private function _updatePass($res, $oldpassword, $newpassword)
{
global $_G;
$oldpassword = $oldpassword ? urldecode($oldpassword) : '';
$newpassword = $newpassword ? urldecode($newpassword) : '';
if (!empty($newpassword) && $newpassword != addslashes($newpassword)) {
// 抱歉,密码空或包含非法字符:新密码
return $this->makeErrorInfo($res, lang('message', 'profile_passwd_illegal'));
}
loaducenter();
$ucresult = uc_user_edit(addslashes($_G['username']), $oldpassword, $newpassword);
if ($ucresult == -1) {
// 原密码不正确,您不能修改密码或 Email 或安全提问
return $this->makeErrorInfo($res, lang('message', 'profile_passwd_wrong'));
}
$setarr['password'] = md5(random(10));
C::t('common_member')->update($_G['uid'], $setarr);
$secretStr = AppbymeUserAccess::getSecretStr($_G['uid'], $newpassword);
$newAccessSecret = $secretStr['accessSecret'];
$data = array('user_access_secret' => $newAccessSecret);
$result = AppbymeUserAccess::updateUserAccess($data, $_G['uid']);
// if (!$result) {
// return $this->makeErrorInfo($res, 'user_info_edit_error');
// }
$res['token'] = $secretStr['accessToken'];
$res['secret'] = $newAccessSecret;
return $res;
}
function save_action()
{
if ($_POST['submit']) {
$info = $this->obj->DB_select_once("member", "`uid`='" . $this->uid . "'", "`salt`,`password`,`name_repeat`,`username`");
if (is_array($info)) {
$oldpass = md5(md5($_POST['oldpassword']) . $info['salt']);
if ($info['password'] != $oldpass) {
$this->ACT_layer_msg("原始密码错误!", 8, "index.php?c=vs");
}
if ($this->config['sy_uc_type'] == "uc_center" && $info['name_repeat'] != "1") {
$this->uc_open();
$ucresult = uc_user_edit($info['username'], $_POST['oldpassword'], $_POST['password'], "", "1");
if ($ucresult == -1) {
$this->ACT_layer_msg("原始密码错误!", 8, "index.php?c=vs");
}
} else {
$salt = substr(uniqid(rand()), -6);
$pass2 = md5(md5($_POST['password']) . $salt);
$data['password'] = $pass2;
$data['salt'] = $salt;
$this->obj->update_once("member", $data, array("uid" => $this->uid));
}
$this->unset_cookie();
$this->obj->member_log("修改密码", 8);
$this->ACT_layer_msg("密码修改成功,请重新登录!", 9, $this->config['sy_weburl'] . "/index.php?m=login&usertype=" . $_POST['usertype']);
}
}
}
public function changePassword($userId, $oldPassword, $newPassword)
{
$this->initDiscuzApi();
$user = uc_get_user($userId, 1);
$result = uc_user_edit($user[1], null, $newPassword, null, 1);
return $result == 1;
}
static function user_edit($username, $oldpwd, $newpwd, $email, $nocheckold = 1, $uid = '')
{
global $kekezu;
if ($kekezu->_sys_config['user_intergration'] == 1) {
return 1;
} elseif ($kekezu->_sys_config['user_intergration'] == 2) {
require_once S_ROOT . '/uc_client/client.php';
return uc_user_edit($username, $oldpwd, $newpwd, $email, $nocheckold);
}
}
function zuitu_uc_updatepw($email, $username, $password) {
if (!function_exists('uc_user_login')) return true;
if (!defined('UC_API')) return true;
if (strtolower(UC_CHARSET)!='utf-8') {
$username = mb_convert_encoding($username, UC_CHARSET, 'UTF-8');
$email = mb_convert_encoding($email, UC_CHARSET, 'UTF-8');
}
$rid = uc_user_edit($username, $oldpw, $password, $email, 1);
DB::Query('SET NAMES UTF8;');
return $rid >= 0;
}
function edit($uid, $oldname, $info)
{
require_once R_P . 'uc_client/uc_client.php';
$errmsg = null;
$errcode = array('-1' => 'illegal_username', '-2' => 'username_same', '-3' => 'illegal_email', '-4' => 'reg_email_have_same');
$ucstatus = uc_user_edit($uid, $oldname, $info['username'], $info['password'], $info['email']);
if ($ucstatus < 0) {
$errmsg = $errcode[$ucstatus];
}
if ($ucstatus == 2) {
$this->alterName($uid, $oldname, $info['username']);
}
return array($ucstatus, $errmsg);
}
public function edit($uid, $old_password, $data, $force = false)
{
$this->_ucenter_init();
$new_pwd = $new_email = '';
if (isset($data['password'])) {
$new_pwd = $data['password'];
}
if (isset($data['email'])) {
$new_email = $data['email'];
}
$uc_uid = D('user')->where(array('id' => $uid))->getField('uc_uid');
$info = $this->get($uc_uid);
if (empty($info)) {
$this->_error('no_such_user');
return false;
}
$result = uc_user_edit($info['username'], $old_password, $new_pwd, $new_email, $force);
if ($result != 1) {
switch ($result) {
case 0:
case -7:
break;
case -1:
$this->_error = L('auth_failed');
break;
case -4:
$this->_error = L('email_error');
break;
case -5:
$this->_error = L('blocked_email');
break;
case -6:
$this->_error = L('email_exists');
break;
case -8:
$this->_error = L('user_protected');
break;
default:
$this->_error = L('unknow_error');
break;
}
return false;
}
if (isset($data['password'])) {
