define('script', 'register');
//引入公共文件 下面这种方法比较快
require dirname(__FILE__) . '/includes/common.php';
if ($_GET['action'] == 'register') {
//get可以获取url的参数
/*验证验证码是否正确 post获取表单提交的内容 因为表单是以post形式提交的*/
_check_code($_POST['yzm'], $_SESSION['code']);
//可以通过唯一标识符 来防止表单恶意注册 跨站攻击
include root . 'includes/register.php';
/*定义一个变量存放 各字段的值*/
$_clear = array();
/*字段在验证成功后 将字符串 返回出来 并赋值给 $_clear 相应的字段 -->验证并赋值*/
$_clear['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']);
$_clear['active'] = _sha1_uniqid();
$_clear['username'] = _check_username($_POST['username']);
$_clear['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6);
$_clear['question'] = _check_questions($_POST['passt'], 4, 20);
$_clear['anwser'] = _check_anwser($_POST['passt'], $_POST['passd'], 4, 20);
$_clean['sex'] = $_POST['sex'];
$_clean['face'] = $_POST['face'];
$_clear['email'] = _check_email($_POST['email']);
$_clear['qq'] = _check_qq($_POST['qq']);
$_clear['url'] = _check_url($_POST['url']);
print_r($_clear);
} else {
//提交前
//这个存入数据库的唯一标识符还有第二个用处 就是cookie登陆验证 验证cookie的标识符和数据库的标识符是否相等
$_SESSION['uniqid'] = $_uniqid = _sha1_uniqid();
echo $_SESSION['uniqid'];
}
//唯一标识符 有两个参数 参数一rand() :每次产生的长度是随机的 参数二:是否带小数 true/false
<?php
/*
* 关俊鹏
* 2012/7/28
*修改 加入了login.inc.php的包涵 和转跳的页面
*/
session_start();
error_reporting(0);
header("Content-Type: text/html; charset=UTF-8");
//如有必要一定要设置成utf-8
require 'common.inc.php';
//转换成硬路径
require 'login.inc.php';
$_data['secret1'] = _check_password($_POST['secret1']);
$_data['secret2'] = _check_password($_POST['secret2']);
$pass = DB_PRE . 'ask_user';
$_sql = "SELECT * FROM {$pass} where uid='{$login['lzuuid']}' AND password='******'secret1']}'";
if (_fetch_array($_sql)) {
$query = "update {$pass} SET\n\t password='******'secret2']}'\n where uid='{$login['lzuuid']}'";
_query($query);
echo '<a href="../personnav.php">密码修改成功</a>';
} else {
_alert_back("密码不正确!");
}
$clean['username'] = _check_username($_POST['username']);
$clean['num'] = _check_num($_POST['num']);
$clean['sex'] = _check_sex($_POST['sex']);
_checkdate($_POST['birth_m'], $_POST['birth_d'], $_POST['birth_y']);
_checkdate($_POST['start_time_m'], $_POST['start_time_d'], $_POST['start_time_y']);
$clean['birth'] = $_POST['birth_y'] . '-' . $_POST['birth_m'] . '-' . $_POST['birth_d'];
$clean['start_time'] = $_POST['start_time_y'] . '-' . $_POST['start_time_m'] . '-' . $_POST['start_time_d'];
$clean['gm_grade'] = _time_to_grade($_POST['start_time_y'], $_POST['start_time_m']);
$clean['contact'] = _check_contact($_POST['contact']);
$clean['address'] = _check_address_ex($_POST['address']);
$clean['subject'] = _check_subject($_POST['subject']);
$clean['type'] = _check_type($_POST['type']);
$clean['photoname'] = _check_photo();
//判断是否已经注册
_is_repeat("SELECT gm_num FROM gm_user WHERE gm_num = '{$clean['num']}'", '该学号已经被注册!如有问题请咨询管理员!');
$newpassword = _check_password($_system['initial_password']);
if (_query("INSERT INTO gm_user(\r\n\t\t\t\t\t\t\t\t\tgm_username,\r\n\t\t\t\t\t\t\t\t\tgm_num,\r\n\t\t\t\t\t\t\t\t\tgm_password,\r\n\t\t\t\t\t\t\t\t\tgm_reg_time,\r\n\t\t\t\t\t\t\t\t\tgm_last_time,\r\n\t\t\t\t\t\t\t\t\tgm_last_ip) \r\n\t\t\t\t\t\t\t\tVALUES(\r\n\t\t\t\t\t\t\t\t\t'{$clean['username']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['num']}',\r\n\t\t\t\t\t\t\t\t\t'{$newpassword}',\r\n\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}')") and _query("INSERT INTO gm_stuinfo(\r\n\t\t\t\t\t\t\t\t\tgm_username,\r\n\t\t\t\t\t\t\t\t\tgm_num,\r\n\t\t\t\t\t\t\t\t\tgm_sex,\r\n\t\t\t\t\t\t\t\t\tgm_birth,\r\n\t\t\t\t\t\t\t\t\tgm_start_time,\r\n\t\t\t\t\t\t\t\t\tgm_grade,\r\n\t\t\t\t\t\t\t\t\tgm_contact,\r\n\t\t\t\t\t\t\t\t\tgm_address,\r\n\t\t\t\t\t\t\t\t\tgm_subject,\r\n\t\t\t\t\t\t\t\t\tgm_type,\r\n\t\t\t\t\t\t\t\t\tgm_photoname) \r\n\t\t\t\t\t\t\t\tVALUES(\r\n\t\t\t\t\t\t\t\t\t'{$clean['username']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['num']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['sex']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['birth']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['start_time']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['gm_grade']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['contact']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['address']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['subject']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['type']}',\r\n\t\t\t\t\t\t\t\t\t'{$clean['photoname']}')")) {
_location('你的信息已经提交,请耐心等待审核!', 'login.php');
} else {
_alert_back('注册失败!有问题请咨询管理员!');
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>计算机学院研究生档案管理--注册</title>
