$username = !empty($_POST['username']) ? json_str_iconv(trim($_POST['username'])) : '';
$password = !empty($_POST['password']) ? trim($_POST['password']) : '';
$captcha = !empty($_POST['captcha']) ? json_str_iconv(trim($_POST['captcha'])) : '';
$result = array('error' => 0, 'content' => '');
$captcha = intval($_CFG['captcha']);
if ($captcha & CAPTCHA_LOGIN && (!($captcha & CAPTCHA_LOGIN_FAIL) || $captcha & CAPTCHA_LOGIN_FAIL && $_SESSION['login_fail'] > 2) && gd_version() > 0) {
if (empty($captcha)) {
$result['error'] = 1;
$result['content'] = $_LANG['invalid_captcha'];
die($json->encode($result));
}
/* 检查验证码 */
include_once 'includes/cls_captcha.php';
$validator = new captcha();
$validator->session_word = 'captcha_login';
if (!$validator->check_word($_POST['captcha'])) {
$result['error'] = 1;
$result['content'] = $_LANG['invalid_captcha'];
die($json->encode($result));
}
}
if ($user->login($username, $password)) {
update_user_info();
//更新用户信息
recalculate_price();
// 重新计算购物车中的商品价格
$smarty->assign('user_info', get_user_info());
$ucdata = empty($user->ucdata) ? "" : $user->ucdata;
$result['ucdata'] = $ucdata;
$result['content'] = $smarty->fetch('library/member_info.lbi');
} else {
$cmt = $json->decode($_REQUEST['cmt']);
$cmt->page = 1;
$cmt->id = !empty($cmt->id) ? intval($cmt->id) : 0;
$cmt->type = !empty($cmt->type) ? intval($cmt->type) : 0;
if (empty($cmt) || !isset($cmt->type) || !isset($cmt->id)) {
$result['error'] = 1;
$result['message'] = $_LANG['invalid_comments'];
} elseif (!is_email($cmt->email)) {
$result['error'] = 1;
$result['message'] = $_LANG['error_email'];
} else {
if (intval($_CFG['captcha']) & CAPTCHA_COMMENT && gd_version() > 0) {
/* 检查验证码 */
include_once 'includes/cls_captcha.php';
$validator = new captcha();
if (!$validator->check_word($cmt->captcha)) {
$result['error'] = 1;
$result['message'] = $_LANG['invalid_captcha'];
} else {
$factor = intval($_CFG['comment_factor']);
if ($cmt->type == 0 && $factor > 0) {
/* 只有商品才检查评论条件 */
switch ($factor) {
case COMMENT_LOGIN:
if ($_SESSION['user_id'] == 0) {
$result['error'] = 1;
$result['message'] = $_LANG['comment_login'];
}
break;
case COMMENT_CUSTOM:
if ($_SESSION['user_id'] > 0) {
function action_check_answer()
{
// 获取全局变量
$user = $GLOBALS['user'];
$_CFG = $GLOBALS['_CFG'];
$_LANG = $GLOBALS['_LANG'];
$smarty = $GLOBALS['smarty'];
$db = $GLOBALS['db'];
$ecs = $GLOBALS['ecs'];
$user_id = $_SESSION['user_id'];
$captcha = intval($_CFG['captcha']);
if ($captcha & CAPTCHA_LOGIN && (!($captcha & CAPTCHA_LOGIN_FAIL) || $captcha & CAPTCHA_LOGIN_FAIL && $_SESSION['login_fail'] > 2) && gd_version() > 0) {
if (empty($_POST['captcha'])) {
show_message($_LANG['invalid_captcha'], $_LANG['back_retry_answer'], 'user.php?act=qpassword_name', 'error');
}
/* 检查验证码 */
include_once 'includes/cls_captcha.php';
$validator = new captcha();
$validator->session_word = 'captcha_login';
if (!$validator->check_word($_POST['captcha'])) {
show_message($_LANG['invalid_captcha'], $_LANG['back_retry_answer'], 'user.php?act=qpassword_name', 'error');
}
}
if (empty($_POST['passwd_answer']) || $_POST['passwd_answer'] != $_SESSION['passwd_answer']) {
show_message($_LANG['wrong_passwd_answer'], $_LANG['back_retry_answer'], 'user.php?act=qpassword_name', 'info');
} else {
$_SESSION['user_id'] = $_SESSION['temp_user'];
$_SESSION['user_name'] = $_SESSION['temp_user_name'];
unset($_SESSION['temp_user']);
unset($_SESSION['temp_user_name']);
$smarty->assign('uid', $_SESSION['user_id']);
$smarty->assign('action', 'reset_password');
$smarty->display('user_passport.dwt');
}
}
echo MES_Order::save_consignee($data);
} else {
if ($action == 'checkout') {
$current_ip = GET_IP();
$_key = 'checkout_times_' . $current_ip;
$checkout_times = 0;
if ($REDIS_CLIENT->exists($_key)) {
$checkout_times = intval($REDIS_CLIENT->get($_key));
}
//大于三次的提交 才验证
if ($checkout_times > 3) {
error_reporting(0);
$vaild_code = ANTI_SPAM($_POST['vaild_code']);
include_once 'includes/cls_captcha.php';
$validator = new captcha();
if (!$validator->check_word($vaild_code)) {
echo json_encode(array('code' => RES_CAPTACH_INVAILD, 'msg' => 'vaild error'));
exit;
}
}
//checkout and cal total price
$card_message = $_POST['card_message'];
if (!$card_message) {
$card_message = '';
} else {
//$card_message = explode("|",$card_message);
}
$card_message_arr = explode("|", $card_message);
for ($i = 0; $i < count($card_message_arr); $i++) {
//var_dump(iconv_strlen($card_message,'utf-8'));
ANTI_SPAM($card_message_arr[$i], array('minLength' => 0, 'maxLength' => 10));
