$username = !empty($_POST['username']) ? json_str_iconv(trim($_POST['username'])) : ''; $password = !empty($_POST['password']) ? trim($_POST['password']) : ''; $captcha = !empty($_POST['captcha']) ? json_str_iconv(trim($_POST['captcha'])) : ''; $result = array('error' => 0, 'content' => ''); $captcha = intval($_CFG['captcha']); if ($captcha & CAPTCHA_LOGIN && (!($captcha & CAPTCHA_LOGIN_FAIL) || $captcha & CAPTCHA_LOGIN_FAIL && $_SESSION['login_fail'] > 2) && gd_version() > 0) { if (empty($captcha)) { $result['error'] = 1; $result['content'] = $_LANG['invalid_captcha']; die($json->encode($result)); } /* 检查验证码 */ include_once 'includes/cls_captcha.php'; $validator = new captcha(); $validator->session_word = 'captcha_login'; if (!$validator->check_word($_POST['captcha'])) { $result['error'] = 1; $result['content'] = $_LANG['invalid_captcha']; die($json->encode($result)); } } if ($user->login($username, $password)) { update_user_info(); //更新用户信息 recalculate_price(); // 重新计算购物车中的商品价格 $smarty->assign('user_info', get_user_info()); $ucdata = empty($user->ucdata) ? "" : $user->ucdata; $result['ucdata'] = $ucdata; $result['content'] = $smarty->fetch('library/member_info.lbi'); } else {
$cmt = $json->decode($_REQUEST['cmt']); $cmt->page = 1; $cmt->id = !empty($cmt->id) ? intval($cmt->id) : 0; $cmt->type = !empty($cmt->type) ? intval($cmt->type) : 0; if (empty($cmt) || !isset($cmt->type) || !isset($cmt->id)) { $result['error'] = 1; $result['message'] = $_LANG['invalid_comments']; } elseif (!is_email($cmt->email)) { $result['error'] = 1; $result['message'] = $_LANG['error_email']; } else { if (intval($_CFG['captcha']) & CAPTCHA_COMMENT && gd_version() > 0) { /* 检查验证码 */ include_once 'includes/cls_captcha.php'; $validator = new captcha(); if (!$validator->check_word($cmt->captcha)) { $result['error'] = 1; $result['message'] = $_LANG['invalid_captcha']; } else { $factor = intval($_CFG['comment_factor']); if ($cmt->type == 0 && $factor > 0) { /* 只有商品才检查评论条件 */ switch ($factor) { case COMMENT_LOGIN: if ($_SESSION['user_id'] == 0) { $result['error'] = 1; $result['message'] = $_LANG['comment_login']; } break; case COMMENT_CUSTOM: if ($_SESSION['user_id'] > 0) {
function action_check_answer() { // 获取全局变量 $user = $GLOBALS['user']; $_CFG = $GLOBALS['_CFG']; $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; $user_id = $_SESSION['user_id']; $captcha = intval($_CFG['captcha']); if ($captcha & CAPTCHA_LOGIN && (!($captcha & CAPTCHA_LOGIN_FAIL) || $captcha & CAPTCHA_LOGIN_FAIL && $_SESSION['login_fail'] > 2) && gd_version() > 0) { if (empty($_POST['captcha'])) { show_message($_LANG['invalid_captcha'], $_LANG['back_retry_answer'], 'user.php?act=qpassword_name', 'error'); } /* 检查验证码 */ include_once 'includes/cls_captcha.php'; $validator = new captcha(); $validator->session_word = 'captcha_login'; if (!$validator->check_word($_POST['captcha'])) { show_message($_LANG['invalid_captcha'], $_LANG['back_retry_answer'], 'user.php?act=qpassword_name', 'error'); } } if (empty($_POST['passwd_answer']) || $_POST['passwd_answer'] != $_SESSION['passwd_answer']) { show_message($_LANG['wrong_passwd_answer'], $_LANG['back_retry_answer'], 'user.php?act=qpassword_name', 'info'); } else { $_SESSION['user_id'] = $_SESSION['temp_user']; $_SESSION['user_name'] = $_SESSION['temp_user_name']; unset($_SESSION['temp_user']); unset($_SESSION['temp_user_name']); $smarty->assign('uid', $_SESSION['user_id']); $smarty->assign('action', 'reset_password'); $smarty->display('user_passport.dwt'); } }
echo MES_Order::save_consignee($data); } else { if ($action == 'checkout') { $current_ip = GET_IP(); $_key = 'checkout_times_' . $current_ip; $checkout_times = 0; if ($REDIS_CLIENT->exists($_key)) { $checkout_times = intval($REDIS_CLIENT->get($_key)); } //大于三次的提交 才验证 if ($checkout_times > 3) { error_reporting(0); $vaild_code = ANTI_SPAM($_POST['vaild_code']); include_once 'includes/cls_captcha.php'; $validator = new captcha(); if (!$validator->check_word($vaild_code)) { echo json_encode(array('code' => RES_CAPTACH_INVAILD, 'msg' => 'vaild error')); exit; } } //checkout and cal total price $card_message = $_POST['card_message']; if (!$card_message) { $card_message = ''; } else { //$card_message = explode("|",$card_message); } $card_message_arr = explode("|", $card_message); for ($i = 0; $i < count($card_message_arr); $i++) { //var_dump(iconv_strlen($card_message,'utf-8')); ANTI_SPAM($card_message_arr[$i], array('minLength' => 0, 'maxLength' => 10));
