| commit | author | age | ||
| 3e083b | 1 | <? |
| B | 2 | define('IN_ECS', true); |
| 3 | define('CHARSET','utf-8'); | |
| 4 | ||
| 5 | require(dirname(__FILE__) . '/includes/init.php'); | |
| 6 | require_once(ROOT_PATH . 'languages/' .$_CFG['lang']. '/user.php'); | |
| 7 | require_once(ROOT_PATH .'includes/lib_passport.php'); | |
| 8 | require_once(ROOT_PATH .'includes/lib_code.php'); | |
| 9 | ||
| 10 | if(empty($_GET['token']) && empty($_POST)){ | |
| 11 | show_message('您无权使用本功能',$_LANG['profile_lnk'], 'user.php', 'error',false); | |
| 12 | } | |
| 13 | ||
| 14 | if(!empty($_GET['token'])){ | |
| 15 | $userinfo = file_get_contents('http://open.denglu.cc/api/v2/user_info?token='.$_GET['token']); | |
| 16 | !$userinfo && show_message('网络连接失败!请查看php配置allow_url_fopen是否开启'); | |
| 17 | strpos($userinfo,'error') && show_message('网络连接错误!请联系相关技术人员'); | |
| 18 | } | |
| 19 | ||
| 20 | $userinfo = empty($_POST['userbak']) ? $userinfo : decrypt($_POST['userbak']); | |
| 21 | $userbak = encrypt($userinfo); | |
| 22 | $userinfo = json_decode($userinfo,1); | |
| 23 | $guestexp = '\xA1\xA1|\xAC\xA3|^Guest|^\xD3\xCE\xBF\xCD|\xB9\x43\xAB\xC8'; | |
| 24 | $sdf = preg_replace("/\s+|^c:\\con|[%,\*\"\s\<\>\&]|$guestexp/is", '', $userinfo['screenName']);//过滤非法字符 | |
| 25 | $sdf = dlcutstr($sdf,15); | |
| 26 | $sdf = empty($_POST['username'])? $sdf : trim($_POST['username']); | |
| 27 | $gender = $userinfo['gender']; | |
| 28 | $mediaUID = $userinfo['mediaUserID']; | |
| 29 | $password = substr(md5($mediaUID),0,10); | |
| 30 | $loginfield = 'username'; | |
| 31 | $email = substr(md5(time()),-10).'@example.com'; | |
| 32 | ||
| 33 | $other = array('sex'=>$gender,'mediaUID'=>$mediaUID,'mediaID'=>$userinfo['mediaID']); | |
| 34 | ||
| 35 | //判断用户是否已同步, | |
| 36 | $result = $db->getRow("select * from {$ecs->table($user->user_table)} where mediaUID='$mediaUID' and mediaID={$userinfo['mediaID']}"); | |
| 37 | if($result){//已同步 | |
| 38 | $sdf = $result['user_name']; | |
| 39 | $password = $result['password']; | |
| 40 | ||
| 41 | //设置成登录状态 | |
| 42 | $GLOBALS['user']->set_session($sdf); | |
| 43 | $GLOBALS['user']->set_cookie($sdf); | |
| 44 | update_user_info(); | |
| 45 | recalculate_price(); | |
| 46 | ||
| 47 | $ucdata = isset($user->ucdata)? $user->ucdata : ''; | |
| 48 | show_message($_LANG['login_success'] . $ucdata , array($_LANG['back_up_page'], $_LANG['back_home']), array('index.php','user.php'), 'info'); | |
| 49 | ||
| 50 | } | |
| 51 | ||
| 52 | if (register2($sdf, $password, $email, $userbak, $other) !== false) | |
| 53 | { | |
| 54 | /*把新注册用户的扩展信息插入数据库*/ | |
| 55 | $sql = 'SELECT id FROM ' . $ecs->table('reg_fields') . ' WHERE type = 0 AND display = 1 ORDER BY dis_order, id'; //读出所有自定义扩展字段的id | |
| 56 | $fields_arr = $db->getAll($sql); | |
| 57 | ||
| 58 | $extend_field_str = ''; //生成扩展字段的内容字符串 | |
| 59 | foreach ($fields_arr AS $val) | |
| 60 | { | |
| 61 | $extend_field_index = 'extend_field' . $val['id']; | |
