$questionid[86] = "您母亲的姓名叫什么?";
$questionid[87] = "您母亲的生日是哪一天?";
$questionid[88] = "您父亲的生日是哪一天?";
session_start();
$registercheck = 0;
$registersuccesslogin = 0;
$registererrid = 0;
//1注册码错误,2用户名重复,3邮件格式错误,4输入错误,用户名包含非法字符
if (check_data("letters_code") && md5(strtolower($_POST["letters_code"])) == $_SESSION['letters_code']) {
//验证码正确才能继续搞啊
if (check_data("username") && check_data("password") && check_data("emailAddress") && check_data("question1") && check_data("answer1") && $_POST['rePassword'] === $_POST['password']) {
//要有数据啊
if (checkzhongwenzimushuzixiahuaxian($_POST["username"]) && checkquestionvalue($_POST['question1']) && valid_email($_POST["emailAddress"])) {
$user = db_iconv("username", 'post', true, true);
$unmd5password = db_iconv("password", 'post', false);
$unmd5password = getunencryptpass($unmd5password);
if (strlen($unmd5password) < 8 || strlen($unmd5password) > 16) {
$error_html_code = 7;
} else {
$password = md5($unmd5password);
$emailadd = db_iconv("emailAddress");
$question1 = db_iconv("question1");
$answer1 = db_iconv("answer1");
$user_email_checkid = randstr();
$date = date('Y-m-d H:i:s');
$emailfind = randstr();
$mailresettoken = randstr();
$cookievalue = randstr();
$userip = getIP();
$lowright = @$_POST['lowright'];
if (checkpostusername($user)) {
<?php
defined("ZHANGXUAN") or die("no hacker.");
$resetpsdpostdataerror = -1;
//1:隐藏数据用户ID和令牌错误,2邮箱错误,3两个密码不同,4用户不存在,5令牌失效
if ($resetmod == 2) {
if (ctype_digit($_POST["user_id"]) && checkcode($_POST['user_token'])) {
$emailadd = db_iconv('oldPassword');
if (valid_email($emailadd)) {
$userid = $_POST["user_id"];
$usertoken = $_POST['user_token'];
$passwordA = db_iconv('newPassword');
$passwordB = db_iconv('newPasswordVerify');
if ($passwordA == $passwordB) {
$unmd5newpassword = getunencryptpass($passwordA);
$newpassword = md5($unmd5newpassword);
$sql = "SELECT * FROM `users` WHERE `user_id`='{$userid}'";
$row = queryRow($sql);
if ($row) {
$username = $row['user_name'];
if ($usertoken == $row['user_psd_reset_token'] && $row['user_psd_reset_token_used'] == 0) {
$newtoken = randstr();
$sql = "UPDATE `users` SET `user_pass`='{$newpassword}',`user_psd_reset_token`='{$newtoken}',`user_psd_reset_token_used`=1 WHERE `user_id`='{$userid}'";
update($sql);
if (isset($_COOKIE['loginname']) && isset($_COOKIE['loginid']) && $_COOKIE['loginname'] != "" && $_COOKIE['loginid'] != "") {
$usertmp = mysqli_real_escape_string($dbconnect, htmlspecialchars($_COOKIE['loginname']));
$cookievalue = mysqli_real_escape_string($dbconnect, htmlspecialchars($_COOKIE['loginid'], ENT_QUOTES));
$sql = "DELETE FROM `cookiedata` WHERE `user_name`='{$usertmp}' AND `user_cookie` ='{$cookievalue}'";
delete($sql);
}
if (isset($_SESSION['loginuser']) && $_SESSION['loginuser'] != "") {
function check_post_password($encryptpassword, $username)
{
$decodedpassword = getunencryptpass($encryptpassword);
$unixtime = substr($decodedpassword, strlen($decodedpassword) - 10);
if (check_vaild_post_unixtime($unixtime, $username) == false) {
return false;
}
$sql = "SELECT * FROM `users` where `user_name`='{$username}'";
$row = queryRow($sql);
$md5password = $row['user_pass'];
$data1 = $md5password . RSA_SALT . $unixtime;
$data2 = md5($data1) . $unixtime;
if ($data2 === $decodedpassword) {
return true;
}
return false;
}
