<?php
mb_language("Japanese");
mb_internal_encoding("UTF-8");
$userName = $_POST["userName"];
$userEmail = $_POST["userEmail"];
$passWord = $_POST["passWord"];
$image = $_FILES['image'];
require_once 'connect.php';
mysql_set_charset('utf8');
$cResponse = new loginResult;
if (!preg_match('/^(?:(?:(?:(?:[a-zA-Z0-9_!#\$\%&\'*+\/=?\^`{}~|\-]+)(?:\.(?:[a-zA-Z0-9_!#\$\%&\'*+\/=?\^`{}~|\-]+))*)|(?:"(?:\\[^\r\n]|[^\\"])*")))\@(?:(?:(?:(?:[a-zA-Z0-9_!#\$\%&\'*+\/=?\^`{}~|\-]+)(?:\.(?:[a-zA-Z0-9_!#\$\%&\'*+\/=?\^`{}~|\-]+))*)|(?:\[(?:\\\S|[\x21-\x5a\x5e-\x7e])*\])))$/', $userEmail)) {
$cResponse ->statusID = 0;
$cResponse ->msg = "EMAIL";
$cResponse ->action = "login";
echo urldecode (json_encode($cResponse));
exit;
}
$query = "SELECT * FROM ce276a_users where email = '$userEmail'";
$result = @mysql_query($query);
$rowNum = mysql_num_rows($result);
if ($rowNum > 0) {
$cResponse ->statusID = 0;
$cResponse ->msg = "EMAIL1";
$cResponse ->action = "login";
}
else {
if ($image) {
$md5 = md5(date("YmdD His"));
$filename = "cavt".substr($md5, 0, 21).".jpg";
move_uploaded_file( $image["tmp_name"], '../../uploads/'.$filename);
$file = $filename;
$img_path = $file;
}
$passWord = md5($passWord);
$uploadDate =date("Y/m/d H:i:s");
$uploadDate = strtotime("$uploadDate");
$actkey=substr(md5(uniqid(mt_rand(),1)),0,8);
$user_mailok = "0";
if (strlen($img_path) != 0) {
$sql = sprintf("INSERT INTO ce276a_users(uname,email,user_avatar,actkey,user_regdate,pass,last_login,user_mailok)
VALUES('%s', '%s','%s','%s','%s','%s','%s','%s')", $userName,$userEmail,$img_path,$actkey,$uploadDate,$passWord,$uploadDate,$user_mailok);
}
else{
$sql = sprintf("INSERT INTO ce276a_users(uname,email,actkey,user_regdate,pass,last_login,user_mailok)
VALUES('%s', '%s','%s','%s','%s','%s','%s')", $userName,$userEmail,$actkey,$uploadDate,$passWord,$uploadDate,$user_mailok);
}
if (!mysql_query($sql)) {
$cResponse ->statusID = 0;
$cResponse ->msg = mysql_error();
$cResponse ->action = "login";
}else{
$query1 = "SELECT * FROM ce276a_users where email = '$userEmail' and pass = '$passWord'";
$result1 = @mysql_query($query1);
$rowNum1 = mysql_num_rows($result1);
if ($rowNum1 > 0) {
$cResponse ->statusID = 1;
$cResponse ->msg = "注册成功";
$cResponse ->action = "login";
$response = array();
while ($line = mysql_fetch_array($result1,MYSQL_ASSOC)) {
$uid = $line["uid"];
$response[]= array(
"uid" => $uid,
"name" => $line["name"],
"uname" => $line["uname"],
"email" => $line["email"],
"url" => $line["url"],
"user_avatar" =>$line["user_avatar"],
"user_regdate" => $line["user_regdate"],
"user_icq" => $line["user_icq"],
"user_sig" => $line["user_sig"],
"user_from" => $line["user_from"],
"user_viewemail" => $line["user_viewemail"],
"actkey" => $line["actkey"],
"user_aim" => $line["user_aim"],
"user_yim" => $line["user_yim"],
"user_msnm" => $line["user_msnm"],
"pass" => $line["pass"],
"posts" => $line["posts"],
"attachsig" => $line["attachsig"],
"rank" => $line["rank"],
"level" => $line["level"],
"theme" => $line["theme"],
"timezone_offset" => $line["timezone_offset"],
"last_login" => $line["last_login"],
"umode" => $line["umode"],
"uorder" => $line["uorder"],
"notify_method" => $line["notify_method"],
"notify_mode" => $line["notify_mode"],
"user_occ" => $line["user_occ"],
"bio" => $line["bio"],
"user_intrest" => $line["user_intrest"],
"user_mailok" => $line["user_mailok"],
);
break;
}
if (!empty($response)) {
$groupid = 2;
$sql = sprintf("INSERT INTO ce276a_groups_users_link(groupid,uid)
VALUES('%s','%s')",$groupid,$uid);
mysql_query($sql);
$cResponse ->reArray = $response;
}
}
}
}
echo urldecode (json_encode($cResponse));
?>
SQLインジェクション対策していないので直さないといけない、、、