public function validUserAuth($id, $phone) { global $db, $config; $query = "SELECT phone \n\t\tFROM `{$config['db'][0]['dbname']}`.`{$config['default_prefix']}user_profile`\n\t\tWHERE \n\t\t\t`prefixid` = '{$config['default_prefix_id']}' \n\t\t\tAND `userid` = '{$id}'\n\t\t\tAND `phone` = '{$phone}'\n\t\t\tAND `switch` = 'Y'\n\t\t"; $table = $db->getQueryRecord($query); if (empty($table['table']['record'])) { return false; } else { $query = "SELECT * \n\t\t\tFROM `{$config['db'][0]['dbname']}`.`{$config['default_prefix']}user_sms_auth`\n\t\t\tWHERE \n\t\t\t\t`prefixid` = '{$config['default_prefix_id']}' \n\t\t\t\tAND `userid` = '{$id}'\n\t\t\t\tAND `switch` = 'Y'\n\t\t\t"; $table = $db->getQueryRecord($query); if (!empty($table['table']['record'])) { return $table['table']['record'][0]; } else { //新增SMS check code $shuffle = get_shuffle(); $checkcode = substr($shuffle, 0, 6); $query = "INSERT INTO `{$config['db'][0]['dbname']}`.`{$config['default_prefix']}user_sms_auth` \n\t\t\t\tSET\n\t\t\t\t\t`prefixid`='{$config['default_prefix_id']}',\n\t\t\t\t\t`userid`='{$userid}',\n\t\t\t\t\t`code`='{$checkcode}',\n\t\t\t\t\t`verified`='N',\n\t\t\t\t\t`insertt`=NOW()\n\t\t\t\t"; $db->query($query); return false; } } }
public function mk_user() { global $db, $config; //自動產生密碼 $shuffle = get_shuffle(); $pwcode = substr($shuffle, 0, 6); $reg_type = $_POST['type']; if ($reg_type == 'flash') { $passwd = $this->str->strEncode($pwcode, $config['encode_key']); } else { $passwd = $this->str->strEncode($_POST['passwd'], $config['encode_key']); } $exchangepasswd = $this->str->strEncode(substr($_POST['phone'], -6), $config['encode_key']); $query = "\r\n\t\tINSERT INTO `{$config['db'][0]['dbname']}`.`{$config['default_prefix']}user`\r\n\t\tSET\r\n\t\t\t`prefixid`='{$config['default_prefix_id']}',\r\n\t\t\t`name`='{$_POST['phone']}',\r\n\t\t\t`passwd`='{$passwd}',\r\n\t\t\t`exchangepasswd`='{$exchangepasswd}',\r\n\t\t\t`email`='',\r\n\t\t\t`insertt`=NOW()\r\n\t\t"; $db->query($query); $userid = $db->_con->insert_id; /* $query = " INSERT INTO `{$config['db'][0]['dbname']}`.`{$config['default_prefix']}user_profile` SET `prefixid`='{$config['default_prefix_id']}', `userid`='{$userid}', `nickname`='{$_POST['nickname']}', `gender`='{$_POST['gender']}', `cityid`='', `area`='', `address`='', `addressee`='', `phone`='{$_POST['phone']}', `insertt`=NOW() "; */ $countryid = $config['country']; $regionid = $config['region']; $provinceid = $config['province']; $channelid = $config['channel']; if ($reg_type == 'flash') { $query = "\r\n\t\t\tselect ch.channelid, ch.provinceid, pr.regionid, ch.countryid \r\n\t\t\tfrom `{$config['db'][2]['dbname']}`.`{$config['default_prefix']}channel` ch \r\n\t\t\tleft join `{$config['db'][2]['dbname']}`.