/*------------------------------------------------------ */ if ($_REQUEST['act'] == 'login') { header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); if (intval($_CFG['captcha']) & CAPTCHA_ADMIN && gd_version() > 0) { $smarty->assign('gd_version', gd_version()); $smarty->assign('random', mt_rand()); } $smarty->display('login.htm'); } elseif ($_REQUEST['act'] == 'signin') { if (!empty($_SESSION['captcha_word']) && intval($_CFG['captcha']) & CAPTCHA_ADMIN) { include_once ROOT_PATH . 'includes/cls_captcha.php'; /* 检查验证码是否正确 */ $validator = new captcha(); if (!empty($_POST['captcha']) && !$validator->check_word($_POST['captcha'])) { sys_msg($_LANG['captcha_error'], 1); } } $_POST['username'] = isset($_POST['username']) ? trim($_POST['username']) : ''; $_POST['password'] = isset($_POST['password']) ? trim($_POST['password']) : ''; /* 检查密码是否正确 */ $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login, suppliers_id" . " FROM " . $ecs->table('admin_user') . " WHERE user_name = '" . $_POST['username'] . "' AND password = '******'password']) . "'"; $row = $db->getRow($sql); if ($row) { // 检查是否为供货商的管理员 所属供货商是否有效 if (!empty($row['suppliers_id'])) { $supplier_is_check = suppliers_list_info(' is_check = 1 AND suppliers_id = ' . $row['suppliers_id']); if (empty($supplier_is_check)) { sys_msg($_LANG['login_disable'], 1); }
/** * 注册会员的处理 */ function action_register() { // 获取全局变量 $_CFG = $GLOBALS['_CFG']; $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; $err = $GLOBALS['err']; include_once 'includes/cls_json.php'; $json = new JSON(); $res = array('err_msg' => '', 'result' => ''); /* 增加是否关闭注册 */ if ($_CFG['shop_reg_closed']) { $smarty->assign('action', 'register'); $smarty->assign('shop_reg_closed', $_CFG['shop_reg_closed']); $smarty->display('user_passport.dwt'); } else { include_once ROOT_PATH . 'includes/lib_passport.php'; $username = isset($_POST['username']) ? trim($_POST['username']) : ''; $password = isset($_POST['password']) ? trim($_POST['password']) : ''; $email = isset($_POST['email']) ? trim($_POST['email']) : ''; $other['msn'] = isset($_POST['extend_field1']) ? $_POST['extend_field1'] : ''; $other['qq'] = isset($_POST['extend_field2']) ? $_POST['extend_field2'] : ''; $other['office_phone'] = isset($_POST['extend_field3']) ? $_POST['extend_field3'] : ''; $other['home_phone'] = isset($_POST['extend_field4']) ? $_POST['extend_field4'] : ''; $other['mobile_phone'] = isset($_POST['extend_field5']) ? $_POST['extend_field5'] : ''; $sel_question = empty($_POST['sel_question']) ? '' : compile_str($_POST['sel_question']); $passwd_answer = isset($_POST['passwd_answer']) ? compile_str(trim($_POST['passwd_answer'])) : ''; // 注册类型:email、mobile $register_type = isset($_POST['register_type']) ? trim($_POST['register_type']) : ''; $back_act = isset($_POST['back_act']) ? trim($_POST['back_act']) : ''; if (empty($_POST['agreement'])) { $res['err_msg'] = $_LANG['passport_js']['agreement']; $res['err_no'] = 1; die($json->encode($res)); } if (strlen($username) < 3) { $res['err_msg'] = $_LANG['passport_js']['username_shorter']; $res['err_no'] = 1; die($json->encode($res)); } if (strlen($password) < 6) { $res['err_msg'] = $_LANG['passport_js']['password_shorter']; $res['err_no'] = 1; die($json->encode($res)); } if (strpos($password, ' ') > 0) { $res['err_msg'] = $_LANG['passwd_balnk']; $res['err_no'] = 1; die($json->encode($res)); } /* 验证码检查 */ if (intval($_CFG['captcha']) & CAPTCHA_REGISTER && gd_version() > 0) { if (empty($_POST['captcha'])) { $res['err_msg'] = $_LANG['invalid_captcha']; $res['err_no'] = 1; die($json->encode($res)); } /* 检查验证码 */ include_once 'includes/cls_captcha.php'; $validator = new captcha(); if (!$validator->check_word($_POST['captcha'])) { $res['err_msg'] = $_LANG['invalid_captcha']; $res['err_no'] = 1; die($json->encode($res)); } } if (register($username, $password, $email, $other) !== false) { /*把新注册用户的扩展信息插入数据库*/ $sql = 'SELECT id FROM ' . $ecs->table('reg_fields') . ' WHERE type = 0 AND display = 1 ORDER BY dis_order, id'; //读出所有自定义扩展字段的id $fields_arr = $db->getAll($sql); $extend_field_str = ''; //生成扩展字段的内容字符串 foreach ($fields_arr as $val) { $extend_field_index = 'extend_field' . $val['id']; if (!empty($_POST[$extend_field_index])) { $temp_field_content = strlen($_POST[$extend_field_index]) > 100 ? mb_substr($_POST[$extend_field_index], 0, 99) : $_POST[$extend_field_index]; $extend_field_str .