member.php

1、上传所有文件至服务器目录。 2、使用 MYSQL 管理工具

<?php
error_reporting(7);

if ($HTTP_GET_VARS['HTTP_POST_VARS']['action'] == $HTTP_POST_VARS['action']) {
  unset($HTTP_POST_VARS['action']);
}
$HTTP_POST_VARS['action'] = trim($HTTP_POST_VARS['action']);

if ($HTTP_POST_VARS['action']) {
	$action = $HTTP_POST_VARS['action'];
} else if ($HTTP_GET_VARS['action']) {
	$action = $HTTP_GET_VARS['action'];
}
if ($HTTP_GET_VARS['a']) {
	$a = $HTTP_GET_VARS['a'];
}

if ( isset($action) and $action=="login") {
  $noheader=1;
}

if ((!isset($action) or $action=="") and (!isset($a) or $a=="")) {
  $action="lostpw";
}

$templatesused = '';

// ############################### start logout ###############################
if ($action=="logout") {
  $templatesused = 'error_cookieclear';
  include("./global.php");
  vbsetcookie("bbuserid","",1);
  vbsetcookie("bbpassword","",1);
  vbsetcookie("bbstyleid","",1);

  if ($bbuserinfo[userid] > 0) {
    $DB_site->query("UPDATE ".$table["user"]." SET lastactivity='".(time()-$cookietimeout)."',lastvisit='".time()."' WHERE userid='$bbuserinfo[userid]'");
  }

  $DB_site->query("DELETE FROM ".$table["session"]." WHERE sessionhash='".addslashes($session[dbsessionhash])."'");

  if ($bbuserinfo[userid] > 0) {
    // make sure any other of this user's sessions are deleted (incase they ended up with more than one)
    $DB_site->query("DELETE FROM ".$table["session"]." WHERE userid='$bbuserinfo[userid]'");
  }

  $session['sessionhash']=md5(uniqid(microtime()));
  $session['dbsessionhash']=$session['sessionhash'];
  $DB_site->query("INSERT INTO ".$table["session"]." (sessionhash,userid,host,useragent,lastactivity,styleid) VALUES ('".addslashes($session['sessionhash'])."','0','".addslashes($session['host'])."','".addslashes($session['useragent'])."','".time()."','0')");
  vbsetcookie("sessionhash",$session['sessionhash'],0);

  eval("standardredirect(\"".gettemplate("error_cookieclear")."\",\"index.php?s=$session[dbsessionhash]\");");

}

// ############################### start login ###############################
if ($action=="login") {
  $templatesused = 'redirect_login,error_wrongpassword,error_wrongusername';
  include("./global.php");
  $userid = 0;
  if (isset($username)) {
    // get userid for given username
    if ($user=$DB_site->query_first("SELECT userid,username,password,cookieuser FROM ".$table["user"]." WHERE username='".addslashes(htmlspecialchars($username))."'")) {
      if ($user['password']!=md5($password)) {  // check password
        eval("standarderror(\"".gettemplate("error_wrongpassword")."\");");
        exit;
      }
      $userid=$user[userid];
    } else { // invalid username entered
      eval("standarderror(\"".gettemplate("error_wrongusername")."\");");
      exit;
    }

    if ($user['cookieuser']==1) {
      vbsetcookie("bbuserid",$user['userid']);
      vbsetcookie("bbpassword",$user['password']);
    }

    $DB_site->query("DELETE FROM ".$table["session"]." WHERE sessionhash='".addslashes($session[dbsessionhash])."'");

    $session['sessionhash']=md5(uniqid(microtime()));
    $session['dbsessionhash']=$session['sessionhash'];
    $DB_site->query("INSERT INTO ".$table["session"]." (sessionhash,userid,host,useragent,lastactivity,styleid) VALUES ('".addslashes($session['sessionhash'])."','".intval($userid)."','".addslashes($session['host'])."','".addslashes($session['useragent'])."','".time()."','$session[styleid]')");
    vbsetcookie("sessionhash",$session['sessionhash'],0);
    $username = $user['username'];
  }

