www.gusucode.com > citySHOP B2C商城系统 进销存 2.0.6码程序 > upload/login.php
<?php define('NOROBOT', true); include_once './include/common.inc.php'; include APP_ROOT . './uc_client/client.php'; include_once (APP_ROOT . './include/seccode.class.php'); $pagetitle = '登录与注册'; $headlinks = showlinks('css','style'); $jslinks = showlinks('js','common'); if (isset($act) && $act == 'logout' && !empty($formhash)) { if ($formhash != FORMHASH) { showmessage('logout_succeed', dreferer()); } $ucsynlogout = $allowsynlogin && $open_ucport ? uc_user_synlogout() : ''; clearcookies(); $mall_uid = 0; $mall_user = $mall_pw = ''; showmessage('恭喜,你已成功退出!' . $ucsynlogout, $indexname); } $referer = dreferer(); $referer = strpos($referer,'login.php') || empty($referer) ? $indexname : $referer; if ($mall_uid) { showmessage('login_success',$referer); } $def_username = isset($_MCOOKIE['lusername']) ? $_MCOOKIE['lusername'] : ''; include_once (APP_ROOT . 'include/seccode.class.php'); function loginmsg($msg, $returnurl) { global $frombox, $lang; $message = substr($msg, strpos($msg, ':') + 1, strlen($msg)); if ($frombox) { if ($returnurl != '' && !strpos($returnurl, '.php')) { $message = isset($lang[$message]) ? $lang[$message] : $message; $msg = $returnurl . ':' . $message; } exit($msg); } else { showmessage($message, $returnurl); } } $rand = rand(100000, 999999); $seccodeauth = authcode($rand, 'ENCODE', $authkey); $seccodeauth = rawurlencode($seccodeauth); if (submitcheck('loginsubmit') || submitcheck('postsubmit')) { $frombox = isset($frombox) ? $frombox : false; $activeauth = isset($activeauth) ? intval($activeauth) : 0; $usernamel = addslashes(trim(stripslashes($usernamel))); if (preg_match("/[\'\"\s]+/", $usernamel)) { loginmsg('login:用户名输入不正确或包含非法字符!', 'login.php'); } if ($saveusername == 'true') { dsetcookie('lusername', $usernamel, $cookietime); } $query = $db->query("SELECT `count`,lastupdate FROM {$tablepre}failedlogins WHERE ip='$onlineip'"); if ($fcount = $db->fetch_array($query)) { if ($timestamp - $fcount['lastupdate'] <= 900) { if ($fcount['count'] >= $loginfailedcount) { loginmsg('close:对不起,请15分钟后再登陆。', $referer); } } else { $db->query("DELETE FROM {$tablepre}failedlogins WHERE ip='$onlineip'"); } } $query = $db->query("SELECT * FROM {$tablepre}members WHERE username='$usernamel'"); $arr = $db->fetch_array($query); $inpassword = md5(md5($passwordl)); if ($open_ucport) { $ucresult = uc_user_login($usernamel, $passwordl, 0, 0); list($tmp['uid'], $tmp['username'], $tmp['password'], $tmp['email'], $duplicate) = daddslashes($ucresult, 1); $ucresult = $tmp; if ($activeauth || !$arr) { if ($ucresult['uid'] > 0) { $db->query("INSERT INTO `{$tablepre}members` (`username` , `password` , `regip` , `regdate` , `lastip` , `lastvisit` , `email`) VALUES ('$usernamel', '$inpassword', '$onlineip', '$timestamp', '$onlineip', '$timestamp', '$ucresult[email]');"); $mall_uid = $db->insert_id(); dsetcookie('auth', authcode("$inpassword\t$usernamel\t$mall_uid", 'ENCODE'), $cookietime); addcredits(0,$mall_uid); loginmsg('activesuccess:恭喜,登陆成功!', $referer); } else { loginmsg('activesuccess:登录失败,请联系网站客服。', $referer); } } } if($arr){ $datapass = $arr['password']; if ($inpassword == $datapass) { $mall_uid = $arr['uid']; $mall_user = $usernamel; $mall_pw = $datapass; $ucsynlogin = ''; if($ucresult['uid']=='-2'){ uc_user_edit($mall_user,'',$passwordl,$arr['email'],1); } if ($open_ucport && $ucresult['uid'] == '-1') { $ucresult['uid'] = uc_user_register($mall_user, $passwordl, $arr['email']); } if ($open_ucport && $ucresult['uid'] > 0) { $ucsynlogin = $allowsynlogin ? uc_user_synlogin($ucresult['uid']) : ''; } $db->query("UPDATE {$tablepre}members SET `lastip`='$onlineip',`lastvisit`='$timestamp' WHERE uid='$mall_uid'"); dsetcookie('auth', authcode("$mall_pw\t$mall_user\t$mall_uid", 'ENCODE'), $cookietime); addcredits(0,$mall_uid); loginmsg('close:恭喜,登陆成功!' . $ucsynlogin, $referer); } else { if (!