= " ('" . $_SESSION['user_id'] . "', '" . $val['id'] . "', '" . compile_str($temp_field_content) . "'),"; } } $extend_field_str = substr($extend_field_str, 0, -1); if ($extend_field_str) { $sql = 'INSERT INTO ' . $ecs->table('reg_extend_info') . ' (`user_id`, `reg_field_id`, `content`) VALUES' . $extend_field_str; $db->query($sql); } /* 写入密码提示问题和答案 */ if (!empty($passwd_answer) && !empty($sel_question)) { $sql = 'UPDATE ' . $ecs->table('users') . " SET `passwd_question`='{$sel_question}', `passwd_answer`='{$passwd_answer}' WHERE `user_id`='" . $_SESSION['user_id'] . "'"; $db->query($sql); } /* 判断是否需要自动发送注册邮件 */ if ($GLOBALS['_CFG']['member_email_validate'] && $GLOBALS['_CFG']['send_verify_email']) { send_regiter_hash($_SESSION['user_id']); } $ucdata = empty($user->ucdata) ? "" : $user->ucdata; if (empty($back_act)) { $back_act = 'index.php'; } $res['err_no'] = 0; $res['back_act'] = $back_act; $res['err_msg'] = ''; die($json->encode($res)); } else { $message['content'] = ''; foreach ($err->_message as $msg) { $message['content'] .= '' . htmlspecialchars($msg) . "\n"; } $res['err_msg'] = $message['content']; $res['err_no'] = 1; die($json->encode($res)); } } }
/** * 找回密码第一步:验证用户名/邮箱/已验证手机号 */ function action_check_username() { //获取全局变量 $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; $username = empty($_POST['u_name']) ? '' : $_POST['u_name']; $user_id = null; if (empty($username)) { show_message('请输入用户名/邮箱/已验证的手机号!', '返回', 'findPwd.php?act=index', 'info'); } // 处理验证码 $captcha = intval($_CFG['captcha']); if ($captcha & CAPTCHA_LOGIN && (!($captcha & CAPTCHA_LOGIN_FAIL) || $captcha & CAPTCHA_LOGIN_FAIL && $_SESSION['login_fail'] > 2) && gd_version() > 0) { if (empty($_POST['captcha'])) { show_message($_LANG['invalid_captcha'], $_LANG['relogin_lnk'], 'findPwd.php', 'error'); } /* 检查验证码 */ include_once 'includes/cls_captcha.php'; $validator = new captcha(); $validator->session_word = 'captcha_login'; if (!$validator->check_word($_POST['captcha'])) { show_message($_LANG['invalid_captcha'], $_LANG['relogin_lnk'], 'findPwd.php', 'error'); } } $username_exist = false; $sql = "select user_id from " . $ecs->table('users') . " where user_name = '" . $username . "'"; $user_id = $db->getOne($sql); if ($user_id) { // 用户名存在 $username_exist = true; } // 判断是否诶邮箱 if (is_email($username) && !$username_exist) { $sql = "select user_id from " . $ecs->table('users') . " where email='" . $username . "' "; $user_id = $db->getOne($sql); if ($user_id) { // 用户名存在 $username_exist = true; } } // 判断是否为手机号 if (is_mobile_phone($username) && !$username_exist) { $sql = "select user_id from " . $ecs->table('users') . " where mobile_phone='" . $username . "'"; $rows = $db->query($sql); $index = 0; while ($row = $db->fetchRow($rows)) { $user_id = $row['user_id']; $index = $index + 1; } if ($index > 1) { show_message('本网站有多个会员ID绑定了和您相同的手机号,请使用其他登录方式,如:邮箱或用户名。', $_LANG['relogin_lnk'], 'findPwd.php', 'error'); } else { if ($index == 1) { if ($user_id) { // 用户名存在 $username_exist = true; } } } } // 检查用户名是否存在 if (!$username_exist) { show_message('您输入的账户名不存在,请核对后重新输入。', $_LANG['relogin_lnk'], 'findPwd.php', 'error'); } // 获取用户信息,判断用户是否验证了手机、邮箱 $sql = "select user_id, user_name, email, mobile_phone from " . $ecs->table('users') . " where user_id = '" . $user_id . "'"; $row = $db->getRow($sql); if ($row == false) { show_message('您输入的账户名不存在,请核对后重新输入。', $_LANG['relogin_lnk'], 'findPwd.php', 'error'); } $validate_types = array(); if (isset($row['mobile_phone']) && !empty($row['mobile_phone'])) { // 处理手机号,不让前台显示 $mobile_phone = $row['mobile_phone']; $mobile_phone = substr($mobile_phone, 0, 3) . '*****' . substr($mobile_phone, -3); $validate_types[] = array('type' => 'mobile_phone', 'name' => '已验证的手机号码', 'value' => $mobile_phone); } if (isset($row['email']) && !empty($row['email'])) { $email = $row['email']; // 处理手机号,不让前台显示 $email_head = substr($email, 0, strpos($email, '@')); $email_domain = substr($email, strpos($email, '@')); if (strlen($email_head) == 1) { $email = substr($email_head, 0, 1) . '*****' . $email_domain; } else { if (strlen($email_head) <= 4) { $email = substr($email_head, 0, 1) . '*****' . substr($email_head, -1) . $email_domain; } else { if (strlen($email_head) <= 7) { $email = substr($email_head, 0, 2) . '*****' . substr($email_head, -2) . $email_domain; } else { $email = substr($email_head, 0, 3) . '*****' . substr($email_head, -3) . $email_domain; } } } $validate_types[] = array('type' => 'email', 'name' => '邮箱', 'value' => $email); } $_SESSION['find_password'] = array('user_id' => $row['user_id'], 'user_name' => $row['user_name'], 'email' => $row['email'], 'mobile_phone' => $row['mobile_phone']); //用于validate.php获取数据 $_SESSION[VT_MOBILE_VALIDATE] = $row['mobile_phone']; $_SESSION[VT_EMAIL_VALIDATE] = $row['email']; $smarty->assign("validate_types", $validate_types); $smarty->assign("action", "step_2"); $smarty->display('user_findPwd.dwt'); }
