-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathuser.php
136 lines (130 loc) · 4.96 KB
/
user.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<?php
require_once('config.php');
require_once('mysql.php');
require_once('mail.php');
function IsLogin(): ?array {
// Return loginPolicy.
if (isset($_COOKIE[(CookieName . '_' . 'Source')], $_COOKIE[(CookieName . '_' . 'UID')], $_COOKIE[(CookieName . '_' . 'Time')], $_COOKIE[(CookieName . '_' . 'Sign')]) && CheckLoginBySign($_COOKIE[(CookieName . '_' . 'Source')], $_COOKIE[(CookieName . '_' . 'UID')], $_COOKIE[(CookieName . '_' . 'Time')], $_COOKIE[(CookieName . '_' . 'Sign')])) {
if (SourcePolicy[$_COOKIE[(CookieName . '_' . 'Source')]]['AllowLogin']) {
return [$_COOKIE[(CookieName . '_' . 'Source')], intval($_COOKIE[(CookieName . '_' . 'UID')]), SourcePolicy[$_COOKIE[(CookieName . '_' . 'Source')]]];
}
}
if (SourcePolicy['Public']['PublicUID'] > 0) {
// Public users use the public policy, but the public policy is the default policy, so it is not only used by public users.
$publicSourcePolicy = SourcePolicy['Public'];
$publicSourcePolicy['AllowLogout'] = false;
return ['Public', SourcePolicy['Public']['PublicUID'], $publicSourcePolicy];
}
return null;
}
function GetUserBar(string $source, int $userID, bool $allowLogout = false): string {
if ($source === 'Public') {
if (($username = GetUsernameByID($userID)) !== null) {
return "你好, {$username} (UID: {$userID})" . ($allowLogout ? " <a href=\"login.php?logout=1\">登出</a>" : '');
}
}
return "你好, {$source} 用户 (UID: {$userID})" . ($allowLogout ? " <a href=\"login.php?logout=1\">登出</a>" : '');
}
function GenerateLoginSign(string $source, int $uid, int $timestamp): string {
return sha1(SourcePolicy[$source]['key'] . "Login/{$source}_{$uid}-{$timestamp}" . SourcePolicy[$source]['key']);
}
function CheckLoginBySign(string $source, int $uid, int $timestamp, string $sign): bool {
if ($sign !== sha1(SourcePolicy[$source]['key'] . "Login/{$source}_{$uid}-{$timestamp}" . SourcePolicy[$source]['key']) || ($timestamp + LoginExpireTime) < time()) {
return false;
}
return true;
}
function GetUsernameByID(int $userID): ?string {
global $db;
if (!ConnectDB()) {
if (function_exists('LogStr')) {
LogStr('无法连接到数据库', -1);
}
return null;
}
$stmt = $db->prepare("SELECT `username` FROM `users` WHERE `status` = 1 AND `id` = ? LIMIT 1");
try {
if (!$stmt->execute([$userID])) {
return null;
}
} catch (Throwable $e) {
return null;
}
$username = $stmt->fetchColumn(0);
$stmt->closeCursor();
return ($username !== false ? $username : null);
}
function CheckLoginByUsername(string $username, string $password): int {
global $db;
if (!ConnectDB()) {
if (function_exists('LogStr')) {
LogStr('无法连接到数据库', -1);
}
return 0;
}
$password = sha1($password);
$stmt = $db->prepare("SELECT `id` FROM `users` WHERE `status` = 1 AND `username` = ? AND `password` = ? LIMIT 1");
try {
if (!$stmt->execute([$username, $password])) {
return 0;
}
} catch (Throwable $e) {
return 0;
}
$userID = $stmt->fetchColumn(0);
$stmt->closeCursor();
return ($userID !== false ? $userID : 0);
}
function RegisterUser(string $username, string $email, string $password): bool {
global $db;
if (!ConnectDB()) {
if (function_exists('LogStr')) {
LogStr('无法连接到数据库', -1);
}
return false;
}
$password = sha1($password);
$stmt = $db->prepare("INSERT INTO `users` (`username`, `email`, `password`) VALUES (?, ?, ?)");
try {
if (!$stmt->execute([$username, $email, $password])) {
return false;
}
} catch (Throwable $e) {
return false;
}
$userID = $db->lastInsertId();
$stmt->closeCursor();
if ($userID === false) {
return false;
}
if (SourcePolicy['Public']['EmailExpireTime'] > 0) {
SendActivationEmail($userID, $username, $email);
}
return true;
}
function ConfirmEmail(int $userID, string $email, int $timestamp, string $code): int {
global $db;
if (!ConnectDB()) {
if (function_exists('LogStr')) {
LogStr('无法连接到数据库', -1);
}
return 0;
}
if (SourcePolicy['Public']['EmailExpireTime'] <= 0 || ($timestamp + SourcePolicy['Public']['EmailExpireTime']) < time()) {
return 0;
}
if ($code !== GetActivationCode($userID, $email, $timestamp)) {
return 0;
}
$result = $db->exec("UPDATE `users` SET `status` = 1 WHERE `status` = 0 AND `id` = {$userID} LIMIT 1");
return ($result !== false ? $result : 0);
}
function GetActivationCode(int $userID, string $email, int $timestamp): string {
return sha1(SourcePolicy['Public']['key'] . "{$userID}-{$email}-{$timestamp}" . SourcePolicy['Public']['key']);
}
function SendActivationEmail(int $userID, string $username, string $email) {
$t = time();
$activationCode = GetActivationCode($userID, $email, $t);
SendMail($email, '账号激活邮件', "你好, {$username}. 你收到此邮件是因为你需要激活在 " . Title . " 注册的账号.\n\n若为本人操作, 请点击下方链接:\nhttp://font.acgvideo.cn/confirm.php?uid={$userID}&email=" . rawurlencode($email) . "&time={$t}&code={$activationCode}\n\n若非本人操作, 则无需采取任何行动.\n");
}
?>