From 080b3e1f1d197a53a87e6462aacaee9098eab6f2 Mon Sep 17 00:00:00 2001
From: tianya <8445295+llgoer@user.noreply.gitee.com>
Date: Sat, 30 Apr 2022 11:25:27 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=9A=E5=91=98=E4=B8=AD=E5=BF=83=E4=BC=98?=
=?UTF-8?q?=E5=8C=96=E8=B0=83=E6=95=B4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
src/admin/member_toadmin.php | 35 ++++++++++++++++++++---------
src/admin/templets/member_main.htm | 3 +--
src/admin/templets/member_view.htm | 3 +--
src/user/ajax_loginsta.php | 2 +-
src/user/edit_baseinfo.php | 36 +++++++++++++++++++++++-------
src/user/reg_new.php | 12 +++++++---
src/user/resetpassword.php | 16 ++++++++-----
7 files changed, 75 insertions(+), 32 deletions(-)
diff --git a/src/admin/member_toadmin.php b/src/admin/member_toadmin.php
index 40fbe3dc..6dd6af89 100644
--- a/src/admin/member_toadmin.php
+++ b/src/admin/member_toadmin.php
@@ -32,17 +32,30 @@ if ($dopost == "toadmin") {
$pwdm = '';
if ($pwd != '') {
$inputpwd = ",pwd";
- $inputpwdv = ",'".substr(md5($pwd), 5, 20)."'";
- $pwdm = ",pwd='".md5($pwd)."'";
+ if (function_exists('password_hash')) {
+ $inputpwd = ",pwd_new";
+ $inputpwdv = ",'".password_hash($pwd, PASSWORD_BCRYPT)."'";
+ $pwdm = ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'";
+ } else {
+ $inputpwdv = ",'".substr(md5($pwd), 5, 20)."'";
+ $pwdm = ",pwd='".md5($pwd)."'";
+ }
} else {
- $row = $dsql->GetOne("SELECT * FROM #@__member WHERE mid='$id'");
- $password = $row['pwd'];
- $inputpwd = ",pwd";
- $pwd = substr($password, 5, 20);
- $inputpwdv = ",'".$pwd."'";
- $pwdm = ",pwd='".$password."'";
+ $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='$id'");
+ if (function_exists('password_hash')) {
+ $password = $row['pwd_new'];
+ $inputpwd = ",pwd_new";
+ $inputpwdv = ",'".$password."'";
+ $pwdm = ",pwd_new='".$password."'";
+ } else {
+ $password = $row['pwd'];
+ $inputpwd = ",pwd";
+ $pwd = substr($password, 5, 20);
+ $inputpwdv = ",'".$pwd."'";
+ $pwdm = ",pwd='".$password."'";
+ }
}
- $typeids = (empty($typeids)) ? "" : $typeids;
+ $typeids = (empty($typeids)) ? array() : $typeids;
if ($typeids == '') {
ShowMsg("请为该管理员指定管理栏目", "member_toadmin.php?id={$id}");
exit();
@@ -83,11 +96,11 @@ $dsql->SetQuery("SELECT id,typename FROM `#@__arctype` WHERE reid=0 AND (ispart=
$dsql->Execute('op');
while ($nrow = $dsql->GetObject('op')) {
$typeOptions .= "\r\n";
- $dsql->SetQuery("SELECT id,typename FROM #@__arctype WHERE reid={$nrow->id} AND (ispart=0 OR ispart=1)");
+ $dsql->SetQuery("SELECT id,typename FROM `#@__arctype` WHERE reid={$nrow->id} AND (ispart=0 OR ispart=1)");
$dsql->Execute('s');
while ($nrow = $dsql->GetObject('s')) {
$typeOptions .= "\r\n";
}
}
-$row = $dsql->GetOne("SELECT * FROM #@__member WHERE mid='$id'");
+$row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='$id'");
include DedeInclude('templets/member_toadmin.htm');
\ No newline at end of file
diff --git a/src/admin/templets/member_main.htm b/src/admin/templets/member_main.htm
index 60520a56..14feec71 100644
--- a/src/admin/templets/member_main.htm
+++ b/src/admin/templets/member_main.htm
@@ -88,7 +88,7 @@
|
{dede:field.mid/} |
-
+ |
[禁言]";
@@ -97,7 +97,6 @@
echo "
 ";
}
?>
-
|
{dede:field.email/}
昵称:{dede:field.uname/}
diff --git a/src/admin/templets/member_view.htm b/src/admin/templets/member_view.htm
index d8f24a62..2e1f45e9 100644
--- a/src/admin/templets/member_view.htm
+++ b/src/admin/templets/member_view.htm
@@ -171,9 +171,8 @@
|
| 特殊操作: |
- 修改资料
+ 修改资料
登录此用户面板
- 浏览此用户
|
diff --git a/src/user/ajax_loginsta.php b/src/user/ajax_loginsta.php
index f02c7997..8a38f52a 100755
--- a/src/user/ajax_loginsta.php
+++ b/src/user/ajax_loginsta.php
@@ -46,7 +46,7 @@ if ($format === 'json') {
\ No newline at end of file
diff --git a/src/user/edit_baseinfo.php b/src/user/edit_baseinfo.php
index 470afad6..9eb0be10 100755
--- a/src/user/edit_baseinfo.php
+++ b/src/user/edit_baseinfo.php
@@ -22,19 +22,39 @@ if ($dopost == 'save') {
