www.gusucode.com > citySHOP B2C商城系统 进销存 2.0.6码程序 > upload/login.php

    <?php
define('NOROBOT', true);
include_once './include/common.inc.php';
include APP_ROOT . './uc_client/client.php';
include_once (APP_ROOT . './include/seccode.class.php');
$pagetitle = '登录与注册';
$headlinks = showlinks('css','style');
$jslinks = showlinks('js','common');
if (isset($act) && $act == 'logout' && !empty($formhash)) {
    if ($formhash != FORMHASH) {
        showmessage('logout_succeed', dreferer());
    }
    $ucsynlogout = $allowsynlogin && $open_ucport ? uc_user_synlogout() : '';
    clearcookies();
    $mall_uid = 0;
    $mall_user = $mall_pw = '';
    showmessage('恭喜,你已成功退出!' . $ucsynlogout, $indexname);

}
$referer = dreferer();
$referer = strpos($referer,'login.php') || empty($referer) ? $indexname : $referer;

if ($mall_uid) {
    showmessage('login_success',$referer);
}

$def_username = isset($_MCOOKIE['lusername']) ? $_MCOOKIE['lusername'] : '';


include_once (APP_ROOT . 'include/seccode.class.php');

function loginmsg($msg, $returnurl)
{
    global $frombox, $lang;
    $message = substr($msg, strpos($msg, ':') + 1, strlen($msg));
    if ($frombox) {
        if ($returnurl != '' && !strpos($returnurl, '.php')) {
            $message = isset($lang[$message]) ? $lang[$message] : $message;
            $msg = $returnurl . ':' . $message;
        }
        exit($msg);
    } else {
        showmessage($message, $returnurl);
    }
}
$rand = rand(100000, 999999);
$seccodeauth = authcode($rand, 'ENCODE', $authkey);
$seccodeauth = rawurlencode($seccodeauth);
if (submitcheck('loginsubmit') || submitcheck('postsubmit')) {

    $frombox = isset($frombox) ? $frombox : false;

    $activeauth = isset($activeauth) ? intval($activeauth) : 0;

    $usernamel = addslashes(trim(stripslashes($usernamel)));
    if (preg_match("/[\'\"\s]+/", $usernamel)) {
        loginmsg('login:用户名输入不正确或包含非法字符!', 'login.php');
    }
    if ($saveusername == 'true') {
        dsetcookie('lusername', $usernamel, $cookietime);
    }

    $query = $db->query("SELECT `count`,lastupdate FROM {$tablepre}failedlogins WHERE ip='$onlineip'");
    if ($fcount = $db->fetch_array($query)) {
        if ($timestamp - $fcount['lastupdate'] <= 900) {
            if ($fcount['count'] >= $loginfailedcount) {
                loginmsg('close:对不起,请15分钟后再登陆。', $referer);
            }
        } else {
            $db->query("DELETE FROM {$tablepre}failedlogins WHERE ip='$onlineip'");
        }
    }
    $query = $db->query("SELECT * FROM {$tablepre}members WHERE username='$usernamel'");
    $arr = $db->fetch_array($query);
    $inpassword = md5(md5($passwordl));
    if ($open_ucport) {
        $ucresult = uc_user_login($usernamel, $passwordl, 0, 0);
        list($tmp['uid'], $tmp['username'], $tmp['password'], $tmp['email'], $duplicate) =
            daddslashes($ucresult, 1);
        $ucresult = $tmp;
        
        if ($activeauth || !$arr) {
            if ($ucresult['uid'] > 0) {
				$db->query("INSERT INTO `{$tablepre}members` (`username` , `password` , `regip` , `regdate` , `lastip` , `lastvisit` , `email`) VALUES ('$usernamel', '$inpassword', '$onlineip', '$timestamp', '$onlineip', '$timestamp', '$ucresult[email]');");
                $mall_uid = $db->insert_id();
                dsetcookie('auth', authcode("$inpassword\t$usernamel\t$mall_uid", 'ENCODE'), $cookietime);
                addcredits(0,$mall_uid);
                loginmsg('activesuccess:恭喜,登陆成功!', $referer);
            } else {
                loginmsg('activesuccess:登录失败,请联系网站客服。', $referer);
            }
        }
    }
    if($arr){
   		$datapass = $arr['password'];
        if ($inpassword == $datapass) {
            $mall_uid = $arr['uid'];
            $mall_user = $usernamel;
            $mall_pw = $datapass;
            $ucsynlogin = '';
			if($ucresult['uid']=='-2'){
				uc_user_edit($mall_user,'',$passwordl,$arr['email'],1);
			}
            if ($open_ucport && $ucresult['uid'] == '-1') {
                $ucresult['uid'] = uc_user_register($mall_user, $passwordl, $arr['email']);
            }
            if ($open_ucport && $ucresult['uid'] > 0) {
                $ucsynlogin = $allowsynlogin ? uc_user_synlogin($ucresult['uid']) : '';
            }

