public function doPassword() { global $_W, $_GPC; if (checksubmit('submit')) { if (!empty($_GPC['title-new'])) { foreach ($_GPC['title-new'] as $index => $row) { $data = array('weid' => $_W['weid'], 'name' => $_GPC['title-new'][$index], 'password' => member_hash($_GPC['password-new'][$index], '')); pdo_insert('card_password', $data); } } if (!empty($_GPC['title'])) { foreach ($_GPC['title'] as $index => $row) { $data = array('name' => $_GPC['title'][$index]); if (!empty($_GPC['password'][$index])) { $data['password'] = member_hash($_GPC['password'][$index], ''); } pdo_update('card_password', $data, array('id' => $index)); } } if (!empty($_GPC['delete'])) { pdo_query("DELETE FROM " . tablename('card_password') . " WHERE id IN (" . implode(',', $_GPC['delete']) . ")"); } message('消费密码更新成功!', referer(), 'success'); } $list = pdo_fetchall("SELECT * FROM " . tablename('card_password') . " WHERE weid = :weid", array(':weid' => $_W['weid'])); include $this->template('password'); }
public function doMobileUseCoupon() { global $_W, $_GPC; checkauth(); $id = intval($_GPC['id']); $item = pdo_fetch("SELECT id, status, couponid, consumetime FROM " . tablename('card_members_coupon') . " WHERE weid = :weid AND from_user = :from_user AND id = :id", array(':weid' => $_W['weid'], ':from_user' => $_W['fans']['from_user'], ':id' => $id)); if (empty($item)) { message('您尚未领取该优惠券!'); } $coupon = pdo_fetch("SELECT * FROM " . tablename('card_coupon') . " WHERE id = :id", array(':id' => $item['couponid'])); if (!empty($coupon['starttime']) && $coupon['starttime'] > TIMESTAMP) { message('此优惠券还未开始!'); } if (!empty($coupon['endtime']) && $coupon['endtime'] < TIMESTAMP) { message('此优惠券已经结束!'); } if (checksubmit('submit')) { if (empty($_GPC['password'])) { message('请输入验证密码!'); } $password = member_hash($_GPC['password'], ''); $row = pdo_fetch("SELECT id, name FROM " . tablename('card_password') . " WHERE password = :password", array(':password' => $password)); if (!empty($row)) { pdo_update('card_members_coupon', array('status' => 2, 'receiver' => $row['name'], 'consumetime' => TIMESTAMP), array('weid' => $_W['weid'], 'from_user' => $_W['fans']['from_user'], 'id' => $id)); message('消费成功!', $this->createMobileUrl('entrycoupon'), 'success'); } else { message('消费密码验证失败,请重试!', $this->createMobileUrl('entrycoupon'), 'error'); } } include $this->template('usecoupon'); }
<?php /** * [WeEngine System] Copyright (c) 2013 WE7.CC */ defined('IN_IA') or exit('Access Denied'); $do = !empty($_GPC['do']) && in_array($_GPC['do'], array('profile')) ? $_GPC['do'] : 'profile'; if ($do == 'profile') { if (checksubmit('submit')) { $sql = "SELECT username, password, salt FROM " . tablename('members') . " WHERE `username` = '{$_GPC['name']}'"; $user = pdo_fetch($sql); if (empty($user)) { message('抱歉,用户不存在或是已经被删除!', create_url('setting/profile'), 'error'); } if (empty($_GPC['name']) || empty($_GPC['pw']) || empty($_GPC['pw2'])) { message('管理账号或者密码不能为空,请重新填写!', create_url('setting/profile'), 'error'); } if ($_GPC['pw'] == $_GPC['pw2']) { message('新密码与原密码一致,请检查!', create_url('setting/admin'), 'right'); } $password_old = member_hash($_GPC['pw'], $user['salt']); if ($user['password'] != $password_old) { message('原密码错误,请重新填写!', create_url('setting/profile'), 'error'); } $result = ''; $members = array('username' => $_GPC['name'], 'password' => member_hash($_GPC['pw2'], $user['salt'])); $result = pdo_update('members', $members, array('uid' => $_W['uid'])); message('修改成功!', create_url('index'), 'success'); } template('setting/profile'); }
/** * 更新用户资料 * PS:密码字段需要加密 * @param array $member 用户的资料数据, 需要的字段可以包括password, status, lastvisit, lastip, remark 必须包括 uid * @return bool */ function member_update($member) { if (empty($member['uid'])) { return false; } $params = array(); if ($member['password']) { $params['password'] = member_hash($member['password'], $member['salt']); } if ($member['lastvisit']) { $params['lastvisit'] = strlen($member['lastvisit']) == 10 ? $member['lastvisit'] : strtotime($member['lastvisit']); } if ($member['lastip']) { $params['lastip'] = $member['lastip']; } if (isset($member['joinip'])) { $params['joinip'] = $member['joinip']; } if (isset($member['remark'])) { $params['remark'] = $member['remark']; } if (isset($member['status'])) { $params['status'] = $member['status']; } if (isset($member['groupid'])) { $params['groupid'] = $member['groupid']; } if (empty($params)) { return false; } return pdo_update('members', $params, array('uid' => intval($member['uid']))); }
defined('IN_IA') or exit('Access Denied'); $do = !empty($_GPC['do']) && in_array($_GPC['do'], array('profile')) ? $_GPC['do'] : 'profile'; if ($do == 'profile') { if (checksubmit('submit')) { $sql = "SELECT username, password, salt FROM " . tablename('members') . ' ORDER BY `uid` DESC'; $user = pdo_fetch($sql); if (empty($user)) { message('抱歉,用户不存在或是已经被删除!', create_url('setting/profile'), 'error'); } if (empty($_GPC['name']) || empty($_GPC['pw']) || empty($_GPC['pw2'])) { message('管理账号或者密码不能为空,请重新填写!', create_url('setting/profile'), 'error'); } if ($_GPC['pw'] == $_GPC['pw2']) { message('新密码与原密码一致,请检查!', create_url('setting/admin'), 'right'); } $password_old = member_hash($_GPC['pw'], $user['salt']); if ($user['password'] != $password_old) { message('原密码错误,请重新填写!', create_url('setting/profile'), 'error'); } $result = ''; $members = array( 'username' => $_GPC['name'], 'password' => member_hash($_GPC['pw2'], $user['salt']), ); $result = pdo_update('members', $members, array('uid' => $_W['uid'])); message('修改成功!', create_url('setting/profile'), 'success'); } template('setting/profile'); }