Exemple #1
0
 // check for errors
 @chmod(ROOT . 'avatar/', 0777);
 @chmod(ROOT . 'config/', 0777);
 if (!is_writable(ROOT . 'avatar/')) {
     $installerrors[] = '请将avatar文件夹的属性设置为: 777';
 }
 if (!is_writable(ROOT . 'config/')) {
     $installerrors[] = '请将config文件夹的属性设置为: 777';
 }
 if (!is_writeable(ROOT . 'config/settings.php')) {
     $installerrors[] = '请将系统配置文件config/settings.php设置为可写, 即属性设置为: 777';
 }
 if (strlen($username) == 0) {
     $installerrors[] = '请输入系统管理员用户名.';
 } else {
     if (!IsName($username)) {
         $installerrors[] = '用户名中含有非法字符.';
     }
 }
 if (strlen($password) == 0) {
     $installerrors[] = '请输入系统管理员密码.';
 }
 if ($password != $confirmpassword) {
     $installerrors[] = '管理员密码与确认密码不相同.';
 }
 if (strlen($email) == 0) {
     $installerrors[] = '请输入管理员电子信箱.';
 }
 if (strlen($tableprefix) == 0) {
     $installerrors[] = '请输入数据库表前缀.';
 } else {
$Password = '';
$Password2 = '';
$VerifyCode = '';
$Message = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (!ReferCheck($_POST['FormHash'])) {
        AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403);
    }
    $UserName = strtolower(Request('Post', 'UserName'));
    $Email = strtolower(Request('Post', 'Email'));
    $Password = Request('Post', 'Password');
    $Password2 = Request('Post', 'Password2');
    $VerifyCode = intval(Request('Post', 'VerifyCode'));
    if ($UserName && $Email && $Password && $Password2 && $VerifyCode) {
        if ($Password === $Password2) {
            if (IsName($UserName)) {
                if (IsEmail($Email)) {
                    session_start();
                    if (isset($_SESSION[$Prefix . 'VerificationCode']) && $VerifyCode === intval($_SESSION[$Prefix . 'VerificationCode'])) {
                        $UserExist = $DB->single("SELECT ID FROM " . $Prefix . "users WHERE UserName = :UserName", array('UserName' => $UserName));
                        if (!$UserExist) {
                            $NewUserSalt = mt_rand(100000, 999999);
                            $NewUserPassword = md5(md5($Password) . $NewUserSalt);
                            $NewUserData = array('ID' => null, 'UserName' => $UserName, 'Salt' => $NewUserSalt, 'Password' => $NewUserPassword, 'UserMail' => $Email, 'UserHomepage' => '', 'PasswordQuestion' => '', 'PasswordAnswer' => '', 'UserSex' => 0, 'NumFavUsers' => 0, 'NumFavTags' => 0, 'NumFavTopics' => 0, 'NewMessage' => 0, 'Topics' => 0, 'Replies' => 0, 'Followers' => 0, 'DelTopic' => 0, 'GoodTopic' => 0, 'UserPhoto' => '', 'UserMobile' => '', 'UserLastIP' => $CurIP, 'UserRegTime' => $TimeStamp, 'LastLoginTime' => $TimeStamp, 'LastPostTime' => $TimeStamp, 'BlackLists' => '', 'UserFriend' => '', 'UserInfo' => '', 'UserIntro' => '', 'UserIM' => '', 'UserRoleID' => 1, 'UserAccountStatus' => 1, 'Birthday' => date("Y-m-d", $TimeStamp));
