function get($uid, &$data, &$errmsg)
{
if (isX($uid, XUSERID)) {
if ($mysqli = getMysqli()) {
$q = "SELECT id, money, type, CONVERT(date, DATE) AS date FROM tallybook_bill WHERE userid = {$uid}";
if ($rs = $mysqli->query($q)) {
$data = json_encode(new RsValue($rs));
return true;
} else {
trigger_error("Failed to {$q} caused by : \r\n\t" . $mysqli->error);
$errmsg = "error";
}
} else {
trigger_error("Failed to connect to the database");
$errmsg = "error";
}
}
return false;
}
function loginByPassword($key, $password, &$userid, &$appid, &$errmsg)
{
$keyname = "";
if (isX($key, XUSERNAME)) {
$keyname = "username";
} else {
if (isX($key, XEMAIL)) {
$keyname = "email";
}
}
if (isX($password, XPASSWORD) && $keyname) {
$mysqli = getMysqli();
$q = "SELECT userid, password, appid FROM userlist WHERE {$keyname} = '{$key}'";
if ($rs = $mysqli->query($q)) {
if ($row = $rs->fetch_assoc()) {
if (password_verify($password, $row["password"])) {
$appid = $row["appid"];
$userid = $row["userid"];
return true;
}
} else {
$q = "SELECT password FROM nonactivatedUser WHERE {$keyname} = '{$key}'";
if ($rs = $mysqli->query($q)) {
if ($row = $rs->fetch_assoc()) {
if (password_verify($password, $row["password"])) {
$errmsg = "active";
}
}
} else {
trigger_error("Failed to {$q} caused by : \r\n\t" . $mysqli->error);
$errmsg = "error";
}
}
} else {
trigger_error("Failed to {$q} caused by : \r\n\t" . $mysqli->error);
$errmsg = "error";
}
}
return false;
}
$handle = fopen($path, "a");
$msg = date("H:i:s") . " " . _server("REMOTE_ADDR") . " {$user}\r\n";
fwrite($handle, $msg);
fclose($handle);
}
$email = _post("email");
$user = _post("username");
$password = _post("password");
$output = array("msg" => "服务器错误", "result" => false);
if (!isX($user, XUSERNAME)) {
$output["msg"] = "用户名不合规范";
} else {
if (!isX($password, XPASSWORD)) {
$output["msg"] = "密码不合规范";
} else {
if (!isX($email, XEMAIL)) {
$output["msg"] = "邮箱地址不合规范";
} else {
if (!checkdnsrr(preg_replace("/^.+\\@([^\\@]+)\$/", '\\1', $email))) {
$output["msg"] = "邮箱地址无效";
} else {
$errmsg = "";
$e0 = isExist("email", $email, $errmsg);
$e1 = isExist("username", $user, $errmsg);
if (!$errmsg) {
if ($e0) {
$output["msg"] = "邮箱已被使用";
} else {
if ($e1) {
$output["msg"] = "用户名已被注册";
} else {
<?php
require_once "config.php";
require_once "filter.php";
require_once "database.php";
require_once "smtp.php";
require_once "validator.php";
//return;
$user = _get("user");
if (isX($user, XUSERNAME)) {
$mysqli = getMysqli();
$q = "SELECT * FROM nonactivatedUser WHERE username = '******'";
if ($rs = $mysqli->query($q)) {
if ($row = $rs->fetch_assoc()) {
$to = $row["email"];
$from = "*****@*****.**";
$hash = $row["hash"];
$subject = "请激活你的账号";
$content = "\n\t\t\t\t尊敬的 {$user}:\n\t\t\t\t请点击下面链接激活你的账号,或者复制到浏览器打开(注意,链接24小时内有效,超时后注册的用户名将被收回,请及时激活):\n\n\t\t\t\thttp://fancige.com/accountActivation.php?user={$user}&hash={$hash}\n\n\t\t\t\t如果你不知道为什么会收到这封邮件,请直接忽略或删除";
$smtp = new smtp("smtp.ym.163.com", 25, true, "*****@*****.**", "");
if (!$smtp->sendmail($to, $from, $subject, $content, "繁辞阁")) {
trigger_error("Failed to send email to {$user}");
}
} else {
trigger_error("Failed to send email, nu such user: {$user}");
}
} else {
trigger_error("Failed to {$q} caused by : \r\n\t" . $mysqli->error);
}
}
<?php
require_once "config.php";
require_once "filter.php";
require_once "database.php";
require_once "validator.php";
$msg = "激活链接无效";
$user = _get("user");
$hash = _get("hash");
if (preg_match("/^[a-z0-9]{1,256}\$/i", $hash) && isX($user, XUSERNAME)) {
$mysqli = getMysqli();
$q = "UPDATE nonactivatedUser SET confirm = 'true' WHERE confirm='false' AND username='******' AND hash='{$hash}'";
if ($mysqli->query($q) && $mysqli->affected_rows) {
$msg = "激活成功";
}
}
header("content-type:text/plain;charset=utf-8");
echo $msg;
