Пример #1
0
function action_send_mobile_code()
{
    // 获取全局变量
    $user = $GLOBALS['user'];
    $_CFG = $GLOBALS['_CFG'];
    $_LANG = $GLOBALS['_LANG'];
    $smarty = $GLOBALS['smarty'];
    $db = $GLOBALS['db'];
    $ecs = $GLOBALS['ecs'];
    $user_id = $_SESSION['user_id'];
    /* 载入语言文件 */
    require_once ROOT_PATH . 'languages/' . $_CFG['lang'] . '/user.php';
    require_once ROOT_PATH . 'includes/lib_validate_record.php';
    $mobile_phone = trim($_REQUEST['mobile_phone']);
    if (empty($mobile_phone)) {
        exit("手机号不能为空");
        return;
    } else {
        if (!is_mobile_phone($mobile_phone)) {
            exit("手机号格式不正确");
            return;
        } else {
            if (check_validate_record_exist($mobile_phone)) {
                // 获取数据库中的验证记录
                $record = get_validate_record($mobile_phone);
                /**
                 * 检查是过了限制发送短信的时间
                 */
                $last_send_time = $record['last_send_time'];
                $expired_time = $record['expired_time'];
                $create_time = $record['create_time'];
                $count = $record['count'];
                // 每天每个手机号最多发送的验证码数量
                $max_sms_count = 10;
                // 发送最多验证码数量的限制时间,默认为24小时
                $max_sms_count_time = 60 * 60 * 24;
                if (time() - $last_send_time < 60) {
                    echo "每60秒内只能发送一次短信验证码,请稍候重试";
                    return;
                } else {
                    if (time() - $create_time < $max_sms_count_time && $record['count'] > $max_sms_count) {
                        echo "您发送验证码太过于频繁,请稍后重试!";
                        return;
                    } else {
                        $count++;
                    }
                }
            }
        }
    }
    require_once ROOT_PATH . 'includes/lib_passport.php';
    // 设置为空
    $_SESSION['mobile_register'] = array();
    require_once ROOT_PATH . 'sms/sms.php';
    // 生成6位短信验证码
    $mobile_code = rand_number(6);
    // 短信内容
    $content = sprintf($_LANG['mobile_code_template'], $GLOBALS['_CFG']['shop_name'], $mobile_code, $GLOBALS['_CFG']['shop_name']);
    /* 发送激活验证邮件 */
    // $result = true;
    $result = sendSMS($mobile_phone, $content);
    if ($result) {
        if (!isset($count)) {
            $ext_info = array("count" => 1);
        } else {
            $ext_info = array("count" => $count);
        }
        // 保存手机号码到SESSION中
        $_SESSION[VT_MOBILE_REGISTER] = $mobile_phone;
        // 保存验证信息
        save_validate_record($mobile_phone, $mobile_code, VT_MOBILE_REGISTER, time(), time() + 30 * 60, $ext_info);
        echo 'ok';
    } else {
        echo '短信验证码发送失败';
    }
}
Пример #2
0
/**
 * 找回密码第一步:验证用户名/邮箱/已验证手机号
 */
function action_check_username()
{
    //获取全局变量
    $_LANG = $GLOBALS['_LANG'];
    $smarty = $GLOBALS['smarty'];
    $db = $GLOBALS['db'];
    $ecs = $GLOBALS['ecs'];
    $username = empty($_POST['u_name']) ? '' : $_POST['u_name'];
    $user_id = null;
    if (empty($username)) {
        show_message('请输入用户名/邮箱/已验证的手机号!', '返回', 'findPwd.php?act=index', 'info');
    }
    // 处理验证码
    $captcha = intval($_CFG['captcha']);
    if ($captcha & CAPTCHA_LOGIN && (!($captcha & CAPTCHA_LOGIN_FAIL) || $captcha & CAPTCHA_LOGIN_FAIL && $_SESSION['login_fail'] > 2) && gd_version() > 0) {
        if (empty($_POST['captcha'])) {
            show_message($_LANG['invalid_captcha'], $_LANG['relogin_lnk'], 'findPwd.php', 'error');
        }
        /* 检查验证码 */
        include_once 'includes/cls_captcha.php';
        $validator = new captcha();
        $validator->session_word = 'captcha_login';
        if (!$validator->check_word($_POST['captcha'])) {
            show_message($_LANG['invalid_captcha'], $_LANG['relogin_lnk'], 'findPwd.php', 'error');
        }
    }
    $username_exist = false;
    $sql = "select user_id from " . $ecs->table('users') . " where user_name = '" . $username . "'";
    $user_id = $db->getOne($sql);
    if ($user_id) {
        // 用户名存在
        $username_exist = true;
    }
    // 判断是否诶邮箱
    if (is_email($username) && !$username_exist) {
        $sql = "select user_id from " . $ecs->table('users') . " where email='" . $username . "' ";
        $user_id = $db->getOne($sql);
        if ($user_id) {
            // 用户名存在
            $username_exist = true;
        }
    }
    // 判断是否为手机号
