<?php
if (!defined('ROOT')) {
exit('No direct script access allowed');
}
checkServiceSession();
loadHelpers("pwdhash");
if (!isset($_REQUEST["type"])) {
$_REQUEST["type"] = "";
}
if ($_REQUEST["type"] == "dialog") {
printDialog();
} elseif ($_REQUEST["type"] == "change") {
changePWD();
} elseif ($_REQUEST["type"] == "generate") {
loadHelpers("pwdgen");
$pwd = generatePasswordY(getConfig("PWD_MIN_LENGTH"), 3);
echo $pwd;
}
exit;
function changePWD()
{
$userid = $_SESSION["SESS_USER_ID"];
$tbl = _dbtable("users", true);
$sql1 = "SELECT pwd FROM {$tbl} WHERE userid='{$userid}'";
$r = _dbQuery($sql1, true);
$ra = _dbData($r);
if (!isset($ra[0])) {
$q = array("code" => "1", "msg" => "Error In Changing Password (1).");
echo json_encode($q);
exit;
function findPwd($method)
{
global $_MooClass, $dbTablePre, $_MooCookie, $userid;
//note 只给用户3次机会
if ($method) {
$_MooCookie['backpwdnum'] = $_MooCookie['backpwdnum'] ? $_MooCookie['backpwdnum'] : '';
MooSetCookie('backpwdnum', $_MooCookie['backpwdnum'] + 1, 85400);
if ($_MooCookie['backpwdnum'] >= 3) {
MooMessage('您今天操作次数过多,请明天再试', 'index.php', '02');
}
}
switch ($method) {
case 1:
$ToAddress = trim(MooGetGPC('email', 'string', 'P'));
//查找用户表,enky修改表名
$userMsg = $_MooClass['MooMySQL']->getOne("select uid,username,password from {$dbTablePre}members_search where username='******'", true);
if ($userMsg) {
//有此用户
//是否邮箱认证
//$ifmail = $_MooClass['MooMySQL']->$_MooClass['MooMySQL']->getOne("select telphone from {$dbTablePre}certification where uid='{$userMsg['uid']}'");
//没认证
//if(!$ifmail['telphone']){
$email = $userMsg['username'];
$password = $userMsg['password'];
$ToAddressMd5 = md5($ToAddress . '+' . $password);
//email和密码的md5
$QueryString = base64_encode($ToAddress . '|' . $ToAddressMd5 . '|' . time());
//url后的查询字符串
//$sql = "insert into ". $dbTablePre ."reset_password set username = '******'";
$sql = "insert into " . $dbTablePre . "reset_password set username = '******'";
$_MooClass['MooMySQL']->query($sql);
//记录数据库
$ToSubject = '真爱一生网提示:修改您的密码';
//note 发送邮件
if ($userMsg['nickname']) {
$ToBody = $userMsg['nickname'] . ':您好!<br>';
} else {
$ToBody = 'ID为' . $userMsg['uid'] . '会员:您好!<br>';
}
$ToBody .= " 因您在真爱一生网使用了找回密码功能,如果您忘记密码,请点击以下链接到真爱一生网,修改您的密码。";
$ToBody .= '<br> 提示:请在24小时内登陆真爱一生网,并在登陆后将密码修改为您容易记住的密码,如果您没有操作,无需理会此邮件。';
$ToBody .= "点击此链接修改密码:<a href='http://" . MOOPHP_HOST . "/index.php?n=myaccount&h=resetpwd&p=" . $QueryString . "'>http://" . MOOPHP_HOST . "/index.php?n=myaccount&h=resetpwd&p=" . $QueryString . "</a>";
if (sendMailByNow($ToAddress, $ToSubject, $ToBody)) {
MooMessage('修改密码地址已发送至邮箱,请尽快登录邮箱操作。', 'index.php');
} else {
MooMessage('数据操作失败,请重新找回密码', 'index.php?n=login&h=backpassword', '01');
}
//}
} else {
MooMessage('无此邮箱的会员', 'index.php?n=login&h=backpassword', '01');
}
break;
case 2:
//$umail = MooGetGPC('umail','string','P');
$phone = MooGetGPC('phone', 'string', 'P');
//判断手机号码是否符合规范
if (!preg_match('/^((1[35][\\d]{9})|(18[4689][\\d]{8}))$/', $phone)) {
MooMessage('您的手机号码不正确', 'index.php?n=login&h=backpassword', '01');
} else {
//查找用户表
$userMsg = $_MooClass['MooMySQL']->getOne("select m.telphone,m.uid,m.nickname from {$dbTablePre}members_search as m left join {$dbTablePre}certification as c on m.uid=c.uid where m.telphone='{$phone}' and m.is_lock = 1 limit 1", true);
if (!$userMsg) {
MooMessage('无使用此手机号码或绑定不正确', 'index.php?n=login&h=backpassword', '01');
} elseif ($userMsg['telphone'] == $phone) {
//改为新密码
$newpwd = changePWD($userMsg['uid']);
//发手机消息
if ($newpwd) {
$content = "您的新密码是:" . $newpwd . ",请妥善保管好您的帐号和密码!";
//$re = siooSendMsg($phone,$content);//希希奥信息发送手机短信接口
if (SendMsg($phone, $content, 1)) {
$time = time();
$_MooClass['MooMySQL']->query("INSERT INTO {$dbTablePre}smslog_sys (id,sid,uid,content,sendtime,type) values('','','{$userid}','重置密码','{$time}','重置密码')");
}
MooMessage('您好!新密码已发送至您的手机,转到登陆页面', 'index.php?n=login');
} else {
MooMessage('找回密码失败', 'index.php?n=login&h=backpassword', '01');
}
} else {
MooMessage('您的手机号码未通过验证,请用邮件方式取回密码', 'index.php?n=login&h=backpassword', '01');
}
}
break;
}
}
