member.php

极限网络智能办公系统 Office Automation V3.0官方100％源代码.

<?php

/*
	[Discuz!] (C)2001-2007 Comsenz Inc.
	This is NOT a freeware, use is subject to license terms

	$RCSfile: member.php,v $
	$Revision: 1.46.2.1 $
	$Date: 2007/03/21 15:52:04 $
*/

define('CURSCRIPT', 'member');

define('NOROBOT', TRUE);
require_once './include/common.inc.php';

if($action == 'clearcookies' && !empty($formhash) && $formhash == formhash()) {

	if(is_array($_COOKIE)) {
		foreach ($_COOKIE as $key => $val) {
			dsetcookie($key, '', -86400 * 365, 0);
		}
	}
	dheader("Location: {$boardurl}".$indexname);

} elseif($action == 'online') {

	$discuz_action = 31;

	@include language('actions');

	$page = max(1, intval($page));
	$start_limit = ($page - 1) * $memberperpage;

	$query = $db->query("SELECT COUNT(*) FROM {$tablepre}sessions");
	$num = $db->result($query, 0);
	$multipage = multi($num, $memberperpage, $page, 'member.php?action=online');

	$onlinelist = array();
	$query = $db->query("SELECT s.*, f.name, t.subject FROM {$tablepre}sessions s
		LEFT JOIN {$tablepre}forums f ON s.fid=f.fid
		LEFT JOIN {$tablepre}threads t ON s.tid=t.tid
		WHERE s.invisible='0'
		ORDER BY s.lastactivity DESC LIMIT $start_limit, $memberperpage");

	while($online = $db->fetch_array($query)) {
		$online['lastactivity'] = gmdate($timeformat, $online['lastactivity'] + $timeoffset * 3600);
		$online['action'] = $actioncode[$online['action']];
		$online['subject'] = $online['subject'] ? cutstr($online['subject'], 35) : NULL;
		$online['ip'] = $online['ip1'].'.'.$online['ip2'].'.'.$online['ip3'].'.'.$online['ip4'];

		$onlinelist[] = $online;
	}

	include template('whosonline');

} elseif($action == 'list') {

	$type = !empty($type) ? $type : '';
	$discuz_action = 41;

	if(!$memliststatus && $type != 'birthdays') {
		showmessage('member_list_disable', NULL, 'HALTED');
	} elseif($type == 'birthdays' && !$maxbdays) {
		showmessage('todays_birthdays_banned');
	}

	$orderadd = $sql = $num = $birthdayadd = '';

	switch($type) {
		case 'admins':
			$sql = 'WHERE groupid IN (1, 2, 3)';
			$orderadd = '';
			$querynum = $db->query("SELECT COUNT(*) FROM {$tablepre}members $sql");
			$num = $db->result($querynum, 0);
			break;
		case 'birthdays':
			@include DISCUZ_ROOT.'./forumdata/cache/cache_birthdays.php';
			$num = $_DCACHE['birthdays']['num'];
			$sql = 'WHERE m.uid IN ('.($_DCACHE['birthdays']['uids'] ? $_DCACHE['birthdays']['uids'] : '0').')';
			$orderadd = '';
			$birthdayadd = ',m.bday ';
			break;
		default:
			$order = empty($order) ? '' : $order;
			if($order == 'credits' || $order == 'gender') {
				$orderadd = "ORDER BY $order DESC";
			} elseif($order == 'username' || $order == 'regdate') {
				$orderadd = "ORDER BY $order";
			} else {
				$orderadd = 'ORDER BY uid';
				$order = 'uid';
			}
			$sql = !empty($srchmem) ? " WHERE BINARY username LIKE '%".str_replace('_', '\_', $srchmem)."%' OR username='$srchmem'" : '';
			$querynum = $db->query("SELECT COUNT(*) FROM {$tablepre}members $sql");
			$num = $db->result($querynum, 0);
	}

	$page = max(1, intval($page));
	$page = $threadmaxpages && $page > $threadmaxpages ? 1 : $page;
	$start_limit = ($page - 1) * $memberperpage;

	$multipage = multi($num, $memberperpage, $page, "member.php?action=list&srchmem=".rawurlencode($srchmem)."&amp;order=$order&amp;type=$type", $membermaxpages);

	$memberlist = array();

	$query = $db->query("SELECT m.uid, m.username, m.gender, m.email, m.regdate, m.lastvisit, m.posts, m.credits,
		m.showemail$birthdayadd, mf.nickname, mf.site, mf.location FROM {$tablepre}members m
		LEFT JOIN {$tablepre}memberfields mf USING(uid) $sql $orderadd LIMIT $start_limit, $memberperpage");

	while($member = $db->fetch_array($query)) {
		$member['usernameenc'] = rawurlencode($member['username']);
		$member['regdate'] = gmdate($dateformat, $member['regdate'] + $timeoffset * 3600 );
		$member['site'] = str_replace('http://', '', $member['site']);
		$member['lastvisit'] = gmdate("$dateformat $timeformat", $member['lastvisit'] + ($timeoffset * 3600));
		$memberlist[] = $member;
	}

	include template('memberlist');

