/**
* 更新用户密码
* @return
*/
public function updatePassword()
{
$userinfo = $this->user->verify_credentials();
$password = array('id' => $userinfo['id'], 'pwd' => $this->input['password']);
if (!$password['id']) {
$this->errorOutput(OBJECT_NULL);
//返回0x0000代码
} else {
$salt = hg_generate_salt();
$pass = md5(md5($password['pwd']) . $salt);
$this->setXmlNode('userinfo', 'ID');
$sql = "UPDATE " . DB_PREFIX . "member SET \r\n\t\t\tpassword = '******',salt='" . $salt . "' \r\n\t\t\tWHERE id = " . $password['id'];
$this->db->query($sql);
$this->addItem($password['id']);
return $this->output();
}
}
public function update_pwd()
{
$verify_code = urldecode($this->input['verify_code']);
$sql = "select * from " . DB_PREFIX . "verify_code where type=1 and verify_code='" . $verify_code . "'";
$rt = $this->db->query_first($sql);
$this->setXmlNode('check', 'value');
$result['done'] = 0;
if ($rt) {
$salt = hg_generate_salt();
$password = md5(md5(trim($this->input['password'])) . $salt);
$id = $rt['user_id'];
$sql = "update " . DB_PREFIX . "member set password='******',salt='" . $salt . "' where id=" . $id;
$this->db->query($sql);
$sql = "delete from " . DB_PREFIX . "verify_code where type =1 and user_id=" . $id;
$this->db->query($sql);
$result['done'] = 1;
$result['name'] = $rt['user_name'];
}
$this->addItem($result);
$this->output();
}
public function reset_password()
{
$this->check_verifycode();
$verifycode = trim($this->input['verifycode']);
$member_name = trim($this->input['member_name']);
$password = trim($this->input['password']);
$type = isset($this->input['type']) ? intval($this->input['type']) : -1;
//验证码类型
$identifierUserSystem = new identifierUserSystem();
$identifier = $identifierUserSystem->setIdentifier((int) $this->input['identifier'])->checkIdentifier();
//多用户系统
if (!$verifycode) {
$this->errorOutput(VERIFY_NULL);
}
if (!$password) {
$this->errorOutput(NO_NEW_PASSWORD);
}
if ($type == '-1' && hg_check_email_format($member_name)) {
$member_type = 'email';
$type = 1;
} elseif ($type == '-1' && hg_verify_mobile($member_name)) {
$member_type = 'shouji';
$type = 0;
} else {
if ($type == 0) {
$member_type = 'shouji';
} else {
if ($type == 1) {
$member_type = 'email';
}
}
}
$condition = " AND platform_id = '" . $member_name . "' AND mb.type='{$member_type}' AND mb.identifier=" . $identifier . "";
$field = 'mb.member_id,platform_id,mb.type';
$bind_info = $this->mMember->get_bind_info($condition, $field);
$bind_info = $bind_info[0];
if (empty($bind_info)) {
$this->errorOutput(NO_MEMBER);
}
$data = array();
$data['member_id'] = $bind_info['member_id'];
//根据验证码修改密码、
if (!$type) {
if ($this->mSmsServer->get_verifycode_info($member_name, $verifycode)) {
//验证成功之后删除
$this->mSmsServer->mobile_verifycode_delete($member_name, $verifycode);
if ($this->settings['ucenter']['open']) {
$_member_name = $member_name;
$is_password = $this->mMember->uc_user_edit($_member_name, '', $password, '', 1);
}
if ($password && ($is_password >= 0 || !$this->settings['ucenter']['open'])) {
$salt = hg_generate_salt();
$data['salt'] = $salt;
$md5_password = md5(md5($password) . $salt);
$data['password'] = $md5_password;
} elseif ($password && ($is_password < 0 && $this->settings['ucenter']['open'])) {
$this->errorOutput('UC密码同步失败');
}
if ($this->mMember->update($data)) {
$bind_info['status'] = 1;
$this->addItem($bind_info);
$this->output();
}
} else {
$this->errorOutput(MOBILE_VERIFY_FAILED);
}
} else {
if ($this->memberverifycode->get_verifycode_info($member_name, $verifycode, $type, $action = 1)) {
//验证成功之后删除
$this->memberverifycode->verifycode_delete($member_name, $verifycode, $type, $action = 1);
if ($this->settings['ucenter']['open']) {
$_member_name = $member_name;
$is_password = $this->mMember->uc_user_edit($_member_name, '', $password, '', 1);
}
if ($password && ($is_password > 0 || !$this->settings['ucenter']['open'])) {
$salt = hg_generate_salt();
$data['salt'] = $salt;
$md5_password = md5(md5($password) . $salt);
$data['password'] = $md5_password;
} elseif ($password && ($is_password < 0 && $this->settings['ucenter']['open'])) {
$this->errorOutput('UC密码同步失败');
}
if ($this->mMember->update($data)) {
$bind_info['status'] = 1;
$this->addItem($bind_info);
$this->output();
}
} else {
$this->errorOutput(EMAIL_VERIFY_FAILED);
}
}
}
function updatepw($get, $post)
{
global $gDB;
if (!API_UPDATEPW) {
return API_RETURN_FORBIDDEN;
}
$username = $get['username'];
$salt = hg_generate_salt();
$newpw = md5(md5($get['password']) . $salt);
// $newpw = md5(time().rand(100000, 999999));
$sql = "UPDATE " . DB_PREFIX . "member SET password = '******', salt = '" . $salt . "' WHERE member_name = '" . $username . "'";
$gDB->query($sql);
return API_RETURN_SUCCEED;
}
/**
* 会员注册
* member_id 会员id
member_name 会员名
password 密码
salt 随机数
type 会员类型
type_name 会员类型名
avatar 头像
signature 个性签名
appid 应用id
appname 应用名
create_time 注册时间
update_time 更新时间
ip 注册ip
*
* $appid
* $appkey
* $callback
*
* $mobile_verifycode
*
* 绑定表
* member_id 会员id
platform_id 第三方平台会员id char
nick_name 昵称
type 会员类型
type_name 会员类型名称
avatar_url 头像地址
bind_time 绑定时间
bind_ip 绑定ip
*
* 返回
* member_id
* member_name
* type
* avatar
* access_token
*/
public function register()
{
try {
$this->check_verifycode();
//验证码
$this->oldtype = $this->type = trim($this->input['type']);
$member_name = $this->checkRegMemberName();
$this->checkRegType();
$this->checkRegMemberNameError();
$password = trim($this->input['password']);
$identifierUserSystem = new identifierUserSystem();
$identifier = $identifierUserSystem->setIdentifier((int) $this->input['identifier'])->checkIdentifier();
//多用户系统
if (empty($this->type)) {
$this->errorOutput(NO_MEMBER_TYPE);
}
$platformInfo = $this->Members->get_platform_name($this->type);
if (empty($platformInfo)) {
$this->errorOutput(REG_MEMBER_TYPE_ERROR);
} else {
if (!$platformInfo['status']) {
$this->errorOutput(REG_MEMBER_TYPE_CLOSE);
}
}
$type_name = $platformInfo['name'];
$signature = trim($this->input['signature']);
$ip = hg_getip();
$appid = intval($this->input['appid']);
$appkey = trim($this->input['appkey']);
$platform_id = '';
$mobile_verifycode = trim($this->input['mobile_verifycode']);
$email = trim($this->input['email']);
$reg_mail = $this->Members->check_reg_mail($email, 0, $identifier);
if ($reg_mail == -4) {
$this->errorOutput(EMAIL_FORMAT_ERROR);
