public function verify()
{
if (!IsGet('key') or !IsGet('sid')) {
$this->out('邮件验证参数非法!');
}
$key = ForceStringFrom('key');
$sid = ForceStringFrom('sid');
if (!$key or !$sid) {
$this->out('邮件验证参数非法!');
}
$email = base64_decode($key);
if (!IsEmail($email)) {
$this->out('Email地址非法!');
}
if (!($user = APP::$DB->getOne("SELECT u.aid, u.username, u.password, u.fullname, u.verifycode FROM " . TABLE_PREFIX . "admin u WHERE u.email = '{$email}' AND u.activated = 1"))) {
$this->out('Email地址不存在!');
} else {
$code = md5($user['fullname'] . WEBSITE_KEY . $user['password'] . $user['verifycode']);
if ($sid != $code) {
$this->out('链接请求的验证码错误!');
}
$newpass = PassGen(8);
$backend_url = BASEURL . ADMINDIR . '/';
$subject = '您的新密码 -- ' . APP::$_CFG['Title'];
$content = "{$user['fullname']}:<br><br>您好! <br><br>您的登录名是: {$user['username']}<br>您的新密码是:{$newpass}<br><br>";
$content .= "请点击以下链接登录后台管理:<br><br><a href=\"{$backend_url}\" target=\"_blank\">{$backend_url}</a><br><br>";
if (SendMail($email, $subject, $content) === true) {
//邮件发送成功后才更新用户密码, 清空验证码防止重复点击邮件中更新密码的链接
APP::$DB->exe("UPDATE " . TABLE_PREFIX . "admin SET password = '******', verifycode = '' WHERE aid = '{$user['aid']}'");
$this->out('新密码已发送到您的邮箱, 请查收!', 0);
} else {
$this->out('发送邮件失败! 请尝试刷新当前页面.');
}
}
}
public function save()
{
$aid = $this->admin['aid'];
$password = ForceStringFrom('password');
$passwordconfirm = ForceStringFrom('passwordconfirm');
$email = ForceStringFrom('email');
$fullname = ForceStringFrom('fullname');
$fullname_en = ForceStringFrom('fullname_en');
if (strlen($password) or strlen($passwordconfirm)) {
if (strcmp($password, $passwordconfirm)) {
$errors[] = '两次输入的密码不相同!';
}
}
if (!$email) {
$errors[] = '请输入Email地址!';
} elseif (!IsEmail($email)) {
$errors[] = 'Email地址不规范!';
} elseif (APP::$DB->getOne("SELECT aid FROM " . TABLE_PREFIX . "admin WHERE email = '{$email}' AND aid != '{$aid}'")) {
$errors[] = 'Email地址已占用!';
}
if (!$fullname) {
$errors[] = '请输入中文昵称!';
}
if (!$fullname_en) {
$errors[] = '请输入英文昵称!';
}
if (isset($errors)) {
Error($errors, '编辑我的信息错误');
} else {
APP::$DB->exe("UPDATE " . TABLE_PREFIX . "admin SET \r\n\t\t\t" . Iif($password, "password = '******',") . "\r\n\t\t\temail = '{$email}',\r\n\t\t\tfullname = '{$fullname}',\r\n\t\t\tfullname_en = '{$fullname_en}'\r\n\t\t\tWHERE aid = '{$aid}'");
Success('myprofile');
}
}
public function save()
{
$gid = ForceIntFrom('gid');
$email = ForceStringFrom('email');
$fullname = ForceStringFrom('fullname');
$phone = ForceStringFrom('phone');
$address = ForceStringFrom('address');
$remark = ForceStringFrom('remark');
if (!IsEmail($email)) {
Error('Email地址不规范', '编辑客人错误');
}
APP::$DB->exe("UPDATE " . TABLE_PREFIX . "guest SET fullname = '{$fullname}',\n\t\taddress = '{$address}',\n\t\tphone = '{$phone}',\n\t\temail = '{$email}',\n\t\tremark = '{$remark}'\n\t\tWHERE gid = '{$gid}'");
Success('guests');
}
}
/*
* Cette fonction sert à vérifier la syntaxe d'un email
*/
function IsEmail($email)
{
$value = preg_match('/^(?:[\\w\\!\\#\\$\\%\\&\'\\*\\+\\-\\/\\=\\?\\^\\`\\{\\|\\}\\~]+\\.)*[\\w\\!\\#\\$\\%\\&\'\\*\\+\\-\\/\\=\\?\\^\\`\\{\\|\\}\\~]+@(?:(?:(?:[a-zA-Z0-9_](?:[a-zA-Z0-9_\\-](?!\\.)){0,61}[a-zA-Z0-9_-]?\\.)+[a-zA-Z0-9_](?:[a-zA-Z0-9_\\-](?!$)){0,61}[a-zA-Z0-9_]?)|(?:\\[(?:(?:[01]?\\d{1,2}|2[0-4]\\d|25[0-5])\\.){3}(?:[01]?\\d{1,2}|2[0-4]\\d|25[0-5])\\]))$/', $email);
return $value === 0 || $value === false ? false : true;
}
// formulaire envoyé, on récupère tous les champs.
