function user_login_new($account, $account_type = 1, $uc_login = true, $expire = NULL)
{
global $timestamp, $online_ip, $QS_pwdhash;
$usinfo = $login = array();
$success = false;
if ($account_type == "1") {
$usinfo = get_user_inusername($account);
} elseif ($account_type == "2") {
$usinfo = get_user_inemail($account);
} elseif ($account_type == "3") {
$usinfo = get_user_inmobile($account);
}
if (!empty($usinfo)) {
wap_update_user_info($usinfo['uid'], true);
return true;
}
return false;
}
if ($act == 'enter') {
$smarty->assign('title', '找回密码 - ' . $_CFG['site_name']);
$captcha = get_cache('captcha');
$smarty->assign('verify_getpwd', $captcha['verify_getpwd']);
$smarty->assign('sms', get_cache('sms_config'));
$smarty->assign('step', "1");
$smarty->display('wap/wap-alter-password.html');
} elseif ($act == 'get_pass') {
$captcha = get_cache('captcha');
$postcaptcha = trim($_POST['postcaptcha']);
$postusername = trim($_POST['username']) ? trim($_POST['username']) : exit('请填写用户名');
if (empty($_POST['email']) || !preg_match("/^\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*\$/", $_POST['email'])) {
echo '电子邮箱格式错误!';
}
require_once QISHI_ROOT_PATH . 'include/fun_user.php';
$userinfo = get_user_inusername($postusername);
if (empty($userinfo) || $userinfo['email'] != $_POST['email']) {
echo '用户名或注册邮箱填写错误';
} else {
$mailconfig = get_cache('mailconfig');
$arr['username'] = $userinfo['username'];
$arr['password'] = rand(100000, 999999) . randstr();
if (smtp_mail($userinfo['email'], "找回密码", "您的新密码为:" . $arr['password'])) {
$md5password = md5(md5($arr['password']) . $userinfo['pwd_hash'] . $QS_pwdhash);
if (!$db->query("UPDATE " . table('members') . " SET password = '******' WHERE uid='{$userinfo['uid']}'")) {
echo '密码修改失败';
}
echo '密码修改成功请查看您的邮箱';
} else {
echo '邮件发送失败,请联系网站管理员';
}
function edit_password($arr, $check = true)
{
global $db, $QS_pwdhash;
if (!is_array($arr)) {
return false;
}
$user_info = get_user_inusername($arr['username']);
$pwd_hash = $user_info['pwd_hash'];
$password = md5(md5($arr['oldpassword']) . $pwd_hash . $QS_pwdhash);
if ($check) {
$row = $db->getone("SELECT * FROM " . table('members') . " WHERE username='******'username']}' and password = '******' LIMIT 1");
if (empty($row)) {
return -1;
}
}
$md5password = md5(md5($arr['password']) . $pwd_hash . $QS_pwdhash);
if ($db->query("UPDATE " . table('members') . " SET password = '******' WHERE username='******'username'] . "'")) {
return $arr['username'];
}
write_memberslog($_SESSION['uid'], $_SESSION['utype'], 1004, $_SESSION['username'], "修改了密码");
return false;
}
adminmsg('修改出错!', 0);
}
distribution_jobs_uid($company_uid);
}
}
$link[0]['text'] = "返回列表";
$link[0]['href'] = $_POST['url'];
adminmsg('操作成功!', 2, $link);
} elseif ($act == 'userpass_edit') {
check_token();
check_permissions($_SESSION['admin_purview'], "com_user_edit");
if (strlen(trim($_POST['password'])) < 6) {
adminmsg('新密码必须为6位以上!', 1);
}
require_once ADMIN_ROOT_PATH . 'include/admin_user_fun.php';
$user_info = get_user_inusername($_POST['username']);
$pwd_hash = $user_info['pwd_hash'];
