当前位置| 科技 > > 列表>详情

CrossdayDiscuz!Board是什么意思?php 用户名包含敏感字怎么解决?

2022-12-15 15:31:11 来源:亚洲网

CrossdayDiscuz! Board是什么意思?
CrossdayDiscuz! Board(简称 Discuz!)是北京康盛新创科技有限责任公司推出的一套通用的社区论坛软件系统。自2001年6月面世以来,Discuz!已拥有15年以上的应用历史和200多万网站用户案例,是全球成熟度最高、覆盖率最大的论坛软件系统之一。最新版本Discuz! X3.4正式版于2017年8月2日发布,去除了云平台的相关代码,是 X3.2 的稳定版本。2010年8月23日,康盛创想与腾讯达成收购协议,成为腾讯的全资子公司。

php 用户名包含敏感字符,Discuz用中文带"欣"注册也提示“用户名包含敏感字符或被系统屏蔽,请返回重新填写”...

应该是discuz的bug。

在dz/uc_client/model/user.php和uc/model/user.php文件中,有找到这个地方:

复制代码

在这个过滤中$guestexp =

'\xA1\xA1|\xAC\xA3|^Guest|^\xD3\xCE\xBF\xCD|\xB9\x43\xAB\xC8';注意标了黑体的

“欣”这个汉字的utf8编码是0xE60xAC0xA3 ,所以就被当成了被屏蔽的字符。修改如下

!defined('IN_UC') &&

exit('Access Denied');

class usermodel {

var $db;

var $base;

function __construct(&$base) {

$this->usermodel($base);

}

function usermodel(&$base) {

$this->base = $base;

$this->db = $base->db;

}

function get_user_by_uid($uid) {

$arr = $this->db->fetch_first("SELECT

* FROM ".UC_DBTABLEPRE."members WHERE uid='$uid'");

return $arr;

}

function get_user_by_username($username) {

$arr = $this->db->fetch_first("SELECT

* FROM ".UC_DBTABLEPRE."members WHERE username='$username'");

return $arr;

}

function get_user_by_email($email) {

$arr = $this->db->fetch_first("SELECT

* FROM ".UC_DBTABLEPRE."members WHERE email='$email'");

return $arr;

}

function check_username($username) {

$guestexp = '^Guest';

$len = strlen($username);

if($len > 15 || $len < 3 ||

preg_match("/\s+|^c:\\con\\con|[%,\*\"\s\\&]|$guestexp/is",

$username)) {

return FALSE;

} else {

return TRUE;

}

}

或者用一下代码替换

!defined('IN_UC') &&

exit('Access Denied');

class usermodel {

var $db;

var $base;

function __construct(&$base) {

$this->usermodel($base);

}

function usermodel(&$base) {

$this->base = $base;

$this->db = $base->db;

}

function get_user_by_uid($uid) {

$arr = $this->db->fetch_first("SELECT

* FROM ".UC_DBTABLEPRE."members WHERE uid='$uid'");

return $arr;

}

function get_user_by_username($username) {

$arr = $this->db->fetch_first("SELECT

* FROM ".UC_DBTABLEPRE."members WHERE username='$username'");

return $arr;

}

function get_user_by_email($email) {

$arr = $this->db->fetch_first("SELECT

* FROM ".UC_DBTABLEPRE."members WHERE email='$email'");

return $arr;

}

function check_username($username) {

$guestexp = '^Guest';

$len = strlen($username);

if($len > 15 || $len < 3 ||

preg_match("/\s+|^c:\\con\\con|[%,\*\"\s\\&]|$guestexp/is",

$username)) {

return FALSE;

} else {

return TRUE;

}

}

function check_mergeuser($username) {

$data =

$this->db->result_first("SELECT

count(*) FROM ".UC_DBTABLEPRE."mergemembers WHERE

appid='".$this->base->app['appid']."'

AND username='$username'");

return $data;

}

function check_usernamecensor($username) {

$_CACHE['badwords'] =

$this->base->cache('badwords');

$censorusername =

$this->base->get_setting('censorusername');

$censorusername = $censorusername['censorusername'];

$censorexp = '/^('.str_replace(array('\\*', "\r\n", ' '),

array('.*', '|', ''), preg_quote(($censorusername =

trim($censorusername)), '/')).')$/i';

$usernamereplaced = isset($_CACHE['badwords']['findpattern'])

&&

!empty($_CACHE['badwords']['findpattern']) ?

@preg_replace($_CACHE['badwords']['findpattern'],

$_CACHE['badwords']['replace'], $username) : $username;

if(($usernamereplaced != $username) || ($censorusername

&& preg_match($censorexp,

$username))) {

return FALSE;

} else {

return TRUE;

}

}

function check_usernameexists($username) {

$data =

$this->db->result_first("SELECT

username FROM ".UC_DBTABLEPRE."members WHERE

username='$username'");

return $data;

}

function check_emailformat($email) {

return strlen($email) > 6

&&

preg_match("/^[\w\-\.]+@[\w\-\.]+(\.\w+)+$/", $email);

}

function check_emailaccess($email) {

$setting =

$this->base->get_setting(array('accessemail',

'censoremail'));

$accessemail = $setting['accessemail'];

$censoremail = $setting['censoremail'];

