/** * 检查指定用户是否存在及密码是否正确(重载基类check_user函数,支持zc加密方法) * * @access public * @param string $username 用户名 * * @return int */ function check_user($username, $password = null, $tm = '') { $tm_use_obj = new tm_user(); if ($this->charset != 'UTF8') { $post_username = ecs_iconv('UTF8', $this->charset, $username); } else { $post_username = $username; } if ($password === null) { $sql = "SELECT " . $this->field_id . " FROM " . $this->table($this->user_table) . " WHERE " . $this->field_name . "='" . $post_username . "'"; return $this->db->getOne($sql); } else { $sql = "SELECT user_id, password, salt,ec_salt " . " FROM " . $this->table($this->user_table) . " WHERE user_name='{$post_username}'"; $row = $this->db->getRow($sql); $ec_salt = $row['ec_salt']; if (empty($row)) { //查是否是天猫过来的用户 $post_username = TMUSER . $post_username; $sql = "SELECT user_id, password, salt,ec_salt " . " FROM " . $this->table($this->user_table) . " WHERE user_name='{$post_username}'"; $row = $this->db->getRow($sql); $ec_salt = $row['ec_salt']; if (empty($row)) { //通过接口检查用户是否存在 return $tm_use_obj->post_tm_user($username, $password); return 0; //好像这货没用了,留着吧 } } if (empty($row['salt'])) { if ($row['password'] != $this->compile_password(array('password' => $password, 'ec_salt' => $ec_salt))) { //通过接口检查用户是否存在 return $tm_use_obj->post_tm_user($username, $password); return 0; //好像这货没用了,留着吧 } else { //注释辅助加密key加密方式 /*if(empty($ec_salt)) { $ec_salt=rand(1,9999); $new_password=md5(md5($password).$ec_salt); $sql = "UPDATE ".$this->table($this->user_table)."SET password= '******',ec_salt='".$ec_salt."'". " WHERE user_name='$post_username'"; $this->db->query($sql); }*/ return $row['user_id']; } } else { /* 如果salt存在,使用salt方式加密验证,验证通过洗白用户密码 */ $encrypt_type = substr($row['salt'], 0, 1); $encrypt_salt = substr($row['salt'], 1); /* 计算加密后密码 */ $encrypt_password = ''; switch ($encrypt_type) { case ENCRYPT_ZC: $encrypt_password = md5($encrypt_salt . $password); break; /* 如果还有其他加密方式添加到这里 */ //case other : // ---------------------------------- // break; /* 如果还有其他加密方式添加到这里 */ //case other : // ---------------------------------- // break; case ENCRYPT_UC: $encrypt_password = md5(md5($password) . $encrypt_salt); break; default: $encrypt_password = ''; } if ($row['password'] != $encrypt_password) { return 0; } $sql = "UPDATE " . $this->table($this->user_table) . " SET password = '******'password' => $password)) . "', salt=''" . " WHERE user_id = '{$row['user_id']}'"; $this->db->query($sql); return $row['user_id']; } } }
/** * 重定向登陆 **/ function redirect($lg) { if (!$lg) { return false; } include_once 'lu_compile.php'; include_once 'tm_user.php'; $tm_use_obj = new tm_user(); $obj = new lu_compile(); $username = current($obj->turn_arr($obj->decrypt($lg))); $tm_use_obj->tm_login($username); }
//显示重置密码的表单 $smarty->display('user_passport.dwt'); } elseif ($action == 'act_edit_password') { include_once ROOT_PATH . 'includes/lib_passport.php'; $old_password = isset($_POST['old_password']) ? trim($_POST['old_password']) : null; $new_password = isset($_POST['new_password']) ? trim($_POST['new_password']) : ''; $user_id = isset($_POST['uid']) ? intval($_POST['uid']) : $user_id; $code = isset($_POST['code']) ? trim($_POST['code']) : ''; if (strlen($new_password) < 6) { show_message($_LANG['passport_js']['password_shorter']); } $user_info = $user->get_profile_by_id($user_id); //论坛记录 if ($user_info && (!empty($code) && md5($user_info['user_id'] . $_CFG['hash_code'] . $user_info['reg_time']) == $code) || $_SESSION['user_id'] > 0 && $_SESSION['user_id'] == $user_id && $user->check_user($_SESSION['user_name'], $old_password)) { /*通知TM平台修改密码信息*/ $tm_user = new tm_user(); if ($tm_user->check_tm_user($user_id) == '1') { $username = $_SESSION['user_name'] ? $_SESSION['user_name'] : $user_info['user_name']; $state = $tm_user->update_pwd(substr($username, 3), $new_password); if ($state == '0') { show_message('修改密码失败', $_LANG['back_page_up'], '', 'info'); } } /*end*/ if ($user->edit_user(array('username' => empty($code) ? $_SESSION['user_name'] : $user_info['user_name'], 'old_password' => $old_password, 'password' => $new_password), empty($code) ? 0 : 1)) { $sql = "UPDATE " . $ecs->table('users') . "SET `ec_salt`='0' WHERE user_id= '" . $user_id . "'"; $db->query($sql); $user->logout(); show_message($_LANG['edit_password_success'], $_LANG['relogin_lnk'], 'user.php?act=login', 'info'); } else { show_message($_LANG['edit_password_failure'], $_LANG['back_page_up'], '', 'info');
admin_priv('users_manage'); $username = empty($_POST['username']) ? '' : trim($_POST['username']); $password = empty($_POST['password']) ? '' : trim($_POST['password']); $email = empty($_POST['email']) ? '' : trim($_POST['email']); $sex = empty($_POST['sex']) ? 0 : intval($_POST['sex']); $sex = in_array($sex, array(0, 1, 2)) ? $sex : 0; $birthday = $_POST['birthdayYear'] . '-' . $_POST['birthdayMonth'] . '-' . $_POST['birthdayDay']; $rank = empty($_POST['user_rank']) ? 0 : intval($_POST['user_rank']); $rankRow = empty($_POST['rankRow']) ? 0 : intval($_POST['rankRow']); $credit_line = empty($_POST['credit_line']) ? 0 : floatval($_POST['credit_line']); //print_r($rank);die; $users =& init_users(); /*通知TM平台修改密码信息*/ $tm_mark = $db->getOne("select tm_mark from " . $ecs->table('users') . " where user_name = '{$username}'"); if ($tm_mark == '1') { $tm_user = new tm_user(); $state = $tm_user->update_pwd(substr($username, 3), $password); if ($state == '0') { sys_msg('修改密码失败', 0, $links); } } /*end*/ if (!$users->edit_user(array('username' => $username, 'password' => $password, 'email' => $email, 'gender' => $sex, 'bday' => $birthday), 1)) { if ($users->error == ERR_EMAIL_EXISTS) { $msg = $_LANG['email_exists']; } else { $msg = $_LANG['edit_user_failed']; } sys_msg($msg, 1); } if (!empty($password)) {