/**
  * 内部验证
  */
 private function check($data)
 {
     session_start();
     if (!$this->memberconfig['register']) {
         $this->memberMsg(lang('m-reg-0'));
     }
     if (empty($data['username'])) {
         $this->memberMsg(lang('m-reg-7'));
     }
     if (!check::is_mobile($data['shoujihaoma'])) {
         $this->memberMsg(lang('m-reg-9-1'));
     }
     if ($data['smscode'] !== $_SESSION['smscode'][$data['shoujihaoma']]) {
         $this->memberMsg(lang('m-reg-9-2'));
     }
     if (!$this->is_username($data['username'])) {
         $this->memberMsg(${$data}['username'] . lang('m-pms-12'));
     }
     if (empty($data['password'])) {
         $this->memberMsg(lang('m-reg-11'));
     }
     if ($data['password'] != $data['password2']) {
         $this->memberMsg(lang('m-reg-12'));
     }
     if (!check::is_email($data['email'])) {
         $this->memberMsg(lang('m-reg-9'));
     }
     if ($this->memberconfig['banuser']) {
         $users = explode(',', $this->memberconfig['banuser']);
         if (in_array($data['username'], $users)) {
             $this->memberMsg(lang('m-reg-13', array('1' => $data['username'])));
         }
     }
     if ($this->memberconfig['regiptime']) {
         $mcfg = $this->member->from(null, 'regdate,regip')->where('regip=?', client::get_user_ip())->order('regdate DESC')->select(false);
         if ($mcfg && time() - $mcfg['regdate'] <= $this->memberconfig['regiptime'] * 3600) {
             $this->memberMsg(lang('m-reg-13', array('1' => $this->memberconfig['regiptime'])));
         }
     }
     $member = $this->member->from(null, 'id')->where('email=?', $data['email'])->select(false);
     if ($member) {
         $this->memberMsg(lang('m-reg-10'));
     }
     $member = $this->member->from(null, 'id')->where('username=?', $data['username'])->select(false);
     if ($member) {
         $this->memberMsg(lang('m-reg-8'));
     }
 }
Example #2
0
 /**
  * Email是否重复检查
  */
 public function ajaxemailAction()
 {
     $email = $this->post('email');
     if (!check::is_email($email)) {
         exit('<b><font color=red>' . lang('a-mem-21') . '</font></b>');
     }
     $id = $this->post('id');
     if (empty($email)) {
         exit('<b><font color=red>' . lang('a-mem-22') . '</font></b>');
     }
     $where = $id ? "email='" . $email . "' and id<>" . $id : "email='" . $email . "'";
     $data = $this->member->getOne($where);
     if ($data) {
         exit('<b><font color=red>' . lang('a-mem-23') . '</font></b>');
     }
     exit('<b><font color=green>√</font></b>');
 }
Example #3
0
 /**
  * 保存非法字符攻击日志
  */
 private static function save_attack_log($type, $val)
 {
     $cfg = App::get_config();
     if ($cfg['SYS_ATTACK_LOG']) {
         if (SYS_DOMAIN) {
             $_SERVER['REQUEST_URI'] = str_replace('/' . SYS_DOMAIN, '', $_SERVER['REQUEST_URI']);
         }
         $data = array('url' => isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] ? $_SERVER['QUERY_STRING'] : $_SERVER['REQUEST_URI'], 'ip' => client::get_user_ip(), 'uid' => get_cookie('member_id'), 'time' => time(), 'type' => $type, 'val' => $val, 'user' => $_SERVER['HTTP_USER_AGENT']);
         $dir = APP_ROOT . 'cache' . DIRECTORY_SEPARATOR . 'attack' . DIRECTORY_SEPARATOR;
         $file = $dir . date('Ymd') . '.log';
         if (!is_dir($dir)) {
             mkdir($dir, 0777);
         }
         $body = file_exists($file) ? file_get_contents($file) : null;
         if ($body) {
             $fdata = explode(PHP_EOL, $body);
             $idata = 0;
             foreach ($fdata as $v) {
                 if (empty($v)) {
                     continue;
                 }
                 $t = unserialize($v);
                 if ($data['ip'] == $t['ip']) {
                     $idata++;
                 }
                 //若Ip出现10次以上,直接禁止不再保存提醒
                 //相同地址在20秒内都含有非法字符,直接禁止不再保存提醒
                 if ($idata >= 10 || $data['time'] - $t['time'] < 20 && $data['user'] == $t['user'] && $data['ip'] == $t['ip'] && $data['url'] == $t['url']) {
                     if ($cfg['SYS_ILLEGAL_CHAR']) {
                         App::display_error(lang('app-10') . '<pre>' . htmlspecialchars(self::strip_slashes($val)) . '</pre>', 1);
                     }
                     unset($cfg);
                     return false;
                 }
             }
             unset($fadta);
         }
         $body = serialize($data) . PHP_EOL . $body;
         file_put_contents($file, $body, LOCK_EX);
         if ($data['ip'] && $cfg['SYS_ATTACK_MAIL'] && check::is_email($cfg['SITE_SYSMAIL'])) {
             //发送邮件至管理员
             mail::set($cfg);
             $body = '------------------------------------------------------------------------------------------<br>' . 'SITE: ' . SITE_URL . '<br>URL: ' . $data['url'] . '<br>TYPE: ' . $data['type'] . '<br>VALUE: ' . $data['val'] . '<br>IP: ' . $data['ip'] . '<br>TIME: ' . date(TIME_FORMAT, $data['time']) . '<br>USER: '******'user'] . '<br>------------------------------------------------------------------------------------------<br>' . lang('a-cfg-6') . '<br>';
             mail::sendmail($cfg['SITE_SYSMAIL'], lang('a-cfg-5') . '-' . $cfg['SITE_NAME'], $body);
         }
     }
     if ($cfg['SYS_ILLEGAL_CHAR']) {
         App::display_error(lang('app-10') . '<pre>' . htmlspecialchars(self::strip_slashes($val)) . '</pre>', 1);
     }
     unset($cfg);
 }