public function register()
{
if (!$this->input->is_ajax_request()) {
$jsonData = array('code' => -1, 'msg' => "非法请求");
echo json_encode($jsonData);
exit;
}
// 用户名
$userName = $this->input->post('user_name');
if ("" == $userName) {
$jsonData = array('code' => -2, 'msg' => '用户名不能为空');
echo json_encode($jsonData);
exit;
}
//todo 验证用户名是否存在
//todo 验证邮箱是否存在
// 邮箱
$email = $this->input->post('email');
if ("" == $email) {
$jsonData = array('code' => -3, 'msg' => '邮箱不能为空');
echo json_encode($jsonData);
exit;
}
// 密码
$password = $this->input->post('password');
if ("" == $password) {
$jsonData = array('code' => -4, 'msg' => '密码不能为空');
echo json_encode($jsonData);
exit;
}
// 验证码
$authcode = trim($this->input->post('authcode'));
if ($authcode == "") {
$jsonData = array('code' => -5, 'msg' => '验证码不能为空');
echo json_encode($jsonData);
exit;
}
if (!$this->authcode->check($authcode)) {
$jsonData = array('code' => -6, 'msg' => '验证码错误');
echo json_encode($jsonData);
exit;
}
// saveData
$randomStr = getRandomStr();
$saveData = array('user_name' => $userName, 'email' => $email, 'password' => getUserPassword($password, $randomStr), 'salt' => $randomStr, 'ip' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "");
if ($this->web_user_model->addUser($saveData)) {
$jsonData = array('code' => 1, 'msg' => '注册成功');
echo json_encode($jsonData);
exit;
} else {
$jsonData = array('code' => 0, 'msg' => '注册失败');
echo json_encode($jsonData);
exit;
}
}
global $twentyfourhour_format;
$edit_series = true;
$room_order = "room_name";
#If we dont know the right date then make it up
if (!isset($day) or !isset($month) or !isset($year)) {
$day = date("d");
$month = date("m");
$year = date("Y");
}
if (empty($area)) {
$area = get_default_area();
}
if (!isset($edit_type)) {
$edit_type = "";
}
if (!getAuthorised(getUserName(), getUserPassword(), 1)) {
showAccessDenied($day, $month, $year, $area);
exit;
}
# This page will either add or modify a booking
# We need to know:
# Name of booker
# Description of meeting
# Date (option select box for day, month, year)
# Time
# Duration
# Internal/External
# Firstly we need to know if this is a new booking or modifying an old one
# and if it's a modification we need to get all the old data from the db.
# If we had $id passed in then it's a modification.
if (isset($id)) {
$sql = "select nUserId,nCompId,vLogin from sptbl_users where\n\t\tvEmail='" . addslashes($var_fromaddress) . "' AND\n\t\tnCompId IN('" . implode("','", $arr_compid_final) . "')";
$result = executeSelect($sql, $conn);
$arr_comp_toregister = array();
if (mysql_num_rows($result) > 0) {
while ($row = mysql_fetch_array($result)) {
$arr_comp_toregister[$row["nUserId"]] = $row["nCompId"];
$arr_user_login[$row["nUserId"]] = $row["vLogin"];
}
}
$arr_new_user = array();
$arr_comp_diff = array_diff($arr_compid_final, $arr_comp_toregister);
foreach ($arr_comp_diff as $key => $val) {
$var_username = "";
$var_userlogin = "";
getUserLogin($var_frommailbox, $val, $var_username, $var_userlogin);
$var_userpassword = $var_userpassword != "" ? $var_userpassword : getUserPassword($var_fromaddress);
$sql = "Insert into sptbl_users(nUserId,nCompId,vUserName,vEmail,vLogin,vPassword,dDate,nCSSId)\n\t\t\t\tValues('',\n\t\t\t\t'" . addslashes($val) . "',\n\t\t\t\t'" . addslashes($var_username) . "',\n\t\t\t\t'" . addslashes($var_fromaddress) . "',\n\t\t\t\t'" . addslashes($var_userlogin) . "',\n\t\t\t\t'" . md5($var_userpassword) . "',\n\t\t\t\tnow(),'1')";
executeQuery($sql, $conn);
$var_id = mysql_insert_id();
$arr_comp_toregister[$var_id] = $val;
$arr_user_login[$var_id] = $var_username;
$arr_new_user[$var_id] = $var_userpassword;
}
foreach ($arr_new as $key => $val) {
$var_tmp_compid = getCompanyId($val, $total_count);
$var_tmp_userid = array_search($var_tmp_compid, $arr_comp_toregister);
$var_userlogin = $arr_user_login[$var_tmp_userid];
$sql = "insert into sptbl_tickets(nTicketId,nDeptId,vRefNo,nUserId,vUserName,vTitle,tQuestion,\n\t\t\tvPriority,dPostDate,vMachineIP,dLastAttempted)\n\t\t\t\tvalues('','" . $val . "','1','" . $var_tmp_userid . "',\n\t\t\t\t'" . addslashes($var_userlogin) . "',\n\t\t\t\t'" . addslashes($mimedecoder->_mailheader->_headersubject) . "',\n\t\t\t\t'" . addslashes($var_message_main) . "','0',now(),\n\t\t\t\t'" . addslashes($var_machineip) . "',now())";
executeQuery($sql, $conn);
$var_insert_id = mysql_insert_id($conn);
$var_ticket_id = $var_insert_id;
<?php
# $Id$
include "config.inc";
include "functions.inc";
include "{$dbsys}.inc";
include "mrbs_auth.inc";
include "mrbs_sql.inc";
if (getAuthorised(getUserName(), getUserPassword(), 1) && ($info = mrbsGetEntryInfo($id))) {
$day = strftime("%d", $info["start_time"]);
$month = strftime("%m", $info["start_time"]);
$year = strftime("%Y", $info["start_time"]);
$area = mrbsGetRoomArea($info["room_id"]);
sql_begin();
$result = mrbsDelEntry(getUserName(), $id, $series, 1);
sql_commit();
if ($result) {
Header("Location: day.php?day={$day}&month={$month}&year={$year}&area={$area}");
exit;
}
}
// If you got this far then we got an access denied.