$nom = isset($_POST['name']) ? Rec($_POST['name']) : '';
$email = isset($_POST['email']) ? Rec($_POST['email']) : '';
$objet = isset($_POST['objet']) ? Rec($_POST['objet']) : "Demande d'informations";
$message = isset($_POST['message']) ? Rec($_POST['message']) : '';
// On va vérifier les variables et l'email ...
$email = IsEmail($email) ? $email : '';
// soit l'email est vide si erroné, soit il vaut l'email entré
$err_formulaire = false;
// sert pour remplir le formulaire en cas d'erreur si besoin
if (isset($_POST['send'])) {
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
$headers .= "From: <*****@*****.**>\n";
$headers .= "X-Priority: 1\n";
echo $nom;
echo $email;
echo $objet;
echo $message;
if ($nom != '' && $email != '' && $objet != '' && $message != '') {
// les 4 variables sont remplies, on génère puis envoie le mail
$headers = 'From:' . $nom . ' <' . $email . '>' . "\r\n";
$code = ForceStringFrom('code');
$decode = authcode($code, 'DECODE', $key);
if ($decode != md5(WEBSITE_KEY . $_CFG['KillRobotCode'])) {
die($json->encode($ajax));
//验证码过期
}
$fullname = ForceStringFrom('fullname');
$email = ForceStringFrom('email');
$phone = ForceStringFrom('phone');
$content = ForceStringFrom('content');
$vid = ForceIntFrom('vid');
$vvc = ForceIntFrom('vvc');
if (!$fullname or strlen($fullname) > 90) {
$ajax['s'] = 2;
die($json->encode($ajax));
} elseif (!IsEmail($email)) {
$ajax['s'] = 3;
die($json->encode($ajax));
} elseif (!$content or strlen($content) > 1800) {
$ajax['s'] = 4;
die($json->encode($ajax));
} elseif (!checkVVC($vid, $vvc)) {
$ajax['s'] = 5;
die($json->encode($ajax));
}
$gid = ForceIntFrom('gid');
$ip = GetIP();
$DB->exe("INSERT INTO " . TABLE_PREFIX . "comment (gid, fullname, ip, phone, email, content, time) VALUES ('{$gid}', '{$fullname}', '{$ip}', '{$phone}', '{$email}', '{$content}', '" . time() . "')");
$ajax['s'] = 1;
die($json->encode($ajax));
}
$Password2 = '';
$VerifyCode = '';
$Message = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!ReferCheck($_POST['FormHash'])) {
AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403);
}
$UserName = strtolower(Request('Post', 'UserName'));
$Email = strtolower(Request('Post', 'Email'));
$Password = Request('Post', 'Password');
$Password2 = Request('Post', 'Password2');
$VerifyCode = intval(Request('Post', 'VerifyCode'));
if ($UserName && $Email && $Password && $Password2 && $VerifyCode) {
if ($Password === $Password2) {
if (IsName($UserName)) {
if (IsEmail($Email)) {
session_start();
if (isset($_SESSION[$Prefix . 'VerificationCode']) && $VerifyCode === intval($_SESSION[$Prefix . 'VerificationCode'])) {
