/**
* 检查指定用户是否存在及密码是否正确(重载基类check_user函数,支持zc加密方法)
*
* @access public
* @param string $username 用户名
*
* @return int
*/
function check_user($username, $password = null, $tm = '')
{
$tm_use_obj = new tm_user();
if ($this->charset != 'UTF8') {
$post_username = ecs_iconv('UTF8', $this->charset, $username);
} else {
$post_username = $username;
}
if ($password === null) {
$sql = "SELECT " . $this->field_id . " FROM " . $this->table($this->user_table) . " WHERE " . $this->field_name . "='" . $post_username . "'";
return $this->db->getOne($sql);
} else {
$sql = "SELECT user_id, password, salt,ec_salt " . " FROM " . $this->table($this->user_table) . " WHERE user_name='{$post_username}'";
$row = $this->db->getRow($sql);
$ec_salt = $row['ec_salt'];
if (empty($row)) {
//查是否是天猫过来的用户
$post_username = TMUSER . $post_username;
$sql = "SELECT user_id, password, salt,ec_salt " . " FROM " . $this->table($this->user_table) . " WHERE user_name='{$post_username}'";
$row = $this->db->getRow($sql);
$ec_salt = $row['ec_salt'];
if (empty($row)) {
//通过接口检查用户是否存在
return $tm_use_obj->post_tm_user($username, $password);
return 0;
//好像这货没用了,留着吧
}
}
if (empty($row['salt'])) {
if ($row['password'] != $this->compile_password(array('password' => $password, 'ec_salt' => $ec_salt))) {
//通过接口检查用户是否存在
return $tm_use_obj->post_tm_user($username, $password);
return 0;
//好像这货没用了,留着吧
} else {
//注释辅助加密key加密方式
/*if(empty($ec_salt))
{
$ec_salt=rand(1,9999);
$new_password=md5(md5($password).$ec_salt);
$sql = "UPDATE ".$this->table($this->user_table)."SET password= '******',ec_salt='".$ec_salt."'".
" WHERE user_name='$post_username'";
$this->db->query($sql);
}*/
return $row['user_id'];
}
} else {
/* 如果salt存在,使用salt方式加密验证,验证通过洗白用户密码 */
$encrypt_type = substr($row['salt'], 0, 1);
$encrypt_salt = substr($row['salt'], 1);
/* 计算加密后密码 */
$encrypt_password = '';
switch ($encrypt_type) {
case ENCRYPT_ZC:
$encrypt_password = md5($encrypt_salt . $password);
break;
/* 如果还有其他加密方式添加到这里 */
//case other :
// ----------------------------------
// break;
/* 如果还有其他加密方式添加到这里 */
//case other :
// ----------------------------------
// break;
case ENCRYPT_UC:
$encrypt_password = md5(md5($password) . $encrypt_salt);
break;
default:
$encrypt_password = '';
}
if ($row['password'] != $encrypt_password) {
return 0;
}
$sql = "UPDATE " . $this->table($this->user_table) . " SET password = '******'password' => $password)) . "', salt=''" . " WHERE user_id = '{$row['user_id']}'";
$this->db->query($sql);
return $row['user_id'];
}
}
}
/**
* 重定向登陆
**/
function redirect($lg)
{
if (!$lg) {
return false;
}
include_once 'lu_compile.php';
include_once 'tm_user.php';
$tm_use_obj = new tm_user();
$obj = new lu_compile();
$username = current($obj->turn_arr($obj->decrypt($lg)));
$tm_use_obj->tm_login($username);
}
//显示重置密码的表单
$smarty->display('user_passport.dwt');
} elseif ($action == 'act_edit_password') {
include_once ROOT_PATH . 'includes/lib_passport.php';
$old_password = isset($_POST['old_password']) ? trim($_POST['old_password']) : null;
$new_password = isset($_POST['new_password']) ? trim($_POST['new_password']) : '';
$user_id = isset($_POST['uid']) ? intval($_POST['uid']) : $user_id;
$code = isset($_POST['code']) ? trim($_POST['code']) : '';
if (strlen($new_password) < 6) {
show_message($_LANG['passport_js']['password_shorter']);
}
$user_info = $user->get_profile_by_id($user_id);
//论坛记录
if ($user_info && (!empty($code) && md5($user_info['user_id'] . $_CFG['hash_code'] . $user_info['reg_time']) == $code) || $_SESSION['user_id'] > 0 && $_SESSION['user_id'] == $user_id && $user->check_user($_SESSION['user_name'], $old_password)) {
/*通知TM平台修改密码信息*/
$tm_user = new tm_user();
if ($tm_user->check_tm_user($user_id) == '1') {
$username = $_SESSION['user_name'] ? $_SESSION['user_name'] : $user_info['user_name'];
$state = $tm_user->update_pwd(substr($username, 3), $new_password);
if ($state == '0') {
show_message('修改密码失败', $_LANG['back_page_up'], '', 'info');
}
}
/*end*/
if ($user->edit_user(array('username' => empty($code) ? $_SESSION['user_name'] : $user_info['user_name'], 'old_password' => $old_password, 'password' => $new_password), empty($code) ? 0 : 1)) {
$sql = "UPDATE " . $ecs->table('users') . "SET `ec_salt`='0' WHERE user_id= '" . $user_id . "'";
$db->query($sql);
$user->logout();
show_message($_LANG['edit_password_success'], $_LANG['relogin_lnk'], 'user.php?act=login', 'info');
} else {
show_message($_LANG['edit_password_failure'], $_LANG['back_page_up'], '', 'info');
admin_priv('users_manage');
$username = empty($_POST['username']) ? '' : trim($_POST['username']);
$password = empty($_POST['password']) ? '' : trim($_POST['password']);
$email = empty($_POST['email']) ? '' : trim($_POST['email']);
$sex = empty($_POST['sex']) ? 0 : intval($_POST['sex']);
$sex = in_array($sex, array(0, 1, 2)) ? $sex : 0;
$birthday = $_POST['birthdayYear'] . '-' . $_POST['birthdayMonth'] . '-' . $_POST['birthdayDay'];
$rank = empty($_POST['user_rank']) ? 0 : intval($_POST['user_rank']);
$rankRow = empty($_POST['rankRow']) ? 0 : intval($_POST['rankRow']);
$credit_line = empty($_POST['credit_line']) ? 0 : floatval($_POST['credit_line']);
//print_r($rank);die;
$users =& init_users();
/*通知TM平台修改密码信息*/
$tm_mark = $db->getOne("select tm_mark from " . $ecs->table('users') . " where user_name = '{$username}'");
if ($tm_mark == '1') {
$tm_user = new tm_user();
$state = $tm_user->update_pwd(substr($username, 3), $password);
if ($state == '0') {
sys_msg('修改密码失败', 0, $links);
}
}
/*end*/
if (!$users->edit_user(array('username' => $username, 'password' => $password, 'email' => $email, 'gender' => $sex, 'bday' => $birthday), 1)) {
if ($users->error == ERR_EMAIL_EXISTS) {
$msg = $_LANG['email_exists'];
} else {
$msg = $_LANG['edit_user_failed'];
}
sys_msg($msg, 1);
}
if (!empty($password)) {
