function wmzz_chpwd_setting()
{
if (!empty($_POST['wmzz_chpwd_newpw'])) {
$newpw = addslashes($_POST['wmzz_chpwd_newpw']);
global $m;
$m->query("UPDATE `" . DB_NAME . "`.`" . DB_PREFIX . "users` SET `pw` = '" . EncodePwd($newpw) . "' WHERE id = " . UID);
msg('更改密码成功,请重新登录', SYSTEM_URL);
}
}
header("Location:index.php?mod=login&error_msg=微博登录授权失败,密码错误 :) ");
}
}
break;
case 'regpost':
$yr_reg = option::get('yr_reg');
if (!empty($yr_reg)) {
isset($_POST['yr']) ? $invite = $_POST['yr'] : die("缺少需要的数据哟 invite :)");
if ($invite != $yr_reg) {
header("Location:index.php?mod=login&error_msg=邀请码错误!");
}
}
isset($_POST['mail']) ? $email = addslashes($_POST['mail']) : die("缺少需要的数据哟 mail :)");
isset($_POST['pwd']) ? $pwd = $_POST['pwd'] : die("缺少需要的数据哟 pwd :)");
isset($_POST['name']) ? $username = addslashes($_POST['name']) : die("缺少需要的数据哟 uname :)");
/*开始注册判定*/
if (option::get('enable_reg') != '1') {
msg('注册失败:该站点已关闭注册');
}
$x = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE `name` = '{$username}' OR `email` = '{$email}' LIMIT 1");
$y = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users`");
if ($x['total'] > 0) {
msg('注册失败:用户名或邮箱已经被注册');
}
$m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'users` (`id`, `name`, `pw`, `email`, `role`, `t`) VALUES (NULL, \'' . $username . '\', \'' . $pwd . '\', \'' . $email . '\', \'user\', \'' . getfreetable() . '\');');
$id = $m->once_fetch_array("SELECT * FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE `name` = '{$username}' ");
setcookie("uid", $id['id'], time() + 999999);
setcookie("pwd", substr(sha1(EncodePwd($pwd)), 4, 32), time() + 999999);
header("Location:index.php");
break;
}
} else {
$m->query("UPDATE `" . DB_NAME . "`.`" . DB_PREFIX . "users` SET `pw` = '" . $newpw . "' WHERE email = '{$email}'");
ReDirect(SYSTEM_URL . 'index.php?mod=login&error_msg=' . urlencode('由于你的密码已修改,无法再使用旧密码登录,请重新登录'));
}
}
global $m;
if (isset($_REQUEST['page']) && $_REQUEST['page'] == 'yjqr') {
$emailcc = !empty($_REQUEST['email']) ? base64_decode($_REQUEST['email']) : msg('警告:邮件地址无效');
$email = checkMail($emailcc) ? sqladds($emailcc) : msg('警告:非法操作');
$key = $_REQUEST['key'];
$cx = $m->query("SELECT * FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE email = '{$email}' LIMIT 1");
$p = $m->fetch_array($cx);
if ($p == "") {
ReDirect(SYSTEM_URL . 'index.php?pub_plugin=dl_zhmm&error_msg=' . urlencode('错误:未能在本站找到持有该邮箱的用户!'));
}
$pw = sha1(md5(EncodePwd($p['pw'] . date('Ymd') . SYSTEM_NAME . SYSTEM_VER . SYSTEM_URL)));
if ($pw != $key) {
ReDirect(SYSTEM_URL . 'index.php?pub_plugin=dl_zhmm&error_msg=' . urlencode('错误:该链接失效或者不归您所拥有,修改密码失败!'));
} else {
echo '<div class="panel panel-success" style="margin:5% 15% 5% 15%;">
<div class="panel-heading">
<h3 class="panel-title">设置新密码</h3>
</div>
<div style="margin:0% 5% 5% 5%;">
<div class="login-top"></div><br/>
<b>请输入您新密码</b><br/><br/>
<form name="f" method="post" action="';
echo 'index.php?pub_plugin=dl_zhmm&xg&email=' . base64_encode($email) . '&key=' . $key . '">
<div class="input-group">
<span class="input-group-addon">新密码</span>
