header("Location:index.php?mod=login&error_msg=微博登录授权失败,密码错误 :) "); } } break; case 'regpost': $yr_reg = option::get('yr_reg'); if (!empty($yr_reg)) { isset($_POST['yr']) ? $invite = $_POST['yr'] : die("缺少需要的数据哟 invite :)"); if ($invite != $yr_reg) { header("Location:index.php?mod=login&error_msg=邀请码错误!"); } } isset($_POST['mail']) ? $email = addslashes($_POST['mail']) : die("缺少需要的数据哟 mail :)"); isset($_POST['pwd']) ? $pwd = $_POST['pwd'] : die("缺少需要的数据哟 pwd :)"); isset($_POST['name']) ? $username = addslashes($_POST['name']) : die("缺少需要的数据哟 uname :)"); /*开始注册判定*/ if (option::get('enable_reg') != '1') { msg('注册失败:该站点已关闭注册'); } $x = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE `name` = '{$username}' OR `email` = '{$email}' LIMIT 1"); $y = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users`"); if ($x['total'] > 0) { msg('注册失败:用户名或邮箱已经被注册'); } $m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'users` (`id`, `name`, `pw`, `email`, `role`, `t`) VALUES (NULL, \'' . $username . '\', \'' . $pwd . '\', \'' . $email . '\', \'user\', \'' . getfreetable() . '\');'); $id = $m->once_fetch_array("SELECT * FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE `name` = '{$username}' "); setcookie("uid", $id['id'], time() + 999999); setcookie("pwd", substr(sha1(EncodePwd($pwd)), 4, 32), time() + 999999); header("Location:index.php"); break; }
function reg_supervise_yx() { global $m; $name = isset($_POST['user']) ? addslashes(strip_tags($_POST['user'])) : ''; $mail = isset($_POST['mail']) ? addslashes($_POST['mail']) : ''; $pw = isset($_POST['pw']) ? addslashes(strip_tags($_POST['pw'])) : ''; $role = 'banned'; $m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'users` (`id`, `name`, `pw`, `email`, `role`, `t`) VALUES (NULL, \'' . $name . '\', \'' . EncodePwd($pw) . '\', \'' . $mail . '\', \'' . $role . '\', \'' . getfreetable() . '\');'); $ip = $_SERVER['REMOTE_ADDR']; setcookie("reg_check", date('d'), time() + 86400); $m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'reg` (`ip`) VALUES (\'' . $ip . '\');'); $key = sha1(md5(EncodePwd($pw) . date('Ymd') . option::get(salt))); $title = strip_tags(SYSTEM_NAME) . " - 注册验证"; $text = "你在" . SYSTEM_URL . " 使用IP:" . $ip . " 用此邮箱注册了账号,账号:" . $name . ",密码" . $pw . "<br>点击以下链接完成安全验证,即可正常使用本站服务。如果显示禁止访问,使用浏览器隐身模式再打开链接即可<br><p>本邮件为系统自动发送,请勿回复。如果你没有进行此操作,可能是有人冒用了此邮箱,请不要点击链接</p><br>验证链接(当日有效):" . SYSTEM_URL . "index.php?pub_plugin=reg_supervise" . '&jh' . '&email=' . base64_encode($mail) . '&key=' . $key; $x = misc::mail($mail, $title, $text); if ($x != true) { $m->query("UPDATE `" . DB_NAME . "`.`" . DB_PREFIX . "users` SET `role` = 'user' WHERE email = '{$mail}'"); $js = option::get('reg_jg'); option::set('reg_jg', $js + 1); ReDirect(SYSTEM_URL . 'index.php?pub_plugin=reg_supervise&error_msg=验证邮件发送失败!已为你激活用户!请登录。'); die; } else { option::set('reg_jg', 0); ReDirect(SYSTEM_URL . 'index.php?pub_plugin=reg_supervise&success_msg=请登录你的邮箱点击确认链接!否则无法登陆本站!'); } die; }
function dl_invite_yz() { global $m; if (option::get('enable_reg') != '1') { msg('注册失败:该站点已关闭注册'); } $name = isset($_POST['user']) ? addslashes(strip_tags($_POST['user'])) : ''; $mail = isset($_POST['mail']) ? addslashes(strip_tags($_POST['mail'])) : ''; $pw = isset($_POST['pw']) ? addslashes(strip_tags($_POST['pw'])) : ''; $yr = isset($_POST['invite']) ? addslashes(strip_tags($_POST['invite'])) : ''; if (empty($name) || empty($mail) || empty($pw)) { msg('注册失败:请正确填写账户、密码或邮箱'); } $x = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE name='{$name}'"); $z = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE email='{$name}'"); $y = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users`"); if ($x['total'] > 0) { msg('注册失败:用户名已经存在'); } if ($z['total'] > 0) { msg('注册失败:邮箱已经存在'); } if (!checkMail($mail)) { msg('注册失败:邮箱格式不正确'); } if (empty($yr)) { msg('注册失败:请输入邀请码'); } $invite = $m->fetch_array($m->query('select * from `' . DB_NAME . '`.