  $url=ereg_replace("sessionhash=[a-z0-9]{32}&","",$url);
  $url=ereg_replace("\\?sessionhash=[a-z0-9]{32}","",$url);
  $url=ereg_replace("s=[a-z0-9]{32}&","",$url);
  $url=ereg_replace("\\?s=[a-z0-9]{32}","",$url);

  if ($url!="" and $url!="index.php" and $url!=$HTTP_REFERER) {

    if (strpos($url,"?")>0) {
      $url.="&s=$session[dbsessionhash]";
    } else {
      $url.="?s=$session[dbsessionhash]";
    }

    $url = str_replace("\"", "", $url);
    eval("standardredirect(\"".gettemplate("redirect_login")."\",\"\$url\");");
  } else {
    $bbuserinfo=getuserinfo($userid);
    eval("standardredirect(\"".gettemplate("redirect_login")."\",\"index.php?s=$session[dbsessionhash]\");");
  }

}

// ############################### start lost password ###############################
if ($action=="lostpw") {
  $templatesused = 'lostpw';
  include("./global.php");
  eval("dooutput(\"".gettemplate("lostpw")."\");");
}

// ############################### start email password ###############################
if ($HTTP_POST_VARS['action']=="emailpassword") {
  $templatesused = 'redirect_lostpw,error_invalidemail';
  include("./global.php");

  $users=$DB_site->query("SELECT userid,username,email FROM ".$table["user"]." WHERE email='".addslashes(htmlspecialchars($email))."'");

  if ($DB_site->num_rows($users)) {

    while ($user=$DB_site->fetch_array($users)) {
		
	  $check = $DB_site->query_first("SELECT * FROM ".$table["useractivation"]." WHERE userid=$user[userid] and type=1");
	  if($ourtimenow-$check['dateline'] <= 60) {
        eval("standarderror(\"".gettemplate("error_emailflood")."\");");
      }
	  
      $username=unhtmlspecialchars($user[username]);

			// delete old activation id
			$DB_site->query("DELETE FROM ".$table["useractivation"]." WHERE userid='$user[userid]' AND type=1");

			// make random number
			mt_srand ((double) microtime() * 1000000);
			$user[activationid]=mt_rand(0,100000000);

			//save to DB
			$DB_site->query("INSERT INTO ".$table["useractivation"]." VALUES (NULL,'$user[userid]','".time()."','$user[activationid]',1)");


      eval("\$message = \"".gettemplate("email_lostpw",1,0)."\";");
      eval("\$subject = \"".gettemplate("emailsubject_lostpw",1,0)."\";");

      mail ($user[email],$subject,$message,"From: \"$webtitle Mailer\" <$webmasteremail>");

    }
		if ($url=="") {
			$url="index.php?s=$session[sessionhash]";
		}

    $url = str_replace("\"", "", $url);
    eval("standardredirect(\"".gettemplate("redirect_lostpw")."\",\"\$url\");");
  } else {
    eval("standarderror(\"".gettemplate("error_invalidemail")."\");");
  }
}

// ############################### start reset password ###############################
if ($action=="resetpassword") {
	$a="pwd";
}

if ($a=="pwd") {
  $templatesused = 'error_resetexpired,error_resetbadid,email_resetpw,emailsubject_resetpw,error_resetpw';
  include("./global.php");

  if (!isset($userid)) {
		$userid=$u;
  }
  if (!isset($activationid)) {
		$activationid=$i;
	}

  $userinfo=verifyid("user",$userid,1,1);

  $user=$DB_site->query_first("SELECT activationid,dateline FROM ".$table["useractivation"]." WHERE type=1 AND userid='".addslashes($userinfo[userid])."'");

  if ($user[dateline]<(time()-24*60*60)) {  // is it older than 24 hours?
    eval("standarderror(\"".gettemplate("error_resetexpired")."\");");
	}

  if ($user[activationid]!=$activationid) { //wrong act id
    eval("standarderror(\"".gettemplate("error_resetbadid")."\");");
	}