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'login') {
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
if (intval($_CFG['captcha']) & CAPTCHA_ADMIN && gd_version() > 0) {
$smarty->assign('gd_version', gd_version());
$smarty->assign('random', mt_rand());
}
$smarty->display('login.htm');
} elseif ($_REQUEST['act'] == 'signin') {
if (!empty($_SESSION['captcha_word']) && intval($_CFG['captcha']) & CAPTCHA_ADMIN) {
include_once ROOT_PATH . 'includes/cls_captcha.php';
/* 检查验证码是否正确 */
$validator = new captcha();
if (!empty($_POST['captcha']) && !$validator->check_word($_POST['captcha'])) {
sys_msg($_LANG['captcha_error'], 1);
}
}
$_POST['username'] = isset($_POST['username']) ? trim($_POST['username']) : '';
$_POST['password'] = isset($_POST['password']) ? trim($_POST['password']) : '';
/* 检查密码是否正确 */
$sql = "SELECT user_id, user_name, password, last_login, action_list, last_login, suppliers_id" . " FROM " . $ecs->table('admin_user') . " WHERE user_name = '" . $_POST['username'] . "' AND password = '******'password']) . "'";
$row = $db->getRow($sql);
if ($row) {
// 检查是否为供货商的管理员 所属供货商是否有效
if (!empty($row['suppliers_id'])) {
$supplier_is_check = suppliers_list_info(' is_check = 1 AND suppliers_id = ' . $row['suppliers_id']);
if (empty($supplier_is_check)) {
sys_msg($_LANG['login_disable'], 1);
}
/**
* 注册会员的处理
*/
function action_register()
{
// 获取全局变量
$_CFG = $GLOBALS['_CFG'];
$_LANG = $GLOBALS['_LANG'];
$smarty = $GLOBALS['smarty'];
$db = $GLOBALS['db'];
$ecs = $GLOBALS['ecs'];
$err = $GLOBALS['err'];
include_once 'includes/cls_json.php';
$json = new JSON();
$res = array('err_msg' => '', 'result' => '');
/* 增加是否关闭注册 */
if ($_CFG['shop_reg_closed']) {
$smarty->assign('action', 'register');
$smarty->assign('shop_reg_closed', $_CFG['shop_reg_closed']);
$smarty->display('user_passport.dwt');
} else {
include_once ROOT_PATH . 'includes/lib_passport.php';
$username = isset($_POST['username']) ? trim($_POST['username']) : '';
$password = isset($_POST['password']) ? trim($_POST['password']) : '';
$email = isset($_POST['email']) ? trim($_POST['email']) : '';
$other['msn'] = isset($_POST['extend_field1']) ? $_POST['extend_field1'] : '';
$other['qq'] = isset($_POST['extend_field2']) ? $_POST['extend_field2'] : '';
$other['office_phone'] = isset($_POST['extend_field3']) ? $_POST['extend_field3'] : '';
$other['home_phone'] = isset($_POST['extend_field4']) ? $_POST['extend_field4'] : '';
$other['mobile_phone'] = isset($_POST['extend_field5']) ? $_POST['extend_field5'] : '';
$sel_question = empty($_POST['sel_question']) ? '' : compile_str($_POST['sel_question']);
$passwd_answer = isset($_POST['passwd_answer']) ? compile_str(trim($_POST['passwd_answer'])) : '';
// 注册类型:email、mobile
$register_type = isset($_POST['register_type']) ? trim($_POST['register_type']) : '';
$back_act = isset($_POST['back_act']) ? trim($_POST['back_act']) : '';
if (empty($_POST['agreement'])) {
$res['err_msg'] = $_LANG['passport_js']['agreement'];
$res['err_no'] = 1;
die($json->encode($res));
}
if (strlen($username) < 3) {
$res['err_msg'] = $_LANG['passport_js']['username_shorter'];
$res['err_no'] = 1;
die($json->encode($res));
}
if (strlen($password) < 6) {
$res['err_msg'] = $_LANG['passport_js']['password_shorter'];
$res['err_no'] = 1;
die($json->encode($res));
}
if (strpos($password, ' ') > 0) {
$res['err_msg'] = $_LANG['passwd_balnk'];
$res['err_no'] = 1;
die($json->encode($res));
}
/* 验证码检查 */
if (intval($_CFG['captcha']) & CAPTCHA_REGISTER && gd_version() > 0) {
if (empty($_POST['captcha'])) {
$res['err_msg'] = $_LANG['invalid_captcha'];
$res['err_no'] = 1;
die($json->encode($res));
}
/* 检查验证码 */
include_once 'includes/cls_captcha.php';
$validator = new captcha();
if (!$validator->check_word($_POST['captcha'])) {
$res['err_msg'] = $_LANG['invalid_captcha'];
$res['err_no'] = 1;
die($json->encode($res));
}
}
if (register($username, $password, $email, $other) !== false) {
/*把新注册用户的扩展信息插入数据库*/
$sql = 'SELECT id FROM ' . $ecs->table('reg_fields') . ' WHERE type = 0 AND display = 1 ORDER BY dis_order, id';
//读出所有自定义扩展字段的id
$fields_arr = $db->getAll($sql);
$extend_field_str = '';
//生成扩展字段的内容字符串
foreach ($fields_arr as $val) {
$extend_field_index = 'extend_field' . $val['id'];
if (!empty($_POST[$extend_field_index])) {
$temp_field_content = strlen($_POST[$extend_field_index]) > 100 ? mb_substr($_POST[$extend_field_index], 0, 99) : $_POST[$extend_field_index];
$extend_field_str .= " ('" . $_SESSION['user_id'] . "', '" . $val['id'] . "', '" . compile_str($temp_field_content) . "'),";
