PageRenderTime 52ms CodeModel.GetById 22ms RepoModel.GetById 1ms app.codeStats 0ms

/source/class/class_member.php

https://github.com/jinbo51/DiscuzX
PHP | 952 lines | 915 code | 31 blank | 6 comment | 55 complexity | 6aa05ce0d8887df7cb66d6f584ed6c67 MD5 | raw file
Possible License(s): BSD-3-Clause
  1. <?php
  2. /**
  3. * [Discuz!] (C)2001-2099 Comsenz Inc.
  4. * This is NOT a freeware, use is subject to license terms
  5. *
  6. * $Id: class_member.php 33436 2013-06-14 02:28:25Z nemohou $
  7. */
  8. if(!defined('IN_DISCUZ')) {
  9. exit('Access Denied');
  10. }
  11. class logging_ctl {
  12. function logging_ctl() {
  13. require_once libfile('function/misc');
  14. loaducenter();
  15. }
  16. function logging_more($questionexist) {
  17. global $_G;
  18. if(empty($_GET['lssubmit'])) {
  19. return;
  20. }
  21. $auth = authcode($_GET['username']."\t".$_GET['password']."\t".($questionexist ? 1 : 0), 'ENCODE');
  22. $js = '<script type="text/javascript">showWindow(\'login\', \'member.php?mod=logging&action=login&auth='.rawurlencode($auth).'&referer='.rawurlencode(dreferer()).(!empty($_GET['cookietime']) ? '&cookietime=1' : '').'\')</script>';
  23. showmessage('location_login', '', array('type' => 1), array('extrajs' => $js));
  24. }
  25. function on_login() {
  26. global $_G;
  27. if($_G['uid']) {
  28. $referer = dreferer();
  29. $ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
  30. $param = array('username' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid']);
  31. showmessage('login_succeed', $referer ? $referer : './', $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin));
  32. }
  33. $from_connect = $this->setting['connect']['allow'] && !empty($_GET['from']) ? 1 : 0;
  34. $seccodecheck = $from_connect ? false : $this->setting['seccodestatus'] & 2;
  35. $seccodestatus = !empty($_GET['lssubmit']) ? false : $seccodecheck;
  36. $invite = getinvite();
  37. if(!submitcheck('loginsubmit', 1, $seccodestatus)) {
  38. $auth = '';
  39. $username = !empty($_G['cookie']['loginuser']) ? dhtmlspecialchars($_G['cookie']['loginuser']) : '';
  40. if(!empty($_GET['auth'])) {
  41. list($username, $password, $questionexist) = explode("\t", authcode($_GET['auth'], 'DECODE'));
  42. $username = dhtmlspecialchars($username);
  43. $auth = dhtmlspecialchars($_GET['auth']);
  44. }
  45. $cookietimecheck = !empty($_G['cookie']['cookietime']) || !empty($_GET['cookietime']) ? 'checked="checked"' : '';
  46. if($seccodecheck) {
  47. $seccode = random(6, 1) + $seccode{0} * 1000000;
  48. }
  49. if($this->extrafile && file_exists($this->extrafile)) {
  50. require_once $this->extrafile;
  51. }
  52. $navtitle = lang('core', 'title_login');
  53. include template($this->template);
  54. } else {
  55. if(!empty($_GET['auth'])) {
  56. list($_GET['username'], $_GET['password']) = daddslashes(explode("\t", authcode($_GET['auth'], 'DECODE')));
  57. }
  58. if(!($_G['member_loginperm'] = logincheck($_GET['username']))) {
  59. showmessage('login_strike');
  60. }
  61. if($_GET['fastloginfield']) {
  62. $_GET['loginfield'] = $_GET['fastloginfield'];
  63. }
  64. $_G['uid'] = $_G['member']['uid'] = 0;
  65. $_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
  66. if(!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
  67. showmessage('profile_passwd_illegal');
  68. }
  69. $result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $this->setting['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']);
  70. $uid = $result['ucresult']['uid'];
  71. if(!empty($_GET['lssubmit']) && ($result['ucresult']['uid'] == -3 || $seccodecheck)) {
  72. $_GET['username'] = $result['ucresult']['username'];
  73. $this->logging_more($result['ucresult']['uid'] == -3);
  74. }
  75. if($result['status'] == -1) {
  76. if(!$this->setting['fastactivation']) {
  77. $auth = authcode($result['ucresult']['username']."\t".FORMHASH, 'ENCODE');
  78. showmessage('location_activation', 'member.php?mod='.$this->setting['regname'].'&action=activation&auth='.rawurlencode($auth).'&referer='.rawurlencode(dreferer()), array(), array('location' => true));
  79. } else {
  80. $init_arr = explode(',', $this->setting['initcredits']);
  81. $groupid = $this->setting['regverify'] ? 8 : $this->setting['newusergroupid'];
  82. C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
  83. $result['member'] = getuserbyuid($uid);
  84. $result['status'] = 1;
  85. }
  86. }
  87. if($result['status'] > 0) {
  88. if($this->extrafile && file_exists($this->extrafile)) {
  89. require_once $this->extrafile;
  90. }
  91. setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0);
  92. checkfollowfeed();
