// check for errors @chmod(ROOT . 'avatar/', 0777); @chmod(ROOT . 'config/', 0777); if (!is_writable(ROOT . 'avatar/')) { $installerrors[] = '请将avatar文件夹的属性设置为: 777'; } if (!is_writable(ROOT . 'config/')) { $installerrors[] = '请将config文件夹的属性设置为: 777'; } if (!is_writeable(ROOT . 'config/settings.php')) { $installerrors[] = '请将系统配置文件config/settings.php设置为可写, 即属性设置为: 777'; } if (strlen($username) == 0) { $installerrors[] = '请输入系统管理员用户名.'; } else { if (!IsName($username)) { $installerrors[] = '用户名中含有非法字符.'; } } if (strlen($password) == 0) { $installerrors[] = '请输入系统管理员密码.'; } if ($password != $confirmpassword) { $installerrors[] = '管理员密码与确认密码不相同.'; } if (strlen($email) == 0) { $installerrors[] = '请输入管理员电子信箱.'; } if (strlen($tableprefix) == 0) { $installerrors[] = '请输入数据库表前缀.'; } else {
$Password = ''; $Password2 = ''; $VerifyCode = ''; $Message = ''; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (!ReferCheck($_POST['FormHash'])) { AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403); } $UserName = strtolower(Request('Post', 'UserName')); $Email = strtolower(Request('Post', 'Email')); $Password = Request('Post', 'Password'); $Password2 = Request('Post', 'Password2'); $VerifyCode = intval(Request('Post', 'VerifyCode')); if ($UserName && $Email && $Password && $Password2 && $VerifyCode) { if ($Password === $Password2) { if (IsName($UserName)) { if (IsEmail($Email)) { session_start(); if (isset($_SESSION[$Prefix . 'VerificationCode']) && $VerifyCode === intval($_SESSION[$Prefix . 'VerificationCode'])) { $UserExist = $DB->single("SELECT ID FROM " . $Prefix . "users WHERE UserName = :UserName", array('UserName' => $UserName)); if (!$UserExist) { $NewUserSalt = mt_rand(100000, 999999); $NewUserPassword = md5(md5($Password) . $NewUserSalt); $NewUserData = array('ID' => null, 'UserName' => $UserName, 'Salt' => $NewUserSalt, 'Password' => $NewUserPassword, 'UserMail' => $Email, 'UserHomepage' => '', 'PasswordQuestion' => '', 'PasswordAnswer' => '', 'UserSex' => 0, 'NumFavUsers' => 0, 'NumFavTags' => 0, 'NumFavTopics' => 0, 'NewMessage' => 0, 'Topics' => 0, 'Replies' => 0, 'Followers' => 0, 'DelTopic' => 0, 'GoodTopic' => 0, 'UserPhoto' => '', 'UserMobile' => '', 'UserLastIP' => $CurIP, 'UserRegTime' => $TimeStamp, 'LastLoginTime' => $TimeStamp, 'LastPostTime' => $TimeStamp, 'BlackLists' => '', 'UserFriend' => '', 'UserInfo' => '', 'UserIntro' => '', 'UserIM' => '', 'UserRoleID' => 1, 'UserAccountStatus' => 1, 'Birthday' => date("Y-m-d", $TimeStamp)); $DB->query('INSERT INTO `' . $Prefix . 'users`(`ID`, `UserName`, `Salt`, `Password`, `UserMail`, `UserHomepage`, `PasswordQuestion`, `PasswordAnswer`, `UserSex`, `NumFavUsers`, `NumFavTags`, `NumFavTopics`, `NewMessage`, `Topics`, `Replies`, `Followers`, `DelTopic`, `GoodTopic`, `UserPhoto`, `UserMobile`, `UserLastIP`, `UserRegTime`, `LastLoginTime`, `LastPostTime`, `BlackLists`, `UserFriend`, `UserInfo`, `UserIntro`, `UserIM`, `UserRoleID`, `UserAccountStatus`, `Birthday`) VALUES (:ID, :UserName, :Salt, :Password, :UserMail, :UserHomepage, :PasswordQuestion, :PasswordAnswer, :UserSex, :NumFavUsers, :NumFavTags, :NumFavTopics, :NewMessage, :Topics, :Replies, :Followers, :DelTopic, :GoodTopic, :UserPhoto, :UserMobile, :UserLastIP, :UserRegTime, :LastLoginTime, :LastPostTime, :BlackLists, :UserFriend, :UserInfo, :UserIntro, :UserIM, :UserRoleID, :UserAccountStatus, :Birthday)', $NewUserData); $CurUserID = $DB->lastInsertId(); //更新全站统计数据 $NewConfig = array("NumUsers" => $Config["NumUsers"] + 1, "DaysUsers" => $Config["DaysUsers"] + 1); UpdateConfig($NewConfig); $TemporaryUserExpirationTime = 30 * 86400 + $TimeStamp; //默认保持30天登陆状态
