public function register() { if (!$this->input->is_ajax_request()) { $jsonData = array('code' => -1, 'msg' => "非法请求"); echo json_encode($jsonData); exit; } // 用户名 $userName = $this->input->post('user_name'); if ("" == $userName) { $jsonData = array('code' => -2, 'msg' => '用户名不能为空'); echo json_encode($jsonData); exit; } //todo 验证用户名是否存在 //todo 验证邮箱是否存在 // 邮箱 $email = $this->input->post('email'); if ("" == $email) { $jsonData = array('code' => -3, 'msg' => '邮箱不能为空'); echo json_encode($jsonData); exit; } // 密码 $password = $this->input->post('password'); if ("" == $password) { $jsonData = array('code' => -4, 'msg' => '密码不能为空'); echo json_encode($jsonData); exit; } // 验证码 $authcode = trim($this->input->post('authcode')); if ($authcode == "") { $jsonData = array('code' => -5, 'msg' => '验证码不能为空'); echo json_encode($jsonData); exit; } if (!$this->authcode->check($authcode)) { $jsonData = array('code' => -6, 'msg' => '验证码错误'); echo json_encode($jsonData); exit; } // saveData $randomStr = getRandomStr(); $saveData = array('user_name' => $userName, 'email' => $email, 'password' => getUserPassword($password, $randomStr), 'salt' => $randomStr, 'ip' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ""); if ($this->web_user_model->addUser($saveData)) { $jsonData = array('code' => 1, 'msg' => '注册成功'); echo json_encode($jsonData); exit; } else { $jsonData = array('code' => 0, 'msg' => '注册失败'); echo json_encode($jsonData); exit; } }
global $twentyfourhour_format; $edit_series = true; $room_order = "room_name"; #If we dont know the right date then make it up if (!isset($day) or !isset($month) or !isset($year)) { $day = date("d"); $month = date("m"); $year = date("Y"); } if (empty($area)) { $area = get_default_area(); } if (!isset($edit_type)) { $edit_type = ""; } if (!getAuthorised(getUserName(), getUserPassword(), 1)) { showAccessDenied($day, $month, $year, $area); exit; } # This page will either add or modify a booking # We need to know: # Name of booker # Description of meeting # Date (option select box for day, month, year) # Time # Duration # Internal/External # Firstly we need to know if this is a new booking or modifying an old one # and if it's a modification we need to get all the old data from the db. # If we had $id passed in then it's a modification. if (isset($id)) {
$sql = "select nUserId,nCompId,vLogin from sptbl_users where\n\t\tvEmail='" . addslashes($var_fromaddress) . "' AND\n\t\tnCompId IN('" . implode("','", $arr_compid_final) . "')"; $result = executeSelect($sql, $conn); $arr_comp_toregister = array(); if (mysql_num_rows($result) > 0) { while ($row = mysql_fetch_array($result)) { $arr_comp_toregister[$row["nUserId"]] = $row["nCompId"]; $arr_user_login[$row["nUserId"]] = $row["vLogin"]; } } $arr_new_user = array(); $arr_comp_diff = array_diff($arr_compid_final, $arr_comp_toregister); foreach ($arr_comp_diff as $key => $val) { $var_username = ""; $var_userlogin = ""; getUserLogin($var_frommailbox, $val, $var_username, $var_userlogin); $var_userpassword = $var_userpassword != "" ? $var_userpassword : getUserPassword($var_fromaddress); $sql = "Insert into sptbl_users(nUserId,nCompId,vUserName,vEmail,vLogin,vPassword,dDate,nCSSId)\n\t\t\t\tValues('',\n\t\t\t\t'" . addslashes($val) . "',\n\t\t\t\t'" . addslashes($var_username) . "',\n\t\t\t\t'" . addslashes($var_fromaddress) . "',\n\t\t\t\t'" . addslashes($var_userlogin) . "',\n\t\t\t\t'" . md5($var_userpassword) . "',\n\t\t\t\tnow(),'1')"; executeQuery($sql, $conn); $var_id = mysql_insert_id(); $arr_comp_toregister[$var_id] = $val; $arr_user_login[$var_id] = $var_username; $arr_new_user[$var_id] = $var_userpassword; } foreach ($arr_new as $key => $val) { $var_tmp_compid = getCompanyId($val, $total_count); $var_tmp_userid = array_search($var_tmp_compid, $arr_comp_toregister); $var_userlogin = $arr_user_login[$var_tmp_userid]; $sql = "insert into sptbl_tickets(nTicketId,nDeptId,vRefNo,nUserId,vUserName,vTitle,tQuestion,\n\t\t\tvPriority,dPostDate,vMachineIP,dLastAttempted)\n\t\t\t\tvalues('','" . $val . "','1','" . $var_tmp_userid . "',\n\t\t\t\t'" . addslashes($var_userlogin) . "',\n\t\t\t\t'" . addslashes($mimedecoder->_mailheader->_headersubject) . "',\n\t\t\t\t'" . addslashes($var_message_main) . "','0',now(),\n\t\t\t\t'" . addslashes($var_machineip) . "',now())"; executeQuery($sql, $conn); $var_insert_id = mysql_insert_id($conn); $var_ticket_id = $var_insert_id;
