function register($add) { global $empire, $dbtbpre, $public_r, $ecms_config; //关闭注册 if ($public_r['register_ok']) { printerror('CloseRegister', '', 1); } //验证时间段允许操作 eCheckTimeCloseDo('reg'); //验证IP eCheckAccessDoIp('register'); if (!empty($ecms_config['member']['registerurl'])) { Header("Location:" . $ecms_config['member']['registerurl']); exit; } //已经登陆不能注册 if (getcvar('mluserid')) { printerror('LoginToRegister', '', 1); } CheckCanPostUrl(); //验证来源 $username = trim($add['username']); $password = trim($add['password']); $username = RepPostVar($username); $password = RepPostVar($password); $email = RepPostStr($add['email']); if (!$username || !$password || !$email) { printerror("EmptyMember", "history.go(-1)", 1); } $tobind = (int) $add['tobind']; //验证码 $keyvname = 'checkregkey'; if ($public_r['regkey_ok']) { ecmsCheckShowKey($keyvname, $add['key'], 1); } $user_groupid = eReturnMemberDefGroupid(); $groupid = (int) $add['groupid']; $groupid = empty($groupid) ? $user_groupid : $groupid; CheckMemberGroupCanReg($groupid); //IP $regip = egetip(); $regipport = egetipport(); //用户字数 $pr = $empire->fetch1("select min_userlen,max_userlen,min_passlen,max_passlen,regretime,regclosewords,regemailonly from {$dbtbpre}enewspublic limit 1"); $userlen = strlen($username); if ($userlen < $pr[min_userlen] || $userlen > $pr[max_userlen]) { printerror('FaiUserlen', '', 1); } //密码字数 $passlen = strlen($password); if ($passlen < $pr[min_passlen] || $passlen > $pr[max_passlen]) { printerror('FailPasslen', '', 1); } if ($add['repassword'] !== $password) { printerror('NotRepassword', '', 1); } if (!chemail($email)) { printerror('EmailFail', '', 1); } if (strstr($username, '|') || strstr($username, '*')) { printerror('NotSpeWord', '', 1); } //同一IP注册 eCheckIpRegTime($regip, $pr['regretime']); //保留用户 toCheckCloseWord($username, $pr['regclosewords'], 'RegHaveCloseword'); $username = RepPostStr($username); //重复用户 $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1"); if ($num) { printerror('ReUsername', '', 1); } //重复邮箱 if ($pr['regemailonly']) { $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' limit 1"); if ($num) { printerror('ReEmailFail', '', 1); } } //注册时间 $lasttime = time(); $registertime = eReturnAddMemberRegtime(); $rnd = make_password(20); //产生随机密码 $userkey = eReturnMemberUserKey(); //密码 $truepassword = $password; $salt = eReturnMemberSalt(); $password = eDoMemberPw($password, $salt); //审核 $checked = ReturnGroupChecked($groupid); if ($checked && $public_r['regacttype'] == 1) { $checked = 0; } //验证附加表必填项 $mr['add_filepass'] = ReturnTranFilepass(); $fid = GetMemberFormId($groupid); $member_r = ReturnDoMemberF($fid, $add, $mr, 0, $username); $sql = $empire->query("insert into " . eReturnMemberTable() . "(" . eReturnInsertMemberF('username,password,rnd,email,registertime,groupid,userfen,userdate,money,zgroupid,havemsg,checked,salt,userkey') . ") values('{$username}','{$password}','{$rnd}','{$email}','{$registertime}','{$groupid}','{$public_r['reggetfen']}','0','0','0','0','{$checked}','{$salt}','{$userkey}');"); //取得userid $userid = $empire->lastid(); //附加表 $addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'"); if (!