/** * 更新用户密码 * @return */ public function updatePassword() { $userinfo = $this->user->verify_credentials(); $password = array('id' => $userinfo['id'], 'pwd' => $this->input['password']); if (!$password['id']) { $this->errorOutput(OBJECT_NULL); //返回0x0000代码 } else { $salt = hg_generate_salt(); $pass = md5(md5($password['pwd']) . $salt); $this->setXmlNode('userinfo', 'ID'); $sql = "UPDATE " . DB_PREFIX . "member SET \r\n\t\t\tpassword = '******',salt='" . $salt . "' \r\n\t\t\tWHERE id = " . $password['id']; $this->db->query($sql); $this->addItem($password['id']); return $this->output(); } }
public function update_pwd() { $verify_code = urldecode($this->input['verify_code']); $sql = "select * from " . DB_PREFIX . "verify_code where type=1 and verify_code='" . $verify_code . "'"; $rt = $this->db->query_first($sql); $this->setXmlNode('check', 'value'); $result['done'] = 0; if ($rt) { $salt = hg_generate_salt(); $password = md5(md5(trim($this->input['password'])) . $salt); $id = $rt['user_id']; $sql = "update " . DB_PREFIX . "member set password='******',salt='" . $salt . "' where id=" . $id; $this->db->query($sql); $sql = "delete from " . DB_PREFIX . "verify_code where type =1 and user_id=" . $id; $this->db->query($sql); $result['done'] = 1; $result['name'] = $rt['user_name']; } $this->addItem($result); $this->output(); }
public function reset_password() { $this->check_verifycode(); $verifycode = trim($this->input['verifycode']); $member_name = trim($this->input['member_name']); $password = trim($this->input['password']); $type = isset($this->input['type']) ? intval($this->input['type']) : -1; //验证码类型 $identifierUserSystem = new identifierUserSystem(); $identifier = $identifierUserSystem->setIdentifier((int) $this->input['identifier'])->checkIdentifier(); //多用户系统 if (!$verifycode) { $this->errorOutput(VERIFY_NULL); } if (!$password) { $this->errorOutput(NO_NEW_PASSWORD); } if ($type == '-1' && hg_check_email_format($member_name)) { $member_type = 'email'; $type = 1; } elseif ($type == '-1' && hg_verify_mobile($member_name)) { $member_type = 'shouji'; $type = 0; } else { if ($type == 0) { $member_type = 'shouji'; } else { if ($type == 1) { $member_type = 'email'; } } } $condition = " AND platform_id = '" . $member_name . "' AND mb.type='{$member_type}' AND mb.identifier=" . $identifier . ""; $field = 'mb.member_id,platform_id,mb.type'; $bind_info = $this->mMember->get_bind_info($condition, $field); $bind_info = $bind_info[0]; if (empty($bind_info)) { $this->errorOutput(NO_MEMBER); } $data = array(); $data['member_id'] = $bind_info['member_id']; //根据验证码修改密码、 if (!$type) { if ($this->mSmsServer->get_verifycode_info($member_name, $verifycode)) { //验证成功之后删除 $this->mSmsServer->mobile_verifycode_delete($member_name, $verifycode); if ($this->settings['ucenter']['open']) { $_member_name = $member_name; $is_password = $this->mMember->uc_user_edit($_member_name, '', $password, '', 1); } if ($password && ($is_password >= 0 || !$this->settings['ucenter']['open'])) { $salt = hg_generate_salt(); $data['salt'] = $salt; $md5_password = md5(md5($password) . $salt); $data['password'] = $md5_password; } elseif ($password && ($is_password < 0 && $this->settings['ucenter']['open'])) { $this->errorOutput('UC密码同步失败'); } if ($this->mMember->update($data)) { $bind_info['status'] = 1; $this->addItem($bind_info); $this->output(); } } else { $this->errorOutput(MOBILE_VERIFY_FAILED); } } else { if ($this->memberverifycode->get_verifycode_info($member_name, $verifycode, $type, $action = 1)) { //验证成功之后删除 $this->memberverifycode->verifycode_delete($member_name, $verifycode, $type, $action = 1); if ($this->settings['ucenter']['open']) { $_member_name = $member_name; $is_password = $this->mMember->uc_user_edit($_member_name, '', $password, '', 1); } if ($password && ($is_password > 0 || !$this->settings['ucenter']['open'])) { $salt = hg_generate_salt(); $data['salt'] = $salt; $md5_password = md5(md5($password) . $salt); $data['password'] = $md5_password; } elseif ($password && ($is_password < 0 && $this->settings['ucenter']['open'])) { $this->errorOutput('UC密码同步失败'); } if ($this->mMember->update($data)) { $bind_info['status'] = 1; $this->addItem($bind_info); $this->output(); } } else { $this->errorOutput(EMAIL_VERIFY_FAILED); } } }
function updatepw($get, $post) { global $gDB; if (!API_UPDATEPW) { return API_RETURN_FORBIDDEN; } $username = $get['username']; $salt = hg_generate_salt(); $newpw = md5(md5($get['password']) . $salt); // $newpw = md5(time().rand(100000, 999999)); $sql = "UPDATE " . DB_PREFIX . "member SET password = '******', salt = '" . $salt . "' WHERE member_name = '" . $username . "'"; $gDB->query($sql); return API_RETURN_SUCCEED; }
/** * 会员注册 * member_id 会员id member_name 会员名 password 密码 salt 随机数 type 会员类型 type_name 会员类型名 avatar 头像 signature 个性签名 appid 应用id appname 应用名 create_time 注册时间 update_time 更新时间 ip 注册ip * * $appid * $appkey * $callback * * $mobile_verifycode * * 绑定表 * member_id 会员id platform_id 第三方平台会员id char nick_name 昵称 type 会员类型 type_name 会员类型名称 avatar_url 头像地址 bind_time 绑定时间 bind_ip 绑定ip * * 返回 * member_id * member_name * type * avatar * access_token */ public function register() { try { $this->check_verifycode(); //验证码 $this->oldtype = $this->type = trim($this->input['type']); $member_name = $this->checkRegMemberName(); $this->checkRegType(); $this->checkRegMemberNameError(); $password = trim($this->input['password']); $identifierUserSystem = new identifierUserSystem(); $identifier = $identifierUserSystem->setIdentifier((int) $this->input['identifier'])->checkIdentifier(); //多用户系统 if (empty($this->type)) { $this->errorOutput(NO_MEMBER_TYPE); } $platformInfo = $this->Members->get_platform_name($this->type); if (empty($platformInfo)) { $this->errorOutput(REG_MEMBER_TYPE_ERROR); } else { if (!$platformInfo['status']) { $this->errorOutput(REG_MEMBER_TYPE_CLOSE); } } $type_name = $platformInfo['name']; $signature = trim($this->input['signature']); $ip = hg_getip(); $appid = intval($this->input['appid']); $appkey = trim($this->input['appkey']); $platform_id = ''; $mobile_verifycode = trim($this->input['mobile_verifycode']); $email = trim($this->input['email']); $reg_mail = $this->Members->check_reg_mail($email, 0, $identifier); if ($reg_mail == -4) { $this->errorOutput(EMAIL_FORMAT_ERROR); } elseif ($reg_mail == -5) { $this->errorOutput(EMAIL_NO_REGISTER); } elseif ($reg_mail == -6) { $this->errorOutput(EMAIL_HAS_BINDED); } $this->type == 'email' && $this->checkEmailVerifyCode($member_name); $this->type != 'email' && $email && $this->checkEmailVerifyCode($email); $_mobile = trim($this->input['mobile']); //简单验证手机号格式 if ($_mobile && !hg_verify_mobile($_mobile)) { $this->errorOutput(MOBILE_NUMBER_FORMAT_ERROR); } else { if ($_mobile && (isset($this->input['mobile_verifycode']) || defined('NO_VERIFY_MOBILEBIND') && NO_VERIFY_MOBILEBIND)) { $check_bind = new check_Bind(); if ($check_bind->checkmembernamereg($_mobile, $identifier)) { $this->errorOutput(MOBILE_REG_BIND); } } } if ($this->type != 'shouji' && $_mobile && isset($this->input['mobile_verifycode'])) { //验证码 $verifycode = $this->mSmsServer->get_verifycode_info($_mobile, $mobile_verifycode); if (empty($verifycode)) { $this->errorOutput(VERIFY_FAILED); } //删除验证码 $this->mSmsServer->mobile_verifycode_delete($_mobile, $mobile_verifycode); if (TIMENOW > $verifycode['create_time'] + VERIFYCODE_EXPIRED_TIME) { $this->errorOutput(VERIFY_EXPIRED); } $this->ismobileverify = 1; } else { if ($this->type != 'shouji' && $_mobile && defined('NO_VERIFY_MOBILEBIND') && NO_VERIFY_MOBILEBIND) { $this->ismobileverify = 1; } } $device_token = $this->Members->check_device_token(trim($this->input['device_token'])); if ($device_token === 0) { $this->errorOutput(ERROR_DEVICE_TOKEN); } $udid = $this->Members->check_udid(trim($this->input['uuid'])); if ($udid === 0) { $this->errorOutput(ERROR_UDID); } //验证设备号和ip是否在黑名单 if ($udid) { $device_res = $this->Blacklist->detailDeviceBlacklist(array('device_token' => $udid, 'identifier' => $identifier)); if ($device_res[0]['deadline'] == -1 && $device_res[0]['type'] == 2) { $this->errorOutput(DEVICE_BLACKLIST_FOREVER); } elseif ($device_res[0]['deadline'] == -1) { $this->errorOutput(DEVICE_BLACKLIST); } } if ($ip) { $ip_res = $this->Blacklist->detailIpBlacklist(array('ip' => ip2long($ip), 'identifier' => $identifier)); if ($ip_res[0]['deadline'] == -1 && $ip_res[0]['type'] == 2) { $this->errorOutput(IP_BLACKLIST_FOREVER); } elseif ($ip_res[0]['deadline'] == -1) { $this->errorOutput(IP_BLACKLIST); } } //密码 if (!$password) { $this->errorOutput(NO_PASSWORD); } //验证手机验证码 if ($this->type == 'shouji') { $check_bind = new check_Bind(); if ($check_bind->checkmembernamereg($member_name, $identifier)) { $this->errorOutput(MOBILE_REG_BIND); } $platform_id = $mobile = $member_name; $_mobile = $mobile ? $mobile : $_mobile; //简单验证手机号格式 if (!hg_verify_mobile($mobile)) { $this->errorOutput(MOBILE_NUMBER_FORMAT_ERROR); } if (!$mobile_verifycode) { $this->errorOutput(MOBILE_NOT_VERIFY); } //验证码 $verifycode = $this->mSmsServer->get_verifycode_info($mobile, $mobile_verifycode); if (empty($verifycode)) { $this->errorOutput(VERIFY_FAILED); } //删除验证码 $this->mSmsServer->mobile_verifycode_delete($mobile, $mobile_verifycode); if (TIMENOW > $verifycode['create_time'] + VERIFYCODE_EXPIRED_TIME) { $this->errorOutput(VERIFY_EXPIRED); } } //如果是m2o注册类型屏蔽字检测 if ($this->settings['App_banword']) { include ROOT_PATH . 'lib/class/banword.class.php'; $banword = new banword(); $signature_banword = $banword->exists($signature); if ($signature_banword && is_array($signature_banword)) { $this->errorOutput(SIGNATURE_INVALID); } } if ($this->type == 'm2o' && $this->settings['App_banword']) { $member_name_banword = $banword->exists($member_name); if ($member_name_banword && is_array($member_name_banword)) { $this->errorOutput(MEMBER_NAME_INVALID); } } //头像 $avatar = array(); if (isset($this->input['avatar']) && $_FILES['avatar']['tmp_name']) { $avatar = $_FILES['avatar']; } //验证会员名 $ret_verify = $this->mMember->verify_member_name($member_name, 0, $identifier, $type); switch ($ret_verify) { case -1: $this->errorOutput(MEMBER_NAME_ILLEGAL); break; case -2: $this->errorOutput(PROHIBITED_WORDS); break; case -3: $this->errorOutput(UC_MEMBER_NAME_REGISTER); break; case -4: $this->errorOutput(MEMBER_NAME_EXCEEDS_MAX); break; case -5: $this->errorOutput(USERNAME_BELOW_MINIMUM); break; case -6: $this->errorOutput(MEMBER_NAME_ERROR); break; case -7: $this->errorOutput(MEMBER_NAME_REGISTER); break; default: break; } //随机串 $salt = hg_generate_salt(); //密码md5 $md5_password = md5(md5($password) . $salt); $groupInfo = $this->Members->checkgroup_credits(0); $gradeInfo = $this->Members->checkgrade_credits(0); $data = array('member_name' => $member_name, 'password' => $md5_password, 'salt' => $salt, 'type' => $this->type, 'type_name' => $type_name, 'gid' => $groupInfo['gid'], 'gradeid' => $gradeInfo['gradeid'], 'signature' => $signature, 'mobile' => $_mobile, 'email' => $email, 'status' => $this->settings['member_status'], 'identifier' => $identifier, 'appid' => $this->user['appid'], 'appname' => $this->user['display_name'], 'create_time' => TIMENOW, 'update_time' => TIMENOW, 'ip' => $ip, 'guid' => guid(), 'reg_device_token' => $device_token, 'reg_udid' => $udid); //入ucenter $inuc = 0; if ($this->type == 'm2o' && $this->settings['ucenter']['open'] && !$identifier) { //邮箱 m2o类型必须传入email if (!$email) { $this->errorOutput(NO_EMAIL); } $virtual_email = $email; //忽略返回值 $reinfo = $this->uc_register(array('member_name' => $data['member_name'], 'password' => $password, 'email' => $virtual_email)); $inuc = $reinfo['member_id']; } //会员数据入库 $ret = $this->mMember->create($data); if (!$ret['member_id']) { $this->errorOutput(MEMBER_DATA_ADD_FAILED); } $member_id = $ret['member_id']; //编辑扩展信息 #@param platformMark 平台标示 if ($this->input['platformMark'] && $this->input['platformMark'] == 'dingdone' && $this->input['identifier']) { //为叮当注册根据app配置不同的扩展信息 $this->mMemberInfo->extension_editByApp($member_id, $this->input['member_info'], $this->input['identifier'], $_FILES); } else { $this->mMemberInfo->extension_edit($member_id, $this->input['member_info'], $_FILES); } //获取扩展信息 $extension = $this->getExtensionInfo($member_id, $identifier); if (!$identifier) { $invite_user = new invite(); $id = $this->input['invite_id'] ? $this->input['invite_id'] : 0; //邀请码id $invite_code = $this->input['invite_code'] ? $this->input['invite_code'] : $member_name; //如果未传邀请码则已用户名为邀请码去邀请数据库查询是否存在邀请信息,目前仅支持手机注册类型用户名; $invite = $invite_user->invite_rules($member_id, $invite_code, $id); //邀请用户处理 $this->invite_error($invite); } //uc打开平台id为uc 否则为自身id if ($this->type == 'm2o') { $platform_id = $this->settings['ucenter']['open'] && $reinfo['member_id'] > 0 && !$identifier ? $reinfo['member_id'] : $member_id; } elseif ($this->type == 'email') { $platform_id = $member_name; } $data['member_id'] = $member_id; //绑定表 $bind_data = array('member_id' => $member_id, 'platform_id' => $platform_id, 'nick_name' => $member_name, 'type' => $this->type, 'type_name' => $type_name, 'bind_time' => TIMENOW, 'bind_ip' => $ip, 'inuc' => $inuc, 'is_primary' => 1, 'identifier' => $identifier, 'reg_device_token' => $device_token, 'reg_udid' => $udid); $ret_bind = $this->mMember->bind_create($bind_data); if (empty($ret_bind)) { $this->errorOutput(BIND_DATA_ADD_FAILED); } $this->registerCreditRules($member_id); //注册相关积分规则 //如果注册时填写邮箱则可以同时入绑定表 if ($data['email']) { if ($this->type != 'email' && $this->isemailverify) { $_bind_data = $bind_data; $_bind_data['platform_id'] = $data['email']; $_bind_data['is_primary'] = 0; $_bind_data['type'] = 'email'; $_bind_data['type_name'] = '邮箱'; $_ret_bind = $this->mMember->bind_create($_bind_data); if (empty($_ret_bind)) { $this->errorOutput(BIND_DATA_ADD_FAILED); } unset($_bind_data, $_ret_bind); } } if ($data['mobile']) { if ($this->type != 'shouji' && $this->ismobileverify) { $_bind_data = $bind_data; $_bind_data['platform_id'] = $data['mobile']; $_bind_data['is_primary'] = 0; $_bind_data['type'] = 'shouji'; $_bind_data['type_name'] = '手机'; $_ret_bind = $this->mMember->bind_create($_bind_data); if (empty($_ret_bind)) { $this->errorOutput(BIND_DATA_ADD_FAILED); } unset($_bind_data, $_ret_bind); } } //头像入库 if (!empty($avatar)) { $avatar = $this->mMember->add_material($avatar, $member_id); if (!empty($avatar)) { $update_data = array('member_id' => $member_id, 'avatar' => daddslashes(serialize($avatar))); $ret_updata = $this->mMember->update($update_data); if (!