php/iem_shop.git

wangtengyu

2018-12-07 f459412e0dac4ed94106da043b4c6f8576bfe496

commit \| author \| age
3e083b	1	<?php
B	2
	3	/**
	4	* 找回密码
	5	*/
	6	define('IN_ECS', true);
	7
	8	require (dirname(__FILE__) . '/includes/init.php');
	9	/* 载入语言文件 */
	10	require_once (ROOT_PATH . 'languages/' . $_CFG['lang'] . '/user.php');
	11
	12	$ui_arr = array();
	13
	14	$ui_arr[] = 'default';
	15
	16	$affiliate = unserialize($GLOBALS['_CFG']['affiliate']);
	17	$smarty->assign('affiliate', $affiliate);
	18	$back_act = '';
	19
	20	$action = isset($_REQUEST['act']) ? trim($_REQUEST['act']) : 'default';
	21
	22	/* 如果是显示页面，对页面进行相应赋值 */
	23	if(in_array($action, $ui_arr) \|\| true)
	24	{
	25	assign_template();
	26	$position = assign_ur_here(0, $_LANG['user_center']);
	27	$smarty->assign('page_title', $position['title']); // 页面标题
	28	$smarty->assign('ur_here', $position['ur_here']);
	29	$sql = "SELECT value FROM " . $ecs->table('shop_config') . " WHERE id = 419";
	30	$row = $db->getRow($sql);
	31	$car_off = $row['value'];
	32	$smarty->assign('car_off', $car_off);
	33	/* 是否显示积分兑换 */
	34	if(! empty($_CFG['points_rule']) && unserialize($_CFG['points_rule']))
	35	{
	36	$smarty->assign('show_transform_points', 1);
	37	}
	38	$smarty->assign('helps', get_shop_help()); // 网店帮助
	39	$smarty->assign('data_dir', DATA_DIR); // 数据目录
	40	$smarty->assign('action', $action);
	41	$smarty->assign('lang', $_LANG);
	42	}
	43
	44	$function_name = 'action_' . $action;
	45
	46	if(! function_exists($function_name))
	47	{
	48	$function_name = "action_default";
	49	}
	50
	51	call_user_func($function_name);
	52
	53	return;
	54
	55	/**
	56	* 找回密码首页
	57	*/
	58	function action_default ()
	59	{
	60	$smarty = $GLOBALS['smarty'];
	61	$db = $GLOBALS['db'];
	62	$ecs = $GLOBALS['ecs'];
	63
	64	$smarty->assign("action", "step_1");
	65	$smarty->display('user_findPwd.dwt');
	66	}
	67
	68	/**
	69	* 找回密码第一步：验证用户名/邮箱/已验证手机号
	70	*/
	71	function action_check_username ()
	72	{
	73
	74	// 获取全局变量
	75	$_LANG = $GLOBALS['_LANG'];
	76	$smarty = $GLOBALS['smarty'];
	77	$db = $GLOBALS['db'];
	78	$ecs = $GLOBALS['ecs'];
	79
	80	$username = empty($_POST['u_name']) ? '' : $_POST['u_name'];
	81
	82	$user_id = null;
	83
	84	if(empty($username))
	85	{
	86	show_message('请输入用户名/邮箱/已验证的手机号！', '返回', 'findPwd.php?act=index', 'info');
	87	}
	88
	89	// 处理验证码
	90	$captcha = intval($_CFG['captcha']);
	91	if(($captcha & CAPTCHA_LOGIN) && (! ($captcha & CAPTCHA_LOGIN_FAIL) \|\| (($captcha & CAPTCHA_LOGIN_FAIL) && $_SESSION['login_fail'] > 2)) && gd_version() > 0)
	92	{
	93	if(empty($_POST['captcha']))
	94	{
	95	show_message($_LANG['invalid_captcha'], $_LANG['relogin_lnk'], 'findPwd.php', 'error');
	96	}
	97
	98	/* 检查验证码 */
	99	include_once ('includes/cls_captcha.php');
	100
	101	$validator = new captcha();
	102	$validator->session_word = 'captcha_login';
	103	if(! $validator->check_word($_POST['captcha']))
	104	{
	105	show_message($_LANG['invalid_captcha'], $_LANG['relogin_lnk'], 'findPwd.php', 'error');
	106	}
	107	}
	108
	109	$username_exist = false;
	110
	111	$sql = "select user_id from " . $ecs->table('users') . " where user_name = '" . $username . "'";
