private function install()
{
global $db_config;
if (is_array($db_config)) {
redirect("/");
}
$param['writable'] = file_put_contents(APP . 'writable.tmp', 'test');
if (isset($_POST['db_type'])) {
$db_type = $_POST['db_type'] == 'sqlite' ? 'sqlite' : 'mysql';
$_POST['default_db'] = $db_type == 'sqlite' ? rand(100000, 999999) . '.sqlite' : $_POST['default_db'];
// $cname = 'db_'.$db_type;
$db = new db($_POST);
$sql = file_get_contents(APP . $db_type . '_ins.sql');
$db->muti_query($sql);
$base_dir = rtrim($_POST['base_dir'], '/') . '/';
$seed = randstr();
file_put_contents(APP . 'config_user.php', '<?
define(\'BASE\',\'?/\');
define(\'SEED\',\'' . $seed . '\');
$db_config = array(
\'host\' =>\'' . $_POST['host'] . '\',
\'user\' =>\'' . $_POST['user'] . '\',
\'password\' =>\'' . $_POST['password'] . '\',
\'db_type\' =>\'' . $_POST['db_type'] . '\',
\'default_db\'=>\'' . $_POST['default_db'] . '\'
);');
redirect($_POST['base_dir'], '安装成功', '用户名 admin@b24.cn 密码 admin', '8');
} else {
header("Content-type: text/html; charset=utf-8");
$base = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']);
view("v/home/install", $param);
}
}
function getFilePath($currUpload)
{
global $timestamp;
$prename = substr(md5($timestamp . $currUpload['id'] . randstr(8)), 10, 15);
$filename = $this->forum->fid . "_{$this->uid}_{$prename}." . preg_replace('/(php|asp|jsp|cgi|fcgi|exe|pl|phtml|dll|asa|com|scr|inf)/i', "scp_\\1", $currUpload['ext']);
$savedir = $this->getSaveDir($currUpload['ext']);
return array($filename, $savedir);
}
function getFilePath($currUpload)
{
global $timestamp;
$prename = substr(md5($timestamp . $currUpload['id'] . randstr(8)), 10, 15);
$filename = $this->uid . "_{$this->key}." . $currUpload['ext'];
$savedir = 'certificate/' . str_pad(substr($this->uid, -2), 2, '0', STR_PAD_LEFT) . '/';
return array($filename, $savedir);
}
function user_register($username, $password, $member_type = 0, $email, $uc_reg = true)
{
global $db, $timestamp, $_CFG, $online_ip, $QS_pwdhash;
$member_type = intval($member_type);
$ck_username = get_user_inusername($username);
$ck_email = get_user_inemail($email);
if ($member_type == 0) {
return -1;
} elseif (!empty($ck_username)) {
return -2;
} elseif (!empty($ck_email)) {
return -3;
}
$pwd_hash = randstr();
$password_hash = md5(md5($password) . $pwd_hash . $QS_pwdhash);
$setsqlarr['username'] = $username;
$setsqlarr['password'] = $password_hash;
$setsqlarr['pwd_hash'] = $pwd_hash;
$setsqlarr['email'] = $email;
$setsqlarr['utype'] = intval($member_type);
$setsqlarr['reg_time'] = $timestamp;
$setsqlarr['reg_ip'] = $online_ip;
$insert_id = inserttable(table('members'), $setsqlarr, true);
if ($member_type == "1") {
if (!$db->query("INSERT INTO " . table('members_points') . " (uid) VALUES ('{$insert_id}')")) {
return false;
}
if (!$db->query("INSERT INTO " . table('members_setmeal') . " (uid) VALUES ('{$insert_id}')")) {
return false;
}
$points = get_cache('points_rule');
include_once QISHI_ROOT_PATH . 'include/fun_company.php';
set_consultant($insert_id);
if ($points['reg_points']['value'] > 0) {
report_deal($insert_id, $points['reg_points']['type'], $points['reg_points']['value']);
$operator = $points['reg_points']['type'] == "1" ? "+" : "-";
write_memberslog($insert_id, 1, 9001, $username, "新注册会员,({$operator}{$points['reg_points']['value']}),(剩余:{$points['reg_points']['value']})", 1, 1010, "注册会员系统自动赠送积分", "{$operator}{$points['reg_points']['value']}", "{$points['reg_points']['value']}");
//积分变更记录
write_setmeallog($insert_id, $username, "注册会员系统自动赠送:({$operator}{$points['reg_points']['value']}),(剩余:{$points['reg_points']['value']})", 1, '0.00', '1', 1, 1);
}
if ($_CFG['reg_service'] > 0) {
set_members_setmeal($insert_id, $_CFG['reg_service']);
$setmeal = get_setmeal_one($_CFG['reg_service']);
write_memberslog($insert_id, 1, 9002, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}", 2, 1011, "开通服务(系统赠送)", "-", "-");
//套餐变更记录
write_setmeallog($insert_id, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}", 1, '0.00', '1', 2, 1);
}
}
if (defined('UC_API') && $uc_reg) {
include_once QISHI_ROOT_PATH . 'uc_client/client.php';
$uc_reg_uid = uc_user_register($username, $password, $email);
}
write_memberslog($insert_id, $member_type, 1000, $username, "注册成为会员");
return $insert_id;
}
function threads_create($threads, $copy_files, $create_files, $run_files, $implode_files = array())
{
$cfs = array();
