protected function _before_write(&$data) { parent::_before_write($data); if (!empty($data['user_pass']) && strlen($data['user_pass']) < 25) { $data['user_pass'] = sp_password($data['user_pass']); } }
public function password_post() { if (IS_POST) { if (empty($_POST['old_password'])) { $this->error("原始密码不能为空!"); } if (empty($_POST['password'])) { $this->error("新密码不能为空!"); } $uid = sp_get_current_userid(); $admin = $this->users_model->where("id={$uid}")->find(); $old_password = $_POST['old_password']; $password = $_POST['password']; if (sp_password($old_password) == $admin['user_pass']) { if ($_POST['password'] == $_POST['repassword']) { if ($admin['user_pass'] == sp_password($password)) { $this->error("新密码不能和原始密码相同!"); } else { $data['user_pass'] = sp_password($password); $data['id'] = $uid; $r = $this->users_model->save($data); if ($r !== false) { $this->success("修改成功!"); } else { $this->error("修改失败!"); } } } else { $this->error("密码输入不一致!"); } } else { $this->error("原始密码不正确!"); } } }
public function dologin() { $name = I("post.username"); if (empty($name)) { $this->error(L('USERNAME_OR_EMAIL_EMPTY')); } $pass = I("post.password"); if (empty($pass)) { $this->error(L('PASSWORD_REQUIRED')); } $verrify = I("post.verify"); if (empty($verrify)) { $this->error(L('CAPTCHA_REQUIRED')); } //验证码 if (!sp_check_verify_code()) { $this->error(L('CAPTCHA_NOT_RIGHT')); } else { $user = D("Common/Users"); if (strpos($name, "@") > 0) { //邮箱登陆 $where['user_email'] = $name; } else { $where['user_login'] = $name; } $result = $user->where($where)->find(); if (!empty($result) && $result['user_type'] == 1) { if ($result['user_pass'] == sp_password($pass)) { $role_user_model = M("RoleUser"); $role_user_join = C('DB_PREFIX') . 'role as b on a.role_id =b.id'; $groups = $role_user_model->alias("a")->join($role_user_join)->where(array("user_id" => $result["id"], "status" => 1))->getField("role_id", true); if ($result["id"] != 1 && (empty($groups) || empty($result['user_status']))) { $this->error(L('USE_DISABLED')); } //登入成功页面跳转 $_SESSION["ADMIN_ID"] = $result["id"]; $_SESSION['name'] = $result["user_login"]; $result['last_login_ip'] = get_client_ip(); $result['last_login_time'] = date("Y-m-d H:i:s"); $user->save($result); setcookie("admin_username", $name, time() + 30 * 24 * 3600, "/"); $this->success(L('LOGIN_SUCCESS'), U("Index/index")); } else { $this->error(L('PASSWORD_NOT_RIGHT')); } } else { $this->error(L('USERNAME_NOT_EXIST')); } } }
function doregister() { $users_model = M("Users"); $rules = array(array('username', 'require', '账号不能为空!', 1), array('mobile', 'require', '手机号不能为空!', 1), array('password', 'require', '密码不能为空!', 1), array('repassword', 'require', '重复密码不能为空!', 1), array('repassword', 'password', '确认密码不正确', 0, 'confirm')); if ($users_model->validate($rules)->create() === false) { $this->error($users_model->getError()); } extract($_POST); //用户名需过滤的字符的正则 $stripChar = '?<*.>\'"'; if (preg_match('/[' . $stripChar . ']/is', $username) == 1) { $this->error('用户名中包含' . $stripChar . '等非法字符!'); } $banned_usernames = explode(",", sp_get_cmf_settings("banned_usernames")); if (in_array($username, $banned_usernames)) { $this->error("此用户名禁止使用!"); } if (strlen($password) < 5 || strlen($password) > 20) { $this->error("密码长度至少5位,最多20位!"); } if (!preg_match("/^1\\d{10}\$/", $mobile)) { $this->error('手机号码格式不正确'); } //需要获取到的短信验证码验证规则 $verifyCode = session("registerSMS"); if ($messcode != $verifyCode) { $this->error("短信验证码不正确,请重新验证!"); } $where['user_login'] = $username; $where['user_phone'] = $mobile; $where['_logic'] = 'OR'; $users_model = M("Users"); $result = $users_model->where($where)->count(); if ($result) { $this->error("用户名或者该手机号已经存在!"); } else { $data = array('user_login' => $username, 'user_phone' => $mobile, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(), 'create_time' => date("Y-m-d H:i:s"), 'last_login_time' => date("Y-m-d H:i:s"), "user_type" => 2); $rst = $users_model->add($data); if ($rst) { //登入成功页面跳转 $data['id'] = $rst; $_SESSION['user'] = $data; $this->success("注册成功!", __ROOT__ . "/"); } else { $this->error("注册失败!", U("user/register/index")); } } }