	// delete old activation id
	$DB_site->query("DELETE FROM ".$table["useractivation"]." WHERE userid='$userinfo[userid]' AND type=1");

	// make random number
	mt_srand ((double) microtime() * 1000000);
	$newpassword=mt_rand(0,100000000);

  $DB_site->query("UPDATE ".$table["user"]." SET password='".addslashes(md5($newpassword))."' WHERE userid=$userinfo[userid]");

	eval("\$message = \"".gettemplate("email_resetpw",1,0)."\";");
	eval("\$subject = \"".gettemplate("emailsubject_resetpw",1,0)."\";");

	mail ($userinfo[email],$subject,$message,"From: \"$webtitle Mailer\" <$webmasteremail>");

  eval("standarderror(\"".gettemplate("error_resetpw")."\");");

}

// ############################### start modify profile ###############################
if ($action=="editprofile") {
  $templatesused = 'modifyprofile';
  include("./global.php");
  // do modify profile form

  if ($bbuserinfo[userid]==0 or $permissions['canmodifyprofile']==0) {
    show_nopermission();
  }

  if ($bbuserinfo[adminemail]) {
    $allowmailchecked="checked";
    $allowmailnotchecked="";
  } else {
    $allowmailchecked="";
    $allowmailnotchecked="checked";
  }

  if ($bbuserinfo[cookieuser]) {
    $cookieuserchecked="checked";
    $cookieusernotchecked="";
  } else {
    $cookieuserchecked="";
    $cookieusernotchecked="checked";
  }

  if ($bbuserinfo[nosessionhash]) {
    $nosessionhashchecked="checked";
    $nosessionhashnotchecked="";
  } else {
    $nosessionhashchecked="";
    $nosessionhashnotchecked="checked";
  }

  eval("dooutput(\"".gettemplate("modifyprofile")."\");");
}

// ############################### start update profile ###############################
if ($HTTP_POST_VARS['action']=="updateprofile") {
  $templatesused = 'redirect_updatethanks,error_fieldmissing,error_emailmismatch,error_emailtaken,error_requiredfieldmissing';
  include("./global.php");

  if ($bbuserinfo[userid]==0 or $permissions['canmodifyprofile']==0) {
    show_nopermission();
  }

  if ($enablebanning and $banemail!="") {
  	$banemail = preg_replace("/[[:space:]]+/"," ",$banemail);

   if (!$allowkeepbannedemail or $bbuserinfo[email]!=$email) {
     if (stristr(" ".$banemail." "," ".$email." ")!="") {
        eval("standarderror(\"".gettemplate("error_banemail")."\");");
        exit;
      }
      if ($emaildomain=substr(strstr($email,"@"),1)) {
        if (stristr(" ".$banemail." "," ".$emaildomain." ")!="") {
          eval("standarderror(\"".gettemplate("error_banemail")."\");");
          exit;
        }
      }
    }
  }

  if ($requireuniqueemail and $bbuserinfo['email']!=$email and $checkuser=$DB_site->query_first("SELECT userid,username,email FROM ".$table["user"]." WHERE email='".addslashes($email)."' AND userid<>'$bbuserinfo[userid]'")) {
    if ($checkuser[userid]!=$bbuserinfo[userid]) {
      eval("standarderror(\"".gettemplate("error_emailtaken")."\");");
      exit;
    }
  }

  if ($email=="" or $emailconfirm=="") {
    eval("standarderror(\"".gettemplate("error_fieldmissing")."\");");
    exit;
  }

  if ($email!=$emailconfirm) {
    eval("standarderror(\"".gettemplate("error_emailmismatch")."\");");
    exit;
  }

  // check valid email address
  if (!preg_match("/^(.+)@[a-zA-Z0-9-]+\.[a-zA-Z0-9.-]+$/si", $email)) {
    eval("standarderror(\"".gettemplate("error_bademail")."\");");
  }

  $icq=intval($icq);
  if ($icq==0) {
    $icq="";
  }
  $oicq=intval($oicq);
  if ($oicq==0) {
    $oicq="";
  }

  if ($verifyemail and $email!=$bbuserinfo['email'] and $bbuserinfo['usergroupid']==2 or $bbuserinfo['usergroupid']==3) {
    $newemailaddress=1;