$ret_updata['member_id']) { $this->errorOutput(AVATAR_ADD_FAILED); } } } else { $avatar_url = $this->input['avatar_url'] ? trim($this->input['avatar_url']) : ''; if ($avatar_url) { $avatar = $this->mMember->local_material($avatar_url, $member_id); if (!empty($avatar)) { $update_data = array('member_id' => $member_id, 'avatar' => daddslashes(serialize($avatar))); $ret_updata = $this->mMember->update($update_data); if (!$ret_updata['member_id']) { $this->errorOutput(AVATAR_ADD_FAILED); } } } } //到auth接口取access_token $callback = 'http://' . $this->settings['App_members']['host'] . '/' . $this->settings['App_members']['dir'] . 'login.php?a=verify_member&appid=' . $appid . '&appkey=' . $appkey; $encryptPassword = urlencode(passport_encrypt($password, CUSTOM_APPKEY)); $auth_data = array('user_name' => $member_name, 'appid' => $appid, 'appkey' => $appkey, 'ip' => $ip, 'verify_user_cb' => $callback, 'extend' => 'platform_id=' . $platform_id . '&password='******'&encrypt=1&type=' . $this->type . '&identifier=' . $identifier); $auth = $this->mMember->get_access_token($auth_data); if (!$auth['token']) { $this->errorOutput(MEMBERS_LOGIN_ERROR); } $return = array('member_id' => $member_id, 'member_name' => $ret['member_name'], 'nick_name' => $auth['nick_name'], 'platform_id' => $auth['platform_id'], 'inuc' => $auth['inuc'] ? $auth['inuc'] : 0, 'type' => $this->type, 'type_name' => $auth['type_name'], 'avatar' => $avatar, 'access_token' => $auth['token'], 'guid' => $auth['guid'], 'gid' => $auth['gid'], 'gradeid' => $auth['gradeid'], 'copywriting_credit' => $auth['copywriting_credit'], 'copywriting' => $auth['copywriting'], 'signature' => $auth['signature'], 'mobile' => $auth['mobile'], 'email' => $auth['email'], 'isVerify' => $auth['isVerify'], 'isComplete' => $auth['isComplete'], 'identifier' => $auth['identifier'], 'last_login_device' => $auth['last_login_device']); if ($extension) { $return['extension'] = $extension; } //会员痕迹 $member_trace_data = array('member_id' => $member_id, 'member_name' => $member_name, 'content_id' => $member_id, 'title' => $member_name, 'type' => 'register', 'op_type' => '注册', 'appid' => $this->user['appid'], 'appname' => $this->user['display_name'], 'create_time' => TIMENOW, 'ip' => hg_getip(), 'device_token' => $device_token, 'udid' => $udid); $this->mMember->member_trace_create($member_trace_data); //记录登陆信息 $loginInfoRecord = array('last_login_device' => $member_trace_data['device_token'], 'final_login_time' => $member_trace_data['create_time'], 'last_login_time' => $member_trace_data['create_time'], 'last_login_udid' => $member_trace_data['udid']); $this->mMember->loginInfoRecord($return['member_id'], $loginInfoRecord); $return = hg_mermber2members_compatible(array('member_name' => 'nick_name', 'access_token' => 'token'), $return, false); $this->addItem($return); $this->output(); } catch (Exception $e) { $this->errorOutput($e->getMessage(), $e->getCode()); } }
function update_password() { $id = intval($this->input['id']); $sql = 'SELECT password,salt FROM ' . DB_PREFIX . 'admin WHERE id = ' . $id; $userinfo = $this->db->query_first($sql); if (!$userinfo) { $this->errorOutput(NOID); } $password = ''; $password = trim($this->input['password']); $password_again = trim($this->input['password_again']); $oldpass = trim($this->input['old_password']); $data = array(); if ($password) { if (!$oldpass || $userinfo['password'] != md5(md5(trim($oldpass)) . $userinfo['salt'])) { $this->addItem(array('error' => -1)); $this->output(); } $salt = ''; $salt = hg_generate_salt(); $password = md5(md5(trim($password)) . $salt); $data = array('password' => $password, 'salt' => $salt, 'update_time' => TIMENOW); } if ($_FILES['Filedata']) { $material = $this->uploadToPicServer($_FILES, intval($this->input['id'])); if ($material) { $avatar = array('host' => $material['host'], 'dir' => $material['dir'], 'filepath' => $material['filepath'], 'filename' => $material['filename']); $data['avatar'] = addslashes(serialize($avatar)); $data['update_time'] = TIMENOW; } } if (!empty($data)) { $sql = 'UPDATE ' . DB_PREFIX . 'admin SET '; foreach ($data as $k => $v) { $sql .= '`' . $k . '`="' . $v . '",'; } $sql = rtrim($sql, ','); $sql = $sql . ' WHERE id = ' . $this->user['user_id']; $this->db->query($sql); $this->addItem($data); } $this->output(); }
/** * * 补充新浪绑定,QQ绑定等第三方绑定信息为正常M2O账号 ... * 目的是为了解决 新浪、QQ等第三方平台首次直接登陆系统后,资料信息不完善问题 */ public function supplementaryBindInfo() { try { $identifierUserSystem = new identifierUserSystem(); $identifier = $identifierUserSystem->setIdentifier((int) $this->input['identifier'])->checkIdentifier(); //多用户系统 $member_name = $this->input['member_name']; $nick_name = $this->input['nick_name']; if (empty($member_name)) { $this->errorOutput(NO_MEMBER_NAME); } //如果是m2o注册类型屏蔽字检测 if ($this->settings['App_banword']) { include ROOT_PATH . 'lib/class/banword.class.php'; $banword = new banword(); $member_name_banword = $banword->exists($member_name); if ($member_name_banword && is_array($member_name_banword)) { $this->errorOutput(MEMBER_NAME_INVALID); } } switch ($this->mMember->verify_member_name($member_name, $user_id, $identifier)) { case -1: $this->errorOutput(MEMBER_NAME_ILLEGAL); break; case -2: $this->errorOutput(PROHIBITED_WORDS); break; case -3: $this->errorOutput(UC_MEMBER_NAME_REGISTER); break; case -4: $this->errorOutput(MEMBER_NAME_EXCEEDS_MAX); break; case -5: $this->errorOutput(USERNAME_BELOW_MINIMUM); break; case -6: $this->errorOutput(MEMBER_NAME_ERROR); break; case -7: $this->errorOutput(MEMBER_NAME_REGISTER); break; default: break; } $mobile_verifycode = trim($this->input['mobile_verifycode']); $email_verifycode = trim($this->input['email_verifycode']); $email = $this->input['email']; if (empty($email)) { $this->errorOutput(NO_EMAIL); } $reg_mail = $this->Members->check_reg_mail($email, 0, $identifier); if ($reg_mail == -4) { $this->errorOutput(EMAIL_FORMAT_ERROR); } elseif ($reg_mail == -5) { $this->errorOutput(EMAIL_NO_REGISTER); } elseif ($reg_mail == -6) { $this->errorOutput(EMAIL_HAS_BINDED); } if ($email && isset($this->input['email_verifycode'])) { if ($this->memberverifycode->get_verifycode_info($email, $email_verifycode, 1, $action = 1)) { //验证成功之后删除 $this->memberverifycode->verifycode_delete($member_name, $email_verifycode, 1, $action = 1); } else { $this->errorOutput(VERIFY_FAILED); } $this->isemailverify = 1; } $mobile = $this->input['mobile']; //简单验证手机号格式 if ($mobile && !hg_verify_mobile($mobile)) { $this->errorOutput(MOBILE_NUMBER_FORMAT_ERROR); } else { if ($mobile && (isset($this->input['mobile_verifycode']) || defined('NO_VERIFY_MOBILEBIND') && NO_VERIFY_MOBILEBIND)) { $check_bind = new check_Bind(); if ($check_bind->checkmembernamereg($mobile, $identifier)) { $this->errorOutput(MOBILE_REG_BIND); } } } if ($mobile && isset($this->input['mobile_verifycode'])) { //验证码 $verifycode = $this->mSmsServer->get_verifycode_info($mobile, $mobile_verifycode); if (empty($verifycode)) { $this->errorOutput(VERIFY_FAILED); } //删除验证码 $this->mSmsServer->mobile_verifycode_delete($mobile, $mobile_verifycode); if (TIMENOW > $verifycode['create_time'] + VERIFYCODE_EXPIRED_TIME) { $this->errorOutput(VERIFY_EXPIRED); } $this->ismobileverify = 1; } $password = $this->input['password']; $user_id = $this->user['user_id']; if (!