showAccessDenied($day, $month, $year, $area);
// $name = "name", "password", ...
// Search for indexes "user_name", "user_password", etc, in the localization array.
if (isset($vocab["user_" . $name])) {
return get_vocab("user_" . $name);
}
// If there is no entry (likely if user-defined fields have been added), return itself.
return $name;
}
/*---------------------------------------------------------------------------*\
| Authentify the current user |
\*---------------------------------------------------------------------------*/
if ($nusers > 0) {
$user = getUserName();
$level = authGetUserLevel($user, $auth["admin"]);
// Do not allow unidentified people to browse the list.
if (!getAuthorised($user, getUserPassword(), 1)) {
showAccessDenied($day, $month, $year, $area);
exit;
}
} else {
$user = "******";
$level = 2;
}
/*---------------------------------------------------------------------------*\
| Edit a given entry - 1st phase: Get the user input. |
\*---------------------------------------------------------------------------*/
if (isset($Action) && ($Action == "Edit" or $Action == "Add")) {
if ($Id >= 0) {
$result = sql_query("select * from {$tbl_users} where id={$Id}");
$data = sql_row($result, 0);
sql_free($result);
function changePassword($db, $user, $old, $new)
{
$old_comparison = getUserPassword($db, $user);
if ($old != $old_comparison) {
$passwd = false;
} else {
if ($old == $old_comparison) {
$passwd = pg_query($db, "UPDATE userbase SET pwd='{$new}' WHERE username='******';");
}
}
return $passwd;
}
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/*
JM-booking - login
*/
include "glob_inc.inc.php";
if (isset($_POST['WEBAUTH_USER'])) {
if (authValidateUser(getUserName(), getUserPassword())) {
header('Location: index.php');
exit;
}
}
if (isset($_GET['sendepost']) && isset($_POST['sendepost_navn']) && isset($_POST['sendepost_epost']) && isset($_POST['sendepost_melding'])) {
require "libs/mail.class.php";
$epostform_feilfunnet = false;
$_POST['sendepost_navn'] = htmlspecialchars(strip_tags($_POST['sendepost_navn']), ENT_QUOTES);
$_POST['sendepost_epost'] = htmlspecialchars(strip_tags($_POST['sendepost_epost']), ENT_QUOTES);
$_POST['sendepost_melding'] = htmlspecialchars(strip_tags($_POST['sendepost_melding']), ENT_QUOTES);
if ($_POST['sendepost_navn'] == '' || $_POST['sendepost_epost'] == '' || $_POST['sendepost_melding'] == '') {
$epostform_feilfunnet = true;
} else {
// Sender epost med spørsmål
$mail = new mail();
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/*
JM-booking - login
*/
include 'glob_inc.inc.php';
$deactivated = false;
$external_failed = false;
$complex_failed = false;
$age_failed = false;
$is_external = isExternal();
if (isset($_POST['WEBAUTH_USER'])) {
$user = getUserName();
$pass = getUserPassword();
// Check if we do not have a username/password
if (empty($user) || empty($pass)) {
} else {
$user = slashes(htmlspecialchars(strip_tags($user), ENT_QUOTES));
// Username
$pass = getPasswordHash($pass);
// Checking against database
$Q_login = mysql_query("select user_id, deactivated, user_password_complex, user_password_lastchanged from `users` where user_name_short = '" . $user . "' and user_password = '******' limit 1");
if (mysql_num_rows($Q_login) > '0') {
if ($is_external) {
try {
$user_login = array('user_password_lastchanged' => mysql_result($Q_login, 0, 'user_password_lastchanged'));
loginPWcheckAge($user_login);
} catch (Exception $e) {
$external_failed = true;
/**
* 用户登录.
*
* @param $user_name
* @param $password
*
* @return array
*/
public function userLogin($user_name, $password)
{
$loginInfo = array('code' => 0, 'msg' => "");
if ($user_name == "" || $password == "") {
$loginInfo["msg"] = "用户名或密码不能为空";
return $loginInfo;
}
$userInfo = $this->getInfoByName($user_name);
if (empty($userInfo)) {
$loginInfo["msg"] = "不存在该用户";
return $loginInfo;
}
$userPassword = isset($userInfo['password']) ? $userInfo['password'] : "";
$salt = isset($userInfo['salt']) ? $userInfo['salt'] : "";
if (getUserPassword($password, $salt) == $userPassword) {
$loginInfo['code'] = 1;
$loginInfo['msg'] = "登录成功";
//todo 记录 cookie
saveUserCookie($userInfo['id'], $user_name, $password);
} else {
$loginInfo['status'] = false;
$loginInfo['msg'] = "用户名或密码不正确";
}
return $loginInfo;
}
