if (!isset($_SESSION['Center_Username']) or $_SESSION['Center_UserGroup'] != 9) { header("Location: ../index.php"); exit; } if (isset($_GET['edit']) && $_GET['edit'] != '') { $_member = sc_get_result("SELECT * FROM `member` WHERE `id` = '%d'", array(abs($_GET['edit']))); if (isset($_POST['email']) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { if ($_POST['web_site'] != '' && !filter_var($_POST['web_site'], FILTER_VALIDATE_URL)) { $_web_site = $_member['row']['web_site']; } else { $_web_site = $_POST['web_site']; } if ($_POST['password'] == '') { $_password = $_member['row']['password']; } else { $_password = sc_password($_POST['password'], $_member['row']['username']); } $SQL->query("UPDATE `member` SET `password` = '%s', `email` = '%s', `web_site` = '%s', `rekey` = '%s', `level` = '%d' WHERE `id` = '%d'", array($_password, $_POST['email'], $_web_site, $_POST['rekey'], $_POST['level'], $_member['row']['id'])); header("Location: member.php?edit=" . $_member['row']['id'] . '&ok'); } } else { $limit_row = 30; if (isset($_GET['page'])) { $limit_start = abs(intval(($_GET['page'] - 1) * $limit_row)); $_member = sc_get_result("SELECT * FROM `member` ORDER BY `id` ASC LIMIT %d,%d", array($limit_start, $limit_row)); } else { $limit_start = 0; $_member = sc_get_result("SELECT * FROM `member` ORDER BY `id` ASC LIMIT %d,%d", array($limit_start, $limit_row)); } } if (isset($_GET['del']) && $_GET['del'] != '') {
$_header .= 'Content-type:text/plain; charset=UTF-8'; mb_internal_encoding('UTF-8'); $_subject = mb_encode_mimeheader($_subject, 'UTF-8'); if (mail($_member['row']['email'], $_subject, $_body, $_header)) { $_step = 2; } } } elseif (isset($_GET['auth']) && trim($_GET['auth']) != '' && isset($_GET['id']) && abs($_GET['id']) != '') { $_uid = abs($_GET['id']); $_member = sc_get_result("SELECT * FROM member WHERE `id` = '%d'", array($_uid)); if ($_member['num_rows'] > 0) { if (md5($_member['row']['rekey']) == $_GET['auth']) { $_rekey_SQL = sprintf(",`rekey` = '%s'", substr(sc_keygen($_GET['auth']), 0, 16)); $_step = 3; if (isset($_POST['password']) && trim($_POST['password']) != '') { $SQL->query("UPDATE member SET `password` = '%s' {$_rekey_SQL} WHERE `id` = '%d'", array(sc_password($_POST['password'], $_member['row']['username']), $_uid)); $_step = 4; header("Location: index.php?getpassword"); exit; } } } } $view = new View('include/theme/default.html', 'include/nav.php', NULL, $center['site_name'], '重設密碼'); if (isset($_GET['nouser'])) { ?> <div class="alert alert-danger">帳號或電子信箱出現錯誤</div> <?php } ?> <h2>重設密碼</h2>
function sc_register($_username, $_password, $_email, $_web_site = '', $_level = 1) { global $SQL; global $center; if ($center['register'] == 1) { if (isset($_username) && trim(sc_namefilter($_username)) != '' && isset($_password) && trim($_password) != '' && filter_var($_email, FILTER_VALIDATE_EMAIL)) { if ($_web_site != '' && !filter_var($_web_site, FILTER_VALIDATE_URL)) { return -2; } $_username = sc_namefilter($_username); $auth_name = $SQL->query("SELECT `username` FROM `member` WHERE `username` = '%s' OR `email` = '%s'", array($_username, $_email)); if ($auth_name->num_rows > 0) { return -1; exit; } $SQL->query("INSERT INTO `member` (`username`, `password`, `email`, `web_site`, `avatar`, `rekey`, `level` , `joined` ,`last_login`) VALUES ('%s', '%s', '%s', '%s', 'default.png', '%s', '%d', now(), now())", array(sc_namefilter($_username), sc_password($_password, $_username), $_email, $_web_site, substr(sc_keygen($_username), 0, 16), $_level)); return 1; } else { return -2; } } else { return -3; } }