function usepin()
{
global $PIN_EXPIRE_TIME;
if (!isset($_COOKIE["username"]) || !isset($_COOKIE["device"])) {
return False;
}
$user = $_COOKIE["username"];
$device = $_COOKIE["device"];
if ($user == "" || $device == "") {
return False;
}
$link = sqllink();
if (!$link) {
return False;
}
$sql = "SELECT id FROM `pwdusrrecord` WHERE `username`= ?";
$res = sqlexec($sql, array($user), $link);
$record = $res->fetch(PDO::FETCH_ASSOC);
if ($record == FALSE) {
return False;
}
$id = $record['id'];
$sql = "DELETE FROM `pin` WHERE `errortimes` >= 3 OR UNIX_TIMESTAMP( NOW( ) ) - UNIX_TIMESTAMP(`createtime`) > ?";
$res = sqlexec($sql, array($PIN_EXPIRE_TIME), $link);
$sql = "SELECT * FROM `pin` WHERE `userid`= ? AND `device`= ?";
$res = sqlexec($sql, array($id, $device), $link);
$record = $res->fetch(PDO::FETCH_ASSOC);
if ($record == FALSE) {
return False;
}
return True;
}
<?php
session_start();
require_once "function/sqllink.php";
require_once "function/deleteexpire.php";
if (!isset($_POST['m']) || $_POST['m'] == '' || !isset($_POST['p']) || $_POST['p'] == '' || !isset($_POST['ph'])) {
die('0');
} else {
$expire = date('Y-m-d', strtotime('+6 day'));
$link = sqllink();
$m = $_POST['m'];
$p = $_POST['p'];
$phint = $_POST['ph'];
deleteexpire($link);
$link->beginTransaction();
while (true) {
$code = '';
for ($i = 1; $i <= 6; $i++) {
$c = rand(0, 35);
if ($c < 10) {
$code = $code . $c;
} else {
$code = $code . chr($c - 10 + ord("a"));
}
}
$sql = "SELECT COUNT(*) FROM `talkrecord` WHERE `code`=?";
$res = sqlexec($sql, array($code), $link);
$num = $res->fetch(PDO::FETCH_NUM);
$num = $num[0];
if ($num == 0) {
break;
