public function username_check1() { unset ( $_SESSION ['uid'] ); unset ( $_SESSION ['member'] ); cookie ( 'auth', '1' ); $html = uc_user_synlogout (); $callback = isset ( $_GET ['jsonpCallback'] ) ? $_GET ['jsonpCallback'] : 'jsonpCallback'; $gid = htmlspecialchars($_GET['gid']); //并没有过滤 //若sid、uid 丢失 获取相应最新的开服 uid默认为平台默认推广账号 $uid_1 = htmlspecialchars($_GET['uid']); //推广编号 查询出他的上级id//这个同样是没有过滤 $username = strtolower(trim(htmlspecialchars($_GET ['cn']))); $password = trim ( htmlspecialchars($_GET ['pwd']) ); $domain = $this->getdomain($_SERVER['HTTP_HOST']); $email = $username.'@'.$domain; if (! preg_match ( "/^([a-zA-Z0-9]|[._]){5,22}$/", $username )) { $data = "{\"result\":\"err0003\"}"; echo $callback . '(' . $data . ')';die(); } if (strlen ( $password ) < 6 || strlen ( $password ) > 22 || $password == "") { $data = "{\"result\":\"err0006\"}"; echo $callback . '(' . $data . ')';die(); } // #### 接入UC ##### $uid = uc_user_register($username,$password,$email); $uid=321; if ($uid <= 0) { if ($uid == - 1) { $data = "{\"result\":\"err0001\"}"; echo $callback . '(' . $data . ')';die(); } elseif ($uid == - 2) { $data = "{\"result\":\"err0001\"}"; echo $callback . '(' . $data . ')';die(); } elseif ($uid == - 3) { $data = "{\"result\":\"err0003\"}"; echo $callback . '(' . $data . ')';die(); } elseif ($uid == - 4) { $data = "{\"result\":\"err0001\"}"; echo $callback . '(' . $data . ')';die(); } elseif ($uid == - 5) { $data = "{\"result\":\"err0001\"}"; echo $callback . '(' . $data . ')';die(); } elseif ($uid == - 6) { $data = "{\"result\":\"err0001\"}"; echo $callback . '(' . $data . ')';die(); } else { $data = "{\"result\":\"err0001\"}"; echo $callback . '(' . $data . ')';die(); } } else{ // 注册成功 $userinfo ['username'] = $username; $userinfo ['nickname'] = $username; $userinfo ['email'] = $email; $userinfo ['point'] = "0"; $userinfo ['id_card'] = ''; $userinfo ['uid'] = $uid; $model = M ( 'member' ); if ($model->add ($userinfo)) { $extend = M ( 'member_extend_info' ); $extends_info ['uid'] = $uid; $extends_info ['register_time'] = time (); $extends_info ['register_ip'] = get_client_ip (); $extends_info ['lastlogin_time'] = time (); $extends_info ['lastlogin_ip'] = get_client_ip (); $extends_info ['realname'] = ''; $extends_info ['from_soical'] = 'cps'; $extends_info ['gid'] = $gid; $extends_info ['sid'] = htmlspecialchars($_GET['sid']); $smodel = M('server'); if($extends_info ['sid']){ $extends_info ['sid'] = htmlspecialchars($_GET['sid']); //这也没过滤 }else{ $s_info= $smodel->where("status = '0' and gid = ".$gid)->order('add_time desc')->select(); $extends_info ['sid'] =$s_info[0]['sid']; } //确保sid与gid是同一款游戏 $s_info1= $smodel->where("sid = ".$extends_info ['sid'])->find(); //这是第三处 if($s_info1['gid']!=$extends_info ['gid']){ $s_info= $smodel->where("status = '0' and gid = ".$gid)->order('add_time desc')->select(); //这是第一处 $extends_info ['sid'] =$s_info[0]['sid']; } $sid = $extends_info ['sid']; //推广链接本身就是一级公会链接 if($uid_1){ $info = $extend->where (' grouping = 1 and uid ='.$uid_1)->find (); //这是第二处 if (empty($info)) { $extends_info ['sub_channels'] = '4'; $extends_info ['total_channels'] = '4'; }else{ $extends_info ['sub_channels'] = $uid_1; if($info['subsign']=='0'){ $extends_info ['total_channels'] = $uid_1; }else{ $extends_info ['total_channels'] = $info['subsign']; } } }else{ $extends_info ['sub_channels'] = '4'; $extends_info ['total_channels'] = '4'; } $extend->add($extends_info); // 设置cookies setcookie ('auth', uc_authcode ( $uid . "\t" . $username, 'ENCODE' ), 0, C ( 'COOKIE_PATH' ), C ( 'COOKIE_DOMAIN' ), 0, false ); setcookie ( 'name', $username, time () + 3600, "/" ); /** * ********************************** */ // 防止本机注册 import ( "@.ORG.Getmacaddr" ); $mac = new GetMacAddr ( PHP_OS ); $ip = get_client_ip (); $macaddr = $mac->mac_addr; setcookie ( "gameplf_anti_csrf", md5 ( $macaddr ), time () + 3600 * 24, "/" ); setcookie ( "login_check_ip", md5 ( $ip ), time () + 3600 * 24, "/" ); $ucsynlogin = uc_user_synlogin ( $uid ); $_SESSION ['uid'] = $uid; $_SESSION ['member'] = $username; $ucsynlogin =str_replace('"', "'", $ucsynlogin); $data="{\"result\":\"success\",\"gid\":\"$gid\",\"fid\":\"$sid\",\"login\":\"$ucsynlogin\"}"; echo $callback . '(' . $data . ')';die(); } else { $data = "{\"result\":\"err0001\"}"; echo $callback . '(' . $data . ')';die(); } } }