$clean = array(); $clean['username'] = _check_username($_POST['username']); $clean['num'] = _check_num($_POST['num']); $clean['sex'] = _check_sex($_POST['sex']); _checkdate($_POST['birth_m'], $_POST['birth_d'], $_POST['birth_y']); _checkdate($_POST['start_time_m'], $_POST['start_time_d'], $_POST['start_time_y']); $clean['birth'] = $_POST['birth_y'] . '-' . $_POST['birth_m'] . '-' . $_POST['birth_d']; $clean['start_time'] = $_POST['start_time_y'] . '-' . $_POST['start_time_m'] . '-' . $_POST['start_time_d']; $clean['gm_grade'] = _time_to_grade($_POST['start_time_y'], $_POST['start_time_m']); $clean['contact'] = _check_contact($_POST['contact']); $clean['address'] = _check_address_ex($_POST['address']); $clean['subject'] = _check_subject($_POST['subject']); $clean['type'] = _check_type($_POST['type']); $clean['photoname'] = _check_photo(); //判断是否已经注册 _is_repeat("SELECT gm_num FROM gm_user WHERE gm_num = '{$clean['num']}'", '该学号已经被注册!如有问题请咨询管理员!'); $newpassword = _check_password($_system['initial_password']); if (_query("INSERT INTO gm_user(\r\n\t\t\t\t\t\t\t\t\tgm_username,\r\n\t\t\t\t\t\t\t\t\tgm_num,\r\n\t\t\t\t\t\t\t\t\tgm_password,\r\n\t\t\t\t\t\t\t\t\tgm_reg_time,\r\n\t\t\t\t\t\t\t\t\tgm_last_time,\r\n\t\t\t\t\t\t\t\t\tgm_last_ip) \r\n\t\t\t\t\t\t\t\tVALUES(\r\n\t\t\t\t\t\t\t\t\t'{$clean['username']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['num']}',\r\n\t\t\t\t\t\t\t\t\t'{$newpassword}',\r\n\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}')") and _query("INSERT INTO gm_stuinfo(\r\n\t\t\t\t\t\t\t\t\tgm_username,\r\n\t\t\t\t\t\t\t\t\tgm_num,\r\n\t\t\t\t\t\t\t\t\tgm_sex,\r\n\t\t\t\t\t\t\t\t\tgm_birth,\r\n\t\t\t\t\t\t\t\t\tgm_start_time,\r\n\t\t\t\t\t\t\t\t\tgm_grade,\r\n\t\t\t\t\t\t\t\t\tgm_contact,\r\n\t\t\t\t\t\t\t\t\tgm_address,\r\n\t\t\t\t\t\t\t\t\tgm_subject,\r\n\t\t\t\t\t\t\t\t\tgm_type,\r\n\t\t\t\t\t\t\t\t\tgm_photoname) \r\n\t\t\t\t\t\t\t\tVALUES(\r\n\t\t\t\t\t\t\t\t\t'{$clean['username']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['num']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['sex']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['birth']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['start_time']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['gm_grade']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['contact']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['address']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['subject']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['type']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['photoname']}')")) { _location('你的信息已经提交,请耐心等待审核!', 'login.php'); } else { _alert_back('注册失败!有问题请咨询管理员!'); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>计算机学院研究生档案管理--注册</title> <link rel="stylesheet" type="text/css" href="styles/basic.css" />
//可以通过唯一标识符来防止恶意注册,伪装表单跨站攻击等等 //这个存放如数据库的唯一标识符还可以用来,登录cookies验证 $_clean['uniqid'] = _check_uniqid($_SESSION['uniqid'], $_POST['uniqid']); //active也是一个唯一标识符,用来刚注册的用户进行激活处理,之后才可登录 $_clean['active'] = _sha1_uniqid(); $_clean['username'] = _check_username($_POST['username'], 2, 20); $_clean['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6); $_clean['question'] = _check_question($_POST['question'], 2, 20); $_clean['answer'] = _check_answer($_POST['question'], $_POST['answer'], 2, 20); $_clean['sex'] = _check_sex($_POST['sex']); $_clean['face'] = _check_face($_POST['face']); $_clean['email'] = _check_email($_POST['email']); $_clean['qq'] = _check_qq($_POST['qq']); //在新增之前,判断用户名是否被注册 $_sql = "SELECT gu_username FROM gu_user WHERE gu_username='******'username']}' LIMIT 1"; _is_repeat($_sql, '对不起,此用户名已被注册!'); //新增用户 _query("INSERT INTO