/core/profile.php
PHP | 224 lines | 202 code | 18 blank | 4 comment | 53 complexity | 7ab0d2e7c160633329c718dad3fd1729 MD5 | raw file
- <?php
- if(!defined('RQ_ROOT')) exit('Access Denied');
-
- function CheckEmail($email)
- {
- if (!empty($email))
- {
- return preg_match('/^[a-z0-9]+([\+_\-\.]?[a-z0-9]+)*@([a-z0-9]+[\-]?[a-z0-9]+\.)+[a-z]{2,6}$/i', $email);
- }
- return FALSE;
- }
-
- $url=isset($_GET['url'])?$_GET['url']:(isset($_POST['url'])?$_POST['url']:'');
-
- if(RQ_POST)
- {
- if($url == 'doregister' || $url == 'domod')
- {
- $doreg = $url == 'doregister' ? true : false;
- $confirmpassword = $_POST['confirmpassword'];
- $email=isset($_POST['email'])?$_POST['email']:'';
- $siteurl='';
- if ($doreg)
- {
- $username =trim($_POST['username']);
- $password = $_POST['password'];
- doAction('profile_reg_check');
- //??
-
- if(!$username || strlen($username) > 30)
- {
- message('?????????30??.', $register_url);
- }
-
- if ($host['censoruser'])
- {
- $host['censoruser'] = str_replace('?', ',', $host['censoruser']);
- $banname = explode(',',$host['censoruser']);
- foreach($banname as $value)
- {
- if (strpos($username,$value) !== false)
- {
- message('???????????????????,????????.', $register_url);
- }
- }
- }
-
- $name_key = array("\\",'&',' ',"'",'"','/','*',',','<','>',"\r","\t","\n",'#','$','(',')','%','@','+','?',';','^');
- foreach($name_key as $value)
- {
- if (strpos($username,$value) !== false)
- {
- message('???????????????????,????????.', $register_url);
- }
- }
-
- if (!$password || strlen($password) < 3)
- {
- message('????????????????3?.',$register_url);
- }
- if ($password != $confirmpassword)
- {
- message('??????????.', $register_url);
- }
- if (strpos($password,"\n") !== false || strpos($password,"\r") !== false || strpos($password,"\t") !== false)
- {
- message('??????????.', $register_url);
- }
-
- $r = $DB->fetch_first("SELECT uid FROM ".DB_PREFIX."user WHERE username='$username'");
- if($r['uid'])
- {
- message('????????,????????????.', $register_url);
- unset($r);
- }
-
- if ($email)
- {
- if(CheckEmail($email))
- {
- $r = $DB->fetch_first("SELECT uid FROM ".DB_PREFIX."user WHERE email='$email'");
- if($r['uid'])
- {
- message('?E-mail????.', $register_url);
- }
- unset($r);
- }
- else message('?E-mail?????.', $register_url);
- }
-
- $password = md5($password);
-
- $DB->query("INSERT INTO ".DB_PREFIX."user (username, password, logincount, loginip, logintime, url, regdateline, regip, groupid,hostid,email) VALUES ('$username', '$password', '1', '$onlineip', '$timestamp', '$siteurl', '$timestamp', '$onlineip', '1',$hostid,'$email')");
- $uid = $DB->insert_id();
-
- $sql='Select * from '.DB_PREFIX."user where `uid`='$uid'";
- $result=$DB->fetch_first($sql);
-
- $sessionid=getRandStr(30,false);//????????
- $expire=isset($_POST['rememberme'])?$timestamp+31536000:0;//???????????????????????????
- setcookie('sessionid',$sessionid,$expire,'',RQ_HOST);
- $DB->query('update '.DB_PREFIX."user set `logincount`=`logincount`+1,`loginip`='$onlineip',`logintime`='$timestamp',`sessionid`='$sessionid',`useragent`='$useragent' where uid='$uid'");
- $DB->query('insert into '.DB_PREFIX."log (`user`,`dateline`,`useragent`,`ip`,`content`) values ('$username','$timestamp','$useragent','$onlineip','???????')");
-
- //????
