public function ACTION_findpwd() { $seccode = iS::escapeStr($_POST['seccode']); iPHP::seccode($seccode, true) or iPHP::code(0, 'iCMS:seccode:error', 'seccode', 'json'); $uid = (int) $_POST['uid']; $auth = iS::escapeStr($_POST['auth']); if ($auth && $uid) { //print_r($_POST); $authcode = rawurldecode($auth); $authcode = base64_decode($authcode); $authcode = authcode($authcode); if (empty($authcode)) { iPHP::code(0, 'user:findpwd:error', 'uname', 'json'); } list($uid, $username, $password, $timeline) = explode(USER_AUTHASH, $authcode); $now = time(); if ($now - $timeline > 86400) { iPHP::code(0, 'user:findpwd:error', 'time', 'json'); } $user = user::get($uid, false); if ($username != $user->username || $password != $user->password) { iPHP::code(0, 'user:findpwd:error', 'user', 'json'); } $rstpassword = md5(trim($_POST['rstpassword'])); if ($rstpassword == $user->password) { iPHP::code(0, 'user:findpwd:same', 'password', 'json'); } iDB::update("user", array('password' => $rstpassword), array('uid' => $uid)); iPHP::code(1, 'user:findpwd:success', 0, 'json'); } else { $uname = iS::escapeStr($_POST['uname']); $uname or iPHP::code(0, 'user:findpwd:username:empty', 'uname', 'json'); $uid = user::check($uname, 'username'); $uid or iPHP::code(0, 'user:findpwd:username:noexist', 'uname', 'json'); $user = user::get($uid, false); $user or iPHP::code(0, 'user:findpwd:username:noexist', 'uname', 'json'); $authcode = authcode($uid . USER_AUTHASH . $user->username . USER_AUTHASH . $user->password . USER_AUTHASH . time(), 'ENCODE'); $authcode = base64_encode($authcode); $authcode = rawurlencode($authcode); $find_url = iPHP::router('/api/user/findpwd', iPHP_ROUTER_REWRITE, '?&'); if (iPHP_ROUTER_REWRITE) { $find_url = iFS::fp($find_url, '+http'); } $find_url .= 'auth=' . $authcode; $config = iCMS::$config['mail']; $config['title'] = iCMS::$config['site']['name']; $config['subject'] = '[' . $config['title'] . '] 找回密码(重要)!'; $config['body'] = ' <p>尊敬的' . $user->nickname . ',您好:</p> <br /> <p>您在' . $config['title'] . '申请找回密码,重设密码地址:</p> <a href="' . $find_url . '" target="_blank">' . $find_url . '</a> <p>本链接将在24小时后失效!</p> <p>如果上面的链接无法点击,您也可以复制链接,粘贴到您浏览器的地址栏内,然后按“回车”打开重置密码页面。</p> <p>如果您有其他问题,请联系我们:' . $config['replyto'] . '。</p> <p>如果您没有进行过找回密码的操作,请不要点击上述链接,并删除此邮件。</p> <p>谢谢!</p> '; $config['address'] = array(array($user->username, $user->nickname)); //var_dump(iCMS::$config); $result = iPHP::sendmail($config); if ($result === true) { iPHP::code(1, 'user:findpwd:send:success', 'mail', 'json'); } else { iPHP::code(0, 'user:findpwd:send:failure', 'mail', 'json'); } } }