$UserExist = $DB->single("SELECT ID FROM " . $Prefix . "users WHERE UserName = :UserName", array('UserName' => $UserName));
if (!$UserExist) {
$NewUserSalt = mt_rand(100000, 999999);
$NewUserPassword = md5(md5($Password) . $NewUserSalt);
$NewUserData = array('ID' => null, 'UserName' => $UserName, 'Salt' => $NewUserSalt, 'Password' => $NewUserPassword, 'UserMail' => $Email, 'UserHomepage' => '', 'PasswordQuestion' => '', 'PasswordAnswer' => '', 'UserSex' => 0, 'NumFavUsers' => 0, 'NumFavTags' => 0, 'NumFavTopics' => 0, 'NewMessage' => 0, 'Topics' => 0, 'Replies' => 0, 'Followers' => 0, 'DelTopic' => 0, 'GoodTopic' => 0, 'UserPhoto' => '', 'UserMobile' => '', 'UserLastIP' => $CurIP, 'UserRegTime' => $TimeStamp, 'LastLoginTime' => $TimeStamp, 'LastPostTime' => $TimeStamp, 'BlackLists' => '', 'UserFriend' => '', 'UserInfo' => '', 'UserIntro' => '', 'UserIM' => '', 'UserRoleID' => 1, 'UserAccountStatus' => 1, 'Birthday' => date("Y-m-d", $TimeStamp));
$DB->query('INSERT INTO `' . $Prefix . 'users`(`ID`, `UserName`, `Salt`, `Password`, `UserMail`, `UserHomepage`, `PasswordQuestion`, `PasswordAnswer`, `UserSex`, `NumFavUsers`, `NumFavTags`, `NumFavTopics`, `NewMessage`, `Topics`, `Replies`, `Followers`, `DelTopic`, `GoodTopic`, `UserPhoto`, `UserMobile`, `UserLastIP`, `UserRegTime`, `LastLoginTime`, `LastPostTime`, `BlackLists`, `UserFriend`, `UserInfo`, `UserIntro`, `UserIM`, `UserRoleID`, `UserAccountStatus`, `Birthday`) VALUES (:ID, :UserName, :Salt, :Password, :UserMail, :UserHomepage, :PasswordQuestion, :PasswordAnswer, :UserSex, :NumFavUsers, :NumFavTags, :NumFavTopics, :NewMessage, :Topics, :Replies, :Followers, :DelTopic, :GoodTopic, :UserPhoto, :UserMobile, :UserLastIP, :UserRegTime, :LastLoginTime, :LastPostTime, :BlackLists, :UserFriend, :UserInfo, :UserIntro, :UserIM, :UserRoleID, :UserAccountStatus, :Birthday)', $NewUserData);
$CurUserID = $DB->lastInsertId();
//更新全站统计数据
$NewConfig = array("NumUsers" => $Config["NumUsers"] + 1, "DaysUsers" => $Config["DaysUsers"] + 1);
UpdateConfig($NewConfig);
$TemporaryUserExpirationTime = 30 * 86400 + $TimeStamp;
//默认保持30天登陆状态
SetCookies(array('UserID' => $CurUserID, 'UserExpirationTime' => $TemporaryUserExpirationTime, 'UserCode' => md5($NewUserPassword . $NewUserSalt . $TemporaryUserExpirationTime . $SALT)), 30);
$UploadAvatar = new ImageResize('PostField', 'Avatar');
$LUploadResult = $UploadAvatar->Resize(256, 'upload/avatar/large/' . $CurUserID . '.png', 80);
$MUploadResult = $UploadAvatar->Resize(48, 'upload/avatar/middle/' . $CurUserID . '.png', 90);