gu_user(\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_uniqid,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_active,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_username,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_password,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_question,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_answer,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_sex,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_face,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_email,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_qq,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_reg_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_last_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tgu_last_ip\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\t\tVALUES(\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['face']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['qq']}',\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_SERVER['REMOTE_ADDR']}'\t\t\t\t\t\t\t\t\n\t\t\t\t \t\t\t\t\t\t\t\t\t\t\t\t)"); if (_affected_rows() == 1) { //关闭 _close(); //销毁session _session_destroy(); //跳转 _location('恭喜你!注册成功!', 'active.php?active=' . $_clean['active']); } else { //关闭 _close(); //销毁session _session_destroy(); //跳转
$_clean['username'] = _check_username($_POST['username']); $_clean['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6); $_clean['question'] = _check_question($_POST['question'], 2, 20); $_clean['answer'] = _check_answer($_POST['question'], $_POST['answer'], 2, 20); $_clean['sex'] = _check_sex($_POST['sex']); $_clean['face'] = _check_face($_POST['face']); $_clean['email'] = _check_email($_POST['email'], 5, 40); $_clean['qq'] = _check_qq($_POST['qq']); $_clean['url'] = _check_url($_POST['url'], 40); //print_r($_clean); //首先获取本机名 $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']); //通过本机名获取Ip $ip = gethostbyname("{$hostname}"); //在新增之前,要判断用户名是否重复 _is_repeat("select tg_username from tg_user where tg_username='******'username']}' limit 1", "对不起,该用户名已被注册"); //新增用户 //在双引号里直接放变量是可以的,比如$_username,但如果是数组,就必须加上{},比如{$_clean['username']} _query("insert into tg_user(\n\t\t\t\t\t\t\t\t\t\ttg_uniqid,\n\t\t\t\t\t\t\t\t\t\ttg_active,\n\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\ttg_password,\n\t\t\t\t\t\t\t\t\t\ttg_question,\n\t\t\t\t\t\t\t\t\t\ttg_answer,\n\t\t\t\t\t\t\t\t\t\ttg_sex,\n\t\t\t\t\t\t\t\t\t\ttg_face,\n\t\t\t\t\t\t\t\t\t\ttg_email,\n\t\t\t\t\t\t\t\t\t\ttg_qq,\n\t\t\t\t\t\t\t\t\t\ttg_url,\n\t\t\t\t\t\t\t\t\t\ttg_reg_time,\n\t\t\t\t\t\t\t\t\t\ttg_last_time,\n\t\t\t\t\t\t\t\t\t\ttg_last_ip\n\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\tvalues(\n\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['face']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['qq']}',\n\t\t\t\t\t\t\t\t\t\t'{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t'{$ip}'\n\t\t\t\t\t\t\t\t\t)"); if (_affected_rows() == 1) { //获取刚刚新增的id $_clean['id'] = _insert_id(); //关闭 _close(); //_session_destroy(); //生成xml _set_xml('new.xml', $_clean); //跳转 _location('恭喜你,注册成功', 'active.php?active=' . $_clean['active']); } else { _close();
*/ if ($_GET['action'] == register) { require 'includes/registe.inc.php'; _check_code($_POST['code'], $_SESSION['code']); $_data['username'] = _checkusername($_POST['username'], 2, 20); $_data['userpwd'] = _checkpassword($_POST['pwd'], $_POST['pwd1']); $_data['email'] = _checkemail($_POST['email']); $_data['lastlogin'] = time(); $_data['credits'] = 80; $_data['active'] = sha1(uniqid(rand(), true)); //判断用户名是否被注册 $pass = DB_PRE . 