public function dologin() { $name = I("post.username"); $this->err_msg = ''; if (empty($name)) { $this->err_msg = L('USERNAME_OR_EMAIL_EMPTY'); } $pass = I("post.password"); if (empty($pass)) { $this->err_msg = L('PASSWORD_REQUIRED'); } $verrify = I("post.verify"); if (empty($verrify)) { $this->err_msg = L('CAPTCHA_REQUIRED'); } //验证码 if (!$this->check_verify($verrify)) { $this->err_msg = L('CAPTCHA_NOT_RIGHT'); } if (!empty($this->err_msg)) { $this->assign("err_msg", $this->err_msg); $this->display(":login"); exit; } $user = D("AdminUser"); $where['user_login'] = $name; $result = $user->where($where)->find(); if ($result != null) { if ($result['user_pass'] == sp_password($pass)) { //登入成功页面跳转 $_SESSION["ADMIN_ID"] = $result["id"]; $_SESSION['name'] = $result["user_login"]; session("roleid", $result['role_id']); $result['last_login_ip'] = get_client_ip(); $result['last_login_time'] = date("Y-m-d H:i:s"); $user->save($result); setcookie("admin_username", $name, time() + 30 * 24 * 3600, "/"); $this->redirect("Index/index"); } else { $this->err_msg = L('PASSWORD_NOT_RIGHT'); } } else { $this->err_msg = L('USERNAME_NOT_EXIST'); } $this->assign("err_msg", $this->err_msg); $this->display(":login"); }
function change_pwd($oldpwd, $newpwd) { //验证旧密码 $prefix = C("DB_PREFIX"); $uid = $_SESSION['user']['id']; $sql = "select user_pass from {$prefix}member where uid = {$uid}"; $res = $this->find($uid); $oldpwd = sp_password($oldpwd); if ($res['user_pass'] != $oldpwd) { return -1; //旧密码错误 } $data['user_pass'] = sp_password($newpwd); $where['id'] = $uid; $result = $this->where($where)->save($data); return $result; }
public function dologin() { $name = I("post.username"); if (empty($name)) { $this->error(L('USERNAME_OR_EMAIL_EMPTY')); } $pass = I("post.password"); if (empty($pass)) { $this->error(L('PASSWORD_REQUIRED')); } $verrify = I("post.verify"); if (empty($verrify)) { $this->error(L('CAPTCHA_REQUIRED')); } //验证码 if ($_SESSION['_verify_']['verify'] != strtolower($verrify)) { $this->error(L('CAPTCHA_NOT_RIGHT')); } else { $user = D("Users"); if (strpos($name, "@") > 0) { //邮箱登陆 $where['user_email'] = $name; } else { $where['user_login'] = $name; } $result = $user->where($where)->find(); if ($result != null && $result['user_type'] == 1) { if ($result['user_pass'] == sp_password($pass)) { //登入成功页面跳转 $_SESSION["ADMIN_ID"] = $result["id"]; $_SESSION['name'] = $result["user_login"]; session("roleid", $result['role_id']); $result['last_login_ip'] = get_client_ip(); $result['last_login_time'] = date("Y-m-d H:i:s"); $user->save($result); setcookie("admin_username", $name, time() + 30 * 24 * 3600, "/"); $this->success(L('LOGIN_SUCCESS'), U("Index/index")); } else { $this->error(L('PASSWORD_NOT_RIGHT')); } } else { $this->error(L('USERNAME_NOT_EXIST')); } } }