foreach ($create_files as $fname => $content) {
if (!is_array($content)) {
$content = file2array($fname);
} else {
}
$cfs[$fname] = array_rand_slice($content, $threads);
}
$bat = "#!/bin/bash\n";
$tdir = 'threads-' . randstr(5);
mkdir($tdir);
chdir($tdir);
for ($i = 0; $i < $threads; $i++) {
$dir = 'thread' . $i;
mkdir($dir);
$bat .= $i ? "cd ../{$dir}\n" : "cd {$dir}\n";
foreach ($copy_files as $fname_from => $fname) {
if (!is_string($fname_from)) {
$fname_from = $fname;
}
copy('../' . $fname_from, $dir . '/' . $fname);
}
foreach (array_keys($cfs) as $fname) {
file_put_contents($dir . '/' . $fname, str_replace("\n\n", "\n", implode("\n", $cfs[$fname][$i])));
}
foreach ($run_files as $fname => $params) {
$bat .= "php {$fname} {$params} & \n";
}
}
file_put_contents('run.sh', $bat);
chmod('run.sh', 0777);
/* exec('./run.sh');
unlink('run.sh');
foreach( $implode_files as $if ) {
$contents = array();
for( $i = 0; $i < $threads; $i++ ) {
$contents []= trim( file_get_contents( 'thread' . $i . "/" . $if ) );
}
file_put_contents( "../$if", implode( "\n", $contents ), FILE_APPEND );
}
for( $i = 0; $i < $threads; $i++ ) {
$dir = 'thread' . $i;
foreach( array_merge( array_keys( $cfs ), array_keys( $copy_files ) ) as $fname )
unlink( $dir . '/' . $fname );
rmdir( $dir );
}
rmdir( $tdir );*/
}
function jokei_txt()
{
$str = curl_get('http://jokei.aliapp.com/m/api.php?key=hu60&act=txt');
$str = json_decode($str, true);
if (!$str) {
return randstr();
}
$txt = str_replace('[br]', "\r\n", $str['txt']);
$title = $str['title'];
$str = '《' . $title . '》' . $txt;
return $str;
}
/**
* 创建用户
* @param $obj
* @return array|bool|null
*/
function create_member($obj)
{
require ROOT . "data/config.php";
require ROOT . "include/fun_user.php";
$pwd_hash = randstr();
$name_rand = randusername();
$password_hash = md5(md5($pwd_hash) . $pwd_hash . $QS_pwdhash);
$setsqlarr['username'] = strtolower("em_" . $name_rand);
$setsqlarr['password'] = $password_hash;
$setsqlarr['pwd_hash'] = $pwd_hash;
$new = \ORM::for_table(table('members'))->create();
$new->utype = 2;
$new->username = $setsqlarr['username'];
$new->email = $obj["email"];
$new->email_audit = 0;
$new->mobile = str_replace("086-", "", $obj["telephone"]);
$new->mobile_audit = 0;
$new->password = $setsqlarr['password'];
$new->pwd_hash = $setsqlarr['pwd_hash'];
$new->reg_time = time();
$new->reg_ip = '';
$new->last_login_time = 0;
$new->last_login_ip = '';
$new->qq_openid = '';
$new->sina_access_token = '';
$new->taobao_access_token = '';
$new->qq_nick = '';
$new->sina_nick = '';
$new->taobao_nick = '';
$new->weixin_nick = '';
$new->qq_binding_time = 0;
$new->sina_binding_time = 0;
$new->taobao_binding_time = 0;
$new->status = 1;
$new->avatars = '';
$new->robot = 0;
$new->consultant = 0;
$new->weixin_openid = '';
$new->bindingtime = 0;
$new->remind_email_time = 0;
$new->imei = '';
$new->sms_num = 0;
$new->reg_type = 1;
$new->status = 0;
$rs = $new->save();
if ($rs) {
return $new->id;
}
return false;
}
function getFilePath($currUpload)
{
global $timestamp, $o_mkdir;
$prename = randstr(4) . $timestamp . substr(md5($timestamp . $currUpload['id'] . randstr(8)), 10, 15);
if ($this->tid) {
$filename = $this->tid . '_' . $currUpload['id'] . "_{$prename}." . $currUpload['ext'];
} else {
$filename = $this->actmid . "_ajax" . "_{$prename}." . $currUpload['ext'];
}
$savedir = 'activity/' . $this->actmid . '/';
if (!in_array($currUpload['attname'], array('act'))) {
$savedir = '';
}
return array($filename, $savedir);
}
function getFilePath($currUpload)
{
global $timestamp, $o_mkdir;
$prename = randstr(4) . $timestamp . substr(md5($timestamp . $currUpload['id'] . randstr(8)), 10, 15);
$filename = $this->aid . "_{$prename}." . $currUpload['ext'];
$savedir = 'photo/';
if ($o_mkdir == '2') {
$savedir .= 'Day_' . date('ymd') . '/';
} elseif ($o_mkdir == '3') {
$savedir .= 'Cyid_' . $this->aid . '/';
} else {
$savedir .= 'Mon_' . date('ym') . '/';
}
return array($filename, $savedir);
}
function getFilePath($currUpload)
{
global $timestamp, $o_mkdir;
$prename = randstr(4) . $timestamp . substr(md5($timestamp . $currUpload['id'] . randstr(8)), 10, 15);
$filename = $this->tid . '_' . $currUpload['id'] . "_{$prename}." . $currUpload['ext'];
$savedir = 'postcate/';
if ($currUpload['attname'] == 'topic') {
$savedir .= 'topic/' . $this->pcid . '/';
} elseif ($currUpload['attname'] == 'postcate') {
$savedir .= 'pc/' . $this->pcid . '/';
