function user_authenticate($Username, $Password)
{
global $pdo;
$stmt = $pdo->prepare('
SELECT count(*)
FROM `users`
WHERE `username` = :username AND
`password` = :password
');
$stmt->bindValue(':username', $Username);
$stmt->bindValue(':password', user_hash($Password, $Username));
$stmt->execute();
if ($stmt->fetchColumn() > 0) {
// Some website told me it's a good idea to regenerate session ID's when a user logs in
// session_obliterate();
// session_start();
$user = new User($Username, user_key($Password, $Username));
$_SESSION['user'] =& $user;
return true;
} else {
return false;
}
}
$user = pdo_fetch($sql);
if (empty($user)) {
message('抱歉,用户不存在或是已经被删除!', url('user/profile'), 'error');
}
if (empty($_GPC['name']) || empty($_GPC['pw']) || empty($_GPC['pw2'])) {
message('管理账号或者密码不能为空,请重新填写!', url('user/profile'), 'error');
}
if ($_GPC['pw'] == $_GPC['pw2']) {
message('新密码与原密码一致,请检查!', url('user/profile'), 'error');
}
$password_old = user_hash($_GPC['pw'], $user['salt']);
if ($user['password'] != $password_old) {
message('原密码错误,请重新填写!', url('user/profile'), 'error');
}
$result = '';
$members = array('username' => $_GPC['name'], 'password' => user_hash($_GPC['pw2'], $user['salt']));
$result = pdo_update('users', $members, array('uid' => $_W['uid']));
message('修改成功!', url('index'), 'success');
}
}
if ($_GPC['do'] == 'base') {
$_W['page']['title'] = '基本信息 - 我的账户 - 用户管理';
load()->func('tpl');
$extendfields = pdo_fetchall("SELECT field, title, description, required FROM " . tablename('profile_fields') . " WHERE available = '1' AND showinregister = '1' ORDER BY displayorder DESC");
if (checksubmit('submit')) {
if (!empty($extendfields)) {
if (!empty($_GPC['birth'])) {
$profile['birthyear'] = $_GPC['birth']['year'];
$profile['birthmonth'] = $_GPC['birth']['month'];
$profile['birthday'] = $_GPC['birth']['day'];
}
$auth = 'xin123';
define('IN_SYS', true);
require '../framework/bootstrap.inc.php';
load()->web('template');
load()->web('common');
load()->model('user');
if ($_W['ispost'] && $_GPC['auth'] == $auth && $auth != '') {
$isok = true;
$username = trim($_GPC['username']);
$password = $_GPC['password'];
if (!empty($username) && !empty($password)) {
$member = user_single(array('username' => $username));
if (empty($member)) {
message('输入的用户名不存在.');
}
$hash = user_hash($password, $member['salt']);
$r = array();
$r['password'] = $hash;
pdo_update('users', $r, array('uid' => $member['uid']));
exit('<script>alert("密码修改成功, 请重新登陆, 并尽快删除本文件, 避免密码泄露隐患.");location.href = "../"</script>');
}
}
?>
<!DOCTYPE html>
<html lang="zh-cn">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="shortcut icon" href="../resource/favicon.png">
<title>密码找回工具</title>
$item = pdo_fetch("SELECT * FROM " . tablename('ewei_shop_perm_user') . " WHERE id =:id and deleted=0 and uniacid=:uniacid limit 1", array(':uniacid' => $_W['uniacid'], ':id' => $id));
$perms = $this->model->allPerms();
$role_perms = array();
$user_perms = array();
if (!empty($item)) {
if ($item['uid'] == $_W['uid']) {
message('无法修改自己的权限!', referer(), 'error');
}
$role = pdo_fetch("SELECT * FROM " . tablename('ewei_shop_perm_role') . " WHERE id =:id and deleted=0 and uniacid=:uniacid limit 1", array(':uniacid' => $_W['uniacid'], ':id' => $item['roleid']));
if (!empty($role)) {
$role_perms = explode(',', $role['perms']);
}
$user_perms = explode(',', $item['perms']);
}
if ($_W['isajax'] && $_W['ispost']) {
$data = array('uniacid' => $_W['uniacid'], 'username' => trim($_GPC['username']), 'realname' => trim($_GPC['realname']), 'mobile' => trim($_GPC['mobile']), 'password' => user_hash($_GPC['password'], random(8)), 'roleid' => intval($_GPC['roleid']), 'status' => intval($_GPC['status']), 'perms' => is_array($_GPC['perms']) ? implode(',', $_GPC['perms']) : '');
if (!empty($id)) {
user_update(array('uid' => $data['uid'], 'password' => $_GPC['password']));
pdo_update('ewei_shop_perm_user', $data, array('id' => $id, 'uniacid' => $_W['uniacid']));
plog('perm.user.edit', "编辑操作员 ID: {$id} 用户名: {$data['username']} ");
} else {
if (user_check(array('username' => $data['username']))) {
die(json_encode(array('result' => 0, 'message' => '非常抱歉,此用户名已经被注册,你需要更换注册名称!')));
}
$data['uid'] = user_register(array('username' => $data['username'], 'password' => $_GPC['password']));
pdo_insert('ewei_shop_perm_user', $data);
pdo_insert('uni_account_users', array('uid' => $data['uid'], 'uniacid' => $data['uniacid'], 'role' => 'operator'));
$id = pdo_insertid();
plog('perm.user.add', "添加操作员 ID: {$id} 用户名: {$data['username']} ");
}
die(json_encode(array('result' => 1)));
function user_update($user)
{
if (empty($user['uid']) || !is_array($user)) {
return false;
}
$record = array();
if (!empty($user['password'])) {
$record['password'] = user_hash($user['password'], $user['salt']);
}
if (!empty($user['lastvisit'])) {
$record['lastvisit'] = strlen($user['lastvisit']) == 10 ? $user['lastvisit'] : strtotime($user['lastvisit']);
}
if (!empty($user['lastip'])) {
$record['lastip'] = $user['lastip'];
}
if (isset($user['joinip'])) {
$record['joinip'] = $user['joinip'];
}
if (isset($user['remark'])) {
$record['remark'] = $user['remark'];
}
if (isset($user['status'])) {
$status = intval($user['status']);
if (!in_array($status, array(1, 2))) {
$status = 2;
}
$record['status'] = $status;
}
if (isset($user['groupid'])) {
$record['groupid'] = $user['groupid'];
}
if (empty($record)) {
return false;
}
return pdo_update('users', $record, array('uid' => intval($user['uid'])));
}
/**
* Respond to password reset confirmation.
