '"}');
}
//查询数据库
$row = $this->CsdjDB->get_row('user', 'id', $data, $field);
if ($row) {
exit('{"status":"n","info":"' . get_bm(L('reg_33')) . '"}');
} else {
exit('{"status":"y","info":""}');
}
}
public function account_manage_info()
{
if (isset($_POST['dosubmit'])) {
//更新用户昵称
$nickname = isset($_POST['nickname']) && is_username(trim($_POST['nickname'])) ? trim($_POST['nickname']) : '';
if ($nickname) {
$this->db->update(array('nickname' => $nickname), array('userid' => $this->memberinfo['userid']));
if (!isset($cookietime)) {
$get_cookietime = param::get_cookie('cookietime');
}
$_cookietime = $cookietime ? intval($cookietime) : ($get_cookietime ? $get_cookietime : 0);
$cookietime = $_cookietime ? TIME + $_cookietime : 0;
param::set_cookie('_nickname', $nickname, $cookietime);
}
require_once CACHE_MODEL_PATH . 'member_input.class.php';
require_once CACHE_MODEL_PATH . 'member_update.class.php';
$member_input = new member_input($this->memberinfo['modelid']);
$modelinfo = $member_input->get($_POST['info']);
$this->db->set_model($this->memberinfo['modelid']);
$membermodelinfo = $this->db->get_one(array('userid' => $this->memberinfo['userid']));
if (!empty($membermodelinfo)) {
$this->db->update($modelinfo, array('userid' => $this->memberinfo['userid']));
} else {
$modelinfo['userid'] = $this->memberinfo['userid'];
$this->db->insert($modelinfo);
}
showmessage(L('operation_success'), HTTP_REFERER);
} else {
$memberinfo = $this->memberinfo;
//获取会员模型表单
require CACHE_MODEL_PATH . 'member_form.class.php';
$member_form = new member_form($this->memberinfo['modelid']);
$this->db->set_model($this->memberinfo['modelid']);
$membermodelinfo = $this->db->get_one(array('userid' => $this->memberinfo['userid']));
$forminfos = $forminfos_arr = $member_form->get($membermodelinfo);
//万能字段过滤
foreach ($forminfos as $field => $info) {
if ($info['isomnipotent']) {
unset($forminfos[$field]);
} else {
if ($info['formtype'] == 'omnipotent') {
foreach ($forminfos_arr as $_fm => $_fm_value) {
if ($_fm_value['isomnipotent']) {
$info['form'] = str_replace('{' . $_fm . '}', $_fm_value['form'], $info['form']);
}
}
$forminfos[$field]['form'] = $info['form'];
}
}
}
$formValidator = $member_form->formValidator;
include template('member', 'account_manage_info');
}
}
<?php
/*
四川省扶贫和移民工作局
*/
define('IN_ADMIN', True);
require 'include/common.php';
$do = getGP('do', 'G');
if (check_submit('dosubmit')) {
$errmsg = array();
initGP(array('username', 'password', 'vdcode', 'remember'), 'P');
if (strlen($username) < 3 || strlen($username) > 50) {
$errmsg[] = '用户名长度必须在3-20字节之间。';
} elseif (!is_username($username)) {
$errmsg[] = '用户名中含有非法字符。';
}
if (strlen($password) < 6) {
$errmsg[] = '密码长度不能小于6个字节。';
}
if (get_config('user', 'login_vdcode')) {
session_start();
if (strtolower($vdcode) != $_SESSION['vdcode']) {
$errmsg[] = '验证码不正确。';
}
unset($_SESSION['vdcode']);
}
if (count($errmsg)) {
show_msg($errmsg, 'login.php');
}
$flag = $_USER->login($username, $password, $remember);
if ($flag == 1) {
<?php
!defined('DEBUG') and exit('Access Denied.');
include './xiunophp/image.func.php';
$action = param(1);
$user = user_read($uid);
user_login_check($user);
if (empty($action) || $action == 'profile') {
if ($method == 'GET') {
$header['title'] = '个人中心';
include './flarum/view/my_profile.htm';
} else {
$username = param('username');
$email = param('email');
!is_username($username, $err) and message(1, $err);
!is_email($email, $err) and message(2, $err);
$update = array();
if ($username != $user['username']) {
mb_strlen($username, 'UTF-8') > 32 and message(1, '用户名 最长为 32 个字符。');