                            $DB->query('INSERT INTO `' . $Prefix . 'users`(`ID`, `UserName`, `Salt`, `Password`, `UserMail`, `UserHomepage`, `PasswordQuestion`, `PasswordAnswer`, `UserSex`, `NumFavUsers`, `NumFavTags`, `NumFavTopics`, `NewMessage`, `Topics`, `Replies`, `Followers`, `DelTopic`, `GoodTopic`, `UserPhoto`, `UserMobile`, `UserLastIP`, `UserRegTime`, `LastLoginTime`, `LastPostTime`, `BlackLists`, `UserFriend`, `UserInfo`, `UserIntro`, `UserIM`, `UserRoleID`, `UserAccountStatus`, `Birthday`) VALUES (:ID, :UserName, :Salt, :Password, :UserMail, :UserHomepage, :PasswordQuestion, :PasswordAnswer, :UserSex, :NumFavUsers, :NumFavTags, :NumFavTopics, :NewMessage, :Topics, :Replies, :Followers, :DelTopic, :GoodTopic, :UserPhoto, :UserMobile, :UserLastIP, :UserRegTime, :LastLoginTime, :LastPostTime, :BlackLists, :UserFriend, :UserInfo, :UserIntro, :UserIM, :UserRoleID, :UserAccountStatus, :Birthday)', $NewUserData);
                            $CurUserID = $DB->lastInsertId();
                            //更新全站统计数据
                            $NewConfig = array("NumUsers" => $Config["NumUsers"] + 1, "DaysUsers" => $Config["DaysUsers"] + 1);
                            UpdateConfig($NewConfig);
                            $TemporaryUserExpirationTime = 30 * 86400 + $TimeStamp;
                            //默认保持30天登陆状态
Exemple #3
0
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (!ReferCheck(Request('Post', 'FormHash')) || empty($_SESSION[$Prefix . 'OauthAccessToken']) || !$State || empty($_SESSION[$Prefix . 'OauthState']) || $State != $_SESSION[$Prefix . 'OauthState']) {
        AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403);
    }
    // 读入Access Token
    $OauthObject->AccessToken = $_SESSION[$Prefix . 'OauthAccessToken'];
    // 释放session防止阻塞
    session_write_close();
    if (!$OauthObject->GetOpenID()) {
        AlertMsg('400 Bad Request', '400 Bad Request', 400);
    }
    $OauthUserInfo = $OauthObject->GetUserInfo();
    CheckOpenID();
    $UserName = strtolower(Request('Post', 'UserName'));
    if ($UserName && IsName($UserName)) {
        $UserExist = $DB->single("SELECT ID FROM " . $Prefix . "users WHERE UserName = :UserName", array('UserName' => $UserName));
        if (!$UserExist) {
            $NewUserSalt = mt_rand(100000, 999999);
            $NewUserPassword = '******' . substr(md5(md5(mt_rand(1000000000, 2147483647)) . $NewUserSalt), 0, -3);
            $NewUserData = array('ID' => null, 'UserName' => $UserName, 'Salt' => $NewUserSalt, 'Password' => $NewUserPassword, 'UserMail' => '', 'UserHomepage' => '', 'PasswordQuestion' => '', 'PasswordAnswer' => '', 'UserSex' => 0, 'NumFavUsers' => 0, 'NumFavTags' => 0, 'NumFavTopics' => 0, 'NewMessage' => 0, 'Topics' => 0, 'Replies' => 0, 'Followers' => 0, 'DelTopic' => 0, 'GoodTopic' => 0, 'UserPhoto' => '', 'UserMobile' => '', 'UserLastIP' => $CurIP, 'UserRegTime' => $TimeStamp, 'LastLoginTime' => $TimeStamp, 'LastPostTime' => $TimeStamp, 'BlackLists' => '', 'UserFriend' => '', 'UserInfo' => '', 'UserIntro' => '', 'UserIM' => '', 'UserRoleID' => 1, 'UserAccountStatus' => 1, 'Birthday' => date("Y-m-d", $TimeStamp));
            $DB->query('INSERT INTO `' . $Prefix . 'users`
				(`ID`, `UserName`, `Salt`, `Password`, `UserMail`, `UserHomepage`, `PasswordQuestion`, `PasswordAnswer`, `UserSex`, `NumFavUsers`, `NumFavTags`, `NumFavTopics`, `NewMessage`, `Topics`, `Replies`, `Followers`, `DelTopic`, `GoodTopic`, `UserPhoto`, `UserMobile`, `UserLastIP`, `UserRegTime`, `LastLoginTime`, `LastPostTime`, `BlackLists`, `UserFriend`, `UserInfo`, `UserIntro`, `UserIM`, `UserRoleID`, `UserAccountStatus`, `Birthday`) 
