protected function _before_write(&$data)
{
parent::_before_write($data);
if (!empty($data['user_pass']) && strlen($data['user_pass']) < 25) {
$data['user_pass'] = sp_password($data['user_pass']);
}
}
public function password_post()
{
if (IS_POST) {
if (empty($_POST['old_password'])) {
$this->error("原始密码不能为空!");
}
if (empty($_POST['password'])) {
$this->error("新密码不能为空!");
}
$uid = sp_get_current_userid();
$admin = $this->users_model->where("id={$uid}")->find();
$old_password = $_POST['old_password'];
$password = $_POST['password'];
if (sp_password($old_password) == $admin['user_pass']) {
if ($_POST['password'] == $_POST['repassword']) {
if ($admin['user_pass'] == sp_password($password)) {
$this->error("新密码不能和原始密码相同!");
} else {
$data['user_pass'] = sp_password($password);
$data['id'] = $uid;
$r = $this->users_model->save($data);
if ($r !== false) {
$this->success("修改成功!");
} else {
$this->error("修改失败!");
}
}
} else {
$this->error("密码输入不一致!");
}
} else {
$this->error("原始密码不正确!");
}
}
}
public function dologin()
{
$name = I("post.username");
if (empty($name)) {
$this->error(L('USERNAME_OR_EMAIL_EMPTY'));
}
$pass = I("post.password");
if (empty($pass)) {
$this->error(L('PASSWORD_REQUIRED'));
}
$verrify = I("post.verify");
if (empty($verrify)) {
$this->error(L('CAPTCHA_REQUIRED'));
}
//验证码
if (!sp_check_verify_code()) {
$this->error(L('CAPTCHA_NOT_RIGHT'));
} else {
$user = D("Common/Users");
if (strpos($name, "@") > 0) {
//邮箱登陆
$where['user_email'] = $name;
} else {
$where['user_login'] = $name;
}
$result = $user->where($where)->find();
if (!empty($result) && $result['user_type'] == 1) {
if ($result['user_pass'] == sp_password($pass)) {
$role_user_model = M("RoleUser");
$role_user_join = C('DB_PREFIX') . 'role as b on a.role_id =b.id';
$groups = $role_user_model->alias("a")->join($role_user_join)->where(array("user_id" => $result["id"], "status" => 1))->getField("role_id", true);
if ($result["id"] != 1 && (empty($groups) || empty($result['user_status']))) {
$this->error(L('USE_DISABLED'));
}
//登入成功页面跳转
$_SESSION["ADMIN_ID"] = $result["id"];
$_SESSION['name'] = $result["user_login"];
$result['last_login_ip'] = get_client_ip();
$result['last_login_time'] = date("Y-m-d H:i:s");
$user->save($result);
setcookie("admin_username", $name, time() + 30 * 24 * 3600, "/");
$this->success(L('LOGIN_SUCCESS'), U("Index/index"));
} else {
$this->error(L('PASSWORD_NOT_RIGHT'));
}
} else {
$this->error(L('USERNAME_NOT_EXIST'));
}
}
}
function doregister()
{
$users_model = M("Users");
$rules = array(array('username', 'require', '账号不能为空!', 1), array('mobile', 'require', '手机号不能为空!', 1), array('password', 'require', '密码不能为空!', 1), array('repassword', 'require', '重复密码不能为空!', 1), array('repassword', 'password', '确认密码不正确', 0, 'confirm'));
if ($users_model->validate($rules)->create() === false) {
$this->error($users_model->getError());
}
extract($_POST);
//用户名需过滤的字符的正则
$stripChar = '?<*.>\'"';
if (preg_match('/[' . $stripChar . ']/is', $username) == 1) {
$this->error('用户名中包含' . $stripChar . '等非法字符!');
}
$banned_usernames = explode(",", sp_get_cmf_settings("banned_usernames"));
if (in_array($username, $banned_usernames)) {
$this->error("此用户名禁止使用!");