} elseif ($reg_mail == -5) {
$this->errorOutput(EMAIL_NO_REGISTER);
} elseif ($reg_mail == -6) {
$this->errorOutput(EMAIL_HAS_BINDED);
}
$this->type == 'email' && $this->checkEmailVerifyCode($member_name);
$this->type != 'email' && $email && $this->checkEmailVerifyCode($email);
$_mobile = trim($this->input['mobile']);
//简单验证手机号格式
if ($_mobile && !hg_verify_mobile($_mobile)) {
$this->errorOutput(MOBILE_NUMBER_FORMAT_ERROR);
} else {
if ($_mobile && (isset($this->input['mobile_verifycode']) || defined('NO_VERIFY_MOBILEBIND') && NO_VERIFY_MOBILEBIND)) {
$check_bind = new check_Bind();
if ($check_bind->checkmembernamereg($_mobile, $identifier)) {
$this->errorOutput(MOBILE_REG_BIND);
}
}
}
if ($this->type != 'shouji' && $_mobile && isset($this->input['mobile_verifycode'])) {
//验证码
$verifycode = $this->mSmsServer->get_verifycode_info($_mobile, $mobile_verifycode);
if (empty($verifycode)) {
$this->errorOutput(VERIFY_FAILED);
}
//删除验证码
$this->mSmsServer->mobile_verifycode_delete($_mobile, $mobile_verifycode);
if (TIMENOW > $verifycode['create_time'] + VERIFYCODE_EXPIRED_TIME) {
$this->errorOutput(VERIFY_EXPIRED);
}
$this->ismobileverify = 1;
} else {
if ($this->type != 'shouji' && $_mobile && defined('NO_VERIFY_MOBILEBIND') && NO_VERIFY_MOBILEBIND) {
$this->ismobileverify = 1;
}
}
$device_token = $this->Members->check_device_token(trim($this->input['device_token']));
if ($device_token === 0) {
$this->errorOutput(ERROR_DEVICE_TOKEN);
}
$udid = $this->Members->check_udid(trim($this->input['uuid']));
if ($udid === 0) {
$this->errorOutput(ERROR_UDID);
}
//验证设备号和ip是否在黑名单
if ($udid) {
$device_res = $this->Blacklist->detailDeviceBlacklist(array('device_token' => $udid, 'identifier' => $identifier));
if ($device_res[0]['deadline'] == -1 && $device_res[0]['type'] == 2) {
$this->errorOutput(DEVICE_BLACKLIST_FOREVER);
} elseif ($device_res[0]['deadline'] == -1) {
$this->errorOutput(DEVICE_BLACKLIST);
}
}
if ($ip) {
$ip_res = $this->Blacklist->detailIpBlacklist(array('ip' => ip2long($ip), 'identifier' => $identifier));
if ($ip_res[0]['deadline'] == -1 && $ip_res[0]['type'] == 2) {
$this->errorOutput(IP_BLACKLIST_FOREVER);
} elseif ($ip_res[0]['deadline'] == -1) {
$this->errorOutput(IP_BLACKLIST);
}
}
//密码
if (!$password) {
$this->errorOutput(NO_PASSWORD);
}
//验证手机验证码
if ($this->type == 'shouji') {
$check_bind = new check_Bind();
if ($check_bind->checkmembernamereg($member_name, $identifier)) {
$this->errorOutput(MOBILE_REG_BIND);
}
$platform_id = $mobile = $member_name;
$_mobile = $mobile ? $mobile : $_mobile;
//简单验证手机号格式
if (!hg_verify_mobile($mobile)) {
$this->errorOutput(MOBILE_NUMBER_FORMAT_ERROR);
}
if (!$mobile_verifycode) {
$this->errorOutput(MOBILE_NOT_VERIFY);
}
//验证码
$verifycode = $this->mSmsServer->get_verifycode_info($mobile, $mobile_verifycode);
if (empty($verifycode)) {
$this->errorOutput(VERIFY_FAILED);
}
//删除验证码
$this->mSmsServer->mobile_verifycode_delete($mobile, $mobile_verifycode);
if (TIMENOW > $verifycode['create_time'] + VERIFYCODE_EXPIRED_TIME) {
$this->errorOutput(VERIFY_EXPIRED);
}
}
//如果是m2o注册类型屏蔽字检测
if ($this->settings['App_banword']) {
include ROOT_PATH . 'lib/class/banword.class.php';
$banword = new banword();
$signature_banword = $banword->exists($signature);
if ($signature_banword && is_array($signature_banword)) {
$this->errorOutput(SIGNATURE_INVALID);
}
}
if ($this->type == 'm2o' && $this->settings['App_banword']) {
$member_name_banword = $banword->exists($member_name);
if ($member_name_banword && is_array($member_name_banword)) {
$this->errorOutput(MEMBER_NAME_INVALID);
}
}
//头像
$avatar = array();
if (isset($this->input['avatar']) && $_FILES['avatar']['tmp_name']) {
$avatar = $_FILES['avatar'];
}
//验证会员名
$ret_verify = $this->mMember->verify_member_name($member_name, 0, $identifier, $type);
switch ($ret_verify) {
case -1:
$this->errorOutput(MEMBER_NAME_ILLEGAL);
break;
case -2:
$this->errorOutput(PROHIBITED_WORDS);
break;
case -3:
$this->errorOutput(UC_MEMBER_NAME_REGISTER);
break;
case -4:
$this->errorOutput(MEMBER_NAME_EXCEEDS_MAX);
break;
case -5:
$this->errorOutput(USERNAME_BELOW_MINIMUM);
break;
case -6:
$this->errorOutput(MEMBER_NAME_ERROR);
break;
case -7:
$this->errorOutput(MEMBER_NAME_REGISTER);
break;
default:
break;
}
//随机串
$salt = hg_generate_salt();
//密码md5
$md5_password = md5(md5($password) . $salt);
$groupInfo = $this->Members->checkgroup_credits(0);
$gradeInfo = $this->Members->checkgrade_credits(0);
$data = array('member_name' => $member_name, 'password' => $md5_password, 'salt' => $salt, 'type' => $this->type, 'type_name' => $type_name, 'gid' => $groupInfo['gid'], 'gradeid' => $gradeInfo['gradeid'], 'signature' => $signature, 'mobile' => $_mobile, 'email' => $email, 'status' => $this->settings['member_status'], 'identifier' => $identifier, 'appid' => $this->user['appid'], 'appname' => $this->user['display_name'], 'create_time' => TIMENOW, 'update_time' => TIMENOW, 'ip' => $ip, 'guid' => guid(), 'reg_device_token' => $device_token, 'reg_udid' => $udid);
//入ucenter
$inuc = 0;
if ($this->type == 'm2o' && $this->settings['ucenter']['open'] && !$identifier) {
//邮箱 m2o类型必须传入email
if (!$email) {
$this->errorOutput(NO_EMAIL);
}
$virtual_email = $email;
//忽略返回值
$reinfo = $this->uc_register(array('member_name' => $data['member_name'], 'password' => $password, 'email' => $virtual_email));
$inuc = $reinfo['member_id'];
}
//会员数据入库
$ret = $this->mMember->create($data);
if (!$ret['member_id']) {
$this->errorOutput(MEMBER_DATA_ADD_FAILED);
}
$member_id = $ret['member_id'];
//编辑扩展信息 #@param platformMark 平台标示
if ($this->input['platformMark'] && $this->input['platformMark'] == 'dingdone' && $this->input['identifier']) {
//为叮当注册根据app配置不同的扩展信息
$this->mMemberInfo->extension_editByApp($member_id, $this->input['member_info'], $this->input['identifier'], $_FILES);
} else {
$this->mMemberInfo->extension_edit($member_id, $this->input['member_info'], $_FILES);
}
//获取扩展信息
$extension = $this->getExtensionInfo($member_id, $identifier);
if (!$identifier) {
$invite_user = new invite();
$id = $this->input['invite_id'] ? $this->input['invite_id'] : 0;
//邀请码id
$invite_code = $this->input['invite_code'] ? $this->input['invite_code'] : $member_name;
//如果未传邀请码则已用户名为邀请码去邀请数据库查询是否存在邀请信息,目前仅支持手机注册类型用户名;
$invite = $invite_user->invite_rules($member_id, $invite_code, $id);
