function weixin_oauth($callback, $scope = 'BASE') { global $db; $rs = $db->getRow("SELECT * FROM `wxch_config` WHERE `id` = 1"); $param['appid'] = $rs['appid']; $oauth = intval($_REQUEST['oauth']); if ($oauth == 0) { $param['redirect_uri'] = $callback . (strpos($callback, '?') > 0 ? '&' : '?') . 'oauth=1'; $param['response_type'] = 'code'; if ($scope == 'INFO') { $param['scope'] = 'snsapi_userinfo'; } else { $param['scope'] = 'snsapi_base'; } $url = 'https://open.weixin.qq.com/connect/oauth2/authorize?' . http_build_query($param) . '#wechat_redirect'; ecs_header("Location: {$url}\n"); exit; } elseif ($oauth == 1) { $param['secret'] = $rs['appsecret']; $param['code'] = $_REQUEST['code']; $param['grant_type'] = 'authorization_code'; $url = 'https://api.weixin.qq.com/sns/oauth2/access_token?' . http_build_query($param); $content = file_get_contents($url); $token = json_decode($content, true); $user_info = $db->getRow("SELECT * FROM `wxch_user` WHERE `wxid` = '{$token[openid]}'"); if (empty($user_info)) { //register if (register_openid($token['openid'])) { $user_info = $GLOBALS['user']->get_user_info($user_info['openid']); } else { return false; } } else { //login $user_info = $GLOBALS['user']->get_profile_by_id($user_info['uid']); if (!empty($user_info) && $user_info['status'] == 1) { $GLOBALS['user']->set_session($user_info); $GLOBALS['user']->set_cookie($user_info, TRUE); update_user_info(); // 更新用户信息 update_user_cart(); recalculate_price(); // 重新计算购物车中的商品价格 } else { return false; } } if ($token['scope'] == 'snsapi_userinfo') { $url = "https://api.weixin.qq.com/sns/userinfo?access_token={$token[access_token]}&openid={$token[openid]}&lang=zh_CN"; $content = file_get_contents($url); $info = json_decode($content, true); // 更新微信用户数据 $db->autoExecute('wxch_user', array('nickname' => $info['nickname'], 'sex' => $info['sex'], 'city' => $info['city'], 'country' => $info['country'], 'province' => $info['province'], 'language' => $info['language'], 'headimgurl' => $info['headimgurl'], 'dateline' => time()), 'UPDATE', 'uid = ' . $user_info['uid']); } $_SESSION['openid'] = $token['openid']; return $user_info; } }
die($json->encode($result)); } /* 检查验证码 */ include_once 'includes/cls_captcha.php'; $validator = new captcha(); $validator->session_word = 'captcha_login'; if (!$validator->check_word($_POST['captcha'])) { $result['error'] = 1; $result['content'] = $_LANG['invalid_captcha']; die($json->encode($result)); } } if ($user->login($username, $password)) { update_user_info(); //更新用户信息 recalculate_price(); // 重新计算购物车中的商品价格 $smarty->assign('user_info', get_user_info()); $ucdata = empty($user->ucdata) ? "" : $user->ucdata; $result['ucdata'] = $ucdata; $result['content'] = $smarty->fetch('library/member_info.lbi'); } else { $_SESSION['login_fail']++; if ($_SESSION['login_fail'] > 2) { $smarty->assign('enabled_captcha', 1); $result['html'] = $smarty->fetch('library/member_info.lbi'); } $result['error'] = 1; $result['content'] = $_LANG['login_failure']; } die($json->encode($result));
