<?php
//fix
defined("ZHANGXUAN") or die("no hacker.");
@session_start();
$pwdfinderrorid = -1;
//1验证码错误,2用户不存在4输入错误,3信息与数据库中的不一样,5用户名存在非法字符,用户名仅允许使用中文、数字、字母、下划线,6发送邮件失败
if (check_data('letters_code') && md5(strtolower($_POST["letters_code"])) == $_SESSION['letters_code']) {
//验证码正确才能继续搞啊
if (check_data('firstName') && check_data('email') && check_data('question1') && check_data('answer1')) {
//要有数据啊
if (checkzhongwenzimushuzixiahuaxian($_POST["firstName"]) && checkquestionvalue($_POST['question1']) && valid_email($_POST["email"])) {
$user = db_iconv("firstName", 'post', true, true);
$emailadd = db_iconv("email");
$question1 = db_iconv("question1");
$answer1 = db_iconv("answer1");
$emailfind = randstr();
$sql = "SELECT * FROM `users` WHERE `user_name`='{$user}'";
$rowuserdata = queryRow($sql);
if ($rowuserdata) {
if ($rowuserdata['user_email'] == $emailadd && $rowuserdata['user_question'] == $question1 && $rowuserdata['user_answer'] == $answer1) {
$userid = $rowuserdata['user_id'];
$sql = "UPDATE `users` SET `user_email_find_code`='{$emailfind}',`user_email_find_mode`='1' WHERE `user_id`='{$userid}'";
update($sql);
$findurl = SITEHOST . "findpwdmail.php?userid={$userid}&pwdcheckid={$emailfind}";
$mailtxt = "本邮件为系统自动发送,您正在申请重置您账号的密码<br><br>" . "您的用户名为:{$user}<br><br>" . "您的用户ID为:{$userid}<br><br>" . "您的邮箱地址为:{$emailadd}<br><br>" . "您还需要最后一步,点击以下链接,前往密码重置页面重置您的密码。<br><br>" . "<a href='{$findurl}' target='_blank'>{$findurl}</a><br><br>" . "如果这不是您操作的,请忽略本邮件,绝对不要点击以上链接。<br><br>" . "本邮件为自动发送,请不要回复,因为没人会看的。<br><br>" . "竹井詩織里<br><br>" . date('Y-m-d');
$pwdfinderrorid = send_mail('战网安全令在线版重置密码链接邮件', $mailtxt, $emailadd, 0, 6);
} else {
$pwdfinderrorid = 3;
}
} else {
$questionid[83] = "您就读的第一所小学名称是?";
$questionid[84] = "您的初恋情人叫什么名字?";
$questionid[85] = "您驾照的末四位是什么?";
$questionid[86] = "您母亲的姓名叫什么?";
$questionid[87] = "您母亲的生日是哪一天?";
$questionid[88] = "您父亲的生日是哪一天?";
session_start();
$registercheck = 0;
$registersuccesslogin = 0;
$registererrid = 0;
//1注册码错误,2用户名重复,3邮件格式错误,4输入错误,用户名包含非法字符
if (check_data("letters_code") && md5(strtolower($_POST["letters_code"])) == $_SESSION['letters_code']) {
//验证码正确才能继续搞啊
if (check_data("username") && check_data("password") && check_data("emailAddress") && check_data("question1") && check_data("answer1") && $_POST['rePassword'] === $_POST['password']) {
//要有数据啊
if (checkzhongwenzimushuzixiahuaxian($_POST["username"]) && checkquestionvalue($_POST['question1']) && valid_email($_POST["emailAddress"])) {
$user = db_iconv("username", 'post', true, true);
$unmd5password = db_iconv("password", 'post', false);
$unmd5password = getunencryptpass($unmd5password);
if (strlen($unmd5password) < 8 || strlen($unmd5password) > 16) {
$error_html_code = 7;
} else {
$password = md5($unmd5password);
$emailadd = db_iconv("emailAddress");
$question1 = db_iconv("question1");
$answer1 = db_iconv("answer1");
$user_email_checkid = randstr();
$date = date('Y-m-d H:i:s');
$emailfind = randstr();
$mailresettoken = randstr();
$cookievalue = randstr();