  93. if($_G['member']['lastip'] && $_G['member']['lastvisit']) {
  94. dsetcookie('lip', $_G['member']['lastip'].','.$_G['member']['lastvisit']);
  95. }
  96. C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' =>TIMESTAMP, 'lastactivity' => TIMESTAMP));
  97. $ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
  98. if($invite['id']) {
  99. $result = C::t('common_invite')->count_by_uid_fuid($invite['uid'], $uid);
  100. if(!$result) {
  101. C::t('common_invite')->update($invite['id'], array('fuid'=>$uid, 'fusername'=>$_G['username']));
  102. updatestat('invite');
  103. } else {
  104. $invite = array();
  105. }
  106. }
  107. if($invite['uid']) {
  108. require_once libfile('function/friend');
  109. friend_make($invite['uid'], $invite['username'], false);
  110. dsetcookie('invite_auth', '');
  111. if($invite['appid']) {
  112. updatestat('appinvite');
  113. }
  114. }
  115. $param = array(
  116. 'username' => $result['ucresult']['username'],
  117. 'usergroup' => $_G['group']['grouptitle'],
  118. 'uid' => $_G['member']['uid'],
  119. 'groupid' => $_G['groupid'],
  120. 'syn' => $ucsynlogin ? 1 : 0
  121. );
  122. $extra = array(
  123. 'showdialog' => true,
  124. 'locationtime' => true,
  125. 'extrajs' => $ucsynlogin
  126. );
  127. $loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed';
  128. $location = $invite || $_G['groupid'] == 8 ? 'home.php?mod=space&do=home' : dreferer();
  129. if(empty($_GET['handlekey']) || !empty($_GET['lssubmit'])) {
  130. if(defined('IN_MOBILE')) {
  131. showmessage('location_login_succeed_mobile', $location, array('username' => $result['ucresult']['username']), array('location' => true));
  132. } else {
  133. if(!empty($_GET['lssubmit'])) {
  134. if(!$ucsynlogin) {
  135. $extra['location'] = true;
  136. }
  137. showmessage($loginmessage, $location, $param, $extra);
  138. } else {
  139. $href = str_replace("'", "\'", $location);
  140. showmessage('location_login_succeed', $location, array(),
  141. array(
  142. 'showid' => 'succeedmessage',
  143. 'extrajs' => '<script type="text/javascript">'.
  144. 'setTimeout("window.location.href =\''.$href.'\';", 3000);'.
  145. '$(\'succeedmessage_href\').href = \''.$href.'\';'.
  146. '$(\'main_message\').style.display = \'none\';'.
  147. '$(\'main_succeed\').style.display = \'\';'.
  148. '$(\'succeedlocation\').innerHTML = \''.lang('message', $loginmessage, $param).'\';</script>'.$ucsynlogin,
  149. 'striptags' => false,
  150. 'showdialog' => true
  151. )
  152. );
  153. }
  154. }
  155. } else {
  156. showmessage($loginmessage, $location, $param, $extra);
  157. }
  158. } else {
  159. $password = preg_replace("/^(.{".round(strlen($_GET['password']) / 4)."})(.+?)(.{".round(strlen($_GET['password']) / 6)."})$/s", "\\1***\\3", $_GET['password']);
  160. $errorlog = dhtmlspecialchars(
  161. TIMESTAMP."\t".
  162. ($result['ucresult']['username'] ? $result['ucresult']['username'] : $_GET['username'])."\t".
  163. $password."\t".
  164. "Ques #".intval($_GET['questionid'])."\t".
  165. $_G['clientip']);
  166. writelog('illegallog', $errorlog);
  167. loginfailed($_GET['username']);
  168. $fmsg = $result['ucresult']['uid'] == '-3' ? (empty($_GET['questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid') : 'login_invalid';
  169. if($_G['member_loginperm'] > 1) {
  170. showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm'] - 1));
  171. } elseif($_G['member_loginperm'] == -1) {
  172. showmessage('login_password_invalid');
  173. } else {
  174. showmessage('login_strike');
  175. }
  176. }
  177. }
  178. }
  179. function on_logout() {
  180. global $_G;
  181. $ucsynlogout = $this->setting['allowsynlogin'] ? uc_user_synlogout() : '';
  182. if($_GET['formhash'] != $_G['formhash']) {
  183. showmessage('logout_succeed', dreferer(), array('formhash' => FORMHASH, 'ucsynlogout' => $ucsynlogout));
  184. }
  185. clearcookies();
  186. $_G['groupid'] = $_G['member']['groupid'] = 7;
  187. $_G['uid'] = $_G['member']['uid'] = 0;
  188. $_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
  189. $_G['setting']['styleid'] = $this->setting['styleid'];
  190. if(defined('IN_MOBILE')) {
  191. showmessage('location_logout_succeed_mobile', dreferer(), array('formhash' => FORMHASH));
  192. } else {
  193. showmessage('logout_succeed', dreferer(), array('formhash' => FORMHASH, 'ucsynlogout' => $ucsynlogout));
  194. }
  195. }
  196. }
  197. class register_ctl {
  198. var $showregisterform = 1;
  199. function register_ctl() {
  200. global $_G;
  201. if($_G['setting']['bbclosed']) {
  202. if(($_GET['action'] != 'activation' && !$_GET['activationauth']) || !$_G['setting']['closedallowactivation'] ) {
