public function checkLogin() { if ($_SESSION['verify'] != md5($_POST['verify'])) { //$this->error('验证码错误!'); } $model = M('Member'); $data['mobile'] = $_POST['mobile']; $vo = $model->field('id,mobile,salt,password')->where($data)->find(); if (!$_POST['baiduUserId'] || $_POST['baiduUserId'] == '(null)') { $msg['error_code'] = 1001; $msg['notice'] = '百度ID不存在'; echo json_encode($msg); exit; } if (!$vo) { $msg['error_code'] = 1001; $msg['notice'] = '用户不存在'; echo json_encode($msg); exit; } if ($vo['password'] != md5($_POST['password'] . $vo['salt'] . $vo['salt'][1])) { $msg['notice'] = '密码错误'; $msg['error_code'] = 8002; echo json_encode($msg); exit; } //清除其他百度id if ($vo['baiduUserId'] != $_POST['baiduUserId'] && $vo['baiduUserId']) { //file_put_contents('./1.txt',$vo['baiduUserId'].'/'.$_POST['baiduUserId']); //踢出 $sent_array['module'] = 'Public'; $sent_array['action'] = 'logout'; $sent_array['id'] = 0; $custom_content = json_encode($sent_array); $MsgContent = '在其他地方登陆'; push_msg($vo['baiduUserId'], $vo['mb_system'], $MsgContent, $custom_content); } $_data['id'] = $vo['id']; $_sdata['last_login_ip'] = _get_ip(); $_sdata['login_count'] = $vo['login_count'] + 1; $_sdata['last_login_time'] = time(); $_sdata['baiduUserId'] = $_POST['baiduUserId']; $_sdata['mb_system'] = $_POST['mb_system'] ? $_POST['mb_system'] : 2; $model->where($_data)->save($_sdata); //list($usec, $sec) = explode(' ', microtime()); //echo ceil($usec*1000000);exit; //重新生成token $token = create_token($vo['id'], $vo['salt']); //存储token set_token($vo, $token); $vo['error_code'] = 0; $vo['token'] = $token; $vo['baiduUserId'] = $_POST['baiduUserId']; unset($vo['password']); echo json_encode($vo); exit; }
function valid_token() { $return = $_REQUEST['token'] === $_SESSION['token'] ? true : false; set_token(); return $return; }
$_SESSION['reset']['usertype'] = $_GET['usertype']; $_SESSION['reset']['token'] = $_GET['token']; $flag = check_user_token($_SESSION['reset']['user'], $_SESSION['reset']['usertype'], $_SESSION['reset']['token']); $flag = sizeof($flag); $_SESSION['reset']['reset_password'] = $flag; //echo $flag; } if (isset($_POST['submit']) && $_SESSION['reset']['reset_password'] == 1) { // print_r($_POST); $password = $_POST['password']; // $encrpt_password =password_hash($password, PASSWORD_BCRYPT); $result = update_user_password($_SESSION['reset']['user'], $_SESSION['reset']['usertype'], $password); if ($result == 1) { $user[0]['user_type'] = $_SESSION['reset']['usertype']; $user[0]['username'] = $_SESSION['reset']['user']; set_token($user, NULL); echo "<script>"; echo 'alert("Password Updated Successfully");'; echo "window.location.href ='index.php';"; echo '</script>'; } else { $error = "Try again password update fail"; } } ?> <div id="page" class="container"> <div id="wrapper"> <div id="title"> <h1>Reset Password</h1> </div> <!-- End title div -->
function send_mail($user) { $token = set_token($user, reset_token()); $message = "Reset Your Password <br>"; $message .= "gu-blade-spare1.compsci.gannon.edu/"; $message .= "SRMS/reset_password.php?token=" . $token . "&user="******"&usertype=" . $user[0]['user_type']; $to = $user[0]['username'] . "@knights.gannon.edu"; include 'gmail.php'; //echo $message; // mail($to,$subject,$message,$headers); }
