function get_full_info_by_email_password($email, $password) { $sql = "SELECT * FROM `user` WHERE `email` = '" . s($email) . "' LIMIT 1"; if (!($line = get_line($sql))) { return false; } $ret = false; //$passwordv2 = ttpassv2($line['id']); $passwordv2 = ttpassv2($password, $line['id']); // ============================ // to remove in next version if (ttpassv2($line['id']) == $line['password']) { $sql = "UPDATE `user` SET `password` = '" . s($passwordv2) . "' WHERE `id` = '" . intval($line['id']) . "' LIMIT 1"; run_sql($sql); return $line; } // ============================= if (strlen($line['password']) == 32) { // old password format $passwordv1 = md5($password); if ($passwordv1 == $line['password']) { $ret = $line; } // change to new password $sql = "UPDATE `user` SET `password` = '" . s($passwordv2) . "' WHERE `id` = '" . intval($line['id']) . "' LIMIT 1"; run_sql($sql); } elseif (strlen($line['password']) == 30) { if ($passwordv2 == $line['password']) { $ret = $line; } } return $ret; }
/** * 更新用户密码 * * * @param string token , 必填 * @param string opassword - 原密码 , 必填 * @param string password -新密码 , 必填 * @return msg array( 'msg'=>ok ) * @author EasyChen */ function user_update_password() { if (!c('can_modify_password')) { return self::send_error(LR_API_ARGS_ERROR, __('API_MESSAGE_CANNOT_CHANGE_PASSWORD')); } $opassword = z(t(v('opassword'))); if (!not_empty($opassword)) { return self::send_error(LR_API_ARGS_ERROR, __('INPUT_CHECK_BAD_ARGS', 'OPASSWORD')); } $password = z(t(v('password'))); if (!not_empty($password)) { return self::send_error(LR_API_ARGS_ERROR, __('INPUT_CHECK_BAD_ARGS', 'PASSWORD')); } if ($opassword == $password) { return self::send_error(LR_API_ARGS_ERROR, __('API_MESSAGE_SAME_PASSWORD')); } $passwordv1 = md5($opassword); $passwordv2 = ttpassv2($opassword, uid()); $sql = "SELECT COUNT(*) FROM `user` WHERE `id` = '" . intval(uid()) . "' AND ( `password` = '" . s($passwordv1) . "' OR `password` = '" . s($passwordv2) . "' ) "; if (get_var($sql) < 1) { return self::send_error(LR_API_ARGS_ERROR, __('API_MESSAGE_BAD_OPASSWORD')); } $newpass = ttpassv2($password, uid()); $sql = "UPDATE\t`user` SET `password` = '" . s($newpass) . "' WHERE `id` = '" . intval(uid()) . "' AND ( `password` = '" . s($passwordv1) . "' OR `password` = '" . s($passwordv2) . "' ) LIMIT 1"; run_sql($sql); if (db_errno() != 0) { return self::send_error(LR_API_DB_ERROR, __('API_MESSAGE_DATABASE_ERROR') . db_error()); } else { return self::send_result(array('msg' => 'ok')); } }