$_subject = "重設密碼 - {$center['site_name']}";
$_body = "{$_member['row']['username']} 您好\n\t\t\n 請點擊以下連結重設您的密碼 \n\t\t\n " . sc_get_headurl() . "getpassword.php?id={$_member['row']['id']}&auth=" . md5($_member['row']['rekey']) . "\n\t\t\n (若是您沒有申請重設密碼,請忽略此信件)";
$_header = "From: {$center['site_name']} <{$center['mail']}> \n";
$_header .= 'Content-type:text/plain; charset=UTF-8';
mb_internal_encoding('UTF-8');
$_subject = mb_encode_mimeheader($_subject, 'UTF-8');
if (mail($_member['row']['email'], $_subject, $_body, $_header)) {
$_step = 2;
}
}
} elseif (isset($_GET['auth']) && trim($_GET['auth']) != '' && isset($_GET['id']) && abs($_GET['id']) != '') {
$_uid = abs($_GET['id']);
$_member = sc_get_result("SELECT * FROM member WHERE `id` = '%d'", array($_uid));
if ($_member['num_rows'] > 0) {
if (md5($_member['row']['rekey']) == $_GET['auth']) {
$_rekey_SQL = sprintf(",`rekey` = '%s'", substr(sc_keygen($_GET['auth']), 0, 16));
$_step = 3;
if (isset($_POST['password']) && trim($_POST['password']) != '') {
$SQL->query("UPDATE member SET `password` = '%s' {$_rekey_SQL} WHERE `id` = '%d'", array(sc_password($_POST['password'], $_member['row']['username']), $_uid));
$_step = 4;
header("Location: index.php?getpassword");
exit;
}
}
}
}
$view = new View('include/theme/default.html', 'include/nav.php', NULL, $center['site_name'], '重設密碼');
if (isset($_GET['nouser'])) {
?>
<div class="alert alert-danger">帳號或電子信箱出現錯誤</div>
<?php
function sc_register($_username, $_password, $_email, $_web_site = '', $_level = 1)
{
global $SQL;
global $center;
if ($center['register'] == 1) {
if (isset($_username) && trim(sc_namefilter($_username)) != '' && isset($_password) && trim($_password) != '' && filter_var($_email, FILTER_VALIDATE_EMAIL)) {
if ($_web_site != '' && !filter_var($_web_site, FILTER_VALIDATE_URL)) {
return -2;
}
$_username = sc_namefilter($_username);
$auth_name = $SQL->query("SELECT `username` FROM `member` WHERE `username` = '%s' OR `email` = '%s'", array($_username, $_email));
if ($auth_name->num_rows > 0) {
return -1;
exit;
}
$SQL->query("INSERT INTO `member` (`username`, `password`, `email`, `web_site`, `avatar`, `rekey`, `level` , `joined` ,`last_login`) VALUES ('%s', '%s', '%s', '%s', 'default.png', '%s', '%d', now(), now())", array(sc_namefilter($_username), sc_password($_password, $_username), $_email, $_web_site, substr(sc_keygen($_username), 0, 16), $_level));
return 1;
} else {
return -2;
}
} else {
return -3;
}
}