} if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (!ReferCheck(Request('Post', 'FormHash')) || empty($_SESSION[$Prefix . 'OauthAccessToken']) || !$State || empty($_SESSION[$Prefix . 'OauthState']) || $State != $_SESSION[$Prefix . 'OauthState']) { AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403); } // 读入Access Token $OauthObject->AccessToken = $_SESSION[$Prefix . 'OauthAccessToken']; // 释放session防止阻塞 session_write_close(); if (!$OauthObject->GetOpenID()) { AlertMsg('400 Bad Request', '400 Bad Request', 400); } $OauthUserInfo = $OauthObject->GetUserInfo(); CheckOpenID(); $UserName = strtolower(Request('Post', 'UserName')); if ($UserName && IsName($UserName)) { $UserExist = $DB->single("SELECT ID FROM " . $Prefix . "users WHERE UserName = :UserName", array('UserName' => $UserName)); if (!$UserExist) { $NewUserSalt = mt_rand(100000, 999999); $NewUserPassword = '******' . substr(md5(md5(mt_rand(1000000000, 2147483647)) . $NewUserSalt), 0, -3); $NewUserData = array('ID' => null, 'UserName' => $UserName, 'Salt' => $NewUserSalt, 'Password' => $NewUserPassword, 'UserMail' => '', 'UserHomepage' => '', 'PasswordQuestion' => '', 'PasswordAnswer' => '', 'UserSex' => 0, 'NumFavUsers' => 0, 'NumFavTags' => 0, 'NumFavTopics' => 0, 'NewMessage' => 0, 'Topics' => 0, 'Replies' => 0, 'Followers' => 0, 'DelTopic' => 0, 'GoodTopic' => 0, 'UserPhoto' => '', 'UserMobile' => '', 'UserLastIP' => $CurIP, 'UserRegTime' => $TimeStamp, 'LastLoginTime' => $TimeStamp, 'LastPostTime' => $TimeStamp, 'BlackLists' => '', 'UserFriend' => '', 'UserInfo' => '', 'UserIntro' => '', 'UserIM' => '', 'UserRoleID' => 1, 'UserAccountStatus' => 1, 'Birthday' => date("Y-m-d", $TimeStamp)); $DB->query('INSERT INTO `' . $Prefix . 'users` (`ID`, `UserName`, `Salt`, `Password`, `UserMail`, `UserHomepage`, `PasswordQuestion`, `PasswordAnswer`, `UserSex`, `NumFavUsers`, `NumFavTags`, `NumFavTopics`, `NewMessage`, `Topics`, `Replies`, `Followers`, `DelTopic`, `GoodTopic`, `UserPhoto`, `UserMobile`, `UserLastIP`, `UserRegTime`, `LastLoginTime`, `LastPostTime`, `BlackLists`, `UserFriend`, `UserInfo`, `UserIntro`, `UserIM`, `UserRoleID`, `UserAccountStatus`, `Birthday`) VALUES (:ID, :UserName, :Salt, :Password, :UserMail, :UserHomepage, :PasswordQuestion, :PasswordAnswer, :UserSex, :NumFavUsers, :NumFavTags, :NumFavTopics, :NewMessage, :Topics, :Replies, :Followers, :DelTopic, :GoodTopic, :UserPhoto, :UserMobile, :UserLastIP, :UserRegTime, :LastLoginTime, :LastPostTime, :BlackLists, :UserFriend, :UserInfo, :UserIntro, :UserIM, :UserRoleID, :UserAccountStatus, :Birthday)', $NewUserData); $CurUserID = $DB->lastInsertId(); //Insert App user $DB->query('INSERT INTO `' . $Prefix . 'app_users` (`ID`, `AppID`, `OpenID`, `AppUserName`, `UserID`, `Time`) VALUES (:ID, :AppID, :OpenID, :AppUserName, :UserID, :Time)', array('ID' => null, 'AppID' => $AppID, 'OpenID' => $OauthObject->OpenID, 'AppUserName' => htmlspecialchars($OauthObject->NickName), 'UserID' => $CurUserID, 'Time' => $TimeStamp)); //var_dump(htmlspecialchars($OauthObject->NickName)); //更新全站统计数据
$ErrorCode = 104000; if ($_SERVER['REQUEST_METHOD'] == 'POST' || $IsApp) { if (!ReferCheck(Request('Post', 'FormHash'))) { AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403); } $UserName = strtolower(Request('Post', 'UserName')); $Email = strtolower(Request('Post', 'Email')); $Password = Request('Post', 'Password'); $VerifyCode = intval(Request('Post', 'VerifyCode')); do { if (!($UserName && $Email && $Password && $VerifyCode)) { $Error = $Lang['Forms_Can_Not_Be_Empty']; $ErrorCode = 104001; break; } if (!IsName($UserName)) { $Error = $Lang['UserName_Error']; $ErrorCode = 104002; break; } if (!IsEmail($Email)) { $Error = $Lang['Email_Error']; $ErrorCode = 104003; break; } session_start(); $TempVerificationCode = ""; if (isset($_SESSION[$Prefix . 'VerificationCode'])) { $TempVerificationCode = intval($_SESSION[$Prefix . 'VerificationCode']); unset($_SESSION[$Prefix . 'VerificationCode']); } else {