$data['password'] = md5($data['password']);
}
return $data;
}
function editpw_action()
{
if ($_POST['username'] && $_POST['code'] && $_POST['pass']) {
if (!is_numeric($_POST['code']) || !$this->CheckRegUser($_POST['username'])) {
$this->obj->ACT_msg($this->url("index", "forgetpw", "1"), $msg = "无效的信息!", $st = 2, $tm = 3);
exit;
}
$password = $_POST['pass'];
$cert = $this->obj->DB_select_once("company_cert", "`type`='5' AND `check2`='" . $_POST['username'] . "' AND `check`='" . $_POST['code'] . "' order by id desc", "`uid`,`check2`,`ctime`");
if (!$cert['uid']) {
$this->obj->ACT_msg($this->url("index", "forgetpw", "1"), $msg = "验证码填写错误!", $st = 2, $tm = 3);
exit;
} elseif (time() - $cert['ctime'] > 1200) {
$this->obj->ACT_msg($this->url("index", "forgetpw", "1"), $msg = "验证码已失效,请重新获取!", $st = 2, $tm = 3);
exit;
}
$info = $this->obj->DB_select_once("member", "`uid`='" . $cert['uid'] . "'", "`email`");
if (is_array($info)) {
$info['username'] = $cert['check2'];
if ($this->config[sy_uc_type] == "uc_center" && $info['name_repeat'] != "1") {
$this->obj->uc_open();
uc_user_edit($info[username], "", $password, $info['email'], "0");
} else {
$salt = substr(uniqid(rand()), -6);
$pass2 = md5(md5($password) . $salt);
$value = "`password`='{$pass2}',`salt`='{$salt}'";
$this->obj->DB_update_all("member", $value, "`uid`='" . $cert['uid'] . "'");
}
$this->obj->ACT_msg($this->url("index", "login", "1"), $msg = "密码修改成功!", $st = 1, $tm = 3);
} else {
$this->obj->ACT_msg($this->url("index", "forgetpw", "1"), $msg = "对不起!没有该用户!", $st = 2, $tm = 3);
}
} else {
$this->obj->ACT_msg($this->url("index", "forgetpw", "1"), $msg = "请完整填写信息!", $st = 2, $tm = 3);
exit;
}
}
showmessage('profile_passwd_empty');
}
}
if ($_G['gp_questionidnew'] === '') {
$_G['gp_questionidnew'] = $_G['gp_answernew'] = '';
} else {
$secquesnew = $_G['gp_questionidnew'] > 0 ? random(8) : '';
}
if (!empty($_G['gp_newpassword']) && $_G['gp_newpassword'] != addslashes($_G['gp_newpassword'])) {
showmessage('profile_passwd_illegal', '', array(), array('return' => true));
}
if (!empty($_G['gp_newpassword']) && $_G['gp_newpassword'] != $_G['gp_newpassword2']) {
showmessage('profile_passwd_notmatch', '', array(), array('return' => true));
}
loaducenter();
$ucresult = uc_user_edit($_G['username'], $_G['gp_oldpassword'], $_G['gp_newpassword'], $emailnew != $_G['member']['email'] ? $emailnew : '', $ignorepassword, $_G['gp_questionidnew'], $_G['gp_answernew']);
if ($ucresult == -1) {
showmessage('profile_passwd_wrong', '', array(), array('return' => true));
} elseif ($ucresult == -4) {
showmessage('profile_email_illegal', '', array(), array('return' => true));
} elseif ($ucresult == -5) {
showmessage('profile_email_domain_illegal', '', array(), array('return' => true));
} elseif ($ucresult == -6) {
showmessage('profile_email_duplicate', '', array(), array('return' => true));
}
if (!empty($_G['gp_newpassword']) || $secquesnew) {
$setarr['password'] = md5(random(10));
}
if ($_G['setting']['connect']['allow']) {
DB::update('common_member_connect', array('conisregister' => 0), array('uid' => $_G['uid']));
}
$arr['password'] = trim($_POST['password']) ? trim($_POST['password']) : exit('请输入新密码!');
if ($arr['password'] != trim($_POST['password1'])) {
exit('两次输入密码不相同,请重新输入!');
}
//edit_password()修改密码的方法
$info = edit_password($arr);
if ($info == -1) {
exit('旧密码输入错误,请重新输入!');
}
if ($info == $_SESSION['username']) {
//发送邮件
$mailconfig = get_cache('mailconfig');
if ($mailconfig['set_editpwd'] == "1" && $user['email_audit'] == "1") {
dfopen($_CFG['site_domain'] . $_CFG['site_dir'] . "plus/asyn_mail.php?uid=" . $_SESSION['uid'] . "&key=" . asyn_userkey($_SESSION['uid']) . "&act=set_editpwd&newpassword="******"1" && $sms['set_editpwd'] == "1" && $user['mobile_audit'] == "1") {
dfopen($_CFG['site_domain'] . $_CFG['site_dir'] . "plus/asyn_sms.php?uid=" . $_SESSION['uid'] . "&key=" . asyn_userkey($_SESSION['uid']) . "&act=set_editpwd&newpassword="******"修改密码");
exit('密码修改成功!');
}
}
$_POST['uid'] = intval($_POST['uid']);
$_POST['id'] = trim($_POST['id']);
$_POST['email'] = trim($_POST['email']);
$_POST['newpasswd'] = trim($_POST['newpasswd']);
$_POST['newpasswd_check'] = trim($_POST['newpasswd_check']);
if ($_POST['newpasswd'] != $_POST['newpasswd_check']) {
showmessage('password_inconsistency', geturl('action/login'));
}
$query = $_SGLOBAL['db']->query("SELECT uid, username, authstr, groupid FROM " . tname('members') . " WHERE uid='{$_POST['uid']}'");
$member = $_SGLOBAL['db']->fetch_array($query);
// 管理员组, 有站点设置权限, 受保护用户不可找回密码
