fenglin/bbs/reg_user_service.php

<?
        require_once "../lib/common.inc.php";
        require_once "../lib/str_process.inc.php";
        require_once "../lib/vn_gif.inc.php";
        require_once "../lib/passwd.inc.php";
        require_once "../lib/db_open.inc.php";
        require_once "../lib/send_mail.inc.php";
        require_once "./session_init.inc.php";
        require_once "./reg_check.inc.php";

        $data = json_decode(file_get_contents("php://input"), true);

        $username = (isset($data["username"]) ? $data["username"] : "");
        $nickname = (isset($data["nickname"]) ? $data["nickname"] : "");
        $realname = (isset($data["realname"]) ? trim($data["realname"]) : "");
        $gender = (isset($data["gender"]) ? $data["gender"] : "");
        $gender_public = (isset($data["gender_public"]) && $data["gender_public"] == "1" ? 1 : 0);
        $email = (isset($data["email"]) ? $data["email"] : "");
        $year = (isset($data["year"]) ? intval($data["year"]) : 0);
        $month = (isset($data["month"]) ? intval($data["month"]) : 0);
        $day = (isset($data["day"]) ? intval($data["day"]) : 0);
        $qq = (isset($data["qq"]) ? $data["qq"] : "");
        $agreement = (isset($data["agreement"]) && $data["agreement"] == "1");
        $vn_str = (isset($data["vn_str"]) ? $data["vn_str"] : "");

        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        // Validate input data
        if (!preg_match("/^[A-Za-z][A-Za-z0-9]{4,11}$/", $username))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "username",
                        "errMsg" => "不符合格式要求",
                ));
        }
        else if (!check_str($username))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "username",
                        "errMsg" => "用户名不可用",
                ));
        }

        if ($nickname == "" || preg_match("/[[:space:]]/", $nickname) || str_length($nickname) > 20)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "nickname",
                        "errMsg" => "不符合格式要求",
                ));
        }
        else if (!check_str($nickname))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "nickname",
                        "errMsg" => "昵称不可用",
                ));
        }

        if ($realname == "" || preg_match("/[\t\r\n]/", $realname) || str_length($realname) > 10)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "realname",
                        "errMsg" => "不符合格式要求",
                ));
        }

        if ($gender != "M" && $gender != "F")
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "gender",
                        "errMsg" => "未指定性别",
                ));
        }

        if (!preg_match("/^[A-Za-z0-9_.-]+@([A-Za-z0-9-]+[.])+[A-Za-z0-9-]+$/", $email))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "email",
                        "errMsg" => "不符合格式要求",
                ));
        }

        if (!checkdate($month, $day, $year))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "birthday",
                        "errMsg" => "非法日期",
                ));
        }
        else if ((new DateTimeImmutable("$year-$month-$day")) > (new DateTimeImmutable("-16 year")))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "birthday",
                        "errMsg" => "需年满16周岁才能使用本站服务",
                ));
        }

        if ($qq != "" && !preg_match("/^[0-9]{5,11}$/", $qq))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "qq",
                        "errMsg" => "不符合格式要求",
                ));
        }

        if (!$agreement)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "agreement",
                        "errMsg" => "请仔细阅读并确认同意《用户许可协议》",
                ));
        }

        if ((!isset($_SESSION["BBS_reg_vn_str"])) || $_SESSION["BBS_reg_vn_str"] == "" || VN_check($_SESSION["BBS_reg_vn_str"], $vn_str) != 0)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "vn_str",
                        "errMsg" => "验证码错误",
                ));
        }

        if ($result_set["return"]["code"] != 0)
        {
                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Begin transaction
        $rs = mysqli_query($db_conn, "SET autocommit=0");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }
        
        $rs = mysqli_query($db_conn, "BEGIN");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Check availability of username and nickname
        $sql = "SELECT UID FROM user_list WHERE username = '" .
                        mysqli_real_escape_string($db_conn, $username) . "'";
        
