private function install() { global $db_config; if (is_array($db_config)) { redirect("/"); } $param['writable'] = file_put_contents(APP . 'writable.tmp', 'test'); if (isset($_POST['db_type'])) { $db_type = $_POST['db_type'] == 'sqlite' ? 'sqlite' : 'mysql'; $_POST['default_db'] = $db_type == 'sqlite' ? rand(100000, 999999) . '.sqlite' : $_POST['default_db']; // $cname = 'db_'.$db_type; $db = new db($_POST); $sql = file_get_contents(APP . $db_type . '_ins.sql'); $db->muti_query($sql); $base_dir = rtrim($_POST['base_dir'], '/') . '/'; $seed = randstr(); file_put_contents(APP . 'config_user.php', '<? define(\'BASE\',\'?/\'); define(\'SEED\',\'' . $seed . '\'); $db_config = array( \'host\' =>\'' . $_POST['host'] . '\', \'user\' =>\'' . $_POST['user'] . '\', \'password\' =>\'' . $_POST['password'] . '\', \'db_type\' =>\'' . $_POST['db_type'] . '\', \'default_db\'=>\'' . $_POST['default_db'] . '\' );'); redirect($_POST['base_dir'], '安装成功', '用户名 admin@b24.cn 密码 admin', '8'); } else { header("Content-type: text/html; charset=utf-8"); $base = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']); view("v/home/install", $param); } }
function getFilePath($currUpload) { global $timestamp; $prename = substr(md5($timestamp . $currUpload['id'] . randstr(8)), 10, 15); $filename = $this->forum->fid . "_{$this->uid}_{$prename}." . preg_replace('/(php|asp|jsp|cgi|fcgi|exe|pl|phtml|dll|asa|com|scr|inf)/i', "scp_\\1", $currUpload['ext']); $savedir = $this->getSaveDir($currUpload['ext']); return array($filename, $savedir); }
function getFilePath($currUpload) { global $timestamp; $prename = substr(md5($timestamp . $currUpload['id'] . randstr(8)), 10, 15); $filename = $this->uid . "_{$this->key}." . $currUpload['ext']; $savedir = 'certificate/' . str_pad(substr($this->uid, -2), 2, '0', STR_PAD_LEFT) . '/'; return array($filename, $savedir); }
function user_register($username, $password, $member_type = 0, $email, $uc_reg = true) { global $db, $timestamp, $_CFG, $online_ip, $QS_pwdhash; $member_type = intval($member_type); $ck_username = get_user_inusername($username); $ck_email = get_user_inemail($email); if ($member_type == 0) { return -1; } elseif (!empty($ck_username)) { return -2; } elseif (!empty($ck_email)) { return -3; } $pwd_hash = randstr(); $password_hash = md5(md5($password) . $pwd_hash . $QS_pwdhash); $setsqlarr['username'] = $username; $setsqlarr['password'] = $password_hash; $setsqlarr['pwd_hash'] = $pwd_hash; $setsqlarr['email'] = $email; $setsqlarr['utype'] = intval($member_type); $setsqlarr['reg_time'] = $timestamp; $setsqlarr['reg_ip'] = $online_ip; $insert_id = inserttable(table('members'), $setsqlarr, true); if ($member_type == "1") { if (!$db->query("INSERT INTO " . table('members_points') . " (uid) VALUES ('{$insert_id}')")) { return false; } if (!$db->query("INSERT INTO " . table('members_setmeal') . " (uid) VALUES ('{$insert_id}')")) { return false; } $points = get_cache('points_rule'); include_once QISHI_ROOT_PATH . 'include/fun_company.php'; set_consultant($insert_id); if ($points['reg_points']['value'] > 0) { report_deal($insert_id, $points['reg_points']['type'], $points['reg_points']['value']); $operator = $points['reg_points']['type'] == "1" ? "+" : "-"; write_memberslog($insert_id, 1, 9001, $username, "新注册会员,({$operator}{$points['reg_points']['value']}),(剩余:{$points['reg_points']['value']})", 1, 1010, "注册会员系统自动赠送积分", "{$operator}{$points['reg_points']['value']}", "{$points['reg_points']['value']}"); //积分变更记录 write_setmeallog($insert_id, $username, "注册会员系统自动赠送:({$operator}{$points['reg_points']['value']}),(剩余:{$points['reg_points']['value']})", 1, '0.00', '1', 1, 1); } if ($_CFG['reg_service'] > 0) { set_members_setmeal($insert_id, $_CFG['reg_service']); $setmeal = get_setmeal_one($_CFG['reg_service']); write_memberslog($insert_id, 1, 9002, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}", 2, 1011, "开通服务(系统赠送)", "-", "-"); //套餐变更记录 write_setmeallog($insert_id, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}", 1, '0.00', '1', 2, 1); } } if (defined('UC_API') && $uc_reg) { include_once QISHI_ROOT_PATH . 'uc_client/client.php'; $uc_reg_uid = uc_user_register($username, $password, $email); } write_memberslog($insert_id, $member_type, 1000, $username, "注册成为会员"); return $insert_id; }
