Exemplo n.º 1
0
$authaddbyservererrorid = -1;
//1内容不完整,2内容不合法,3未登入,4验证码错误,-1未知错误,5生成失败
$strregion[21] = "CN";
$strregion[22] = "US";
$strregion[23] = "EU";
$auth_moren = 0;
if ($logincheck == 0) {
    $authaddbyservererrorid = 3;
} else {
    if (check_data("letters_code")) {
        $postcode = db_iconv("letters_code");
        if (md5(strtolower($postcode)) == $_SESSION['letters_code']) {
            if (check_data('authname') && check_data('region') && check_data('selectpic')) {
                $region = db_iconv('region', "post", TRUE, true);
                $authname = db_iconv('authname', "post", TRUE, true);
                $selectpic = db_iconv('selectpic', "post", TRUE, true);
                if (checkauthname($authname) && checkauthregion($region) && checkauthselectpic($selectpic)) {
                    $region = $strregion[$region];
                    try {
                        $auth = @Authenticator::generate($region);
                        $authserial = $auth->serial();
                        $authserect = $auth->secret();
                        $authrestorecode = $auth->restore_code();
                        if (isset($_POST['morenauthset'])) {
                            if ($_POST['morenauthset'] == "on") {
                                $sql = "UPDATE `authdata` SET `auth_moren`=0 WHERE `user_id`='{$user_id}' AND `auth_moren`=1";
                                update($sql);
                                $auth_moren = 1;
                            }
                        }
                        if (queryValue("SELECT COUNT(*) FROM `authdata` WHERE `user_id`='{$user_id}' AND `auth_moren`=1") == 0) {
Exemplo n.º 2
0
<?php

//fdix
defined("ZHANGXUAN") or die("no hacker.");
session_start();
$logincheck = 0;
$loginerrorid = -1;
if (!check_data('letters_code') || md5(strtolower($_POST['letters_code'])) != $_SESSION['letters_code']) {
    $loginerrorid = 2;
} else {
    if (check_data("username") && check_data("password")) {
        $user = db_iconv('username', 'post', true, true);
        $password = db_iconv('password');
        $result = check_post_password($password, $user);
        if (!$result) {
            $logincheck = 0;
            $loginerrorid = 1;
        } else {
            $sql = "SELECT * FROM `users` WHERE `user_name`='{$user}'";
            $rowtemp = queryRow($sql);
            $user_id = $rowtemp['user_id'];
            $user_right = $rowtemp['user_right'];
            $user_thistimelogin_ip = $rowtemp['user_thistimelogin_ip'];
            $user_thislogin_time = $rowtemp['user_thislogin_time'];
            if ($user_right == 1) {
                if (time() - strtotime($user_thislogin_time) < 1800) {
                    $logincheck = 2;
                } else {
                    $sql = "DELETE FROM `cookiedata` WHERE `user_name`='{$user}'";
                    delete($sql);
                    $logincheck = 1;
Exemplo n.º 3
0
                $sql = "DELETE FROM `cookiedata` WHERE `user_name`='{$usertmp}' AND `user_cookie` ='{$cookievalue}'";
                delete($sql);
                setcookie("loginname", "", time() - 3600, "/");
                setcookie("loginid", "", time() - 3600, "/");
                $logincheck = 0;
            }
        }
    } else {
        die("");
    }
}
if (!is_null($user)) {