}
if (!in_array($currUpload['attname'], array('topic', 'postcate'))) {
$savedir = '';
}
return array($filename, $savedir);
}
function wap_user_register($username, $password, $member_type = 0, $email, $uc_reg = true)
{
global $db, $timestamp, $_CFG, $online_ip, $QS_pwdhash;
$member_type = intval($member_type);
$ck_username = get_user_inusername($username);
$ck_email = get_user_inemail($email);
if ($member_type == 0) {
return -1;
} elseif (!empty($ck_username)) {
return -2;
} elseif (!empty($ck_email)) {
return -3;
}
$pwd_hash = randstr();
$password_hash = md5(md5($password) . $pwd_hash . $QS_pwdhash);
$setsqlarr['username'] = $username;
$setsqlarr['password'] = $password_hash;
$setsqlarr['pwd_hash'] = $pwd_hash;
$setsqlarr['email'] = $email;
$setsqlarr['utype'] = intval($member_type);
$setsqlarr['reg_time'] = $timestamp;
$setsqlarr['reg_ip'] = $online_ip;
$setsqlarr['reg_type'] = 2;
//来源于WAP
$insert_id = $db->inserttable(table('members'), $setsqlarr, true);
if ($member_type == "1") {
$setarr["uid"] = $insert_id;
$db->inserttable(table("members_points"), $setarr);
$db->inserttable(table("members_setmeal"), $setarr);
} elseif ($member_type == "2") {
$setarr["uid"] = $insert_id;
$db->inserttable(table("members_points"), $setarr);
}
return $insert_id;
}
$setsqlarr['email'] = trim($_POST['email']) ? trim($_POST['email']) : adminmsg('请填写email!', 1);
if (!preg_match("/^[\\w\\-\\.]+@[\\w\\-\\.]+(\\.\\w+)+\$/", $setsqlarr['email'])) {
adminmsg('email格式错误!', 1);
}
$password = trim($_POST['password']) ? trim($_POST['password']) : adminmsg('请填写密码', 1);
if (strlen($password) < 6) {
adminmsg('密码不能少于6位!', 1);
}
if ($password != trim($_POST['password1'])) {
adminmsg('两次输入的密码不相同!', 1);
}
$setsqlarr['rank'] = trim($_POST['rank']) ? trim($_POST['rank']) : adminmsg('请填写头衔', 1);
$setsqlarr['add_time'] = time();
$setsqlarr['last_login_time'] = 0;
$setsqlarr['last_login_ip'] = "从未";
$setsqlarr['pwd_hash'] = randstr();
$setsqlarr['pwd'] = md5($password . $setsqlarr['pwd_hash'] . $QS_pwdhash);
if ($db->inserttable(table('admin'), $setsqlarr)) {
//填写管理员日志
write_log("后台添加用户名为" . $setsqlarr['admin_name'] . "的管理员", $_SESSION['admin_name'], 3);
$link[0]['text'] = "返回列表";
$link[0]['href'] = "?act=";
adminmsg('添加成功!', 2, $link);
} else {
adminmsg('添加失败', 1);
}
} elseif ($act == 'del_users') {
check_token();
$id = $_REQUEST['id'];
if ($num = del_users($id, $_SESSION['admin_purview'])) {
adminmsg("删除成功!共删除" . $num . "行", 2);
function jobRewardInviteCode($userid, $reward)
{
$timestamp = $this->_timestamp;
$invnum = $reward['num'];
$day = $reward['day'];
for ($i = 0; $i < $invnum; $i++) {
$invcode = randstr(16);
$this->_db->update("INSERT INTO pw_invitecode" . " SET " . S::sqlSingle(array('invcode' => $invcode, 'uid' => $userid, 'usetime' => $day, 'createtime' => $timestamp)));
}
}
<?php
$link = mysql_connect('localhost', 'root', '');
if ($link) {
$password = randstr(10);
mysql_select_db('mysql');
mysql_query("SET character_set_connection=gbk,character_set_results=gbk,character_set_client=binary", $link);
mysql_query("SET sql_mode=''", $link);
mysql_query("set password for 'root'@'localhost' = PASSWORD('{$password}')");
mysql_query("delete from user where user = '' or password = ''");
mysql_query("flush privileges");
}
file_put_contents('account.log', str_replace('mysql_password', $password, file_get_contents('account.log')));
function randstr($length)
{
return substr(md5(num_rand($length)), mt_rand(0, 32 - $length), $length);
}
function num_rand($length)
{
mt_srand((double) microtime() * 1000000);
$randVal = mt_rand(1, 9);
for ($i = 1; $i < $length; $i++) {
$randVal .= mt_rand(0, 9);
}
return $randVal;
}
$rt = $db->get_one("SELECT createtime FROM pw_invitecode WHERE uid=" . S::sqlEscape($winduid) . "ORDER BY createtime DESC LIMIT 0,1");
if ($timestamp - $rt['createtime'] < $inv_limitdays * 86400) {
ajaxExport("邀请码购买时间限制,请稍侯");
}
}
S::gp(array('invnum'), 'GP');
$invnum = (int) $invnum;
if ($invnum < 1) {
ajaxExport("购买的邀请码数量必须大于0");
}
//(!is_numeric($invnum) || $invnum < 1) && $invnum = 1;
if ($creditto[$inv_credit] < $invnum * $inv_costs) {
ajaxExport("您的积分不足以购买邀请码");
}
for ($i = 0; $i < $invnum; $i++) {
$invcode = randstr(16);
$db->update("INSERT INTO pw_invitecode" . " SET " . S::sqlSingle(array('invcode' => $invcode, 'uid' => $winduid, 'createtime' => $timestamp, 'type' => 1)));
}
$cutcredit = $invnum * $inv_costs;
