/** * 用户注册 * @param $email string 邮箱 * @param $password string hash密码 * @param $name string 用户名 * @param $captcha string 验证码 * @return int 错误代码或者用户成功注册ID */ public function Register($email, $password, $name, $captcha) { $email = strtolower(trim($email)); $password = strtolower(trim($password)); $name = strtolower(trim($name)); $captcha = trim($captcha); if (($code = hook()->apply("UserRegister_Register_before", 0, $email, $password, $name, $captcha)) < 0) { return $code; } if (!$this->Captcha($captcha)) { return -1; } if (!UserCheck::CheckPassword($password)) { return -2; } if (UserCheck::CheckName($name) !== true) { return -4; } if (UserCheck::CheckEmail($email) !== true) { return -5; } $ip = new Ip(); $register_array = ['user_name' => $name, 'user_email' => $email, 'user_aliases' => $name, 'user_password' => '', 'user_salt' => salt(64), 'user_registered_time' => date("Y-m-d H:i:s"), 'user_registered_ip' => $ip->ip2bin($ip->realip()), 'user_cookie_salt' => salt(64), 'user_avatar' => UserCheck::DefaultAvatar(), 'user_status' => 0]; $register_array['user_password'] = UserCheck::CreatePassword($password, $register_array['user_salt']); $reg_code = db()->insert("users", $register_array); if ($reg_code <= 0) { Log::write(_("User register insert sql error."), Log::SQL); return -3; } try { //关于注册成功的提醒 hook()->apply("UserRegister_Register_success", $reg_code, $register_array); if (hook()->apply("UserRegister_Register_success_send_mail", true)) { //判断是否注册过程中需要发送注册邮件 $u = new User($reg_code); $this->SendActivationMail($u); } } catch (\Exception $ex) { Log::write(_("User register success exception notice"), Log::NOTICE); } return $reg_code; }
public function user_add() { $req = req()->_plain(); if ($req->is_post()) { lib()->load("UserRegister", "UserCheck"); try { $ur = new UserRegister(); hook()->add('UserRegister_Captcha', function () { //通过钩子去掉用户注册验证码 return true; }); $id = $ur->Register($req->post('email'), UserCheck::MakeHashChar($req->post('password')), $req->post('name'), "ADMIN"); if ($id > 0) { $this->rt_msg['status'] = true; $this->rt_msg['content'] = $id; } else { $this->rt_msg['msg'] = $ur->CodeMsg($id); } } catch (\Exception $ex) { $this->rt_msg['msg'] = $ex->getMessage(); } } else { $this->rt_msg['msg'] = "必须以POST方式提交数据"; } }
/** * 修改用户邮箱 * @param User $user * @param string $email * @param string $password * @param string $code * @throws \Exception */ public function edit_email($user, $email, $password, $code) { lib()->load('UserCheck'); $email = strtolower(trim($email)); $code = strtolower(trim($code)); if ($user->getPassword() !== UserCheck::CreatePassword($password, $user->getSalt())) { $this->throwMsg(-10); } $email_check = UserCheck::CheckEmail($email); if ($email_check !== true) { throw new \Exception($email_check); } $meta = $user->getMeta()->get(['edit_email_add', 'edit_email_time', 'edit_email_code'], ''); if ($meta['edit_email_add'] !== $email) { $this->throwMsg(-13); } if ($meta['edit_email_code'] !== $code) { $this->throwMsg(-12); } if (time() - strtotime($meta['edit_email_time']) > hook()->apply('UserControl_edit_email_time', 3 * 24 * 60 * 60)) { $this->throwMsg(-11); } $user->getMeta()->delete(['edit_email_add', 'edit_email_time', 'edit_email_code']); $user->set(['email' => $email]); }
header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); $post = $req->post('s'); foreach (['title', 'desc', 'url', 'email', 'static_url'] as $v) { if (!isset($post[$v]) || empty($post[$v])) { die("系统设置有空字段:" . $v); } } $user = $req->post('u'); lib()->load('UserCheck'); if (!\ULib\UserCheck::CheckUsernameChar($user['name'])) { die("用户名称检测错误"); } $user['pwd'] = \ULib\UserCheck::MakeHashChar($user['pwd']); $user['email'] = $post['email']; if (!\ULib\UserCheck::CheckEmailChar($user['email'])) { die("管理员邮箱格式不正确"); } $option_setting = str_replace(['{title}', '{desc}', '{url}', '{email}', '{static_url}'], [$post['title'], $post['desc'], $post['url'], $post['email'], $post['static_url']], $option_setting); $pdo = $sql->getWriter(); $pdo->exec("delete from `options` where `id` > 0"); $pdo->exec("alter table `options` auto_increment=1;"); $pdo->exec($option_setting); lib()->load('UserRegister', 'UserCheck', 'User'); hook()->add('UserRegister_Captcha', function () { //通过钩子去掉用户注册验证码 return true; }); hook()->add('MailTemplate_mailSend', function () { //去掉发送邮件发送功能 return false;