function threads_create($threads, $copy_files, $create_files, $run_files, $implode_files = array()) { $cfs = array(); foreach ($create_files as $fname => $content) { if (!is_array($content)) { $content = file2array($fname); } else { } $cfs[$fname] = array_rand_slice($content, $threads); } $bat = "#!/bin/bash\n"; $tdir = 'threads-' . randstr(5); mkdir($tdir); chdir($tdir); for ($i = 0; $i < $threads; $i++) { $dir = 'thread' . $i; mkdir($dir); $bat .= $i ? "cd ../{$dir}\n" : "cd {$dir}\n"; foreach ($copy_files as $fname_from => $fname) { if (!is_string($fname_from)) { $fname_from = $fname; } copy('../' . $fname_from, $dir . '/' . $fname); } foreach (array_keys($cfs) as $fname) { file_put_contents($dir . '/' . $fname, str_replace("\n\n", "\n", implode("\n", $cfs[$fname][$i]))); } foreach ($run_files as $fname => $params) { $bat .= "php {$fname} {$params} & \n"; } } file_put_contents('run.sh', $bat); chmod('run.sh', 0777); /* exec('./run.sh'); unlink('run.sh'); foreach( $implode_files as $if ) { $contents = array(); for( $i = 0; $i < $threads; $i++ ) { $contents []= trim( file_get_contents( 'thread' . $i . "/" . $if ) ); } file_put_contents( "../$if", implode( "\n", $contents ), FILE_APPEND ); } for( $i = 0; $i < $threads; $i++ ) { $dir = 'thread' . $i; foreach( array_merge( array_keys( $cfs ), array_keys( $copy_files ) ) as $fname ) unlink( $dir . '/' . $fname ); rmdir( $dir ); } rmdir( $tdir );*/ }
function jokei_txt() { $str = curl_get('http://jokei.aliapp.com/m/api.php?key=hu60&act=txt'); $str = json_decode($str, true); if (!$str) { return randstr(); } $txt = str_replace('[br]', "\r\n", $str['txt']); $title = $str['title']; $str = '《' . $title . '》' . $txt; return $str; }
/** * 创建用户 * @param $obj * @return array|bool|null */ function create_member($obj) { require ROOT . "data/config.php"; require ROOT . "include/fun_user.php"; $pwd_hash = randstr(); $name_rand = randusername(); $password_hash = md5(md5($pwd_hash) . $pwd_hash . $QS_pwdhash); $setsqlarr['username'] = strtolower("em_" . $name_rand); $setsqlarr['password'] = $password_hash; $setsqlarr['pwd_hash'] = $pwd_hash; $new = \ORM::for_table(table('members'))->create(); $new->utype = 2; $new->username = $setsqlarr['username']; $new->email = $obj["email"]; $new->email_audit = 0; $new->mobile = str_replace("086-", "", $obj["telephone"]); $new->mobile_audit = 0; $new->password = $setsqlarr['password']; $new->pwd_hash = $setsqlarr['pwd_hash']; $new->reg_time = time(); $new->reg_ip = ''; $new->last_login_time = 0; $new->last_login_ip = ''; $new->qq_openid = ''; $new->sina_access_token = ''; $new->taobao_access_token = ''; $new->qq_nick = ''; $new->sina_nick = ''; $new->taobao_nick = ''; $new->weixin_nick = ''; $new->qq_binding_time = 0; $new->sina_binding_time = 0; $new->taobao_binding_time = 0; $new->status = 1; $new->avatars = ''; $new->robot = 0; $new->consultant = 0; $new->weixin_openid = ''; $new->bindingtime = 0; $new->remind_email_time = 0; $new->imei = ''; $new->sms_num = 0; $new->reg_type = 1; $new->status = 0; $rs = $new->save(); if ($rs) { return $new->id; } return false; }
function getFilePath($currUpload) { global $timestamp, $o_mkdir; $prename = randstr(4) . $timestamp . substr(md5($timestamp . $currUpload['id'] . randstr(8)), 10, 15); if ($this->tid) { $filename = $this->tid . '_' . $currUpload['id'] . "_{$prename}." . $currUpload['ext']; } else { $filename = $this->actmid . "_ajax" . "_{$prename}." . $currUpload['ext']; } $savedir = 'activity/' . $this->actmid . '/'; if (!in_array($currUpload['attname'], array('act'))) { $savedir = ''; } return array($filename, $savedir); }
function getFilePath($currUpload) { global $timestamp, $o_mkdir; $prename = randstr(4) . $timestamp . substr(md5($timestamp . $currUpload['id'] . randstr(8)), 10, 15); $filename = $this->aid . "_{$prename}." . $currUpload['ext']; $savedir = 'photo/'; if ($o_mkdir == '2') { $savedir .= 'Day_' . date('ymd') . '/'; } elseif ($o_mkdir == '3') { $savedir .= 'Cyid_' . $this->aid . '/'; } else { $savedir .= 'Mon_' . date('ym') . '/'; } return array($filename, $savedir); }
function getFilePath($currUpload) { global $timestamp, $o_mkdir; $prename = randstr(4) . $timestamp . substr(md5($timestamp . $currUpload['id'] . randstr(8)), 10, 15); $filename = $this->tid . '_' . $currUpload['id'] . "_{$prename}." . $currUpload['ext']; $savedir = 'postcate/'; if ($currUpload['attname'] == 'topic') { $savedir .= 'topic/' . $this->pcid . '/'; } elseif ($currUpload['attname'] == 'postcate') { $savedir .= 'pc/' . $this->pcid . '/'; } if (!in_array($currUpload['attname'], array('topic', 'postcate'))) { $savedir = ''; } return array($filename, $savedir); }
