public function checkLogin()
{
if ($_SESSION['verify'] != md5($_POST['verify'])) {
//$this->error('验证码错误!');
}
$model = M('Member');
$data['mobile'] = $_POST['mobile'];
$vo = $model->field('id,mobile,salt,password')->where($data)->find();
if (!$_POST['baiduUserId'] || $_POST['baiduUserId'] == '(null)') {
$msg['error_code'] = 1001;
$msg['notice'] = '百度ID不存在';
echo json_encode($msg);
exit;
}
if (!$vo) {
$msg['error_code'] = 1001;
$msg['notice'] = '用户不存在';
echo json_encode($msg);
exit;
}
if ($vo['password'] != md5($_POST['password'] . $vo['salt'] . $vo['salt'][1])) {
$msg['notice'] = '密码错误';
$msg['error_code'] = 8002;
echo json_encode($msg);
exit;
}
//清除其他百度id
if ($vo['baiduUserId'] != $_POST['baiduUserId'] && $vo['baiduUserId']) {
//file_put_contents('./1.txt',$vo['baiduUserId'].'/'.$_POST['baiduUserId']);
//踢出
$sent_array['module'] = 'Public';
$sent_array['action'] = 'logout';
$sent_array['id'] = 0;
$custom_content = json_encode($sent_array);
$MsgContent = '在其他地方登陆';
push_msg($vo['baiduUserId'], $vo['mb_system'], $MsgContent, $custom_content);
}
$_data['id'] = $vo['id'];
$_sdata['last_login_ip'] = _get_ip();
$_sdata['login_count'] = $vo['login_count'] + 1;
$_sdata['last_login_time'] = time();
$_sdata['baiduUserId'] = $_POST['baiduUserId'];
$_sdata['mb_system'] = $_POST['mb_system'] ? $_POST['mb_system'] : 2;
$model->where($_data)->save($_sdata);
//list($usec, $sec) = explode(' ', microtime());
//echo ceil($usec*1000000);exit;
//重新生成token
$token = create_token($vo['id'], $vo['salt']);
//存储token
set_token($vo, $token);
$vo['error_code'] = 0;
$vo['token'] = $token;
$vo['baiduUserId'] = $_POST['baiduUserId'];
unset($vo['password']);
echo json_encode($vo);
exit;
}
function valid_token()
{
$return = $_REQUEST['token'] === $_SESSION['token'] ? true : false;
set_token();
return $return;
}
$_SESSION['reset']['usertype'] = $_GET['usertype'];
$_SESSION['reset']['token'] = $_GET['token'];
$flag = check_user_token($_SESSION['reset']['user'], $_SESSION['reset']['usertype'], $_SESSION['reset']['token']);
$flag = sizeof($flag);
$_SESSION['reset']['reset_password'] = $flag;
//echo $flag;
}
if (isset($_POST['submit']) && $_SESSION['reset']['reset_password'] == 1) {
// print_r($_POST);
$password = $_POST['password'];
// $encrpt_password =password_hash($password, PASSWORD_BCRYPT);
$result = update_user_password($_SESSION['reset']['user'], $_SESSION['reset']['usertype'], $password);
if ($result == 1) {
$user[0]['user_type'] = $_SESSION['reset']['usertype'];
$user[0]['username'] = $_SESSION['reset']['user'];
set_token($user, NULL);
echo "<script>";
echo 'alert("Password Updated Successfully");';
echo "window.location.href ='index.php';";
echo '</script>';
} else {
$error = "Try again password update fail";
}
}
?>
<div id="page" class="container">
<div id="wrapper">
<div id="title">
<h1>Reset Password</h1>
</div>
<!-- End title div -->
function send_mail($user)
{
$token = set_token($user, reset_token());
$message = "Reset Your Password <br>";
$message .= "gu-blade-spare1.compsci.gannon.edu/";
$message .= "SRMS/reset_password.php?token=" . $token . "&user="******"&usertype=" . $user[0]['user_type'];
$to = $user[0]['username'] . "@knights.gannon.edu";
include 'gmail.php';
//echo $message;
// mail($to,$subject,$message,$headers);
}
function validateClientLogin($username, $password, $twofadone = false)
{
global $CONFIG;
global $whmcs;
if ($username && ($password || $_SESSION['adminid'] || $twofadone)) {
} else {
return false;
}
if (isset($_SESSION['uid'])) {
unset($_SESSION['uid']);
}
if (isset($_SESSION['cid'])) {
unset($_SESSION['cid']);
}
if (isset($_SESSION['upw'])) {