//邀请用户处理
$this->invite_error($invite);
}
//uc打开平台id为uc 否则为自身id
if ($this->type == 'm2o') {
$platform_id = $this->settings['ucenter']['open'] && $reinfo['member_id'] > 0 && !$identifier ? $reinfo['member_id'] : $member_id;
} elseif ($this->type == 'email') {
$platform_id = $member_name;
}
$data['member_id'] = $member_id;
//绑定表
$bind_data = array('member_id' => $member_id, 'platform_id' => $platform_id, 'nick_name' => $member_name, 'type' => $this->type, 'type_name' => $type_name, 'bind_time' => TIMENOW, 'bind_ip' => $ip, 'inuc' => $inuc, 'is_primary' => 1, 'identifier' => $identifier, 'reg_device_token' => $device_token, 'reg_udid' => $udid);
$ret_bind = $this->mMember->bind_create($bind_data);
if (empty($ret_bind)) {
$this->errorOutput(BIND_DATA_ADD_FAILED);
}
$this->registerCreditRules($member_id);
//注册相关积分规则
//如果注册时填写邮箱则可以同时入绑定表
if ($data['email']) {
if ($this->type != 'email' && $this->isemailverify) {
$_bind_data = $bind_data;
$_bind_data['platform_id'] = $data['email'];
$_bind_data['is_primary'] = 0;
$_bind_data['type'] = 'email';
$_bind_data['type_name'] = '邮箱';
$_ret_bind = $this->mMember->bind_create($_bind_data);
if (empty($_ret_bind)) {
$this->errorOutput(BIND_DATA_ADD_FAILED);
}
unset($_bind_data, $_ret_bind);
}
}
if ($data['mobile']) {
if ($this->type != 'shouji' && $this->ismobileverify) {
$_bind_data = $bind_data;
$_bind_data['platform_id'] = $data['mobile'];
$_bind_data['is_primary'] = 0;
$_bind_data['type'] = 'shouji';
$_bind_data['type_name'] = '手机';
$_ret_bind = $this->mMember->bind_create($_bind_data);
if (empty($_ret_bind)) {
$this->errorOutput(BIND_DATA_ADD_FAILED);
}
unset($_bind_data, $_ret_bind);
}
}
//头像入库
if (!empty($avatar)) {
$avatar = $this->mMember->add_material($avatar, $member_id);
if (!empty($avatar)) {
$update_data = array('member_id' => $member_id, 'avatar' => daddslashes(serialize($avatar)));
$ret_updata = $this->mMember->update($update_data);
if (!$ret_updata['member_id']) {
$this->errorOutput(AVATAR_ADD_FAILED);
}
}
} else {
$avatar_url = $this->input['avatar_url'] ? trim($this->input['avatar_url']) : '';
if ($avatar_url) {
$avatar = $this->mMember->local_material($avatar_url, $member_id);
if (!empty($avatar)) {
$update_data = array('member_id' => $member_id, 'avatar' => daddslashes(serialize($avatar)));
$ret_updata = $this->mMember->update($update_data);
if (!$ret_updata['member_id']) {
$this->errorOutput(AVATAR_ADD_FAILED);
}
}
}
}
//到auth接口取access_token
$callback = 'http://' . $this->settings['App_members']['host'] . '/' . $this->settings['App_members']['dir'] . 'login.php?a=verify_member&appid=' . $appid . '&appkey=' . $appkey;
$encryptPassword = urlencode(passport_encrypt($password, CUSTOM_APPKEY));
$auth_data = array('user_name' => $member_name, 'appid' => $appid, 'appkey' => $appkey, 'ip' => $ip, 'verify_user_cb' => $callback, 'extend' => 'platform_id=' . $platform_id . '&password='******'&encrypt=1&type=' . $this->type . '&identifier=' . $identifier);
$auth = $this->mMember->get_access_token($auth_data);
if (!$auth['token']) {
$this->errorOutput(MEMBERS_LOGIN_ERROR);
}
$return = array('member_id' => $member_id, 'member_name' => $ret['member_name'], 'nick_name' => $auth['nick_name'], 'platform_id' => $auth['platform_id'], 'inuc' => $auth['inuc'] ? $auth['inuc'] : 0, 'type' => $this->type, 'type_name' => $auth['type_name'], 'avatar' => $avatar, 'access_token' => $auth['token'], 'guid' => $auth['guid'], 'gid' => $auth['gid'], 'gradeid' => $auth['gradeid'], 'copywriting_credit' => $auth['copywriting_credit'], 'copywriting' => $auth['copywriting'], 'signature' => $auth['signature'], 'mobile' => $auth['mobile'], 'email' => $auth['email'], 'isVerify' => $auth['isVerify'], 'isComplete' => $auth['isComplete'], 'identifier' => $auth['identifier'], 'last_login_device' => $auth['last_login_device']);
if ($extension) {
$return['extension'] = $extension;
}
//会员痕迹
$member_trace_data = array('member_id' => $member_id, 'member_name' => $member_name, 'content_id' => $member_id, 'title' => $member_name, 'type' => 'register', 'op_type' => '注册', 'appid' => $this->user['appid'], 'appname' => $this->user['display_name'], 'create_time' => TIMENOW, 'ip' => hg_getip(), 'device_token' => $device_token, 'udid' => $udid);
$this->mMember->member_trace_create($member_trace_data);
//记录登陆信息
$loginInfoRecord = array('last_login_device' => $member_trace_data['device_token'], 'final_login_time' => $member_trace_data['create_time'], 'last_login_time' => $member_trace_data['create_time'], 'last_login_udid' => $member_trace_data['udid']);
$this->mMember->loginInfoRecord($return['member_id'], $loginInfoRecord);
$return = hg_mermber2members_compatible(array('member_name' => 'nick_name', 'access_token' => 'token'), $return, false);
$this->addItem($return);
$this->output();
} catch (Exception $e) {
$this->errorOutput($e->getMessage(), $e->getCode());
}
}
function update_password()
{
$id = intval($this->input['id']);
$sql = 'SELECT password,salt FROM ' . DB_PREFIX . 'admin WHERE id = ' . $id;
$userinfo = $this->db->query_first($sql);
if (!$userinfo) {
$this->errorOutput(NOID);
}
$password = '';
$password = trim($this->input['password']);
$password_again = trim($this->input['password_again']);
$oldpass = trim($this->input['old_password']);
$data = array();
if ($password) {
if (!$oldpass || $userinfo['password'] != md5(md5(trim($oldpass)) . $userinfo['salt'])) {
$this->addItem(array('error' => -1));
$this->output();
}
$salt = '';
$salt = hg_generate_salt();
$password = md5(md5(trim($password)) . $salt);
$data = array('password' => $password, 'salt' => $salt, 'update_time' => TIMENOW);
}
if ($_FILES['Filedata']) {
$material = $this->uploadToPicServer($_FILES, intval($this->input['id']));
if ($material) {
$avatar = array('host' => $material['host'], 'dir' => $material['dir'], 'filepath' => $material['filepath'], 'filename' => $material['filename']);
$data['avatar'] = addslashes(serialize($avatar));
$data['update_time'] = TIMENOW;
}
}
if (!empty($data)) {
$sql = 'UPDATE ' . DB_PREFIX . 'admin SET ';
foreach ($data as $k => $v) {
$sql .= '`' . $k . '`="' . $v . '",';
}
$sql = rtrim($sql, ',');
$sql = $sql . ' WHERE id = ' . $this->user['user_id'];
$this->db->query($sql);
$this->addItem($data);
}
$this->output();
}
/**
*
* 补充新浪绑定,QQ绑定等第三方绑定信息为正常M2O账号 ...