    $sql = "SELECT `user_id` FROM `users` WHERE `user_name`='{$user}'";
    $user_id = queryValue($sql);
}
if (check_data('authid', 'get') && check_data('authname', 'get') && ctype_digit($_GET['authid'])) {
    $authid = $_GET['authid'];
    $authname = db_iconv("authname", "get", true, true);
    //mysqli_real_escape_string($dbconnect, htmlspecialchars($_GET['authname']));
}
if (!is_null($user_id) && !is_null($authid) && !is_null($authname) && mb_strlen($authname, "UTF-8") <= 12) {
    $sql = "SELECT * FROM `authdata` WHERE `user_id`='{$user_id}' AND `auth_id`={$authid}";
    $rowaa = queryRow($sql);
}
if ($rowaa) {
    $sql = "UPDATE `authdata` SET `auth_name`= '{$authname}' WHERE `user_id`='{$user_id}' AND `auth_id`={$authid}";
    update($sql);
    echo "true";
} else {
    echo "false";
}
<?php

defined("ZHANGXUAN") or die("no hacker.");
$resetpsdpostdataerror = -1;
//1:隐藏数据用户ID和令牌错误,2邮箱错误,3两个密码不同,4用户不存在,5令牌失效
if ($resetmod == 2) {
    if (ctype_digit($_POST["user_id"]) && checkcode($_POST['user_token'])) {
        $emailadd = db_iconv('oldPassword');
        if (valid_email($emailadd)) {
            $userid = $_POST["user_id"];
            $usertoken = $_POST['user_token'];
            $passwordA = db_iconv('newPassword');
            $passwordB = db_iconv('newPasswordVerify');
            if ($passwordA == $passwordB) {
                $unmd5newpassword = getunencryptpass($passwordA);
                $newpassword = md5($unmd5newpassword);
                $sql = "SELECT * FROM `users` WHERE `user_id`='{$userid}'";
                $row = queryRow($sql);
                if ($row) {
                    $username = $row['user_name'];
                    if ($usertoken == $row['user_psd_reset_token'] && $row['user_psd_reset_token_used'] == 0) {
                        $newtoken = randstr();
                        $sql = "UPDATE `users` SET `user_pass`='{$newpassword}',`user_psd_reset_token`='{$newtoken}',`user_psd_reset_token_used`=1 WHERE `user_id`='{$userid}'";
                        update($sql);
                        if (isset($_COOKIE['loginname']) && isset($_COOKIE['loginid']) && $_COOKIE['loginname'] != "" && $_COOKIE['loginid'] != "") {
                            $usertmp = mysqli_real_escape_string($dbconnect, htmlspecialchars($_COOKIE['loginname']));
                            $cookievalue = mysqli_real_escape_string($dbconnect, htmlspecialchars($_COOKIE['loginid'], ENT_QUOTES));
                            $sql = "DELETE FROM `cookiedata` WHERE `user_name`='{$usertmp}' AND `user_cookie` ='{$cookievalue}'";
                            delete($sql);
                        }
                        if (isset($_SESSION['loginuser']) && $_SESSION['loginuser'] != "") {
Exemplo n.º 5
0
<?php

defined("ZHANGXUAN") or die("no hacker.");
$mailcheckerrorid = -1;
//已经确认了1,错误2
if (check_data("userid", 'get') && check_data("checkcode", 'get')) {
    if (ctype_digit($_GET["userid"]) && checkcode($_GET["checkcode"])) {
        $userid = $_GET['userid'];
        $checkcode = db_iconv("checkcode", 'get');
        $sql = "SELECT * FROM `users` WHERE `user_id`='{$userid}'";
        $row = queryRow($sql);
        if ($row) {
            if ($row['user_email_checked'] == 0) {
                if ($checkcode == $row['user_email_checkid']) {
                    $sql = "UPDATE `users` SET `user_email_checked`=1 WHERE `user_id`='{$userid}'";
