public function dologin()
 {
     $login_page_showed_success = session("__SP_ADMIN_LOGIN_PAGE_SHOWED_SUCCESS__");
     if (!$login_page_showed_success) {
         $this->error('login error!');
     }
     $name = I("post.username");
     if (empty($name)) {
         $this->error(L('USERNAME_OR_EMAIL_EMPTY'));
     }
     $pass = I("post.password");
     if (empty($pass)) {
         $this->error(L('PASSWORD_REQUIRED'));
     }
     $verrify = I("post.verify");
     if (empty($verrify)) {
         $this->error(L('CAPTCHA_REQUIRED'));
     }
     //验证码
     if (!sp_check_verify_code()) {
         $this->error(L('CAPTCHA_NOT_RIGHT'));
     } else {
         $user = D("Common/Users");
         if (strpos($name, "@") > 0) {
             //邮箱登陆
             $where['user_email'] = $name;
         } else {
             $where['user_login'] = $name;
         }
         $result = $user->where($where)->find();
         if (!empty($result) && $result['user_type'] == 1) {
             if (sp_compare_password($pass, $result['user_pass'])) {
                 $role_user_model = M("RoleUser");
                 $role_user_join = C('DB_PREFIX') . 'role as b on a.role_id =b.id';
                 $groups = $role_user_model->alias("a")->join($role_user_join)->where(array("user_id" => $result["id"], "status" => 1))->getField("role_id", true);
                 if ($result["id"] != 1 && (empty($groups) || empty($result['user_status']))) {
                     $this->error(L('USE_DISABLED'));
                 }
                 //登入成功页面跳转
                 $_SESSION["ADMIN_ID"] = $result["id"];
                 $_SESSION['name'] = $result["user_login"];
                 $result['last_login_ip'] = get_client_ip(0, true);
                 $result['last_login_time'] = date("Y-m-d H:i:s");
                 $user->save($result);
                 setcookie("admin_username", $name, time() + 30 * 24 * 3600, "/");
                 $this->success(L('LOGIN_SUCCESS'), U("Index/index"));
             } else {
                 $this->error(L('PASSWORD_NOT_RIGHT'));
             }
         } else {
             $this->error(L('USERNAME_NOT_EXIST'));
         }
     }
 }
 function addmsg()
 {
     if (!sp_check_verify_code()) {
         $this->error("验证码错误!");
     }
     if (IS_POST) {
         if ($this->guestbook_model->create()) {
             $result = $this->guestbook_model->add();
             if ($result !== false) {
                 $this->success("留言成功!");
             } else {
                 $this->error("留言失败!");
             }
         } else {
             $this->error($this->guestbook_model->getError());
         }
     }
 }
Exemplo n.º 3
0
 private function _do_email_register()
 {
     if (!sp_check_verify_code()) {
         $this->error("验证码错误!");
     }
     $rules = array(array('user_type', 'require', '请选择用户类型!', 1), array('email', 'require', '邮箱不能为空!', 1), array('password', 'require', '密码不能为空!', 1), array('repassword', 'require', '重复密码不能为空!', 1), array('repassword', 'password', '确认密码不正确', 0, 'confirm'), array('email', 'email', '邮箱格式不正确!', 1));
     $users_model = M("Users");
     if ($users_model->validate($rules)->create() === false) {
         $this->error($users_model->getError());
     }
     $password = $_POST['password'];
     $email = $_POST['email'];
     $user_type = $_POST['user_type'];
     $username = str_replace(array(".", "@"), "_", $email);
     //用户名需过滤的字符的正则
     $stripChar = '?<*.>\'"';
     if (preg_match('/[' . $stripChar . ']/is', $username) == 1) {
         $this->error('用户名中包含' . $stripChar . '等非法字符!');
     }
     // 	    $banned_usernames=explode(",", sp_get_cmf_settings("banned_usernames"));
     // 	    if(in_array($username, $banned_usernames)){
     // 	        $this->error("此用户名禁止使用!");
     // 	    }
     if (strlen($password) < 5 || strlen($password) > 20) {
         $this->error("密码长度至少5位,最多20位!");
     }
     if ($user_type > 3 || $user_type < 1) {
         $this->error("非法操作!");
     }
     $where['user_login'] = $username;
     $where['user_email'] = $email;
     $where['_logic'] = 'OR';
     $ucenter_syn = C("UCENTER_ENABLED");
     $uc_checkemail = 1;
     $uc_checkusername = 1;
     if ($ucenter_syn) {
         include UC_CLIENT_ROOT . "client.php";
         $uc_checkemail = uc_user_checkemail($email);
         $uc_checkusername = uc_user_checkname($username);
     }
     $users_model = M("Users");
     $result = $users_model->where($where)->count();