- message('????.', $profile_url);
- }
- else
- {
- //????
- $password_sql = '';
- $oldpassword = md5($_POST['oldpassword']);
- $newpassword = $_POST['newpassword'];
-
- $email=$_POST['email'];
- if($email)
- {
- $password_sql = "email='$email'";
- }
-
- if ($newpassword)
- {
- $user = $DB->fetch_first("SELECT password FROM ".DB_PREFIX."user WHERE uid='$uid'");
- if (!$user) {
- message('??,?????????????',$loginurl);
- }
- if ($oldpassword != $user['password']) {
- message('???????????',$profile_url);
- }
- if(strlen($newpassword) < 3) {
- message('?????????3?',$profile_url);
- }
- if ($newpassword != $confirmpassword) {
- message('???????????',$profile_url);
- }
- if (strpos($newpassword,"\n") !== false || strpos($newpassword,"\r") !== false || strpos($newpassword,"\t") !== false) {
- message('??????????',$profile_url);
- }
- if($password_sql) $password_sql .= ",password='".md5($newpassword)."'";
- else $password_sql = "password='".md5($newpassword)."'";
- }
-
- if($password_sql) $DB->unbuffered_query("UPDATE ".DB_PREFIX."user SET $password_sql WHERE uid='$uid'");
- if ($newpassword)
- {
- $DB->query('update '.DB_PREFIX."user set `sessionid`='x' where uid='$uid'");
- message('???????,??????,??????.', $login_url);
- } else {
- message('???????.', $profile_url);
- }
- }
- }
- else if($url=='dologin')
- {
- // ???????
- $username = trim($_POST['username']);
- $password = md5($_POST['password']);
- $userinfo = $DB->fetch_first("SELECT * FROM ".DB_PREFIX."user WHERE username='$username'");
-
- if($userinfo)
- {
- if($userinfo['password']==$password)
- {
- $uid=$userinfo['uid'];
- if($userinfo['groupid']<3&&$userinfo['hostid']!=$hostid) $loginerr='???????';
- elseif($userinfo['groupid']>2) $loginerr='???????????????';//?????,????????
- else
- {
- $sessionid=getRandStr(30,true);//????????
- $expire=$timestamp+31536000;//???????????????????????????
- setcookie('sessionid',$sessionid,$expire,'',RQ_HOST);
- $DB->query('update '.DB_PREFIX."user set `logincount`=`logincount`+1,`loginip`='$onlineip',`logintime`='$timestamp',`sessionid`='$sessionid',`useragent`='$useragent' where uid='$uid'");
- $DB->query('insert into '.DB_PREFIX."log (`user`,`dateline`,`useragent`,`ip`,`content`) values ('$username','$timestamp','$useragent','$onlineip','??????')");
- message('????', $profile_url);
- }
- }
- else $loginerr='????';
- }
- else $loginerr='???????';
- message($loginerr,$login_url);
- }
- }
- else
- {
- if(!$url) $url='mod';
- $userinfo = $DB->fetch_first("SELECT * FROM ".DB_PREFIX."user WHERE uid='$uid'");
- switch($url)
- {
- case 'clearcookies':
- if(is_array($_COOKIE))
- {
- foreach ($_COOKIE as $key => $val)
- {
- setcookie($key, '');
- }
- }
- message('??COOKIE??', './');
- break;
- case 'logout':
- $adminitem=array();
- $groupid=0;
- $DB->query('update '.DB_PREFIX."user set `sessionid`='x' where uid='$uid'");
- ob_end_clean();
- ob_start();
- message('????', './');
- break;
- case 'login':
- if($groupid>0) message('???????', $profile_url);
- $pagefile = 'login';
- $title='??';
- break;
- case 'register':
- if($groupid>0) message('???????', $profile_url);
- $pagefile='register';
- $title='????';
- break;
- case 'edit':
- $pagefile = 'edit';
- $title='??????';
- break;
- default:
- $title='????';
- }
- }