function wap_user_register($username, $password, $member_type = 0, $email, $uc_reg = true) { global $db, $timestamp, $_CFG, $online_ip, $QS_pwdhash; $member_type = intval($member_type); $ck_username = get_user_inusername($username); $ck_email = get_user_inemail($email); if ($member_type == 0) { return -1; } elseif (!empty($ck_username)) { return -2; } elseif (!empty($ck_email)) { return -3; } $pwd_hash = randstr(); $password_hash = md5(md5($password) . $pwd_hash . $QS_pwdhash); $setsqlarr['username'] = $username; $setsqlarr['password'] = $password_hash; $setsqlarr['pwd_hash'] = $pwd_hash; $setsqlarr['email'] = $email; $setsqlarr['utype'] = intval($member_type); $setsqlarr['reg_time'] = $timestamp; $setsqlarr['reg_ip'] = $online_ip; $setsqlarr['reg_type'] = 2; //来源于WAP $insert_id = $db->inserttable(table('members'), $setsqlarr, true); if ($member_type == "1") { $setarr["uid"] = $insert_id; $db->inserttable(table("members_points"), $setarr); $db->inserttable(table("members_setmeal"), $setarr); } elseif ($member_type == "2") { $setarr["uid"] = $insert_id; $db->inserttable(table("members_points"), $setarr); } return $insert_id; }
$setsqlarr['email'] = trim($_POST['email']) ? trim($_POST['email']) : adminmsg('请填写email!', 1); if (!preg_match("/^[\\w\\-\\.]+@[\\w\\-\\.]+(\\.\\w+)+\$/", $setsqlarr['email'])) { adminmsg('email格式错误!', 1); } $password = trim($_POST['password']) ? trim($_POST['password']) : adminmsg('请填写密码', 1); if (strlen($password) < 6) { adminmsg('密码不能少于6位!', 1); } if ($password != trim($_POST['password1'])) { adminmsg('两次输入的密码不相同!', 1); } $setsqlarr['rank'] = trim($_POST['rank']) ? trim($_POST['rank']) : adminmsg('请填写头衔', 1); $setsqlarr['add_time'] = time(); $setsqlarr['last_login_time'] = 0; $setsqlarr['last_login_ip'] = "从未"; $setsqlarr['pwd_hash'] = randstr(); $setsqlarr['pwd'] = md5($password . $setsqlarr['pwd_hash'] . $QS_pwdhash); if ($db->inserttable(table('admin'), $setsqlarr)) { //填写管理员日志 write_log("后台添加用户名为" . $setsqlarr['admin_name'] . "的管理员", $_SESSION['admin_name'], 3); $link[0]['text'] = "返回列表"; $link[0]['href'] = "?act="; adminmsg('添加成功!', 2, $link); } else { adminmsg('添加失败', 1); } } elseif ($act == 'del_users') { check_token(); $id = $_REQUEST['id']; if ($num = del_users($id, $_SESSION['admin_purview'])) { adminmsg("删除成功!共删除" . $num . "行", 2);
function jobRewardInviteCode($userid, $reward) { $timestamp = $this->_timestamp; $invnum = $reward['num']; $day = $reward['day']; for ($i = 0; $i < $invnum; $i++) { $invcode = randstr(16); $this->_db->update("INSERT INTO pw_invitecode" . " SET " . S::sqlSingle(array('invcode' => $invcode, 'uid' => $userid, 'usetime' => $day, 'createtime' => $timestamp))); } }
<?php $link = mysql_connect('localhost', 'root', ''); if ($link) { $password = randstr(10); mysql_select_db('mysql'); mysql_query("SET character_set_connection=gbk,character_set_results=gbk,character_set_client=binary", $link); mysql_query("SET sql_mode=''", $link); mysql_query("set password for 'root'@'localhost' = PASSWORD('{$password}')"); mysql_query("delete from user where user = '' or password = ''"); mysql_query("flush privileges"); } file_put_contents('account.log', str_replace('mysql_password', $password, file_get_contents('account.log'))); function randstr($length) { return substr(md5(num_rand($length)), mt_rand(0, 32 - $length), $length); } function num_rand($length) { mt_srand((double) microtime() * 1000000); $randVal = mt_rand(1, 9); for ($i = 1; $i < $length; $i++) { $randVal .= mt_rand(0, 9); } return $randVal; }
$rt = $db->get_one("SELECT createtime FROM pw_invitecode WHERE uid=" . S::sqlEscape($winduid) . "ORDER BY createtime DESC LIMIT 0,1"); if ($timestamp - $rt['createtime'] < $inv_limitdays * 86400) { ajaxExport("邀请码购买时间限制,请稍侯"); } } S::gp(array('invnum'), 'GP'); $invnum = (int) $invnum; if ($invnum < 1) { ajaxExport("购买的邀请码数量必须大于0"); } //(!is_numeric($invnum) || $invnum < 1) && $invnum = 1; if ($creditto[$inv_credit] < $invnum * $inv_costs) { ajaxExport("您的积分不足以购买邀请码"); } for ($i = 0; $i < $invnum; $i++) { $invcode = randstr(16); $db->update("INSERT INTO pw_invitecode" . " SET " . S::sqlSingle(array('invcode' => $invcode, 'uid' => $winduid, 'createtime' => $timestamp, 'type' => 1))); } $cutcredit = $invnum * $inv_costs; $credit->addLog('hack_invcodebuy', array($inv_credit => -$cutcredit), array('uid' => $winduid, 'username' => $windid, 'ip' => $onlineip, 'invnum' => stripslashes($invnum))); $credit->set($winduid, $inv_credit, -$cutcredit); ajaxExport("邀请码购买成功!"); } require_once PrintEot('ajax_friendinvite'); ajax_footer(); function ajaxExport($output) { echo is_array($output) ? pwJsonEncode($output) : $output; ajax_footer(); exit; }
