function action_send_mobile_code() { // 获取全局变量 $user = $GLOBALS['user']; $_CFG = $GLOBALS['_CFG']; $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; $user_id = $_SESSION['user_id']; /* 载入语言文件 */ require_once ROOT_PATH . 'languages/' . $_CFG['lang'] . '/user.php'; require_once ROOT_PATH . 'includes/lib_validate_record.php'; $mobile_phone = trim($_REQUEST['mobile_phone']); if (empty($mobile_phone)) { exit("手机号不能为空"); return; } else { if (!is_mobile_phone($mobile_phone)) { exit("手机号格式不正确"); return; } else { if (check_validate_record_exist($mobile_phone)) { // 获取数据库中的验证记录 $record = get_validate_record($mobile_phone); /** * 检查是过了限制发送短信的时间 */ $last_send_time = $record['last_send_time']; $expired_time = $record['expired_time']; $create_time = $record['create_time']; $count = $record['count']; // 每天每个手机号最多发送的验证码数量 $max_sms_count = 10; // 发送最多验证码数量的限制时间,默认为24小时 $max_sms_count_time = 60 * 60 * 24; if (time() - $last_send_time < 60) { echo "每60秒内只能发送一次短信验证码,请稍候重试"; return; } else { if (time() - $create_time < $max_sms_count_time && $record['count'] > $max_sms_count) { echo "您发送验证码太过于频繁,请稍后重试!"; return; } else { $count++; } } } } } require_once ROOT_PATH . 'includes/lib_passport.php'; // 设置为空 $_SESSION['mobile_register'] = array(); require_once ROOT_PATH . 'sms/sms.php'; // 生成6位短信验证码 $mobile_code = rand_number(6); // 短信内容 $content = sprintf($_LANG['mobile_code_template'], $GLOBALS['_CFG']['shop_name'], $mobile_code, $GLOBALS['_CFG']['shop_name']); /* 发送激活验证邮件 */ // $result = true; $result = sendSMS($mobile_phone, $content); if ($result) { if (!isset($count)) { $ext_info = array("count" => 1); } else { $ext_info = array("count" => $count); } // 保存手机号码到SESSION中 $_SESSION[VT_MOBILE_REGISTER] = $mobile_phone; // 保存验证信息 save_validate_record($mobile_phone, $mobile_code, VT_MOBILE_REGISTER, time(), time() + 30 * 60, $ext_info); echo 'ok'; } else { echo '短信验证码发送失败'; } }
/** * 找回密码第一步:验证用户名/邮箱/已验证手机号 */ function action_check_username() { //获取全局变量 $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; $username = empty($_POST['u_name']) ? '' : $_POST['u_name']; $user_id = null; if (empty($username)) { show_message('请输入用户名/邮箱/已验证的手机号!', '返回', 'findPwd.php?act=index', 'info'); } // 处理验证码 $captcha = intval($_CFG['captcha']); if ($captcha & CAPTCHA_LOGIN && (!($captcha & CAPTCHA_LOGIN_FAIL) || $captcha & CAPTCHA_LOGIN_FAIL && $_SESSION['login_fail'] > 2) && gd_version() > 0) { if (empty($_POST['captcha'])) { show_message($_LANG['invalid_captcha'], $_LANG['relogin_lnk'], 'findPwd.php', 'error'); } /* 检查验证码 */ include_once 'includes/cls_captcha.php'; $validator = new captcha(); $validator->session_word = 'captcha_login'; if (!$validator->check_word($_POST['captcha'])) { show_message($_LANG['invalid_captcha'], $_LANG['relogin_lnk'], 'findPwd.php', 'error'); } } $username_exist = false; $sql = "select user_id from " . $ecs->table('users') . " where user_name = '" . $username . "'"; $user_id = $db->getOne($sql); if ($user_id) { // 用户名存在 $username_exist = true; } // 判断是否诶邮箱 if (is_email($username) && !$username_exist) { $sql = "select user_id from " . $ecs->table('users') . " where email='" . $username . "' "; $user_id = $db->getOne($sql); if ($user_id) { // 用户名存在 $username_exist = true; } } // 判断是否为手机号 if (is_mobile_phone($username) && !