$u = user_read_by_username($username);
$u and message(1, '用户名已经存在,更换其它名字试试。');
$update['username'] = $username;
}
if ($email != $user['email']) {
mb_strlen($email, 'UTF-8') > 40 and message(1, 'EMAIL 最长为 40 个字符。');
$u = user_read_by_email($email);
$u and message(2, 'Email 已经存在,更换其它 Email 试试。');
$update['email'] = $email;
}
if ($update) {
$r = user_update($uid, $update);
public function reg_save()
{
//注册开关
if (User_Reg == 0) {
msg_url(L('reg_35'), Web_Path);
}
if (!isset($_SESSION['denglu__id'])) {
msg_url(L('open_09'), spacelink('login'));
}
$token = $this->input->post('token', TRUE);
if ($token != $_SESSION['token']) {
msg_url(L('open_16'), 'javascript:history.back();');
}
$userpass2 = $this->input->post('repassword', TRUE, TRUE);
$userinfo['code'] = random_string('alnum', 6);
$userinfo['name'] = $this->input->post('username', TRUE, TRUE);
$userinfo['pass'] = $this->input->post('userpass', TRUE, TRUE);
$userinfo['nichen'] = $this->input->post('usernichen', TRUE);
$userinfo['email'] = $this->input->post('useremail', TRUE, TRUE);
$userinfo['tel'] = $this->input->post('usertel', TRUE, TRUE);
$userinfo['regip'] = getip();
$userinfo['cion'] = User_Cion_Reg;
$userinfo['jinyan'] = User_Jinyan_Reg;
$userinfo['addtime'] = time();
$userinfo['yid'] = 0;
if ($userinfo['nichen'] == "0") {
$userinfo['nichen'] = '';
}
if (!is_username($userinfo['name'])) {
msg_url(L('reg_04'), 'javascript:history.back();');
}
if (!is_userpass($userinfo['pass'])) {
msg_url(L('reg_05'), 'javascript:history.back();');
}
if ($userinfo['pass'] != $userpass2) {
msg_url(L('reg_34'), 'javascript:history.back();');
}
if (!empty($userinfo['nichen']) && !is_username($userinfo['nichen'], 1)) {
msg_url(L('reg_06'), 'javascript:history.back();');
}
if (!is_email($userinfo['email'])) {
msg_url(L('reg_07'), 'javascript:history.back();');
}
//判断保留用户名
$ymext = explode('|', Home_Ymext);
if (in_array($userinfo['name'], $ymext)) {
msg_url(L('reg_08'), 'javascript:history.back();');
}
//判断同一IP注册时间限制
if (User_RegIP > 0) {
$row = $this->db->query("SELECT addtime FROM " . CS_SqlPrefix . "user where regip='" . $userinfo['regip'] . "' order by id desc")->row();
if ($row && $row->addtime + 3600 * User_RegIP > time()) {
msg_url(L('reg_09'), 'javascript:history.back();');
}
}
//判断用户名是否注册
$username = $this->CsdjDB->get_row('user', 'id', $userinfo['name'], 'name');
if ($username) {
msg_url(L('reg_10'), 'javascript:history.back();');
}
//判断邮箱是否注册
$useremail = $this->CsdjDB->get_row('user', 'id', $userinfo['email'], 'email');
if ($useremail) {
msg_url(L('reg_11'), 'javascript:history.back();');
}
//下面选填字段
$userinfo['qq'] = $this->input->post('userqq', TRUE);
$userinfo['sex'] = intval($this->input->post('usersex', TRUE));
$userinfo['city'] = $this->input->post('usercity', TRUE);
$userinfo['skins'] = Home_Skins;
$userinfo['qianm'] = '';
if (!empty($userinfo['tel'])) {
if (!is_tel($userinfo['tel'])) {
msg_url(L('reg_12'), 'javascript:history.back();');
}
//判断手机号码是否注册
$usertel = $this->CsdjDB->get_row('user', 'id', $userinfo['tel'], 'tel');
if ($usertel) {
msg_url(L('reg_13'), 'javascript:history.back();');
}
}
//判断手机强制验证
if (User_Tel == 1) {
if (empty($userinfo['tel'])) {
msg_url(L('reg_12'), 'javascript:history.back();');
}
$telcode = intval($this->input->post('telcode', TRUE));
if ($telcode == 0 || $telcode != $_SESSION['tel_code']) {
msg_url(L('reg_14'), 'javascript:history.back();');
}
}
//是否需要人工验证
if (User_RegFun == 1) {
$userinfo['yid'] = 1;
$title = L('reg_15');
}
//是否需要邮件验证
if (User_RegEmailFun == 1) {
$userinfo['yid'] = 2;
$title = L('reg_16', array($userinfo['email']));