        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query user list error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (mysqli_num_rows($rs) > 0)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "username",
                        "errMsg" => "用户名已存在",
                ));
        }
        mysqli_free_result($rs);

        $sql = "SELECT UID FROM user_nickname WHERE nickname = '" .
                        mysqli_real_escape_string($db_conn, $nickname) . "'";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query user nickname error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (mysqli_num_rows($rs) > 0)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "nickname",
                        "errMsg" => "昵称已存在",
                ));
        }
        mysqli_free_result($rs);
        
        $sql = "SELECT UID FROM user_pubinfo WHERE email = '" .
                        mysqli_real_escape_string($db_conn, $email) . "'";
        
        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query user email error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (mysqli_num_rows($rs) >= $BBS_max_user_per_email)
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "email",
                        "errMsg" => "该邮箱的使用次数已超过限制",
                ));
        }
        mysqli_free_result($rs);

        if ($result_set["return"]["code"] != 0)
        {
                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Create new user
        $temp_password = gen_passwd(10);

        $sql = "INSERT INTO user_list(username, temp_password) values('$username', '$temp_password')";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Add user list error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $uid = mysqli_insert_id($db_conn);

        $sql = "INSERT INTO user_reginfo(UID, name, birthday, signup_dt, signup_ip) VALUES($uid, '" .
                        mysqli_real_escape_string($db_conn, $realname) . "', '$year-$month-$day', NOW(), '".
                        client_addr() . "')";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Add user reginfo error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $sql = "INSERT INTO user_pubinfo(UID, nickname, email, gender, gender_pub, qq, last_login_dt) VALUES($uid, '" .
                        mysqli_real_escape_string($db_conn, $nickname) . "', '$email', '$gender', $gender_public, '$qq', NOW())";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Add user pubinfo error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $sql = "INSERT INTO user_nickname(UID, nickname, begin_dt, begin_reason) VALUES($uid, '" .
                        mysqli_real_escape_string($db_conn, $nickname) . "', NOW(), 'R')";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Add user nickname error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Send initial password via email
        $from = "";
        $fromname = $BBS_name;
        $to = $email;
        $toname = $username;
        $subject = $BBS_name . "注册确认";
        $body = $username . ":\n    您好！\n" .
                        "    您的临时密码是：  $temp_password  （区分大小写）\n".
                        "    请访问以下链接并在登录时修改密码：\n".
                        "https://$BBS_host_name/bbs/\n\n".
                        "    感谢您的大力支持！\n\n".
                        $BBS_name . "\n" . date("Y年m月d日") . "\n";

        $ret = send_mail($from, $fromname, $to, $toname, $subject, $body, $db_conn);
        if ($ret == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Add email error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Commit transaction
        $rs = mysqli_query($db_conn, "COMMIT");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $_SESSION["BBS_reg_vn_str"] == "";