| 62 | if(!empty($_POST[$extend_field_index])) | |
| 63 | { | |
| 64 | $temp_field_content = strlen($_POST[$extend_field_index]) > 100 ? mb_substr($_POST[$extend_field_index], 0, 99) : $_POST[$extend_field_index]; | |
| 65 | $extend_field_str .= " ('" . $_SESSION['user_id'] . "', '" . $val['id'] . "', '" . $temp_field_content . "'),"; | |
| 66 | } | |
| 67 | } | |
| 68 | $extend_field_str = substr($extend_field_str, 0, -1); | |
| 69 | ||
| 70 | if ($extend_field_str) //插入注册扩展数据 | |
| 71 | { | |
| 72 | $sql = 'INSERT INTO '. $ecs->table('reg_extend_info') . ' (`user_id`, `reg_field_id`, `content`) VALUES' . $extend_field_str; | |
| 73 | $db->query($sql); | |
| 74 | } | |
| 75 | ||
| 76 | /* 写入密码提示问题和答案 */ | |
| 77 | if (!empty($passwd_answer) && !empty($sel_question)) | |
| 78 | { | |
| 79 | $sql = 'UPDATE ' . $ecs->table('users') . " SET `passwd_question`='$sel_question', `passwd_answer`='$passwd_answer' WHERE `user_id`='" . $_SESSION['user_id'] . "'"; | |
| 80 | $db->query($sql); | |
| 81 | } | |
| 82 | ||
| 83 | $ucdata = empty($user->ucdata)? "" : $user->ucdata; | |
| 84 | ||
| 85 | if(strpos($email,'@example.com')) | |
| 86 | { | |
| 87 | show_message('注册成功,为不影响正常使用本系统,请及时修改Email地址', $_LANG['profile_lnk'], 'user.php?act=profile', 'info',false); | |
| 88 | } | |
| 89 | show_message(sprintf($_LANG['register_success'], $sdf . $ucdata), array($_LANG['back_home'], $_LANG['profile_lnk']), array('index.php', 'user.php'), 'info'); | |
| 90 | } | |
| 91 | else | |
| 92 | { | |
| 93 | $err->show($_LANG['sign_up'], 'user.php?act=register'); | |
| 94 | } | |
| 95 | ||
| 96 | ||
| 97 | //无乱码截取中文 | |
| 98 | function dlcutstr($string, $length, $dot = '') { | |
| 99 | if(strlen($string) <= $length) { | |
| 100 | return $string; | |
| 101 | } | |
| 102 | ||
| 103 | $pre = chr(1); | |
| 104 | $end = chr(1); | |
| 105 | $string = str_replace(array('&', '"', '<', '>'), array($pre.'&'.$end, $pre.'"'.$end, $pre.'<'.$end, $pre.'>'.$end), $string); | |
| 106 | ||
| 107 | $strcut = ''; | |
| 108 | if(strtolower(CHARSET) == 'utf-8') { | |
| 109 | ||
| 110 | $n = $tn = $noc = 0; | |
| 111 | while($n < strlen($string)) { | |
| 112 | ||
| 113 | $t = ord($string[$n]); | |
| 114 | if($t == 9 || $t == 10 || (32 <= $t && $t <= 126)) { | |
| 115 | $tn = 1; $n++; $noc++; | |
| 116 | } elseif(128 <= $t && $t <= 250) { | |
| 117 | $tn = 3; $n += 3; $noc += 3; | |
| 118 | } else { | |
| 119 | $n++; | |
| 120 | } | |
| 121 | ||
| 122 | if($noc >= $length) { | |
| 123 | break; | |
| 124 | } | |
| 125 | ||
| 126 | } | |
| 127 | if($noc > $length) { | |
| 128 | $n -= $tn; | |
| 129 | } | |
| 130 | ||
| 131 | $strcut = substr($string, 0, $n); | |
| 132 | ||
| 133 | } else { | |
| 134 | for($i = 0; $i < $length; $i++) { | |
| 135 | $strcut .= ord($string[$i]) > 127 ? $string[$i].$string[++$i] : $string[$i]; | |
| 136 | } | |
| 137 | } | |
| 138 | ||
| 139 | $strcut = str_replace(array($pre.'&'.$end, $pre.'"'.$end, $pre.'<'.$end, $pre.'>'.$end), array('&', '"', '<', '>'), $strcut); | |
