using System; public partial class t_1_Passport_Register1 : System.Web.UI.Page { protected BLL.BaseClass B = new BLL.BaseClass(); protected Common.BaseClass C = new Common.BaseClass(); protected DAL.BaseClass D = new DAL.BaseClass(); Safe SAFE = new Safe(); protected string ReturnUrl = string.Empty; protected string openid = string.Empty, weixinid = string.Empty, nickname = string.Empty, face = string.Empty; protected string _HomePage = string.Empty; protected void Page_Load(object sender, EventArgs e) { ReturnUrl = C.RequestQueryStringDecode("ReturnUrl"); _HomePage = B.Config("HomePage"); if (!IsPostBack) { if (B.UserLogined()) C.RE(ReturnUrl.Length == 0 ? "/" : ReturnUrl); if (B.WaitActivation()) C.RE(); if (B.act("dos")) dos(); else if (B.act("CheckUsername")) CheckUsername(); else load(); } } void load() { if (B.Config("UseThirdPartyPassport") == "1") C.R(B.Config("ThirdPartyPassportRegisterUrl")); openid = C.RequestQueryStringDecode("openid"); weixinid = C.RequestQueryStringDecode("weixinid"); nickname = C.RQ("nickname"); face = C.RequestQueryStringDecode("face"); } void dos() { //if (!地区注册限制()) C.W(); //if (!SAFE.地区黑名单()) C.W("4"); string _openid = C.RF("openid"); if (_openid.Length > 0 && D.ExecScalar("select count(*) from [User] where [OAuthQQ]=@OAuthQQ", D.GetParam("@OAuthQQ", _openid)) > 0) C.W(); string _weixinid = C.RF("weixinid"); if (_weixinid.Length > 0 && D.ExecScalar("select count(*) from [User] where [OAuthWeixin]=@OAuthWeixin", D.GetParam("@OAuthWeixin", _weixinid)) > 0) C.W(); string Username = C.HtmlEn(C.RF("_Username").Trim()); string Password = C.HtmlEn(C.RF("_Password").Trim()); string lastuid = D.GetField("select [ID] from [User] order by id desc"); if (!C.IsNum(lastuid)) lastuid = "0"; if ((_openid.Length > 0 || _weixinid.Length > 0) && Username.Length == 0) { string 昵称 = C.RequestFormDecode("nickname").Replace(" ", "").Replace(" ", "").Trim(); if (昵称.Length > 1 && 昵称.Length < 20 && C.IsMatch(昵称, @"^[\u4E00-\u9FA5A-Za-z0-9_]+$") && D.ExecScalar("select count(*) from [User] where [Username]=@Username", D.GetParam("@Username", 昵称)) <= 0) Username = 昵称; else { bool nick_whe = true; 昵称 = filter(昵称); for (int i = 2; i <= 9; i++) { string 昵称2 = 昵称 + i.ToString(); if (昵称2.Length > 2 && 昵称2.Length < 20 && C.IsMatch(昵称2, @"^[\u4E00-\u9FA5A-Za-z0-9_]+$") && D.ExecScalar("select count(*) from [User] where [Username]=@Username", D.GetParam("@Username", 昵称2)) <= 0) { Username = 昵称2; nick_whe = false; break; } } if (nick_whe) Username = "u-" + C.GetRandomMinToMax(100, 999).ToString() + (Convert.ToInt32(lastuid) + 1).ToString(); } } if ((_openid.Length > 0 || _weixinid.Length > 0) && Password.Length == 0) Password = "p-" + DateTime.Now.ToString("yyMMdd") + C.GetRandomMinToMax(10, 99).ToString(); if (Username.Length == 0) C.W(); if (D.ExecScalar("select count(*) from [User] where [Username]=@Username", D.GetParam("@Username", Username)) > 0) C.W("2"); if (_openid.Length == 0 && _weixinid.Length == 0) { if (!地区注册限制()) C.W();//移到此处 if (!SAFE.地区黑名单()) C.W("4");//移到此处 if (!B.BanUsername(Username)) C.W("ban"); } string Enable = "1"; string Activation = B.FloodPostVerify() ? B.Config("RegisterActivation") : "0"; if (B.Config("RegisterFloodPostPrevent") == "1" && !B.FloodPostVerify()) C.W(); if (_openid.Length == 0 && _weixinid.Length == 0) { if (Username.Length < 1 || Username.Length > 20 && !C.IsMatch(Username, @"^[\u4E00-\u9FA5A-Za-z0-9_]+$")) C.W();//涉嫌非法注入注册,禁止这种非法注册 } if (Username.ToLower().Contains("-ban")) C.W();//实则用户名中含有-ban是软删的会员。 