user.php 7.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233
  1. <?php
  2. /*
  3. [UCenter] (C)2001-2099 Comsenz Inc.
  4. This is NOT a freeware, use is subject to license terms
  5. $Id: user.php 1078 2011-03-30 02:00:29Z monkey $
  6. */
  7. !defined('IN_UC') && exit('Access Denied');
  8. class usermodel {
  9. var $db;
  10. var $base;
  11. function __construct(&$base) {
  12. $this->usermodel($base);
  13. }
  14. function usermodel(&$base) {
  15. $this->base = $base;
  16. $this->db = $base->db;
  17. }
  18. function get_user_by_uid($uid) {
  19. $arr = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."members WHERE uid='$uid'");
  20. return $arr;
  21. }
  22. function get_user_by_username($username) {
  23. $arr = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."members WHERE username='$username'");
  24. return $arr;
  25. }
  26. function get_user_by_email($email) {
  27. $arr = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."members WHERE email='$email'");
  28. return $arr;
  29. }
  30. function check_username($username) {
  31. $guestexp = '\xA1\xA1|\xAC\xA3|^Guest|^\xD3\xCE\xBF\xCD|\xB9\x43\xAB\xC8';
  32. $len = $this->dstrlen($username);
  33. if($len > 15 || $len < 3 || preg_match("/\s+|^c:\\con\\con|[%,\*\"\s\<\>\&]|$guestexp/is", $username)) {
  34. return FALSE;
  35. } else {
  36. return TRUE;
  37. }
  38. }
  39. function dstrlen($str) {
  40. if(strtolower(UC_CHARSET) != 'utf-8') {
  41. return strlen($str);
  42. }
  43. $count = 0;
  44. for($i = 0; $i < strlen($str); $i++){
  45. $value = ord($str[$i]);
  46. if($value > 127) {
  47. $count++;
  48. if($value >= 192 && $value <= 223) $i++;
  49. elseif($value >= 224 && $value <= 239) $i = $i + 2;
  50. elseif($value >= 240 && $value <= 247) $i = $i + 3;
  51. }
  52. $count++;
  53. }
  54. return $count;
  55. }
  56. function check_mergeuser($username) {
  57. $data = $this->db->result_first("SELECT count(*) FROM ".UC_DBTABLEPRE."mergemembers WHERE appid='".$this->base->app['appid']."' AND username='$username'");
  58. return $data;
  59. }
  60. function check_usernamecensor($username) {
  61. $_CACHE['badwords'] = $this->base->cache('badwords');
  62. $censorusername = $this->base->get_setting('censorusername');
  63. $censorusername = $censorusername['censorusername'];
  64. $censorexp = '/^('.str_replace(array('\\*', "\r\n", ' '), array('.*', '|', ''), preg_quote(($censorusername = trim($censorusername)), '/')).')$/i';
  65. $usernamereplaced = isset($_CACHE['badwords']['findpattern']) && !empty($_CACHE['badwords']['findpattern']) ? @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $username) : $username;
  66. if(($usernamereplaced != $username) || ($censorusername && preg_match($censorexp, $username))) {
  67. return FALSE;
  68. } else {
  69. return TRUE;
  70. }
  71. }
  72. function check_usernameexists($username) {
  73. $data = $this->db->result_first("SELECT username FROM ".UC_DBTABLEPRE."members WHERE username='$username'");
  74. return $data;
  75. }
  76. function check_emailformat($email) {
  77. return strlen($email) > 6 && preg_match("/^[\w\-\.]+@[\w\-\.]+(\.\w+)+$/", $email);
  78. }
  79. function check_emailaccess($email) {
  80. $setting = $this->base->get_setting(array('accessemail', 'censoremail'));
  81. $accessemail = $setting['accessemail'];
  82. $censoremail = $setting['censoremail'];
  83. $accessexp = '/('.str_replace("\r\n", '|', preg_quote(trim($accessemail), '/')).')$/i';
  84. $censorexp = '/('.str_replace("\r\n", '|', preg_quote(trim($censoremail), '/')).')$/i';
  85. if($accessemail || $censoremail) {
  86. if(($accessemail && !preg_match($accessexp, $email)) || ($censoremail && preg_match($censorexp, $email))) {
  87. return FALSE;
  88. } else {
  89. return TRUE;
  90. }
  91. } else {
  92. return TRUE;
  93. }
  94. }
  95. function check_emailexists($email, $username = '') {
  96. $sqladd = $username !== '' ? "AND username<>'$username'" : '';
  97. $email = $this->db->result_first("SELECT email FROM ".UC_DBTABLEPRE."members WHERE email='$email' $sqladd");
  98. return $email;
  99. }
  100. function check_login($username, $password, &$user) {
  101. $user = $this->get_user_by_username($username);
  102. if(empty($user['username'])) {
  103. return -1;