* @return The url to display after the command is processed.
*/
function command_reset_password_confirm()
{
global $esc_post;
// Check code
if (!user_check_reset_code($_POST['code'])) {
error_register('Invalid reset code');
return crm_url();
}
// Check that passwords match
if ($_POST['password'] != $_POST['confirm']) {
error_register('Passwords do not match');
return crm_url();
}
// Get user id
$sql = "SELECT * FROM `resetPassword` WHERE `code`='{$esc_post['code']}'";
$res = mysql_query($sql);
if (!$res) {
die(mysql_error());
}
$row = mysql_fetch_assoc($res);
$esc_cid = mysql_real_escape_string($row['cid']);
// Calculate hash
$salt = user_salt();
$esc_hash = mysql_real_escape_string(user_hash($_POST['password'], $salt));
$esc_salt = mysql_real_escape_string($salt);
// Update password
$sql = "\n UPDATE `user`\n SET `hash`='{$esc_hash}'\n , `salt`='{$esc_salt}'\n WHERE `cid`='{$esc_cid}'\n ";
$res = mysql_query($sql);
if (!$res) {
die(mysql_error());
}
// Notify user to check their email
message_register('Your password has been reset, you may now log in');
return crm_url('login');
}
/**
* Handle installation request.
*
* @return The url to redirect to on completion.
*/
function command_module_install()
{
global $esc_post;
// Create tables
$res = module_install();
if (!$res) {
return crm_url();
}
// Add admin contact and user
$sql = "\n INSERT INTO `contact`\n (`firstName`, `lastName`, `email`)\n VALUES\n ('Admin', 'User', '{$esc_post['email']}')\n ";
$res = mysql_query($sql);
if (!$res) {
die(mysql_error());
}
$cid = mysql_insert_id();
$esc_cid = mysql_real_escape_string($cid);
$salt = user_salt();
$esc_hash = mysql_real_escape_string(user_hash($_POST['password'], $salt));
$esc_salt = mysql_real_escape_string($salt);
$sql = "\n INSERT INTO `user`\n (`cid`, `username`, `hash`, `salt`)\n VALUES\n ('{$esc_cid}', 'admin', '{$esc_hash}', '{$esc_salt}')\n ";
$res = mysql_query($sql);
if (!$res) {
die(mysql_error());
}
message_register('Seltzer CRM has been installed.');
message_register('You may log in as user "admin"');
return crm_url('login');
}
function user_update($member)
{
if (empty($member['uid'])) {
return false;
}
$params = array();
if ($member['password']) {
$params['password'] = user_hash($member['password'], $member['salt']);
}
if ($member['lastvisit']) {
$params['lastvisit'] = strlen($member['lastvisit']) == 10 ? $member['lastvisit'] : strtotime($member['lastvisit']);
}
if ($member['lastip']) {
$params['lastip'] = $member['lastip'];
}
if (isset($member['joinip'])) {
$params['joinip'] = $member['joinip'];
}
if (isset($member['remark'])) {
$params['remark'] = $member['remark'];
}
if (isset($member['status'])) {
$params['status'] = $member['status'];
}
if (isset($member['groupid'])) {
$params['groupid'] = $member['groupid'];
}
if (empty($params)) {
return false;
}
return pdo_update('users', $params, array('uid' => intval($member['uid'])));
}
#!/usr/bin/php
<?php
if (count($argv) != 3) {
echo "Example Usage - ./generateUser username password\n";
echo "Or, if you want spaces in your password - ./generateUser username 'password with spaces'";
}
require 'html/include/functions/Sanitize.php';
require 'html/include/functions/User.php';
echo "Username: "******"\n";
echo "Hashed Password: "******"\n";
echo "Generating OpenSSL Keys...\n";
// Create the keypair
$res = openssl_pkey_new(array('encrypt_key' => user_key($argv[2], $argv[1])));
// Get private key
openssl_pkey_export($res, $PrivateKey);
// Get public key
$pubkey = openssl_pkey_get_details($res);
$PublicKey = $pubkey["key"];
file_put_contents('./keys/' . $argv[1] . '.pem', $PrivateKey);
file_put_contents('./keys/' . $argv[1] . '.pub', $PublicKey);
echo "Certificates generated\n";
echo "Remeber to manually add this user to your database\n";
