public function checkLogin()
{
C('TMPL_ACTION_ERROR', 'Users:loginAdmin');
$user = D('Users')->where(array('username' => $_POST['username']))->find();
if (!$user || $_POST['username'] !== 'admin' || md5($_POST['password'] . makeSecType()) !== $user['password']) {
$msg = '登录信息错误,请核对用户名和密码。';
$this->error($msg);
} else {
$_SESSION['admin'] = $user;
$this->redirect('Admin/index');
}
}
protected function _before_insert(&$data, $options)
{
$data['password'] = md5($data['password'] . makeSecType());
}
public function setting()
{
if (IS_POST) {
$empty = (empty($_POST['old_password']) or empty($_POST['password']) or empty($_POST['repassword']));
$empty && ($msg = L('password_not_empty'));
$repassword_match = $_POST['password'] !== $_POST['repassword'];
$repassword_match && ($msg = L('repassword_not_match'));
if (!$empty && !$repassword_match) {
$model = D('Users');
$uid = $_SESSION['user_id'];
$condition = ['id' => $uid];
$old_password = $model->where($condition)->getField('password');
if ($old_password !== md5($_POST['old_password'] . makeSecType())) {
$msg = L('confirm_password');
} else {
$res = $model->where($condition)->save(['password' => md5($_POST['password'] . makeSecType())]);
if ($res !== false) {
$this->redirect('Index/index');
} else {
$msg = L($model->getError());
}
}
}
$this->error($msg);
}
$this->display();
}
