$CurUserInfo = null;
//当前用户信息,Array,以后判断是否登陆使用if($CurUserID)
$CurUserRole = 0;
$CurUserID = intval(GetCookie('UserID'));
$CurUserExpirationTime = intval(GetCookie('UserExpirationTime'));
$CurUserCode = GetCookie('UserCode');
if ($CurUserExpirationTime > $TimeStamp && $CurUserExpirationTime < $TimeStamp + 2678400 && $CurUserID && $CurUserCode) {
$TempUserInfo = array();
if ($MCache) {
$TempUserInfo = $MCache->get(MemCachePrefix . 'UserInfo_' . $CurUserID);
}
if (!$TempUserInfo) {
$TempUserInfo = $DB->row("SELECT * FROM " . $Prefix . "users WHERE ID = :UserID", array("UserID" => $CurUserID));
if ($MCache && $TempUserInfo) {
$MCache->set(MemCachePrefix . 'UserInfo_' . $CurUserID, $TempUserInfo, 86400);
}
}
//Using hash_equals() in the future
if ($TempUserInfo && HashEquals(md5($TempUserInfo['Password'] . $TempUserInfo['Salt'] . $CurUserExpirationTime . $SALT), $CurUserCode)) {
$CurUserName = $TempUserInfo['UserName'];
$CurUserRole = $TempUserInfo['UserRoleID'];
$CurUserInfo = $TempUserInfo;
} else {
SetCookies(array('UserID' => '', 'UserExpirationTime' => '', 'UserCode' => ''), 1);
$CurUserID = 0;
}
unset($TempUserInfo);
} elseif ($CurUserExpirationTime || $CurUserID || $CurUserCode) {
SetCookies(array('UserID' => '', 'UserExpirationTime' => '', 'UserCode' => ''), 1);
$CurUserID = 0;
}
$ErrorCode = 101002;
break;
}
session_write_close();
if ($VerifyCode !== $TempVerificationCode) {
$Error = $Lang['Verification_Code_Error'];
$ErrorCode = 101002;
break;
}
$DBUser = $DB->row("SELECT ID,UserName,Salt,Password,UserRoleID,UserMail,UserIntro FROM " . $Prefix . "users WHERE UserName = :UserName", array("UserName" => $UserName));
if (!$DBUser) {
$Error = $Lang['User_Does_Not_Exist'];
$ErrorCode = 101003;
break;
}
if (!HashEquals($DBUser['Password'], md5($Password . $DBUser['Salt']))) {
$Error = $Lang['Password_Error'];
$ErrorCode = 101004;
break;
}
UpdateUserInfo(array('LastLoginTime' => $TimeStamp, 'UserLastIP' => CurIP()), $DBUser['ID']);
$TemporaryUserExpirationTime = $Expires * 86400 + $TimeStamp;
if (!$IsApp) {
SetCookies(array('UserID' => $DBUser['ID'], 'UserExpirationTime' => $TemporaryUserExpirationTime, 'UserCode' => md5($DBUser['Password'] . $DBUser['Salt'] . $TemporaryUserExpirationTime . $SALT)), $Expires);
if ($ReturnUrl) {
header('location: ' . $ReturnUrl);
exit('logined');
} else {
header('location: ' . $Config['WebsitePath'] . '/');
exit('logined');
}
if (count($AccessTokenArray) === 3) {
$UserName = $AccessTokenArray[0];
$TokenExpirationTime = intval($AccessTokenArray[1]);
$Token = $AccessTokenArray[2];
} else {
AlertMsg('Bad Request', 'Bad Request', 400);
}
if ($TokenExpirationTime < $TimeStamp || $TokenExpirationTime >= $TimeStamp + 7200) {
AlertMsg($Lang['Page_Has_Expired'], $Lang['Page_Has_Expired']);
}
$UserInfo = array();
$UserInfo = $DB->row('SELECT * FROM ' . $Prefix . 'users Where UserName=:UserName', array('UserName' => $UserName));
if (!$UserInfo) {
AlertMsg('404 Not Found', '404 Not Found', 404);
} else {
if (HashEquals(md5($UserInfo['Password'] . $UserInfo['Salt'] . md5($TokenExpirationTime) . md5($SALT)), $Token)) {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//重设密码
$Password = Request('Post', 'Password');
$Password2 = Request('Post', 'Password2');
$VerifyCode = intval(Request('Post', 'VerifyCode'));
if ($Password && $Password2 && $VerifyCode) {
if ($Password === $Password2) {
session_start();
if (isset($_SESSION[$Prefix . 'VerificationCode']) && $VerifyCode === intval($_SESSION[$Prefix . 'VerificationCode'])) {
$NewSalt = $UserInfo['Salt'];
$NewPasswordHash = md5(md5($Password) . $NewSalt);
if (UpdateUserInfo(array('Salt' => $NewSalt, 'Password' => $NewPasswordHash), $UserInfo['ID'])) {
$TemporaryUserExpirationTime = 30 * 86400 + $TimeStamp;
//默认保持30天登陆状态
SetCookies(array('UserExpirationTime' => $TemporaryUserExpirationTime, 'UserCode' => md5($NewPasswordHash . $NewSalt . $TemporaryUserExpirationTime . $SALT)), 30);