function get($uid, &$data, &$errmsg) { if (isX($uid, XUSERID)) { if ($mysqli = getMysqli()) { $q = "SELECT id, money, type, CONVERT(date, DATE) AS date FROM tallybook_bill WHERE userid = {$uid}"; if ($rs = $mysqli->query($q)) { $data = json_encode(new RsValue($rs)); return true; } else { trigger_error("Failed to {$q} caused by : \r\n\t" . $mysqli->error); $errmsg = "error"; } } else { trigger_error("Failed to connect to the database"); $errmsg = "error"; } } return false; }
function loginByPassword($key, $password, &$userid, &$appid, &$errmsg) { $keyname = ""; if (isX($key, XUSERNAME)) { $keyname = "username"; } else { if (isX($key, XEMAIL)) { $keyname = "email"; } } if (isX($password, XPASSWORD) && $keyname) { $mysqli = getMysqli(); $q = "SELECT userid, password, appid FROM userlist WHERE {$keyname} = '{$key}'"; if ($rs = $mysqli->query($q)) { if ($row = $rs->fetch_assoc()) { if (password_verify($password, $row["password"])) { $appid = $row["appid"]; $userid = $row["userid"]; return true; } } else { $q = "SELECT password FROM nonactivatedUser WHERE {$keyname} = '{$key}'"; if ($rs = $mysqli->query($q)) { if ($row = $rs->fetch_assoc()) { if (password_verify($password, $row["password"])) { $errmsg = "active"; } } } else { trigger_error("Failed to {$q} caused by : \r\n\t" . $mysqli->error); $errmsg = "error"; } } } else { trigger_error("Failed to {$q} caused by : \r\n\t" . $mysqli->error); $errmsg = "error"; } } return false; }
$handle = fopen($path, "a"); $msg = date("H:i:s") . " " . _server("REMOTE_ADDR") . " {$user}\r\n"; fwrite($handle, $msg); fclose($handle); } $email = _post("email"); $user = _post("username"); $password = _post("password"); $output = array("msg" => "服务器错误", "result" => false); if (!isX($user, XUSERNAME)) { $output["msg"] = "用户名不合规范"; } else { if (!isX($password, XPASSWORD)) { $output["msg"] = "密码不合规范"; } else { if (!isX($email, XEMAIL)) { $output["msg"] = "邮箱地址不合规范"; } else { if (!checkdnsrr(preg_replace("/^.+\\@([^\\@]+)\$/", '\\1', $email))) { $output["msg"] = "邮箱地址无效"; } else { $errmsg = ""; $e0 = isExist("email", $email, $errmsg); $e1 = isExist("username", $user, $errmsg); if (!$errmsg) { if ($e0) { $output["msg"] = "邮箱已被使用"; } else { if ($e1) { $output["msg"] = "用户名已被注册"; } else {
<?php require_once "config.php"; require_once "filter.php"; require_once "database.php"; require_once "smtp.php"; require_once "validator.php"; //return; $user = _get("user"); if (isX($user, XUSERNAME)) { $mysqli = getMysqli(); $q = "SELECT * FROM nonactivatedUser WHERE username = '******'"; if ($rs = $mysqli->query($q)) { if ($row = $rs->fetch_assoc()) { $to = $row["email"]; $from = "*****@*****.**"; $hash = $row["hash"]; $subject = "请激活你的账号"; $content = "\n\t\t\t\t尊敬的 {$user}:\n\t\t\t\t请点击下面链接激活你的账号,或者复制到浏览器打开(注意,链接24小时内有效,超时后注册的用户名将被收回,请及时激活):\n\n\t\t\t\thttp://fancige.com/accountActivation.php?user={$user}&hash={$hash}\n\n\t\t\t\t如果你不知道为什么会收到这封邮件,请直接忽略或删除"; $smtp = new smtp("smtp.ym.163.com", 25, true, "*****@*****.**", ""); if (!$smtp->sendmail($to, $from, $subject, $content, "繁辞阁")) { trigger_error("Failed to send email to {$user}"); } } else { trigger_error("Failed to send email, nu such user: {$user}"); } } else { trigger_error("Failed to {$q} caused by : \r\n\t" . $mysqli->error); } }
<?php require_once "config.php"; require_once "filter.php"; require_once "database.php"; require_once "validator.php"; $msg = "激活链接无效"; $user = _get("user"); $hash = _get("hash"); if (preg_match("/^[a-z0-9]{1,256}\$/i", $hash) && isX($user, XUSERNAME)) { $mysqli = getMysqli(); $q = "UPDATE nonactivatedUser SET confirm = 'true' WHERE confirm='false' AND username='******' AND hash='{$hash}'"; if ($mysqli->query($q) && $mysqli->affected_rows) { $msg = "激活成功"; } } header("content-type:text/plain;charset=utf-8"); echo $msg;