private function _validate_form()
{
// 先验证用户名和密码
$this->load->library('form_validation');
$this->form_validation->set_message('required', '请输入{field}');
$this->form_validation->set_rules('username', '用户名', array('required', array('is_username', function ($str) {
if (is_username($str) || is_email($str) || is_phone($str)) {
return true;
}
$this->form_validation->set_message('is_username', '无效{field}');
return false;
})));
$this->form_validation->set_rules('password', '密码', array('required', array('is_password', function ($str) {
if (!is_password($str)) {
$this->form_validation->set_message('is_password', '无效{field}');
return false;
}
return true;
})));
if (!$this->form_validation->run()) {
return FALSE;
}
$this->form_validation->reset_validation();
$this->form_validation->set_message('required', '请输入{field}');
$this->form_validation->set_rules('captcha', '验证码', 'trim|required|callback_check_captcha');
return $this->form_validation->run();
}
/**
* 检查管理员密码合法性
* @param string $password 密码
*/
function checkpasswd($password)
{
if (!is_password($password)) {
return false;
}
return true;
}
public function edit_password($userid, $password){
$userid = intval($userid);
if($userid < 1) return false;
if(!is_password($password))
{
showmessage(L('pwd_incorrect'));
return false;
}
$passwordinfo = password($password);
return $this->db->update($passwordinfo,array('userid'=>$userid));
}
/**
* 修改密码
* @param unknown $userid 用户ID
* @param unknown $password 密码
* @return boolean
*/
public function edit_password($userid, $password)
{
$userid = intval($userid);
if ($userid < 1) {
return false;
}
if (!is_password($password)) {
return false;
}
$passwordinfo = password($password);
return $this->where('userid=' . $userid)->save($passwordinfo);
}
/**
* 构造函数
*/
public function __construct()
{
$this->db = pc_base::load_model('member_model');
pc_base::load_app_func('global');
/*获取系统配置*/
$this->settings = getcache('settings', 'admin');
$this->applist = getcache('applist', 'admin');
if (isset($_GET) && is_array($_GET) && count($_GET) > 0) {
foreach ($_GET as $k => $v) {
if (!in_array($k, array('m', 'c', 'a'))) {
$_POST[$k] = $v;
}
}
}
if (isset($_POST['appid'])) {
$this->appid = intval($_POST['appid']);
} else {
exit('0');
}
if (isset($_POST['data'])) {
parse_str(sys_auth($_POST['data'], 'DECODE', $this->applist[$this->appid]['authkey']), $this->data);
if (empty($this->data) || !is_array($this->data)) {
exit('0');
}
if (!get_magic_quotes_gpc()) {
$this->data = new_addslashes($this->data);
}
if (isset($this->data['username']) && $this->data['username'] != '' && is_username($this->data['username']) == false) {
exit('-5');
}
if (isset($this->data['email']) && $this->data['username'] != '' && is_email($this->data['email']) == false) {
exit('-5');
}
if (isset($this->data['password']) && $this->data['password'] != '' && (is_password($this->data['password']) == false || is_badword($this->data['password']))) {
exit('-5');
}
if (isset($this->data['newpassword']) && $this->data['newpassword'] != '' && (is_password($this->data['newpassword']) == false || is_badword($this->data['newpassword']))) {
exit('-5');
}
} else {
exit('0');
}
if (isset($GLOBALS['HTTP_RAW_POST_DATA'])) {
$this->data['avatardata'] = $GLOBALS['HTTP_RAW_POST_DATA'];
//if($this->applist[$this->appid]['authkey'] != $this->data['ps_auth_key']) {
// exit('0');
//}
}
}
public function save()
{
$id = (int) $this->input->get_post('id');
$data['user_name'] = trim($this->input->get_post('user_name'));
//判断名称是否有重复