	112	$user_id = $db->getOne($sql);
	113
	114	if($user_id)
	115	{
	116	// 用户名存在
	117	$username_exist = true;
	118	}
	119
	120	// 判断是否诶邮箱
	121	if(is_email($username) && ! $username_exist)
	122	{
	123	$sql = "select user_id from " . $ecs->table('users') . " where email='" . $username . "' ";
	124	$user_id = $db->getOne($sql);
	125	if($user_id)
	126	{
	127	// 用户名存在
	128	$username_exist = true;
	129	}
	130	}
	131
	132	// 判断是否为手机号
	133	if(is_mobile_phone($username) && ! $username_exist)
	134	{
	135	$sql = "select user_id from " . $ecs->table('users') . " where mobile_phone='" . $username . "'";
	136	$rows = $db->query($sql);
	137
	138	$index = 0;
	139	while($row = $db->fetchRow($rows))
	140	{
	141	$user_id = $row['user_id'];
	142	$index = $index + 1;
	143	}
	144	if($index > 1)
	145	{
	146	show_message('本网站有多个会员ID绑定了和您相同的手机号，请使用其他登录方式，如：邮箱或用户名。', $_LANG['relogin_lnk'], 'findPwd.php', 'error');
	147	}
	148	else if($index == 1)
	149	{
	150	if($user_id)
	151	{
	152	// 用户名存在
	153	$username_exist = true;
	154	}
	155	}
	156	}
	157
	158	// 检查用户名是否存在
	159	if(! $username_exist)
	160	{
	161	show_message('您输入的账户名不存在，请核对后重新输入。', $_LANG['relogin_lnk'], 'findPwd.php', 'error');
	162	}
	163
	164	// 获取用户信息，判断用户是否验证了手机、邮箱
	165	// $sql = "select user_id, user_name, email, mobile_phone from " . $ecs->table('users') . " where user_id = '" . $user_id . "'";
	166	// $row = $db->getRow($sql);
	167
	168	$user = $GLOBALS['user'];
	169
	170	$user_info = $user->get_profile_by_id($user_id);
	171
	172	if($user_info == false)
	173	{
	174	show_message('您输入的账户名不存在，请核对后重新输入。', $_LANG['relogin_lnk'], 'findPwd.php', 'error');
	175	}
	176
	177	$user_id = $user_info['user_id'];
	178	$user_name = $user_info['user_name'];
	179	$email = $user_info['email'];
	180	$mobile_phone = $user_info['mobile_phone'];
	181	$email_validate = $user_info['email_validated'];
	182	$mobile_validate = $user_info['mobile_validated'];
	183
	184	$validate_types = array();
	185
	186	if(isset($mobile_phone) && ! empty($mobile_phone) && $mobile_validate == 1)
	187	{
	188	// 处理手机号，不让前台显示
	189	$mobile_phone_encrypt = encrypt_mobile($mobile_phone);
	190
	191	$validate_types[] = array(
	192	'type' => 'mobile_phone', 'name' => '已验证的手机号码', 'value' => $mobile_phone_encrypt
	193	);
	194	}
	195	if(isset($email) && ! empty($email) && $email_validate == 1)
	196	{
	197	// 处理邮箱，不让前台显示
	198	$email_encrypt = encrypt_email($email);
	199
	200	$validate_types[] = array(
	201	'type' => 'email', 'name' => '已验证的邮箱', 'value' => $email_encrypt
	202	);
	203	}
	204
	205	if(count($validate_types) == 0){
	206	$message = '当前账户没有绑定并验证的手机号码或者邮箱，无法提供安全的身份验证保证当前操作为本人，请联系客服找回登录密码。';
	207	show_message($message, $_LANG['back_up_page'], 'findPwd.php', 'info', false);
	208	}
	209
	210	$_SESSION['find_password'] = array(
	211	'user_id' => $user_id, 'user_name' => $user_name, 'email' => $email, 'mobile_phone' => $mobile_phone
	212	);
	213
	214	// 用于validate.php获取数据
	215	$_SESSION[VT_MOBILE_VALIDATE] = $mobile_phone;
	216	$_SESSION[VT_EMAIL_VALIDATE] = $email;
	217
	218	$smarty->assign("validate_types", $validate_types);
	219	$smarty->assign("validate_types_length", count($validate_types));
