function admin_pwd_reset()
{
header("Content-Type: application/json; charset=utf-8");
if (!$this->check()) {
return;
}
$id = $this->__req->post('id');
$rt = ['status' => false, 'msg' => ''];
$pwd = salt(12);
$a_salt = salt(32);
$a_pwd = salt_hash(md5_xx($pwd), $a_salt);
$db = db_class();
$id = $db->update_admin_info($id, compact('a_salt', 'a_pwd'));
if ($id == 1) {
$rt['status'] = true;
$rt['msg'] = $pwd;
} else {
$rt['msg'] = "更新失败";
}
echo json_encode($rt);
}
$result = $stmt->execute();
$rows = 0;
while ($row = $result->fetchArray()) {
$salt = $row['salt'];
$rows++;
}
if ($rows < 1) {
$_SESSION['error'] = TRUE;
$_SESSION['error_log'] = 'Invalid username, password or citizen card.';
redirect('../login.php');
exit;
}
$bi = getbi();
$query = "SELECT * FROM users WHERE name = :name and pass = :pass and serial = '" . $bi . "'";
$stmt = $db->prepare($query);
$stmt->bindValue(':name', $_POST['username']);
$stmt->bindValue(':pass', salt_hash($_POST['password'], $salt));
$result = $stmt->execute();
$rows = 0;
while ($row = $result->fetchArray()) {
$rows++;
}
if ($rows < 1) {
$_SESSION['error'] = TRUE;
$_SESSION['error_log'] = 'Invalid username, password or citizen card.';
redirect('../login.php');
exit;
}
$_SESSION['on'] = TRUE;
$_SESSION['username'] = $_POST['username'];
redirect('../index.php');
public function login($user, $password)
{
$user = trim($user);
$password = trim($password);
$info = $this->db->get_admin_info($user);
if (isset($info['a_name']) && $info['a_name'] === $user) {
if (salt_hash(md5_xx($password), $info['a_salt']) == $info['a_pwd']) {
if ($info['a_status'] == 1) {
return "账户被禁用";
} else {
$ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : NULL;
if ($this->ip_filter($info['a_ip'], $ip)) {
$this->status = true;
$this->set_session($info, $ip);
return true;
} else {
return "当前IP{" . ($ip ? $ip : "{NULL}") . "}禁止登陆";
}
}
} else {
return "用户名或密码错误";
}
} else {
return "用户名不存在";
}
}
/**
* 发送邮件给新的邮箱地址
* @param User $user
* @param string $email
* @param string $password
* @throws \Exception
*/
public function edit_email_send_mail($user, $email, $password)
{
lib()->load('UserCheck', 'MailTemplate');
$email = strtolower(trim($email));
if ($user->getPassword() !== UserCheck::CreatePassword($password, $user->getSalt())) {
$this->throwMsg(-10);
}
$email_check = UserCheck::CheckEmail($email);
if ($email_check !== true) {
throw new \Exception($email_check);
}
$meta = ['edit_email_add' => $email, 'edit_email_time' => date("Y-m-d H:i:s"), 'edit_email_code' => salt_hash($email . $user->getEmail(), salt())];
$user->getMeta()->set($meta);
$mt = new MailTemplate("edit_email.html");
$mt->setUserInfo($user->getInfo());
$mt->setValues(['verify_code' => $meta['edit_email_code']]);
$mt->mailSend($user->getName(), $email);
}
require_once '../utils/function.php';
if (!isset($_SESSION['on'])) {
redirect('../login.php');
exit;
}
if (!isset($_POST['renew'])) {
redirect('../secure/accounts.php');
exit;
}
if (!can_create_account($_SESSION['username'])) {
$_SESSION['error'] = TRUE;
$_SESSION['error_log'] = 'You are not authorized to renew Linux accounts.';
redirect('../secure/accounts.php');
exit;
}
$days = config_days();
$length = config_length();
$pin = genpin($length);
$expdate = time() + 24 * 60 * 60 * $days;
$salt = gensalt();
$query = "UPDATE passwd SET password = '******', salt = '" . $salt . "', expflag = 0, expdate =" . $expdate . ", retrycount = 0 WHERE username = :renewList";
$stmt = $db->prepare($query);
$stmt->bindValue(':renewList', $_POST['renewList']);
$result = $stmt->execute();
$_SESSION['pin'] = $pin;
$_SESSION['account'] = $_POST['renewList'];
$_SESSION['has_pin'] = TRUE;
$_SESSION['account_state'] = 'Renewed';
$_SESSION['error'] = TRUE;
$_SESSION['error_log'] = 'Account ' . $_POST['deleteList'] . ' renewed.';
redirect('../secure/account.php');
/**
* @param $user
* @param $password
*/
