tianya
3 лет назад
7 измененных файлов: 75 добавлений и 32 удалений
-
+24 -11src/admin/member_toadmin.php
-
+1 -2src/admin/templets/member_main.htm
-
+1 -2src/admin/templets/member_view.htm
-
+1 -1src/user/ajax_loginsta.php
-
+28 -8src/user/edit_baseinfo.php
-
+9 -3src/user/reg_new.php
-
+11 -5src/user/resetpassword.php
+ 24
- 11
src/admin/member_toadmin.php
Просмотреть файл
| @@ -32,17 +32,30 @@ if ($dopost == "toadmin") { | |||
| $pwdm = ''; | |||
| if ($pwd != '') { | |||
| $inputpwd = ",pwd"; | |||
| $inputpwdv = ",'".substr(md5($pwd), 5, 20)."'"; | |||
| $pwdm = ",pwd='".md5($pwd)."'"; | |||
| if (function_exists('password_hash')) { | |||
| $inputpwd = ",pwd_new"; | |||
| $inputpwdv = ",'".password_hash($pwd, PASSWORD_BCRYPT)."'"; | |||
| $pwdm = ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'"; | |||
| } else { | |||
| $inputpwdv = ",'".substr(md5($pwd), 5, 20)."'"; | |||
| $pwdm = ",pwd='".md5($pwd)."'"; | |||
| } | |||
| } else { | |||
| $row = $dsql->GetOne("SELECT * FROM #@__member WHERE mid='$id'"); | |||
| $password = $row['pwd']; | |||
| $inputpwd = ",pwd"; | |||
| $pwd = substr($password, 5, 20); | |||
| $inputpwdv = ",'".$pwd."'"; | |||
| $pwdm = ",pwd='".$password."'"; | |||
| $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='$id'"); | |||
| if (function_exists('password_hash')) { | |||
| $password = $row['pwd_new']; | |||
| $inputpwd = ",pwd_new"; | |||
| $inputpwdv = ",'".$password."'"; | |||
| $pwdm = ",pwd_new='".$password."'"; | |||
| } else { | |||
| $password = $row['pwd']; | |||
| $inputpwd = ",pwd"; | |||
| $pwd = substr($password, 5, 20); | |||
| $inputpwdv = ",'".$pwd."'"; | |||
| $pwdm = ",pwd='".$password."'"; | |||
| } | |||
| } | |||
| $typeids = (empty($typeids)) ? "" : $typeids; | |||
| $typeids = (empty($typeids)) ? array() : $typeids; | |||
| if ($typeids == '') { | |||
| ShowMsg("请为该管理员指定管理栏目", "member_toadmin.php?id={$id}"); | |||
| exit(); | |||
| @@ -83,11 +96,11 @@ $dsql->SetQuery("SELECT id,typename FROM `#@__arctype` WHERE reid=0 AND (ispart= | |||
| $dsql->Execute('op'); | |||
| while ($nrow = $dsql->GetObject('op')) { | |||
| $typeOptions .= "<option value='{$nrow->id}' class='btype'".(in_array($nrow->id, $typeids) ? ' selected' : '').">{$nrow->typename}</option>\r\n"; | |||
| $dsql->SetQuery("SELECT id,typename FROM #@__arctype WHERE reid={$nrow->id} AND (ispart=0 OR ispart=1)"); | |||
| $dsql->SetQuery("SELECT id,typename FROM `#@__arctype` WHERE reid={$nrow->id} AND (ispart=0 OR ispart=1)"); | |||
| $dsql->Execute('s'); | |||
| while ($nrow = $dsql->GetObject('s')) { | |||
| $typeOptions .= "<option value='{$nrow->id}' class='stype'".(in_array($nrow->id, $typeids) ? ' selected' : '').">—{$nrow->typename}</option>\r\n"; | |||
| } | |||
| } | |||
| $row = $dsql->GetOne("SELECT * FROM #@__member WHERE mid='$id'"); | |||
| $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='$id'"); | |||
| include DedeInclude('templets/member_toadmin.htm'); | |||
+ 1
- 2
src/admin/templets/member_main.htm
Просмотреть файл
| @@ -88,7 +88,7 @@ | |||
| <tr height="26" align="center" onmousemove="javascript:this.bgColor='#F8FCF1';" onmouseout="javascript:this.bgColor='#ffffff';"> | |||
| <td><input name="mid" type="checkbox" id="mid" value="{dede:field.mid/}" class="np"></td> | |||
