Преглед на файлове

密码更新

tags/6.1.9
tianya преди 1 година
родител
ревизия
99c66b8a0e
променени са 2 файла, в които са добавени 14 реда и са изтрити 7 реда
  1. +5
    -4
      src/admin/sys_admin_user_edit.php
  2. +9
    -3
      src/user/edit_baseinfo.php

+ 5
- 4
src/admin/sys_admin_user_edit.php Целия файл

@@ -27,11 +27,12 @@ if ($dopost == 'saveedit') {
}
$pwdm = '';
if ($pwd != '') {
$pwdm = ",pwd='".md5($pwd)."'";
$pwd = ",pwd='".substr(md5($pwd), 5, 20)."'";
if (function_exists('password_hash')) {
$pwdm = ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'";
$pwd = ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'";
$pwdm = ",pwd='',pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'";
$pwd = ",pwd='',pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'";
} else {
$pwdm = ",pwd='".md5($pwd)."'";
$pwd = ",pwd='".substr(md5($pwd), 5, 20)."'";
}
}
if (empty($typeids)) {


+ 9
- 3
src/user/edit_baseinfo.php Целия файл

@@ -22,7 +22,7 @@ if ($dopost == 'save') {
ShowMsg('验证码错误', '-1');
exit();
}
if (function_exists('password_hash')) {
if (function_exists('password_hash') && !empty($row['pwd_new'])) {
if (!is_array($row) || !password_verify($oldpwd, $row['pwd_new'])) {
ShowMsg('您输入的旧密码错误或没填写,不允许修改资料', '-1');
exit();
@@ -37,11 +37,15 @@ if ($dopost == 'save') {
ShowMsg('您两次输入的新密码不一致', '-1');
exit();
}
$addupquery = '';
$admaddupquery = '';
$pp = "pwd";
$pwd = '';
if ($userpwd == '') {
if (function_exists('password_hash')) {
$pp = "pwd_new";
$pwd = $row['pwd_new'];
$addupquery = ',pwd=\'\'';
} else {
$pwd = $row['pwd'];
}
@@ -51,12 +55,14 @@ if ($dopost == 'save') {
$pp = "pwd_new";
$pwd = password_hash($userpwd, PASSWORD_BCRYPT);
$pwd2 = password_hash($userpwd, PASSWORD_BCRYPT);
$addupquery = ',pwd=\'\'';
$admaddupquery = ',pwd=\'\'';
} else {
$pwd = md5($userpwd);
$pwd2 = substr(md5($userpwd), 5, 20);
}
}
$addupquery = '';
//修改安全问题或Email
if ($email != $row['email'] || ($newsafequestion != 0 && $newsafeanswer != '')) {
if ($row['safequestion'] != 0 && ($row['safequestion'] != $safequestion || $row['safeanswer'] != $safeanswer)) {
@@ -102,7 +108,7 @@ if ($dopost == 'save') {
$dsql->ExecuteNoneQuery($query1);
//如果是管理员,修改其后台密码
if ($cfg_ml->fields['matt'] == 10 && $pwd2 != "") {
$query2 = "UPDATE `#@__admin` SET $pp='$pwd2' where id='".$cfg_ml->M_ID."' ";
$query2 = "UPDATE `#@__admin` SET $pp='$pwd2'{$admaddupquery} where id='".$cfg_ml->M_ID."' ";
$dsql->ExecuteNoneQuery($query2);
}
//清除会员缓存


Loading…
Отказ
Запис