        mysqli_close($db_conn);
        exit(json_encode($result_set));
?>
1	<?
2	require_once "../lib/common.inc.php";
3	require_once "../lib/str_process.inc.php";
4	require_once "../lib/vn_gif.inc.php";
5	require_once "../lib/passwd.inc.php";
6	require_once "../lib/db_open.inc.php";
7	require_once "../lib/send_mail.inc.php";
8	require_once "./session_init.inc.php";
9	require_once "./reg_check.inc.php";
10
11	$data = json_decode(file_get_contents("php://input"), true);
12
13	$username = (isset($data["username"]) ? $data["username"] : "");
14	$nickname = (isset($data["nickname"]) ? $data["nickname"] : "");
15	$realname = (isset($data["realname"]) ? trim($data["realname"]) : "");
16	$gender = (isset($data["gender"]) ? $data["gender"] : "");
17	$gender_public = (isset($data["gender_public"]) && $data["gender_public"] == "1" ? 1 : 0);
18	$email = (isset($data["email"]) ? $data["email"] : "");
19	$year = (isset($data["year"]) ? intval($data["year"]) : 0);
20	$month = (isset($data["month"]) ? intval($data["month"]) : 0);
21	$day = (isset($data["day"]) ? intval($data["day"]) : 0);
22	$qq = (isset($data["qq"]) ? $data["qq"] : "");
23	$agreement = (isset($data["agreement"]) && $data["agreement"] == "1");
24	$vn_str = (isset($data["vn_str"]) ? $data["vn_str"] : "");
25
26	$result_set = array(
27	"return" => array(
28	"code" => 0,
29	"message" => "",
30	"errorFields" => array(),
31	)
32	);
33
34	header("Content-Type:application/json; charset=utf-8");
35
36	// Validate input data
37	if (!preg_match("/^[A-Za-z][A-Za-z0-9]{4,11}$/", $username))
38	{
39	$result_set["return"]["code"] = -1;
40	array_push($result_set["return"]["errorFields"], array(
41	"id" => "username",
42	"errMsg" => "不符合格式要求",
43	));
44	}
45	else if (!check_str($username))
46	{
47	$result_set["return"]["code"] = -1;
48	array_push($result_set["return"]["errorFields"], array(
49	"id" => "username",
50	"errMsg" => "用户名不可用",
51	));
52	}
53
54	if ($nickname == "" \|\| preg_match("/[[:space:]]/", $nickname) \|\| str_length($nickname) > 20)
55	{
56	$result_set["return"]["code"] = -1;
57	array_push($result_set["return"]["errorFields"], array(
58	"id" => "nickname",
59	"errMsg" => "不符合格式要求",
60	));
61	}
62	else if (!check_str($nickname))
63	{
64	$result_set["return"]["code"] = -1;
65	array_push($result_set["return"]["errorFields"], array(
66	"id" => "nickname",
67	"errMsg" => "昵称不可用",
68	));
69	}
70
71	if ($realname == "" \|\| preg_match("/[\t\r\n]/", $realname) \|\| str_length($realname) > 10)
72	{
73	$result_set["return"]["code"] = -1;
74	array_push($result_set["return"]["errorFields"], array(
75	"id" => "realname",
76	"errMsg" => "不符合格式要求",
77	));
78	}
79
80	if ($gender != "M" && $gender != "F")
81	{
82	$result_set["return"]["code"] = -1;
83	array_push($result_set["return"]["errorFields"], array(
84	"id" => "gender",
85	"errMsg" => "未指定性别",
86	));
87	}
88
89	if (!preg_match("/^[A-Za-z0-9_.-]+@([A-Za-z0-9-]+[.])+[A-Za-z0-9-]+$/", $email))
90	{
91	$result_set["return"]["code"] = -1;
92	array_push($result_set["return"]["errorFields"], array(
93	"id" => "email",
94	"errMsg" => "不符合格式要求",
95	));
96	}
97
98	if (!checkdate($month, $day, $year))
99	{
100	$result_set["return"]["code"] = -1;
101	array_push($result_set["return"]["errorFields"], array(
102	"id" => "birthday",
103	"errMsg" => "非法日期",
104	));
105	}
106	else if ((new DateTimeImmutable("$year-$month-$day")) > (new DateTimeImmutable("-16 year")))