$item = $this->model->getOne(array('user_name' => $data['user_name']));
if ($item && intval($item->uid) != intval($id)) {
ajax_return(lang('service_user_name_exist'));
}
$data['pid'] = $this->user_info->uid;
//地区
$data['district'] = $this->input->get_post('district');
if (!$id) {
if (!is_username($data['user_name'])) {
ajax_return('账号只允许字母开头,允许5-16字节,允许字母数字下划线');
}
$password = $this->input->get_post('password');
if (!is_password($password)) {
ajax_return('密码只允许6到20个字母、数字字符');
}
$data['password'] = md5($password);
}
$data['gid'] = (int) $this->input->get_post('gid');
$data['email'] = $this->input->get_post('email');
if (!is_email($data['email']) and trim($data['email'])) {
ajax_return('E-mail不是有效的邮箱格式!');
}
$data['nickname'] = htmlspecialchars($this->input->get_post('nickname'));
//保存信息
if ($id > 0) {
$data['token'] = '';
$result = $this->model->update($data, array('uid' => $id));
} else {
$data['regip'] = $this->egetip();
$data['regtime'] = time();
$result = $this->model->add($data);
}
//信息返回操作
if ($result) {
ajax_return(lang('save_success'), 0, '', '/admin/user/index');
} else {
ajax_return(lang('save_failed'));
}
}
/**
* 重置密码处理
*
* @return void
*/
public function reset_password_deal()
{
/* 教师信息 */
$teacher = $this->session->userdata('teacher');
if (!$teacher) {
message('会话已失效,请重新提交', 'student/teacher_download/login');
}
$old_password = $this->input->post('old_password');
$new_password = $this->input->post('new_password');
$repeat_password = $this->input->post('repeat_password');
if (my_md5($old_password) != $teacher['password']) {
message('密码错误!请重试!');
}
if (is_string($passwd_msg = is_password($new_password))) {
message($passwd_msg);
}
if ($new_password != $repeat_password) {
message('您两次输入密码不一致!请重试!');
}
$rst = $this->db->update('teacher_download', array('password' => my_md5($new_password)), array('id' => $teacher['id']));
message('您的新密码已设置成功,重新登陆后生效', 'student/teacher_download/reset_password', 'success');
}
public function update_action()
{
if (!$this->input->is_ajax_request()) {
show_404();
}
$uid = (int) $this->input->post('uid');
$e = $this->input->post('email', true);
$u = $this->input->post('username', true);
$u = trim($u);
$e = strtolower(trim($e));
if (!is_email($e)) {
JSON('error', '对不起,请填写用个可以的电子邮件!');
}
if ($this->user_model->get_info(array('uid !=' => $uid, 'email' => $e))) {
JSON('error', '该电子邮件已在存,请换一个!');
}
if (!is_username($u)) {
JSON('error', '用户姓名可以由汉字、字母或数字组成,长度不保持 4-16 个字符!');
}
if ($this->user_model->get_info(array('uid !=' => $uid, 'username' => $u))) {
JSON('error', '该用户名称已存在,请换一个!');
}
$p = $this->input->post('password', true);
$r = $this->input->post('repassword', true);
$p = strtolower(trim($p));
$r = strtolower(trim($r));
if ($p !== '') {
if (!is_password($p)) {
JSON('error', '密码必须由字母、数字和下划线组成,长度保持 6-16 个字符!');
}
if ($p !== $r) {
JSON('error', '两次输入的密码不一致,请重新确认密码!');
}
$this->load->library('phpass');
$data['password'] = $this->phpass->HashPassword($p);
}
$data['email'] = $e;
$data['username'] = $u;
$data['intro'] = $this->input->post('intro', true);
$data['state'] = (int) $this->input->post('state');
$this->db->update('user', $data, array('uid' => $uid));
unset($data);
if ($this->db->affected_rows()) {
JSON('success', '恭喜,用户 ' . $u . ' 更新成功!');
} else {
JSON('error', '对不起,用户没有更新或更新失败!');
}
}
/**
* 重置密码
*
* @return void
*/
public function reset_password()
{
if (!$this->check_power('teacher_download_manage')) {
return;
}
$new_password = $this->input->post('new_password');