/** * POST登录 * @param string $account * @param string $password * @param string $captcha * @param bool $save_status */ public function PostLogin($account, $password, $captcha, $save_status) { if (empty($account) || empty($password)) { $this->throwMsg(-10); } $save_status = !empty($save_status); if (!$this->Captcha($captcha)) { //验证码检测 $this->throwMsg(-5); } $account = strtolower($account); $password = strtolower($password); $this->GetAccountUser($account); lib()->load('UserCheck'); if (!UserCheck::CheckPasswordChar($password)) { $this->throwMsg(-3); } $ip = Ip::getInstance(); $max_error_count = hook()->apply("UserLogin_max_error_count", 6); $now_ip = $ip->realip(); if ($max_error_count <= $this->user->getErrorLoginCount() && $ip->fill($now_ip) === $ip->fill($this->user->getErrorLoginIp()) && explode(" ", $this->user->getErrorLoginTime())[0] == date("Y-m-d")) { //登录被限制 $this->throwMsg(-8); } else { if (UserCheck::CreatePassword($password, $this->user->getSalt()) !== $this->user->getPassword()) { //错误登录记录 $this->user->set(array("error_login_count" => 1 + $this->user->getErrorLoginCount(), 'error_login_time' => date("Y-m-d H:i:s"), 'error_login_ip' => $now_ip)); if ($this->user->getErrorLoginCount() >= $max_error_count) { hook()->apply("UserLogin_PostLogin_restrictions", NULL, $this->user); } $this->throwMsg(-4); } else { if (in_array($this->user->getStatus(), [0, 1, 2])) { if ($this->user->getErrorLoginCount() > 0) { //错误登录清零 $this->user->set(array("error_login_count" => 0)); } } else { //登录受限制,无法登录 $this->throwMsg(-9); } } } try { //登录成功后的COOKIE设置 if (strlen($this->user->getCookieLogin()) < 10) { $this->user->set(array("cookie_login" => salt_hash(time() . $this->user->getEmail(), salt(20)))); } if ($save_status) { cookie()->set("UserLogin", $this->user->getId() . "\t" . $this->user->getCookieLogin(), hook()->apply("UserLogin_PostLogin_CookieTime", time() + 60 * 60 * 24 * 7)); } else { cookie()->set("UserLogin", $this->user->getId() . "\t" . $this->user->getCookieLogin()); } } catch (\Exception $ex) { $this->throwMsg(-6); } try { //最后登录信息 self::setLastLoginInfo($this->user); } catch (\Exception $ex) { $this->code = -7; } hook()->apply('UserLogin_PostLogin_Success', NULL, $this->user); }
/** * @param $list array * @throws \Exception */ public function set($list) { $data = []; $update = []; foreach ($list as $name => $value) { $name = trim($name); if ($name !== 'id' && in_array($name, self::$column_list)) { $data[$name] = $value; $update["user_" . $name] = $value; if (substr($name, -3) === '_ip') { $update["user_" . $name] = Ip::getInstance()->ip2bin($value); } } } lib()->load('UserCheck'); if (isset($update['user_aliases']) && empty($update['user_aliases'])) { throw new \Exception(_("Aliases can't set empty.")); } if (isset($update['user_email']) && !UserCheck::CheckEmailChar($update['user_email'])) { throw new \Exception(_("Email verify check Error")); } if (isset($update['user_name']) && !UserCheck::CheckUsernameChar($update['user_name'])) { throw new \Exception(_("Username verify check Error")); } if (isset($update['user_password']) && !UserCheck::CheckPasswordChar($update['user_password'])) { throw new \Exception(_("Password verify check Error")); } if (isset($update['user_url']) && $update['user_url'] != "" && !filter_var($update['user_url'], FILTER_VALIDATE_URL)) { throw new \Exception(_("Url check error")); } if (count($update) > 0) { if (db()->update("users", $update, ['id' => $this->id]) === false) { throw new \Exception(_("Can't update User info.") . debug("SQL msg:" . implode(",", db()->error()['write']))); } foreach ($data as $n => $v) { $this->{$n} = $v; } } }
/** * 根据明文创建一个可供表单提交的HASH密码 * @param $str */ public function make_hash_char($str = NULL) { lib()->load('UserCheck'); $str = trim($str); if (empty($str)) { $this->rt_msg['msg'] = "提交的字符有误"; } else { $this->rt_msg['status'] = true; $this->rt_msg['content'] = UserCheck::MakeHashChar($str); } }