`' . DB_PREFIX . 'dl_invite` where `code` = "' . $yr . '"')); if (!empty($invite['code'])) { $dlyr = $invite['code']; $m->query('DELETE FROM `' . DB_NAME . '`.`' . DB_PREFIX . 'dl_invite` where `code` = "' . $dlyr . '"'); } else { msg('注册失败:邀请码错误或已被使用'); } if ($y['total'] <= 0) { $role = 'admin'; } else { $role = 'user'; } doAction('admin_reg_2'); $m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'users` (`id`, `name`, `pw`, `email`, `role`, `t`) VALUES (NULL, \'' . $name . '\', \'' . EncodePwd($pw) . '\', \'' . $mail . '\', \'' . $role . '\', \'' . getfreetable() . '\');'); setcookie("wmzz_tc_user", $name); setcookie("wmzz_tc_pw", EncodePwd($pw)); doAction('admin_reg_3'); ReDirect('index.php'); echo '}'; die; }
if (!empty($yr_reg)) { if (empty($yr)) { msg('注册失败:请输入邀请码'); } else { if ($yr_reg != $yr) { msg('注册失败:邀请码错误'); } } } if ($y['total'] <= 0) { $role = 'admin'; } else { $role = 'user'; } doAction('admin_reg_2'); $m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'users` (`id`, `name`, `pw`, `email`, `role`, `t`) VALUES (NULL, \'' . $name . '\', \'' . EncodePwd($pw) . '\', \'' . $mail . '\', \'' . $role . '\', \'' . getfreetable() . '\');'); doAction('admin_reg_3'); ReDirect('index.php?mod=login&msg=' . urlencode('成功注册,请输入账号信息登录本站 [ 账号为用户名或邮箱地址 ]')); } elseif (SYSTEM_PAGE == 'login') { if (defined('ROLE')) { ReDirect('index.php'); } define('ROLE', 'visitor'); $i['user']['role'] = 'visitor'; template('login'); doAction('login_page_4'); die; } elseif (SYSTEM_PAGE == 'reg') { if (defined('ROLE')) { ReDirect('index.php'); }
function xy_invite_verify() { global $m; if (option::get('enable_reg') != '1') { msg('注册失败:该站点已关闭注册'); } $name = isset($_POST['user']) ? sqladds($_POST['user']) : ''; $mail = isset($_POST['mail']) ? sqladds($_POST['mail']) : ''; $pw = isset($_POST['pw']) ? sqladds($_POST['pw']) : ''; $yr = isset($_POST['yr']) ? sqladds($_POST['yr']) : ''; if (empty($name) || empty($mail) || empty($pw)) { msg('注册失败:请正确填写账户、密码或邮箱'); } if ($_POST['pw'] != $_POST['rpw']) { msg('注册失败:两次输入的密码不一致,请重新输入'); } if (!checkMail($mail)) { msg('注册失败:邮箱格式不正确'); } $x = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE `name` = '{$name}' OR `email` = '{$mail}' LIMIT 1"); if ($x['total'] > 0) { msg('注册失败:用户名或邮箱已经被注册'); } $yr_reg = option::get('yr_reg'); if (!empty($yr_reg)) { if (empty($yr)) { msg('注册失败:请输入邀请码'); } else { $z = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite`"); if ($z['total'] <= 0) { msg('系统错误:邀请码不足,请联系管理员添加!'); } else { $s = $m->query("SELECT * FROM `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite` WHERE `code`='{$yr}'"); if ($s->num_rows <= 0) { msg('注册失败:邀请码错误!'); } else { $r = $s->fetch_array(); $r_num = (int) $r['num']; if ($r_num == 1) { $m->query("DELETE FROM `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite` WHERE `id` = " . $r['id']); } else { if ($r_num > 1) { $m->query("UPDATE `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite` SET `num`=num-1 WHERE `id`='" . $r['id'] . "';"); } } } } } } $y = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users`"); if ($y['total'] <= 0) { $role = 'admin'; } else { $role = 'user'; } doAction('admin_reg_2'); $m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'users` (`id`, `name`, `pw`, `email`, `role`, `t`) VALUES (NULL, \'' . $name . '\', \'' . EncodePwd($pw) . '\', \'' . $mail . '\', \'' . $role . '\', \'' . getfreetable() . '\');'); doAction('admin_reg_3'); ReDirect('index.php?mod=login&msg=' . urlencode('成功注册,请输入账号信息登录本站 [ 账号为用户名或邮箱地址 ]')); die; }