$accessexp = '/('.str_replace("\r\n", '|',

preg_quote(trim($accessemail), '/')).')$/i';

$censorexp = '/('.str_replace("\r\n", '|',

preg_quote(trim($censoremail), '/')).')$/i';

if($accessemail || $censoremail) {

if(($accessemail &&

!preg_match($accessexp, $email)) || ($censoremail

&& preg_match($censorexp, $email)))

{

return FALSE;

} else {

return TRUE;

}

} else {

return TRUE;

}

}

function check_emailexists($email, $username = '') {

$sqladd = $username !== '' ? "AND

username<>'$username'" : '';

$email =

$this->db->result_first("SELECT email

FROM ".UC_DBTABLEPRE."members WHERE email='$email' $sqladd");

return $email;

}

function check_login($username, $password,

&$user) {

$user =

$this->get_user_by_username($username);

if(empty($user['username'])) {

return -1;

} elseif($user['password'] != md5(md5($password).$user['salt']))

{

return -2;

}

return $user['uid'];

}

function add_user($username, $password, $email, $uid = 0,

$questionid = '', $answer = '', $regip = '') {

$regip = empty($regip) ?

$this->base->onlineip : $regip;

$salt = substr(uniqid(rand()), -6);

$password = md5(md5($password).$salt);

$sqladd = $uid ? "uid='".intval($uid)."'," : '';

$sqladd .= $questionid > 0 ? "

secques='".$this->quescrypt($questionid,

$answer)."'," : " secques='',";

$this->db->query("INSERT INTO

".UC_DBTABLEPRE."members SET $sqladd username='$username',

password='$password', email='$email', regip='$regip',

regdate='".$this->base->time."',

salt='$salt'");

$uid = $this->db->insert_id();

$this->db->query("INSERT INTO

".UC_DBTABLEPRE."memberfields SET uid='$uid'");

return $uid;

}

function edit_user($username, $oldpw, $newpw, $email,

$ignoreoldpw = 0, $questionid = '', $answer = '') {

$data =

$this->db->fetch_first("SELECT

username, uid, password, salt FROM ".UC_DBTABLEPRE."members WHERE

username='$username'");

if($ignoreoldpw) {

$isprotected =

$this->db->result_first("SELECT

COUNT(*) FROM ".UC_DBTABLEPRE."protectedmembers WHERE uid =

'$data[uid]'");

if($isprotected) {

return -8;

}

}

if(!$ignoreoldpw &&

$data['password'] != md5(md5($oldpw).$data['salt'])) {

return -1;

}

$sqladd = $newpw ?

"password='".md5(md5($newpw).$data['salt'])."'" : '';

$sqladd .= $email ? ($sqladd ? ',' : '')." email='$email'" :

'';

if($questionid !== '') {

if($questionid > 0) {

$sqladd .= ($sqladd ? ',' : '')."

secques='".$this->quescrypt($questionid,

$answer)."'";

} else {

$sqladd .= ($sqladd ? ',' : '')." secques=''";

}

}

if($sqladd || $emailadd) {

$this->db->query("UPDATE

".UC_DBTABLEPRE."members SET $sqladd WHERE

username='$username'");

return

$this->db->affected_rows();

} else {

return -7;

}

}

function delete_user($uidsarr) {

$uidsarr = (array)$uidsarr;

if(!$uidsarr) {

return 0;

}

$uids =

$this->base->implode($uidsarr);

$arr = $this->db->fetch_all("SELECT

uid FROM ".UC_DBTABLEPRE."protectedmembers WHERE uid IN

($uids)");

$puids = array();

foreach((array)$arr as $member) {

$puids[] = $member['uid'];

}

$uids =

$this->base->implode(array_diff($uidsarr,

$puids));

if($uids) {

$this->db->query("DELETE FROM

".UC_DBTABLEPRE."members WHERE uid IN($uids)");

$this->db->query("DELETE FROM

".UC_DBTABLEPRE."memberfields WHERE uid IN($uids)");

uc_user_deleteavatar($uidsarr);

$this->base->load('note');

$_ENV['note']->add('deleteuser', "ids=$uids");

return

$this->db->affected_rows();

} else {

return 0;

}

}

function get_total_num($sqladd = '') {

$data =

$this->db->result_first("SELECT

COUNT(*) FROM ".UC_DBTABLEPRE."members $sqladd");

return $data;

}

function get_list($page, $ppp, $totalnum, $sqladd) {

$start =

$this->base->page_get_start($page,

$ppp, $totalnum);

$data = $this->db->fetch_all("SELECT

* FROM ".UC_DBTABLEPRE."members $sqladd LIMIT $start, $ppp");

return $data;

}

function name2id($usernamesarr) {

$usernamesarr = uc_addslashes($usernamesarr, 1, TRUE);

$usernames =

$this->base->implode($usernamesarr);

$query = $this->db->query("SELECT uid

FROM ".UC_DBTABLEPRE."members WHERE username

IN($usernames)");

$arr = array();

while($user =

$this->db->fetch_array($query))

{

$arr[] = $user['uid'];

}

return $arr;

}

function quescrypt($questionid, $answer) {

return $questionid > 0

&& $answer != '' ?

substr(md5($answer.md5($questionid)), 16, 8) : '';

}

}

?>

标签: CrossdayDiscuz! CrossdayDiscuz! Board是什么意思 信息技术