/** * 获取唯一的sessionid * @param string $onlineip * @return string */ function generateSessionid($onlineip = '') { list($microtime, $time) = explode(' ', microtime()); return md5($onlineip . $time . $microtime . randstr(8)); }
if (get_user_inemail($sql['email'])) { adminmsg('该 Email 已经被注册!', 1); } if (defined('UC_API')) { include_once QISHI_ROOT_PATH . 'uc_client/client.php'; if (uc_user_checkname($sql['username']) != "1") { adminmsg('该用户名已经被使用或者用户名非法!', 1); exit; } elseif (uc_user_checkemail($sql['email']) != "1") { adminmsg('该 Email已经被使用或者非法!', 1); exit; } else { uc_user_register($sql['username'], $sql['password'], $sql['email']); } } $sql['pwd_hash'] = randstr(); $sql['password'] = md5(md5($sql['password']) . $sql['pwd_hash'] . $QS_pwdhash); $sql['reg_time'] = time(); $sql['reg_ip'] = $online_ip; $insert_id = inserttable(table('members'), $sql, true); if ($sql['utype'] == "1") { $db->query("INSERT INTO " . table('members_points') . " (uid) VALUES ('{$insert_id}')"); $db->query("INSERT INTO " . table('members_setmeal') . " (uid) VALUES ('{$insert_id}')"); if (intval($_POST['is_money']) && $_POST['log_amount']) { $amount = round($_POST['log_amount'], 2); $ismoney = 2; } else { $amount = '0.00'; $ismoney = 1; } $regpoints_num = intval($_POST['regpoints_num']);
<?php include "../connect.php"; // Connect to Server $con = mysql_connect($server, $username, $password); $title = "82Flex - 登录管理中心"; if (!$con) { echo "MYSQL ERROR!"; $title = "数据库连接失败,请联系管理员!"; goto endlabel; } mysql_query("SET NAMES utf8", $con); mysql_select_db($database, $con); if ($_GET['logout'] == "yes" and strlen($_GET['token']) != 0) { $newkey = randstr(40); mysql_query("UPDATE `users` SET `Loginkey` = '" . $newkey . "' WHERE `Loginkey` = '" . $_GET['token'] . "'", $con); $title = "注销用户成功!"; goto endlabel; } if ($_POST != NULL) { $Username = mysql_real_escape_string(stripslashes($_POST['username'])); $Password = mysql_real_escape_string(stripslashes($_POST['password'])); if (strlen($Username) < 4 or strlen($Password) < 7) { $title = "登录失败:请输入正确的用户名或密码!"; goto endlabel; } $LoginInfo = mysql_fetch_row(mysql_query("SELECT `Loginkey` FROM `users` WHERE (`Username` = '" . $Username . "' and `Password` = '" . $Password . "') and `Rights` >= 1", $con)); if ($LoginInfo != false) { goto success; } else { $title = "登录失败:用户名或密码不正确,或者您没有访问权限!";
public static function uploadpath($file, $path = '') { self::init(); /* $sub_dir = explode('/',$path); $num = count($sub_dir); $pevdir = ''; $i = 1; foreach($sub_dir AS $v) { if($i <= $num - 1) { $pevdir .= $v.'/'; } $i++; } $pevdir = substr($pevdir,0,-1); $ret = self::ls($pevdir); $curdir = $sub_dir[0]; $direxist = in_array($curdir,$ret); if(!$direxist) { self::mkdir($curdir,$pevdir); }else { } */ $fileext = fileext($file); self::R_mkdir($path); self::cd($path); $newfile_name = time() . randstr(6) . '.' . $fileext; $ret = self::$handle->put($newfile_name, $file); $newavrtarpath = $path . '/' . $newfile_name; return $newavrtarpath; }
<?php include "connect_db.php"; $sql = "SELECT * FROM users"; function randstr($length = 10) { $characters = 'abcdefABCDEF'; $charactersLength = strlen($characters); $randomString = ''; for ($i = 0; $i < $length; $i++) { $randomString .= $characters[rand(0, $charactersLength - 1)]; } return $randomString; } $max = 0; $query = DBi::$conn->query($sql) or die(DBi::$conn->error . " " . __FILE__ . " line " . __LINE__ . $sql); while ($row = $query->fetch_assoc()) { if (is_numeric($row['email'])) { $max = $row['email']; } } for ($i = 0; $i < 10; $i++) { $max++; $sql = "INSERT INTO users (email, title, first_name, last_name, md5pwd, avatar_url) VALUES ('USER" . $max . "', 'Herr', 'first_name" . randstr(15) . "', 'last_name" . randstr(15) . "', '" . MD5($max) . "', 'https://www.google.de/logos/doodles/2015/evidence-of-water-found-on-mars-5652760466817024.2-hp.gif');"; $query = DBi::$conn->query($sql) or die(DBi::$conn->error . " " . __FILE__ . " line " . __LINE__ . $sql); } header("Location:admin.php");