  203. showmessage('register_disable', NULL, array(), array('login' => 1));
  204. }
  205. }
  206. loadcache(array('modreasons', 'stamptypeid', 'fields_required', 'fields_optional', 'fields_register', 'ipctrl'));
  207. require_once libfile('function/misc');
  208. require_once libfile('function/profile');
  209. if(!function_exists('sendmail')) {
  210. include libfile('function/mail');
  211. }
  212. loaducenter();
  213. }
  214. function on_register() {
  215. global $_G;
  216. $_GET['username'] = $_GET[''.$this->setting['reginput']['username']];
  217. $_GET['password'] = $_GET[''.$this->setting['reginput']['password']];
  218. $_GET['password2'] = $_GET[''.$this->setting['reginput']['password2']];
  219. $_GET['email'] = $_GET[''.$this->setting['reginput']['email']];
  220. if($_G['uid']) {
  221. $ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
  222. $url_forward = dreferer();
  223. if(strpos($url_forward, $this->setting['regname']) !== false) {
  224. $url_forward = 'forum.php';
  225. }
  226. showmessage('login_succeed', $url_forward ? $url_forward : './', array('username' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['uid']), array('extrajs' => $ucsynlogin));
  227. } elseif(!$this->setting['regclosed'] && (!$this->setting['regstatus'] || !$this->setting['ucactivation'])) {
  228. if($_GET['action'] == 'activation' || $_GET['activationauth']) {
  229. if(!$this->setting['ucactivation'] && !$this->setting['closedallowactivation']) {
  230. showmessage('register_disable_activation');
  231. }
  232. } elseif(!$this->setting['regstatus']) {
  233. if($this->setting['regconnect']) {
  234. dheader('location:connect.php?mod=login&op=init&referer=forum.php&statfrom=login_simple');
  235. }
  236. showmessage(!$this->setting['regclosemessage'] ? 'register_disable' : str_replace(array("\r", "\n"), '', $this->setting['regclosemessage']));
  237. }
  238. }
  239. $bbrules = & $this->setting['bbrules'];
  240. $bbrulesforce = & $this->setting['bbrulesforce'];
  241. $bbrulestxt = & $this->setting['bbrulestxt'];
  242. $welcomemsg = & $this->setting['welcomemsg'];
  243. $welcomemsgtitle = & $this->setting['welcomemsgtitle'];
  244. $welcomemsgtxt = & $this->setting['welcomemsgtxt'];
  245. $regname = $this->setting['regname'];
  246. if($this->setting['regverify']) {
  247. if($this->setting['areaverifywhite']) {
  248. $location = $whitearea = '';
  249. $location = trim(convertip($_G['clientip'], "./"));
  250. if($location) {
  251. $whitearea = preg_quote(trim($this->setting['areaverifywhite']), '/');
  252. $whitearea = str_replace(array("\\*"), array('.*'), $whitearea);
  253. $whitearea = '.*'.$whitearea.'.*';
  254. $whitearea = '/^('.str_replace(array("\r\n", ' '), array('.*|.*', ''), $whitearea).')$/i';
  255. if(@preg_match($whitearea, $location)) {
  256. $this->setting['regverify'] = 0;
  257. }
  258. }
  259. }
  260. if($_G['cache']['ipctrl']['ipverifywhite']) {
  261. foreach(explode("\n", $_G['cache']['ipctrl']['ipverifywhite']) as $ctrlip) {
  262. if(preg_match("/^(".preg_quote(($ctrlip = trim($ctrlip)), '/').")/", $_G['clientip'])) {
  263. $this->setting['regverify'] = 0;
  264. break;
  265. }
  266. }
  267. }
  268. }
  269. $invitestatus = false;
  270. if($this->setting['regstatus'] == 2) {
  271. if($this->setting['inviteconfig']['inviteareawhite']) {
  272. $location = $whitearea = '';
  273. $location = trim(convertip($_G['clientip'], "./"));
  274. if($location) {
  275. $whitearea = preg_quote(trim($this->setting['inviteconfig']['inviteareawhite']), '/');
  276. $whitearea = str_replace(array("\\*"), array('.*'), $whitearea);
  277. $whitearea = '.*'.$whitearea.'.*';
  278. $whitearea = '/^('.str_replace(array("\r\n", ' '), array('.*|.*', ''), $whitearea).')$/i';
  279. if(@preg_match($whitearea, $location)) {
  280. $invitestatus = true;
  281. }
  282. }
  283. }
  284. if($this->setting['inviteconfig']['inviteipwhite']) {
  285. foreach(explode("\n", $this->setting['inviteconfig']['inviteipwhite']) as $ctrlip) {
  286. if(preg_match("/^(".preg_quote(($ctrlip = trim($ctrlip)), '/').")/", $_G['clientip'])) {
  287. $invitestatus = true;
  288. break;
  289. }
  290. }
  291. }
  292. }
  293. $groupinfo = array();
  294. if($this->setting['regverify']) {
  295. $groupinfo['groupid'] = 8;
  296. } else {
  297. $groupinfo['groupid'] = $this->setting['newusergroupid'];
  298. }
  299. $seccodecheck = $this->setting['seccodestatus'] & 1;
  300. $secqaacheck = $this->setting['secqaa']['status'] & 1;
  301. $fromuid = !empty($_G['cookie']['promotion']) && $this->setting['creditspolicy']['promotion_register'] ? intval($_G['cookie']['promotion']) : 0;