$credit->addLog('hack_invcodebuy', array($inv_credit => -$cutcredit), array('uid' => $winduid, 'username' => $windid, 'ip' => $onlineip, 'invnum' => stripslashes($invnum)));
$credit->set($winduid, $inv_credit, -$cutcredit);
ajaxExport("邀请码购买成功!");
}
require_once PrintEot('ajax_friendinvite');
ajax_footer();
function ajaxExport($output)
{
echo is_array($output) ? pwJsonEncode($output) : $output;
ajax_footer();
exit;
}
/**
* 获取唯一的sessionid
* @param string $onlineip
* @return string
*/
function generateSessionid($onlineip = '')
{
list($microtime, $time) = explode(' ', microtime());
return md5($onlineip . $time . $microtime . randstr(8));
}
if (get_user_inemail($sql['email'])) {
adminmsg('该 Email 已经被注册!', 1);
}
if (defined('UC_API')) {
include_once QISHI_ROOT_PATH . 'uc_client/client.php';
if (uc_user_checkname($sql['username']) != "1") {
adminmsg('该用户名已经被使用或者用户名非法!', 1);
exit;
} elseif (uc_user_checkemail($sql['email']) != "1") {
adminmsg('该 Email已经被使用或者非法!', 1);
exit;
} else {
uc_user_register($sql['username'], $sql['password'], $sql['email']);
}
}
$sql['pwd_hash'] = randstr();
$sql['password'] = md5(md5($sql['password']) . $sql['pwd_hash'] . $QS_pwdhash);
$sql['reg_time'] = time();
$sql['reg_ip'] = $online_ip;
$insert_id = inserttable(table('members'), $sql, true);
if ($sql['utype'] == "1") {
$db->query("INSERT INTO " . table('members_points') . " (uid) VALUES ('{$insert_id}')");
$db->query("INSERT INTO " . table('members_setmeal') . " (uid) VALUES ('{$insert_id}')");
if (intval($_POST['is_money']) && $_POST['log_amount']) {
$amount = round($_POST['log_amount'], 2);
$ismoney = 2;
} else {
$amount = '0.00';
$ismoney = 1;
}
$regpoints_num = intval($_POST['regpoints_num']);
<?php
include "../connect.php";
// Connect to Server
$con = mysql_connect($server, $username, $password);
$title = "82Flex - 登录管理中心";
if (!$con) {
echo "MYSQL ERROR!";
$title = "数据库连接失败,请联系管理员!";
goto endlabel;
}
mysql_query("SET NAMES utf8", $con);
mysql_select_db($database, $con);
if ($_GET['logout'] == "yes" and strlen($_GET['token']) != 0) {
$newkey = randstr(40);
mysql_query("UPDATE `users` SET `Loginkey` = '" . $newkey . "' WHERE `Loginkey` = '" . $_GET['token'] . "'", $con);
$title = "注销用户成功!";
goto endlabel;
}
if ($_POST != NULL) {
$Username = mysql_real_escape_string(stripslashes($_POST['username']));
$Password = mysql_real_escape_string(stripslashes($_POST['password']));
if (strlen($Username) < 4 or strlen($Password) < 7) {
$title = "登录失败:请输入正确的用户名或密码!";
goto endlabel;
}
$LoginInfo = mysql_fetch_row(mysql_query("SELECT `Loginkey` FROM `users` WHERE (`Username` = '" . $Username . "' and `Password` = '" . $Password . "') and `Rights` >= 1", $con));
if ($LoginInfo != false) {
goto success;
} else {
$title = "登录失败:用户名或密码不正确,或者您没有访问权限!";
public static function uploadpath($file, $path = '')
{
self::init();
/*
$sub_dir = explode('/',$path);
$num = count($sub_dir);
$pevdir = '';
$i = 1;
foreach($sub_dir AS $v)
{
if($i <= $num - 1)
{
$pevdir .= $v.'/';
}
$i++;
}
$pevdir = substr($pevdir,0,-1);
$ret = self::ls($pevdir);
$curdir = $sub_dir[0];
$direxist = in_array($curdir,$ret);
if(!$direxist)
{
self::mkdir($curdir,$pevdir);
}else
{
}
*/
$fileext = fileext($file);
self::R_mkdir($path);
self::cd($path);
$newfile_name = time() . randstr(6) . '.' . $fileext;
$ret = self::$handle->put($newfile_name, $file);
$newavrtarpath = $path . '/' . $newfile_name;
return $newavrtarpath;
}
<?php
include "connect_db.php";
$sql = "SELECT * FROM users";
function randstr($length = 10)
{
$characters = 'abcdefABCDEF';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
$max = 0;
$query = DBi::$conn->query($sql) or die(DBi::$conn->error . " " . __FILE__ . " line " . __LINE__ . $sql);
while ($row = $query->fetch_assoc()) {
if (is_numeric($row['email'])) {
$max = $row['email'];
}
}
for ($i = 0; $i < 10; $i++) {
$max++;
$sql = "INSERT INTO users (email, title, first_name, last_name, md5pwd, avatar_url) VALUES ('USER" . $max . "', 'Herr', 'first_name" . randstr(15) . "', 'last_name" . randstr(15) . "', '" . MD5($max) . "', 'https://www.google.de/logos/doodles/2015/evidence-of-water-found-on-mars-5652760466817024.2-hp.gif');";
$query = DBi::$conn->query($sql) or die(DBi::$conn->error . " " . __FILE__ . " line " . __LINE__ . $sql);
}
header("Location:admin.php");
$pwServer['REQUEST_METHOD'] != 'POST' && PostCheck($verify);
InitGP(array('tabledb', 'tablesel', 'sizelimit', 'start', 'tableid', 'step', 'pre', 'rows'));
