<?php /** * 迷你同学录 (http://mini_class.piscdong.com/) * (c)PiscDong studio (http://www.piscdong.com/) * * 程序完全免费,请保留这段代码。 * 请勿出售本程序或其修改版,请勿利用本程序或其修改版进行任何商业活动。 */ if ($c_log && isset($r_dbu)) { $title .= '修改密码'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['password']) && $_POST['password'] != '') { if (enc_p($_POST['password0']) == $r_dbu['password']) { $u_db = sprintf('update %s set password=%s where id=%s', $dbprefix . 'member', SQLString(enc_p($_POST['password']), 'text'), $r_dbu['id']); $result = mysql_query($u_db) or die(''); $e = 1; } else { $e = 2; } } header('Location:./?m=profile&t=password' . (isset($e) ? '&e=' . $e : '')); exit; } else { $a_msg = array(1 => '密码已修改。', '当前密码错误!'); $content .= (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '<div class="msg_v">' . $a_msg[$_GET['e']] . '</div>' : '') . '<div class="title">修改密码</div><div class="lcontent"><form method="post" action="" class="btform_p" id="seform"><table><tr><td>当前密码:</td><td><input type="password" name="password0" size="32" class="bt_input" rel="当前密码" /></td></tr><tr><td>新密码:</td><td><input type="password" name="password" id="formpw" size="32" class="bt_input" rel="新密码" /></td></tr><tr><td>确认:</td><td><input type="password" name="password1" id="formpw1" size="32" /></td></tr><tr><td colspan="2"><input type="submit" value="修改" class="button" /></td></tr></table></form></div>'; } }
$gtalk = htmlspecialchars(trim($_POST['gtalk']), ENT_QUOTES); $address = htmlspecialchars(trim($_POST['address']), ENT_QUOTES); $location = htmlspecialchars(trim($_POST['location']), ENT_QUOTES); $gid = isset($_POST['gid']) && isset($g_c) && in_array($_POST['gid'], $g_c) && isset($g_a[$_POST['gid']]) ? $_POST['gid'] : 0; $rela = htmlspecialchars(trim($_POST['rela']), ENT_QUOTES); $u_db = sprintf('update %s set name=%s, gender=%s, bir_y=%s, bir_m=%s, bir_d=%s, isnl=%s, url=%s, email=%s, phone=%s, work=%s, tel=%s, qq=%s, msn=%s, gtalk=%s, address=%s, location=%s, gid=%s, rela=%s where id=%s', $dbprefix . 'member', SQLString($name, 'text'), SQLString($gender, 'int'), SQLString($bir_y, 'int'), SQLString($bir_m, 'int'), SQLString($bir_d, 'int'), $isnl, SQLString($url, 'text'), SQLString($email, 'text'), SQLString($phone, 'text'), SQLString($work, 'text'), SQLString($tel, 'text'), SQLString($qq, 'text'), SQLString($msn, 'text'), SQLString($gtalk, 'text'), SQLString($address, 'text'), SQLString($location, 'text'), SQLString($gid, 'int'), SQLString($rela, 'text'), $r_dbu['id']); $result = mysql_query($u_db) or die(''); $e = 1; } elseif (isset($_POST['username']) && trim($_POST['username']) != '') { $username = trim($_POST['username']); $s_dbe = sprintf('select id from %s where username=%s and id<>%s', $dbprefix . 'member', SQLString($username, 'text'), $r_dbu['id']); $q_dbe = mysql_query($s_dbe) or die(''); if (mysql_num_rows($q_dbe) > 0) { $e = 2; } else { $password = trim($_POST['password']) != '' ? enc_p(trim($_POST['password'])) : $r_dbu['password']; $u_db = sprintf('update %s set username=%s, password=%s where id=%s', $dbprefix . 