account.php

一款文件上传程序

				else
				{
					$err = $lang_account['act_email_not_found'];
				}
			}

			// errors?
			if ( $err == 'none' )
			{
				// success
				$tpl_message->set ( 'message', $lang_account['act_email_sent'] );
				$tpl_message->set ( 'back_url', 'account.php?action=login' );
				$tpl_uploader->setr ( 'content', $tpl_message, 1 );
			}
			else
			{
				// display form again with errors
				$tpl_error->set ( 'error', $err );
				$tpl_act->setr( 'error', $tpl_error );
				$tpl_uploader->set ( 'page_title', $lang_misc['error'] );
				$tpl_uploader->setr ( 'content', $tpl_act, 1 );
			}
		}
		else
		{
			// display form
			$tpl_uploader->setr ( 'content', $tpl_act );
			$tpl_uploader->set ( 'page_title', $lang_titles['act_title1'], 1 );
		}
	}
	break;

	case 'activate':
	{
		$userid   = abs ( (int)gpc ( 'userid', 'G', 0 ) );
		$act_code = gpc ( 'code',   'G', '' );
		$result   = 'none';

		$mysqlDB->query ( sprintf ( "SELECT * FROM uploader_users WHERE userid=%d AND xtr_activation_code='%s' LIMIT 1;", $userid, md5 ( $act_code ) ) );

		if ( $mysqlDB->getRowCount() )
		{
			$userinfo = $mysqlDB->getAssoc();
			$mysqlDB->free();
			$mysqlDB->query ( sprintf ( "UPDATE uploader_users SET is_activated=1, xtr_activation_code='%s' WHERE userid=%d;", md5 ( get_rand ( 1024 ) ), $userinfo['userid'] ) );
			$result = parse ( $lang_account['act_activated'], '{username}', $userinfo['username'] );
		}
		else
		{
			$result = $lang_account['act_invalid_code'];
		}
		$tpl_message->set ( 'message', $result );
		$tpl_uploader->setr ( 'content', $tpl_message );
		$tpl_uploader->display ( );
	}
	break;

	case 'password':
	{
		$tpl_pass = new Template ( TPL_DIR . 'tpl_password.php' );

		if ( $task == 'password' )
		{
			if ( $demo ) exit ( 'Demo only!' );

			// Get user info
			$email = trim ( gpc ( 'email', 'P' ) );
			$err = 'none';

			if ( $email == '' )
			{
				$err = $lang_account['pass_no_email'];
			}
			else
			{
				$mysqlDB->query ( sprintf ( "SELECT * FROM uploader_users WHERE email='%s' LIMIT 1;", $mysqlDB->escape ( $email ) ) );

				if ( $mysqlDB->getRowCount ( ) )
				{
					$pw_code = get_rand ( 32 );
					$userinfo = $mysqlDB->getAssoc();
					$mysqlDB->free();
					$mysqlDB->query ( sprintf ( "UPDATE uploader_users SET xtr_password_reset_code='%s' WHERE userid=%d;", md5 ( $pw_code ), $userinfo['userid'] ) );

					$email_templates = new DB;
					if ( !$email_templates->open ( EMAIL_TEMPLATES ) ) { exit ( 'Unable to open email templates' ); }
					$message = parse ( $email_templates->get ( 'email_header' ), '{username}', $userinfo['username'] );
					$message .= parse ( $email_templates->get ( 'password_request' ), array ( '{ip}' => $_SERVER['REMOTE_ADDR'], '{reset_url}' => $UPL['SETTINGS']['uploader_url'] . 'account.php?action=resetpassword&userid=' . $userinfo['userid'] . '&code=' . $pw_code ) );
					$message .= $email_templates->get ( 'email_footer' );
					$email_templates->close();
					send_email ( $userinfo['email'], $lang_account['pass_email_sub2'], $message, 'From: Uploader Admin <' . $UPL['SETTINGS']['email'] . '>' );
				}
				else
				{
					$err = $lang_account['pass_email_not_found'];
				}
			}

			// errors?
			if ( $err == 'none' )
			{
				$tpl_message->set ( 'message', parse ( $lang_account['pass_sent'], '{username}', $userinfo['username'] ) );
				$tpl_message->set ( 'back_url', 'account.php?action=login' );
				$tpl_uploader->setr ( 'content', $tpl_message, 1 );
			}
			else
			{
				// display form again with error messages
				$tpl_error->set ( 'error', $err );
				$tpl_pass->setr( 'error', $tpl_error );
				$tpl_uploader->set ( array ( 'page_title' => $lang_misc['error'], 'content' => &$tpl_pass ), '', 1 );
			}
		}
		else
		{
			// show form for user to enter email address
			$tpl_uploader->setr ( 'content', $tpl_pass, 1 );
		}
	}
	break;

	case 'resetpassword':
	{
		$userid = abs ( (int)gpc ( 'userid', 'PG', 0 ) );
		$code   = trim ( gpc ( 'code',   'PG', '' ) );
		$result = 'none';

