function passwordCheck($original, $check)
{
    if ($original != $check) {
        errorform('password');
    } else {
        emailcheck();
    }
}
function signnow($email, $pass, $pass2)
{
    if (emailcheck($email) == true) {
        echo "Email is already Taken";
        return false;
    }
    if (strlen($pass) < 4) {
        echo "Password must be at least 4 chars.";
        return false;
    }
    if ($pass != $pass2) {
        echo "Passwords do not match";
        return false;
    }
    if (makeaccount($email, $pass) == false) {
        echo "An Error has Occured";
        return false;
    }
    return true;
}
Exemple #3
0
if (isset($_GET['do'], $_POST['username'], $_POST['userpwd'], $_POST['repwd'], $_POST['useremail']) && $_GET['do'] == "reg") {
    $uname = strAddslashes(trim($_POST['username']));
    $checkname = usernameCheck($uname);
    if (!empty($checkname)) {
        die("1 " . $checkname);
    }
    $passwd = stripslashes(trim($_POST['userpwd']));
    $repasswd = stripslashes(trim($_POST['repwd']));
    if (strlen($passwd) < 6 || strlen($passwd) > 18) {
        die("1 密码长度应控制在6至18个字符之间。");
    }
    if ($passwd != $repasswd) {
        die("1 两次输入的密码不一致。");
    }
    $email = strtolower(trim($_POST['useremail']));
    if (strlen($email) > 45 || !emailcheck($email)) {
        die("1 电子邮件地址不合法。");
    }
    $actionTime = time();
    $actionIp = getClientIP();
    $DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
    if ($DB->fetch_one("SELECT COUNT(`bid`) FROM `" . $table_black . "` WHERE `uname`='" . $actionIp . "'") != 0) {
        echo "1 很抱歉,系统拒绝了您的注册!请与管理员联系。";
    } else {
        if ($DB->fetch_one("SELECT COUNT(`uid`) FROM `" . $table_member . "` WHERE lower(`name`)='" . strtolower($uname) . "'") != 0) {
            echo "1 用户昵称已被占用";
        } else {
            if ($DB->fetch_one("SELECT COUNT(`uid`) FROM `" . $table_member . "` WHERE `email` = '" . $email . "'") != 0) {
                echo "1 电子邮箱地址已被注册";
            } else {
                $passport_info['name'] = $uname;
            <li>
                <a href = "index.php">Sign In</a>
            </li>
        </ul>
    </nav>

    <div id = "content">
        <h2>To reset your password, enter the email address you use to sign in.</h2>

        <?php 
$mess = "";
if (isset($_POST['SubButton'])) {
    $userNameIn = trim($_POST['myUname']);
    $userNameIn = mysqli_real_escape_string($con, $userNameIn);
    //now veriy the username and password
    if (emailcheck($userNameIn)) {
        $count = 0;
        //check if the username and password exists in the database
        $sql = "Call SP_COUNT_Aegis_Email('" . $userNameIn . "',@count);select @count as c";
        if (mysqli_multi_query($con, $sql)) {
            do {
                // Store first result set
                if ($result = mysqli_store_result($con)) {
                    // Fetch one and one row
                    while ($row = mysqli_fetch_row($result)) {
                        $count = $row[0];
                        //the second result is the count. It overwrites the first $count value.