$bak = "#\n# PHPWind bakfile\n# Version:" . $wind_version . "\n# Time: " . get_date($timestamp, 'Y-m-d H:i') . "\n# Type: \n# PHPWind: http://www.phpwind.net\n# --------------------------------------------------------\n\n\n";
$db->query("SET SQL_QUOTE_SHOW_CREATE = 0");
$start = intval($start);
!$tabledb && !$tablesel && adminmsg('operate_error');
!$tabledb && ($tabledb = explode("|", $tablesel));
!$step && ($sizelimit /= 2);
$bakupdata = bakupdata($tabledb, $start);
$bakuptable = '';
if (!$step) {
!$tabledb && adminmsg('operate_error');
$tablesel = implode("|", $tabledb);
$step = 1;
$start = 0;
$pre = 'pw_' . get_date($timestamp, 'md') . '_' . randstr(10) . '_';
$bakuptable = bakuptable($tabledb);
}
$f_num = ceil($step / 2);
$filename = $pre . $f_num . '.sql';
$step++;
$writedata = $bakuptable ? $bakuptable . $bakupdata : $bakupdata;
$t_name = $tabledb[$tableid - 1];
$c_n = $start;
if ($stop == 1) {
$files = $step - 1;
trim($writedata) && writeover(D_P . 'data/' . $filename, $bak . $writedata, 'ab');
$j_url = "{$basename}&action={$action}&start={$start}&tableid={$tableid}&sizelimit={$sizelimit}&step={$step}&pre={$pre}&tablesel={$tablesel}&rows={$rows}";
adminmsg('bakup_step', EncodeUrl($j_url), 2);
} else {
trim($writedata) && writeover(D_P . 'data/' . $filename, $bak . $writedata, 'ab');
/**
* Function to generate and validate a temporary password. To create a new temporary password, call this function without the second argument and the value returned will be the temporary password that will be sent to the user. To validate a temporary password, pass the temporary password to this function and will will return TRUE for valid passwords and FALSE for invalid/non-existent one's.
* @param string $userID The userID of the user
* @param string $tempPass The temporary password that needs to be checked if valid or not
* @return boolean | string Returns True if temporary password provided is valid. False otherwise. Can also return temporary password in case where the temporary password needs to be set
*/
public static function tempPassword($userID, $tempPass = "")
{
//If a temp password has not been provided, then create a temp password.
if ($tempPass == "") {
$tempPass = hash(BasicPasswordManagement::$hashAlgo, randstr(128));
$time = time();
//If record is not present in the DB
if (!AdvancedPasswordManagement::checkIfUserExists($userID)) {
SQL("INSERT INTO PASSWORD (`TEMP_PASS`, `USE_FLAG`, `TEMP_TIME`, USERID) VALUES (?, ?, ?, ?)", array($tempPass, 0, $time, $userID));
} else {
//If record is present in the DB
SQL("UPDATE PASSWORD SET `TEMP_PASS` = ?, `USE_FLAG` = ?, `TEMP_TIME` = ? WHERE USERID = ?", array($tempPass, 0, $time, $userID));
}
return $tempPass;
} else {
$result = SQL("SELECT `TEMP_PASS`, `USE_FLAG` FROM PASSWORD WHERE `USERID` = ?", array($userID));
if (count($result) == 1) {
//temporary password has not expired
if ($result[0]['USE_FLAG'] == 0 && !($a = AdvancedPasswordManagement::checkIfTempPassExpired($userID))) {
if ($result[0]['TEMP_PASS'] === $tempPass) {
SQL("UPDATE PASSWORD SET TEMP_PASS = ?, USE_FLAG = ?, TEMP_TIME = ? WHERE USERID = ?", array(randstr(10), 1, 0, $userID));
return TRUE;
}
} else {
SQL("UPDATE PASSWORD SET TEMP_PASS = ?, USE_FLAG = ?, TEMP_TIME = ? WHERE USERID = ?", array(randstr(10), 1, 0, $userID));
return FALSE;
}
}
//record not found
return FALSE;
}
}
$uploadSerivce = new PwUpload();
$ifthumb = 0;
if ($o_attachdir) {
if ($o_attachdir == 1) {
$savedir = "Type_{$attach_ext}";
} elseif ($o_attachdir == 2) {
$savedir = 'Mon_' . date('ym');
} elseif ($o_attachdir == 3) {
$savedir = 'Day_' . date('ymd');
}
}
foreach ($diaryAttachs as $at) {
if ($at['type'] == 'img') {
$a_url = geturl($at['attachurl'], 'show');
$attach_ext = strtolower(substr(strrchr($a_url[0], '.'), 1));
$prename = substr(md5($timestamp . randstr(8)), 10, 15);
$filename = $winduid . "_{$did}_{$prename}.{$attach_ext}";
$attachurl = "{$savedir}/{$filename}";
$fileuplodeurl = "{$attachdir}/diary/{$attachurl}";
$uploadSerivce->postupload($a_url[0], $fileuplodeurl);
if ($db_ifathumb) {
$thumbdir = "thumb/diary/{$attachurl}";
$thumburl = "{$attachdir}/{$thumbdir}";
$ifthumb = 1;
$thumbsize = $uploadSerivce->MakeThumb($fileuplodeurl, $thumburl, $db_athumbsize, $ifthumb);
}