`{$config['default_prefix']}province` pr on\r\n\t\t\t\tpr.prefixid = ch.prefixid \r\n\t\t\t\tand pr.provinceid = ch.provinceid\r\n\t\t\t\tand pr.switch = 'Y'\r\n\t\t\twhere \r\n\t\t\t\tch.prefixid = '{$config['default_prefix_id']}' \r\n\t\t\t\tand ch.channelid = '{$_POST['channelid']}'\r\n\t\t\t\tand ch.switch = 'Y'\r\n\t\t\t"; $table = $db->getQueryRecord($query); } if (!empty($table['table']['record'][0]['countryid'])) { //$countryid = $_POST['countryid']; $countryid = $table['table']['record'][0]['countryid']; } if (!empty($table['table']['record'][0]['regionid'])) { //$regionid = $_POST['regionid']; $regionid = $table['table']['record'][0]['regionid']; } if (!empty($table['table']['record'][0]['provinceid'])) { //$provinceid = $_POST['provinceid']; $provinceid = $table['table']['record'][0]['provinceid']; } if (!empty($table['table']['record'][0]['channelid'])) { //$channelid = $_POST['channelid']; $channelid = $table['table']['record'][0]['channelid']; } // 記錄連線來源 // 抓來源IP if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $temp_ip = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']); $ip = $temp_ip[0]; } else { $ip = $_SERVER['REMOTE_ADDR']; } // 抓User Agent $user_agent = 'BROWSER'; $memo = $_SERVER['HTTP_USER_AGENT']; if (strpos($memo, 'MicroMessenger') > 0) { $user_agent = 'WEIXIN'; } $productid = $_POST['productid']; $src_from = 'SAJA'; $intro_by = ''; $act = 'REG'; $goto = ''; if ($reg_type == 'flash') { if (empty($_POST['nickname'])) { $_POST['nickname'] = '_guest_' . $userid; } if (empty($_POST['gender'])) { $_POST['gender'] = 'male'; } $src_from = 'FLASH'; } else { if ($reg_type == 'sso') { $src_from = strtoupper($_POST['sso_name']); } } $query = "\r\n\t\tINSERT INTO `{$config['db'][0]['dbname']}`.`{$config['default_prefix']}user_profile`\r\n\t\tSET\r\n\t\t\t`prefixid`='{$config['default_prefix_id']}',\r\n\t\t\t`userid`='{$userid}',\r\n\t\t\t`nickname`='{$_POST['nickname']}',\r\n\t\t\t`gender`='{$_POST['gender']}',\r\n\t\t\t`countryid`='{$countryid}',\r\n\t\t\t`regionid`='{$regionid}',\r\n\t\t\t`provinceid`='{$provinceid}',\r\n\t\t\t`channelid`='{$channelid}',\r\n\t\t\t`thumbnail_url`='{$_POST['thumbnail_url']}',\r\n\t\t\t`area`='',\r\n\t\t\t`address`='',\r\n\t\t\t`addressee`='',\r\n\t\t\t`phone`='{$_POST['phone']}',\r\n\t\t\t`src_from` = '{$src_from}|{$productid}',\r\n\t\t\t`insertt`=NOW()\r\n\t\t"; $db->query($query); //新增SMS check code $shuffle = get_shuffle(); $checkcode = substr($shuffle, 0, 6); $query = "INSERT INTO `{$config['db'][0]['dbname']}`.`{$config['default_prefix']}user_sms_auth` \r\n\t\tSET\r\n\t\t\t`prefixid`='{$config['default_prefix_id']}',\r\n\t\t\t`userid`='{$userid}',\r\n\t\t\t`code`='{$checkcode}',\r\n\t\t\t`verified`='N',\r\n\t\t\t`insertt`=NOW()\r\n\t\t"; $db->query($query); if ($reg_type == 'flash') { //閃殺活動 $this->spoint_by_flash($userid); $user_phone_0 = substr($_POST['phone'], 0, 1); $user_phone_1 = substr($_POST['phone'], 1, 1); if ($user_phone_0 == '0' && $user_phone_1 == '9') { $area = 1; } else { if ($user_phone_0 == '1') { $area = 2; } else { //'手机号码只提供台灣及大陸驗證' $r['err'] = 5; } } //傳簡訊 if ($area == 1) { $this->mk_sms($userid, $_POST['phone'], $pwcode, $area); } } if (!empty($_POST['user_src'])) { /*拉人進來的會員送S碼 $scodeModel = new ScodeModel; $scodeModel->register_scode($userid, $_POST['user_src']); */ // 拉人進來的會員 $this->str = new convertString(); $user_src = $this->str->decryptAES128($config['encode_key'], base64_decode($_POST['user_src'])); $arr = explode("&&", $user_src); if (is_array($arr)) { $intro_by = $arr[0]; } if (!empty($_POST['sso_uid']) && !empty($_POST['productid'])) { $insert = "insert into saja_user.saja_passphrase set openid='{$_POST['sso_uid']}', \r\n\t\t\t\tuserid='{$userid}', \r\n\t\t\t\tuser_src='{$_POST['user_src']}', \r\n\t\t\t productid='{$_POST['productid']}', \r\n\t\t\t\tswitch='N', insertt=NOW(), modifyt=NOW() "; error_log("[ajax/user_register] passphrase :" . $insert); $db->query($insert); $intro_by = $_POST['user_src']; } } /* if($reg_type=='sso') { //建立会员SSO账号 $this->mk_sso($userid); } */ if (!empty($_POST['sso_uid']) && !empty($userid)) { //建立会员SSO账号 $this->mk_sso($userid); } //註冊送限定S碼活動 $this->give_oscode_by_promote($userid); // 設成已登入 $this->mk_login($userid); // 記錄連線及註冊來源 $this->logAffiliate($ip, $intro_by, $src_from, $productid, $userid, $goto, $memo, $user_agent); error_log("[ajax/user_register] mk_user : {type:" . $reg_type . ",userid:" . $userid . ",user_src:" . $intro_by . ",pwd:" . $_POST['passwd'] . ",expwd:" . substr($_POST['phone'], -6) . "}"); }
public function validUserAuth($id, $db, $config) { //資料庫連結介面 $db->connect(); $query = "select phone from `{$config->db[0]['dbname']}`.`{$config->default_prefix}user_profile` \r\n\t\twhere \r\n\t\t\t`prefixid` = '{$config->default_prefix_id}'\r\n\t\t\tAND `userid` = '{$id}'\r\n\t\t\tand `switch`= 'Y'\r\n\t\t"; //error_log("query: ".$query); $recArr = $db->getQueryRecord($query); if (empty($recArr['table']['record'][0])) { return false; } else { $query = "SELECT * \r\n\t\t\tFROM `{$config->db[0]['dbname']}`.`{$config->default_prefix}user_sms_auth`\r\n\t\t\tWHERE \r\n\t\t\t\t`prefixid` = '{$config->default_prefix_id}' \r\n\t\t\t\tAND `userid` = '{$id}'\r\n\t\t\t\tAND `switch` = 'Y'\r\n\t\t\t"; $table = $db->getQueryRecord($query); if (!empty($table['table']['record'])) { $table['table']['record'][0]['phone'] = $recArr['table']['record'][0]['phone']; return $table['table']['record'][0]; } else { //新增SMS check code $shuffle = get_shuffle(); $checkcode = substr($shuffle, 0, 6); $query = "INSERT INTO `{$config->db[0]['dbname']}`.`{$config->default_prefix}user_sms_auth` \r\n\t\t\t\tSET\r\n\t\t\t\t\t`prefixid` = '{$config->default_prefix_id}',\r\n\t\t\t\t\t`userid` = '{$id}',\r\n\t\t\t\t\t`code` = '{$checkcode}',\r\n\t\t\t\t\t`verified` = 'N',\r\n\t\t\t\t\t`insertt` = NOW()\r\n\t\t\t\t"; $db->query($query); return false; } } }