                    }
                    // Free result set
                    mysqli_free_result($result);
                }
Exemple #5
0
 $reppasswd = stripslashes(trim($_POST['reppasswd']));
 if (!empty($newpasswd)) {
     if (strlen($newpasswd) < 6 || strlen($newpasswd) > 18) {
         die("1 新密码长度应控制在6至18个字符之间。");
     }
     if ($newpasswd != $reppasswd) {
         die("1 两次输入的新密码不一致。");
     }
     if ($newpasswd == $oldpasswd) {
         die("1 新密码不能与当前密码一样。");
     }
     $profileArr['password'] = md5($newpasswd);
     $profileArr['securekey'] = createSecureKey(9);
 }
 $useremail = strtolower(trim($_POST['useremail']));
 if (strlen($useremail) > 45 || !emailcheck($useremail)) {
     die("1 电子邮件地址不合法。");
 }
 $DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
 $userArr = $TB->getMemberInfo("`uid`", $loginArr['uid']);
 if ($userArr['password'] == md5($oldpasswd)) {
     if ($userArr['email'] != $useremail) {
         if ($DB->fetch_one("SELECT COUNT(`uid`) FROM `" . $table_member . "` WHERE `email`='" . $useremail . "'") != 0) {
             $DB->close();
             die("1 电子邮箱地址已被占用");
         }
         $profileArr['email'] = $useremail;
     }
     if (isset($profileArr)) {
         if ($DB->query($DB->update_sql("`" . $table_member . "`", $profileArr, "`uid`=" . $userArr['uid']))) {
             echo "0 相关信息已成功修改!";
function addemail($email, $listid)
{
    if (email_is_valid($email)) {
        $emailid = emailcheck($email);
        if ($emailid) {
            echo $emailid;
            if (subcheck($emailid, $listid) != true) {
                subadd($emailid, $listid);
            }
        } else {
            $emailid = emailadd($email);
            emailprop($emailid);
            subadd($emailid, $listid);
        }
    }
}
<?php

require dirname(__FILE__) . "/global.php";
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
$where = "";
if (isset($_GET['te'], $_GET['wd']) && !empty($_GET['wd'])) {
    $keyword = strAddslashes(strtolower(trim($_GET['wd'])));
    if ($_GET['te'] == "uid" && is_numeric($keyword) && $keyword >= 1) {
        $where = "WHERE `uid` = " . $keyword;
    }
    if ($_GET['te'] == "name") {
        $where = "WHERE lower(`name`) LIKE '" . $keyword . "%'";
    }
    if ($_GET['te'] == "email" && emailcheck($keyword)) {
        $where = "WHERE `email` = '" . $keyword . "'";
    }
}
$MemberArr = $QA->getMember($where, $page, 30);
$DB->close();
unset($DB, $QA);
$tmp =& myTpl("user_list.html");
$tmp->assign('codeName', $code_name);
$tmp->assign('codeVersion', $code_version);
$tmp->assign('siteName', $site_name);
$tmp->assign('siteDomain', $site_domain);
$tmp->assign('siteCatalog', $site_catalog);
$tmp->assign('MemberArr', $MemberArr);
$tmp->output();
Exemple #8
0
    if (isset($_SERVER['HTTP_REFERER'])) {
        $backUrl = $_SERVER['HTTP_REFERER'];
    } else {
        $backUrl = "./";
    }
    header("location:" . $backUrl);
} else {
    if (isset($_GET['do']) && $_GET['do'] == "login") {
        if (isset($_POST['login-user'], $_POST['login-pwd'])) {
            $loginUser = strAddslashes(trim($_POST['login-user']));
            $loginPwd = stripslashes(trim($_POST['login-pwd']));
            if (strlen($loginUser) < 2 || strlen($loginUser) > 45 || strlen($loginPwd) < 6 || strlen($loginPwd) > 18) {
                echo "0 用户名或者密码不符合要求";
            } else {
                $DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
                if (!emailcheck($loginUser)) {
                    $LoginType = "lower(`name`)";
                } else {
                    $LoginType = "`email`";
                }
                $userArr = $TB->getMemberInfo($LoginType, strtolower($loginUser));
                if (!empty($userArr['uid'])) {
                    if ($userArr['password'] == md5($loginPwd)) {
                        $loginTime = time();
                        $loginIp = getClientIP();
                        loginCookie($userArr['uid'], $userArr['name'], $userArr['groupid'], $loginIp, $loginTime);
                        $loginInfo['securekey'] = createSecureKey(10);
                        $loginInfo['lastdate'] = $loginTime;
                        $loginInfo['lastip'] = $loginIp;
                        if ($userArr['lastdate'] != date("Y.m.d")) {
                            $loginInfo['integral'] = array("`integral`+1");