                    update($sql);
                    $mailcheckerrorid = 0;
                } else {
                    $mailcheckerrorid = 2;
                }
            } else {
                $mailcheckerrorid = 1;
                //已经确认了
            }
        } else {
            $mailcheckerrorid = 2;
            //没这个人
        }
    } else {
        $mailcheckerrorid = 2;
        //没这个人
Exemplo n.º 6
0
<?php

//fix
defined("ZHANGXUAN") or die("no hacker.");
@session_start();
$pwdfinderrorid = -1;
//1验证码错误,2用户不存在4输入错误,3信息与数据库中的不一样,5用户名存在非法字符,用户名仅允许使用中文、数字、字母、下划线,6发送邮件失败
if (check_data('letters_code') && md5(strtolower($_POST["letters_code"])) == $_SESSION['letters_code']) {
    //验证码正确才能继续搞啊
    if (check_data('firstName') && check_data('email') && check_data('question1') && check_data('answer1')) {
        //要有数据啊
        if (checkzhongwenzimushuzixiahuaxian($_POST["firstName"]) && checkquestionvalue($_POST['question1']) && valid_email($_POST["email"])) {
            $user = db_iconv("firstName", 'post', true, true);
            $emailadd = db_iconv("email");
            $question1 = db_iconv("question1");
            $answer1 = db_iconv("answer1");
            $emailfind = randstr();
            $sql = "SELECT * FROM `users` WHERE `user_name`='{$user}'";
            $rowuserdata = queryRow($sql);
            if ($rowuserdata) {
                if ($rowuserdata['user_email'] == $emailadd && $rowuserdata['user_question'] == $question1 && $rowuserdata['user_answer'] == $answer1) {
                    $userid = $rowuserdata['user_id'];
                    $sql = "UPDATE `users` SET `user_email_find_code`='{$emailfind}',`user_email_find_mode`='1' WHERE `user_id`='{$userid}'";
                    update($sql);
                    $findurl = SITEHOST . "findpwdmail.php?userid={$userid}&pwdcheckid={$emailfind}";
                    $mailtxt = "本邮件为系统自动发送,您正在申请重置您账号的密码<br><br>" . "您的用户名为:{$user}<br><br>" . "您的用户ID为:{$userid}<br><br>" . "您的邮箱地址为:{$emailadd}<br><br>" . "您还需要最后一步,点击以下链接,前往密码重置页面重置您的密码。<br><br>" . "<a href='{$findurl}' target='_blank'>{$findurl}</a><br><br>" . "如果这不是您操作的,请忽略本邮件,绝对不要点击以上链接。<br><br>" . "本邮件为自动发送,请不要回复,因为没人会看的。<br><br>" . "竹井詩織里<br><br>" . date('Y-m-d');
                    $pwdfinderrorid = send_mail('战网安全令在线版重置密码链接邮件', $mailtxt, $emailadd, 0, 6);
                } else {
                    $pwdfinderrorid = 3;
                }
            } else {
Exemplo n.º 7
0
//fix
defined("ZHANGXUAN") or die("no hacker.");
@session_start();
$changemailadderrorid = -1;
//1验证码错误,2提交数据有错,3没登入玩个P,4验证信息错了,5不是邮箱格式,6,两次邮箱地址一样,7邮件发送失败
if (check_data('letters_code') && md5(strtolower($_POST["letters_code"])) == $_SESSION['letters_code']) {
    //验证码正确才能继续搞啊
    if (check_data('email') && check_data('question1') && check_data('answer1')) {
        //要有数据啊
        if ($logincheck == 1) {
            $sql = "SELECT * FROM `users` WHERE `user_name`='{$user}'";
            $rowtemp = queryRow($sql);
            $user_id = $rowtemp['user_id'];
            $useremailadd = db_iconv('email');
            $userquestion = db_iconv('question1');
            $useranswer = db_iconv('answer1');
            $mailaddused = $rowtemp['user_email'];
            if ($rowtemp['user_question'] == $userquestion && $rowtemp['user_answer'] == $useranswer) {
                if (valid_email($useremailadd)) {
