public function update()
{
$oldPasswd = \Hnust\input('oldPasswd');
$newPasswd = \Hnust\input('newPasswd');
$mail = \Hnust\input('mail');
$phone = \Hnust\input('phone');
//修改密码
if (!empty($oldPasswd) && !empty($newPasswd)) {
//验证旧密码
$sql = 'SELECT * FROM `user` WHERE `uid` = ? AND `passwd` = ? LIMIT 1';
$result = Mysql::execute($sql, array($this->uid, \Hnust\passwdEncrypt($this->uid, $oldPasswd)));
//原密码错误
if (empty($result)) {
//错误次数加1
$sql = 'UPDATE `user` SET `error` = (`error` + 1) WHERE `uid` = ? LIMIT 1';
Mysql::execute($sql, array($this->uid));
$this->code = Config::RETURN_ALERT;
$this->msg = '原密码错误';
return false;
}
//检查弱密码
$sql = 'SELECT COUNT(*) `count` FROM `weak` WHERE `md5` = ? LIMIT 1';
$result = Mysql::execute($sql, array($newPasswd));
if ('0' != $result[0]['count']) {
$this->code = Config::RETURN_ALERT;
$this->msg = '您的密码过于简单';
return false;
}
//修改密码
$sql = 'UPDATE `user` SET `passwd` = ?, `error` = 0 WHERE `uid` = ?';
Mysql::execute($sql, array(\Hnust\passwdEncrypt($this->uid, $newPasswd), $this->uid));
//删除其他登陆设备
$tokens = $this->authCache->smembers($this->uid);
foreach ($tokens as $token) {
if ($token === $this->token) {
continue;
}
$this->authCache->hdelete('token', $token);
$this->authCache->sdelete($this->uid, $token);
}
$this->data = '修改成功,请牢记您的密码';
}
//修改其他数据
$sql = "UPDATE `user` `u`,`student` `s`\n SET `s`.`mail` = IF(? = '', `s`.`mail`, ?),\n `s`.`phone` = IF(length(?) <> 11, `s`.`phone`, ?)\n WHERE `s`.`sid` = `u`.`uid` AND `u`.`uid` = ?";
Mysql::execute($sql, array($mail, $mail, $phone, $phone, $this->uid));
Wechat::updateUser($this->uid);
$this->msg = '系统提示';
$this->data = empty($this->data) ? '已保存您的修改' : $this->data;
$this->code = Config::RETURN_CONFIRM;
return true;
}
public function login()
{
$passwd = \Hnust\input('passwd');
//获取用户信息
$sql = 'SELECT `error`, `passwd`, `rank` FROM `user` WHERE `uid` = ?';
$result = Mysql::execute($sql, array($this->uid));
//未查找到用户
if (empty($result)) {
$this->code = Config::RETURN_ERROR;
$this->msg = '该用户不存在,请检查用户名是否正确或长期未使用(长期未使用账号会被系统自动清理)';
return false;
}
//密码错误次数过多
if ($result[0]['error'] >= Config::getConfig('max_passwd_error')) {
$this->code = Config::RETURN_ERROR;
$this->msg = '您的错误次数过多,已被限制使用';
return false;
}
//密码不正确
if ($result[0]['passwd'] !== \Hnust\passwdEncrypt($this->uid, $passwd)) {
//错误次数加1
$sql = 'UPDATE `user` SET `error` = (`error` + 1) WHERE `uid` = ? LIMIT 1';
Mysql::execute($sql, array($this->uid));
$this->code = Config::RETURN_ERROR;
$this->msg = '您输入的密码有误';
return false;
}
//选取不重复的token
$loginInfo = array('uid' => $this->uid, 'time' => time(), 'ua' => $_SERVER['HTTP_USER_AGENT']);
do {
$this->token = \Hnust\randStr(32);
} while (!$this->authCache->hadd('token', $this->token, $loginInfo));
$this->authCache->sadd($this->uid, $this->token);
//更新用户信息
$sql = 'UPDATE `user` SET `error` = 0, `lastTime` = CURRENT_TIMESTAMP WHERE `uid` = ?';
Mysql::execute($sql, array($this->uid));
//设置cookies
$cookieTime = time() + Config::getConfig('max_remember_time');
setcookie('token', $this->token, $cookieTime, Config::WEB_PATH . '/');
$this->msg = '登陆成功';
$this->code = Config::RETURN_RECORD_PAGE;
$this->info = $this->user();
return true;
}
public function user()
{
$type = \Hnust\input('type');
