/** * ¼ì²éÓû§ÃûÊÇ·ñ·ûºÏ¹æ¶¨ * * @param STRING $username * @return TRUE or FALSE */ function is_username($username) { $strlen = strlen($username); if (is_badword($username) || !preg_match("/^[a-zA-Z0-9_-ÿ][a-zA-Z0-9_-ÿ]+\$/", $username)) { return false; } elseif (20 <= $strlen || $strlen < 2) { return false; } return true; }
/** * 构造函数 */ public function __construct() { $this->db = pc_base::load_model('member_model'); pc_base::load_app_func('global'); /*获取系统配置*/ $this->settings = getcache('settings', 'admin'); $this->applist = getcache('applist', 'admin'); if (isset($_GET) && is_array($_GET) && count($_GET) > 0) { foreach ($_GET as $k => $v) { if (!in_array($k, array('m', 'c', 'a'))) { $_POST[$k] = $v; } } } if (isset($_POST['appid'])) { $this->appid = intval($_POST['appid']); } else { exit('0'); } if (isset($_POST['data'])) { parse_str(sys_auth($_POST['data'], 'DECODE', $this->applist[$this->appid]['authkey']), $this->data); if (empty($this->data) || !is_array($this->data)) { exit('0'); } if (!get_magic_quotes_gpc()) { $this->data = new_addslashes($this->data); } if (isset($this->data['username']) && $this->data['username'] != '' && is_username($this->data['username']) == false) { exit('-5'); } if (isset($this->data['email']) && $this->data['username'] != '' && is_email($this->data['email']) == false) { exit('-5'); } if (isset($this->data['password']) && $this->data['password'] != '' && (is_password($this->data['password']) == false || is_badword($this->data['password']))) { exit('-5'); } if (isset($this->data['newpassword']) && $this->data['newpassword'] != '' && (is_password($this->data['newpassword']) == false || is_badword($this->data['newpassword']))) { exit('-5'); } } else { exit('0'); } if (isset($GLOBALS['HTTP_RAW_POST_DATA'])) { $this->data['avatardata'] = $GLOBALS['HTTP_RAW_POST_DATA']; //if($this->applist[$this->appid]['authkey'] != $this->data['ps_auth_key']) { // exit('0'); //} } }
public function login() { $this->_session_start(); //获取用户siteid $siteid = isset($_REQUEST['siteid']) && trim($_REQUEST['siteid']) ? intval($_REQUEST['siteid']) : 1; //定义站点id常量 if (!defined('SITEID')) { define('SITEID', $siteid); } if (isset($_POST['dosubmit'])) { if (empty($_SESSION['connectid'])) { //判断验证码 $code = isset($_POST['code']) && trim($_POST['code']) ? trim($_POST['code']) : showmessage(L('input_code'), HTTP_REFERER); if ($_SESSION['code'] != strtolower($code)) { $_SESSION['code'] = ''; showmessage(L('code_error'), HTTP_REFERER); } $_SESSION['code'] = ''; } $username = isset($_POST['username']) && is_username($_POST['username']) ? trim($_POST['username']) : showmessage(L('username_empty'), HTTP_REFERER); $password = isset($_POST['password']) && trim($_POST['password']) ? trim($_POST['password']) : showmessage(L('password_empty'), HTTP_REFERER); is_password($_POST['password']) && is_badword($_POST['password']) == false ? trim($_POST['password']) : showmessage(L('password_format_incorrect'), HTTP_REFERER); $cookietime = intval($_POST['cookietime']); $synloginstr = ''; //同步登陆js代码 if (pc_base::load_config('system', 'phpsso')) { $this->_init_phpsso(); $status = $this->client->ps_member_login($username, $password); $memberinfo = unserialize($status); if (isset($memberinfo['uid'])) { //查询帐号 $r = $this->db->get_one(array('phpssouid' => $memberinfo['uid'])); if (!