                    if ($useremailadd != $rowtemp['user_email']) {
                        $newcheckid = randstr();
                        $mailtxtcheckurl = SITEHOST . "mailcheck.php?userid={$user_id}&checkcode={$newcheckid}";
                        $mailtxt = "本邮件为系统自动发送,您正在申请更改注册邮箱为当前邮箱<br><br>" . "您的用户名为:{$user}<br><br>" . "您的用户ID为:{$user_id}<br><br>" . "您此前的邮箱地址为:{$mailaddused}<br><br>" . "您现在的邮箱地址为:{$useremailadd}<br><br>" . "您的邮箱已经成功修改,为了今后能顺利管理账号,请点击以下链接确认您的邮箱地址<br><br>" . "<a href='{$mailtxtcheckurl}' target='_blank'>{$mailtxtcheckurl}</a><br><br>" . "如果这不是您操作的,请不要点击以上链接,并进入我的账号页面更改邮箱地址。<br><br>" . "本邮件为自动发送,请不要回复,因为没人会看的。<br><br>" . "竹井詩織里<br><br>" . date('Y-m-d');
                        $changemailadderrorid = send_mail('战网安全令在线版更改邮箱验证邮件', $mailtxt, $useremailadd, 0, 7);
                        $sql = "UPDATE `users` SET `user_email`='{$useremailadd}',`user_email_checked`='0',`user_email_checkid`='{$newcheckid}' WHERE `user_name`='{$user}'";
                        update($sql);
                    } else {
                        $changemailadderrorid = 6;
                    }
                } else {
                    $changemailadderrorid = 5;
Exemplo n.º 8
0
<?php

//fix
include '../config.php';
if (check_data('id', 'get')) {
    if (!checkzhongwenzimushuzixiahuaxian($_GET['id'])) {
        echo "inlegal";
    } else {
        $user = db_iconv('id', 'get', true, true);
        $sql = "SELECT * FROM `users` WHERE `user_name`='{$user}'";
        if (queryNum_rows($sql) == 0) {
            echo "true";
        } else {
            echo "false";
        }
    }
} else {
    echo "";
}
Exemplo n.º 9
0
 $region = db_iconv('region', "post", TRUE, true);
 $athcode1 = db_iconv('authcodeA3', "post", TRUE, true);
 $athcode2 = db_iconv('authcodeB3', "post", TRUE, true);
 $athcode3 = db_iconv('authcodeC3', "post", TRUE, true);
 $authname = db_iconv('authname', "post", TRUE, true);
 $selectpic = db_iconv('selectpic', "post", TRUE, true);
 $authrestorecode = db_iconv('authrestore', "post", TRUE, true);
 if (checkauthname($authname) && checkauthregion($region) && checkauthselectpic($selectpic) && checkauthselectcode($athcode1) && checkauthselectcode($athcode2) && checkauthselectcode($athcode3) && checkauthselectrestorecode($authrestorecode)) {
     try {
         $region = $strregion[$region];
         $authserial = "{$region}-{$athcode1}-{$athcode2}-{$athcode3}";
         $auth = @Authenticator::restore($authserial, $authrestorecode);
         $authserect = $auth->secret();
         //$authsynctime = $auth->getsync();
         if (checkauthname('morenauthset')) {
             $morenauthset = db_iconv('morenauthset', "post", TRUE, true);
             if ($morenauthset == "on") {
                 update("UPDATE `authdata` SET `auth_moren`=0 WHERE `user_id`='{$user_id}' AND `auth_moren`=1");
                 $auth_moren = 1;
             }
         }
         if (queryValue("SELECT COUNT(*) FROM `authdata` WHERE `user_id`='{$user_id}' AND `auth_moren`=1") == 0) {
             $auth_moren = 1;
         }
         if (is_null($authserial)) {
             $authaddbyrestoreerrorid = 5;
         } else {
             insert("INSERT INTO `authdata`(`user_id`, `auth_moren`, `auth_name`, `serial`, `region`, `secret`,`restore_code`, `auth_img`) VALUES ('{$user_id}','{$auth_moren}','{$authname}','{$authserial}','{$region}','{$authserect}','{$authrestorecode}','{$selectpic}')");
