/**
* ¼ì²éÓû§ÃûÊÇ·ñ·ûºÏ¹æ¶¨
*
* @param STRING $username
* @return TRUE or FALSE
*/
function is_username($username)
{
$strlen = strlen($username);
if (is_badword($username) || !preg_match("/^[a-zA-Z0-9_-ÿ][a-zA-Z0-9_-ÿ]+\$/", $username)) {
return false;
} elseif (20 <= $strlen || $strlen < 2) {
return false;
}
return true;
}
/**
* 构造函数
*/
public function __construct()
{
$this->db = pc_base::load_model('member_model');
pc_base::load_app_func('global');
/*获取系统配置*/
$this->settings = getcache('settings', 'admin');
$this->applist = getcache('applist', 'admin');
if (isset($_GET) && is_array($_GET) && count($_GET) > 0) {
foreach ($_GET as $k => $v) {
if (!in_array($k, array('m', 'c', 'a'))) {
$_POST[$k] = $v;
}
}
}
if (isset($_POST['appid'])) {
$this->appid = intval($_POST['appid']);
} else {
exit('0');
}
if (isset($_POST['data'])) {
parse_str(sys_auth($_POST['data'], 'DECODE', $this->applist[$this->appid]['authkey']), $this->data);
if (empty($this->data) || !is_array($this->data)) {
exit('0');
}
if (!get_magic_quotes_gpc()) {
$this->data = new_addslashes($this->data);
}
if (isset($this->data['username']) && $this->data['username'] != '' && is_username($this->data['username']) == false) {
exit('-5');
}
if (isset($this->data['email']) && $this->data['username'] != '' && is_email($this->data['email']) == false) {
exit('-5');
}
if (isset($this->data['password']) && $this->data['password'] != '' && (is_password($this->data['password']) == false || is_badword($this->data['password']))) {
exit('-5');
}
if (isset($this->data['newpassword']) && $this->data['newpassword'] != '' && (is_password($this->data['newpassword']) == false || is_badword($this->data['newpassword']))) {
exit('-5');
}
} else {
exit('0');
}
if (isset($GLOBALS['HTTP_RAW_POST_DATA'])) {
$this->data['avatardata'] = $GLOBALS['HTTP_RAW_POST_DATA'];
//if($this->applist[$this->appid]['authkey'] != $this->data['ps_auth_key']) {
// exit('0');
//}
}
}
public function login()
{
$this->_session_start();
//获取用户siteid
$siteid = isset($_REQUEST['siteid']) && trim($_REQUEST['siteid']) ? intval($_REQUEST['siteid']) : 1;
//定义站点id常量
if (!defined('SITEID')) {
define('SITEID', $siteid);
}
if (isset($_POST['dosubmit'])) {
if (empty($_SESSION['connectid'])) {
//判断验证码
$code = isset($_POST['code']) && trim($_POST['code']) ? trim($_POST['code']) : showmessage(L('input_code'), HTTP_REFERER);
if ($_SESSION['code'] != strtolower($code)) {
$_SESSION['code'] = '';
showmessage(L('code_error'), HTTP_REFERER);
}
$_SESSION['code'] = '';
}
$username = isset($_POST['username']) && is_username($_POST['username']) ? trim($_POST['username']) : showmessage(L('username_empty'), HTTP_REFERER);
$password = isset($_POST['password']) && trim($_POST['password']) ? trim($_POST['password']) : showmessage(L('password_empty'), HTTP_REFERER);
is_password($_POST['password']) && is_badword($_POST['password']) == false ? trim($_POST['password']) : showmessage(L('password_format_incorrect'), HTTP_REFERER);
$cookietime = intval($_POST['cookietime']);
$synloginstr = '';
//同步登陆js代码
if (pc_base::load_config('system', 'phpsso')) {
$this->_init_phpsso();
$status = $this->client->ps_member_login($username, $password);
$memberinfo = unserialize($status);
if (isset($memberinfo['uid'])) {
//查询帐号
$r = $this->db->get_one(array('phpssouid' => $memberinfo['uid']));
if (!$r) {
//插入会员详细信息,会员不存在 插入会员
