예제 #1
0
파일: ecshop.php 프로젝트: dlpc/ecshop
 /**
  *  检查指定用户是否存在及密码是否正确(重载基类check_user函数,支持zc加密方法)
  *
  * @access  public
  * @param   string  $username   用户名
  *
  * @return  int
  */
 function check_user($username, $password = null, $tm = '')
 {
     $tm_use_obj = new tm_user();
     if ($this->charset != 'UTF8') {
         $post_username = ecs_iconv('UTF8', $this->charset, $username);
     } else {
         $post_username = $username;
     }
     if ($password === null) {
         $sql = "SELECT " . $this->field_id . " FROM " . $this->table($this->user_table) . " WHERE " . $this->field_name . "='" . $post_username . "'";
         return $this->db->getOne($sql);
     } else {
         $sql = "SELECT user_id, password, salt,ec_salt " . " FROM " . $this->table($this->user_table) . " WHERE user_name='{$post_username}'";
         $row = $this->db->getRow($sql);
         $ec_salt = $row['ec_salt'];
         if (empty($row)) {
             //查是否是天猫过来的用户
             $post_username = TMUSER . $post_username;
             $sql = "SELECT user_id, password, salt,ec_salt " . " FROM " . $this->table($this->user_table) . " WHERE user_name='{$post_username}'";
             $row = $this->db->getRow($sql);
             $ec_salt = $row['ec_salt'];
             if (empty($row)) {
                 //通过接口检查用户是否存在
                 return $tm_use_obj->post_tm_user($username, $password);
                 return 0;
                 //好像这货没用了,留着吧
             }
         }
         if (empty($row['salt'])) {
             if ($row['password'] != $this->compile_password(array('password' => $password, 'ec_salt' => $ec_salt))) {
                 //通过接口检查用户是否存在
                 return $tm_use_obj->post_tm_user($username, $password);
                 return 0;
                 //好像这货没用了,留着吧
             } else {
                 //注释辅助加密key加密方式
                 /*if(empty($ec_salt))
                 	    {
                 			$ec_salt=rand(1,9999);
                 			$new_password=md5(md5($password).$ec_salt);
                 		    $sql = "UPDATE ".$this->table($this->user_table)."SET password= '******',ec_salt='".$ec_salt."'".
                                 " WHERE user_name='$post_username'";
                                       $this->db->query($sql);
                 		}*/
                 return $row['user_id'];
             }
         } else {
             /* 如果salt存在,使用salt方式加密验证,验证通过洗白用户密码 */
             $encrypt_type = substr($row['salt'], 0, 1);
             $encrypt_salt = substr($row['salt'], 1);
             /* 计算加密后密码 */
             $encrypt_password = '';
             switch ($encrypt_type) {
                 case ENCRYPT_ZC:
                     $encrypt_password = md5($encrypt_salt . $password);
                     break;
                     /* 如果还有其他加密方式添加到这里  */
                     //case other :
                     //  ----------------------------------
                     //  break;
                 /* 如果还有其他加密方式添加到这里  */
                 //case other :
                 //  ----------------------------------
                 //  break;
                 case ENCRYPT_UC:
                     $encrypt_password = md5(md5($password) . $encrypt_salt);
                     break;
                 default:
                     $encrypt_password = '';
             }
             if ($row['password'] != $encrypt_password) {
                 return 0;
             }
             $sql = "UPDATE " . $this->table($this->user_table) . " SET password = '******'password' => $password)) . "', salt=''" . " WHERE user_id = '{$row['user_id']}'";
             $this->db->query($sql);
             return $row['user_id'];
         }
     }
 }
예제 #2
0
파일: index.php 프로젝트: dlpc/ecshop