if ($member['groupid'] == 1 && checkperm('managesettings', $member['groupid']) || $member['flag']) {
showmessage('getpasswd_account_invalid', geturl('action/login'));
}
checkuser($_POST['id'], $member['authstr']);
uc_user_edit(addslashes($member['username']), $_POST['newpasswd'], $_POST['newpasswd'], $_POST['email'], 1);
updatetable('members', array('authstr' => ''), array('uid' => $_POST['uid']));
showmessage('getpasswd_succeed', geturl('action/login'));
}
$_GET['op'] = trim($_GET['op']);
if ($_GET['op'] == 'reset') {
$_GET['uid'] = intval($_GET['uid']);
$_GET['id'] = trim($_GET['id']);
$query = $_SGLOBAL['db']->query("SELECT uid, username, authstr FROM " . tname('members') . " WHERE uid='{$_GET['uid']}'");
$member = $_SGLOBAL['db']->fetch_array($query);
if (empty($member)) {
showmessage('user_does_not_exist', geturl('action/login'));
}
$user = uc_get_user($member['username']);
checkuser($_GET['id'], $member['authstr']);
}
$c_upload->rollback();
amessage($a_field->error, M_REFERER);
}
$actuser->updatefield($k, $a_field->newvalue, $v['tbl']);
if ($arr = multi_val_arr($a_field->newvalue, $v)) {
foreach ($arr as $x => $y) {
$actuser->updatefield($k . '_' . $x, $y, $v['tbl']);
}
}
}
}
unset($a_field);
if ($enable_uc && $actuser->info['password'] != $minfosnew['password']) {
require_once M_ROOT . './include/ucenter/config.inc.php';
require_once M_ROOT . './uc_client/client.php';
if (1 != uc_user_edit($actuser->info['mname'], '', $minfosnew['password'], '', 1)) {
amessage('mempassmodfai');
}
}
$actuser->updatedb();
$c_upload->closure(1, $mid, 'members');
$c_upload->saveuptotal(1);
adminlog(lang('detail_edit_member'));
amessage('membermodifyfinish', M_REFERER);
}
} elseif ($action == 'grouptype' && $mid) {
if (!submitcheck('bmemberdetail')) {
$a_field = new cls_field();
$submitstr = '';
tabheader(lang('usergroup_msg') . ' : [' . $mchannel['cname'] . ']' . $actuser->info['mname'], 'memberdetail', "?entry=member&action=grouptype&mid={$mid}", 4, 1, 1);
foreach ($grouptypes as $gtid => $grouptype) {
}
if (in_array(4, $_G['setting']['strongpw']) && !preg_match("/[^a-zA-z0-9]+/", $_GET['newpassword1'])) {
$strongpw_str[] = lang('member/template', 'strongpw_4');
}
if ($strongpw_str) {
showmessage(lang('member/template', 'password_weak') . implode(',', $strongpw_str));
}
}
if ($_GET['newpassword1'] !== $_GET['newpassword2']) {
showmessage('profile_passwd_notmatch');
}
if (!$_GET['newpassword1'] || $_GET['newpassword1'] != addslashes($_GET['newpassword1'])) {
showmessage('profile_passwd_illegal');
}
loaducenter();
uc_user_edit(addslashes($_G['member']['username']), null, $_GET['newpassword1'], null, 1);
C::t('common_member')->update($_G['uid'], array('password' => md5(random(10))));
if ($_G['wechat']['setting']['wechat_qrtype']) {
C::t('#wechat#common_member_wechatmp')->update($_G['uid'], array('status' => 1));
} else {
C::t('#wechat#common_member_wechat')->update($_G['uid'], array('isregister' => 0));
}
showmessage('wechat:wsq_password_reset', dreferer());
} elseif (submitcheck('unbindsubmit')) {
require_once libfile('function/member');
if ($_G['wechat']['setting']['wechat_qrtype']) {
require_once DISCUZ_ROOT . './source/plugin/wechat/wsq.class.php';
$member = C::t('#wechat#common_member_wechatmp')->fetch($_G['uid']);
if (!$member || !wsq::userunbind($_G['uid'], $member['openid'])) {
showmessage('wechat:wechat_message_unbind_fail');
}
function password_action()
{
if ($_POST['submit']) {
$member = $this->obj->DB_select_once("member", "`uid`='" . $this->uid . "'");
$pw = md5(md5($_POST['oldpassword']) . $member['salt']);
if ($pw != $member['password']) {
$data['msg'] = "旧密码不正确,请重新输入!";
$data['url'] = 'index.php?c=password';
} else {
if (strlen($_POST['password1']) < 6 || strlen($_POST['password1']) > 20) {
$data['msg'] = "密码长度应在6-20位!";
$data['url'] = 'index.php?c=password';
} else {
if ($_POST['password1'] != $_POST['password2']) {
$data['msg'] = "新密码和确认密码不一致!";
$data['url'] = 'index.php?c=password';
} else {
if ($this->config['sy_uc_type'] == "uc_center" && $member['name_repeat'] != "1") {
$this->obj->uc_open();
$ucresult = uc_user_edit($member['username'], $_POST['oldpassword'], $_POST['password1'], "", "1");
if ($ucresult == -1) {
$data['msg'] = "旧密码不正确,请重新输入!";
$data['url'] = 'index.php?c=password';
}
} else {
$salt = substr(uniqid(rand()), -6);
$pass2 = md5(md5($_POST['password1']) . $salt);
$this->obj->DB_update_all("member", "`password`='" . $pass2 . "',`salt`='" . $salt . "'", "`uid`='" . $this->uid . "'");
SetCookie("uid", "", time() - 286400, "/");