'ask_user'; $query = "SELECT username FROM {$pass} WHERE username='******'username']}'"; _is_repeat($query, '对不起用户名已经被注册了'); $query = "SELECT email FROM {$pass} WHERE email='{$_data['email']}'"; _is_repeat($query, '对不起该邮箱已经被注册了'); // $query = "INSERT INTO {$pass}(\n\tactive,\n\tusername,\n\tpassword,\n\temail,\n\tgroupid,\n\tcredits,\n\tregip,\n\tlastlogin,\n\tbday\n\t)\n\tVALUES(\n\t'{$_data['active']}',\n\t'{$_data['username']}',\n\t'{$_data['userpwd']}',\n\t'{$_data['email']}',\n\t7,\n\t'{$_data['credits']}',\n\t'{$_SERVER["REMOTE_ADDR"]}',\n\t'{$_data['lastlogin']}',\n\tNOW()\n\t)"; _query($query); /* * 判断是否注册成功 */ if (mysql_affected_rows() == 1) { // $login=array('lzuname'=>$_data['username'],'lzupwd'=>$_data['userpwd']); // session_register(login); // _location('欢迎注册成功','index.php'); $useremail = $_data['email']; $body = $_data['active']; //_location('注册成功',"location:includes/stmp.func.php?email='{$_data['email']}'&emailbody=$body"); header("location:includes/stmp.func.php?email={$useremail}&emailbody={$body}&num=1"); } else {
if (@$_GET['action'] == 'register') { //为了防止恶意注册,跨站攻击 _check_code($_POST['code'], $_SESSION['code']); //引入验证文件 include ROOT_PATH . 'includes/check.func.php'; //创建一个空数组,用来存放提交过来的合法数据 $_clean = array(); //可以通过唯一标示符来防止恶意注册,伪装表单跨站攻击等 //这个存放入数据库的唯一标识符还有第二个用处,就是登录cookies验证 $_clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']); $_clean['username'] = _check_username(@$_POST['username'], 2, 20); $_clean['password'] = _check_password(@$_POST['password'], @$_POST['notpassword'], 6); $_clean['role_id'] = $_POST['role_id']; $_clean['phone'] = $_POST['phone']; //在新增之前,要判断用户名是否重复 _is_repeat("SELECT username FROM tb_admin WHERE username='******'username']}' LIMIT 1", '对不起,此用户已被注册'); //新增用户 //在双引号里,直接放变量是可以的,比如$_username,但如果是数组,就必须加上{} ,比如 {$_clean['username']} _query("INSERT INTO tb_admin (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tuniqid,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tpassword,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tphone,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trole_id,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\treg_time\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['phone']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['role_id']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW()\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)"); //关闭 if (_affected_rows() == 1) { _close(); _location('恭喜你,注册成功,等待超级管理员审核', '../index.php'); } else { _close(); _location('很遗憾,注册失败!', 'register.php'); } } else { $_SESSION['uniqid'] = $_uniqid = _sha1_uniqid(); } ?> <div id="register">
$_clean = array(); //protect from illegal registration by unique identifier $_clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']); // For a registered user to activate the account $_clean['active'] = _sha1_uniqid(); $_clean['username'] = _check_username($_POST['username']); $_clean['password'] = _check_password($_POST['password'], $_POST['notpassword']); $_clean['question'] = _check_question($_POST['question']); $_clean['answer'] = _check_answer($_POST['question'], $_POST['answer']); $_clean['sex'] = _check_sex($_POST['sex']); $_clean['profile'] = _check_profile($_POST['profile']); $_clean['email'] = _check_email($_POST['email']); $_clean['msn'] = _check_msn($_POST['msn']); $_clean['url'] = _check_url($_POST['url']); //check whether this username has been registered _is_repeat("select tg_username from tg_user where tg_username = '******'username']}'limit 1", 'This username has been registered'); //insert information into database //Between double quotation marks, a variable's name could be used; However, an array element can't. //A pair of braces are used to fix this problem _insert("INSERT INTO tg_user (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_uniqid,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_active,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_password,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_question,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_answer,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_sex,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_profile,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_email,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_msn,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_url,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_reg_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_ip\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['profile']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['msn']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)"); //_SERVER["REMOTE_ADDR"] would acquire the current login IP address if (_affected_rows() == 1) { //receive the id number in the previous "insert" statement $_clean['id'] = _insert_id(); _close(); //_session_destroy(); //XML _set_xml('new.xml', $_clean); //skip to main page _location('congratulation, registration succeed', 'active.php?active=' . $_clean['active']); } else {
//用一个数组保存表单提交个数据 $clean = array(); //生成一个激活id $clean['active'] = sha1(uniqid(rand(), true)); $clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']); $clean['username'] = _check_username($_POST['username'], 2, 20); $clean['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6); $clean['sex'] = _mysql_string($_POST['sex']); $clean['facesrc'] = _mysql_string($_POST['facesrc']); $clean['passt'] = _check_pwd_question($_POST['passt'], 2, 8); $clean['passd'] = _check_pwd_answer($_POST['passt'], $_POST['passd'], 2, 8); $clean['email'] = _check_email($_POST['email'], 6, 40); $clean['qq'] = _check_qq($_POST['qq']); $clean['url'] = _check_url($_POST['url']); //防止重复注册 _is_repeat("SELECT * FROM tg_user WHERE tg_username = '******'username']}'", "用户名重复,请重新注册!"); _query("INSERT INTO tg_user (\r\n tg_uniqid,\r\n tg_username,\r\n tg_password,\r\n tg_question,\r\n tg_answer,\r\n tg_email,\r\n tg_qq,\r\n tg_url,\r\n tg_active,\r\n tg_sex,\r\n tg_face,\r\n tg_reg_time,\r\n tg_last_time,\r\n tg_last_ip\r\n ) values (\r\n '{$clean['uniqid']}',\r\n '{$clean['username']}',\r\n '{$clean['password']}',\r\n '{$clean['passt']}',\r\n '{$clean['passd']}',\r\n '{$clean['email']}',\r\n '{$clean['qq']}',\r\n '{$clean['url']}',\r\n '{$clean['active']}',\r\n '{$clean['sex']}',\r\n '{$clean['facesrc']}',\r\n NOW(),\r\n NOW(),\r\n '{$_SERVER['REMOTE_ADDR']}'\r\n )"); if (_affect_rows() != 1) { _closeDB(); _session_destroy(); _location("注册失败,请重新注册!", 'register.php'); } else { _closeDB(); _session_destroy(); _location("恭喜您,注册成功,点击跳转到激活页面!", 'active.php?active=' . $clean['active']); } } else { //生成uniqid $_SESSION['uniqid'] = $uniqid = sha1(uniqid(rand(), true)); } ?>
<?php if (@$_GET['action'] == 'register') { include 'includes/register_func.php'; $_clean = array(); $_clean['username'] = _check_username($_POST['username']); $_clean['password'] = _check_password($_POST['password'], $_POST['repassword']); $_clean['email'] = $_POST['email']; _is_repeat("SELECT username FROM members WHERE username='******'username']}' LIMIT 1", '对不起,此用户已被注册'); //新增用户//在双引号里直接放变量是可以的但如果是数组标量就必须加上{} mysql_query("INSERT INTO members(\n\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\tpassword,\n\t\t\t\t\t\t\t\temail,\n\t\t\t\t\t\t\t\tregtime\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t VALUES(\n\t\t\t\t\t\t \t\t'{$_clean['username']}',\n\t\t\t\t\t\t \t\t'{$_clean['password']}',\n\t\t\t\t\t\t \t\t'{$_clean['email']}',\n\t\t\t\t\t\t \t\t NOW()\n\t\t\t\t\t\t \t\t)"); if (_affect_row() == 1) { _close(); //跳转 _location('注册成功', 'class_it.php'); } else { _close(); //跳转 _location('注册失败', 'class_it.php'); } }