public function dologin() { $name = I("post.username"); if (empty($name)) { $this->error("用户名或邮箱不能为空!"); } $pass = I("post.password"); if (empty($pass)) { $this->error("密码不能为空!"); } $verrify = I("post.verify"); if (empty($verrify)) { $this->error("验证码不能为空!"); } //验证码 if ($_SESSION['_verify_']['verify'] != strtolower($verrify)) { $this->error("验证码错误!"); } else { $user = D("Users"); if (strpos($name, "@") > 0) { //邮箱登陆 $where['user_email'] = $name; } else { $where['user_login'] = $name; } $result = $user->where($where)->find(); if ($result != null) { if ($result['user_pass'] == sp_password($pass)) { //登入成功页面跳转 $_SESSION["ADMIN_ID"] = $result["ID"]; $_SESSION['name'] = $result["user_login"]; session("roleid", $result['role_id']); $result['last_login_ip'] = get_client_ip(); $result['last_login_time'] = date("Y-m-d H:i:s"); $user->save($result); setcookie("admin_username", $name, time() + 30 * 24 * 3600, "/"); $this->success("登录验证成功!", U("Index/index")); } else { $this->error("密码错误!"); } } else { $this->error("用户名不存在!"); } } }
function password_post() { if (IS_POST) { if (empty($_POST['old_password'])) { $this->error("原始密码不能为空!"); } if (empty($_POST['password'])) { $this->error("新密码不能为空!"); } $user_obj = D("Users"); $uid = get_current_admin_id(); $admin = $user_obj->where(array("id" => $uid))->find(); $old_password = $_POST['old_password']; $password = $_POST['password']; if (sp_password($old_password) == $admin['user_pass']) { if ($_POST['password'] == $_POST['repassword']) { if ($admin['user_pass'] == sp_password($password)) { $this->error("新密码不能和原始密码相同!"); } else { $data['user_pass'] = sp_password($password); $data['id'] = $uid; $r = $user_obj->save($data); if ($r !== false) { $this->success("修改成功!"); } else { $this->error("修改失败!"); } } } else { $this->error("密码输入不一致!"); } } else { $this->error("原始密码不正确!"); } } }
$strConfig = str_replace('#DB_USER#', $dbUser, $strConfig); $strConfig = str_replace('#DB_PWD#', $dbPwd, $strConfig); $strConfig = str_replace('#DB_PORT#', $dbPort, $strConfig); $strConfig = str_replace('#DB_PREFIX#', $dbPrefix, $strConfig); $strConfig = str_replace('#AUTHCODE#', sp_random_string(18), $strConfig); $strConfig = str_replace('#COOKIE_PREFIX#', sp_random_string(6) . "_", $strConfig); @chmod(SITEDIR . '/data/conf/db.php', 0777); @file_put_contents(SITEDIR . '/data/conf/db.php', $strConfig); //插入管理员 //生成随机认证码 $verify = sp_random_string(6); $time = time(); $create_date = date("Y-m-d h:i:s"); $ip = get_client_ip(); $ip = empty($ip) ? "0.0.0.0" : $ip; $password = sp_password($password, $dbPrefix); $query = "INSERT INTO `{$dbPrefix}users` (id,user_login,user_pass,user_nicename,user_email,user_url,create_time,user_activation_key,user_status,last_login_ip,last_login_time) VALUES ('1', '{$username}', '{$password}', 'admin', '{$email}', '', '{$create_date}', '', '1', '{$ip}','{$create_date}');"; mysql_query($query); $message = '成功添加管理员<br />成功写入配置文件<br>安装完成.'; $arr = array('n' => 999999, 'msg' => $message); echo json_encode($arr); exit; } include_once "./templates/s4.php"; exit; case '5': $ip = get_client_ip(); $host = $_SERVER['HTTP_HOST']; include_once "./templates/s5.php"; @touch('./install.lock'); exit;
private function _do_email_login() { $username = $_POST['username']; $password = $_POST['password']; if (strpos($username, "@") > 0) { //邮箱登陆 $where['user_email'] = $username; } else { $where['user_login'] = $username; } $users_model = M('Users'); $result = $users_model->where($where)->find(); $ucenter_syn = C("UCENTER_ENABLED"); $ucenter_old_user_login = false; $ucenter_login_ok = false; if ($ucenter_syn) { setcookie("thinkcmf_auth", ""); include UC_CLIENT_ROOT . "client.php"; list($uc_uid, $username, $password, $email) = uc_user_login($username, $password); if ($uc_uid > 0) { if (!