function action_signin() { // 获取全局变量 $user = $GLOBALS['user']; $_CFG = $GLOBALS['_CFG']; $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; $user_id = $_SESSION['user_id']; include_once 'includes/cls_json.php'; $json = new JSON(); $username = !empty($_POST['username']) ? json_str_iconv(trim($_POST['username'])) : ''; $password = !empty($_POST['password']) ? trim($_POST['password']) : ''; $captcha = !empty($_POST['captcha']) ? json_str_iconv(trim($_POST['captcha'])) : ''; $result = array('error' => 0, 'content' => ''); $captcha = intval($_CFG['captcha']); if ($captcha & CAPTCHA_LOGIN && (!($captcha & CAPTCHA_LOGIN_FAIL) || $captcha & CAPTCHA_LOGIN_FAIL && $_SESSION['login_fail'] > 2) && gd_version() > 0) { if (empty($captcha)) { $result['error'] = 1; $result['content'] = $_LANG['invalid_captcha']; die($json->encode($result)); } /* 检查验证码 */ include_once 'includes/cls_captcha.php'; $validator = new captcha(); $validator->session_word = 'captcha_login'; if (!$validator->check_word($_POST['captcha'])) { $result['error'] = 1; $result['content'] = $_LANG['invalid_captcha']; die($json->encode($result)); } } if ($user->login($username, $password)) { update_user_info(); // 更新用户信息 recalculate_price(); // 重新计算购物车中的商品价格 $smarty->assign('user_info', get_user_info()); $ucdata = empty($user->ucdata) ? "" : $user->ucdata; $result['ucdata'] = $ucdata; $result['content'] = $smarty->fetch('library/member_info.lbi'); } else { $_SESSION['login_fail']++; if ($_SESSION['login_fail'] > 2) { $smarty->assign('enabled_captcha', 1); $result['html'] = $smarty->fetch('library/member_info.lbi'); } $result['error'] = 1; $result['content'] = $_LANG['login_failure']; } die($json->encode($result)); }
/** * 用户注册,登录函数 * * @access public * @param string $username 注册用户名 * @param string $password 用户密码 * @param string $email 注册email * @param array $other 注册的其他信息 * * @return bool $bool */ function register($username, $password, $other = array()) { /* 检查注册是否关闭 */ if (!empty($GLOBALS['_CFG']['shop_reg_closed'])) { $GLOBALS['err']->add($GLOBALS['_LANG']['shop_register_closed']); } /* 检查username */ if (empty($username)) { $GLOBALS['err']->add($GLOBALS['_LANG']['username_empty']); } else { if (preg_match('/\'\\/^\\s*$|^c:\\\\con\\\\con$|[%,\\*\\"\\s\\t\\<\\>\\&\'\\\\]/', $username)) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['username_invalid'], htmlspecialchars($username))); } } /* 检查是否和管理员重名 */ if (admin_registered($username)) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['username_exist'], $username)); return false; } if (!$GLOBALS['user']->add_user($username, $password, $email)) { if ($GLOBALS['user']->error == ERR_INVALID_USERNAME) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['username_invalid'], $username)); } elseif ($GLOBALS['user']->error == ERR_USERNAME_NOT_ALLOW) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['username_not_allow'], $username)); } elseif ($GLOBALS['user']->error == ERR_USERNAME_EXISTS) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['username_exist'], $username)); } else { $GLOBALS['err']->add('UNKNOWN ERROR!'); } //注册失败 return false; } else { //注册成功 /* 设置成登录状态 */ $GLOBALS['user']->set_session($username); $GLOBALS['user']->set_cookie($username); /* 注册送积分 */ if (!empty($GLOBALS['_CFG']['register_points'])) { log_account_change($_SESSION['user_id'], 0, 0, $GLOBALS['_CFG']['register_points'], $GLOBALS['_CFG']['register_points'], $GLOBALS['_LANG']['register_points']); } /*推荐处理*/ $affiliate = unserialize($GLOBALS['_CFG']['affiliate']); if (isset($affiliate['on']) && $affiliate['on'] == 1) { // 推荐开关开启 $up_uid = get_affiliate(); empty($affiliate) && ($affiliate = array()); $affiliate['config']['level_register_all'] = intval($affiliate['config']['level_register_all']); $affiliate['config']['level_register_up'] = intval($affiliate['config']['level_register_up']); if ($up_uid) { if (!empty($affiliate['config']['level_register_all'])) { if (!empty($affiliate['config']['level_register_up'])) { $rank_points = $GLOBALS['db']->getOne("SELECT rank_points FROM " . $GLOBALS['ecs']->table('users') . " WHERE user_id = '{$up_uid}'"); if ($rank_points + $affiliate['config']['level_register_all'] <= $affiliate['config']['level_register_up']) { log_account_change($up_uid, 0, 0, $affiliate['config']['level_register_all'], 0, sprintf($GLOBALS['_LANG']['register_affiliate'], $_SESSION['user_id'], $username)); } } else { log_account_change($up_uid, 0, 0, $affiliate['config']['level_register_all'], 0, $GLOBALS['_LANG']['register_affiliate']); } } //设置推荐人 $sql = 'UPDATE ' . $GLOBALS['ecs']->table('users') . ' SET parent_id = ' . $up_uid . ' WHERE user_id = ' . $_SESSION['user_id']; $GLOBALS['db']->query($sql); } } //定义other合法的变量数组 $other_key_array = array('msn', 'qq', 'office_phone', 'home_phone', 'mobile_phone', 'sina_weibo_id'); $update_data['reg_time'] = local_strtotime(local_date('Y-m-d H:i:s')); if ($other) { foreach ($other as $key => $val) { //删除非法key值 if (!in_array($key, $other_key_array)) { unset($other[$key]); } else { $other[$key] = htmlspecialchars(trim($val)); //防止用户输入javascript代码 } } $update_data = array_merge($update_data, $other); } $GLOBALS['db']->autoExecute($GLOBALS['ecs']->table('users'), $update_data, 'UPDATE', 'user_id = ' . $_SESSION['user_id']); update_user_info(); // 更新用户信息 recalculate_price(); // 重新计算购物车中的商品价格 return true; } }
/* 检查验证码 */ include_once('includes/cls_captcha.php'); $validator = new captcha(); $validator->session_word = 'captcha_login'; if (!$validator->check_word($_POST['captcha'])) { show_message($_LANG['invalid_captcha']); } } if ($user->login($_POST['username'], $_POST['password'],isset($_POST['remember']))) { update_user_info(); //更新用户信息 recalculate_price(); // 重新计算购物车中的商品价格 /* 检查购物车中是否有商品 没有商品则跳转到首页 */ $sql = "SELECT COUNT(*) FROM " . $ecs->table('cart') . " WHERE session_id = '" . SESS_ID . "' "; if ($db->getOne($sql) > 0) { ecs_header("Location: flow.php?step=checkout\n"); } else { ecs_header("Location:index.php\n"); } exit; } else
/** * 处理会员登录 */ function action_act_login() { $user_id = $_SESSION['user_id']; $smarty = get_smarty(); $ecs = get_ecs(); $db = get_database(); /* 处理会员的登录 */ $username = isset($_POST['username']) ? trim($_POST['username']) : ''; $password = isset($_POST['password']) ? trim($_POST['password']) : ''; $back_act = isset($_POST['back_act']) ? trim($_POST['back_act']) : ''; $captcha = intval($_CFG['captcha']); if ($captcha & CAPTCHA_LOGIN && (!($captcha & CAPTCHA_LOGIN_FAIL) || $captcha & CAPTCHA_LOGIN_FAIL && $_SESSION['login_fail'] > 2) && gd_version() > 0) { if (empty($_POST['captcha'])) { $smarty->assign('lang', $_LANG); $smarty->assign('action', 'login'); $smarty->assign('error', $_LANG['invalid_captcha']); $smarty->display('chat_passport.dwt'); return; } /* 检查验证码 */ include_once 'includes/cls_captcha.php'; $validator = new captcha(); $validator->session_word = 'captcha_login'; if (!