public function check_sms() { global $db, $config, $usermodel; // 初始化資料庫連結介面 $db = new mysql($config["db"]); $db->connect(); $usermodel = new UserModel(); $ret['status'] = 0; $user_auth = $usermodel->validUserAuth($_SESSION['auth_id'], $_POST['phone']); if (empty($user_auth)) { //'手机号码不正确' $ret['status'] = 2; } elseif (empty($_POST['smscode']) || $_POST['smscode'] !== $user_auth['code']) { //'手机号码不正确' $ret['status'] = 3; } if (empty($ret['status'])) { //修改SMS check code $shuffle = get_shuffle(); $checkcode = substr($shuffle, 0, 6); $query = "UPDATE `{$config['db'][0]['dbname']}`.`{$config['default_prefix']}user_sms_auth` \r\n\t\t\tSET verified='Y', code='{$checkcode}'\r\n\t\t\tWHERE \r\n\t\t\t\t`prefixid` = '{$config['default_prefix_id']}'\r\n\t\t\t\tAND `userid` = '{$_SESSION['auth_id']}'\r\n\t\t\t"; $db->query($query); //檢查是否介紹人(送scode) $query = "select * from `{$config['db'][1]['dbname']}`.`{$config['default_prefix']}scode_history`\r\n\t\t\t\twhere `prefixid` = '{$config['default_prefix_id']}' \r\n\t\t\t\tand memo = '{$_SESSION['auth_id']}'\r\n\t\t\t\tand switch = 'N'"; $table = $db->getQueryRecord($query); if (!empty($table['table']['record'])) { //return $table['table']['record']; $query = "UPDATE `{$config['db'][1]['dbname']}`.`{$config['default_prefix']}scode` \r\n\t\t\t\tSET switch = 'Y', modifyt = NOW() \r\n\t\t\t\tWHERE \r\n\t\t\t\t\t`prefixid` = '{$config['default_prefix_id']}' \r\n\t\t\t\t\tAND `scodeid` = '{$table['table']['record'][0]['scodeid']}' \r\n\t\t\t\t\tand `userid` = '{$table['table']['record'][0]['userid']}'\r\n\t\t\t\t"; $db->query($query); $query = "UPDATE `{$config['db'][0]['dbname']}`.`{$config['default_prefix']}scode_history` \r\n\t\t\t\tSET switch = 'Y', modifyt = NOW() \r\n\t\t\t\tWHERE \r\n\t\t\t\t\t`prefixid` = '{$config['default_prefix_id']}'\r\n\t\t\t\t\tAND `sphid` = '{$table['table']['record'][0]['sphid']}'\r\n\t\t\t\t"; $db->query($query); } //回傳: $ret['status'] = 200; } echo json_encode($ret); }
public function mk_pass($uid, $phone, $code, $type = "password", $area = 1) { global $db, $config, $usermodel; // 初始化資料庫連結介面 $db = new mysql($config["db"]); $db->connect(); $usermodel = new UserModel(); $this->str = new convertString(); if ($area == 1) { //簡訊王 SMS-API error_log("[ajax/user] 1.forgot gen code for " . $uid . " : " . $code); //簡訊王 SMS-API if ($type == "password") { $sMessage = urlencode("New Password : "******" www.shajiawang.com"); } else { if ($type == "nickname") { $sMessage = urlencode("NickName : " . $code . " www.shajiawang.com"); } else { if ($type == "expasswd") { $sMessage = urlencode("New ExchangePassword : "******" www.shajiawang.com"); } } } $msg = "username=saja&password=sj9889&dstaddr={$phone}&smbody=" . $sMessage; $to_url = "http://202.39.48.216/kotsmsapi-1.php?" . $msg; if (!($getfile = file($to_url))) { //('ERROR: SMS-API 无法连接 !', $this->config->default_main ."/user/register"); return false; } else { $term_tmp = implode('', $getfile); $check_kmsgid = explode('=', $term_tmp); $kmsgid = (int) $check_kmsgid[1]; error_log("[ajax/user] kmsgid : " . $kmsgid); if ($kmsgid < 0) { //('手机号码错误!!', $this->config->default_main ."