| <td>{dede:field.mid/}</td> | |||
| <td><a href="../user/index.php?uid={dede:field.userid/}" target='_blank'> | |||
| <td> | |||
| <?php | |||
| echo ''.$fields['userid'].''; | |||
| if($fields['spacesta']==-2) echo "<span class='text-danger'>[禁言]</span>"; | |||
| @@ -97,7 +97,6 @@ | |||
| echo "<br><img src='{$fields['face']}' title='浏览会员空间' style='max-width:80px;height:auto'>"; | |||
| } | |||
| ?> | |||
| </a> | |||
| </td> | |||
| <td>{dede:field.email/}<br> | |||
| 昵称:{dede:field.uname/} | |||
+ 1
- 2
src/admin/templets/member_view.htm
Просмотреть файл
| @@ -171,9 +171,8 @@ | |||
| <tr> | |||
| <td height="26" class="bline">特殊操作:</td> | |||
| <td height="26" class="bline"> | |||
| <a href="member_do.php?dopost=memberlogin&id=<?php echo $row['mid']; ?>&jumpurl=../user/edit_fullinfo.php" target="_blank" class="btn btn-success btn-sm">修改资料</a> | |||
| <a href="member_do.php?dopost=memberlogin&id=<?php echo $row['mid']; ?>&jumpurl=../user/edit_baseinfo.php" target="_blank" class="btn btn-success btn-sm">修改资料</a> | |||
| <a href="member_do.php?dopost=memberlogin&id=<?php echo $row['mid']; ?>" target="_blank" class="btn btn-success btn-sm">登录此用户面板</a> | |||
| <a href="../user/index.php?uid=<?php echo $row['userid']; ?>" target="_blank" class="btn btn-success btn-sm">浏览此用户</a> | |||
| </td> | |||
| </tr> | |||
| <tr> | |||
+ 1
- 1
src/user/ajax_loginsta.php
Просмотреть файл
| @@ -46,7 +46,7 @@ if ($format === 'json') { | |||
| </div> | |||
| <div class="uclink"> | |||
| <a href="<?php echo $cfg_memberurl; ?>/index.php">会员中心</a> | | |||
| <a href="<?php echo $cfg_memberurl; ?>/edit_fullinfo.php">资料</a> | | |||
| <a href="<?php echo $cfg_memberurl; ?>/edit_baseinfo.php">资料</a> | | |||
| <a href="<?php echo $cfg_memberurl; ?>/index_do.php?fmdo=login&dopost=exit">退出登录</a> | |||
| </div> | |||
| </div><!-- /userinfo --> | |||
+ 28
- 8
src/user/edit_baseinfo.php
Просмотреть файл
| @@ -22,19 +22,39 @@ if ($dopost == 'save') { | |||
| ShowMsg('验证码错误', '-1'); | |||
| exit(); | |||
| } | |||
| if (!is_array($row) || $row['pwd'] != md5($oldpwd)) { | |||
| ShowMsg('您输入的旧密码错误或没填写,不允许修改资料', '-1'); | |||
| exit(); | |||
| if (function_exists('password_hash')) { | |||
| if (!is_array($row) || !password_verify($oldpwd, $row['pwd_new'])) { | |||
| ShowMsg('您输入的旧密码错误或没填写,不允许修改资料', '-1'); | |||
| exit(); | |||
| } | |||
| } else { | |||
| if (!is_array($row) || $row['pwd'] != md5($oldpwd)) { | |||
| ShowMsg('您输入的旧密码错误或没填写,不允许修改资料', '-1'); | |||
| exit(); | |||
| } | |||
| } | |||
| if ($userpwd != $userpwdok) { | |||
| ShowMsg('您两次输入的新密码不一致', '-1'); | |||
| exit(); | |||
| } | |||
| $pp = "pwd"; | |||
| if ($userpwd == '') { | |||
| $pwd = $row['pwd']; | |||
| if (function_exists('password_hash')) { | |||
| $pp = "pwd_new"; | |||
| $pwd = $row['pwd_new']; | |||
| } else { | |||
| $pwd = $row['pwd']; | |||
| } | |||
| } else { | |||
| $pwd = md5($userpwd); | |||
| $pwd2 = substr(md5($userpwd), 5, 20); | |||
| if (function_exists('password_hash')) | |||
| { | |||
| $pp = "pwd_new"; | |||
| $pwd = password_hash($userpwd, PASSWORD_BCRYPT); | |||
| $pwd2 = password_hash($userpwd, PASSWORD_BCRYPT); | |||
| } else { | |||
| $pwd = md5($userpwd); | |||
