function user_login_new($account, $account_type = 1, $uc_login = true, $expire = NULL) { global $timestamp, $online_ip, $QS_pwdhash; $usinfo = $login = array(); $success = false; if ($account_type == "1") { $usinfo = get_user_inusername($account); } elseif ($account_type == "2") { $usinfo = get_user_inemail($account); } elseif ($account_type == "3") { $usinfo = get_user_inmobile($account); } if (!empty($usinfo)) { wap_update_user_info($usinfo['uid'], true); return true; } return false; }
if ($act == 'enter') { $smarty->assign('title', '找回密码 - ' . $_CFG['site_name']); $captcha = get_cache('captcha'); $smarty->assign('verify_getpwd', $captcha['verify_getpwd']); $smarty->assign('sms', get_cache('sms_config')); $smarty->assign('step', "1"); $smarty->display('wap/wap-alter-password.html'); } elseif ($act == 'get_pass') { $captcha = get_cache('captcha'); $postcaptcha = trim($_POST['postcaptcha']); $postusername = trim($_POST['username']) ? trim($_POST['username']) : exit('请填写用户名'); if (empty($_POST['email']) || !preg_match("/^\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*\$/", $_POST['email'])) { echo '电子邮箱格式错误!'; } require_once QISHI_ROOT_PATH . 'include/fun_user.php'; $userinfo = get_user_inusername($postusername); if (empty($userinfo) || $userinfo['email'] != $_POST['email']) { echo '用户名或注册邮箱填写错误'; } else { $mailconfig = get_cache('mailconfig'); $arr['username'] = $userinfo['username']; $arr['password'] = rand(100000, 999999) . randstr(); if (smtp_mail($userinfo['email'], "找回密码", "您的新密码为:" . $arr['password'])) { $md5password = md5(md5($arr['password']) . $userinfo['pwd_hash'] . $QS_pwdhash); if (!$db->query("UPDATE " . table('members') . " SET password = '******' WHERE uid='{$userinfo['uid']}'")) { echo '密码修改失败'; } echo '密码修改成功请查看您的邮箱'; } else { echo '邮件发送失败,请联系网站管理员'; }
function edit_password($arr, $check = true) { global $db, $QS_pwdhash; if (!is_array($arr)) { return false; } $user_info = get_user_inusername($arr['username']); $pwd_hash = $user_info['pwd_hash']; $password = md5(md5($arr['oldpassword']) . $pwd_hash . $QS_pwdhash); if ($check) { $row = $db->getone("SELECT * FROM " . table('members') . " WHERE username='******'username']}' and password = '******' LIMIT 1"); if (empty($row)) { return -1; } } $md5password = md5(md5($arr['password']) . $pwd_hash . $QS_pwdhash); if ($db->query("UPDATE " . table('members') . " SET password = '******' WHERE username='******'username'] . "'")) { return $arr['username']; } write_memberslog($_SESSION['uid'], $_SESSION['utype'], 1004, $_SESSION['username'], "修改了密码"); return false; }
adminmsg('修改出错!', 0); } distribution_jobs_uid($company_uid); } } $link[0]['text'] = "返回列表"; $link[0]['href'] = $_POST['url']; adminmsg('操作成功!', 2, $link); } elseif ($act == 'userpass_edit') { check_token(); check_permissions($_SESSION['admin_purview'], "com_user_edit"); if (strlen(trim($_POST['password'])) < 6) { adminmsg('新密码必须为6位以上!', 1); } require_once ADMIN_ROOT_PATH . 'include/admin_user_fun.php'; $user_info = get_user_inusername($_POST['username']); $pwd_hash = $user_info['pwd_hash']; $md5password = md5(md5(trim($_POST['password'])) . $pwd_hash . $QS_pwdhash); if ($db->query("UPDATE " . table('members') . " SET password = '******' WHERE uid='" . $user_info['uid'] . "'")) { if (defined('UC_API')) { include_once QISHI_ROOT_PATH . 'uc_client/client.php'; uc_user_edit($user_info['username'], trim($_POST['password']), trim($_POST['password']), "", 1); } $link[0]['text'] = "返回列表"; $link[0]['href'] = $_POST['url']; adminmsg('操作成功!', 2, $link); } else { adminmsg('操作失败!', 1); } } elseif ($act == 'userstatus_edit') { check_token();
adminmsg('用户名必须为3位以上!', 1); } if (strlen(trim($_POST['password'])) < 6) { adminmsg('密码必须为6位以上!', 1); } $sql['username'] = !empty($_POST['username']) ? trim($_POST['username']) : adminmsg('请填写用户名!', 1); $sql['password'] = !empty($_POST['password']) ? trim($_POST['password']) : adminmsg('请填写密码!', 1); if ($sql['password'] != trim($_POST['password1'])) { adminmsg('两次输入的密码不相同!', 1); } $sql['utype'] = !empty($_POST['member_type']) ? intval($_POST['member_type']) : adminmsg('你没有选择注册类型!', 1); if (empty($_POST['email']) || !preg_match("/^\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*\$/", $_POST['email'])) { adminmsg('电子邮箱格式错误!', 1); } $sql['email'] = trim($_POST['email']); if (get_user_inusername($sql['username'])) { adminmsg('该用户名已经被使用!', 1); } if (get_user_inemail($sql['email'])) { adminmsg('该 Email 已经被注册!', 1); } if (defined('UC_API')) { include_once QISHI_ROOT_PATH . 'uc_client/client.php'; if (uc_user_checkname($sql['username']) != "1") { adminmsg('该用户名已经被使用或者用户名非法!', 1); exit; } elseif (uc_user_checkemail($sql['email']) != "1") { adminmsg('该 Email已经被使用或者非法!', 1); exit; } else { uc_user_register($sql['username'], $sql['password'], $sql['email']);
