/**
* 添加帐号
*/
public function addUser($data)
{
if (empty($data['username'])) {
$this->error = '用户名不能为空';
return false;
}
if (empty($data['password'])) {
$this->error = '密码不能为空';
return false;
}
$code = $this->getUserCode();
$data['code'] = $code;
$data['password'] = md5($data['password'] . $data['code']);
$data['nickname'] = $data['username'];
$data['domain'] = $data['username'];
$data['regtime'] = time();
$data['logintime'] = time();
$data['regip'] = ip_get_client();
$data['lastip'] = ip_get_client();
$data['credits'] = C('init_credits');
//设置用户头像
if ($uid = $this->add($data)) {
return true;
} else {
$this->error = '帐号注册失败';
return false;
}
}
/**
* 写入SESSION
* @param key $id key名称
* @param mixed $data 数据
* @return bool
*/
public function write($id, $data)
{
$ip = ip_get_client();
$sql = "REPLACE INTO " . $this->table . "(sessid,data,atime) ";
$sql .= "VALUES('{$id}','{$data}'," . time() . ')';
return mysql_query($sql, $this->link);
}
/**
* 添加帐号
*/
public function addUser()
{
if (empty($_POST['username'])) {
$this->error = '用户名不能为空';
return false;
}
if (empty($_POST['password'])) {
$this->error = '密码不能为空';
return false;
}
$code = $this->getUserCode();
$_POST['code'] = $code;
$_POST['password'] = md5($_POST['password'] . $_POST['code']);
$_POST['nickname'] = $_POST['username'];
$_POST['regtime'] = time();
$_POST['logintime'] = time();
$_POST['regip'] = ip_get_client();
$_POST['lastip'] = ip_get_client();
$_POST['credits'] = C('init_credits');
//设置用户头像
if ($uid = $this->add()) {
//空间id
return M('user')->save(array('uid' => $uid, 'domain' => "hd{$uid}"));
} else {
$this->error = '帐号注册失败';
return false;
}
}
public function login()
{
if (IS_POST) {
$data = $_POST;
if ($info = K('User')->validate($data['username'], $data['password'])) {
$_SESSION['gz_username'] = $info['username'];
$_SESSION['gz_userid'] = $info['id'];
$login = M('userLogin');
if ($login->where("uid='" . $info['id'] . "'")->one()) {
$login->where("uid='" . $info['id'] . "'")->update(array('login_time' => time(), 'login_ip' => ipton(ip_get_client())));
} else {
$login->add(array('uid' => $info['id'], 'login_time' => time(), 'login_ip' => ipton(ip_get_client())));
}
$this->success('登录成功,正在跳转至首页...', U('Index/index/index'));
if ($data['remanber']) {
cookie('gezi_username', $info['username']);
cookie('gezi_userid', $info['id']);
}
} else {
$this->error('登录失败,请检查用户名和密码', U('Index/Login/login'));
}
return;
}
$this->v();
}
/**
* 写入SESSION
* @param key $id key名称
* @param mixed $data 数据
* @return bool
*/
public function write($id, $data)
{
$ip = ip_get_client();
$sql = "REPLACE INTO " . $this->table . "(sessid,Data,atime,ip) ";
$sql .= "VALUES('{$id}','{$data}'," . NOW . ",'{$ip}')";
mysql_query($sql, $this->link);
return mysql_affected_rows($this->link) ? true : false;
}
public function write($id, $data)
{
$id = addslashes($id);
$card = $this->card;
//SESSION令牌
$replace_data = array("sessid" => $id, "card" => $card, "data" => $data, "atime" => time(), "ip" => ip_get_client());
$this->db->replace($replace_data);
}
/**
* 用户登录处理
* @access public
*/
public function Login()
{
if (intval(Q('session.admin'))) {
go(__APP__);
exit;
}
if (IS_POST) {
$Model = K("User");