$SUploadResult = $UploadAvatar->Resize(24, 'upload/avatar/small/' . $CurUserID . '.png', 90);
if ($LUploadResult && $MUploadResult && $SUploadResult) {
$UploadAvatarMessage = $Lang['Avatar_Upload_Success'];
} else {
$UploadAvatarMessage = $Lang['Avatar_Upload_Failure'];
}
} else {
$UploadAvatarMessage = $Lang['Avatar_Is_Oversize'];
}
break;
case 'UpdateUserInfo':
$CurUserInfo['UserSex'] = intval(Request('POST', 'UserSex', 0));
$CurUserInfo['UserMail'] = IsEmail(Request('POST', 'UserMail', $CurUserInfo['UserMail'])) ? Request('POST', 'UserMail', $CurUserInfo['UserMail']) : $CurUserInfo['UserMail'];
$CurUserInfo['UserHomepage'] = CharCV(Request('POST', 'UserHomepage', $CurUserInfo['UserHomepage']));
$CurUserInfo['UserIntro'] = CharCV(Request('POST', 'UserIntro', $CurUserInfo['UserIntro']));
$UpdateUserInfoResult = UpdateUserInfo(array('UserSex' => $CurUserInfo['UserSex'], 'UserMail' => $CurUserInfo['UserMail'], 'UserHomepage' => $CurUserInfo['UserHomepage'], 'UserIntro' => $CurUserInfo['UserIntro']));
if ($UpdateUserInfoResult) {
$UpdateUserInfoMessage = $Lang['Profile_Modified_Successfully'];
} else {
$UpdateUserInfoMessage = $Lang['Profile_Do_Not_Modify'];
}
break;
case 'ChangePassword':
$OriginalPassword = Request('Post', 'OriginalPassword');
$NewPassword = Request('Post', 'NewPassword');
$NewPassword2 = Request('Post', 'NewPassword2');
if (($OriginalPassword || $DoNotNeedOriginalPassword) && $NewPassword && $NewPassword2) {
if ($NewPassword == $NewPassword2) {
/* ************************************ */
echo '<h1>' . $osmw_index_9 . '</h1>';
echo '<div class="clearfix"></div>';
/* CONFIGURATION */
$form_action = 'index.php?a=9';
$message_envoye = "<i class='glyphicon glyphicon-ok'></i> Message envoye avec succes ...";
$message_non_envoye = "<i class='glyphicon glyphicon-remove'></i> Echec d'envoi du message, veuillez reessayer ...";
$message_formulaire_invalide = "<i class='glyphicon glyphicon-remove'></i> Erreur dans le formulaire, veuillez reessayer ...";
$err_formulaire = false;
$nom = isset($_POST['nom']) ? Rec($_POST['nom']) : '';
$email = isset($_POST['email']) ? Rec($_POST['email']) : '';
$objet = isset($_POST['objet']) ? Rec($_POST['objet']) : '';
$message = isset($_POST['message']) ? Rec($_POST['message']) : '';
if (isset($_POST['envoi'])) {
$email = IsEmail($email) ? $email : '';
$err_formulaire = IsEmail($email) ? false : true;
if ($nom != '' && $email != '' && $objet != '' && $message != '') {
$headers = 'From: ' . $nom . ' <' . $email . '>' . "\r\n";
// Envoyer une copie au visiteur ?
