function pass_save()
{
global $smarty;
$user = user_isonline();
$oldpass = @$_POST['oldpass'];
$pass = @$_POST['loginpass'];
$pass2 = @$_POST['loginpass2'];
if ($pass == '') {
pass_main(_('Please enter new password'));
return false;
}
if ($pass != $pass2) {
pass_main(_('New password does not match'));
return false;
}
if (user_encrypt($oldpass) != $user['loginpass']) {
pass_main(_('Current password is not correct'));
return false;
}
$ret = user_passwd($user['id'], $pass);
if ($ret !== true) {
vpn_log($ret);
pass_main(_("<p>{$ret}</p>" . '<p>There is an error occur, please contact us for help if you need.</p>'));
return false;
}
$smarty->assign('tip_title', _('Successed'));
$smarty->assign('tip_msg', _('Login password successfully changed'));
$smarty->assign('redirect_url', 'account.php');
$smarty->display('tip.html');
}
public function login()
{
//Gather data from AJAX
$data = json_decode(file_get_contents('php://input'), true);
$return['error'] = -3;
$return['value'] = null;
//Sanitise inputs
$result = $this->checkInput($data, array('username', 'password'));
if ($result == '') {
//Check if UID exists
$uid = getUserUID($data['username']);
if ($uid == null) {
$return['error'] = -2;
$return['value'] = "Invalid credentials";
} else {
$saltedPw = crypt($data['password'], getSalt($data['username']));
if (checkSaltedPass($data['username'], $saltedPw)) {
//Generates salt for username
$salt = $this->generateSalt();
//Authenticated token
$token = $data['username'] . $salt;
//Authentication information
$cookievars['username'] = $data['username'];
$cookievars['salt'] = $salt;
//Creates cookie with name of authenticated token,
setcookie(user_encrypt($token), json_encode($cookievars), 0, "/");
//Returns with authenticated token
$return['error'] = 0;
$return['value'] = user_encrypt($token);
} else {
$return['error'] = -2;
$return['value'] = "Invalid credentials";
}
}
} else {
$return['error'] = -1;
$return['value'] = $result;
}
$jsonstring = json_encode($return);
echo $jsonstring;
}
/**
* 新建用户
*
* @return 成功返回 true,失败返回错误信息
*/
function user_add($email, $pass)
{
$qemail = addslashes($email);
$qpass = addslashes(user_encrypt($pass));
$ts = time(NULL);
$sql = "SELECT * FROM account WHERE email='{$qemail}'";
$res = db_query($sql);
if ($res == false) {
return _('Can create user while querying DB');
}
if (db_num_rows($res) > 0) {
return _('The user/email is exists');
}
$credit = DEFAULT_USER_CREDIT * 100;
$sql = "INSERT INTO account (email, regtime, loginpass, credit) VALUES ('{$qemail}', {$ts}, '{$qpass}', {$credit})";
$res = db_query($sql);
if ($res == false) {
return _('Can create user while updating DB');
}
return true;
}