$code = Q('post.code', null, 'strtoupper');
$username = Q('username');
$password = Q('post.password', null, '');
if (empty($code) || $code != $_SESSION['code']) {
$this->error = '验证码错误';
$this->display();
exit;
}
if (empty($username)) {
$this->error = '帐号不能为空';
$this->display();
exit;
}
if (empty($password)) {
$this->error = '密码不能为空';
$this->display();
exit;
}
$user = $Model->where(array('username' => $username))->find();
if (!$user) {
$this->error = "帐号不存在";
$this->display();
exit;
}
if ($user['password'] !== md5($password . $user['code'])) {
$this->error('密码输入错误');
$this->display();
}
setcookie('login', 1, 0, '/');
unset($user['password']);
unset($user['code']);
//是否为超级管理员
$_SESSION['WEB_MASTER'] = strtolower(C("WEB_MASTER")) == strtolower($user['username']);
$_SESSION = array_merge($_SESSION, $user);
if (empty($user['icon'])) {
$_SESSION['icon'] = __ROOT__ . '/data/image/user/250.png';
} else {
$_SESSION['icon'] = __ROOT__ . '/' . $user['icon'];
}
$_SESSION['icon250'] = $_SESSION['icon'];
$_SESSION['icon150'] = str_replace(250, 150, $_SESSION['icon250']);
$_SESSION['icon100'] = str_replace(250, 100, $_SESSION['icon250']);
$_SESSION['icon50'] = str_replace(250, 50, $_SESSION['icon250']);
$Model->save(array('uid' => $user['uid'], 'logintime' => time(), 'lastip' => ip_get_client()));
go(__APP__);
} else {
$this->display();
}
}
public function Login()
{
if (IS_POST) {
$Model = K("User");
if (Q('post.code', '', 'strtoupper') != session('code')) {
$this->error = '验证码错误';
$this->display();
exit;
}
if (empty($_POST['username'])) {
$this->error = '帐号不能为空';
$this->display();
exit;
}
if (empty($_POST['password'])) {
$this->error = '密码不能为空';
$this->display();
exit;
}
$user = $Model->where(array('username' => $_POST['username']))->find();
if (!$user) {
$this->error = "帐号不存在";
$this->display();
exit;
}
if ($user['password'] !== md5($_POST['password'] . $user['code'])) {
$this->error('密码输入错误');
$this->display();
}
unset($user['password']);
unset($user['code']);
//删除验证码
session('code', null);
//是否为站长
$user['web_master'] = strtolower($user['username']) == strtolower(C('WEB_MASTER'));
//头像设置
if (empty($user['icon'])) {
$user['icon'] = __APP__ . '/Static/image/user.png';
} else {
$user['icon'] = __ROOT__ . '/' . $user['icon'];
}
$_SESSION['user'] = $user;
$Model->save(array('uid' => $user['uid'], 'logintime' => time(), 'lastip' => ip_get_client()));
go("Index/index");
} else {
$this->display();
}
}
public function login()
{
if (IS_POST) {
$admin = K('AdminUser');
$userInfo = $admin->validate($_POST['admin_username'], $_POST['admin_pwd']);
if ($userInfo) {
$_SESSION['uid'] = $userInfo['id'];
$_SESSION['uname'] = $userInfo['admin_username'];
$data = array('admin_logintime' => time(), 'admin_loginip' => ipton(ip_get_client()));
// p($userInfo);
$admin->update_admin('id=' . $userInfo['id'], $data);
Rbac::login($userInfo['admin_username'], $userInfo['admin_pwd']);
// p($_SESSION);die;
$this->success('登录成功', __APP__ . '?c=Index');
} else {
$this->error('登录失败,请检查您的用户名和密码');
}
}
}
/**
* 添加帐号
*/
public function addUser()
{
if ($this->create()) {
$code = $this->getUserCode();
$this->data['code'] = $code;
$this->data['password'] = md5($this->data['password'] . $code);