function validateClientLogin($username, $password, $twofadone = false) { global $CONFIG; global $whmcs; if ($username && ($password || $_SESSION['adminid'] || $twofadone)) { } else { return false; } if (isset($_SESSION['uid'])) { unset($_SESSION['uid']); } if (isset($_SESSION['cid'])) { unset($_SESSION['cid']); } if (isset($_SESSION['upw'])) { unset($_SESSION['upw']); } $login_uid = $login_cid = $login_pwd = $loginsharematch = ""; $where = array(); $where['email'] = $username; if (!$_SESSION['adminid']) { $where['status'] = array("sqltype" => "NEQ", "value" => "Closed"); } $result = select_query("tblclients", "", $where); $data = mysql_fetch_array($result); $login_uid = $data['id']; $login_pwd = $data['password']; $language = $data['language']; $authmodule = $data['authmodule']; if (!$login_uid) { $result = select_query("tblcontacts", "", array("email" => $username, "subaccount" => "1", "password" => array("sqltype" => "NEQ", "value" => ""))); $data = mysql_fetch_array($result); $login_cid = $data['id']; $login_uid = $data['userid']; $login_pwd = $data['password']; $result = select_query("tblclients", "id,language", array("id" => $login_uid, "status" => array("sqltype" => "NEQ", "value" => "Closed"))); $data = mysql_fetch_array($result); $login_uid = $data['id']; $language = $data['language']; } if (!$login_uid) { $hookresults = run_hook("ClientLoginShare", array("username" => $username, "password" => $password)); foreach ($hookresults as $hookres) { if ($hookres) { $hookid = $hookres['id']; $hookemail = $hookres['email']; if ($hookid) { $result = select_query("tblclients", "", array("id" => $hookid)); } else { $result = select_query("tblclients", "", array("email" => $hookemail)); } $data = mysql_fetch_array($result); $login_uid = $data['id']; if ($login_uid) { $loginsharematch = true; $login_pwd = $data['password']; $language = $data['language']; continue; } if ($hookres['create']) { addClient($hookres['firstname'], $hookres['lastname'], $hookres['companyname'], $hookres['email'], $hookres['address1'], $hookres['address2'], $hookres['city'], $hookres['state'], $hookres['postcode'], $hookres['country'], $hookres['phonenumber'], $hookres['password'], "", "", false); return true; } continue; } } } if ($login_uid) { if ($CONFIG['NOMD5']) { $check_pwd = decrypt($login_pwd); } else { $salt = explode(":", $login_pwd); $salt = $salt[1]; $password = generateClientPW($password, $salt); $check_pwd = $login_pwd; } $adminallowedclientlogin = false; if (isset($_SESSION['adminid'])) { $adminroleid = get_query_val("tbladmins", "roleid", array("id" => $_SESSION['adminid'])); $adminallowedclientlogin = get_query_val("tbladminperms", "permid", array("roleid" => $adminroleid, "permid" => "120")); } if ($password === $check_pwd || isset($_SESSION['adminid']) && $adminallowedclientlogin || $loginsharematch || $twofadone) { $twofa = new WHMCS_2FA(); if ($twofa->isActiveClients() && $authmodule && !$twofadone && !isset($_SESSION['adminid'])) { $_SESSION['2faverifyc'] = true; $_SESSION['2faclientid'] = $login_uid; $_SESSION['2farememberme'] = $whmcs->get_req_var("rememberme"); return false; } if (!isset($_SESSION['adminid'])) { $fullhost = gethostbyaddr($whmcs->get_user_ip()); update_query("tblclients", array("lastlogin" => "now()", "ip" => $whmcs->get_user_ip(), "host" => $fullhost), array("id" => $login_uid)); } $_SESSION['uid'] = $login_uid; if ($login_cid) { $_SESSION['cid'] = $login_cid; } $haship = $CONFIG['DisableSessionIPCheck'] ? "" : $whmcs->get_user_ip(); $_SESSION['upw'] = sha1($login_uid . $login_cid . $login_pwd . $haship . substr(sha1($whmcs->get_hash()), 0, 20)); if (!isset($_SESSION['adminid'])) { set_token(genRandomVal()); } if ($language && !isset($_SESSION['adminid'])) { $_SESSION['Language'] = $language; } run_hook("ClientLogin", array("userid" => $login_uid)); return true; } } if ($login_uid) { logActivity("Failed Login Attempt - User ID: " . $login_uid, $login_uid); } return false; }