}
}
$extend_field_str = substr($extend_field_str, 0, -1);
if ($extend_field_str) {
$sql = 'INSERT INTO ' . $ecs->table('reg_extend_info') . ' (`user_id`, `reg_field_id`, `content`) VALUES' . $extend_field_str;
$db->query($sql);
}
/* 写入密码提示问题和答案 */
if (!empty($passwd_answer) && !empty($sel_question)) {
$sql = 'UPDATE ' . $ecs->table('users') . " SET `passwd_question`='{$sel_question}', `passwd_answer`='{$passwd_answer}' WHERE `user_id`='" . $_SESSION['user_id'] . "'";
$db->query($sql);
}
/* 判断是否需要自动发送注册邮件 */
if ($GLOBALS['_CFG']['member_email_validate'] && $GLOBALS['_CFG']['send_verify_email']) {
send_regiter_hash($_SESSION['user_id']);
}
$ucdata = empty($user->ucdata) ? "" : $user->ucdata;
if (empty($back_act)) {
$back_act = 'index.php';
}
$res['err_no'] = 0;
$res['back_act'] = $back_act;
$res['err_msg'] = '';
die($json->encode($res));
} else {
$message['content'] = '';
foreach ($err->_message as $msg) {
$message['content'] .= '' . htmlspecialchars($msg) . "\n";
}
$res['err_msg'] = $message['content'];
$res['err_no'] = 1;
die($json->encode($res));
}
}
}
/**
* 找回密码第一步:验证用户名/邮箱/已验证手机号
*/
function action_check_username()
{
//获取全局变量
$_LANG = $GLOBALS['_LANG'];
$smarty = $GLOBALS['smarty'];
$db = $GLOBALS['db'];
$ecs = $GLOBALS['ecs'];
$username = empty($_POST['u_name']) ? '' : $_POST['u_name'];
$user_id = null;
if (empty($username)) {
show_message('请输入用户名/邮箱/已验证的手机号!', '返回', 'findPwd.php?act=index', 'info');
}
// 处理验证码
$captcha = intval($_CFG['captcha']);
if ($captcha & CAPTCHA_LOGIN && (!($captcha & CAPTCHA_LOGIN_FAIL) || $captcha & CAPTCHA_LOGIN_FAIL && $_SESSION['login_fail'] > 2) && gd_version() > 0) {
if (empty($_POST['captcha'])) {
show_message($_LANG['invalid_captcha'], $_LANG['relogin_lnk'], 'findPwd.php', 'error');
}
/* 检查验证码 */
include_once 'includes/cls_captcha.php';
$validator = new captcha();
$validator->session_word = 'captcha_login';
if (!$validator->check_word($_POST['captcha'])) {
show_message($_LANG['invalid_captcha'], $_LANG['relogin_lnk'], 'findPwd.php', 'error');
}
}
$username_exist = false;
$sql = "select user_id from " . $ecs->table('users') . " where user_name = '" . $username . "'";
$user_id = $db->getOne($sql);
if ($user_id) {
// 用户名存在
$username_exist = true;
}
// 判断是否诶邮箱
if (is_email($username) && !$username_exist) {
$sql = "select user_id from " . $ecs->table('users') . " where email='" . $username . "' ";
$user_id = $db->getOne($sql);
if ($user_id) {
// 用户名存在
$username_exist = true;
}
}
// 判断是否为手机号
if (is_mobile_phone($username) && !$username_exist) {
$sql = "select user_id from " . $ecs->table('users') . " where mobile_phone='" . $username . "'";
$rows = $db->query($sql);
$index = 0;
while ($row = $db->fetchRow($rows)) {
$user_id = $row['user_id'];
$index = $index + 1;
}
if ($index > 1) {
show_message('本网站有多个会员ID绑定了和您相同的手机号,请使用其他登录方式,如:邮箱或用户名。', $_LANG['relogin_lnk'], 'findPwd.php', 'error');
} else {
if ($index == 1) {
if ($user_id) {
// 用户名存在
$username_exist = true;
}
}
}
}
// 检查用户名是否存在
if (!$username_exist) {
show_message('您输入的账户名不存在,请核对后重新输入。', $_LANG['relogin_lnk'], 'findPwd.php', 'error');
}
// 获取用户信息,判断用户是否验证了手机、邮箱
$sql = "select user_id, user_name, email, mobile_phone from " . $ecs->table('users') . " where user_id = '" . $user_id . "'";
$row = $db->getRow($sql);
if ($row == false) {
show_message('您输入的账户名不存在,请核对后重新输入。', $_LANG['relogin_lnk'], 'findPwd.php', 'error');
}
$validate_types = array();
if (isset($row['mobile_phone']) && !empty($row['mobile_phone'])) {
// 处理手机号,不让前台显示
$mobile_phone = $row['mobile_phone'];
$mobile_phone = substr($mobile_phone, 0, 3) . '*****' . substr($mobile_phone, -3);
$validate_types[] = array('type' => 'mobile_phone', 'name' => '已验证的手机号码', 'value' => $mobile_phone);
}
if (isset($row['email']) && !empty($row['email'])) {
$email = $row['email'];
// 处理手机号,不让前台显示
$email_head = substr($email, 0, strpos($email, '@'));
$email_domain = substr($email, strpos($email, '@'));
if (strlen($email_head) == 1) {
$email = substr($email_head, 0, 1) . '*****' . $email_domain;
} else {
if (strlen($email_head) <= 4) {
$email = substr($email_head, 0, 1) . '*****' . substr($email_head, -1) . $email_domain;
} else {
if (strlen($email_head) <= 7) {
$email = substr($email_head, 0, 2) . '*****' . substr($email_head, -2) . $email_domain;
} else {
$email = substr($email_head, 0, 3) . '*****' . substr($email_head, -3) . $email_domain;
}
}
}
$validate_types[] = array('type' => 'email', 'name' => '邮箱', 'value' => $email);
}