}
if (strlen($password) < 5 || strlen($password) > 20) {
$this->error("密码长度至少5位,最多20位!");
}
if (!preg_match("/^1\\d{10}\$/", $mobile)) {
$this->error('手机号码格式不正确');
}
//需要获取到的短信验证码验证规则
$verifyCode = session("registerSMS");
if ($messcode != $verifyCode) {
$this->error("短信验证码不正确,请重新验证!");
}
$where['user_login'] = $username;
$where['user_phone'] = $mobile;
$where['_logic'] = 'OR';
$users_model = M("Users");
$result = $users_model->where($where)->count();
if ($result) {
$this->error("用户名或者该手机号已经存在!");
} else {
$data = array('user_login' => $username, 'user_phone' => $mobile, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(), 'create_time' => date("Y-m-d H:i:s"), 'last_login_time' => date("Y-m-d H:i:s"), "user_type" => 2);
$rst = $users_model->add($data);
if ($rst) {
//登入成功页面跳转
$data['id'] = $rst;
$_SESSION['user'] = $data;
$this->success("注册成功!", __ROOT__ . "/");
} else {
$this->error("注册失败!", U("user/register/index"));
}
}
}
public function dologin()
{
$name = I("post.username");
$this->err_msg = '';
if (empty($name)) {
$this->err_msg = L('USERNAME_OR_EMAIL_EMPTY');
}
$pass = I("post.password");
if (empty($pass)) {
$this->err_msg = L('PASSWORD_REQUIRED');
}
$verrify = I("post.verify");
if (empty($verrify)) {
$this->err_msg = L('CAPTCHA_REQUIRED');
}
//验证码
if (!$this->check_verify($verrify)) {
$this->err_msg = L('CAPTCHA_NOT_RIGHT');
}
if (!empty($this->err_msg)) {
$this->assign("err_msg", $this->err_msg);
$this->display(":login");
exit;
}
$user = D("AdminUser");
$where['user_login'] = $name;
$result = $user->where($where)->find();
if ($result != null) {
if ($result['user_pass'] == sp_password($pass)) {
//登入成功页面跳转
$_SESSION["ADMIN_ID"] = $result["id"];
$_SESSION['name'] = $result["user_login"];
session("roleid", $result['role_id']);
$result['last_login_ip'] = get_client_ip();
$result['last_login_time'] = date("Y-m-d H:i:s");
$user->save($result);
setcookie("admin_username", $name, time() + 30 * 24 * 3600, "/");
$this->redirect("Index/index");
} else {
$this->err_msg = L('PASSWORD_NOT_RIGHT');
}
} else {
$this->err_msg = L('USERNAME_NOT_EXIST');
}
$this->assign("err_msg", $this->err_msg);
$this->display(":login");
}
function change_pwd($oldpwd, $newpwd)
{
//验证旧密码
$prefix = C("DB_PREFIX");
$uid = $_SESSION['user']['id'];
$sql = "select user_pass from {$prefix}member where uid = {$uid}";
$res = $this->find($uid);
$oldpwd = sp_password($oldpwd);
if ($res['user_pass'] != $oldpwd) {
return -1;
//旧密码错误
}
$data['user_pass'] = sp_password($newpwd);
$where['id'] = $uid;
$result = $this->where($where)->save($data);
return $result;
}
public function dologin()
{
$name = I("post.username");
if (empty($name)) {
$this->error(L('USERNAME_OR_EMAIL_EMPTY'));
}
$pass = I("post.password");
if (empty($pass)) {
$this->error(L('PASSWORD_REQUIRED'));
}
$verrify = I("post.verify");
if (empty($verrify)) {
$this->error(L('CAPTCHA_REQUIRED'));
}
//验证码
if ($_SESSION['_verify_']['verify'] != strtolower($verrify)) {
$this->error(L('CAPTCHA_NOT_RIGHT'));
} else {
$user = D("Users");
if (strpos($name, "@") > 0) {
//邮箱登陆
$where['user_email'] = $name;
} else {
$where['user_login'] = $name;
}
$result = $user->where($where)->find();