* 目的是为了解决 新浪、QQ等第三方平台首次直接登陆系统后,资料信息不完善问题
*/
public function supplementaryBindInfo()
{
try {
$identifierUserSystem = new identifierUserSystem();
$identifier = $identifierUserSystem->setIdentifier((int) $this->input['identifier'])->checkIdentifier();
//多用户系统
$member_name = $this->input['member_name'];
$nick_name = $this->input['nick_name'];
if (empty($member_name)) {
$this->errorOutput(NO_MEMBER_NAME);
}
//如果是m2o注册类型屏蔽字检测
if ($this->settings['App_banword']) {
include ROOT_PATH . 'lib/class/banword.class.php';
$banword = new banword();
$member_name_banword = $banword->exists($member_name);
if ($member_name_banword && is_array($member_name_banword)) {
$this->errorOutput(MEMBER_NAME_INVALID);
}
}
switch ($this->mMember->verify_member_name($member_name, $user_id, $identifier)) {
case -1:
$this->errorOutput(MEMBER_NAME_ILLEGAL);
break;
case -2:
$this->errorOutput(PROHIBITED_WORDS);
break;
case -3:
$this->errorOutput(UC_MEMBER_NAME_REGISTER);
break;
case -4:
$this->errorOutput(MEMBER_NAME_EXCEEDS_MAX);
break;
case -5:
$this->errorOutput(USERNAME_BELOW_MINIMUM);
break;
case -6:
$this->errorOutput(MEMBER_NAME_ERROR);
break;
case -7:
$this->errorOutput(MEMBER_NAME_REGISTER);
break;
default:
break;
}
$mobile_verifycode = trim($this->input['mobile_verifycode']);
$email_verifycode = trim($this->input['email_verifycode']);
$email = $this->input['email'];
if (empty($email)) {
$this->errorOutput(NO_EMAIL);
}
$reg_mail = $this->Members->check_reg_mail($email, 0, $identifier);
if ($reg_mail == -4) {
$this->errorOutput(EMAIL_FORMAT_ERROR);
} elseif ($reg_mail == -5) {
$this->errorOutput(EMAIL_NO_REGISTER);
} elseif ($reg_mail == -6) {
$this->errorOutput(EMAIL_HAS_BINDED);
}
if ($email && isset($this->input['email_verifycode'])) {
if ($this->memberverifycode->get_verifycode_info($email, $email_verifycode, 1, $action = 1)) {
//验证成功之后删除
$this->memberverifycode->verifycode_delete($member_name, $email_verifycode, 1, $action = 1);
} else {
$this->errorOutput(VERIFY_FAILED);
}
$this->isemailverify = 1;
}
$mobile = $this->input['mobile'];
//简单验证手机号格式
if ($mobile && !hg_verify_mobile($mobile)) {
$this->errorOutput(MOBILE_NUMBER_FORMAT_ERROR);
} else {
if ($mobile && (isset($this->input['mobile_verifycode']) || defined('NO_VERIFY_MOBILEBIND') && NO_VERIFY_MOBILEBIND)) {
$check_bind = new check_Bind();
if ($check_bind->checkmembernamereg($mobile, $identifier)) {
$this->errorOutput(MOBILE_REG_BIND);
}
}
}
if ($mobile && isset($this->input['mobile_verifycode'])) {
//验证码
$verifycode = $this->mSmsServer->get_verifycode_info($mobile, $mobile_verifycode);
if (empty($verifycode)) {
$this->errorOutput(VERIFY_FAILED);
}
//删除验证码
$this->mSmsServer->mobile_verifycode_delete($mobile, $mobile_verifycode);
if (TIMENOW > $verifycode['create_time'] + VERIFYCODE_EXPIRED_TIME) {
$this->errorOutput(VERIFY_EXPIRED);
}
$this->ismobileverify = 1;
}
$password = $this->input['password'];
$user_id = $this->user['user_id'];
if (!$user_id) {
$this->errorOutput(NO_MEMBER_ID);
}
$cond = ' AND member_id = ' . $user_id;
$memberInfo = $this->Members->get_member_info($cond);
if (!$memberInfo) {
$this->errorOutput(NO_MEMBER);
}
if ($memberInfo['type'] == 'm2o' || $memberInfo['type'] == 'uc') {
$this->errorOutput(UPDATEM2O);
}
$updateMemberInfo['member_id'] = $user_id;
$updateMemberInfo['type'] = 'm2o';
$updateMemberInfo['type_name'] = 'M2O';
$updateMemberInfo['member_name'] = $member_name;
if (empty($password)) {
$this->errorOutput(NO_PASSWORD);
}
$salt = hg_generate_salt();
$updateMemberInfo['salt'] = $salt;
$md5_password = md5(md5($password) . $salt);
$updateMemberInfo['password'] = $md5_password;
$email && ($updateMemberInfo['email'] = $email);
$mobile && ($updateMemberInfo['mobile'] = $mobile);
$this->mMember->update($updateMemberInfo);
$membersql = new membersql();
$this->mMember->bind_update(array('is_primary' => 0), $membersql->where(array('member_id' => $memberInfo['member_id'], 'type' => $memberInfo['type'])));
$platform_id = $user_id;
$inuc = 0;
if (!$identifier && $this->settings['ucenter']['open']) {
$register_data = array('member_name' => $member_name, 'password' => $password, 'email' => $email);
$registerInfo = $this->mMember->uc_register($register_data);
if ($registerInfo['member_id'] > 0) {
$inuc = $platform_id = $registerInfo['member_id'];
}
}
//M2O绑定关系
$bind_data = array('member_id' => $user_id, 'platform_id' => $platform_id, 'nick_name' => $nick_name, 'type' => 'm2o', 'type_name' => 'M2O', 'bind_time' => TIMENOW, 'bind_ip' => hg_getip(), 'inuc' => $inuc, 'is_primary' => 1, 'identifier' => $identifier, 'reg_device_token' => 'www', 'reg_udid' => $udid);
$ret_bind = $this->mMember->bind_create($bind_data);
//如果注册时填写邮箱则可以同时入绑定表
if ($email) {
if ($this->isemailverify || defined('NO_VERIFY_EMAILBIND') && NO_VERIFY_EMAILBIND) {
$_bind_data = $bind_data;
$_bind_data['platform_id'] = $email;
$_bind_data['is_primary'] = 0;
$_bind_data['type'] = 'email';
$_bind_data['type_name'] = '邮箱';
$_ret_bind = $this->mMember->bind_create($_bind_data);
if (empty($_ret_bind)) {
$this->errorOutput(BIND_DATA_ADD_FAILED);
}
unset($_bind_data, $_ret_bind);
}
}
if ($mobile) {
if ($this->ismobileverify || defined('NO_VERIFY_MOBILEBIND') && NO_VERIFY_MOBILEBIND) {
$_bind_data = $bind_data;
$_bind_data['platform_id'] = $mobile;
$_bind_data['is_primary'] = 0;
$_bind_data['type'] = 'shouji';
$_bind_data['type_name'] = '手机';
$_ret_bind = $this->mMember->bind_create($_bind_data);
if (empty($_ret_bind)) {
$this->errorOutput(BIND_DATA_ADD_FAILED);
}
unset($_bind_data, $_ret_bind);
}
}
if ($inuc) {
$_updateBind = array('inuc' => $inuc);
$this->mMember->bind_update($_updateBind, ' WHERE member_id = ' . $user_id);
}
$this->addItem($bind_data);
$this->output();
} catch (Exception $e) {
$this->errorOutput($e->getMessage(), $e->getCode());
}
}
function updatepw($get, $post)
{
if (!API_UPDATEPW) {
return API_RETURN_FORBIDDEN;
}
$username = $get['username'];
$password = $get['password'];
$salt = hg_generate_salt();
$pass = md5(md5($password) . $salt);
$this->db->query('UPDATE ' . DB_PREFIX . "user set salt='{$salt}',password='******' WHERE username = '******'");
return API_RETURN_SUCCEED;
}
public function imgdata2pic($imgdata, $app_bundle, $type = 'png')
{
if (empty($imgdata)) {
return false;
}
$info = array('host' => hg_getimg_host(), 'dir' => app_to_dir($app_bundle), 'filepath' => date('Y', TIMENOW) . '/' . date('m', TIMENOW) . '/', 'filename' => md5(hg_generate_salt(4) . TIMENOW) . '.' . $type);
$img_dir = hg_getimg_dir() . $info['dir'] . $info['filepath'];
if (!hg_mkdir($img_dir) || !is_writeable($img_dir)) {
$this->errorOutput($img_dir . '目录不可写');
}
$imgdata = str_replace('data:image/png;base64,', '', $imgdata);
$imgdata = strpos($imgdata, 'data:') !== false ? $imgdata : base64_decode($imgdata);
hg_file_write($img_dir . $info['filename'], $imgdata);
return $info;
}
public function change_pwd()
{
$db = hg_ConnectDB();
$username = trim($this->input['username']);
$old_password = trim($this->input['old_password']);
$password = trim($this->input['password']);
$admin_id = intval($this->input['admin_id']);
if (!$old_password || !$password || !$admin_id) {
$this->addItem(array('error' => 1, 'msg' => '参数缺失'));
$this->output();
}
//验证旧密码
$sql = "SELECT password,salt FROM " . DB_PREFIX . "admin WHERE id = " . $admin_id . " AND user_name = '" . $username . "'";
$q = $db->query_first($sql);
$salt = hg_generate_salt();
if ($this->input['md5once']) {