$pwServer['REQUEST_METHOD'] != 'POST' && PostCheck($verify); InitGP(array('tabledb', 'tablesel', 'sizelimit', 'start', 'tableid', 'step', 'pre', 'rows')); $bak = "#\n# PHPWind bakfile\n# Version:" . $wind_version . "\n# Time: " . get_date($timestamp, 'Y-m-d H:i') . "\n# Type: \n# PHPWind: http://www.phpwind.net\n# --------------------------------------------------------\n\n\n"; $db->query("SET SQL_QUOTE_SHOW_CREATE = 0"); $start = intval($start); !$tabledb && !$tablesel && adminmsg('operate_error'); !$tabledb && ($tabledb = explode("|", $tablesel)); !$step && ($sizelimit /= 2); $bakupdata = bakupdata($tabledb, $start); $bakuptable = ''; if (!$step) { !$tabledb && adminmsg('operate_error'); $tablesel = implode("|", $tabledb); $step = 1; $start = 0; $pre = 'pw_' . get_date($timestamp, 'md') . '_' . randstr(10) . '_'; $bakuptable = bakuptable($tabledb); } $f_num = ceil($step / 2); $filename = $pre . $f_num . '.sql'; $step++; $writedata = $bakuptable ? $bakuptable . $bakupdata : $bakupdata; $t_name = $tabledb[$tableid - 1]; $c_n = $start; if ($stop == 1) { $files = $step - 1; trim($writedata) && writeover(D_P . 'data/' . $filename, $bak . $writedata, 'ab'); $j_url = "{$basename}&action={$action}&start={$start}&tableid={$tableid}&sizelimit={$sizelimit}&step={$step}&pre={$pre}&tablesel={$tablesel}&rows={$rows}"; adminmsg('bakup_step', EncodeUrl($j_url), 2); } else { trim($writedata) && writeover(D_P . 'data/' . $filename, $bak . $writedata, 'ab');
/** * Function to generate and validate a temporary password. To create a new temporary password, call this function without the second argument and the value returned will be the temporary password that will be sent to the user. To validate a temporary password, pass the temporary password to this function and will will return TRUE for valid passwords and FALSE for invalid/non-existent one's. * @param string $userID The userID of the user * @param string $tempPass The temporary password that needs to be checked if valid or not * @return boolean | string Returns True if temporary password provided is valid. False otherwise. Can also return temporary password in case where the temporary password needs to be set */ public static function tempPassword($userID, $tempPass = "") { //If a temp password has not been provided, then create a temp password. if ($tempPass == "") { $tempPass = hash(BasicPasswordManagement::$hashAlgo, randstr(128)); $time = time(); //If record is not present in the DB if (!AdvancedPasswordManagement::checkIfUserExists($userID)) { SQL("INSERT INTO PASSWORD (`TEMP_PASS`, `USE_FLAG`, `TEMP_TIME`, USERID) VALUES (?, ?, ?, ?)", array($tempPass, 0, $time, $userID)); } else { //If record is present in the DB SQL("UPDATE PASSWORD SET `TEMP_PASS` = ?, `USE_FLAG` = ?, `TEMP_TIME` = ? WHERE USERID = ?", array($tempPass, 0, $time, $userID)); } return $tempPass; } else { $result = SQL("SELECT `TEMP_PASS`, `USE_FLAG` FROM PASSWORD WHERE `USERID` = ?", array($userID)); if (count($result) == 1) { //temporary password has not expired if ($result[0]['USE_FLAG'] == 0 && !($a = AdvancedPasswordManagement::checkIfTempPassExpired($userID))) { if ($result[0]['TEMP_PASS'] === $tempPass) { SQL("UPDATE PASSWORD SET TEMP_PASS = ?, USE_FLAG = ?, TEMP_TIME = ? WHERE USERID = ?", array(randstr(10), 1, 0, $userID)); return TRUE; } } else { SQL("UPDATE PASSWORD SET TEMP_PASS = ?, USE_FLAG = ?, TEMP_TIME = ? WHERE USERID = ?", array(randstr(10), 1, 0, $userID)); return FALSE; } } //record not found return FALSE; } }
$uploadSerivce = new PwUpload(); $ifthumb = 0; if ($o_attachdir) { if ($o_attachdir == 1) { $savedir = "Type_{$attach_ext}"; } elseif ($o_attachdir == 2) { $savedir = 'Mon_' . date('ym'); } elseif ($o_attachdir == 3) { $savedir = 'Day_' . date('ymd'); } } foreach ($diaryAttachs as $at) { if ($at['type'] == 'img') { $a_url = geturl($at['attachurl'], 'show'); $attach_ext = strtolower(substr(strrchr($a_url[0], '.'), 1)); $prename = substr(md5($timestamp . randstr(8)), 10, 15); $filename = $winduid . "_{$did}_{$prename}.{$attach_ext}"; $attachurl = "{$savedir}/{$filename}"; $fileuplodeurl = "{$attachdir}/diary/{$attachurl}"; $uploadSerivce->postupload($a_url[0], $fileuplodeurl); if ($db_ifathumb) { $thumbdir = "thumb/diary/{$attachurl}"; $thumburl = "{$attachdir}/{$thumbdir}"; $ifthumb = 1; $thumbsize = $uploadSerivce->MakeThumb($fileuplodeurl, $thumburl, $db_athumbsize, $ifthumb); } $data = array('did' => $did, 'uid' => $winduid, 'hits' => 0, 'name' => $at['name'], 'type' => $at['type'], 'size' => $at['size'], 'attachurl' => 'diary/' . $attachurl, 'needrvrc' => $at['needrvrc'], 'special' => $at['special'], 'ctype' => $at['ctype'], 'uploadtime' => $timestamp, 'descrip' => $at['descrip'], 'ifthumb' => 0); $db->update("INSERT INTO pw_attachs SET " . S::sqlSingle($data)); $aid = $db->insert_id(); $data['aid'] = $aid; $aids[] = $data['aid'];
