<?php
/**
* 迷你同学录 (http://mini_class.piscdong.com/)
* (c)PiscDong studio (http://www.piscdong.com/)
*
* 程序完全免费,请保留这段代码。
* 请勿出售本程序或其修改版,请勿利用本程序或其修改版进行任何商业活动。
*/
if ($c_log && isset($r_dbu)) {
$title .= '修改密码';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['password']) && $_POST['password'] != '') {
if (enc_p($_POST['password0']) == $r_dbu['password']) {
$u_db = sprintf('update %s set password=%s where id=%s', $dbprefix . 'member', SQLString(enc_p($_POST['password']), 'text'), $r_dbu['id']);
$result = mysql_query($u_db) or die('');
$e = 1;
} else {
$e = 2;
}
}
header('Location:./?m=profile&t=password' . (isset($e) ? '&e=' . $e : ''));
exit;
} else {
$a_msg = array(1 => '密码已修改。', '当前密码错误!');
$content .= (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '<div class="msg_v">' . $a_msg[$_GET['e']] . '</div>' : '') . '<div class="title">修改密码</div><div class="lcontent"><form method="post" action="" class="btform_p" id="seform"><table><tr><td>当前密码:</td><td><input type="password" name="password0" size="32" class="bt_input" rel="当前密码" /></td></tr><tr><td>新密码:</td><td><input type="password" name="password" id="formpw" size="32" class="bt_input" rel="新密码" /></td></tr><tr><td>确认:</td><td><input type="password" name="password1" id="formpw1" size="32" /></td></tr><tr><td colspan="2"><input type="submit" value="修改" class="button" /></td></tr></table></form></div>';
}
}
$gtalk = htmlspecialchars(trim($_POST['gtalk']), ENT_QUOTES);
$address = htmlspecialchars(trim($_POST['address']), ENT_QUOTES);
$location = htmlspecialchars(trim($_POST['location']), ENT_QUOTES);
$gid = isset($_POST['gid']) && isset($g_c) && in_array($_POST['gid'], $g_c) && isset($g_a[$_POST['gid']]) ? $_POST['gid'] : 0;
$rela = htmlspecialchars(trim($_POST['rela']), ENT_QUOTES);
$u_db = sprintf('update %s set name=%s, gender=%s, bir_y=%s, bir_m=%s, bir_d=%s, isnl=%s, url=%s, email=%s, phone=%s, work=%s, tel=%s, qq=%s, msn=%s, gtalk=%s, address=%s, location=%s, gid=%s, rela=%s where id=%s', $dbprefix . 'member', SQLString($name, 'text'), SQLString($gender, 'int'), SQLString($bir_y, 'int'), SQLString($bir_m, 'int'), SQLString($bir_d, 'int'), $isnl, SQLString($url, 'text'), SQLString($email, 'text'), SQLString($phone, 'text'), SQLString($work, 'text'), SQLString($tel, 'text'), SQLString($qq, 'text'), SQLString($msn, 'text'), SQLString($gtalk, 'text'), SQLString($address, 'text'), SQLString($location, 'text'), SQLString($gid, 'int'), SQLString($rela, 'text'), $r_dbu['id']);
$result = mysql_query($u_db) or die('');
$e = 1;
} elseif (isset($_POST['username']) && trim($_POST['username']) != '') {
$username = trim($_POST['username']);
$s_dbe = sprintf('select id from %s where username=%s and id<>%s', $dbprefix . 'member', SQLString($username, 'text'), $r_dbu['id']);
$q_dbe = mysql_query($s_dbe) or die('');
if (mysql_num_rows($q_dbe) > 0) {
$e = 2;
} else {
$password = trim($_POST['password']) != '' ? enc_p(trim($_POST['password'])) : $r_dbu['password'];
$u_db = sprintf('update %s set username=%s, password=%s where id=%s', $dbprefix . 'member', SQLString($username, 'text'), SQLString($password, 'text'), $r_dbu['id']);
$result = mysql_query($u_db) or die('');
$e = 1;
}
mysql_free_result($q_dbe);
}