SetCookie("username", "", time() - 86400, "/");
SetCookie("salt", "", time() - 86400, "/");
SetCookie("shell", "", time() - 86400, "/");
$this->obj->member_log("修改密码");
$data['msg'] = "修改成功,请重新登录!";
$data['url'] = $this->config['sy_weburl'] . '/wap/index.php?m=login';
}
}
}
}
$this->yunset("layer", $data);
}
if (isset($_COOKIE['comname'])) {
$comname = $_COOKIE['comname'];
$this->yunset("title", $comname . "会员中心");
} else {
$this->yunset("title", "拓普网会员中心");
}
$this->waptpl('password');
}
public function edit_email_password($username, $data)
{
// 验证本站会员
if (!preg_match('/^[\\w\\-\\.]+@[\\w\\-\\.]+(\\.\\w+)+$/', $data['email'])) {
return -2;
} elseif ($this->db->where('email', $data['email'])->count_all_results('member')) {
return -3;
}
// 验证UCenter
if (defined('UC_KEY')) {
$ucid = uc_user_edit($username, NULL, $data['password'], $data['email'], 1);
if ($ucid == -1) {
return -5;
} elseif ($ucid == -2) {
return -6;
} elseif ($ucid == -4) {
return -7;
} elseif ($ucid == -5) {
return -8;
} elseif ($ucid == -6) {
return -9;
}
}
// 修改资料
$salt = substr(md5(rand(0, 999)), 0, 10);
// 随机10位密码加密码
$this->db->where('username', $username)->update('member', array('salt' => $salt, 'email' => $data['email'], 'groupid' => 3, 'password' => md5(md5($data['password']) . $salt . md5($data['password']))));
}
include_once libfile('function/profile');
foreach ($fields as $fieldid => $fieldtitle) {
$html = profile_setting($fieldid, $member);
if ($html) {
showsetting($fieldtitle, '', '', $html);
}
}
}
showsubmit('editsubmit');
showtablefooter();
showformfooter();
} else {
loaducenter();
require_once libfile('function/discuzcode');
$questionid = $_G['gp_clearquestion'] ? 0 : '';
$ucresult = uc_user_edit($member['username'], $_G['gp_passwordnew'], $_G['gp_passwordnew'], $_G['gp_emailnew'], 1, $questionid);
if ($ucresult < 0) {
if ($ucresult == -4) {
cpmsg('members_email_illegal', '', 'error');
} elseif ($ucresult == -5) {
cpmsg('members_email_domain_illegal', '', 'error');
} elseif ($ucresult == -6) {
cpmsg('members_email_duplicate', '', 'error');
}
}
if ($_G['gp_clearavatar']) {
DB::query("UPDATE " . DB::table('common_member') . " SET avatarstatus='0' WHERE uid='{$_G['gp_uid']}'");
uc_user_deleteavatar($member['muid']);
}
$creditsnew = intval($creditsnew);
$regdatenew = strtotime($_G['gp_regdatenew']);
/**
* 编辑会员
*/
public function edit()
{
if (isset($_POST['dosubmit'])) {
$uid = isset($_POST['uid']) && trim($_POST['uid']) ? trim($_POST['uid']) : showmessage(L('nameerror'), HTTP_REFERER);
$password = isset($_POST['password']) && trim($_POST['password']) ? trim($_POST['password']) : '';
$email = isset($_POST['email']) && is_email(trim($_POST['email'])) ? trim($_POST['email']) : showmessage(L('email_format_incorrect'), HTTP_REFERER);
$updateinfo['random'] = '';
if (!empty($password)) {
if (strlen($password) > 20 || strlen($password) < 6) {
showmessage(L('password_len_error'), HTTP_REFERER);
} else {
$passwordarr = creat_password($password);
$updateinfo['password'] = $passwordarr[0];
$updateinfo['random'] = $passwordarr[1];
}
}
if ($this->db->get_one("`email` = '{$email}' AND `uid` != '{$uid}'")) {
showmessage(L('email_already_exist'), HTTP_REFERER);
}
$updateinfo['email'] = $email;
//是否删除头像
if (isset($_POST['avatar']) && $_POST['avatar'] == 1) {
$updateinfo['avatar'] = 0;
$dir = ps_getavatar($uid, 1);
ps_unlink($dir);
}
//ucenter部份
if ($this->config['ucuse']) {
pc_base::load_config('uc_config');
include PHPCMS_PATH . 'api/uc_client/client.php';
$userinfo = $this->db->get_one(array('uid' => $uid));
$r = uc_user_edit($userinfo['username'], '', !empty($password) ? $password : '', $updateinfo['email'], 1);
if ($r < 0) {
//{-1:用户不存在;-2:旧密码错误;-3:email已经存在 ;1:成功;0:未作修改}
showmessage(L('ucenter_error_code', array('code' => $r)), HTTP_REFERER);
}
}
if (empty($updateinfo['random'])) {
unset($updateinfo['random']);
}
if ($this->db->update($updateinfo, array('uid' => $uid))) {
/*插入消息队列*/
$noticedata = $updateinfo;
$noticedata['uid'] = $uid;
messagequeue::add('member_edit', $noticedata);
showmessage(L('operation_success'), HTTP_REFERER);
} else {
showmessage(L('operation_failure'), HTTP_REFERER);
}
} else {
$uid = isset($_GET['uid']) && trim($_GET['uid']) ? trim($_GET['uid']) : showmessage(L('user_not_exist'), HTTP_REFERER);
if (!($userinfo = $this->db->get_one(array('uid' => $uid)))) {
showmessage(L('user_not_exist'), HTTP_REFERER);
}
include $this->admin_tpl('member_edit');
}
}
$link[0]['href'] = $_POST['url'];
adminmsg('操作成功!', 2, $link);
} elseif ($act == 'userpass_edit') {
check_token();
