if (!isset($_SESSION['Center_Username']) or $_SESSION['Center_UserGroup'] != 9) {
header("Location: ../index.php");
exit;
}
if (isset($_GET['edit']) && $_GET['edit'] != '') {
$_member = sc_get_result("SELECT * FROM `member` WHERE `id` = '%d'", array(abs($_GET['edit'])));
if (isset($_POST['email']) && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
if ($_POST['web_site'] != '' && !filter_var($_POST['web_site'], FILTER_VALIDATE_URL)) {
$_web_site = $_member['row']['web_site'];
} else {
$_web_site = $_POST['web_site'];
}
if ($_POST['password'] == '') {
$_password = $_member['row']['password'];
} else {
$_password = sc_password($_POST['password'], $_member['row']['username']);
}
$SQL->query("UPDATE `member` SET `password` = '%s', `email` = '%s', `web_site` = '%s', `rekey` = '%s', `level` = '%d' WHERE `id` = '%d'", array($_password, $_POST['email'], $_web_site, $_POST['rekey'], $_POST['level'], $_member['row']['id']));
header("Location: member.php?edit=" . $_member['row']['id'] . '&ok');
}
} else {
$limit_row = 30;
if (isset($_GET['page'])) {
$limit_start = abs(intval(($_GET['page'] - 1) * $limit_row));
$_member = sc_get_result("SELECT * FROM `member` ORDER BY `id` ASC LIMIT %d,%d", array($limit_start, $limit_row));
} else {
$limit_start = 0;
$_member = sc_get_result("SELECT * FROM `member` ORDER BY `id` ASC LIMIT %d,%d", array($limit_start, $limit_row));
}
}
if (isset($_GET['del']) && $_GET['del'] != '') {
$_header .= 'Content-type:text/plain; charset=UTF-8';
mb_internal_encoding('UTF-8');
$_subject = mb_encode_mimeheader($_subject, 'UTF-8');
if (mail($_member['row']['email'], $_subject, $_body, $_header)) {
$_step = 2;
}
}
} elseif (isset($_GET['auth']) && trim($_GET['auth']) != '' && isset($_GET['id']) && abs($_GET['id']) != '') {
$_uid = abs($_GET['id']);
$_member = sc_get_result("SELECT * FROM member WHERE `id` = '%d'", array($_uid));
if ($_member['num_rows'] > 0) {
if (md5($_member['row']['rekey']) == $_GET['auth']) {
$_rekey_SQL = sprintf(",`rekey` = '%s'", substr(sc_keygen($_GET['auth']), 0, 16));
$_step = 3;
if (isset($_POST['password']) && trim($_POST['password']) != '') {
$SQL->query("UPDATE member SET `password` = '%s' {$_rekey_SQL} WHERE `id` = '%d'", array(sc_password($_POST['password'], $_member['row']['username']), $_uid));
$_step = 4;
header("Location: index.php?getpassword");
exit;
}
}
}
}
$view = new View('include/theme/default.html', 'include/nav.php', NULL, $center['site_name'], '重設密碼');
if (isset($_GET['nouser'])) {
?>
<div class="alert alert-danger">帳號或電子信箱出現錯誤</div>
<?php
}
?>
<h2>重設密碼</h2>
function sc_register($_username, $_password, $_email, $_web_site = '', $_level = 1)
{
global $SQL;
global $center;
if ($center['register'] == 1) {
if (isset($_username) && trim(sc_namefilter($_username)) != '' && isset($_password) && trim($_password) != '' && filter_var($_email, FILTER_VALIDATE_EMAIL)) {
if ($_web_site != '' && !filter_var($_web_site, FILTER_VALIDATE_URL)) {
return -2;
}
$_username = sc_namefilter($_username);
$auth_name = $SQL->query("SELECT `username` FROM `member` WHERE `username` = '%s' OR `email` = '%s'", array($_username, $_email));
if ($auth_name->num_rows > 0) {
return -1;
exit;
}
$SQL->query("INSERT INTO `member` (`username`, `password`, `email`, `web_site`, `avatar`, `rekey`, `level` , `joined` ,`last_login`) VALUES ('%s', '%s', '%s', '%s', 'default.png', '%s', '%d', now(), now())", array(sc_namefilter($_username), sc_password($_password, $_username), $_email, $_web_site, substr(sc_keygen($_username), 0, 16), $_level));
return 1;
} else {
return -2;
}
} else {
return -3;
}
}