$username_exist) { $sql = "select user_id from " . $ecs->table('users') . " where mobile_phone='" . $username . "'"; $rows = $db->query($sql); $index = 0; while ($row = $db->fetchRow($rows)) { $user_id = $row['user_id']; $index = $index + 1; } if ($index > 1) { show_message('本网站有多个会员ID绑定了和您相同的手机号,请使用其他登录方式,如:邮箱或用户名。', $_LANG['relogin_lnk'], 'findPwd.php', 'error'); } else { if ($index == 1) { if ($user_id) { // 用户名存在 $username_exist = true; } } } } // 检查用户名是否存在 if (!$username_exist) { show_message('您输入的账户名不存在,请核对后重新输入。', $_LANG['relogin_lnk'], 'findPwd.php', 'error'); } // 获取用户信息,判断用户是否验证了手机、邮箱 $sql = "select user_id, user_name, email, mobile_phone from " . $ecs->table('users') . " where user_id = '" . $user_id . "'"; $row = $db->getRow($sql); if ($row == false) { show_message('您输入的账户名不存在,请核对后重新输入。', $_LANG['relogin_lnk'], 'findPwd.php', 'error'); } $validate_types = array(); if (isset($row['mobile_phone']) && !empty($row['mobile_phone'])) { // 处理手机号,不让前台显示 $mobile_phone = $row['mobile_phone']; $mobile_phone = substr($mobile_phone, 0, 3) . '*****' . substr($mobile_phone, -3); $validate_types[] = array('type' => 'mobile_phone', 'name' => '已验证的手机号码', 'value' => $mobile_phone); } if (isset($row['email']) && !empty($row['email'])) { $email = $row['email']; // 处理手机号,不让前台显示 $email_head = substr($email, 0, strpos($email, '@')); $email_domain = substr($email, strpos($email, '@')); if (strlen($email_head) == 1) { $email = substr($email_head, 0, 1) . '*****' . $email_domain; } else { if (strlen($email_head) <= 4) { $email = substr($email_head, 0, 1) . '*****' . substr($email_head, -1) . $email_domain; } else { if (strlen($email_head) <= 7) { $email = substr($email_head, 0, 2) . '*****' . substr($email_head, -2) . $email_domain; } else { $email = substr($email_head, 0, 3) . '*****' . substr($email_head, -3) . $email_domain; } } } $validate_types[] = array('type' => 'email', 'name' => '邮箱', 'value' => $email); } $_SESSION['find_password'] = array('user_id' => $row['user_id'], 'user_name' => $row['user_name'], 'email' => $row['email'], 'mobile_phone' => $row['mobile_phone']); //用于validate.php获取数据 $_SESSION[VT_MOBILE_VALIDATE] = $row['mobile_phone']; $_SESSION[VT_EMAIL_VALIDATE] = $row['email']; $smarty->assign("validate_types", $validate_types); $smarty->assign("action", "step_2"); $smarty->display('user_findPwd.dwt'); }
/** * 检查手机验证码 * * @param $mobile_phone 邮箱地址 * @param $mobile_code 验证码 * * @return 0-验证成功 1-手机为空 * 2-手机格式不正确 * 3-验证码为空 * 4-验证码不正确 * 5-验证码已过期 */ function validate_mobile_code($mobile_phone, $mobile_code) { require_once ROOT_PATH . 'includes/lib_validate_record.php'; if (empty($mobile_phone)) { return 1; } else { if (!is_mobile_phone($mobile_phone)) { return 2; } } $record = get_validate_record($mobile_phone); /* 手机验证码检查 */ if (empty($mobile_code)) { return 3; } else { if ($record['record_code'] != $mobile_code) { return 4; } else { if ($record['expired_time'] < time()) { return 5; } } } /* 删除注册的验证记录 */ remove_validate_record($mobile_phone); return 0; }