if ($result != null && $result['user_type'] == 1) {
if ($result['user_pass'] == sp_password($pass)) {
//登入成功页面跳转
$_SESSION["ADMIN_ID"] = $result["id"];
$_SESSION['name'] = $result["user_login"];
session("roleid", $result['role_id']);
$result['last_login_ip'] = get_client_ip();
$result['last_login_time'] = date("Y-m-d H:i:s");
$user->save($result);
setcookie("admin_username", $name, time() + 30 * 24 * 3600, "/");
$this->success(L('LOGIN_SUCCESS'), U("Index/index"));
} else {
$this->error(L('PASSWORD_NOT_RIGHT'));
}
} else {
$this->error(L('USERNAME_NOT_EXIST'));
}
}
}
public function dologin()
{
$name = I("post.username");
if (empty($name)) {
$this->error("用户名或邮箱不能为空!");
}
$pass = I("post.password");
if (empty($pass)) {
$this->error("密码不能为空!");
}
$verrify = I("post.verify");
if (empty($verrify)) {
$this->error("验证码不能为空!");
}
//验证码
if ($_SESSION['_verify_']['verify'] != strtolower($verrify)) {
$this->error("验证码错误!");
} else {
$user = D("Users");
if (strpos($name, "@") > 0) {
//邮箱登陆
$where['user_email'] = $name;
} else {
$where['user_login'] = $name;
}
$result = $user->where($where)->find();
if ($result != null) {
if ($result['user_pass'] == sp_password($pass)) {
//登入成功页面跳转
$_SESSION["ADMIN_ID"] = $result["ID"];
$_SESSION['name'] = $result["user_login"];
session("roleid", $result['role_id']);
$result['last_login_ip'] = get_client_ip();
$result['last_login_time'] = date("Y-m-d H:i:s");
$user->save($result);
setcookie("admin_username", $name, time() + 30 * 24 * 3600, "/");
$this->success("登录验证成功!", U("Index/index"));
} else {
$this->error("密码错误!");
}
} else {
$this->error("用户名不存在!");
}
}
}
function password_post()
{
if (IS_POST) {
if (empty($_POST['old_password'])) {
$this->error("原始密码不能为空!");
}
if (empty($_POST['password'])) {
$this->error("新密码不能为空!");
}
$user_obj = D("Users");
$uid = get_current_admin_id();
$admin = $user_obj->where(array("id" => $uid))->find();
$old_password = $_POST['old_password'];
$password = $_POST['password'];
if (sp_password($old_password) == $admin['user_pass']) {
if ($_POST['password'] == $_POST['repassword']) {
if ($admin['user_pass'] == sp_password($password)) {
$this->error("新密码不能和原始密码相同!");
} else {
$data['user_pass'] = sp_password($password);
$data['id'] = $uid;
$r = $user_obj->save($data);
if ($r !== false) {
$this->success("修改成功!");
} else {
$this->error("修改失败!");
}
}
} else {
$this->error("密码输入不一致!");
}
} else {
$this->error("原始密码不正确!");
}
}
}
$strConfig = str_replace('#DB_USER#', $dbUser, $strConfig);
$strConfig = str_replace('#DB_PWD#', $dbPwd, $strConfig);
$strConfig = str_replace('#DB_PORT#', $dbPort, $strConfig);
$strConfig = str_replace('#DB_PREFIX#', $dbPrefix, $strConfig);
$strConfig = str_replace('#AUTHCODE#', sp_random_string(18), $strConfig);
$strConfig = str_replace('#COOKIE_PREFIX#', sp_random_string(6) . "_", $strConfig);
@chmod(SITEDIR . '/data/conf/db.php', 0777);
@file_put_contents(SITEDIR . '/data/conf/db.php', $strConfig);
//插入管理员
//生成随机认证码
$verify = sp_random_string(6);
$time = time();
$create_date = date("Y-m-d h:i:s");
$ip = get_client_ip();
$ip = empty($ip) ? "0.0.0.0" : $ip;
$password = sp_password($password, $dbPrefix);