'member', SQLString($username, 'text'), SQLString($password, 'text'), $r_dbu['id']); $result = mysql_query($u_db) or die(''); $e = 1; } mysql_free_result($q_dbe); } header('Location:./?m=edituser&id=' . $id . (isset($_GET['t']) ? '&t=' . $_GET['t'] : '') . (isset($e) ? '&e=' . $e : '')); exit; } else { $a_msg = array(1 => '个人资料已修改。', '请使用其他的用户名!'); $content .= '<div class="rcontent"><div class="content">' . (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '<div class="msg_v">' . $a_msg[$_GET['e']] . '</div>' : ''); if (isset($_GET['t']) && $_GET['t'] == 'login') { $title .= '修改登录信息 - ' . $r_dbu['name']; $content .= '<div class="title">修改登录信息 - ' . $r_dbu['name'] . '</div><div class="lcontent"><form method="post" action="" class="btform" id="prform"><table><tr><td>用户名:</td><td><input name="username" size="32" value="' . htmlspecialchars($r_dbu['username'], ENT_QUOTES) . '" class="bt_input" rel="用户名" /></td></tr><tr><td>密码:</td><td><input type="password" name="password" size="32" />如不需要更改密码,此处请留空</td></tr><tr><td colspan="2"><input type="submit" value="修改" class="button" /></td></tr></table></form></div>'; } elseif (isset($_GET['t']) && $_GET['t'] == 'avator') {
<?php /** * 迷你同学录 (http://mini_class.piscdong.com/) * (c)PiscDong studio (http://www.piscdong.com/) * * 程序完全免费,请保留这段代码。 * 请勿出售本程序或其修改版,请勿利用本程序或其修改版进行任何商业活动。 */ if (!$c_log) { $title .= '忘记密码'; $a_msg = array(1 => '密码已修改。', '答案错误!', '您没有设置安全问题!', '用户名错误!'); $content .= '<div class="tcontent">' . (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '<div class="msg_v">' . $a_msg[$_GET['e']] . '</div>' : '') . '<div class="title">忘记密码 - 第'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['id']) && intval($_POST['id']) > 0 && isset($_POST['password']) && trim($_POST['password']) != '') { $password = enc_p(trim($_POST['password'])); $answer = htmlspecialchars($_POST['answer'], ENT_QUOTES); $s_dbu = sprintf('select id from %s where id=%s limit 1', $dbprefix . 'member', SQLString($_POST['id'], 'int')); $q_dbu = mysql_query($s_dbu) or die(''); $r_dbu = mysql_fetch_assoc($q_dbu); if (mysql_num_rows($q_dbu) > 0 && $r_dbu['answer'] == $answer) { $u_db = sprintf('update %s set password=%s where id=%s', $dbprefix . 'member', SQLString($password, 'text'), $r_dbu['id']); $result = mysql_query($u_db) or die(''); $e = 1; } else { $e = 2; } mysql_free_result($q_dbu); header('Location:./?m=lostpwd&e=' . $e); exit; } elseif (isset($_POST['username']) && trim($_POST['username']) != '') {
<?php /** * 迷你同学录 (http://mini_class.piscdong.com/) * (c)PiscDong studio (http://www.piscdong.com/) * * 程序完全免费,请保留这段代码。 * 请勿出售本程序或其修改版,请勿利用本程序或其修改版进行任何商业活动。 */ if ($c_log && isset($r_dbu)) { $title .= '安全设置'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['question'])) { if (enc_p($_POST['password0']) == $r_dbu['password']) { $question = htmlspecialchars($_POST['question'], ENT_QUOTES); $answer = htmlspecialchars($_POST['answer'], ENT_QUOTES); $u_db = sprintf('update %s set question=%s, answer=%s where id=%s', $dbprefix . 'member', SQLString($question, 'text'), SQLString($answer, 'text'), $r_dbu['id']); $result = mysql_query($u_db) or die(''); $e = 1; } else { $e = 2; } } header('Location:./?m=profile&t=security' . (isset($e) ? '&e=' . $e : '')); exit; } else { $a_msg = array(1 => '个人资料已修改。', '当前密码错误!'); $content .