$addr[userid]) { $spacestyleid = ReturnGroupSpaceStyleid($groupid); $sql1 = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,spacestyleid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$spacestyleid}','{$regip}','{$lasttime}','{$regip}','1','{$regipport}','{$regipport}'" . $member_r[1] . ");"); } //更新附件 UpdateTheFileOther(6, $userid, $mr['add_filepass'], 'member'); ecmsEmptyShowKey($keyvname); //清空验证码 //绑定帐号 if ($tobind) { MemberConnect_BindUser($userid); } if ($sql) { //邮箱激活 if ($checked == 0 && $public_r['regacttype'] == 1) { include 'class/member_actfun.php'; SendActUserEmail($userid, $username, $email); } //审核 if ($checked == 0) { $location = DoingReturnUrl("../../", $_POST['ecmsfrom']); printerror("RegisterSuccessCheck", $location, 1); } $logincookie = 0; if ($ecms_config['member']['regcookietime']) { $logincookie = time() + $ecms_config['member']['regcookietime']; } $r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1"); $set1 = esetcookie("mlusername", $username, $logincookie); $set2 = esetcookie("mluserid", $userid, $logincookie); $set3 = esetcookie("mlgroupid", $groupid, $logincookie); $set4 = esetcookie("mlrnd", $rnd, $logincookie); //验证符 qGetLoginAuthstr($userid, $username, $rnd, $groupid, $logincookie); //登录附加cookie AddLoginCookie($r); $location = "../member/cp/"; $returnurl = getcvar('returnurl'); if ($returnurl && !strstr($returnurl, "e/member/iframe") && !strstr($returnurl, "e/member/register") && !strstr($returnurl, "enews=exit")) { $location = $returnurl; } $set5 = esetcookie("returnurl", ""); //易通行系统 DoEpassport('reg', $userid, $username, $truepassword, $salt, $email, $groupid, $registertime); $location = DoingReturnUrl($location, $_POST['ecmsfrom']); printerror("RegisterSuccess", $location, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
function AddFeedback($add) { global $empire, $dbtbpre, $level_r, $public_r; CheckCanPostUrl(); //验证来源 if ($add['bid']) { $bid = (int) $add['bid']; } else { $bid = (int) getcvar('feedbackbid'); } if (empty($bid)) { printerror("EmptyFeedbackname", "history.go(-1)", 1); } //验证码 $keyvname = 'checkfeedbackkey'; if ($public_r['fbkey_ok']) { ecmsCheckShowKey($keyvname, $add['key'], 1); } //版面是否存在 $br = $empire->fetch1("select bid,enter,mustenter,filef,groupid,checkboxf from {$dbtbpre}enewsfeedbackclass where bid='{$bid}';"); if (empty($br['bid'])) { printerror("EmptyFeedback", "history.go(-1)", 1); } //权限 if ($br['groupid']) { $user = islogin(); if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) { printerror("HaveNotEnLevel", "history.go(-1)", 1); } } $pr = $empire->fetch1("select feedbacktfile,feedbackfilesize,feedbackfiletype from {$dbtbpre}enewspublic limit 1"); //必填项 $mustr = explode(",", $br['mustenter']); $count = count($mustr); for ($i = 1; $i < $count - 1; $i++) { $mf = $mustr[$i]; if (strstr($br['filef'], "," . $mf . ",")) { if (!$pr['feedbacktfile']) { printerror("NotOpenFBFile", "", 1); } if (!$_FILES[$mf]['name']) { printerror("EmptyFeedbackname", "", 1); } } else { $chmustval = ReturnFBCheckboxAddF($add[$mf], $mf, $br['checkboxf']); if (!trim($chmustval)) { printerror("EmptyFeedbackname", "", 1); } } } $saytime = date("Y-m-d H:i:s"); //字段处理 $dh = ""; $tranf = ""; $record = "<!--record-->"; $field = "<!--field--->"; $er = explode($record, $br['enter']); $count = count($er); for ($i = 0; $i < $count - 1; $i++) { $er1 = explode($field, $er[$i]); $f = $er1[1]; //附件 $add[$f] = str_replace('[!#@-', 'ecms', $add[$f]); if (strstr($br['filef'], "," . $f . ",")) { if ($_FILES[$f]['name']) { if (!