登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 3 Fork 2

mojie126/HDCN-PT

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
cardrecover.php 6.12 KB
一键复制 编辑 原始数据 按行查看 历史
mojie126 提交于 2015-12-09 13:56 . 咕~~(╯﹏╰)b
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153
<?php

require "include/bittorrent.php";

dbconn();

failedloginscheck("Recover", true);



$take_recover = !isset($_GET['sitelanguage']);

$langid = 0 + $_GET['sitelanguage'];

if ($langid) {

	$lang_folder = validlang($langid);

	if (get_langfolder_cookie() != $lang_folder) {

		set_langfolder_cookie($lang_folder);

		header("Location: " . $_SERVER['PHP_SELF']);

	}

}

require_once(get_langfile_path("", false, $CURLANGDIR));



function bark($msg) {

	global $lang_recover;

	stdhead();

	stdmsg($lang_recover['std_recover_failed'], $msg);

	stdfoot();

	exit;

}



if ($_SERVER["REQUEST_METHOD"] == "POST") {

	if ($iv == "yes")

		check_code($_POST['imagehash'], $_POST['imagestring'], "cardrecover.php", true);

	$stuid = unesc(htmlspecialchars(trim($_POST["stuid"])));

	$cardpass = unesc(htmlspecialchars(trim($_POST["password"])));

	if (!$stuid)

		failedlogins($lang_recover['std_missing_stuid'], true);

	if (!$cardpass)

		failedlogins($lang_recover['std_missing_password'], true);

	if (!getOneCard($stuid, $cardpass))

		failedlogins($lang_recover['std_stuid_failed'], true);



	$res = sql_query("SELECT * FROM users WHERE cardnum=" . sqlesc($stuid) . " LIMIT 1") or sqlerr(__FILE__, __LINE__);

	$arr = mysql_fetch_assoc($res);

	if (!$arr)

		failedlogins($lang_recover['std_stuid_not_in_database'], true);

	if ($arr['status'] == "pending")

		failedlogins($lang_recover['std_user_account_unconfirmed'], true);



	$recover_username = $arr['username'];

	$email = $arr['email'];

	$sec = mksecret();



	sql_query("UPDATE users SET editsecret=" . sqlesc($sec) . " WHERE id=" . sqlesc($arr["id"])) or sqlerr(__FILE__, __LINE__);

	if (!mysql_affected_rows())

		stderr($lang_recover['std_error'], $lang_recover['std_database_error']);



	$hash = md5($sec . $email . $arr["passhash"] . $sec);

	$ip = getip();

	$title = $SITENAME . $lang_recover['mail_title'];



	if ($securetracker == 'yes' || $securetracker == 'op')

		$tracker_ssl = true;

	elseif ($_COOKIE["c_secure_tracker_ssl"] == base64("yeah"))

		$tracker_ssl = true;

	else

		$tracker_ssl = false;

	if ($tracker_ssl == true) {

		$ssl_invite = "https://";

	} else {

		$ssl_invite = "http://";

	}

	$body = <<<EOD

{$lang_recover['mail_one']}($recover_username){$lang_recover['mail_two']}$ip{$lang_recover['mail_three']}

<b><a href="$ssl_invite$BASEURL/cardrecover.php?id={$arr["id"]}&secret=$hash">$ssl_invite$BASEURL/cardrecover.php?id={$arr["id"]}&secret=$hash</a></b><br />

{$lang_recover['mail_four']}

EOD;



	sent_mail($arr["email"], $SITENAME, $SITEEMAIL, change_email_encode(get_langfolder_cookie(), $title), change_email_encode(get_langfolder_cookie(), $body), "confirmation", true, false, '', get_email_encode(get_langfolder_cookie()));

} elseif ($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]) && isset($_GET["secret"])) {

	$id = 0 + $_GET["id"];

	$md5 = $_GET["secret"];



	if (!$id)

		httperr();



	$res = sql_query("SELECT username, email, passhash, editsecret FROM users WHERE id = " . sqlesc($id)) or sqlerr(__FILE__, __LINE__);

	$arr = mysql_fetch_array($res) or httperr();



