ShowMsg('验证码错误!', '-1');
exit;
}
}
$faqkey = isset($faqkey) && is_numeric($faqkey) ? $faqkey : 0;
if ($safe_faq_msg == 1) {
if ($safefaqs[$faqkey]['answer'] != $safeanswer || $safeanswer == '') {
ShowMsg('验证问题答案错误', '-1');
exit;
}
}
if ($subject == '') {
ShowMsg("请填写信息标题!", "-1");
exit;
}
$msg = CheckUserID($msgtoid, "用户名", false);
if ($msg != 'ok') {
ShowMsg($msg, "-1");
exit;
}
$row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE userid LIKE '{$msgtoid}' ");
if (!is_array($row)) {
ShowMsg("你指定的用户不存在,不能发送信息!", "-1");
exit;
}
$subject = cn_substrR(HtmlReplace($subject, 1), 60);
$message = cn_substrR(HtmlReplace($message, 0), 1024);
$sendtime = $writetime = time();
//发给收件人(收件人可管理)
$inquery1 = "INSERT INTO `#@__member_pms` (`floginid`,`fromid`,`toid`,`tologinid`,`folder`,`subject`,`sendtime`,`writetime`,`hasview`,`isadmin`,`message`)\r\n VALUES ('{$cfg_ml->M_LoginID}','{$cfg_ml->M_ID}','{$row['mid']}','{$row['userid']}','inbox','{$subject}','{$sendtime}','{$writetime}','0','0','{$message}'); ";
//保留到自己的发件箱(自己可管理)
$vdcode = '';
}
$svali = GetCkVdValue();
if (strtolower($vdcode) != $svali || $svali == '') {
ResetVdValue();
ShowMsg("对不起,验证码输入错误!", "-1");
exit;
}
//验证邮箱,用户名
if (empty($mail) && empty($userid)) {
showmsg('对不起,请输入用户名或邮箱', '-1');
exit;
} elseif (!ereg("(.*)@(.*)\\.(.*)", $mail)) {
showmsg('对不起,请输入正确的邮箱格式', '-1');
exit;
} elseif (CheckUserID($userid, '', false) != 'ok') {
ShowMsg("你输入的用户名 {$userid} 不合法!", "-1");
exit;
}
$member = member($mail, $userid);
//以邮件方式取回密码;
if ($type == 1) {
//判断系统邮件服务是否开启
if ($cfg_sendmail_bysmtp == "Y") {
sn($member['mid'], $userid, $member['email']);
} else {
showmsg('对不起邮件服务暂未开启,请联系管理员', 'login.php');
exit;
}
//以安全问题取回密码;
} elseif ($type == 2) {
ResetVdValue();
ShowMsg('验证码错误!', '-1');
exit;
}
}
$faqkey = isset($faqkey) && is_numeric($faqkey) ? $faqkey : 0;
if ($safe_faq_reg == '1') {
if ($safefaqs[$faqkey]['answer'] != $rsafeanswer || $rsafeanswer == '') {
ShowMsg('验证问题答案错误', '-1');
exit;
}
}
$userid = trim($userid);
$pwd = trim($userpwd);
$pwdc = trim($userpwdok);
$rs = CheckUserID($userid, '用户名');
if ($rs != 'ok') {
ShowMsg($rs, '-1');
exit;
}
if (strlen($userid) > 20 || strlen($uname) > 36) {
ShowMsg('你的用户名或用户笔名过长,不允许注册!', '-1');
exit;
}
if (strlen($userid) < $cfg_mb_idmin || strlen($pwd) < $cfg_mb_pwdmin) {
ShowMsg("你的用户名或密码过短,不允许注册!", "-1");
exit;
}
if ($pwdc != $pwd) {
ShowMsg('你两次输入的密码不一致!', '-1');
exit;
$addupquery .= ",email='{$email}'";
}
}
//修改安全问题
if ($newsafequestion != 0 && $newsafeanswer != '') {
if (strlen($newsafeanswer) > 30) {
ShowMsg('你的新安全问题的答案太长了,请保持在30字节以内!', '-1');
exit;
} else {
$addupquery .= ",safequestion='{$newsafequestion}',safeanswer='{$newsafeanswer}'";
}
}
}
//修改uname
if ($uname != $row['uname']) {
$rs = CheckUserID($uname, '昵称或公司名称', false);
if ($rs != 'ok') {
ShowMsg($rs, '-1');
exit;
}
$addupquery .= ",uname='{$uname}'";
}
//性别
if (!in_array($sex, array('男', '女', '保密'))) {
ShowMsg('请选择正常的性别!', '-1');
exit;
}
$query1 = "Update `#@__member` set pwd='{$pwd}',sex='{$sex}'{$addupquery} where mid='" . $cfg_ml->M_ID . "' ";
$dsql->ExecuteNoneQuery($query1);
//如果是管理员,修改其后台密码
if ($cfg_ml->fields['matt'] == 10 && $pwd2 != "") {
/**
* 检查用户是否合法
*
* @access public
* @param string $loginuser 登录用户名
* @param string $loginpwd 用户密码
* @return string
*/
function CheckUser(&$loginuser, $loginpwd)
{
global $dsql;
//检测用户名的合法性
$rs = CheckUserID($loginuser, '用户名', FALSE);
//用户名不正确时返回验证错误,原登录名通过引用返回错误提示信息
if ($rs != 'ok') {
$loginuser = $rs;
return '0';
}
//matt=10 是管理员关连的前台帐号,为了安全起见,这个帐号只能从后台登录,不能直接从前台登录
$row = $dsql->GetOne("SELECT mid,matt,pwd,logintime FROM `#@__member` WHERE userid LIKE '{$loginuser}' ");
if (is_array($row)) {
if ($this->GetShortPwd($row['pwd']) != $this->GetEncodePwd($loginpwd)) {
return -1;
} else {
//管理员帐号不允许从前台登录
if ($row['matt'] == 10) {
return -2;
} else {
$this->PutLoginInfo($row['mid'], $row['logintime']);
return 1;
}
}
} else {
return 0;
}
}
}*/
//修改安全问题
if ($newsafequestion != 0 && $newsafeanswer != '') {
if (strlen($newsafeanswer) > 30) {
ShowMsg('你的新安全问题的答案太长了,请保持在30字节以内!', '-1');
exit;
} else {
$newsafequestion = HtmlReplace($newsafequestion, 1);
$newsafeanswer = HtmlReplace($newsafeanswer, 1);
$addupquery .= ",safequestion='{$newsafequestion}',safeanswer='{$newsafeanswer}'";
}
}
}
//修改uname
if ($uname != $row['uname']) {
$rs = CheckUserID($uname, '昵称或公司名称', FALSE);
if ($rs != 'ok') {
ShowMsg($rs, '-1');
exit;
}
$addupquery .= ",uname='{$uname}'";
}
//性别
if (!in_array($sex, array('男', '女', '保密'))) {
ShowMsg('请选择正常的性别!', '-1');
exit;
}
$query1 = "UPDATE `#@__member` SET pwd='{$pwd}',sex='{$sex}'{$addupquery} where mid='" . $cfg_ml->M_ID . "' ";
$dsql->ExecuteNoneQuery($query1);
//如果是管理员,修改其后台密码
if ($cfg_ml->fields['matt'] == 10 && $pwd2 != "") {