/** * 验证手机 */ function action_do_mobile_validate() { // 获取全局变量 $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; // // 检查是否通过安全验证 // if($_SESSION['security_validate'] != true) // { // exit(json_encode(array('error' => 1, 'content' => '非法操作', 'url' => ''))); // } /* 开启验证码检查 */ if (intval($_CFG['captcha']) & CAPTCHA_REGISTER && gd_version() > 0 || TRUE) { if (empty($_POST['captcha'])) { exit(json_encode(array('error' => 1, 'content' => $_LANG['invalid_captcha'], 'url' => ''))); } /* 检查验证码 */ include_once 'includes/cls_captcha.php'; $captcha = new captcha(); if (!$captcha->check_word(trim($_POST['captcha']))) { exit(json_encode(array('error' => 1, 'content' => $_LANG['invalid_captcha'], 'url' => ''))); } } require_once ROOT_PATH . 'includes/lib_passport.php'; $mobile_phone = $_SESSION[VT_MOBILE_VALIDATE]; $mobile_code = !empty($_POST['mobile_code']) ? trim($_POST['mobile_code']) : ''; $result = validate_mobile_code($mobile_phone, $mobile_code); if ($result == 1) { exit(json_encode(array('error' => 1, 'content' => $_LANG['msg_mobile_phone_blank'], 'url' => ''))); } else { if ($result == 2) { exit(json_encode(array('error' => 1, 'content' => $_LANG['msg_mobile_phone_format'], 'url' => ''))); } else { if ($result == 3) { exit(json_encode(array('error' => 1, 'content' => $_LANG['msg_mobile_phone_code_blank'], 'url' => ''))); } else { if ($result == 4) { exit(json_encode(array('error' => 1, 'content' => $_LANG['invalid_mobile_phone_code'], 'url' => ''))); } else { if ($result == 5) { exit(json_encode(array('error' => 1, 'content' => $_LANG['invalid_mobile_phone_code'], 'url' => ''))); } } } } } $user_name = $_SESSION['user_name']; $result = $GLOBALS['user']->edit_user(array('username' => $user_name, 'mobile_phone' => $mobile_phone, 'mobile_validated' => 1)); if ($result == false) { exit(json_encode(array('error' => 1, 'content' => '手机号码验证失败,请重新尝试', 'url' => ''))); } else { // 验证完成 $_SESSION['security_validate'] = false; exit(json_encode(array('error' => 0, 'content' => '', 'url' => ''))); } }
/** * 注册会员的处理 */ function action_register() { // 获取全局变量 $_CFG = $GLOBALS['_CFG']; $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; /* 增加是否关闭注册 */ if ($_CFG['shop_reg_closed']) { $smarty->assign('action', 'register'); $smarty->assign('shop_reg_closed', $_CFG['shop_reg_closed']); $smarty->display('user_passport.dwt'); } else { include_once ROOT_PATH . 'includes/lib_passport.php'; $username = isset($_POST['username']) ? trim($_POST['username']) : ''; $password = isset($_POST['password']) ? trim($_POST['password']) : ''; $email = isset($_POST['email']) ? trim($_POST['email']) : ''; $other['msn'] = isset($_POST['extend_field1']) ? $_POST['extend_field1'] : ''; $other['qq'] = isset($_POST['extend_field2']) ? $_POST['extend_field2'] : ''; $other['office_phone'] = isset($_POST['extend_field3']) ? $_POST['extend_field3'] : ''; $other['home_phone'] = isset($_POST['extend_field4']) ? $_POST['extend_field4'] : ''; //$other['mobile_phone'] = isset($_POST['extend_field5']) ? $_POST['extend_field5'] : ''; $sel_question = empty($_POST['sel_question']) ? '' : compile_str($_POST['sel_question']); $passwd_answer = isset($_POST['passwd_answer']) ? compile_str(trim($_POST['passwd_answer'])) : ''; // 注册类型:email、mobile $register_type = isset($_POST['register_type']) ? trim($_POST['register_type']) : ''; $back_act = isset($_POST['back_act']) ? trim($_POST['back_act']) : ''; // if(empty($_POST['agreement'])) // { // show_message($_LANG['passport_js']['agreement']); // } // 注册类型不能为空 if (empty($register_type)) { show_message($_LANG['passport_js']['msg_register_type_blank']); } // 用户名将自动生成 if (strlen($username) < 3) { // show_message($_LANG['passport_js']['username_shorter']); } if (strlen($password) < 6) { show_message($_LANG['passport_js']['password_shorter']); } if (strpos($password, ' ') > 0) { show_message($_LANG['passwd_balnk']); } /* 验证码检查 */ if (intval($_CFG['captcha']) & CAPTCHA_REGISTER && gd_version() > 0) { if (empty($_POST['captcha'])) { show_message($_LANG['invalid_captcha'], $_LANG['sign_up'], 'register.php', 'error'); } /* 检查验证码 */ include_once 'includes/cls_captcha.php'; $captcha = new captcha(); if (!$captcha->check_word(trim($_POST['captcha']))) { show_message($_LANG['invalid_captcha'], $_LANG['sign_up'], 'register.php', 'error'); } } if ($register_type == "email") { /* 邮箱验证码检查 */ require_once ROOT_PATH . 