$info = array('phpssouid' => $memberinfo['uid'], 'username' => $memberinfo['username'], 'password' => $memberinfo['password'], 'encrypt' => $memberinfo['random'], 'email' => $memberinfo['email'], 'regip' => $memberinfo['regip'], 'regdate' => $memberinfo['regdate'], 'lastip' => $memberinfo['lastip'], 'lastdate' => $memberinfo['lastdate'], 'groupid' => $this->_get_usergroup_bypoint(), 'modelid' => 10);
//如果是connect用户
if (!empty($_SESSION['connectid'])) {
$userinfo['connectid'] = $_SESSION['connectid'];
}
if (!empty($_SESSION['from'])) {
$userinfo['from'] = $_SESSION['from'];
}
unset($_SESSION['connectid'], $_SESSION['from']);
$this->db->insert($info);
unset($info);
$r = $this->db->get_one(array('phpssouid' => $memberinfo['uid']));
}
$password = $r['password'];
$synloginstr = $this->client->ps_member_synlogin($r['phpssouid']);
} else {
if ($status == -1) {
//用户不存在
showmessage(L('user_not_exist'), 'index.php?m=member&c=index&a=login');
} elseif ($status == -2) {
//密码错误
showmessage(L('password_error'), 'index.php?m=member&c=index&a=login');
} else {
showmessage(L('login_failure'), 'index.php?m=member&c=index&a=login');
}
}
} else {
//密码错误剩余重试次数
$this->times_db = pc_base::load_model('times_model');
$rtime = $this->times_db->get_one(array('username' => $username));
if ($rtime['times'] > 4) {
$minute = 60 - floor((SYS_TIME - $rtime['logintime']) / 60);
showmessage(L('wait_1_hour', array('minute' => $minute)));
}
//查询帐号
$r = $this->db->get_one(array('username' => $username));
if (!$r) {
showmessage(L('user_not_exist'), 'index.php?m=member&c=index&a=login');
}
//验证用户密码
$password = md5(md5(trim($password)) . $r['encrypt']);
if ($r['password'] != $password) {
$ip = ip();
if ($rtime && $rtime['times'] < 5) {
$times = 5 - intval($rtime['times']);
$this->times_db->update(array('ip' => $ip, 'times' => '+=1'), array('username' => $username));
} else {
$this->times_db->insert(array('username' => $username, 'ip' => $ip, 'logintime' => SYS_TIME, 'times' => 1));
$times = 5;
}
showmessage(L('password_error', array('times' => $times)), 'index.php?m=member&c=index&a=login', 3000);
}
$this->times_db->delete(array('username' => $username));
}
//如果用户被锁定
if ($r['islock']) {
showmessage(L('user_is_lock'));
}
$userid = $r['userid'];
$groupid = $r['groupid'];
$username = $r['username'];
$nickname = empty($r['nickname']) ? $username : $r['nickname'];
$updatearr = array('lastip' => ip(), 'lastdate' => SYS_TIME);
//vip过期,更新vip和会员组
if ($r['overduedate'] < SYS_TIME) {
$updatearr['vip'] = 0;
}
//检查用户积分,更新新用户组,除去邮箱认证、禁止访问、游客组用户、vip用户,如果该用户组不允许自助升级则不进行该操作
if ($r['point'] >= 0 && !in_array($r['groupid'], array('1', '7', '8')) && empty($r[vip])) {
$grouplist = getcache('grouplist');
if (!empty($grouplist[$r['groupid']]['allowupgrade'])) {
$check_groupid = $this->_get_usergroup_bypoint($r['point']);
if ($check_groupid != $r['groupid']) {
$updatearr['groupid'] = $groupid = $check_groupid;
}
}
}
//如果是connect用户
if (!empty($_SESSION['connectid'])) {
$updatearr['connectid'] = $_SESSION['connectid'];
}
if (!empty($_SESSION['from'])) {
$updatearr['from'] = $_SESSION['from'];
}
unset($_SESSION['connectid'], $_SESSION['from']);
$this->db->update($updatearr, array('userid' => $userid));
if (!isset($cookietime)) {
$get_cookietime = param::get_cookie('cookietime');
}
$_cookietime = $cookietime ? intval($cookietime) : ($get_cookietime ? $get_cookietime : 0);
$cookietime = $_cookietime ? SYS_TIME + $_cookietime : 0;
$phpcms_auth = sys_auth($userid . "\t" . $password, 'ENCODE', get_auth_key('login'));
param::set_cookie('auth', $phpcms_auth, $cookietime);
param::set_cookie('_userid', $userid, $cookietime);