$validator->check_word($_POST['captcha'])) { $smarty->assign('lang', $_LANG); $smarty->assign('action', 'login'); $smarty->assign('error', $_LANG['invalid_captcha']); $smarty->display('chat_passport.dwt'); return; } } if (is_email($username)) { $sql = "select user_name from " . $ecs->table('users') . " where email='" . $username . "'"; $username_e = $db->getOne($sql); if ($username_e) { $username = $username_e; } } if (is_telephone($username)) { $sql = "select user_name from " . $ecs->table('users') . " where mobile_phone='" . $username . "'"; $username_res = $db->query($sql); $kkk = 0; while ($username_row = $db->fetchRow($username_res)) { $username_e = $username_row['user_name']; $kkk = $kkk + 1; } if ($kkk > 1) { $smarty->assign('lang', $_LANG); $smarty->assign('action', 'login'); $smarty->assign('error', '本网站有多个会员ID绑定了和您相同的手机号,请使用其他登录方式,如:邮箱或用户名。'); $smarty->display('chat_passport.dwt'); return; } if ($username_e) { $username = $username_e; } } if ($GLOBALS['user']->login($username, $password, isset($_POST['remember']))) { update_user_info(); recalculate_price(); // 登录成功 $ucdata = isset($user->ucdata) ? $user->ucdata : ''; // show_message($_LANG['login_success'] . $ucdata , // array($_LANG['back_up_page'], $_LANG['profile_lnk']), // array($back_act,'user.php'), 'info'); // 刷新user_id $user_id = $_SESSION['user_id']; header('Location: chat.php?act=chat'); } else { $_SESSION['login_fail']++; $smarty->assign('lang', $_LANG); $smarty->assign('action', 'login'); $smarty->assign('error', $_LANG['login_failure']); $smarty->display('chat_passport.dwt'); return; } }
/** * 用户注册,登录函数 * * @access public * @param string $username 注册用户名 * @param string $password 用户密码 * @param string $email 注册email * @param array $other 注册的其他信息 * * @return bool $bool */ function register($username, $password, $email, $other = array()) { /* 检查注册是否关闭 */ if (!empty($GLOBALS['_CFG']['shop_reg_closed'])) { $GLOBALS['err']->add($GLOBALS['_LANG']['shop_register_closed']); } /* 检查username */ if (empty($username)) { $GLOBALS['err']->add($GLOBALS['_LANG']['username_empty']); } else { if (preg_match('/\'\\/^\\s*$|^c:\\\\con\\\\con$|[%,\\*\\"\\s\\t\\<\\>\\&\'\\\\]/', $username)) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['username_invalid'], htmlspecialchars($username))); } } /* 检查email */ if (empty($email)) { $GLOBALS['err']->add($GLOBALS['_LANG']['email_empty']); } else { if (!is_email($email)) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['email_invalid'], htmlspecialchars($email))); } } if ($GLOBALS['err']->error_no > 0) { return false; } /* 检查是否和管理员重名 */ if (admin_registered($username)) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['username_exist'], $username)); return false; } if (!$GLOBALS['user']->add_user($username, $password, $email)) { if ($GLOBALS['user']->error == ERR_INVALID_USERNAME) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['username_invalid'], $username)); } elseif ($GLOBALS['user']->error == ERR_USERNAME_NOT_ALLOW) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['username_not_allow'], $username)); } elseif ($GLOBALS['user']->error == ERR_USERNAME_EXISTS) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['username_exist'], $username)); } elseif ($GLOBALS['user']->error == ERR_INVALID_EMAIL) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['email_invalid'], $email)); } elseif ($GLOBALS['user']->error == ERR_EMAIL_NOT_ALLOW) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['email_not_allow'], $email)); } elseif ($GLOBALS['user']->error == ERR_EMAIL_EXISTS) { $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['email_exist'], $email)); } else { $GLOBALS['err']->add('UNKNOWN ERROR!'); } //注册失败 return false; } else { //注册成功 /* 设置成登录状态 */ $GLOBALS['user']->set_session($username); $GLOBALS['user']->set_cookie($username); /* 注册送积分 */ if (!empty($GLOBALS['_CFG']['register_points'])) { log_account_change($_SESSION['user_id'], 0, 0, $GLOBALS['_CFG']['register_points'], $GLOBALS['_CFG']['register_points'], $GLOBALS['_LANG']['register_points']); } /*推荐处理*/ $affiliate = unserialize($GLOBALS['_CFG']['affiliate']); if (isset($affiliate['on']) && $affiliate['on'] == 1) { // 推荐开关开启 $up_uid = get_affiliate(); empty($affiliate) && ($affiliate = array()); $affiliate['config']['level_register_all'] = intval($affiliate['config']['level_register_all']); $affiliate['config']['level_register_up'] = intval($affiliate['config']['level_register_up']); if ($up_uid) { if (!empty($affiliate['config']['level_register_all'])) { if (!empty($affiliate['config']['level_register_up'])) { $rank_points = $GLOBALS['db']->getOne("SELECT rank_points FROM " . $GLOBALS['ecs']->table('users') . " WHERE user_id = '{$up_uid}'"); if ($rank_points + $affiliate['config']['level_register_all'] <= $affiliate['config']['level_register_up']) { log_account_change($up_uid, 0, 0, $affiliate['config']['level_register_all'], 0, sprintf($GLOBALS['_LANG']['register_affiliate'], $_SESSION['user_id'], $username)); } } else { log_account_change($up_uid, 0, 0, $affiliate['config']['level_register_all'], 0, $GLOBALS['_LANG']['register_affiliate']); } } //设置推荐人 $sql = 'UPDATE ' . $GLOBALS['ecs']->table('users') . ' SET parent_id = ' . $up_uid . ' WHERE user_id = ' . $_SESSION['user_id']; $GLOBALS['db']->query($sql); } } //定义other合法的变量数组 $other_key_array = array('msn', 'qq', 'office_phone', 'home_phone', 'mobile_phone'); $update_data['reg_time'] = local_strtotime(local_date('Y-m-d H:i:s')); if ($other) { foreach ($other as $key => $val) { //删除非法key值 if (!in_array($key, $other_key_array)) { unset($other[$key]); } else { $other[$key] = htmlspecialchars(trim($val)); //防止用户输入javascript代码 } } $update_data = array_merge($update_data, $other); } $GLOBALS['db']->autoExecute($GLOBALS['ecs']->table('users'), $update_data, 'UPDATE', 'user_id = ' . $_SESSION['user_id']); update_user_info(); // 更新用户信息 recalculate_price(); // 重新计算购物车中的商品价格 /*ross 跟踪订单 */ /* 取得订单来源 */ $username1 = $_SESSION['user_name']; if (isset($_COOKIE['request_info'])) { $request_info = unserialize(strtr($_COOKIE['request_info'], array("\\" => ""))); $from_cat = 1; $sql = "INSERT INTO " . "jindong_tongji " . "(order_sn, user_name,start_time,end_time,host,ip,start_url,end_url,from_cat) value('" . $order['order_sn'] . "','" . $username1 . "','" . $request_info['time'] . "','" . gmtime() . "','" . $request_info['host'] . "','" . $_SERVER['REMOTE_ADDR'] . "','" . $request_info['start_url'] . "','" . $request_info['end_url'] . "','" . $from_cat . "')"; } else { $sql = "INSERT INTO " . "jindong_tongji " . "(order_sn, user_name,start_time,end_time,host,ip,start_url,end_url,from_cat) value('" . $order['order_sn'] . "','" . $username1 . "','" . gmtime() . "','" . gmtime() . "','本站','" . $_SERVER['REMOTE_ADDR'] . "','本站','本站',1)"; } $GLOBALS['db']->query($sql); /*ross 跟踪订单 end */ return true; } }