'includes/lib_validate_record.php'; if (empty($email)) { show_message($_LANG['msg_email_blank'], $_LANG['sign_up'], 'register.php', 'error'); } $record = get_validate_record($email); $session_email = $_SESSION[VT_EMAIL_REGISTER]; $email_code = !empty($_POST['email_code']) ? trim($_POST['email_code']) : ''; if (empty($email_code)) { show_message($_LANG['msg_email_code_blank'], $_LANG['sign_up'], 'register.php', 'error'); } else { if ($session_email != $email) { show_message($_LANG['email_changed'], $_LANG['sign_up'], 'register.php', 'error'); } else { if ($email_code != $record['record_code']) { show_message($_LANG['invalid_email_code'], $_LANG['sign_up'], 'register.php', 'error'); } } } /* 邮箱注册时 */ $username = generate_username(); /* 邮箱注册 */ $result = register_by_email($username, $password, $email, $other); if ($result) { /* 删除注册的验证记录 */ remove_validate_record($email); } } else { if ($register_type == "mobile") { require_once ROOT_PATH . 'includes/lib_validate_record.php'; $mobile_phone = !empty($_POST['mobile_phone']) ? trim($_POST['mobile_phone']) : ''; $mobile_code = !empty($_POST['mobile_code']) ? trim($_POST['mobile_code']) : ''; $record = get_validate_record($mobile_phone); $session_mobile_phone = $_SESSION[VT_MOBILE_REGISTER]; /* 手机验证码检查 */ if (empty($mobile_code)) { show_message($_LANG['msg_mobile_phone_blank'], $_LANG['sign_up'], 'register.php', 'error'); } else { if ($session_mobile_phone != $mobile_phone) { show_message($_LANG['mobile_phone_changed'], $_LANG['sign_up'], 'register.php', 'error'); } else { if ($record['record_code'] != $mobile_code) { show_message($_LANG['invalid_mobile_phone_code'], $_LANG['sign_up'], 'register.php', 'error'); } else { if ($record['expired_time'] < time()) { show_message($_LANG['invalid_mobile_phone_code'], $_LANG['sign_up'], 'register.php', 'error'); } } } } /* 手机注册时,用户名默认为u+手机号 */ $username = generate_username_by_mobile($mobile_phone); /* 手机注册 */ $result = register_by_mobile($username, $password, $mobile_phone, $other); if ($result) { /* 删除注册的验证记录 */ remove_validate_record($mobile_phone); } } else { /* 无效的注册类型 */ show_message($_LANG['register_type_invalid'], $_LANG['sign_up'], 'register.php', 'error'); } } /* 随进生成用户名 */ // $username = generate_username(); if ($result) { /* 把新注册用户的扩展信息插入数据库 */ $sql = 'SELECT id FROM ' . $ecs->table('reg_fields') . ' WHERE type = 0 AND display = 1 ORDER BY dis_order, id'; // 读出所有自定义扩展字段的id $fields_arr = $db->getAll($sql); $extend_field_str = ''; // 生成扩展字段的内容字符串 foreach ($fields_arr as $val) { $extend_field_index = 'extend_field' . $val['id']; if (!empty($_POST[$extend_field_index])) { $temp_field_content = strlen($_POST[$extend_field_index]) > 100 ? mb_substr($_POST[$extend_field_index], 0, 99) : $_POST[$extend_field_index]; $extend_field_str .= " ('" . $_SESSION['user_id'] . "', '" . $val['id'] . "', '" . compile_str($temp_field_content) . "'),"; } } $extend_field_str = substr($extend_field_str, 0, -1); if ($extend_field_str) { $sql = 'INSERT INTO ' . $ecs->table('reg_extend_info') . ' (`user_id`, `reg_field_id`, `content`) VALUES' . $extend_field_str; $db->query($sql); } /* 代码增加2014-12-23 by www.68ecshop.com _star */ // if($_SESSION['tag'] > 0) // { // $sql = "update " . $GLOBALS['ecs']->table('users') . " set // is_validated = 1 where user_id = '" . $_SESSION['user_id'] . "'"; // $GLOBALS['db']->query($sql); // } // if($other['mobile_phone'] != '') // { // if($_CFG['sms_register'] == 1) // { // $sql = "update " . $GLOBALS['ecs']->table('users') . " set // validated = 1 where user_id = '" . $_SESSION['user_id'] . "'"; // $GLOBALS['db']->query($sql); // } // } /* 代码增加2014-12-23 by www.68ecshop.com _end */ /* * 代码增加_start By www.68ecshop.com * include_once(ROOT_PATH . '/includes/cls_image.php'); * $image = new cls_image($_CFG['bgcolor']); * $headimg_original = * $GLOBALS['image']->upload_image($_FILES['headimg'], 'headimg/'. * date('Ym')); * * $thumb_path=DATA_DIR. '/headimg/' . date('Ym').'