protected function onValidate()
{
if ($this->ac == "add" && !issetval("perms")) {
$_POST["perms"] = "emp";
}
if (issetval("pwd")) {
$_POST["pwd"] = hashPwd($_POST["pwd"]);
}
}
private function SetNewPassword($newPwd)
{
$this->Salt = salt();
$this->Password = hashPwd($newPwd, $this->Salt);
}
public function PasswordMatches($input)
{
return hashPwd($input, $this->Salt) == $this->Password;
}
function api_chpwd()
{
$type = getAppType();
if ($type == "user") {
checkAuth(AUTH_USER, true);
$uid = $_SESSION["uid"];
} elseif ($type == "emp") {
checkAuth(AUTH_EMP, true);
$uid = $_SESSION["empId"];
}
$pwd = mparam("pwd");
list($oldpwd, $code) = mparam(["oldpwd", "code"]);
if (isset($oldpwd)) {
# validate oldpwd
if ($type == "user" && $oldpwd === "_none") {
// 表示不要验证,但只限于新用户注册1小时内
$dt = date(FMT_DT, time() - T_HOUR);
$sql = sprintf("SELECT id FROM User WHERE id=%d and createTm>'{$dt}'", $uid);
} elseif ($type == "user") {
$sql = sprintf("SELECT id FROM User WHERE id=%d and pwd=%s", $uid, Q(hashPwd($oldpwd)));
} elseif ($type == "emp") {
$sql = sprintf("SELECT id FROM Employee WHERE id=%d and pwd=%s", $uid, Q(hashPwd($oldpwd)));
}
$row = queryOne($sql);
if ($row === false) {
throw new MyException(E_AUTHFAIL, "bad password", "密码验证失败");
}
}
# change password
if ($type == "user") {
$rv = setUserPwd($uid, $pwd, true);
} elseif ($type == "emp") {
$rv = setEmployeePwd($uid, $pwd, true);
}
addToPwdTable($pwd);
return $rv;
}