function EditSafeInfo($add) { global $empire, $dbtbpre, $public_r; $user_r = islogin(); //是否登陆 $userid = $user_r[userid]; $username = $user_r[username]; $rnd = $user_r[rnd]; //邮箱 $email = trim($add['email']); if (!$email || !chemail($email)) { printerror("EmailFail", "history.go(-1)", 1); } $email = RepPostStr($email); //验证原密码 $oldpassword = RepPostVar($add[oldpassword]); if (!$oldpassword) { printerror('FailOldPassword', '', 1); } $add[password] = RepPostVar($add[password]); $num = 0; $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,password,salt') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}'"); if (empty($ur['userid'])) { printerror('FailOldPassword', '', 1); } if (!eDoCkMemberPw($oldpassword, $ur['password'], $ur['salt'])) { printerror('FailOldPassword', '', 1); } //邮箱 $pr = $empire->fetch1("select regemailonly from {$dbtbpre}enewspublic limit 1"); if ($pr['regemailonly']) { $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' and " . egetmf('userid') . "<>'{$userid}' limit 1"); if ($num) { printerror("ReEmailFail", "history.go(-1)", 1); } } //密码 $a = ''; $salt = ''; $truepassword = ''; if ($add[password]) { if ($add[password] !== $add[repassword]) { printerror('NotRepassword', 'history.go(-1)', 1); } $salt = eReturnMemberSalt(); $password = eDoMemberPw($add[password], $salt); $a = "," . egetmf('password') . "='{$password}'," . egetmf('salt') . "='{$salt}'"; $truepassword = $add[password]; } $sql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('email') . "='{$email}'" . $a . " where " . egetmf('userid') . "='{$userid}'"); if ($sql) { //易通行系统 DoEpassport('editpassword', $userid, $username, $truepassword, $salt, $email, $user_r['groupid'], ''); printerror("EditInfoSuccess", "../member/EditInfo/EditSafeInfo.php", 1); } else { printerror("DbError", "history.go(-1)", 1); } }
function qlogin($add) { global $empire, $dbtbpre, $public_r, $ecms_config; if ($ecms_config['member']['loginurl']) { Header("Location:" . $ecms_config['member']['loginurl']); exit; } $dopr = 1; if ($_POST['prtype']) { $dopr = 9; } $username = trim($add['username']); $password = trim($add['password']); if (!$username || !$password) { printerror("EmptyLogin", "history.go(-1)", $dopr); } $tobind = (int) $add['tobind']; //验证码 $keyvname = 'checkloginkey'; if ($public_r['loginkey_ok']) { ecmsCheckShowKey($keyvname, $add['key'], $dopr); } $username = RepPostVar($username); $password = RepPostVar($password); $num = 0; $r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1"); if (!$r['userid']) { printerror("FailPassword", "history.go(-1)", $dopr); } if (!eDoCkMemberPw($password, $r['password'], $r['salt'])) { printerror("FailPassword", "history.go(-1)", $dopr); } if ($r['checked'] == 0) { if ($public_r['regacttype'] == 1) { printerror('NotCheckedUser', '../member/register/regsend.php', 1); } else { printerror('NotCheckedUser', '', 1); } } //绑定帐号 if ($tobind) { MemberConnect_BindUser($r['userid']); } $rnd = make_password(20); //取得随机密码 //默认会员组 if (empty($r['groupid'])) { $r['groupid'] = eReturnMemberDefGroupid(); } $r['groupid'] = (int) $r['groupid']; $lasttime = time(); //IP $lastip = egetip(); $lastipport = egetipport(); $usql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('rnd') . "='{$rnd}'," . egetmf('groupid') . "='{$r['groupid']}' where " . egetmf('userid') . "='{$r['userid']}'"); $empire->query("update {$dbtbpre}enewsmemberadd set lasttime='{$lasttime}',lastip='{$lastip}',loginnum=loginnum+1,lastipport='{$lastipport}' where userid='{$r['userid']}'"); //设置cookie $lifetime = (int) $add['lifetime']; $logincookie = 0; if ($lifetime) { $logincookie = time() + $lifetime; } $set1 = esetcookie("mlusername", $username, $logincookie); $set2 = esetcookie("mluserid", $r['userid'], $logincookie); $set3 = esetcookie("mlgroupid", $r['groupid'], $logincookie); $set4 = esetcookie("mlrnd", $rnd, $logincookie); //验证符 qGetLoginAuthstr($r['userid'], $username, $rnd, $r['groupid'], $logincookie); //登录附加cookie AddLoginCookie($r); $location = "../member/cp/"; $returnurl = getcvar('returnurl'); if ($returnurl) { $location = $returnurl; } if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) { $location = "../member/iframe/"; } if (strstr($location, "enews=exit") || strstr($location, "e/member/register") || strstr($_SERVER['HTTP_REFERER'], "e/member/register")) { $location = "../member/cp/"; $_POST['ecmsfrom'] = ''; } ecmsEmptyShowKey($keyvname); //清空验证码 $set6 = esetcookie("returnurl", ""); if ($set1 && $set2) { //易通行系统 DoEpassport('login', $r['userid'], $username, $password, $r['salt'], $r['email'], $r['groupid'], $r['registertime']); $location = DoingReturnUrl($location, $_POST['ecmsfrom']); printerror("LoginSuccess", $location, $dopr); } else { printerror("NotCookie", "history.go(-1)", $dopr); } }
function DoRegSend($add) { global $empire, $dbtbpre, $public_r; if ($public_r['regacttype'] != 1) { printerror('CloseRegAct', '', 1); } $username = trim($add[username]); $password = trim($add[password]); $email = trim($add[email]); $newemail = trim($add[newemail]); if (!$username || !$password || !$email) { printerror("EmptyRegAct", "history.go(-1)", 1); } //验证码 $key = $add['key']; $keyvname = 'checkregsendkey'; ecmsCheckShowKey($keyvname, $key, 1); $username = RepPostVar($username); $password = RepPostVar($password); $username = RepPostStr($username); $email = RepPostStr($email); $newemail = RepPostStr($newemail); if (!chemail($email)) { printerror("EmailFail", "history.go(-1)", 1); } if ($newemail) { if (!chemail($newemail)) { printerror("EmailFail", "history.go(-1)", 1); } $sendemail = $newemail; } else { $sendemail = $email; } //密码 $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,salt,password') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1"); if (!$ur['userid']) { printerror("ErrorRegActUser", "history.go(-1)", 1); } if (!eDoCkMemberPw($password, $ur['password'], $ur['salt'])) { printerror("ErrorRegActUser", "history.go(-1)", 1); } $r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1"); $useremail = $r['email']; if (!$r['userid'] || $useremail != $email) { printerror("ErrorRegActUser", "history.go(-1)", 1); } if ($r['checked']) { printerror("HaveRegActUser", '', 1); } $addr = $empire->fetch1("select userid,authstr from {$dbtbpre}enewsmemberpub where userid='" . $r['userid'] . "' limit 1"); $ar = explode('||', $addr['authstr']); if (!$addr['userid'] || !$addr['authstr'] || $ar[1] != 2) { printerror("HaveRegActUser", '', 1); } ecmsEmptyShowKey($keyvname); //清空验证码 SendActUserEmail($r['userid'], $username, $sendemail); }
function AddPl($username, $password, $nomember, $key, $saytext, $id, $classid, $repid, $add) { global $empire, $dbtbpre, $public_r, $class_r, $level_r; //验证本时间允许操作 eCheckTimeCloseDo('pl'); //验证IP eCheckAccessDoIp('pl'); $id = (int) $id; $repid = (int) $repid; $classid = (int) $classid; //验证码 $keyvname = 'checkplkey'; if ($public_r['plkey_ok']) { ecmsCheckShowKey($keyvname, $key, 1); } $username = RepPostVar($username); $password = RepPostVar($password); $muserid = (int) getcvar('mluserid'); $musername = RepPostVar(getcvar('mlusername')); $mgroupid = (int) getcvar('mlgroupid'); if ($muserid) { $cklgr = qCheckLoginAuthstr(); if ($cklgr['islogin']) { $username = $musername; } else { $muserid = 0; } } else { if (empty($nomember)) { if (!$username || !$password) { printerror("FailPassword", "history.go(-1)", 1); } $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,salt,password,checked,groupid') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1"); if (empty($ur['userid'])) { printerror("FailPassword", "history.go(-1)", 1); } if (!eDoCkMemberPw($password, $ur['password'], $ur['salt'])) { printerror("FailPassword", "history.go(-1)", 1); } if ($ur['checked'] == 0) { printerror("NotCheckedUser", '', 1); } $muserid = $ur['userid']; $mgroupid = $ur['groupid']; } else { $muserid = 0; } } if ($public_r['plgroupid']) { if (!$muserid) { printerror("GuestNotToPl", "history.go(-1)", 1); } if ($level_r[$mgroupid][level] < $level_r[$public_r['plgroupid']][level]) { printerror("NotLevelToPl", "history.go(-1)", 1); } } //专题 $doaction = $add['doaction']; if ($doaction == 'dozt') { if (!trim($saytext) || !