fenglin/bbs/user_service_reset_pass.php

<?php
        require_once "../lib/common.inc.php";
        require_once "../lib/db_open.inc.php";
        require_once "../lib/passwd.inc.php";
        require_once "../lib/client_addr.inc.php";
        require_once "../lib/send_mail.inc.php";

        $data = json_decode(file_get_contents("php://input"), true);

        $username = (isset($data["username"]) ? trim($data["username"]) : "");
        $email = (isset($data["email"]) ? trim($data["email"]) : "");

        $result_set = array(
                "return" => array(
                        "code" => 0,
                        "message" => "",
                        "errorFields" => array(),
                )
        );

        header("Content-Type:application/json; charset=utf-8");

        // Validate input data
        if (!preg_match("/^[A-Za-z][A-Za-z0-9_]{2,11}$/", $username))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "username",
                        "errMsg" => "不符合格式要求",
                ));
        }

        if (!preg_match("/^[A-Za-z0-9_.-]+@([A-Za-z0-9-]+[.])+[A-Za-z0-9-]+$/", $email))
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "email",
                        "errMsg" => "不符合格式要求",
                ));
        }

        if ($result_set["return"]["code"] != 0)
        {
                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Begin transaction
        $rs = mysqli_query($db_conn, "SET autocommit=0");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $rs = mysqli_query($db_conn, "BEGIN");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $sql = "SELECT user_list.UID, username, email FROM user_list
                        INNER JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID
                        WHERE user_list.enable AND username = '$username' and email = '$email'";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Query user info error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if ($row = mysqli_fetch_array($rs))
        {
                $uid = $row["UID"];
                $username = $row["username"];
                $email = $row["email"];
        }
        else
        {
                $result_set["return"]["code"] = -1;
                array_push($result_set["return"]["errorFields"], array(
                        "id" => "username",
                        "errMsg" => "用户名和邮件地址不匹配",
                ));

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_free_result($rs);

        $temp_password = gen_passwd(10);

        $sql = "UPDATE user_list SET temp_password = SHA2('$temp_password', 256)
                        WHERE UID = $uid";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Update password error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        //Add Log
        $sql = "INSERT INTO send_pass_log(UID, dt, ip) VALUES($uid, NOW(), '" .
                        client_addr() . "')";

        $rs = mysqli_query($db_conn, $sql);
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Add log error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        //Send mail
        $from = "";
        $fromname = $BBS_name;
        $to = $email;
        $toname = $username;
        $subject = $BBS_name . "重置密码";
        $body = $username.":\n    您好！\n".
                        "    您的临时密码是：  $temp_password  （区分大小写）\n".
                        "    请访问以下链接并在登录时修改密码：\n".
                        "https://$BBS_host_name/bbs/\n\n".
                        $BBS_name . "\n" . date("Y年m月d日") . "\n";

        $ret = send_mail($from, $fromname, $to, $toname, $subject, $body, $db_conn);
        if ($ret == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Add email error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        // Commit transaction
        $rs = mysqli_query($db_conn, "COMMIT");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        $rs = mysqli_query($db_conn, "SET autocommit=1");
        if ($rs == false)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        if (send_mail_do($db_conn) < 0)
        {
                $result_set["return"]["code"] = -2;
                $result_set["return"]["message"] = "Send mail error";

                mysqli_close($db_conn);
                exit(json_encode($result_set));
        }