$user_id) { $this->errorOutput(NO_MEMBER_ID); } $cond = ' AND member_id = ' . $user_id; $memberInfo = $this->Members->get_member_info($cond); if (!$memberInfo) { $this->errorOutput(NO_MEMBER); } if ($memberInfo['type'] == 'm2o' || $memberInfo['type'] == 'uc') { $this->errorOutput(UPDATEM2O); } $updateMemberInfo['member_id'] = $user_id; $updateMemberInfo['type'] = 'm2o'; $updateMemberInfo['type_name'] = 'M2O'; $updateMemberInfo['member_name'] = $member_name; if (empty($password)) { $this->errorOutput(NO_PASSWORD); } $salt = hg_generate_salt(); $updateMemberInfo['salt'] = $salt; $md5_password = md5(md5($password) . $salt); $updateMemberInfo['password'] = $md5_password; $email && ($updateMemberInfo['email'] = $email); $mobile && ($updateMemberInfo['mobile'] = $mobile); $this->mMember->update($updateMemberInfo); $membersql = new membersql(); $this->mMember->bind_update(array('is_primary' => 0), $membersql->where(array('member_id' => $memberInfo['member_id'], 'type' => $memberInfo['type']))); $platform_id = $user_id; $inuc = 0; if (!$identifier && $this->settings['ucenter']['open']) { $register_data = array('member_name' => $member_name, 'password' => $password, 'email' => $email); $registerInfo = $this->mMember->uc_register($register_data); if ($registerInfo['member_id'] > 0) { $inuc = $platform_id = $registerInfo['member_id']; } } //M2O绑定关系 $bind_data = array('member_id' => $user_id, 'platform_id' => $platform_id, 'nick_name' => $nick_name, 'type' => 'm2o', 'type_name' => 'M2O', 'bind_time' => TIMENOW, 'bind_ip' => hg_getip(), 'inuc' => $inuc, 'is_primary' => 1, 'identifier' => $identifier, 'reg_device_token' => 'www', 'reg_udid' => $udid); $ret_bind = $this->mMember->bind_create($bind_data); //如果注册时填写邮箱则可以同时入绑定表 if ($email) { if ($this->isemailverify || defined('NO_VERIFY_EMAILBIND') && NO_VERIFY_EMAILBIND) { $_bind_data = $bind_data; $_bind_data['platform_id'] = $email; $_bind_data['is_primary'] = 0; $_bind_data['type'] = 'email'; $_bind_data['type_name'] = '邮箱'; $_ret_bind = $this->mMember->bind_create($_bind_data); if (empty($_ret_bind)) { $this->errorOutput(BIND_DATA_ADD_FAILED); } unset($_bind_data, $_ret_bind); } } if ($mobile) { if ($this->ismobileverify || defined('NO_VERIFY_MOBILEBIND') && NO_VERIFY_MOBILEBIND) { $_bind_data = $bind_data; $_bind_data['platform_id'] = $mobile; $_bind_data['is_primary'] = 0; $_bind_data['type'] = 'shouji'; $_bind_data['type_name'] = '手机'; $_ret_bind = $this->mMember->bind_create($_bind_data); if (empty($_ret_bind)) { $this->errorOutput(BIND_DATA_ADD_FAILED); } unset($_bind_data, $_ret_bind); } } if ($inuc) { $_updateBind = array('inuc' => $inuc); $this->mMember->bind_update($_updateBind, ' WHERE member_id = ' . $user_id); } $this->addItem($bind_data); $this->output(); } catch (Exception $e) { $this->errorOutput($e->getMessage(), $e->getCode()); } }
function updatepw($get, $post) { if (!API_UPDATEPW) { return API_RETURN_FORBIDDEN; } $username = $get['username']; $password = $get['password']; $salt = hg_generate_salt(); $pass = md5(md5($password) . $salt); $this->db->query('UPDATE ' . DB_PREFIX . "user set salt='{$salt}',password='******' WHERE username = '******'"); return API_RETURN_SUCCEED; }
public function imgdata2pic($imgdata, $app_bundle, $type = 'png') { if (empty($imgdata)) { return false; } $info = array('host' => hg_getimg_host(), 'dir' => app_to_dir($app_bundle), 'filepath' => date('Y', TIMENOW) . '/' . date('m', TIMENOW) . '/', 'filename' => md5(hg_generate_salt(4) . TIMENOW) . '.' . $type); $img_dir = hg_getimg_dir() . $info['dir'] . $info['filepath']; if (!hg_mkdir($img_dir) || !is_writeable($img_dir)) { $this->errorOutput($img_dir . '目录不可写'); } $imgdata = str_replace('data:image/png;base64,', '', $imgdata); $imgdata = strpos($imgdata, 'data:') !== false ? $imgdata : base64_decode($imgdata); hg_file_write($img_dir . $info['filename'], $imgdata); return $info; }
public function change_pwd() { $db = hg_ConnectDB(); $username = trim($this->input['username']); $old_password = trim($this->input['old_password']); $password = trim($this->input['password']); $admin_id = intval($this->input['admin_id']); if (!$old_password || !$password || !$admin_id) { $this->addItem(array('error' => 1, 'msg' => '参数缺失')); $this->output(); } //验证旧密码 $sql = "SELECT password,salt FROM " . DB_PREFIX . "admin WHERE id = " . $admin_id . " AND user_name = '" . $username . "'"; $q = $db->query_first($sql); $salt = hg_generate_salt(); if ($this->input['md5once']) { $password = md5($password . $salt); $old_password = md5($old_password . $q['salt']); } else { $password = md5(md5($password) . $salt); $old_password = md5(md5($old_password) . $q['salt']); } if ($old_password != $q['password']) { $this->addItem(array('error' => 1, 'msg' => '原始密码有误')); $this->output(); } $data = array('password' => $password, 'salt' => $salt, 'update_time' => TIMENOW, 'forced_change_pwd' => 0); $re = $db->update_data($data, 'admin', 'id=' . $admin_id); if ($re) { $ret = array('error' => 0, 'msg' => 'success'); } else { $ret = array('error' => 1, 'msg' => '修改失败'); } $this->addItem($ret); $this->output(); }
