@@ -32,17 +32,30 @@ if ($dopost == "toadmin") { | |||
$pwdm = ''; | |||
if ($pwd != '') { | |||
$inputpwd = ",pwd"; | |||
$inputpwdv = ",'".substr(md5($pwd), 5, 20)."'"; | |||
$pwdm = ",pwd='".md5($pwd)."'"; | |||
if (function_exists('password_hash')) { | |||
$inputpwd = ",pwd_new"; | |||
$inputpwdv = ",'".password_hash($pwd, PASSWORD_BCRYPT)."'"; | |||
$pwdm = ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'"; | |||
} else { | |||
$inputpwdv = ",'".substr(md5($pwd), 5, 20)."'"; | |||
$pwdm = ",pwd='".md5($pwd)."'"; | |||
} | |||
} else { | |||
$row = $dsql->GetOne("SELECT * FROM #@__member WHERE mid='$id'"); | |||
$password = $row['pwd']; | |||
$inputpwd = ",pwd"; | |||
$pwd = substr($password, 5, 20); | |||
$inputpwdv = ",'".$pwd."'"; | |||
$pwdm = ",pwd='".$password."'"; | |||
$row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='$id'"); | |||
if (function_exists('password_hash')) { | |||
$password = $row['pwd_new']; | |||
$inputpwd = ",pwd_new"; | |||
$inputpwdv = ",'".$password."'"; | |||
$pwdm = ",pwd_new='".$password."'"; | |||
} else { | |||
$password = $row['pwd']; | |||
$inputpwd = ",pwd"; | |||
$pwd = substr($password, 5, 20); | |||
$inputpwdv = ",'".$pwd."'"; | |||
$pwdm = ",pwd='".$password."'"; | |||
} | |||
} | |||
$typeids = (empty($typeids)) ? "" : $typeids; | |||
$typeids = (empty($typeids)) ? array() : $typeids; | |||
if ($typeids == '') { | |||
ShowMsg("请为该管理员指定管理栏目", "member_toadmin.php?id={$id}"); | |||
exit(); | |||
@@ -83,11 +96,11 @@ $dsql->SetQuery("SELECT id,typename FROM `#@__arctype` WHERE reid=0 AND (ispart= | |||
$dsql->Execute('op'); | |||
while ($nrow = $dsql->GetObject('op')) { | |||
$typeOptions .= "<option value='{$nrow->id}' class='btype'".(in_array($nrow->id, $typeids) ? ' selected' : '').">{$nrow->typename}</option>\r\n"; | |||
$dsql->SetQuery("SELECT id,typename FROM #@__arctype WHERE reid={$nrow->id} AND (ispart=0 OR ispart=1)"); | |||
$dsql->SetQuery("SELECT id,typename FROM `#@__arctype` WHERE reid={$nrow->id} AND (ispart=0 OR ispart=1)"); | |||
$dsql->Execute('s'); | |||
while ($nrow = $dsql->GetObject('s')) { | |||
$typeOptions .= "<option value='{$nrow->id}' class='stype'".(in_array($nrow->id, $typeids) ? ' selected' : '').">—{$nrow->typename}</option>\r\n"; | |||
} | |||
} | |||
$row = $dsql->GetOne("SELECT * FROM #@__member WHERE mid='$id'"); | |||
$row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='$id'"); | |||
include DedeInclude('templets/member_toadmin.htm'); |
@@ -88,7 +88,7 @@ | |||
<tr height="26" align="center" onmousemove="javascript:this.bgColor='#F8FCF1';" onmouseout="javascript:this.bgColor='#ffffff';"> | |||
<td><input name="mid" type="checkbox" id="mid" value="{dede:field.mid/}" class="np"></td> | |||
<td>{dede:field.mid/}</td> | |||
<td><a href="../user/index.php?uid={dede:field.userid/}" target='_blank'> | |||
<td> | |||
<?php | |||
echo ''.$fields['userid'].''; | |||