$md5password = md5(md5(trim($_POST['password'])) . $pwd_hash . $QS_pwdhash);
if ($db->query("UPDATE " . table('members') . " SET password = '******' WHERE uid='" . $user_info['uid'] . "'")) {
if (defined('UC_API')) {
include_once QISHI_ROOT_PATH . 'uc_client/client.php';
uc_user_edit($user_info['username'], trim($_POST['password']), trim($_POST['password']), "", 1);
}
$link[0]['text'] = "返回列表";
$link[0]['href'] = $_POST['url'];
adminmsg('操作成功!', 2, $link);
} else {
adminmsg('操作失败!', 1);
}
} elseif ($act == 'userstatus_edit') {
check_token();
adminmsg('用户名必须为3位以上!', 1);
}
if (strlen(trim($_POST['password'])) < 6) {
adminmsg('密码必须为6位以上!', 1);
}
$sql['username'] = !empty($_POST['username']) ? trim($_POST['username']) : adminmsg('请填写用户名!', 1);
$sql['password'] = !empty($_POST['password']) ? trim($_POST['password']) : adminmsg('请填写密码!', 1);
if ($sql['password'] != trim($_POST['password1'])) {
adminmsg('两次输入的密码不相同!', 1);
}
$sql['utype'] = !empty($_POST['member_type']) ? intval($_POST['member_type']) : adminmsg('你没有选择注册类型!', 1);
if (empty($_POST['email']) || !preg_match("/^\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*\$/", $_POST['email'])) {
adminmsg('电子邮箱格式错误!', 1);
}
$sql['email'] = trim($_POST['email']);
if (get_user_inusername($sql['username'])) {
adminmsg('该用户名已经被使用!', 1);
}
if (get_user_inemail($sql['email'])) {
adminmsg('该 Email 已经被注册!', 1);
}
if (defined('UC_API')) {
include_once QISHI_ROOT_PATH . 'uc_client/client.php';
if (uc_user_checkname($sql['username']) != "1") {
adminmsg('该用户名已经被使用或者用户名非法!', 1);
exit;
} elseif (uc_user_checkemail($sql['email']) != "1") {
adminmsg('该 Email已经被使用或者非法!', 1);
exit;
} else {
uc_user_register($sql['username'], $sql['password'], $sql['email']);
$_SESSION['getpass_token'] = $token;
$smarty->assign('token', $token);
$smarty->display('user/get-pass.htm');
} elseif ($act == 'get_pass_step2') {
if (empty($_POST['token']) || $_POST['token'] != $_SESSION['getpass_token']) {
$link[0]['text'] = "找回密码失败";
$link[0]['href'] = "?act=enter";
showmsg("找回密码失败,非正常链接", 0, $link);
}
$username = $_POST['username'] ? trim($_POST['username']) : showmsg("请输入用户名/邮箱/已验证手机");
if (preg_match("/^\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*\$/", $username)) {
$usinfo = get_user_inemail($username);
} elseif (preg_match("/^(13|14|15|18|17)\\d{9}\$/", $username)) {
$usinfo = get_user_inmobile($username);
} else {
$usinfo = get_user_inusername($username);
}
if ($usinfo['mobile']) {
$usinfo['mobile_'] = preg_replace('/(1[358]{1}[0-9])[0-9]{4}([0-9]{4})/i', '$1****$2', $usinfo['mobile']);
}
if ($usinfo['email']) {
$usinfo['email_'] = preg_replace('/([A-Za-z0-9_])[A-Za-z0-9_]*([A-Za-z0-9_])/', '$1****$2', $usinfo['email'], 1);
}
$token = substr(md5(mt_rand(100000, 999999)), 8, 16);
$_SESSION['getpass_token'] = $token;
$smarty->assign('token', $token);
$smarty->assign('usinfo', $usinfo);
$smarty->assign('title', '找回密码 - 验证身份-' . $_CFG['site_name']);
$smarty->display('user/get-pass-step2.htm');
} elseif ($act == 'get_pass_step3') {