107	{
108	$result_set["return"]["code"] = -1;
109	array_push($result_set["return"]["errorFields"], array(
110	"id" => "birthday",
111	"errMsg" => "需年满16周岁才能使用本站服务",
112	));
113	}
114
115	if ($qq != "" && !preg_match("/^[0-9]{5,11}$/", $qq))
116	{
117	$result_set["return"]["code"] = -1;
118	array_push($result_set["return"]["errorFields"], array(
119	"id" => "qq",
120	"errMsg" => "不符合格式要求",
121	));
122	}
123
124	if (!$agreement)
125	{
126	$result_set["return"]["code"] = -1;
127	array_push($result_set["return"]["errorFields"], array(
128	"id" => "agreement",
129	"errMsg" => "请仔细阅读并确认同意《用户许可协议》",
130	));
131	}
132
133	if ((!isset($_SESSION["BBS_reg_vn_str"])) \|\| $_SESSION["BBS_reg_vn_str"] == "" \|\| VN_check($_SESSION["BBS_reg_vn_str"], $vn_str) != 0)
134	{
135	$result_set["return"]["code"] = -1;
136	array_push($result_set["return"]["errorFields"], array(
137	"id" => "vn_str",
138	"errMsg" => "验证码错误",
139	));
140	}
141
142	if ($result_set["return"]["code"] != 0)
143	{
144	mysqli_close($db_conn);
145	exit(json_encode($result_set));
146	}
147
148	// Begin transaction
149	$rs = mysqli_query($db_conn, "SET autocommit=0");
150	if ($rs == false)
151	{
152	$result_set["return"]["code"] = -2;
153	$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
154
155	mysqli_close($db_conn);
156	exit(json_encode($result_set));
157	}
158
159	$rs = mysqli_query($db_conn, "BEGIN");
160	if ($rs == false)
161	{
162	$result_set["return"]["code"] = -2;
163	$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
164
165	mysqli_close($db_conn);
166	exit(json_encode($result_set));
167	}
168
169	// Check availability of username and nickname
170	$sql = "SELECT UID FROM user_list WHERE username = '" .
171	mysqli_real_escape_string($db_conn, $username) . "'";
172
173	$rs = mysqli_query($db_conn, $sql);
174	if ($rs == false)
175	{
176	$result_set["return"]["code"] = -2;
177	$result_set["return"]["message"] = "Query user list error: " . mysqli_error($db_conn);
178
179	mysqli_close($db_conn);
180	exit(json_encode($result_set));
181	}
182
183	if (mysqli_num_rows($rs) > 0)
184	{
185	$result_set["return"]["code"] = -1;
186	array_push($result_set["return"]["errorFields"], array(
187	"id" => "username",
188	"errMsg" => "用户名已存在",
189	));
190	}
191	mysqli_free_result($rs);
192
193	$sql = "SELECT UID FROM user_nickname WHERE nickname = '" .
194	mysqli_real_escape_string($db_conn, $nickname) . "'";
195
196	$rs = mysqli_query($db_conn, $sql);
197	if ($rs == false)
198	{
199	$result_set["return"]["code"] = -2;
200	$result_set["return"]["message"] = "Query user nickname error: " . mysqli_error($db_conn);
201
202	mysqli_close($db_conn);
203	exit(json_encode($result_set));
204	}
205
206	if (mysqli_num_rows($rs) > 0)
207	{
208	$result_set["return"]["code"] = -1;
209	array_push($result_set["return"]["errorFields"], array(
210	"id" => "nickname",
211	"errMsg" => "昵称已存在",
212	));
213	}
214	mysqli_free_result($rs);
215
216	$sql = "SELECT UID FROM user_pubinfo WHERE email = '" .
217	mysqli_real_escape_string($db_conn, $email) . "'";
218
219	$rs = mysqli_query($db_conn, $sql);
220	if ($rs == false)
221	{
222	$result_set["return"]["code"] = -2;
223	$result_set["return"]["message"] = "Query user email error: " . mysqli_error($db_conn);
224
225	mysqli_close($db_conn);
226	exit(json_encode($result_set));
227	}
228
229	if (mysqli_num_rows($rs) >= $BBS_max_user_per_email)
230	{