	$email = $arr["email"];



	$sec = hash_pad($arr["editsecret"]);

	if (preg_match('/^ *$/s', $sec))

		httperr();

	if ($md5 != md5($sec . $email . $arr["passhash"] . $sec))

		httperr();



	// generate new password;

	$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";



	$newpassword = "";

	for ($i = 0; $i < 10; $i++)

		$newpassword .= $chars[mt_rand(0, strlen($chars) - 1)];



	$sec = mksecret();



	$newpasshash = md5($sec . $newpassword . $sec);



	sql_query("UPDATE users SET secret=" . sqlesc($sec) . ", editsecret='', passhash=" . sqlesc($newpasshash) . " WHERE id=" . sqlesc($id) . " AND editsecret=" . sqlesc($arr["editsecret"])) or sqlerr(__FILE__, __LINE__);



	if (!mysql_affected_rows())

		stderr($lang_recover['std_error'], $lang_recover['std_unable_updating_user_data']);

	$title = $SITENAME . $lang_recover['mail_two_title'];

	$body = <<<EOD

{$lang_recover['mail_two_one']}{$arr["username"]}

{$lang_recover['mail_two_two']}$newpassword

{$lang_recover['mail_two_three']}

<b><a href="$ssl_invite$BASEURL/login.php">{$lang_recover['mail_here']}</a></b>

{$lang_recover['mail_three_1']}

<b><a href="https://support.google.com/answer/23852" target='_blank'>{$lang_confirm_resend['mail_google_answer']}</a></b>

{$lang_recover['mail_three_2']}

{$lang_recover['mail_two_four']}

EOD;



	sent_mail($email, $SITENAME, $SITEEMAIL, change_email_encode(get_langfolder_cookie(), $title), change_email_encode(get_langfolder_cookie(), $body), "details", true, false, '', get_email_encode(get_langfolder_cookie()));

}

else {

	stdhead();

	$s = "<select name=\"sitelanguage\" onchange='submit()'>\n";

	$langs = langlist("site_lang");

	foreach ($langs as $row) {

		if ($row["site_lang_folder"] == get_langfolder_cookie())

			$se = " selected=\"selected\"";

		else

			$se = "";

		$s .= "<option value=\"" . $row["id"] . "\"" . $se . ">" . htmlspecialchars($row["lang_name"]) . "</option>\n";

	}

	$s .= "\n</select>";

	print("<form method=\"get\" action=\"" . $_SERVER['PHP_SELF'] . "\"><div align=\"right\">" . $lang_recover['text_select_lang'] . $s . "</div></form>");

	?>

	<h1><?php echo $lang_recover['text_recover_user'] ?></h1>

	<p><?php echo $lang_recover['text_use_form_below'] ?></p>

	<p><?php echo $lang_recover['text_reply_to_confirmation_email'] ?></p>

	<p><b><?php echo $lang_recover['text_note'] ?><?php echo $maxloginattempts; ?></b><?php echo $lang_recover['text_ban_ip'] ?></p>

	<p><?php echo $lang_recover['text_you_have'] ?><b><?php echo remaining(); ?></b><?php echo $lang_recover['text_remaining_tries'] ?></p>

	<form method="post" action="cardrecover.php">

		<table border="1" cellspacing="0" cellpadding="10">

			<tr><td class="rowhead"><?php echo $lang_recover['row_registered_stuid'] ?></td>

				<td class="rowfollow"><input type="text" style="width: 150px" name="stuid" /></td></tr>

			<tr><td class="rowhead"><?php echo $lang_recover['row_registered_pass'] ?></td>

				<td class="rowfollow"><input type="password" style="width: 150px" name="password" /></td></tr>

			<?php

			show_image_code();

			?>

			<tr><td class="toolbox" colspan="2" align="center"><input type="submit" value="<?php echo $lang_recover['submit_recover_it'] ?>" class="btn" /></td></tr>

		</table></form>

	<?php

	stdfoot();

}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
PHP
1
https://gitee.com/mojie126/HDCN-PT.git
git@gitee.com:mojie126/HDCN-PT.git
mojie126
HDCN-PT
HDCN-PT
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部