             $sql = "SELECT `auth_id` FROM `authdata` WHERE `serial`='{$authserial}' AND `user_id`='{$user_id}' AND `auth_name`='{$authname}'";
             $rowtemp = queryRow($sql);
             echo $auth_id = $rowtemp['auth_id'];
Exemplo n.º 10
0
<?php

//check_data("");
//fix
defined("ZHANGXUAN") or die("no hacker.");
$changepsderrorid = -1;
//1验证码错误,2提交数据有错,3没登入玩个P,4两次密码不一样还改啥啊,5旧密码错误
if (check_data("letters_code") && md5(strtolower($_POST["letters_code"])) == $_SESSION['letters_code']) {
    //验证码正确才能继续搞啊
    if (check_data("oldPassword") && check_data("newPassword") && check_data("newPasswordVerify")) {
        if ($logincheck == 1) {
            $passwordA = db_iconv('newPassword', 'post', false);
            $passwordB = db_iconv('newPasswordVerify', 'post', false);
            $oldPassword = db_iconv('oldPassword', 'post', false);
            if (check_post_password($oldPassword, $user)) {
                if ($passwordA == $passwordB) {
                    $unmd5newpassword = getunencryptpass($passwordA);
                    $newpassword = md5($unmd5newpassword);
                    $sql = "UPDATE `users` SET `user_pass`='{$newpassword}' WHERE `user_name`='{$user}'";
                    update($sql);
                    $sql = "SELECT * FROM `users` WHERE `user_name`='{$user}'";
                    $row = queryRow($sql);
                    $userid = $row['user_id'];
                    $emailadd = $row['user_email'];
                    $mailtxt = "本邮件为系统自动发送,您已经成功地修改了您的密码。<br><br>" . "您的用户名为:{$user}<br><br>" . "您的用户ID为:{$userid}<br><br>" . "您的邮箱地址为:{$emailadd}<br><br>" . "您设置是新密码为:" . emailpass($unmd5newpassword) . " (只显示前三位)<br><br>" . "如果这不是您操作的,请<a href='" . SITEHOST . "' target='_blank'>前往网站</a>重置您的密码。<br><br>" . "本邮件为自动发送,请不要回复,因为没人会看的。<br><br>" . "竹井詩織里<br><br>" . date('Y-m-d');
                    $changepsderrorid = send_mail('战网安全令在线版密码修改通知邮件', $mailtxt, $emailadd, 0, 0);
                } else {
                    $changepsderrorid = 4;
                }
            } else {
                $changepsderrorid = 5;
Exemplo n.º 11
0
<?php

//fix
defined("ZHANGXUAN") or die("no hacker.");
session_start();
$findpsdbymailerrorid = -1;
//1密钥过期,2密钥错误,3信息不完整
if (check_data('userid', 'get') && check_data('pwdcheckid', 'get')) {
    if (ctype_digit($_GET["userid"]) && checkcode($_GET["pwdcheckid"])) {
        $userid = db_iconv('userid', 'get', true, true);
        $checkcode = db_iconv("pwdcheckid", 'get', true, true);
        $sql = "SELECT * FROM `users` WHERE `user_id`='{$userid}'";
        $rowmailpsd = queryRow($sql);
        if ($rowmailpsd['user_email_find_mode'] == 1) {
            if ($rowmailpsd['user_email_find_code'] == $checkcode) {
                $newtoken = randstr();
                $newtokenA = randstr();
                $sql = "UPDATE `users` SET `user_psd_reset_token`='{$newtoken}',`user_email_find_code`='{$newtokenA}',`user_email_find_mode`=0,`user_psd_reset_token_used`= '0' WHERE `user_id`='{$userid}'";
                update($sql);
                $findpsdbymailerrorid = 0;
            } else {
                $findpsdbymailerrorid = 2;
            }
        } else {
            $findpsdbymailerrorid = 1;
        }
    }
} else {
    $findpsdbymailerrorid = 3;
}