    // delete old activation id
    $DB_site->query("DELETE FROM ".$table["useractivation"]." WHERE userid='$bbuserinfo[userid]' AND type=0");

		// make random number
		mt_srand ((double) microtime() * 1000000);
    $activateid=mt_rand(0,100000000);

    //save to DB
		$DB_site->query("INSERT INTO ".$table["useractivation"]." VALUES (NULL,'$bbuserinfo[userid]','".time()."','$activateid',0)");

    $username=unhtmlspecialchars($bbuserinfo['username']);
    $userid=$bbuserinfo['userid'];

    eval("\$message = \"".gettemplate("email_activateaccount_change",1,0)."\";");
    eval("\$subject = \"".gettemplate("emailsubject_activateaccount_change",1,0)."\";");

    mail ($email,$subject,$message,"From: \"$bbtitle Mailer\" <$webmasteremail>");

    $bbuserinfo['usergroupid'] = 3;
  } else {
    $newemailaddress=0;
  }

  $homepage = trim($homepage);
  if ($homepage) {
    if (preg_match('#^www\.#si', $homepage)) {
      $homepage = "http://$homepage";
    } else if (!preg_match('#^[a-z0-9]+://#si', $homepage)) {
      // homepage doesn't match the http://-style format in the beginning -- possible attempted exploit
      $homepage = '';
    }
  }

  $adminemail=iif($allowmail=="yes",1,0);
  $cookieuser=iif($cookieuser=="yes",1,0);
  $nosessionhash=iif($nosessionhash=="yes",1,0);

  //delete cookies if cookie user is off
  if ($cookieuser==0) {
    vbsetcookie("bbuserid","");
    vbsetcookie("bbpassword","");
  }

  $DB_site->query("UPDATE ".$table["user"]." SET email='".addslashes(htmlspecialchars($email))."',homepage='".addslashes(htmlspecialchars($homepage))."', 
                   icq='".addslashes(htmlspecialchars($icq))."',oicq='".addslashes(htmlspecialchars($oicq))."', 
                   adminemail='$adminemail',cookieuser='$cookieuser',nosessionhash='$nosessionhash', 
                   usergroupid='$bbuserinfo[usergroupid]' WHERE userid='$bbuserinfo[userid]'");

  if ($newemailaddress) {
    eval("standardredirect(\"".gettemplate("redirect_updatethanks_newemail")."\",\"index.php?s=$session[sessionhash]\");");
  } else {
    eval("standardredirect(\"".gettemplate("redirect_updatethanks")."\",\"index.php?s=$session[sessionhash]\");");
  }

}

// ############################### start modify password ###############################
if ($action=="editpassword") {
  $templatesused = 'modifypassword';
  include("./global.php");
  // do modify profile form

  if ($bbuserinfo[userid]==0) {
    show_nopermission();
  }

  eval("dooutput(\"".gettemplate("modifypassword")."\");");
}

// ############################### start update password ###############################
if ($HTTP_POST_VARS['action']=="updatepassword") {
  $templatesused = 'error_wrongpassword,error_passwordmismatch,redirect_updatethanks';
  include("./global.php");

  if ($bbuserinfo[userid]==0) {
    show_nopermission();
  }

  // validate old password
  if (md5($currentpassword)!=$bbuserinfo[password]) {
    eval("standarderror(\"".gettemplate("error_wrongpassword")."\");");
    exit;
  }

  if ($newpassword!=$newpasswordconfirm) {
    eval("standarderror(\"".gettemplate("error_passwordmismatch")."\");");
    exit;
  }

  $DB_site->query("UPDATE ".$table["user"]." SET password='".addslashes(md5($newpassword))."',usergroupid='$bbuserinfo[usergroupid]' WHERE userid='$bbuserinfo[userid]'");

  eval("standardredirect(\"".gettemplate("redirect_updatethanks")."\",\"index.php?s=$session[sessionhash]\");");

}

?>