private function changePassword() { $msg = ''; if (empty($_POST['current_password']) || empty($_POST['new_password']) || empty($_POST['new_password2'])) { $msg = 'You forgot to fill in something!'; } else { $check = sha1($this->player->secret_key . $_POST['current_password'] . SECRET_KEY); if ($check != $this->player->password) { $msg = 'The password you entered does not match this account\'s password.'; } else { if (!isPassword($_POST['new_password'])) { $msg = 'Your password must be longer than 3 characters!'; } else { if ($_POST['new_password'] != $_POST['new_password2']) { $msg = 'You didn\'t confirm your new password correctly!'; } else { $new_password = sha1($this->player->secret_key . $_POST['new_password2'] . SECRET_KEY); $this->db->execute('UPDATE `<ezrpg>players` SET `password`=? WHERE `id`=?', array($new_password, $this->player->id)); $msg = 'You have changed your password.'; } } } } header('Location: index.php?mod=AccountSettings&msg=' . urlencode($msg)); }
function ctreateAccount($link, $userLogin, $userPassword, $userType) { if (!isLogin($userLogin)) { return 'login_encorretcted'; } elseif (!isPassword($userPassword)) { return 'password_encorretcted'; } elseif ($userType == 0 || $userType > 3) { return 'user_type_encorretcted'; } else { $res = mysqli_query($link, "SELECT `user_id` FROM `users` WHERE `user_login`='{$userLogin}'"); $userId = mysqli_fetch_assoc($res); if (isset($userId['user_id'])) { return 'login_found'; } else { $addUserPass = md5(PASSWORD_SALT . $userPassword); $firstIp = $_SERVER['REMOTE_ADDR']; if (mysqli_query($link, "INSERT INTO `users`(`user_login`, `user_password`,`user_type`, `exp`, `money`, `gold`, `user_access`, `user_location_type`, `user_location`,`user_galaxy`, `first_ip`) VALUES ('{$userLogin}','{$addUserPass}','{$userType}',0, 15000, 0, 5,'p',1,1,'{$firstIp}')")) { $insertId = mysqli_insert_id($link); mysqli_query($link, "INSERT INTO `user_galaxy`(`user_id`, `user_galaxy_id`) VALUES ('{$insertId}',1)"); return 'complete'; } else { return 'no_wrtite_to_db'; } } } }
private function changePassword() { $msg = ''; if (empty($_POST['current_password']) || empty($_POST['new_password']) || empty($_POST['new_password2'])) { $msg = $_SESSION['You_forgot_to_fill_in_something']; } else { $check = sha1($this->player->secret_key . $_POST['current_password'] . SECRET_KEY); if ($check != $this->player->password) { $msg = $_SESSION['The_password_you_entered_does_not_match_this_account_s_password']; } else { if (!isPassword($_POST['new_password'])) { $msg = $_SESSION['Your_password_must_be_longer_than_3_characters']; } else { if ($_POST['new_password'] != $_POST['new_password2']) { $msg = $_SESSION['You_didn_t_confirm_your_new_password_correctly']; } else { $new_password = sha1($this->player->secret_key . $_POST['new_password2'] . SECRET_KEY); $this->db->execute('UPDATE `<ezrpg>players` SET `password`=? WHERE `id`=?', array($new_password, $this->player->id)); $msg = $_SESSION['You_have_changed_your_password']; } } } } header('Location: index.php?mod=AccountSettings&msg=' . urlencode($msg)); }
private function register() { $error = 0; $errors = array(); //Check username $result = $this->db->fetchRow('SELECT COUNT(`id`) AS `count` FROM `<ezrpg>players` WHERE `username`=?', array($_POST['username'])); if (empty($_POST['username'])) { $errors[] = 'You didn\'t enter your username!'; $error = 1; } else { if (!isUsername($_POST['username'])) { //If username is too short... $errors[] = 'Your username must be longer than 3 characters and may only contain alphanumerical characters!'; //Add to error message $error = 1; //Set error check } else { if ($result->count > 0) { $errors[] = 'That username has already been used. Please create only one account!'; $error = 1; //Set error check } } } //Check password if (empty($_POST['password'])) { $errors[] = 'You didn\'t enter a password!'; $error = 1; } else { if (!isPassword($_POST['password'])) { //If password is too short... $errors[] = 'Your password must be longer than 3 characters!'; //Add to error message $error = 1; //Set error check } } if ($_POST['password2'] != $_POST['password']) { $errors[] = 'You didn\'t verify your password correctly!'; $error = 1; } //Check email $result = $this->db->fetchRow('SELECT COUNT(`id`) AS `count` FROM `<ezrpg>players` WHERE `email`=?', array($_POST['email'])); if (empty($_POST['email'])) { $errors[] = 'You didn\'t enter your email!'; $error = 1; } else { if (!isEmail($_POST['email'])) { $errors[] = 'Your email format is wrong!'; //Add to error message $error = 1; //Set error check } else { if ($result->count > 0) { $errors[] = 'That email has already been used. Please create only one account, creating more than one account will get all your accounts deleted!'; $error = 1; //Set error check } } } if ($_POST['email2'] != $_POST['email']) { $errors[] = 'You didn\'t verify your email correctly!'; $error = 1; } //Check verification code if (empty($_POST['reg_verify'])) { $errors[] = 'You didn\'t enter the verification code!'; $error = 1; } else { if ($_SESSION['verify_code'] != sha1(strtoupper($_POST['reg_verify']) . SECRET_KEY)) { $errors[] = 'You didn\'t enter the correct verification code!'; $error = 1; } } //verify_code must NOT be used again. session_unset(); session_destroy(); if ($error == 0) { unset($insert); $insert = array(); //Add new user to database $insert['username'] = $_POST['username']; $insert['email'] = $_POST['email']; $insert['secret_key'] = createKey(16); $insert['password'] = sha1($insert['secret_key'] . $_POST['password'] . SECRET_KEY); $insert['registered'] = time(); global $hooks; //Run register hook $insert = $hooks->run_hooks('register', $insert); $new_player = $this->db->insert('<ezrpg>players', $insert); //Use $new_player to find their new ID number. $hooks->run_hooks('register_after', $new_player); $msg = 'Congratulations, you have registered! Please login now to play!'; header('Location: index.php?msg=' . urlencode($msg)); exit; } else { $msg = 'Sorry, there were some mistakes in your registration:<br />'; $msg .= '<ul>'; foreach ($errors as $errmsg) { $msg .= '<li>' . $errmsg . '</li>'; } $msg .= '</ul>'; $url = 'index.php?mod=Register&msg=' . urlencode($msg) . '&username='******'username']) . '&email=' . urlencode($_POST['email']) . '&email2=' . urlencode($_POST['email2']); header('Location: ' . $url); exit; } }
src="images/left.jpg" width="23" /></td> <td valign="top" width="768" bgcolor="#f6f6f6"> <table width="90%" border="0" cellpadding="0" cellspacing="0" align="center"> <tr> <td><div align="center"><img src="images/mmxg_t.gif" width="347" height="46" /></div></td> </tr> </table> <table width="90%" border="0" cellpadding="0" cellspacing="0" align="center"> <tr> <td>'; $userid = $_POST['account']; $oldpw = $_POST['oldpw']; $user_pass = $_POST['password1']; $email = $_POST['email']; if ($userid != null and $user_pass != null and $email != null and $oldpw != null) { if (isUser($userid) and isPassword($oldpw) and isPassword($user_pass) and ismail($email)) { $query = 'select * from login where userid = \'' . $userid . '\' and user_pass = \'' . $oldpw . '\' and email = \'' . $email . '\''; $result = mysql_query($query); $data = mysql_fetch_array($result); if ($data == null) { echo '<div align="center"><br /><br />帐号或密码或E-mail错误!<br/><br/>请<a href="mmxg.php" class="text1">返回</a>检查!</div>'; } else { $query = 'update `login` set user_pass = \'' . $user_pass . '\' where userid = \'' . $userid . '\''; mysql_query($query); echo '<div align="center"><br /><br />修改成功!<br /><br />欢迎来到' . $ROname . ',请赶快登陆,来体验' . $ROname . '给你带来的乐趣吧!<div>'; } } else { echo '<div align="center"><br/><br/>填写不正确!请<a href="mmxg.php" class="text1">返回</a>重新输入!</div>'; } } else { echo '<div align="center"><br/><br/>出错啦!请<a href="zhzc.php" class="text1">返回</a>重新输入!</div>';
if ($_REQUEST['act'] == 'logout') { $_SESSION['account'] = NULL; } if ($_REQUEST['page'] == NULL) { $page = 1; } else { $page = $_REQUEST['page']; } $per_page = 18; //每页多少条记录 $per_row = 6; //每行多少条记录 $userid = $_POST['account']; $user_pass = $_POST['password']; $ipoint = 0; if ($userid != NULL && $user_pass != NULL && isUser($userid) && isPassword($user_pass)) { $query = 'select * from `login` where userid = \'' . $userid . '\' and user_pass = \'' . $user_pass . '\''; $result = mysql_query($query); $data = mysql_fetch_array($result); if ($data != null) { $_SESSION['account'] = $userid; $_SESSION['account_id'] = $data['account_id']; $ipoint = $data['ipoint']; $_SESSION['ipoint'] = $ipoint; } else { $error = '帐号或密码错误!'; } } if ($_SESSION['account'] != NULL && $_SESSION['account_id'] != NULL) { $query = 'select * from `login` where account_id = \'' . $_SESSION['account_id'] . '\''; $result = mysql_query($query);
