function is_vdvalue($validate) { if ($validate != strtolower(GetCkVdValue())) { ResetVdValue(); return false; } return true; }
$dsql->Execute(); while ($row = $dsql->GetArray()) { $friends[] = $row; } $row = $dsql->GetOne("SELECT * FROM `#@__member_pms` WHERE id='{$id}' AND (fromid='{$cfg_ml->M_ID}' OR toid='{$cfg_ml->M_ID}')"); if (!is_array($row)) { ShowMsg('对不起,你指定的消息不存在或你没权限查看!', '-1'); exit; } $dsql->ExecuteNoneQuery("UPDATE `#@__member_pms` SET hasview=1 WHERE id='{$id}' AND folder='inbox' AND toid='{$cfg_ml->M_ID}'"); $dsql->ExecuteNoneQuery("UPDATE `#@__member_pms` SET hasview=1 WHERE folder='outbox' AND toid='{$cfg_ml->M_ID}'"); include_once dirname(__FILE__) . '/templets/pm-read.htm'; exit; } else { if ($dopost == 'savesend') { $svali = GetCkVdValue(); if (preg_match("/5/", $safe_gdopen)) { if (strtolower($vdcode) != $svali || $svali == '') { ResetVdValue(); ShowMsg('验证码错误!', '-1'); exit; } } $faqkey = isset($faqkey) && is_numeric($faqkey) ? $faqkey : 0; if ($safe_faq_msg == 1) { if ($safefaqs[$faqkey]['answer'] != $safeanswer || $safeanswer == '') { ShowMsg('验证问题答案错误', '-1'); exit; } } if ($subject == '') {
$page = empty($page) ? 1 : intval($page); $pagesize = 10; /*---------------------- 获得指定页的评论内容 function getlist(){ } ----------------------*/ if ($dopost == 'getlist') { $totalcount = GetList($page); GetPageList($pagesize, $totalcount); exit; } else { if ($dopost == 'send') { require_once DEDEINC . '/charset.func.php'; //检查验证码 if ($cfg_feedback_ck == 'Y') { $svali = strtolower(trim(GetCkVdValue())); if (strtolower($validate) != $svali || $svali == '') { ResetVdValue(); echo '<font color="red">验证码错误,请点击验证码图片更新验证码!</font>'; exit; } } $arcRow = GetOneArchive($aid); if (empty($arcRow['aid'])) { echo '<font color="red">无法查看未知文档的评论!</font>'; exit; } if (isset($arcRow['notpost']) && $arcRow['notpost'] == 1) { echo '<font color="red">这篇文档禁止评论!</font>'; exit; }
<?php require_once dirname(__FILE__) . '/include/config.inc.php'; //留言内容处理 if (isset($action) and $action == 'add') { if (empty($nickname) or empty($content) or empty($validate)) { header('location:message.php'); exit; } //检测数据正确性 if (strtolower($validate) != strtolower(GetCkVdValue())) { ResetVdValue(); ShowMsg('验证码不正确!', '?c=login'); exit; } else { $r = $dosql->GetOne("SELECT Max(orderid) AS orderid FROM `#@__message`"); $orderid = empty($r['orderid']) ? 1 : $r['orderid'] + 1; $nickname = htmlspecialchars($nickname); $contact = htmlspecialchars($contact); $content = htmlspecialchars($content); $posttime = GetMkTime(time()); $ip = gethostbyname($_SERVER['REMOTE_ADDR']); $sql = "INSERT INTO `#@__message` (siteid, nickname, contact, content, orderid, posttime, htop, rtop, checkinfo, ip) VALUES (1, '{$nickname}', '{$contact}', '{$content}', '{$orderid}', '{$posttime}', '', '', 'false', '{$ip}')"; if ($dosql->ExecNoneQuery($sql)) { ShowMsg('留言成功,感谢您的支持!', 'message.php'); exit; } } } //验证码获取函数 function GetCkVdValue()