<?php # $Id$ include "config.inc"; include "functions.inc"; include "{$dbsys}.inc"; include "mrbs_auth.inc"; include "mrbs_sql.inc"; if (getAuthorised(getUserName(), getUserPassword(), 1) && ($info = mrbsGetEntryInfo($id))) { $day = strftime("%d", $info["start_time"]); $month = strftime("%m", $info["start_time"]); $year = strftime("%Y", $info["start_time"]); $area = mrbsGetRoomArea($info["room_id"]); sql_begin(); $result = mrbsDelEntry(getUserName(), $id, $series, 1); sql_commit(); if ($result) { Header("Location: day.php?day={$day}&month={$month}&year={$year}&area={$area}"); exit; } } // If you got this far then we got an access denied. showAccessDenied($day, $month, $year, $area);
// $name = "name", "password", ... // Search for indexes "user_name", "user_password", etc, in the localization array. if (isset($vocab["user_" . $name])) { return get_vocab("user_" . $name); } // If there is no entry (likely if user-defined fields have been added), return itself. return $name; } /*---------------------------------------------------------------------------*\ | Authentify the current user | \*---------------------------------------------------------------------------*/ if ($nusers > 0) { $user = getUserName(); $level = authGetUserLevel($user, $auth["admin"]); // Do not allow unidentified people to browse the list. if (!getAuthorised($user, getUserPassword(), 1)) { showAccessDenied($day, $month, $year, $area); exit; } } else { $user = "******"; $level = 2; } /*---------------------------------------------------------------------------*\ | Edit a given entry - 1st phase: Get the user input. | \*---------------------------------------------------------------------------*/ if (isset($Action) && ($Action == "Edit" or $Action == "Add")) { if ($Id >= 0) { $result = sql_query("select * from {$tbl_users} where id={$Id}"); $data = sql_row($result, 0); sql_free($result);
function changePassword($db, $user, $old, $new) { $old_comparison = getUserPassword($db, $user); if ($old != $old_comparison) { $passwd = false; } else { if ($old == $old_comparison) { $passwd = pg_query($db, "UPDATE userbase SET pwd='{$new}' WHERE username='******';"); } } return $passwd; }
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* JM-booking - login */ include "glob_inc.inc.php"; if (isset($_POST['WEBAUTH_USER'])) { if (authValidateUser(getUserName(), getUserPassword())) { header('Location: index.php'); exit; } } if (isset($_GET['sendepost']) && isset($_POST['sendepost_navn']) && isset($_POST['sendepost_epost']) && isset($_POST['sendepost_melding'])) { require "libs/mail.class.php"; $epostform_feilfunnet = false; $_POST['sendepost_navn'] = htmlspecialchars(strip_tags($_POST['sendepost_navn']), ENT_QUOTES); $_POST['sendepost_epost'] = htmlspecialchars(strip_tags($_POST['sendepost_epost']), ENT_QUOTES); $_POST['sendepost_melding'] = htmlspecialchars(strip_tags($_POST['sendepost_melding']), ENT_QUOTES); if ($_POST['sendepost_navn'] == '' || $_POST['sendepost_epost'] == '' || $_POST['sendepost_melding'] == '') { $epostform_feilfunnet = true; } else { // Sender epost med spørsmål $mail = new mail();
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* JM-booking - login */ include 'glob_inc.inc.php'; $deactivated = false; $external_failed = false; $complex_failed = false; $age_failed = false; $is_external = isExternal(); if (isset($_POST['WEBAUTH_USER'])) { $user = getUserName(); $pass = getUserPassword(); // Check if we do not have a username/password if (empty($user) || empty($pass)) { } else { $user = slashes(htmlspecialchars(strip_tags($user), ENT_QUOTES)); // Username $pass = getPasswordHash($pass); // Checking against database $Q_login = mysql_query("select user_id, deactivated, user_password_complex, user_password_lastchanged from `users` where user_name_short = '" . $user . "' and user_password = '******' limit 1"); if (mysql_num_rows($Q_login) > '0') { if ($is_external) { try { $user_login = array('user_password_lastchanged' => mysql_result($Q_login, 0, 'user_password_lastchanged')); loginPWcheckAge($user_login); } catch (Exception $e) { $external_failed = true;
/** * 用户登录. * * @param $user_name * @param $password * * @return array */ public function userLogin($user_name, $password) { $loginInfo = array('code' => 0, 'msg' => ""); if ($user_name == "" || $password == "") { $loginInfo["msg"] = "用户名或密码不能为空"; return $loginInfo; } $userInfo = $this->getInfoByName($user_name); if (empty($userInfo)) { $loginInfo["msg"] = "不存在该用户"; return $loginInfo; } $userPassword = isset($userInfo['password']) ? $userInfo['password'] : ""; $salt = isset($userInfo['salt']) ? $userInfo['salt'] : ""; if (getUserPassword($password, $salt) == $userPassword) { $loginInfo['code'] = 1; $loginInfo['msg'] = "登录成功"; //todo 记录 cookie saveUserCookie($userInfo['id'], $user_name, $password); } else { $loginInfo['status'] = false; $loginInfo['msg'] = "用户名或密码不正确"; } return $loginInfo; }