function Login($username = '', $password = '', $autoLogin = 0)
{
$loginSql = "SELECT id,adminLevel,userName,email,userPwd,validated,avatarImg,avatarImg_s,signature FROM " . $this->tbUser . " WHERE 1=1";
$loginSql .= strpos($username, '@') ? " AND email='{$username}'" : " AND userName='******'";
$row = $this->db->FirstRow($loginSql);
if ($row && $row['userPwd'] == OCEncrypt($password)) {
if (MAIL_AUTH && $row['validated'] == 0) {
$this->ToValidate($row['email']);
} else {
$this->db->Execute("DELETE FROM " . $this->tbSession . " WHERE expires<" . time());
$ocKey = OCEncrypt($row['id'] . '-' . $row['userName'] . '-' . $row['userPwd']);
if ($autoLogin == 1) {
$this->expiryTime = 360 * 86400;
}
OCSetCookie('ocKey', $ocKey, time() + $this->expiryTime);
$token = OCEncrypt(substr($ocKey, 0, 5) . time());
$data = serialize(array('userId' => $row['id'], 'adminLevel' => $row['adminLevel'], 'userName' => $row['userName'], 'avatarImg' => $row['avatarImg'], 'avatarImg_s' => $row['avatarImg_s'], 'signature' => $row['signature']));
$sqlValue = array('userId' => $row['id'], 'ocKey' => $ocKey, 'token' => $token, 'ip' => IP(), 'data' => $data, 'expires' => time() + $this->expiryTime, 'updateTime' => time(), 'addTime' => time());
$sessionExisted = $this->db->FirstValue("SELECT COUNT(*) FROM " . $this->tbSession . " WHERE ocKey='{$ocKey}'");
if ($sessionExisted > 0) {
$this->db->AutoExecute($this->tbSession, $sqlValue, 'UPDATE', " ocKey='{$ocKey}'");
} else {
$this->db->AutoExecute($this->tbSession, $sqlValue);
}
$this->db->Execute("UPDATE " . $this->tbUser . " SET loginTime='" . time() . "' where id={$row['id']}");
}
return true;
} else {
return false;
}
}
if (empty($userpwd) || !preg_match('/^.{6,20}$/', $userpwd)) {
ShowError('密码应为6-20位字符', $url['register'], '重新填写');
}
$tbUser = $db->tbPrefix . 'user';
//用户是否存在
$userExisted = $db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE userName='******'");
if ($userExisted > 0) {
ShowError("用户{$username}已存在", $url['register'], '重新填写');
}
//邮箱是否存在
$emailExisted = $db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE email='{$email}'");
if ($emailExisted > 0) {
ShowError("邮箱{$email}已存在", $url['register'], '重新填写');
}
//入库
$executeArr = array('userName' => $username, 'userPwd' => OCEncrypt($userpwd), 'email' => $email, 'phone' => $phone, 'addTime' => time());
if ($db->AutoExecute($tbUser, $executeArr)) {
if (!empty($inviteRow)) {
$regUserId = $db->LastId();
$db->Execute("UPDATE {$tbInviteReg} SET isUsed=1,regUserId='{$regUserId}',regTime='" . time() . "' WHERE id='{$inviteRow[id]}'");
}
//自动登录
$user->Login($username, $userpwd, 1);
ShowSuccess('注册成功', $url['root']);
} else {
ShowError('出错了,请与管理员联系');
}
break;
default:
if ($user->userId > 0) {
ShowError('您已登录,不能进行注册!');
}
$tbUser = $db->tbPrefix . 'user';
//用户是否存在
$userExisted = $db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE userName='******'");
if ($userExisted > 0) {
ShowError("用户{$username}已存在", $url['register'], '重新填写');
}
//邮箱是否存在
$emailExisted = $db->FirstValue("SELECT COUNT(*) FROM {$tbUser} WHERE email='{$email}'");
if ($emailExisted > 0) {
ShowError("邮箱{$email}已存在", $url['register'], '重新填写');
}
//邮箱验证key
$validateKey = OCEncrypt($username . $email . time() . rand(100000, 999999));
//入库
$executeArr = array('userName' => $username, 'userPwd' => OCEncrypt($userpwd), 'email' => $email, 'validated' => MAIL_AUTH ? 0 : 1, 'validateKey' => $validateKey, 'addTime' => time());
if ($db->AutoExecute($tbUser, $executeArr)) {
if (!empty($inviteRow)) {
$regUserId = $db->LastId();
//邀请奖励
$pointAward = intval($pointConfig['award']['invitereg']);
// if($pointAward>0){
// $db->Execute("UPDATE {$tbUser} SET hotNum=hotNum+1,creditPoint=creditPoint+{$pointAward},rankPoint=rankPoint+{$pointAward} WHERE id='{$inviteRow[userId]}'");
// Remind('用户 <a href="'.UrlUser($regUserId,$username).'">'.$username.'</a> 通过你的邀请注册,已奖励你 '.$pointAward.' 积分',$inviteRow['userId']);
// }
$db->Execute("UPDATE {$tbInviteReg} SET isUsed=1,regUserEmail='{$email}',regUserName='******',regTime='" . time() . "' WHERE id='{$inviteRow[id]}'");
}
if (MAIL_AUTH) {
$validateUrl = UrlValidate($validateKey);
//邮件验证
SendMail($email, "来自{$show[sitename]}的验证邮件", "你好,<br />感谢注册{$show[sitename]}({$show[sitedesc]}),请点击下面的链接激活您的账号:<br /><a target='_blank' href='{$validateUrl}'>{$validateUrl}</a><br />如果无法点击,请复制到浏览器地址栏直接访问。<br /><a href='" . URL_ROOT . "' target='_blank'>{$show[sitename]}</a>");
$cPass = Val('cPass', 'POST');
if (!empty($email) || !preg_match('/^(\\w+\\.)*?\\w+@(\\w+\\.)+\\w+$/', $email)) {
if ($email != $u_data[0][email] && empty($cPass) && empty($oldPass) && empty($newPass)) {
$data = array('email' => $email);
if ($db->AutoExecute($tbUser, $data, 'UPDATE', 'userName="******"')) {
ShowSuccess('恭喜您,修改邮箱成功!', URL_ROOT . '/user/x_user');
} else {
ShowError('修改失败,请联系管理员', 'mailto:sky@03sec.com');
}
} elseif ($email == $u_data && empty($cPass) && empty($oldPass) && empty($newPass)) {
ShowError('您没有做任何修改', 'javascript:history.go(-1)');
} else {
if ($newPass == $cPass) {
$oldp = $u_data[0][userPwd];
if (OCEncrypt($oldPass) == $oldp) {
$data = array('email' => $email, 'userPwd' => OCEncrypt($cPass));
if ($db->AutoExecute($tbUser, $data, 'UPDATE', 'userName="******"')) {
ShowSuccess('恭喜您,修改资料成功!!', URL_ROOT . '/logout', '重新登录');
} else {
ShowError('修改失败,请联系管理员', 'mailto:sky@03sec.com');
}
} else {
ShowError('旧密码填写错误,如不需要修改密码,请为空', 'javascript:history.go(-1)');
}
} else {
ShowError('两次密码不一样,请重新输入', 'javascript:history.go(-1)');
}
}
} else {
ShowError('email不可为空或者邮箱格式不正确,请重新输入', 'javascript:history.go(-1)');
}