    if (is_mobile_phone($username) && !$username_exist) {
        $sql = "select user_id from " . $ecs->table('users') . " where mobile_phone='" . $username . "'";
        $rows = $db->query($sql);
        $index = 0;
        while ($row = $db->fetchRow($rows)) {
            $user_id = $row['user_id'];
            $index = $index + 1;
        }
        if ($index > 1) {
            show_message('本网站有多个会员ID绑定了和您相同的手机号,请使用其他登录方式,如:邮箱或用户名。', $_LANG['relogin_lnk'], 'findPwd.php', 'error');
        } else {
            if ($index == 1) {
                if ($user_id) {
                    // 用户名存在
                    $username_exist = true;
                }
            }
        }
    }
    // 检查用户名是否存在
    if (!$username_exist) {
        show_message('您输入的账户名不存在,请核对后重新输入。', $_LANG['relogin_lnk'], 'findPwd.php', 'error');
    }
    // 获取用户信息,判断用户是否验证了手机、邮箱
    $sql = "select user_id, user_name, email, mobile_phone from " . $ecs->table('users') . " where user_id = '" . $user_id . "'";
    $row = $db->getRow($sql);
    if ($row == false) {
        show_message('您输入的账户名不存在,请核对后重新输入。', $_LANG['relogin_lnk'], 'findPwd.php', 'error');
    }
    $validate_types = array();
    if (isset($row['mobile_phone']) && !empty($row['mobile_phone'])) {
        // 处理手机号,不让前台显示
        $mobile_phone = $row['mobile_phone'];
        $mobile_phone = substr($mobile_phone, 0, 3) . '*****' . substr($mobile_phone, -3);
        $validate_types[] = array('type' => 'mobile_phone', 'name' => '已验证的手机号码', 'value' => $mobile_phone);
    }
    if (isset($row['email']) && !empty($row['email'])) {
        $email = $row['email'];
        // 处理手机号,不让前台显示
        $email_head = substr($email, 0, strpos($email, '@'));
        $email_domain = substr($email, strpos($email, '@'));
        if (strlen($email_head) == 1) {
            $email = substr($email_head, 0, 1) . '*****' . $email_domain;
        } else {
            if (strlen($email_head) <= 4) {
                $email = substr($email_head, 0, 1) . '*****' . substr($email_head, -1) . $email_domain;
            } else {
                if (strlen($email_head) <= 7) {
                    $email = substr($email_head, 0, 2) . '*****' . substr($email_head, -2) . $email_domain;
                } else {
                    $email = substr($email_head, 0, 3) . '*****' . substr($email_head, -3) . $email_domain;
                }
            }
        }
        $validate_types[] = array('type' => 'email', 'name' => '邮箱', 'value' => $email);
    }
    $_SESSION['find_password'] = array('user_id' => $row['user_id'], 'user_name' => $row['user_name'], 'email' => $row['email'], 'mobile_phone' => $row['mobile_phone']);
    //用于validate.php获取数据
    $_SESSION[VT_MOBILE_VALIDATE] = $row['mobile_phone'];
    $_SESSION[VT_EMAIL_VALIDATE] = $row['email'];
    $smarty->assign("validate_types", $validate_types);
    $smarty->assign("action", "step_2");
    $smarty->display('user_findPwd.dwt');
}
Пример #3
0
/**
 * 检查手机验证码
 *
 * @param $mobile_phone 邮箱地址        	
 * @param $mobile_code 验证码        	
 *
 * @return 0-验证成功 1-手机为空
 *         2-手机格式不正确
 *         3-验证码为空
 *         4-验证码不正确
 *         5-验证码已过期
 */
function validate_mobile_code($mobile_phone, $mobile_code)
{
    require_once ROOT_PATH . 'includes/lib_validate_record.php';
    if (empty($mobile_phone)) {
        return 1;
    } else {
        if (!is_mobile_phone($mobile_phone)) {
            return 2;
        }
    }
    $record = get_validate_record($mobile_phone);
    /* 手机验证码检查 */
    if (empty($mobile_code)) {
        return 3;
    } else {
        if ($record['record_code'] != $mobile_code) {
            return 4;
        } else {
            if ($record['expired_time'] < time()) {
                return 5;
            }
        }
    }
    /* 删除注册的验证记录 */
    remove_validate_record($mobile_phone);
    return 0;
}
Пример #4
0
/**
 *  保存用户收货地址
 *
 * @access  public
 * @param   array   $address        array_keys(consignee string, email string, address string, zipcode string, tel string, mobile stirng, sign_building string, best_time string, order_id int)
 * @param   int     $user_id        用户ID
 *
 * @return  boolen  $bool
 */
function save_order_address($address, $user_id)
{
    $GLOBALS['err']->clean();
    /* 数据验证 */
    empty($address['consignee']) and $GLOBALS['err']->add($GLOBALS['_LANG']['consigness_empty']);
