function register_user() { $username = $_POST["username"]; $email = $_POST["email"]; $password = $_POST["password"]; $captcha = trim($_POST["captcha"]); //if not valid captcha() include_once "/var/www/includes/captch_code.php"; if (check_code($captcha)) { //sanitize input fields; $cr = new crypto(); $password_hash = $cr->one_way_crypt($password); //add new user to database $u = new user(); try { if ($u->create_user($username, $password_hash, $email)) { $uid = $u->get_user_id($email); $token = base64_encode($cr->encrypt($uid)); //send activation email $link = "http://punbt090pc/activate.php?u=" . urlencode($token); include_once "/var/www/includes/email.php"; send_activation_email($email, $link); set_registration_error("An activation email has been sent to your inbox (Please check your junkbox in case you have not received it)."); } else { //send back to registration page header("Location: /register.php"); } } catch (Exception $e) { set_registration_error("UserName Or Email is already registered"); } } else { set_registration_error("Invalid Captcha"); } }
public function handle() { session_start(); $username = I('post.username'); $userpad = I('post.userpassword'); $userpassword = md5($userpad); $code = I('post.code'); if ($username == '' || $userpad == '') { echo "<script language=\"javascript\">"; echo "alert(\"对不起,用户名或密码不能为空!\");location.href='" . $_SERVER["HTTP_REFERER"] . "'"; echo "</script>"; } else { $where['name'] = $username; $password = M('user')->where($where)->getField('password'); if (!check_code($code)) { echo "<script language=\"javascript\">"; echo "alert(\"验证码错误!!\");location.href='" . $_SERVER["HTTP_REFERER"] . "'"; echo "</script>"; } else { if ($password == $userpassword) { echo "<script language=\"javascript\">"; echo "alert(\"登陆成功!!\");"; echo "</script>"; $_SESSION['username'] = $username; $this->success("", U('Home/Waterfall/waterfall', '', '')); } else { echo "<script language=\"javascript\">"; echo "alert(\"对不起,用户名或密码错误!!\");location.href='" . $_SERVER["HTTP_REFERER"] . "'"; echo "</script>"; } } } }
function add_option($params) { global $DETDB; if (is_array($params)) { $custom = (array) new option($params, true); $custom['code'] = canone_code($custom['code']); if (validate_code($custom['code'])) { if (!check_code('options', $custom['code'], 'code')) { return $DETDB->insert('options', $custom); } else { push_output_message(array('text' => 'Данный код уже занят.', 'title' => 'Ошибка!', 'class' => 'alert alert-warning', 'type' => 'error')); } } else { push_output_message(array('text' => 'Отправлен неправильный (невалидный) код.', 'title' => 'Ошибка!', 'class' => 'alert alert-warning', 'type' => 'error')); } } return false; }
/** * @Author: gaohuabin * @Date: 2015-12-07 14:43:31 * @Last Modified by: gaohuabin * @Last Modified time: 2015-12-21 22:00:08 */ //定义一个常量,用来授权调用includes里面的文件 define('IN_TG', true); session_start(); //引入公共文件,转换成硬路径,速度更快 require dirname(__FILE__) . '/includes/common.inc.php'; //修改资料 if (@$_GET['action'] == 'modify') { //为防止恶意注册,跨站攻击 if ($system['code'] == 1) { check_code($_POST['code'], $_SESSION['code']); } if (!!($rows = fetch_array("SELECT bbs_uniqid FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) { //为了防止cookie伪造,要比对一下唯一标识符uniqid uniqid_check($rows['bbs_uniqid'], $_COOKIE['uniqid']); //引入验证文件 include ROOT_PATH . 'includes/check.func.php'; //创建空数组,用来存放提交的合法数据 $clean = array(); $clean['password'] = check_modify_password($_POST['password'], 6); $clean['sex'] = check_sex($_POST['sex']); $clean['photo'] = check_photo($_POST['photo']); $clean['email'] = check_email($_POST['email'], 6, 40); $clean['qq'] = check_qq($_POST['qq']); $clean['url'] = check_url($_POST['url'], 40); $clean['switch'] = $_POST['switch'];