  302. $username = isset($_GET['username']) ? $_GET['username'] : '';
  303. $bbrulehash = $bbrules ? substr(md5(FORMHASH), 0, 8) : '';
  304. $auth = $_GET['auth'];
  305. if(!$invitestatus) {
  306. $invite = getinvite();
  307. }
  308. $sendurl = $this->setting['sendregisterurl'] ? true : false;
  309. if($sendurl) {
  310. if(!empty($_GET['hash'])) {
  311. $_GET['hash'] = preg_replace("/[^\[A-Za-z0-9_\]%]/", '', $_GET['hash']);
  312. $hash = explode("\t", authcode($_GET['hash'], 'DECODE', $_G['config']['security']['authkey']));
  313. if(is_array($hash) && isemail($hash[0]) && TIMESTAMP - $hash[1] < 259200) {
  314. $sendurl = false;
  315. }
  316. }
  317. }
  318. if(!submitcheck('regsubmit', 0, $seccodecheck, $secqaacheck)) {
  319. if($_GET['action'] == 'activation') {
  320. $auth = explode("\t", authcode($auth, 'DECODE'));
  321. if(FORMHASH != $auth[1]) {
  322. showmessage('register_activation_invalid', 'member.php?mod=logging&action=login');
  323. }
  324. $username = $auth[0];
  325. $activationauth = authcode("$auth[0]\t".FORMHASH, 'ENCODE');
  326. $sendurl = false;
  327. }
  328. if(!$sendurl) {
  329. if($fromuid) {
  330. $member = getuserbyuid($fromuid);
  331. if(!empty($member)) {
  332. $fromuser = dhtmlspecialchars($member['username']);
  333. } else {
  334. dsetcookie('promotion');
  335. }
  336. }
  337. if($_GET['action'] == 'activation') {
  338. $auth = dhtmlspecialchars($auth);
  339. }
  340. if($seccodecheck) {
  341. $seccode = random(6, 1);
  342. }
  343. $username = dhtmlspecialchars($username);
  344. $htmls = $settings = array();
  345. foreach($_G['cache']['fields_register'] as $field) {
  346. $fieldid = $field['fieldid'];
  347. $html = profile_setting($fieldid, array(), false, false, true);
  348. if($html) {
  349. $settings[$fieldid] = $_G['cache']['profilesetting'][$fieldid];
  350. $htmls[$fieldid] = $html;
  351. }
  352. }
  353. $navtitle = $this->setting['reglinkname'];
  354. if($this->extrafile && file_exists($this->extrafile)) {
  355. require_once $this->extrafile;
  356. }
  357. }
  358. $bbrulestxt = nl2br("\n$bbrulestxt\n\n");
  359. $dreferer = dreferer();
  360. include template($this->template);
  361. } else {
  362. $activationauth = array();
  363. if(isset($_GET['activationauth']) && $_GET['activationauth']) {
  364. $activationauth = explode("\t", authcode($_GET['activationauth'], 'DECODE'));
  365. if($activationauth[1] != FORMHASH) {
  366. showmessage('register_activation_invalid', 'member.php?mod=logging&action=login');
  367. }
  368. $sendurl = false;
  369. }
  370. if(!$activationauth && ($sendurl || !$_G['setting']['forgeemail'])) {
  371. checkemail($_GET['email']);
  372. }
  373. if($sendurl) {
  374. $hashstr = urlencode(authcode("$_GET[email]\t$_G[timestamp]", 'ENCODE', $_G['config']['security']['authkey']));
  375. $registerurl = "{$_G[siteurl]}member.php?mod=".$this->setting['regname']."&amp;hash={$hashstr}&amp;email={$_GET[email]}";
  376. $email_register_message = lang('email', 'email_register_message', array(
  377. 'bbname' => $this->setting['bbname'],
  378. 'siteurl' => $_G['siteurl'],
  379. 'url' => $registerurl
  380. ));
  381. if(!sendmail("$_GET[email] <$_GET[email]>", lang('email', 'email_register_subject'), $email_register_message)) {
  382. runlog('sendmail', "$_GET[email] sendmail failed.");
  383. }
  384. showmessage('register_email_send_succeed', dreferer(), array('bbname' => $this->setting['bbname']), array('showdialog' => false, 'msgtype' => 3, 'closetime' => 10));
  385. }
  386. $emailstatus = 0;
  387. if($this->setting['sendregisterurl'] && !$sendurl) {
  388. $_GET['email'] = strtolower($hash[0]);
  389. $this->setting['regverify'] = $this->setting['regverify'] == 1 ? 0 : $this->setting['regverify'];
  390. if(!$this->setting['regverify']) {
  391. $groupinfo['groupid'] = $this->setting['newusergroupid'];
  392. }
  393. $emailstatus = 1;
  394. }
  395. if($this->setting['regstatus'] == 2 && empty($invite) && !$invitestatus) {
  396. showmessage('not_open_registration_invite');
  397. }
  398. if($bbrules && $bbrulehash != $_POST['agreebbrule']) {
  399. showmessage('register_rules_agree');
  400. }
  401. $activation = array();
  402. if(isset($_GET['activationauth']) && $activationauth && is_array($activationauth)) {
  403. if($activationauth[1] == FORMHASH && !($activation = uc_get_user($activationauth[0]))) {
  404. showmessage('register_activation_invalid', 'member.php?mod=logging&action=login');
  405. }
  406. }
  407. if(!$activation) {
  408. $usernamelen = dstrlen($username);
  409. if($usernamelen < 3) {
  410. showmessage('profile_username_tooshort');