$r) { //插入会员详细信息,会员不存在 插入会员 $info = array('phpssouid' => $memberinfo['uid'], 'username' => $memberinfo['username'], 'password' => $memberinfo['password'], 'encrypt' => $memberinfo['random'], 'email' => $memberinfo['email'], 'regip' => $memberinfo['regip'], 'regdate' => $memberinfo['regdate'], 'lastip' => $memberinfo['lastip'], 'lastdate' => $memberinfo['lastdate'], 'groupid' => $this->_get_usergroup_bypoint(), 'modelid' => 10); //如果是connect用户 if (!empty($_SESSION['connectid'])) { $userinfo['connectid'] = $_SESSION['connectid']; } if (!empty($_SESSION['from'])) { $userinfo['from'] = $_SESSION['from']; } unset($_SESSION['connectid'], $_SESSION['from']); $this->db->insert($info); unset($info); $r = $this->db->get_one(array('phpssouid' => $memberinfo['uid'])); } $password = $r['password']; $synloginstr = $this->client->ps_member_synlogin($r['phpssouid']); } else { if ($status == -1) { //用户不存在 showmessage(L('user_not_exist'), 'index.php?m=member&c=index&a=login'); } elseif ($status == -2) { //密码错误 showmessage(L('password_error'), 'index.php?m=member&c=index&a=login'); } else { showmessage(L('login_failure'), 'index.php?m=member&c=index&a=login'); } } } else { //密码错误剩余重试次数 $this->times_db = pc_base::load_model('times_model'); $rtime = $this->times_db->get_one(array('username' => $username)); if ($rtime['times'] > 4) { $minute = 60 - floor((SYS_TIME - $rtime['logintime']) / 60); showmessage(L('wait_1_hour', array('minute' => $minute))); } //查询帐号 $r = $this->db->get_one(array('username' => $username)); if (!$r) { showmessage(L('user_not_exist'), 'index.php?m=member&c=index&a=login'); } //验证用户密码 $password = md5(md5(trim($password)) . $r['encrypt']); if ($r['password'] != $password) { $ip = ip(); if ($rtime && $rtime['times'] < 5) { $times = 5 - intval($rtime['times']); $this->times_db->update(array('ip' => $ip, 'times' => '+=1'), array('username' => $username)); } else { $this->times_db->insert(array('username' => $username, 'ip' => $ip, 'logintime' => SYS_TIME, 'times' => 1)); $times = 5; } showmessage(L('password_error', array('times' => $times)), 'index.php?m=member&c=index&a=login', 3000); } $this->times_db->delete(array('username' => $username)); } //如果用户被锁定 if ($r['islock']) { showmessage(L('user_is_lock')); } $userid = $r['userid']; $groupid = $r['groupid']; $username = $r['username']; $nickname = empty($r['nickname']) ? $username : $r['nickname']; $updatearr = array('lastip' => ip(), 'lastdate' => SYS_TIME); //vip过期,更新vip和会员组 if ($r['overduedate'] < SYS_TIME) { $updatearr['vip'] = 0; } //检查用户积分,更新新用户组,除去邮箱认证、禁止访问、游客组用户、vip用户,如果该用户组不允许自助升级则不进行该操作 if ($r['point'] >= 0 && !in_array($r['groupid'], array('1', '7', '8')) && empty($r[vip])) { $grouplist = getcache('grouplist'); if (!empty($grouplist[$r['groupid']]['allowupgrade'])) { $check_groupid = $this->_get_usergroup_bypoint($r['point']); if ($check_groupid != $r['groupid']) { $updatearr['groupid'] = $groupid = $check_groupid; } } } //如果是connect用户 if (!empty($_SESSION['connectid'])) { $updatearr['connectid'] = $_SESSION['connectid']; } if (!empty($_SESSION['from'])) { $updatearr['from'] = $_SESSION['from']; } unset($_SESSION['connectid'], $_SESSION['from']); $this->db->update($updatearr, array('userid' => $userid)); if (!isset($cookietime)) { $get_cookietime = param::get_cookie('cookietime'); } $_cookietime = $cookietime ? intval($cookietime) : ($get_cookietime ? $get_cookietime : 0); $cookietime = $_cookietime ? SYS_TIME + $_cookietime : 0; $phpcms_auth = sys_auth($userid . "\t" . $password, 