} require_once get_langfile_path("", false, $CURLANGDIR); function bark($msg) { global $lang_confirm_resend; stdhead(); stdmsg($lang_confirm_resend['resend_confirmation_email_failed'], $msg); stdfoot(); exit; } if ($verification == "admin") { bark($lang_confirm_resend['std_need_admin_verification']); } if ($_SERVER["REQUEST_METHOD"] == "POST") { if ($iv == "yes") { check_code($_POST['imagehash'], $_POST['imagestring'], "confirm_resend.php", true); } $email = unesc(htmlspecialchars(trim($_POST["email"]))); $wantpassword = unesc(htmlspecialchars(trim($_POST["wantpassword"]))); $passagain = unesc(htmlspecialchars(trim($_POST["passagain"]))); $email = safe_email($email); if (empty($wantpassword) || empty($passagain) || empty($email)) { bark($lang_confirm_resend['std_fields_blank']); } if (!check_email($email)) { failedlogins($lang_confirm_resend['std_invalid_email_address'], true); } $res = sql_query("SELECT * FROM users WHERE email=" . sqlesc($email) . " LIMIT 1") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_assoc($res) or failedlogins($lang_confirm_resend['std_email_not_found'], true); if ($arr["status"] != "pending") { failedlogins($lang_confirm_resend['std_user_already_confirm'], true);
require_once "include/bittorrent.php"; header("Content-Type: text/html; charset=utf-8"); if (!mkglobal("username:password")) { die; } dbconn(); require_once get_langfile_path("", false, get_langfolder_cookie()); cur_user_check(); function bark($text = "") { global $lang_takelogin; $text = $text == "" ? $lang_takelogin['std_login_fail_note'] : $text; stderr($lang_takelogin['std_login_fail'], $text, false); } if ($iv == "yes") { check_code($_POST['imagehash'], $_POST['imagestring'], 'login.php', true); } if (get_magic_quotes_gpc()) { $username = stripslashes($username); } $res = sql_query("SELECT id, passhash, secret, enabled, status FROM users WHERE username = "******"'" . mysql_real_escape_string($username) . "'"); $row = mysql_fetch_array($res); if (!$row) { failedlogins(); } if ($row['status'] == 'pending') { failedlogins($lang_takelogin['std_user_account_unconfirmed']); } if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"])) { login_failedlogins(); }
require_once get_langfile_path("", true); require_once get_langfile_path("", false, get_langfolder_cookie()); function bark($msg) { global $lang_takesignup; stdhead(); stdmsg($lang_takesignup['std_signup_failed'], $msg); stdfoot(); exit; } $type = $_POST['type']; if ($type == 'invite') { registration_check(); failedloginscheck("Invite Signup"); if ($iv == "yes") { check_code($_POST['imagehash'], $_POST['imagestring'], 'signup.php?type=invite&invitenumber=' . htmlspecialchars($_POST['hash'])); } } else { registration_check("normal"); failedloginscheck("Signup"); //if ($iv == "yes") //check_code ($_POST['imagehash'], $_POST['imagestring']); } function isportopen($port) { $sd = @fsockopen($_SERVER["REMOTE_ADDR"], $port, $errno, $errstr, 1); if ($sd) { fclose($sd); return true; } else { return false;
public function checkCode() { session_start(); //re start $code = rand_string(4); $_SESSION['check_code'] = strtolower($code); check_code($code); }
stdmsg($lang_takesignup['std_signup_failed'], $msg); stdfoot(); exit; } $type = $_POST['type']; if ($type == 'invite') { registration_check(); failedloginscheck("Invite Signup"); if ($iv == "yes") { check_code($_POST['imagehash'], $_POST['imagestring'], 'signup.php?type=invite&invitenumber=' . htmlspecialchars($_POST['hash'])); } } else { registration_check("normal"); failedloginscheck("Signup"); if ($iv == "yes") { check_code($_POST['imagehash'], $_POST['imagestring']); } } function isportopen($port) { $sd = @fsockopen($_SERVER["REMOTE_ADDR"], $port, $errno, $errstr, 1); if ($sd) { fclose($sd); return true; } else { return false; } } function isproxy() { $ports = array(80, 88, 1075, 1080, 1180, 1182, 2282, 3128, 3332, 5490, 6588, 7033, 7441, 8000, 8080, 8085, 8090, 8095, 8100, 8105, 8110, 8888, 22788);
set_langfolder_cookie($lang_folder); header("Location: " . $_SERVER['PHP_SELF']); } } require_once get_langfile_path("", false, $CURLANGDIR); function bark($msg) { global $lang_recover; stdhead(); stdmsg($lang_recover['std_recover_failed'], $msg); stdfoot(); exit; } if ($_SERVER["REQUEST_METHOD"] == "POST") { if ($iv == "yes") { check_code($_POST['imagehash'], $_POST['imagestring'], "cardrecover.php", true); } $stuid = unesc(htmlspecialchars(trim($_POST["stuid"]))); $cardpass = unesc(htmlspecialchars(trim($_POST["password"]))); if (!$stuid) { failedlogins($lang_recover['std_missing_stuid'], true); } if (!$cardpass) { failedlogins($lang_recover['std_missing_password'], true); } if (!getOneCard($stuid, $cardpass)) { failedlogins($lang_recover['std_stuid_failed'], true); } $res = sql_query("SELECT * FROM users WHERE cardnum=" . sqlesc($stuid) . " LIMIT 1") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_assoc($res); if (!$arr) {