/' ; * $headimg_thumb = $GLOBALS['image']->make_thumb($headimg_original, * '80', '50', $thumb_path); * $headimg_thumb = $headimg_thumb ? $headimg_thumb : * $headimg_original; * if ($headimg_thumb) * { * $sql = 'UPDATE ' . $ecs->table('users') . " SET * `headimg`='$headimg_thumb' WHERE `user_id`='" . * $_SESSION['user_id'] . "'"; * $db->query($sql); * } * 代码增加_end By www.68ecshop.com */ /* 写入密码提示问题和答案 */ if (!empty($passwd_answer) && !empty($sel_question)) { $sql = 'UPDATE ' . $ecs->table('users') . " SET `passwd_question`='{$sel_question}', `passwd_answer`='{$passwd_answer}' WHERE `user_id`='" . $_SESSION['user_id'] . "'"; $db->query($sql); } /* 代码增加_start By www.68ecshop.com */ $now = gmtime(); if ($_CFG['bonus_reg_rand']) { $sql_bonus_ext = " order by rand() limit 0,1"; } $sql_b = "SELECT type_id FROM " . $ecs->table("bonus_type") . " WHERE send_type='" . SEND_BY_REGISTER . "' AND send_start_date<=" . $now . " AND send_end_date>=" . $now . $sql_bonus_ext; $res_bonus = $db->query($sql_b); $kkk_bonus = 0; while ($row_bonus = $db->fetchRow($res_bonus)) { $sql = "INSERT INTO " . $ecs->table('user_bonus') . "(bonus_type_id, bonus_sn, user_id, used_time, order_id, emailed)" . " VALUES('" . $row_bonus['type_id'] . "', 0, '" . $_SESSION['user_id'] . "', 0, 0, 0)"; $db->query($sql); $kkk_bonus = $kkk_bonus + 1; } if ($kkk_bonus) { $_LANG['register_success'] = '用户名 %s 注册成功,并获得官方赠送的红包礼品'; } /* 代码增加_end By www.68ecshop.com */ /* 判断是否需要自动发送注册邮件 */ if ($GLOBALS['_CFG']['member_email_validate'] && $GLOBALS['_CFG']['send_verify_email']) { send_regiter_hash($_SESSION['user_id']); } $ucdata = empty($user->ucdata) ? "" : $user->ucdata; show_message(sprintf($_LANG['register_success'], $username . $ucdata), array($_LANG['back_up_page'], $_LANG['profile_lnk']), array($back_act, 'user.php'), 'info'); } else { $GLOBALS['err']->show($_LANG['sign_up'], 'register.php'); } } /* 代码增加2014-12-23 by www.68ecshop.com _star */ }
function action_act_forget_surplus_password() { $user = $GLOBALS['user']; $_CFG = $GLOBALS['_CFG']; $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; $user_id = $GLOBALS['user_id']; if (empty($_POST['verify_method'])) { show_message('未知错误!', '返回', 'user.php?act=forget_surplus_password', 'error'); } else { $verify_method = $_REQUEST['verify_method']; if ($verify_method == 'phone') { if (empty($_REQUEST['v_code'])) { show_message('请输入手机验证码!', '返回', 'user.php?act=forget_surplus_password', 'error'); } if (empty($_REQUEST['v_phone'])) { show_message('请输入手机号!', '返回', 'user.php?act=forget_surplus_password', 'error'); } $v_code = $_REQUEST['v_code']; $v_phone = $_REQUEST['v_phone']; $sql = 'SELECT COUNT(*) FROM ' . $GLOBALS['ecs']->table('verifycode') . ' WHERE `mobile` = \'' . $v_phone . '\' AND `verifycode` = \'' . $v_code . '\' AND `status` = 1' . ' AND dateline + 86400 > \'' . gmtime() . '\''; if ($GLOBALS['db']->getOne($sql) == 0) { show_message('手机号和验证码不匹配,请重新输入!'); } else { $smarty->assign('verify_method', 'phone'); $smarty->assign('v_code', $v_code); $smarty->assign('action', 'reset_surplus_password'); $smarty->assign('validated', 1); $smarty->display('user_transaction.dwt'); } } elseif ($verify_method == 'email') { if (empty($_REQUEST['v_captcha'])) { show_message('请输入验证码!', '返回', 'user.php?act=forget_surplus_password', 'error'); } if (empty($_REQUEST['v_email'])) { show_message('请输入邮箱!', '返回', 'user.php?act=forget_surplus_password', 'error'); } $v_captcha = trim($_REQUEST['v_captcha']); $v_email = trim($_REQUEST['v_email']); include_once 'includes/cls_captcha.php'; $validator = new captcha(); $validator->session_word = 'captcha_login'; if (!$validator->check_word($v_captcha)) { show_message($_LANG['invalid_captcha'], $_LANG['back_up_page'], 'user.php?act=forget_surplus_password', 'error'); } else { $sql = 'SELECT `user_name`,`email` ' . ' FROM ' . $GLOBALS['ecs']->table('users') . ' WHERE `user_id` = \'' . $user_id . '\''; $row = $GLOBALS['db']->getRow($sql); if ($row['email'] != $v_email) { show_message('邮箱输入错误!', '返回', 'user.php?act=forget_surplus_password', 'error'); } $template = get_mail_template('reset_surplus_password'); $scope = '02456789abdefghjknoqrstwyz13u'; $hash = mc_random(16, $scope); $reset_link = $GLOBALS['ecs']->url() . 'user.php?act=verify_reset_surplus_email' . '&hash=' . $hash; $user_name = $row['user_name']; $smarty->assign('user_name', $user_name); $smarty->assign('reset_link', $reset_link); $smarty->assign('shop_name', $_CFG['shop_name']); $smarty->assign('send_date', date($_CFG['time_format'])); $content = $smarty->fetch('str:' . $template['template_content']); $result = send_mail($_CFG['shop_name'], $v_email, $template['template_subject'], $content, $template['is_html']); if ($result == true) { $add_time = gmtime(); $sql = 'INSERT INTO ' . $GLOBALS['ecs']->table('email') . '(`email`,`hash`,`add_time`,`user_id`)' . 'VALUES(\'' . $v_email . '\',\'' . $hash . '\',\'' . $add_time . '\',\'' . $user_id . '\')'; $GLOBALS['db']->query($sql); if ($GLOBALS['db']->affected_rows() == 1) { show_message('已发送邮件,请前往邮箱点击链接完成密码重置!', '返回', 'user.php?act=account_security', 'success'); } else { show_message('发送邮件失败!'); } } else { show_message('发送邮件失败!'); } } } else { show_message('未知错误!', '返回', 'user.php?act=forget_surplus_password', 'error'); } } }