$query = "INSERT INTO `{$dbPrefix}users` (id,user_login,user_pass,user_nicename,user_email,user_url,create_time,user_activation_key,user_status,last_login_ip,last_login_time) VALUES ('1', '{$username}', '{$password}', 'admin', '{$email}', '', '{$create_date}', '', '1', '{$ip}','{$create_date}');";
mysql_query($query);
$message = '成功添加管理员<br />成功写入配置文件<br>安装完成.';
$arr = array('n' => 999999, 'msg' => $message);
echo json_encode($arr);
exit;
}
include_once "./templates/s4.php";
exit;
case '5':
$ip = get_client_ip();
$host = $_SERVER['HTTP_HOST'];
include_once "./templates/s5.php";
@touch('./install.lock');
exit;
private function _do_email_login()
{
$username = $_POST['username'];
$password = $_POST['password'];
if (strpos($username, "@") > 0) {
//邮箱登陆
$where['user_email'] = $username;
} else {
$where['user_login'] = $username;
}
$users_model = M('Users');
$result = $users_model->where($where)->find();
$ucenter_syn = C("UCENTER_ENABLED");
$ucenter_old_user_login = false;
$ucenter_login_ok = false;
if ($ucenter_syn) {
setcookie("thinkcmf_auth", "");
include UC_CLIENT_ROOT . "client.php";
list($uc_uid, $username, $password, $email) = uc_user_login($username, $password);
if ($uc_uid > 0) {
if (!$result) {
$data = array('user_login' => $username, 'user_email' => $email, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(0, true), 'create_time' => time(), 'last_login_time' => time(), 'user_status' => '1', 'user_type' => 2);
$id = $users_model->add($data);
$data['id'] = $id;
$result = $data;
}
} else {
switch ($uc_uid) {
case "-1":
//用户不存在,或者被删除
if ($result) {
//本应用已经有这个用户
if (sp_compare_password($password, $result['user_pass'])) {
//本应用已经有这个用户,且密码正确,同步用户
$uc_uid2 = uc_user_register($username, $password, $result['user_email']);
if ($uc_uid2 < 0) {
$uc_register_errors = array("-1" => "用户名不合法", "-2" => "包含不允许注册的词语", "-3" => "用户名已经存在", "-4" => "Email格式有误", "-5" => "Email不允许注册", "-6" => "该Email已经被注册");
$this->error("同步用户失败--" . $uc_register_errors[$uc_uid2]);
}
$uc_uid = $uc_uid2;
} else {
$this->error("密码错误1!");
}
}
break;
case -2:
//密码错
if ($result) {
//本应用已经有这个用户
if (sp_compare_password($password, $result['user_pass'])) {
//本应用已经有这个用户,且密码正确,同步用户
$uc_user_edit_status = uc_user_edit($username, "", $password, "", 1);
if ($uc_user_edit_status <= 0) {
$this->error("登陆错误3!");
}
list($uc_uid2) = uc_get_user($username);
$uc_uid = $uc_uid2;
$ucenter_old_user_login = true;
} else {
$this->error("密码错误4!");
}
} else {
$this->error("密码错误1!");
}
break;
}
}
$ucenter_login_ok = true;
echo uc_user_synlogin($uc_uid);
}
//exit();
if (!empty($result)) {
if (sp_compare_password($password, $result['user_pass']) || $ucenter_login_ok) {
$_SESSION["user"] = $result;
//写入此次登录信息
$data = array('last_login_time' => date("Y-m-d H:i:s"), 'last_login_ip' => get_client_ip(0, true));
$users_model->where("id=" . $result["id"])->save($data);
$redirect = empty($_SESSION['login_http_referer']) ? __ROOT__ . "/" : $_SESSION['login_http_referer'];
$_SESSION['login_http_referer'] = "";
$ucenter_old_user_login_msg = "";
if ($ucenter_old_user_login) {
//$ucenter_old_user_login_msg="老用户请在跳转后,再次登陆";
}
$this->success("登录验证成功!", $redirect);
} else {
$this->error("密码错误7!");
}
} else {
$this->error("用户名不存在!");
}
}