header('Location:./?m=edituser&id=' . $id . (isset($_GET['t']) ? '&t=' . $_GET['t'] : '') . (isset($e) ? '&e=' . $e : ''));
exit;
} else {
$a_msg = array(1 => '个人资料已修改。', '请使用其他的用户名!');
$content .= '<div class="rcontent"><div class="content">' . (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '<div class="msg_v">' . $a_msg[$_GET['e']] . '</div>' : '');
if (isset($_GET['t']) && $_GET['t'] == 'login') {
$title .= '修改登录信息 - ' . $r_dbu['name'];
$content .= '<div class="title">修改登录信息 - ' . $r_dbu['name'] . '</div><div class="lcontent"><form method="post" action="" class="btform" id="prform"><table><tr><td>用户名:</td><td><input name="username" size="32" value="' . htmlspecialchars($r_dbu['username'], ENT_QUOTES) . '" class="bt_input" rel="用户名" /></td></tr><tr><td>密码:</td><td><input type="password" name="password" size="32" />如不需要更改密码,此处请留空</td></tr><tr><td colspan="2"><input type="submit" value="修改" class="button" /></td></tr></table></form></div>';
} elseif (isset($_GET['t']) && $_GET['t'] == 'avator') {
<?php
/**
* 迷你同学录 (http://mini_class.piscdong.com/)
* (c)PiscDong studio (http://www.piscdong.com/)
*
* 程序完全免费,请保留这段代码。
* 请勿出售本程序或其修改版,请勿利用本程序或其修改版进行任何商业活动。
*/
if (!$c_log) {
$title .= '忘记密码';
$a_msg = array(1 => '密码已修改。', '答案错误!', '您没有设置安全问题!', '用户名错误!');
$content .= '<div class="tcontent">' . (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '<div class="msg_v">' . $a_msg[$_GET['e']] . '</div>' : '') . '<div class="title">忘记密码 - 第';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['id']) && intval($_POST['id']) > 0 && isset($_POST['password']) && trim($_POST['password']) != '') {
$password = enc_p(trim($_POST['password']));
$answer = htmlspecialchars($_POST['answer'], ENT_QUOTES);
$s_dbu = sprintf('select id from %s where id=%s limit 1', $dbprefix . 'member', SQLString($_POST['id'], 'int'));
$q_dbu = mysql_query($s_dbu) or die('');
$r_dbu = mysql_fetch_assoc($q_dbu);
if (mysql_num_rows($q_dbu) > 0 && $r_dbu['answer'] == $answer) {
$u_db = sprintf('update %s set password=%s where id=%s', $dbprefix . 'member', SQLString($password, 'text'), $r_dbu['id']);
$result = mysql_query($u_db) or die('');
$e = 1;
} else {
$e = 2;
}
mysql_free_result($q_dbu);
header('Location:./?m=lostpwd&e=' . $e);
exit;
} elseif (isset($_POST['username']) && trim($_POST['username']) != '') {
<?php
/**
* 迷你同学录 (http://mini_class.piscdong.com/)
* (c)PiscDong studio (http://www.piscdong.com/)
*
* 程序完全免费,请保留这段代码。
* 请勿出售本程序或其修改版,请勿利用本程序或其修改版进行任何商业活动。
*/
if ($c_log && isset($r_dbu)) {
$title .= '安全设置';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['question'])) {
if (enc_p($_POST['password0']) == $r_dbu['password']) {
$question = htmlspecialchars($_POST['question'], ENT_QUOTES);
$answer = htmlspecialchars($_POST['answer'], ENT_QUOTES);
$u_db = sprintf('update %s set question=%s, answer=%s where id=%s', $dbprefix . 'member', SQLString($question, 'text'), SQLString($answer, 'text'), $r_dbu['id']);
$result = mysql_query($u_db) or die('');
$e = 1;
} else {
$e = 2;
}
}
header('Location:./?m=profile&t=security' . (isset($e) ? '&e=' . $e : ''));
exit;
} else {
$a_msg = array(1 => '个人资料已修改。', '当前密码错误!');