} foreach ($ticketinfo as $k => $v) { $pv->Fields[$k] = $v; } $pkname = get_par_value($info['kindlist'], $typeid); //上一级 //获取上级开启了导航的目的地 getTopNavDest($info['kindlist']); $pv->SetTemplet(SLINETEMPLATE . "/" . $cfg_df_style . "/" . "spots/" . "spot_booking.htm"); $pv->Display(); exit; } else { if ($dopost == "savebooking") { //验证验证码 $checkcode = $_POST['checkcode']; $orgCheckcode = GetCkVdValue(); if ($checkcode != $orgCheckcode || empty($checkcode)) { echo 'nocheckcode'; return; } $_SESSION['total_value'] = ''; $needjifen = $usejifen ? Helper_Archive::getNeedJifen($jifentprice) : 0; $userinfo = $User->getInfoByMid($User->uid); //获取用户信息 //这里再次判断用户积分是否满足条件. if ($userinfo['jifen'] < $needjifen) { $usejifen = 0; $needjifen = 0; } $ordersn = get_order_sn('05'); //订单号
if ($a == 'logout') { setcookie('username', '', time() - 3600); setcookie('userid', '', time() - 3600); setcookie('lastlogintime', '', time() - 3600); setcookie('lastloginip', '', time() - 3600); header('location:?c=login'); exit; } else { if ($a == 'findpwd2') { if (!isset($_POST['username'])) { header('location:?c=findpwd'); exit; } //检测验证码 $validate = empty($validate) ? '' : strtolower($validate); if ($validate == '' || $validate != strtolower(GetCkVdValue())) { ResetVdValue(); ShowMsg('验证码不正确!', '?c=findpwd'); exit; } else { $r = $dosql->GetOne("SELECT `id` FROM `#@__member` WHERE `username`='{$username}'"); if (!isset($r['id'])) { ShowMsg('请输入正确的账号信息!', '?c=findpwd'); exit; } } } else { if ($a == 'quesfind') { if (!isset($_POST['uname'])) { header('location:?c=findpwd'); exit;
include 'templets/login_ad.htm'; exit; } //检测后台目录是否更名 $cururl = GetCurUrl(); if (preg_match('/dede\\/login/i', $cururl)) { $redmsg = '<div class=\'safe-tips\'>您的管理目录的名称中包含默认名称dede,建议在FTP里把它修改为其它名称,那样会更安全!</div>'; } else { $redmsg = ''; } //登录检测 $admindirs = explode('/', str_replace("\\", '/', dirname(__FILE__))); $admindir = $admindirs[count($admindirs) - 1]; if ($dopost == 'login') { $validate = empty($validate) ? '' : strtolower(trim($validate)); $svali = strtolower(GetCkVdValue()); if (($validate == '' || $validate != $svali) && preg_match("/6/", $safe_gdopen)) { ResetVdValue(); ShowMsg('验证码不正确!', 'login.php', 0, 1000); exit; } else { $cuserLogin = new userLogin($admindir); if (!empty($userid) && !empty($pwd)) { $res = $cuserLogin->checkUser($userid, $pwd); //success if ($res == 1) { $cuserLogin->keepUser(); if (!empty($gotopage)) { ShowMsg('成功登录,正在转向管理管理主页!', $gotopage); exit; } else {
function ac_edit_save() { $data['askaid'] = request('askaid', ''); $data['askaid'] = is_numeric($data['askaid']) ? $data['askaid'] : 0; $data['title'] = request('title', ''); $data['content'] = request('content', ''); $data['faqkey'] = request('faqkey', ''); $data['vdcode'] = request('vdcode', ''); $data['safeanswer'] = request('safeanswer', ''); //获取问题的基本信息 $question = $this->question->get_one("id='{$data['askaid']}'"); //对问题进行判断 if ($question['uid'] != $this->cfg_ml->M_ID && $this->cfg_ml->isAdmin != 1) { ShowMsg('非法操作,请返回', '-1'); exit; } else { if ($question['expiredtime'] < $GLOBALS['cfg_ask_timestamp'] && $this->cfg_ml->isAdmin != 1) { ShowMsg('问题已经过期', '-1'); exit; } else { if ($question['status'] == 1 && $this->cfg_ml->isAdmin != 1) { ShowMsg('问题已经解决,不能被修改!', '-1'); exit; } } } //检查问题名称 if ($data['title'] == '') { ShowMsg('问题名称不能为空'); exit; } else { if (strlen($data['title']) > 80) { ShowMsg('问题不能大于80字节'); exit; } else { if (strlen($data['title']) < 