$new_confirm_password = $this->input->post('confirm_password');
$id = intval($this->input->post('uid'));
if (is_string($passwd_msg = is_password($new_password))) {
output_json(CODE_ERROR, $passwd_msg);
}
if (!strlen(trim($new_confirm_password))) {
output_json(CODE_ERROR, '确认密码不能为空.');
}
if ($new_confirm_password != $new_password) {
output_json(CODE_ERROR, '两次密码输入不一致.');
}
//检查旧密码是否正确
$passwd = TeacherDownloadModel::get_by_id($id, 'password');
if (!count($passwd)) {
output_json(CODE_ERROR, '不存在该监考人员.');
}
//检查帐号密码是否正确
$flag = TeacherDownloadModel::reset_password($id, my_md5($new_password));
if (!$flag) {
output_json(CODE_ERROR, '密码修改失败,请重试');
}
output_json(CODE_SUCCESS, '密码修改成功.');
}
public function account_change_mobile()
{
$memberinfo = $this->memberinfo;
if (isset($_POST['dosubmit'])) {
if (!is_password($_POST['password'])) {
showmessage(L('password_format_incorrect'), HTTP_REFERER);
}
if ($this->memberinfo['password'] != password($_POST['password'], $this->memberinfo['encrypt'])) {
showmessage(L('old_password_incorrect'));
}
$sms_report_db = pc_base::load_model('sms_report_model');
$mobile_verify = $_POST['mobile_verify'];
$mobile = $_POST['mobile'];
if ($mobile) {
if (!preg_match('/^1([0-9]{10})$/', $mobile)) {
exit('check phone error');
}
$posttime = SYS_TIME - 600;
$where = "`mobile`='{$mobile}' AND `send_userid`='" . $memberinfo['userid'] . "' AND `posttime`>'{$posttime}'";
$r = $sms_report_db->get_one($where, 'id,id_code', 'id DESC');
if ($r && $r['id_code'] == $mobile_verify) {
$sms_report_db->update(array('id_code' => ''), $where);
$this->db->update(array('mobile' => $mobile), array('userid' => $memberinfo['userid']));
showmessage("手机号码更新成功!", '?m=member&c=index&a=account_change_mobile&t=1');
} else {
showmessage("短信验证码错误!请重新获取!");
}
} else {
showmessage("短信验证码已过期!请重新获取!");
}
} else {
include template('member', 'account_change_mobile');
}
}
/**
* 修改考生密码
*/
public function reset_student_password()
{
$exam_ticket = trim($this->input->post('account'));
$password = $this->input->post('password');
$confirm_password = $this->input->post('confirm_password');
if (!strlen($exam_ticket)) {
output_json(CODE_ERROR, '请输入正确的准考证号.');
}
if (is_string($passwd_msg = is_password($password))) {
output_json(CODE_ERROR, $passwd_msg);
}
if (!strlen($confirm_password)) {
output_json(CODE_ERROR, '确认密码不能为空.');
}
if ($confirm_password != $password) {
output_json(CODE_ERROR, '两次密码不一致.');
}
//检查帐号密码是否正确
$this->load->model('exam/student_model');
$student = $this->student_model->is_valid_student($exam_ticket);
if (!$student) {
output_json(CODE_ERROR, '该考生不存在.');
}
//判断该考生是否在当前考场中
$this->load->model('exam/exam_place_model');
$exam_place_model = $this->exam_place_model;
$place_id = $this->session->userdata('exam_i_place_id');
$user_id = $student['uid'];
if (!$exam_place_model->check_exam_place_student($place_id, $user_id)) {
output_json(CODE_ERROR, '很抱歉,该考生不在本场考试中,有问题请联系系统管理员.');
}
//重置考生密码
try {
$this->student_model->reset_password($user_id, $password);
output_json(CODE_SUCCESS, '修改成功, 该考生考试信息为:<p><strong>准考证号:</strong>' . $exam_ticket . ' </p><p><strong>新密码为:</strong> ' . $password . ' </p><font color="red">请记下该考生新密码, 以防丢失.</font>');
} catch (Exception $e) {
output_json(CODE_ERROR, '密码修改失败,请重试(如多次出现类似情况,请联系系统管理员)');
}
}
private function _validate_userinfo(&$data)
{
if (isset($data['username'])) {
$data['username'] = strtolower(trim($data['username']));
if (!is_username($data['username'])) {
return '用户名不合法';
}
}
if (isset($data['email'])) {
$data['email'] = strtolower(trim($data['email']));
if (!$data['email']) {
return 'Email不合法';
}
}
if (isset($data['phone'])) {
$data['phone'] = (int) $data['phone'];
if (!is_phone($data['phone'])) {
return '手机号不合法';
}
}
if (isset($data['password'])) {
if (!is_password($data['password'])) {
return '密码不合法';
}
}
if (isset($data['qq'])) {
$data['qq'] = (int) $data['qq'];
!is_qq($data['qq']) && ($data['qq'] = 0);
}
isset($data['wechat']) && !is_wechat($data['wechat']) && ($data['wechat'] = '');
return true;
}
public function resetpwd()
{
Fn::ajax_call($this, 'login', 'logout');
$hash = $this->input->get('code');
$uid = email_hash('decode', $hash, 1800);
$uid && ($student = StudentModel::get_student($uid));
if (!$student) {
message('重置链接已失效,请重新提交申请', 'student/index/forget');
}
if ($this->input->post('act') == 'submit') {
$password = $this->input->post('password');
$newpwd_confirm = $this->input->post('password_confirm');
if (is_string($passwd_msg = is_password($password))) {
message($passwd_msg);
}
if ($password != $newpwd_confirm) {
message('您两次输入密码不一致,返回请确认!');
}
$this->db->update('student', array('password' => my_md5($password)), array('uid' => $uid));
$now_time = time() - 1800;
$sql = "UPDATE {pre}user_resetpassword SET expiretime='{$now_time}' WHERE uid='{$uid}' and hash = '{$hash}'";
$row = $this->db->query($sql);
message('您的新密码已设置成功.', 'student/index/login', 'success');
} else {
$data = array();
$data['uinfo'] = StudentModel::studentLoginUInfo();
$data['hash'] = $hash;
// 模版
$this->load->view('index/resetpwd', $data);
}
}
/**
* 修改密码
*/
public function editpwd()
{
Fn::ajax_call($this, 'login', 'logout');
if (!$this->_uinfo['uid']) {
redirect('student/index/login');
}
$data = array();
$data['uinfo'] = $this->_uinfo;
$uid = $this->_uinfo['uid'];
if ($oldpwd = $this->input->post('oldpwd')) {
$newpwd = $this->input->post('newpwd');
$newpwd_confirm = $this->input->post('newpwd_confirm');
if (is_string($passwd_msg = is_password($newpwd))) {
message($passwd_msg);
}
if ($newpwd != $newpwd_confirm) {
message('新密码两次输入不一致!');
}
$query = $this->db->select('password')->get_where('student', array('uid' => $uid));
$user = $query->row_array();
if ($user['password'] !== my_md5($oldpwd)) {
message('原密码错误!');
}
$this->db->update('student', array('password' => my_md5($newpwd)), array('uid' => $uid));
message('密码修改成功!', 'student/profile/preview', 'success');
} else {
$this->load->view('profile/editpwd', $data);
}
}
$mobile = $user['authvalue'];
$r = $db->get_one("SELECT userid FROM {$DT_PRE}member WHERE mobile='{$mobile}' AND vmobile=1 AND userid<>{$_userid}");
if ($r) {
message($L['send_mobile_exist'], $MOD['linkurl']);
}
$db->query("UPDATE {$DT_PRE}member SET mobile='{$mobile}',vmobile=1,auth='',authvalue='',authtime=0 WHERE username='******'");
userclean($username);
$db->query("INSERT INTO {$DT_PRE}validate (type,username,ip,addtime,status,title,editor,edittime) VALUES ('mobile','{$username}','{$DT_IP}','{$DT_TIME}','3','{$mobile}','system','{$DT_TIME}')");
message($L['send_mobile_success'], $MOD['linkurl']);
}
message($L['send_mobile_code_error']);
} else {
$DT['sms'] or message($L['send_sms_close']);
if ($submit) {
is_mobile($mobile) or message($L['send_mobile_bad']);
if (!is_password($username, $password)) {
message($L['member_login_password_bad']);
}
$r = $db->get_one("SELECT userid FROM {$DT_PRE}member WHERE mobile='{$mobile}' AND vmobile=1 AND userid<>{$_userid}");
if ($r) {
message($L['send_mobile_exist']);
}
if (max_sms($mobile)) {
message($L['sms_msg_max']);
}
$auth = random(6, '0123456789');
$content = lang('sms->sms_code', array($auth, $MOD['auth_days'] * 10)) . $DT['sms_sign'];
$sms_code = send_sms($mobile, $content);
if (1 || strpos($sms_code, $DT['sms_ok']) !== false) {
$db->query("UPDATE {$DT_PRE}member SET auth='{$auth}',authvalue='{$mobile}',authtime='{$DT_TIME}' WHERE username='******'");
userclean($username);
public function account_manage_password()
{
if (isset($_POST['dosubmit'])) {
if (!is_password($_POST['info']['password'])) {
showmessage(L('password_format_incorrect'), HTTP_REFERER);
}
if ($this->memberinfo['password'] != password($_POST['info']['password'], $this->memberinfo['encrypt'])) {
showmessage(L('old_password_incorrect'), HTTP_REFERER);
}
//修改会员邮箱
if ($this->memberinfo['email'] != $_POST['info']['email'] && is_email($_POST['info']['email'])) {
$email = $_POST['info']['email'];
$updateinfo['email'] = $_POST['info']['email'];
} else {
$email = '';
}
$newpassword = password($_POST['info']['newpassword'], $this->memberinfo['encrypt']);
$updateinfo['password'] = $newpassword;
$this->db->update($updateinfo, array('userid' => $this->memberinfo['userid']));
if (pc_base::load_config('system', 'phpsso')) {
//初始化phpsso
$this->_init_phpsso();
$res = $this->client->ps_member_edit('', $email, $_POST['info']['password'], $_POST['info']['newpassword'], $this->memberinfo['phpssouid'], $this->memberinfo['encrypt']);
}
showmessage(L('operation_success'), HTTP_REFERER);
} else {
$show_validator = true;
$memberinfo = $this->memberinfo;
include template('member', 'account_manage_password');
}
}
$success['false'][] = 'Server is marked for deletion';
} else {
if (isdomain($dns)) {
$query = $sql->prepare("UPDATE `webVhost` SET `defaultDomain`=? WHERE `webVhostID`=? AND `resellerID`=? LIMIT 1");
$query->execute(array($dns, $localServerID, $resellerID));
$domainRowCount = $query->rowCount();
}
}
$updateArray = array();
$eventualUpdate = '';
if (isset($data['active']) and active_check($data['active'])) {
$updateArray[] = $data['active'];
$eventualUpdate .= ',`active`=?';
$active = $data['active'];
}
if (isset($data['password']) and is_password($data['password'], 255)) {
$updateArray[] = $data['private'];
$updateArray[] = $aeskey;
$eventualUpdate .= ',`ftpPassword`=AES_ENCRYPT(?,?)';
$private = $data['password'];
}
if (isset($data['hdd']) and isid($data['hdd'], 10)) {
$updateArray[] = $data['hdd'];
$eventualUpdate .= ',`hdd`=?';
$hdd = $data['hdd'];
$query = $sql->prepare("SELECT IF(`hddOverbook`='Y',(`maxHDD`/100) * (100+`overbookPercent`),`maxHDD`) AS `maxHDD` FROM `webMaster` WHERE `webMasterID`=? LIMIT 1");
$query->execute(array($webMasterID));
$maxHDD = (int) $query->fetchColumn();
$query = $sql->prepare("SELECT SUM(v.`hdd`) AS `a` FROM `webVhost` WHERE `webMasterID`=?");
$query->execute(array($localServerID));
if ($maxHDD + $oldHDD - $query->fetchColumn() - $hdd < 0) {
public function login()
{
$this->_session_start();
//获取用户siteid
$siteid = isset($_REQUEST['siteid']) && trim($_REQUEST['siteid']) ? intval($_REQUEST['siteid']) : 1;
//定义站点id常量
if (!defined('SITEID')) {
define('SITEID', $siteid);
}
if (isset($_POST['dosubmit'])) {
if (empty($_SESSION['connectid'])) {
//判断验证码
$code = isset($_POST['code']) && trim($_POST['code']) ? trim($_POST['code']) : showmessage(L('input_code'), HTTP_REFERER);
if ($_SESSION['code'] != strtolower($code)) {
$_SESSION['code'] = '';
showmessage(L('code_error'), HTTP_REFERER);
}
$_SESSION['code'] = '';
}
$username = isset($_POST['username']) && is_username($_POST['username']) ? trim($_POST['username']) : showmessage(L('username_empty'), HTTP_REFERER);
$password = isset($_POST['password']) && trim($_POST['password']) ? trim($_POST['password']) : showmessage(L('password_empty'), HTTP_REFERER);
is_password($_POST['password']) && is_badword($_POST['password']) == false ? trim($_POST['password']) : showmessage(L('password_format_incorrect'), HTTP_REFERER);
$cookietime = intval($_POST['cookietime']);
$synloginstr = '';
//同步登陆js代码
if (pc_base::load_config('system', 'phpsso')) {
$this->_init_phpsso();
$status = $this->client->ps_member_login($username, $password);
$memberinfo = unserialize($status);
if (isset($memberinfo['uid'])) {
//查询帐号
$r = $this->db->get_one(array('phpssouid' => $memberinfo['uid']));
if (!$r) {
//插入会员详细信息,会员不存在 插入会员
$info = array('phpssouid' => $memberinfo['uid'], 'username' => $memberinfo['username'], 'password' => $memberinfo['password'], 'encrypt' => $memberinfo['random'], 'email' => $memberinfo['email'], 'regip' => $memberinfo['regip'], 'regdate' => $memberinfo['regdate'], 'lastip' => $memberinfo['lastip'], 'lastdate' => $memberinfo['lastdate'], 'groupid' => $this->_get_usergroup_bypoint(), 'modelid' => 10);
//如果是connect用户
if (!empty($_SESSION['connectid'])) {
$userinfo['connectid'] = $_SESSION['connectid'];
}
if (!empty($_SESSION['from'])) {
$userinfo['from'] = $_SESSION['from'];
}
unset($_SESSION['connectid'], $_SESSION['from']);
$this->db->insert($info);
unset($info);
$r = $this->db->get_one(array('phpssouid' => $memberinfo['uid']));
}
$password = $r['password'];
$synloginstr = $this->client->ps_member_synlogin($r['phpssouid']);
} else {
if ($status == -1) {
//用户不存在
showmessage(L('user_not_exist'), 'index.php?m=member&c=index&a=login');
} elseif ($status == -2) {
//密码错误
showmessage(L('password_error'), 'index.php?m=member&c=index&a=login');
} else {
showmessage(L('login_failure'), 'index.php?m=member&c=index&a=login');
}
}
} else {
//密码错误剩余重试次数
$this->times_db = pc_base::load_model('times_model');
$rtime = $this->times_db->get_one(array('username' => $username));
if ($rtime['times'] > 4) {
$minute = 60 - floor((SYS_TIME - $rtime['logintime']) / 60);
showmessage(L('wait_1_hour', array('minute' => $minute)));
}
//查询帐号
$r = $this->db->get_one(array('username' => $username));
if (!$r) {
showmessage(L('user_not_exist'), 'index.php?m=member&c=index&a=login');
}
//验证用户密码
$password = md5(md5(trim($password)) . $r['encrypt']);
if ($r['password'] != $password) {
$ip = ip();
if ($rtime && $rtime['times'] < 5) {
$times = 5 - intval($rtime['times']);
$this->times_db->update(array('ip' => $ip, 'times' => '+=1'), array('username' => $username));
} else {
$this->times_db->insert(array('username' => $username, 'ip' => $ip, 'logintime' => SYS_TIME, 'times' => 1));
$times = 5;
}
showmessage(L('password_error', array('times' => $times)), 'index.php?m=member&c=index&a=login', 3000);
}
$this->times_db->delete(array('username' => $username));
}
//如果用户被锁定
if ($r['islock']) {
showmessage(L('user_is_lock'));
}
$userid = $r['userid'];
$groupid = $r['groupid'];
$username = $r['username'];
$nickname = empty($r['nickname']) ? $username : $r['nickname'];
$updatearr = array('lastip' => ip(), 'lastdate' => SYS_TIME);
//vip过期,更新vip和会员组
if ($r['overduedate'] < SYS_TIME) {
$updatearr['vip'] = 0;
}
//检查用户积分,更新新用户组,除去邮箱认证、禁止访问、游客组用户、vip用户,如果该用户组不允许自助升级则不进行该操作
if ($r['point'] >= 0 && !in_array($r['groupid'], array('1', '7', '8')) && empty($r[vip])) {
$grouplist = getcache('grouplist');