if ($_GPC['do'] == 'save') { $result = base64_decode($_GPC['result']); header("Content-type:application/vnd.ms-excel"); header("Content-Disposition:filename=result.xls"); exit($result); } if ($_GPC['do'] == 'search' || $_GPC['do'] == 'search_save') { $hashCode = strtolower($_GPC['code']); $hash = md5($hashCode . $_W['config']['setting']['authkey']); if ($_GPC['__code'] != $hash) { message('你输入的验证码不正确'); } if ($_GPC['__code'] != $hash) { message('你输入的验证码不正确'); } check_code($code); if (!is_file($file['tmp_name']) && empty($data)) { message('提交内容为空'); } $originArray = array(); if (is_file($file['tmp_name'])) { $content = file_get_contents($file['tmp_name']); $content = filter_file($content, $originArray); } elseif ($data) { $content = filter_file($data, $originArray); } $status = pdo_fetchall("SELECT * FROM " . tablename('account_status'), array(), 'id'); $account = pdo_fetchall("SELECT * FROM " . tablename('account') . " WHERE account_type={$type} AND account in({$content}) ", array(), 'account'); $result = template('index/multi_table', TEMPLATE_FETCH); } if ($_GPC['do'] == 'search_save') {
if (preg_match_all($regexpstr, $hash, $matches)) { return true; } else { return false; } } else { return false; } } if (count($_GET) == 1) { require_once 'include/configpage.php'; require_once 'include/emaillib.php'; setCss(); headerSet(); $code = $_GET['code'] or die('<p class="message">Error'); check_code($code) or die('<p class="message">Ooops'); if (verify_data($code) == "pending") { $username = read_data($code); //print $username; if ($username != "Error") { if (gen_pass_mail($code, $username)) { print '<p class="message">Your password has been changed and sent, please check your email'; } } else { die('<p class="message">Error, can\'t get your email, please contact the Administrator'); } } else { die('<p class="message">Error, invalid code, please contact the Administrator'); } } else { die('<p class="message">Error, invalid parameters, please contact the Administrator');
////////////////////////////////////////////////////////// //Обработка если нажали кнопку if (isset($_POST['name'])) { session_start(); $cap = $_SESSION['captcha']; $_SESSION['captcha'] = ''; $info = ''; $online_theme = strip_tags(stripslashes(substr($_POST['subj'], 0, 100))); $email = strip_tags(stripslashes(substr($_POST['email'], 0, 30))); $name = strip_tags(stripslashes(substr($_POST['name'], 0, 30))); $message = strip_tags(stripslashes(substr($_POST['message'], 0, 30))); if (!empty($_POST['name'])) { if (!empty($_POST['email'])) { if (!empty($_POST['message'])) { //Отправка письмо если все проверено! if (check_code($_POST['code'], $cap)) { ////////////////////////////////////////////////////////// // XXX // ////////////////////////////////////////////////////////// ##### MESSAGE ####### $txt = "Тема: " . $online_theme . "\n"; $txt .= "E-mail: " . $email . "\n"; $txt .= "Имя: " . $name . "\n"; $txt .= "Сообщение: " . $message; ##### MESSAGE ####### /* php mailer test */ date_default_timezone_set('Etc/UTC'); require 'PHPM/PHPMailerAutoload.php'; $mail = new PHPMailer(); $mail->isSMTP(); $mail->CharSet = "utf-8";
exec("mktemp -d data/genomes/XXXXXXXX", $tmparray); $dir = $tmparray[0]; chmod($dir, 0770); move_uploaded_file($_FILES["position"]["tmp_name"], $dir . "/" . "position.txt"); $code = end(explode("/", $dir)); } else { $code = $_POST["code"]; if (!ctype_alnum($code)) { echo "Code should contain only alphanumeric characters"; echo "<FORM><INPUT TYPE=\"BUTTON\" VALUE=\"Go Back\""; echo " ONCLICK=\"history.go(-1)\">"; echo "</FORM>"; clus_end(); exit(0); } if (!check_code($code)) { echo "Code already in use"; echo "<FORM><INPUT TYPE=\"BUTTON\" VALUE=\"Go Back\""; echo " ONCLICK=\"history.go(-1)\">"; echo "</FORM>"; clus_end(); exit(0); } $code = $_POST["code"]; $dir = "data/genomes/" . $code; mkdir($dir, 0770); move_uploaded_file($_FILES["position"]["tmp_name"], $dir . "/" . "position.txt"); } // Start randomizations jobs // $jid = start_job("randomizzatore/pval-table.sh " . $dir . " 10000", // $dir . "/jobout.txt", $dir . "/joberr.txt");