$password = md5($password . $salt);
$old_password = md5($old_password . $q['salt']);
} else {
$password = md5(md5($password) . $salt);
$old_password = md5(md5($old_password) . $q['salt']);
}
if ($old_password != $q['password']) {
$this->addItem(array('error' => 1, 'msg' => '原始密码有误'));
$this->output();
}
$data = array('password' => $password, 'salt' => $salt, 'update_time' => TIMENOW, 'forced_change_pwd' => 0);
$re = $db->update_data($data, 'admin', 'id=' . $admin_id);
if ($re) {
$ret = array('error' => 0, 'msg' => 'success');
} else {
$ret = array('error' => 1, 'msg' => '修改失败');
}
$this->addItem($ret);
$this->output();
}
public function update()
{
if (!intval($this->input['id'])) {
$this->errorReturn('id不存在');
}
if (!trim($this->input['user_name'])) {
$this->errorReturn('请填写用户名称');
}
$sql = 'SELECT * FROM ' . DB_PREFIX . 'admin WHERE id = ' . intval($this->input['id']);
$admin_info = $this->db->query_first($sql);
if (!$admin_info) {
$this->errorReturn('用户信息不存在!');
}
$password = '';
$password = trim($this->input['password']);
if (empty($password)) {
$data = array('id' => intval($this->input['id']), 'admin_role_id' => $this->input['admin_role_id'] ? implode(',', $this->input['admin_role_id']) : "", 'father_org_id' => intval($this->input['father_org_id']), 'user_name' => trim(urldecode($this->input['user_name'])), 'update_time' => TIMENOW);
} else {
$salt = '';
$salt = hg_generate_salt();
$password = md5(md5(trim($this->input['password'])) . $salt);
$data = array('id' => intval($this->input['id']), 'admin_role_id' => $this->input['admin_role_id'] ? implode(',', $this->input['admin_role_id']) : "", 'father_org_id' => intval($this->input['father_org_id']), 'user_name' => trim(urldecode($this->input['user_name'])), 'update_time' => TIMENOW, 'password' => $password, 'salt' => $salt);
}
//检测修改后的角色是否比自己大
if ($this->user['group_type'] > MAX_ADMIN_TYPE) {
$temp1 = array_diff(explode(',', $data['admin_role_id']), explode(',', $admin_info['admin_role_id']));
$temp2 = array_diff(explode(',', $admin_info['admin_role_id']), explode(',', $data['admin_role_id']));
$temp = array_filter(array_merge($temp1, $temp2));
if (!empty($temp)) {
if (min($temp) <= MAX_ADMIN_TYPE) {
$this->errorReturn('没有权限');
}
}
} else {
$temp1 = array_diff(explode(',', $data['admin_role_id']), explode(',', $admin_info['admin_role_id']));
$temp2 = array_diff(explode(',', $admin_info['admin_role_id']), explode(',', $data['admin_role_id']));
$temp = array_filter(array_merge($temp1, $temp2));
if (!empty($temp)) {
if (min($temp) < $this->user['group_type']) {
$this->errorReturn('没有权限');
}
}
}
$material = $this->input['avatar'];
if ($material) {
$avatar = array('host' => $material['host'], 'dir' => $material['dir'], 'filepath' => $material['filepath'], 'filename' => $material['filename']);
$data['avatar'] = addslashes(serialize($avatar));
}
$sql = "UPDATE " . DB_PREFIX . "admin SET ";
foreach ($data as $k => $v) {
$sql .= "`" . $k . "`='" . $v . "',";
}
$sql = rtrim($sql, ',');
$sql = $sql . " WHERE id = " . $this->input['id'];
$this->db->query($sql);
$data['avatar'] = $avatar ? $avatar : '';
$this->addItem($data);
$this->output();
}
/**
* 会员登录
* $member_name
* $password
* $type
* $type_name
* $appid
* $appkey
*
* 返回
* member_id
* member_name
* type
* avatar
* access_token
*
* 绑定表
* member_id 会员id
platform_id 第三方平台会员id char
nick_name 昵称
type 会员类型
type_name 会员类型名称
avatar_url 头像地址
bind_time 绑定时间
bind_ip 绑定ip
*/
public function login()
{
try {
$member_name = $this->checkUserName(trimall($this->input['member_name']));
$password = trim($this->input['password']);
$ip = hg_getip();
$type = $this->input['type'];
$this->checkLoginTypeSwitch();
$this->checkLoginTypeError($member_name, $type);
$this->checkLoginPassword($password, $type);
$this->check_verifycode($type);
//验证码
$_type = '';
//防止本地M2O同步至UC后,再次验证本地密码BUG。
$platform_id = trim($this->input['platform_id']);
$identifierUserSystem = new identifierUserSystem();
$identifier = $identifierUserSystem->setIdentifier((int) $this->input['identifier'])->checkIdentifier();
//多用户系统
$appid = intval($this->input['appid']);
$appkey = trim($this->input['appkey']);
$device_token = $this->Members->check_device_token(trim($this->input['device_token']));
$udid = $this->Members->check_udid(trim($this->input['uuid']));
//唯一设备号
if ($device_token === 0) {
$this->errorOutput(ERROR_DEVICE_TOKEN);
}
if ($udid === 0) {
$this->errorOutput(ERROR_UDID);
}
//验证设备号和ip是否在黑名单
if ($udid) {
$device_res = $this->Blacklist->detailDeviceBlacklist(array('device_token' => $udid, 'identifier' => $identifier));
if ($device_res[0]['deadline'] == -1 && $device_res[0]['type'] == 2) {
$this->errorOutput(DEVICE_BLACKLIST_FOREVER);
} elseif ($device_res[0]['deadline'] == -1) {
$this->errorOutput(DEVICE_BLACKLIST);
}
}
if ($ip) {
$ip_res = $this->Blacklist->detailIpBlacklist(array('ip' => ip2long($ip), 'identifier' => $identifier));
if ($ip_res[0]['deadline'] == -1 && $ip_res[0]['type'] == 2) {
$this->errorOutput(IP_BLACKLIST_FOREVER);
} elseif ($ip_res[0]['deadline'] == -1) {
$this->errorOutput(IP_BLACKLIST);
}
}
//登陆类型 shouji、sina、txweibo、qq、renren、douban
if (!$type) {
$this->errorOutput(NO_EXTERNAL_TYPE);
}
if ($type == 'uc' && $identifier) {
$this->input['type'] = '';
$this->checkUserName($member_name, 1);
$this->input['type'] && ($type = $this->input['type']);
}
if ($type == 'm2o' && $this->settings['ucenter']['open'] && !$identifier) {
$check_login = $this->oAuthUc(true, true);
//修复手机端传m2o类型,但是帐号属于UC类型,登陆失败问题
if ($check_login > 0) {
$type = 'uc';
}
}
if ($type == 'uc' && $this->settings['ucenter']['open'] && !$identifier) {
$uc_user = $this->oAuthUc(true);
if ($uc_user['user_id'] == -1) {
$type = 'm2o';
}
} elseif ($type == 'uc' && !$this->settings['ucenter']['open'] && !$identifier) {
$this->errorOutput(UC_LOGIN_ERROR);
}
$check_Bind = new check_Bind();
//所有类型的邮箱登陆
if ($member_name && $type == 'email') {
$platform_id = $platform_id ? $platform_id : $member_name;
if (!$check_Bind->bind_to_memberid($member_name, $type, true, $identifier)) {
$this->errorOutput(LOGIN_NOMEMBER_ERROR);
}
} else {
if ($type == 'shouji') {
//会员名
if (!$member_name) {
$this->errorOutput(NO_MEMBER_NAME);
}
$platform_id = $platform_id ? $platform_id : $member_name;
if (!$check_Bind->bind_to_memberid($member_name, $type, true, $identifier)) {
$this->errorOutput(LOGIN_NOMEMBER_ERROR);
}
} else {
if ($type == 'm2o') {
$is_mobile_login = false;
$where = ' AND member_name="' . $member_name . '" AND type="m2o" AND identifier = \'' . $identifier . '\'';
$sql = 'SELECT member_id FROM ' . DB_PREFIX . 'member WHERE 1';
$memberinfo = $this->db->query_first($sql . $where);
if (!$memberinfo) {
if (hg_verify_mobile($member_name)) {
$where = ' AND member_name=\'' . $member_name . '\' AND type=\'shouji\' AND identifier = \'' . $identifier . '\'';
$memberinfo = $this->db->query_first($sql . $where);
if ($memberinfo) {
$type = 'shouji';
$platform_id = $check_Bind->check_uc($memberinfo['member_id'], $type);
//修复同步UC后,登陆密码错误的bug
$platform_id = $platform_id ? $platform_id : $member_name;
}
if (empty($memberinfo)) {
$type = 'shouji';
$member_id = $check_Bind->bind_to_memberid($member_name, $type, true, $identifier);
if ($member_id) {
$memberinfo = array('member_id' => $member_id);
$platform_id = $member_name;
}
}
}
$memberinfo ? $memberinfo : $this->errorOutput(LOGIN_NOMEMBER_ERROR);
}
if ($type != 'shouji') {
