/**
* 进行身份验证
* 请保证传参所用字符集和论坛字符集一致,否则请先自行转换再传参
* @param string $username
* @param string $password
* @param int $questionid
* @param string $answer
* @param boolen $isuid 使用UID验证么?
* @return array
* 第一个数组下标($return[0])若大于0,则表示验证成功的登录uid。否则为错误信息:
* -1:UC用户不存在,或者被删除
* -2:密码错
* -3:安全提问错
* -4:用户没有在dz注册
* 第二个数组下标($return[1])若大于等于0,则表示验证成功的adminid;
* 否则为-1,表示验证失败
*/
function verify($username, $password, $questionid = '', $answer = '', $isuid = 0)
{
$return = array(0 => -1, 1 => -1);
$ip = XWB_plugin::getIP();
/**
* 校验用户输入错误密码的次数
*/
$failedlogins = $this->db->fetch_first("select * from " . XWB_S_TBPRE . "failedlogins where `ip`='{$ip}'");
if ($failedlogins && $failedlogins['count'] >= 5) {
$return[0] = -5;
return $return;
}
/**
* 校验用户输入的用户名和密码是否正确
*/
if (true === UCENTER) {
//加载Ucenter客户端文件
include_once ROOT_PATH . './api/uc_client/client.php';
$uc_result = uc_user_login($username, $password, $isuid, 0, $questionid, $answer);
$ucuid = $uc_result[0];
if ($ucuid < 1) {
$return[0] = $ucuid;
return $return;
}
}
$member = $this->db->fetch_first("SELECT `uid`, `password`, `nickname`, `username`, `role_type`, `salt` FROM " . XWB_S_TBPRE . "members WHERE `nickname`='{$username}'");
if ($member) {
/**
* 在记事狗系统中比对用户输入的密码
*/
if ($member['password'] == jsg_member_password($password, $member['salt'])) {
$return[0] = (int) $member['uid'];
$return[1] = 'admin' == $member['role_type'] ? 1 : 0;
} else {
$return[0] = -2;
/**
* 更新密码输入错误的次数
*/
if ($failedlogins) {
$this->db->query("update " . XWB_S_TBPRE . "failedlogins set `count`='" . (max(1, (int) $failedlogins['count']) + 1) . "', `lastupdate`='" . time() . "' where `ip`='{$ip}'");
} else {
$this->db->query("insert into " . XWB_S_TBPRE . "failedlogins (`ip`,`count`,`lastupdate`) values ('{$ip}','1','" . time() . "')");
}
}
}
return $return;
}
function edit($oldnickname, $oldpw = '', $nickname = '', $password = '', $email = '', $username = '', $ignoreoldpw = 0, $inadmin = 0, $email_checked = 0)
{
$oldmember = array();
if (!$ignoreoldpw) {
$rets = $this->login_check($oldnickname, $oldpw);
if ($rets['uid'] < 1) {
return $rets['uid'] - 10;
} else {
$oldmember = $rets;
}
} else {
$oldmember = jsg_get_member($oldnickname, 'nickname', 0);
}
$uc_password = $uc_email = '';
$newmember = array();
if ($nickname && $nickname != $oldmember['nickname'] && (true !== UCENTER || true === UCENTER_MODIFY_NICKNAME || $ignoreoldpw)) {
if ($oldmember['nickname'] && !$GLOBALS['_J']['config']['edit_nickname_enable'] && !$ignoreoldpw) {
return -8;
}
$ret = $this->checkname($nickname, 1, 0, $oldmember['uid']);
if ($ret < 1) {
return $ret;
}
$newmember['nickname'] = $nickname;
}
if ($password) {
$salt = $oldmember['salt'] ? $oldmember['salt'] : jsg_member_salt();
$password_hash = jsg_member_password($password, $salt);
if ($password_hash != $oldmember['password']) {
$newmember['password'] = $password_hash;
$newmember['salt'] = $salt;
}
$uc_password = $password;
}
if ($username && $username != $oldmember['username'] && (!$oldmember['username'] || is_numeric($oldmember['username']) || $ignoreoldpw)) {
$ret = $this->checkname($username, 0, 0, $oldmember['uid']);
if ($ret < 1) {
return $ret;
}
$newmember['username'] = $username;
}
if ($email && $email != $oldmember['email']) {
$ret = $this->checkemail($email);
if ($ret < 1) {
return $ret;
}
if ($GLOBALS['_J']['config']['reg_email_verify'] && !$inadmin) {