param::set_cookie('_username', $username, $cookietime);
param::set_cookie('_groupid', $groupid, $cookietime);
param::set_cookie('_nickname', $nickname, $cookietime);
//param::set_cookie('cookietime', $_cookietime, $cookietime);
$forward = isset($_POST['forward']) && !empty($_POST['forward']) ? urldecode($_POST['forward']) : 'index.php?m=member&c=index';
showmessage(L('login_success') . $synloginstr, $forward);
} else {
$setting = pc_base::load_config('system');
$forward = isset($_GET['forward']) && trim($_GET['forward']) ? urlencode($_GET['forward']) : '';
$siteid = isset($_REQUEST['siteid']) && trim($_REQUEST['siteid']) ? intval($_REQUEST['siteid']) : 1;
$siteinfo = siteinfo($siteid);
include template('member', 'login');
}
}
public function register()
{
$this->_session_start();
//获取用户siteid
$siteid = isset($_REQUEST['siteid']) && trim($_REQUEST['siteid']) ? intval($_REQUEST['siteid']) : 1;
//定义站点id常量
if (!defined('SITEID')) {
define('SITEID', $siteid);
}
//加载用户模块配置
$member_setting = getcache('member_setting');
if (!$member_setting['allowregister']) {
showmessage(L('deny_register'), 'index.php?m=member&c=index&a=login');
}
//加载短信模块配置
$sms_setting_arr = getcache('sms', 'sms');
$sms_setting = $sms_setting_arr[$siteid];
header("Cache-control: private");
if (isset($_POST['dosubmit'])) {
if ($member_setting['enablcodecheck'] == '1') {
//开启验证码
if (empty($_SESSION['connectid']) && $_SESSION['code'] != strtolower($_POST['code']) && $_POST['code'] !== NULL || empty($_SESSION['code'])) {
showmessage(L('code_error'));
} else {
$_SESSION['code'] = '';
}
}
$userinfo = array();
$userinfo['encrypt'] = create_randomstr(6);
$userinfo['username'] = isset($_POST['username']) && is_username($_POST['username']) ? $_POST['username'] : exit('0');
$userinfo['nickname'] = isset($_POST['nickname']) ? $_POST['nickname'] : '';
$userinfo['email'] = isset($_POST['email']) && is_email($_POST['email']) ? $_POST['email'] : exit('0');
$userinfo['password'] = isset($_POST['password']) && is_badword($_POST['password']) == false ? $_POST['password'] : exit('0');
$userinfo['email'] = isset($_POST['email']) && is_email($_POST['email']) ? $_POST['email'] : exit('0');
$userinfo['modelid'] = isset($_POST['modelid']) ? intval($_POST['modelid']) : 10;
$userinfo['regip'] = ip();
$userinfo['status'] = $_POST['status'];
$userinfo['point'] = $member_setting['defualtpoint'] ? $member_setting['defualtpoint'] : 0;
$userinfo['amount'] = $member_setting['defualtamount'] ? $member_setting['defualtamount'] : 0;
$userinfo['regdate'] = $userinfo['lastdate'] = SYS_TIME;
$userinfo['siteid'] = $siteid;
$userinfo['connectid'] = isset($_SESSION['connectid']) ? $_SESSION['connectid'] : '';
$userinfo['from'] = isset($_SESSION['from']) ? $_SESSION['from'] : '';
//手机强制验证
if ($member_setting[mobile_checktype] == '1') {
//取用户手机号
$mobile_verify = $_POST['mobile_verify'] ? intval($_POST['mobile_verify']) : '';
if ($mobile_verify == '') {
showmessage('请提供正确的手机验证码!', HTTP_REFERER);
}
$sms_report_db = pc_base::load_model('sms_report_model');
$posttime = SYS_TIME - 360;
$where = "`id_code`='{$mobile_verify}' AND `posttime`>'{$posttime}'";
$r = $sms_report_db->get_one($where, '*', 'id DESC');
if (!empty($r)) {
$userinfo['mobile'] = $r['mobile'];
} else {
showmessage('未检测到正确的手机号码!', HTTP_REFERER);
}
} elseif ($member_setting[mobile_checktype] == '2') {
//获取验证码,直接通过POST,取mobile值
$userinfo['mobile'] = isset($_POST['mobile']) ? $_POST['mobile'] : '';
}
if ($userinfo['mobile'] != "") {