<link rel="stylesheet" type="text/css" href="styles/basic.css" />
<link rel="stylesheet" type="text/css" href="styles/register.css" />
require dirname(__FILE__) . '/includes/common.inc.php';
//登录状态
_login_state();
global $_system;
//开始处理登录状态
if (isset($_GET['action']) && $_GET['action'] == 'login') {
//为了防止恶意注册,跨站攻击
if (!empty($_system['code'])) {
_check_code($_POST['code'], $_SESSION['code']);
}
//引入验证文件
include ROOT_PATH . 'includes/login.func.php';
//接收数据
$_clean = array();
$_clean['username'] = _check_username($_POST['username'], 2, 20);
$_clean['password'] = _check_password($_POST['password'], 6);
$_clean['time'] = _check_time($_POST['time']);
//print_r($_clean);
//到数据库验证
//用户名密码正确,且已经激活了账户的
if (!!($_rows = _fetch_array("select tg_username,tg_uniqid,tg_level from tg_user where tg_username='******'username']}' and tg_password='******'password']}' and tg_active='' limit 1"))) {
//登录成功后,记录登录信息
//首先获取本机名
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
//通过本机名获取Ip
$ip = gethostbyname("{$hostname}");
_query("update tg_user set \n\t\t\t\t\t\t\t\t\t\ttg_last_time=NOW(),\n\t\t\t\t\t\t\t\t\t\ttg_last_ip='{$ip}',\n\t\t\t\t\t\t\t\t\t\ttg_login_count=tg_login_count+1\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\ttg_username='******'tg_username']}'\n\t\t\t\t\t\t\t\t\t");
//_session_destroy(); //清楚验证码的session
_setcookie($_rows['tg_username'], $_rows['tg_uniqid'], $_clean['time']);
if ($_rows['tg_level'] == 1) {
$_SESSION['admin'] = $_rows['tg_username'];
define('SCRIPT', 'stu_data_s');
//引入公共文件
require dirname(__FILE__) . '/includes/common.inc.php';
//判断登录状态和权限
_login_state(1);
//个人信息
if ($_GET['action'] == 'aboutme') {
$row = _fetch_array("SELECT * FROM gm_stuinfo AS s INNER JOIN gm_user AS u ON s.gm_num=u.gm_num WHERE s.gm_num='{$_SESSION['num']}'");
}
//修改密码
if ($_GET['action'] == 'pass_modify') {
//引入验证文件
include ROOT_PATH . 'includes/register.func.php';
$clean = array();
$clean['password'] = _check_password($_POST['password']);
$clean['newpassword'] = _check_password($_POST['newpassword']);
//判断旧密码是否正确
if (!_num_rows("SELECT gm_num FROM gm_user WHERE gm_active='1' AND gm_num = '{$_SESSION['num']}' AND gm_password = '******'password']}'")) {
_alert_back('原密码不正确!');
}
if (_query("UPDATE gm_user SET gm_password = '******'newpassword']}' WHERE gm_active='1' AND gm_num = '{$_SESSION['num']}'")) {
$string = "密码修改成功!\\n用户名:{$_SESSION['username']}\\n登录帐号:{$_SESSION['num']}\\n密码:{$_POST['newpassword']}";
_alert_back($string);
} else {
_alert_back('密码修改失败!');
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<body>
<?php
require ROOT_PATH . 'includes/admin_header.inc.php';
//判断是否提交了
if (@$_GET['action'] == 'register') {
//为了防止恶意注册,跨站攻击
_check_code($_POST['code'], $_SESSION['code']);
//引入验证文件
include ROOT_PATH . 'includes/check.func.php';
//创建一个空数组,用来存放提交过来的合法数据
$_clean = array();
//可以通过唯一标示符来防止恶意注册,伪装表单跨站攻击等
//这个存放入数据库的唯一标识符还有第二个用处,就是登录cookies验证
$_clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']);
$_clean['username'] = _check_username(@$_POST['username'], 2, 20);
$_clean['password'] = _check_password(@$_POST['password'], @$_POST['notpassword'], 6);
$_clean['role_id'] = $_POST['role_id'];
$_clean['phone'] = $_POST['phone'];
//在新增之前,要判断用户名是否重复
_is_repeat("SELECT username FROM tb_admin WHERE username='******'username']}' LIMIT 1", '对不起,此用户已被注册');
//新增用户 //在双引号里,直接放变量是可以的,比如$_username,但如果是数组,就必须加上{} ,比如 {$_clean['username']}
_query("INSERT INTO tb_admin (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tuniqid,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tpassword,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tphone,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trole_id,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\treg_time\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['phone']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['role_id']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW()\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)");
//关闭
if (_affected_rows() == 1) {
_close();
_location('恭喜你,注册成功,等待超级管理员审核', '../index.php');
} else {
_close();
_location('很遗憾,注册失败!', 'register.php');
}
} else {
*/
session_start();
define('IN_TG', true);
//引入公共文件
//定义一个常量,用来指定本页的内容
define('SCRIPT', 'member_PSW_modify');
//引入公共文件
require dirname(__FILE__) . '/../../includes/common.inc.php';
//引入验证文件
include ROOT_PATH . 'includes/check.func.php';
//修改资料
if ($_GET['action'] == "modify") {
//为了防止恶意注册,跨站攻击
$_clean = array();
$_clean['password1'] = _check_modify_password(@$_POST['password1'], 6);
$_clean['password'] = _check_password(@$_POST['password2'], @$_POST['password3'], 6);