        mysqli_close($db_conn);
        exit(json_encode($result_set));
1	sysadm	1.1	<?php
2			require_once "../lib/common.inc.php";
3			require_once "../lib/db_open.inc.php";
4			require_once "../lib/passwd.inc.php";
5			require_once "../lib/client_addr.inc.php";
6			require_once "../lib/send_mail.inc.php";
7
8			$data = json_decode(file_get_contents("php://input"), true);
9
10			$username = (isset($data["username"]) ? trim($data["username"]) : "");
11			$email = (isset($data["email"]) ? trim($data["email"]) : "");
12
13			$result_set = array(
14			"return" => array(
15			"code" => 0,
16			"message" => "",
17			"errorFields" => array(),
18			)
19			);
20
21			header("Content-Type:application/json; charset=utf-8");
22
23			// Validate input data
24	sysadm	1.5	if (!preg_match("/^[A-Za-z][A-Za-z0-9_]{2,11}$/", $username))
25	sysadm	1.1	{
26			$result_set["return"]["code"] = -1;
27			array_push($result_set["return"]["errorFields"], array(
28			"id" => "username",
29			"errMsg" => "不符合格式要求",
30			));
31			}
32
33			if (!preg_match("/^[A-Za-z0-9_.-]+@([A-Za-z0-9-]+[.])+[A-Za-z0-9-]+$/", $email))
34			{
35			$result_set["return"]["code"] = -1;
36			array_push($result_set["return"]["errorFields"], array(
37			"id" => "email",
38			"errMsg" => "不符合格式要求",
39			));
40			}
41
42			if ($result_set["return"]["code"] != 0)
43			{
44			mysqli_close($db_conn);
45			exit(json_encode($result_set));
46			}
47
48			// Begin transaction
49			$rs = mysqli_query($db_conn, "SET autocommit=0");
50			if ($rs == false)
51			{
52			$result_set["return"]["code"] = -2;
53			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
54
55			mysqli_close($db_conn);
56			exit(json_encode($result_set));
57			}
58	sysadm	1.2
59	sysadm	1.1	$rs = mysqli_query($db_conn, "BEGIN");
60			if ($rs == false)
61			{
62			$result_set["return"]["code"] = -2;
63			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
64
65			mysqli_close($db_conn);
66			exit(json_encode($result_set));
67			}
68
69	sysadm	1.6	$sql = "SELECT user_list.UID, username, email FROM user_list
70	sysadm	1.1	INNER JOIN user_pubinfo ON user_list.UID = user_pubinfo.UID
71			WHERE user_list.enable AND username = '$username' and email = '$email'";
72
73			$rs = mysqli_query($db_conn, $sql);
74			if ($rs == false)
75			{
76			$result_set["return"]["code"] = -2;
77			$result_set["return"]["message"] = "Query user info error: " . mysqli_error($db_conn);
78
79			mysqli_close($db_conn);
80			exit(json_encode($result_set));
81			}
82
83			if ($row = mysqli_fetch_array($rs))
84			{
85			$uid = $row["UID"];
86			$username = $row["username"];
87			$email = $row["email"];
88			}
89			else
90			{
91			$result_set["return"]["code"] = -1;
92			array_push($result_set["return"]["errorFields"], array(
93			"id" => "username",
94			"errMsg" => "用户名和邮件地址不匹配",
95			));
96
97			mysqli_close($db_conn);
98			exit(json_encode($result_set));
99			}
100
101			mysqli_free_result($rs);
102
103	sysadm	1.6	$temp_password = gen_passwd(10);
104	sysadm	1.1
105	sysadm	1.6	$sql = "UPDATE user_list SET temp_password = SHA2('$temp_password', 256)
106	sysadm	1.1	WHERE UID = $uid";
107
108			$rs = mysqli_query($db_conn, $sql);
109			if ($rs == false)
110			{
111			$result_set["return"]["code"] = -2;
112			$result_set["return"]["message"] = "Update password error: " . mysqli_error($db_conn);
113
114			mysqli_close($db_conn);
115			exit(json_encode($result_set));
116			}
117
118			//Add Log
119			$sql = "INSERT INTO send_pass_log(UID, dt, ip) VALUES($uid, NOW(), '" .
120			client_addr() . "')";
121
122			$rs = mysqli_query($db_conn, $sql);
123			if ($rs == false)
124			{
125			$result_set["return"]["code"] = -2;
126			$result_set["return"]["message"] = "Add log error: " . mysqli_error($db_conn);
127
128			mysqli_close($db_conn);
129			exit(json_encode($result_set));
130			}
131
132			//Send mail
133			$from = "";
134			$fromname = $BBS_name;
135			$to = $email;
136			$toname = $username;
137			$subject = $BBS_name . "重置密码";
138			$body = $username.":\n 您好！\n".
139			" 您的临时密码是： $temp_password （区分大小写）\n".
140			" 请访问以下链接并在登录时修改密码：\n".
141			"https://$BBS_host_name/bbs/\n\n".
142			$BBS_name . "\n" . date("Y年m月d日") . "\n";
143
144			$ret = send_mail($from, $fromname, $to, $toname, $subject, $body, $db_conn);
145			if ($ret == false)
146			{
147			$result_set["return"]["code"] = -2;
148			$result_set["return"]["message"] = "Add email error: " . mysqli_error($db_conn);
149
150			mysqli_close($db_conn);
151			exit(json_encode($result_set));
152			}
153
154			// Commit transaction
155			$rs = mysqli_query($db_conn, "COMMIT");
156			if ($rs == false)
157			{
158			$result_set["return"]["code"] = -2;
159			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
160
161			mysqli_close($db_conn);
162			exit(json_encode($result_set));
163			}
164
165	sysadm	1.7	$rs = mysqli_query($db_conn, "SET autocommit=1");
166			if ($rs == false)
167			{
168			$result_set["return"]["code"] = -2;
169			$result_set["return"]["message"] = "Mysqli error: " . mysqli_error($db_conn);
170
171			mysqli_close($db_conn);
172			exit(json_encode($result_set));
173			}
174
175			if (send_mail_do($db_conn) < 0)
176			{
177			$result_set["return"]["code"] = -2;
178			$result_set["return"]["message"] = "Send mail error";
179
180			mysqli_close($db_conn);
181			exit(json_encode($result_set));
182			}
183
184	sysadm	1.1	mysqli_close($db_conn);
185			exit(json_encode($result_set));
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1