    empty($address['address']) and $GLOBALS['err']->add($GLOBALS['_LANG']['address_empty']);
    $address['order_id'] == 0 and $GLOBALS['err']->add($GLOBALS['_LANG']['order_id_empty']);
    // 邮箱格式校验
    if (!empty($address['email']) && !is_email($address['email'])) {
        $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['email_invalid'], $address['email']));
    }
    // 手机号不能为空并且校验手机号码格式
    if (empty($address['mobile'])) {
        $GLOBALS['err']->add($GLOBALS['_LANG']['mobile_phone_empty']);
    } else {
        if (!is_mobile_phone($address['mobile'])) {
            $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['mobile_phone_invalid'], $address['mobile']));
        }
    }
    if ($GLOBALS['err']->error_no > 0) {
        return false;
    }
    /* 检查订单状态 */
    $sql = "SELECT user_id, order_status FROM " . $GLOBALS['ecs']->table('order_info') . " WHERE order_id = '" . $address['order_id'] . "'";
    $row = $GLOBALS['db']->getRow($sql);
    if ($row) {
        if ($user_id > 0 && $user_id != $row['user_id']) {
            $GLOBALS['err']->add($GLOBALS['_LANG']['no_priv']);
            return false;
        }
        if ($row['order_status'] != OS_UNCONFIRMED) {
            $GLOBALS['err']->add($GLOBALS['_LANG']['require_unconfirmed']);
            return false;
        }
        $GLOBALS['db']->autoExecute($GLOBALS['ecs']->table('order_info'), $address, 'UPDATE', "order_id = '{$address['order_id']}'");
        return true;
    } else {
        /* 订单不存在 */
        $GLOBALS['err']->add($GLOBALS['_LANG']['order_exist']);
        return false;
    }
}
Пример #5
0
/**
 * 发送手机验证所需的短信验证码
 */
function action_send_mobile_code()
{
    $_LANG = $GLOBALS['_LANG'];
    $smarty = $GLOBALS['smarty'];
    $db = $GLOBALS['db'];
    $ecs = $GLOBALS['ecs'];
    require_once ROOT_PATH . 'includes/lib_validate_record.php';
    $mobile_phone = trim($_SESSION[VT_MOBILE_VALIDATE]);
    if (empty($mobile_phone)) {
        make_json_error("手机号不能为空");
    } else {
        if (!is_mobile_phone($mobile_phone)) {
            make_json_error("手机号格式不正确");
        } else {
            if (check_validate_record_exist($mobile_phone)) {
                // 获取数据库中的验证记录
                $record = get_validate_record($mobile_phone);
                /**
                 * 检查是过了限制发送短信的时间
                 */
                $last_send_time = $record['last_send_time'];
                $expired_time = $record['expired_time'];
                $create_time = $record['create_time'];
                $count = $record['count'];
                // 每天每个手机号最多发送的验证码数量
                $max_sms_count = 10;
                // 发送最多验证码数量的限制时间,默认为24小时
                $max_sms_count_time = 60 * 60 * 24;
                if (time() - $last_send_time < 60) {
                    make_json_error("每60秒内只能发送一次短信验证码,请稍候重试");
                } else {
                    if (time() - $create_time < $max_sms_count_time && $record['count'] > $max_sms_count) {
                        make_json_error("您发送验证码太过于频繁,请稍后重试!");
                    } else {
                        $count++;
                    }
                }
            }
        }
    }
    require_once ROOT_PATH . 'includes/lib_passport.php';
    // 设置为空
    $_SESSION[VT_MOBILE_VALIDATE] = array();
    require_once ROOT_PATH . 'sms/sms.php';
    // 生成6位短信验证码
    $mobile_code = rand_number(6);
    // 短信内容
    $content = sprintf($_LANG['mobile_code_template'], $GLOBALS['_CFG']['shop_name'], $mobile_code, $GLOBALS['_CFG']['shop_name']);
    /* 发送激活验证邮件 */
    $result = sendSMS($mobile_phone, $content);
    // 	$result = true;
    if ($result) {
        if (!isset($count)) {
            $ext_info = array("count" => 1);
        } else {
            $ext_info = array("count" => $count);
        }
        // 保存验证的手机号
        $_SESSION[VT_MOBILE_VALIDATE] = $mobile_phone;
        // 保存验证信息
        save_validate_record($mobile_phone, $mobile_code, VT_MOBILE_VALIDATE, time(), time() + 30 * 60, $ext_info);
        make_json_result('发送成功');
    } else {
        make_json_error('短信验证码发送失败');
    }
}
Пример #6
0
function action_signin()
{
    // 全局变量
    // $user = $GLOBALS['user'];
    $_CFG = $GLOBALS['_CFG'];
    $_LANG = $GLOBALS['_LANG'];
    $smarty = $GLOBALS['smarty'];
    $db = $GLOBALS['db'];
    $ecs = $GLOBALS['ecs'];