	220	$smarty->assign("action", "step_2");
	221	$smarty->display('user_findPwd.dwt');
	222	}
	223
	224	/**
	225	* 找回密码第二步:验证身份
	226	*/
	227	function action_validate ()
	228	{
	229
	230	// 获取全局变量
	231	$_LANG = $GLOBALS['_LANG'];
	232	$smarty = $GLOBALS['smarty'];
	233	$db = $GLOBALS['db'];
	234	$ecs = $GLOBALS['ecs'];
	235
	236	$user = $_SESSION['find_password'];
	237
	238	if(! isset($_SESSION['find_password']))
	239	{
	240	// show_message('账户名不能为空', $_LANG['relogin_lnk'], 'findPwd.php',
	241	// 'error');
	242	exit(json_encode(array(
	243	'error' => 1, 'content' => '账户名不能为空', 'url' => 'findPwd.php'
	244	)));
	245	}
	246
	247	$validate_type = $_POST['validate_type'];
	248
	249	if(! isset($_POST['validate_type']) \|\| empty($_POST['validate_type']))
	250	{
	251	exit(json_encode(array(
	252	'error' => 1, 'content' => '验证类型不能为空', 'url' => 'findPwd.php'
	253	)));
	254	}
	255
	256	require_once (ROOT_PATH . 'includes/lib_passport.php');
	257
	258	if($validate_type == 'email')
	259	{
	260
	261	$email = $user['email'];
	262	$email_code = ! empty($_POST['email_code']) ? trim($_POST['email_code']) : '';
	263
	264	$result = validate_email_code($email, $email_code);
	265
	266	if($result == 1)
	267	{
	268	exit(json_encode(array(
	269	'error' => 1, 'content' => $_LANG['msg_email_blank'], 'url' => 'findPwd.php'
	270	)));
	271	}
	272	else if($result == 2)
	273	{
	274	exit(json_encode(array(
	275	'error' => 1, 'content' => $_LANG['msg_email_format'], 'url' => 'findPwd.php'
	276	)));
	277	}
	278	else if($result == 3)
	279	{
	280	exit(json_encode(array(
	281	'error' => 1, 'content' => $_LANG['msg_email_code_blank'], 'url' => ''
	282	)));
	283	}
	284	else if($result == 4)
	285	{
	286	exit(json_encode(array(
	287	'error' => 1, 'content' => $_LANG['invalid_email_code'], 'url' => ''
	288	)));
	289	}
	290	else if($result == 5)
	291	{
	292	exit(json_encode(array(
	293	'error' => 1, 'content' => $_LANG['invalid_email_code'], 'url' => ''
	294	)));
	295	}
	296	}
	297	else if($validate_type == 'mobile_phone')
	298	{
	299
	300	$mobile_phone = ! empty($user['mobile_phone']) ? trim($user['mobile_phone']) : '';
	301	$mobile_code = ! empty($_POST['mobile_code']) ? trim($_POST['mobile_code']) : '';
	302
	303	$result = validate_mobile_code($mobile_phone, $mobile_code);
	304
	305	if($result == 1)
	306	{
	307	exit(json_encode(array(
	308	'error' => 1, 'content' => $_LANG['msg_mobile_phone_blank'], 'url' => 'findPwd.php'
	309	)));
	310	}
	311	else if($result == 2)
	312	{
	313	exit(json_encode(array(
	314	'error' => 1, 'content' => $_LANG['msg_mobile_phone_format'], 'url' => 'findPwd.php'
	315	)));
	316	}
	317	else if($result == 3)
	318	{
	319	exit(json_encode(array(
	320	'error' => 1, 'content' => $_LANG['msg_mobile_phone_code_blank'], 'url' => ''
	321	)));
	322	}
	323	else if($result == 4)
	324	{
	325	exit(json_encode(array(
	326	'error' => 1, 'content' => $_LANG['invalid_mobile_phone_code'], 'url' => ''
	327	)));
	328	}
	329	else if($result == 5)
	330	{
	331	exit(json_encode(array(
	332	'error' => 1, 'content' => $_LANG['invalid_mobile_phone_code'], 'url' => ''
	333	)));
	334	}
	335	}
	336	else
	337	{
	338	/* 无效的注册类型 */