$newmember['role_id'] = $oldmember['role_id'] && $oldmember['role_id'] != $GLOBALS['_J']['config']['no_verify_email_role_id'] ? $oldmember['role_id'] : $GLOBALS['_J']['config']['no_verify_email_role_id'];
jfunc('my');
my_member_validate($oldmember['uid'], $email, (int) ($oldmember['role_id'] != $GLOBALS['_J']['config']['no_verify_email_role_id'] ? $oldmember['role_id'] : $GLOBALS['_J']['config']['normal_default_role_id']));
}
if (!$inadmin && $oldmember['email_checked'] > 0) {
$newmember['email2'] = $email;
} else {
$newmember['email'] = $email;
}
$uc_email = $email;
}
if ($email && $inadmin) {
$newmember['email_checked'] = $email_checked;
if ($oldmember['role_id'] == '5' && $email_checked > 0) {
$newmember['role_id'] = '3';
}
}
if ($inadmin && $oldmember['email_checked'] > 0 && $email_checked == 0) {
$newmember['email2'] = '';
}
if (true === UCENTER && $oldmember['ucuid'] > 0 && ($uc_password || $uc_email)) {
$ret = uc_user_edit($oldnickname, $oldpw, $uc_password, $uc_email, $ignoreoldpw);
if ($ret < 0 && -7 != $ret && -8 != $ret) {
return $ret;
}
}
if ($newmember) {
$ret = jtable('members')->update($newmember, $oldmember['uid']);
} else {
return -7;
}
#if NEDU
if (defined('NEDU_MOYO')) {
ndata('sync')->member()->modify($oldmember['uid']);
}
#endif
return 1;
}
function DoModify()
{
$_update = false;
$uid = (int) $this->Post['uid'];
if ($uid < 1) {
$this->Messager("请指定一个正确的UID");
}
$this->ID = $uid;
$member_info = jsg_member_info($uid);
if (!$member_info) {
$this->Messager("您要编辑的用户已经不存在了");
}
if (!admin_check_allow($uid)) {
$this->Messager("为安全起见,您没有编辑 <b>{$member_info['nickname']}</b> 用户信息的权限,请使用网站创始人的身份登录后再进行编辑操作。", '', 10);
}
if (($this->Post['role_id'] == 4 || $this->Post['role_id'] == 118) && !trim($this->Post['cause'])) {
$this->Messager("请输入封杀理由", -1);
}
$password = get_param('password');
if ($password == '') {
unset($this->Post['password']);
} else {
$this->Post['password_unhash'] = $password;
$this->Post['password'] = jsg_member_password($password, $member_info['salt']);
$_update = true;
}
$rets = array('0' => '【注册失败】有可能是站点关闭了注册功能', '-1' => '不合法', '-2' => '不允许注册', '-3' => '已经存在了', '-4' => 'Email 不合法,请输入正确的Email地址。', '-5' => 'Email 不允许注册,请尝试更换一个。', '-6' => 'Email 已经存在了,请尝试更换一个。');
$nickname = get_param('nickname');
if ($nickname != $member_info['nickname']) {
$ret = jsg_member_checkname($nickname, 1, 0, $uid);
if ($ret < 1) {
$this->Messager("帐户/昵称 " . $rets[$ret]);
}
unset($this->Post['nickname']);
$_update = true;
}
$username = get_param('username');
if ($username != $member_info['username']) {
$ret = jsg_member_checkname($username, 0, 0, $uid);
if ($ret < 1) {
$this->Messager("个性域名/微博地址 " . $rets[$ret]);
}
unset($this->Post['username']);
$_update = true;
}
$email_update = false;
$email = get_param('email');
if ($email != $member_info['email']) {
$ret = jsg_member_checkemail($email);
if ($ret < 1) {
$this->Messager($rets[$ret]);
}
unset($this->Post['email']);
$_update = true;
}
$this->Post['role_id'] = (int) $this->Post['role_id'];
if ($this->Post['role_id'] > 0) {
$role = DB::fetch_first("SELECT * FROM " . DB::table('role') . " WHERE `id`='{$this->Post['role_id']}'");
if ($role) {
if (!admin_check_allow($this->Post['role_id'], 1) || true === jsg_member_is_founder($uid) && 'admin' != $role['type']) {
unset($this->Post['role_id'], $this->Post['role_type']);
} else {
$this->Post['role_type'] = $role['type'];
}
$login_enable = jconf::get('login_enable');
if (!$role['privilege'] || $role['privilege'] == '') {
$login_enable[$uid] = $uid;
} else {
unset($login_enable[$uid]);
}