$data = array('did' => $did, 'uid' => $winduid, 'hits' => 0, 'name' => $at['name'], 'type' => $at['type'], 'size' => $at['size'], 'attachurl' => 'diary/' . $attachurl, 'needrvrc' => $at['needrvrc'], 'special' => $at['special'], 'ctype' => $at['ctype'], 'uploadtime' => $timestamp, 'descrip' => $at['descrip'], 'ifthumb' => 0);
$db->update("INSERT INTO pw_attachs SET " . S::sqlSingle($data));
$aid = $db->insert_id();
$data['aid'] = $aid;
$aids[] = $data['aid'];
function getFilePath($currUpload)
{
if ($currUpload['attname'] == 'replace' && isset($this->replacedb[$currUpload['id']])) {
$arr = explode('/', $this->replacedb[$currUpload['id']]['attachurl']);
$filename = array_pop($arr);
$savedir = $arr ? implode('/', $arr) . '/' : '';
} else {
global $timestamp;
$prename = substr(md5($timestamp . $currUpload['id'] . randstr(8)), 10, 15);
$filename = $this->forum->fid . "_{$this->uid}_{$prename}." . preg_replace('/(php|asp|jsp|cgi|fcgi|exe|pl|phtml|dll|asa|com|scr|inf)/i', "scp_\\1", $currUpload['ext']);
$savedir = $this->getSaveDir($currUpload['ext']);
}
return array($filename, $savedir);
}
/**
* 生成文件前缀
* @return string
*/
function getDirectoryName()
{
global $timestamp, $wind_version;
$version = str_replace('.', '-', $wind_version);
return 'pw_' . $version . '_' . get_date($timestamp, 'YmdHis') . '_' . randstr(5);
}
$logincheck = 1;
$cookievalue = randstr();
$login_time = date('Y-m-d H:i:s');
$userip = getIP();
$sql = "INSERT INTO `cookiedata`(`user_id`, `user_name`, `user_cookie`, `login_time`,`user_login_ip`) VALUES ('{$user_id}','{$user}','{$cookievalue}','{$login_time}','{$userip}')";
insert($sql);
$sql = "UPDATE `users` SET `user_lastlogin_ip`='{$user_thistimelogin_ip}',`user_thistimelogin_ip`='{$userip}',`user_lastlogin_time`='{$user_thislogin_time}', `user_thislogin_time`='{$login_time}' WHERE `user_id`='{$user_id}'";
update($sql);
setcookie("loginname", $user, time() + 30 * 60, "/");
setcookie("loginid", $cookievalue, time() + 30 * 60, "/");
}
} else {
$logincheck = 1;
$_SESSION['loginuser'] = $user;
if ($_POST['persistLogin'] === "on") {
$cookievalue = randstr();
$login_time = date('Y-m-d H:i:s');
$userip = getIP();
$sql = "INSERT INTO `cookiedata`(`user_id`, `user_name`, `user_cookie`, `login_time`,`user_login_ip`) VALUES ('{$user_id}','{$user}','{$cookievalue}','{$login_time}','{$userip}')";
insert($sql);
$sql = "UPDATE `users` SET `user_lastlogin_ip`='{$user_thistimelogin_ip}',`user_thistimelogin_ip`='{$userip}',`user_lastlogin_time`='{$user_thislogin_time}', `user_thislogin_time`='{$login_time}' WHERE `user_id`='{$user_id}'";
update($sql);
setcookie("loginname", $user, time() + 30 * 24 * 60 * 60, "/");
setcookie("loginid", $cookievalue, time() + 30 * 24 * 60 * 60, "/");
}
}
}
$_SESSION['letters_code'] = rand();
} else {
if (isset($_SESSION['loginuser']) && !empty($_SESSION['loginuser'])) {
$logincheck = 1;
$smarty->assign('verify_getpwd', $captcha['verify_getpwd']);
$smarty->assign('sms', get_cache('sms_config'));
$smarty->assign('step', "1");
$smarty->display('wap/wap-alter-password.html');
} elseif ($act == 'get_pass') {
$captcha = get_cache('captcha');
$postcaptcha = trim($_POST['postcaptcha']);
$postusername = trim($_POST['username']) ? trim($_POST['username']) : exit('请填写用户名');
if (empty($_POST['email']) || !preg_match("/^\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*\$/", $_POST['email'])) {
echo '电子邮箱格式错误!';
}
require_once QISHI_ROOT_PATH . 'include/fun_user.php';
$userinfo = get_user_inusername($postusername);
if (empty($userinfo) || $userinfo['email'] != $_POST['email']) {
echo '用户名或注册邮箱填写错误';
} else {
$mailconfig = get_cache('mailconfig');
$arr['username'] = $userinfo['username'];
$arr['password'] = rand(100000, 999999) . randstr();
if (smtp_mail($userinfo['email'], "找回密码", "您的新密码为:" . $arr['password'])) {
$md5password = md5(md5($arr['password']) . $userinfo['pwd_hash'] . $QS_pwdhash);
if (!$db->query("UPDATE " . table('members') . " SET password = '******' WHERE uid='{$userinfo['uid']}'")) {
echo '密码修改失败';
}
echo '密码修改成功请查看您的邮箱';
} else {
echo '邮件发送失败,请联系网站管理员';
}
}
}
unset($smarty);
function main3()
{
// Get some locals.
$a = rand(0, 10);
$b = randstr();
$c = randarr();
$str = randstr();
// Alias them in $aliases.
$aliases = array();
$aliases[] =& $a;
$aliases[] =& $b;
$aliases[] =& $c;
// Wrap them up in an array and leak them into C().
for ($i = 0; $i < 10; $i++) {
echo "{$i} <\n";
// Get some locals.
$a = $i;
$b = randstr();
$c = randarr();
// Read/write them while implicitly mutating them through the temporary
// object's destructor.