Exemple #9
0
function do2fa($data, $user)
{
    $mailmode = '';
    $tfa = null;
    $err = '';
    $msg = '';
    $res = emailcheck($user);
    if ($res != null) {
        $msg = $res;
        $ans = get2fa($user, '', 0, 0);
        goto skipo;
    }
    $setup = getparam('Setup', false);
    if ($setup === 'Setup') {
        // rand() included as part of the entropy
        $ans = get2fa($user, 'setup', rand(1073741824, 2147483647), 0);
        $mailmode = 'Setup';
    } else {
        $can = getparam('Cancel', false);
        if ($can === 'Cancel') {
            $ans = get2fa($user, 'untest', 0, 0);
            $mailmode = 'Cancel';
        } else {
            $value = getparam('Value', false);
            $test = getparam('Test', false);
            if ($test === 'Test' and $value !== null) {
                $ans = get2fa($user, 'test', 0, $value);
                $mailmode = 'Test';
            } else {
                $nw = getparam('New', false);
                if ($nw === 'New' and $value !== null) {
                    $ans = get2fa($user, 'new', rand(1073741824, 2147483647), $value);
                    $mailmode = 'New';
                } else {
                    $rem = getparam('Remove', false);
                    if ($rem === 'Remove' and $value !== null) {
                        $ans = get2fa($user, 'remove', 0, $value);
                        $mailmode = 'Remove';
                    } else {
                        $ans = get2fa($user, '', 0, 0);
                    }
                }
            }
        }
    }
    skipo:
    if ($ans['STATUS'] != 'ok') {
        $err = 'DBERR';
    } else {
        if (isset($ans['2fa_error'])) {
            $err = $ans['2fa_error'];
        }
        if ($mailmode != '' and $err == '') {
            $ans2 = userSettings($user);
            if ($ans2['STATUS'] != 'ok') {
                dbdown();
            }
            // Should be no other reason?
            if (!isset($ans2['email'])) {
                $err = 'An error occurred, check your details below';
            } else {
                $email = $ans2['email'];
                $emailinfo = getOpts($user, emailOptList());
                if ($emailinfo['STATUS'] != 'ok') {
                    $err = 'An error occurred, check your details below';
                } else {
                    if ($mailmode === 'Setup') {
                        twofaSetup($email, zeip(), $emailinfo);
                    } else {
                        if ($mailmode === 'Test') {
                            twofaEnabled($email, zeip(), $emailinfo);
                        } else {
                            if ($mailmode === 'New') {
                                twofaSetup($email, zeip(), $emailinfo);
                            } else {
                                if ($mailmode === 'Cancel') {
                                    twofaCancel($email, zeip(), $emailinfo);
                                } else {
                                    if ($mailmode === 'Remove') {
                                        twofaRemove($email, zeip(), $emailinfo);
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    if (isset($ans['2fa_status'])) {
        $tfa = $ans['2fa_status'];
    }
    if ($msg == '' && isset($ans['2fa_msg'])) {
        $msg = $ans['2fa_msg'];
    }
    $pg = set_2fa($data, $user, $tfa, $ans, $err, $msg);
    return $pg;
}
Exemple #10
0
<?php

require dirname(__FILE__) . "/global.php";
if (isset($_GET['action']) && $_GET['action'] == "update") {
    if (isset($_POST['T'], $_POST['E'], $_POST['S'], $_POST['P'], $_POST['A'], $_POST['U'], $_POST['W'])) {
        $mail_send_type = $_POST['T'];
        $send_email_address = strtolower(trim($_POST['E']));
        if (empty($send_email_address) || !emailcheck($send_email_address)) {
            die("<script>alert('发件人邮箱错误');</script>");
        }
        $smtp_server = strtolower(trim($_POST['S']));
        $smtp_port = trim($_POST['P']);
        $smtp_auth = $_POST['A'];
        $smtp_user = stripslashes(trim($_POST['U']));
        $smtp_password = stripslashes(trim($_POST['W']));
        if ($mail_send_type == "smtp") {
            if (empty($smtp_server)) {
                die("<script>alert('SMTP服务器不能为空');</script>");
            }
            if (!is_numeric($smtp_port)) {