function changepass()
{
if (IS_POST) {
if ($_POST['pass'] != $_POST['repass']) {
$this->error("两次密码输入不一致!");
}
if (strlen($_POST['pass']) < 5 || strlen($_POST['pass']) > 12) {
$this->error("密码长度至少5位,最多12位!");
}
$mem = M('Members');
$uid = $_SESSION["MEMBER_id"];
$user_info = $mem->where("ID={$uid}")->find();
$old_password = $_POST['inipass'];
$password = $_POST['pass'];
if (sp_password($old_password) == $user_info['user_pass']) {
if ($user_info['user_pass'] == sp_password($password)) {
$this->error("新密码不能和原密码相同!");
} else {
$ucenter_syn = C("UCENTER_ENABLED");
$can_change_password = true;
if ($ucenter_syn) {
include UC_CLIENT_ROOT . "client.php";
$uc_result = uc_user_edit($user_info['user_login_name'], $old_password, $password, "");
if (!$uc_result) {
$can_change_password = false;
}
}
if ($can_change_password) {
$data['user_pass'] = sp_password($password);
$data['ID'] = $uid;
$r = $mem->save($data);
if ($r != false) {
$this->success("修改成功!");
} else {
$this->error("修改失败!");
}
} else {
$this->error("修改失败!");
}
}
} else {
$this->error("原密码不正确!");
}
} else {
$this->error('提交数据为空!');
}
}
function dologin()
{
if ($_SESSION['_verify_']['verify'] != strtolower($_POST['verify'])) {
$this->error("验证码错误!");
}
$users_model = M("Users");
$rules = array(array('terms', 'require', '您未同意服务条款!', 1), array('username', 'require', '用户名或者邮箱不能为空!', 1), array('password', 'require', '密码不能为空!', 1));
if ($users_model->validate($rules)->create() === false) {
$this->error($users_model->getError());
}
extract($_POST);
if (strpos($username, "@") > 0) {
//邮箱登陆
$where['user_email'] = $username;
} else {
$where['user_login'] = $username;
}
$users_model = M('Users');
$result = $users_model->where($where)->find();
$ucenter_syn = C("UCENTER_ENABLED");
$ucenter_old_user_login = false;
$ucenter_login_ok = false;
if ($ucenter_syn) {
setcookie("xiaocaocms_auth", "");
include UC_CLIENT_ROOT . "client.php";
list($uc_uid, $username, $password, $email) = uc_user_login($username, $password);
if ($uc_uid > 0) {
if (!$result) {
$data = array('user_login' => $username, 'user_email' => $email, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(), 'create_time' => time(), 'last_login_time' => time(), 'user_status' => '1');
$id = $users_model->add($data);
$data['id'] = $id;
$result = $data;
}
} else {
switch ($uc_uid) {
case "-1":
//用户不存在,或者被删除
if ($result) {
//本应用已经有这个用户
if ($result['user_pass'] == sp_password($password)) {
//本应用已经有这个用户,且密码正确,同步用户
$uc_uid2 = uc_user_register($username, $password, $result['user_email']);
if ($uc_uid2 < 0) {
$uc_register_errors = array("-1" => "用户名不合法", "-2" => "包含不允许注册的词语", "-3" => "用户名已经存在", "-4" => "Email格式有误", "-5" => "Email不允许注册", "-6" => "该Email已经被注册");
$this->error("同步用户失败--" . $uc_register_errors[$uc_uid2]);
}
$uc_uid = $uc_uid2;
} else {
$this->error("密码错误!");
}
}
break;
case -2:
//密码错
if ($result) {
//本应用已经有这个用户
if ($result['user_pass'] == sp_password($password)) {
//本应用已经有这个用户,且密码正确,同步用户
$uc_user_edit_status = uc_user_edit($username, "", $password, "", 1);
if ($uc_user_edit_status <= 0) {
$this->error("登陆错误!");
}
list($uc_uid2) = uc_get_user($username);
$uc_uid = $uc_uid2;
$ucenter_old_user_login = true;
} else {