$bindinfo = $this->db->query_first('SELECT inuc FROM ' . DB_PREFIX . 'member_bind WHERE member_id=' . $memberinfo['member_id'] . ' AND type="m2o"');
$platform_id = $bindinfo['inuc'] ? $bindinfo['inuc'] : $memberinfo['member_id'];
}
} else {
//新浪微博、腾讯微博、QQ、人人网、豆瓣 uc等
$nick_name = trimall($this->input['nick_name']);
$type_name = trim($this->input['type_name']);
$avatar_url = trim($this->input['avatar_url']);
if ($type == 'uc' && $uc_user) {
//$platform_id = $uc_user['user_id'];
//手机 m2o注册至uc之后登陆类型使用“uc”导致的bug
$sql = 'SELECT * FROM ' . DB_PREFIX . 'member_bind WHERE type=\'m2o\' AND inuc=' . $uc_user['user_id'];
$bind_uc = $this->db->query_first($sql);
if ($bind_uc) {
$platform_id = $bind_uc['platform_id'];
$nick_name = $bind_uc['nick_name'];
$type_name = $bind_uc['type_name'];
$avatar_url = $bind_uc['avatar_url'];
$_type = $type;
$type = $bind_uc['type'];
} else {
$platform_id = $uc_user['user_id'];
$nick_name = $uc_user['user_name'];
$type_name = 'UC会员';
$avatar_url = $uc_user['avatar'];
$email = $uc_user['email'];
}
}
if (!$platform_id) {
$this->errorOutput(NO_MEMBER_ID);
}
if (!$nick_name) {
$this->errorOutput(NO_NICKNAME);
}
$member_name = $nick_name;
$condition = " AND mb.platform_id = '" . $platform_id . "' AND mb.type = '" . $type . "' AND mb.identifier = '" . $identifier . '\'';
$bind = $this->mMember->get_bind_info($condition);
$bind = $bind[0];
if (empty($type_name)) {
$platformInfo = $this->Members->get_platform_name($type);
if (empty($platformInfo)) {
$this->errorOutput(LOGIN_MEMBER_TYPE_ERROR);
} else {
if (!$platformInfo['status']) {
$this->errorOutput(LOGIN_MEMBER_TYPE_CLOSE);
}
}
$type_name = $platformInfo['name'];
}
$avatar_array = array();
$avatar_array = $this->mMember->update_avatar($avatar_url, $bind);
//会员表
$data = array('member_name' => $nick_name, 'email' => $email, 'type' => $type, 'type_name' => $type_name, 'update_time' => TIMENOW, 'avatar' => daddslashes(serialize($avatar_array)), 'guid' => guid());
//绑定表
$bind_data = array('platform_id' => $platform_id, 'type' => $type, 'avatar_url' => $avatar_url, 'reg_device_token' => $device_token, 'reg_udid' => $udid);
if (empty($bind)) {
if ($type == 'uc') {
$isBindUc = 0;
if ($memberId = $this->mMember->verifyPassword($member_name, $password, 'm2o')) {
$isBindUc = $this->mMember->bind_uc($memberId, $uc_user['user_id']);
}
if (!$isBindUc && $password) {
//随机串
$salt = hg_generate_salt();
$data['salt'] = $salt;
//密码md5
$data['password'] = md5(md5($password) . $salt);
}
}
if ($type != 'uc' || !$isBindUc) {
//新增会员
$groupInfo = $this->Members->checkgroup_credits(0);
$gradeInfo = $this->Members->checkgrade_credits(0);
$data['gid'] = $groupInfo['gid'];
$data['gradeid'] = $gradeInfo['gradeid'];
$data['status'] = $this->settings['member_status'];
$data['identifier'] = $identifier;
$data['appid'] = intval($this->user['appid']);
$data['appname'] = trim($this->user['display_name']);
$data['create_time'] = TIMENOW;
$data['ip'] = $ip;
$data['reg_device_token'] = $device_token;
$data['reg_udid'] = $udid;
//会员数据入库
$ret = $this->mMember->create($data);
if (!$ret['member_id']) {
$this->errorOutput(MEMBER_DATA_ADD_FAILED);
}
$member_id = $ret['member_id'];
//绑定表
$bind_data['nick_name'] = $nick_name;
$bind_data['member_id'] = $member_id;
$bind_data['type_name'] = $type_name;
$bind_data['bind_time'] = TIMENOW;
$bind_data['bind_ip'] = $ip;
$bind_data['is_primary'] = 1;
$bind_data['identifier'] = $identifier;
if ($bind_data['type'] == 'uc') {
$bind_data['inuc'] = $bind_data['platform_id'];
}
$ret_bind = $this->mMember->bind_create($bind_data);
if (empty($ret_bind)) {
$this->errorOutput(BIND_DATA_ADD_FAILED);
}
$this->registerCreditRules($member_id, $type);
//新注册会员积分规则
} else {
if ($type == 'uc' && $isBindUc) {
$type = 'm2o';
}
}
} else {
//更新会员
$member_id = $bind['member_id'];
//验证会员是否存在
$condition = " AND m.member_id = " . $member_id;
$ret_member = $this->mMember->get_member_info($condition);
$ret_member = $ret_member[0];
if (empty($ret_member)) {
$this->errorOutput(LOGIN_NOMEMBER_ERROR);
}
$update_bind_data = array('member_id' => $member_id, 'platform_id' => $platform_id, 'type' => $type, 'avatar_url' => $avatar_url);
$ret_bind = $this->mMember->bind_update($update_bind_data);
if (empty($ret_bind)) {
$this->errorOutput(BIND_DATA_UPDATE_FAILED);
}
}
}
}
}
//到auth接口取access_token
$encryptPassword = urlencode(passport_encrypt($password, CUSTOM_APPKEY));
$callback = 'http://' . $this->settings['App_members']['host'] . '/' . $this->settings['App_members']['dir'] . 'login.php?';
$func = 'a=verify_member&appid=' . $appid . '&appkey=' . $appkey;
$callback .= urlencode($func);
$extend = 'platform_id=' . $platform_id . '&password='******'&encrypt=1&type=' . $type . '&_type=' . $_type . '&identifier=' . $identifier;
$auth_data = array('user_name' => $member_name, 'appid' => $appid, 'appkey' => $appkey, 'ip' => $ip, 'verify_user_cb' => $callback, 'extend' => urlencode($extend));
$auth = $this->mMember->get_access_token($auth_data);
if (!$auth['token']) {
$this->errorOutput(MEMBERS_LOGIN_ERROR);
}
//黑名单用户判断
$blacklist = $this->Members->blacklist($auth['user_id']);
if ($blacklist[$auth['user_id']]['isblack']) {
$this->errorOutput(MEMBER_BLACKLIST);
}
//判断结束
//权限判断
//判断结束
//编辑扩展信息
$this->mMemberInfo->extension_edit($auth['user_id'], $this->input['member_info'], $_FILES);
//获取扩展信息
$extension = $this->getExtensionInfo($auth['user_id'], $identifier);
//会员痕迹
$member_trace_data = array('member_id' => $auth['user_id'], 'member_name' => $member_name, 'content_id' => $auth['user_id'], 'title' => $member_name, 'type' => 'login', 'op_type' => '登陆', 'appid' => $this->user['appid'], 'appname' => $this->user['display_name'], 'create_time' => TIMENOW, 'ip' => hg_getip(), 'device_token' => $device_token, 'udid' => $udid);
$memberTrace = $this->mMember->getMemberTrace(array('member_id' => $auth['user_id'], 'type' => 'login'), 'create_time');
$this->mMember->member_trace_create($member_trace_data);
$return = array('member_id' => $auth['user_id'], 'platform_id' => $auth['platform_id'], 'inuc' => $auth['inuc'] ? $auth['inuc'] : 0, 'member_name' => $auth['user_name'], 'nick_name' => $auth['nick_name'], 'type' => $auth['type'], 'type_name' => $auth['type_name'], 'avatar' => $auth['avatar'] ? $auth['avatar'] : '', 'access_token' => $auth['token'], 'guid' => $auth['guid'], 'gid' => $auth['gid'], 'gradeid' => $auth['gradeid'], 'copywriting_credit' => $auth['copywriting_credit'], 'copywriting' => $auth['copywriting'], 'signature' => $auth['signature'], 'mobile' => $auth['mobile'], 'email' => $auth['email'], 'extension' => $extension ? $extension : array(), 'isVerify' => $auth['isVerify'], 'isComplete' => $auth['isComplete'], 'identifier' => $auth['identifier'], 'last_login_device' => $auth['last_login_device'], 'last_login_time' => date('Y-m-d H:i:s', $memberTrace['create_time']));
//记录登陆信息
$loginInfoRecord = array('last_login_device' => $member_trace_data['device_token'], 'final_login_time' => $member_trace_data['create_time'], 'last_login_time' => $memberTrace['create_time'], 'last_login_udid' => $member_trace_data['udid']);
$this->mMember->loginInfoRecord($return['member_id'], $loginInfoRecord);
$return = hg_mermber2members_compatible(array('member_name' => 'nick_name', 'access_token' => 'token'), $return, false);
$this->addItem($return);
$this->output();
} catch (Exception $e) {
$this->errorOutput($e->getMessage(), $e->getCode());
}
}
/**
* 修改密码
* Enter description here ...