$_SESSION['find_password'] = array('user_id' => $row['user_id'], 'user_name' => $row['user_name'], 'email' => $row['email'], 'mobile_phone' => $row['mobile_phone']);
//用于validate.php获取数据
$_SESSION[VT_MOBILE_VALIDATE] = $row['mobile_phone'];
$_SESSION[VT_EMAIL_VALIDATE] = $row['email'];
$smarty->assign("validate_types", $validate_types);
$smarty->assign("action", "step_2");
$smarty->display('user_findPwd.dwt');
}
/**
* 验证手机
*/
function action_do_mobile_validate()
{
// 获取全局变量
$_LANG = $GLOBALS['_LANG'];
$smarty = $GLOBALS['smarty'];
$db = $GLOBALS['db'];
$ecs = $GLOBALS['ecs'];
// // 检查是否通过安全验证
// if($_SESSION['security_validate'] != true)
// {
// exit(json_encode(array('error' => 1, 'content' => '非法操作', 'url' => '')));
// }
/* 开启验证码检查 */
if (intval($_CFG['captcha']) & CAPTCHA_REGISTER && gd_version() > 0 || TRUE) {
if (empty($_POST['captcha'])) {
exit(json_encode(array('error' => 1, 'content' => $_LANG['invalid_captcha'], 'url' => '')));
}
/* 检查验证码 */
include_once 'includes/cls_captcha.php';
$captcha = new captcha();
if (!$captcha->check_word(trim($_POST['captcha']))) {
exit(json_encode(array('error' => 1, 'content' => $_LANG['invalid_captcha'], 'url' => '')));
}
}
require_once ROOT_PATH . 'includes/lib_passport.php';
$mobile_phone = $_SESSION[VT_MOBILE_VALIDATE];
$mobile_code = !empty($_POST['mobile_code']) ? trim($_POST['mobile_code']) : '';
$result = validate_mobile_code($mobile_phone, $mobile_code);
if ($result == 1) {
exit(json_encode(array('error' => 1, 'content' => $_LANG['msg_mobile_phone_blank'], 'url' => '')));
} else {
if ($result == 2) {
exit(json_encode(array('error' => 1, 'content' => $_LANG['msg_mobile_phone_format'], 'url' => '')));
} else {
if ($result == 3) {
exit(json_encode(array('error' => 1, 'content' => $_LANG['msg_mobile_phone_code_blank'], 'url' => '')));
} else {
if ($result == 4) {
exit(json_encode(array('error' => 1, 'content' => $_LANG['invalid_mobile_phone_code'], 'url' => '')));
} else {
if ($result == 5) {
exit(json_encode(array('error' => 1, 'content' => $_LANG['invalid_mobile_phone_code'], 'url' => '')));
}
}
}
}
}
$user_name = $_SESSION['user_name'];
$result = $GLOBALS['user']->edit_user(array('username' => $user_name, 'mobile_phone' => $mobile_phone, 'mobile_validated' => 1));
if ($result == false) {
exit(json_encode(array('error' => 1, 'content' => '手机号码验证失败,请重新尝试', 'url' => '')));
} else {
// 验证完成
$_SESSION['security_validate'] = false;
exit(json_encode(array('error' => 0, 'content' => '', 'url' => '')));
}
}
/**
* 注册会员的处理
*/
function action_register()
{
// 获取全局变量
$_CFG = $GLOBALS['_CFG'];
$_LANG = $GLOBALS['_LANG'];
$smarty = $GLOBALS['smarty'];
$db = $GLOBALS['db'];
$ecs = $GLOBALS['ecs'];
/* 增加是否关闭注册 */
if ($_CFG['shop_reg_closed']) {
$smarty->assign('action', 'register');
$smarty->assign('shop_reg_closed', $_CFG['shop_reg_closed']);
$smarty->display('user_passport.dwt');
} else {
include_once ROOT_PATH . 'includes/lib_passport.php';
$username = isset($_POST['username']) ? trim($_POST['username']) : '';
$password = isset($_POST['password']) ? trim($_POST['password']) : '';
$email = isset($_POST['email']) ? trim($_POST['email']) : '';
$other['msn'] = isset($_POST['extend_field1']) ? $_POST['extend_field1'] : '';
$other['qq'] = isset($_POST['extend_field2']) ? $_POST['extend_field2'] : '';
$other['office_phone'] = isset($_POST['extend_field3']) ? $_POST['extend_field3'] : '';
$other['home_phone'] = isset($_POST['extend_field4']) ? $_POST['extend_field4'] : '';
//$other['mobile_phone'] = isset($_POST['extend_field5']) ? $_POST['extend_field5'] : '';
$sel_question = empty($_POST['sel_question']) ? '' : compile_str($_POST['sel_question']);
$passwd_answer = isset($_POST['passwd_answer']) ? compile_str(trim($_POST['passwd_answer'])) : '';
// 注册类型:email、mobile
$register_type = isset($_POST['register_type']) ? trim($_POST['register_type']) : '';
$back_act = isset($_POST['back_act']) ? trim($_POST['back_act']) : '';
// if(empty($_POST['agreement']))
// {
// show_message($_LANG['passport_js']['agreement']);
// }
// 注册类型不能为空
if (empty($register_type)) {
show_message($_LANG['passport_js']['msg_register_type_blank']);
}
// 用户名将自动生成
if (strlen($username) < 3) {
// show_message($_LANG['passport_js']['username_shorter']);
}
if (strlen($password) < 6) {
show_message($_LANG['passport_js']['password_shorter']);
}
if (strpos($password, ' ') > 0) {
show_message($_LANG['passwd_balnk']);
}
/* 验证码检查 */
if (intval($_CFG['captcha']) & CAPTCHA_REGISTER && gd_version() > 0) {
if (empty($_POST['captcha'])) {
show_message($_LANG['invalid_captcha'], $_LANG['sign_up'], 'register.php', 'error');
}
/* 检查验证码 */