                die("<script>alert('SMTP端口错误');</script>");
            }
        } else {
            $smtp_server = "";
            $smtp_port = "25";
            $smtp_auth = "true";
            $smtp_user = "";
            $smtp_password = "";
        }
        $config_str = "<?php";
        $config_str .= "\n";
Exemple #11
0
    inactive($no);
}
if (isset($_POST['submit'])) {
    $userid = sql_escape($_POST['userid']);
    $email = sql_escape($_POST['email2']);
    $password = md5(sql_escape($_POST['password']));
    $email2 = sql_escape($_POST['email2']);
    $password2 = md5(sql_escape($_POST['password2']));
    $fname = sql_escape($_POST['fname']);
    $lname = sql_escape($_POST['lname']);
    $cno = sql_escape($_POST['cno']);
    $bank = sql_escape($_POST['bank']);
    $accno = sql_escape($_POST['accno']);
    $add = sql_escape($_POST['add']);
    $quali = sql_escape($_POST['quali']);
    $re = emailcheck($email);
    if ($password != $password2) {
        echo "<script type='text/javascript'>alert('Passwords do not match');</script>";
    } elseif ($re != 'yes') {
        if ($email == '') {
            $update = "UPDATE `user` SET `first_name`='{$fname}',`last_name`='{$lname}',`contact_number`='{$cno}',`Address`='{$add}' WHERE user_id='{$userid}'";
            registerc($update);
        } else {
            $update = "UPDATE `user` SET `first_name`='{$fname}',`last_name`='{$lname}',`email`='{$email}',`contact_number`='{$cno}',`Address`='{$add}' WHERE user_id='{$userid}'";
            registerc($update);
        }
        if ($_POST['password'] != '') {
            $update = "UPDATE `user` SET `password`='{$password}' WHERE user_id='{$userid}'";
            registerc($update);
        }
        $mc = "UPDATE `medical_c` SET `acc_no`='{$accno}',`bank`='{$bank}', `qualifications`= '{$quali}' WHERE `user_id`='{$userid}'";
Exemple #12
0
    }
} elseif (isset($_POST['submit3'])) {
    $email = sql_escape($_POST['email']);
    $password = md5(sql_escape($_POST['password']));
    $email2 = sql_escape($_POST['email2']);
    $password2 = md5(sql_escape($_POST['password2']));
    $fname = sql_escape($_POST['fname']);
    $lname = sql_escape($_POST['lname']);
    $sex = sql_escape($_POST['sex']);
    $cno = sql_escape($_POST['cno']);
    $quali = sql_escape($_POST['quali']);
    $add = sql_escape($_POST['add']);
    $bank = sql_escape($_POST['bank']);
    $accno = sql_escape($_POST['accno']);
    $dob = sql_escape($_POST['year']) . '-' . sql_escape($_POST['month']) . '-' . sql_escape($_POST['day']);
    $check = emailcheck($email);
    $checkno = numbercheck($cno);
    if ($check == 'yes') {
        echo '<script>alert("Email already exists!");</script>';
    } elseif ($checkno == 'yes') {
        echo '<script>alert("Contact number already exists!");</script>';
    } else {
        $insert = "INSERT INTO `user`(`first_name`, `last_name`, `email`, `gender`, `user_type`, `is_active`, `password`, `contact_number`, `Address`,`dob`) VALUES ('{$fname}', '{$lname}','{$email}','{$sex}', 'G', '2', '{$password}', '{$cno}', '{$add}','{$dob}')";
        $result = register($insert);
        $medcon = "INSERT INTO `medical_c`( `user_id`, `qualifications`, `acc_no`, `bank`) VALUES ('{$result['0']}', '{$quali}','{$accno}','{$bank}')";
        $result2 = registerc($medcon);
        echo "<script type='text/javascript'>alert('" . $result2[1] . "')</script>";
    }
}
require_once "includes/header.php";
//require_once("includes/header2.php");
<?php

require dirname(__FILE__) . "/global.php";
if (isset($_GET['do']) && $_GET['do'] == "send") {
    if (isset($_POST['username'], $_POST['useremail'])) {
        $username = strAddslashes(trim($_POST['username']));
        $checkname = usernameCheck($username);
        $email = strtolower(trim($_POST['useremail']));
        if (!empty($checkname) || !emailcheck($email)) {
            echo "1 用户昵称或者电子邮件不正确。";
        } else {
            $newKey = createSecureKey(9);
            $DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
            $userArr = $TB->getMemberInfo("lower(`name`)", strtolower($username));
            if ($userArr['email'] == $email) {
                $secureArr['securekey'] = $newKey;
                $DB->query($DB->update_sql("`" . $table_member . "`", $secureArr, "`uid`=" . $userArr['uid']));