  104. } elseif($user['password'] != md5(md5($password).$user['salt'])) {
  105. return -2;
  106. }
  107. return $user['uid'];
  108. }
  109. function add_user($username, $password, $email, $uid = 0, $questionid = '', $answer = '', $regip = '') {
  110. $regip = empty($regip) ? $this->base->onlineip : $regip;
  111. $salt = substr(uniqid(rand()), -6);
  112. $password = md5(md5($password).$salt);
  113. $sqladd = $uid ? "uid='".intval($uid)."'," : '';
  114. $sqladd .= $questionid > 0 ? " secques='".$this->quescrypt($questionid, $answer)."'," : " secques='',";
  115. $this->db->query("INSERT INTO ".UC_DBTABLEPRE."members SET $sqladd username='$username', password='$password', email='$email', regip='$regip', regdate='".$this->base->time."', salt='$salt'");
  116. $uid = $this->db->insert_id();
  117. $this->db->query("INSERT INTO ".UC_DBTABLEPRE."memberfields SET uid='$uid'");
  118. return $uid;
  119. }
  120. function edit_user($username, $oldpw, $newpw, $email, $ignoreoldpw = 0, $questionid = '', $answer = '') {
  121. $data = $this->db->fetch_first("SELECT username, uid, password, salt FROM ".UC_DBTABLEPRE."members WHERE username='$username'");
  122. if($ignoreoldpw) {
  123. $isprotected = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."protectedmembers WHERE uid = '$data[uid]'");
  124. if($isprotected) {
  125. return -8;
  126. }
  127. }
  128. if(!$ignoreoldpw && $data['password'] != md5(md5($oldpw).$data['salt'])) {
  129. return -1;
  130. }
  131. $sqladd = $newpw ? "password='".md5(md5($newpw).$data['salt'])."'" : '';
  132. $sqladd .= $email ? ($sqladd ? ',' : '')." email='$email'" : '';
  133. if($questionid !== '') {
  134. if($questionid > 0) {
  135. $sqladd .= ($sqladd ? ',' : '')." secques='".$this->quescrypt($questionid, $answer)."'";
  136. } else {
  137. $sqladd .= ($sqladd ? ',' : '')." secques=''";
  138. }
  139. }
  140. if($sqladd || $emailadd) {
  141. $this->db->query("UPDATE ".UC_DBTABLEPRE."members SET $sqladd WHERE username='$username'");
  142. return $this->db->affected_rows();
  143. } else {
  144. return -7;
  145. }
  146. }
  147. function delete_user($uidsarr) {
  148. $uidsarr = (array)$uidsarr;
  149. if(!$uidsarr) {
  150. return 0;
  151. }
  152. $uids = $this->base->implode($uidsarr);
  153. $arr = $this->db->fetch_all("SELECT uid FROM ".UC_DBTABLEPRE."protectedmembers WHERE uid IN ($uids)");
  154. $puids = array();
  155. foreach((array)$arr as $member) {
  156. $puids[] = $member['uid'];
  157. }
  158. $uids = $this->base->implode(array_diff($uidsarr, $puids));
  159. if($uids) {
  160. $this->db->query("DELETE FROM ".UC_DBTABLEPRE."members WHERE uid IN($uids)");
  161. $this->db->query("DELETE FROM ".UC_DBTABLEPRE."memberfields WHERE uid IN($uids)");
  162. uc_user_deleteavatar($uidsarr);
  163. $this->base->load('note');
  164. $_ENV['note']->add('deleteuser', "ids=$uids");
  165. return $this->db->affected_rows();
  166. } else {
  167. return 0;
  168. }
  169. }
  170. function get_total_num($sqladd = '') {
  171. $data = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."members $sqladd");
  172. return $data;
  173. }
  174. function get_list($page, $ppp, $totalnum, $sqladd) {
  175. $start = $this->base->page_get_start($page, $ppp, $totalnum);
  176. $data = $this->db->fetch_all("SELECT * FROM ".UC_DBTABLEPRE."members $sqladd LIMIT $start, $ppp");
  177. return $data;
  178. }
  179. function name2id($usernamesarr) {
  180. $usernamesarr = uc_addslashes($usernamesarr, 1, TRUE);
  181. $usernames = $this->base->implode($usernamesarr);
  182. $query = $this->db->query("SELECT uid FROM ".UC_DBTABLEPRE."members WHERE username IN($usernames)");
  183. $arr = array();
  184. while($user = $this->db->fetch_array($query)) {
  185. $arr[] = $user['uid'];
  186. }
  187. return $arr;
  188. }
  189. function id2name($uidarr) {
  190. $arr = array();
  191. $query = $this->db->query("SELECT uid, username FROM ".UC_DBTABLEPRE."members WHERE uid IN (".$this->base->implode($uidarr).")");
  192. while($user = $this->db->fetch_array($query)) {
  193. $arr[$user['uid']] = $user['username'];
  194. }
  195. return $arr;
  196. }
  197. function quescrypt($questionid, $answer) {
  198. return $questionid > 0 && $answer != '' ? substr(md5($answer.md5($questionid)), 16, 8) : '';
  199. }
  200. }
  201. ?>