- uc_client/client.php
function uc_user_register($username, $password, $email, $tel = '', $register_type = 0, $from = 0, $questionid = '', $answer = '', $regip = '') {
return call_user_func(UC_API_FUNC, 'user', 'register', array('username'=>$username, 'password'=>$password, 'email'=>$email, 'questionid'=>$questionid, 'answer'=>$answer, 'regip' => $regip, 'tel' => $tel, 'register_type' => $register_type, 'from' => $from));
}
function uc_user_edit($username, $oldpw, $newpw, $email, $tel = '', $ignoreoldpw = 0, $questionid = '', $answer = '') {
return call_user_func(UC_API_FUNC, 'user', 'edit', array('username'=>$username, 'oldpw'=>$oldpw, 'newpw'=>$newpw, 'email'=>$email, 'ignoreoldpw'=>$ignoreoldpw, 'questionid'=>$questionid, 'answer'=>$answer, 'tel' => $tel));
}
2.uc_client/control/user.php
function onregister() {
$this->init_input();
$username = $this->input('username');
$password = $this->input('password');
$email = $this->input('email');
$questionid = $this->input('questionid');
$answer = $this->input('answer');
$regip = $this->input('regip');
**$tel = $this->input('tel');
$register_type = $this->input('register_type');
$from = $this->input('from');**
if(($status = $this->_check_username($username)) < 0) {
return $status;
}
if(($status = $this->_check_email($email)) < 0) {
return $status;
}
**if (($status = $this->_check_tel ( $tel )) < 0) {
return $status;
}**
$uid = $_ENV['user']->add_user($username, $password, $email, 0, $tel, $register_type, $from, $questionid, $answer, $regip);
return $uid;
}
function _check_tel($tel) {
$tel = addslashes ( trim ( stripslashes ( $tel ) ) );
if (! $_ENV ['user']->check_tel ( $tel )) {
return UC_USER_CHECK_TEL_FAILED;
} elseif ($_ENV ['user']->check_telexists ( $tel )) {
return UC_USER_TEL_EXISTS;
}
return 1;
}
function onedit() {
$this->init_input();
$username = $this->input('username');
$oldpw = $this->input('oldpw');
$newpw = $this->input('newpw');
$email = $this->input('email');
$ignoreoldpw = $this->input('ignoreoldpw');
$questionid = $this->input('questionid');
$answer = $this->input('answer');
**$tel = $this->input('tel');**
if(!$ignoreoldpw && $email && ($status = $this->_check_email($email, $username)) < 0) {
return $status;
}
if (! empty ( $tel )) {
if (($status = $this->_check_tel ( $tel )) < 0) {
return -9;
}
}
**$status = $_ENV['user']->edit_user($username, $oldpw, $newpw, $email, $ignoreoldpw, $questionid, $answer, $tel);**
if($newpw && $status > 0) {
$this->load('note');
$_ENV['note']->add('updatepw', 'username='.urlencode($username).'&password=');
$_ENV['note']->send();
}
return $status;
}
function onlogin() {
$this->init_input();
$isuid = $this->input('isuid');
$username = $this->input('username');
$password = $this->input('password');
$checkques = $this->input('checkques');
$questionid = $this->input('questionid');
$answer = $this->input('answer');
if($isuid == 1) {
$user = $_ENV['user']->get_user_by_uid($username);
} elseif($isuid == 2) {
$user = $_ENV['user']->get_user_by_email($username);
} else {
$user = $_ENV['user']->get_user_by_username($username);
}
$passwordmd5 = preg_match('/^\w{32}$/', $password) ? $password : md5($password);
if(empty($user)) {
$status = -1;
} elseif($user['password'] != md5($passwordmd5.$user['salt'])) {
$status = -2;
} elseif($checkques && $user['secques'] != '' && $user['secques'] != $_ENV['user']->quescrypt($questionid, $answer)) {
$status = -3;
} else {
$status = $user['uid'];
}
$merge = $status != -1 && !$isuid && $_ENV['user']->check_mergeuser($username) ? 1 : 0;
**return array($status, $user['username'], $password, $user['email'], $user['tel'], $user['register_type'], $user['from'], $merge);**
}
function onget_user() {
$this->init_input();
$username = $this->input('username');
if(!$this->input('isuid')) {
$status = $_ENV['user']->get_user_by_username($username);
} else {
$status = $_ENV['user']->get_user_by_uid($username);
}
if($status) {
**return array($status['uid'],$status['username'],$status['email'], $status['tel'], $status['register_type'], $status['from']);**
} else {
return 0;
}
}
define('UC_USER_TEL_EXISTS', -7);
define('UC_USER_CHECK_TEL_FAILED', -8);
3.uc_client/model/user.php
function check_tel($tel) {
if(!preg_match("/1[0-9]{8}/", $tel))
return FALSE;
return TRUE;
}
function check_telexists($tel) {
$data = $this->db->result_first ( "SELECT username FROM " . UC_DBTABLEPRE . "members WHERE tel='$tel'" );
return $data;
}
**function edit_user($username, $oldpw, $newpw, $email, $ignoreoldpw = 0, $questionid = '', $answer = '', $tel = '') {**
$data = $this->db->fetch_first("SELECT username, uid, password, salt FROM ".UC_DBTABLEPRE."members WHERE username='$username'");
if($ignoreoldpw) {
$isprotected = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."protectedmembers WHERE uid = '$data[uid]'");
if($isprotected) {
return -8;
}
}
if(!$ignoreoldpw && $data['password'] != md5(md5($oldpw).$data['salt'])) {
return -1;
}
$sqladd = $newpw ? "password='".md5(md5($newpw).$data['salt'])."'" : '';
$sqladd .= $email ? ($sqladd ? ',' : '')." email='$email'" : '';
if($questionid !== '') {
if($questionid > 0) {
$sqladd .= ($sqladd ? ',' : '')." secques='".$this->quescrypt($questionid, $answer)."'";
} else {
$sqladd .= ($sqladd ? ',' : '')." secques=''";
}
}
**$sqladd .= $tel ? ($sqladd ? ',' : '') . " tel='$tel'" : '';**
if($sqladd || $emailadd) {
$this->db->query("UPDATE ".UC_DBTABLEPRE."members SET $sqladd WHERE username='$username'");
return $this->db->affected_rows();
} else {
return -7;
}
}
function add_user($username, $password, $email, $uid = 0, $tel = '', $register_type = '', $from = '', $questionid = '', $answer = '', $regip = '') {
$regip = empty($regip) ? $this->base->onlineip : $regip;
$salt = substr(uniqid(rand()), -6);
$password = md5(md5($password).$salt);
$sqladd = $uid ? "uid='".intval($uid)."'," : '';
$sqladd .= $questionid > 0 ? " secques='".$this->quescrypt($questionid, $answer)."'," : " secques='',";
**$this->db->query("INSERT INTO ".UC_DBTABLEPRE."members SET $sqladd username='$username', password='$password', email='$email', regip='$regip', regdate='".$this->base->time."', salt='$salt', tel ='$tel', register_type = '$register_type', from = '$from'");**
$uid = $this->db->insert_id();
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."memberfields SET uid='$uid'");
return $uid;
}