     if ($result || $uc_checkemail < 0 || $uc_checkusername < 0) {
         $this->error("用户名或者该邮箱已经存在!");
     } else {
         $uc_register = true;
         if ($ucenter_syn) {
             $uc_uid = uc_user_register($username, $password, $email);
             //exit($uc_uid);
             if ($uc_uid < 0) {
                 $uc_register = false;
             }
         }
         if ($uc_register) {
             $need_email_active = C("SP_MEMBER_EMAIL_ACTIVE");
             $data = array('user_login' => $username, 'user_email' => $email, 'user_nicename' => $username, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(0, true), 'create_time' => date("Y-m-d H:i:s"), 'last_login_time' => date("Y-m-d H:i:s"), 'user_status' => $need_email_active ? 2 : 1, "user_type" => $user_type);
             $rst = $users_model->add($data);
             if ($rst) {
                 //登入成功页面跳转
                 $data['id'] = $rst;
                 $_SESSION['user'] = $data;
                 //发送激活邮件
                 if ($need_email_active) {
                     $this->_send_to_active();
                     unset($_SESSION['user']);
                     $this->success("注册成功,激活后才能使用!", U("user/login/index"));
                 } else {
                     $this->success("注册成功!", __ROOT__ . "/");
                 }
             } else {
                 $this->error("注册失败!", U("user/register/index"));
             }
         } else {
             $this->error("注册失败!", U("user/register/index"));
         }
     }
 }
Exemplo n.º 4
0
 function dologin()
 {
     if (!sp_check_verify_code()) {
         $this->error("验证码错误!");
     }
     $users_model = M("Users");
     $rules = array(array('username', 'require', '手机号/邮箱/用户名不能为空!', 1), array('password', 'require', '密码不能为空!', 1));
     if ($users_model->validate($rules)->create() === false) {
         $this->error($users_model->getError());
     }
     $username = $_POST['username'];
     if (preg_match('/^\\d+$/', $username)) {
         //手机号登录
         $this->_do_mobile_login();
     } else {
         $this->_do_email_login();
         // 用户名或者邮箱登录
     }
 }
 function dologin()
 {
     if (!sp_check_verify_code()) {
         $this->error("验证码错误!");
     }
     $users_model = M("Users");
     $rules = array(array('terms', 'require', '您未同意服务条款!', 1), array('username', 'require', '用户名或者邮箱不能为空!', 1), array('password', 'require', '密码不能为空!', 1));
     if ($users_model->validate($rules)->create() === false) {
         $this->error($users_model->getError());
     }
     extract($_POST);
     if (strpos($username, "@") > 0) {
         //邮箱登陆
         $where['user_email'] = $username;
     } else {
         $where['user_login'] = $username;
     }
     $users_model = M('Users');
     $result = $users_model->where($where)->find();
     $ucenter_syn = C("UCENTER_ENABLED");
     $ucenter_old_user_login = false;
     $ucenter_login_ok = false;
     if ($ucenter_syn) {
         setcookie("thinkcmf_auth", "");
         include UC_CLIENT_ROOT . "client.php";
         list($uc_uid, $username, $password, $email) = uc_user_login($username, $password);
         if ($uc_uid > 0) {
             if (!$result) {
                 $data = array('user_login' => $username, 'user_email' => $email, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(), 'create_time' => time(), 'last_login_time' => time(), 'user_status' => '1');
                 $id = $users_model->add($data);
                 $data['id'] = $id;
                 $result = $data;
             }
         } else {
             switch ($uc_uid) {
                 case "-1":
                     //用户不存在,或者被删除
                     if ($result) {
                         //本应用已经有这个用户
                         if ($result['user_pass'] == sp_password($password)) {
                             //本应用已经有这个用户,且密码正确,同步用户
                             $uc_uid2 = uc_user_register($username, $password, $result['user_email']);
                             if ($uc_uid2 < 0) {
                                 $uc_register_errors = array("-1" => "用户名不合法", "-2" => "包含不允许注册的词语", "-3" => "用户名已经存在", "-4" => "Email格式有误", "-5" => "Email不允许注册", "-6" => "该Email已经被注册");
                                 $this->error("同步用户失败--" . $uc_register_errors[$uc_uid2]);
                             }
                             $uc_uid = $uc_uid2;
                         } else {
                             $this->error("密码错误!");
                         }