$_SESSION['getpass_token'] = $token; $smarty->assign('token', $token); $smarty->display('user/get-pass.htm'); } elseif ($act == 'get_pass_step2') { if (empty($_POST['token']) || $_POST['token'] != $_SESSION['getpass_token']) { $link[0]['text'] = "找回密码失败"; $link[0]['href'] = "?act=enter"; showmsg("找回密码失败,非正常链接", 0, $link); } $username = $_POST['username'] ? trim($_POST['username']) : showmsg("请输入用户名/邮箱/已验证手机"); if (preg_match("/^\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*\$/", $username)) { $usinfo = get_user_inemail($username); } elseif (preg_match("/^(13|14|15|18|17)\\d{9}\$/", $username)) { $usinfo = get_user_inmobile($username); } else { $usinfo = get_user_inusername($username); } if ($usinfo['mobile']) { $usinfo['mobile_'] = preg_replace('/(1[358]{1}[0-9])[0-9]{4}([0-9]{4})/i', '$1****$2', $usinfo['mobile']); } if ($usinfo['email']) { $usinfo['email_'] = preg_replace('/([A-Za-z0-9_])[A-Za-z0-9_]*([A-Za-z0-9_])/', '$1****$2', $usinfo['email'], 1); } $token = substr(md5(mt_rand(100000, 999999)), 8, 16); $_SESSION['getpass_token'] = $token; $smarty->assign('token', $token); $smarty->assign('usinfo', $usinfo); $smarty->assign('title', '找回密码 - 验证身份-' . $_CFG['site_name']); $smarty->display('user/get-pass-step2.htm'); } elseif ($act == 'get_pass_step3') { if (empty($_POST['token']) || $_POST['token'] != $_SESSION['getpass_token']) {
$qsjs = "<script language=\"javascript\" type=\"text/javascript\">window.location.href=\"" . $qsurl . "\";</script>"; if ($ucjs || $qsurl) { exit($ucjs . $qsjs); } else { exit("err"); } } else { exit("err"); } } elseif ($act == 'check_usname') { require_once QISHI_ROOT_PATH . 'include/fun_user.php'; $usname = trim($_POST['usname']); if (strcasecmp(QISHI_DBCHARSET, "utf8") != 0) { $usname = utf8_to_gbk($usname); } $user = get_user_inusername($usname); if (defined('UC_API')) { include_once QISHI_ROOT_PATH . 'uc_client/client.php'; if (uc_user_checkname($usname) === 1 && empty($user)) { exit("true"); } else { exit("false"); } } empty($user) ? exit("true") : exit("false"); } elseif ($act == 'check_email') { require_once QISHI_ROOT_PATH . 'include/fun_user.php'; $email = trim($_POST['email']); if (strcasecmp(QISHI_DBCHARSET, "utf8") != 0) { $email = utf8_to_gbk($email); }
$username = isset($_POST['username']) ? trim($_POST['username']) : ""; $password = isset($_POST['password']) ? trim($_POST['password']) : ""; $member_type = intval($_POST['utype']); $email = isset($_POST['email']) ? trim($_POST['email']) : ""; if (empty($username) || empty($password) || empty($member_type) || empty($email)) { $err = "信息不完整"; } elseif (strlen($username) < 6 || strlen($username) > 18) { $err = "用户名长度为6-18个字符"; } elseif (strlen($password) < 6 || strlen($password) > 18) { $err = "密码长度为6-18个字符"; } elseif ($password != $_POST['password1']) { $err = "两次输入的密码不同"; } elseif (empty($email) || !ereg("^[-a-zA-Z0-9_\\.]+\\@([0-9A-Za-z][0-9A-Za-z-]+\\.)+[A-Za-z]{2,5}\$", $email)) { $err = "电子邮箱格式错误"; } if (get_user_inusername($username)) { $err = "用户名已经存在"; } if (get_user_inemail($email)) { $err = "电子邮箱已经存在"; } if ($err) { $smarty->assign('err', $err); $smarty->assign('type', $member_type); $smarty->display("wap/reg_form.html"); exit; } $register = user_register(3, $password, $member_type, $email, $mobile = "", true, $username, ""); if ($register > 0) { $login_js = wap_user_login($username, $password); $mailconfig = get_cache('mailconfig');
function wap_user_login($account, $password, $account_type = 1, $uc_login = true, $expire = NULL) { global $timestamp, $online_ip, $QS_pwdhash; $usinfo = $login = array(); $success = false; if (preg_match("/^\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*\$/", $account)) { $account_type = 2; } elseif (preg_match("/^(13|14|15|18)\\d{9}\$/", $account)) { $account_type = 3; } if ($account_type == "1") { $usinfo = get_user_inusername($account); } elseif ($account_type == "2") { $usinfo = get_user_inemail($account); } elseif ($account_type == "3") { $usinfo = get_user_inmobile($account); } if (!empty($usinfo)) { $pwd_hash = $usinfo['pwd_hash']; $usname = $usinfo['username']; $pwd = md5(md5($password) . $pwd_hash . $QS_pwdhash); if ($usinfo['password'] == $pwd) { wap_update_user_info($usinfo['uid'], true, true, $expire); $login['qs_login'] = get_member_wap_url($usinfo['utype']); $success = true; } else { $usinfo = ''; $success = false; } } return $login; }