'ENCODE', get_auth_key('login')); param::set_cookie('auth', $phpcms_auth, $cookietime); param::set_cookie('_userid', $userid, $cookietime); param::set_cookie('_username', $username, $cookietime); param::set_cookie('_groupid', $groupid, $cookietime); param::set_cookie('_nickname', $nickname, $cookietime); //param::set_cookie('cookietime', $_cookietime, $cookietime); $forward = isset($_POST['forward']) && !empty($_POST['forward']) ? urldecode($_POST['forward']) : 'index.php?m=member&c=index'; showmessage(L('login_success') . $synloginstr, $forward); } else { $setting = pc_base::load_config('system'); $forward = isset($_GET['forward']) && trim($_GET['forward']) ? urlencode($_GET['forward']) : ''; $siteid = isset($_REQUEST['siteid']) && trim($_REQUEST['siteid']) ? intval($_REQUEST['siteid']) : 1; $siteinfo = siteinfo($siteid); include template('member', 'login'); } }
public function register() { $this->_session_start(); //获取用户siteid $siteid = isset($_REQUEST['siteid']) && trim($_REQUEST['siteid']) ? intval($_REQUEST['siteid']) : 1; //定义站点id常量 if (!defined('SITEID')) { define('SITEID', $siteid); } //加载用户模块配置 $member_setting = getcache('member_setting'); if (!$member_setting['allowregister']) { showmessage(L('deny_register'), 'index.php?m=member&c=index&a=login'); } //加载短信模块配置 $sms_setting_arr = getcache('sms', 'sms'); $sms_setting = $sms_setting_arr[$siteid]; header("Cache-control: private"); if (isset($_POST['dosubmit'])) { if ($member_setting['enablcodecheck'] == '1') { //开启验证码 if (empty($_SESSION['connectid']) && $_SESSION['code'] != strtolower($_POST['code']) && $_POST['code'] !== NULL || empty($_SESSION['code'])) { showmessage(L('code_error')); } else { $_SESSION['code'] = ''; } } $userinfo = array(); $userinfo['encrypt'] = create_randomstr(6); $userinfo['username'] = isset($_POST['username']) && is_username($_POST['username']) ? $_POST['username'] : exit('0'); $userinfo['nickname'] = isset($_POST['nickname']) ? $_POST['nickname'] : ''; $userinfo['email'] = isset($_POST['email']) && is_email($_POST['email']) ? $_POST['email'] : exit('0'); $userinfo['password'] = isset($_POST['password']) && is_badword($_POST['password']) == false ? $_POST['password'] : exit('0'); $userinfo['email'] = isset($_POST['email']) && is_email($_POST['email']) ? $_POST['email'] : exit('0'); $userinfo['modelid'] = isset($_POST['modelid']) ? intval($_POST['modelid']) : 10; $userinfo['regip'] = ip(); $userinfo['status'] = $_POST['status']; $userinfo['point'] = $member_setting['defualtpoint'] ? $member_setting['defualtpoint'] : 0; $userinfo['amount'] = $member_setting['defualtamount'] ? $member_setting['defualtamount'] : 0; $userinfo['regdate'] = $userinfo['lastdate'] = SYS_TIME; $userinfo['siteid'] = $siteid; $userinfo['connectid'] = isset($_SESSION['connectid']) ? $_SESSION['connectid'] : ''; $userinfo['from'] = isset($_SESSION['from']) ? $_SESSION['from'] : ''; //手机强制验证 if ($member_setting[mobile_checktype] == '1') { //取用户手机号 $mobile_verify = $_POST['mobile_verify'] ? intval($_POST['mobile_verify']) : ''; if ($mobile_verify == '') { showmessage('请提供正确的手机验证码!', HTTP_REFERER); } $sms_report_db = pc_base::load_model('sms_report_model'); $posttime = SYS_TIME - 360; $where = "`id_code`='{$mobile_verify}' AND `posttime`>'{$posttime}'"; $r = $sms_report_db->get_one($where, '*', 'id DESC'); if (!empty($r)) { $userinfo['mobile'] = $r['mobile']; } else { showmessage('未检测到正确的手机号码!', HTTP_REFERER); } } elseif ($member_setting[mobile_checktype] == '2') { //获取验证码,直接通过POST,取mobile值 $userinfo['mobile'] = isset($_POST['mobile']) ? $_POST['mobile'] : ''; } if ($userinfo['mobile'] != "") { if (!preg_match('/^1([0-9]{9})/', $userinfo['mobile'])) { showmessage('请提供正确的手机号码!', HTTP_REFERER); } } unset($_SESSION['connectid'], $_SESSION['from']); if ($member_setting['enablemailcheck']) { //是否需要邮件验证 $userinfo['groupid'] = 7; } elseif ($member_setting['registerverify']) { //是否需要管理员审核 $modelinfo_str = $userinfo['modelinfo'] = isset($_POST['info']) ? array2string(array_map("safe_replace", new_html_special_chars($_POST['info']))) : ''; $this->verify_db = pc_base::load_model('member_verify_model'); unset($userinfo['lastdate'], $userinfo['connectid'], $userinfo['from']); $userinfo['modelinfo'] = $modelinfo_str; $this->verify_db->insert($userinfo); showmessage(L('operation_success'), 'index.php?m=member&c=index&a=register&t=3'); } else { //查看当前模型是否开启了短信验证功能 $model_field_cache = getcache('model_field_' . $userinfo['modelid'], 'model'); if (isset($model_field_cache['mobile']) && $model_field_cache['mobile']['disabled'] == 0) { $mobile = $_POST['info']['mobile']; if (!preg_match('/^1([0-9]{10})/', $mobile)) { showmessage(L('input_right_mobile')); } $sms_report_db = pc_base::load_model('sms_report_model'); $posttime = SYS_TIME - 300; $where = "`mobile`='{$mobile}' AND `posttime`>'{$posttime}'"; $r = $sms_report_db->get_one($where); if (!$r || $r['id_code'] != $_POST['mobile_verify']) { showmessage(L('error_sms_code')); } } //$userinfo['groupid'] = $this->_get_usergroup_bypoint($userinfo['point']); $userinfo['groupid'] = isset($_POST['groupid']) ? $_POST['groupid'] : '11'; } if (pc_base::load_config('system', 'phpsso')) { $this->_init_phpsso(); $status = $this->client->ps_member_register($userinfo['username'], $userinfo['password'], $userinfo['email'], $userinfo['regip'], $userinfo['encrypt']); if ($status > 0) { $userinfo['phpssouid'] = $status; //传入phpsso为明文密码,加密后存入gxw_v9 $password = $userinfo['password']; $userinfo['password'] = password($userinfo['password'], $userinfo['encrypt']); $userid = $this->db->insert($userinfo, 1); if ($member_setting['choosemodel']) { //如果开启选择模型 //通过模型获取企业信息 require_once CACHE_MODEL_PATH . 'member_input.class.php'; require_once CACHE_MODEL_PATH . 'member_update.class.php'; $member_input = new member_input($userinfo['modelid']); $_POST['info'] = array_map('new_html_special_chars', $_POST['info']); $user_model_info = $member_input->get($_POST['info']); $user_model_info['userid'] = $userid; //插入企业模型数据 $this->db->set_model($userinfo['modelid']); $this->db->insert($user_model_info); } if ($userid > 0) { //执行登陆操作 if (!$cookietime) { $get_cookietime = param::get_cookie('cookietime'); } $_cookietime = $cookietime ? intval($cookietime) : ($get_cookietime ? $get_cookietime : 0); $cookietime = $_cookietime ? TIME + $_cookietime : 0; if ($userinfo['groupid'] == 7) { param::set_cookie('_username', $userinfo['username'], $cookietime); param::set_cookie('email', $userinfo['email'], $cookietime); } else { $gxw_auth_key = md5(pc_base::load_config('system', 'auth_key') . $this->http_user_agent); $gxw_auth = sys_auth($userid . "\t" . $userinfo['password'], 'ENCODE', $gxw_auth_key); param::set_cookie('auth', $gxw_auth, $cookietime); param::set_cookie('_userid', $userid, $cookietime); param::set_cookie('_username', $userinfo['username'], $cookietime); param::set_cookie('_nickname', $userinfo['nickname'], $cookietime); param::set_cookie('_groupid', $userinfo['groupid'], $cookietime); param::set_cookie('_status', $userinfo['status'], $cookietime); param::set_cookie('cookietime', $_cookietime, $cookietime); } } //如果需要邮箱认证 