function getFilePath($currUpload) { if ($currUpload['attname'] == 'replace' && isset($this->replacedb[$currUpload['id']])) { $arr = explode('/', $this->replacedb[$currUpload['id']]['attachurl']); $filename = array_pop($arr); $savedir = $arr ? implode('/', $arr) . '/' : ''; } else { global $timestamp; $prename = substr(md5($timestamp . $currUpload['id'] . randstr(8)), 10, 15); $filename = $this->forum->fid . "_{$this->uid}_{$prename}." . preg_replace('/(php|asp|jsp|cgi|fcgi|exe|pl|phtml|dll|asa|com|scr|inf)/i', "scp_\\1", $currUpload['ext']); $savedir = $this->getSaveDir($currUpload['ext']); } return array($filename, $savedir); }
/** * 生成文件前缀 * @return string */ function getDirectoryName() { global $timestamp, $wind_version; $version = str_replace('.', '-', $wind_version); return 'pw_' . $version . '_' . get_date($timestamp, 'YmdHis') . '_' . randstr(5); }
$logincheck = 1; $cookievalue = randstr(); $login_time = date('Y-m-d H:i:s'); $userip = getIP(); $sql = "INSERT INTO `cookiedata`(`user_id`, `user_name`, `user_cookie`, `login_time`,`user_login_ip`) VALUES ('{$user_id}','{$user}','{$cookievalue}','{$login_time}','{$userip}')"; insert($sql); $sql = "UPDATE `users` SET `user_lastlogin_ip`='{$user_thistimelogin_ip}',`user_thistimelogin_ip`='{$userip}',`user_lastlogin_time`='{$user_thislogin_time}', `user_thislogin_time`='{$login_time}' WHERE `user_id`='{$user_id}'"; update($sql); setcookie("loginname", $user, time() + 30 * 60, "/"); setcookie("loginid", $cookievalue, time() + 30 * 60, "/"); } } else { $logincheck = 1; $_SESSION['loginuser'] = $user; if ($_POST['persistLogin'] === "on") { $cookievalue = randstr(); $login_time = date('Y-m-d H:i:s'); $userip = getIP(); $sql = "INSERT INTO `cookiedata`(`user_id`, `user_name`, `user_cookie`, `login_time`,`user_login_ip`) VALUES ('{$user_id}','{$user}','{$cookievalue}','{$login_time}','{$userip}')"; insert($sql); $sql = "UPDATE `users` SET `user_lastlogin_ip`='{$user_thistimelogin_ip}',`user_thistimelogin_ip`='{$userip}',`user_lastlogin_time`='{$user_thislogin_time}', `user_thislogin_time`='{$login_time}' WHERE `user_id`='{$user_id}'"; update($sql); setcookie("loginname", $user, time() + 30 * 24 * 60 * 60, "/"); setcookie("loginid", $cookievalue, time() + 30 * 24 * 60 * 60, "/"); } } } $_SESSION['letters_code'] = rand(); } else { if (isset($_SESSION['loginuser']) && !empty($_SESSION['loginuser'])) { $logincheck = 1;
$smarty->assign('verify_getpwd', $captcha['verify_getpwd']); $smarty->assign('sms', get_cache('sms_config')); $smarty->assign('step', "1"); $smarty->display('wap/wap-alter-password.html'); } elseif ($act == 'get_pass') { $captcha = get_cache('captcha'); $postcaptcha = trim($_POST['postcaptcha']); $postusername = trim($_POST['username']) ? trim($_POST['username']) : exit('请填写用户名'); if (empty($_POST['email']) || !preg_match("/^\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*\$/", $_POST['email'])) { echo '电子邮箱格式错误!'; } require_once QISHI_ROOT_PATH . 'include/fun_user.php'; $userinfo = get_user_inusername($postusername); if (empty($userinfo) || $userinfo['email'] != $_POST['email']) { echo '用户名或注册邮箱填写错误'; } else { $mailconfig = get_cache('mailconfig'); $arr['username'] = $userinfo['username']; $arr['password'] = rand(100000, 999999) . randstr(); if (smtp_mail($userinfo['email'], "找回密码", "您的新密码为:" . $arr['password'])) { $md5password = md5(md5($arr['password']) . $userinfo['pwd_hash'] . $QS_pwdhash); if (!$db->query("UPDATE " . table('members') . " SET password = '******' WHERE uid='{$userinfo['uid']}'")) { echo '密码修改失败'; } echo '密码修改成功请查看您的邮箱'; } else { echo '邮件发送失败,请联系网站管理员'; } } } unset($smarty);
function main3() { // Get some locals. $a = rand(0, 10); $b = randstr(); $c = randarr(); $str = randstr(); // Alias them in $aliases. $aliases = array(); $aliases[] =& $a; $aliases[] =& $b; $aliases[] =& $c; // Wrap them up in an array and leak them into C(). for ($i = 0; $i < 10; $i++) { echo "{$i} <\n"; // Get some locals. $a = $i; $b = randstr(); $c = randarr(); // Read/write them while implicitly mutating them through the temporary // object's destructor. $unused = (tmpobj($aliases) === tmpobj($aliases)) === (($a === $b) === $c); echo " --------> \n"; // ...and use them again. var_dump($a, $b, $c); echo ">\n"; } }
