if (strlen($memberfields['username'] = preg_replace("/(c:\\con\\con\$|[%,\\*\"\\s\t\\<\\>\\&])/i", "", $memberfields['username'])) > 15) {
$memberfields['username'] = substr($memberfields['username'], 0, 15);
}
if (empty($remoteinfo['time']) || empty($memberfields['username']) || empty($memberfields['password']) || empty($memberfields['email'])) {
exit('Lack of required parameters');
} elseif ($timestamp - $remoteinfo['time'] > $_DCACHE['settings']['passport_expire']) {
exit('Request expired');
}
$db = new dbstuff();
$db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
unset($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
if ($_DCACHE['settings']['passport_extcredits']) {
$memberfields['extcredits' . $_DCACHE['settings']['passport_extcredits']] = $memberfields['credits'];
$table_member_columns[] = 'extcredits' . $_DCACHE['settings']['passport_extcredits'];
}
$memberfields['regip'] = empty($memberfields['regip']) ? onlineip() : $memberfields['regip'];
$memberfields['regdate'] = empty($memberfields['regdate']) ? $timestamp : $memberfields['regdate'];
$query = $db->query("SELECT uid, secques FROM {$tablepre}members WHERE username='******'username']}'");
if ($member = $db->fetch_array($query)) {
$sql = $comma = '';
foreach ($table_member_columns as $field) {
if (isset($memberfields[$field])) {
$sql .= "{$comma}{$field}='{$memberfields[$field]}'";
$comma = ', ';
}
}
$db->query("UPDATE {$tablepre}members SET {$sql} WHERE uid='{$member['uid']}'");
$sql = $comma = '';
foreach ($table_memberfields_columns as $field) {
if (isset($memberfields[$field])) {
$sql .= "{$comma}{$field}='{$memberfields[$field]}'";
empty($_GET['forward']) || header("Location: {$_GET['forward']}");
exit('member data missing!');
} elseif ($timestamp - $ckinfos['time'] > $pptin_expire) {
empty($_GET['forward']) || header("Location: {$_GET['forward']}");
exit('member data expired!');
}
$db = new cls_mysql();
$db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, true, $dbcharset);
if ($cmember = $db->fetch_one("SELECT mid,checked FROM {$tblprefix}members WHERE mname='{$userinfos['mname']}'")) {
$cmember['password'] != $userinfos['password'] && $db->query("UPDATE {$tblprefix}members SET password='******'password']}' WHERE mid={$cmember['mid']}");
msetcookie('msid', '', -86400 * 365);
msetcookie('userauth', authcode("{$userinfos['password']}\t{$cmember['mid']}", 'ENCODE'));
} else {
//只是写入会员资料记录,当第一次登录时需要激活,将checked设为2。
$sqlstr = '';
$userinfos['regip'] = empty($userinfos['regip']) ? onlineip() : $userinfos['regip'];
$userinfos['regdate'] = empty($userinfos['regdate']) ? $timestamp : $userinfos['regdate'];
foreach (array('mname', 'password', 'email', 'regip', 'regdate') as $var) {
$sqlstr .= (empty($sqlstr) ? '' : ',') . "{$var}='{$userinfos[$var]}'";
}
$sqlstr .= ",checked='2'";
$db->query("INSERT INTO {$tblprefix}members SET {$sqlstr}");
//没有写入模型记录//没有初始化积分
$userinfos['mid'] = $db->insert_id();
$db->query("INSERT INTO {$tblprefix}members_sub SET mid='{$userinfos['mid']}'");
}
empty($_GET['forward']) || header("Location: {$_GET['forward']}");
exit;
} elseif ($_GET['action'] == 'logout') {
msetcookie('msid', '', -86400 * 365);
msetcookie('userauth', '', -86400 * 365);