  411. } elseif($usernamelen > 15) {
  412. showmessage('profile_username_toolong');
  413. }
  414. if(uc_get_user(addslashes($username)) && !C::t('common_member')->fetch_uid_by_username($username) && !C::t('common_member_archive')->fetch_uid_by_username($username)) {
  415. if($_G['inajax']) {
  416. showmessage('profile_username_duplicate');
  417. } else {
  418. showmessage('register_activation_message', 'member.php?mod=logging&action=login', array('username' => $username));
  419. }
  420. }
  421. if($this->setting['pwlength']) {
  422. if(strlen($_GET['password']) < $this->setting['pwlength']) {
  423. showmessage('profile_password_tooshort', '', array('pwlength' => $this->setting['pwlength']));
  424. }
  425. }
  426. if($this->setting['strongpw']) {
  427. $strongpw_str = array();
  428. if(in_array(1, $this->setting['strongpw']) && !preg_match("/\d+/", $_GET['password'])) {
  429. $strongpw_str[] = lang('member/template', 'strongpw_1');
  430. }
  431. if(in_array(2, $this->setting['strongpw']) && !preg_match("/[a-z]+/", $_GET['password'])) {
  432. $strongpw_str[] = lang('member/template', 'strongpw_2');
  433. }
  434. if(in_array(3, $this->setting['strongpw']) && !preg_match("/[A-Z]+/", $_GET['password'])) {
  435. $strongpw_str[] = lang('member/template', 'strongpw_3');
  436. }
  437. if(in_array(4, $this->setting['strongpw']) && !preg_match("/[^a-zA-z0-9]+/", $_GET['password'])) {
  438. $strongpw_str[] = lang('member/template', 'strongpw_4');
  439. }
  440. if($strongpw_str) {
  441. showmessage(lang('member/template', 'password_weak').implode(',', $strongpw_str));
  442. }
  443. }
  444. $email = strtolower(trim($_GET['email']));
  445. if(empty($email) && $_G['setting']['forgeemail']) {
  446. $_GET['email'] = $email = strtolower(random(6)).'@'.$_SERVER['HTTP_HOST'];
  447. }
  448. if(empty($this->setting['ignorepassword'])) {
  449. if($_GET['password'] !== $_GET['password2']) {
  450. showmessage('profile_passwd_notmatch');
  451. }
  452. if(!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
  453. showmessage('profile_passwd_illegal');
  454. }
  455. $password = $_GET['password'];
  456. } else {
  457. $password = md5(random(10));
  458. }
  459. }
  460. $censorexp = '/^('.str_replace(array('\\*', "\r\n", ' '), array('.*', '|', ''), preg_quote(($this->setting['censoruser'] = trim($this->setting['censoruser'])), '/')).')$/i';
  461. if($this->setting['censoruser'] && @preg_match($censorexp, $username)) {
  462. showmessage('profile_username_protect');
  463. }
  464. if($this->setting['regverify'] == 2 && !trim($_GET['regmessage'])) {
  465. showmessage('profile_required_info_invalid');
  466. }
  467. if($_G['cache']['ipctrl']['ipregctrl']) {
  468. foreach(explode("\n", $_G['cache']['ipctrl']['ipregctrl']) as $ctrlip) {
  469. if(preg_match("/^(".preg_quote(($ctrlip = trim($ctrlip)), '/').")/", $_G['clientip'])) {
  470. $ctrlip = $ctrlip.'%';
  471. $this->setting['regctrl'] = $this->setting['ipregctrltime'];
  472. break;
  473. } else {
  474. $ctrlip = $_G['clientip'];
  475. }
  476. }
  477. } else {
  478. $ctrlip = $_G['clientip'];
  479. }
  480. if($this->setting['regctrl']) {
  481. if(C::t('common_regip')->count_by_ip_dateline($ctrlip, $_G['timestamp']-$this->setting['regctrl']*3600)) {
  482. showmessage('register_ctrl', NULL, array('regctrl' => $this->setting['regctrl']));
  483. }
  484. }
  485. $setregip = null;
  486. if($this->setting['regfloodctrl']) {
  487. $regip = C::t('common_regip')->fetch_by_ip_dateline($_G['clientip'], $_G['timestamp']-86400);
  488. if($regip) {
  489. if($regip['count'] >= $this->setting['regfloodctrl']) {
  490. showmessage('register_flood_ctrl', NULL, array('regfloodctrl' => $this->setting['regfloodctrl']));
  491. } else {
  492. $setregip = 1;
  493. }
  494. } else {
  495. $setregip = 2;
  496. }
  497. }
  498. $profile = $verifyarr = array();
  499. foreach($_G['cache']['fields_register'] as $field) {
  500. if(defined('IN_MOBILE')) {
  501. break;
  502. }
  503. $field_key = $field['fieldid'];
  504. $field_val = $_GET[''.$field_key];
  505. if($field['formtype'] == 'file' && !empty($_FILES[$field_key]) && $_FILES[$field_key]['error'] == 0) {
  506. $field_val = true;
  507. }
  508. if(!profile_check($field_key, $field_val)) {
  509. $showid = !in_array($field['fieldid'], array('birthyear', 'birthmonth')) ? $field['fieldid'] : 'birthday';
  510. showmessage($field['title'].lang('message', 'profile_illegal'), '', array(), array(
  511. 'showid' => 'chk_'.$showid,
  512. 'extrajs' => $field['title'].lang('message', 'profile_illegal').($field['formtype'] == 'text' ? '<script type="text/javascript">'.