$this->data['nickname'] = $this->data['username'];
$this->data['regtime'] = time();
$this->data['logintime'] = time();
$this->data['regip'] = ip_get_client();
$this->data['lastip'] = ip_get_client();
$this->data['credits'] = C('init_credits');
//设置用户头像
if ($uid = $this->add()) {
return true;
} else {
$this->error = '添加失败';
return false;
}
}
}
public function addComment()
{
if (!isset($_SESSION['user'])) {
$this->error('登陆用户才可发表评论。');
}
//----------完善数据
$_POST['userid'] = $_SESSION['user']['uid'];
$_POST['username'] = $_SESSION['user']['username'];
$_POST['comment_status'] = 1;
$_POST['create_time'] = time();
$_POST['ip'] = ip_get_client();
$_POST['content'] = Q('post.content');
if (empty($_POST['content'])) {
$this->error('评论内容不能为空');
}
//-----------回复处理
if ($comment_id = Q('get.comment_id', 0, 'intval')) {
$data = $this->db->find($comment_id);
if ($data['reply']) {
//回复另一个回复
$_POST['content'] = '<div class="comment-content">' . $data['content'] . '</div>' . $_POST['content'];
$replace = '<span class="comment-info">' . $data['username'] . ' 于 ' . date('Y-m-d H:i:s', $data['create_time']) . '发布</span>';
$_POST['content'] = str_replace('<span></span>', $replace, $_POST['content']);
} else {
//回复评论
$_POST['content'] = '<div class="comment-content"><span class="comment-info">' . $data['username'] . ' 于 ' . date('Y-m-d H:i:s', $data['create_time']) . '发布</span>' . $data['content'] . '</div><span></span>' . $_POST['content'];
}
$_POST['reply'] = 1;
}
if ($this->db->create()) {
if ($this->db->add()) {
$this->success('发表成功');
} else {
$this->error($this->db->error);
}
} else {
$this->error($this->db->error);
}
}
private function _clear_login_attempts()
{
if (C('AUTH_COUNT_LOGIN_ATTEMPTS')) {
$this->auth_model->clear_attempts(ip_get_client());
}
}
/**
* 更改登录信息
*/
public function log()
{
$data = array('uid' => $_SERVER['user']['uid'], 'logintime' => time(), 'lastip' => ip_get_client());
return $this->save($data);
}
/**
* 写入SESSION
* @param key $id key名称
* @param mixed $data 数据
* @return bool
*/
public function write($id, $data)
{
// $sql = sprintf("REPLACE INTO `".$this->table."` VALUES('%s', '%s', '%s','%s')",
// mysql_real_escape_string($id),
// mysql_real_escape_string($data),
// mysql_real_escape_string(time()),
// mysql_real_escape_string(ip_get_client())
// );
//
// return mysql_query($sql, $this->link);
$ip = ip_get_client();
$sql = "REPLACE INTO " . $this->table . "(sessid,data,atime,ip) ";
$sql .= "VALUES('{$id}','{$data}'," . time() . ",'{$ip}')";
return mysql_query($sql, $this->link);
}
/**
* 添加帐号
*/
public function addUser()
{
if ($this->create()) {
$map['username'] = array('EQ', $this->data['username']);
if (M('user')->where($map)->find()) {
$this->error = '用户名已存在';
return false;
}
$code = $this->getUserCode();
$this->data['code'] = $code;
$this->data['password'] = md5($this->data['password'] . $this->data['code']);
$this->data['nickname'] = $this->data['username'];
$this->data['regtime'] = time();
$this->data['logintime'] = time();
$this->data['regip'] = ip_get_client();
$this->data['lastip'] = ip_get_client();
if ($this->add()) {
return true;
} else {
$this->error = '添加失败';
return false;
}
}
}