public function update() { if (!intval($this->input['id'])) { $this->errorReturn('id不存在'); } if (!trim($this->input['user_name'])) { $this->errorReturn('请填写用户名称'); } $sql = 'SELECT * FROM ' . DB_PREFIX . 'admin WHERE id = ' . intval($this->input['id']); $admin_info = $this->db->query_first($sql); if (!$admin_info) { $this->errorReturn('用户信息不存在!'); } $password = ''; $password = trim($this->input['password']); if (empty($password)) { $data = array('id' => intval($this->input['id']), 'admin_role_id' => $this->input['admin_role_id'] ? implode(',', $this->input['admin_role_id']) : "", 'father_org_id' => intval($this->input['father_org_id']), 'user_name' => trim(urldecode($this->input['user_name'])), 'update_time' => TIMENOW); } else { $salt = ''; $salt = hg_generate_salt(); $password = md5(md5(trim($this->input['password'])) . $salt); $data = array('id' => intval($this->input['id']), 'admin_role_id' => $this->input['admin_role_id'] ? implode(',', $this->input['admin_role_id']) : "", 'father_org_id' => intval($this->input['father_org_id']), 'user_name' => trim(urldecode($this->input['user_name'])), 'update_time' => TIMENOW, 'password' => $password, 'salt' => $salt); } //检测修改后的角色是否比自己大 if ($this->user['group_type'] > MAX_ADMIN_TYPE) { $temp1 = array_diff(explode(',', $data['admin_role_id']), explode(',', $admin_info['admin_role_id'])); $temp2 = array_diff(explode(',', $admin_info['admin_role_id']), explode(',', $data['admin_role_id'])); $temp = array_filter(array_merge($temp1, $temp2)); if (!empty($temp)) { if (min($temp) <= MAX_ADMIN_TYPE) { $this->errorReturn('没有权限'); } } } else { $temp1 = array_diff(explode(',', $data['admin_role_id']), explode(',', $admin_info['admin_role_id'])); $temp2 = array_diff(explode(',', $admin_info['admin_role_id']), explode(',', $data['admin_role_id'])); $temp = array_filter(array_merge($temp1, $temp2)); if (!empty($temp)) { if (min($temp) < $this->user['group_type']) { $this->errorReturn('没有权限'); } } } $material = $this->input['avatar']; if ($material) { $avatar = array('host' => $material['host'], 'dir' => $material['dir'], 'filepath' => $material['filepath'], 'filename' => $material['filename']); $data['avatar'] = addslashes(serialize($avatar)); } $sql = "UPDATE " . DB_PREFIX . "admin SET "; foreach ($data as $k => $v) { $sql .= "`" . $k . "`='" . $v . "',"; } $sql = rtrim($sql, ','); $sql = $sql . " WHERE id = " . $this->input['id']; $this->db->query($sql); $data['avatar'] = $avatar ? $avatar : ''; $this->addItem($data); $this->output(); }
/** * 会员登录 * $member_name * $password * $type * $type_name * $appid * $appkey * * 返回 * member_id * member_name * type * avatar * access_token * * 绑定表 * member_id 会员id platform_id 第三方平台会员id char nick_name 昵称 type 会员类型 type_name 会员类型名称 avatar_url 头像地址 bind_time 绑定时间 bind_ip 绑定ip */ public function login() { try { $member_name = $this->checkUserName(trimall($this->input['member_name'])); $password = trim($this->input['password']); $ip = hg_getip(); $type = $this->input['type']; $this->checkLoginTypeSwitch(); $this->checkLoginTypeError($member_name, $type); $this->checkLoginPassword($password, $type); $this->check_verifycode($type); //验证码 $_type = ''; //防止本地M2O同步至UC后,再次验证本地密码BUG。 $platform_id = trim($this->input['platform_id']); $identifierUserSystem = new identifierUserSystem(); $identifier = $identifierUserSystem->setIdentifier((int) $this->input['identifier'])->checkIdentifier(); //多用户系统 $appid = intval($this->input['appid']); $appkey = trim($this->input['appkey']); $device_token = $this->Members->check_device_token(trim($this->input['device_token'])); $udid = $this->Members->check_udid(trim($this->input['uuid'])); //唯一设备号 if ($device_token === 0) { $this->errorOutput(ERROR_DEVICE_TOKEN); } if ($udid === 0) { $this->errorOutput(ERROR_UDID); } //验证设备号和ip是否在黑名单 if ($udid) { $device_res = $this->Blacklist->detailDeviceBlacklist(array('device_token' => $udid, 'identifier' => $identifier)); if ($device_res[0]['deadline'] == -1 && $device_res[0]['type'] == 2) { $this->errorOutput(DEVICE_BLACKLIST_FOREVER); } elseif ($device_res[0]['deadline'] == -1) { $this->errorOutput(DEVICE_BLACKLIST); } } if ($ip) { $ip_res = $this->Blacklist->detailIpBlacklist(array('ip' => ip2long($ip), 'identifier' => $identifier)); if ($ip_res[0]['deadline'] == -1 && $ip_res[0]['type'] == 2) { $this->errorOutput(IP_BLACKLIST_FOREVER); } elseif ($ip_res[0]['deadline'] == -1) { $this->errorOutput(IP_BLACKLIST); } } //登陆类型 shouji、sina、txweibo、qq、renren、douban if (!$type) { $this->errorOutput(NO_EXTERNAL_TYPE); } if ($type == 'uc' && $identifier) { $this->input['type'] = ''; $this->checkUserName($member_name, 1); $this->input['type'] && ($type = $this->input['type']); } if ($type == 'm2o' && $this->settings['ucenter']['open'] && !$identifier) { $check_login = $this->oAuthUc(true, true); //修复手机端传m2o类型,但是帐号属于UC类型,登陆失败问题 if ($check_login > 0) { $type = 'uc'; } } if ($type == 'uc' && $this->settings['ucenter']['open'] && !$identifier) { $uc_user = $this->oAuthUc(true); if ($uc_user['user_id'] == -1) { $type = 'm2o'; } } elseif ($type == 'uc' && !$this->settings['ucenter']['open'] && !$identifier) { $this->errorOutput(UC_LOGIN_ERROR); } $check_Bind = new check_Bind(); //所有类型的邮箱登陆 if ($member_name && $type == 'email') { $platform_id = $platform_id ? $platform_id : $member_name; if (!$check_Bind->bind_to_memberid($member_name, $type, true, $identifier)) { $this->errorOutput(LOGIN_NOMEMBER_ERROR); } } else { if ($type == 'shouji') { //会员名 if (!$member_name) { $this->errorOutput(NO_MEMBER_NAME); } $platform_id = $platform_id ? $platform_id : $member_name; if (!$check_Bind->bind_to_memberid($member_name, $type, true, $identifier)) { $this->errorOutput(LOGIN_NOMEMBER_ERROR); } } else { if ($type == 'm2o') { $is_mobile_login = false; $where = ' AND member_name="' . $member_name . '" AND type="m2o" AND identifier = \'' . $identifier . '\''; $sql = 'SELECT member_id FROM ' . DB_PREFIX . 'member WHERE 1'; $memberinfo = $this->db->query_first($sql . $where); if (!$memberinfo) { if (hg_verify_mobile($member_name)) { $where = ' AND member_name=\'' . $member_name . '\' AND type=\'shouji\' AND identifier = \'' . $identifier . '\''; $memberinfo = $this->db->query_first($sql . $where); if ($memberinfo) { $type = 'shouji'; $platform_id = $check_Bind->check_uc($memberinfo['member_id'], $type); //修复同步UC后,登陆密码错误的bug $platform_id = $platform_id ? $platform_id : $member_name; } if (empty($memberinfo)) { $type = 'shouji'; $member_id = $check_Bind->bind_to_memberid($member_name, $type, true, $identifier); if ($member_id) { $memberinfo = array('member_id' => $member_id); $platform_id = $member_name; } } } $memberinfo ? $memberinfo : $this->errorOutput(LOGIN_NOMEMBER_ERROR); } if ($type != 'shouji') { $bindinfo = $this->db->query_first('SELECT inuc FROM ' . DB_PREFIX . 'member_bind WHERE member_id=' . $memberinfo['member_id'] . ' AND type="m2o"'); $platform_id = $bindinfo['inuc'] ? $bindinfo['inuc'] : $memberinfo['member_id']; } } else { //新浪微博、腾讯微博、QQ、人人网、豆瓣 uc等 $nick_name = trimall($this->input['nick_name']); $type_name = trim($this->input['type_name']); $avatar_url = trim($this->input['avatar_url']); if ($type == 'uc' && $uc_user) { //$platform_id = $uc_user['user_id']; //手机 m2o注册至uc之后登陆类型使用“uc”导致的bug $sql = 'SELECT * FROM ' . DB_PREFIX . 'member_bind WHERE type=\'m2o\' AND inuc=' . $uc_user['user_id']; $bind_uc = $this->db->query_first($sql); if ($bind_uc) { $platform_id = $bind_uc['platform_id']; $nick_name = $bind_uc['nick_name']; $type_name = $bind_uc['type_name']; $avatar_url = $bind_uc['avatar_url']; $_type = $type; $type = $bind_uc['type']; } else { $platform_id = $uc_user['user_id']; $nick_name = $uc_user['user_name']; $type_name = 'UC会员'; $avatar_url = $uc_user['avatar']; $email = $uc_user['email']; } } if (!