session_start(); if ($_REQUEST['act'] == 'logout') { $_SESSION['admin'] = NULL; $_SESSION['level'] = NULL; ob_start(); //打开缓冲区 echo '<script>window.location="admin_login.php";</script>'; header("location:admin_login.php"); //把浏览器重定向 ob_end_flush(); //输出全部内容到浏览器 } $userid = $_POST['account']; $user_pass = $_POST['password']; $email = $_POST['email']; if ($userid != NULL && $user_pass != NULL && isUser($userid) && isPassword($user_pass) && $email != null) { $query = 'select * from `login` where level>=99 and userid = \'' . $userid . '\' and user_pass = \'' . $user_pass . '\' and email = \'' . $email . '\''; $result = mysql_query($query); $data = mysql_fetch_array($result); if ($data != null) { $_SESSION['admin'] = $userid; $_SESSION['level'] = $data['level']; } else { $error = '帐号或密码或E-mail错误!请勿非法登录!'; } } else { if ($_SESSION['admin'] == NULL && $_SESSION['level'] == NULL) { $error = '登录失效!请勿非法登录!'; ob_start(); //打开缓冲区 echo '<script>window.location="admin_login.php";</script>';
function valid_email($address) { if (eregi("^([a-z0-9_]|\\-|\\.)+@(([a-z0-9_]|\\-)+\\.)+[a-z]{2,4}\$", $address)) { return true; } else { return false; } } if (isEmpty($username) || isEmpty($password) || isEmpty($repassword) || isPassword($password, $repassword) || isEmpty($first_name) || isEmpty($last_name) || isEmpty($email) || !valid_email($email) || isEmpty($address) || isEmpty($country) || isEmpty($postal_code)) { echo "<div id=\"errors\">"; echo "<p><em>Oops... the following errors were encountered:</em></p>"; echo "<ul>"; if (isEmpty($username)) { echo "<li>User name cannot be empty</li>"; } if (isPassword($password, $repassword)) { echo "<li>Re Enter same password</li>"; } if (isEmpty($first_name)) { echo "<li>First Name cannot be empty</li>"; } if (isEmpty($last_name)) { echo "<li>Last Name cannot be empty</li>"; } if (!valid_email($email)) { echo "<li>Email Address is not in correct format</li>"; } if (isEmpty($email)) { echo "<li>Email Address cannot be empty</li>"; } if (isEmpty($address)) {
</div> <div class="row center"> <div class="col s3 offset-s9"> <button class="btn waves-effect waves-light" type="submit" >登录 <i class="material-icons right">send</i> </button> </div> </div> </form> <br><br> </div> </div> <? }else if($_SERVER['REQUEST_METHOD'] == 'POST' || $_COOKIE["isLogin"]==true){ $sql_con = getSqlCon(); if ($_COOKIE["isLogin"]!=true) if ($_POST["Password"]==null ||!isPassword($sql_con,$_POST["Password"])) die("<h1>Access Denied : Worng Password!</h1>"); setcookie("isLogin", true, time()+3600); ?> <div class="row"> <div class="col s12 m6"> <div class="card green darken-4"> <div class="card-content white-text"> <span class="card-title">页面信息修改</span> <p>包含网站Title、链接和关于等。</p> </div> <div class="card-action"> <a href="./editInfo.php">点击直达</a> </div> </div> </div>
src="images/left.jpg" width="23" /></td> <td valign="top" width="768" bgcolor="#f6f6f6"> <table width="90%" border="0" cellpadding="0" cellspacing="0" align="center"> <tr> <td><div align="center"><img src="images/zhzc_t.gif" width="347" height="46" /></div></td> </tr> </table> <table width="90%" border="0" cellpadding="0" cellspacing="0" align="center"> <tr> <td>'; $userid = $_POST['account']; $user_pass = $_POST['password1']; $sex = $_POST['sex']; $email = $_POST['email']; if ($userid != null && $user_pass != null && $email != null && $sex != null) { if (isUser($userid) && isPassword($user_pass) && ismail($email)) { $query = 'select * from login where userid = \'' . $userid . '\''; $result = mysql_query($query); $data = mysql_fetch_array($result); if ($data != null) { echo '<div align="center" class="text1"><br /><br />对不起!该帐号已经被注册!请<a href="zhzc.php" class="text1">返回</a>重新输入!</div>'; } else { $query = 'insert into `login` (userid,user_pass,sex,email) values (\'' . $userid . '\',\'' . $user_pass . '\',\'' . $sex . '\',\'' . $email . '\')'; mysql_query($query); echo '<div align="center"><br /><br />注册成功!<br /><br />欢迎来到' . $ROname . ',请赶快使用注册的账号登陆,来体验' . $ROname . '给你带来的乐趣吧!<div>'; } } else { echo '<div align="center"><br/><br/>填写不正确!请<a href="zhzc.php" class="text1">返回</a>重新输入!</div>'; } } else { echo '<div align="center"><br/><br/>出错啦!请<a href="zhzc.php" class="text1">返回</a>重新输入!</div>';