	339	exit(json_encode(array(
	340	'error' => 1, 'content' => '非法验证参数', 'url' => 'findPwd.php'
	341	)));
	342	}
	343	// 身份验证成功
	344	$_SESSION['find_password']['validate'] = true;
	345
	346	exit(json_encode(array(
	347	'error' => 0, 'content' => '', 'url' => 'findPwd.php'
	348	)));
	349	}
	350
	351	/**
	352	* 跳转到重置密码的页面
	353	*/
	354	function action_to_reset_password ()
	355	{
	356	$smarty = $GLOBALS['smarty'];
	357	$db = $GLOBALS['db'];
	358	$ecs = $GLOBALS['ecs'];
	359
	360	if(! isset($_SESSION['find_password']) \|\| $_SESSION['find_password']['validate'] != true)
	361	{
	362	show_message('非法操作！', $_LANG['relogin_lnk'], 'findPwd.php', 'error');
	363	}
	364
	365	$smarty->assign("action", "step_3");
	366	$smarty->display('user_findPwd.dwt');
	367	}
	368
	369	/**
	370	* 找回密码第三步：重置密码
	371	*/
	372	function action_reset_password ()
	373	{
	374	$smarty = $GLOBALS['smarty'];
	375	$db = $GLOBALS['db'];
	376	$ecs = $GLOBALS['ecs'];
	377
	378	if(! isset($_SESSION['find_password']) \|\| $_SESSION['find_password']['validate'] != true)
	379	{
	380	exit(json_encode(array(
	381	'error' => 1, 'content' => '非法操作', 'url' => 'findPwd.php'
	382	)));
	383	}
	384
	385	$password = $_POST['password'];
	386
	387	if(! isset($_POST['password']) \|\| empty($_POST['password']))
	388	{
	389	exit(json_encode(array(
	390	'error' => 1, 'content' => '密码不能为空', 'url' => ''
	391	)));
	392	}
	393
	394	if(! isset($_SESSION['find_password']))
	395	{
	396	exit(json_encode(array(
	397	'error' => 1, 'content' => '账户名不能为空', 'url' => 'findPwd.php'
	398	)));
	399	}
	400
	401	$user = $_SESSION['find_password'];
	402
	403	$result = $GLOBALS['user']->edit_user(array(
	404	'username' => $user['user_name'], 'password' => $password
	405	));
	406
	407	unset($_SESSION['find_password']);
	408
	409	if($result == false)
	410	{
	411	exit(json_encode(array(
	412	'error' => 1, 'content' => '重置密码失败，请重新尝试', 'url' => ''
	413	)));
	414	}
	415	else
	416	{
	417	exit(json_encode(array(
	418	'error' => 0, 'content' => '', 'url' => ''
	419	)));
	420	}
	421	}
	422
	423	/**
	424	* 找回密码第四步：完成
	425	*/
	426	function action_to_success ()
	427	{
	428	$smarty = $GLOBALS['smarty'];
	429	$db = $GLOBALS['db'];
	430	$ecs = $GLOBALS['ecs'];
	431
	432	$smarty->assign("action", "step_4");
	433	$smarty->display('user_findPwd.dwt');
	434	}
	435
	436	/* 余额额支付密码_添加_END_ */
	437	function get_takegoods_orders ($user_id, $num = 10, $start = 0)
	438	{
	439	$order_status = array(
	440	'0' => '提货成功，等待发货', '1' => '确认收货', '2' => '完成'
	441	);
	442	/* 取得订单列表 */
	443	$arr = array();
	444
	445	$sql = "SELECT * " . " FROM " . $GLOBALS['ecs']->table('takegoods_order') . " WHERE user_id = '$user_id' ORDER BY rec_id DESC";
	446	$res = $GLOBALS['db']->SelectLimit($sql, $num, $start);
	447
	448	while($row = $GLOBALS['db']->fetchRow($res))
	449	{
	450	$row['country_name'] = $GLOBALS['db']->getOne("select region_name from " . $GLOBALS['ecs']->table('region') . " where region_id='$row[country]' ");
	451	$row['province_name'] = $GLOBALS['db']->getOne("select region_name from " . $GLOBALS['ecs']->table('region') . " where region_id='$row[province]' ");