include_once 'includes/cls_captcha.php';
$captcha = new captcha();
if (!$captcha->check_word(trim($_POST['captcha']))) {
show_message($_LANG['invalid_captcha'], $_LANG['sign_up'], 'register.php', 'error');
}
}
if ($register_type == "email") {
/* 邮箱验证码检查 */
require_once ROOT_PATH . 'includes/lib_validate_record.php';
if (empty($email)) {
show_message($_LANG['msg_email_blank'], $_LANG['sign_up'], 'register.php', 'error');
}
$record = get_validate_record($email);
$session_email = $_SESSION[VT_EMAIL_REGISTER];
$email_code = !empty($_POST['email_code']) ? trim($_POST['email_code']) : '';
if (empty($email_code)) {
show_message($_LANG['msg_email_code_blank'], $_LANG['sign_up'], 'register.php', 'error');
} else {
if ($session_email != $email) {
show_message($_LANG['email_changed'], $_LANG['sign_up'], 'register.php', 'error');
} else {
if ($email_code != $record['record_code']) {
show_message($_LANG['invalid_email_code'], $_LANG['sign_up'], 'register.php', 'error');
}
}
}
/* 邮箱注册时 */
$username = generate_username();
/* 邮箱注册 */
$result = register_by_email($username, $password, $email, $other);
if ($result) {
/* 删除注册的验证记录 */
remove_validate_record($email);
}
} else {
if ($register_type == "mobile") {
require_once ROOT_PATH . 'includes/lib_validate_record.php';
$mobile_phone = !empty($_POST['mobile_phone']) ? trim($_POST['mobile_phone']) : '';
$mobile_code = !empty($_POST['mobile_code']) ? trim($_POST['mobile_code']) : '';
$record = get_validate_record($mobile_phone);
$session_mobile_phone = $_SESSION[VT_MOBILE_REGISTER];
/* 手机验证码检查 */
if (empty($mobile_code)) {
show_message($_LANG['msg_mobile_phone_blank'], $_LANG['sign_up'], 'register.php', 'error');
} else {
if ($session_mobile_phone != $mobile_phone) {
show_message($_LANG['mobile_phone_changed'], $_LANG['sign_up'], 'register.php', 'error');
} else {
if ($record['record_code'] != $mobile_code) {
show_message($_LANG['invalid_mobile_phone_code'], $_LANG['sign_up'], 'register.php', 'error');
} else {
if ($record['expired_time'] < time()) {
show_message($_LANG['invalid_mobile_phone_code'], $_LANG['sign_up'], 'register.php', 'error');
}
}
}
}
/* 手机注册时,用户名默认为u+手机号 */
$username = generate_username_by_mobile($mobile_phone);
/* 手机注册 */
$result = register_by_mobile($username, $password, $mobile_phone, $other);
if ($result) {
/* 删除注册的验证记录 */
remove_validate_record($mobile_phone);
}
} else {
/* 无效的注册类型 */
show_message($_LANG['register_type_invalid'], $_LANG['sign_up'], 'register.php', 'error');
}
}
/* 随进生成用户名 */
// $username = generate_username();
if ($result) {
/* 把新注册用户的扩展信息插入数据库 */
$sql = 'SELECT id FROM ' . $ecs->table('reg_fields') . ' WHERE type = 0 AND display = 1 ORDER BY dis_order, id';
// 读出所有自定义扩展字段的id
$fields_arr = $db->getAll($sql);
$extend_field_str = '';
// 生成扩展字段的内容字符串
foreach ($fields_arr as $val) {
$extend_field_index = 'extend_field' . $val['id'];
if (!empty($_POST[$extend_field_index])) {
$temp_field_content = strlen($_POST[$extend_field_index]) > 100 ? mb_substr($_POST[$extend_field_index], 0, 99) : $_POST[$extend_field_index];
$extend_field_str .= " ('" . $_SESSION['user_id'] . "', '" . $val['id'] . "', '" . compile_str($temp_field_content) . "'),";
}
}
$extend_field_str = substr($extend_field_str, 0, -1);
if ($extend_field_str) {
$sql = 'INSERT INTO ' . $ecs->table('reg_extend_info') . ' (`user_id`, `reg_field_id`, `content`) VALUES' . $extend_field_str;
$db->query($sql);
}
/* 代码增加2014-12-23 by www.68ecshop.com _star */
// if($_SESSION['tag'] > 0)
// {
// $sql = "update " . $GLOBALS['ecs']->table('users') . " set
// is_validated = 1 where user_id = '" . $_SESSION['user_id'] . "'";
// $GLOBALS['db']->query($sql);
// }
// if($other['mobile_phone'] != '')
// {
// if($_CFG['sms_register'] == 1)
// {
// $sql = "update " . $GLOBALS['ecs']->table('users') . " set
// validated = 1 where user_id = '" . $_SESSION['user_id'] . "'";
// $GLOBALS['db']->query($sql);
// }
// }
/* 代码增加2014-12-23 by www.68ecshop.com _end */
/*
* 代码增加_start By www.68ecshop.com
* include_once(ROOT_PATH . '/includes/cls_image.php');
* $image = new cls_image($_CFG['bgcolor']);
* $headimg_original =
* $GLOBALS['image']->upload_image($_FILES['headimg'], 'headimg/'.
* date('Ym'));
*
* $thumb_path=DATA_DIR. '/headimg/' . date('Ym').'/' ;
* $headimg_thumb = $GLOBALS['image']->make_thumb($headimg_original,
* '80', '50', $thumb_path);
* $headimg_thumb = $headimg_thumb ? $headimg_thumb :
* $headimg_original;
* if ($headimg_thumb)
* {
* $sql = 'UPDATE ' . $ecs->table('users') . " SET
* `headimg`='$headimg_thumb' WHERE `user_id`='" .