}
//--------------------------- Ucenter ---------------------------
if (User_Uc_Mode == 1) {
include CSCMS . 'lib/Cs_Ucenter.php';
include CSCMSPATH . 'uc_client/client.php';
$uid = uc_user_register($userinfo['name'], $userinfo['pass'], $userinfo['email']);
if ($uid > 0) {
$userinfo['uid'] = $uid;
}
}
//--------------------------- Ucenter End ---------------------------
//密码加密
$userinfo['pass'] = md5(md5($userinfo['pass']) . $userinfo['code']);
$regid = $this->CsdjDB->get_insert('user', $userinfo);
if (intval($regid) == 0) {
msg_url(L('reg_17'), 'javascript:history.back();');
}
//修改第三方登录UID
$this->db->query("update " . CS_SqlPrefix . "useroauth set uid=" . $regid . " where id=" . $_SESSION['denglu__id'] . "");
//摧毁token
unset($_SESSION['token']);
unset($_SESSION['denglu__id']);
$this->load->model('CsdjEmail');
if (User_RegEmailFun == 1) {
//发送激活邮件
$key = md5($regid . $userinfo['name'] . $userinfo['pass'] . $userinfo['yid']);
$Msgs['username'] = $userinfo['name'];
$Msgs['url'] = userurl(site_url('user/reg/verify')) . "?key=" . $key . "&username="******"user_id", $regid, time() + 86400);
$this->cookie->set_cookie("user_login", $user_login, time() + 86400);
msg_url(L('reg_21'), userurl(site_url('user/space')), 'ok');
} else {
msg_url(L('reg_21') . $title . '~!', userurl(site_url('user/login')), 'ok');
}
}
private function _validate_userinfo(&$data)
{
if (isset($data['username'])) {
$data['username'] = strtolower(trim($data['username']));
if (!is_username($data['username'])) {
return '用户名不合法';
}
}
if (isset($data['email'])) {
$data['email'] = strtolower(trim($data['email']));
if (!$data['email']) {
return 'Email不合法';
}
}
if (isset($data['phone'])) {
$data['phone'] = (int) $data['phone'];
if (!is_phone($data['phone'])) {
return '手机号不合法';
}
}
if (isset($data['password'])) {
if (!is_password($data['password'])) {
return '密码不合法';
}
}
if (isset($data['qq'])) {
$data['qq'] = (int) $data['qq'];
!is_qq($data['qq']) && ($data['qq'] = 0);
}
isset($data['wechat']) && !is_wechat($data['wechat']) && ($data['wechat'] = '');
return true;
}
template_out('message_send.html', $modul_name);
exit;
}
if ($action == "submit_send") {
$username = c_trim($_POST['username']);
$text = html2bb($_POST['text']);
$user_array = explode(",", $_POST['username']);
$subject = c_trim($_POST['subject']);
$pri = intval($_POST['pri']);
if (!$username || !$text || !$subject) {
show_error('ln_message_1', $modul_name);
exit;
}
for ($i = 0; $i < count($user_array); $i++) {
$userid_c = get_userid($user_array[$i]);
if (!is_username($user_array[$i])) {
show_error('ln_users_e_1', $modul_name);
exit;
}
$db->query("INSERT INTO cc" . $n . "_messages (username,fromuserid,touserid,text,time,isnew,inbox,subject,pri) VALUES ('" . $userdata['username'] . "','" . $userdata['userid'] . "','" . $userid_c . "','" . mysql_real_escape_string($text) . "','" . time() . "','1','1','" . mysql_real_escape_string($subject) . "','" . $pri . "')");
}
header("LOCATION: message.php");
exit;
}
if ($action == "lookup") {
$pmid = intval($_GET['pmid']);
$result = $db->query("SELECT * FROM cc" . $n . "_messages WHERE touserid='" . $userdata['userid'] . "' AND pmid='{$pmid}'");
$row = $db->fetch_array($result);
if ($row['pmid'] != $pmid) {
show_error('ln_message_e_notfound', $modul_name);
exit;
public function save()
{
$id = (int) $this->input->get_post('id');
$data['user_name'] = trim($this->input->get_post('user_name'));
//判断名称是否有重复
$item = $this->model->getOne(array('user_name' => $data['user_name']));
if ($item && intval($item->uid) != intval($id)) {