| 140 | ||
| 141 | $pos = strrpos($strcut, chr(1)); | |
| 142 | if($pos !== false) { | |
| 143 | $strcut = substr($strcut,0,$pos); | |
| 144 | } | |
| 145 | return $strcut.$dot; | |
| 146 | } | |
| 147 | ||
| 148 | /** | |
| 149 | * 用户注册,登录函数 | |
| 150 | * | |
| 151 | * @access public | |
| 152 | * @param string $username 注册用户名 | |
| 153 | * @param string $password 用户密码 | |
| 154 | * @param string $email 注册email | |
| 155 | * @param array $other 注册的其他信息 | |
| 156 | * | |
| 157 | * @return bool $bool | |
| 158 | */ | |
| 159 | function register2($username, $password, $email, $userbak, $other = array()) | |
| 160 | { | |
| 161 | /* 检查username */ | |
| 162 | if (empty($username)) | |
| 163 | { | |
| 164 | $GLOBALS['err']->add($GLOBALS['_LANG']['username_empty']); | |
| 165 | } | |
| 166 | else | |
| 167 | { | |
| 168 | if (preg_match('/\'\/^\\s*$|^c:\\\\con\\\\con$|[%,\\*\\"\\s\\t\\<\\>\\&\'\\\\]/', $username)) | |
| 169 | { | |
| 170 | show_message('用户名含有敏感字符,请重新指定'.denglu_form($username,$userbak)); | |
| 171 | } | |
| 172 | } | |
| 173 | /* 检查是否和管理员重名 */ | |
| 174 | if (admin_registered($username)) | |
| 175 | { | |
| 176 | show_message('抱歉!用户名与管理员重名,请重新指定'.denglu_form($username,$userbak)); | |
| 177 | } | |
| 178 | ||
| 179 | if (!$GLOBALS['user']->add_user($username, $password, $email)) | |
| 180 | { | |
| 181 | if ($GLOBALS['user']->error == ERR_INVALID_USERNAME) | |
| 182 | { | |
| 183 | show_message('抱歉!用户名含有敏感字符'.denglu_form($username,$userbak)); | |
| 184 | } | |
| 185 | elseif ($GLOBALS['user']->error == ERR_USERNAME_NOT_ALLOW) | |
| 186 | { | |
| 187 | show_message('抱歉!含有被系统禁用的字符'.denglu_form($username,$userbak)); | |
| 188 | } | |
| 189 | elseif ($GLOBALS['user']->error == ERR_USERNAME_EXISTS) | |
| 190 | { | |
| 191 | show_message('抱歉!用户名已被占用,请重新指定'.denglu_form($username,$userbak)); | |
| 192 | } | |
| 193 | elseif ($GLOBALS['user']->error == ERR_INVALID_EMAIL) | |
| 194 | { | |
| 195 | $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['email_invalid'], $email)); | |
| 196 | } | |
| 197 | elseif ($GLOBALS['user']->error == ERR_EMAIL_NOT_ALLOW) | |
| 198 | { | |
| 199 | $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['email_not_allow'], $email)); | |
| 200 | } | |
| 201 | elseif ($GLOBALS['user']->error == ERR_EMAIL_EXISTS) | |
| 202 | { | |
| 203 | $GLOBALS['err']->add(sprintf($GLOBALS['_LANG']['email_exist'], $email)); | |
| 204 | } | |
| 205 | else | |
| 206 | { | |
| 207 | $GLOBALS['err']->add('UNKNOWN ERROR!'); | |
| 208 | } | |
| 209 | ||
| 210 | //注册失败 | |
| 211 | return false; | |
| 212 | } | |
| 213 | else | |
| 214 | { | |
| 215 | //注册成功 | |
| 216 | ||
| 217 | /* 设置成登录状态 */ | |
| 218 | $GLOBALS['user']->set_session($username); | |
| 219 | $GLOBALS['user']->set_cookie($username); | |
| 220 | ||
| 221 | /* 注册送积分 */ | |
| 222 | if (!empty($GLOBALS['_CFG']['register_points'])) | |
| 223 | { | |
