}
if (strlen($password) > $MOD['maxpassword'] || strlen($password) < $MOD['minpassword']) {
message(lang($L['member_password_len'], array($MOD['minpassword'], $MOD['minpassword'])));
}
if ($password != $cpassword) {
message($L['member_payword_match']);
}
$options = array('username', 'passport', 'email', 'mobile', 'company', 'qq', 'msn', 'ali', 'skype', 'userid');
in_array($option, $options) or $option = 'username';
$r = $db->get_one("SELECT username,groupid,passsalt FROM {$DT_PRE}member WHERE email='{$email}' AND `{$option}`='{$username}'");
if ($r) {
$username = $r['username'];
if ($r['groupid'] == 4) {
message($L['send_password_checking']);
}
$authvalue = dpassword($password, $r['passsalt']);
$auth = make_auth($username);
$db->query("UPDATE {$DT_PRE}member SET auth='{$auth}',authvalue='{$authvalue}',authtime='{$DT_TIME}' WHERE username='******'");
userclean($username);
$authurl = $MOD['linkurl'] . 'send.php?auth=' . $auth;
$title = $L['send_password_mail'];
$content = ob_template('password', 'mail');
send_mail($email, $title, stripslashes($content));
dheader($MOD['linkurl'] . 'goto.php?action=password&email=' . $email);
} else {
message($L['send_password_error']);
}
} else {
$head_title = $L['send_password_title'];
include template('send', $module);
}
if ($t['groupid'] == 2 || $t['groupid'] == 4) {
exit('ko');
}
if (is_email($_SESSION['f_key'])) {
$email = $_SESSION['f_key'];
$email == $t['email'] or exit('ko');
$_SESSION['email_code'] == md5($t['email'] . '|' . $code) or exit('ko');
set_cookie('username', $email);
} else {
$mobile = $_SESSION['f_key'];
$mobile == $t['mobile'] && $t['vmobile'] or exit('ko');
$_SESSION['mobile_code'] == md5($t['mobile'] . '|' . $code) or exit('ko');
set_cookie('username', $mobile);
}
$salt = random(8);
$pass = dpassword($password, $salt);
$db->query("UPDATE {$DT_PRE}member SET password='******',passsalt='{$salt}' WHERE userid='{$userid}'");
session_destroy();
exit('ok');
break;
case 'check':
isset($type) or exit('ko');
$captcha = isset($captcha) ? convert(input_trim($captcha), 'UTF-8', DT_CHARSET) : '';
$msg = captcha($captcha, 1, true);
if ($msg) {
exit('captcha');
}
if ($type == 'mobile') {
$could_mobile or exit('ko');
is_mobile($mobile) or exit('ko');
$t = $db->get_one("SELECT userid FROM {$DT_PRE}member WHERE mobile='{$mobile}' AND vmobile=1");
if (in_array('capital', $_E)) {
$_E[] = 'regunit';
}
$content_table = content_table(4, $_userid, is_file(DT_CACHE . '/4.part'), $DT_PRE . 'company_data');
$t = $db->get_one("SELECT * FROM {$content_table} WHERE userid={$_userid}");
if ($t) {
$user['content'] = $content = $t['content'];
} else {
$user['content'] = $content = '';
$db->query("REPLACE INTO {$content_table} (userid,content) VALUES ('{$_userid}','')");
}
if ($submit) {
if ($post['password'] && $user['password'] != dpassword($post['oldpassword'], $user['passsalt'])) {
message($L['error_password']);
}
if ($post['payword'] && $user['payword'] != dpassword($post['oldpayword'], $user['paysalt'])) {
message($L['error_payword']);
}
$post['groupid'] = $user['groupid'];
$post['email'] = $user['email'];
$post['passport'] = $user['passport'];
$post['company'] = $user['company'];
$post['domain'] = $user['domain'];
$post['icp'] = $user['icp'];
$post['skin'] = $user['skin'];
$post['template'] = $user['template'];
$post['edittime'] = $DT_TIME;
$post['bank'] = $user['bank'];
$post['banktype'] = $user['banktype'];
