📄 account.php
字号:
<?php
define ( 'ACCOUNT_PHP', 1 );
define ( 'NO_AUTH_CHECK', 1 );
require_once 'includes/commons.inc.php';
require_once 'includes/messages_account.inc.php';
$tpl_error = new Template ( TPL_DIR . 'tpl_error.php' );
switch ( $action )
{
case 'register':
{
// Registration disable or user is already logged in?
if ( !$UPL['SETTINGS']['reg'] )
{
$tpl_message->set ( array ( 'message' => parse ( $lang_account['reg_disabled'], '{reason}', $UPL['SETTINGS']['regmsg'] ), 'back_url' => 'index.php' ) );
$tpl_uploader->set ( array ( 'content' => &$tpl_message, 'page_title' => $lang_titles['reg_title4'] ), '', 1 );
exit;
}
else if ( $UPL['USER']['logged_in'] ) exit ( header ( 'Location: index.php' ) );
// OK to register now, start up
$tpl_register = new Template ( TPL_DIR . 'tpl_register.php' );
$userinfo = gpc ( 'userinfo', 'P', array ( 'name' => '', 'email' => '', 'pbrowse' => 1, 'pemail' => 0, 'pmessage' => 1 ) );
$errors = array ( );
// user settings
$db = new DB;
if ( !$db->open ( USER_SETTINGS ) ){exit ( 'Unable to load user settings.' );}
$user_settings = $db->all();
$db->close();
// check user inputs
$userinfo['name'] = trim ( $userinfo['name'] );
$userinfo['email'] = trim ( $userinfo['email'] );
if ( !isset ( $userinfo['pbrowse'] ) ) $userinfo['pbrowse'] = false;
if ( !isset ( $userinfo['pemail'] ) ) $userinfo['pemail'] = false;
if ( !isset ( $userinfo['pmessage'] ) ) $userinfo['pmessage'] = false;
// to template
$tpl_register->set ( 'userinfo', $userinfo );
$tpl_register->set ( 'restrictions', $user_settings['restrictions'] );
if ( $task == 'register' )
{
// Process registration
if ( $demo ) exit ( 'Demo only!' );
// user exists with same name or email. Values (name,email,both)
$username_exists = false;
$useremail_exists = false;
if ( $userinfo['name'] != '' || $userinfo['email'] != '' )
{
$mysqlDB->query ( sprintf ( "SELECT username,email FROM uploader_users WHERE username='%s' OR email='%s' OR reg_email='%s' LIMIT 1;", $mysqlDB->escape ( $userinfo['name'] ), $mysqlDB->escape ( $userinfo['email'] ), $mysqlDB->escape ( $userinfo['email'] ) ) );
if ( $mysqlDB->getRowCount() )
{
$existing_user = $mysqlDB->getAssoc();
$mysqlDB->free();
$username_exists = strcasecmp ( $userinfo['name'], $existing_user['username'] ) === 0;
$useremail_exists = strcasecmp ( $userinfo['email'], $existing_user['email'] ) === 0;
}
}
// check username
if ( $userinfo['name'] == '' ) $errors [] = $lang_account['reg_no_name'];
elseif ( strlen ( $userinfo['name'] ) < $user_settings['restrictions']['name_min_len'] ) $errors [] = parse ( $lang_account['reg_short_name'], '{min_length}', $user_settings['restrictions']['name_min_len'] );
elseif ( $user_settings['restrictions']['name_max_len'] > 0 && strlen ( $userinfo['name'] ) > $user_settings['restrictions']['name_max_len'] ) $errors [] = parse ( $lang_account['reg_long_name'], '{max_length}', $user_settings['restrictions']['name_max_len'] );
elseif ( preg_match ( '#[^a-z0-9_]#i', $userinfo['name'] ) ) $errors [] = $lang_account['reg_bad_name'];
elseif ( $user_settings['restrictions']['disallowed_names'] != '' && in_array ( strtolower ( $userinfo['name'] ), explode ( ',', $user_settings['restrictions']['disallowed_names'] ) ) ) $errors [] = $lang_account['reg_disallowed_name'];
elseif ( $username_exists ) $errors[] = parse ( $lang_account['reg_name_taken'], '{username}', htmlentities ( $userinfo['name'] ) );
// check password
if ( $userinfo['pass1'] == '' ) $errors [] = $lang_account['reg_no_pass'];
elseif ( $userinfo['pass1'] != $userinfo['pass2'] ) $errors [] = $lang_account['reg_pass_no_match'];
// check email
if ( $userinfo['email'] == '' ) $errors [] = $lang_account['reg_no_email'];
