6 months ago · cbd5f17d11
--- a/src/admin/member_toadmin.php
+++ b/src/admin/member_toadmin.php
@@ -18,7 +18,7 @@ $row = array();
 if ($dopost == "toadmin") {
    $pwd = trim($pwd);
    if ($pwd != '' && preg_match("#[^0-9a-zA-Z_@!\.-]#", $pwd)) {
        ShowMsg('密码不合法，使用[0-9a-zA-Z_@!.-]范围以内字符', '-1');
        ShowMsg('密码不合法，仅限使用[0-9a-zA-Z_@!.-]', '-1');
        exit();
    }
    $safecodeok = substr(md5($cfg_cookie_encode.$randcode), 0, 24);
--- a/src/admin/sys_admin_user_add.php
+++ b/src/admin/sys_admin_user_add.php
@@ -15,7 +15,7 @@ if (empty($dopost)) $dopost = '';
 if ($dopost == 'add') {
    CheckCSRF();
    if (preg_match("#[^0-9a-zA-Z_@!\.-]#", $pwd) || preg_match("#[^0-9a-zA-Z_@!\.-]#", $userid)) {
        ShowMsg('密码或账号不合法，使用[0-9a-zA-Z_@!.-]范围以内字符', '-1');
        ShowMsg('密码或账号不合法，仅限使用[0-9a-zA-Z_@!.-]', '-1');
        exit();
    }
    $safecodeok = substr(md5($cfg_cookie_encode.$randcode), 0, 24);
--- a/src/admin/sys_admin_user_edit.php
+++ b/src/admin/sys_admin_user_edit.php
@@ -17,11 +17,11 @@ if ($dopost == 'saveedit') {
    CheckCSRF();
    $pwd = trim($pwd);
    if ($pwd != '' && preg_match("#[^0-9a-zA-Z_@!\.-]#", $pwd)) {
        ShowMsg('密码不合法，使用[0-9a-zA-Z_@!.-]范围以内字符', '-1');
        ShowMsg('密码不合法，仅限使用[0-9a-zA-Z_@!.-]', '-1');
        exit();
    }
    if (preg_match("#[^0-9a-zA-Z_@!\.-]#", $userid)) {
        ShowMsg('账号不合法，使用[0-9a-zA-Z_@!.-]范围以内字符', '-1');
        ShowMsg('账号不合法，仅限使用[0-9a-zA-Z_@!.-]', '-1');
        exit();
    }
    $safecodeok = substr(md5($cfg_cookie_encode.$randcode), 0, 24);
--- a/src/admin/templets/member_edit.htm
+++ b/src/admin/templets/member_edit.htm
@@ -37,7 +37,7 @@
 					<td>密码：</td>
 					<td>
 						<input type="text" name="pwd" id="pwd" class="admin-input-sm">
 						<span>（留空则不修改，使用[0-9a-zA-Z_@!.-]范围以内字符）</span>
 						<span>（留空则不修改，仅限使用[0-9a-zA-Z_@!.-]）</span>
 					</td>
 				</tr>
 				<tr>
--- a/src/admin/templets/member_toadmin.htm
+++ b/src/admin/templets/member_toadmin.htm
@@ -31,7 +31,7 @@
 				</tr>
 				<tr>
 					<td>密码：</td>
 					<td><input type="text" name="pwd" id="pwd" class="admin-input-sm">（留空则不修改，使用[0-9a-zA-Z_@!.-]范围以内字符）</td>
 					<td><input type="text" name="pwd" id="pwd" class="admin-input-sm">（留空则不修改，仅限使用[0-9a-zA-Z_@!.-]）</td>
 				</tr>
 				<tr>
 					<td>类型：</td>
--- a/src/admin/templets/sys_admin_user_add.htm
+++ b/src/admin/templets/sys_admin_user_add.htm
@@ -23,7 +23,7 @@
 					<td width="260">账号：</td>
 					<td>
 						<input type="text" name="userid" id="userid" class="admin-input-sm">
 						<span>（使用[0-9a-zA-Z_@!.-]范围以内字符）</span>
 						<span>（仅限使用[0-9a-zA-Z_@!.-]）</span>
 					</td>
 				</tr>
 				<tr>
@@ -37,7 +37,7 @@
 					<td>密码：</td>
 					<td>
 						<input type="text" name="pwd" id="pwd" class="admin-input-sm">
 						<span>（使用[0-9a-zA-Z_@!.-]范围以内字符）</span>
 						<span>（仅限使用[0-9a-zA-Z_@!.-]）</span>
 					</td>
 				</tr>
 				<tr>
--- a/src/admin/templets/sys_admin_user_edit.htm
+++ b/src/admin/templets/sys_admin_user_edit.htm
@@ -33,7 +33,7 @@
 					<td>密码：</td>
 					<td>
 						<input type="text" name="pwd" id="pwd" class="admin-input-sm">
 						<span>（留空则不修改，使用[0-9a-zA-Z_@!.-]范围以内字符）</span>
 						<span>（留空则不修改，仅限使用[0-9a-zA-Z_@!.-]）</span>
 					</td>
 				</tr>
 				<tr>
--- a/src/install/install.html
+++ b/src/install/install.html
@@ -90,12 +90,12 @@
 						<div class="form-group">
 							<label for="adminuser" class="form-label">管理员账号</label>
 							<input type="text" name="adminuser" id="adminuser" class="form-control" placeholder="admin">
 							<div class="form-text">使用[0-9a-zA-Z_@!.-]范围以内字符</div>
 							<div class="form-text">仅限使用[0-9a-zA-Z_@!.-]</div>
 						</div>
 						<div class="form-group">
 							<label for="adminpwd" class="form-label">管理员密码</label>
 							<input type="text" name="adminpwd" id="adminpwd" class="form-control" placeholder="admin">
 							<div class="form-text">使用[0-9a-zA-Z_@!.-]范围以内字符</div>
 							<div class="form-text">仅限使用[0-9a-zA-Z_@!.-]</div>
 						</div>
 						<div class="text-right"><button type="submit" class="btn btn-success">安装</button></div>
 					</form>
--- a/src/system/memberlogin.class.php
+++ b/src/system/memberlogin.class.php
@@ -45,7 +45,7 @@ function CheckUserID($uid, $msgtitle = '账号', $ckhas = TRUE)
            }
        } else {
            if (preg_match("/[^0-9a-z@\.-]/i", $ck_uid[$i])) {
                return $msgtitle.'使用[0-9a-zA-Z_@!.-]范围以内字符';
                return $msgtitle.'仅限使用[0-9a-zA-Z_@!.-]';
            }
        }
    }
--- a/src/user/reg_new.php
+++ b/src/user/reg_new.php
@@ -48,7 +48,7 @@ if ($step == 1) {
            exit();
        }
        if (preg_match("#[^0-9a-zA-Z_@!\.-]#", $userid)) {
            ShowMsg('账号不合法，使用[0-9a-zA-Z_@!.-]范围以内字符', '-1');
            ShowMsg('账号不合法，仅限使用[0-9a-zA-Z_@!.-]', '-1');
            exit();
        }
        if ($pwdc != $pwd) {