function get_full_info_by_email_password($email, $password)
{
$sql = "SELECT * FROM `user` WHERE `email` = '" . s($email) . "' LIMIT 1";
if (!($line = get_line($sql))) {
return false;
}
$ret = false;
//$passwordv2 = ttpassv2($line['id']);
$passwordv2 = ttpassv2($password, $line['id']);
// ============================
// to remove in next version
if (ttpassv2($line['id']) == $line['password']) {
$sql = "UPDATE `user` SET `password` = '" . s($passwordv2) . "' WHERE `id` = '" . intval($line['id']) . "' LIMIT 1";
run_sql($sql);
return $line;
}
// =============================
if (strlen($line['password']) == 32) {
// old password format
$passwordv1 = md5($password);
if ($passwordv1 == $line['password']) {
$ret = $line;
}
// change to new password
$sql = "UPDATE `user` SET `password` = '" . s($passwordv2) . "' WHERE `id` = '" . intval($line['id']) . "' LIMIT 1";
run_sql($sql);
} elseif (strlen($line['password']) == 30) {
if ($passwordv2 == $line['password']) {
$ret = $line;
}
}
return $ret;
}
/**
* 更新用户密码
*
*
* @param string token , 必填
* @param string opassword - 原密码 , 必填
* @param string password -新密码 , 必填
* @return msg array( 'msg'=>ok )
* @author EasyChen
*/
function user_update_password()
{
if (!c('can_modify_password')) {
return self::send_error(LR_API_ARGS_ERROR, __('API_MESSAGE_CANNOT_CHANGE_PASSWORD'));
}
$opassword = z(t(v('opassword')));
if (!not_empty($opassword)) {
return self::send_error(LR_API_ARGS_ERROR, __('INPUT_CHECK_BAD_ARGS', 'OPASSWORD'));
}
$password = z(t(v('password')));
if (!not_empty($password)) {
return self::send_error(LR_API_ARGS_ERROR, __('INPUT_CHECK_BAD_ARGS', 'PASSWORD'));
}
if ($opassword == $password) {
return self::send_error(LR_API_ARGS_ERROR, __('API_MESSAGE_SAME_PASSWORD'));
}
$passwordv1 = md5($opassword);
$passwordv2 = ttpassv2($opassword, uid());
$sql = "SELECT COUNT(*) FROM `user` WHERE `id` = '" . intval(uid()) . "' AND ( `password` = '" . s($passwordv1) . "' OR `password` = '" . s($passwordv2) . "' ) ";
if (get_var($sql) < 1) {
return self::send_error(LR_API_ARGS_ERROR, __('API_MESSAGE_BAD_OPASSWORD'));
}
$newpass = ttpassv2($password, uid());
$sql = "UPDATE\t`user` SET `password` = '" . s($newpass) . "' WHERE `id` = '" . intval(uid()) . "' AND ( `password` = '" . s($passwordv1) . "' OR `password` = '" . s($passwordv2) . "' ) LIMIT 1";
run_sql($sql);
if (db_errno() != 0) {
return self::send_error(LR_API_DB_ERROR, __('API_MESSAGE_DATABASE_ERROR') . db_error());
} else {
return self::send_result(array('msg' => 'ok'));
}
}
