//定义一个常量来代表本页的内容 define('script', 'register'); //引入公共文件 下面这种方法比较快 require dirname(__FILE__) . '/includes/common.php'; if ($_GET['action'] == 'register') { //get可以获取url的参数 /*验证验证码是否正确 post获取表单提交的内容 因为表单是以post形式提交的*/ _check_code($_POST['yzm'], $_SESSION['code']); //可以通过唯一标识符 来防止表单恶意注册 跨站攻击 include root . 'includes/register.php'; /*定义一个变量存放 各字段的值*/ $_clear = array(); /*字段在验证成功后 将字符串 返回出来 并赋值给 $_clear 相应的字段 -->验证并赋值*/ $_clear['uniqid'] = _check_uniqid($_POST['uniqid'], $_SESSION['uniqid']); $_clear['active'] = _sha1_uniqid(); $_clear['username'] = _check_username($_POST['username']); $_clear['password'] = _check_password($_POST['password'], $_POST['notpassword'], 6); $_clear['question'] = _check_questions($_POST['passt'], 4, 20); $_clear['anwser'] = _check_anwser($_POST['passt'], $_POST['passd'], 4, 20); $_clean['sex'] = $_POST['sex']; $_clean['face'] = $_POST['face']; $_clear['email'] = _check_email($_POST['email']); $_clear['qq'] = _check_qq($_POST['qq']); $_clear['url'] = _check_url($_POST['url']); print_r($_clear); } else { //提交前 //这个存入数据库的唯一标识符还有第二个用处 就是cookie登陆验证 验证cookie的标识符和数据库的标识符是否相等 $_SESSION['uniqid'] = $_uniqid = _sha1_uniqid(); echo $_SESSION['uniqid']; }
$num = _check_num($_POST['num']); $zc = $_POST['zc']; if (_query("INSERT INTO gm_teacher(gm_num,gm_username,gm_zc) VALUES('{$num}','{$name}','{$zc}')")) { _alert_back("添加成功!"); } else { _alert_back("添加失败!"); } } } if ($_GET['action'] == modify) { if ($_GET['num']) { $row = _fetch_array("SELECT * FROM gm_teacher WHERE gm_num='{$_GET['num']}'"); } if ($_POST['submit'] == '提 交') { include ROOT_PATH . 'includes/register.func.php'; $name = _check_username($_POST['name']); $num = _check_num($_POST['num']); $zc = $_POST['zc']; if (_query("UPDATE gm_teacher SET gm_username='******',gm_zc='{$zc}' WHERE gm_num='{$num}'")) { _alert_back("修改成功!"); } else { _alert_back("修改失败!"); } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php $avalible = false; $action = $_POST['action']; if ($action == 'check_username') { $u = $_POST['username']; _check_username($u, null, $avalible, false); } else { if ($action == 'create_account') { $u = $_POST['username']; $p = $_POST['password']; #_create_account($u, $p, $avalible); _check_username($u, $p, $avalible, true); } else { if ($action == 'login') { $u = $_POST['username']; $p = $_POST['password']; _verify($u, $p); } } } function _check_username($u, $p, $avalible, $create) { $connect = new mysqli("classroom.cs.unc.edu", "cookcb", "krackatoa4", "cookcbdb"); $result = $connect->query("SELECT count(*) FROM DNDLogin WHERE Username = '******'"); $row = $result->fetch_row(); $exists = $row[0]; if ($exists == 1) { echo "<Span class='no'><strong>{$u}</strong> is not available</span>"; $avalible = false; } else {
//转换成硬路径,引用速度更快 require dirname(__FILE__) . '/includes/common.inc.php'; //登录状态 _login_state(); global $_system; //开始处理登录状态 if (isset($_GET['action']) && $_GET['action'] == 'login') { //为了防止恶意注册,跨站攻击 if (!empty($_system['code'])) { _check_code($_POST['code'], $_SESSION['code']); } //引入验证文件 include ROOT_PATH . 'includes/login.func.php'; //接收数据 $_clean = array(); $_clean['username'] = _check_username($_POST['username'], 2, 20); $_clean['password'] = _check_password($_POST['password'], 6); $_clean['time'] = _check_time($_POST['time']); //print_r($_clean); //到数据库验证 //用户名密码正确,且已经激活了账户的 if (!!($_rows = _fetch_array("select tg_username,tg_uniqid,tg_level from tg_user where tg_username='******'username']}' and tg_password='******'password']}' and tg_active='' limit 1"))) { //登录成功后,记录登录信息 //首先获取本机名 $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']); //通过本机名获取Ip $ip = gethostbyname("{$hostname}"); _query("update tg_user set \n\t\t\t\t\t\t\t\t\t\ttg_last_time=NOW(),\n\t\t\t\t\t\t\t\t\t\ttg_last_ip='{$ip}',\n\t\t\t\t\t\t\t\t\t\ttg_login_count=tg_login_count+1\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\ttg_username='******'tg_username']}'\n\t\t\t\t\t\t\t\t\t"); //_session_destroy(); //清楚验证码的session _setcookie($_rows['tg_username'], $_rows['tg_uniqid'], $_clean['time']); if ($_rows['tg_level'] == 1) {