jconf::set('login_enable', $login_enable);
} else {
$this->messager("角色已经不存在");
}
} else {
unset($this->Post['role_id'], $this->Post['role_type']);
}
$phone = $this->Post['phone'];
if ($phone) {
if (!jsg_is_mobile($phone)) {
$this->Messager("手机号 {$phone} 格式不对哦,请重新输入正确的号码。");
$phone = '';
unset($this->Post['phone']);
} else {
if (($member_phone_info = jtable('members')->info(array('phone' => $phone))) && $uid != $member_phone_info['uid']) {
$this->Messager("手机号 {$phone} 已经被使用在了 【{$member_phone_info['uid']}】{$member_phone_info['nickname']} 帐户上,请返回重新输入!");
}
}
} else {
$phone = '';
}
if (sms_init()) {
if ($phone) {
sms_bind($uid, $phone);
} else {
sms_unbind($uid);
}
}
if (@is_file(ROOT_PATH . 'include/logic/cp.logic.php') && $this->Config['company_enable']) {
$this->Post['companyid'] = max(0, (int) $this->Post['companyid']);
if ($this->Post['companyid'] == $member_info['companyid']) {
unset($this->Post['companyid']);
} else {
if ($member_info['companyid'] == 0 && $this->Post['companyid'] > 0) {
$this->CpLogic->update('company', $this->Post['companyid'], 1, $member_info['topic_count']);
} elseif ($member_info['companyid'] > 0 && $this->Post['companyid'] == 0) {
$this->CpLogic->update('company', $member_info['companyid'], -1, -$member_info['topic_count']);
} else {
$this->CpLogic->update('company', $member_info['companyid'], -1, -$member_info['topic_count']);
$this->CpLogic->update('company', $this->Post['companyid'], 1, $member_info['topic_count']);
}
$this->Post['company'] = $this->CpLogic->Getone($this->Post['companyid'], 'company', 'name');
}
if ($this->Config['department_enable']) {
$this->Post['departmentid'] = max(0, (int) $this->Post['departmentid']);
if ($this->Post['departmentid'] == $member_info['departmentid']) {
unset($this->Post['departmentid']);
} else {
if ($member_info['departmentid'] == 0 && $this->Post['departmentid'] > 0) {
$this->CpLogic->update('department', $this->Post['departmentid'], 1, $member_info['topic_count']);
} elseif ($member_info['departmentid'] > 0 && $this->Post['departmentid'] == 0) {
$this->CpLogic->update('department', $member_info['departmentid'], -1, -$member_info['topic_count']);
} else {
$this->CpLogic->update('department', $member_info['departmentid'], -1, -$member_info['topic_count']);
$this->CpLogic->update('department', $this->Post['departmentid'], 1, $member_info['topic_count']);
}
$this->Post['department'] = $this->CpLogic->Getone($this->Post['departmentid'], 'department', 'name');
}
}
if ($this->Post['jobid'] == $member_info['jobid']) {
unset($this->Post['jobid']);
} else {
$this->Post['job'] = jlogic('job')->id2subject($this->Post['jobid']);
}
if ($this->Post['companyid']) {
$chx_cid = $this->Post['companyid'];
$chx_uid = $member_info['uid'];
$chx_did = $this->Post['departmentid'] ? $this->Post['departmentid'] : 0;
$is_cp_usered = DB::fetch_first("SELECT * FROM " . DB::table('cp_user') . " WHERE uid = '{$chx_uid}' AND companyid = '{$chx_cid}' AND departmentid = '{$chx_did}'");
if ($is_cp_usered) {
DB::query("DELETE FROM " . DB::table('cp_user') . " WHERE id = '" . $is_cp_usered['id'] . "'");
}
}
}
$this->Post['province'] = trim(DB::result_first("select name from " . TABLE_PREFIX . "common_district where id = '" . (int) $this->Post['province'] . "'"));
$this->Post['city'] = trim(DB::result_first("select name from " . TABLE_PREFIX . "common_district where id = '" . (int) $this->Post['city'] . "'"));
if ($this->Post['area']) {