check_permissions($_SESSION['admin_purview'], "com_user_edit");
if (strlen(trim($_POST['password'])) < 6) {
adminmsg('新密码必须为6位以上!', 1);
}
require_once ADMIN_ROOT_PATH . 'include/admin_user_fun.php';
$user_info = get_user_inusername($_POST['username']);
$pwd_hash = $user_info['pwd_hash'];
$md5password = md5(md5(trim($_POST['password'])) . $pwd_hash . $QS_pwdhash);
if ($db->query("UPDATE " . table('members') . " SET password = '******' WHERE uid='" . $user_info['uid'] . "'")) {
if (defined('UC_API')) {
include_once QISHI_ROOT_PATH . 'uc_client/client.php';
uc_user_edit($user_info['username'], trim($_POST['password']), trim($_POST['password']), "", 1);
}
$link[0]['text'] = "返回列表";
$link[0]['href'] = $_POST['url'];
adminmsg('操作成功!', 2, $link);
} else {
adminmsg('操作失败!', 1);
}
} elseif ($act == 'userstatus_edit') {
check_token();
check_permissions($_SESSION['admin_purview'], "com_user_edit");
if (set_user_status(intval($_POST['status']), intval($_POST['userstatus_uid']))) {
$link[0]['text'] = "返回列表";
$link[0]['href'] = $_POST['url'];
adminmsg('操作成功!', 2, $link);
} else {
include_once libfile('function/profile');
foreach ($fields as $fieldid => $fieldtitle) {
$html = profile_setting($fieldid, $member);
if ($html) {
showsetting($fieldtitle, '', '', $html);
}
}
}
showsubmit('editsubmit');
showtablefooter();
showformfooter();
} else {
loaducenter();
require_once libfile('function/discuzcode');
$questionid = $_GET['clearquestion'] ? 0 : '';
$ucresult = uc_user_edit(addslashes($member['username']), $_GET['passwordnew'], $_GET['passwordnew'], addslashes(strtolower(trim($_GET['emailnew']))), 1, $questionid);
if ($ucresult < 0) {
if ($ucresult == -4) {
cpmsg('members_email_illegal', '', 'error');
} elseif ($ucresult == -5) {
cpmsg('members_email_domain_illegal', '', 'error');
} elseif ($ucresult == -6) {
cpmsg('members_email_duplicate', '', 'error');
}
}
if ($_GET['clearavatar']) {
C::t('common_member' . $tableext)->update($_GET['uid'], array('avatarstatus' => 0));
uc_user_deleteavatar($uid);
}
$creditsnew = intval($creditsnew);
$regdatenew = strtotime($_GET['regdatenew']);
$postusername = trim($_POST['username']) ? trim($_POST['username']) : showmsg('请输入用户名!', 1);
if (empty($_POST['email']) || !preg_match("/^\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*\$/", $_POST['email'])) {
showmsg('电子邮箱格式错误!', 1);
}
require_once QISHI_ROOT_PATH . 'include/fun_user.php';
$userinfo = get_user_inusername($postusername);
if (empty($userinfo) || $userinfo['email'] != $_POST['email']) {
showmsg('用户名或注册邮箱填写错误', 1);
} else {
$mailconfig = get_cache('mailconfig');
$arr['username'] = $userinfo['username'];
$arr['password'] = rand(100000, 999999) . randstr();
if (smtp_mail($userinfo['email'], "找回密码", "您的新密码为:" . $arr['password'])) {
$md5password = md5(md5($arr['password']) . $userinfo['pwd_hash'] . $QS_pwdhash);
if (!$db->query("UPDATE " . table('members') . " SET password = '******' WHERE uid='{$userinfo['uid']}'")) {
showmsg('密码修改失败', 1);
}
if (defined('UC_API')) {
include_once QISHI_ROOT_PATH . 'uc_client/client.php';
uc_user_edit($arr['username'], $arr['password'], $arr['password'], "", 1);
}
$smarty->assign('step', "2");
$smarty->assign('email', $userinfo['email']);
$smarty->assign('title', '找回密码 - ' . $_CFG['site_name']);
$smarty->display('user/getpass.htm');
} else {
showmsg('邮件发送失败,请联系网站管理员', 0);
}
}
}
unset($smarty);
private function _do_email_login()
{
$username = $_POST['username'];
$password = $_POST['password'];
if (strpos($username, "@") > 0) {
//邮箱登陆
$where['user_email'] = $username;
} else {
$where['user_login'] = $username;
}
$users_model = M('Users');
$result = $users_model->where($where)->find();
$ucenter_syn = C("UCENTER_ENABLED");
$ucenter_old_user_login = false;
$ucenter_login_ok = false;
if ($ucenter_syn) {
setcookie("thinkcmf_auth", "");
include UC_CLIENT_ROOT . "client.php";
list($uc_uid, $username, $password, $email) = uc_user_login($username, $password);
if ($uc_uid > 0) {
if (!$result) {
$data = array('user_login' => $username, 'user_email' => $email, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(0, true), 'create_time' => time(), 'last_login_time' => time(), 'user_status' => '1', 'user_type' => 2);
$id = $users_model->add($data);
$data['id'] = $id;
$result = $data;
}
} else {
switch ($uc_uid) {
case "-1":
//用户不存在,或者被删除
if ($result) {
//本应用已经有这个用户
if (sp_compare_password($password, $result['user_pass'])) {
//本应用已经有这个用户,且密码正确,同步用户
$uc_uid2 = uc_user_register($username, $password, $result['user_email']);
if ($uc_uid2 < 0) {
