-
Notifications
You must be signed in to change notification settings - Fork 0
/
sendpwd.php
169 lines (156 loc) · 5.78 KB
/
sendpwd.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
<?php
define('SCR','sendpwd');
require_once('global.php');
require (L::style('', $skinco, true));
if ("wind" != $tplpath && file_exists(D_P.'data/style/'.$tplpath.'_css.htm')) {
$css_path = D_P.'data/style/'.$tplpath.'_css.htm';
} else{
$css_path = D_P.'data/style/wind_css.htm';
}
S::gp(array('action'));
!CkInArray($action ,array('getback','getverify','checkverify')) && $action = 'sendpwd';
//!CkInArray($action ,array('getverify','checkverify')) && require_once(R_P.'require/header.php');;
if ($action == 'sendpwd') {
if ($_POST['step'] != 2) {
if ($db_authstate && $db_authgetpwd) {
$authService = L::loadClass('Authentication', 'user');
list($authStep, $remainTime, $waitTime, $mobile) = $authService->getStatus('findpwd');
$authStep_1 = $authStep_2 = 'none';
${'authStep_' . $authStep} = '';
$verifyUsername = $authStep==1 ? '' : getCookie('findpwd_verifyUsername');
}
require_once(PrintEot('sendpwd'));footer();
} else {
PostCheck(0,$db_gdcheck & 16);
S::gp(array('type','pwuser', 'email','authmobile', 'question', 'customquest', 'answer'));
$userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */
$userarray = $userService->getByUserName($pwuser);
if ($db_ifsafecv) {
require_once(R_P.'require/checkpass.php');
$safecv = questcode($question,$customquest,$answer);
if ($userarray['safecv'] != $safecv) {
Showmsg('safecv_error',1);
}
}
if ($userarray) {
if ($type == 1) {
//手机取回
S::gp(array('authverify','new_pwd','pwdreapt'));
$authService = L::loadClass('Authentication', 'user');
if (!$authService->checkverify($authmobile, $userarray['uid'], $authverify)) {
Showmsg('手机验证码填写错误',1);
}
if (!$new_pwd || $new_pwd != $pwdreapt) {
Showmsg('password_confirm',1);
} else {
$new_pwd = str_replace(array("\t","\r","\n"), '', stripslashes($new_pwd));
$new_pwd = md5($new_pwd);
$userService->update($userarray['uid'], array('password' => $new_pwd));
$authService->setCurrentInfo('findpwd');
Cookie('findpwd_verifyUsername', '', 0);
refreshto('login.php','password_change_success');
}
} else {
//email取回
if (strtolower($userarray['email']) != strtolower($email)) {
Showmsg('email_error',1);
}
if ($timestamp - GetCookie('lastwrite') <= 60) {
$_G['postpertime'] = 60;
Showmsg('sendpwd_limit',1);
}
Cookie('lastwrite',$timestamp);
$send_email = $userarray['email'];
$submit = md5($userarray['regdate'].substr($userarray['password'],10).$timestamp);
$sendtoname = $pwuser;
$pwuser = rawurlencode($pwuser);
require_once(R_P.'require/sendemail.php');
$sendinfo = sendemail($send_email,'email_sendpwd_subject','email_sendpwd_content','email_additional');
if ($sendinfo===true) {
Showmsg('mail_success',1);
} elseif (is_string($sendinfo)) {
Showmsg($sendinfo,1);
} else {
Showmsg('mail_failed',1);
}
}
} else {
$errorname = $pwuser;
Showmsg('user_not_exists',1);
}
}
} elseif ($action == 'getverify' || $action == 'checkverify') {
/*获取验证码|检验验证码*/
//PostCheck();
S::gp(array('authmobile','pwuser','authverify'));
$userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */
$userarray = $userService->getByUserName($pwuser);
if (!getstatus($userarray['userstatus'], PW_USERSTATUS_AUTHMOBILE) || !$userarray['authmobile']) {
echo 3;
} elseif ($userarray['authmobile'] != $authmobile) {
echo 7;
} else {
$authService = L::loadClass('Authentication', 'user');
if ($action == 'getverify') {
$status = $authService->getverify('findpwd', $authmobile, $userarray['uid'], true, 'findpwd');
Cookie('findpwd_verifyUsername', $userarray['username']);
echo $status;
} else {
$status = $authService->checkverify($authmobile, $userarray['uid'], $authverify);
echo $status ? 0 : 5;
}
}
ajax_footer();
}
if ($action == 'getback') {
S::gp(array('pwuser', 'submit', 'st'));
if (S::inArray($pwuser,$manager) || !$submit || !$st) {
Showmsg('undefined_action',1);
}
$userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */
$detail = $userService->getByUserName($pwuser, true, true);
if (!empty($detail)) {
$e_login = explode('|',$detail['onlineip']);
if ($e_login[0]!=$onlineip.' *' || ($timestamp-$e_login[1])>600 || $e_login[2]>1) {
if (($timestamp-$st)>3600) {
Showmsg('链接已过期,提交后请在1小时内修改,请重新找回密码!',1);
}
if ($submit==md5($detail['regdate'].substr($detail['password'],10).$st)) {
if (empty($_POST['jop'])) {
$rg_config = L::reg();
list($rg_regminpwd,$rg_regmaxpwd) = explode("\t", $rg_config['rg_pwdlen']);
require_once(R_P.'require/header.php');
require_once PrintEot('getpwd');footer();
} else {
S::gp(array('new_pwd','pwdreapt'));
if (!$new_pwd || $new_pwd!=$pwdreapt) {
Showmsg('password_confirm',1);
} else {
$GLOBALS['showPwdLogin'] = 1;
$register = L::loadClass('Register', 'user');
$register->checkPwd($new_pwd, $pwdreapt);
$new_pwd = str_replace(array("\t","\r","\n"), '', stripslashes($new_pwd));
$new_pwd = md5($new_pwd);
$userService->update($detail['uid'], array('password' => $new_pwd));
refreshto('login.php','password_change_success');
}
}
} else {
global $L_T;
$L_T = ($timestamp-$e_login[1])>600 ? 5 : $e_login[2];
$L_T ? $L_T-- : $L_T=5;
$F_login = "$onlineip *|$timestamp|$L_T";
$userService->update($detail['uid'], array(), array('onlineip' => $F_login));
Showmsg('password_confirm_fail',1);
}
} else {
global $L_T;
$L_T = 600-($timestamp-$e_login[1]);
Showmsg('login_forbid');
}
} else {
$errorname = $pwuser;
Showmsg('user_not_exists',1);
}
}
?>