$result) { $data = array('user_login' => $username, 'user_email' => $email, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(0, true), 'create_time' => time(), 'last_login_time' => time(), 'user_status' => '1', 'user_type' => 2); $id = $users_model->add($data); $data['id'] = $id; $result = $data; } } else { switch ($uc_uid) { case "-1": //用户不存在,或者被删除 if ($result) { //本应用已经有这个用户 if (sp_compare_password($password, $result['user_pass'])) { //本应用已经有这个用户,且密码正确,同步用户 $uc_uid2 = uc_user_register($username, $password, $result['user_email']); if ($uc_uid2 < 0) { $uc_register_errors = array("-1" => "用户名不合法", "-2" => "包含不允许注册的词语", "-3" => "用户名已经存在", "-4" => "Email格式有误", "-5" => "Email不允许注册", "-6" => "该Email已经被注册"); $this->error("同步用户失败--" . $uc_register_errors[$uc_uid2]); } $uc_uid = $uc_uid2; } else { $this->error("密码错误1!"); } } break; case -2: //密码错 if ($result) { //本应用已经有这个用户 if (sp_compare_password($password, $result['user_pass'])) { //本应用已经有这个用户,且密码正确,同步用户 $uc_user_edit_status = uc_user_edit($username, "", $password, "", 1); if ($uc_user_edit_status <= 0) { $this->error("登陆错误3!"); } list($uc_uid2) = uc_get_user($username); $uc_uid = $uc_uid2; $ucenter_old_user_login = true; } else { $this->error("密码错误4!"); } } else { $this->error("密码错误1!"); } break; } } $ucenter_login_ok = true; echo uc_user_synlogin($uc_uid); } //exit(); if (!empty($result)) { if (sp_compare_password($password, $result['user_pass']) || $ucenter_login_ok) { $_SESSION["user"] = $result; //写入此次登录信息 $data = array('last_login_time' => date("Y-m-d H:i:s"), 'last_login_ip' => get_client_ip(0, true)); $users_model->where("id=" . $result["id"])->save($data); $redirect = empty($_SESSION['login_http_referer']) ? __ROOT__ . "/" : $_SESSION['login_http_referer']; $_SESSION['login_http_referer'] = ""; $ucenter_old_user_login_msg = ""; if ($ucenter_old_user_login) { //$ucenter_old_user_login_msg="老用户请在跳转后,再次登陆"; } $this->success("登录验证成功!", $redirect); } else { $this->error("密码错误7!"); } } else { $this->error("用户名不存在!"); } }
function changepass() { if (IS_POST) { if ($_POST['pass'] != $_POST['repass']) { $this->error("两次密码输入不一致!"); } if (strlen($_POST['pass']) < 5 || strlen($_POST['pass']) > 12) { $this->error("密码长度至少5位,最多12位!"); } $mem = M('Members'); $uid = $_SESSION["MEMBER_id"]; $user_info = $mem->where("ID={$uid}")->find(); $old_password = $_POST['inipass']; $password = $_POST['pass']; if (sp_password($old_password) == $user_info['user_pass']) { if ($user_info['user_pass'] == sp_password($password)) { $this->error("新密码不能和原密码相同!"); } else { $ucenter_syn = C("UCENTER_ENABLED"); $can_change_password = true; if ($ucenter_syn) { include UC_CLIENT_ROOT . "client.php"; $uc_result = uc_user_edit($user_info['user_login_name'], $old_password, $password, ""); if (!$uc_result) { $can_change_password = false; } } if ($can_change_password) { $data['user_pass'] = sp_password($password); $data['ID'] = $uid; $r = $mem->save($data); if ($r != false) { $this->success("修改成功!"); } else { $this->error("修改失败!"); } } else { $this->error("修改失败!"); } } } else { $this->error("原密码不正确!"); } } else { $this->error('提交数据为空!'); } }
function dologin() { if ($_SESSION['_verify_']['verify'] != strtolower($_POST['verify'])) { $this->error("验证码错误!"); } $users_model = M("Users"); $rules = array(array('terms', 'require', '您未同意服务条款!', 1), array('username', 'require', '用户名或者邮箱不能为空!', 1), array('password', 'require', '密码不能为空!', 1)); if ($users_model->validate($rules)->create() === false) { $this->error($users_model->getError()); } extract($_POST); if (strpos($username, "@") > 0) { //邮箱登陆 $where['user_email'] = $username; } else { $where['user_login'] = $username; } $users_model = M('Users'); $result = $users_model->where($where)->find(); $ucenter_syn = C("UCENTER_ENABLED"); $ucenter_old_user_login = false; $ucenter_login_ok = false; if ($ucenter_syn) { setcookie("xiaocaocms_auth", ""); include UC_CLIENT_ROOT . "client.php"; list($uc_uid, $username, $password, $email) = uc_user_login($username, $password); if ($uc_uid > 0) { if (!