/user/register"); return false; } } } else { if ($area == 2) { //中國短信網 $url = 'http://smsapi.c123.cn/OpenPlatform/OpenApi'; error_log("[ajax/user]2.forgot gen code for " . $uid . " : " . $code); if ($type == "password") { $sMessage = urlencode("新密码为:" . $code . " www.shajiawang.com(重置密码服务,请您尽快修改)"); } else { if ($type == "nickname") { $sMessage = urlencode("您的昵称为:" . $code . " www.shajiawang.com(昵称找回服务,请您妥善保管)"); } else { if ($type == "expasswd") { $sMessage = urlencode("新的兑换密码为:" . $code . " www.shajiawang.com(重置兑换密码服务,请您尽快修改)"); } } } $data = array('action' => 'sendOnce', 'ac' => '1001@501091960001', 'authkey' => 'F99AD9CBBB17B21DEA3494115E228D30', 'cgid' => '184', 'm' => $phone, 'c' => urldecode($sMessage), 'csid' => '', 't' => ''); $xml = $this->postSMS($url, $data); error_log("[ajax/user] mk_pass : "******"[ajax/user] result : " . $re['result']); if (trim($re['result']) != 1) { return false; } } } if ($type == "password") { $pwd = $this->str->strEncode($code, $config['encode_key']); $query = "UPDATE `{$config['db'][0]['dbname']}`.`{$config['default_prefix']}user` \r\n\t\t\tSET passwd='{$pwd}'\r\n\t\t\tWHERE \r\n\t\t\t\t`prefixid` = '{$config['default_prefix_id']}'\r\n\t\t\t\tAND `userid` = '{$uid}'\r\n\t\t\t"; //error_log("query: ".$query); $db->query($query); //修改SMS check code $shuffle = get_shuffle(); $checkcode = substr($shuffle, 0, 6); $query = "UPDATE `{$config['db'][0]['dbname']}`.`{$config['default_prefix']}user_sms_auth` \r\n\t\t\tSET verified='Y', code='{$checkcode}'\r\n\t\t\tWHERE \r\n\t\t\t\t`prefixid` = '{$config['default_prefix_id']}'\r\n\t\t\t\tAND `userid` = '{$uid}'\r\n\t\t\t"; $db->query($query); } else { if ($type == "nickname") { } else { if ($type == "expasswd") { $expw = $this->str->strEncode($code, $config['encode_key']); $query = "UPDATE `{$config['db'][0]['dbname']}`.`{$config['default_prefix']}user` \r\n\t\t\tSET exchangepasswd='{$expw}'\r\n\t\t\tWHERE \r\n\t\t\t\t`prefixid` = '{$config['default_prefix_id']}'\r\n\t\t\t\tAND `userid` = '{$uid}'\r\n\t\t\t"; $db->query($query); //修改SMS check code $shuffle = get_shuffle(); $checkcode = substr($shuffle, 0, 6); $query = "UPDATE `{$config['db'][0]['dbname']}`.`{$config['default_prefix']}user_sms_auth` \r\n\t\t\tSET verified='Y', code='{$checkcode}'\r\n\t\t\tWHERE \r\n\t\t\t\t`prefixid` = '{$config['default_prefix_id']}'\r\n\t\t\t\tAND `userid` = '{$uid}'\r\n\t\t\t"; $db->query($query); } } } return true; }
$amp = "&"; } if (!empty($type)) { $gotourl .= $amp . "type=" . $type; $amp = "&"; } if (isset($_SESSION['sso']['nickname'])) { $nickname = $_SESSION['sso']['nickname']; } $gender = "male"; if ($_SESSION['sso']['sex'] == 2) { $gender = "female"; } else { $gender = "male"; } $pwd = get_shuffle(); error_log("[v/sso_register]" . $openid . "==>default pwd:" . $pwd); error_log("[v/sso_register]jdata=" . $jdata); error_log("[v/sso_register]gotourl=" . $gotourl); error_log("[v/sso_register]user_src=" . $user_src); error_log("[v/sso_register]type=" . $type); error_log("[v/sso_register]productid=" . $productid); if (empty($openid)) { // 非微信認證註冊 ?> <div class="article"> <ul data-role="listview" data-inset="true" data-icon="false"> <li> <label><?php echo $nickname;