public function doPassword()
{
global $_W, $_GPC;
if (checksubmit('submit')) {
if (!empty($_GPC['title-new'])) {
foreach ($_GPC['title-new'] as $index => $row) {
$data = array('weid' => $_W['weid'], 'name' => $_GPC['title-new'][$index], 'password' => member_hash($_GPC['password-new'][$index], ''));
pdo_insert('card_password', $data);
}
}
if (!empty($_GPC['title'])) {
foreach ($_GPC['title'] as $index => $row) {
$data = array('name' => $_GPC['title'][$index]);
if (!empty($_GPC['password'][$index])) {
$data['password'] = member_hash($_GPC['password'][$index], '');
}
pdo_update('card_password', $data, array('id' => $index));
}
}
if (!empty($_GPC['delete'])) {
pdo_query("DELETE FROM " . tablename('card_password') . " WHERE id IN (" . implode(',', $_GPC['delete']) . ")");
}
message('消费密码更新成功!', referer(), 'success');
}
$list = pdo_fetchall("SELECT * FROM " . tablename('card_password') . " WHERE weid = :weid", array(':weid' => $_W['weid']));
include $this->template('password');
}
public function doMobileUseCoupon()
{
global $_W, $_GPC;
checkauth();
$id = intval($_GPC['id']);
$item = pdo_fetch("SELECT id, status, couponid, consumetime FROM " . tablename('card_members_coupon') . " WHERE weid = :weid AND from_user = :from_user AND id = :id", array(':weid' => $_W['weid'], ':from_user' => $_W['fans']['from_user'], ':id' => $id));
if (empty($item)) {
message('您尚未领取该优惠券!');
}
$coupon = pdo_fetch("SELECT * FROM " . tablename('card_coupon') . " WHERE id = :id", array(':id' => $item['couponid']));
if (!empty($coupon['starttime']) && $coupon['starttime'] > TIMESTAMP) {
message('此优惠券还未开始!');
}
if (!empty($coupon['endtime']) && $coupon['endtime'] < TIMESTAMP) {
message('此优惠券已经结束!');
}
if (checksubmit('submit')) {
if (empty($_GPC['password'])) {
message('请输入验证密码!');
}
$password = member_hash($_GPC['password'], '');
$row = pdo_fetch("SELECT id, name FROM " . tablename('card_password') . " WHERE password = :password", array(':password' => $password));
if (!empty($row)) {
pdo_update('card_members_coupon', array('status' => 2, 'receiver' => $row['name'], 'consumetime' => TIMESTAMP), array('weid' => $_W['weid'], 'from_user' => $_W['fans']['from_user'], 'id' => $id));
message('消费成功!', $this->createMobileUrl('entrycoupon'), 'success');
} else {
message('消费密码验证失败,请重试!', $this->createMobileUrl('entrycoupon'), 'error');
}
}
include $this->template('usecoupon');
}
<?php
/**
* [WeEngine System] Copyright (c) 2013 WE7.CC
*/
defined('IN_IA') or exit('Access Denied');
$do = !empty($_GPC['do']) && in_array($_GPC['do'], array('profile')) ? $_GPC['do'] : 'profile';
if ($do == 'profile') {
if (checksubmit('submit')) {
$sql = "SELECT username, password, salt FROM " . tablename('members') . " WHERE `username` = '{$_GPC['name']}'";
$user = pdo_fetch($sql);
if (empty($user)) {
message('抱歉,用户不存在或是已经被删除!', create_url('setting/profile'), 'error');
}
if (empty($_GPC['name']) || empty($_GPC['pw']) || empty($_GPC['pw2'])) {
message('管理账号或者密码不能为空,请重新填写!', create_url('setting/profile'), 'error');
}
if ($_GPC['pw'] == $_GPC['pw2']) {
message('新密码与原密码一致,请检查!', create_url('setting/admin'), 'right');
}
$password_old = member_hash($_GPC['pw'], $user['salt']);
if ($user['password'] != $password_old) {
message('原密码错误,请重新填写!', create_url('setting/profile'), 'error');
}
$result = '';
$members = array('username' => $_GPC['name'], 'password' => member_hash($_GPC['pw2'], $user['salt']));
$result = pdo_update('members', $members, array('uid' => $_W['uid']));
message('修改成功!', create_url('index'), 'success');
}
template('setting/profile');
}
/**
* 更新用户资料
* PS:密码字段需要加密
* @param array $member 用户的资料数据, 需要的字段可以包括password, status, lastvisit, lastip, remark 必须包括 uid
* @return bool
*/
function member_update($member)
{
if (empty($member['uid'])) {
return false;
}
$params = array();
if ($member['password']) {
$params['password'] = member_hash($member['password'], $member['salt']);
}
if ($member['lastvisit']) {
$params['lastvisit'] = strlen($member['lastvisit']) == 10 ? $member['lastvisit'] : strtotime($member['lastvisit']);
}
if ($member['lastip']) {
$params['lastip'] = $member['lastip'];
}
if (isset($member['joinip'])) {
$params['joinip'] = $member['joinip'];
}
if (isset($member['remark'])) {
$params['remark'] = $member['remark'];
}
if (isset($member['status'])) {
$params['status'] = $member['status'];
}
if (isset($member['groupid'])) {
$params['groupid'] = $member['groupid'];
}
if (empty($params)) {
return false;
}
return pdo_update('members', $params, array('uid' => intval($member['uid'])));
}
defined('IN_IA') or exit('Access Denied');
$do = !empty($_GPC['do']) && in_array($_GPC['do'], array('profile')) ? $_GPC['do'] : 'profile';
if ($do == 'profile') {
if (checksubmit('submit')) {
$sql = "SELECT username, password, salt FROM " . tablename('members') . ' ORDER BY `uid` DESC';
$user = pdo_fetch($sql);
if (empty($user)) {
message('抱歉,用户不存在或是已经被删除!', create_url('setting/profile'), 'error');
}
if (empty($_GPC['name']) || empty($_GPC['pw']) || empty($_GPC['pw2'])) {
message('管理账号或者密码不能为空,请重新填写!', create_url('setting/profile'), 'error');
}
if ($_GPC['pw'] == $_GPC['pw2']) {
message('新密码与原密码一致,请检查!', create_url('setting/admin'), 'right');
}
$password_old = member_hash($_GPC['pw'], $user['salt']);
if ($user['password'] != $password_old) {
message('原密码错误,请重新填写!', create_url('setting/profile'), 'error');
}
$result = '';
$members = array(
'username' => $_GPC['name'],
'password' => member_hash($_GPC['pw2'], $user['salt']),
);
$result = pdo_update('members', $members, array('uid' => $_W['uid']));
message('修改成功!', create_url('setting/profile'), 'success');
}
template('setting/profile');
}