$result) { $data = array('user_login' => $username, 'user_email' => $email, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(), 'create_time' => time(), 'last_login_time' => time(), 'user_status' => '1'); $id = $users_model->add($data); $data['id'] = $id; $result = $data; } } else { switch ($uc_uid) { case "-1": //用户不存在,或者被删除 if ($result) { //本应用已经有这个用户 if ($result['user_pass'] == sp_password($password)) { //本应用已经有这个用户,且密码正确,同步用户 $uc_uid2 = uc_user_register($username, $password, $result['user_email']); if ($uc_uid2 < 0) { $uc_register_errors = array("-1" => "用户名不合法", "-2" => "包含不允许注册的词语", "-3" => "用户名已经存在", "-4" => "Email格式有误", "-5" => "Email不允许注册", "-6" => "该Email已经被注册"); $this->error("同步用户失败--" . $uc_register_errors[$uc_uid2]); } $uc_uid = $uc_uid2; } else { $this->error("密码错误!"); } } break; case -2: //密码错 if ($result) { //本应用已经有这个用户 if ($result['user_pass'] == sp_password($password)) { //本应用已经有这个用户,且密码正确,同步用户 $uc_user_edit_status = uc_user_edit($username, "", $password, "", 1); if ($uc_user_edit_status <= 0) { $this->error("登陆错误!"); } list($uc_uid2) = uc_get_user($username); $uc_uid = $uc_uid2; $ucenter_old_user_login = true; } else { $this->error("密码错误!"); } } else { $this->error("密码错误!"); } break; } } $ucenter_login_ok = true; echo uc_user_synlogin($uc_uid); } //exit(); if ($result != null) { if ($result['user_pass'] == sp_password($password) || $ucenter_login_ok) { $_SESSION["user"] = $result; //写入此次登录信息 $data = array('last_login_time' => date("Y-m-d H:i:s"), 'last_login_ip' => get_client_ip()); $users_model->where("id=" . $result["id"])->save($data); $redirect = empty($_SESSION['login_http_referer']) ? __ROOT__ . "/" : $_SESSION['login_http_referer']; $_SESSION['login_http_referer'] = ""; $ucenter_old_user_login_msg = ""; if ($ucenter_old_user_login) { //$ucenter_old_user_login_msg="老用户请在跳转后,再次登陆"; } $this->success("登录验证成功!", $redirect); } else { $this->error("密码错误!"); } } else { $this->error("用户名不存在!"); } }
public function do_password_set_password() { $users_model = M("Member"); $rules = array(array('password', 'require', '密码不能为空!', 1), array('repassword', 'require', '重复密码不能为空!', 1), array('repassword', 'password', '确认密码不正确', 0, 'confirm')); if (strlen(I('post.password')) < 6 || strlen(I('post.password')) > 20) { $this->error("密码长度至少6位,最多20位!"); } if ($users_model->validate($rules)->create() === false) { $this->error($users_model->getError()); } else { $password = sp_password(I("post.password")); $result = $users_model->where(array("user_login" => $_SESSION['find_password_user']['user_login']))->save(array("user_pass" => $password)); if ($result) { $_SESSION['find_password_user']; $this->success("设置成功,请登录!", U("user/login/index")); } else { $this->error("设置失败!"); } } }
private function _do_email_register() { if (!sp_check_verify_code()) { $this->error("验证码错误!"); } $rules = array(array('user_type', 'require', '请选择用户类型!', 1), array('email', 'require', '邮箱不能为空!', 1), array('password', 'require', '密码不能为空!', 1), array('repassword', 'require', '重复密码不能为空!', 1), array('repassword', 'password', '确认密码不正确', 0, 'confirm'), array('email', 'email', '邮箱格式不正确!', 1)); $users_model = M("Users"); if ($users_model->validate($rules)->create() === false) { $this->error($users_model->getError()); } $password = $_POST['password']; $email = $_POST['email']; $user_type = $_POST['user_type']; $username = str_replace(array(".", "@"), "_", $email); //用户名需过滤的字符的正则 $stripChar = '?<*.