8) { ShowMsg('问题不能小于8字节'); exit; } } } //检查问题内容 if (empty($data['content'])) { ShowMsg('问题说明内容不能为空!'); exit; } //检查验证码 if (preg_match("#7#", $GLOBALS['safe_gdopen'])) { $svali = GetCkVdValue(); if (strtolower($data['vdcode']) != $svali || $svali == '') { ResetVdValue(); ShowMsg('验证码错误!', '-1'); exit; } } //检查验证问题 $faqkey = isset($data['faqkey']) && is_numeric($data['faqkey']) ? $data['faqkey'] : 0; if ($GLOBALS['gdfaq_ask'] == 'Y') { global $safefaqs; if ($safefaqs[$faqkey]['answer'] != $data['safeanswer'] || $data['safeanswer'] == '') { ShowMsg('验证问题答案错误', '-1'); exit; } } $data['title'] = preg_replace("#{$GLOBALS['cfg_replacestr']}#", "***", HtmlReplace($data['title'], 1)); $data['content'] = preg_replace("#{$GLOBALS['cfg_replacestr']}#", "***", HtmlReplace($data['content'], -1)); //保存修改问题 $set = "title = '{$data['title']}',content = '{$data['content']}'"; $wheresql = "id ='{$data['askaid']}'"; $rs = $this->question->update_ask($set, $wheresql); if ($rs) { //保存附加信息 if ($addition == 1) { $this->question->update_additions($addi, $data['askaid']); } clearmyaddon($data['askaid'], $data['title']); ShowMsg("编辑成功!", "?ct=question&askaid=" . $data['askaid']); exit; } else { ShowMsg("编辑失败!", "?ct=question&askaid=" . $data['askaid']); exit; } }
else if (thiscode=='') { alert('请输入验证码!'); return false; } else return true; } </SCRIPT> <META content="MSHTML 6.00.2900.5583" name=GENERATOR></HEAD> <BODY leftMargin=0 topMargin=0 onload=document.form1.username.focus() MARGINHEIGHT="0" MARGINWIDTH="0"> <?php require_once dirname(__FILE__) . "/include/config_rglobals.php"; require_once dirname(__FILE__) . "/include/config_base.php"; if ($action == 'login') { if (GetCkVdValue() == $code) { //登陆处理 $username = eregi_replace("['\"\$ \r\n\t;<>\\*%\\?]", '', $username); $loginip = getip(); $logindate = getdatetimemk(time()); $lsql = new Dedesql(false); $sql = str_replace('#@__', $cfg_dbprefix, "select * from #@__boss where boss='{$username}' and password='******'"); $lsql->SetQuery($sql); $lsql->Execute(); $rowcount = $lsql->GetTotalRow(); if ($rowcount == 0) { $message = '用户或密码错误被系统拒绝登陆!'; WriteNote($message, $logindate, $loginip, $username); showmsg($message, -1); } else { //可以正常登陆,写登陆数据
function validateEmail() { global $dsql, $email, $emailcode, $checkcode, $password, $repassword; $isregcode = Helper_Archive::getEmailMsgConfig('reg_msgcode'); $isregcode = $isregcode['isopen']; if ($isregcode == 1 && (empty($emailcode) || $_SESSION['emailcode_' . md5($email)] != $emailcode)) { return '验证码错误'; } else { if ($isregcode != 1 && (empty($checkcode) || strtolower(GetCkVdValue()) != strtolower($checkcode))) { return '验证码错误'; } } $row = $dsql->GetOne("select count(*) as num from #@__member where email='{$email}'"); if ($row['num'] > 0) { return '该邮箱已经被注册'; } $pattern = "/([a-z0-9]*[-_\\.]?[a-z0-9]+)*@([a-z0-9]*[-_]?[a-z0-9]+)+[\\.][a-z]{2,3}([\\.][a-z]{2})?/i"; if (!preg_match($pattern, $email)) { return '邮箱格式错误'; } if (strlen($password) < 6) { return '密码长度不得小于6位'; } if ($password != $repassword) { return '密码确认错误'; } return true; }
