/** * 登录 * @return 用户对象 -2 密码错误 -1 用户不存在或被禁用 */ public function login($username, $password) { $map = array('username' => $username); $user = D('UcenterMember')->where($map)->find(); if (is_array($user) && $user['status'] == 1) { /* 验证用户密码 */ if (think_ucenter_md5($password, UC_AUTH_KEY) === $user['password']) { $this->updateLogin($user['id']); //更新用户登录信息 $uid = $user['id']; //登录成功,返回用户ID } else { $uid = -2; //密码错误 } } else { $uid = -1; //用户不存在或被禁用 } if ($uid > 0) { $admin = $this->where(array('member_id' => $uid))->find(); if (is_array($admin) && $admin['status'] == 1) { return $admin; } else { $uid = -1; //用户不存在或被禁用 } } return $uid; }
/** * 添加管理员 * @param string $username * @param string $password * @return boolean|\Think\mixed * @author frenlee <*****@*****.**> * @since 2015年5月13日 上午10:35:20 */ public function addUser($username = '', $password = '') { if (empty($username) || empty($password)) { return false; } $data = $this->create(); $data['username'] = $username; $data['password'] = think_ucenter_md5($username, AUTH_KEY); return $this->add($data); }
public function login($email, $password) { $map = array(); $map['email'] = $email; $user = $this->where($map)->find(); if (is_array($user) && $user['status']) { if (think_ucenter_md5($password, ADMIN_AUTH_KEY) === $user['password']) { $this->autoLogin($user); return $user['id']; return -2; } } else { return -1; } }
public function changepwd1() { if (IS_POST) { $arr = I('post.'); if (!$arr['password'] || !$arr['token'] || !$arr['str']) { $this->apiError(0, '参数错误'); } if (!$this->checkEncrypt($arr['token'], $arr['str'])) { $this->apiError(0, '非法请求'); } $data['password'] = think_ucenter_md5($arr['password'], UC_AUTH_KEY); $data['id'] = $this->uid; $data['update_time'] = time(); $res = M('ucenter_member')->save($data); if ($res['status']) { $this->apiSuccess('success'); } else { $this->apiError(0, '修改失败'); } } }
<?php include_once './Application/User/Conf/config.php'; function think_ucenter_md5($str, $key = 'ThinkUCenter') { return '' === $str ? '' : md5(sha1($str) . $key); } echo think_ucenter_md5($_GET['password'], UC_AUTH_KEY);
/** * 验证用户密码 * @param int $uid 用户id * @param string $password_in 密码 * @return true 验证成功,false 验证失败 * @author huajie <*****@*****.**> */ public function verifyUser($uid, $password_in) { $password = $this->getFieldById($uid, 'password'); if (think_ucenter_md5($password_in, UC_AUTH_KEY) === $password) { return true; } return false; }
/** * 验证用户密码 * @param int $uid 用户id * @param string $user_pwd_in 密码 * @return true 验证成功,false 验证失败 * @author huajie <*****@*****.**> */ protected function verifyUser($uid, $user_pwd_in) { $user_pwd = $this->getFieldById($uid, 'user_pwd'); if (think_ucenter_md5($user_pwd_in, UC_AUTH_KEY) === $user_pwd) { return true; } return false; }
/** * 验证用户密码 * @param int $uid 用户id * @param string $password_in 密码 * @return true 验证成功,false 验证失败 * @author huajie <*****@*****.**> */ protected function verifyUser($uid, $password_in) { $password = $this->where(array('id' => $uid))->getField('password'); if (think_ucenter_md5($password_in, UC_AUTH_KEY) === $password) { return true; } return false; }
/** * 验证用户密码 * @param int $uid 用户id * @param string $password_in 密码 * @return true 验证成功,false 验证失败 * @author huajie <*****@*****.**> */ protected function verifyUser($uid, $password_in) { $password = $this->getFieldById($uid, 'password'); $salt = $this->getFieldById($uid, 'salt'); if (!$salt) { $salt = UC_AUTH_KEY; } if (think_ucenter_md5($password_in, $salt) === $password) { return true; } return false; }
/** * 更新密码 */ public function updatePsw() { addLog("User/updatePsw", $_GET, $_POST, '应用' . $this->client_id . "调用更新密码接口"); // if (IS_POST) { $username = $this->_post('username', ''); $old_psw = $this->_post('old_psw', ''); $psw = $this->_post('psw', ''); $code = $this->_post('code', ''); if (empty($old_psw) && empty($code)) { $this->apiReturnErr("验证参数缺失!"); } //验证码存在时,排除密码 if (!empty($code)) { $old_psw = ''; } $old_psw = base64_decode($old_psw); $psw = base64_decode($psw); $type = $this->getUsernameType($username); $result = array('status'); if ($type == UcenterMemberModel::ACCOUNT_TYPE_MOBILE) { $result = apiCall(UserApi::FIND, array(array('mobile' => $username))); } elseif ($type == UcenterMemberModel::ACCOUNT_TYPE_USERNAME) { $result = apiCall(UserApi::FIND, array(array('username' => $username))); } else { $this->apiReturnErr("参数非法!"); } if (!