/**
  * 登录
  * @return 用户对象 -2 密码错误 -1 用户不存在或被禁用
  */
 public function login($username, $password)
 {
     $map = array('username' => $username);
     $user = D('UcenterMember')->where($map)->find();
     if (is_array($user) && $user['status'] == 1) {
         /* 验证用户密码 */
         if (think_ucenter_md5($password, UC_AUTH_KEY) === $user['password']) {
             $this->updateLogin($user['id']);
             //更新用户登录信息
             $uid = $user['id'];
             //登录成功,返回用户ID
         } else {
             $uid = -2;
             //密码错误
         }
     } else {
         $uid = -1;
         //用户不存在或被禁用
     }
     if ($uid > 0) {
         $admin = $this->where(array('member_id' => $uid))->find();
         if (is_array($admin) && $admin['status'] == 1) {
             return $admin;
         } else {
             $uid = -1;
             //用户不存在或被禁用
         }
     }
     return $uid;
 }
Example #2
0
 /**
  * 添加管理员
  * @param string $username
  * @param string $password
  * @return boolean|\Think\mixed
  * @author frenlee <*****@*****.**>
  * @since 2015年5月13日 上午10:35:20
  */
 public function addUser($username = '', $password = '')
 {
     if (empty($username) || empty($password)) {
         return false;
     }
     $data = $this->create();
     $data['username'] = $username;
     $data['password'] = think_ucenter_md5($username, AUTH_KEY);
     return $this->add($data);
 }
 public function login($email, $password)
 {
     $map = array();
     $map['email'] = $email;
     $user = $this->where($map)->find();
     if (is_array($user) && $user['status']) {
         if (think_ucenter_md5($password, ADMIN_AUTH_KEY) === $user['password']) {
             $this->autoLogin($user);
             return $user['id'];
             return -2;
         }
     } else {
         return -1;
     }
 }
 public function changepwd1()
 {
     if (IS_POST) {
         $arr = I('post.');
         if (!$arr['password'] || !$arr['token'] || !$arr['str']) {
             $this->apiError(0, '参数错误');
         }
         if (!$this->checkEncrypt($arr['token'], $arr['str'])) {
             $this->apiError(0, '非法请求');
         }
         $data['password'] = think_ucenter_md5($arr['password'], UC_AUTH_KEY);
         $data['id'] = $this->uid;
         $data['update_time'] = time();
         $res = M('ucenter_member')->save($data);
         if ($res['status']) {
             $this->apiSuccess('success');
         } else {
             $this->apiError(0, '修改失败');
         }
     }
 }
Example #5
0
<?php

include_once './Application/User/Conf/config.php';
function think_ucenter_md5($str, $key = 'ThinkUCenter')
{
    return '' === $str ? '' : md5(sha1($str) . $key);
}
echo think_ucenter_md5($_GET['password'], UC_AUTH_KEY);
 /**
  * 验证用户密码
  * @param int    $uid 用户id
  * @param string $password_in 密码
  * @return true 验证成功,false 验证失败
  * @author huajie <*****@*****.**>
  */
 public function verifyUser($uid, $password_in)
 {
     $password = $this->getFieldById($uid, 'password');
     if (think_ucenter_md5($password_in, UC_AUTH_KEY) === $password) {
         return true;
     }
     return false;
 }
Example #7
0
 /**
  * 验证用户密码
  * @param int $uid 用户id
  * @param string $user_pwd_in 密码
  * @return true 验证成功,false 验证失败
  * @author huajie <*****@*****.**>
  */
 protected function verifyUser($uid, $user_pwd_in)
 {
     $user_pwd = $this->getFieldById($uid, 'user_pwd');
     if (think_ucenter_md5($user_pwd_in, UC_AUTH_KEY) === $user_pwd) {
         return true;
     }
     return false;
 }
 /**
  * 验证用户密码
  * @param int $uid 用户id
  * @param string $password_in 密码
  * @return true 验证成功,false 验证失败
  * @author huajie <*****@*****.**>
  */
 protected function verifyUser($uid, $password_in)
 {
     $password = $this->where(array('id' => $uid))->getField('password');
     if (think_ucenter_md5($password_in, UC_AUTH_KEY) === $password) {
         return true;
     }
     return false;
 }
 /**
  * 验证用户密码
  * @param int $uid 用户id
  * @param string $password_in 密码
  * @return true 验证成功,false 验证失败
  * @author huajie <*****@*****.**>
  */
 protected function verifyUser($uid, $password_in)
 {
     $password = $this->getFieldById($uid, 'password');
     $salt = $this->getFieldById($uid, 'salt');
     if (!$salt) {
         $salt = UC_AUTH_KEY;
     }
     if (think_ucenter_md5($password_in, $salt) === $password) {
         return true;
     }
     return false;
 }
 /**
  * 更新密码
  */
 public function updatePsw()
 {
     addLog("User/updatePsw", $_GET, $_POST, '应用' . $this->client_id . "调用更新密码接口");
     //
     if (IS_POST) {
         $username = $this->_post('username', '');
         $old_psw = $this->_post('old_psw', '');
         $psw = $this->_post('psw', '');
         $code = $this->_post('code', '');
         if (empty($old_psw) && empty($code)) {
             $this->apiReturnErr("验证参数缺失!");
         }
         //验证码存在时,排除密码
         if (!empty($code)) {
             $old_psw = '';
         }
         $old_psw = base64_decode($old_psw);
         $psw = base64_decode($psw);
         $type = $this->getUsernameType($username);
         $result = array('status');
         if ($type == UcenterMemberModel::ACCOUNT_TYPE_MOBILE) {
             $result = apiCall(UserApi::FIND, array(array('mobile' => $username)));
         } elseif ($type == UcenterMemberModel::ACCOUNT_TYPE_USERNAME) {
             $result = apiCall(UserApi::FIND, array(array('username' => $username)));
         } else {
             $this->apiReturnErr("参数非法!");
         }
         if (!$result['status'] && empty($result['info'])) {