    if (!empty($_SESSION['captcha_word']) && intval($_CFG['captcha']) & CAPTCHA_ADMIN) {
        include_once ROOT_PATH . 'includes/cls_captcha.php';
        /* 检查验证码是否正确 */
        $validator = new captcha();
        if (!empty($_POST['captcha']) && !$validator->check_word($_POST['captcha'])) {
            sys_msg($_LANG['captcha_error'], 1);
        }
    }
    $_POST['username'] = isset($_POST['username']) ? trim($_POST['username']) : '';
    $_POST['password'] = isset($_POST['password']) ? trim($_POST['password']) : '';
    $user_name = $_POST['username'];
    if (is_email($user_name)) {
        $sql = "select user_name from " . $ecs->table('supplier_admin_user') . " where email='" . $user_name . "'";
        $username_email = $db->getOne($sql);
        if ($username_email) {
            $user_name = $username_email;
        }
    } else {
        if (is_mobile_phone($user_name)) {
            $sql = "select user_name from " . $ecs->table('supplier_admin_user') . " where mobile_phone='" . $user_name . "'";
            $rows = $db->query($sql);
            $i = 0;
            while ($row = $db->fetchRow($rows)) {
                $username_mobile = $row['user_name'];
                $i = $i + 1;
            }
            if ($i > 1) {
                show_message('本网站有多个会员ID绑定了和您相同的手机号,请使用其他登录方式,如:邮箱或用户名。', $_LANG['relogin_lnk'], 'user.php', 'error');
            }
            if (isset($username_mobile)) {
                $user_name = $username_mobile;
            }
        }
    }
    $sql = "SELECT `ec_salt` FROM " . $ecs->table('supplier_admin_user') . " WHERE user_name = '" . $user_name . "'";
    $ec_salt = $db->getOne($sql);
    if (!empty($ec_salt)) {
        /* 检查密码是否正确 */
        $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,supplier_id,ec_salt" . " FROM " . $ecs->table('supplier_admin_user') . " WHERE user_name = '" . $user_name . "' AND password = '******'password']) . $ec_salt) . "' AND checked=1";
    } else {
        /* 检查密码是否正确 */
        $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,supplier_id,ec_salt" . " FROM " . $ecs->table('supplier_admin_user') . " WHERE user_name = '" . $user_name . "' AND password = '******'password']) . "'  AND checked=1";
    }
    $row = $db->getRow($sql);
    if ($row) {
        // 登录成功
        // set_admin_session($row['user_id'], $row['user_name'],
        // $row['action_list'], $row['last_login']);
        $_SESSION['supplier_id'] = $row['supplier_id'];
        // 店铺的id
        $_SESSION['supplier_user_id'] = $row['user_id'];
        // 管理员id
        $_SESSION['supplier_name'] = $row['user_name'];
        // 管理员名称
        $_SESSION['supplier_action_list'] = $row['action_list'];
        // 管理员权限
        $_SESSION['supplier_last_check'] = $row['last_login'];
        // 用于保存最后一次检查订单的时间
        $new_possword = $row['password'];
        if (empty($row['ec_salt'])) {
            $ec_salt = rand(1, 9999);
            $new_possword = md5(md5($_POST['password']) . $ec_salt);
            $db->query("UPDATE " . $ecs->table('supplier_admin_user') . " SET ec_salt='" . $ec_salt . "', password='******'" . " WHERE user_id='{$_SESSION['admin_id']}'");
        }
        if ($row['action_list'] == 'all') {
            $_SESSION['supplier_admin_id'] = $row['user_id'];
            // 超级管理员的标识管理员id
            $_SESSION['supplier_shop_guide'] = true;
            // 超级管理员标识
        }
        // 更新最后登录时间和IP
        $db->query("UPDATE " . $ecs->table('supplier_admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['supplier_user_id']}'");
        if (isset($_POST['remember'])) {
            $time = gmtime() + 3600 * 24 * 365;
            setcookie('ECSCP[supplier_id]', $row['supplier_id'], $time);
            setcookie('ECSCP[supplier_user_id]', $row['user_id'], $time);
            setcookie('ECSCP[supplier_pass]', md5($new_possword . $_CFG['hash_code']), $time);
        }
        // 清除购物车中过期的数据
        clear_cart();
        ecs_header("Location: ./index.php\n");
        exit;
    } else {
        sys_msg($_LANG['login_faild'], 1);
    }
    /*
     *
     * $sql="SELECT `ec_salt` FROM ". $ecs->table('users') ."WHERE user_name =
     * '" . $_POST['username']."'";
     * $ec_salt =$db->getOne($sql);
     * if(!empty($ec_salt))
     * {
     * // 检查密码是否正确
     * $sql = "SELECT user_id, user_name, password, last_login, ec_salt".