$fcount) { $db->query("INSERT INTO {$tablepre}failedlogins (ip,count,lastupdate) VALUES ('$onlineip','1','$timestamp')"); $fcount['count'] = 1; } else { $db->query("UPDATE {$tablepre}failedlogins SET count=count+1 WHERE ip='$onlineip'"); $fcount['count'] += 1; } $lefttimes = $loginfailedcount - $fcount['count']; if ($lefttimes <= 0) { loginmsg('close:对不起,请15分钟后再登陆。', $referer); } loginmsg('login:对不起,密码输入不正确!你还有' . $lefttimes . '次尝试机会。', 'login.php'); } } } elseif (submitcheck('regsubmit')) { $username = addslashes(trim(stripslashes($username))); if (preg_match("/[\'\"\s]+/", $username)) { showmessage('用户名输入不正确或包含非法字符!'); } if ($db->result_first("SELECT uid FROM {$tablepre}members WHERE username='$username'")) { showmessage('用户名已存在!'); } if (uc_user_checkemail($email) == -6 || $db->result_first("SELECT uid FROM {$tablepre}members WHERE email='$email'")) { showmessage('该Email地址已被使用!'); } $sec = authcode(rawurldecode($seccodehide), 'DECODE', $authkey); seccode::seccodeconvert($sec); if ($checkcode != $sec) { showmessage('验证码输入不正确!'); } elseif ($agreemallrule == 'false') { showmessage('您没有阅读并同意《商城用户协议》,不能注册。'); } $query = $db->query("SELECT * FROM {$tablepre}regips WHERE ip='$onlineip'"); if ($arr = $db->fetch_array($query)) { if (($timestamp - $arr['dateline']) < $register_iptime) { showmessage('对不起,同一个IP' . round($register_iptime / 60) . '分钟内只能注册一个账号!'); } } if ($open_ucport && uc_get_user($username)) { showmessage('对不起,您输入的用户名 "' . $username . '" 已经存在,请登录激活此帐号。', 'login.php'); } if ($password != $passwordag) { showmessage('两次输入的密码不一致'); } if (!$password || $password != addslashes($password)) { showmessage('密码空或包含非法字符'); } $guestexp = '\xA1\xA1|\xAC\xA3|^Guest|^\xD3\xCE\xBF\xCD|\xB9\x43\xAB\xC8'; $censorexp = '/^(' . str_replace(array('\\*', "\r\n", ' '), array('.*', '|', ''), preg_quote(($censoruser = trim($censoruser)), '/')) . ')$/i'; if ($censoruser && @preg_match($censorexp, $username)) { showmessage('用户名包含被系统屏蔽的字符'); } if ($open_ucport) { $uid = uc_user_register($username, $password, $email); if ($uid <= 0) { if ($uid == -1) { showmessage('profile_username_illegal'); } elseif ($uid == -2) { showmessage('profile_username_protect'); } elseif ($uid == -3) { showmessage('profile_username_duplicate'); } elseif ($uid == -4) { showmessage('profile_email_illegal'); } elseif ($uid == -5) { showmessage('profile_email_domain_illegal'); } elseif ($uid == -6) { showmessage('profile_email_duplicate'); } else { showmessage('undefined_action'); } } } $password = md5(md5($password)); $db->query("INSERT INTO `{$tablepre}members` (`username` , `password` , `regip` , `regdate` , `lastip` , `lastvisit` , `email`) VALUES ('$username', '$password', '$onlineip', '$timestamp', '$onlineip', '$timestamp', '$email');"); if ($mall_uid = $db->insert_id()) { //注册时间间隔 $db->query("DELETE FROM {$tablepre}regips WHERE ip='$onlineip'"); $db->query("INSERT INTO {$tablepre}regips (ip,dateline) VALUES ('$onlineip','$timestamp')"); //注册时间间隔 $mall_user = $username; $mall_pw = $password; dsetcookie('auth', authcode("$mall_pw\t$mall_user\t$mall_uid", 'ENCODE'), $cookietime); $ucsynlogin = $allowsynlogin && $open_ucport ? uc_user_synlogin($uid) : ''; addcredits(0,$mall_uid); showmessage('恭喜,注册成功!' . $ucsynlogin, $referer); } else { showmessage("注册出错,请联系网站客服!"); } } include (template('logging')); ?>