$pr['feedbacktfile']) { printerror("NotOpenFBFile", "", 1); } $filetype = GetFiletype($_FILES[$f]['name']); //取得文件类型 if (CheckSaveTranFiletype($filetype)) { printerror("NotQTranFiletype", "", 1); } if (!strstr($pr['feedbackfiletype'], "|" . $filetype . "|")) { printerror("NotQTranFiletype", "", 1); } if ($_FILES[$f]['size'] > $pr['feedbackfilesize'] * 1024) { printerror("TooBigQTranFile", "", 1); } $tranf .= $dh . $f; $dh = ","; $fval = "[!#@-" . $f . "-@!]"; } else { $fval = ""; } } else { $add[$f] = ReturnFBCheckboxAddF($add[$f], $f, $br['checkboxf']); $fval = $add[$f]; } $addf .= ",`" . $f . "`"; $addval .= ",'" . addslashes(RepPostStr($fval)) . "'"; } $type = 0; $classid = 0; $filename = ''; $filepath = ''; $userid = (int) getcvar('mluserid'); $username = RepPostVar(getcvar('mlusername')); $filepass = ReturnTranFilepass(); //上传附件 if ($tranf) { $dh = ""; $tranr = explode(",", $tranf); $count = count($tranr); for ($i = 0; $i < $count; $i++) { $tf = $tranr[$i]; $tfr = DoTranFile($_FILES[$tf]['tmp_name'], $_FILES[$tf]['name'], $_FILES[$tf]['type'], $_FILES[$tf]['size'], $classid); if ($tfr['tran']) { $filepath = $tfr[filepath]; //写入数据库 $filetime = $saytime; $filesize = (int) $_FILES[$tf]['size']; eInsertFileTable($tfr[filename], $filesize, $tfr[filepath], '[Member]' . $username, $classid, '[FB]' . addslashes(RepPostStr($add[title])), $type, $filepass, $filepass, $public_r[fpath], 0, 4, 0); $repfval = ($tfr[filepath] ? $tfr[filepath] . '/' : '') . $tfr[filename]; $filename .= $dh . $tfr[filename]; $dh = ","; } else { $repfval = ""; } $addval = str_replace("[!#@-" . $tf . "-@!]", $repfval, $addval); } } $ip = egetip(); $eipport = egetipport(); $sql = $empire->query("insert into {$dbtbpre}enewsfeedback(bid,saytime,ip,filepath,filename,userid,username,haveread,eipport" . $addf . ") values('{$bid}','{$saytime}','{$ip}','{$filepath}','{$filename}','{$userid}','{$username}',0,'{$eipport}'" . $addval . ");"); $fid = $empire->lastid(); //更新附件 UpdateTheFileOther(4, $fid, $filepass, 'other'); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { $reurl = DoingReturnUrl("../tool/feedback/?bid={$bid}", $add['ecmsfrom']); printerror("AddFeedbackSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
$enews = ehtmlspecialchars($_GET['enews']); $postword = '增加碎片'; $noteditword = '<font color="#666666">(设置后不可修改)</font>'; $disabled = ''; $sptypehidden = ''; $r[maxnum] = 0; $url = "<a href=ListSp.php" . $ecms_hashur['whehref'] . ">管理碎片</a> > 增加碎片"; $fcid = (int) $_GET['fcid']; $fclassid = (int) $_GET['fclassid']; $fsptype = (int) $_GET['fsptype']; $r['spfile'] = 'html/sp/' . time() . '.html'; $spid = (int) $_GET['spid']; if ($enews == 'EditSp') { $filepass = $spid; } else { $filepass = ReturnTranFilepass(); } //复制 if ($enews == "AddSp" && $_GET['docopy']) { $r = $empire->fetch1("select * from {$dbtbpre}enewssp where spid='{$spid}'"); $url = "<a href=ListSp.php" . $ecms_hashur['whehref'] . ">管理碎片</a> > 复制碎片:<b>" . $r[spname] . "</b>"; $username = substr($r[username], 1, -1); } //修改 if ($enews == "EditSp") { $r = $empire->fetch1("select * from {$dbtbpre}enewssp where spid='{$spid}'"); $postword = '修改碎片'; $noteditword = ''; $disabled = ' disabled'; $sptypehidden = '<input type="hidden" name="sptype" value="' . $r[sptype] . '">'; $url = "<a href=ListSp.php" . $ecms_hashur['whehref'] . ">管理碎片</a> > 修改碎片:<b>" . $r[spname] . "</b>";