//定义个常量,用来指定本页的内容 define('SCRIPT', 'register'); //引入公共文件 require dirname(__FILE__) . '/includes/common.inc.php'; //判断是否允许注册 if (!$_system['register']) { _alert_back("现在不是注册时间!"); } //开始处理提交内容 if ($_GET['action'] == register) { include ROOT_PATH . 'includes/register.func.php'; if ($_system['needcode'] == 1) { _check_code($_SESSION['code'], $_POST['code']); } $clean = array(); $clean['username'] = _check_username($_POST['username']); $clean['num'] = _check_num($_POST['num']); $clean['sex'] = _check_sex($_POST['sex']); _checkdate($_POST['birth_m'], $_POST['birth_d'], $_POST['birth_y']); _checkdate($_POST['start_time_m'], $_POST['start_time_d'], $_POST['start_time_y']); $clean['birth'] = $_POST['birth_y'] . '-' . $_POST['birth_m'] . '-' . $_POST['birth_d']; $clean['start_time'] = $_POST['start_time_y'] . '-' . $_POST['start_time_m'] . '-' . $_POST['start_time_d']; $clean['gm_grade'] = _time_to_grade($_POST['start_time_y'], $_POST['start_time_m']); $clean['contact'] = _check_contact($_POST['contact']); $clean['address'] = _check_address_ex($_POST['address']); $clean['subject'] = _check_subject($_POST['subject']); $clean['type'] = _check_type($_POST['type']); $clean['photoname'] = _check_photo(); //判断是否已经注册 _is_repeat("SELECT gm_num FROM gm_user WHERE gm_num = '{$clean['num']}'", '该学号已经被注册!如有问题请咨询管理员!'); $newpassword = _check_password($_system['initial_password']);
if (session_is_registered(login)) { _alert_back("已经登录了!"); } /* *用户登陆 * */ if ($_GET['action'] == login) { /* * 这儿应该有js 用户端的验证 * 包括没有js验证 * 最后加上 */ require ROOT_PATH . 'includes/login.inc.php'; $_data = array(); $_data['username'] = _check_username($_POST['username']); $_data['userpwd'] = _check_password($_POST['userpwd']); /* * 验证 * */ $pass = DB_PRE . 'ask_user'; $_sql = "SELECT * FROM {$pass} where username='******'username']}' AND password='******'userpwd']}'"; if (!!($result = _fetch_array($_sql))) { if ($result['active'] != NULL) { _alert_back("用户未激活,请到邮箱激活"); } $logintime = time() + 28800; $login = array('lzuname' => $_data['username'], 'lzupwd' => $_data['userpwd'], 'lzuuid' => $result['uid'], 'lastlogin' => $logintime); session_register(login); $_sql_1 = "UPDATE {$pass} SET is_login=1 WHERE username='******'lzuname']}'";
//通过HTTP POST上传后,文件会存放在临时文件夹下 if (is_uploaded_file($_FILES['userfile']['tmp_name'])) { //move_uploaded_file() //将上传的文件移动到新位置 if (!move_uploaded_file($_FILES['userfile']['tmp_name'], URL . '/' . $_FILES['userfile']['name'])) { //如果移动失败 echo "<script>alert('移动失败!');history.back();</script>"; exit; } } else { echo "<script>alert('临时文件夹下找不到上传文件!');history.back();</script>"; exit; } //存入数据库 $_clean = array(); $_clean['name'] = _check_username(@$_POST['title'], 2, 20); $_clean['pic'] = _check_face($_FILES['userfile']['name']); $_clean['material'] = @$_POST['material']; $_clean['seasoning'] = @$_POST['seasoning']; $_clean['content'] = @$_POST['content']; $_clean['sort'] = @$_POST['sort']; $_clean['price'] = floatval(@$_POST['price']); $_clean['count'] = intval(@$_POST['count']); $_clean['sort'] = @$_POST['sort']; _query("INSERT INTO\n\t\t\ttb_food (name,pic,material,seasoning,content,sort,price,date_time,stock)\n\t\tVALUES\n\t\t\t(\n\t\t\t'{$_clean['name']}',\n\t\t\t'{$_clean['pic']}',\n\t\t\t'{$_clean['material']}',\n\t\t\t'{$_clean['seasoning']}',\n\t\t\t'{$_clean['content']}',\n\t\t\t'{$_clean['sort']}',\n\t\t\t'{$_clean['price']}',\n\t\t\t'{$_clean['count']}',\n\t\t\tNOW()\n\t\t\t)\n\t\t\t\t\t"); if (_affected_rows() == 1) { _close(); _location('恭喜你,添加成功!', 'db_food_add.php'); } else { _close(); _location('很遗憾,添加失败!', 'db_food_add.php');
<?php $sesambung = mysql_connect("localhost", "root", ""); mysql_select_db("perdagangan_elektronik", $sesambung); $action = $_POST['action']; if ($action == 'check_username') { $u = $_POST['username']; _check_username($u); } function _check_username($u) { $un = mysql_query("SELECT kode FROM pengguna"); if (in_array($u, $un)) { echo "<span class='no'><strong>{$u}</strong> is not available</span>"; } else { echo "<span class='yes'><strong>{$u}</strong> is available</span>"; } }