$platform_id) { $this->errorOutput(NO_MEMBER_ID); } if (!$nick_name) { $this->errorOutput(NO_NICKNAME); } $member_name = $nick_name; $condition = " AND mb.platform_id = '" . $platform_id . "' AND mb.type = '" . $type . "' AND mb.identifier = '" . $identifier . '\''; $bind = $this->mMember->get_bind_info($condition); $bind = $bind[0]; if (empty($type_name)) { $platformInfo = $this->Members->get_platform_name($type); if (empty($platformInfo)) { $this->errorOutput(LOGIN_MEMBER_TYPE_ERROR); } else { if (!$platformInfo['status']) { $this->errorOutput(LOGIN_MEMBER_TYPE_CLOSE); } } $type_name = $platformInfo['name']; } $avatar_array = array(); $avatar_array = $this->mMember->update_avatar($avatar_url, $bind); //会员表 $data = array('member_name' => $nick_name, 'email' => $email, 'type' => $type, 'type_name' => $type_name, 'update_time' => TIMENOW, 'avatar' => daddslashes(serialize($avatar_array)), 'guid' => guid()); //绑定表 $bind_data = array('platform_id' => $platform_id, 'type' => $type, 'avatar_url' => $avatar_url, 'reg_device_token' => $device_token, 'reg_udid' => $udid); if (empty($bind)) { if ($type == 'uc') { $isBindUc = 0; if ($memberId = $this->mMember->verifyPassword($member_name, $password, 'm2o')) { $isBindUc = $this->mMember->bind_uc($memberId, $uc_user['user_id']); } if (!$isBindUc && $password) { //随机串 $salt = hg_generate_salt(); $data['salt'] = $salt; //密码md5 $data['password'] = md5(md5($password) . $salt); } } if ($type != 'uc' || !$isBindUc) { //新增会员 $groupInfo = $this->Members->checkgroup_credits(0); $gradeInfo = $this->Members->checkgrade_credits(0); $data['gid'] = $groupInfo['gid']; $data['gradeid'] = $gradeInfo['gradeid']; $data['status'] = $this->settings['member_status']; $data['identifier'] = $identifier; $data['appid'] = intval($this->user['appid']); $data['appname'] = trim($this->user['display_name']); $data['create_time'] = TIMENOW; $data['ip'] = $ip; $data['reg_device_token'] = $device_token; $data['reg_udid'] = $udid; //会员数据入库 $ret = $this->mMember->create($data); if (!$ret['member_id']) { $this->errorOutput(MEMBER_DATA_ADD_FAILED); } $member_id = $ret['member_id']; //绑定表 $bind_data['nick_name'] = $nick_name; $bind_data['member_id'] = $member_id; $bind_data['type_name'] = $type_name; $bind_data['bind_time'] = TIMENOW; $bind_data['bind_ip'] = $ip; $bind_data['is_primary'] = 1; $bind_data['identifier'] = $identifier; if ($bind_data['type'] == 'uc') { $bind_data['inuc'] = $bind_data['platform_id']; } $ret_bind = $this->mMember->bind_create($bind_data); if (empty($ret_bind)) { $this->errorOutput(BIND_DATA_ADD_FAILED); } $this->registerCreditRules($member_id, $type); //新注册会员积分规则 } else { if ($type == 'uc' && $isBindUc) { $type = 'm2o'; } } } else { //更新会员 $member_id = $bind['member_id']; //验证会员是否存在 $condition = " AND m.member_id = " . $member_id; $ret_member = $this->mMember->get_member_info($condition); $ret_member = $ret_member[0]; if (empty($ret_member)) { $this->errorOutput(LOGIN_NOMEMBER_ERROR); } $update_bind_data = array('member_id' => $member_id, 'platform_id' => $platform_id, 'type' => $type, 'avatar_url' => $avatar_url); $ret_bind = $this->mMember->bind_update($update_bind_data); if (empty($ret_bind)) { $this->errorOutput(BIND_DATA_UPDATE_FAILED); } } } } } //到auth接口取access_token $encryptPassword = urlencode(passport_encrypt($password, CUSTOM_APPKEY)); $callback = 'http://' . $this->settings['App_members']['host'] . '/' . $this->settings['App_members']['dir'] . 'login.php?'; $func = 'a=verify_member&appid=' . $appid . '&appkey=' . $appkey; $callback .= urlencode($func); $extend = 'platform_id=' . $platform_id . '&password='******'&encrypt=1&type=' . $type . '&_type=' . $_type . '&identifier=' . $identifier; $auth_data = array('user_name' => $member_name, 'appid' => $appid, 'appkey' => $appkey, 'ip' => $ip, 'verify_user_cb' => $callback, 'extend' => urlencode($extend)); $auth = $this->mMember->get_access_token($auth_data); if (!$auth['token']) { $this->errorOutput(MEMBERS_LOGIN_ERROR); } //黑名单用户判断 $blacklist = $this->Members->blacklist($auth['user_id']); if ($blacklist[$auth['user_id']]['isblack']) { $this->errorOutput(MEMBER_BLACKLIST); } //判断结束 //权限判断 //判断结束 //编辑扩展信息 $this->mMemberInfo->extension_edit($auth['user_id'], $this->input['member_info'], $_FILES); //获取扩展信息 $extension = $this->getExtensionInfo($auth['user_id'], $identifier); //会员痕迹 $member_trace_data = array('member_id' => $auth['user_id'], 'member_name' => $member_name, 'content_id' => $auth['user_id'], 'title' => $member_name, 'type' => 'login', 'op_type' => '登陆', 'appid' => $this->user['appid'], 'appname' => $this->user['display_name'], 'create_time' => TIMENOW, 'ip' => hg_getip(), 'device_token' => $device_token, 'udid' => $udid); $memberTrace = $this->mMember->getMemberTrace(array('member_id' => $auth['user_id'], 'type' => 'login'), 'create_time'); $this->mMember->member_trace_create($member_trace_data); $return = array('member_id' => $auth['user_id'], 'platform_id' => $auth['platform_id'], 'inuc' => $auth['inuc'] ? $auth['inuc'] : 0, 'member_name' => $auth['user_name'], 'nick_name' => $auth['nick_name'], 'type' => $auth['type'], 'type_name' => $auth['type_name'], 'avatar' => $auth['avatar'] ? $auth['avatar'] : '', 'access_token' => $auth['token'], 'guid' => $auth['guid'], 'gid' => $auth['gid'], 'gradeid' => $auth['gradeid'], 'copywriting_credit' => $auth['copywriting_credit'], 'copywriting' => $auth['copywriting'], 'signature' => $auth['signature'], 'mobile' => $auth['mobile'], 'email' => $auth['email'], 'extension' => $extension ? $extension : array(), 'isVerify' => $auth['isVerify'], 'isComplete' => $auth['isComplete'], 'identifier' => $auth['identifier'], 'last_login_device' => $auth['last_login_device'], 'last_login_time' => date('Y-m-d H:i:s', $memberTrace['create_time'])); //记录登陆信息 $loginInfoRecord = array('last_login_device' => $member_trace_data['device_token'], 'final_login_time' => $member_trace_data['create_time'], 'last_login_time' => $memberTrace['create_time'], 'last_login_udid' => $member_trace_data['udid']); $this->mMember->loginInfoRecord($return['member_id'], $loginInfoRecord); $return = hg_mermber2members_compatible(array('member_name' => 'nick_name', 'access_token' => 'token'), $return, false); $this->addItem($return); $this->output(); } catch (Exception $e) { $this->errorOutput($e->getMessage(), $e->getCode()); } }