unset($_SESSION['upw']);
}
$login_uid = $login_cid = $login_pwd = $loginsharematch = "";
$where = array();
$where['email'] = $username;
if (!$_SESSION['adminid']) {
$where['status'] = array("sqltype" => "NEQ", "value" => "Closed");
}
$result = select_query("tblclients", "", $where);
$data = mysql_fetch_array($result);
$login_uid = $data['id'];
$login_pwd = $data['password'];
$language = $data['language'];
$authmodule = $data['authmodule'];
if (!$login_uid) {
$result = select_query("tblcontacts", "", array("email" => $username, "subaccount" => "1", "password" => array("sqltype" => "NEQ", "value" => "")));
$data = mysql_fetch_array($result);
$login_cid = $data['id'];
$login_uid = $data['userid'];
$login_pwd = $data['password'];
$result = select_query("tblclients", "id,language", array("id" => $login_uid, "status" => array("sqltype" => "NEQ", "value" => "Closed")));
$data = mysql_fetch_array($result);
$login_uid = $data['id'];
$language = $data['language'];
}
if (!$login_uid) {
$hookresults = run_hook("ClientLoginShare", array("username" => $username, "password" => $password));
foreach ($hookresults as $hookres) {
if ($hookres) {
$hookid = $hookres['id'];
$hookemail = $hookres['email'];
if ($hookid) {
$result = select_query("tblclients", "", array("id" => $hookid));
} else {
$result = select_query("tblclients", "", array("email" => $hookemail));
}
$data = mysql_fetch_array($result);
$login_uid = $data['id'];
if ($login_uid) {
$loginsharematch = true;
$login_pwd = $data['password'];
$language = $data['language'];
continue;
}
if ($hookres['create']) {
addClient($hookres['firstname'], $hookres['lastname'], $hookres['companyname'], $hookres['email'], $hookres['address1'], $hookres['address2'], $hookres['city'], $hookres['state'], $hookres['postcode'], $hookres['country'], $hookres['phonenumber'], $hookres['password'], "", "", false);
return true;
}
continue;
}
}
}
if ($login_uid) {
if ($CONFIG['NOMD5']) {
$check_pwd = decrypt($login_pwd);
} else {
$salt = explode(":", $login_pwd);
$salt = $salt[1];
$password = generateClientPW($password, $salt);
$check_pwd = $login_pwd;
}
$adminallowedclientlogin = false;
if (isset($_SESSION['adminid'])) {
$adminroleid = get_query_val("tbladmins", "roleid", array("id" => $_SESSION['adminid']));
$adminallowedclientlogin = get_query_val("tbladminperms", "permid", array("roleid" => $adminroleid, "permid" => "120"));
}
if ($password === $check_pwd || isset($_SESSION['adminid']) && $adminallowedclientlogin || $loginsharematch || $twofadone) {
$twofa = new WHMCS_2FA();
if ($twofa->isActiveClients() && $authmodule && !$twofadone && !isset($_SESSION['adminid'])) {
$_SESSION['2faverifyc'] = true;
$_SESSION['2faclientid'] = $login_uid;
$_SESSION['2farememberme'] = $whmcs->get_req_var("rememberme");
return false;
}
if (!isset($_SESSION['adminid'])) {
$fullhost = gethostbyaddr($whmcs->get_user_ip());
update_query("tblclients", array("lastlogin" => "now()", "ip" => $whmcs->get_user_ip(), "host" => $fullhost), array("id" => $login_uid));
}
$_SESSION['uid'] = $login_uid;
if ($login_cid) {
$_SESSION['cid'] = $login_cid;
}
$haship = $CONFIG['DisableSessionIPCheck'] ? "" : $whmcs->get_user_ip();
$_SESSION['upw'] = sha1($login_uid . $login_cid . $login_pwd . $haship . substr(sha1($whmcs->get_hash()), 0, 20));
if (!isset($_SESSION['adminid'])) {
set_token(genRandomVal());
}
if ($language && !isset($_SESSION['adminid'])) {
$_SESSION['Language'] = $language;
}
run_hook("ClientLogin", array("userid" => $login_uid));
return true;
}
}
if ($login_uid) {
logActivity("Failed Login Attempt - User ID: " . $login_uid, $login_uid);
}
return false;
}
