function CheckUser($loginuser,$loginpwd)
{
if(!TestStringSafe($loginuser)||!TestStringSafe($loginpwd))
{
ShowMsg("用户名或密码不合法!","-1");
exit();
}
$loginuser = ereg_replace("[;%'\\\?\*\$]","",$loginuser);
$dsql = new DedeSql(false);
$row = $dsql->GetOne("Select ID,pwd From #@__member where userid='$loginuser' ");
if(is_array($row)) //用户存在
{
//密码错误
if($row['pwd'] != $loginpwd){ return -1; }
else{ //成功登录
$dsql->ExecuteNoneQuery("update #@__member set logintime='".time()."',loginip='".GetIP()."' where ID='{$row['ID']}';");
$dsql->Close();
$this->PutLoginInfo($row['ID']);
$this->FushCache();
return 1;
}
}else{ //用户不存在
return 0;
}
}
echo "密码错误!";
exit();
}
$loginip = Z_GetIP();
$cfg_ndsql->ExecuteNoneQuery("update #@__member set logintime='$ntime',loginip='$loginip' where ID='$ID' ");
Z_CloseSql();
$backString = $ID;
echo 'OK!'.$backString;
exit();
}
/*--------------------------------
更改密码
function __UserEdit()
---------------------------------*/
else if($action=='edit'){
if($newuserpwd==''||!TestStringSafe($newuserpwd)){
echo "用户密码为空或存在非法字符串!";
exit();
}
if(strlen($newuserpwd)>24){
echo "用户密码长度不能超过24位!";
exit();
}
$newuserpwd = GetEncodePwd($newuserpwd);
Z_OpenSql();
$cfg_ndsql->ExecuteNoneQuery("Update #@__member set pwd='$newuserpwd' where userid like '$userid' ");
Z_CloseSql();
echo 'OK!';
}
/*--------------------------------
退出系统
foreach($keys as $v) $$v = '';
//解码GET字符串
$rmdata = base64_decode($rmdata);
$datas = explode('&',$rmdata);
foreach($datas as $ky){
$nkys = explode('=',$ky);
if(in_array($nkys[0],$keys) && isset($nkys[1])) ${$nkys[0]} = urldecode($nkys[1]);
}
$ntime = time();
if($action!='exit'){
//验证证书
if($userid==''||!TestStringSafe($userid)){
echo "用户ID为空或存在非法字符串!".$oldrmdata;
exit();
}
if(strlen($userid)>24){
echo "用户ID长度不能超过24位!";
exit();
}
$testSign = substr(md5($userid.$cfg_cookie_encode),0,24);
if($testSign!=$signstr){
echo "证书验证失败!";
exit();
}
}
//注解里的function仅方便UltraEdit索引,并无其它意义