$content .= (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '<div class="msg_v">' . $a_msg[$_GET['e']] . '</div>' : '') . '<div class="title">安全设置</div><div class="lcontent"><form method="post" action="" class="btform" id="seform"><table><tr><td>当前密码:</td><td><input type="password" name="password0" size="32" class="bt_input" rel="当前密码" /></td></tr><tr><td>安全问题:</td><td><input name="question" size="32" value="' . $r_dbu['question'] . '" /></td></tr><tr><td>答案:</td><td><input name="answer" size="32" /></td></tr><tr><td colspan="2"><input type="submit" value="修改" class="button" /></td></tr></table></form></div>';
}
}
return (double) $mt[0] + (double) $mt[1];
}
$mt = getMicrotime();
$s_dbm = sprintf('select * from %s limit 1', $dbprefix . 'main');
$q_dbm = mysql_query($s_dbm) or die('');
$r_dbm = mysql_fetch_assoc($q_dbm);
$config = $r_dbm;
mysql_free_result($q_dbm);
$config['u_hash'] = md5($dbprefix);
$root_p = pathinfo($_SERVER['PHP_SELF']);
$root_url = 'http://' . $_SERVER['HTTP_HOST'] . str_replace('\\', '', $root_p['dirname']);
if (substr($root_url, -1) != '/') {
$root_url .= '/';
}
$config['site_url'] = $root_url;
if ($config['open'] > 0 && $config['g_open'] > 0 && $config['g_name'] != '' && $config['g_pwd'] != '' && (!isset($_SESSION[$config['u_hash']]) || $_SESSION[$config['u_hash']] == '') && isset($_SESSION['guest_n_' . $config['u_hash']]) && $_SESSION['guest_n_' . $config['u_hash']] == $config['g_name'] && isset($_SESSION['guest_p_' . $config['u_hash']]) && $_SESSION['guest_p_' . $config['u_hash']] == enc_p($config['g_pwd'])) {
$config['open'] = 0;
}
$g_a = array('班级成员', '家属', '班级友人', '老师');
$em_a = array(1 => '嘻嘻', '亲亲', '难过', '天使', '哈哈', '恶魔', '眼镜', '无语', '呵呵', '惊讶', '泪', '眨眼');
$a_d_sync = array('9904af8956646323962cc7e3139ac7d3', '9D8903FDDC5E9B0DB284F6879F2712EEAK', '67f7f7ab16734416a82a94be786d6876', '3b81f8e398bf6e40443a224dcf246b9a', 'NZVBEIcC5QxgsY34BhNX', 'lWete(vVG1D2H)-OfFZXNRAY2JviKe$T=(m#VGra');
if ($config['is_flickr'] > 0 && $config['is_uflickr'] > 0) {
$config['flickr_key'] = $a_d_sync[0];
}
if ($config['is_babab'] > 0 && $config['is_ubabab'] > 0) {
$config['babab_key'] = $a_d_sync[1];
}
if ($config['is_tqq'] > 0 && $config['is_utqq'] > 0) {
$config['tqq_key'] = $a_d_sync[2];
$config['tqq_se'] = $a_d_sync[3];
}
setcookie($config['u_hash'] . '_p', $password, time() + 86400 * 30);
} else {
setcookie($config['u_hash'] . '_u', '', time());
setcookie($config['u_hash'] . '_p', '', time());
}
} else {
$e = 1;
}
} else {
$e = 2;
}
mysql_free_result($q_dbu);
if (isset($e) && $e == 2 && $config['open'] > 0 && $config['g_open'] > 0 && $config['g_name'] != '' && $config['g_pwd'] != '') {
$g_name = htmlspecialchars(trim($_POST['username']), ENT_QUOTES);
$g_pwd = enc_p(htmlspecialchars(trim($_POST['password']), ENT_QUOTES));
if ($g_name == $config['g_name'] && $g_pwd == enc_p($config['g_pwd'])) {
$_SESSION['guest_n_' . $config['u_hash']] = $g_name;
$_SESSION['guest_p_' . $config['u_hash']] = $g_pwd;
$u_db = sprintf('update %s set g_vc=g_vc+1, g_vdate=%s, g_ip_i=inet_aton(%s)', $dbprefix . 'main', time(), SQLString(getIP(), 'text'));
$result = mysql_query($u_db) or die('');
}
}
}
if (isset($_GET['m'])) {
$u[] = 'm=' . $_GET['m'];
}
if (isset($_GET['t'])) {
$u[] = 't=' . $_GET['t'];
}
if (isset($_GET['page'])) {
$u[] = 'page=' . $_GET['page'];