elseif ( strlen ( $userinfo['email'] ) > 100 || !preg_match ( "#(.+?)\@(.+?)#i", $userinfo['email'] ) ) $errors [] = $lang_account['reg_invalid_email'];
elseif ( $useremail_exists ) $errors [] = $lang_account['reg_email_exists'];
// Add user if no errors
if ( count ( $errors ) == 0 )
{
$act_code = get_rand ( 32 );
$new_user_info = array
(
'userid' => NULL,
'username' => $userinfo['name'],
'password' => md5 ( $userinfo['pass1'] ),
'email' => $userinfo['email'],
'level' => LEVEL_NORMAL,
'max_messages' => $UPL['CONFIGS']['DEFAULT_MAX_MESSAGE'],
'is_activated' => 0,
'is_approved' => $UPL['SETTINGS']['approval'],
'is_suspended' => 0,
'last_login_time' => 0,
'last_login_ip' => '0.0.0.0',
'reg_email' => $userinfo['email'],
'reg_date' => time(),
'reg_ip' => $_SERVER['REMOTE_ADDR'],
'pref_accepts_pm' => (int)$userinfo['pmessage'],
'pref_show_email' => (int)$userinfo['pemail'],
'bw_used' => 0,
'bw_max' => $user_settings['new_user_settings']['bw_max'],
'bw_reset_last' => 0,
'bw_reset_period' => $user_settings['new_user_settings']['bw_reset_period'],
'bw_reset_auto' => (int)$user_settings['new_user_settings']['bw_auto_reset'],
'bw_xfer_rate' => (int)$user_settings['new_user_settings']['bw_xfer_rate'],
'fl_max_storage' => $user_settings['new_user_settings']['fl_max_storage'],
'fl_max_filesize' => $user_settings['new_user_settings']['fl_max_filesize'],
'fl_allowed_types' => $user_settings['new_user_settings']['fl_allowed_filetypes'],
'fl_images_only' => (int)$user_settings['new_user_settings']['fl_images_only'],
'fl_rename_permission' => (int)$user_settings['new_user_settings']['fl_allow_rename'],
'fl_allow_folders' => (int)$user_settings['new_user_settings']['fl_create_folder'],
'fl_max_folders' => $user_settings['new_user_settings']['fl_max_folders'],
'fl_watermark' => (int)$user_settings['new_user_settings']['fl_watermark'],
'xtr_admin_comments' => '',
'xtr_new_email_address' => '',
'xtr_activation_code' => md5 ( $act_code ),
'xtr_password_reset_code' => md5 ( get_rand ( 100 ) ),
'xtr_change_email_code' => md5 ( get_rand ( 100 ) ),
);
if ( !$mysqlDB->query ( "INSERT INTO uploader_users SET " . $mysqlDB->buildInsertStatement ( $new_user_info ) . ";" ) ) exit ( $mysqlDB->error ( __LINE__, __FILE__ ) );
if ( $mysqlDB->getAffectRowCount ( ) )
{
$userid = $mysqlDB->getInsertId();
// create user folder
if ( !make_dir ( $UPL['SETTINGS']['userfiles_dir'] . '/' . $userid, $UPL['CONFIGS']['CHMOD_TO'] ) )
{
print '<!-- Tried to create directory: ' . ( $UPL['SETTINGS']['userfiles_dir'] . '/' . $userid ) . ' -->';
$mysqlDB->query ( "DELETE FROM uploader_users WHERE userid={$userid};" );
exit ( 'Internal error in account.php, line ' . __LINE__ . ': Unable to create user folder for userid: ' . $userid . '. Check directory permission. Registration halted and user has not been registered. Please contact the administrator at ' . $UPL['SETTINGS']['email'] );
}
// create default folder
make_dir ( $UPL['SETTINGS']['userfiles_dir'] . '/' . $userid . '/My Documents', $UPL['CONFIGS']['CHMOD_TO'] );
// Activation required?
if ( $UPL['SETTINGS']['activation_req'] )
{
$tpl_email = new DB;
if ( $tpl_email->open ( EMAIL_TEMPLATES ) )
{
$message = parse ( $tpl_email->get ( 'email_header' ), '{username}', $userinfo['name'] );
$message .= parse ( $tpl_email->get ( 'activation' ), '{activation_url}', $UPL['SETTINGS']['uploader_url'] . 'account.php?action=activate&userid=' . $userid . '&code=' . $act_code );
$message .= $tpl_email->get ( 'email_footer' );
$tpl_email->close();
send_email ( $userinfo['email'], $lang_account['reg_act_email_subj'], $message, 'From: Uploader Admin <' . $UPL['SETTINGS']['email'] . '>' );
}
}
// notify admin of new user?