* $_SESSION['user_id'] . "'";
* $db->query($sql);
* }
* 代码增加_end By www.68ecshop.com
*/
/* 写入密码提示问题和答案 */
if (!empty($passwd_answer) && !empty($sel_question)) {
$sql = 'UPDATE ' . $ecs->table('users') . " SET `passwd_question`='{$sel_question}', `passwd_answer`='{$passwd_answer}' WHERE `user_id`='" . $_SESSION['user_id'] . "'";
$db->query($sql);
}
/* 代码增加_start By www.68ecshop.com */
$now = gmtime();
if ($_CFG['bonus_reg_rand']) {
$sql_bonus_ext = " order by rand() limit 0,1";
}
$sql_b = "SELECT type_id FROM " . $ecs->table("bonus_type") . " WHERE send_type='" . SEND_BY_REGISTER . "' AND send_start_date<=" . $now . " AND send_end_date>=" . $now . $sql_bonus_ext;
$res_bonus = $db->query($sql_b);
$kkk_bonus = 0;
while ($row_bonus = $db->fetchRow($res_bonus)) {
$sql = "INSERT INTO " . $ecs->table('user_bonus') . "(bonus_type_id, bonus_sn, user_id, used_time, order_id, emailed)" . " VALUES('" . $row_bonus['type_id'] . "', 0, '" . $_SESSION['user_id'] . "', 0, 0, 0)";
$db->query($sql);
$kkk_bonus = $kkk_bonus + 1;
}
if ($kkk_bonus) {
$_LANG['register_success'] = '用户名 %s 注册成功,并获得官方赠送的红包礼品';
}
/* 代码增加_end By www.68ecshop.com */
/* 判断是否需要自动发送注册邮件 */
if ($GLOBALS['_CFG']['member_email_validate'] && $GLOBALS['_CFG']['send_verify_email']) {
send_regiter_hash($_SESSION['user_id']);
}
$ucdata = empty($user->ucdata) ? "" : $user->ucdata;
show_message(sprintf($_LANG['register_success'], $username . $ucdata), array($_LANG['back_up_page'], $_LANG['profile_lnk']), array($back_act, 'user.php'), 'info');
} else {
$GLOBALS['err']->show($_LANG['sign_up'], 'register.php');
}
}
/* 代码增加2014-12-23 by www.68ecshop.com _star */
}
function action_act_forget_surplus_password()
{
$user = $GLOBALS['user'];
$_CFG = $GLOBALS['_CFG'];
$_LANG = $GLOBALS['_LANG'];
$smarty = $GLOBALS['smarty'];
$db = $GLOBALS['db'];
$ecs = $GLOBALS['ecs'];
$user_id = $GLOBALS['user_id'];
if (empty($_POST['verify_method'])) {
show_message('未知错误!', '返回', 'user.php?act=forget_surplus_password', 'error');
} else {
$verify_method = $_REQUEST['verify_method'];
if ($verify_method == 'phone') {
if (empty($_REQUEST['v_code'])) {
show_message('请输入手机验证码!', '返回', 'user.php?act=forget_surplus_password', 'error');
}
if (empty($_REQUEST['v_phone'])) {
show_message('请输入手机号!', '返回', 'user.php?act=forget_surplus_password', 'error');
}
$v_code = $_REQUEST['v_code'];
$v_phone = $_REQUEST['v_phone'];
$sql = 'SELECT COUNT(*) FROM ' . $GLOBALS['ecs']->table('verifycode') . ' WHERE `mobile` = \'' . $v_phone . '\' AND `verifycode` = \'' . $v_code . '\' AND `status` = 1' . ' AND dateline + 86400 > \'' . gmtime() . '\'';
if ($GLOBALS['db']->getOne($sql) == 0) {
show_message('手机号和验证码不匹配,请重新输入!');
} else {
$smarty->assign('verify_method', 'phone');
$smarty->assign('v_code', $v_code);
$smarty->assign('action', 'reset_surplus_password');
$smarty->assign('validated', 1);
$smarty->display('user_transaction.dwt');
}
} elseif ($verify_method == 'email') {
if (empty($_REQUEST['v_captcha'])) {
show_message('请输入验证码!', '返回', 'user.php?act=forget_surplus_password', 'error');
}
if (empty($_REQUEST['v_email'])) {
show_message('请输入邮箱!', '返回', 'user.php?act=forget_surplus_password', 'error');
}
$v_captcha = trim($_REQUEST['v_captcha']);
$v_email = trim($_REQUEST['v_email']);
include_once 'includes/cls_captcha.php';
$validator = new captcha();
$validator->session_word = 'captcha_login';
if (!$validator->check_word($v_captcha)) {
show_message($_LANG['invalid_captcha'], $_LANG['back_up_page'], 'user.php?act=forget_surplus_password', 'error');
} else {
$sql = 'SELECT `user_name`,`email` ' . ' FROM ' . $GLOBALS['ecs']->table('users') . ' WHERE `user_id` = \'' . $user_id . '\'';
$row = $GLOBALS['db']->getRow($sql);
if ($row['email'] != $v_email) {
show_message('邮箱输入错误!', '返回', 'user.php?act=forget_surplus_password', 'error');
}
$template = get_mail_template('reset_surplus_password');
$scope = '02456789abdefghjknoqrstwyz13u';
$hash = mc_random(16, $scope);
$reset_link = $GLOBALS['ecs']->url() . 'user.php?act=verify_reset_surplus_email' . '&hash=' . $hash;
$user_name = $row['user_name'];
$smarty->assign('user_name', $user_name);
$smarty->assign('reset_link', $reset_link);
$smarty->assign('shop_name', $_CFG['shop_name']);
$smarty->assign('send_date', date($_CFG['time_format']));
$content = $smarty->fetch('str:' . $template['template_content']);
$result = send_mail($_CFG['shop_name'], $v_email, $template['template_subject'], $content, $template['is_html']);
if ($result == true) {
$add_time = gmtime();
$sql = 'INSERT INTO ' . $GLOBALS['ecs']->table('email') . '(`email`,`hash`,`add_time`,`user_id`)' . 'VALUES(\'' . $v_email . '\',\'' . $hash . '\',\'' . $add_time . '\',\'' . $user_id . '\')';
$GLOBALS['db']->query($sql);