<input type="password" class="form-control" name="pw" id="pw" required>
function reg_supervise_yx()
{
global $m;
$name = isset($_POST['user']) ? addslashes(strip_tags($_POST['user'])) : '';
$mail = isset($_POST['mail']) ? addslashes($_POST['mail']) : '';
$pw = isset($_POST['pw']) ? addslashes(strip_tags($_POST['pw'])) : '';
$role = 'banned';
$m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'users` (`id`, `name`, `pw`, `email`, `role`, `t`) VALUES (NULL, \'' . $name . '\', \'' . EncodePwd($pw) . '\', \'' . $mail . '\', \'' . $role . '\', \'' . getfreetable() . '\');');
$ip = $_SERVER['REMOTE_ADDR'];
setcookie("reg_check", date('d'), time() + 86400);
$m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'reg` (`ip`) VALUES (\'' . $ip . '\');');
$key = sha1(md5(EncodePwd($pw) . date('Ymd') . option::get(salt)));
$title = strip_tags(SYSTEM_NAME) . " - 注册验证";
$text = "你在" . SYSTEM_URL . " 使用IP:" . $ip . " 用此邮箱注册了账号,账号:" . $name . ",密码" . $pw . "<br>点击以下链接完成安全验证,即可正常使用本站服务。如果显示禁止访问,使用浏览器隐身模式再打开链接即可<br><p>本邮件为系统自动发送,请勿回复。如果你没有进行此操作,可能是有人冒用了此邮箱,请不要点击链接</p><br>验证链接(当日有效):" . SYSTEM_URL . "index.php?pub_plugin=reg_supervise" . '&jh' . '&email=' . base64_encode($mail) . '&key=' . $key;
$x = misc::mail($mail, $title, $text);
if ($x != true) {
$m->query("UPDATE `" . DB_NAME . "`.`" . DB_PREFIX . "users` SET `role` = 'user' WHERE email = '{$mail}'");
$js = option::get('reg_jg');
option::set('reg_jg', $js + 1);
ReDirect(SYSTEM_URL . 'index.php?pub_plugin=reg_supervise&error_msg=验证邮件发送失败!已为你激活用户!请登录。');
die;
} else {
option::set('reg_jg', 0);
ReDirect(SYSTEM_URL . 'index.php?pub_plugin=reg_supervise&success_msg=请登录你的邮箱点击确认链接!否则无法登陆本站!');
}
die;
}
if (!empty($yr_reg)) {
if (empty($yr)) {
msg('注册失败:请输入邀请码');
} else {
if ($yr_reg != $yr) {
msg('注册失败:邀请码错误');
}
}
}
if ($y['total'] <= 0) {
$role = 'admin';
} else {
$role = 'user';
}
doAction('admin_reg_2');
$m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'users` (`id`, `name`, `pw`, `email`, `role`, `t`) VALUES (NULL, \'' . $name . '\', \'' . EncodePwd($pw) . '\', \'' . $mail . '\', \'' . $role . '\', \'' . getfreetable() . '\');');
doAction('admin_reg_3');
ReDirect('index.php?mod=login&msg=' . urlencode('成功注册,请输入账号信息登录本站 [ 账号为用户名或邮箱地址 ]'));
} elseif (SYSTEM_PAGE == 'login') {
if (defined('ROLE')) {
ReDirect('index.php');
}
define('ROLE', 'visitor');
$i['user']['role'] = 'visitor';
template('login');
doAction('login_page_4');
die;
} elseif (SYSTEM_PAGE == 'reg') {
if (defined('ROLE')) {
ReDirect('index.php');
}
function dl_invite_yz()
{
global $m;
if (option::get('enable_reg') != '1') {
msg('注册失败:该站点已关闭注册');
}
$name = isset($_POST['user']) ? addslashes(strip_tags($_POST['user'])) : '';
$mail = isset($_POST['mail']) ? addslashes(strip_tags($_POST['mail'])) : '';
$pw = isset($_POST['pw']) ? addslashes(strip_tags($_POST['pw'])) : '';
$yr = isset($_POST['invite']) ? addslashes(strip_tags($_POST['invite'])) : '';
if (empty($name) || empty($mail) || empty($pw)) {
msg('注册失败:请正确填写账户、密码或邮箱');
}
$x = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE name='{$name}'");