if (!preg_match('/^1([0-9]{9})/', $userinfo['mobile'])) {
showmessage('请提供正确的手机号码!', HTTP_REFERER);
}
}
unset($_SESSION['connectid'], $_SESSION['from']);
if ($member_setting['enablemailcheck']) {
//是否需要邮件验证
$userinfo['groupid'] = 7;
} elseif ($member_setting['registerverify']) {
//是否需要管理员审核
$modelinfo_str = $userinfo['modelinfo'] = isset($_POST['info']) ? array2string(array_map("safe_replace", new_html_special_chars($_POST['info']))) : '';
$this->verify_db = pc_base::load_model('member_verify_model');
unset($userinfo['lastdate'], $userinfo['connectid'], $userinfo['from']);
$userinfo['modelinfo'] = $modelinfo_str;
$this->verify_db->insert($userinfo);
showmessage(L('operation_success'), 'index.php?m=member&c=index&a=register&t=3');
} else {
//查看当前模型是否开启了短信验证功能
$model_field_cache = getcache('model_field_' . $userinfo['modelid'], 'model');
if (isset($model_field_cache['mobile']) && $model_field_cache['mobile']['disabled'] == 0) {
$mobile = $_POST['info']['mobile'];
if (!preg_match('/^1([0-9]{10})/', $mobile)) {
showmessage(L('input_right_mobile'));
}
$sms_report_db = pc_base::load_model('sms_report_model');
$posttime = SYS_TIME - 300;
$where = "`mobile`='{$mobile}' AND `posttime`>'{$posttime}'";
$r = $sms_report_db->get_one($where);
if (!$r || $r['id_code'] != $_POST['mobile_verify']) {
showmessage(L('error_sms_code'));
}
}
//$userinfo['groupid'] = $this->_get_usergroup_bypoint($userinfo['point']);
$userinfo['groupid'] = isset($_POST['groupid']) ? $_POST['groupid'] : '11';
}
if (pc_base::load_config('system', 'phpsso')) {
$this->_init_phpsso();
$status = $this->client->ps_member_register($userinfo['username'], $userinfo['password'], $userinfo['email'], $userinfo['regip'], $userinfo['encrypt']);
if ($status > 0) {
$userinfo['phpssouid'] = $status;
//传入phpsso为明文密码,加密后存入gxw_v9
$password = $userinfo['password'];
$userinfo['password'] = password($userinfo['password'], $userinfo['encrypt']);
$userid = $this->db->insert($userinfo, 1);
if ($member_setting['choosemodel']) {
//如果开启选择模型
//通过模型获取企业信息
require_once CACHE_MODEL_PATH . 'member_input.class.php';
require_once CACHE_MODEL_PATH . 'member_update.class.php';
$member_input = new member_input($userinfo['modelid']);
$_POST['info'] = array_map('new_html_special_chars', $_POST['info']);
$user_model_info = $member_input->get($_POST['info']);
$user_model_info['userid'] = $userid;
//插入企业模型数据
$this->db->set_model($userinfo['modelid']);
$this->db->insert($user_model_info);
}
if ($userid > 0) {
//执行登陆操作
if (!$cookietime) {
$get_cookietime = param::get_cookie('cookietime');
}
$_cookietime = $cookietime ? intval($cookietime) : ($get_cookietime ? $get_cookietime : 0);
$cookietime = $_cookietime ? TIME + $_cookietime : 0;
if ($userinfo['groupid'] == 7) {
param::set_cookie('_username', $userinfo['username'], $cookietime);
param::set_cookie('email', $userinfo['email'], $cookietime);
} else {
$gxw_auth_key = md5(pc_base::load_config('system', 'auth_key') . $this->http_user_agent);
$gxw_auth = sys_auth($userid . "\t" . $userinfo['password'], 'ENCODE', $gxw_auth_key);
param::set_cookie('auth', $gxw_auth, $cookietime);
param::set_cookie('_userid', $userid, $cookietime);
param::set_cookie('_username', $userinfo['username'], $cookietime);
param::set_cookie('_nickname', $userinfo['nickname'], $cookietime);
param::set_cookie('_groupid', $userinfo['groupid'], $cookietime);
param::set_cookie('_status', $userinfo['status'], $cookietime);
param::set_cookie('cookietime', $_cookietime, $cookietime);