                     }
                     break;
                 case -2:
                     //密码错
                     if ($result) {
                         //本应用已经有这个用户
                         if ($result['user_pass'] == sp_password($password)) {
                             //本应用已经有这个用户,且密码正确,同步用户
                             $uc_user_edit_status = uc_user_edit($username, "", $password, "", 1);
                             if ($uc_user_edit_status <= 0) {
                                 $this->error("登陆错误!");
                             }
                             list($uc_uid2) = uc_get_user($username);
                             $uc_uid = $uc_uid2;
                             $ucenter_old_user_login = true;
                         } else {
                             $this->error("密码错误!");
                         }
                     } else {
                         $this->error("密码错误!");
                     }
                     break;
             }
         }
         $ucenter_login_ok = true;
         echo uc_user_synlogin($uc_uid);
     }
     //exit();
     if ($result != null) {
         if ($result['user_pass'] == sp_password($password) || $ucenter_login_ok) {
             $_SESSION["user"] = $result;
             //写入此次登录信息
             $data = array('last_login_time' => date("Y-m-d H:i:s"), 'last_login_ip' => get_client_ip());
             $users_model->where("id=" . $result["id"])->save($data);
             $redirect = empty($_SESSION['login_http_referer']) ? __ROOT__ . "/" : $_SESSION['login_http_referer'];
             $_SESSION['login_http_referer'] = "";
             $ucenter_old_user_login_msg = "";
             if ($ucenter_old_user_login) {
                 //$ucenter_old_user_login_msg="老用户请在跳转后,再次登陆";
             }
             $this->success("登录验证成功!", $redirect);
         } else {
             $this->error("密码错误!");
         }
     } else {
         $this->error("用户名不存在!");
     }
 }
 function dologin()
 {
     if (!sp_check_verify_code()) {
         $this->error("验证码错误!");
     }
     $users_model = M("Users");
     $rules = array(array('username', 'require', '用户名不能为空!', 1), array('password', 'require', '密码不能为空!', 1));
     if ($users_model->validate($rules)->create() === false) {
         $this->error($users_model->getError());
     }
     $username = $_POST['username'];
     $password = $_POST['password'];
     $curl = curl_init();
     curl_setopt($curl, CURLOPT_URL, "http://nuptsast.com/CheckPassword");
     curl_setopt($curl, CURLOPT_PORT, 8080);
     curl_setopt($curl, CURLOPT_POST, true);
     curl_setopt($curl, CURLOPT_TIMEOUT, 5);
     curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
     curl_setopt($curl, CURLOPT_POSTFIELDS, "username={$username}&password={$password}");
     $result = json_decode(curl_exec($curl), true);
     curl_close($curl);
     if ($result['status'] === false) {
         switch ($result['message']) {
             case 'Server Error, Try Again':
                 $this->error('ERR00:服务器错误,请稍后重试!');
                 break;
             case 'Username and password does\'t match.':
                 $this->error('ERR01:用户名或密码错误,请检查后重试!');
                 break;
             default:
                 $this->error('ERR02:未知错误,请联系系统管理员!');
                 break;
         }
     } else {
         //status===true
         switch ($result['message']) {
             case 'Server Error, Try Again':
                 //student account
                 $this->error('ERR03:用户名不存在');
                 break;
             case "":
                 //successful login
                 $this->after_curl_login($result['information']);
                 break;
             default:
                 $this->error('ERR04:未知错误,请联系系统管理员!');
                 break;
         }
     }
 }
Exemplo n.º 7
0
 public function password_find_by_mobile()
 {
     $type = '';
     if (!sp_check_verify_code()) {
         $this->error("验证码错误!");
     }
     $result = M('Member')->where(array('user_login' => I('post.username')))->find();
     if (!is_array($result)) {
         $this->error("不存在的用户");
     }
     $_SESSION['find_password_user'] = $result;
     if (!$result['user_phone']) {
         $type = 1;
     } else {
         $type = 2;
     }
     $this->success($type);
 }
 function doregister()
 {
     $rules = array(array('password', 'require', '密码不能为空!', 1), array('user_realname', 'require', '用户名不能为空!', 1), array('repassword', 'require', '重复密码不能为空!', 1), array('repassword', 'password', '确认密码不正确', 0, 'confirm'));