>\'"'; if (preg_match('/[' . $stripChar . ']/is', $username) == 1) { $this->error('用户名中包含' . $stripChar . '等非法字符!'); } // $banned_usernames=explode(",", sp_get_cmf_settings("banned_usernames")); // if(in_array($username, $banned_usernames)){ // $this->error("此用户名禁止使用!"); // } if (strlen($password) < 5 || strlen($password) > 20) { $this->error("密码长度至少5位,最多20位!"); } if ($user_type > 3 || $user_type < 1) { $this->error("非法操作!"); } $where['user_login'] = $username; $where['user_email'] = $email; $where['_logic'] = 'OR'; $ucenter_syn = C("UCENTER_ENABLED"); $uc_checkemail = 1; $uc_checkusername = 1; if ($ucenter_syn) { include UC_CLIENT_ROOT . "client.php"; $uc_checkemail = uc_user_checkemail($email); $uc_checkusername = uc_user_checkname($username); } $users_model = M("Users"); $result = $users_model->where($where)->count(); if ($result || $uc_checkemail < 0 || $uc_checkusername < 0) { $this->error("用户名或者该邮箱已经存在!"); } else { $uc_register = true; if ($ucenter_syn) { $uc_uid = uc_user_register($username, $password, $email); //exit($uc_uid); if ($uc_uid < 0) { $uc_register = false; } } if ($uc_register) { $need_email_active = C("SP_MEMBER_EMAIL_ACTIVE"); $data = array('user_login' => $username, 'user_email' => $email, 'user_nicename' => $username, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(0, true), 'create_time' => date("Y-m-d H:i:s"), 'last_login_time' => date("Y-m-d H:i:s"), 'user_status' => $need_email_active ? 2 : 1, "user_type" => $user_type); $rst = $users_model->add($data); if ($rst) { //登入成功页面跳转 $data['id'] = $rst; $_SESSION['user'] = $data; //发送激活邮件 if ($need_email_active) { $this->_send_to_active(); unset($_SESSION['user']); $this->success("注册成功,激活后才能使用!", U("user/login/index")); } else { $this->success("注册成功!", __ROOT__ . "/"); } } else { $this->error("注册失败!", U("user/register/index")); } } else { $this->error("注册失败!", U("user/register/index")); } } }
function doregister() { $rules = array(array('password', 'require', '密码不能为空!', 1), array('user_realname', 'require', '用户名不能为空!', 1), array('repassword', 'require', '重复密码不能为空!', 1), array('repassword', 'password', '确认密码不正确', 0, 'confirm')); if (I('post.reg_type') == 1) { if (!sp_check_verify_code()) { $this->error("验证码错误!"); } $_POST['email'] = I('post.username'); array_unshift($rules, array('username', 'require', '邮箱不能为空!', 1), array('email', 'email', '邮箱格式不正确!', 1)); } else { array_unshift($rules, array('username', 'require', '手机号码不能为空!', 1)); $user_phone = I('post.username'); if (!preg_match('/^[1][3458]{1}[0-9]{9}$/', $user_phone)) { $this->error('手机号码格式有误'); } //手机号码格式检测 $check = M('Sms')->field('code,add_time')->where(array('phone' => $user_phone))->order('id desc')->find(); if (empty($_POST['code'])) { $this->error('验证码不能为空'); } if (strtolower($check['code']) != strtolower(I('post.code'))) { $this->error("手机验证码错误"); } if (time() > $check['add_time'] + 3600) { $this->error('验证码已过期,请重新获取'); } } $users_model = M("Member"); if ($users_model->validate($rules)->create() === false) { $this->error($users_model->getError()); } extract($_POST); //用户名需过滤的字符的正则 /**$stripChar = '?<*.>\'"'; if(preg_match('/['.$stripChar.']/is', $username)==1){ $this->error('用户名中包含'.$stripChar.'