		// find user
		$mysqlDB->query ( sprintf ( "SELECT * FROM uploader_users WHERE userid=%d AND xtr_password_reset_code='%s' LIMIT 1;", $userid, md5 ( $code ) ) );

		if ( $mysqlDB->getRowCount() )
		{
			// update
			$userinfo = $mysqlDB->getAssoc();
			$pw_new = get_rand ( 6 );
			$mysqlDB->query ( sprintf ( "UPDATE uploader_users SET password='%s', xtr_password_reset_code='%s' WHERE userid=%d;", md5 ( $pw_new ), md5 ( get_rand ( 1024 ) ), $userinfo['userid'] ) );
			// send new password to user
			$tpl_email = new DB;
			if ( !$tpl_email->open ( EMAIL_TEMPLATES ) ) { exit ( 'Unable to open email templates' ); }
			$message = parse ( $tpl_email->get ( 'email_header' ), '{username}', $userinfo['username'] );
			$message .= parse ( $tpl_email->get ( 'password_reset' ), array ( '{new_password}' => $pw_new, '{login_url}' => $UPL['SETTINGS']['uploader_url'] . 'account.php?action=login' ) );
			$message .= $tpl_email->get ( 'email_footer' );
			$tpl_email->close();
			send_email ( $userinfo['email'], $lang_account['pass_email_subj'], $message, 'From: Uploader Admin <' . $UPL['SETTINGS']['email'] . '>' );
			// OK
			$result = $lang_account['pass_reset'];
		}
		else
		{
			$result = $lang_account['pass_invalid'];
		}
		// show result
		$tpl_message->set ( 'message', $result );
		$tpl_message->set ( 'back_url', 'account.php?action=login' );
		$tpl_uploader->setr ( 'content', $tpl_message, 1 );
	}
	break;

	case 'confirm_email_change':
	{
		$userid = abs ( (int)gpc ( 'userid', 'G', 0 ) );
		$code   = gpc ( 'code', 'G', '' );
		$result = 'none';

		$mysqlDB->query ( sprintf ( "SELECT userid,username,email,xtr_new_email_address FROM uploader_users WHERE userid=%d AND xtr_change_email_code='%s' LIMIT 1;", $userid, md5 ( $code ) ) );

		if ( $mysqlDB->getRowCount() )
		{
			$userinfo = $mysqlDB->getAssoc();
			$mysqlDB->free();
			if ( $userinfo['xtr_new_email_address'] == '' ) exit ( 'Unexpected error, xtr_new_email_address is blank in account.php line ' . __LINE__ );
			$mysqlDB->query ( sprintf ( "UPDATE uploader_users SET xtr_new_email_address='', email='%s', xtr_change_email_code='%s' WHERE userid=%d;", $userinfo['xtr_new_email_address'], md5 ( get_rand ( 100 ) ), $userinfo['userid'] ) );
			$result = $lang_account['email_changed'];
		}
		else $result = $lang_account['email_invalid_code'];
		// show result
		$tpl_message->set ( 'message', $result );
		$tpl_uploader->setr ( 'content', $tpl_message, 1 );
	}
	break;

	case 'login':
	{
		// already logged in? quit
		if ( $UPL['USER']['logged_in'] )
		{
			exit ( header ( 'Location: index.php' ) );
		}

		// start up
		$tpl_login = new Template ( TPL_DIR . 'tpl_login.php' );
		$err = 'none';

		// get inputs
		$username = gpc ( 'username', 'PG', gpc ( 'uploader_username', 'C' ) );
		$password = gpc ( 'password', 'P' );
		$remember = gpc ( 'remember', 'P', true );

		// to templates
		$tpl_login->set ( 'username', $username );
		$tpl_login->set ( 'password', $password );
		$tpl_login->set ( 'remember', $remember );

		if ( $task == 'login' )
		{
			// Do login
			if ( $username == '' || $password == '' )
			{
				$err = $lang_account['log_no_input'];
			}
			else
			{
				// Find user
				$mysqlDB->query ( sprintf ( "SELECT userid,username,password FROM uploader_users WHERE username='%s' LIMIT 1;", $mysqlDB->escape ( $username ) ) );

				if ( $mysqlDB->getRowCount() )
				{
					$userinfo = $mysqlDB->getAssoc();

					if ( $userinfo['password'] != md5 ( $password ) )
					{
						$err = $lang_account['log_bad_password'];
					}
					else
					{
						// Success
						$mysqlDB->query ( sprintf ( "UPDATE uploader_users SET last_login_ip='%s', last_login_time=%d WHERE userid=%d;", $_SERVER['REMOTE_ADDR'], time ( ), $userinfo['userid'] ) );
						// set cookie and send user to myfiles
						$time_out = $remember ? time ( ) + 2592000 : 0;
						$domain   = $UPL['CONFIGS']['COOKIE_DOMAIN'];
						setcookie ( 'uploader_username', $userinfo['username'], $time_out, '/', $domain, 0 );
						setcookie ( 'uploader_userid',   $userinfo['userid'], $time_out, '/', $domain, 0 );
						setcookie ( 'uploader_password', md5 ( $password ), $time_out, '/', $domain, 0 );
					}
				}
				else
				{
					$err = $lang_account['log_bad_user'];
				}
			}
			// login success?
			if ( $err == 'none' )
			{
				header ( 'Location: ' . ( MOD_REWRITE ? $UPL['SETTINGS']['uploader_url'] . 'myfiles' : 'myfiles.php' ) );
			}
			else
			{
				// show login form with errors
				$tpl_error->set ( 'error', $err );
				$tpl_login->setr( 'error', $tpl_error );
				$tpl_uploader->set ( array ( 'page_title' => $lang_titles['log_title1'], 'content' => &$tpl_login ), '', 1 );
			}
		}
		else
		{
			// show login form
			$tpl_uploader->set ( array ( 'page_title' => $lang_titles['log_title2'], 'content' => &$tpl_login ), '', 1 );
		}
	}
	break;

	case 'logout':
	{
		// clear all cookies
		$dm = $UPL['CONFIGS']['COOKIE_DOMAIN'];
		setcookie ( 'uploader_username', '', -1, '/', $dm );
		setcookie ( 'uploader_userid', '', -1, '/', $dm );
		setcookie ( 'uploader_password', '', -1, '/', $dm );
		header ( 'Location: ' .(  MOD_REWRITE ? $UPL['SETTINGS']['uploader_url'] . 'login' : 'account.php?action=login') );
	}
	break;
}
?>