| $pwd2 = substr(md5($userpwd), 5, 20); | |||
| } | |||
| } | |||
| $addupquery = ''; | |||
| //修改安全问题或Email | |||
| @@ -78,11 +98,11 @@ if ($dopost == 'save') { | |||
| ShowMsg('请选择正常的性别', '-1'); | |||
| exit(); | |||
| } | |||
| $query1 = "UPDATE `#@__member` SET pwd='$pwd',sex='$sex'{$addupquery} where mid='".$cfg_ml->M_ID."' "; | |||
| $query1 = "UPDATE `#@__member` SET $pp='$pwd',sex='$sex'{$addupquery} where mid='".$cfg_ml->M_ID."' "; | |||
| $dsql->ExecuteNoneQuery($query1); | |||
| //如果是管理员,修改其后台密码 | |||
| if ($cfg_ml->fields['matt'] == 10 && $pwd2 != "") { | |||
| $query2 = "UPDATE `#@__admin` SET pwd='$pwd2' where id='".$cfg_ml->M_ID."' "; | |||
| $query2 = "UPDATE `#@__admin` SET $pp='$pwd2' where id='".$cfg_ml->M_ID."' "; | |||
| $dsql->ExecuteNoneQuery($query2); | |||
| } | |||
| //清除会员缓存 | |||
+ 9
- 3
src/user/reg_new.php
Просмотреть файл
| @@ -67,11 +67,17 @@ if ($step == 1) { | |||
| $logintime = time(); | |||
| $joinip = GetIP(); | |||
| $loginip = GetIP(); | |||
| $pwd = password_hash($userpwd, PASSWORD_BCRYPT); | |||
| $pp = "pwd"; | |||
| if (function_exists('password_hash')) { | |||
| $pp = "pwd_new"; | |||
| $pwd = password_hash($userpwd, PASSWORD_BCRYPT); | |||
| } else { | |||
| $pwd = md5($userpwd); | |||
| } | |||
| $mtype = '个人'; | |||
| $spaceSta = ($cfg_mb_spacesta < 0 ? $cfg_mb_spacesta : 0); | |||
| $inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`pwd`, `pwd_new` ,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,`matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` ) | |||
| VALUES ('$mtype','$userid','','$pwd','$uname','','10','$dfmoney','','$dfscores','0','$spaceSta','','','','$jointime','$joinip','$logintime','$loginip'); "; | |||
| $inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`$pp`,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,`matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` ) | |||
| VALUES ('$mtype','$userid','$pwd','$uname','','10','$dfmoney','','$dfscores','0','$spaceSta','','','','$jointime','$joinip','$logintime','$loginip'); "; | |||
| if ($dsql->ExecuteNoneQuery($inQuery)) { | |||
| $mid = $dsql->GetLastID(); | |||
| //写入默认会员详细资料 | |||
+ 11
- 5
src/user/resetpassword.php
Просмотреть файл
| @@ -93,20 +93,26 @@ if ($dopost == "") { | |||
| if ($row['pwd'] == $sn) { | |||
| if ($pwd != "") { | |||
| if ($pwd == $pwdok) { | |||
| $pwdok = md5($pwdok); | |||
| $pp = "pwd"; | |||
| if (function_exists('password_hash')) { | |||
| $pp = "pwd_new"; | |||
| $pwdok = password_hash($pwdok, PASSWORD_BCRYPT); | |||
| } else { | |||
| $pwdok = md5($pwdok); | |||
| } | |||
| $sql = "DELETE FROM `#@__pwd_tmp` WHERE `mid` = '$id';"; | |||
| $db->executenonequery($sql); | |||
| $sql = "UPDATE `#@__member` SET `pwd` = '$pwdok' WHERE `mid` = '$id';"; | |||
| $sql = "UPDATE `#@__member` SET `$pp` = '$pwdok' WHERE `mid` = '$id';"; | |||
| if ($db->executenonequery($sql)) { | |||
| showmsg('修改密码成功,请牢记新密码', 'login.php'); | |||
| ShowMsg('修改密码成功,请牢记新密码', 'login.php'); | |||
| exit; | |||
| } | |||
| } | |||
| } | |||
| showmsg('对不起,新密码为空或填写不一致', '-1'); | |||
| ShowMsg('对不起,新密码为空或填写不一致', '-1'); | |||
| exit; | |||
| } | |||
| showmsg('对不起,临时密码错误', '-1'); | |||
| ShowMsg('对不起,临时密码错误', '-1'); | |||
| exit; | |||
| } | |||
| } | |||