/**
* check id pwd
* @param String $id
* @param String $pwd
* @param String $md5
* @param String $ip
* @return {v:true|false,pwd:}
*/
public function sys_checkpwd()
{
@($id = trim($this->params['url']['id']));
@($pwd = rawurldecode($this->params['url']['pwd']));
@($md5 = intval(trim($this->params['url']['md5'])));
@($ip = trim($this->params['url']['ip']));
$md5 = $md5 == 1 ? true : false;
$this->ByrSession->from = $ip == "" ? "0.0.0.0" : $ip;
if ($md5) {
if (Configure::read("cookie.encryption")) {
$pwd = $this->ByrSession->decrypt($pwd);
}
$pwd = base64_decode($pwd);
}
$ret = array();
if (Forum::checkPwd($id, $pwd, $md5, true)) {
$ret['v'] = true;
$pwd = base64_encode(User::getInstance($id)->md5passwd);
if (Configure::read("cookie.encryption")) {
$pwd = $this->ByrSession->encrypt($pwd);
}
$ret['pwd'] = rawurlencode($pwd);
} else {
$ret['v'] = false;
}
echo BYRJSON::encode($ret);
}
public static function getCurrentUser()
{
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
header('WWW-Authenticate: Basic realm="nForum API"');
header('HTTP/1.0 401 Unauthorized');
exit;
}
$id = trim($_SERVER['PHP_AUTH_USER']);
$pwd = $_SERVER['PHP_AUTH_PW'];
if (strtolower($id) === 'guest' || Forum::checkPwd($id, $pwd, false, true)) {
return $id;
}
return false;
}
public function ajax_passwd()
{
if (!$this->RequestHandler->isPost()) {
$this->error(ECode::$SYS_REQUESTERROR);
}
$this->requestLogin();
$u = User::getInstance();
if (isset($this->params['form']['name'])) {
$name = $this->params['form']['name'];
$name = nforum_iconv('UTF-8', $this->encoding, $name);
//0 means modify forever
if ($u->setName($name)) {
$ret['ajax_code'] = ECode::$USER_NAMEOK;
$this->set('no_html_data', $ret);
} else {
$this->error(ECode::$USER_NAMEERROR);
}
} else {
if (isset($this->params['form']['pold']) && isset($this->params['form']['pnew1']) && isset($this->params['form']['pnew2'])) {
$old = $this->params['form']['pold'];
$new1 = $this->params['form']['pnew1'];
$new2 = $this->params['form']['pnew2'];
if ($new1 !== $new2) {
$this->error(ECode::$USER_PWDERROR);
}
if (!Forum::checkPwd($u->userid, $old, false, false)) {
$this->error(ECode::$USER_OLDPWDERROR);
}
if (!$u->setPwd($new1)) {
$this->error(ECode::$USER_PWDERROR);
}
$ret['ajax_code'] = ECode::$USER_PWDOK;
$this->set('no_html_data', $ret);
}
}
}
public function login($id, $pwd, $md5 = true, $cookieTime = null)
{
if ($this->isLogin || $this->isGuest) {
Forum::kickUser();
}
$ret = Forum::checkBanIP($id, $this->from);
switch ($ret) {
case 1:
throw new LoginException(ECode::$LOGIN_IPBAN);
break;
case 2:
throw new LoginException(ECode::$LOGIN_EPOS);
break;
case 3:
throw new LoginException(ECode::$LOGIN_ERROR);
break;
}
if ($id != 'guest' && !Forum::checkPwd($id, $pwd, $md5, true)) {
throw new LoginException(ECode::$LOGIN_ERROR);
}
$ret = Forum::setUser(true);
switch ($ret) {
case -1:
throw new LoginException(ECode::$LOGIN_MULLOGIN);
case 1:
throw new LoginException(ECode::$LOGIN_MAX);
case 3:
throw new LoginException(ECode::$LOGIN_IDBAN);
case 4:
throw new LoginException(ECode::$LOGIN_IPBAN);
case 5:
throw new LoginException(ECode::$LOGIN_FREQUENT);
case 7:
throw new LoginException(ECode::$LOGIN_NOPOS);
}
User::update();
$u = User::getInstance();
$utmpkey = $u->utmpkey;
$pass = base64_encode($u->md5passwd);
if (Configure::read("cookie.encryption")) {
$utmpkey = $this->encrypt($utmpkey);
$pass = $this->encrypt($pass);
}
$this->isLogin = true;
$this->Cookie->write("UTMPUSERID", $u->userid, false, $cookieTime);
$this->Cookie->write("UTMPKEY", $utmpkey, false);
$this->Cookie->write("UTMPNUM", $u->index, false);
$this->Cookie->write("PASSWORD", $pass, false, $cookieTime);
}