if ($GLOBALS['db']->affected_rows() == 1) {
show_message('已发送邮件,请前往邮箱点击链接完成密码重置!', '返回', 'user.php?act=account_security', 'success');
} else {
show_message('发送邮件失败!');
}
} else {
show_message('发送邮件失败!');
}
}
} else {
show_message('未知错误!', '返回', 'user.php?act=forget_surplus_password', 'error');
}
}
}
$shipping_info = shipping_area_info($shipping_id, $region);
$shipping_fee = shipping_fee($shipping_info['shipping_code'], $shipping_info['configure'], $goods_weight, '0', '0');
$result['content'] = $shipping_fee;
die($json->encode($result));
}
/* ajax获取运单状态 */
if ($action == 'get_OrderStatus') {
require ROOT_PATH . 'includes/cls_json.php';
require ROOT_PATH . 'includes/cls_captcha.php';
$json = new JSON();
$result = array('error' => 0, 'message' => '', 'content' => '');
$_POST['order'] = strip_tags(urldecode($_POST['order']));
$_POST['order'] = json_str_iconv($_POST['order']);
$order = $json->decode($_POST['order']);
$validator = new captcha();
if (!$validator->check_word($order->captcha)) {
$result['content'] = '验证码不正确!';
die($json->encode($result));
}
$sql = "select order_id from " . $ecs->table('kuaidi_order') . " where order_sn='" . $order->order_sn . "' ";
$order_id = $db->getOne($sql);
if (!$order_id) {
$result['content'] = '抱歉,没有您要的运单号哦!';
} else {
$sql = "select * from " . $ecs->table('kuaidi_order_status') . " where order_id='{$order_id}' order by status_id";
$res_status = $db->query($sql);
$have_shipping_info = 0;
$shipping_info = "";
while ($row_status = $db->fetchRow($res_status)) {
if ($row_status['status_display'] == 1) {
switch ($row_status['status_id']) {
function chechCaptcha()
{
if (empty($_POST['captche'])) {
return false;
}
include_once 'includes/cls_captcha.php';
$validator = new captcha();
$validator->session_word = 'captcha_word';
if (!$validator->check_word($_POST['captche'])) {
return false;
}
return true;
}
/**
* 处理会员登录
*/
function action_act_login()
{
$user_id = $_SESSION['user_id'];
$smarty = get_smarty();
$ecs = get_ecs();
$db = get_database();
/* 处理会员的登录 */
$username = isset($_POST['username']) ? trim($_POST['username']) : '';
$password = isset($_POST['password']) ? trim($_POST['password']) : '';
$back_act = isset($_POST['back_act']) ? trim($_POST['back_act']) : '';
$captcha = intval($_CFG['captcha']);
if ($captcha & CAPTCHA_LOGIN && (!($captcha & CAPTCHA_LOGIN_FAIL) || $captcha & CAPTCHA_LOGIN_FAIL && $_SESSION['login_fail'] > 2) && gd_version() > 0) {
if (empty($_POST['captcha'])) {
$smarty->assign('lang', $_LANG);
$smarty->assign('action', 'login');
$smarty->assign('error', $_LANG['invalid_captcha']);
$smarty->display('chat_passport.dwt');
return;
}
/* 检查验证码 */
include_once 'includes/cls_captcha.php';
$validator = new captcha();
$validator->session_word = 'captcha_login';
if (!$validator->check_word($_POST['captcha'])) {
$smarty->assign('lang', $_LANG);
$smarty->assign('action', 'login');
$smarty->assign('error', $_LANG['invalid_captcha']);
$smarty->display('chat_passport.dwt');
return;
}
}
if (is_email($username)) {
$sql = "select user_name from " . $ecs->table('users') . " where email='" . $username . "'";
$username_e = $db->getOne($sql);
if ($username_e) {
$username = $username_e;
}
}
if (is_telephone($username)) {
$sql = "select user_name from " . $ecs->table('users') . " where mobile_phone='" . $username . "'";
$username_res = $db->query($sql);
$kkk = 0;
while ($username_row = $db->fetchRow($username_res)) {
$username_e = $username_row['user_name'];
$kkk = $kkk + 1;
}
if ($kkk > 1) {
$smarty->assign('lang', $_LANG);
$smarty->assign('action', 'login');
$smarty->assign('error', '本网站有多个会员ID绑定了和您相同的手机号,请使用其他登录方式,如:邮箱或用户名。');
$smarty->display('chat_passport.dwt');
return;
}
if ($username_e) {
$username = $username_e;
}
}
if ($GLOBALS['user']->login($username, $password, isset($_POST['remember']))) {
update_user_info();
recalculate_price();
// 登录成功
$ucdata = isset($user->ucdata) ? $user->ucdata : '';
// show_message($_LANG['login_success'] . $ucdata ,
// array($_LANG['back_up_page'], $_LANG['profile_lnk']),
// array($back_act,'user.php'), 'info');
// 刷新user_id
$user_id = $_SESSION['user_id'];
header('Location: chat.php?act=chat');
} else {
$_SESSION['login_fail']++;
$smarty->assign('lang', $_LANG);
$smarty->assign('action', 'login');
$smarty->assign('error', $_LANG['login_failure']);
$smarty->display('chat_passport.dwt');
return;
}
}
function action_signin()
{
// 全局变量
// $user = $GLOBALS['user'];
$_CFG = $GLOBALS['_CFG'];
$_LANG = $GLOBALS['_LANG'];
$smarty = $GLOBALS['smarty'];
$db = $GLOBALS['db'];
$ecs = $GLOBALS['ecs'];
if (!empty($_SESSION['captcha_word']) && intval($_CFG['captcha']) & CAPTCHA_ADMIN) {
include_once ROOT_PATH . 'includes/cls_captcha.php';
/* 检查验证码是否正确 */