$z = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE email='{$name}'");
$y = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users`");
if ($x['total'] > 0) {
msg('注册失败:用户名已经存在');
}
if ($z['total'] > 0) {
msg('注册失败:邮箱已经存在');
}
if (!checkMail($mail)) {
msg('注册失败:邮箱格式不正确');
}
if (empty($yr)) {
msg('注册失败:请输入邀请码');
}
$invite = $m->fetch_array($m->query('select * from `' . DB_NAME . '`.`' . DB_PREFIX . 'dl_invite` where `code` = "' . $yr . '"'));
if (!empty($invite['code'])) {
$dlyr = $invite['code'];
$m->query('DELETE FROM `' . DB_NAME . '`.`' . DB_PREFIX . 'dl_invite` where `code` = "' . $dlyr . '"');
} else {
msg('注册失败:邀请码错误或已被使用');
}
if ($y['total'] <= 0) {
$role = 'admin';
} else {
$role = 'user';
}
doAction('admin_reg_2');
$m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'users` (`id`, `name`, `pw`, `email`, `role`, `t`) VALUES (NULL, \'' . $name . '\', \'' . EncodePwd($pw) . '\', \'' . $mail . '\', \'' . $role . '\', \'' . getfreetable() . '\');');
setcookie("wmzz_tc_user", $name);
setcookie("wmzz_tc_pw", EncodePwd($pw));
doAction('admin_reg_3');
ReDirect('index.php');
echo '}';
die;
}
function xy_invite_verify()
{
global $m;
if (option::get('enable_reg') != '1') {
msg('注册失败:该站点已关闭注册');
}
$name = isset($_POST['user']) ? sqladds($_POST['user']) : '';
$mail = isset($_POST['mail']) ? sqladds($_POST['mail']) : '';
$pw = isset($_POST['pw']) ? sqladds($_POST['pw']) : '';
$yr = isset($_POST['yr']) ? sqladds($_POST['yr']) : '';
if (empty($name) || empty($mail) || empty($pw)) {
msg('注册失败:请正确填写账户、密码或邮箱');
}
if ($_POST['pw'] != $_POST['rpw']) {
msg('注册失败:两次输入的密码不一致,请重新输入');
}
if (!checkMail($mail)) {
msg('注册失败:邮箱格式不正确');
}
$x = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE `name` = '{$name}' OR `email` = '{$mail}' LIMIT 1");
if ($x['total'] > 0) {
msg('注册失败:用户名或邮箱已经被注册');
}
$yr_reg = option::get('yr_reg');
if (!empty($yr_reg)) {
if (empty($yr)) {
msg('注册失败:请输入邀请码');
} else {
$z = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite`");
if ($z['total'] <= 0) {
msg('系统错误:邀请码不足,请联系管理员添加!');
} else {
$s = $m->query("SELECT * FROM `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite` WHERE `code`='{$yr}'");
if ($s->num_rows <= 0) {
msg('注册失败:邀请码错误!');
} else {
$r = $s->fetch_array();
$r_num = (int) $r['num'];
if ($r_num == 1) {
$m->query("DELETE FROM `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite` WHERE `id` = " . $r['id']);
} else {
if ($r_num > 1) {
$m->query("UPDATE `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite` SET `num`=num-1 WHERE `id`='" . $r['id'] . "';");
}
}
}
}
}
}
$y = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users`");
if ($y['total'] <= 0) {
$role = 'admin';
} else {
$role = 'user';
}
doAction('admin_reg_2');
$m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'users` (`id`, `name`, `pw`, `email`, `role`, `t`) VALUES (NULL, \'' . $name . '\', \'' . EncodePwd($pw) . '\', \'' . $mail . '\', \'' . $role . '\', \'' . getfreetable() . '\');');
doAction('admin_reg_3');
ReDirect('index.php?mod=login&msg=' . urlencode('成功注册,请输入账号信息登录本站 [ 账号为用户名或邮箱地址 ]'));
die;
}
