if ($action == 'login') {
if ($method == 'GET') {
$referer = user_http_referer();
$header['title'] = '用户登录';
include './flarum/view/user_login.htm';
} else {
if ($method == 'POST') {
$account = param('account');
// 邮箱或者手机号
$password = param('password');
empty($account) and message(1, '账号为空');
if (is_email($account, $err)) {
$user = user_read_by_email($account);
empty($user) and message(1, 'Email 不存在');
} else {
$user = user_read_by_username($account);
empty($user) and message(1, '用户名不存在');
}
md5($password . $user['salt']) != $user['password'] and message(2, '密码错误');
// 更新登录时间和次数
user_update($user['uid'], array('login_ip' => $longip, 'login_date' => $time, 'logins+' => 1));
$uid = $user['uid'];
$gid = $user['gid'];
$user['token'] = user_token_set($uid, $gid, $user['password'], $user['avatar'], $user['username'], '', 86400 * 30);
unset($user['password']);
unset($user['password_sms']);
unset($user['salt']);
// 更新在线
online_list_cache_delete();
user_ajax_info($user);
message(0, $user);
if ($email and $old['email'] != $email) {
$user = user_read_by_email($email);
$user and message(2, '用户 EMAIL 已经存在');
}
$arr = array();
$arr['email'] = $email;
// 非管理员(gid = 1),不允许修改其他用户的手机号、用户名、用户组、密码
if ($user['gid'] == 1) {
$mobile and !is_mobile($mobile, $err) and message(1, $err);
//$username AND !is_username($username, $err) AND message(3, $err);
if ($mobile and $old['mobile'] != $mobile) {
$user = user_read_by_mobile($mobile);
$user and message(1, '用户手机已经存在');
}
if ($username and $old['username'] != $username) {
$user = user_read_by_username($username);
$user and message(3, '用户已经存在');
}
$arr['mobile'] = $mobile;
$arr['username'] = $username;
$arr['gid'] = $gid;
if ($password) {
!is_password($password, $err) and message(4, $err);
$salt = mt_rand(10000000, 9999999999);
$arr['password'] = md5($password . $salt);
$arr['salt'] = $salt;
}
}
$r = user_update($uid, $arr);
$r !== FALSE ? message(0, '更新成功') : message(11, '更新失败');
}
function qq_login_create_user($username, $avatar_url_2, $openid)
{
global $conf, $time, $longip;
$arr = qq_login_read_user_by_openid($openid);
if ($arr) {
return xn_error(-2, '已经注册');
}
// 自动产生一个用户名
$r = user_read_by_username($username);
if ($r) {
$username = $username . '_' . $time;
$r = user_read_by_username($username);
if ($r) {
return xn_error(-1, '用户名被占用。');
}
}
// 自动产生一个 Email
$email = "qq_{$time}@qq.com";
$r = user_read_by_email($email);
if ($r) {
return xn_error(-1, 'Email 被占用');
}
// 随机密码
$password = md5(rand(1000000000, 9999999999) . $time);
$user = array('username' => $username, 'email' => $email, 'password' => $password, 'gid' => 101, 'salt' => rand(100000, 999999), 'create_date' => $time, 'create_ip' => $longip, 'avatar' => 0, 'logins' => 1, 'login_date' => $time, 'login_ip' => $longip);
$uid = user_create($user);
if (empty($uid)) {
return xn_error(-1, '注册失败');
}
$user = user_read($uid);
$r = db_exec("INSERT INTO bbs_user_open_plat SET uid='{$uid}', platid='1', openid='{$openid}'");
if (empty($uid)) {
return xn_error(-1, '注册失败');
}
runtime_set('users+', '1');
runtime_set('todayusers+', '1');
// 头像不重要,忽略错误。
if ($avatar_url_2) {
$filename = "{$uid}.png";
$dir = substr(sprintf("%09d", $uid), 0, 3) . '/';
$path = $conf['upload_path'] . 'avatar/' . $dir;
!is_dir($path) and mkdir($path, 0777, TRUE);
$data = file_get_contents($avatar_url_2);
file_put_contents($path . $filename, $data);
user_update($uid, array('avatar' => $time));
}
return $user;
}