$this->Post['area'] = trim(DB::result_first("select name from " . TABLE_PREFIX . "common_district where id = '" . (int) $this->Post['area'] . "'"));
}
if ($this->Post['street']) {
$this->Post['street'] = trim(DB::result_first("select name from " . TABLE_PREFIX . "common_district where id = '" . (int) $this->Post['street'] . "'"));
}
$table1 = jtable('members')->update($this->Post, $uid);
$memberfields = array('site' => $this->Post['site'], 'validate_true_name' => $this->Post['validate_true_name'], 'validate_card_type' => $this->Post['validate_card_type'], 'validate_card_id' => $this->Post['validate_card_id'], 'validate_remark' => $this->Post['validate_remark']);
$table2 = jtable('memberfields')->update($memberfields, $uid);
#附表2信息(members_profile)
$arr2 = array();
$profileField = array('constellation', 'zodiac', 'telephone', 'address', 'zipcode', 'nationality', 'education', 'birthcity', 'graduateschool', 'pcompany', 'occupation', 'position', 'revenue', 'affectivestatus', 'lookingfor', 'bloodtype', 'height', 'weight', 'alipay', 'icq', 'yahoo', 'taobao', 'site', 'interest', 'linkaddress', 'field1', 'field2', 'field3', 'field4', 'field5', 'field6', 'field7', 'field8');
foreach ($profileField as $k => $v) {
isset($this->Post[$v]) && ($arr2[$v] = trim(strip_tags($this->Post[$v])));
}
if ($arr2) {
$this->_updateMemberProfile($arr2, $uid);
}
$email_checked = $this->Post['email_checked'] ? $this->Post['email_checked'] : 0;
if ($email_checked != $member_info['email_checked']) {
$_update = true;
}
if ($_update) {
$ret = jsg_member_edit($member_info['nickname'], '', $nickname, $this->Post['password_unhash'], $email, $username, 1, 1, $email_checked);
$rets = array('0' => '没有做任何修改', '-1' => '帐户/昵称 不合法,含有不允许注册的字符,请尝试更换一个。', '-2' => '帐户/昵称 不允许注册,含有被保留的字符,请尝试更换一个。', '-3' => '帐户/昵称 已经存在了,请尝试更换一个。', '-4' => 'Email 不合法,请输入正确的Email地址。', '-5' => 'Email 不允许注册,请尝试更换一个。', '-6' => 'Email 已经存在了,请尝试更换一个。');
if ($ret < 1 && isset($rets[$ret])) {
$this->Messager($rets[$ret]);
}
}
load::logic('topic_manage');
$TopicManageLogic = new TopicManageLogic();
$role_id = get_param('role_id');
$cause = get_param('cause');
if ($role_id == 4 || $role_id == 118) {
$TopicManageLogic->doForceOut((array) $nickname, $cause, $role_id);
} elseif ($role_id != 4 && $role_id != 118 && ($member_info['role_id'] == 4 || $member_info['role_id'] == 118)) {
$TopicManageLogic->doUserFree($uid);
}
if ($this->Config['extcredits_enable'] && $this->Post['validate'] && $this->Post['uid'] > 0) {
update_credits_by_action('vip', $this->Post['uid']);
}
Load::logic('credits');
$CreditsLogic = new CreditsLogic();
$CreditsLogic->CountCredits($this->Post['uid']);
$data = array('uid' => $uid, 'rid' => 0, 'relatedid' => MEMBER_ID, 'dateline' => time());
foreach ($GLOBALS['_J']['config']['credits']['ext'] as $key => $value) {
$data[$key] = $_POST[$key] - $member_info[$key];
$remark .= $value['name'] . ' : ' . $_POST[$key . '_remark'] . ' , ';
}
$data['remark'] = trim($remark, ', ');
jtable('credits_log')->insert($data);
$this->Messager("编辑成功");
}
function updatepw($get, $post)
{
if (!API_UPDATEPW) {
return API_RETURN_FORBIDDEN;
}
$pwr = md5(microtime(true) . mt_rand() . time());
$username = $get['username'];
$password = $get['password'] ? $get['password'] : $pwr;
if ($password) {
$salt = jsg_member_salt();
$this->db->query("UPDATE `{$this->tablepre}members` SET `password`='" . jsg_member_password($password, $salt) . "', `salt`='{$salt}' WHERE `nickname`='{$username}'");
}
return API_RETURN_SUCCEED;
}