$shipping_info = shipping_area_info($shipping_id, $region); $shipping_fee = shipping_fee($shipping_info['shipping_code'], $shipping_info['configure'], $goods_weight, '0', '0'); $result['content'] = $shipping_fee; die($json->encode($result)); } /* ajax获取运单状态 */ if ($action == 'get_OrderStatus') { require ROOT_PATH . 'includes/cls_json.php'; require ROOT_PATH . 'includes/cls_captcha.php'; $json = new JSON(); $result = array('error' => 0, 'message' => '', 'content' => ''); $_POST['order'] = strip_tags(urldecode($_POST['order'])); $_POST['order'] = json_str_iconv($_POST['order']); $order = $json->decode($_POST['order']); $validator = new captcha(); if (!$validator->check_word($order->captcha)) { $result['content'] = '验证码不正确!'; die($json->encode($result)); } $sql = "select order_id from " . $ecs->table('kuaidi_order') . " where order_sn='" . $order->order_sn . "' "; $order_id = $db->getOne($sql); if (!$order_id) { $result['content'] = '抱歉,没有您要的运单号哦!'; } else { $sql = "select * from " . $ecs->table('kuaidi_order_status') . " where order_id='{$order_id}' order by status_id"; $res_status = $db->query($sql); $have_shipping_info = 0; $shipping_info = ""; while ($row_status = $db->fetchRow($res_status)) { if ($row_status['status_display'] == 1) { switch ($row_status['status_id']) {
function chechCaptcha() { if (empty($_POST['captche'])) { return false; } include_once 'includes/cls_captcha.php'; $validator = new captcha(); $validator->session_word = 'captcha_word'; if (!$validator->check_word($_POST['captche'])) { return false; } return true; }
/** * 处理会员登录 */ function action_act_login() { $user_id = $_SESSION['user_id']; $smarty = get_smarty(); $ecs = get_ecs(); $db = get_database(); /* 处理会员的登录 */ $username = isset($_POST['username']) ? trim($_POST['username']) : ''; $password = isset($_POST['password']) ? trim($_POST['password']) : ''; $back_act = isset($_POST['back_act']) ? trim($_POST['back_act']) : ''; $captcha = intval($_CFG['captcha']); if ($captcha & CAPTCHA_LOGIN && (!($captcha & CAPTCHA_LOGIN_FAIL) || $captcha & CAPTCHA_LOGIN_FAIL && $_SESSION['login_fail'] > 2) && gd_version() > 0) { if (empty($_POST['captcha'])) { $smarty->assign('lang', $_LANG); $smarty->assign('action', 'login'); $smarty->assign('error', $_LANG['invalid_captcha']); $smarty->display('chat_passport.dwt'); return; } /* 检查验证码 */ include_once 'includes/cls_captcha.php'; $validator = new captcha(); $validator->session_word = 'captcha_login'; if (!$validator->check_word($_POST['captcha'])) { $smarty->assign('lang', $_LANG); $smarty->assign('action', 'login'); $smarty->assign('error', $_LANG['invalid_captcha']); $smarty->display('chat_passport.dwt'); return; } } if (is_email($username)) { $sql = "select user_name from " . $ecs->table('users') . " where email='" . $username . "'"; $username_e = $db->getOne($sql); if ($username_e) { $username = $username_e; } } if (is_telephone($username)) { $sql = "select user_name from " . $ecs->table('users') . " where mobile_phone='" . $username . "'"; $username_res = $db->query($sql); $kkk = 0; while ($username_row = $db->fetchRow($username_res)) { $username_e = $username_row['user_name']; $kkk = $kkk + 1; } if ($kkk > 1) { $smarty->assign('lang', $_LANG); $smarty->assign('action', 'login'); $smarty->assign('error', '本网站有多个会员ID绑定了和您相同的手机号,请使用其他登录方式,如:邮箱或用户名。'); $smarty->display('chat_passport.dwt'); return; } if ($username_e) { $username = $username_e; } } if ($GLOBALS['user']->login($username, $password, isset($_POST['remember']))) { update_user_info(); recalculate_price(); // 登录成功 $ucdata = isset($user->ucdata) ? $user->ucdata : ''; // show_message($_LANG['login_success'] . $ucdata , // array($_LANG['back_up_page'], $_LANG['profile_lnk']), // array($back_act,'user.php'), 'info'); // 刷新user_id $user_id = $_SESSION['user_id']; header('Location: chat.php?act=chat'); } else { $_SESSION['login_fail']++; $smarty->assign('lang', $_LANG); $smarty->assign('action', 'login'); $smarty->assign('error', $_LANG['login_failure']); $smarty->display('chat_passport.dwt'); return; } }