$result['status'] && empty($result['info'])) { $this->apiReturnErr("用户登录账户非法!"); } $id = $result['info']['id']; addLog("id", $id, $psw, ""); //**************检测是否合法用户,要修改密码,必须确保用户身份有权限****** if (!empty($code)) { $type = SecurityCodeModel::TYPE_FOR_UPDATE_PSW; // $result = apiCall(SecurityCodeApi::IS_LEGAL_CODE, array($code, $username, $type)); if (!$result['status'] || $result['info'] != 1) { $this->apiReturnErr("验证失败"); } } elseif (!empty($old_psw)) { if ($result['info']['password'] != think_ucenter_md5($old_psw, UC_AUTH_KEY)) { $this->apiReturnErr("原密码错误!"); } } //************************************************************** if (strlen($psw) < 6) { $this->apiReturnErr("密码必须大于6位长度!"); } addLog("User/updatePsw", $_GET, $_POST, '应用' . $this->client_id . "调用更新密码接口"); $result = apiCall(UserApi::UPDATEPWD, array($id, $psw)); //记录成功更新密码的日志 action_log("api_user_update_psw", "common_member", $id, $this->client_id); if (!$result['status']) { $this->apiReturnErr("更新密码失败!" . $result['info']); } $this->apiReturnSuc("更新密码成功!"); } else { $this->apiReturnErr("更新密码失败!"); } }
webscan_St0pAttack($key, $value, $filter, "GET"); } } if (empty($id)) { $id = 0; } $id = preg_replace('#[^\\w\\s]#i', '', $id); if (strlen($username) > 20) { $username = substr($username, 0, 20); } if ($act == 'login') { $sql = "select * from admin where username='******' or id='{$id}' or email = '{$email}'"; $result = @mysql_fetch_array(mysql_query($sql)); mysql_close(); if ($result) { if (think_ucenter_md5($password, $result['salt']) === $result['password']) { $_SESSION['login'] = 1; $_SESSION['auth'] = 1; echo "<center style=\"font-size:36px; color:red\"><a href=\"./sgbm/admin_index.php\">Click jump to the Backstage</a></center>"; } else { exit('<script>alert("Password of the account is not right")</script>'); } } else { exit('<script>alert("The account is not exists")</script>'); } } else { exit('<script>alert("Please login!login!login!login!login!login!login!login!login!login!login!login!")</script>'); } } } else { ?>
/** * 登录指定用户 * @param integer $uid 用户UID * @param string $mobile 用户名 * @param string $password 用户密码 * @param bool $remember * @param int $role_id 有值代表强制登录这个角色 * @return boolean ture-登录成功,false-登录失败 */ public function login($uid, $mobile = '', $password = '', $remember = false, $role_id = 0) { /* 检测是否在当前应用注册 */ $map['uid'] = $uid; $map['mobile'] = $mobile; /* 获取用户数据 */ $user = $this->where($map)->find(); if ($role_id != 0) { $user['last_login_role'] = $role_id; } else { if (!intval($user['last_login_role'])) { $user['last_login_role'] = $user['show_role']; } } $return = check_action_limit('input_password', 'ucuser', $user['uid'], $user['uid']); if ($return && !$return['state']) { return $return['info']; } if (is_array($user) && $user['status']) { /* 验证用户密码 */ if (think_ucenter_md5($password, UC_AUTH_KEY) === $user['password']) { $this->updateLogin($user['uid']); //更新用户登录信息 return $user['uid']; //登录成功,返回用户UID } else { return -2; //密码错误 } } else { return -1; //用户不存在或被禁用 } //以下程序运行不到 session('temp_login_uid', $uid); session('temp_login_role_id', $user['last_login_role']); if ($user['status'] == 3) { header('Content-Type:application/json; charset=utf-8'); $data['status'] = 1; $data['url'] = U('Ucuser/Ucuser/activate'); exit(json_encode($data)); } if (1 > $user['status']) { $this->error = '用户未激活或已禁用!'; //应用级别禁用 return false; } /* 登录用户 */ $this->autoLogin($user, $remember); session('temp_login_uid', null); session('temp_login_role_id', null); return true; }
/** * 修改密码 */ public function update($param) { if ($param['old_password'] && $param['new_password'] && $param['uid']) { $map['uid'] = intval($param['uid']); $old_password = trim($param['old_password']); $user_info = M('ucenter_member')->where($map)->find(); if ($user_info) { if (think_ucenter_md5($old_password, UC_AUTH_KEY) !== $user_info['password']) { $this->getResponse('', '303'); } else { $save['password'] = think_ucenter_md5(trim($param['new_password']), UC_AUTH_KEY); $res = M('ucenter_member')->where($map)->save($save); $this->getResponse('', $res ? '0' : '304'); } } else { $this->getResponse('', '301'); } } else { $this->getResponse('', '999'); } }