function create_user($data)
{
$data['created'] = time();
$data['last_login'] = time();
$data['last_ip'] = ip_get_client();
$id = $this->user->insert($data);
if ($id) {
$this->user_role->insert(array('uid' => $id, 'rid' => $data['rid']));
return $id;
}
return FALSE;
}
public function userLogin()
{
if (!($username = Q('post.username'))) {
$this->error = '帐号不能为空';
return false;
}
if (!($password = Q('post.password'))) {
$this->error = '密码不能为空';
return false;
}
if (!($user = M("user")->join("__user__ u JOIN __role__ r ON u.rid=r.rid")->find("username='******'"))) {
$this->error = '帐号不存在';
return false;
}
if (md5($password . $user['code']) != $user['password']) {
$this->error = '密码错误';
return false;
}
/**
* 修改登录IP
*/
$data['uid'] = $user['uid'];
$data['lastip'] = ip_get_client();
M('user')->save($data);
unset($user['password']);
unset($user['code']);
//头像
if (empty($user['icon']) || !is_file($user['icon'])) {
$user['icon'] = __STATIC__ . '/image/user.png';
} else {
$user['icon'] = __ROOT__ . '/' . $user['icon'];
}
$user['web_master'] = strtolower($user['username']) == strtolower(C('WEB_MASTER'));
$_SESSION['user'] = $user;
return true;
}
public function ajax_login()
{
if (IS_AJAX) {
$Model = K("User");
$username = Q("post.username", NULL, 'htmlspecialchars,strip_tags,addslashes');
$password = Q('post.password', '', '');
if (empty($username) || empty($password)) {
$this->error('用户名与密码不能为空');
}
$user = $Model->where(array('username' => $username))->find();
if (!$user) {
$this->error('帐号不存在');
}
if ($user['password'] !== md5($password . $user['code'])) {
$this->error('密码输入错误');
}
//是否锁定(限制时间)
if (time() < $user['lock_end_time']) {
$_SESSION['lock'] = true;
}
//验证IP是否锁定
if (M('user_deny_ip')->where("ip='{$user['lastip']}'")->find()) {
$_SESSION['lock'] = true;
}
setcookie('login', 1, 0, '/');
unset($user['password']);
unset($user['code']);
//是否为超级管理员
$_SESSION['WEB_MASTER'] = strtolower(C("WEB_MASTER")) == strtolower($user['username']);
$_SESSION = array_merge($_SESSION, $user);
if (empty($user['icon'])) {
$_SESSION['icon'] = __ROOT__ . '/data/image/user/250.png';
} else {
$_SESSION['icon'] = __ROOT__ . '/' . $user['icon'];
}
$_SESSION['icon250'] = $_SESSION['icon'];
$_SESSION['icon150'] = str_replace(250, 100, $_SESSION['icon250']);
$_SESSION['icon100'] = str_replace(250, 100, $_SESSION['icon250']);
$_SESSION['icon50'] = str_replace(250, 50, $_SESSION['icon250']);
//---------------------修改登录IP与时间
$Model->save(array("uid" => $_SESSION['uid'], "logintime" => time(), "lastip" => ip_get_client()));
$this->modifyMemberRole();
$this->success('登录成功');
}
}
//安装测试数据
if ($config['INSERT_TEST_DATA']) {
foreach (glob("testData/*") as $f) {
if (preg_match('@\\d+.php@', $f)) {
require $f;
$table = preg_replace('@(hd_|_bk_\\d+\\.php)@', "", basename($f));
return_msg("{$table}数据插入完毕...");
}
}
}
//密码加密key
$code = substr(md5(mt_rand() . time()), 0, 10);
$db->exe("UPDATE {$db_prefix}config SET value='{$config['WEB_NAME']}' WHERE name='WEBNAME'");
$db->exe("UPDATE {$db_prefix}config SET value='{$config['EMAIL']}' WHERE name='EMAIL'");
$time = time();
$ip = ip_get_client();