public function create_user($user, $password)
{
$salt = salt(40);
$password = salt_hash(_hash($password), $salt);
var_dump(db()->insert("user", array('user' => $user, 'password' => $password, 'salt' => $salt, 'token' => _hash($password . salt(50)))));
var_dump(db()->error());
}
/**
* POST登录
* @param string $account
* @param string $password
* @param string $captcha
* @param bool $save_status
*/
public function PostLogin($account, $password, $captcha, $save_status)
{
if (empty($account) || empty($password)) {
$this->throwMsg(-10);
}
$save_status = !empty($save_status);
if (!$this->Captcha($captcha)) {
//验证码检测
$this->throwMsg(-5);
}
$account = strtolower($account);
$password = strtolower($password);
$this->GetAccountUser($account);
lib()->load('UserCheck');
if (!UserCheck::CheckPasswordChar($password)) {
$this->throwMsg(-3);
}
$ip = Ip::getInstance();
$max_error_count = hook()->apply("UserLogin_max_error_count", 6);
$now_ip = $ip->realip();
if ($max_error_count <= $this->user->getErrorLoginCount() && $ip->fill($now_ip) === $ip->fill($this->user->getErrorLoginIp()) && explode(" ", $this->user->getErrorLoginTime())[0] == date("Y-m-d")) {
//登录被限制
$this->throwMsg(-8);
} else {
if (UserCheck::CreatePassword($password, $this->user->getSalt()) !== $this->user->getPassword()) {
//错误登录记录
$this->user->set(array("error_login_count" => 1 + $this->user->getErrorLoginCount(), 'error_login_time' => date("Y-m-d H:i:s"), 'error_login_ip' => $now_ip));
if ($this->user->getErrorLoginCount() >= $max_error_count) {
hook()->apply("UserLogin_PostLogin_restrictions", NULL, $this->user);
}
$this->throwMsg(-4);
} else {
if (in_array($this->user->getStatus(), [0, 1, 2])) {
if ($this->user->getErrorLoginCount() > 0) {
//错误登录清零
$this->user->set(array("error_login_count" => 0));
}
} else {
//登录受限制,无法登录
$this->throwMsg(-9);
}
}
}
try {
//登录成功后的COOKIE设置
if (strlen($this->user->getCookieLogin()) < 10) {
$this->user->set(array("cookie_login" => salt_hash(time() . $this->user->getEmail(), salt(20))));
}
if ($save_status) {
cookie()->set("UserLogin", $this->user->getId() . "\t" . $this->user->getCookieLogin(), hook()->apply("UserLogin_PostLogin_CookieTime", time() + 60 * 60 * 24 * 7));
} else {
cookie()->set("UserLogin", $this->user->getId() . "\t" . $this->user->getCookieLogin());
}
} catch (\Exception $ex) {
$this->throwMsg(-6);
}
try {
//最后登录信息
self::setLastLoginInfo($this->user);
} catch (\Exception $ex) {
$this->code = -7;
}
hook()->apply('UserLogin_PostLogin_Success', NULL, $this->user);
}
public static function login($username, $password)
{
$user = User::load($username);
if ($user->pass_hash !== salt_hash($password)) {
return false;
}
$_SESSION["user"] = $user;
return $user;
}
$result = $db->query($query);
$row = $result->fetchArray();
$uid = $row['uid'] + 1;
} else {
$uid = 10000;
}
$length = config_length();
$pin = genpin($length);
$days = config_days();
$account = $_POST['account'];
$gid = 10000;
$home = '/home/' . $_POST['account'];
$bash = '/bin/bash';
$expdate = time() + 86400 * $days;
$expflag = 0;
$retrycount = 0;
$salt = gensalt();
$query = "INSERT INTO passwd (uid, gid, username, password, salt, home, bash, expdate, expflag, retrycount) VALUES (" . $uid . ", " . $gid . ", :account, '" . salt_hash($pin, $salt) . "', '" . $salt . "', :home, '" . $bash . "', " . $expdate . ", " . $expflag . ", '" . $retrycount . "')";
$stmt = $db->prepare($query);
$stmt->bindValue(':account', $account);
$stmt->bindValue(':home', $home);
$result = $stmt->execute();
$query = "INSERT INTO useraccounts (username, account) VALUES ( '" . $_SESSION['username'] . "', :account)";
$stmt = $db->prepare($query);
$stmt->bindValue(':account', $_POST['account']);
$result = $stmt->execute();
$_SESSION['pin'] = $pin;
$_SESSION['account'] = $_POST['account'];
$_SESSION['has_pin'] = TRUE;
$_SESSION['account_state'] = 'Created';
redirect('../secure/account.php');
