function op_updateuser() { $msg = ''; $reg_type = !empty($_POST['reg_type']) ? $_POST['reg_type'] : ''; $_POST['sex'] = isset($_POST['sex']) ? $_POST['sex'] : 0; $pattern2 = "/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/"; if ($reg_type == 'email') { if (empty($_POST['email']) || !preg_match($pattern2, $_POST['email'])) { $msg = array('s' => 400, 'm' => lang('insertemail'), 'd' => ''); exit(json_output($msg)); } } if (!empty($_POST['password']) && strlen($_POST['password']) < 6) { $msg = array('s' => 400, 'm' => lang('pwdrule'), 'd' => ''); exit(json_output($msg)); } $_POST['nickname'] = trim($_POST['nickname']); $nickname_len = mb_strlen($_POST['nickname'], "UTF-8"); if (empty($_POST['nickname']) || $nickname_len < 2 || $nickname_len > 16) { $msg = array('s' => 400, 'm' => lang('nicknamerule'), 'd' => ''); exit(json_output($msg)); } $_POST['sex'] = intval($_POST['sex']); if (empty($_POST['sex'])) { $msg = array('s' => 400, 'm' => lang('sexrule'), 'd' => ''); exit(json_output($msg)); } $user = $_POST['user']; $user_id = $_POST['user_id']; include_once "PassportModel.class.php"; $passmod = new PassportModel(); $updates['user_email'] = $_POST['email']; if ($_POST['password'] != '') { $updates['user_password'] = PassportModel::encryptpwd($_POST['password'], $user); } $updates['user_nickname'] = htmlspecialchars($_POST['nickname']); $updates['user_sex'] = $_POST['sex']; // 1. update db user $row = $passmod->updateUser($updates, $user_id, $user); if ($row !== false) { $msg = array('s' => 200, 'm' => lang('success'), 'd' => ''); exit(json_output($msg)); } else { $msg = array('s' => 400, 'm' => lang('failed'), 'd' => ''); exit(json_output($msg)); } }
function view_autologin() { $encrypted_data = ''; if (!empty($_GET['ticket']) && !preg_match("/[^0123456789abcdef]/i", $_GET['ticket'])) { $encrypted_data = pack("H*", $_GET['ticket']); $from = 'client'; } else { if (isset($_COOKIE['Xppass_IC_CARD']) && !empty($_COOKIE['Xppass_IC_CARD']) && !preg_match("/[^0123456789abcdef]/i", $_COOKIE['Xppass_IC_CARD'])) { $encrypted_data = pack("H*", $_COOKIE['Xppass_IC_CARD']); $from = 'user'; } } if (!empty($encrypted_data)) { $key = 'Powered by Xppass!'; $td = mcrypt_module_open('des', '', 'ecb', ''); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); $key = substr($key, 0, mcrypt_enc_get_key_size($td)); /* Initialize encryption module for decryption */ mcrypt_generic_init($td, $key, $iv); $decrypted_data = mdecrypt_generic($td, $encrypted_data); mcrypt_generic_deinit($td); mcrypt_module_close($td); //echo "text: ".trim($decrypted_data); if (!empty($decrypted_data) && preg_match("/.*?\\|.{32}\\|.*?\\|\\d*?/ism", $decrypted_data)) { list($user, $pwd_md5, $nickname, $time) = explode("|", $decrypted_data); if ($time >= time() - 5 && $from == 'client' || $from == 'user') { include_once "PassportModel.class.php"; $passmod = new PassportModel(); $userindex = $passmod->getUser($user); if ($userindex !== false) { $user_info = $passmod->getUserById($userindex['user_id'], $user); if ($user_info['user_password'] == $pwd_md5) { if ($user_info['user_state'] == 1) { $updates['user_lastlogin_time'] = time(); $updates['user_lastlogin_ip'] = getip(); $passmod->updateUser($updates, $userindex['user_id'], $user); //login $user_info['autologin'] = 0; $this->save_online_user($user_info); //log //curl_get_content($GLOBALS ['gSiteInfo'] ['stats_site_url']."/loginlog.php?user="******"&userid=".$user ['user_id']); if (!empty($forward)) { header("location: " . $forward); } else { header("location: " . $GLOBALS['gSiteInfo']['www_site_url'] . "/index.php"); die; } } else { $msg = lang('userforbidden'); } } else { $msg = lang('pwdwrong'); } } else { $msg = lang('usernotexist'); } } else { $msg = lang('invalidurl'); } } else { $msg = lang('illegalsignon'); } } else { $msg = lang('illegalsignon'); } show_message($msg); goback(); }