if ($member_setting['enablemailcheck']) { pc_base::load_sys_func('mail'); $gxw_auth_key = md5(pc_base::load_config('system', 'auth_key')); $code = sys_auth($userid . '|' . SYS_TIME, 'ENCODE', $gxw_auth_key); $url = APP_PATH . "index.php?m=member&c=index&a=register&code={$code}&verify=1"; $message = $member_setting['registerverifymessage']; $message = str_replace(array('{click}', '{url}', '{username}', '{email}', '{password}'), array('<a href="' . $url . '">' . L('please_click') . '</a>', $url, $userinfo['username'], $userinfo['email'], $password), $message); sendmail($userinfo['email'], L('reg_verify_email'), $message); //设置当前注册账号COOKIE,为第二步重发邮件所用 param::set_cookie('_regusername', $userinfo['username'], $cookietime); param::set_cookie('_reguserid', $userid, $cookietime); param::set_cookie('_reguseruid', $userinfo['phpssouid'], $cookietime); showmessage(L('operation_success'), 'index.php?m=member&c=index&a=register&t=2'); } else { //如果不需要邮箱认证、直接登录其他应用 $synloginstr = $this->client->ps_member_synlogin($userinfo['phpssouid']); showmessage(L('operation_success') . $synloginstr, 'index.php?m=member&c=index&a=init'); } } } else { showmessage(L('enable_register') . L('enable_phpsso'), 'index.php?m=member&c=index&a=login'); } showmessage(L('operation_failure'), HTTP_REFERER); } else { if (!pc_base::load_config('system', 'phpsso')) { showmessage(L('enable_register') . L('enable_phpsso'), 'index.php?m=member&c=index&a=login'); } if (!empty($_GET['verify'])) { $code = isset($_GET['code']) ? trim($_GET['code']) : showmessage(L('operation_failure'), 'index.php?m=member&c=index'); $gxw_auth_key = md5(pc_base::load_config('system', 'auth_key')); $code_res = sys_auth($code, 'DECODE', $gxw_auth_key); $code_arr = explode('|', $code_res); $userid = isset($code_arr[0]) ? $code_arr[0] : ''; $userid = is_numeric($userid) ? $userid : showmessage(L('operation_failure'), 'index.php?m=member&c=index'); $this->db->update(array('groupid' => $this->_get_usergroup_bypoint()), array('userid' => $userid)); showmessage(L('operation_success'), 'index.php?m=member&c=index'); } elseif (!empty($_GET['protocol'])) { include template('member', 'protocol'); } else { //过滤非当前站点企业模型 $modellist = getcache('member_model', 'commons'); foreach ($modellist as $k => $v) { if ($v['siteid'] != $siteid || $v['disabled']) { unset($modellist[$k]); } } if (empty($modellist)) { showmessage(L('site_have_no_model') . L('deny_register'), HTTP_REFERER); } //是否开启选择企业模型选项 if ($member_setting['choosemodel']) { $first_model = array_pop(array_reverse($modellist)); $modelid = isset($_GET['modelid']) && in_array($_GET['modelid'], array_keys($modellist)) ? intval($_GET['modelid']) : $first_model['modelid']; if (array_key_exists($modelid, $modellist)) { //获取企业模型表单 require CACHE_MODEL_PATH . 'member_form.class.php'; $member_form = new member_form($modelid); $this->db->set_model($modelid); $forminfos = $forminfos_arr = $member_form->get(); //万能字段过滤 foreach ($forminfos as $field => $info) { if ($info['isomnipotent']) { unset($forminfos[$field]); } else { if ($info['formtype'] == 'omnipotent') { foreach ($forminfos_arr as $_fm => $_fm_value) { if ($_fm_value['isomnipotent']) { $info['form'] = str_replace('{' . $_fm . '}', $_fm_value['form'], $info['form']); } } $forminfos[$field]['form'] = $info['form']; } } } $formValidator = $member_form->formValidator; } } $description = $modellist[$modelid]['description']; include template('member', 'register'); } } }