/** * 保存用户收货地址 * * @access public * @param array $address array_keys(consignee string, email string, address string, zipcode string, tel string, mobile stirng, sign_building string, best_time string, order_id int) * @param int $user_id 用户ID * * @return boolen $bool */ function save_order_address($address, $user_id) { $GLOBALS['err']->clean(); /* 数据验证 */ empty($address['consignee']) and $GLOBALS['err']->add($GLOBALS['_LANG']['consigness_empty']); empty($address['address']) and $GLOBALS['err']->add($GLOBALS['_LANG']['address_empty']); $address['order_id'] == 0 and $GLOBALS['err']->add($GLOBALS['_LANG']['order_id_empty']); // 邮箱格式校验 if (!empty($address['email']) && !is_email($address['email'])) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['email_invalid'], $address['email'])); } // 手机号不能为空并且校验手机号码格式 if (empty($address['mobile'])) { $GLOBALS['err']->add($GLOBALS['_LANG']['mobile_phone_empty']); } else { if (!is_mobile_phone($address['mobile'])) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['mobile_phone_invalid'], $address['mobile'])); } } if ($GLOBALS['err']->error_no > 0) { return false; } /* 检查订单状态 */ $sql = "SELECT user_id, order_status FROM " . $GLOBALS['ecs']->table('order_info') . " WHERE order_id = '" . $address['order_id'] . "'"; $row = $GLOBALS['db']->getRow($sql); if ($row) { if ($user_id > 0 && $user_id != $row['user_id']) { $GLOBALS['err']->add($GLOBALS['_LANG']['no_priv']); return false; } if ($row['order_status'] != OS_UNCONFIRMED) { $GLOBALS['err']->add($GLOBALS['_LANG']['require_unconfirmed']); return false; } $GLOBALS['db']->autoExecute($GLOBALS['ecs']->table('order_info'), $address, 'UPDATE', "order_id = '{$address['order_id']}'"); return true; } else { /* 订单不存在 */ $GLOBALS['err']->add($GLOBALS['_LANG']['order_exist']); return false; } }
/** * 发送手机验证所需的短信验证码 */ function action_send_mobile_code() { $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; require_once ROOT_PATH . 'includes/lib_validate_record.php'; $mobile_phone = trim($_SESSION[VT_MOBILE_VALIDATE]); if (empty($mobile_phone)) { make_json_error("手机号不能为空"); } else { if (!is_mobile_phone($mobile_phone)) { make_json_error("手机号格式不正确"); } else { if (check_validate_record_exist($mobile_phone)) { // 获取数据库中的验证记录 $record = get_validate_record($mobile_phone); /** * 检查是过了限制发送短信的时间 */ $last_send_time = $record['last_send_time']; $expired_time = $record['expired_time']; $create_time = $record['create_time']; $count = $record['count']; // 每天每个手机号最多发送的验证码数量 $max_sms_count = 10; // 发送最多验证码数量的限制时间,默认为24小时 $max_sms_count_time = 60 * 60 * 24; if (time() - $last_send_time < 60) { make_json_error("每60秒内只能发送一次短信验证码,请稍候重试"); } else { if (time() - $create_time < $max_sms_count_time && $record['count'] > $max_sms_count) { make_json_error("您发送验证码太过于频繁,请稍后重试!"); } else { $count++; } } } } } require_once ROOT_PATH . 'includes/lib_passport.php'; // 设置为空 $_SESSION[VT_MOBILE_VALIDATE] = array(); require_once ROOT_PATH . 'sms/sms.php'; // 生成6位短信验证码 $mobile_code = rand_number(6); // 短信内容 $content = sprintf($_LANG['mobile_code_template'], $GLOBALS['_CFG']['shop_name'], $mobile_code, $GLOBALS['_CFG']['shop_name']); /* 发送激活验证邮件 */ $result = sendSMS($mobile_phone, $content); // $result = true; if ($result) { if (!isset($count)) { $ext_info = array("count" => 1); } else { $ext_info = array("count" => $count); } // 保存验证的手机号 $_SESSION[VT_MOBILE_VALIDATE] = $mobile_phone; // 保存验证信息 save_validate_record($mobile_phone, $mobile_code, VT_MOBILE_VALIDATE, time(), time() + 30 * 60, $ext_info); make_json_result('发送成功'); } else { make_json_error('短信验证码发送失败'); } }