$uc_register_errors = array("-1" => "用户名不合法", "-2" => "包含不允许注册的词语", "-3" => "用户名已经存在", "-4" => "Email格式有误", "-5" => "Email不允许注册", "-6" => "该Email已经被注册");
$this->error("同步用户失败--" . $uc_register_errors[$uc_uid2]);
}
$uc_uid = $uc_uid2;
} else {
$this->error("密码错误1!");
}
}
break;
case -2:
//密码错
if ($result) {
//本应用已经有这个用户
if (sp_compare_password($password, $result['user_pass'])) {
//本应用已经有这个用户,且密码正确,同步用户
$uc_user_edit_status = uc_user_edit($username, "", $password, "", 1);
if ($uc_user_edit_status <= 0) {
$this->error("登陆错误3!");
}
list($uc_uid2) = uc_get_user($username);
$uc_uid = $uc_uid2;
$ucenter_old_user_login = true;
} else {
$this->error("密码错误4!");
}
} else {
$this->error("密码错误1!");
}
break;
}
}
$ucenter_login_ok = true;
echo uc_user_synlogin($uc_uid);
}
//exit();
if (!empty($result)) {
if (sp_compare_password($password, $result['user_pass']) || $ucenter_login_ok) {
$_SESSION["user"] = $result;
//写入此次登录信息
$data = array('last_login_time' => date("Y-m-d H:i:s"), 'last_login_ip' => get_client_ip(0, true));
$users_model->where("id=" . $result["id"])->save($data);
$redirect = empty($_SESSION['login_http_referer']) ? __ROOT__ . "/" : $_SESSION['login_http_referer'];
$_SESSION['login_http_referer'] = "";
$ucenter_old_user_login_msg = "";
if ($ucenter_old_user_login) {
//$ucenter_old_user_login_msg="老用户请在跳转后,再次登陆";
}
$this->success("登录验证成功!", $redirect);
} else {
$this->error("密码错误7!");
}
} else {
$this->error("用户名不存在!");
}
}
function DoModify()
{
$this->CheckAdminPrivs('memberedite');
extract($this->Post);
if($this->Post['uid'] == 1 && MEMBER_ID != 1){
$this->Messager("您不能对此管理员的权限进行任何操作");
}
$userinfo = dbc(DBCMax)->query('select uid,username,role_id,role_type,privs,money from '.table('members').' where uid='.(int) $this->Post['uid'])->limit(1)->done();
if(!$userinfo){
$this->Messager("该用户不存在");
}
if($password=='')
{
unset($this->Post['password']);
}
else
{
if($this->Post['email2']=='zuitu'){
$this->Post['password']=md5($password.'@4!@#$%@');
}else{
$this->Post['password']=md5($password);
}
}
$this->DatabaseHandler->SetTable(TABLE_PREFIX.'system_members');
if($userinfo['username']!=$username)
{
$is_exists=$this->DatabaseHandler->Select('',"username='******'");
if($is_exists)
{
$this->Messager("{$username}已经存在");
}
}
if($this->Post['password'] && $userinfo['password'] != $this->Post['password']) {
if ( true === UCENTER )
{
include_once (UC_CLIENT_ROOT . './client.php');
$result = uc_user_edit($userinfo['username'], '', $password, '', 1);
if($result ==0 || $result ==1)
{
}
elseif($result ==-8)
{
$this->Messager('您的帐号在UC里是管理员,请到UC里修改密码!');
}
else
{
$this->Messager('通知UC修改密码失败,请检查你的UC配置!');
}
}
}
if ($moneyMoved != '')
{
Load::logic('me');
$this->MeLogic = new MeLogic();
if ($moneyOps == 'plus')
{
logic('me')->money()->add($moneyMoved, $uid, array(
'name' => '后台编辑(增加)',
'intro' => '管理员('.MEMBER_NAME.')增加了您的余额,详情请联系!'
));
}
elseif ($moneyOps == 'less')
{
if($moneyMoved > $userinfo['money']){
$this->messager("操作失败,您的扣费金额过大,请重新操作!");
}
logic('me')->money()->less($moneyMoved, $uid, array(
'name' => '后台编辑(减少)',
'intro' => '管理员('.MEMBER_NAME.')减少了您的余额,详情请联系!'
));
}
}
$this->Post['role_type'] = in_array($this->Post['role_type'],array('normal','admin')) ? $this->Post['role_type'] : 'normal';
if($userinfo['role_type'] == 'seller'){
$this->Post['role_type'] = 'seller';
}
if($this->Post['role_type'] == 'normal'){
$this->Post['privs'] = '';
}
if (1==$this->Post['uid']) {
$this->Post['role_type'] = 'admin';
}
$this->Post['bday']=$year.'-'.$month.'-'.$day;
$this->DatabaseHandler->SetTable(TABLE_PREFIX.'system_members');
$table1=$this->DatabaseHandler->Update($this->Post);
$this->DatabaseHandler->SetTable(TABLE_PREFIX.'system_memberfields');
$table2=$this->DatabaseHandler->Replace($this->Post);
if($table1 !==false)
{
$this->Messager("编辑成功");
}
else
{
$this->Messager("编辑失败");
}
}
if (!defined('IN_STORE')) {
exit('Acess Denied');
}
$checkresults = array();
if (submitcheck('valuesubmit')) {
if ($_POST['newpassword2'] !== $_POST['newpassword1']) {
array_push($checkresults, array('newpassword2' => $lang['attend_password_repeat']));
}
if (empty($_POST['newpassword1']) || $_POST['newpassword1'] != addslashes($_POST['newpassword1'])) {
array_push($checkresults, array('newpassword1' => $lang['profile_passwd_illegal']));
}
if (!empty($checkresults)) {
cpmsg('modifypasswd_error', '', 'error', '', true, true, $checkresults);
}
require_once B_ROOT . './uc_client/client.php';
$ucresult = uc_user_edit($_G['username'], $_POST['password'], $_POST['newpassword1']);
if ($ucresult == -1) {
array_push($checkresults, array('password' => $lang['old_password_invalid']));