if ( $UPL['SETTINGS']['notify_reg'] )
{
send_email ( $UPL['SETTINGS']['email'], $lang_misc['reg_notify_email_subj'], parse ( $lang_misc['reg_notify'], '{username}', $userinfo['name'] ), 'From: Uploader Admin <' . $UPL['SETTINGS']['email'] . '>' );
}
// All done, success
$msg [] = parse ( $lang_account['reg_success1'], '{username}', $userinfo['name'] );
if ( $UPL['SETTINGS']['activation_req'] ) $msg [] = parse ( $lang_account['reg_success2'], '{email}', $userinfo['email'] );
if ( !$UPL['SETTINGS']['approval'] ) $msg [] = $lang_account['reg_success3'];
$tpl_message->set ( 'message', implode ( ' ', $msg ) );
$tpl_message->set ( 'back_url', 'account.php?action=login' );
$tpl_uploader->setr ( 'content', $tpl_message );
$tpl_uploader->set ( 'page_title', $lang_titles['reg_title3'] );
$tpl_uploader->display ( );
}
else
{
exit ( 'Internal error: Could not add user to database in ' . __FILE__ . ' on ' . __LINE__ );
}
}
else
{
// Display form along with error messages
$tpl_error->setr ( 'error', $errors );
$tpl_register->setr ( 'error', $tpl_error );
$tpl_uploader->set ( array ( 'content' => &$tpl_register, 'page_title' => $lang_titles['reg_title2'] ) );
$tpl_uploader->display ( );
}
}
else
{
// Display form to user
$tpl_uploader->set ( array ( 'content' => &$tpl_register, 'page_title' => $lang_titles['reg_title1'], 'errors' => $errors ) );
$tpl_uploader->display ( );
}
}
break;
case 'checkname':
{
// name and output mode
$name = trim ( gpc ( 'name', 'G' ) );
$simple = gpc ( 'simple', 'G', false );
$result = 'OK';
$db = new DB;
if ( !$db->open ( USER_SETTINGS ) ){exit ( 'Unable to load user settings.' );}
$user_settings = $db->all();
$db->close();
if ( $name == '' ) $result = $lang_account['reg_no_name'];
elseif ( strlen ( $name ) < $user_settings['restrictions']['name_min_len'] ) $result = parse ( $lang_account['reg_short_name'], '{min_length}', $user_settings['restrictions']['name_min_len'] );
elseif ( $user_settings['restrictions']['name_max_len'] > 0 && strlen ( $name ) > $user_settings['restrictions']['name_max_len'] ) $result = parse ( $lang_account['reg_long_name'], '{max_length}', $user_settings['restrictions']['name_max_len'] );
elseif ( preg_match ( '#[^a-z0-9_]#i', $name ) ) $result = $lang_account['reg_bad_name'];
elseif ( $user_settings['restrictions']['disallowed_names'] != '' && in_array ( strtolower ( $name ), explode ( ',', $user_settings['restrictions']['disallowed_names'] ) ) ) $result = $lang_account['reg_disallowed_name'];
else
{
$mysqlDB->query ( sprintf ( "SELECT userid FROM uploader_users WHERE username='%s' LIMIT 1;", $mysqlDB->escape ( $name ) ) );
if ( $mysqlDB->getRowCount() )
{
$mysqlDB->free();
$result = parse ( $lang_account['reg_name_taken'], '{username}', htmlentities ( $name ) );
}
}
if ( $simple )
{
print $result;
}
else
{
$tpl_message->set ( array ( 'message' => $result, 'back_url' => 'javascript:history.go(-1)' ) );
$tpl_uploader->setr ( 'content', $tpl_message, 1 );
}
}
break;
case 'resend_activation':
{
$tpl_act = new Template ( TPL_DIR . 'tpl_activate.php' );
$email = trim ( gpc ( 'email', 'P', '' ) );
$err = 'none';
if ( $task == 'activate' )
{
if ( $demo ) exit ( 'Demo only!' );
if ( $email == '' )
{
$err = $lang_account['act_no_email'];
}
else
{
$mysqlDB->query ( sprintf ( "SELECT * FROM uploader_users WHERE email='%s' LIMIT 1;", $mysqlDB->escape ( $email ) ) );
if ( $mysqlDB->getRowCount() )
{
$userinfo = $mysqlDB->getAssoc();
$mysqlDB->free();
if ( $userinfo['is_activated'] )
{
$err = $lang_account['act_already_activated'];
}
else
{
$act_code = get_rand ( 32 );
$mysqlDB->query ( sprintf ( "UPDATE uploader_users SET xtr_activation_code='%s' WHERE userid=%d;", md5 ( $act_code ), $userinfo['userid'] ) );
$tpl_email = new DB;
if(!$tpl_email->open ( EMAIL_TEMPLATES ) ){exit ( 'Unable to open email templates' );}
$message = parse ( $tpl_email->get ( 'email_header' ), '{username}', $userinfo['username'] );
$message .= parse ( $tpl_email->get ( 'activation' ), '{activation_url}', $UPL['SETTINGS']['uploader_url'] . 'account.php?action=activate&userid=' . $userinfo['userid'] . '&code=' . $act_code );
$message .= $tpl_email->get ( 'email_footer' );
$tpl_email->close();
send_email ( $userinfo['email'], $lang_account['reg_act_email_subj'], $message, 'From: Uploader Admin <' . $UPL['SETTINGS']['email'] . '>' );
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -