/**
  * 进行身份验证
  * 请保证传参所用字符集和论坛字符集一致,否则请先自行转换再传参
  * @param string $username
  * @param string $password
  * @param int $questionid
  * @param string $answer
  * @param boolen $isuid 使用UID验证么?
  * @return array
  *    第一个数组下标($return[0])若大于0,则表示验证成功的登录uid。否则为错误信息:
  *   	 -1:UC用户不存在,或者被删除
  *    	 -2:密码错
  *   	 -3:安全提问错
  *   	 -4:用户没有在dz注册
  *    第二个数组下标($return[1])若大于等于0,则表示验证成功的adminid;
  *   	 否则为-1,表示验证失败
  */
 function verify($username, $password, $questionid = '', $answer = '', $isuid = 0)
 {
     $return = array(0 => -1, 1 => -1);
     $ip = XWB_plugin::getIP();
     /**
      * 校验用户输入错误密码的次数
      */
     $failedlogins = $this->db->fetch_first("select * from " . XWB_S_TBPRE . "failedlogins where `ip`='{$ip}'");
     if ($failedlogins && $failedlogins['count'] >= 5) {
         $return[0] = -5;
         return $return;
     }
     /**
      * 校验用户输入的用户名和密码是否正确
      */
     if (true === UCENTER) {
         //加载Ucenter客户端文件
         include_once ROOT_PATH . './api/uc_client/client.php';
         $uc_result = uc_user_login($username, $password, $isuid, 0, $questionid, $answer);
         $ucuid = $uc_result[0];
         if ($ucuid < 1) {
             $return[0] = $ucuid;
             return $return;
         }
     }
     $member = $this->db->fetch_first("SELECT `uid`, `password`, `nickname`, `username`, `role_type`, `salt` FROM " . XWB_S_TBPRE . "members WHERE `nickname`='{$username}'");
     if ($member) {
         /**
          * 在记事狗系统中比对用户输入的密码
          */
         if ($member['password'] == jsg_member_password($password, $member['salt'])) {
             $return[0] = (int) $member['uid'];
             $return[1] = 'admin' == $member['role_type'] ? 1 : 0;
         } else {
             $return[0] = -2;
             /**
              * 更新密码输入错误的次数
              */
             if ($failedlogins) {
                 $this->db->query("update " . XWB_S_TBPRE . "failedlogins set `count`='" . (max(1, (int) $failedlogins['count']) + 1) . "', `lastupdate`='" . time() . "' where `ip`='{$ip}'");
             } else {
                 $this->db->query("insert into " . XWB_S_TBPRE . "failedlogins (`ip`,`count`,`lastupdate`) values ('{$ip}','1','" . time() . "')");
             }
         }
     }
     return $return;
 }
Ejemplo n.º 2
0
 function edit($oldnickname, $oldpw = '', $nickname = '', $password = '', $email = '', $username = '', $ignoreoldpw = 0, $inadmin = 0, $email_checked = 0)
 {
     $oldmember = array();
     if (!$ignoreoldpw) {
         $rets = $this->login_check($oldnickname, $oldpw);
         if ($rets['uid'] < 1) {
             return $rets['uid'] - 10;
         } else {
             $oldmember = $rets;
         }
     } else {
         $oldmember = jsg_get_member($oldnickname, 'nickname', 0);
     }
     $uc_password = $uc_email = '';
     $newmember = array();
     if ($nickname && $nickname != $oldmember['nickname'] && (true !== UCENTER || true === UCENTER_MODIFY_NICKNAME || $ignoreoldpw)) {
         if ($oldmember['nickname'] && !$GLOBALS['_J']['config']['edit_nickname_enable'] && !$ignoreoldpw) {
             return -8;
         }
         $ret = $this->checkname($nickname, 1, 0, $oldmember['uid']);
         if ($ret < 1) {
             return $ret;
         }
         $newmember['nickname'] = $nickname;
     }
     if ($password) {
         $salt = $oldmember['salt'] ? $oldmember['salt'] : jsg_member_salt();
         $password_hash = jsg_member_password($password, $salt);
         if ($password_hash != $oldmember['password']) {
             $newmember['password'] = $password_hash;
             $newmember['salt'] = $salt;
         }
         $uc_password = $password;
     }
     if ($username && $username != $oldmember['username'] && (!$oldmember['username'] || is_numeric($oldmember['username']) || $ignoreoldpw)) {
         $ret = $this->checkname($username, 0, 0, $oldmember['uid']);
         if ($ret < 1) {
             return $ret;
         }
         $newmember['username'] = $username;
     }
     if ($email && $email != $oldmember['email']) {
         $ret = $this->checkemail($email);
         if ($ret < 1) {
             return $ret;
         }
         if ($GLOBALS['_J']['config']['reg_email_verify'] && !$inadmin) {
             $newmember['role_id'] = $oldmember['role_id'] && $oldmember['role_id'] != $GLOBALS['_J']['config']['no_verify_email_role_id'] ? $oldmember['role_id'] : $GLOBALS['_J']['config']['no_verify_email_role_id'];
             jfunc('my');
             my_member_validate($oldmember['uid'], $email, (int) ($oldmember['role_id'] != $GLOBALS['_J']['config']['no_verify_email_role_id'] ? $oldmember['role_id'] : $GLOBALS['_J']['config']['normal_default_role_id']));
         }
         if (!$inadmin && $oldmember['email_checked'] > 0) {
             $newmember['email2'] = $email;
         } else {
             $newmember['email'] = $email;
         }
         $uc_email = $email;
     }
     if ($email && $inadmin) {
         $newmember['email_checked'] = $email_checked;
         if ($oldmember['role_id'] == '5' && $email_checked > 0) {
             $newmember['role_id'] = '3';
         }
     }
     if ($inadmin && $oldmember['email_checked'] > 0 && $email_checked == 0) {
         $newmember['email2'] = '';
     }
     if (true === UCENTER && $oldmember['ucuid'] > 0 && ($uc_password || $uc_email)) {
         $ret = uc_user_edit($oldnickname, $oldpw, $uc_password, $uc_email, $ignoreoldpw);
         if ($ret < 0 && -7 != $ret && -8 != $ret) {
             return $ret;
         }
     }
     if ($newmember) {
         $ret = jtable('members')->update($newmember, $oldmember['uid']);
     } else {
         return -7;
     }
     #if NEDU
     if (defined('NEDU_MOYO')) {
         ndata('sync')->member()->modify($oldmember['uid']);
     }
     #endif
     return 1;
 }
Ejemplo n.º 3
0
 function DoModify()
 {
     $_update = false;
     $uid = (int) $this->Post['uid'];
     if ($uid < 1) {
         $this->Messager("请指定一个正确的UID");
     }
     $this->ID = $uid;
     $member_info = jsg_member_info($uid);
     if (!$member_info) {
         $this->Messager("您要编辑的用户已经不存在了");
     }
     if (!admin_check_allow($uid)) {
         $this->Messager("为安全起见,您没有编辑 <b>{$member_info['nickname']}</b> 用户信息的权限,请使用网站创始人的身份登录后再进行编辑操作。", '', 10);
     }
     if (($this->Post['role_id'] == 4 || $this->Post['role_id'] == 118) && !trim($this->Post['cause'])) {
         $this->Messager("请输入封杀理由", -1);
     }
     $password = get_param('password');
     if ($password == '') {
         unset($this->Post['password']);
     } else {
         $this->Post['password_unhash'] = $password;
         $this->Post['password'] = jsg_member_password($password, $member_info['salt']);
         $_update = true;
     }
     $rets = array('0' => '【注册失败】有可能是站点关闭了注册功能', '-1' => '不合法', '-2' => '不允许注册', '-3' => '已经存在了', '-4' => 'Email 不合法,请输入正确的Email地址。', '-5' => 'Email 不允许注册,请尝试更换一个。', '-6' => 'Email 已经存在了,请尝试更换一个。');
     $nickname = get_param('nickname');
     if ($nickname != $member_info['nickname']) {
         $ret = jsg_member_checkname($nickname, 1, 0, $uid);
         if ($ret < 1) {
             $this->Messager("帐户/昵称 " . $rets[$ret]);
         }
         unset($this->Post['nickname']);
         $_update = true;
     }
     $username = get_param('username');
     if ($username != $member_info['username']) {
         $ret = jsg_member_checkname($username, 0, 0, $uid);
         if ($ret < 1) {
             $this->Messager("个性域名/微博地址 " . $rets[$ret]);
         }
         unset($this->Post['username']);
         $_update = true;
     }
     $email_update = false;
     $email = get_param('email');
     if ($email != $member_info['email']) {
         $ret = jsg_member_checkemail($email);
         if ($ret < 1) {
             $this->Messager($rets[$ret]);
         }
         unset($this->Post['email']);
         $_update = true;
     }
     $this->Post['role_id'] = (int) $this->Post['role_id'];
     if ($this->Post['role_id'] > 0) {
         $role = DB::fetch_first("SELECT * FROM " . DB::table('role') . " WHERE `id`='{$this->Post['role_id']}'");
         if ($role) {
             if (!admin_check_allow($this->Post['role_id'], 1) || true === jsg_member_is_founder($uid) && 'admin' != $role['type']) {
                 unset($this->Post['role_id'], $this->Post['role_type']);
             } else {
                 $this->Post['role_type'] = $role['type'];
             }
             $login_enable = jconf::get('login_enable');
             if (!$role['privilege'] || $role['privilege'] == '') {
                 $login_enable[$uid] = $uid;
             } else {
                 unset($login_enable[$uid]);
             }
             jconf::set('login_enable', $login_enable);
         } else {
             $this->messager("角色已经不存在");
         }
     } else {
         unset($this->Post['role_id'], $this->Post['role_type']);
     }
     $phone = $this->Post['phone'];
     if ($phone) {
         if (!jsg_is_mobile($phone)) {
             $this->Messager("手机号 {$phone} 格式不对哦,请重新输入正确的号码。");
             $phone = '';
             unset($this->Post['phone']);
         } else {
             if (($member_phone_info = jtable('members')->info(array('phone' => $phone))) && $uid != $member_phone_info['uid']) {
                 $this->Messager("手机号 {$phone} 已经被使用在了 【{$member_phone_info['uid']}】{$member_phone_info['nickname']} 帐户上,请返回重新输入!");
             }
         }
     } else {
         $phone = '';
     }
     if (sms_init()) {
         if ($phone) {
             sms_bind($uid, $phone);
         } else {
             sms_unbind($uid);
         }
     }
     if (@is_file(ROOT_PATH . 'include/logic/cp.logic.php') && $this->Config['company_enable']) {
         $this->Post['companyid'] = max(0, (int) $this->Post['companyid']);
         if ($this->Post['companyid'] == $member_info['companyid']) {
             unset($this->Post['companyid']);
         } else {
             if ($member_info['companyid'] == 0 && $this->Post['companyid'] > 0) {
                 $this->CpLogic->update('company', $this->Post['companyid'], 1, $member_info['topic_count']);
             } elseif ($member_info['companyid'] > 0 && $this->Post['companyid'] == 0) {
                 $this->CpLogic->update('company', $member_info['companyid'], -1, -$member_info['topic_count']);
             } else {
                 $this->CpLogic->update('company', $member_info['companyid'], -1, -$member_info['topic_count']);
                 $this->CpLogic->update('company', $this->Post['companyid'], 1, $member_info['topic_count']);
             }
             $this->Post['company'] = $this->CpLogic->Getone($this->Post['companyid'], 'company', 'name');
         }
         if ($this->Config['department_enable']) {
             $this->Post['departmentid'] = max(0, (int) $this->Post['departmentid']);
             if ($this->Post['departmentid'] == $member_info['departmentid']) {
                 unset($this->Post['departmentid']);
             } else {
                 if ($member_info['departmentid'] == 0 && $this->Post['departmentid'] > 0) {
                     $this->CpLogic->update('department', $this->Post['departmentid'], 1, $member_info['topic_count']);
                 } elseif ($member_info['departmentid'] > 0 && $this->Post['departmentid'] == 0) {
                     $this->CpLogic->update('department', $member_info['departmentid'], -1, -$member_info['topic_count']);
                 } else {
                     $this->CpLogic->update('department', $member_info['departmentid'], -1, -$member_info['topic_count']);
                     $this->CpLogic->update('department', $this->Post['departmentid'], 1, $member_info['topic_count']);
                 }
                 $this->Post['department'] = $this->CpLogic->Getone($this->Post['departmentid'], 'department', 'name');
             }
         }
         if ($this->Post['jobid'] == $member_info['jobid']) {
             unset($this->Post['jobid']);
         } else {
             $this->Post['job'] = jlogic('job')->id2subject($this->Post['jobid']);
         }
         if ($this->Post['companyid']) {
             $chx_cid = $this->Post['companyid'];
             $chx_uid = $member_info['uid'];
             $chx_did = $this->Post['departmentid'] ? $this->Post['departmentid'] : 0;
             $is_cp_usered = DB::fetch_first("SELECT * FROM " . DB::table('cp_user') . " WHERE uid = '{$chx_uid}' AND companyid = '{$chx_cid}' AND departmentid = '{$chx_did}'");
             if ($is_cp_usered) {
                 DB::query("DELETE FROM " . DB::table('cp_user') . " WHERE id = '" . $is_cp_usered['id'] . "'");
             }
         }
     }
     $this->Post['province'] = trim(DB::result_first("select name from " . TABLE_PREFIX . "common_district where id = '" . (int) $this->Post['province'] . "'"));
     $this->Post['city'] = trim(DB::result_first("select name from " . TABLE_PREFIX . "common_district where id = '" . (int) $this->Post['city'] . "'"));
     if ($this->Post['area']) {
         $this->Post['area'] = trim(DB::result_first("select name from " . TABLE_PREFIX . "common_district where id = '" . (int) $this->Post['area'] . "'"));
     }
     if ($this->Post['street']) {
         $this->Post['street'] = trim(DB::result_first("select name from " . TABLE_PREFIX . "common_district where id = '" . (int) $this->Post['street'] . "'"));
     }
     $table1 = jtable('members')->update($this->Post, $uid);
     $memberfields = array('site' => $this->Post['site'], 'validate_true_name' => $this->Post['validate_true_name'], 'validate_card_type' => $this->Post['validate_card_type'], 'validate_card_id' => $this->Post['validate_card_id'], 'validate_remark' => $this->Post['validate_remark']);
     $table2 = jtable('memberfields')->update($memberfields, $uid);
     #附表2信息(members_profile)
     $arr2 = array();
     $profileField = array('constellation', 'zodiac', 'telephone', 'address', 'zipcode', 'nationality', 'education', 'birthcity', 'graduateschool', 'pcompany', 'occupation', 'position', 'revenue', 'affectivestatus', 'lookingfor', 'bloodtype', 'height', 'weight', 'alipay', 'icq', 'yahoo', 'taobao', 'site', 'interest', 'linkaddress', 'field1', 'field2', 'field3', 'field4', 'field5', 'field6', 'field7', 'field8');
     foreach ($profileField as $k => $v) {
         isset($this->Post[$v]) && ($arr2[$v] = trim(strip_tags($this->Post[$v])));
     }
     if ($arr2) {
         $this->_updateMemberProfile($arr2, $uid);
     }
     $email_checked = $this->Post['email_checked'] ? $this->Post['email_checked'] : 0;
     if ($email_checked != $member_info['email_checked']) {
         $_update = true;
     }
     if ($_update) {
         $ret = jsg_member_edit($member_info['nickname'], '', $nickname, $this->Post['password_unhash'], $email, $username, 1, 1, $email_checked);
         $rets = array('0' => '没有做任何修改', '-1' => '帐户/昵称 不合法,含有不允许注册的字符,请尝试更换一个。', '-2' => '帐户/昵称 不允许注册,含有被保留的字符,请尝试更换一个。', '-3' => '帐户/昵称 已经存在了,请尝试更换一个。', '-4' => 'Email 不合法,请输入正确的Email地址。', '-5' => 'Email 不允许注册,请尝试更换一个。', '-6' => 'Email 已经存在了,请尝试更换一个。');
         if ($ret < 1 && isset($rets[$ret])) {
             $this->Messager($rets[$ret]);
         }
     }
     load::logic('topic_manage');
     $TopicManageLogic = new TopicManageLogic();
     $role_id = get_param('role_id');
     $cause = get_param('cause');
     if ($role_id == 4 || $role_id == 118) {
         $TopicManageLogic->doForceOut((array) $nickname, $cause, $role_id);
     } elseif ($role_id != 4 && $role_id != 118 && ($member_info['role_id'] == 4 || $member_info['role_id'] == 118)) {
         $TopicManageLogic->doUserFree($uid);
     }
     if ($this->Config['extcredits_enable'] && $this->Post['validate'] && $this->Post['uid'] > 0) {
         update_credits_by_action('vip', $this->Post['uid']);
     }
     Load::logic('credits');
     $CreditsLogic = new CreditsLogic();
     $CreditsLogic->CountCredits($this->Post['uid']);
     $data = array('uid' => $uid, 'rid' => 0, 'relatedid' => MEMBER_ID, 'dateline' => time());
     foreach ($GLOBALS['_J']['config']['credits']['ext'] as $key => $value) {
         $data[$key] = $_POST[$key] - $member_info[$key];
         $remark .= $value['name'] . ' : ' . $_POST[$key . '_remark'] . ' , ';
     }
     $data['remark'] = trim($remark, ', ');
     jtable('credits_log')->insert($data);
     $this->Messager("编辑成功");
 }
Ejemplo n.º 4
0
 function updatepw($get, $post)
 {
     if (!API_UPDATEPW) {
         return API_RETURN_FORBIDDEN;
     }
     $pwr = md5(microtime(true) . mt_rand() . time());
     $username = $get['username'];
     $password = $get['password'] ? $get['password'] : $pwr;
     if ($password) {
         $salt = jsg_member_salt();
         $this->db->query("UPDATE `{$this->tablepre}members` SET `password`='" . jsg_member_password($password, $salt) . "', `salt`='{$salt}' WHERE `nickname`='{$username}'");
     }
     return API_RETURN_SUCCEED;
 }