function action_act_update_phone() { // 获取全局变量 $user = $GLOBALS['user']; $_CFG = $GLOBALS['_CFG']; $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; $user_id = $_SESSION['user_id']; $phone = isset($_POST['v_phone']) ? trim($_POST['v_phone']) : ''; $verifycode = isset($_POST['v_code']) ? trim($_POST['v_code']) : ''; if ($phone == '') { show_message('手机号不能为空!'); } else { if (is_telephone($phone)) { if ($verifycode == '') { show_message('手机验证码不能为空!'); } else { /* 验证手机号验证码和IP */ $sql = "SELECT COUNT(id) FROM " . $ecs->table('verifycode') . " WHERE mobile='{$phone}' AND verifycode='{$verifycode}' AND getip='" . real_ip() . "' AND status=1 AND dateline>'" . gmtime() . "'-86400"; // 验证码一天内有效 if ($db->getOne($sql) == 0) { show_message('手机号和验证码不匹配,请重新输入!'); } else { ecs_header("Location: user.php?act=re_binding\n"); exit; } } } else { show_message('请输入正确的手机号!'); } } }
} else { $num = $db->getOne("select count(*) from " . $ecs->table('user_card') . " where card_no='{$username}' and card_pass ='******' and user_id=0 and is_show=1 "); if ($num == 1) { show_message('此卡号还未绑定,您可以用此新注册一个会员帐号并绑定此卡号,如果您已有本站会员帐号,请登录后在会员中心绑定此卡号后方可登录!', array('立即注册并绑定此卡号', '重新登录'), array('user.php?act=register&card_no=' . $username . '&card_pass='******'user.php'), 'error'); } show_message('会员卡卡号不存在', '请重新登录', 'user.php', 'error'); } } if (is_email($username)) { $sql = "select user_name from " . $ecs->table('users') . " where email='" . $username . "'"; $username_e = $db->getOne($sql); if ($username_e) { $username = $username_e; } } if (is_telephone($username)) { $sql = "select user_name from " . $ecs->table('users') . " where mobile_phone='" . $username . "'"; $username_e = $db->getOne($sql); if ($username_e) { $username = $username_e; } } if ($user->login($username, $password, isset($_POST['remember']))) { update_user_info(); recalculate_price(); $ucdata = isset($user->ucdata) ? $user->ucdata : ''; show_message($_LANG['login_success'] . $ucdata, array($_LANG['back_up_page'], $_LANG['profile_lnk']), array($back_act, 'user.php'), 'info'); } else { $_SESSION['login_fail']++; show_message($_LANG['login_failure'], $_LANG['relogin_lnk'], 'user.php', 'error'); }
function action_binding() { $user = $GLOBALS['user']; $_CFG = $GLOBALS['_CFG']; $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; $user_id = $GLOBALS['user_id']; $phone = isset($_POST['phone']) ? trim($_POST['phone']) : ''; $verifycode = isset($_POST['verifycode']) ? trim($_POST['verifycode']) : ''; if ($phone == '') { show_message('手机号不能为空!'); } else { if (is_telephone($phone)) { $sql = "SELECT COUNT(user_id) FROM " . $ecs->table('users') . " WHERE mobile_phone = '{$phone}'"; if ($db->getOne($sql) > 0) { show_message('手机号已经存在,请重新输入!'); } else { if ($verifycode == '') { show_message('手机验证码不能为空!'); } else { /* 验证手机号验证码和IP */ $sql = "SELECT COUNT(id) FROM " . $ecs->table('verifycode') . " WHERE mobile='{$phone}' AND verifycode='{$verifycode}' AND getip='" . real_ip() . "' AND status=1 AND dateline>'" . gmtime() . "'-86400"; // 验证码一天内有效 if ($db->getOne($sql) == 0) { show_message('手机号和验证码不匹配,请重新输入!'); } else { $sql = "update " . $ecs->table('users') . " set mobile_phone = '{$phone}',validated = 1 where user_id = '" . $_SESSION['user_id'] . "'"; $num = $db->query($sql); if ($num > 0) { show_message('绑定手机号成功!', '返回账户安全', 'user.php?act=account_security'); } else { show_message('绑定手机号失败!'); } } } } } else { show_message('请输入正确的手机号!'); } } }
/** * 处理会员登录 */ function action_act_login() { $user_id = $_SESSION['user_id']; $smarty = get_smarty(); $ecs = get_ecs(); $db = get_database(); /* 处理会员的登录 */ $username = isset($_POST['username']) ? trim($_POST['username']) : ''; $password = isset($_POST['password']) ? trim($_POST['password']) : ''; $back_act = isset($_POST['back_act']) ? trim($_POST['back_act']) : ''; $captcha = intval($_CFG['captcha']); if ($captcha & CAPTCHA_LOGIN && (!($captcha & CAPTCHA_LOGIN_FAIL) || $captcha & CAPTCHA_LOGIN_FAIL && $_SESSION['login_fail'] > 2) && gd_version() > 0) { if (empty($_POST['captcha'])) { $smarty->assign('lang', $_LANG); $smarty->assign('action', 'login'); $smarty->assign('error', $_LANG['invalid_captcha']); $smarty->display('chat_passport.dwt'); return; } /* 检查验证码 */ include_once 'includes/cls_captcha.php'; $validator = new captcha(); $validator->session_word = 'captcha_login'; if (!