string Email = C.RF("_Email"); if (Email.Contains("@") && B.Config("UserEmailActivation") == "1") { if (D.ExecScalar("select count(*) from [User] where [Email]=@Email", D.GetParam("@Email", Email)) > 0) C.W("3"); } string now = C.Now(); string parms = string.Empty; parms += D.CombineParam("@Enable", Enable); parms += D.CombineParam("@Activation", Activation); parms += D.CombineParam("@Type", ""); parms += D.CombineParam("@InsertTime", now); parms += D.CombineParam("@Username", Username); parms += D.CombineParam("@Password", C.EncryEncode(Password)); parms += D.CombineParam("@Email", Email); parms += D.CombineParam("@MobilePhone", ""); parms += D.CombineParam("@QQ", ""); parms += D.CombineParam("@Face", ""); parms += D.CombineParam("@LoginTotal", "0"); parms += D.CombineParam("@LastLoginTime", now); parms += D.CombineParam("@LastLoginIP", ""); parms += D.CombineParam("@RealNameAuth", "0"); parms += D.CombineParam("@CertifyAuth", "0"); parms += D.CombineParam("@EmailAuth", "0"); parms += D.CombineParam("@MobilePhoneAuth", "0"); parms += D.CombineParam("@RegisterIP", C.GetClientIP()); parms += D.CombineParam("@OAuthQQ", _openid); parms += D.CombineParam("@OAuthWeixin", _weixinid); parms += D.CombineParam("@Honest", "0"); parms += D.CombineParam("@ByWap", C.MobilePlatform()); string sql = string.Empty; sql = "insert into [User]([Enable],[Activation],[Type],[InsertTime],[Username],[Password],[Email],[MobilePhone],[QQ],[Face],[LoginTotal],[LastLoginTime],[LastLoginIP],[RealNameAuth],[CertifyAuth],[EmailAuth],[MobilePhoneAuth],[RegisterIP],[OAuthQQ],[OAuthWeixin],[Honest],[ByWap])values(@Enable,@Activation,@Type,@InsertTime,@Username,@Password,@Email,@MobilePhone,@QQ,@Face,@LoginTotal,@LastLoginTime,@LastLoginIP,@RealNameAuth,@CertifyAuth,@EmailAuth,@MobilePhoneAuth,@RegisterIP,@OAuthQQ,@OAuthWeixin,@Honest,@ByWap)"; if (D.ExecSQL(sql, D.GetParam(parms)) > 0) { if (_openid.Length == 0 && _weixinid.Length == 0) C.SetCookie("LastLoginUsername", C.EncryEncode(Username), DateTime.Now.AddDays(7)); if (B.UserLogin(Username, Password, 0, "") == "success") { } string uid = D.GetField("select [ID] from [User] where [Username]=@Username", D.GetParam("@Username", Username)); if (B.UserIntegralChange(uid, "+", Convert.ToInt32(B.Config("RegisterIntegral")), "会员注册")) { if (B.Config("RegisterSendMessage") == "1") { string message_标题 = D.GetField("select [Title] from [VariableTemplate] where [Type]='message' and [EnName]='WelcomeLetter'"); string message_内容 = D.GetField("select [Contents] from [VariableTemplate] where [Type]='message' and [EnName]='WelcomeLetter'"); message_标题 = message_标题.Replace("{SiteName}", B.Config("SiteName")).Replace("{SiteDomain}", B.Config("SiteDomain")).Replace("{HomePage}", B.Config("HomePage")).Replace("{Username}", Username).Replace("{Password}", Password); message_内容 = message_内容.Replace("{SiteName}", B.Config("SiteName")).Replace("{SiteDomain}", B.Config("SiteDomain")).Replace("{HomePage}", B.Config("HomePage")).Replace("{Username}", Username).Replace("{Password}", Password); B.SendMessage(true, uid, "0", message_标题, message_内容); } if (Email.Contains("@") && B.Config("RegisterSendEmail") == "1") { string email_标题 = D.GetField("select [Title] from [VariableTemplate] where [Type]='email' and [EnName]='WelcomeLetter'"); string email_内容 = D.GetField("select [Contents] from [VariableTemplate] where [Type]='email' and [EnName]='WelcomeLetter'"); email_标题 = email_标题.Replace("{SiteName}", B.Config("SiteName")).Replace("{SiteDomain}", B.Config("SiteDomain")).Replace("{HomePage}", B.Config("HomePage")).Replace("{Username}", Username).Replace("{Password}", Password); email_内容 = email_内容.Replace("{SiteName}", B.Config("SiteName")).Replace("{SiteDomain}", B.Config("SiteDomain")).Replace("{HomePage}", B.Config("HomePage")).Replace("{Username}", Username).Replace("{Password}", Password); B.SendMail(Email, email_标题, email_内容); } } 保存头像(uid, B.RemoteSingle(C.RequestFormDecode("face"))); C.W("1"); } C.W(); } void 保存头像(string cUID, string pic) { if (!pic.Contains("/p/") || !pic.Contains(".jpg")) return; string str; str = C.MakeThumbnail(pic, "/p/" + cUID + "/face/user_150x150.jpg", "_", 150, "x", 150, "C", false); str = C.MakeThumbnail(pic, "/p/" + cUID + "/face/user_120x120.jpg", "_", 120, "x", 120, "C", false); str = C.MakeThumbnail(pic, "/p/" + cUID + "/face/user_100x100.jpg", "_", 100, "x", 100, "C", false); str = C.MakeThumbnail(pic, "/p/" + cUID + "/face/user_80x80.jpg", "_", 80, "x", 80, "C", false); str = C.MakeThumbnail(pic, "/p/" + cUID + "/face/user_60x60.jpg", "_", 60, "x", 60, "C", false); str = C.MakeThumbnail(pic, "/p/" + cUID + "/face/user_50x50.jpg", "_", 50, "x", 50, "C", false); C.FileDel(pic); D.ExecSQL("update [User] set [Face]='/p/" + cUID + "/face/user.jpg' where id=" + cUID); } void CheckUsername() { string Username = C.HtmlEn(C.RF("_Username").Trim()); if (D.ExecScalar("select count(*) from [User] where [Username]=@Username", D.GetParam("@Username", Username)) > 0) C.W("2"); } protected bool 地区注册限制() { if (B.Config("RegisterLimitSwitch") == "1") { bool whe = false; string CityWordkey = B.Config("RegisterAllowCityWordkey"); if (CityWordkey.Length == 0) return true; string s = B.GetIpAttribution("http://www.ip138.com/ips138.asp?ip=" + C.GetClientIP() + "&action=2").Trim(); if (s.Length == 0) return true; foreach (string item in CityWordkey.Split(',')) { if (item.Trim().Length == 0) continue; if (s.Contains(item)) { whe = true; break; } } return whe; } return true; } protected string 返回地址() { string 来路地址 = C.UrlReferrer(); if (来路地址.Length == 0) return ""; string 顶级域名 = C.GetMainDomainByUrl(来路地址); if (来路地址.Contains("http://" + C.GetMainDomainByUrl(C.GetCurrentDomain()))) 顶级域名 = ""; if (来路地址.Contains("://")) 来路地址 = 来路地址.Substring(来路地址.IndexOf("://") + 3); if (来路地址.Contains("/")) 来路地址 = 来路地址.Substring(0, 来路地址.IndexOf("/")); string prefix = (顶级域名.Length == 0) ? "" : 来路地址.Replace(顶级域名, ""); if (prefix.Contains(".") && prefix.Substring(prefix.Length - 1) == ".") prefix = prefix.Substring(0, prefix.Length - 1); if (prefix != "") { return "http://" + prefix + "." + 顶级域名; } else { return "http://" + C.GetMainDomainByUrl(C.GetCurrentDomain()); } } string filter(string str) { string[] arr = { "~", "!", "@", "#", "$", "%", "^", "&", "*", "<", ">", "(", ")", "[", "]", "{", "}", "|", "\\", ":", ";", "\"", "'", ",", ".", "?", "+", "-", "*", "/", "=" }; foreach (string item in arr) { str = str.Replace(item, ""); } return str; } }