= (isset($_GET['e']) && isset($a_msg[$_GET['e']]) ? '<div class="msg_v">' . $a_msg[$_GET['e']] . '</div>' : '') . '<div class="title">安全设置</div><div class="lcontent"><form method="post" action="" class="btform" id="seform"><table><tr><td>当前密码:</td><td><input type="password" name="password0" size="32" class="bt_input" rel="当前密码" /></td></tr><tr><td>安全问题:</td><td><input name="question" size="32" value="' . $r_dbu['question'] . '" /></td></tr><tr><td>答案:</td><td><input name="answer" size="32" /></td></tr><tr><td colspan="2"><input type="submit" value="修改" class="button" /></td></tr></table></form></div>'; } }
return (double) $mt[0] + (double) $mt[1]; } $mt = getMicrotime(); $s_dbm = sprintf('select * from %s limit 1', $dbprefix . 'main'); $q_dbm = mysql_query($s_dbm) or die(''); $r_dbm = mysql_fetch_assoc($q_dbm); $config = $r_dbm; mysql_free_result($q_dbm); $config['u_hash'] = md5($dbprefix); $root_p = pathinfo($_SERVER['PHP_SELF']); $root_url = 'http://' . $_SERVER['HTTP_HOST'] . str_replace('\\', '', $root_p['dirname']); if (substr($root_url, -1) != '/') { $root_url .= '/'; } $config['site_url'] = $root_url; if ($config['open'] > 0 && $config['g_open'] > 0 && $config['g_name'] != '' && $config['g_pwd'] != '' && (!isset($_SESSION[$config['u_hash']]) || $_SESSION[$config['u_hash']] == '') && isset($_SESSION['guest_n_' . $config['u_hash']]) && $_SESSION['guest_n_' . $config['u_hash']] == $config['g_name'] && isset($_SESSION['guest_p_' . $config['u_hash']]) && $_SESSION['guest_p_' . $config['u_hash']] == enc_p($config['g_pwd'])) { $config['open'] = 0; } $g_a = array('班级成员', '家属', '班级友人', '老师'); $em_a = array(1 => '嘻嘻', '亲亲', '难过', '天使', '哈哈', '恶魔', '眼镜', '无语', '呵呵', '惊讶', '泪', '眨眼'); $a_d_sync = array('9904af8956646323962cc7e3139ac7d3', '9D8903FDDC5E9B0DB284F6879F2712EEAK', '67f7f7ab16734416a82a94be786d6876', '3b81f8e398bf6e40443a224dcf246b9a', 'NZVBEIcC5QxgsY34BhNX', 'lWete(vVG1D2H)-OfFZXNRAY2JviKe$T=(m#VGra'); if ($config['is_flickr'] > 0 && $config['is_uflickr'] > 0) { $config['flickr_key'] = $a_d_sync[0]; } if ($config['is_babab'] > 0 && $config['is_ubabab'] > 0) { $config['babab_key'] = $a_d_sync[1]; } if ($config['is_tqq'] > 0 && $config['is_utqq'] > 0) { $config['tqq_key'] = $a_d_sync[2]; $config['tqq_se'] = $a_d_sync[3]; }
setcookie($config['u_hash'] . '_p', $password, time() + 86400 * 30); } else { setcookie($config['u_hash'] . '_u', '', time()); setcookie($config['u_hash'] . '_p', '', time()); } } else { $e = 1; } } else { $e = 2; } mysql_free_result($q_dbu); if (isset($e) && $e == 2 && $config['open'] > 0 && $config['g_open'] > 0 && $config['g_name'] != '' && $config['g_pwd'] != '') { $g_name = htmlspecialchars(trim($_POST['username']), ENT_QUOTES); $g_pwd = enc_p(htmlspecialchars(trim($_POST['password']), ENT_QUOTES)); if ($g_name == $config['g_name'] && $g_pwd == enc_p($config['g_pwd'])) { $_SESSION['guest_n_' . $config['u_hash']] = $g_name; $_SESSION['guest_p_' . $config['u_hash']] = $g_pwd; $u_db = sprintf('update %s set g_vc=g_vc+1, g_vdate=%s, g_ip_i=inet_aton(%s)', $dbprefix . 'main', time(), SQLString(getIP(), 'text')); $result = mysql_query($u_db) or die(''); } } } if (isset($_GET['m'])) { $u[] = 'm=' . $_GET['m']; } if (isset($_GET['t'])) { $u[] = 't=' . $_GET['t']; } if (isset($_GET['page'])) { $u[] = 'page=' . $_GET['page'];