  513. '$(\'registerform\').'.$field['fieldid'].'.className = \'px er\';'.
  514. '$(\'registerform\').'.$field['fieldid'].'.onblur = function () { if(this.value != \'\') {this.className = \'px\';$(\'chk_'.$showid.'\').innerHTML = \'\';}}'.
  515. '</script>' : '')
  516. ));
  517. }
  518. if($field['needverify']) {
  519. $verifyarr[$field_key] = $field_val;
  520. } else {
  521. $profile[$field_key] = $field_val;
  522. }
  523. }
  524. if(!$activation) {
  525. $uid = uc_user_register(addslashes($username), $password, $email, $questionid, $answer, $_G['clientip']);
  526. if($uid <= 0) {
  527. if($uid == -1) {
  528. showmessage('profile_username_illegal');
  529. } elseif($uid == -2) {
  530. showmessage('profile_username_protect');
  531. } elseif($uid == -3) {
  532. showmessage('profile_username_duplicate');
  533. } elseif($uid == -4) {
  534. showmessage('profile_email_illegal');
  535. } elseif($uid == -5) {
  536. showmessage('profile_email_domain_illegal');
  537. } elseif($uid == -6) {
  538. showmessage('profile_email_duplicate');
  539. } else {
  540. showmessage('undefined_action');
  541. }
  542. }
  543. } else {
  544. list($uid, $username, $email) = $activation;
  545. }
  546. $_G['username'] = $username;
  547. if(getuserbyuid($uid, 1)) {
  548. if(!$activation) {
  549. uc_user_delete($uid);
  550. }
  551. showmessage('profile_uid_duplicate', '', array('uid' => $uid));
  552. }
  553. $password = md5(random(10));
  554. $secques = $questionid > 0 ? random(8) : '';
  555. if(isset($_POST['birthmonth']) && isset($_POST['birthday'])) {
  556. $profile['constellation'] = get_constellation($_POST['birthmonth'], $_POST['birthday']);
  557. }
  558. if(isset($_POST['birthyear'])) {
  559. $profile['zodiac'] = get_zodiac($_POST['birthyear']);
  560. }
  561. if($_FILES) {
  562. $upload = new discuz_upload();
  563. foreach($_FILES as $key => $file) {
  564. $field_key = 'field_'.$key;
  565. if(!empty($_G['cache']['fields_register'][$field_key]) && $_G['cache']['fields_register'][$field_key]['formtype'] == 'file') {
  566. $upload->init($file, 'profile');
  567. $attach = $upload->attach;
  568. if(!$upload->error()) {
  569. $upload->save();
  570. if(!$upload->get_image_info($attach['target'])) {
  571. @unlink($attach['target']);
  572. continue;
  573. }
  574. $attach['attachment'] = dhtmlspecialchars(trim($attach['attachment']));
  575. if($_G['cache']['fields_register'][$field_key]['needverify']) {
  576. $verifyarr[$key] = $attach['attachment'];
  577. } else {
  578. $profile[$key] = $attach['attachment'];
  579. }
  580. }
  581. }
  582. }
  583. }
  584. if($setregip !== null) {
  585. if($setregip == 1) {
  586. C::t('common_regip')->update_count_by_ip($_G['clientip']);
  587. } else {
  588. C::t('common_regip')->insert(array('ip' => $_G['clientip'], 'count' => 1, 'dateline' => $_G['timestamp']));
  589. }
  590. }
  591. if($invite && $this->setting['inviteconfig']['invitegroupid']) {
  592. $groupinfo['groupid'] = $this->setting['inviteconfig']['invitegroupid'];
  593. }
  594. $init_arr = array('credits' => explode(',', $this->setting['initcredits']), 'profile'=>$profile, 'emailstatus' => $emailstatus);
  595. C::t('common_member')->insert($uid, $username, $password, $email, $_G['clientip'], $groupinfo['groupid'], $init_arr);
  596. if($emailstatus) {
  597. updatecreditbyaction('realemail', $uid);
  598. }
  599. if($verifyarr) {
  600. $setverify = array(
  601. 'uid' => $uid,
  602. 'username' => $username,
  603. 'verifytype' => '0',
  604. 'field' => serialize($verifyarr),
  605. 'dateline' => TIMESTAMP,
  606. );
  607. C::t('common_member_verify_info')->insert($setverify);
  608. C::t('common_member_verify')->insert(array('uid' => $uid));
  609. }
  610. require_once libfile('cache/userstats', 'function');
  611. build_cache_userstats();
  612. if($this->extrafile && file_exists($this->extrafile)) {
  613. require_once $this->extrafile;
  614. }
  615. if($this->setting['regctrl'] || $this->setting['regfloodctrl']) {
  616. C::t('common_regip')->delete_by_dateline($_G['timestamp']-($this->setting['regctrl'] > 72 ? $this->setting['regctrl'] : 72)*3600);
  617. if($this->setting['regctrl']) {
  618. C::t('common_regip')->insert(array('ip' => $_G['clientip'], 'count' => -1, 'dateline' => $_G['timestamp']));
  619. }
  620. }
  621. $regmessage = dhtmlspecialchars($_GET['regmessage']);
  622. if($this->setting['regverify'] == 2) {
  623. C::t('common_member_validate')->insert(array(
  624. 'uid' => $uid,
  625. 'submitdate' => $_G['timestamp'],
  626. 'moddate' => 0,
  627. 'admin' => '',
  628. 'submittimes' => 1,
  629. 'status' => 0,
  630. 'message' => $regmessage,
  631. 'remark' => '',
