CrossdayDiscuz! Board是什么意思?
CrossdayDiscuz! Board(简称 Discuz!)是北京康盛新创科技有限责任公司推出的一套通用的社区论坛软件系统。自2001年6月面世以来,Discuz!已拥有15年以上的应用历史和200多万网站用户案例,是全球成熟度最高、覆盖率最大的论坛软件系统之一。最新版本Discuz! X3.4正式版于2017年8月2日发布,去除了云平台的相关代码,是 X3.2 的稳定版本。2010年8月23日,康盛创想与腾讯达成收购协议,成为腾讯的全资子公司。
php 用户名包含敏感字符,Discuz用中文带"欣"注册也提示“用户名包含敏感字符或被系统屏蔽,请返回重新填写”...
应该是discuz的bug。
在dz/uc_client/model/user.php和uc/model/user.php文件中,有找到这个地方:
复制代码
在这个过滤中$guestexp =
'\xA1\xA1|\xAC\xA3|^Guest|^\xD3\xCE\xBF\xCD|\xB9\x43\xAB\xC8';注意标了黑体的
“欣”这个汉字的utf8编码是0xE60xAC0xA3 ,所以就被当成了被屏蔽的字符。修改如下
!defined('IN_UC') &&
exit('Access Denied');
class usermodel {
var $db;
var $base;
function __construct(&$base) {
$this->usermodel($base);
}
function usermodel(&$base) {
$this->base = $base;
$this->db = $base->db;
}
function get_user_by_uid($uid) {
$arr = $this->db->fetch_first("SELECT
* FROM ".UC_DBTABLEPRE."members WHERE uid='$uid'");
return $arr;
}
function get_user_by_username($username) {
$arr = $this->db->fetch_first("SELECT
* FROM ".UC_DBTABLEPRE."members WHERE username='$username'");
return $arr;
}
function get_user_by_email($email) {
$arr = $this->db->fetch_first("SELECT
* FROM ".UC_DBTABLEPRE."members WHERE email='$email'");
return $arr;
}
function check_username($username) {
$guestexp = '^Guest';
$len = strlen($username);
if($len > 15 || $len < 3 ||
preg_match("/\s+|^c:\\con\\con|[%,\*\"\s\\&]|$guestexp/is",
$username)) {
return FALSE;
} else {
return TRUE;
}
}
或者用一下代码替换
!defined('IN_UC') &&
exit('Access Denied');
class usermodel {
var $db;
var $base;
function __construct(&$base) {
$this->usermodel($base);
}
function usermodel(&$base) {
$this->base = $base;
$this->db = $base->db;
}
function get_user_by_uid($uid) {
$arr = $this->db->fetch_first("SELECT
* FROM ".UC_DBTABLEPRE."members WHERE uid='$uid'");
return $arr;
}
function get_user_by_username($username) {
$arr = $this->db->fetch_first("SELECT
* FROM ".UC_DBTABLEPRE."members WHERE username='$username'");
return $arr;
}
function get_user_by_email($email) {
$arr = $this->db->fetch_first("SELECT
* FROM ".UC_DBTABLEPRE."members WHERE email='$email'");
return $arr;
}
function check_username($username) {
$guestexp = '^Guest';
$len = strlen($username);
if($len > 15 || $len < 3 ||
preg_match("/\s+|^c:\\con\\con|[%,\*\"\s\\&]|$guestexp/is",
$username)) {
return FALSE;
} else {
return TRUE;
}
}
function check_mergeuser($username) {
$data =
$this->db->result_first("SELECT
count(*) FROM ".UC_DBTABLEPRE."mergemembers WHERE
appid='".$this->base->app['appid']."'
AND username='$username'");
return $data;
}
function check_usernamecensor($username) {
$_CACHE['badwords'] =
$this->base->cache('badwords');
$censorusername =
$this->base->get_setting('censorusername');
$censorusername = $censorusername['censorusername'];
$censorexp = '/^('.str_replace(array('\\*', "\r\n", ' '),
array('.*', '|', ''), preg_quote(($censorusername =
trim($censorusername)), '/')).')$/i';
$usernamereplaced = isset($_CACHE['badwords']['findpattern'])
&&
!empty($_CACHE['badwords']['findpattern']) ?