				VALUES (:ID, :UserName, :Salt, :Password, :UserMail, :UserHomepage, :PasswordQuestion, :PasswordAnswer, :UserSex, :NumFavUsers, :NumFavTags, :NumFavTopics, :NewMessage, :Topics, :Replies, :Followers, :DelTopic, :GoodTopic, :UserPhoto, :UserMobile, :UserLastIP, :UserRegTime, :LastLoginTime, :LastPostTime, :BlackLists, :UserFriend, :UserInfo, :UserIntro, :UserIM, :UserRoleID, :UserAccountStatus, :Birthday)', $NewUserData);
            $CurUserID = $DB->lastInsertId();
            //Insert App user
            $DB->query('INSERT INTO `' . $Prefix . 'app_users`
				 (`ID`, `AppID`, `OpenID`, `AppUserName`, `UserID`, `Time`) 
				VALUES (:ID, :AppID, :OpenID, :AppUserName, :UserID, :Time)', array('ID' => null, 'AppID' => $AppID, 'OpenID' => $OauthObject->OpenID, 'AppUserName' => htmlspecialchars($OauthObject->NickName), 'UserID' => $CurUserID, 'Time' => $TimeStamp));
            //var_dump(htmlspecialchars($OauthObject->NickName));
            //更新全站统计数据
Exemple #4
0
$ErrorCode = 104000;
if ($_SERVER['REQUEST_METHOD'] == 'POST' || $IsApp) {
    if (!ReferCheck(Request('Post', 'FormHash'))) {
        AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403);
    }
    $UserName = strtolower(Request('Post', 'UserName'));
    $Email = strtolower(Request('Post', 'Email'));
    $Password = Request('Post', 'Password');
    $VerifyCode = intval(Request('Post', 'VerifyCode'));
    do {
        if (!($UserName && $Email && $Password && $VerifyCode)) {
            $Error = $Lang['Forms_Can_Not_Be_Empty'];
            $ErrorCode = 104001;
            break;
        }
        if (!IsName($UserName)) {
            $Error = $Lang['UserName_Error'];
            $ErrorCode = 104002;
            break;
        }
        if (!IsEmail($Email)) {
            $Error = $Lang['Email_Error'];
            $ErrorCode = 104003;
            break;
        }
        session_start();
        $TempVerificationCode = "";
        if (isset($_SESSION[$Prefix . 'VerificationCode'])) {
            $TempVerificationCode = intval($_SESSION[$Prefix . 'VerificationCode']);
            unset($_SESSION[$Prefix . 'VerificationCode']);
        } else {
Exemple #5
0
 public function save()
 {
     $aid = ForceIntFrom('aid');
     $type = ForceIntFrom('type');
     $activated = ForceIntFrom('activated');
     $username = ForceStringFrom('username');
     $password = ForceStringFrom('password');
     $passwordconfirm = ForceStringFrom('passwordconfirm');
     $email = ForceStringFrom('email');
     $fullname = ForceStringFrom('fullname');
     $fullname_en = ForceStringFrom('fullname_en');
     $post = ForceStringFrom('post');
     $post_en = ForceStringFrom('post_en');
     $deleteuser = ForceIntFrom('deleteuser');
     if ($deleteuser and $aid != $this->admin['aid']) {
         $this->DeleteUser($aid);
         Success('users');
         //如果删除客服, 直接跳转
     }
     if (!$username) {
         $errors[] = '请输入用户名!';
     } elseif (!IsName($username)) {
         $errors[] = '用户名存在非法字符!';