if (empty($_POST['token']) || $_POST['token'] != $_SESSION['getpass_token']) {
$qsjs = "<script language=\"javascript\" type=\"text/javascript\">window.location.href=\"" . $qsurl . "\";</script>";
if ($ucjs || $qsurl) {
exit($ucjs . $qsjs);
} else {
exit("err");
}
} else {
exit("err");
}
} elseif ($act == 'check_usname') {
require_once QISHI_ROOT_PATH . 'include/fun_user.php';
$usname = trim($_POST['usname']);
if (strcasecmp(QISHI_DBCHARSET, "utf8") != 0) {
$usname = utf8_to_gbk($usname);
}
$user = get_user_inusername($usname);
if (defined('UC_API')) {
include_once QISHI_ROOT_PATH . 'uc_client/client.php';
if (uc_user_checkname($usname) === 1 && empty($user)) {
exit("true");
} else {
exit("false");
}
}
empty($user) ? exit("true") : exit("false");
} elseif ($act == 'check_email') {
require_once QISHI_ROOT_PATH . 'include/fun_user.php';
$email = trim($_POST['email']);
if (strcasecmp(QISHI_DBCHARSET, "utf8") != 0) {
$email = utf8_to_gbk($email);
}
$username = isset($_POST['username']) ? trim($_POST['username']) : "";
$password = isset($_POST['password']) ? trim($_POST['password']) : "";
$member_type = intval($_POST['utype']);
$email = isset($_POST['email']) ? trim($_POST['email']) : "";
if (empty($username) || empty($password) || empty($member_type) || empty($email)) {
$err = "信息不完整";
} elseif (strlen($username) < 6 || strlen($username) > 18) {
$err = "用户名长度为6-18个字符";
} elseif (strlen($password) < 6 || strlen($password) > 18) {
$err = "密码长度为6-18个字符";
} elseif ($password != $_POST['password1']) {
$err = "两次输入的密码不同";
} elseif (empty($email) || !ereg("^[-a-zA-Z0-9_\\.]+\\@([0-9A-Za-z][0-9A-Za-z-]+\\.)+[A-Za-z]{2,5}\$", $email)) {
$err = "电子邮箱格式错误";
}
if (get_user_inusername($username)) {
$err = "用户名已经存在";
}
if (get_user_inemail($email)) {
$err = "电子邮箱已经存在";
}
if ($err) {
$smarty->assign('err', $err);
$smarty->assign('type', $member_type);
$smarty->display("wap/reg_form.html");
exit;
}
$register = user_register(3, $password, $member_type, $email, $mobile = "", true, $username, "");
if ($register > 0) {
$login_js = wap_user_login($username, $password);
$mailconfig = get_cache('mailconfig');
function wap_user_login($account, $password, $account_type = 1, $uc_login = true, $expire = NULL)
{
global $timestamp, $online_ip, $QS_pwdhash;
$usinfo = $login = array();
$success = false;
if (preg_match("/^\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*\$/", $account)) {
$account_type = 2;
} elseif (preg_match("/^(13|14|15|18)\\d{9}\$/", $account)) {
$account_type = 3;
}
if ($account_type == "1") {
$usinfo = get_user_inusername($account);
} elseif ($account_type == "2") {
$usinfo = get_user_inemail($account);
} elseif ($account_type == "3") {
$usinfo = get_user_inmobile($account);
}
if (!empty($usinfo)) {
$pwd_hash = $usinfo['pwd_hash'];
$usname = $usinfo['username'];
$pwd = md5(md5($password) . $pwd_hash . $QS_pwdhash);
if ($usinfo['password'] == $pwd) {
wap_update_user_info($usinfo['uid'], true, true, $expire);
$login['qs_login'] = get_member_wap_url($usinfo['utype']);
$success = true;
} else {
$usinfo = '';
$success = false;
}
}
return $login;
}