            $db->query("UPDATE {$tablepre}members SET `lastip`='$onlineip',`lastvisit`='$timestamp' WHERE uid='$mall_uid'");
            dsetcookie('auth', authcode("$mall_pw\t$mall_user\t$mall_uid", 'ENCODE'), $cookietime);
            addcredits(0,$mall_uid);
            loginmsg('close:恭喜,登陆成功!' . $ucsynlogin, $referer);
        } else {
            if (!$fcount) {
                $db->query("INSERT INTO {$tablepre}failedlogins (ip,count,lastupdate) VALUES ('$onlineip','1','$timestamp')");
                $fcount['count'] = 1;
            } else {
                $db->query("UPDATE {$tablepre}failedlogins SET count=count+1 WHERE ip='$onlineip'");
                $fcount['count'] += 1;
            }
            $lefttimes = $loginfailedcount - $fcount['count'];
            if ($lefttimes <= 0) {
                loginmsg('close:对不起,请15分钟后再登陆。', $referer);
            }
            loginmsg('login:对不起,密码输入不正确!你还有' . $lefttimes . '次尝试机会。', 'login.php');
        }
   	}
} elseif (submitcheck('regsubmit')) {
    $username = addslashes(trim(stripslashes($username)));
    if (preg_match("/[\'\"\s]+/", $username)) {
        showmessage('用户名输入不正确或包含非法字符!');
    }
    if ($db->result_first("SELECT uid FROM {$tablepre}members WHERE username='$username'")) {
        showmessage('用户名已存在!');
    }
    if (uc_user_checkemail($email) == -6 || $db->result_first("SELECT uid FROM {$tablepre}members WHERE email='$email'")) {
        showmessage('该Email地址已被使用!');
    }

    $sec = authcode(rawurldecode($seccodehide), 'DECODE', $authkey);
    seccode::seccodeconvert($sec);
 
    if ($checkcode != $sec) {
        showmessage('验证码输入不正确!');
    } elseif ($agreemallrule == 'false') {
        showmessage('您没有阅读并同意《商城用户协议》,不能注册。');
    }

    $query = $db->query("SELECT * FROM {$tablepre}regips WHERE ip='$onlineip'");
    if ($arr = $db->fetch_array($query)) {
        if (($timestamp - $arr['dateline']) < $register_iptime) {
            showmessage('对不起,同一个IP' . round($register_iptime / 60) . '分钟内只能注册一个账号!');
        }
    }

    if ($open_ucport && uc_get_user($username)) {
        showmessage('对不起,您输入的用户名 "' . $username . '" 已经存在,请登录激活此帐号。', 'login.php');
    }

    if ($password != $passwordag) {
        showmessage('两次输入的密码不一致');
    }

    if (!$password || $password != addslashes($password)) {
        showmessage('密码空或包含非法字符');
    }
    $guestexp = '\xA1\xA1|\xAC\xA3|^Guest|^\xD3\xCE\xBF\xCD|\xB9\x43\xAB\xC8';

    $censorexp = '/^(' . str_replace(array('\\*', "\r\n", ' '), array('.*', '|', ''),
        preg_quote(($censoruser = trim($censoruser)), '/')) . ')$/i';

    if ($censoruser && @preg_match($censorexp, $username)) {
        showmessage('用户名包含被系统屏蔽的字符');
    }
    if ($open_ucport) {
        $uid = uc_user_register($username, $password, $email);
        if ($uid <= 0) {
            if ($uid == -1) {
                showmessage('profile_username_illegal');
            } elseif ($uid == -2) {
                showmessage('profile_username_protect');
            } elseif ($uid == -3) {
                showmessage('profile_username_duplicate');
            } elseif ($uid == -4) {
                showmessage('profile_email_illegal');
            } elseif ($uid == -5) {
                showmessage('profile_email_domain_illegal');
            } elseif ($uid == -6) {
                showmessage('profile_email_duplicate');
            } else {
                showmessage('undefined_action');
            }
        }
    }
    $password = md5(md5($password));
    $db->query("INSERT INTO `{$tablepre}members` (`username` , `password` , `regip` , `regdate` , `lastip` , `lastvisit` , `email`) VALUES ('$username', '$password', '$onlineip', '$timestamp', '$onlineip', '$timestamp', '$email');");
    if ($mall_uid = $db->insert_id()) {
        //注册时间间隔
        $db->query("DELETE FROM {$tablepre}regips WHERE ip='$onlineip'");

        $db->query("INSERT INTO {$tablepre}regips (ip,dateline) VALUES ('$onlineip','$timestamp')");

        //注册时间间隔
        $mall_user = $username;
        $mall_pw = $password;
        dsetcookie('auth', authcode("$mall_pw\t$mall_user\t$mall_uid", 'ENCODE'), $cookietime);
        $ucsynlogin = $allowsynlogin && $open_ucport ? uc_user_synlogin($uid) : '';
        addcredits(0,$mall_uid);
		showmessage('恭喜,注册成功!' . $ucsynlogin, $referer);
    } else {
        showmessage("注册出错,请联系网站客服!");
    }
}

include (template('logging'));
?>