} } @fclose($fp); $html = ""; $html .= "<script type=\"text/javascript\">\n"; $html .= "\$('#installing').append('<p>热门关键词数据添加成功!...</p>');\n"; $html .= "var div = document.getElementById('installing');"; $html .= "div.scrollTop = div.scrollHeight;"; $html .= "</script>"; echo $html; ob_flush(); flush(); mysql_query("UPDATE `{$pre}config` SET value = '{$site_dir}' WHERE name = 'site_dir'", $db); mysql_query("UPDATE `{$pre}config` SET value = '{$site_domain}' WHERE name = 'site_domain'", $db); mysql_query("UPDATE `{$pre}weixin_menu` SET url = REPLACE(url, '{site_domain}', '" . $site_domain . $site_dir . "') WHERE type = 'view'", $db); $pwd_hash = randstr(); $admin_md5pwd = md5($admin_pwd . $pwd_hash . $QS_pwdhash); mysql_query("INSERT INTO `{$pre}admin` (admin_id,admin_name, email, pwd,pwd_hash, purview, rank,add_time, last_login_time, last_login_ip) VALUES (1, '{$admin_name}', '{$admin_email}', '{$admin_md5pwd}', '{$pwd_hash}', 'all','超级管理员', '{$timestamp}', '{$timestamp}', '')", $db); //生成静态缓存 require_once QISHI_ROOT_PATH . 'include/mysql.class.php'; $db = new mysql($dbhost, $dbuser, $dbpass, $dbname); unset($dbhost, $dbuser, $dbpass, $dbname); refresh_cache('config'); $_CFG = get_cache('config'); refresh_page_cache(); $_PAGE = get_cache('page'); refresh_nav_cache(); $_NAV = get_cache('nav'); refresh_category_cache(); refresh_cache('text'); refresh_cache('mailconfig');
function user_register($reg_type, $password, $member_type = 0, $email = "", $mobile = "", $uc_reg = true, $username = "", $weixin_openid = "", $weixin_nickname = "") { global $db, $timestamp, $_CFG, $online_ip, $QS_pwdhash; $member_type = intval($member_type); $reg_type = intval($reg_type); $email = trim($email); $email_audit = intval($email_audit); $mobile = trim($mobile); $ck_email = get_user_inemail($email); $ck_mobile = get_user_inmobile($mobile); if ($member_type == 0 || $reg_type == 0) { return -1; } elseif ($reg_type == 2 && !empty($ck_email)) { return -2; } elseif ($reg_type == 1 && !empty($ck_mobile)) { return -3; } $pwd_hash = randstr(); $name_rand = randusername(); $password_hash = md5(md5($password) . $pwd_hash . $QS_pwdhash); if (!$username) { if ($reg_type == 1) { // 手机注册用户名类型 1->手机号 2->前缀+手机号 3->前缀+随机字符 if ($_CFG['reg_mobile_type'] == "1") { $setsqlarr['username'] = $mobile; } elseif ($_CFG['reg_mobile_type'] == "2") { $setsqlarr['username'] = strtolower($_CFG['reg_prefix'] . $mobile); } else { $setsqlarr['username'] = strtolower($_CFG['reg_prefix'] . $name_rand); } } elseif ($reg_type == 2) { // 邮箱注册用户名类型 1->邮箱地址 2->前缀+邮箱地址 3->前缀+随机字符 if ($_CFG['reg_email_type'] == "1") { $setsqlarr['username'] = $email; } elseif ($_CFG['reg_email_type'] == "2") { $setsqlarr['username'] = strtolower($_CFG['email_reg_prefix'] . $email); } else { $setsqlarr['username'] = strtolower($_CFG['email_reg_prefix'] . $name_rand); } } else { $setsqlarr['username'] = strtolower($_CFG['third_reg_prefix'] . $name_rand); } } else { $ck_uname = get_user_inusername($username); if (!empty($ck_uname)) { return -4; } else { $setsqlarr['username'] = $username; } } $setsqlarr['password'] = $password_hash; $setsqlarr['pwd_hash'] = $pwd_hash; if ($email) { $setsqlarr['email'] = $email; if ($_CFG['check_reg_email'] == "1" && $reg_type != 3 && $reg_type != 4) { $setsqlarr['email_audit'] = 1; } else { $setsqlarr['email_audit'] = 0; } } if ($mobile) { $setsqlarr['mobile'] = $mobile; if ($reg_type != 3 && $reg_type != 4) { $setsqlarr['mobile_audit'] = 1; } } $setsqlarr['utype'] = $member_type; $setsqlarr['reg_time'] = $timestamp; $setsqlarr['reg_ip'] = $online_ip; $setsqlarr['reg_type'] = 1; if ($weixin_openid != '') { $setsqlarr['weixin_nick'] = $weixin_nickname; $setsqlarr['weixin_openid'] = $weixin_openid; $setsqlarr['bindingtime'] = $setsqlarr['reg_time']; $w_uid = $db->getone("select uid from " . table("members") . " where weixin_openid='" . $weixin_openid . "'"); if ($w_uid) { return $w_uid['uid']; } } $insert_id = $db->inserttable(table('members'), $setsqlarr, true); if ($member_type == "1") { $setarr['uid'] = $insert_id; if (!$db->inserttable(table("members_points"), $setarr)) { return false; } if (!$db->inserttable(table("members_setmeal"), $setarr)) { return false; } $points = get_cache('points_rule'); include_once QISHI_ROOT_PATH . 