function admin_pwd_reset() { header("Content-Type: application/json; charset=utf-8"); if (!$this->check()) { return; } $id = $this->__req->post('id'); $rt = ['status' => false, 'msg' => '']; $pwd = salt(12); $a_salt = salt(32); $a_pwd = salt_hash(md5_xx($pwd), $a_salt); $db = db_class(); $id = $db->update_admin_info($id, compact('a_salt', 'a_pwd')); if ($id == 1) { $rt['status'] = true; $rt['msg'] = $pwd; } else { $rt['msg'] = "更新失败"; } echo json_encode($rt); }
public function login($user, $password) { $user = trim($user); $password = trim($password); $info = $this->db->get_admin_info($user); if (isset($info['a_name']) && $info['a_name'] === $user) { if (salt_hash(md5_xx($password), $info['a_salt']) == $info['a_pwd']) { if ($info['a_status'] == 1) { return "账户被禁用"; } else { $ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : NULL; if ($this->ip_filter($info['a_ip'], $ip)) { $this->status = true; $this->set_session($info, $ip); return true; } else { return "当前IP{" . ($ip ? $ip : "{NULL}") . "}禁止登陆"; } } } else { return "用户名或密码错误"; } } else { return "用户名不存在"; } }