}
}
//如果需要邮箱认证
if ($member_setting['enablemailcheck']) {
pc_base::load_sys_func('mail');
$gxw_auth_key = md5(pc_base::load_config('system', 'auth_key'));
$code = sys_auth($userid . '|' . SYS_TIME, 'ENCODE', $gxw_auth_key);
$url = APP_PATH . "index.php?m=member&c=index&a=register&code={$code}&verify=1";
$message = $member_setting['registerverifymessage'];
$message = str_replace(array('{click}', '{url}', '{username}', '{email}', '{password}'), array('<a href="' . $url . '">' . L('please_click') . '</a>', $url, $userinfo['username'], $userinfo['email'], $password), $message);
sendmail($userinfo['email'], L('reg_verify_email'), $message);
//设置当前注册账号COOKIE,为第二步重发邮件所用
param::set_cookie('_regusername', $userinfo['username'], $cookietime);
param::set_cookie('_reguserid', $userid, $cookietime);
param::set_cookie('_reguseruid', $userinfo['phpssouid'], $cookietime);
showmessage(L('operation_success'), 'index.php?m=member&c=index&a=register&t=2');
} else {
//如果不需要邮箱认证、直接登录其他应用
$synloginstr = $this->client->ps_member_synlogin($userinfo['phpssouid']);
showmessage(L('operation_success') . $synloginstr, 'index.php?m=member&c=index&a=init');
}
}
} else {
showmessage(L('enable_register') . L('enable_phpsso'), 'index.php?m=member&c=index&a=login');
}
showmessage(L('operation_failure'), HTTP_REFERER);
} else {
if (!pc_base::load_config('system', 'phpsso')) {
showmessage(L('enable_register') . L('enable_phpsso'), 'index.php?m=member&c=index&a=login');
}
if (!empty($_GET['verify'])) {
$code = isset($_GET['code']) ? trim($_GET['code']) : showmessage(L('operation_failure'), 'index.php?m=member&c=index');
$gxw_auth_key = md5(pc_base::load_config('system', 'auth_key'));
$code_res = sys_auth($code, 'DECODE', $gxw_auth_key);
$code_arr = explode('|', $code_res);
$userid = isset($code_arr[0]) ? $code_arr[0] : '';
$userid = is_numeric($userid) ? $userid : showmessage(L('operation_failure'), 'index.php?m=member&c=index');
$this->db->update(array('groupid' => $this->_get_usergroup_bypoint()), array('userid' => $userid));
showmessage(L('operation_success'), 'index.php?m=member&c=index');
} elseif (!empty($_GET['protocol'])) {
include template('member', 'protocol');
} else {
//过滤非当前站点企业模型
$modellist = getcache('member_model', 'commons');
foreach ($modellist as $k => $v) {
if ($v['siteid'] != $siteid || $v['disabled']) {
unset($modellist[$k]);
}
}
if (empty($modellist)) {
showmessage(L('site_have_no_model') . L('deny_register'), HTTP_REFERER);
}
//是否开启选择企业模型选项
if ($member_setting['choosemodel']) {
$first_model = array_pop(array_reverse($modellist));
$modelid = isset($_GET['modelid']) && in_array($_GET['modelid'], array_keys($modellist)) ? intval($_GET['modelid']) : $first_model['modelid'];
if (array_key_exists($modelid, $modellist)) {
//获取企业模型表单
require CACHE_MODEL_PATH . 'member_form.class.php';
$member_form = new member_form($modelid);
$this->db->set_model($modelid);
$forminfos = $forminfos_arr = $member_form->get();
//万能字段过滤
foreach ($forminfos as $field => $info) {
if ($info['isomnipotent']) {
unset($forminfos[$field]);
} else {
if ($info['formtype'] == 'omnipotent') {
foreach ($forminfos_arr as $_fm => $_fm_value) {
if ($_fm_value['isomnipotent']) {
$info['form'] = str_replace('{' . $_fm . '}', $_fm_value['form'], $info['form']);
}
}
$forminfos[$field]['form'] = $info['form'];
}
}
}
$formValidator = $member_form->formValidator;
}
}
$description = $modellist[$modelid]['description'];
include template('member', 'register');
}
}
}