	452	$row['city_name'] = $GLOBALS['db']->getOne("select region_name from " . $GLOBALS['ecs']->table('region') . " where region_id='$row[city]' ");
	453	$row['district_name'] = $GLOBALS['db']->getOne("select region_name from " . $GLOBALS['ecs']->table('region') . " where region_id='$row[district]' ");
	454	$row['goods_url'] = build_uri('goods', array(
	455	'gid' => $row['goods_id']
	456	), $row['goods_name']);
	457	$arr[] = array(
	458	'rec_id' => $row['rec_id'], 'tg_sn' => $row['tg_sn'], 'goods_name' => $row['goods_name'], 'address' => $row['country_name'] . $row['province_name'] . $row['city_name'] . $row['district_name'] . $row['address'], 'add_time' => local_date($GLOBALS['_CFG']['time_format'], $row['add_time']), 'order_status' => $row['order_status'], 'order_status_name' => $order_status[$row['order_status']], 'goods_url' => $row['goods_url'], 'handler' => $row['handler']
	459	);
	460	}
	461
	462	return $arr;
	463	}
	464
	465	/* 代码增加_end By */
	466	/* 代码增加_start By */
	467	function get_user_backorders ($user_id, $num = 10, $start = 0)
	468	{
	469	/* 取得订单列表 */
	470	$arr = array();
	471
	472	$sql = "SELECT bo.*, g.goods_name " . " FROM " . $GLOBALS['ecs']->table('back_order') . " AS bo left join " . $GLOBALS['ecs']->table('goods') . " AS g " . " on bo.goods_id=g.goods_id " . " WHERE user_id = '$user_id' ORDER BY add_time DESC";
	473	$res = $GLOBALS['db']->SelectLimit($sql, $num, $start);
	474
	475	while($row = $GLOBALS['db']->fetchRow($res))
	476	{
	477
	478	$row['order_time'] = local_date($GLOBALS['_CFG']['time_format'], $row['add_time']);
	479	$row['refund_money_1'] = price_format($row['refund_money_1'], false);
	480
	481	$row['goods_url'] = build_uri('goods', array(
	482	'gid' => $row['goods_id']
	483	), $row['goods_name']);
	484	$row['status_back_1'] = $row['status_back'];
	485	$row['status_back'] = $GLOBALS['_LANG']['bos'][(($row['back_type'] == 4 && $row['status_back'] != 8) ? $row['back_type'] : $row['status_back'])] . ' - ' . $GLOBALS['_LANG']['bps'][$row['status_refund']];
	486
	487	$arr[] = $row;
	488	}
	489
	490	return $arr;
	491	}
	492
	493	function mc_random ($length, $char_str = 'abcdefghijklmnopqrstuvwxyz0123456789')
	494	{
	495	$hash = '';
	496	$chars = $char_str;
	497	$max = strlen($chars);
	498	for($i = 0; $i < $length; $i ++)
	499	{
	500	$hash .= substr($chars, (rand(0, 1000) % $max), 1);
	501	}
	502	return $hash;
	503	}
	504
	505	/* 代码增加2014-12-23 by _end */
	506	function get_user_yue ($user_id)
	507	{
	508	$sql = "SELECT user_money FROM " . $GLOBALS['ecs']->table('users') . "WHERE user_id = '$user_id'";
	509	$res = $GLOBALS['db']->getOne($sql);
	510	return $res;
	511	}
	512
	513	function get_inv_complete_address ($order)
	514	{
	515	if($order['inv_type'] == 'normal_invoice')
	516	{
	517	$address = trim(get_inv_complete_region($order['order_id'], $order['inv_type']));
	518	if(empty($address))
	519	{
	520	return $order['address'];
	521	}
	522	else
	523	{
	524	return '[' . $address . '] ' . $order['address'];
	525	}
	526	}
	527	elseif($order['inv_type'] == 'vat_invoice')
	528	{
	529	$address = trim(get_inv_complete_region($order['order_id'], $order['inv_type']));
	530	if(empty($address))
	531	{