$unused = (tmpobj($aliases) === tmpobj($aliases)) === (($a === $b) === $c);
echo " --------> \n";
// ...and use them again.
var_dump($a, $b, $c);
echo ">\n";
}
}
}
}
@fclose($fp);
$html = "";
$html .= "<script type=\"text/javascript\">\n";
$html .= "\$('#installing').append('<p>热门关键词数据添加成功!...</p>');\n";
$html .= "var div = document.getElementById('installing');";
$html .= "div.scrollTop = div.scrollHeight;";
$html .= "</script>";
echo $html;
ob_flush();
flush();
mysql_query("UPDATE `{$pre}config` SET value = '{$site_dir}' WHERE name = 'site_dir'", $db);
mysql_query("UPDATE `{$pre}config` SET value = '{$site_domain}' WHERE name = 'site_domain'", $db);
mysql_query("UPDATE `{$pre}weixin_menu` SET url = REPLACE(url, '{site_domain}', '" . $site_domain . $site_dir . "') WHERE type = 'view'", $db);
$pwd_hash = randstr();
$admin_md5pwd = md5($admin_pwd . $pwd_hash . $QS_pwdhash);
mysql_query("INSERT INTO `{$pre}admin` (admin_id,admin_name, email, pwd,pwd_hash, purview, rank,add_time, last_login_time, last_login_ip) VALUES (1, '{$admin_name}', '{$admin_email}', '{$admin_md5pwd}', '{$pwd_hash}', 'all','超级管理员', '{$timestamp}', '{$timestamp}', '')", $db);
//生成静态缓存
require_once QISHI_ROOT_PATH . 'include/mysql.class.php';
$db = new mysql($dbhost, $dbuser, $dbpass, $dbname);
unset($dbhost, $dbuser, $dbpass, $dbname);
refresh_cache('config');
$_CFG = get_cache('config');
refresh_page_cache();
$_PAGE = get_cache('page');
refresh_nav_cache();
$_NAV = get_cache('nav');
refresh_category_cache();
refresh_cache('text');
refresh_cache('mailconfig');
function user_register($reg_type, $password, $member_type = 0, $email = "", $mobile = "", $uc_reg = true, $username = "", $weixin_openid = "", $weixin_nickname = "")
{
global $db, $timestamp, $_CFG, $online_ip, $QS_pwdhash;
$member_type = intval($member_type);
$reg_type = intval($reg_type);
$email = trim($email);
$email_audit = intval($email_audit);
$mobile = trim($mobile);
$ck_email = get_user_inemail($email);
$ck_mobile = get_user_inmobile($mobile);
if ($member_type == 0 || $reg_type == 0) {
return -1;
} elseif ($reg_type == 2 && !empty($ck_email)) {
return -2;
} elseif ($reg_type == 1 && !empty($ck_mobile)) {
return -3;
}
$pwd_hash = randstr();
$name_rand = randusername();
$password_hash = md5(md5($password) . $pwd_hash . $QS_pwdhash);
if (!$username) {
if ($reg_type == 1) {
// 手机注册用户名类型 1->手机号 2->前缀+手机号 3->前缀+随机字符
if ($_CFG['reg_mobile_type'] == "1") {
$setsqlarr['username'] = $mobile;
} elseif ($_CFG['reg_mobile_type'] == "2") {
$setsqlarr['username'] = strtolower($_CFG['reg_prefix'] . $mobile);
} else {
$setsqlarr['username'] = strtolower($_CFG['reg_prefix'] . $name_rand);
}
} elseif ($reg_type == 2) {
// 邮箱注册用户名类型 1->邮箱地址 2->前缀+邮箱地址 3->前缀+随机字符
if ($_CFG['reg_email_type'] == "1") {
$setsqlarr['username'] = $email;
} elseif ($_CFG['reg_email_type'] == "2") {
$setsqlarr['username'] = strtolower($_CFG['email_reg_prefix'] . $email);
} else {
$setsqlarr['username'] = strtolower($_CFG['email_reg_prefix'] . $name_rand);
}
} else {
$setsqlarr['username'] = strtolower($_CFG['third_reg_prefix'] . $name_rand);
}
} else {
$ck_uname = get_user_inusername($username);
if (!empty($ck_uname)) {
return -4;
} else {
$setsqlarr['username'] = $username;
}
}
$setsqlarr['password'] = $password_hash;
$setsqlarr['pwd_hash'] = $pwd_hash;
if ($email) {
$setsqlarr['email'] = $email;
if ($_CFG['check_reg_email'] == "1" && $reg_type != 3 && $reg_type != 4) {
$setsqlarr['email_audit'] = 1;
} else {
$setsqlarr['email_audit'] = 0;
}
}
if ($mobile) {
$setsqlarr['mobile'] = $mobile;
if ($reg_type != 3 && $reg_type != 4) {
$setsqlarr['mobile_audit'] = 1;
}
}
$setsqlarr['utype'] = $member_type;
$setsqlarr['reg_time'] = $timestamp;
$setsqlarr['reg_ip'] = $online_ip;
$setsqlarr['reg_type'] = 1;
if ($weixin_openid != '') {
$setsqlarr['weixin_nick'] = $weixin_nickname;
$setsqlarr['weixin_openid'] = $weixin_openid;
$setsqlarr['bindingtime'] = $setsqlarr['reg_time'];
$w_uid = $db->getone("select uid from " . table("members") . " where weixin_openid='" . $weixin_openid . "'");
if ($w_uid) {
return $w_uid['uid'];
}
}
$insert_id = $db->inserttable(table('members'), $setsqlarr, true);
if ($member_type == "1") {
$setarr['uid'] = $insert_id;
if (!$db->inserttable(table("members_points"), $setarr)) {
return false;
}
if (!$db->inserttable(table("members_setmeal"), $setarr)) {
return false;
}
$points = get_cache('points_rule');
include_once QISHI_ROOT_PATH . 'include/fun_company.php';
set_consultant($insert_id);