     if (I('post.reg_type') == 1) {
         if (!sp_check_verify_code()) {
             $this->error("验证码错误!");
         }
         $_POST['email'] = I('post.username');
         array_unshift($rules, array('username', 'require', '邮箱不能为空!', 1), array('email', 'email', '邮箱格式不正确!', 1));
     } else {
         array_unshift($rules, array('username', 'require', '手机号码不能为空!', 1));
         $user_phone = I('post.username');
         if (!preg_match('/^[1][3458]{1}[0-9]{9}$/', $user_phone)) {
             $this->error('手机号码格式有误');
         }
         //手机号码格式检测
         $check = M('Sms')->field('code,add_time')->where(array('phone' => $user_phone))->order('id desc')->find();
         if (empty($_POST['code'])) {
             $this->error('验证码不能为空');
         }
         if (strtolower($check['code']) != strtolower(I('post.code'))) {
             $this->error("手机验证码错误");
         }
         if (time() > $check['add_time'] + 3600) {
             $this->error('验证码已过期,请重新获取');
         }
     }
     $users_model = M("Member");
     if ($users_model->validate($rules)->create() === false) {
         $this->error($users_model->getError());
     }
     extract($_POST);
     //用户名需过滤的字符的正则
     /**$stripChar = '?<*.>\'"';
       	if(preg_match('/['.$stripChar.']/is', $username)==1){
       		$this->error('用户名中包含'.$stripChar.'等非法字符!');
       	}
       	**/
     $banned_usernames = explode(",", sp_get_cmf_settings("banned_usernames"));
     if (in_array($username, $banned_usernames)) {
         $this->error("此用户名禁止使用!");
     }
     if (strlen($password) < 6 || strlen($password) > 20) {
         $this->error("密码长度至少6位,最多20位!");
     }
     $where['user_login'] = $username;
     $where['user_email'] = $email;
     //    	$where['user_realname']=$user_realname;
     $where['_logic'] = 'OR';
     $ucenter_syn = C("UCENTER_ENABLED");
     $uc_checkemail = 1;
     $uc_checkusername = 1;
     if ($ucenter_syn) {
         include UC_CLIENT_ROOT . "client.php";
         $uc_checkemail = uc_user_checkemail($email);
         $uc_checkusername = uc_user_checkname($username);
     }
     $users_model = M("Member");
     $result = $users_model->where($where)->count();
     if ($result || $uc_checkemail < 0 || $uc_checkusername < 0) {
         $this->error("用户名或者该邮箱已经存在!");
     } else {
         $uc_register = true;
         if ($ucenter_syn) {
             $uc_uid = uc_user_register($username, $password, $email);
             //exit($uc_uid);
             if ($uc_uid < 0) {
                 $uc_register = false;
             }
         }
         if ($uc_register) {
             $need_email_active = C("SP_MEMBER_EMAIL_ACTIVE");
             if ($need_email_active) {
                 //配置为需要邮件激活时
                 if (I('post.reg_type') == 1) {
                     //邮箱注册
                     $need_email_active = true;
                 } else {
                     if (I('post.reg_type') == 2) {
                         //手机号码注册
                         $need_email_active = false;
                     }
                 }
             }
             $data = array('user_login' => $username, 'user_email' => $email, 'user_nicename' => $username, 'user_realname' => $user_realname, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(), 'create_time' => date("Y-m-d H:i:s"), 'last_login_time' => date("Y-m-d H:i:s"), 'user_status' => $need_email_active ? 2 : 1, "utype" => 0, 'user_phone' => $user_phone);
             $rst = $users_model->add($data);
             if ($rst) {
                 //登入成功页面跳转
                 $data['id'] = $rst;
                 //插入我的账户
                 $account = M("Account");
                 $ac['uid'] = $rst;
                 $ac['money'] = get_point_rule('register');
                 $account->add($ac);
                 $_SESSION['user'] = $data;
                 //发送激活邮件
                 if ($need_email_active) {
                     $this->_send_to_active();
                     unset($_SESSION['user']);
                     $this->success("注册成功,激活后才能使用!", U("user/login/index"));
                 } else {
                     $this->success("注册成功!", __ROOT__ . "/");
                 }
             } else {
                 $this->error("注册失败!", U("user/register/index"));
             }
         } else {
             $this->error("注册失败!", U("user/register/index"));
         }
     }
 }