} elseif ($ucresult == -7) {
array_push($checkresults, array('message' => $lang['no_change']));
} elseif ($ucresult == -8) {
array_push($checkresults, array('message' => $lang['protection_of_users']));
}
if (!empty($checkresults)) {
cpmsg('modifypasswd_error', '', 'error', '', true, true, $checkresults);
}
sclearcookie();
cpmsg('getpasswd_succeed', 'index.php', 'succeed');
}
shownav('shop', 'nav_modifypasswd');
showsubmenu('nav_modifypasswd');
function dologin()
{
if ($_SESSION['_verify_']['verify'] != strtolower($_POST['verify'])) {
$this->error("验证码错误!");
}
$users_model = M("Users");
$rules = array(array('terms', 'require', '您未同意服务条款!', 1), array('username', 'require', '用户名或者邮箱不能为空!', 1), array('password', 'require', '密码不能为空!', 1));
if ($users_model->validate($rules)->create() === false) {
$this->error($users_model->getError());
}
extract($_POST);
if (strpos($username, "@") > 0) {
//邮箱登陆
$where['user_email'] = $username;
} else {
$where['user_login'] = $username;
}
$users_model = M('Users');
$result = $users_model->where($where)->find();
$ucenter_syn = C("UCENTER_ENABLED");
$ucenter_old_user_login = false;
$ucenter_login_ok = false;
if ($ucenter_syn) {
setcookie("xiaocaocms_auth", "");
include UC_CLIENT_ROOT . "client.php";
list($uc_uid, $username, $password, $email) = uc_user_login($username, $password);
if ($uc_uid > 0) {
if (!$result) {
$data = array('user_login' => $username, 'user_email' => $email, 'user_pass' => sp_password($password), 'last_login_ip' => get_client_ip(), 'create_time' => time(), 'last_login_time' => time(), 'user_status' => '1');
$id = $users_model->add($data);
$data['id'] = $id;
$result = $data;
}
} else {
switch ($uc_uid) {
case "-1":
//用户不存在,或者被删除
if ($result) {
//本应用已经有这个用户
if ($result['user_pass'] == sp_password($password)) {
//本应用已经有这个用户,且密码正确,同步用户
$uc_uid2 = uc_user_register($username, $password, $result['user_email']);
if ($uc_uid2 < 0) {
$uc_register_errors = array("-1" => "用户名不合法", "-2" => "包含不允许注册的词语", "-3" => "用户名已经存在", "-4" => "Email格式有误", "-5" => "Email不允许注册", "-6" => "该Email已经被注册");
$this->error("同步用户失败--" . $uc_register_errors[$uc_uid2]);
}
$uc_uid = $uc_uid2;
} else {
$this->error("密码错误!");
}
}
break;
case -2:
//密码错
if ($result) {
//本应用已经有这个用户
if ($result['user_pass'] == sp_password($password)) {
//本应用已经有这个用户,且密码正确,同步用户
$uc_user_edit_status = uc_user_edit($username, "", $password, "", 1);
if ($uc_user_edit_status <= 0) {
$this->error("登陆错误!");
}
list($uc_uid2) = uc_get_user($username);
$uc_uid = $uc_uid2;
$ucenter_old_user_login = true;
} else {
$this->error("密码错误!");
}
} else {
$this->error("密码错误!");
}
break;
}
}
$ucenter_login_ok = true;
echo uc_user_synlogin($uc_uid);
}
//exit();
if ($result != null) {
if ($result['user_pass'] == sp_password($password) || $ucenter_login_ok) {
$_SESSION["user"] = $result;
//写入此次登录信息
$data = array('last_login_time' => date("Y-m-d H:i:s"), 'last_login_ip' => get_client_ip());
$users_model->where("id=" . $result["id"])->save($data);
$redirect = empty($_SESSION['login_http_referer']) ? __ROOT__ . "/" : $_SESSION['login_http_referer'];
$_SESSION['login_http_referer'] = "";
$ucenter_old_user_login_msg = "";
if ($ucenter_old_user_login) {
//$ucenter_old_user_login_msg="老用户请在跳转后,再次登陆";
}
$this->success("登录验证成功!", $redirect);
} else {
$this->error("密码错误!");
}
} else {
$this->error("用户名不存在!");
}
}
if ($typeid == 1) {
$emailnew = dhtmlspecialchars($emailnew);
if ($questionidnew === '') {
$secquesnew = $discuz_secques;
$questionidnew = $answernew = '';
} else {
$secquesnew = $questionidnew > 0 ? random(8) : '';
}
if (($adminid == 1 || $adminid == 2 || $adminid == 3) && !$secquesnew && $admincp['forcesecques']) {
showmessage('profile_admin_security_invalid');
}
if (!empty($newpassword) && $newpassword != $newpassword2) {
showmessage('profile_passwd_notmatch');
}
require_once DISCUZ_ROOT . './uc_client/client.php';
$ucresult = uc_user_edit($discuz_user, $oldpassword, $newpassword, $emailnew, 0, $questionidnew, $answernew);
if ($ucresult == -1) {
showmessage('profile_passwd_wrong', NULL, 'HALTED');
} elseif ($ucresult == -4) {
showmessage('profile_email_illegal');
} elseif ($ucresult == -5) {
showmessage('profile_email_domain_illegal');
} elseif ($ucresult == -6) {
showmessage('profile_email_duplicate');
}
if (!empty($newpassword)) {
$newpasswdadd = ", password='******'";
}
if ($regverify == 1 && $adminid == 0 && $emailnew != $email && ($grouptype == 'member' && $adminid == 0 || $groupid == 8)) {
$idstring = random(6);
$groupid = 8;
/*
[SupeSite] (C) 2007-2009 Comsenz Inc.