等非法字符!'); } **/ $banned_usernames = explode(",", sp_get_cmf_settings("banned_usernames")); if (in_array($username, $banned_usernames)) { $this->error("此用户名禁止使用!"); } if (strlen($password) < 6 || strlen($password) > 20) { $this->error("密码长度至少6位,最多20位!"); } $where['user_login'] = $username; $where['user_email'] = $email; // $where['user_realname']=$user_realname; $where['_logic'] = 'OR'; $ucenter_syn = C("UCENTER_ENABLED"); $uc_checkemail = 1; $uc_checkusername = 1; if ($ucenter_syn) { include UC_CLIENT_ROOT . "client.php"; $uc_checkemail = uc_user_checkemail($email); $uc_checkusername = uc_user_checkname($username); } $users_model = M("Member"); $result = $users_model->where($where)->count(); if ($result || $uc_checkemail < 0 || $uc_checkusername < 0) { $this->error("用户名或者该邮箱已经存在!"); } else { $uc_register = true; if ($ucenter_syn) { $uc_uid = uc_user_register($username, $password, $email); //exit($uc_uid); if ($uc_uid < 0) { $uc_register = false; } } if ($uc_register) { $need_email_active = C("SP_MEMBER_EMAIL_ACTIVE"); if ($need_email_active) { //配置为需要邮件激活时 if (I('post.reg_type') == 1) { //邮箱注册 $need_email_active = true; } else { if (I('post.reg_type') == 2) { //手机号码注册 $need_email_active = false; } } } $data = array('user_login' => $username, 'user_email' => $email, 'user_nicename' => $username, 'user_realname' => $user_realname, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(), 'create_time' => date("Y-m-d H:i:s"), 'last_login_time' => date("Y-m-d H:i:s"), 'user_status' => $need_email_active ? 2 : 1, "utype" => 0, 'user_phone' => $user_phone); $rst = $users_model->add($data); if ($rst) { //登入成功页面跳转 $data['id'] = $rst; //插入我的账户 $account = M("Account"); $ac['uid'] = $rst; $ac['money'] = get_point_rule('register'); $account->add($ac); $_SESSION['user'] = $data; //发送激活邮件 if ($need_email_active) { $this->_send_to_active(); unset($_SESSION['user']); $this->success("注册成功,激活后才能使用!", U("user/login/index")); } else { $this->success("注册成功!", __ROOT__ . "/"); } } else { $this->error("注册失败!", U("user/register/index")); } } else { $this->error("注册失败!", U("user/register/index")); } } }
function dologin() { $users_model = M("Users"); $rules = array(array('username', 'require', '用户名或者手机号不能为空!', 1), array('password', 'require', '密码不能为空!', 1)); if ($users_model->validate($rules)->create() === false) { $this->error($users_model->getError()); } extract($_POST); //用户名或者手机号登陆 $where['user_phone'] = $username; $where['user_login'] = $username; $where['_logic'] = 'OR'; $users_model = M('Users'); $result = $users_model->where($where)->find(); if ($result) { if ($result['user_pass'] == sp_password($password)) { $_SESSION["user"] = $result; //保存session $data = array('last_login_time' => date("Y-m-d H:i:s"), 'last_login_ip' => get_client_ip()); $users_model->where("id=" . $result["id"])->save($data); $redirect = empty($_SESSION['login_http_referer']) ? __ROOT__ . "/" : $_SESSION['login_http_referer']; $_SESSION['login_http_referer'] = ""; $this->success("登录验证成功!", $redirect); } else { $this->error("密码错误!"); } } else { $this->error("用户名不存在!"); } }
function sp_create_admin_account($db, $table_prefix, $authcode) { $username = I("post.manager"); $password = sp_password(I("post.manager_pwd"), $authcode); $email = I("post.manager_email"); $create_date = date("Y-m-d h:i:s"); $ip = get_client_ip(0, true); $sql = <<<hello INSERT INTO `{$table_prefix}users` (id,user_login,user_pass,user_name,user_email,user_url,create_time,user_activation_key,user_status,last_login_ip,last_login_time) VALUES ('1', '{$username}', '{$password}', 'admin', '{$email}', '', '{$create_date}', '', '1', '{$ip}','{$create_date}');; hello; $db->execute($sql); sp_show_msg("管理员账号创建成功!"); }
/** * CMF密码比较方法,所有涉及密码比较的地方都用这个方法 * @param string $password 要比较的密码 * @param string $password_in_db 数据库保存的已经加密过的密码 * @return boolean 密码相同,返回true */ function sp_compare_password($password, $password_in_db) { if (strpos($password_in_db, "###") === 0) { return sp_password($password) == $password_in_db; } else { return sp_password_old($password) == $password_in_db; } }