/**
* 重定向登陆
**/
function redirect($lg)
{
    if (!$lg) {
        return false;
    }
    include_once 'lu_compile.php';
    include_once 'tm_user.php';
    $tm_use_obj = new tm_user();
    $obj = new lu_compile();
    $username = current($obj->turn_arr($obj->decrypt($lg)));
    $tm_use_obj->tm_login($username);
}
예제 #3
0
파일: user.php 프로젝트: dlpc/ecshop
    //显示重置密码的表单
    $smarty->display('user_passport.dwt');
} elseif ($action == 'act_edit_password') {
    include_once ROOT_PATH . 'includes/lib_passport.php';
    $old_password = isset($_POST['old_password']) ? trim($_POST['old_password']) : null;
    $new_password = isset($_POST['new_password']) ? trim($_POST['new_password']) : '';
    $user_id = isset($_POST['uid']) ? intval($_POST['uid']) : $user_id;
    $code = isset($_POST['code']) ? trim($_POST['code']) : '';
    if (strlen($new_password) < 6) {
        show_message($_LANG['passport_js']['password_shorter']);
    }
    $user_info = $user->get_profile_by_id($user_id);
    //论坛记录
    if ($user_info && (!empty($code) && md5($user_info['user_id'] . $_CFG['hash_code'] . $user_info['reg_time']) == $code) || $_SESSION['user_id'] > 0 && $_SESSION['user_id'] == $user_id && $user->check_user($_SESSION['user_name'], $old_password)) {
        /*通知TM平台修改密码信息*/
        $tm_user = new tm_user();
        if ($tm_user->check_tm_user($user_id) == '1') {
            $username = $_SESSION['user_name'] ? $_SESSION['user_name'] : $user_info['user_name'];
            $state = $tm_user->update_pwd(substr($username, 3), $new_password);
            if ($state == '0') {
                show_message('修改密码失败', $_LANG['back_page_up'], '', 'info');
            }
        }
        /*end*/
        if ($user->edit_user(array('username' => empty($code) ? $_SESSION['user_name'] : $user_info['user_name'], 'old_password' => $old_password, 'password' => $new_password), empty($code) ? 0 : 1)) {
            $sql = "UPDATE " . $ecs->table('users') . "SET `ec_salt`='0' WHERE user_id= '" . $user_id . "'";
            $db->query($sql);
            $user->logout();
            show_message($_LANG['edit_password_success'], $_LANG['relogin_lnk'], 'user.php?act=login', 'info');
        } else {
            show_message($_LANG['edit_password_failure'], $_LANG['back_page_up'], '', 'info');
예제 #4
0
파일: users.php 프로젝트: dlpc/ecshop
 admin_priv('users_manage');
 $username = empty($_POST['username']) ? '' : trim($_POST['username']);
 $password = empty($_POST['password']) ? '' : trim($_POST['password']);
 $email = empty($_POST['email']) ? '' : trim($_POST['email']);
 $sex = empty($_POST['sex']) ? 0 : intval($_POST['sex']);
 $sex = in_array($sex, array(0, 1, 2)) ? $sex : 0;
 $birthday = $_POST['birthdayYear'] . '-' . $_POST['birthdayMonth'] . '-' . $_POST['birthdayDay'];
 $rank = empty($_POST['user_rank']) ? 0 : intval($_POST['user_rank']);
 $rankRow = empty($_POST['rankRow']) ? 0 : intval($_POST['rankRow']);
 $credit_line = empty($_POST['credit_line']) ? 0 : floatval($_POST['credit_line']);
 //print_r($rank);die;
 $users =& init_users();
 /*通知TM平台修改密码信息*/
 $tm_mark = $db->getOne("select tm_mark from " . $ecs->table('users') . " where user_name = '{$username}'");
 if ($tm_mark == '1') {
     $tm_user = new tm_user();
     $state = $tm_user->update_pwd(substr($username, 3), $password);
     if ($state == '0') {
         sys_msg('修改密码失败', 0, $links);
     }
 }
 /*end*/
 if (!$users->edit_user(array('username' => $username, 'password' => $password, 'email' => $email, 'gender' => $sex, 'bday' => $birthday), 1)) {
     if ($users->error == ERR_EMAIL_EXISTS) {
         $msg = $_LANG['email_exists'];
     } else {
         $msg = $_LANG['edit_user_failed'];
     }
     sys_msg($msg, 1);
 }
 if (!empty($password)) {