function action_signin() { // 全局变量 // $user = $GLOBALS['user']; $_CFG = $GLOBALS['_CFG']; $_LANG = $GLOBALS['_LANG']; $smarty = $GLOBALS['smarty']; $db = $GLOBALS['db']; $ecs = $GLOBALS['ecs']; if (!empty($_SESSION['captcha_word']) && intval($_CFG['captcha']) & CAPTCHA_ADMIN) { include_once ROOT_PATH . 'includes/cls_captcha.php'; /* 检查验证码是否正确 */ $validator = new captcha(); if (!empty($_POST['captcha']) && !$validator->check_word($_POST['captcha'])) { sys_msg($_LANG['captcha_error'], 1); } } $_POST['username'] = isset($_POST['username']) ? trim($_POST['username']) : ''; $_POST['password'] = isset($_POST['password']) ? trim($_POST['password']) : ''; $user_name = $_POST['username']; if (is_email($user_name)) { $sql = "select user_name from " . $ecs->table('supplier_admin_user') . " where email='" . $user_name . "'"; $username_email = $db->getOne($sql); if ($username_email) { $user_name = $username_email; } } else { if (is_mobile_phone($user_name)) { $sql = "select user_name from " . $ecs->table('supplier_admin_user') . " where mobile_phone='" . $user_name . "'"; $rows = $db->query($sql); $i = 0; while ($row = $db->fetchRow($rows)) { $username_mobile = $row['user_name']; $i = $i + 1; } if ($i > 1) { show_message('本网站有多个会员ID绑定了和您相同的手机号,请使用其他登录方式,如:邮箱或用户名。', $_LANG['relogin_lnk'], 'user.php', 'error'); } if (isset($username_mobile)) { $user_name = $username_mobile; } } } $sql = "SELECT `ec_salt` FROM " . $ecs->table('supplier_admin_user') . " WHERE user_name = '" . $user_name . "'"; $ec_salt = $db->getOne($sql); if (!empty($ec_salt)) { /* 检查密码是否正确 */ $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,supplier_id,ec_salt" . " FROM " . $ecs->table('supplier_admin_user') . " WHERE user_name = '" . $user_name . "' AND password = '******'password']) . $ec_salt) . "' AND checked=1"; } else { /* 检查密码是否正确 */ $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,supplier_id,ec_salt" . " FROM " . $ecs->table('supplier_admin_user') . " WHERE user_name = '" . $user_name . "' AND password = '******'password']) . "' AND checked=1"; } $row = $db->getRow($sql); if ($row) { // 登录成功 // set_admin_session($row['user_id'], $row['user_name'], // $row['action_list'], $row['last_login']); $_SESSION['supplier_id'] = $row['supplier_id']; // 店铺的id $_SESSION['supplier_user_id'] = $row['user_id']; // 管理员id $_SESSION['supplier_name'] = $row['user_name']; // 管理员名称 $_SESSION['supplier_action_list'] = $row['action_list']; // 管理员权限 $_SESSION['supplier_last_check'] = $row['last_login']; // 用于保存最后一次检查订单的时间 $new_possword = $row['password']; if (empty($row['ec_salt'])) { $ec_salt = rand(1, 9999); $new_possword = md5(md5($_POST['password']) . $ec_salt); $db->query("UPDATE " . $ecs->table('supplier_admin_user') . " SET ec_salt='" . $ec_salt . "', password='******'" . " WHERE user_id='{$_SESSION['admin_id']}'"); } if ($row['action_list'] == 'all') { $_SESSION['supplier_admin_id'] = $row['user_id']; // 超级管理员的标识管理员id $_SESSION['supplier_shop_guide'] = true; // 超级管理员标识 } // 更新最后登录时间和IP $db->query("UPDATE " . $ecs->table('supplier_admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['supplier_user_id']}'"); if (isset($_POST['remember'])) { $time = gmtime() + 3600 * 24 * 365; setcookie('ECSCP[supplier_id]', $row['supplier_id'], $time); setcookie('ECSCP[supplier_user_id]', $row['user_id'], $time); setcookie('ECSCP[supplier_pass]', md5($new_possword . $_CFG['hash_code']), $time); } // 清除购物车中过期的数据 clear_cart(); ecs_header("Location: ./index.php\n"); exit; } else { sys_msg($_LANG['login_faild'], 1); } /* * * $sql="SELECT `ec_salt` FROM ". $ecs->table('users') ."WHERE user_name = * '" . $_POST['username']."'"; * $ec_salt =$db->getOne($sql); * if(!empty($ec_salt)) * { * // 检查密码是否正确 * $sql = "SELECT user_id, user_name, password, last_login, ec_salt". * " FROM " . $ecs->table('users') . * " WHERE user_name = '" . $_POST['username']. "' AND password = '******'password']).$ec_salt) . "'"; * } * else * { * // 检查密码是否正确 * $sql = "SELECT user_id, user_name, password, last_login, ec_salt". * " FROM " . $ecs->table('users') . * " WHERE user_name = '" . $_POST['username']. "' AND password = '******'password']) . "'"; * } * $row = $db->getRow($sql); * if ($row) * { * // 检查是否为供货商的管理员 * if (!empty($row['user_id'])) * { * $supplier_id = $db->getOne( "select supplier_id from ". * $ecs->table("supplier") ." where status='1' and user_id=" . * $row['user_id']); * if (empty($supplier_id)) * { * sys_msg("对不起,无效的供货商用户!", 1); * } * } * * // 登录成功 * $_SESSION['supplier_id'] = $supplier_id; * $_SESSION['supplier_user_id'] = $row['user_id']; * $_SESSION['supplier_name'] = $row['user_name']; * * * if (isset($_POST['remember'])) * { * $time = gmtime() + 3600 * 24 * 365; * setcookie('ECSCP[supplier_id]', $supplier_id, $time); * setcookie('ECSCP[supplier_user_id]', $row['user_id'], $time); * setcookie('ECSCP[supplier_pass]', md5($row['password'] . * $_CFG['hash_code']), $time); * } * * // 清除购物车中过期的数据 * clear_cart(); * * ecs_header("Location: ./index.php\n"); * * exit; * } * else * { * sys_msg($_LANG['login_faild'], 1); * } */ }