$error = 'reCAPTCHA Invalido'; } else { if (User::login($_POST['user'], $_POST['pass'])) { header('location: login.php'); } else { $error = 'Usuario o clave Inválida'; } } } else { if ($_GET['op'] == 'forgot') { if (!checkRecaptchar(RECAPTCHAR_SECRET, $_POST['g-recaptcha-response'])) { $error = 'reCAPTCHA Inválido'; } else { $userForgot = User::getUserByUsername($_POST['user']); if (!$userForgot) { $userForgot = User::getUserByMail(strtolower($_POST['user'])); } if ($userForgot) { $newPassword = User::generateRandomPassword(8); if (User::updateUser($userForgot->id, $userForgot->rol, $userForgot->mail, $newPassword)) { $msj = 'Se le envió un correo electrónico con su nueva clave.'; email($userForgot->mail, 'Nueva Clave', 'Sr(a). ' . $userForgot->name . ',<br /><br />Su nueva clave de ingreso al sistema es: <b>' . $newPassword . '</b>'); } else { $error = 'Ocurrió un error interno, intente más tarde.'; } } else { $error = 'Usuario o E-Mail no está registrado'; } } } else { if ($_GET['op'] == 'register') {
$res['action'] = 'resend'; } } if ($method == 'resend') { //Captcha Validate require_once PHP_BASE_DIR . "/securimage/securimage.php"; $img = new Securimage(); if ($img->check($captcha) == false) { $res['message'] = '验证码错误!'; $res['action'] = 'resend'; } else { $db = new MySQL($log); if ($mysqli = $db->openDB()) { $user = new User($mysqli, $log); $invitation = new Invitation($mysqli, $log); if ($user->getUserByMail($email)) { if ($user->status == 2) { $s_email = $email; $email_code = $invitation->genEmailValidateCode($user->id); $saemail = new SaeMail(); if ($saemail) { //sea maill $message = "尊敬的XSSRAT用户 \r\n\t\t\t您好,欢迎您使用XSSRAT。XSSRAT是一个开放性的Web前端漏洞利用平台,您可以使用该平台进行一些Web前端漏洞的测试,并可以贡献自己的模块供其他用户使用。\r\n\t\t\t本平台是一个开放性的平台,可用于渗透测试或漏洞挖掘过程中,以提高Web应用的安全性,本身不具有任何恶意性。请勿将该平台用于非法用途,否则后果自负!\r\n\t\t\t请访问以下链接激活您的账号:\t\t\t\t\t\r\n\t\t\thttp://xssrat.sinaapp.com/activating.php?code=" . $email_code . "&id=" . $user->id . "&method=active\t\r\n\t\t\r\n\t\t\thttp://xssrat.sinaapp.com\r\n\t\t\tMak3 hack m0r3 c00l!"; $ret = $saemail->quickSend($email, 'XSSRAT 用户验证', $message, MAIL_ACCOUNT, MAIL_PASS); $reg_info = array('username' => htmlspecialchars($user->username, ENT_QUOTES), 'email' => htmlspecialchars($user->email, ENT_QUOTES)); $_SESSION["reg_info"] = $reg_info; if ($ret) { $res['result'] = true; $res['message'] = '邮件已发出,请您及时查收,若您一直未收到,请稍后重新发送!'; $res['action'] = 'resend'; }
static function addUser($us) { global $db; if (is_array($us)) { $t = new CUser(); $t->user = $us['user']; $t->mail = $us['mail']; $t->pass = $us['pass']; $t->name = $us['name']; $t->rol = $us['rol']; $us = $t; } if ($us instanceof CUser) { if (User::getUserByUsername($us->user)) { return E_USER_EXIST; } if (User::getUserByMail(strtolower($us->mail))) { return E_MAIL_EXIST; } if ($db->qs("INSERT INTO user (user,pass,mail,name,rol) VALUES ('%s','%s','%s','%s','%d')", array(strtolower(secInjection($us->user)), md5($us->pass . strtolower($us->user) . User::$keySecurity), strtolower(secInjection($us->mail)), secInjection($us->name), intval($us->rol)))) { return OK; } else { return E_SQL_ERROR; } } return E_FORMAT_INVALID; }
$_SESSION["erreur"][] = "Vous devez renseigner un mot de passe 'password'"; } if (isset($_SESSION["erreur"])) { header("Location: /Erreur"); } if (empty($_POST["login"])) { $_SESSION["erreur"][] = "Vous devez compléter le champ mail ou pseudo"; } if (empty($_POST["password"])) { $_SESSION["erreur"][] = "Vous devez compléter le champ mot de passe"; } if (isset($_SESSION["erreur"])) { header("Location: /Erreur"); } if (filter_var($_POST["login"], FILTER_VALIDATE_EMAIL)) { $user = User::getUserByMail($_POST["login"]); } else { $user = User::getUserByPseudo($_POST["login"]); } if (!$user) { $_SESSION["erreur"][401] = "Impossible de vous authentifier, merci de vérifier vos identifiants."; header("Location: /Erreur"); } else { if ($user->getPassword() != sha1($_POST["password"])) { $_SESSION["erreur"][401] = "Impossible de vous authentifier, merci de vérifier vos identifiants."; header("Location: /Erreur"); } else { $user->setIsOnline(1); $user->save(); $_SESSION["user"] = $user; header("Location: /Portail");