Esempio n. 1
0
 }
 //为了防止恶意注册,跨站攻击
 _check_code($_POST['code'], $_SESSION['code']);
 //引入验证文件
 include ROOT_PATH . 'includes/check.func.php';
 //创建一个空数组,用来存放提交过来的合法数据
 $_clean = array();
 //可以通过唯一标识符来防止恶意注册,伪装表单跨站攻击等
 //这个存放入数据库的唯一标识符还有第二个用处,就是登陆cookie的验证
 $_clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']);
 //active也是一个唯一标识符,用来刚注册的用户进行激活处理,方可登陆
 $_clean['active'] = _sha1_uniqid();
 $_clean['username'] = _check_username($_POST['username']);
 $_clean['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6);
 $_clean['question'] = _check_question($_POST['question'], 2, 20);
 $_clean['answer'] = _check_answer($_POST['question'], $_POST['answer'], 2, 20);
 $_clean['sex'] = _check_sex($_POST['sex']);
 $_clean['face'] = _check_face($_POST['face']);
 $_clean['email'] = _check_email($_POST['email'], 5, 40);
 $_clean['qq'] = _check_qq($_POST['qq']);
 $_clean['url'] = _check_url($_POST['url'], 40);
 //print_r($_clean);
 //首先获取本机名
 $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
 //通过本机名获取Ip
 $ip = gethostbyname("{$hostname}");
 //在新增之前,要判断用户名是否重复
 _is_repeat("select tg_username from tg_user where tg_username='******'username']}' limit 1", "对不起,该用户名已被注册");
 //新增用户
 //在双引号里直接放变量是可以的,比如$_username,但如果是数组,就必须加上{},比如{$_clean['username']}
 _query("insert into tg_user(\n\t\t\t\t\t\t\t\t\t\ttg_uniqid,\n\t\t\t\t\t\t\t\t\t\ttg_active,\n\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\ttg_password,\n\t\t\t\t\t\t\t\t\t\ttg_question,\n\t\t\t\t\t\t\t\t\t\ttg_answer,\n\t\t\t\t\t\t\t\t\t\ttg_sex,\n\t\t\t\t\t\t\t\t\t\ttg_face,\n\t\t\t\t\t\t\t\t\t\ttg_email,\n\t\t\t\t\t\t\t\t\t\ttg_qq,\n\t\t\t\t\t\t\t\t\t\ttg_url,\n\t\t\t\t\t\t\t\t\t\ttg_reg_time,\n\t\t\t\t\t\t\t\t\t\ttg_last_time,\n\t\t\t\t\t\t\t\t\t\ttg_last_ip\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\tvalues(\n\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['qq']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t'{$ip}'\n\t\t\t\t\t\t\t\t\t)");
Esempio n. 2
0
if (@$_GET['action'] == 'register') {
    //为了防止恶意注册,跨站攻击
    _check_code($_POST['code'], $_SESSION['code']);
    //引入验证文件
    include ROOT_PATH . 'includes/check.func.php';
    //创建一个空数组,用来存放提交过来的合法数据
    $_clean = array();
    //可以通过唯一标示符来防止恶意注册,伪装表单跨站攻击等
    //这个存放入数据库的唯一标识符还有第二个用处,就是登录cookies验证
    $_clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']);
    //active也是一个唯一标识符,用来刚注册的用户进行激活处理,方可登录。
    $_clean['active'] = _sha1_uniqid();
    $_clean['username'] = _check_username(@$_POST['username'], 2, 20);
    $_clean['password'] = _check_password(@$_POST['password'], @$_POST['notpassword'], 6);
    $_clean['question'] = _check_question(@$_POST['passt'], 2, 20);
    $_clean['answer'] = _check_answer(@$_POST['passt'], @$_POST['passd'], 2, 20);
    $_clean['sex'] = _check_sex(@$_POST['sex']);
    $_clean['qq'] = _check_qq($_POST['qq']);
    $_clean['email'] = _check_email(@$_POST['email'], 6, 40);
    //在新增之前,要判断用户名是否重复
    _is_repeat("SELECT username FROM tb_user WHERE username='******'username']}' LIMIT 1", '对不起,此用户已被注册');
    //新增用户  //在双引号里,直接放变量是可以的,比如$_username,但如果是数组,就必须加上{} ,比如 {$_clean['username']}
    _query("INSERT INTO tb_user (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tuniqid,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tactive,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tpassword,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tquestion,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tanswer,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tsex,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tqq,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\temail,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\treg_time\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['qq']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW()\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)");
    //关闭
    if (_affected_rows() == 1) {
        _close();
        _location('恭喜你,注册成功!', 'active.php?active=' . $_clean['active']);
    } else {
        _close();
        _location('韩遗憾,注册失败!', 'register.php');
    }