     * " FROM " . $ecs->table('users') .
     * " WHERE user_name = '" . $_POST['username']. "' AND password = '******'password']).$ec_salt) . "'";
     * }
     * else
     * {
     * // 检查密码是否正确
     * $sql = "SELECT user_id, user_name, password, last_login, ec_salt".
     * " FROM " . $ecs->table('users') .
     * " WHERE user_name = '" . $_POST['username']. "' AND password = '******'password']) . "'";
     * }
     * $row = $db->getRow($sql);
     * if ($row)
     * {
     * // 检查是否为供货商的管理员
     * if (!empty($row['user_id']))
     * {
     * $supplier_id = $db->getOne( "select supplier_id from ".
     * $ecs->table("supplier") ." where status='1' and user_id=" .
     * $row['user_id']);
     * if (empty($supplier_id))
     * {
     * sys_msg("对不起,无效的供货商用户!", 1);
     * }
     * }
     *
     * // 登录成功
     * $_SESSION['supplier_id'] = $supplier_id;
     * $_SESSION['supplier_user_id'] = $row['user_id'];
     * $_SESSION['supplier_name'] = $row['user_name'];
     *
     *
     * if (isset($_POST['remember']))
     * {
     * $time = gmtime() + 3600 * 24 * 365;
     * setcookie('ECSCP[supplier_id]', $supplier_id, $time);
     * setcookie('ECSCP[supplier_user_id]', $row['user_id'], $time);
     * setcookie('ECSCP[supplier_pass]', md5($row['password'] .
     * $_CFG['hash_code']), $time);
     * }
     *
     * // 清除购物车中过期的数据
     * clear_cart();
     *
     * ecs_header("Location: ./index.php\n");
     *
     * exit;
     * }
     * else
     * {
     * sys_msg($_LANG['login_faild'], 1);
     * }
     */
}
Пример #7
0
function action_edit_mobile_phone()
{
    // 全局变量
    $user = $GLOBALS['user'];
    $_CFG = $GLOBALS['_CFG'];
    $_LANG = $GLOBALS['_LANG'];
    $smarty = $GLOBALS['smarty'];
    $db = $GLOBALS['db'];
    $ecs = $GLOBALS['ecs'];
    $user_id = $_SESSION['user_id'];
    /* 检查权限 */
    check_authz_json('users_manage');
    $id = empty($_REQUEST['id']) ? 0 : intval($_REQUEST['id']);
    $mobile_phone = empty($_REQUEST['val']) ? '' : json_str_iconv(trim($_REQUEST['val']));
    $users =& init_users();
    $sql = "SELECT user_name FROM " . $ecs->table('users') . " WHERE user_id = '{$id}'";
    $username = $db->getOne($sql);
    if (is_mobile_phone($mobile_phone)) {
        if ($users->edit_user(array('username' => $username, 'mobile_phone' => $mobile_phone))) {
            admin_log(addslashes($username), 'edit', 'users');
            make_json_result(stripcslashes($mobile_phone));
        } else {
            $msg = $users->error == ERR_MOBILE_PHONE_EXISTS ? $GLOBALS['_LANG']['mobile_phone_exists'] : $GLOBALS['_LANG']['edit_user_failed'];
            make_json_error($msg);
        }
    } else {
        make_json_error($GLOBALS['_LANG']['invalid_mobile_phone']);
    }
}