     } elseif (APP::$DB->getOne("SELECT aid FROM " . TABLE_PREFIX . "admin WHERE username = '******' AND aid != '{$aid}'")) {
         $errors[] = '用户名已存在!';
     }
     if ($aid) {
         if (strlen($password) or strlen($passwordconfirm)) {
             if (strcmp($password, $passwordconfirm)) {
                 $errors[] = '两次输入的密码不相同!';
             }
         }
     } else {
         if (!$password) {
             $errors[] = '请输入密码!';
         } elseif ($password != $passwordconfirm) {
             $errors[] = '两次输入的密码不相同!';
         }
     }
     if (!$email) {
         $errors[] = '请输入Email地址!';
     } elseif (!IsEmail($email)) {
         $errors[] = 'Email地址不规范!';
     } elseif (APP::$DB->getOne("SELECT aid FROM " . TABLE_PREFIX . "admin WHERE email = '{$email}' AND aid != '{$aid}'")) {
         $errors[] = 'Email地址已占用!';
     }
     if (!$fullname) {
         $errors[] = '请输入中文昵称!';
     }
     if (!$fullname_en) {
         $errors[] = '请输入英文昵称!';
     }
     if (!$post) {
         $errors[] = '请输入中文职位!';
     }
     if (!$post_en) {
         $errors[] = '请输入英文职位!';
     }
     if (isset($errors)) {
         Error($errors, Iif($aid, '编辑客服错误', '添加客服错误'));
     } else {
         if ($aid) {
             APP::$DB->exe("UPDATE " . TABLE_PREFIX . "admin SET username    = '******',\n\t\t\t\t" . Iif($aid != $this->admin['aid'], "type = '{$type}', activated = '{$activated}',") . "\n\t\t\t\t" . Iif($password, "password = '******',") . "\n\t\t\t\temail       = '{$email}',\n\t\t\t\tfullname       = '{$fullname}',\n\t\t\t\tfullname_en       = '{$fullname_en}',\n\t\t\t\tpost       = '{$post}',\n\t\t\t\tpost_en       = '{$post_en}'\t\t\t\t\t\t\t\t\t\t \n\t\t\t\tWHERE aid      = '{$aid}'");
         } else {
             APP::$DB->exe("INSERT INTO " . TABLE_PREFIX . "admin (type, activated, username, password, email, first, fullname, fullname_en, post, post_en) VALUES ('{$type}', 1, '{$username}', '" . md5($password) . "', '{$email}', '" . time() . "', '{$fullname}', '{$fullname_en}', '{$post}', '{$post_en}')");
         }
         Success('users');
     }
 }
Exemple #6
0
    die('File not found!');
}
// #######################################################
$userinfo = array();
$userid = 0;
define('COOKIE_NAME', 'weliveF' . COOKIE_KEY);
$realtime = time();
$loginusername = ForceIncomingString('loginusername');
$loginpassword = ForceIncomingString('loginpassword');
if (strlen($loginusername) and strlen($loginpassword)) {
    $vvckey = ForceIncomingString('vvckey');
    if (ForceIncomingCookie('safecookieF' . $vvckey . COOKIE_KEY) != md5($_CFG['cKillRobotCode'] . $vvckey)) {
        exit;
    }
    setcookie('safecookieF' . $vvckey . COOKIE_KEY, '', 0, '/');
    if (!IsName($loginusername) or !IsPass($loginpassword)) {
        $logininfo = $lang['login_error1'];
        LogIn();
    } else {
        $userid = LoginUser($loginusername, $loginpassword);
        if (!$userid) {
            $logininfo = $lang['login_error2'];
            LogIn();
        } else {
            CreateSession($userid);
            header("Location: ./");
            exit;
        }
    }
} else {
    if (ForceIncomingInt('logout') == 1) {