ShowMsg('验证码错误', '-1');
exit();
}
- if (!is_array($row) || $row['pwd'] != md5($oldpwd)) {
- ShowMsg('您输入的旧密码错误或没填写,不允许修改资料', '-1');
- exit();
+ if (function_exists('password_hash')) {
+ if (!is_array($row) || !password_verify($oldpwd, $row['pwd_new'])) {
+ ShowMsg('您输入的旧密码错误或没填写,不允许修改资料', '-1');
+ exit();
+ }
+ } else {
+ if (!is_array($row) || $row['pwd'] != md5($oldpwd)) {
+ ShowMsg('您输入的旧密码错误或没填写,不允许修改资料', '-1');
+ exit();
+ }
}
if ($userpwd != $userpwdok) {
ShowMsg('您两次输入的新密码不一致', '-1');
exit();
}
+ $pp = "pwd";
if ($userpwd == '') {
- $pwd = $row['pwd'];
+ if (function_exists('password_hash')) {
+ $pp = "pwd_new";
+ $pwd = $row['pwd_new'];
+ } else {
+ $pwd = $row['pwd'];
+ }
} else {
- $pwd = md5($userpwd);
- $pwd2 = substr(md5($userpwd), 5, 20);
+ if (function_exists('password_hash'))
+ {
+ $pp = "pwd_new";
+ $pwd = password_hash($userpwd, PASSWORD_BCRYPT);
+ $pwd2 = password_hash($userpwd, PASSWORD_BCRYPT);
+ } else {
+ $pwd = md5($userpwd);
+ $pwd2 = substr(md5($userpwd), 5, 20);
+ }
}
$addupquery = '';
//修改安全问题或Email
@@ -78,11 +98,11 @@ if ($dopost == 'save') {
ShowMsg('请选择正常的性别', '-1');
exit();
}
- $query1 = "UPDATE `#@__member` SET pwd='$pwd',sex='$sex'{$addupquery} where mid='".$cfg_ml->M_ID."' ";
+ $query1 = "UPDATE `#@__member` SET $pp='$pwd',sex='$sex'{$addupquery} where mid='".$cfg_ml->M_ID."' ";
$dsql->ExecuteNoneQuery($query1);
//如果是管理员,修改其后台密码
if ($cfg_ml->fields['matt'] == 10 && $pwd2 != "") {
- $query2 = "UPDATE `#@__admin` SET pwd='$pwd2' where id='".$cfg_ml->M_ID."' ";
+ $query2 = "UPDATE `#@__admin` SET $pp='$pwd2' where id='".$cfg_ml->M_ID."' ";
$dsql->ExecuteNoneQuery($query2);
}
//清除会员缓存
diff --git a/src/user/reg_new.php b/src/user/reg_new.php
index 324e600b..1d0a19e9 100755
--- a/src/user/reg_new.php
+++ b/src/user/reg_new.php
@@ -67,11 +67,17 @@ if ($step == 1) {
$logintime = time();
$joinip = GetIP();
$loginip = GetIP();
- $pwd = password_hash($userpwd, PASSWORD_BCRYPT);
+ $pp = "pwd";
+ if (function_exists('password_hash')) {
+ $pp = "pwd_new";
+ $pwd = password_hash($userpwd, PASSWORD_BCRYPT);
+ } else {
+ $pwd = md5($userpwd);
+ }
$mtype = '个人';
$spaceSta = ($cfg_mb_spacesta < 0 ? $cfg_mb_spacesta : 0);
- $inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`pwd`, `pwd_new` ,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,`matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` )
- VALUES ('$mtype','$userid','','$pwd','$uname','','10','$dfmoney','','$dfscores','0','$spaceSta','','','','$jointime','$joinip','$logintime','$loginip'); ";
+ $inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`$pp`,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,`matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` )
+ VALUES ('$mtype','$userid','$pwd','$uname','','10','$dfmoney','','$dfscores','0','$spaceSta','','','','$jointime','$joinip','$logintime','$loginip'); ";
if ($dsql->ExecuteNoneQuery($inQuery)) {
$mid = $dsql->GetLastID();
//写入默认会员详细资料
diff --git a/src/user/resetpassword.php b/src/user/resetpassword.php
index 86716f57..422c3816 100755
--- a/src/user/resetpassword.php
+++ b/src/user/resetpassword.php
@@ -93,20 +93,26 @@ if ($dopost == "") {
if ($row['pwd'] == $sn) {
if ($pwd != "") {
if ($pwd == $pwdok) {
- $pwdok = md5($pwdok);
+ $pp = "pwd";
+ if (function_exists('password_hash')) {
+ $pp = "pwd_new";
+ $pwdok = password_hash($pwdok, PASSWORD_BCRYPT);
+ } else {
+ $pwdok = md5($pwdok);
+ }
$sql = "DELETE FROM `#@__pwd_tmp` WHERE `mid` = '$id';";
$db->executenonequery($sql);
- $sql = "UPDATE `#@__member` SET `pwd` = '$pwdok' WHERE `mid` = '$id';";
+ $sql = "UPDATE `#@__member` SET `$pp` = '$pwdok' WHERE `mid` = '$id';";
if ($db->executenonequery($sql)) {
- showmsg('修改密码成功,请牢记新密码', 'login.php');
+ ShowMsg('修改密码成功,请牢记新密码', 'login.php');
exit;
}
}
}
- showmsg('对不起,新密码为空或填写不一致', '-1');
+ ShowMsg('对不起,新密码为空或填写不一致', '-1');
exit;
}
- showmsg('对不起,临时密码错误', '-1');
+ ShowMsg('对不起,临时密码错误', '-1');
exit;
}
}
\ No newline at end of file