| 224 | log_account_change($_SESSION['user_id'], 0, 0, $GLOBALS['_CFG']['register_points'], $GLOBALS['_CFG']['register_points'], $GLOBALS['_LANG']['register_points']); | |
| 225 | } | |
| 226 | ||
| 227 | /*推荐处理*/ | |
| 228 | $affiliate = unserialize($GLOBALS['_CFG']['affiliate']); | |
| 229 | if (isset($affiliate['on']) && $affiliate['on'] == 1) | |
| 230 | { | |
| 231 | // 推荐开关开启 | |
| 232 | $up_uid = get_affiliate(); | |
| 233 | empty($affiliate) && $affiliate = array(); | |
| 234 | $affiliate['config']['level_register_all'] = intval($affiliate['config']['level_register_all']); | |
| 235 | $affiliate['config']['level_register_up'] = intval($affiliate['config']['level_register_up']); | |
| 236 | if ($up_uid) | |
| 237 | { | |
| 238 | if (!empty($affiliate['config']['level_register_all'])) | |
| 239 | { | |
| 240 | if (!empty($affiliate['config']['level_register_up'])) | |
| 241 | { | |
| 242 | $rank_points = $GLOBALS['db']->getOne("SELECT rank_points FROM " . $GLOBALS['ecs']->table('users') . " WHERE user_id = '$up_uid'"); | |
| 243 | if ($rank_points + $affiliate['config']['level_register_all'] <= $affiliate['config']['level_register_up']) | |
| 244 | { | |
| 245 | log_account_change($up_uid, 0, 0, $affiliate['config']['level_register_all'], 0, sprintf($GLOBALS['_LANG']['register_affiliate'], $_SESSION['user_id'], $username)); | |
| 246 | } | |
| 247 | } | |
| 248 | else | |
| 249 | { | |
| 250 | log_account_change($up_uid, 0, 0, $affiliate['config']['level_register_all'], 0, $GLOBALS['_LANG']['register_affiliate']); | |
| 251 | } | |
| 252 | } | |
| 253 | ||
| 254 | //设置推荐人 | |
| 255 | $sql = 'UPDATE '. $GLOBALS['ecs']->table('users') . ' SET parent_id = ' . $up_uid . ' WHERE user_id = ' . $_SESSION['user_id']; | |
| 256 | ||
| 257 | $GLOBALS['db']->query($sql); | |
| 258 | } | |
| 259 | } | |
| 260 | ||
| 261 | //定义other合法的变量数组 | |
| 262 | $other_key_array = array('msn', 'qq', 'office_phone', 'home_phone', 'mobile_phone', 'mediaUID', 'sex', 'reg_time','mediaID'); | |
| 263 | if ($other) | |
| 264 | { | |
| 265 | foreach ($other as $key=>$val) | |
| 266 | { | |
| 267 | //删除非法key值 | |
| 268 | if (!in_array($key, $other_key_array)) | |
| 269 | { | |
| 270 | unset($other[$key]); | |
| 271 | } | |
| 272 | else | |
| 273 | { | |
| 274 | $other[$key] = htmlspecialchars(trim($val)); //防止用户输入javascript代码 | |
| 275 | } | |
| 276 | } | |
| 277 | } | |
| 278 | $GLOBALS['db']->autoExecute($GLOBALS['ecs']->table('users'), $other, 'UPDATE', 'user_id = ' . $_SESSION['user_id']); | |
| 279 | ||
| 280 | update_user_info(); // 更新用户信息 | |
| 281 | recalculate_price(); // 重新计算购物车中的商品价格 | |
| 282 | ||
| 283 | return true; | |
| 284 | } | |
| 285 | } | |
| 286 | function denglu_form($username,$userbak){ | |
| 287 | return '<br><br><form action="denglu.php" method="post"><input type=text name="username" value="'.$username.'"><input type=submit name=a value="确定"><input name=userbak type=hidden value="'.$userbak.'"></form>'; | |
| 288 | } | |
| 289 | ||
| 290 | ||
| 291 | ?> | |