231	$result_set["return"]["code"] = -1;
232	array_push($result_set["return"]["errorFields"], array(
233	"id" => "email",
234	"errMsg" => "该邮箱的使用次数已超过限制",
235	));
236	}
237	mysqli_free_result($rs);
238
239	if ($result_set["return"]["code"] != 0)
240	{
241	mysqli_close($db_conn);
242	exit(json_encode($result_set));
243	}
244
245	// Create new user
246	$temp_password = gen_passwd(10);
247
248	$sql = "INSERT INTO user_list(username, temp_password) values('$username', '$temp_password')";
249
250	$rs = mysqli_query($db_conn, $sql);
251	if ($rs == false)
252	{
253	$result_set["return"]["code"] = -2;
254	$result_set["return"]["message"] = "Add user list error: " . mysqli_error($db_conn);
255
256	mysqli_close($db_conn);
257	exit(json_encode($result_set));
258	}
259
260	$uid = mysqli_insert_id($db_conn);
261
262	$sql = "INSERT INTO user_reginfo(UID, name, birthday, signup_dt, signup_ip) VALUES($uid, '" .
263	mysqli_real_escape_string($db_conn, $realname) . "', '$year-$month-$day', NOW(), '".
264	client_addr() . "')";
265
266	$rs = mysqli_query($db_conn, $sql);
267	if ($rs == false)
268	{
269	$result_set["return"]["code"] = -2;
270	$result_set["return"]["message"] = "Add user reginfo error: " . mysqli_error($db_conn);
271
272	mysqli_close($db_conn);
273	exit(json_encode($result_set));
274	}
275
276	$sql = "INSERT INTO user_pubinfo(UID, nickname, email, gender, gender_pub, qq, last_login_dt) VALUES($uid, '" .
277	mysqli_real_escape_string($db_conn, $nickname) . "', '$email', '$gender', $gender_public, '$qq', NOW())";
278
279	$rs = mysqli_query($db_conn, $sql);
280	if ($rs == false)
281	{
282	$result_set["return"]["code"] = -2;
283	$result_set["return"]["message"] = "Add user pubinfo error: " . mysqli_error($db_conn);
284
285	mysqli_close($db_conn);
286	exit(json_encode($result_set));
287	}
288
289	$sql = "INSERT INTO user_nickname(UID, nickname, begin_dt, begin_reason) VALUES($uid, '" .
290	mysqli_real_escape_string($db_conn, $nickname) . "', NOW(), 'R')";
291
292	$rs = mysqli_query($db_conn, $sql);
293	if ($rs == false)
294	{
295	$result_set["return"]["code"] = -2;
296	$result_set["return"]["message"] = "Add user nickname error: " . mysqli_error($db_conn);
297
298	mysqli_close($db_conn);
299	exit(json_encode($result_set));
300	}
301
302	// Send initial password via email
303	$from = "";
304	$fromname = $BBS_name;
305	$to = $email;
306	$toname = $username;
307	$subject = $BBS_name . "注册确认";
308	$body = $username . ":\n 您好！\n" .
309	" 您的临时密码是： $temp_password （区分大小写）\n".
310	" 请访问以下链接并在登录时修改密码：\n".
311	"https://$BBS_host_name/bbs/\n\n".
312	" 感谢您的大力支持！\n\n".
313	$BBS_name . "\n" . date("Y年m月d日") . "\n";
314
315	$ret = send_mail($from, $fromname, $to, $toname, $subject, $body, $db_conn);
316	if ($ret == false)
317	{
318	$result_set["return"]["code"] = -2;
319	$result_set["return"]["message"] = "Add email error: " . mysqli_error($db_conn);
320
321	mysqli_close($db_conn);
322	exit(json_encode($result_set));
323	}
324
325	// Commit transaction
326	$rs = mysqli_query($db_conn, "COMMIT");
327	if ($rs == false)
328	{
329	$result_set["return"]["code"] = -2;
330	$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
331
332	mysqli_close($db_conn);
333	exit(json_encode($result_set));
334	}
335
336	$_SESSION["BBS_reg_vn_str"] == "";
337
338	mysqli_close($db_conn);
339	exit(json_encode($result_set));
340	?>
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1