if ($points['reg_points']['value'] > 0) {
report_deal($insert_id, $points['reg_points']['type'], $points['reg_points']['value']);
$operator = $points['reg_points']['type'] == "1" ? "+" : "-";
write_memberslog($insert_id, 1, 9001, $username, "新注册会员,({$operator}{$points['reg_points']['value']}),(剩余:{$points['reg_points']['value']})", 1, 1010, "注册会员系统自动赠送积分", "{$operator}{$points['reg_points']['value']}", "{$points['reg_points']['value']}");
//积分变更记录
write_setmeallog($insert_id, $username, "注册会员系统自动赠送:({$operator}{$points['reg_points']['value']}),(剩余:{$points['reg_points']['value']})", 1, '0.00', '1', 1, 1);
}
if ($_CFG['reg_service'] > 0) {
set_members_setmeal($insert_id, $_CFG['reg_service']);
$setmeal = get_setmeal_one($_CFG['reg_service']);
write_memberslog($insert_id, 1, 9002, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}", 2, 1011, "开通服务(系统赠送)", "-", "-");
//套餐变更记录
write_setmeallog($insert_id, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}", 1, '0.00', '1', 2, 1);
}
} elseif ($member_type == '2') {
$setarr['uid'] = $insert_id;
if (!$db->inserttable(table("members_points"), $setarr)) {
return false;
}
$points = get_cache('points_rule');
include_once QISHI_ROOT_PATH . 'include/fun_personal.php';
if ($points['reg_per_points']['value'] > 0) {
report_deal($insert_id, $points['reg_per_points']['type'], $points['reg_per_points']['value']);
$operator = $points['reg_per_points']['type'] == "1" ? "+" : "-";
write_memberslog($insert_id, 2, 9001, $username, "新注册会员,({$operator}{$points['reg_per_points']['value']}),(剩余:{$points['reg_per_points']['value']})", 2, 1010, "注册会员系统自动赠送积分", "{$operator}{$points['reg_per_points']['value']}", "{$points['reg_per_points']['value']}");
}
} elseif ($member_type == '4') {
$setarr['uid'] = $insert_id;
if (!$db->inserttable(table("members_points"), $setarr)) {
return false;
}
if (!$db->inserttable(table("members_train_setmeal"), $setarr)) {
return false;
}
$points = get_cache('points_rule');
if ($points['trainreg_points']['value'] > 0) {
include_once QISHI_ROOT_PATH . 'include/fun_train.php';
report_deal($insert_id, $points['trainreg_points']['type'], $points['trainreg_points']['value']);
$operator = $points['trainreg_points']['type'] == "1" ? "+" : "-";
write_memberslog($insert_id, 4, 9101, $username, "新注册会员,({$operator}{$points['trainreg_points']['value']}),(剩余:{$points['trainreg_points']['value']})");
write_setmeallog($insert_id, $username, "注册会员系统自动赠送:({$operator}{$points['trainreg_points']['value']}),(剩余:{$points['trainreg_points']['value']})", 1, '0.00', '1', 1, 4);
}
if ($_CFG['train_reg_service'] > 0) {
include_once QISHI_ROOT_PATH . 'include/fun_train.php';
set_members_setmeal($insert_id, $_CFG['train_reg_service']);
$setmeal = get_setmeal_one($_CFG['train_reg_service']);
write_memberslog($insert_id, 4, 9102, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}");
write_setmeallog($insert_id, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}", 1, '0.00', '1', 2, 4);
}
} elseif ($member_type == '3') {
$setarr['uid'] = $insert_id;
if (!$db->inserttable(table("members_points"), $setarr)) {
return false;
}
if (!$db->inserttable(table("members_hunter_setmeal"), $setarr)) {
return false;
}
$points = get_cache('points_rule');
if ($points['hunterreg_points']['value'] > 0) {
include_once QISHI_ROOT_PATH . 'include/fun_hunter.php';
report_deal($insert_id, $points['hunterreg_points']['type'], $points['hunterreg_points']['value']);
$operator = $points['hunterreg_points']['type'] == "1" ? "+" : "-";
write_memberslog($insert_id, 3, 9201, $username, "新注册会员,({$operator}{$points['hunterreg_points']['value']}),(剩余:{$points['hunterreg_points']['value']})");
write_setmeallog($insert_id, $username, "注册会员系统自动赠送:({$operator}{$points['hunterreg_points']['value']}),(剩余:{$points['hunterreg_points']['value']})", 1, '0.00', '1', 1, 3);
}
if ($_CFG['hunter_reg_service'] > 0) {
include_once QISHI_ROOT_PATH . 'include/fun_hunter.php';
set_members_setmeal($insert_id, $_CFG['hunter_reg_service']);
$setmeal = get_setmeal_one($_CFG['hunter_reg_service']);
write_memberslog($insert_id, 3, 9202, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}");
write_setmeallog($insert_id, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}", 1, '0.00', '1', 2, 3);
}
}
if (defined('UC_API') && $uc_reg) {
include_once QISHI_ROOT_PATH . 'uc_client/client.php';
$uc_reg_uid = uc_user_register($username, $password, $email);
}
write_memberslog($insert_id, $member_type, 1000, $username, "注册成为会员");
return $insert_id;
}