/** * 修改密码 * Enter description here ... */ public function password_edit() { $access_token = $this->input['access_token']; $member_id = intval($this->user['user_id']); $old_password = trim($this->input['old_password']); $new_password = trim($this->input['new_password']); if (!$access_token) { $this->errorOutput('NO_ACCESS_TOKEN'); } if (!$member_id) { $this->errorOutput('NO_MEMBER_ID'); } if (!$new_password) { $this->errorOutput('请输入新密码'); } $member = $this->mMember->_get_member_by_id($member_id, '', 'email, password, salt, member_name'); $member = $member[$member_id]; if (empty($member)) { $this->errorOutput('该会员不存在或已被删除'); } if ($member['password']) { if (!$old_password) { $this->errorOutput('请输入旧密码'); } if (md5(md5($old_password) . $member['salt']) != $member['password']) { $this->errorOutput('旧密码不正确'); } } if ($this->settings['ucenter']['open'] && $member['uc_id']) { $ret_uc = $this->mMember->uc_user_edit($member['uc_id'], $member['member_name'], '', $old_password, $new_password); if ($ret_uc < 0) { switch ($ret_uc) { case -1: $this->errorOutput('旧密码不正确'); break; case -2: $this->errorOutput('该用户不存在或已被删除'); break; case -4: $this->errorOutput('Email 格式有误'); break; case -5: $this->errorOutput('Email 不允许注册'); break; case -6: $this->errorOutput('该 Email 已经被注册'); break; case -7: $this->errorOutput('没有做任何修改'); break; case -8: $this->errorOutput('该用户受保护无权限更改'); break; default: break; } } } $salt = hg_generate_salt(); $password = md5(md5($new_password) . $salt); $member_data = array('id' => $member_id, 'salt' => $salt, 'password' => $password); $ret = $this->mMember->update_member($member_data); $return = array('member_id' => $ret['id']); $this->addItem($return); $this->output(); }
/** * * 超级管理员通过用户id修改用户密码 ... */ public function updatePassword($userinfo = array()) { $updateData = array(); $reData = array(); $salt = ''; $password = ''; $userid = 0; if ($this->user['group_type'] > MAX_ADMIN_TYPE) { $this->errorOutput(NO_PURVIEW); //没有权限 } $userinfo = $userinfo ? $userinfo : array('userid' => intval($this->input['userid']), 'password' => $this->input['password']); if ($userinfo['userid'] > 0 && ($userid = $this->checkUser($userinfo['userid']))) { if ($userinfo['password']) { $salt = hg_generate_salt(); $password = md5(md5(trim($userinfo['password'])) . $salt); $updateData = array('password' => $password, 'salt' => $salt, 'update_time' => TIMENOW); } else { $this->errorOutput(NO_PASSWORD); } if ($updateData && is_array($updateData) && $userid > 0) { $this->db->update_data($updateData, 'admin', 'id = ' . $userid); $reData = array('userid' => $userid, 'response' => '密码已经修改成功'); } } else { $this->errorOutput(NO_USER_ID); } foreach ($reData as $k => $v) { $this->addItem_withkey($k, $v); } $this->output(); }
/** * 增加用户 *@return array 用户信息 */ public function create() { //判断是否允许注册 $rt = $this->mUset->get_desig_uset(array('register', 'noregister', 'emailAction', 'isopeninvite')); if ($rt['result'] == 1) { $rt0 = $rt[0]; //register $rt1 = $rt[1]; //noregister $rt2 = $rt[2]; //emailAction $rt3 = $rt[3]; //isopeninvite $rt3['descripion'] = "请通过邀请进行注册!"; if (!$rt0['status']) { if (!$rt3['status']) { $this->setXmlNode('register', 'result'); $ret['register'] = 1; $ret['reason'] = $rt1['status']; $this->addItem($ret); $this->output(); } else { if (!urldecode($this->input['invite_code'])) { $this->setXmlNode('register', 'result'); $ret['register'] = 1; $ret['reason'] = $rt3['descripion']; $this->addItem($ret); $this->output(); } else { $is_invite = $this->verify_invite_code(urldecode($this->input['invite_code'])); if (!$is_invite) { $this->setXmlNode('register', 'result'); $ret['register'] = 1; $ret['reason'] = $rt3['descripion']; $this->addItem($ret); $this->output(); } } } } else { if (urldecode($this->input['invite_code'])) { $is_invite = $this->verify_invite_code(urldecode($this->input['invite_code'])); } } } if (!$this->input['username']) { $this->errorOutput(OBJECT_NULL); //返回0x0000代码 } $username = urldecode(trim($this->input['username'])); $patten = "/[!@#\$%&()><\\/:;|,,。?!}{‘’“”\\'\"]+/u"; if (preg_match($patten, $username)) { $this->errorOutput(NON_SPECIAL_CHAR); } //判断是否有禁止词 include_once ROOT_PATH . 'lib/class/banword.class.php'; $banword = new banword(); $rt = $banword->banword($username); if ($rt && $rt != 'null') { $this->setXmlNode('userinfo', 'repeat_user'); $rt['banword'] = 1; $this->addItem($rt); $this->output(); exit; } $result = $this->mUser->checkUsername($username); if ($result) { $this->setXmlNode('userinfo', 'repeat_user'); $rt['user_exist'] = 1; $rt['message'] = '用户名已被占用'; $this->addItem($rt); $this->output(); exit; } $email = trim(urldecode($this->input['email'])); if (!hg_clean_email($email)) { $this->errorOutput(EMAIL_ERROR); //返回0x2000代码 } $result = $this->mUser->checkEmail($email); if ($result) { $this->errorOutput(EMAIL_REPEAT); //返回0x2100代码 } $salt = hg_generate_salt(); $password = md5(md5(trim($this->input['password'])) . $salt); $location = trim(urldecode($this->input['location'])); $location_code = trim(urldecode($this->input['location_code'])); $avatar = trim(urldecode($this->input['avatar'])) ? trim(urldecode($this->input['avatar'])) : AVATAR_DEFAULT; //调用头像接口 $userinfo = array('email' => $email, 'username' => $username, 'password' => $password, 'salt' => $salt, 'location' => $location, 'location_code' => $location_code, 'avatar' => $avatar, 'birthday' => urldecode($this->input['birthday']), 'qq' => urldecode($this->input['qq']), 'mobile' => urldecode($this->input['mobile']), 'msn' => urldecode($this->input['msn']), 'source' => intval($this->input['source']), 'digital_tv' => urldecode($this->input['digital_tv']), 'join_time' => TIMENOW, 'last_login' => TIMENOW, 'privacy' => 0); $sql = "\r\n\t\t\tINSERT " . DB_PREFIX . "member\r\n\t\t\t(\r\n\t\t\t\temail,username,password,salt,location,location_code,\r\n\t\t\t\tbirthday,avatar,qq,mobile,msn,join_time,\r\n\t\t\t\tlast_login,digital_tv,source\r\n\t\t\t) \r\n\t\t\tVALUES\r\n\t\t\t(\r\n\t\t\t\t'" . $userinfo['email'] . "','" . $userinfo['username'] . "','" . $userinfo['password'] . "','" . $userinfo['salt'] . "',\r\n\t\t\t\t'" . $userinfo['location'] . "','" . $userinfo['location_code'] . "','" . $userinfo['birthday'] . "',\r\n\t\t\t\t'" . $userinfo['avatar'] . "','" . $userinfo['qq'] . "',\r\n\t\t\t\t'" . $userinfo['mobile'] . "',\r\n\t\t\t\t'" . $userinfo['msn'] . "'," . $userinfo['join_time'] . "," . $userinfo['last_login'] . ",'" . $userinfo['digital_tv'] . "','" . $userinfo['source'] . "'\r\n\t\t\t)"; $this->db->query($sql); $userinfo['id'] = $this->db->insert_id(); if ($is_invite) { $this->update_invite_code($userinfo['id'], urldecode($this->input['invite_code'])); } $credit_info = $this->mCredit->get_single_credit_rule(REGISTER); //获取注册积分 $credit = floatval($credit_info['credit']); $userextra = array('member_id' => $userinfo['id'], 'last_activity' => TIMENOW, 'followers_count' => 0, 'attention_count' => 0, 'ip' => hg_getip()); $sql = "INSERT " . DB_PREFIX . "member_extra\r\n\t\t(\r\n\t\t\tmember_id,\r\n\t\t\tlast_activity,\r\n\t\t\tfollowers_count,\r\n\t\t\tattention_count,\r\n\t\t\treffer_user,\r\n\t\t\tip,\r\n\t\t\tcredit \r\n\t\t) \r\n\t\tVALUES\r\n\t\t(\r\n\t\t\t" . $userextra['member_id'] . ",\r\n\t\t\t" . $userextra['last_activity'] . ",\r\n\t\t\t" . $userextra['followers_count'] . ",\r\n\t\t\t" . $userextra['attention_count'] . ",\r\n\t\t\t" . intval($this->input['reffer_user']) . ",\r\n\t\t\t'" . $userextra['ip'] . "' , \r\n\t\t\t" . $credit . "\r\n\t\t)"; $this->db->query($sql); if ($rt2['status'] == 1) { include_once ROOT_PATH . 'lib/user/email.class.php'; $emailclass = new email(); $data = array('id' => $userinfo['id'], 'username' => $userinfo['username'], 'email' => $userinfo['email']); $rt = $emailclass->send_link($data); if ($rt['done'] == 1) { $userinfo['send_email'] = 1; } else { $userinfo['send_email'] = 0; } $userinfo['email_action'] = 1; } $this->setXmlNode('userinfo', 'user'); $this->addItem($userinfo); return $this->output(); }