*/
public function password_edit()
{
$access_token = $this->input['access_token'];
$member_id = intval($this->user['user_id']);
$old_password = trim($this->input['old_password']);
$new_password = trim($this->input['new_password']);
if (!$access_token) {
$this->errorOutput('NO_ACCESS_TOKEN');
}
if (!$member_id) {
$this->errorOutput('NO_MEMBER_ID');
}
if (!$new_password) {
$this->errorOutput('请输入新密码');
}
$member = $this->mMember->_get_member_by_id($member_id, '', 'email, password, salt, member_name');
$member = $member[$member_id];
if (empty($member)) {
$this->errorOutput('该会员不存在或已被删除');
}
if ($member['password']) {
if (!$old_password) {
$this->errorOutput('请输入旧密码');
}
if (md5(md5($old_password) . $member['salt']) != $member['password']) {
$this->errorOutput('旧密码不正确');
}
}
if ($this->settings['ucenter']['open'] && $member['uc_id']) {
$ret_uc = $this->mMember->uc_user_edit($member['uc_id'], $member['member_name'], '', $old_password, $new_password);
if ($ret_uc < 0) {
switch ($ret_uc) {
case -1:
$this->errorOutput('旧密码不正确');
break;
case -2:
$this->errorOutput('该用户不存在或已被删除');
break;
case -4:
$this->errorOutput('Email 格式有误');
break;
case -5:
$this->errorOutput('Email 不允许注册');
break;
case -6:
$this->errorOutput('该 Email 已经被注册');
break;
case -7:
$this->errorOutput('没有做任何修改');
break;
case -8:
$this->errorOutput('该用户受保护无权限更改');
break;
default:
break;
}
}
}
$salt = hg_generate_salt();
$password = md5(md5($new_password) . $salt);
$member_data = array('id' => $member_id, 'salt' => $salt, 'password' => $password);
$ret = $this->mMember->update_member($member_data);
$return = array('member_id' => $ret['id']);
$this->addItem($return);
$this->output();
}
/**
*
* 超级管理员通过用户id修改用户密码 ...
*/
public function updatePassword($userinfo = array())
{
$updateData = array();
$reData = array();
$salt = '';
$password = '';
$userid = 0;
if ($this->user['group_type'] > MAX_ADMIN_TYPE) {
$this->errorOutput(NO_PURVIEW);
//没有权限
}
$userinfo = $userinfo ? $userinfo : array('userid' => intval($this->input['userid']), 'password' => $this->input['password']);
if ($userinfo['userid'] > 0 && ($userid = $this->checkUser($userinfo['userid']))) {
if ($userinfo['password']) {
$salt = hg_generate_salt();
$password = md5(md5(trim($userinfo['password'])) . $salt);
$updateData = array('password' => $password, 'salt' => $salt, 'update_time' => TIMENOW);
} else {
$this->errorOutput(NO_PASSWORD);
}
if ($updateData && is_array($updateData) && $userid > 0) {
$this->db->update_data($updateData, 'admin', 'id = ' . $userid);
$reData = array('userid' => $userid, 'response' => '密码已经修改成功');
}
} else {
$this->errorOutput(NO_USER_ID);
}
foreach ($reData as $k => $v) {
$this->addItem_withkey($k, $v);
}
$this->output();
}
/**
* 增加用户
*@return array 用户信息
*/
public function create()
{
//判断是否允许注册
$rt = $this->mUset->get_desig_uset(array('register', 'noregister', 'emailAction', 'isopeninvite'));
if ($rt['result'] == 1) {
$rt0 = $rt[0];
//register
$rt1 = $rt[1];
//noregister
$rt2 = $rt[2];
//emailAction
$rt3 = $rt[3];
//isopeninvite
$rt3['descripion'] = "请通过邀请进行注册!";
if (!$rt0['status']) {
if (!$rt3['status']) {
$this->setXmlNode('register', 'result');
$ret['register'] = 1;
$ret['reason'] = $rt1['status'];
$this->addItem($ret);
$this->output();
} else {
if (!urldecode($this->input['invite_code'])) {
$this->setXmlNode('register', 'result');
$ret['register'] = 1;
$ret['reason'] = $rt3['descripion'];
$this->addItem($ret);
$this->output();
} else {
$is_invite = $this->verify_invite_code(urldecode($this->input['invite_code']));
if (!$is_invite) {
$this->setXmlNode('register', 'result');
$ret['register'] = 1;
$ret['reason'] = $rt3['descripion'];
$this->addItem($ret);
$this->output();
}
}
}
} else {
if (urldecode($this->input['invite_code'])) {
$is_invite = $this->verify_invite_code(urldecode($this->input['invite_code']));
}
}
}
if (!$this->input['username']) {
$this->errorOutput(OBJECT_NULL);
//返回0x0000代码
}
$username = urldecode(trim($this->input['username']));
$patten = "/[!@#\$%&()><\\/:;|,,。?!}{‘’“”\\'\"]+/u";
if (preg_match($patten, $username)) {
$this->errorOutput(NON_SPECIAL_CHAR);
}
//判断是否有禁止词
include_once ROOT_PATH . 'lib/class/banword.class.php';
$banword = new banword();
$rt = $banword->banword($username);
if ($rt && $rt != 'null') {
$this->setXmlNode('userinfo', 'repeat_user');
$rt['banword'] = 1;
$this->addItem($rt);
$this->output();
exit;
}
$result = $this->mUser->checkUsername($username);
if ($result) {
$this->setXmlNode('userinfo', 'repeat_user');
$rt['user_exist'] = 1;
$rt['message'] = '用户名已被占用';
$this->addItem($rt);
$this->output();
exit;
}
$email = trim(urldecode($this->input['email']));
if (!hg_clean_email($email)) {
$this->errorOutput(EMAIL_ERROR);
//返回0x2000代码
}
$result = $this->mUser->checkEmail($email);
if ($result) {
$this->errorOutput(EMAIL_REPEAT);
//返回0x2100代码
}
$salt = hg_generate_salt();
$password = md5(md5(trim($this->input['password'])) . $salt);
$location = trim(urldecode($this->input['location']));
$location_code = trim(urldecode($this->input['location_code']));
$avatar = trim(urldecode($this->input['avatar'])) ? trim(urldecode($this->input['avatar'])) : AVATAR_DEFAULT;
//调用头像接口
$userinfo = array('email' => $email, 'username' => $username, 'password' => $password, 'salt' => $salt, 'location' => $location, 'location_code' => $location_code, 'avatar' => $avatar, 'birthday' => urldecode($this->input['birthday']), 'qq' => urldecode($this->input['qq']), 'mobile' => urldecode($this->input['mobile']), 'msn' => urldecode($this->input['msn']), 'source' => intval($this->input['source']), 'digital_tv' => urldecode($this->input['digital_tv']), 'join_time' => TIMENOW, 'last_login' => TIMENOW, 'privacy' => 0);
$sql = "\r\n\t\t\tINSERT " . DB_PREFIX . "member\r\n\t\t\t(\r\n\t\t\t\temail,username,password,salt,location,location_code,\r\n\t\t\t\tbirthday,avatar,qq,mobile,msn,join_time,\r\n\t\t\t\tlast_login,digital_tv,source\r\n\t\t\t) \r\n\t\t\tVALUES\r\n\t\t\t(\r\n\t\t\t\t'" . $userinfo['email'] . "','" . $userinfo['username'] . "','" . $userinfo['password'] . "','" . $userinfo['salt'] . "',\r\n\t\t\t\t'" . $userinfo['location'] . "','" . $userinfo['location_code'] . "','" . $userinfo['birthday'] . "',\r\n\t\t\t\t'" . $userinfo['avatar'] . "','" . $userinfo['qq'] . "',\r\n\t\t\t\t'" . $userinfo['mobile'] . "',\r\n\t\t\t\t'" . $userinfo['msn'] . "'," . $userinfo['join_time'] . "," . $userinfo['last_login'] . ",'" . $userinfo['digital_tv'] . "','" . $userinfo['source'] . "'\r\n\t\t\t)";
$this->db->query($sql);
$userinfo['id'] = $this->db->insert_id();
if ($is_invite) {
$this->update_invite_code($userinfo['id'], urldecode($this->input['invite_code']));
}
$credit_info = $this->mCredit->get_single_credit_rule(REGISTER);
//获取注册积分
$credit = floatval($credit_info['credit']);
$userextra = array('member_id' => $userinfo['id'], 'last_activity' => TIMENOW, 'followers_count' => 0, 'attention_count' => 0, 'ip' => hg_getip());
$sql = "INSERT " . DB_PREFIX . "member_extra\r\n\t\t(\r\n\t\t\tmember_id,\r\n\t\t\tlast_activity,\r\n\t\t\tfollowers_count,\r\n\t\t\tattention_count,\r\n\t\t\treffer_user,\r\n\t\t\tip,\r\n\t\t\tcredit \r\n\t\t) \r\n\t\tVALUES\r\n\t\t(\r\n\t\t\t" . $userextra['member_id'] . ",\r\n\t\t\t" . $userextra['last_activity'] . ",\r\n\t\t\t" . $userextra['followers_count'] . ",\r\n\t\t\t" . $userextra['attention_count'] . ",\r\n\t\t\t" . intval($this->input['reffer_user']) . ",\r\n\t\t\t'" . $userextra['ip'] . "' , \r\n\t\t\t" . $credit . "\r\n\t\t)";
$this->db->query($sql);
if ($rt2['status'] == 1) {
include_once ROOT_PATH . 'lib/user/email.class.php';
$emailclass = new email();
$data = array('id' => $userinfo['id'], 'username' => $userinfo['username'], 'email' => $userinfo['email']);
$rt = $emailclass->send_link($data);
if ($rt['done'] == 1) {
$userinfo['send_email'] = 1;
} else {
$userinfo['send_email'] = 0;
}
$userinfo['email_action'] = 1;
}
$this->setXmlNode('userinfo', 'user');
$this->addItem($userinfo);
return $this->output();
}
/**
* 忘记密码
* Enter description here ...