	532	return $order['inv_consignee_address'];
	533	}
	534	else
	535	{
	536	return '[' . $address . '] ' . $order['inv_consignee_address'];
	537	}
	538	}
	539	else
	540	{
	541	return '';
	542	}
	543	}
	544
	545	function get_inv_complete_region ($order_id, $inv_type)
	546	{
	547	if(! empty($order_id))
	548	{
	549	if($inv_type == 'normal_invoice')
	550	{
	551	$sql = "SELECT concat(IFNULL(c.region_name, ''), ' ', IFNULL(p.region_name, ''), " . "' ', IFNULL(t.region_name, ''), ' ', IFNULL(d.region_name, '')) AS region " . "FROM " . $GLOBALS['ecs']->table('order_info') . " AS o " . "LEFT JOIN " . $GLOBALS['ecs']->table('region') . " AS c ON o.country = c.region_id " . "LEFT JOIN " . $GLOBALS['ecs']->table('region') . " AS p ON o.province = p.region_id " . "LEFT JOIN " . $GLOBALS['ecs']->table('region') . " AS t ON o.city = t.region_id " . "LEFT JOIN " . $GLOBALS['ecs']->table('region') . " AS d ON o.district = d.region_id " . "WHERE o.order_id = '$order_id'";
	552	return $GLOBALS['db']->getOne($sql);
	553	}
	554	elseif($inv_type == 'vat_invoice')
	555	{
	556	$sql = "SELECT concat(IFNULL(p.region_name, ''), " . "' ', IFNULL(t.region_name, ''), ' ', IFNULL(d.region_name, '')) AS region " . "FROM " . $GLOBALS['ecs']->table('order_info') . " AS o " . "LEFT JOIN " . $GLOBALS['ecs']->table('region') . " AS p ON o.inv_consignee_province = p.region_id " . "LEFT JOIN " . $GLOBALS['ecs']->table('region') . " AS t ON o.inv_consignee_city = t.region_id " . "LEFT JOIN " . $GLOBALS['ecs']->table('region') . " AS d ON o.inv_consignee_district = d.region_id " . "WHERE o.order_id = '$order_id'";
	557	return $GLOBALS['db']->getOne($sql);
	558	}
	559	else
	560	{
	561	return ' ';
	562	}
	563	}
	564	else
	565	{
	566	return ' ';
	567	}
	568	}
	569
	570	/**
	571	* 随机生成指定长度的数字
	572	*
	573	* @param number $length
	574	* @return number
	575	*/
	576	function rand_number ($length = 6)
	577	{
	578	if($length < 1)
	579	{
	580	$length = 6;
	581	}
	582
	583	$min = 1;
	584	for($i = 0; $i < $length - 1; $i ++)
	585	{
	586	$min = $min * 10;
	587	}
	588	$max = $min * 10 - 1;
	589
	590	return rand($min, $max);
	591	}
	592
	593	function encrypt_email ($email)
	594	{
	595	if(empty($email))
	596	{
	597	return $email;
	598	}
	599
	600	// 处理手机号，不让前台显示
	601	$email_head = substr($email, 0, strpos($email, '@'));
	602	$email_domain = substr($email, strpos($email, '@'));
	603
	604	if(strlen($email_head) == 1)
	605	{
	606	$email = substr($email_head, 0, 1) . '*****' . $email_domain;
	607	}
	608	else if(strlen($email_head) <= 4)
	609	{
	610	$email = substr($email_head, 0, 1) . '*****' . substr($email_head, - 1) . $email_domain;
	611	}
	612	else if(strlen($email_head) <= 7)
	613	{
	614	$email = substr($email_head, 0, 2) . '*****' . substr($email_head, - 2) . $email_domain;
	615	}
	616	else
	617	{
	618	$email = substr($email_head, 0, 3) . '*****' . substr($email_head, - 3) . $email_domain;
	619	}
	620	return $email;
	621	}
	622
	623	function encrypt_mobile ($mobile)
	624	{
	625	if(empty($mobile))
	626	{
	627	return $mobile;
	628	}
	629	// 处理手机号，不让前台显示
	630	$mobile = substr($mobile, 0, 3) . '*****' . substr($mobile, - 3);
	631	return $mobile;
	632	}
	633	?>