$validator->check_word($_POST['captcha'])) { $smarty->assign('lang', $_LANG); $smarty->assign('action', 'login'); $smarty->assign('error', $_LANG['invalid_captcha']); $smarty->display('chat_passport.dwt'); return; } } if (is_email($username)) { $sql = "select user_name from " . $ecs->table('users') . " where email='" . $username . "'"; $username_e = $db->getOne($sql); if ($username_e) { $username = $username_e; } } if (is_telephone($username)) { $sql = "select user_name from " . $ecs->table('users') . " where mobile_phone='" . $username . "'"; $username_res = $db->query($sql); $kkk = 0; while ($username_row = $db->fetchRow($username_res)) { $username_e = $username_row['user_name']; $kkk = $kkk + 1; } if ($kkk > 1) { $smarty->assign('lang', $_LANG); $smarty->assign('action', 'login'); $smarty->assign('error', '本网站有多个会员ID绑定了和您相同的手机号,请使用其他登录方式,如:邮箱或用户名。'); $smarty->display('chat_passport.dwt'); return; } if ($username_e) { $username = $username_e; } } if ($GLOBALS['user']->login($username, $password, isset($_POST['remember']))) { update_user_info(); recalculate_price(); // 登录成功 $ucdata = isset($user->ucdata) ? $user->ucdata : ''; // show_message($_LANG['login_success'] . $ucdata , // array($_LANG['back_up_page'], $_LANG['profile_lnk']), // array($back_act,'user.php'), 'info'); // 刷新user_id $user_id = $_SESSION['user_id']; header('Location: chat.php?act=chat'); } else { $_SESSION['login_fail']++; $smarty->assign('lang', $_LANG); $smarty->assign('action', 'login'); $smarty->assign('error', $_LANG['login_failure']); $smarty->display('chat_passport.dwt'); return; } }
exit; } $is_distribor = is_distribor($_SESSION['user_id']); if ($is_distribor != 1) { show_message('您还不是分销商!', '去首页', 'index.php'); exit; } if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'act_tixian') { $tixian = array('deposit_money' => empty($_POST['deposit_money']) ? '' : $_POST['deposit_money'], 'real_name' => empty($_POST['real_name']) ? '' : compile_str(trim($_POST['real_name'])), 'account_name' => empty($_POST['account_name']) ? '' : compile_str($_POST['account_name']), 'bank_account' => empty($_POST['bank_account']) ? '' : compile_str($_POST['bank_account']), 'phone' => empty($_POST['phone']) ? '' : compile_str(trim($_POST['phone'])), 'remark' => empty($_POST['remark']) ? '' : compile_str(trim($_POST['remark'])), 'add_time' => gmtime(), 'user_id' => $_SESSION['user_id'], 'status' => 0); if ($tixian['deposit_money'] <= 0) { show_message('您输入的提现金额不正确!'); } if ($tixian['real_name'] == '' || $tixian['account_name'] == '' || $tixian['bank_account'] == '') { show_message('信息请填写完整!'); } if (!is_telephone($tixian['phone'])) { show_message('手机号格式不正确!'); } $user_money = get_user_money_by_user_id($_SESSION['user_id']); if ($tixian['deposit_money'] > $user_money) { show_message('您的余额不足,请重新输入!'); } $GLOBALS['db']->autoExecute($GLOBALS['ecs']->table('deposit'), $tixian, 'INSERT'); $error_no = $GLOBALS['db']->errno(); if ($error_no > 0) { show_message($GLOBALS['db']->errorMsg()); } else { //提现申请提交成功后,把信息提交到用户提现信息表中 $sql = "INSERT INTO " . $GLOBALS['ecs']->table('user_deposit') . "(`real_name`,`account_name`,`bank_account`,`phone`,`remark`,`user_id`) values('" . $tixian['real_name'] . "','" . $tixian['account_name'] . "','" . $tixian['bank_account'] . "','" . $tixian['phone'] . "','" . $tixian['remark'] . "','" . $_SESSION['user_id'] . "')"; $GLOBALS['db']->query($sql); show_message('您的提现申请已经提交!', '返回分销中心', 'v_user.php');
} exit; break; case 'contact': check_name($touser) or dalert('不能与自己对话', 'goback'); $go = '?touser='******'&mid=' . $mid . '&itemid=' . $itemid . '&forward=' . $forward; if ($_username) { dheader($go); } $filename = get_chat_file(get_chat_id($chatuser, $touser)); if (is_file($filename)) { dheader($go); } require DT_ROOT . '/include/post.func.php'; strlen($truename) > 2 or dalert('请填写联系人', 'goback'); is_telephone($telephone) or dalert('请填写联系电话', 'goback'); $truename = htmlspecialchars($truename); $word = '您好,我是' . $truename . ',电话:' . $telephone; if (is_email($email)) { $word .= ',电子邮箱:' . $email; } if (is_qq($qq)) { $word .= ',QQ:' . $qq; } file_put($filename, '<?php exit;?>'); if ($fp = fopen($filename, 'a')) { fwrite($fp, $DT_TIME . '|' . $chatuser . '|' . $word . "\n"); fclose($fp); } $db->query("UPDATE {$DT_PRE}member SET chat=chat+1 WHERE username='******'"); dheader($go);