public function password_post()
 {
     if (IS_POST) {
         if (empty($_POST['old_password'])) {
             $this->error("原始密码不能为空!");
         }
         if (empty($_POST['password'])) {
             $this->error("新密码不能为空!");
         }
         $uid = sp_get_current_userid();
         $admin = $this->users_model->where("id={$uid}")->find();
         $old_password = $_POST['old_password'];
         $password = $_POST['password'];
         if (sp_compare_password($old_password, $admin['user_pass'])) {
             if ($_POST['password'] == $_POST['repassword']) {
                 if (sp_compare_password($password, $admin['user_pass'])) {
                     $this->error("新密码不能和原始密码相同!");
                 } else {
                     $data['user_pass'] = sp_password($password);
                     $data['id'] = $uid;
                     $r = $this->users_model->save($data);
                     if ($r !== false) {
                         $this->success("修改成功!");
                     } else {
                         $this->error("修改失败!");
                     }
                 }
             } else {
                 $this->error("密码输入不一致!");
             }
         } else {
             $this->error("原始密码不正确!");
         }
     }
 }
 public function dologin()
 {
     $login_page_showed_success = session("__SP_ADMIN_LOGIN_PAGE_SHOWED_SUCCESS__");
     if (!$login_page_showed_success) {
         $this->error('login error!');
     }
     $name = I("post.username");
     if (empty($name)) {
         $this->error(L('USERNAME_OR_EMAIL_EMPTY'));
     }
     $pass = I("post.password");
     if (empty($pass)) {
         $this->error(L('PASSWORD_REQUIRED'));
     }
     $verrify = I("post.verify");
     if (empty($verrify)) {
         $this->error(L('CAPTCHA_REQUIRED'));
     }
     //验证码
     if (!sp_check_verify_code()) {
         $this->error(L('CAPTCHA_NOT_RIGHT'));
     } else {
         $user = D("Common/Users");
         if (strpos($name, "@") > 0) {
             //邮箱登陆
             $where['user_email'] = $name;
         } else {
             $where['user_login'] = $name;
         }
         $result = $user->where($where)->find();
         if (!empty($result) && $result['user_type'] == 1) {
             if (sp_compare_password($pass, $result['user_pass'])) {
                 $role_user_model = M("RoleUser");
                 $role_user_join = C('DB_PREFIX') . 'role as b on a.role_id =b.id';
                 $groups = $role_user_model->alias("a")->join($role_user_join)->where(array("user_id" => $result["id"], "status" => 1))->getField("role_id", true);
                 if ($result["id"] != 1 && (empty($groups) || empty($result['user_status']))) {
                     $this->error(L('USE_DISABLED'));
                 }
                 //登入成功页面跳转
                 $_SESSION["ADMIN_ID"] = $result["id"];
                 $_SESSION['name'] = $result["user_login"];
                 $result['last_login_ip'] = get_client_ip(0, true);
                 $result['last_login_time'] = date("Y-m-d H:i:s");
                 $user->save($result);
                 setcookie("admin_username", $name, time() + 30 * 24 * 3600, "/");
                 $this->success(L('LOGIN_SUCCESS'), U("Index/index"));
             } else {
                 $this->error(L('PASSWORD_NOT_RIGHT'));
             }
         } else {
             $this->error(L('USERNAME_NOT_EXIST'));
         }
     }
 }
Exemplo n.º 3
0
 private function _do_email_login()
 {
     $username = $_POST['username'];
     $password = $_POST['password'];
     if (strpos($username, "@") > 0) {
         //邮箱登陆
         $where['user_email'] = $username;
     } else {
         $where['user_login'] = $username;
     }
     $users_model = M('Users');
     $result = $users_model->where($where)->find();
     $ucenter_syn = C("UCENTER_ENABLED");
     $ucenter_old_user_login = false;
     $ucenter_login_ok = false;
     if ($ucenter_syn) {
         setcookie("thinkcmf_auth", "");
         include UC_CLIENT_ROOT . "client.php";
         list($uc_uid, $username, $password, $email) = uc_user_login($username, $password);
         if ($uc_uid > 0) {
             if (!$result) {
                 $data = array('user_login' => $username, 'user_email' => $email, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(0, true), 'create_time' => time(), 'last_login_time' => time(), 'user_status' => '1', 'user_type' => 2);