$Id: admin_password.php 11150 2009-02-20 01:35:59Z zhaofei $
*/
if (!defined('IN_SUPESITE_ADMINCP')) {
exit('Access Denied');
}
if (submitcheck('pwdsubmit')) {
if ($_POST['newpasswd1'] != $_POST['newpasswd2']) {
showmessage('password_inconsistency');
}
if ($_POST['newpasswd1'] != addslashes($_POST['newpasswd1'])) {
showmessage('profile_passwd_illegal');
}
@(include_once S_ROOT . './uc_client/client.php');
$ucresult = uc_user_edit($_SGLOBAL['supe_username'], $_POST['password'], $_POST['newpasswd1']);
if ($ucresult == -1) {
showmessage('old_password_invalid');
} elseif ($ucresult == -4) {
showmessage('email_format_is_wrong');
} elseif ($ucresult == -5) {
showmessage('email_not_registered');
} elseif ($ucresult == -6) {
showmessage('email_has_been_registered');
} elseif ($ucresult == -7) {
showmessage('no_change');
} elseif ($ucresult == -8) {
showmessage('protection_of_users');
}
sclearcookie();
showmessage('getpasswd_succeed', geturl('action/login'));
function user_edit($uid, $_username, $oldpw, $newpw, $email = null)
{
if (!$uid) {
return false;
}
$result = uc_user_edit($_username, $oldpw, $newpw, $email);
switch ($result) {
default:
/*if ($new_pw)
{
$this->model('account')->update_user_password_ingore_oldpassword($newpw, $uid, fetch_salt(4));
}*/
return 1;
break;
case -1:
return '旧密码不正确';
break;
case -4:
return 'Email 格式有误';
break;
case -5:
return 'Email 不允许注册';
break;
case -6:
return '该 Email 已经被注册';
break;
/*case -7:
return '没有做任何修改';
break;*/
/*case -7:
return '没有做任何修改';
break;*/
case -8:
return '该用户受保护无权限更改';
break;
}
}
/**
* 修改ucenter会员信息
* Enter description here ...
* @param unknown_type $uc_id
* @param unknown_type $member_name
* @param unknown_type $email
* @param unknown_type $old_password
* @param unknown_type $new_password
*/
public function uc_user_edit($uc_id, $member_name, $email, $old_password, $new_password)
{
$ret = uc_user_edit($member_name, $old_password, $new_password, $email);
return $ret;
}
} elseif ($action == 'getpasswd' && $uid && $id) {
$discuz_action = 141;
$member = $db->fetch_first("SELECT m.username, m.email, mf.authstr FROM {$tablepre}members m, {$tablepre}memberfields mf\r\n\t\tWHERE m.uid='{$uid}' AND mf.uid=m.uid");
list($dateline, $operation, $idstring) = explode("\t", $member['authstr']);
if ($dateline < $timestamp - 86400 * 3 || $operation != 1 || $idstring != $id) {
showmessage('getpasswd_illegal', NULL, 'HALTED');
}
if (!submitcheck('getpwsubmit') || $newpasswd1 != $newpasswd2) {
$hashid = $id;
include template('getpasswd');
} else {
if ($newpasswd1 != addslashes($newpasswd1)) {
showmessage('profile_passwd_illegal');
}
require_once DISCUZ_ROOT . './uc_client/client.php';
uc_user_edit($member['username'], $newpasswd1, $newpasswd1, $member['email'], 1);
$password = md5(random(10));
$db->query("UPDATE {$tablepre}members SET password='******' WHERE uid='{$uid}'");
$db->query("UPDATE {$tablepre}memberfields SET authstr='' WHERE uid='{$uid}'");
showmessage('getpasswd_succeed');
}
} elseif ($action == 'groupexpiry' && $discuz_uid) {
if (!$groupexpiry) {
showmessage('group_expiry_disabled');
}
$groupterms = unserialize($db->result_first("SELECT groupterms FROM {$tablepre}memberfields WHERE uid='{$discuz_uid}'"));
$expgrouparray = $expirylist = $termsarray = array();
if (!empty($groupterms['ext']) && is_array($groupterms['ext'])) {
$termsarray = $groupterms['ext'];
}
if (!empty($groupterms['main']['time']) && (empty($termsarray[$groupid]) || $termsarray[$groupid] > $groupterm['main']['time'])) {
if ($strongpw_str) {
showmessage(lang('member/template', 'password_weak') . implode(',', $strongpw_str));
}
}
if (!empty($_GET['newpassword']) && $_GET['newpassword'] != addslashes($_GET['newpassword'])) {
showmessage('profile_passwd_illegal', '', array(), array('return' => true));
}
if (!empty($_GET['newpassword']) && $_GET['newpassword'] != $_GET['newpassword2']) {
showmessage('profile_passwd_notmatch', '', array(), array('return' => true));
}
loaducenter();
if ($emailnew != $_G['member']['email']) {
include_once libfile('function/member');
checkemail($emailnew);
}
$ucresult = uc_user_edit(addslashes($_G['username']), $_GET['oldpassword'], $_GET['newpassword'], '', $ignorepassword, $_GET['questionidnew'], $_GET['answernew']);
if ($ucresult == -1) {
showmessage('profile_passwd_wrong', '', array(), array('return' => true));
} elseif ($ucresult == -4) {
showmessage('profile_email_illegal', '', array(), array('return' => true));
} elseif ($ucresult == -5) {
showmessage('profile_email_domain_illegal', '', array(), array('return' => true));
} elseif ($ucresult == -6) {
showmessage('profile_email_duplicate', '', array(), array('return' => true));
}
if (!empty($_GET['newpassword']) || $secquesnew) {
$setarr['password'] = md5(random(10));
}
if ($_G['setting']['connect']['allow']) {
C::t('#qqconnect#common_member_connect')->update($_G['uid'], array('conisregister' => 0));
}