if (!empty($grouplist[$r['groupid']]['allowupgrade'])) {
$check_groupid = $this->_get_usergroup_bypoint($r['point']);
if ($check_groupid != $r['groupid']) {
$updatearr['groupid'] = $groupid = $check_groupid;
}
}
}
//如果是connect用户
if (!empty($_SESSION['connectid'])) {
$updatearr['connectid'] = $_SESSION['connectid'];
}
if (!empty($_SESSION['from'])) {
$updatearr['from'] = $_SESSION['from'];
}
unset($_SESSION['connectid'], $_SESSION['from']);
$this->db->update($updatearr, array('userid' => $userid));
if (!isset($cookietime)) {
$get_cookietime = param::get_cookie('cookietime');
}
$_cookietime = $cookietime ? intval($cookietime) : ($get_cookietime ? $get_cookietime : 0);
$cookietime = $_cookietime ? SYS_TIME + $_cookietime : 0;
$phpcms_auth = sys_auth($userid . "\t" . $password, 'ENCODE', get_auth_key('login'));
param::set_cookie('auth', $phpcms_auth, $cookietime);
param::set_cookie('_userid', $userid, $cookietime);
param::set_cookie('_username', $username, $cookietime);
param::set_cookie('_groupid', $groupid, $cookietime);
param::set_cookie('_nickname', $nickname, $cookietime);
//param::set_cookie('cookietime', $_cookietime, $cookietime);
$forward = isset($_POST['forward']) && !empty($_POST['forward']) ? urldecode($_POST['forward']) : 'index.php?m=member&c=index';
showmessage(L('login_success') . $synloginstr, $forward);
} else {
$setting = pc_base::load_config('system');
$forward = isset($_GET['forward']) && trim($_GET['forward']) ? urlencode($_GET['forward']) : '';
$siteid = isset($_REQUEST['siteid']) && trim($_REQUEST['siteid']) ? intval($_REQUEST['siteid']) : 1;
$siteinfo = siteinfo($siteid);
include template('member', 'login');
}
}
/**
* @description 重置密码
* @author
* @final
* @param int $uid 学生id
* @param string $new_password 新密码
* @param string $confirm_password 重复密码
*/
public function reset_password()
{
if (!$this->check_power('student_manage')) {
return;
}
$new_password = $this->input->post('new_password');
$new_confirm_password = $this->input->post('confirm_password');
$uid = intval($this->input->post('uid'));
if (is_string($passwd_msg = is_password($new_password))) {
output_json(CODE_ERROR, $passwd_msg);
}
if (!strlen(trim($new_confirm_password))) {
output_json(CODE_ERROR, '确认密码不能为空.');
}
if ($new_confirm_password != $new_password) {
output_json(CODE_ERROR, '两次密码输入不一致.');
}
//检查是否存在该学生
$passwd = StudentModel::get_student($uid, 'password');
if (!count($passwd)) {
output_json(CODE_ERROR, '不存在该学生.');
}
//修改学生密码
$flag = StudentModel::reset_password($uid, my_md5($new_password));
if (!$flag) {
output_json(CODE_ERROR, '密码修改失败,请重试');
}
output_json(CODE_SUCCESS, '密码修改成功.');
}
/**
* 题库管理员密码重置
* from 后台管理员批量导入
*/
public function resetpwd()
{
$hash = $this->input->get('code');
$admin_id = admin_email_hash('decode', $hash, 1800);
$admin_id && ($admin = CpUserModel::get_cpuser($admin_id));
if (!$admin) {
message('重置链接已失效,请重新提交申请', 'admin/index/login');
}
if ($this->input->post('act') == 'submit') {
$password = $this->input->post('password');
$newpwd_confirm = $this->input->post('password_confirm');
if (is_string($passwd_msg = is_password($password))) {
message($passwd_msg);
}
if ($password != $newpwd_confirm) {
message('您两次输入密码不一致,返回请确认!');
}
$this->db->update('admin', array('password' => my_md5($password)), array('admin_id' => $admin_id));
message('您的新密码已设置成功.', 'admin/index/login', 'success');
} else {
// 模版
$this->load->view('cpuser/resetpwd', array('hash' => $hash));
}
}
function forgot_pwd($type = 'bp')
{
$this->load->library('form_validation');