//可以通过唯一标识符来防止恶意注册,伪装表单跨站攻击等。 //这个存放入数据库的唯一标识符还有第二个用处,就是登录cookies验证 $_clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']); //active也是一个唯一标识符,用来刚注册的用户进行激活处理,方可登录。 $_clean['active'] = _sha1_uniqid(); $_clean['username'] = _check_username($_POST['username'], 2, 20); $_clean['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6); $_clean['question'] = _check_question($_POST['question'], 2, 20); $_clean['answer'] = _check_answer($_POST['question'], $_POST['answer'], 2, 20); $_clean['sex'] = _check_sex($_POST['sex']); $_clean['face'] = _check_face($_POST['face']); $_clean['email'] = _check_email($_POST['email'], 6, 40); $_clean['qq'] = _check_qq($_POST['qq']); $_clean['url'] = _check_url($_POST['url'], 40); //在新增之前,要判断用户名是否重复 _is_repeat("SELECT tg_username FROM tg_user WHERE tg_username='******'username']}' LIMIT 1", '对不起,此用户已被注册'); //新增用户 //在双引号里,直接放变量是可以的,比如$_username,但如果是数组,就必须加上{} ,比如 {$_clean['username']} _query("INSERT INTO tg_user (\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_uniqid,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_active,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_password,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_question,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_answer,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_sex,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_face,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_email,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_qq,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_url,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_reg_time,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_time,\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_ip\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t) \r\n\t\t\t\t\t\t\t\t\t\t\t\tVALUES (\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['face']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['qq']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['url']}',\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}'\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)"); if (_affected_rows() == 1) { //获取刚刚新增的ID $_clean['id'] = _insert_id(); _close(); //_session_destroy(); //生成XML _set_xml('new.xml', $_clean); _location('恭喜你,注册成功!', 'active.php?active=' . $_clean['active']); } else { _close(); //_session_destroy(); _location('很遗憾,注册失败!', 'register.php'); }
$res = _query("SELECT * FROM gm_user WHERE gm_active='1' ORDER BY gm_level DESC,gm_num LIMIT {$pagenum},{$pagesize}"); } //查看个人 } elseif ($_GET['action'] == 'one' and $_POST['num'] != '') { $res = _query("SELECT * FROM gm_user WHERE gm_active='1' AND (gm_num LIKE '%{$_POST['num']}%' OR gm_username LIKE '%{$_POST['num']}%')"); $pagesize = $num = _num_rows_list($res); } //添加管理员 if ($_GET['action'] == 'addadmin') { //引入验证文件 include ROOT_PATH . 'includes/register.func.php'; $clean = array(); $clean['num'] = _check_num($_POST['num']); $clean['password'] = _check_password($_POST['password']); //判断是否已经注册 _is_repeat("SELECT gm_num FROM gm_user WHERE gm_num = '{$clean['num']}'", '该帐号已经被注册!'); if (_query("INSERT INTO gm_user(\r\n\t\t\t\t\t\t\t\t\tgm_active,\r\n\t\t\t\t\t\t\t\t\tgm_level,\r\n\t\t\t\t\t\t\t\t\tgm_username,\r\n\t\t\t\t\t\t\t\t\tgm_num,\r\n\t\t\t\t\t\t\t\t\tgm_password,\r\n\t\t\t\t\t\t\t\t\tgm_reg_time,\r\n\t\t\t\t\t\t\t\t\tgm_last_time,\r\n\t\t\t\t\t\t\t\t\tgm_last_ip) \r\n\t\t\t\t\t\t\t\tVALUES(\r\n\t\t\t\t\t\t\t\t\t'1',\r\n\t\t\t\t\t\t\t\t\t'2',\r\n\t\t\t\t\t\t\t\t\t'admin',\r\n\t\t\t\t\t\t\t\t\t'{$clean['num']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['password']}',\r\n\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}')")) { $string = "添加成功!\\n用户名:admin\\n登录帐号:{$clean['num']}\\n密码:{$_POST['password']}"; _alert_back($string); } else { _alert_back('添加失败!'); } } //修改密码 if ($_GET['action'] == 'pass_modify') { //引入验证文件 include ROOT_PATH . 'includes/register.func.php'; $clean = array(); $clean['password'] = _check_password($_POST['password']); $clean['newpassword'] = _check_password($_POST['newpassword']); //判断旧密码是否正确