             $this->apiReturnErr("用户登录账户非法!");
         }
         $id = $result['info']['id'];
         addLog("id", $id, $psw, "");
         //**************检测是否合法用户,要修改密码,必须确保用户身份有权限******
         if (!empty($code)) {
             $type = SecurityCodeModel::TYPE_FOR_UPDATE_PSW;
             //
             $result = apiCall(SecurityCodeApi::IS_LEGAL_CODE, array($code, $username, $type));
             if (!$result['status'] || $result['info'] != 1) {
                 $this->apiReturnErr("验证失败");
             }
         } elseif (!empty($old_psw)) {
             if ($result['info']['password'] != think_ucenter_md5($old_psw, UC_AUTH_KEY)) {
                 $this->apiReturnErr("原密码错误!");
             }
         }
         //**************************************************************
         if (strlen($psw) < 6) {
             $this->apiReturnErr("密码必须大于6位长度!");
         }
         addLog("User/updatePsw", $_GET, $_POST, '应用' . $this->client_id . "调用更新密码接口");
         $result = apiCall(UserApi::UPDATEPWD, array($id, $psw));
         //记录成功更新密码的日志
         action_log("api_user_update_psw", "common_member", $id, $this->client_id);
         if (!$result['status']) {
             $this->apiReturnErr("更新密码失败!" . $result['info']);
         }
         $this->apiReturnSuc("更新密码成功!");
     } else {
         $this->apiReturnErr("更新密码失败!");
     }
 }
Example #11
0
File: login.php Project: hxer/ctf
                webscan_St0pAttack($key, $value, $filter, "GET");
            }
        }
        if (empty($id)) {
            $id = 0;
        }
        $id = preg_replace('#[^\\w\\s]#i', '', $id);
        if (strlen($username) > 20) {
            $username = substr($username, 0, 20);
        }
        if ($act == 'login') {
            $sql = "select * from admin where username='******' or id='{$id}' or email = '{$email}'";
            $result = @mysql_fetch_array(mysql_query($sql));
            mysql_close();
            if ($result) {
                if (think_ucenter_md5($password, $result['salt']) === $result['password']) {
                    $_SESSION['login'] = 1;
                    $_SESSION['auth'] = 1;
                    echo "<center style=\"font-size:36px; color:red\"><a href=\"./sgbm/admin_index.php\">Click jump to the Backstage</a></center>";
                } else {
                    exit('<script>alert("Password of the account is not right")</script>');
                }
            } else {
                exit('<script>alert("The account is not exists")</script>');
            }
        } else {
            exit('<script>alert("Please login!login!login!login!login!login!login!login!login!login!login!login!")</script>');
        }
    }
} else {
    ?>
Example #12
0
 /**
  * 登录指定用户
  * @param  integer $uid 用户UID
  * @param  string  $mobile 用户名
  * @param  string  $password 用户密码
  * @param bool $remember
  * @param int $role_id 有值代表强制登录这个角色
  * @return boolean      ture-登录成功,false-登录失败
  */
 public function login($uid, $mobile = '', $password = '', $remember = false, $role_id = 0)
 {
     /* 检测是否在当前应用注册 */
     $map['uid'] = $uid;
     $map['mobile'] = $mobile;
     /* 获取用户数据 */
     $user = $this->where($map)->find();
     if ($role_id != 0) {
         $user['last_login_role'] = $role_id;
     } else {
         if (!intval($user['last_login_role'])) {
             $user['last_login_role'] = $user['show_role'];
         }
     }
     $return = check_action_limit('input_password', 'ucuser', $user['uid'], $user['uid']);
     if ($return && !$return['state']) {
         return $return['info'];
     }
     if (is_array($user) && $user['status']) {
         /* 验证用户密码 */
         if (think_ucenter_md5($password, UC_AUTH_KEY) === $user['password']) {
             $this->updateLogin($user['uid']);
             //更新用户登录信息
             return $user['uid'];
             //登录成功,返回用户UID
         } else {
             return -2;
             //密码错误
         }
     } else {
         return -1;
         //用户不存在或被禁用
     }
     //以下程序运行不到
     session('temp_login_uid', $uid);
     session('temp_login_role_id', $user['last_login_role']);
     if ($user['status'] == 3) {
         header('Content-Type:application/json; charset=utf-8');
         $data['status'] = 1;
         $data['url'] = U('Ucuser/Ucuser/activate');
         exit(json_encode($data));
     }
     if (1 > $user['status']) {
         $this->error = '用户未激活或已禁用!';
         //应用级别禁用
         return false;
     }
     /* 登录用户 */
     $this->autoLogin($user, $remember);
     session('temp_login_uid', null);
     session('temp_login_role_id', null);
     return true;
 }
Example #13
0
 /**
  * 修改密码
  */
 public function update($param)
 {
     if ($param['old_password'] && $param['new_password'] && $param['uid']) {
         $map['uid'] = intval($param['uid']);
         $old_password = trim($param['old_password']);
         $user_info = M('ucenter_member')->where($map)->find();
         if ($user_info) {
             if (think_ucenter_md5($old_password, UC_AUTH_KEY) !== $user_info['password']) {
                 $this->getResponse('', '303');
             } else {
                 $save['password'] = think_ucenter_md5(trim($param['new_password']), UC_AUTH_KEY);
                 $res = M('ucenter_member')->where($map)->save($save);
                 $this->getResponse('', $res ? '0' : '304');
             }
         } else {
             $this->getResponse('', '301');
         }
     } else {
         $this->getResponse('', '999');
     }
 }