$leaveArr['title'] = strip_tags(trim($_POST['title'])); $leaveArr['content'] = strip_tags(trim($_POST['content'])); $leaveArr['webid'] = $GLOBALS['sys_child_webid']; $leaveArr['phone'] = strip_tags(trim($_POST['phone'])); $leaveArr['email'] = strip_tags(trim($_POST['email'])); $leaveArr['qq'] = strip_tags(trim($_POST['qq'])); $leaveArr['weixin'] = strip_tags(trim($_POST['weixin'])); $leaveArr['addtime'] = time(); $leaveArr['nickname'] = $_POST['ishidename'] == 1 ? '匿名' : strip_tags($_POST['leavename']); $leaveArr['nickname'] = empty($leaveArr['nickname']) ? '匿名' : $leaveArr['nickname']; $leaveArr['ip'] = GetIP(); $leaveArr['questype'] = 1; if ($User->IsLogin()) { $leaveArr['memberid'] = $User->uid; } $checkcode = GetCkVdValue(); try { if ($checkcode != $_POST['checkcode']) { throw new Exception('验证码错误'); } $_SESSION['total_value'] = ''; if (empty($leaveArr['title'])) { throw new Exception('标题不能为空'); } if (empty($leaveArr['content'])) { throw new Exception('内容不能为空'); } if (empty($leaveArr['qq']) && empty($leaveArr['phone']) && empty($leaveArr['email']) && empty($leaveArr['weixin'])) { throw new Exception('请至少填写一种联系方式'); } $model = new CommonModule('sline_question');
<?php require_once dirname(__FILE__) . "/../include/common.inc.php"; if ($dopost == 'checkcode') { $checkc = strtolower(GetCkVdValue()); if ($checkc == strtolower($checkcode)) { echo 'ok'; } else { echo 'no'; } exit; } $checkc = strtolower(GetCkVdValue()); if ($checkc != strtolower($checkcode)) { Helper_Archive::showMsg("验证码错误", -1, 0, 3); } if (empty($articleid) || empty($content) || empty($typeid)) { Helper_Archive::showMsg("评论错误", -1, 0, 3); } $pid = empty($pid) ? 0 : $pid; $dockid = empty($dockid) ? 0 : $dockid; $memberid = $niming == 1 ? 0 : $User->uid; $addtime = time(); $content = htmlspecialchars($content); if (!get_magic_quotes_gpc()) { $content = addslashes($content); } switch ($typeid) { case 1: $table = '#@__line'; $urlpath = 'lines';
echo $status; } //检测手机短信验证码 if ($action == 'checkmsgcode') { @session_start(); $status = 0; $msgcode = $_SESSION['msgcode']; if ($code == $msgcode) { $status = 1; } echo json_encode(array('status' => $status)); } //检测一般验证码 if ($action == 'checktxtcode') { $status = 0; $txtcode = GetCkVdValue(); if ($code == $txtcode) { $status = 1; } echo json_encode(array('status' => $status)); } //结伴信息保存 if ($action == 'savejieban') { @session_start(); $status = 1; if (!isset($_COOKIE['u_mobile']) && !isset($_COOKIE['u_nickname'])) { exit; } if ($User->IsLogin()) { $memberid = $User->uid; } else {
require_once dirname(__FILE__) . "/config.php"; /** * @desc 找回密码 * @author netman */ $step = !empty($step) ? $step : 1; $pv = new View(0); //找回密码第一步 if ($step == 1) { $pv->SetTemplet(MEMBERTEMPLET . "findpass1.htm"); $pv->Display(); exit; } //找回密码第二步 if ($step == 2) { $scode = GetCkVdValue(); //验证码检测 if (strtolower($scode) != strtolower($checkcode)) { ShowMsg('验证码错误', '-1', 1); } //用户名检测 $arr = checkUname($loginname); $isPhone = strpos($loginname, '@') === false ? true : false; $msgInfo = Helper_Archive::getDefineMsgInfo2('reg_findpwd'); if (!empty($arr)) { //短信找回密码是否开启 if ($msgInfo['isopen'] == 1 && $isPhone) { $findtype = '手机找回'; //$code = getRandCode(5);//验证码 //$content = "尊敬的会员,请您在{$GLOBALS['cfg_webname']}中输入以下验证码:{$code},完成密码找回验证."; //Helper_Archive::sendMsg($loginname,'',$content);