@preg_replace($_CACHE['badwords']['findpattern'],
$_CACHE['badwords']['replace'], $username) : $username;
if(($usernamereplaced != $username) || ($censorusername
&& preg_match($censorexp,
$username))) {
return FALSE;
} else {
return TRUE;
}
}
function check_usernameexists($username) {
$data =
$this->db->result_first("SELECT
username FROM ".UC_DBTABLEPRE."members WHERE
username='$username'");
return $data;
}
function check_emailformat($email) {
return strlen($email) > 6
&&
preg_match("/^[\w\-\.]+@[\w\-\.]+(\.\w+)+$/", $email);
}
function check_emailaccess($email) {
$setting =
$this->base->get_setting(array('accessemail',
'censoremail'));
$accessemail = $setting['accessemail'];
$censoremail = $setting['censoremail'];
$accessexp = '/('.str_replace("\r\n", '|',
preg_quote(trim($accessemail), '/')).')$/i';
$censorexp = '/('.str_replace("\r\n", '|',
preg_quote(trim($censoremail), '/')).')$/i';
if($accessemail || $censoremail) {
if(($accessemail &&
!preg_match($accessexp, $email)) || ($censoremail
&& preg_match($censorexp, $email)))
{
return FALSE;
} else {
return TRUE;
}
} else {
return TRUE;
}
}
function check_emailexists($email, $username = '') {
$sqladd = $username !== '' ? "AND
username<>'$username'" : '';
$email =
$this->db->result_first("SELECT email
FROM ".UC_DBTABLEPRE."members WHERE email='$email' $sqladd");
return $email;
}
function check_login($username, $password,
&$user) {
$user =
$this->get_user_by_username($username);
if(empty($user['username'])) {
return -1;
} elseif($user['password'] != md5(md5($password).$user['salt']))
{
return -2;
}
return $user['uid'];
}
function add_user($username, $password, $email, $uid = 0,
$questionid = '', $answer = '', $regip = '') {
$regip = empty($regip) ?
$this->base->onlineip : $regip;
$salt = substr(uniqid(rand()), -6);
$password = md5(md5($password).$salt);
$sqladd = $uid ? "uid='".intval($uid)."'," : '';
$sqladd .= $questionid > 0 ? "
secques='".$this->quescrypt($questionid,
$answer)."'," : " secques='',";
$this->db->query("INSERT INTO
".UC_DBTABLEPRE."members SET $sqladd username='$username',
password='$password', email='$email', regip='$regip',
regdate='".$this->base->time."',
salt='$salt'");
$uid = $this->db->insert_id();
$this->db->query("INSERT INTO
".UC_DBTABLEPRE."memberfields SET uid='$uid'");
return $uid;
}
function edit_user($username, $oldpw, $newpw, $email,
$ignoreoldpw = 0, $questionid = '', $answer = '') {
$data =
$this->db->fetch_first("SELECT
username, uid, password, salt FROM ".UC_DBTABLEPRE."members WHERE
username='$username'");
if($ignoreoldpw) {
$isprotected =
$this->db->result_first("SELECT
COUNT(*) FROM ".UC_DBTABLEPRE."protectedmembers WHERE uid =
'$data[uid]'");
if($isprotected) {
return -8;
}
}
if(!$ignoreoldpw &&
$data['password'] != md5(md5($oldpw).$data['salt'])) {
return -1;
}
$sqladd = $newpw ?
"password='".md5(md5($newpw).$data['salt'])."'" : '';
$sqladd .= $email ? ($sqladd ? ',' : '')." email='$email'" :
'';
if($questionid !== '') {
if($questionid > 0) {
$sqladd .= ($sqladd ? ',' : '')."
secques='".$this->quescrypt($questionid,
$answer)."'";
} else {
$sqladd .= ($sqladd ? ',' : '')." secques=''";
}
}
if($sqladd || $emailadd) {
$this->db->query("UPDATE
".UC_DBTABLEPRE."members SET $sqladd WHERE
username='$username'");
return
$this->db->affected_rows();
} else {
return -7;
}
}
function delete_user($uidsarr) {
$uidsarr = (array)$uidsarr;
if(!$uidsarr) {
return 0;
}
$uids =
$this->base->implode($uidsarr);
$arr = $this->db->fetch_all("SELECT
uid FROM ".UC_DBTABLEPRE."protectedmembers WHERE uid IN
($uids)");
$puids = array();
foreach((array)$arr as $member) {
$puids[] = $member['uid'];
}
$uids =
$this->base->implode(array_diff($uidsarr,
$puids));
if($uids) {
$this->db->query("DELETE FROM
".UC_DBTABLEPRE."members WHERE uid IN($uids)");
$this->db->query("DELETE FROM
".UC_DBTABLEPRE."memberfields WHERE uid IN($uids)");
uc_user_deleteavatar($uidsarr);
$this->base->load('note');
$_ENV['note']->add('deleteuser', "ids=$uids");
return
$this->db->affected_rows();
} else {
return 0;
}
}
function get_total_num($sqladd = '') {
$data =
$this->db->result_first("SELECT
COUNT(*) FROM ".UC_DBTABLEPRE."members $sqladd");
return $data;
}
function get_list($page, $ppp, $totalnum, $sqladd) {
$start =
$this->base->page_get_start($page,
$ppp, $totalnum);
$data = $this->db->fetch_all("SELECT
* FROM ".UC_DBTABLEPRE."members $sqladd LIMIT $start, $ppp");
return $data;
}
function name2id($usernamesarr) {
$usernamesarr = uc_addslashes($usernamesarr, 1, TRUE);
$usernames =
$this->base->implode($usernamesarr);
$query = $this->db->query("SELECT uid
FROM ".UC_DBTABLEPRE."members WHERE username
IN($usernames)");
$arr = array();
while($user =
$this->db->fetch_array($query))
{
$arr[] = $user['uid'];
}
return $arr;
}
function quescrypt($questionid, $answer) {
return $questionid > 0
&& $answer != '' ?
substr(md5($answer.md5($questionid)), 16, 8) : '';
}
}
?>
当前位置