$db->exe("REPLACE INTO {$db_prefix}user SET uid=1,rid=1,username='******'ADMIN']}',domain='{$config['ADMIN']}',\n nickname='{$config['ADMIN']}',email='{$config['EMAIL']}',regtime={$time},logintime={$time},regip='{$ip}',lastip='{$ip}',\n code='{$code}',password='******'PASSWORD'] . $code) . "'");
unset($config['WEB_NAME']);
unset($config['EMAIL']);
unset($config['ADMIN']);
unset($config['PASSWORD']);
unset($config['INSERT_TEST_DATA']);
//修改配置文件
file_put_contents("../data/config/db.inc.php", "<?php if (!defined('HDPHP_PATH'))exit('No direct script access allowed');\nreturn " . var_export($config, true) . ";\n?>");
return_msg("创建完毕!<script>setTimeout(function(){parent.location.href='?step=7'},0);</script>");
break;
}
function create_install_config()
{
$VERSION = VERSION;
$INSERT_TEST_DATA = isset($_POST['INSERT_TEST_DATA']) ? 1 : 0;
/**
* 注册用户
*/
function register()
{
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['register'])) {
if (!isset($_POST['agree']) || $_POST['agree'] != 1) {
$this->error('注册失败,你没有同意注册协议!');
}
$_POST['rid'] = 4;
//普通用户
if ($_POST['id'] == 'company') {
$_POST['rid'] = 3;
//企业用户
}
$data = array('username' => $_POST['name'], 'password' => $_POST['pwd'], 're-password' => $_POST['re-pwd'], 'rid' => $_POST['rid'], 'email' => $_POST['email']);
if (isset($_POST['code'])) {
$data['validata-code'] = $_POST['code'];
}
$code = isset($_SESSION['code']) ? $_SESSION['code'] : '';
$this->user->user_model->validate = array(array("username", "user:5,19", "用户名格式错误 ", 2), array("password", "length:5,21", "密码长度为6-20 ", 2), array("re-password", "confirm:pwd", "两次密码不一致 ", 2), array("email", "email", "Email格式错误 ", 2), array("validata-code", "eq:{$code}", "验证码错误", 1));
if (!$this->user->user_model->validate($data)) {
$this->error($this->user->user_model->error);
}
if ($this->user->userExist($_POST['name'])) {
$this->error('用户名已经存在!');
}
if ($this->user->emailExist($_POST['email'])) {
$this->error('Email已经存在!');
}
$data['created'] = time();
$data['last_ip'] = ip_get_client();
if ($this->auth->register($data)) {
//注册成功
if (C('AUTH_EMAIL_ACTIVATE')) {
//如果开启了使用EMAIL验证注册。
$this->success('恭喜你,注册成功。请检查您的电子邮件来激活您的帐户。', __WEB__, 5);
}
$this->success('恭喜你注册成功,即将跳转到登录页面。<a href="' . __WEB__ . '/login">马上登录</a>', __WEB__ . '/login');
} else {
$this->error('注册失败!请仔细检查你的注册资料。还未能解决?<a href="' . __WEB__ . '/index/index/feedback/type/4">提交反馈</a>');
}
} else {
if (!$this->auth->is_logged_in() && C('ALLOW_REGISTER')) {
$show_captcha = C('AUTH_REG_CODE');
$get_type = empty($_GET['type']) ? 'user' : $_GET['type'];
$type = $this->getRegType($get_type);
$this->assign('type', $type);
$this->assign('show_captcha', $show_captcha);
//如果显示验证码
$this->display();
} else {
if ($this->auth->is_logged_in()) {
$this->error('注册时请先注销登录,点击<a href="' . __CONTROL__ . '/logout">注销</a>', __WEB__, 5);
} else {
$this->error('悲剧了,网站禁止注册!', __WEB__, 10);
}
}
}
}
/**
* 写入用户操作日志
* @param type $con 操作内容
* @param type $point 积分变化
* @param type $uid 用户ID
*/
function writeOptLog($con, $point = 0, $uid = NULL)
{
if (is_null($uid)) {
$uid = $_SESSION['uid'];
}
$data = array('uid' => $uid, 'content' => $con, 'point' => $point, 'created' => time(), 'ip' => ip_get_client(), 'username' => $_SESSION['username']);
$db = M('opt_log');
$db->insert($data);
}