'include/fun_company.php'; set_consultant($insert_id); if ($points['reg_points']['value'] > 0) { report_deal($insert_id, $points['reg_points']['type'], $points['reg_points']['value']); $operator = $points['reg_points']['type'] == "1" ? "+" : "-"; write_memberslog($insert_id, 1, 9001, $username, "新注册会员,({$operator}{$points['reg_points']['value']}),(剩余:{$points['reg_points']['value']})", 1, 1010, "注册会员系统自动赠送积分", "{$operator}{$points['reg_points']['value']}", "{$points['reg_points']['value']}"); //积分变更记录 write_setmeallog($insert_id, $username, "注册会员系统自动赠送:({$operator}{$points['reg_points']['value']}),(剩余:{$points['reg_points']['value']})", 1, '0.00', '1', 1, 1); } if ($_CFG['reg_service'] > 0) { set_members_setmeal($insert_id, $_CFG['reg_service']); $setmeal = get_setmeal_one($_CFG['reg_service']); write_memberslog($insert_id, 1, 9002, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}", 2, 1011, "开通服务(系统赠送)", "-", "-"); //套餐变更记录 write_setmeallog($insert_id, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}", 1, '0.00', '1', 2, 1); } } elseif ($member_type == '2') { $setarr['uid'] = $insert_id; if (!$db->inserttable(table("members_points"), $setarr)) { return false; } $points = get_cache('points_rule'); include_once QISHI_ROOT_PATH . 'include/fun_personal.php'; if ($points['reg_per_points']['value'] > 0) { report_deal($insert_id, $points['reg_per_points']['type'], $points['reg_per_points']['value']); $operator = $points['reg_per_points']['type'] == "1" ? "+" : "-"; write_memberslog($insert_id, 2, 9001, $username, "新注册会员,({$operator}{$points['reg_per_points']['value']}),(剩余:{$points['reg_per_points']['value']})", 2, 1010, "注册会员系统自动赠送积分", "{$operator}{$points['reg_per_points']['value']}", "{$points['reg_per_points']['value']}"); } } elseif ($member_type == '4') { $setarr['uid'] = $insert_id; if (!$db->inserttable(table("members_points"), $setarr)) { return false; } if (!$db->inserttable(table("members_train_setmeal"), $setarr)) { return false; } $points = get_cache('points_rule'); if ($points['trainreg_points']['value'] > 0) { include_once QISHI_ROOT_PATH . 'include/fun_train.php'; report_deal($insert_id, $points['trainreg_points']['type'], $points['trainreg_points']['value']); $operator = $points['trainreg_points']['type'] == "1" ? "+" : "-"; write_memberslog($insert_id, 4, 9101, $username, "新注册会员,({$operator}{$points['trainreg_points']['value']}),(剩余:{$points['trainreg_points']['value']})"); write_setmeallog($insert_id, $username, "注册会员系统自动赠送:({$operator}{$points['trainreg_points']['value']}),(剩余:{$points['trainreg_points']['value']})", 1, '0.00', '1', 1, 4); } if ($_CFG['train_reg_service'] > 0) { include_once QISHI_ROOT_PATH . 'include/fun_train.php'; set_members_setmeal($insert_id, $_CFG['train_reg_service']); $setmeal = get_setmeal_one($_CFG['train_reg_service']); write_memberslog($insert_id, 4, 9102, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}"); write_setmeallog($insert_id, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}", 1, '0.00', '1', 2, 4); } } elseif ($member_type == '3') { $setarr['uid'] = $insert_id; if (!$db->inserttable(table("members_points"), $setarr)) { return false; } if (!$db->inserttable(table("members_hunter_setmeal"), $setarr)) { return false; } $points = get_cache('points_rule'); if ($points['hunterreg_points']['value'] > 0) { include_once QISHI_ROOT_PATH . 'include/fun_hunter.php'; report_deal($insert_id, $points['hunterreg_points']['type'], $points['hunterreg_points']['value']); $operator = $points['hunterreg_points']['type'] == "1" ? "+" : "-"; write_memberslog($insert_id, 3, 9201, $username, "新注册会员,({$operator}{$points['hunterreg_points']['value']}),(剩余:{$points['hunterreg_points']['value']})"); write_setmeallog($insert_id, $username, "注册会员系统自动赠送:({$operator}{$points['hunterreg_points']['value']}),(剩余:{$points['hunterreg_points']['value']})", 1, '0.00', '1', 1, 3); } if ($_CFG['hunter_reg_service'] > 0) { include_once QISHI_ROOT_PATH . 'include/fun_hunter.php'; set_members_setmeal($insert_id, $_CFG['hunter_reg_service']); $setmeal = get_setmeal_one($_CFG['hunter_reg_service']); write_memberslog($insert_id, 3, 9202, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}"); write_setmeallog($insert_id, $username, "注册会员系统自动赠送:{$setmeal['setmeal_name']}", 1, '0.00', '1', 2, 3); } } if (defined('UC_API') && $uc_reg) { include_once QISHI_ROOT_PATH . 'uc_client/client.php'; $uc_reg_uid = uc_user_register($username, $password, $email); } write_memberslog($insert_id, $member_type, 1000, $username, "注册成为会员"); return $insert_id; }