public function save() { $aid = ForceIntFrom('aid'); $type = ForceIntFrom('type'); $activated = ForceIntFrom('activated'); $username = ForceStringFrom('username'); $password = ForceStringFrom('password'); $passwordconfirm = ForceStringFrom('passwordconfirm'); $email = ForceStringFrom('email'); $fullname = ForceStringFrom('fullname'); $fullname_en = ForceStringFrom('fullname_en'); $post = ForceStringFrom('post'); $post_en = ForceStringFrom('post_en'); $deleteuser = ForceIntFrom('deleteuser'); if ($deleteuser and $aid != $this->admin['aid']) { $this->DeleteUser($aid); Success('users'); //如果删除客服, 直接跳转 } if (!$username) { $errors[] = '请输入用户名!'; } elseif (!IsName($username)) { $errors[] = '用户名存在非法字符!'; } elseif (APP::$DB->getOne("SELECT aid FROM " . TABLE_PREFIX . "admin WHERE username = '******' AND aid != '{$aid}'")) { $errors[] = '用户名已存在!'; } if ($aid) { if (strlen($password) or strlen($passwordconfirm)) { if (strcmp($password, $passwordconfirm)) { $errors[] = '两次输入的密码不相同!'; } } } else { if (!$password) { $errors[] = '请输入密码!'; } elseif ($password != $passwordconfirm) { $errors[] = '两次输入的密码不相同!'; } } if (!$email) { $errors[] = '请输入Email地址!'; } elseif (!IsEmail($email)) { $errors[] = 'Email地址不规范!'; } elseif (APP::$DB->getOne("SELECT aid FROM " . TABLE_PREFIX . "admin WHERE email = '{$email}' AND aid != '{$aid}'")) { $errors[] = 'Email地址已占用!'; } if (!$fullname) { $errors[] = '请输入中文昵称!'; } if (!$fullname_en) { $errors[] = '请输入英文昵称!'; } if (!$post) { $errors[] = '请输入中文职位!'; } if (!$post_en) { $errors[] = '请输入英文职位!'; } if (isset($errors)) { Error($errors, Iif($aid, '编辑客服错误', '添加客服错误')); } else { if ($aid) { APP::$DB->exe("UPDATE " . TABLE_PREFIX . "admin SET username = '******',\n\t\t\t\t" . Iif($aid != $this->admin['aid'], "type = '{$type}', activated = '{$activated}',") . "\n\t\t\t\t" . Iif($password, "password = '******',") . "\n\t\t\t\temail = '{$email}',\n\t\t\t\tfullname = '{$fullname}',\n\t\t\t\tfullname_en = '{$fullname_en}',\n\t\t\t\tpost = '{$post}',\n\t\t\t\tpost_en = '{$post_en}'\t\t\t\t\t\t\t\t\t\t \n\t\t\t\tWHERE aid = '{$aid}'"); } else { APP::$DB->exe("INSERT INTO " . TABLE_PREFIX . "admin (type, activated, username, password, email, first, fullname, fullname_en, post, post_en) VALUES ('{$type}', 1, '{$username}', '" . md5($password) . "', '{$email}', '" . time() . "', '{$fullname}', '{$fullname_en}', '{$post}', '{$post_en}')"); } Success('users'); } }
die('File not found!'); } // ####################################################### $userinfo = array(); $userid = 0; define('COOKIE_NAME', 'weliveF' . COOKIE_KEY); $realtime = time(); $loginusername = ForceIncomingString('loginusername'); $loginpassword = ForceIncomingString('loginpassword'); if (strlen($loginusername) and strlen($loginpassword)) { $vvckey = ForceIncomingString('vvckey'); if (ForceIncomingCookie('safecookieF' . $vvckey . COOKIE_KEY) != md5($_CFG['cKillRobotCode'] . $vvckey)) { exit; } setcookie('safecookieF' . $vvckey . COOKIE_KEY, '', 0, '/'); if (!IsName($loginusername) or !IsPass($loginpassword)) { $logininfo = $lang['login_error1']; LogIn(); } else { $userid = LoginUser($loginusername, $loginpassword); if (!$userid) { $logininfo = $lang['login_error2']; LogIn(); } else { CreateSession($userid); header("Location: ./"); exit; } } } else { if (ForceIncomingInt('logout') == 1) {