                $mail_title = $userArr['name'] . ",您的临时识别码";
                $mail_body = "您的临时识别码:" . $newKey;
                if (sendEmail($userArr['email'], $mail_title, $mail_body)) {
                    echo "0 " . $userArr['uid'];
                } else {
                    echo "1 识别码发送失败!请重试。";
                }
            } else {
                echo "1 用户昵称与电子邮件不匹配。";
            }
            $DB->close();
        }
    }
} else {
Exemple #14
0
function dosettings($data, $user)
{
    $err = '';
    $chg = getparam('Change', false);
    $check = false;
    switch ($chg) {
        case 'EMail':
            $email = getparam('email', false);
            $res = bademail($email);
            if ($res != null) {
                $err = $res;
            } else {
                $pass = getparam('pass', false);
                $twofa = getparam('2fa', false);
                $ans = userSettings($user, $email, null, $pass, $twofa);
                $err = 'EMail changed';
                $check = true;
            }
            break;
        case 'Address':
            if (!isset($data['info']['u_multiaddr'])) {
                $res = emailcheck($user);
                if ($res != null) {
                    $err = $res;
                } else {
                    $addr = getparam('baddr', false);
                    $addrarr = array(array('addr' => $addr));
                    $pass = getparam('pass', false);
                    $twofa = getparam('2fa', false);
                    $ans = userSettings($user, null, $addrarr, $pass, $twofa);
                    $err = 'Payout address changed';
                    $check = true;
                }
            }
            break;
        case 'Password':
            $res = emailcheck($user);
            if ($res != null) {
                $err = $res;
            } else {
                $oldpass = getparam('oldpass', false);
                $pass1 = getparam('pass1', false);
                $pass2 = getparam('pass2', false);
                $twofa = getparam('2fa', false);
                if (!safepass($pass1)) {
                    $err = 'Unsafe password. ' . passrequires();
                } elseif ($pass1 != $pass2) {
                    $err = "Passwords don't match";
                } else {
                    $ans = setPass($user, $oldpass, $pass1, $twofa);
                    $err = 'Password changed';
                    $check = true;
                }
            }
            break;
    }
    $doemail = false;
    if ($check === true) {
        if ($ans['STATUS'] != 'ok') {
            $err = $ans['STATUS'];
            if ($ans['ERROR'] != '') {
                $err .= ': ' . $ans['ERROR'];
            }
        } else {
            $doemail = true;
        }
    }
    $ans = userSettings($user);
    if ($ans['STATUS'] != 'ok') {
        dbdown();
    }
    // Should be no other reason?
    if (isset($ans['email'])) {
        $email = $ans['email'];
    } else {
        $email = '';
    }
    // Use the first one - updating will expire all others
    if (isset($ans['rows']) and $ans['rows'] > 0) {
        $addr = $ans['addr:0'];
    } else {
        $addr = '';
    }
    if ($doemail) {
        if ($email == '') {
            if ($err != '') {
                $err .= '<br>';
            }
            $err .= 'An error occurred, check your details below';
            goto iroiroattanoyo;
        }
        $emailinfo = getOpts($user, emailOptList());
        if ($emailinfo['STATUS'] != 'ok') {
            if ($err != '') {
                $err .= '<br>';
            }
            $err .= 'An error occurred, check your details below';
            goto iroiroattanoyo;
        }
        switch ($chg) {
            case 'EMail':
                if (isset($_SESSION['old_set_email'])) {
                    $old = $_SESSION['old_set_email'];
                } else {
                    $old = null;
                }
                emailAddressChanged($email, zeip(), $emailinfo, $old);
                break;
            case 'Address':
                payoutAddressChanged($email, zeip(), $emailinfo);
                break;
            case 'Password':
                passChanged($email, zeip(), $emailinfo);
                break;
        }
    }
    iroiroattanoyo:
    $pg = settings($data, $user, $email, $addr, $err);
    return $pg;
}