public function __construct() { parent::__construct(); if (!check_hash_key() && $GLOBALS['action'] == 'send_mobile_verify_code') { showErr("非法请求!", 1); } }
public function __construct() { parent::__construct(); if (!check_hash_key()) { showErr("非法请求!", 1); } }
public function dologin() { if (!$_POST) { app_redirect("404.html"); exit; } foreach ($_POST as $k => $v) { $_POST[$k] = htmlspecialchars(addslashes($v)); } $ajax = intval($_REQUEST['ajax']); if (!check_hash_key()) { showErr("非法请求!", $ajax); } $_POST['user_pwd'] = trim(FW_DESPWD($_POST['user_pwd'])); require_once APP_ROOT_PATH . "system/libs/user.php"; if (check_ipop_limit(CLIENT_IP, "user_dologin", intval(app_conf("SUBMIT_DELAY")))) { $result = do_login_user($_POST['email'], $_POST['user_pwd']); } else { showErr($GLOBALS['lang']['SUBMIT_TOO_FAST'], $ajax, url("shop", "manageagency#login")); } if ($result['status']) { $s_user_info = es_session::get("user_info"); $jump_url = url("index", "manageagency#account"); $s_user_info = es_session::get("manageagency_info"); if ($ajax == 1) { $return['status'] = 1; $return['info'] = $GLOBALS['lang']['LOGIN_SUCCESS']; $return['data'] = $result['msg']; $return['jump'] = $jump_url; ajax_return($return); } else { $GLOBALS['tmpl']->assign('integrate_result', $result['msg']); showSuccess($GLOBALS['lang']['LOGIN_SUCCESS'], $ajax, $jump_url); } } else { if ($result['data'] == ACCOUNT_NO_EXIST_ERROR) { $err = $GLOBALS['lang']['USER_NOT_EXIST']; } if ($result['data'] == ACCOUNT_PASSWORD_ERROR) { $err = $GLOBALS['lang']['PASSWORD_ERROR']; } if ($result['data'] == ACCOUNT_NO_VERIFY_ERROR) { $err = $GLOBALS['lang']['USER_NOT_VERIFY']; if (app_conf("MAIL_ON") == 1 && $ajax == 0) { $GLOBALS['tmpl']->assign("page_title", $err); $GLOBALS['tmpl']->assign("user_info", $result['user']); $GLOBALS['tmpl']->display("verify_user.html"); exit; } } showErr($err, $ajax); } }
public function dologin() { if (!$_POST) { app_redirect("404.html"); exit; } foreach ($_POST as $k => $v) { $_POST[$k] = htmlspecialchars(addslashes($v)); } $ajax = intval($_REQUEST['ajax']); if (!check_hash_key()) { showErr("非法请求!", $ajax); } //验证码 if (app_conf("VERIFY_IMAGE") == 1) { $verify = md5(trim($_REQUEST['verify'])); $session_verify = es_session::get('verify'); if ($verify != $session_verify) { showErr($GLOBALS['lang']['VERIFY_CODE_ERROR'], $ajax, url("shop", "user#login")); } } require_once APP_ROOT_PATH . "system/libs/user.php"; $_POST['user_pwd'] = trim(FW_DESPWD($_POST['user_pwd'])); if (check_ipop_limit(CLIENT_IP, "user_dologin", intval(app_conf("SUBMIT_DELAY")))) { $result = do_login_user($_POST['email'], $_POST['user_pwd']); } else { showErr($GLOBALS['lang']['SUBMIT_TOO_FAST'], $ajax, url("shop", "user#login")); } if ($result['status']) { $s_user_info = es_session::get("user_info"); if (intval($_POST['auto_login']) == 1) { //自动登录,保存cookie $user_data = $s_user_info; es_cookie::set("user_name", $user_data['email'], 3600 * 24 * 30); es_cookie::set("user_pwd", md5($user_data['user_pwd'] . "_EASE_COOKIE"), 3600 * 24 * 30); } if ($ajax == 0 && trim(app_conf("INTEGRATE_CODE")) == '') { $redirect = $_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : url("index"); app_redirect($redirect); } else { $jump_url = get_gopreview(); $s_user_info = es_session::get("user_info"); if ($s_user_info['ips_acct_no'] == "" && app_conf("OPEN_IPS")) { if ($ajax == 1) { $return['status'] = 2; $return['info'] = "本站需绑定第三方托管账户,是否马上去绑定"; $return['data'] = $result['msg']; $return['jump'] = $jump_url; $return['jump1'] = APP_ROOT . "/index.php?ctl=collocation&act=CreateNewAcct&user_type=0&user_id=" . $s_user_info['id']; ajax_return($return); } else { $GLOBALS['tmpl']->assign('integrate_result', $result['msg']); showSuccess($GLOBALS['lang']['LOGIN_SUCCESS'], $ajax, $jump_url); } } else { if ($ajax == 1) { $return['status'] = 1; $return['info'] = $GLOBALS['lang']['LOGIN_SUCCESS']; $return['data'] = $result['msg']; $return['jump'] = $jump_url; ajax_return($return); } else { $GLOBALS['tmpl']->assign('integrate_result', $result['msg']); showSuccess($GLOBALS['lang']['LOGIN_SUCCESS'], $ajax, $jump_url); } } } } else { if ($result['data'] == ACCOUNT_NO_EXIST_ERROR) { $err = $GLOBALS['lang']['USER_NOT_EXIST']; } if ($result['data'] == ACCOUNT_PASSWORD_ERROR) { $err = $GLOBALS['lang']['PASSWORD_ERROR']; } if ($result['data'] == ACCOUNT_NO_VERIFY_ERROR) { $err = $GLOBALS['lang']['USER_NOT_VERIFY']; if (app_conf("MAIL_ON") == 1 && $ajax == 0) { $GLOBALS['tmpl']->assign("page_title", $err); $GLOBALS['tmpl']->assign("user_info", $result['user']); $GLOBALS['tmpl']->display("verify_user.html"); exit; } } showErr($err, $ajax); } }
public function save_pwd() { if (!check_hash_key()) { showErr("非法请求!", $ajax); } $GLOBALS['authorized_info'] = $this->checkLogin(); require_once APP_ROOT_PATH . 'system/libs/user.php'; foreach ($_REQUEST as $k => $v) { $_REQUEST[$k] = htmlspecialchars(addslashes(trim($v))); } if ($_REQUEST['sta'] == 1) { $sms_code = trim($_REQUEST['sms_code']); $phone = $GLOBALS['authorized_info']['mobile']; //print_r($GLOBALS['authorized_info']);die; $code = $GLOBALS['db']->getOne("SELECT verify_code FROM " . DB_PREFIX . "mobile_verify_code where mobile='" . $phone . "'"); if ($sms_code != $code) { showErr("验证码输出错误!", intval($_REQUEST['is_ajax'])); } } $_REQUEST['id'] = intval($GLOBALS['authorized_info']['id']); $_REQUEST["user_type"] = 3; $res = save_user($_REQUEST, 'UPDATE'); if ($res['status'] == 1) { $s_user_info = es_session::get("authorized_info"); $user_info = $GLOBALS['db']->getRow("select * from " . DB_PREFIX . "user where id = '" . intval($s_user_info['id']) . "'"); es_session::set("authorized_info", $user_info); if (intval($_REQUEST['is_ajax']) == 1) { showSuccess($GLOBALS['lang']['SUCCESS_TITLE'], 1); } else { app_redirect(url("index", "authorized#index")); } } else { $error = $res['data']; if (!$error['field_show_name']) { $error['field_show_name'] = $GLOBALS['lang']['USER_TITLE_' . strtoupper($error['field_name'])]; } if ($error['error'] == EMPTY_ERROR) { $error_msg = sprintf($GLOBALS['lang']['EMPTY_ERROR_TIP'], $error['field_show_name']); } if ($error['error'] == FORMAT_ERROR) { $error_msg = sprintf($GLOBALS['lang']['FORMAT_ERROR_TIP'], $error['field_show_name']); } if ($error['error'] == EXIST_ERROR) { $error_msg = sprintf($GLOBALS['lang']['EXIST_ERROR_TIP'], $error['field_show_name']); } showErr($error_msg, intval($_REQUEST['is_ajax'])); } }