//开始验证,验证规则在config/form_validation.php
$valid = $this->form_validation->run('index/reg');
if (!$valid) {
//未通过验证
$msg = $this->form_validation->error_string();
ajax_return($msg, 3);
}
$pwd = trim($this->input->post('pwd'));
if (!is_password($pwd)) {
ajax_return(lang('pwd_format_is_not_valid'));
}
$model = $this->bp_users_model;
if ($type == 'user_info') {
$model = $this->user_info_model;
}
$user = null;
$mobile = $this->input->post('mobile');
if ($mobile) {
$username = htmlspecialchars(trim($this->input->post('username')));
if ($type == 'bp' && $username == '') {
ajax_return('BP帐号不能为空!');
} elseif ($type == 'bp') {
$user = $model->getOne(array('user_id' => $username, 'mobile' => $mobile));
} else {
$user = $model->getOne(array('mobile' => $mobile));
}
}
//判断用户是否存在
if (!$user) {
if ($type == 'bp') {
ajax_return(lang('user_not_exist_or_valid'));
}
ajax_return(lang('user_not_exist'), 3);
}
$sms_code = $this->input->post('sms_code');
$this->load->model('sms_code_model');
$one = $this->sms_code_model->get_u_sms_code($mobile);
//没有发送验证码
if (!$one) {
ajax_return(lang('not_send_sms'), 3);
}
//验证码不正确
if ($sms_code != $one->smscode) {
ajax_return(lang('sms_incorrect'), 3);
}
//验证码过期
if (time() - strtotime($one->send_date) > $one->expire_in) {
ajax_return(lang('sms_code_time_out'), 3);
}
$password = md5($pwd);
$flag = false;
if ($type == 'bp') {
$flag = $model->update(array('password' => $password), array('id' => $user->id));
} else {
$flag = $model->update(array('pwd' => $password), array('uuid' => $user->uuid));
}
if ($flag) {
ajax_return('重置密码成功,请重新登录', 0);
}
ajax_return('重置密码失败,请使用新密码登录!');
}
if ($user['gid'] == 1) {
$mobile and !is_mobile($mobile, $err) and message(1, $err);
//$username AND !is_username($username, $err) AND message(3, $err);
if ($mobile and $old['mobile'] != $mobile) {
$user = user_read_by_mobile($mobile);
$user and message(1, '用户手机已经存在');
}
if ($username and $old['username'] != $username) {
$user = user_read_by_username($username);
$user and message(3, '用户已经存在');
}
$arr['mobile'] = $mobile;
$arr['username'] = $username;
$arr['gid'] = $gid;
if ($password) {
!is_password($password, $err) and message(4, $err);
$salt = mt_rand(10000000, 9999999999);
$arr['password'] = md5($password . $salt);
$arr['salt'] = $salt;
}
}
$r = user_update($uid, $arr);
$r !== FALSE ? message(0, '更新成功') : message(11, '更新失败');
}
} elseif ($action == 'delete') {
if ($method != 'POST') {
message(-1, 'Method Error.');
}
$uid = param('uid', 0);
$state = user_delete($uid);
$state === FALSE and message(11, '删除失败');
/**
* @description 重置密码
* @author
* @final
* @param int $uid 管理员id
* @param string $password 密码
* @param string $password_confirm 确认密码
*/
public function reset_password()
{
$new_password = $this->input->post('new_password');
$new_confirm_password = $this->input->post('confirm_password');
$admin_id = intval($this->input->post('uid'));
if (is_string($passwd_msg = is_password($new_password))) {
output_json(CODE_ERROR, $passwd_msg);
}
if (!strlen(trim($new_confirm_password))) {
output_json(CODE_ERROR, '确认密码不能为空.');
}
if ($new_confirm_password != $new_password) {
output_json(CODE_ERROR, '两次密码输入不一致.');
}
//检查旧密码是否正确
$passwd = CpUserModel::get_cpuser($admin_id, 'password');
if (!count($passwd)) {
output_json(CODE_ERROR, '不存在该管理员.');
}
//检查帐号密码是否正确
$flag = $this->db->update('admin', array('password' => my_md5($new_password)), array('admin_id' => $admin_id));
if (!$flag) {
output_json(CODE_ERROR, '密码修改失败,请重试');
}
output_json(CODE_SUCCESS, '密码修改成功.');
}