  632. ), false, true);
  633. manage_addnotify('verifyuser');
  634. }
  635. setloginstatus(array(
  636. 'uid' => $uid,
  637. 'username' => $_G['username'],
  638. 'password' => $password,
  639. 'groupid' => $groupinfo['groupid'],
  640. ), 0);
  641. include_once libfile('function/stat');
  642. updatestat('register');
  643. if($invite['id']) {
  644. $result = C::t('common_invite')->count_by_uid_fuid($invite['uid'], $uid);
  645. if(!$result) {
  646. C::t('common_invite')->update($invite['id'], array('fuid'=>$uid, 'fusername'=>$_G['username'], 'regdateline' => $_G['timestamp'], 'status' => 2));
  647. updatestat('invite');
  648. } else {
  649. $invite = array();
  650. }
  651. }
  652. if($invite['uid']) {
  653. if($this->setting['inviteconfig']['inviteaddcredit']) {
  654. updatemembercount($uid, array($this->setting['inviteconfig']['inviterewardcredit'] => $this->setting['inviteconfig']['inviteaddcredit']));
  655. }
  656. if($this->setting['inviteconfig']['invitedaddcredit']) {
  657. updatemembercount($invite['uid'], array($this->setting['inviteconfig']['inviterewardcredit'] => $this->setting['inviteconfig']['invitedaddcredit']));
  658. }
  659. require_once libfile('function/friend');
  660. friend_make($invite['uid'], $invite['username'], false);
  661. notification_add($invite['uid'], 'friend', 'invite_friend', array('actor' => '<a href="home.php?mod=space&uid='.$invite['uid'].'" target="_blank">'.$invite['username'].'</a>'), 1);
  662. space_merge($invite, 'field_home');
  663. if(!empty($invite['privacy']['feed']['invite'])) {
  664. require_once libfile('function/feed');
  665. $tite_data = array('username' => '<a href="home.php?mod=space&uid='.$_G['uid'].'">'.$_G['username'].'</a>');
  666. feed_add('friend', 'feed_invite', $tite_data, '', array(), '', array(), array(), '', '', '', 0, 0, '', $invite['uid'], $invite['username']);
  667. }
  668. if($invite['appid']) {
  669. updatestat('appinvite');
  670. }
  671. }
  672. if($welcomemsg && !empty($welcomemsgtxt)) {
  673. $welcomemsgtitle = replacesitevar($welcomemsgtitle);
  674. $welcomemsgtxt = replacesitevar($welcomemsgtxt);
  675. if($welcomemsg == 1) {
  676. $welcomemsgtxt = nl2br(str_replace(':', '&#58;', $welcomemsgtxt));
  677. notification_add($uid, 'system', $welcomemsgtxt, array('from_id' => 0, 'from_idtype' => 'welcomemsg'), 1);
  678. } elseif($welcomemsg == 2) {
  679. sendmail_cron($email, $welcomemsgtitle, $welcomemsgtxt);
  680. } elseif($welcomemsg == 3) {
  681. sendmail_cron($email, $welcomemsgtitle, $welcomemsgtxt);
  682. $welcomemsgtxt = nl2br(str_replace(':', '&#58;', $welcomemsgtxt));
  683. notification_add($uid, 'system', $welcomemsgtxt, array('from_id' => 0, 'from_idtype' => 'welcomemsg'), 1);
  684. }
  685. }
  686. if($fromuid) {
  687. updatecreditbyaction('promotion_register', $fromuid);
  688. dsetcookie('promotion', '');
  689. }
  690. dsetcookie('loginuser', '');
  691. dsetcookie('activationauth', '');
  692. dsetcookie('invite_auth', '');
  693. $url_forward = dreferer();
  694. $refreshtime = 3000;
  695. switch($this->setting['regverify']) {
  696. case 1:
  697. $idstring = random(6);
  698. $authstr = $this->setting['regverify'] == 1 ? "$_G[timestamp]\t2\t$idstring" : '';
  699. C::t('common_member_field_forum')->update($_G['uid'], array('authstr' => $authstr));
  700. $verifyurl = "{$_G[siteurl]}member.php?mod=activate&amp;uid={$_G[uid]}&amp;id=$idstring";
  701. $email_verify_message = lang('email', 'email_verify_message', array(
  702. 'username' => $_G['member']['username'],
  703. 'bbname' => $this->setting['bbname'],
  704. 'siteurl' => $_G['siteurl'],
  705. 'url' => $verifyurl
  706. ));
  707. if(!sendmail("$username <$email>", lang('email', 'email_verify_subject'), $email_verify_message)) {
  708. runlog('sendmail', "$email sendmail failed.");
  709. }
  710. $message = 'register_email_verify';
  711. $locationmessage = 'register_email_verify_location';
  712. $refreshtime = 10000;
  713. break;
  714. case 2:
  715. $message = 'register_manual_verify';
  716. $locationmessage = 'register_manual_verify_location';
  717. break;
  718. default:
  719. $message = 'register_succeed';
  720. $locationmessage = 'register_succeed_location';
  721. break;
  722. }
  723. $param = array('bbname' => $this->setting['bbname'], 'username' => $_G['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['uid']);
  724. if(strpos($url_forward, $this->setting['regname']) !== false || strpos($url_forward, 'buyinvitecode') !== false) {
  725. $url_forward = 'forum.php';
  726. }
  727. $href = str_replace("'", "\'", $url_forward);
  728. $extra = array(
  729. 'showid' => 'succeedmessage',
  730. 'extrajs' => '<script type="text/javascript">'.