/** * 忘记密码 * Enter description here ... * @param unknown_type $member_id * @param unknown_type $new_password */ public function memberPasswordForget($email, $new_password) { $sql = "SELECT uc_id, member_name, email FROM " . DB_PREFIX . "member WHERE email = '" . $email . "'"; $member = $this->db->query_first($sql); if (empty($member)) { return -1; } /* if ($this->settings['ucenter']['open'] && $member['uc_id'] && $member['platform'] == $this->settings['platform']['uc']) { $ret = $this->uc_user_edit($member['uc_id'], $member['member_name'], $member['email'], $old_password, $new_password); if ($ret < 0) { return false; } } */ $condition = " WHERE email = '" . $email . "'"; $salt = hg_generate_salt(); $password = md5(md5($new_password) . $salt); $sql = "UPDATE " . DB_PREFIX . "member SET salt = '" . $salt . "', password = '******' " . $condition; if ($this->db->query($sql)) { return $member; } return false; }
public function update() { //guid 会员唯一标示 if ($guid = $this->input['guid']) { $condition = ' AND guid="' . $guid . '"'; $memberInfo = $this->mMember->get_member_info($condition); if ($memberInfo) { $member_id = $memberInfo[0]['member_id']; } } else { $member_id = intval($this->input['member_id']); } $member_name = trim($this->input['member_name']); $nick_name = trim($this->input['nick_name']); $password = trim($this->input['password']); $mobile = $this->input['mobile'] ? intval($this->input['mobile']) : ''; $email = $this->input['email'] ? trim($this->input['email']) : ''; $im_token = $this->input['im_token'] ? trim($this->input['im_token']) : ''; $signature = $this->input['signature'] ? trim(urldecode($this->input['signature'])) : ''; if (!$member_id) { $this->errorOutput(NO_MEMBER_ID); } $identifier = $this->mMember->getIdentifierForMemberId($member_id); if (!empty($member_name) && !$this->mMember->isMemberNameUpdate($member_id, 1)) { $this->errorOutput(NOT_EDIT_MEMBERNAME); } if (!$nick_name) { $nick_name = $member_name ? $member_name : $this->Members->get_member_name($member_id, false); } if (!hg_verify_mobile($mobile) && !empty($mobile)) { $this->errorOutput(MOBILE_NUMBER_FORMAT_ERROR); } $reg_mail = $this->Members->check_reg_mail($email, $member_id, $identifier); if ($reg_mail == -4) { $this->errorOutput(EMAIL_FORMAT_ERROR); } elseif ($reg_mail == -6) { $this->errorOutput(EMAIL_HAS_BINDED); } //头像 $avatar = array(); if ($_FILES['avatar']['tmp_name']) { $avatar = $_FILES['avatar']; } $data = array('member_id' => $member_id, 'update_time' => TIMENOW); if ($im_token) { $data['im_token'] = $im_token; } if ($mobile) { $data['mobile'] = $mobile; } if ($email) { $data['email'] = $email; } if ($signature) { $data['signature'] = $signature; } //验证会员名 if ($member_name) { switch ($this->mMember->verify_member_name($member_name, $member_id, $identifier)) { case -1: $this->errorOutput(MEMBER_NAME_ILLEGAL); break; case -2: $this->errorOutput(PROHIBITED_WORDS); break; case -3: $this->errorOutput(UC_MEMBER_NAME_REGISTER); break; case -4: $this->errorOutput(MEMBER_NAME_EXCEEDS_MAX); break; case -5: $this->errorOutput(USERNAME_BELOW_MINIMUM); break; case -6: $this->errorOutput(MEMBER_NAME_ERROR); break; case -7: $this->errorOutput(MEMBER_NAME_REGISTER); break; default: break; } $data['member_name'] = $member_name; } $member_name = $this->Members->get_member_name($member_id); if ($this->settings['ucenter']['open'] && !$identifier) { $is_password = $this->mMember->uc_user_edit($member_name[$member_id], $oldpw, $password, $email, 1); if ($is_password < 0) { if ($is_password == -4) { $this->errorOutput(EMAIL_FORMAT_ERROR); } elseif ($is_password == -5) { $this->errorOutput(EMAIL_NO_REGISTER); } elseif ($is_password == -6) { $this->errorOutput(EMAIL_HAS_BINDED); } } } if ($password) { //随机串 $salt = hg_generate_salt(); //密码md5 $md5_password = md5(md5($password) . $salt); $data['password'] = $md5_password; $data['salt'] = $salt; } //更新积分 if ($this->input['credit'] && is_array($this->input['credit'])) { $credit_log = array('app_uniqueid' => APP_UNIQUEID, 'mod_uniqueid' => MOD_UNIQUEID, 'action' => $this->input['a'], 'method' => 'admin_update_members', 'relatedid' => $this->user['user_id'], 'title' => '积分变更', 'remark' => '管理员操作'); if ($grade_credits_type = $this->Members->get_grade_credits_type(1)) { if ($this->input['credit'][$grade_credits_type['db_field']] < 0) { $this->errorOutput($grade_credits_type['title'] . '不允许为负数'); } } $this->Members->credits($this->input['credit'], $member_id, $coef = 1, false, false, true, null, array(), $credit_log); } //更新用户组 $gid = intval($this->input['groupid']); $groupexpiry = $this->input['groupexpiry'] ? trim($this->input['groupexpiry']) : 0; $this->Members->updategroup($member_id, $gid, $groupexpiry); //更新黑名单 $deadline = !empty($this->input['blacklist']) ? !empty($this->input['isblack']) ? $this->input['isblack'] : -1 : 0; if (!empty($this->input['blacklist'])) { $this->Members->blacklist_set($member_id, $deadline); } //更新勋章 $medalid = !empty($this->input['medal_id']) ? $this->input['medal_id'] : ''; $this->member_medal->edit_member_medal($member_id, $medalid); //会员数据入库 $ret = $this->mMember->update($data); if (!$ret['member_id']) { $this->errorOutput(MEMBER_DATA_UPDATE_FAILED); } $data['member_id'] = $member_id; $this->mMemberInfo->extension_edit($member_id, $this->input['member_info'], $_FILES); //扩展信息编辑 //头像入库 if (!empty($avatar)) { $avatar = $this->mMember->add_material($avatar, $member_id); if (!empty($avatar)) { $update_data = array('member_id' => $member_id, 'avatar' => maybe_serialize($avatar)); $ret_updata = $this->mMember->update($update_data); if (!$ret_updata['member_id']) { $this->errorOutput(AVATAR_ADD_FAILED); } } } $bind_info = array(); if ($nick_name) { $bind_info = array('nick_name' => $nick_name); } if ($bind_info) { $this->mMember->bind_update($bind_info, 'WHERE member_id = \'' . $member_id . '\''); } //会员痕迹 $member_trace_data = array('member_id' => $this->user['user_id'], 'member_name' => $this->user['user_name'], 'content_id' => $member_id, 'title' => $member_name[$member_id], 'type' => 'adminedit', 'op_type' => '管理员更新会员资料', 'appid' => $this->user['appid'], 'appname' => $this->user['display_name'], 'create_time' => TIMENOW, 'ip' => hg_getip(), 'device_token' => 'admin', 'udid' => 'admin'); $this->mMember->member_trace_create($member_trace_data); $this->addItem($member_id); $this->output(); }