                 $id = $users_model->add($data);
                 $data['id'] = $id;
                 $result = $data;
             }
         } else {
             switch ($uc_uid) {
                 case "-1":
                     //用户不存在,或者被删除
                     if ($result) {
                         //本应用已经有这个用户
                         if (sp_compare_password($password, $result['user_pass'])) {
                             //本应用已经有这个用户,且密码正确,同步用户
                             $uc_uid2 = uc_user_register($username, $password, $result['user_email']);
                             if ($uc_uid2 < 0) {
                                 $uc_register_errors = array("-1" => "用户名不合法", "-2" => "包含不允许注册的词语", "-3" => "用户名已经存在", "-4" => "Email格式有误", "-5" => "Email不允许注册", "-6" => "该Email已经被注册");
                                 $this->error("同步用户失败--" . $uc_register_errors[$uc_uid2]);
                             }
                             $uc_uid = $uc_uid2;
                         } else {
                             $this->error("密码错误1!");
                         }
                     }
                     break;
                 case -2:
                     //密码错
                     if ($result) {
                         //本应用已经有这个用户
                         if (sp_compare_password($password, $result['user_pass'])) {
                             //本应用已经有这个用户,且密码正确,同步用户
                             $uc_user_edit_status = uc_user_edit($username, "", $password, "", 1);
                             if ($uc_user_edit_status <= 0) {
                                 $this->error("登陆错误3!");
                             }
                             list($uc_uid2) = uc_get_user($username);
                             $uc_uid = $uc_uid2;
                             $ucenter_old_user_login = true;
                         } else {
                             $this->error("密码错误4!");
                         }
                     } else {
                         $this->error("密码错误1!");
                     }
                     break;
             }
         }
         $ucenter_login_ok = true;
         echo uc_user_synlogin($uc_uid);
     }
     //exit();
     if (!empty($result)) {
         if (sp_compare_password($password, $result['user_pass']) || $ucenter_login_ok) {
             $_SESSION["user"] = $result;
             //写入此次登录信息
             $data = array('last_login_time' => date("Y-m-d H:i:s"), 'last_login_ip' => get_client_ip(0, true));
             $users_model->where("id=" . $result["id"])->save($data);
             $redirect = empty($_SESSION['login_http_referer']) ? __ROOT__ . "/" : $_SESSION['login_http_referer'];
             $_SESSION['login_http_referer'] = "";
             $ucenter_old_user_login_msg = "";
             if ($ucenter_old_user_login) {
                 //$ucenter_old_user_login_msg="老用户请在跳转后,再次登陆";
             }
             $this->success("登录验证成功!", $redirect);
         } else {
             $this->error("密码错误7!");
         }
     } else {
         $this->error("用户名不存在!");
     }
 }
 function password_post()
 {
     if (IS_POST) {
         if (empty($_POST['old_password'])) {
             $this->error("原始密码不能为空!");
         }
         if (empty($_POST['password'])) {
             $this->error("新密码不能为空!");
         }
         $user_obj = D("Common/Users");
         $uid = get_current_admin_id();
         $admin = $user_obj->where(array("id" => $uid))->find();
         $old_password = $_POST['old_password'];
         $password = $_POST['password'];
         if (sp_compare_password($old_password, $admin['user_pass'])) {
             if ($_POST['password'] == $_POST['repassword']) {
                 if (sp_compare_password($password, $admin['user_pass'])) {
                     $this->error("新密码不能和原始密码相同!");
                 } else {
                     $data['user_pass'] = sp_password($password);
                     $data['id'] = $uid;
                     $r = $user_obj->save($data);
                     if ($r !== false) {
                         $this->success("修改成功!");
                     } else {
                         $this->error("修改失败!");
                     }
                 }
             } else {
                 $this->error("密码输入不一致!");
             }
         } else {
             $this->error("原始密码不正确!");
         }
     }
 }