if ($_POST['sendcopy'] == true) {
$cible = INI_Conf(0, "destinataire") . ', ' . $email;
} else {
$cible = INI_Conf(0, "destinataire");
}
// Remplacement de caracteres speciaux
$message = html_entity_decode($message);
$message = str_replace(''', "'", $message);
$message = str_replace('’', "'", $message);
$message = str_replace('<br>', '', $message);
$message = str_replace('<br />', '', $message);
// Envoi du mail
$UserName = strtolower(Request('Post', 'UserName'));
$Email = strtolower(Request('Post', 'Email'));
$Password = Request('Post', 'Password');
$VerifyCode = intval(Request('Post', 'VerifyCode'));
do {
if (!($UserName && $Email && $Password && $VerifyCode)) {
$Error = $Lang['Forms_Can_Not_Be_Empty'];
$ErrorCode = 104001;
break;
}
if (!IsName($UserName)) {
$Error = $Lang['UserName_Error'];
$ErrorCode = 104002;
break;
}
if (!IsEmail($Email)) {
$Error = $Lang['Email_Error'];
$ErrorCode = 104003;
break;
}
session_start();
$TempVerificationCode = "";
if (isset($_SESSION[$Prefix . 'VerificationCode'])) {
$TempVerificationCode = intval($_SESSION[$Prefix . 'VerificationCode']);
unset($_SESSION[$Prefix . 'VerificationCode']);
} else {
$Error = $Lang['VerificationCode_Error'];
$ErrorCode = 104004;
break;
}
session_write_close();
public function save()
{
$aid = ForceIntFrom('aid');
$type = ForceIntFrom('type');
$activated = ForceIntFrom('activated');
$username = ForceStringFrom('username');
$password = ForceStringFrom('password');
$passwordconfirm = ForceStringFrom('passwordconfirm');
$email = ForceStringFrom('email');
$fullname = ForceStringFrom('fullname');
$fullname_en = ForceStringFrom('fullname_en');
$post = ForceStringFrom('post');
$post_en = ForceStringFrom('post_en');
$deleteuser = ForceIntFrom('deleteuser');
if ($deleteuser and $aid != $this->admin['aid']) {
$this->DeleteUser($aid);
Success('users');
//如果删除客服, 直接跳转
}
if (!$username) {
$errors[] = '请输入用户名!';
} elseif (!IsName($username)) {
$errors[] = '用户名存在非法字符!';
} elseif (APP::$DB->getOne("SELECT aid FROM " . TABLE_PREFIX . "admin WHERE username = '******' AND aid != '{$aid}'")) {
$errors[] = '用户名已存在!';
}
if ($aid) {
if (strlen($password) or strlen($passwordconfirm)) {
if (strcmp($password, $passwordconfirm)) {
$errors[] = '两次输入的密码不相同!';
}
}
} else {
if (!$password) {
$errors[] = '请输入密码!';
} elseif ($password != $passwordconfirm) {
$errors[] = '两次输入的密码不相同!';
}
}
if (!$email) {
$errors[] = '请输入Email地址!';
} elseif (!IsEmail($email)) {
$errors[] = 'Email地址不规范!';
} elseif (APP::$DB->getOne("SELECT aid FROM " . TABLE_PREFIX . "admin WHERE email = '{$email}' AND aid != '{$aid}'")) {
$errors[] = 'Email地址已占用!';
}
if (!$fullname) {
$errors[] = '请输入中文昵称!';
}
if (!$fullname_en) {
$errors[] = '请输入英文昵称!';
}
if (!$post) {
$errors[] = '请输入中文职位!';
}
if (!$post_en) {
$errors[] = '请输入英文职位!';
}
if (isset($errors)) {
Error($errors, Iif($aid, '编辑客服错误', '添加客服错误'));
} else {
if ($aid) {
APP::$DB->exe("UPDATE " . TABLE_PREFIX . "admin SET username = '******',\n\t\t\t\t" . Iif($aid != $this->admin['aid'], "type = '{$type}', activated = '{$activated}',") . "\n\t\t\t\t" . Iif($password, "password = '******',") . "\n\t\t\t\temail = '{$email}',\n\t\t\t\tfullname = '{$fullname}',\n\t\t\t\tfullname_en = '{$fullname_en}',\n\t\t\t\tpost = '{$post}',\n\t\t\t\tpost_en = '{$post_en}'\t\t\t\t\t\t\t\t\t\t \n\t\t\t\tWHERE aid = '{$aid}'");
} else {
APP::$DB->exe("INSERT INTO " . TABLE_PREFIX . "admin (type, activated, username, password, email, first, fullname, fullname_en, post, post_en) VALUES ('{$type}', 1, '{$username}', '" . md5($password) . "', '{$email}', '" . time() . "', '{$fullname}', '{$fullname_en}', '{$post}', '{$post_en}')");
}
Success('users');
}
}