} elseif($action == 'credits') {

	if(empty($extcredits)) {
		showmessage('credits_disabled');
	}

	$policyarray = array();
	foreach($creditspolicy as $operation => $policy) {
		$policyarray[$operation] = $policy;
		if(in_array($operation, array('post', 'reply', 'postattach'))) {
			if($forum) {
				$policyarray['forum_'.$operation] = $forum[$operation.'credits'] ? $forum[$operation.'credits'] : $creditspolicy[$operation];
			} else {
				foreach($extcredits as $id => $credit) {
					$policyarray['forum_'.$operation][$id] = 'N/A';
				}
			}
		}
	}

	$creditsarray = array();
	for($i = 1; $i <= 8; $i++) {
		if(isset($extcredits[$i])) {
			foreach($policyarray as $operation => $policy) {
				$addcredits = in_array($operation, array('getattach', 'pm', 'search')) ? -$policy[$i] : $policy[$i];
				$creditsarray[$i][$operation] = empty($policy[$i]) ? 0 : (is_numeric($policy[$i]) ? '<b>'.($addcredits > 0 ? '+'.$addcredits : $addcredits).'</b> '.$extcredits[$i]['unit'] : $policy[$i]);
			}
		}
	}

	include template('credits');

} elseif($action == 'markread') {

	if($discuz_user) {
		$db->query("UPDATE {$tablepre}members SET lastvisit='$timestamp' WHERE uid='$discuz_uid'");
	}

	showmessage('mark_read_succeed', $indexname);

} elseif($action == 'regverify' && $regverify == 2 && $groupid == 8 && submitcheck('verifysubmit')) {

	$query = $db->query("SELECT uid FROM {$tablepre}validating WHERE uid='$discuz_uid' AND status='1'");
	if($db->num_rows($query)) {
		$db->query("UPDATE {$tablepre}validating SET submittimes=submittimes+1, submitdate='$timestamp', status='0', message='".dhtmlspecialchars($regmessagenew)."'
			WHERE uid='$discuz_uid'");
		showmessage('submit_verify_succeed', 'memcp.php');
	} else {
		showmessage('undefined_action', NULL, 'HALTED');
	}

} elseif($action == 'emailverify') {

	$query = $db->query("SELECT mf.authstr FROM {$tablepre}members m, {$tablepre}memberfields mf
		WHERE m.uid='$discuz_uid' AND mf.uid=m.uid AND m.groupid='8'");

	if(!$member = $db->fetch_array($query)) {
		showmessage('undefined_action', NULL, 'HALTED');
	}

	list($dateline, $type, $idstring) = explode("\t", $member['authstr']);
	if($type == 2 && $timestamp - $dateline < 86400) {
		showmessage('email_verify_invalid');
	}

	$idstring = $type == 2 && $idstring ? $idstring : random(6);
	$db->query("UPDATE {$tablepre}memberfields SET authstr='$timestamp\t2\t$idstring' WHERE uid='$discuz_uid'");

	sendmail("$discuz_userss <$email>", 'email_verify_subject', 'email_verify_message');
	showmessage('email_verify_succeed');

} elseif($action == 'activate' && $uid && $id) {

	$query = $db->query("SELECT m.uid, m.username, m.credits, mf.authstr FROM {$tablepre}members m, {$tablepre}memberfields mf
		WHERE m.uid='$uid' AND mf.uid=m.uid AND m.groupid='8'");

	$member = $db->fetch_array($query);

	list($dateline, $operation, $idstring) = explode("\t", $member['authstr']);

	if($operation == 2 && $idstring == $id) {
		$query = $db->query("SELECT groupid FROM {$tablepre}usergroups WHERE type='member' AND $member[credits]>=creditshigher AND $member[credits]<creditslower LIMIT 1");
		$db->query("UPDATE {$tablepre}members SET groupid='".$db->result($query, 0)."' WHERE uid='$member[uid]'");
		$db->query("UPDATE {$tablepre}memberfields SET authstr='' WHERE uid='$member[uid]'");
		showmessage('activate_succeed', $indexname);
	} else {
		showmessage('activate_illegal', NULL, 'HALTED');
	}

} elseif($action == 'lostpasswd') {

	$discuz_action = 141;

	if(!submitcheck('lostpwsubmit')) {
		include template('lostpasswd');
	} else {
		$secques = quescrypt($questionid, $answer);
		$query = $db->query("SELECT uid, username, adminid, email FROM {$tablepre}members WHERE username='$username' AND secques='$secques' AND email='$email'");
		if(!$member = $db->fetch_array($query)) {
			showmessage('getpasswd_account_notmatch', NULL, 'HALTED');
		} elseif($member['adminid'] == 1 || $member['adminid'] == 2) {
			showmessage('getpasswd_account_invalid', NULL, 'HALTED');
		}

		$idstring = random(6);
		$db->query("UPDATE {$tablepre}memberfields SET authstr='$timestamp\t1\t$idstring' WHERE uid='$member[uid]'");

		sendmail("$username <$member[email]>", 'get_passwd_subject', 'get_passwd_message');
		showmessage('getpasswd_send_succeed');
	}

} elseif($action == 'getpasswd' && $uid && $id) {

	$discuz_action = 141;

	$query = $db->query("SELECT m.username, mf.authstr FROM {$tablepre}members m, {$tablepre}memberfields mf
		WHERE m.uid='$uid' AND mf.uid=m.uid");

	$member = $db->fetch_array($query);