function action_signin() { // 全局变量 // $user = $GLOBALS['user']; $_CFG = $GLOBALS['_CFG']; $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; if (!empty($_SESSION['captcha_word']) && intval($_CFG['captcha']) & CAPTCHA_ADMIN) { include_once ROOT_PATH . 'includes/cls_captcha.php'; /* 检查验证码是否正确 */ $validator = new captcha(); if (!empty($_POST['captcha']) && !$validator->check_word($_POST['captcha'])) { sys_msg($_LANG['captcha_error'], 1); } } $_POST['username'] = isset($_POST['username']) ? trim($_POST['username']) : ''; $_POST['password'] = isset($_POST['password']) ? trim($_POST['password']) : ''; $user_name = $_POST['username']; if (is_email($user_name)) { $sql = "select user_name from " . $ecs->table('supplier_admin_user') . " where email='" . $user_name . "'"; $username_email = $db->getOne($sql); if ($username_email) { $user_name = $username_email; } } else { if (is_mobile_phone($user_name)) { $sql = "select user_name from " . $ecs->table('supplier_admin_user') . " where mobile_phone='" . $user_name . "'"; $rows = $db->query($sql); $i = 0; while ($row = $db->fetchRow($rows)) { $username_mobile = $row['user_name']; $i = $i + 1; } if ($i > 1) { show_message('本网站有多个会员ID绑定了和您相同的手机号,请使用其他登录方式,如:邮箱或用户名。', $_LANG['relogin_lnk'], 'user.php', 'error'); } if (isset($username_mobile)) { $user_name = $username_mobile; } } } $sql = "SELECT `ec_salt` FROM " . $ecs->table('supplier_admin_user') . " WHERE user_name = '" . $user_name . "'"; $ec_salt = $db->getOne($sql); if (!empty($ec_salt)) { /* 检查密码是否正确 */ $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,supplier_id,ec_salt" . " FROM " . $ecs->table('supplier_admin_user') . " WHERE user_name = '" . $user_name . "' AND password = '******'password']) . $ec_salt) . "' AND checked=1"; } else { /* 检查密码是否正确 */ $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,supplier_id,ec_salt" . " FROM " . $ecs->table('supplier_admin_user') . " WHERE user_name = '" . $user_name . "' AND password = '******'password']) . "' AND checked=1"; } $row = $db->getRow($sql); if ($row) { // 登录成功 // set_admin_session($row['user_id'], $row['user_name'], // $row['action_list'], $row['last_login']); $_SESSION['supplier_id'] = $row['supplier_id']; // 店铺的id $_SESSION['supplier_user_id'] = $row['user_id']; // 管理员id $_SESSION['supplier_name'] = $row['user_name']; // 管理员名称 $_SESSION['supplier_action_list'] = $row['action_list']; // 管理员权限 $_SESSION['supplier_last_check'] = $row['last_login']; // 用于保存最后一次检查订单的时间 $new_possword = $row['password']; if (empty($row['ec_salt'])) { $ec_salt = rand(1, 9999); $new_possword = md5(md5($_POST['password']) . $ec_salt); $db->query("UPDATE " . $ecs->table('supplier_admin_user') . " SET ec_salt='" . $ec_salt . "', password='******'" . " WHERE user_id='{$_SESSION['admin_id']}'"); } if ($row['action_list'] == 'all') { $_SESSION['supplier_admin_id'] = $row['user_id']; // 超级管理员的标识管理员id $_SESSION['supplier_shop_guide'] = true; // 超级管理员标识 } // 更新最后登录时间和IP $db->query("UPDATE " . $ecs->table('supplier_admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['supplier_user_id']}'"); if (isset($_POST['remember'])) { $time = gmtime() + 3600 * 24 * 365; setcookie('ECSCP[supplier_id]', $row['supplier_id'], $time); setcookie('ECSCP[supplier_user_id]', $row['user_id'], $time); setcookie('ECSCP[supplier_pass]', md5($new_possword . $_CFG['hash_code']), $time); } // 清除购物车中过期的数据 clear_cart(); ecs_header("Location: ./index.php\n"); exit; } else { sys_msg($_LANG['login_faild'], 1); } /* * * $sql="SELECT `ec_salt` FROM ". $ecs->table('users') ."WHERE user_name = * '" . $_POST['username']."'"; * $ec_salt =$db->getOne($sql); * if(!empty($ec_salt)) * { * // 检查密码是否正确 * $sql = "SELECT user_id, user_name, password, last_login, ec_salt". * " FROM " . $ecs->table('users') . * " WHERE user_name = '" . $_POST['username']. "' AND password = '******'password']).$ec_salt) . "'"; * } * else * { * // 检查密码是否正确 * $sql = "SELECT user_id, user_name, password, last_login, ec_salt". * " FROM " . $ecs->table('users') . * " WHERE user_name = '" . $_POST['username']. "' AND password = '******'password']) . "'"; * } * $row = $db->getRow($sql); * if ($row) * { * // 检查是否为供货商的管理员 * if (!empty($row['user_id'])) * { * $supplier_id = $db->getOne( "select supplier_id from ". * $ecs->table("supplier") ." where status='1' and user_id=" . * $row['user_id']); * if (empty($supplier_id)) * { * sys_msg("对不起,无效的供货商用户!", 1); * } * } * * // 登录成功 * $_SESSION['supplier_id'] = $supplier_id; * $_SESSION['supplier_user_id'] = $row['user_id']; * $_SESSION['supplier_name'] = $row['user_name']; * * * if (isset($_POST['remember'])) * { * $time = gmtime() + 3600 * 24 * 365; * setcookie('ECSCP[supplier_id]', $supplier_id, $time); * setcookie('ECSCP[supplier_user_id]', $row['user_id'], $time); * setcookie('ECSCP[supplier_pass]', md5($row['password'] . * $_CFG['hash_code']), $time); * } * * // 清除购物车中过期的数据 * clear_cart(); * * ecs_header("Location: ./index.php\n"); * * exit; * } * else * { * sys_msg($_LANG['login_faild'], 1); * } */ }
function action_edit_mobile_phone() { // 全局变量 $user = $GLOBALS['user']; $_CFG = $GLOBALS['_CFG']; $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; $user_id = $_SESSION['user_id']; /* 检查权限 */ check_authz_json('users_manage'); $id = empty($_REQUEST['id']) ? 0 : intval($_REQUEST['id']); $mobile_phone = empty($_REQUEST['val']) ? '' : json_str_iconv(trim($_REQUEST['val'])); $users =& init_users(); $sql = "SELECT user_name FROM " . $ecs->table('users') . " WHERE user_id = '{$id}'"; $username = $db->getOne($sql); if (is_mobile_phone($mobile_phone)) { if ($users->edit_user(array('username' => $username, 'mobile_phone' => $mobile_phone))) { admin_log(addslashes($username), 'edit', 'users'); make_json_result(stripcslashes($mobile_phone)); } else { $msg = $users->error == ERR_MOBILE_PHONE_EXISTS ? $GLOBALS['_LANG']['mobile_phone_exists'] : $GLOBALS['_LANG']['edit_user_failed']; make_json_error($msg); } } else { make_json_error($GLOBALS['_LANG']['invalid_mobile_phone']); } }