ajax_return(lang('service_user_name_exist'));
}
$data['pid'] = $this->user_info->uid;
//地区
$data['district'] = $this->input->get_post('district');
if (!$id) {
if (!is_username($data['user_name'])) {
ajax_return('账号只允许字母开头,允许5-16字节,允许字母数字下划线');
}
$password = $this->input->get_post('password');
if (!is_password($password)) {
ajax_return('密码只允许6到20个字母、数字字符');
}
$data['password'] = md5($password);
}
$data['gid'] = (int) $this->input->get_post('gid');
$data['email'] = $this->input->get_post('email');
if (!is_email($data['email']) and trim($data['email'])) {
ajax_return('E-mail不是有效的邮箱格式!');
}
$data['nickname'] = htmlspecialchars($this->input->get_post('nickname'));
//保存信息
if ($id > 0) {
$data['token'] = '';
$result = $this->model->update($data, array('uid' => $id));
} else {
$data['regip'] = $this->egetip();
$data['regtime'] = time();
$result = $this->model->add($data);
}
//信息返回操作
if ($result) {
ajax_return(lang('save_success'), 0, '', '/admin/user/index');
} else {
ajax_return(lang('save_failed'));
}
}
$_user['group'] = array_value($grouplist, $_user['gid'], '');
}
include "./admin/view/user_list.htm";
} elseif ($action == 'create') {
if ($method == 'GET') {
$header['title'] = '用户创建';
include "./admin/view/user_create.htm";
} elseif ($method == 'POST') {
$mobile = param('mobile');
$email = param('email');
$username = param('username');
$password = param('password');
$gid = param('gid');
$mobile and !is_mobile($mobile, $err) and message(1, $err);
$email and !is_email($email, $err) and message(2, $err);
$username and !is_username($username, $err) and message(3, $err);
// !is_password($password, $err) AND message(4, $err);
if ($mobile) {
$user = user_read_by_mobile($mobile);
$user and message(1, '用户手机已经存在');
}
$user = user_read_by_email($email);
$user and message(2, '用户 EMAIL 已经存在');
$user = user_read_by_username($username);
$user and message(3, '用户已经存在');
$salt = mt_rand(10000000, 9999999999);
$state = user_create(array('username' => $username, 'password' => md5($password . $salt), 'salt' => $salt, 'gid' => $gid, 'email' => $email, 'mobile' => $mobile, 'create_ip' => ip2long(ip()), 'create_date' => $time));
$state !== FALSE ? message(0, '创建成功') : message(11, '创建失败');
}
} elseif ($action == 'update') {
$uid = param(2, 0);
public function update_action()
{
if (!$this->input->is_ajax_request()) {
show_404();
}
$uid = (int) $this->input->post('uid');
$e = $this->input->post('email', true);
$u = $this->input->post('username', true);
$u = trim($u);
$e = strtolower(trim($e));
if (!is_email($e)) {
JSON('error', '对不起,请填写用个可以的电子邮件!');
}
if ($this->user_model->get_info(array('uid !=' => $uid, 'email' => $e))) {
JSON('error', '该电子邮件已在存,请换一个!');
}
if (!is_username($u)) {
JSON('error', '用户姓名可以由汉字、字母或数字组成,长度不保持 4-16 个字符!');
}
if ($this->user_model->get_info(array('uid !=' => $uid, 'username' => $u))) {
JSON('error', '该用户名称已存在,请换一个!');
}
$p = $this->input->post('password', true);
$r = $this->input->post('repassword', true);
$p = strtolower(trim($p));
$r = strtolower(trim($r));
if ($p !== '') {
if (!is_password($p)) {
JSON('error', '密码必须由字母、数字和下划线组成,长度保持 6-16 个字符!');
}
if ($p !== $r) {
JSON('error', '两次输入的密码不一致,请重新确认密码!');
}
$this->load->library('phpass');
$data['password'] = $this->phpass->HashPassword($p);
}
$data['email'] = $e;
$data['username'] = $u;
$data['intro'] = $this->input->post('intro', true);
$data['state'] = (int) $this->input->post('state');
$this->db->update('user', $data, array('uid' => $uid));
unset($data);
if ($this->db->affected_rows()) {
JSON('success', '恭喜,用户 ' . $u . ' 更新成功!');
} else {
JSON('error', '对不起,用户没有更新或更新失败!');
}
}