if (!!($_rows = _fetch_array("SELECT uniqid FROM tb_user WHERE username='******'username']}' AND password='******'password1']}' LIMIT 1"))) {
//为了防止cookies伪造,还要比对一下唯一标识符uniqid()
uniqid($_rows['uniqid'], $_COOKIE['uniqid']);
_query("UPDATE tb_user \n\t\t\t\t\tSET\n\t\t\t\t\tpassword = '******'password']}' \n\t\t\t\t\tWHERE \n\t\t\t\t\tusername='******'username']}'\t\n\t\t\t\t\t");
}
//判断是否修改成功
if (_affected_rows() == 1) {
_close();
_session_destroy();
_location('恭喜你,密码修改成功!', 'db_member_PSW_modify.php');
} else {
_close();
_session_destroy();
_location('很遗憾,密码修改失败!', 'db_member_PSW_modify.php');
}
_alert_back("已经登录了!");
}
/*
*用户登陆
*
*/
if ($_GET['action'] == login) {
/*
* 这儿应该有js 用户端的验证
* 包括没有js验证
* 最后加上
*/
require ROOT_PATH . 'includes/login.inc.php';
$_data = array();
$_data['username'] = _check_username($_POST['username']);
$_data['userpwd'] = _check_password($_POST['userpwd']);
/*
* 验证
*
*/
$pass = DB_PRE . 'ask_user';
$_sql = "SELECT * FROM {$pass} where username='******'username']}' AND password='******'userpwd']}'";
if (!!($result = _fetch_array($_sql))) {
if ($result['active'] != NULL) {
_alert_back("用户未激活,请到邮箱激活");
}
$logintime = time() + 28800;
$login = array('lzuname' => $_data['username'], 'lzupwd' => $_data['userpwd'], 'lzuuid' => $result['uid'], 'lastlogin' => $logintime);
session_register(login);
$_sql_1 = "UPDATE {$pass} SET is_login=1 WHERE username='******'lzuname']}'";
mysql_query($_sql_1);
//flag login state
_login_state();
//whether the form is submitted
if (isset($_POST['action'])) {
if ($_POST['action'] == 'register') {
//protect from illegal registration
_check_code($_POST['code'], $_SESSION['RandCode']);
//include register.func.php
include ROOT_PATH . 'includes/check.func.php';
$_clean = array();
//protect from illegal registration by unique identifier
$_clean['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']);
// For a registered user to activate the account
$_clean['active'] = _sha1_uniqid();
$_clean['username'] = _check_username($_POST['username']);
$_clean['password'] = _check_password($_POST['password'], $_POST['notpassword']);
$_clean['question'] = _check_question($_POST['question']);
$_clean['answer'] = _check_answer($_POST['question'], $_POST['answer']);
$_clean['sex'] = _check_sex($_POST['sex']);
$_clean['profile'] = _check_profile($_POST['profile']);
$_clean['email'] = _check_email($_POST['email']);
$_clean['msn'] = _check_msn($_POST['msn']);
$_clean['url'] = _check_url($_POST['url']);
//check whether this username has been registered
_is_repeat("select tg_username from tg_user where tg_username = '******'username']}'limit 1", 'This username has been registered');
//insert information into database
//Between double quotation marks, a variable's name could be used; However, an array element can't.
//A pair of braces are used to fix this problem
_insert("INSERT INTO tg_user (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_uniqid,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_active,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_username,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_password,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_question,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_answer,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_sex,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_profile,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_email,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_msn,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_url,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_reg_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_time,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttg_last_ip\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['uniqid']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['active']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['username']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['password']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['question']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['answer']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['sex']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['profile']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['email']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['msn']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_clean['url']}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_SERVER["REMOTE_ADDR"]}'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)");
//_SERVER["REMOTE_ADDR"] would acquire the current login IP address
if (_affected_rows() == 1) {