$this->error("密码错误!");
}
} else {
$this->error("密码错误!");
}
break;
}
}
$ucenter_login_ok = true;
echo uc_user_synlogin($uc_uid);
}
//exit();
if ($result != null) {
if ($result['user_pass'] == sp_password($password) || $ucenter_login_ok) {
$_SESSION["user"] = $result;
//写入此次登录信息
$data = array('last_login_time' => date("Y-m-d H:i:s"), 'last_login_ip' => get_client_ip());
$users_model->where("id=" . $result["id"])->save($data);
$redirect = empty($_SESSION['login_http_referer']) ? __ROOT__ . "/" : $_SESSION['login_http_referer'];
$_SESSION['login_http_referer'] = "";
$ucenter_old_user_login_msg = "";
if ($ucenter_old_user_login) {
//$ucenter_old_user_login_msg="老用户请在跳转后,再次登陆";
}
$this->success("登录验证成功!", $redirect);
} else {
$this->error("密码错误!");
}
} else {
$this->error("用户名不存在!");
}
}
public function do_password_set_password()
{
$users_model = M("Member");
$rules = array(array('password', 'require', '密码不能为空!', 1), array('repassword', 'require', '重复密码不能为空!', 1), array('repassword', 'password', '确认密码不正确', 0, 'confirm'));
if (strlen(I('post.password')) < 6 || strlen(I('post.password')) > 20) {
$this->error("密码长度至少6位,最多20位!");
}
if ($users_model->validate($rules)->create() === false) {
$this->error($users_model->getError());
} else {
$password = sp_password(I("post.password"));
$result = $users_model->where(array("user_login" => $_SESSION['find_password_user']['user_login']))->save(array("user_pass" => $password));
if ($result) {
$_SESSION['find_password_user'];
$this->success("设置成功,请登录!", U("user/login/index"));
} else {
$this->error("设置失败!");
}
}
}
private function _do_email_register()
{
if (!sp_check_verify_code()) {
$this->error("验证码错误!");
}
$rules = array(array('user_type', 'require', '请选择用户类型!', 1), array('email', 'require', '邮箱不能为空!', 1), array('password', 'require', '密码不能为空!', 1), array('repassword', 'require', '重复密码不能为空!', 1), array('repassword', 'password', '确认密码不正确', 0, 'confirm'), array('email', 'email', '邮箱格式不正确!', 1));
$users_model = M("Users");
if ($users_model->validate($rules)->create() === false) {
$this->error($users_model->getError());
}
$password = $_POST['password'];
$email = $_POST['email'];
$user_type = $_POST['user_type'];
$username = str_replace(array(".", "@"), "_", $email);
//用户名需过滤的字符的正则
$stripChar = '?<*.>\'"';
if (preg_match('/[' . $stripChar . ']/is', $username) == 1) {
$this->error('用户名中包含' . $stripChar . '等非法字符!');
}
// $banned_usernames=explode(",", sp_get_cmf_settings("banned_usernames"));
// if(in_array($username, $banned_usernames)){
// $this->error("此用户名禁止使用!");
// }
if (strlen($password) < 5 || strlen($password) > 20) {
$this->error("密码长度至少5位,最多20位!");
}
if ($user_type > 3 || $user_type < 1) {
$this->error("非法操作!");
}
$where['user_login'] = $username;
$where['user_email'] = $email;
$where['_logic'] = 'OR';
$ucenter_syn = C("UCENTER_ENABLED");
$uc_checkemail = 1;
$uc_checkusername = 1;
if ($ucenter_syn) {
include UC_CLIENT_ROOT . "client.php";
$uc_checkemail = uc_user_checkemail($email);
$uc_checkusername = uc_user_checkname($username);
}
$users_model = M("Users");
$result = $users_model->where($where)->count();
if ($result || $uc_checkemail < 0 || $uc_checkusername < 0) {
$this->error("用户名或者该邮箱已经存在!");