$uid = \Hnust\input('uid');
//添加用户
if ('add' === $type) {
$rank = \Hnust\input('rank');
$sql = "SELECT * FROM\n (SELECT COUNT(*) `user` FROM `user` WHERE `uid` = ?) `a` ,\n (SELECT COUNT(*) `student` FROM `student` WHERE `sid` = ?) `b`";
$result = Mysql::execute($sql, array($uid, $uid));
if (empty($result)) {
return $this->msg = '添加失败';
} elseif ($result[0]['user'] > 0) {
return $this->msg = '添加失败,用户已存在';
} elseif ($result[0]['student'] <= 0) {
return $this->msg = '添加失败,未找到对应学号';
}
$randPasswd = \Hnust\randStr(6);
$passwd = \Hnust\passwdEncrypt($uid, md5($randPasswd));
//选取与数据库不重复的ApiToken
do {
$apiToken = \Hnust\randStr(32);
$sql = 'SELECT COUNT(*) `count` FROM `user` WHERE `apiToken` = ? ';
$result = Mysql::execute($sql, array($apiToken));
} while ('0' != $result[0]['count']);
//添加新用户
$sql = "INSERT INTO `user`(\n `uid`, `inviter`, `passwd`, `apiToken`,\n `lastTime`, `regTime`, `rank`\n ) VALUES (?, ?, ?, ?, NOW(), NOW(), ?)";
$sqlArr = array($uid, $this->uid, $passwd, $apiToken, $rank);
if (Mysql::execute($sql, $sqlArr)) {
$push = new \Hnust\Analyse\Push();
$push->add($uid, 1, '系统安全提示:', '您的密码过弱,请立即修改密码!', '#/user');
$this->msg = '成功添加网站用户';
$this->data = "新用户 {$uid} 的密码为 {$randPasswd}";
\Hnust\Utils\Wechat::createUser($uid);
} else {
$this->msg = '添加失败,数据库有误';
}
//解锁用户
} elseif ('unlock' === $type) {
$sql = 'UPDATE `user` SET `error` = 0 WHERE `uid` = ? LIMIT 1';
Mysql::execute($sql, array($uid));
$this->code = Config::RETURN_NORMAL;
//修改用户权限
} elseif ('change' === $type) {
$rank = \Hnust\input('rank');
if ($this->uid == $uid) {
return $this->msg = '不能修改自己的权限';
}
$sql = 'UPDATE `user` SET `rank` = ? WHERE `uid` = ? LIMIT 1';
Mysql::execute($sql, array($rank, $uid));
$this->code = Config::RETURN_NORMAL;
//重置用户密码
} elseif ('reset' === $type) {
$randPasswd = \Hnust\randStr(6);
$passwd = \Hnust\passwdEncrypt($uid, md5($randPasswd));
$sql = 'UPDATE `user` SET `passwd` = ?, `error` = 0 WHERE `uid` = ? LIMIT 1';
Mysql::execute($sql, array($passwd, $uid));
$this->msg = '重置密码成功';
$this->data = "已成功重置用户密码为{$randPasswd}";
//删除用户
} elseif ('delete' === $type) {
if ($uid == $this->uid) {
return $this->msg = '不能删除自己';
}
$sql = 'DELETE FROM `user` WHERE `uid` = ? LIMIT 1';
Mysql::execute($sql, array($uid));
\Hnust\Utils\Wechat::deleteUser($uid);
$this->msg = '删除成功';
//获取用户列表
} else {
$sql = "SELECT `u`.`uid`, `s1`.`name`, `s2`.`name` `inviter`,\n `u`.`webCount`, `u`.`wxCount`, `u`.`apiCount`,\n `u`.`error`, `u`.`rank`, `u`.`lastTime`, `u`.`regTime`,\n `wx`.`wid`, `wx`.`status` `wxStatus`,\n IF(`wx`.`time` IS NULL, '', `wx`.`time`) `wxTime`\n FROM `user` `u`\n LEFT JOIN `student` `s1` ON `s1`.`sid` = `u`.`uid`\n LEFT JOIN `student` `s2` ON `s2`.`sid` = `u`.`inviter`\n LEFT JOIN `weixin` `wx` ON `wx`.`uid` = `u`.`uid`";
$this->data = Mysql::execute($sql);
//计算用户状态
$maxError = Config::getConfig('max_passwd_error');
for ($i = 0; $i < count($this->data); $i++) {
$this->data[$i]['count'] = $this->data[$i]['webCount'] + $this->data[$i]['wxCount'] + $this->data[$i]['apiCount'];
if ('0' == $this->data[$i]['error']) {
$this->data[$i]['state'] = '正常';
} elseif ($maxError == $this->data[$i]['error']) {
$this->data[$i]['state'] = '冻结';
} else {
$this->data[$i]['state'] = "{$this->data[$i]['error']}次错误";
}
}
}
}