  731. 'setTimeout("window.location.href =\''.$href.'\';", '.$refreshtime.');'.
  732. '$(\'succeedmessage_href\').href = \''.$href.'\';'.
  733. '$(\'main_message\').style.display = \'none\';'.
  734. '$(\'main_succeed\').style.display = \'\';'.
  735. '$(\'succeedlocation\').innerHTML = \''.lang('message', $locationmessage).'\';'.
  736. '</script>',
  737. 'striptags' => false,
  738. );
  739. showmessage($message, $url_forward, $param, $extra);
  740. }
  741. }
  742. }
  743. class crime_action_ctl {
  744. static $actions = array('all', 'crime_delpost', 'crime_warnpost', 'crime_banpost', 'crime_banspeak', 'crime_banvisit', 'crime_banstatus', 'crime_avatar', 'crime_sightml', 'crime_customstatus');
  745. function crime_action_ctl() {}
  746. function &instance() {
  747. static $object;
  748. if(empty($object)) {
  749. $object = new crime_action_ctl();
  750. }
  751. return $object;
  752. }
  753. function recordaction($uid, $action, $reason) {
  754. global $_G;
  755. $uid = intval($uid);
  756. $key = array_search($action, self::$actions);
  757. if($key === FALSE) {
  758. return false;
  759. }
  760. $insert = array(
  761. 'uid' => $uid,
  762. 'operatorid' => $_G['uid'],
  763. 'operator' => $_G['username'],
  764. 'action' => $key,
  765. 'reason' => $reason,
  766. 'dateline' => $_G['timestamp']
  767. );
  768. C::t('common_member_crime')->insert($insert);
  769. return true;
  770. }
  771. function getactionlist($uid) {
  772. $uid = intval($uid);
  773. $clist = array();
  774. foreach(C::t('common_member_crime')->fetch_all_by_uid($uid) as $c) {
  775. $c['action'] = self::$actions[$c['action']];
  776. $clist[] = $c;
  777. }
  778. return $clist;
  779. }
  780. function getcount($uid, $action) {
  781. $uid = intval($uid);
  782. $key = array_search($action, self::$actions);
  783. if($key === FALSE) {
  784. return 0;
  785. }
  786. return C::t('common_member_crime')->count_by_uid_action($uid, $key);
  787. }
  788. function search($action, $username, $operator, $startime, $endtime, $reason, $start, $limit) {
  789. $action = intval($action);
  790. $operator = daddslashes(trim($operator));
  791. $starttime = $starttime ? strtotime($starttime) : 0;
  792. $endtime = $endtime ? (strtotime($endtime) + 3600 * 24) : 0;
  793. $reason = daddslashes(trim($reason));
  794. $start = intval($start);
  795. $limit = intval($limit);
  796. if(!empty($username)) {
  797. $uid = C::t('common_member')->fetch_uid_by_username($username);
  798. $wheresql[] = "uid='$uid'";
  799. }
  800. if($action) {
  801. $wheresql[] = "action='$action'";
  802. }
  803. if($operator) {
  804. $wheresql[] = "operator='$operator'";
  805. }
  806. if($starttime) {
  807. $wheresql[] = "dateline>='$starttime'";
  808. }
  809. if($endtime) {
  810. $wheresql[] = "dateline<='$endtime'";
  811. }
  812. if($reason) {
  813. $wheresql[] = "reason LIKE '%$reason%'";
  814. }
  815. if($wheresql) {
  816. $wheresql = 'WHERE '.implode(' AND ', $wheresql);
  817. } else {
  818. $wheresql = '';
  819. }
  820. $clist = array();
  821. $count = C::t('common_member_crime')->count_by_where($wheresql);
  822. if($count) {
  823. $uids = array();
  824. foreach(C::t('common_member_crime')->fetch_all_by_where($wheresql, $start, $limit) as $crime) {
  825. $crime['action'] = self::$actions[$crime['action']];
  826. $clist[] = $crime;
  827. $uids[$crime['uid']] = $crime['uid'];
  828. }
  829. $members = C::t('common_member')->fetch_all($uids, false, 0);
  830. foreach($clist as $key => $crime) {
  831. $crime['username'] = $members[$crime['uid']]['username'];
  832. $clist[$key] = $crime;
  833. }
  834. }
  835. return array($count, $clist);
  836. }
  837. }
  838. ?>