} else {
$uc_register = true;
if ($ucenter_syn) {
$uc_uid = uc_user_register($username, $password, $email);
//exit($uc_uid);
if ($uc_uid < 0) {
$uc_register = false;
}
}
if ($uc_register) {
$need_email_active = C("SP_MEMBER_EMAIL_ACTIVE");
$data = array('user_login' => $username, 'user_email' => $email, 'user_nicename' => $username, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(0, true), 'create_time' => date("Y-m-d H:i:s"), 'last_login_time' => date("Y-m-d H:i:s"), 'user_status' => $need_email_active ? 2 : 1, "user_type" => $user_type);
$rst = $users_model->add($data);
if ($rst) {
//登入成功页面跳转
$data['id'] = $rst;
$_SESSION['user'] = $data;
//发送激活邮件
if ($need_email_active) {
$this->_send_to_active();
unset($_SESSION['user']);
$this->success("注册成功,激活后才能使用!", U("user/login/index"));
} else {
$this->success("注册成功!", __ROOT__ . "/");
}
} else {
$this->error("注册失败!", U("user/register/index"));
}
} else {
$this->error("注册失败!", U("user/register/index"));
}
}
}
function doregister()
{
$rules = array(array('password', 'require', '密码不能为空!', 1), array('user_realname', 'require', '用户名不能为空!', 1), array('repassword', 'require', '重复密码不能为空!', 1), array('repassword', 'password', '确认密码不正确', 0, 'confirm'));
if (I('post.reg_type') == 1) {
if (!sp_check_verify_code()) {
$this->error("验证码错误!");
}
$_POST['email'] = I('post.username');
array_unshift($rules, array('username', 'require', '邮箱不能为空!', 1), array('email', 'email', '邮箱格式不正确!', 1));
} else {
array_unshift($rules, array('username', 'require', '手机号码不能为空!', 1));
$user_phone = I('post.username');
if (!preg_match('/^[1][3458]{1}[0-9]{9}$/', $user_phone)) {
$this->error('手机号码格式有误');
}
//手机号码格式检测
$check = M('Sms')->field('code,add_time')->where(array('phone' => $user_phone))->order('id desc')->find();
if (empty($_POST['code'])) {
$this->error('验证码不能为空');
}
if (strtolower($check['code']) != strtolower(I('post.code'))) {
$this->error("手机验证码错误");
}
if (time() > $check['add_time'] + 3600) {
$this->error('验证码已过期,请重新获取');
}
}
$users_model = M("Member");
if ($users_model->validate($rules)->create() === false) {
$this->error($users_model->getError());
}
extract($_POST);
//用户名需过滤的字符的正则
/**$stripChar = '?<*.>\'"';
if(preg_match('/['.$stripChar.']/is', $username)==1){
$this->error('用户名中包含'.$stripChar.'等非法字符!');
}
**/
$banned_usernames = explode(",", sp_get_cmf_settings("banned_usernames"));
if (in_array($username, $banned_usernames)) {
$this->error("此用户名禁止使用!");
}
if (strlen($password) < 6 || strlen($password) > 20) {
$this->error("密码长度至少6位,最多20位!");
}
$where['user_login'] = $username;
$where['user_email'] = $email;
// $where['user_realname']=$user_realname;
$where['_logic'] = 'OR';
$ucenter_syn = C("UCENTER_ENABLED");
$uc_checkemail = 1;
$uc_checkusername = 1;
if ($ucenter_syn) {
include UC_CLIENT_ROOT . "client.php";
$uc_checkemail = uc_user_checkemail($email);
$uc_checkusername = uc_user_checkname($username);
}
$users_model = M("Member");
$result = $users_model->where($where)->count();
if ($result || $uc_checkemail < 0 || $uc_checkusername < 0) {
$this->error("用户名或者该邮箱已经存在!");
} else {
$uc_register = true;
if ($ucenter_syn) {
$uc_uid = uc_user_register($username, $password, $email);