$classid) { printerror("EmptyPl", "history.go(-1)", 1); } //是否关闭评论 $r = $empire->fetch1("select ztid,closepl,checkpl,restb from {$dbtbpre}enewszt where ztid='{$classid}'"); if (!$r['ztid']) { printerror("ErrorUrl", "history.go(-1)", 1); } if ($r['closepl']) { printerror("CloseClassPl", "history.go(-1)", 1); } //审核 if ($r['checkpl']) { $checked = 1; } else { $checked = 0; } $restb = $r['restb']; $pubid = '-' . $classid; $id = 0; $pagefunr = eReturnRewritePlUrl($classid, $id, 'dozt', 0, 0, 1); $returl = $pagefunr['pageurl']; } else { if (!trim($saytext) || !$id || !$classid) { printerror("EmptyPl", "history.go(-1)", 1); } //表存在 if (empty($class_r[$classid][tbname])) { printerror("ErrorUrl", "history.go(-1)", 1); } //是否关闭评论 $r = $empire->fetch1("select classid,stb,restb from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' limit 1"); if (!$r['classid'] || $r['classid'] != $classid) { printerror("ErrorUrl", "history.go(-1)", 1); } if ($class_r[$r[classid]][openpl]) { printerror("CloseClassPl", "history.go(-1)", 1); } //单信息关闭评论 $pubid = ReturnInfoPubid($classid, $id); $finfor = $empire->fetch1("select closepl from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . "_data_" . $r['stb'] . " where id='{$id}' limit 1"); if ($finfor['closepl']) { printerror("CloseInfoPl", "history.go(-1)", 1); } //审核 if ($class_r[$classid][checkpl]) { $checked = 1; } else { $checked = 0; } $restb = $r['restb']; $pagefunr = eReturnRewritePlUrl($classid, $id, 'doinfo', 0, 0, 1); $returl = $pagefunr['pageurl']; } //设置参数 $plsetr = $empire->fetch1("select pltime,plsize,plincludesize,plclosewords,plmustf,plf,plmaxfloor,plquotetemp from {$dbtbpre}enewspl_set limit 1"); if (strlen($saytext) > $plsetr['plsize']) { $GLOBALS['setplsize'] = $plsetr['plsize']; printerror("PlSizeTobig", "history.go(-1)", 1); } $time = time(); $saytime = $time; $pltime = getcvar('lastpltime'); if ($pltime) { if ($time - $pltime < $plsetr['pltime']) { $GLOBALS['setpltime'] = $plsetr['pltime']; printerror("PlOutTime", "history.go(-1)", 1); } } $sayip = egetip(); $eipport = egetipport(); $username = str_replace("\r\n", "", $username); $username = RepPostStr($username); $saytext = nl2br(RepFieldtextNbsp(RepPostStr($saytext))); if ($repid) { $saytext = RepPlTextQuote($repid, $saytext, $plsetr, $restb); CkPlQuoteFloor($plsetr['plmaxfloor'], $saytext); //验证楼层 } //过滤字符 $saytext = ReplacePlWord($plsetr['plclosewords'], $saytext); if ($level_r[$mgroupid]['plchecked']) { $checked = 0; } $ret_r = ReturnPlAddF($add, $plsetr, 0); //主表 $sql = $empire->query("insert into {$dbtbpre}enewspl_" . $restb . "(pubid,username,sayip,saytime,id,classid,checked,zcnum,fdnum,userid,isgood,saytext,eipport" . $ret_r['fields'] . ") values('{$pubid}','" . $username . "','{$sayip}','{$saytime}','{$id}','{$classid}','{$checked}',0,0,'{$muserid}',0,'" . addslashes($saytext) . "','{$eipport}'" . $ret_r['values'] . ");"); $plid = $empire->lastid(); if ($doaction != 'dozt') { //信息表加1 $usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set plnum=plnum+1 where id='{$id}' limit 1"); } //更新新评论数 DoUpdateAddDataNum('pl', $restb, 1); //设置最后发表时间 $set1 = esetcookie("lastpltime", time(), time() + 3600 * 24); ecmsEmptyShowKey($keyvname); //清空验证码 if ($sql) { $reurl = DoingReturnUrl($returl, $_POST['ecmsfrom']); printerror("AddPlSuccess", $reurl, 1); } else { printerror("DbError", "history.go(-1)", 1); } }
function DoEcmsMemberCheckUserPass($add) { global $empire, $dbtbpre, $ecms_config; $dopr = 1; if ($_POST['prtype']) { $dopr = 9; } $username = trim($add['username']); $password = trim($add['password']); if (!$username || !$password) { printerror("EmptyLogin", "history.go(-1)", $dopr); } $username = RepPostVar($username); $password = RepPostVar($password); $num = 0; $r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1"); if (!$r['userid']) { printerror("FailPassword", "history.go(-1)", $dopr); } if (!eDoCkMemberPw($password, $r['password'], $r['salt'])) { printerror("FailPassword", "history.go(-1)", $dopr); } if ($r['checked'] == 0) { printerror('NotCheckedUser', '', $dopr); } return $r; }