$validator = new captcha();
if (!empty($_POST['captcha']) && !$validator->check_word($_POST['captcha'])) {
sys_msg($_LANG['captcha_error'], 1);
}
}
$_POST['username'] = isset($_POST['username']) ? trim($_POST['username']) : '';
$_POST['password'] = isset($_POST['password']) ? trim($_POST['password']) : '';
$user_name = $_POST['username'];
if (is_email($user_name)) {
$sql = "select user_name from " . $ecs->table('supplier_admin_user') . " where email='" . $user_name . "'";
$username_email = $db->getOne($sql);
if ($username_email) {
$user_name = $username_email;
}
} else {
if (is_mobile_phone($user_name)) {
$sql = "select user_name from " . $ecs->table('supplier_admin_user') . " where mobile_phone='" . $user_name . "'";
$rows = $db->query($sql);
$i = 0;
while ($row = $db->fetchRow($rows)) {
$username_mobile = $row['user_name'];
$i = $i + 1;
}
if ($i > 1) {
show_message('本网站有多个会员ID绑定了和您相同的手机号,请使用其他登录方式,如:邮箱或用户名。', $_LANG['relogin_lnk'], 'user.php', 'error');
}
if (isset($username_mobile)) {
$user_name = $username_mobile;
}
}
}
$sql = "SELECT `ec_salt` FROM " . $ecs->table('supplier_admin_user') . " WHERE user_name = '" . $user_name . "'";
$ec_salt = $db->getOne($sql);
if (!empty($ec_salt)) {
/* 检查密码是否正确 */
$sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,supplier_id,ec_salt" . " FROM " . $ecs->table('supplier_admin_user') . " WHERE user_name = '" . $user_name . "' AND password = '******'password']) . $ec_salt) . "' AND checked=1";
} else {
/* 检查密码是否正确 */
$sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,supplier_id,ec_salt" . " FROM " . $ecs->table('supplier_admin_user') . " WHERE user_name = '" . $user_name . "' AND password = '******'password']) . "' AND checked=1";
}
$row = $db->getRow($sql);
if ($row) {
// 登录成功
// set_admin_session($row['user_id'], $row['user_name'],
// $row['action_list'], $row['last_login']);
$_SESSION['supplier_id'] = $row['supplier_id'];
// 店铺的id
$_SESSION['supplier_user_id'] = $row['user_id'];
// 管理员id
$_SESSION['supplier_name'] = $row['user_name'];
// 管理员名称
$_SESSION['supplier_action_list'] = $row['action_list'];
// 管理员权限
$_SESSION['supplier_last_check'] = $row['last_login'];
// 用于保存最后一次检查订单的时间
$new_possword = $row['password'];
if (empty($row['ec_salt'])) {
$ec_salt = rand(1, 9999);
$new_possword = md5(md5($_POST['password']) . $ec_salt);
$db->query("UPDATE " . $ecs->table('supplier_admin_user') . " SET ec_salt='" . $ec_salt . "', password='******'" . " WHERE user_id='{$_SESSION['admin_id']}'");
}
if ($row['action_list'] == 'all') {
$_SESSION['supplier_admin_id'] = $row['user_id'];
// 超级管理员的标识管理员id
$_SESSION['supplier_shop_guide'] = true;
// 超级管理员标识
}
// 更新最后登录时间和IP
$db->query("UPDATE " . $ecs->table('supplier_admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['supplier_user_id']}'");
if (isset($_POST['remember'])) {
$time = gmtime() + 3600 * 24 * 365;
setcookie('ECSCP[supplier_id]', $row['supplier_id'], $time);
setcookie('ECSCP[supplier_user_id]', $row['user_id'], $time);
setcookie('ECSCP[supplier_pass]', md5($new_possword . $_CFG['hash_code']), $time);
}
// 清除购物车中过期的数据
clear_cart();
ecs_header("Location: ./index.php\n");
exit;
} else {
sys_msg($_LANG['login_faild'], 1);
}
/*
*
* $sql="SELECT `ec_salt` FROM ". $ecs->table('users') ."WHERE user_name =
* '" . $_POST['username']."'";
* $ec_salt =$db->getOne($sql);
* if(!empty($ec_salt))
* {
* // 检查密码是否正确
* $sql = "SELECT user_id, user_name, password, last_login, ec_salt".
* " FROM " . $ecs->table('users') .
* " WHERE user_name = '" . $_POST['username']. "' AND password = '******'password']).$ec_salt) . "'";
* }
* else
* {
* // 检查密码是否正确
* $sql = "SELECT user_id, user_name, password, last_login, ec_salt".
* " FROM " . $ecs->table('users') .
* " WHERE user_name = '" . $_POST['username']. "' AND password = '******'password']) . "'";
* }
* $row = $db->getRow($sql);
* if ($row)
* {
* // 检查是否为供货商的管理员
* if (!empty($row['user_id']))
* {
* $supplier_id = $db->getOne( "select supplier_id from ".
* $ecs->table("supplier") ." where status='1' and user_id=" .
* $row['user_id']);
* if (empty($supplier_id))
* {
* sys_msg("对不起,无效的供货商用户!", 1);
* }
* }
*
* // 登录成功
* $_SESSION['supplier_id'] = $supplier_id;
* $_SESSION['supplier_user_id'] = $row['user_id'];
* $_SESSION['supplier_name'] = $row['user_name'];
*
*
* if (isset($_POST['remember']))
* {
* $time = gmtime() + 3600 * 24 * 365;
* setcookie('ECSCP[supplier_id]', $supplier_id, $time);
* setcookie('ECSCP[supplier_user_id]', $row['user_id'], $time);
* setcookie('ECSCP[supplier_pass]', md5($row['password'] .
* $_CFG['hash_code']), $time);
* }
*
* // 清除购物车中过期的数据
* clear_cart();
*
* ecs_header("Location: ./index.php\n");
*
* exit;
* }
* else
* {
* sys_msg($_LANG['login_faild'], 1);
* }
*/
}