//exit($uc_uid);
if ($uc_uid < 0) {
$uc_register = false;
}
}
if ($uc_register) {
$need_email_active = C("SP_MEMBER_EMAIL_ACTIVE");
if ($need_email_active) {
//配置为需要邮件激活时
if (I('post.reg_type') == 1) {
//邮箱注册
$need_email_active = true;
} else {
if (I('post.reg_type') == 2) {
//手机号码注册
$need_email_active = false;
}
}
}
$data = array('user_login' => $username, 'user_email' => $email, 'user_nicename' => $username, 'user_realname' => $user_realname, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(), 'create_time' => date("Y-m-d H:i:s"), 'last_login_time' => date("Y-m-d H:i:s"), 'user_status' => $need_email_active ? 2 : 1, "utype" => 0, 'user_phone' => $user_phone);
$rst = $users_model->add($data);
if ($rst) {
//登入成功页面跳转
$data['id'] = $rst;
//插入我的账户
$account = M("Account");
$ac['uid'] = $rst;
$ac['money'] = get_point_rule('register');
$account->add($ac);
$_SESSION['user'] = $data;
//发送激活邮件
if ($need_email_active) {
$this->_send_to_active();
unset($_SESSION['user']);
$this->success("注册成功,激活后才能使用!", U("user/login/index"));
} else {
$this->success("注册成功!", __ROOT__ . "/");
}
} else {
$this->error("注册失败!", U("user/register/index"));
}
} else {
$this->error("注册失败!", U("user/register/index"));
}
}
}
function dologin()
{
$users_model = M("Users");
$rules = array(array('username', 'require', '用户名或者手机号不能为空!', 1), array('password', 'require', '密码不能为空!', 1));
if ($users_model->validate($rules)->create() === false) {
$this->error($users_model->getError());
}
extract($_POST);
//用户名或者手机号登陆
$where['user_phone'] = $username;
$where['user_login'] = $username;
$where['_logic'] = 'OR';
$users_model = M('Users');
$result = $users_model->where($where)->find();
if ($result) {
if ($result['user_pass'] == sp_password($password)) {
$_SESSION["user"] = $result;
//保存session
$data = array('last_login_time' => date("Y-m-d H:i:s"), 'last_login_ip' => get_client_ip());
$users_model->where("id=" . $result["id"])->save($data);
$redirect = empty($_SESSION['login_http_referer']) ? __ROOT__ . "/" : $_SESSION['login_http_referer'];
$_SESSION['login_http_referer'] = "";
$this->success("登录验证成功!", $redirect);
} else {
$this->error("密码错误!");
}
} else {
$this->error("用户名不存在!");
}
}
function sp_create_admin_account($db, $table_prefix, $authcode)
{
$username = I("post.manager");
$password = sp_password(I("post.manager_pwd"), $authcode);
$email = I("post.manager_email");
$create_date = date("Y-m-d h:i:s");
$ip = get_client_ip(0, true);
$sql = <<<hello
INSERT INTO `{$table_prefix}users`
(id,user_login,user_pass,user_name,user_email,user_url,create_time,user_activation_key,user_status,last_login_ip,last_login_time) VALUES
('1', '{$username}', '{$password}', 'admin', '{$email}', '', '{$create_date}', '', '1', '{$ip}','{$create_date}');;
hello;
$db->execute($sql);
sp_show_msg("管理员账号创建成功!");
}
/**
* CMF密码比较方法,所有涉及密码比较的地方都用这个方法
* @param string $password 要比较的密码
* @param string $password_in_db 数据库保存的已经加密过的密码
* @return boolean 密码相同,返回true
*/
function sp_compare_password($password, $password_in_db)
{
if (strpos($password_in_db, "###") === 0) {
return sp_password($password) == $password_in_db;
} else {
return sp_password_old($password) == $password_in_db;
}
}