* @param unknown_type $member_id
* @param unknown_type $new_password
*/
public function memberPasswordForget($email, $new_password)
{
$sql = "SELECT uc_id, member_name, email FROM " . DB_PREFIX . "member WHERE email = '" . $email . "'";
$member = $this->db->query_first($sql);
if (empty($member)) {
return -1;
}
/*
if ($this->settings['ucenter']['open'] && $member['uc_id'] && $member['platform'] == $this->settings['platform']['uc'])
{
$ret = $this->uc_user_edit($member['uc_id'], $member['member_name'], $member['email'], $old_password, $new_password);
if ($ret < 0)
{
return false;
}
}
*/
$condition = " WHERE email = '" . $email . "'";
$salt = hg_generate_salt();
$password = md5(md5($new_password) . $salt);
$sql = "UPDATE " . DB_PREFIX . "member SET salt = '" . $salt . "', password = '******' " . $condition;
if ($this->db->query($sql)) {
return $member;
}
return false;
}
public function update()
{
//guid 会员唯一标示
if ($guid = $this->input['guid']) {
$condition = ' AND guid="' . $guid . '"';
$memberInfo = $this->mMember->get_member_info($condition);
if ($memberInfo) {
$member_id = $memberInfo[0]['member_id'];
}
} else {
$member_id = intval($this->input['member_id']);
}
$member_name = trim($this->input['member_name']);
$nick_name = trim($this->input['nick_name']);
$password = trim($this->input['password']);
$mobile = $this->input['mobile'] ? intval($this->input['mobile']) : '';
$email = $this->input['email'] ? trim($this->input['email']) : '';
$im_token = $this->input['im_token'] ? trim($this->input['im_token']) : '';
$signature = $this->input['signature'] ? trim(urldecode($this->input['signature'])) : '';
if (!$member_id) {
$this->errorOutput(NO_MEMBER_ID);
}
$identifier = $this->mMember->getIdentifierForMemberId($member_id);
if (!empty($member_name) && !$this->mMember->isMemberNameUpdate($member_id, 1)) {
$this->errorOutput(NOT_EDIT_MEMBERNAME);
}
if (!$nick_name) {
$nick_name = $member_name ? $member_name : $this->Members->get_member_name($member_id, false);
}
if (!hg_verify_mobile($mobile) && !empty($mobile)) {
$this->errorOutput(MOBILE_NUMBER_FORMAT_ERROR);
}
$reg_mail = $this->Members->check_reg_mail($email, $member_id, $identifier);
if ($reg_mail == -4) {
$this->errorOutput(EMAIL_FORMAT_ERROR);
} elseif ($reg_mail == -6) {
$this->errorOutput(EMAIL_HAS_BINDED);
}
//头像
$avatar = array();
if ($_FILES['avatar']['tmp_name']) {
$avatar = $_FILES['avatar'];
}
$data = array('member_id' => $member_id, 'update_time' => TIMENOW);
if ($im_token) {
$data['im_token'] = $im_token;
}
if ($mobile) {
$data['mobile'] = $mobile;
}
if ($email) {
$data['email'] = $email;
}
if ($signature) {
$data['signature'] = $signature;
}
//验证会员名
if ($member_name) {
switch ($this->mMember->verify_member_name($member_name, $member_id, $identifier)) {
case -1:
$this->errorOutput(MEMBER_NAME_ILLEGAL);
break;
case -2:
$this->errorOutput(PROHIBITED_WORDS);
break;
case -3:
$this->errorOutput(UC_MEMBER_NAME_REGISTER);
break;
case -4:
$this->errorOutput(MEMBER_NAME_EXCEEDS_MAX);
break;
case -5:
$this->errorOutput(USERNAME_BELOW_MINIMUM);
break;
case -6:
$this->errorOutput(MEMBER_NAME_ERROR);
break;
case -7:
$this->errorOutput(MEMBER_NAME_REGISTER);
break;
default:
break;
}
$data['member_name'] = $member_name;
}
$member_name = $this->Members->get_member_name($member_id);
if ($this->settings['ucenter']['open'] && !$identifier) {
$is_password = $this->mMember->uc_user_edit($member_name[$member_id], $oldpw, $password, $email, 1);
if ($is_password < 0) {
if ($is_password == -4) {
$this->errorOutput(EMAIL_FORMAT_ERROR);
} elseif ($is_password == -5) {
$this->errorOutput(EMAIL_NO_REGISTER);
} elseif ($is_password == -6) {
$this->errorOutput(EMAIL_HAS_BINDED);
}
}
}
if ($password) {
//随机串
$salt = hg_generate_salt();
//密码md5
$md5_password = md5(md5($password) . $salt);
$data['password'] = $md5_password;
$data['salt'] = $salt;
}
//更新积分
if ($this->input['credit'] && is_array($this->input['credit'])) {
$credit_log = array('app_uniqueid' => APP_UNIQUEID, 'mod_uniqueid' => MOD_UNIQUEID, 'action' => $this->input['a'], 'method' => 'admin_update_members', 'relatedid' => $this->user['user_id'], 'title' => '积分变更', 'remark' => '管理员操作');
if ($grade_credits_type = $this->Members->get_grade_credits_type(1)) {
if ($this->input['credit'][$grade_credits_type['db_field']] < 0) {
$this->errorOutput($grade_credits_type['title'] . '不允许为负数');
}
}
$this->Members->credits($this->input['credit'], $member_id, $coef = 1, false, false, true, null, array(), $credit_log);
}
//更新用户组
$gid = intval($this->input['groupid']);
$groupexpiry = $this->input['groupexpiry'] ? trim($this->input['groupexpiry']) : 0;
$this->Members->updategroup($member_id, $gid, $groupexpiry);
//更新黑名单
$deadline = !empty($this->input['blacklist']) ? !empty($this->input['isblack']) ? $this->input['isblack'] : -1 : 0;
if (!empty($this->input['blacklist'])) {
$this->Members->blacklist_set($member_id, $deadline);
}
//更新勋章
$medalid = !empty($this->input['medal_id']) ? $this->input['medal_id'] : '';
$this->member_medal->edit_member_medal($member_id, $medalid);
//会员数据入库
$ret = $this->mMember->update($data);
if (!$ret['member_id']) {
$this->errorOutput(MEMBER_DATA_UPDATE_FAILED);
}
$data['member_id'] = $member_id;
$this->mMemberInfo->extension_edit($member_id, $this->input['member_info'], $_FILES);
//扩展信息编辑
//头像入库
if (!empty($avatar)) {
$avatar = $this->mMember->add_material($avatar, $member_id);
if (!empty($avatar)) {
$update_data = array('member_id' => $member_id, 'avatar' => maybe_serialize($avatar));
$ret_updata = $this->mMember->update($update_data);
if (!$ret_updata['member_id']) {
$this->errorOutput(AVATAR_ADD_FAILED);
}
}
}
$bind_info = array();
if ($nick_name) {
$bind_info = array('nick_name' => $nick_name);
}
if ($bind_info) {
$this->mMember->bind_update($bind_info, 'WHERE member_id = \'' . $member_id . '\'');
}
//会员痕迹
$member_trace_data = array('member_id' => $this->user['user_id'], 'member_name' => $this->user['user_name'], 'content_id' => $member_id, 'title' => $member_name[$member_id], 'type' => 'adminedit', 'op_type' => '管理员更新会员资料', 'appid' => $this->user['appid'], 'appname' => $this->user['display_name'], 'create_time' => TIMENOW, 'ip' => hg_getip(), 'device_token' => 'admin', 'udid' => 'admin');
$this->mMember->member_trace_create($member_trace_data);
$this->addItem($member_id);
$this->output();
}