$post['branch'] = $user['branch'];
$post['account'] = $user['account'];
}
if (strlen($password) < 6) {
msg('新密码最少6位,请修改');
}
if ($password != $cpassword) {
msg('两次输入的密码不一致,请检查');
}
$r = $db->get_one("SELECT password,passsalt FROM {$DT_PRE}member WHERE userid='{$_userid}'");
if ($r['password'] != dpassword($oldpassword, $r['passsalt'])) {
msg('现有密码错误,请检查');
}
if ($password == $oldpassword) {
msg('新密码不能与现有密码相同');
}
$passsalt = random(8);
$password = dpassword($password, $passsalt);
$db->query("UPDATE {$DT_PRE}member SET password='******',passsalt='{$passsalt}' WHERE userid='{$_userid}'");
userclean($_username);
msg('管理员密码修改成功', '?action=main');
} else {
include tpl('password');
}
break;
case 'side':
include tpl('side');
break;
case 'cron':
include DT_ROOT . '/api/cron.inc.php';
break;
case 'main':
if ($submit) {
<?php
defined('DT_ADMIN') or exit('Access Denied');
$menus = array(array('登录日志', '?moduleid=' . $moduleid . '&file=' . $file), array('日志清理', '?moduleid=' . $moduleid . '&file=' . $file . '&action=clear', 'onclick="if(!confirm(\'为了系统安全,系统仅删除30天之前的日志\\n此操作不可撤销,请谨慎操作\')) return false"'));
switch ($action) {
case 'clear':
$time = $today_endtime - 30 * 86400;
$db->query("DELETE FROM {$DT_PRE}login WHERE logintime<{$time}");
dmsg('清理成功', $forward);
break;
case 'cp':
$r = $db->get_one("SELECT password,passsalt FROM {$DT_PRE}login WHERE logid='{$logid}'");
echo $r['password'] == dpassword($password, $r['passsalt']) ? '匹配' : '不匹配';
exit;
break;
default:
$sfields = array('按条件', '结果', '会员', '密码', 'IP', '客户端');
$dfields = array('message', 'message', 'username', 'password', 'loginip', 'agent');
isset($admin) or $admin = -1;
isset($fields) && isset($dfields[$fields]) or $fields = 0;
$ip = isset($ip) ? $ip : '';
$username = isset($username) ? $username : '';
$fromdate = isset($fromdate) ? $fromdate : '';
$fromtime = is_date($fromdate) ? strtotime($fromdate . ' 0:0:0') : 0;
$todate = isset($todate) ? $todate : '';
$totime = is_date($todate) ? strtotime($todate . ' 23:59:59') : 0;
$fields_select = dselect($sfields, 'fields', '', $fields);
$condition = '1';
if ($keyword) {
$condition .= " AND {$dfields[$fields]} LIKE '%{$keyword}%'";
}
function login_log($username, $password, $salt, $admin = 0, $message = '')
{
global $DT_TIME, $DT_IP, $L;
$password = dpassword($password, $salt);
$agent = addslashes(dhtmlspecialchars(strip_sql($_SERVER['HTTP_USER_AGENT'])));
$message or $message = $L['member_login_ok'];
if ($message == $L['member_login_ok']) {
cache_delete($DT_IP . '.php', 'ban');
}
$this->db->query("INSERT INTO {$this->db->pre}login (username,password,passsalt,admin,loginip,logintime,message,agent) VALUES ('{$username}','{$password}','{$salt}','{$admin}','{$DT_IP}','{$DT_TIME}','{$message}','{$agent}')");
}
} else {
message('密码错误,请重试');
}
} else {
message('Ucenter密码错误,请用Ucenter密码登录');
}
} else {
if ($uid == -3) {
/* Ucenter 安全提问错 */
message('如果需要同步登录Ucenter,请取消Ucenter安全提问');
} else {
if ($uid > 0) {
/* Ucenter 验证成功 */
$api_msg = uc_user_synlogin($uid);
if ($user) {
$vpassword = dpassword($password, $user['passsalt']);
/* 同步DT密码 */
if ($user['password'] != $vpassword) {
$db->query("UPDATE {$DT_PRE}member SET password='******' WHERE username='******'");
}
} else {
/* 会员不存在 */
$auth = encrypt($username . '|' . $rt_password . '|' . $rt_email, DT_KEY . 'UC');
message('请激活您的账号', $MOD['linkurl'] . $DT['file_register'] . '?auth=' . $auth);
}
}
}
}
}
break;
case 'logout':