if($fields['spacesta']==-2) echo "<span class='text-danger'>[禁言]</span>"; | |||
@@ -97,7 +97,6 @@ | |||
echo "<br><img src='{$fields['face']}' title='浏览会员空间' style='max-width:80px;height:auto'>"; | |||
} | |||
?> | |||
</a> | |||
</td> | |||
<td>{dede:field.email/}<br> | |||
昵称:{dede:field.uname/} | |||
@@ -171,9 +171,8 @@ | |||
<tr> | |||
<td height="26" class="bline">特殊操作:</td> | |||
<td height="26" class="bline"> | |||
<a href="member_do.php?dopost=memberlogin&id=<?php echo $row['mid']; ?>&jumpurl=../user/edit_fullinfo.php" target="_blank" class="btn btn-success btn-sm">修改资料</a> | |||
<a href="member_do.php?dopost=memberlogin&id=<?php echo $row['mid']; ?>&jumpurl=../user/edit_baseinfo.php" target="_blank" class="btn btn-success btn-sm">修改资料</a> | |||
<a href="member_do.php?dopost=memberlogin&id=<?php echo $row['mid']; ?>" target="_blank" class="btn btn-success btn-sm">登录此用户面板</a> | |||
<a href="../user/index.php?uid=<?php echo $row['userid']; ?>" target="_blank" class="btn btn-success btn-sm">浏览此用户</a> | |||
</td> | |||
</tr> | |||
<tr> | |||
@@ -46,7 +46,7 @@ if ($format === 'json') { | |||
</div> | |||
<div class="uclink"> | |||
<a href="<?php echo $cfg_memberurl; ?>/index.php">会员中心</a> | | |||
<a href="<?php echo $cfg_memberurl; ?>/edit_fullinfo.php">资料</a> | | |||
<a href="<?php echo $cfg_memberurl; ?>/edit_baseinfo.php">资料</a> | | |||
<a href="<?php echo $cfg_memberurl; ?>/index_do.php?fmdo=login&dopost=exit">退出登录</a> | |||
</div> | |||
</div><!-- /userinfo --> |
@@ -22,19 +22,39 @@ if ($dopost == 'save') { | |||
ShowMsg('验证码错误', '-1'); | |||
exit(); | |||
} | |||
if (!is_array($row) || $row['pwd'] != md5($oldpwd)) { | |||
ShowMsg('您输入的旧密码错误或没填写,不允许修改资料', '-1'); | |||
exit(); | |||
if (function_exists('password_hash')) { | |||
if (!is_array($row) || !password_verify($oldpwd, $row['pwd_new'])) { | |||
ShowMsg('您输入的旧密码错误或没填写,不允许修改资料', '-1'); | |||
exit(); | |||
} | |||
} else { | |||
if (!is_array($row) || $row['pwd'] != md5($oldpwd)) { | |||
ShowMsg('您输入的旧密码错误或没填写,不允许修改资料', '-1'); | |||
exit(); | |||
} | |||
} | |||
if ($userpwd != $userpwdok) { | |||
ShowMsg('您两次输入的新密码不一致', '-1'); | |||
exit(); | |||
} | |||
$pp = "pwd"; | |||
if ($userpwd == '') { | |||
$pwd = $row['pwd']; | |||
if (function_exists('password_hash')) { | |||
$pp = "pwd_new"; | |||
$pwd = $row['pwd_new']; | |||
} else { | |||
$pwd = $row['pwd']; | |||
} | |||
} else { | |||
$pwd = md5($userpwd); | |||
$pwd2 = substr(md5($userpwd), 5, 20); | |||
if (function_exists('password_hash')) | |||
{ | |||
$pp = "pwd_new"; | |||
$pwd = password_hash($userpwd, PASSWORD_BCRYPT); | |||
$pwd2 = password_hash($userpwd, PASSWORD_BCRYPT); | |||
} else { | |||
$pwd = md5($userpwd); | |||
$pwd2 = substr(md5($userpwd), 5, 20); | |||
} | |||
} | |||
$addupquery = ''; | |||
//修改安全问题或Email | |||
@@ -78,11 +98,11 @@ if ($dopost == 'save') { | |||
ShowMsg('请选择正常的性别', '-1'); | |||
exit(); | |||
} | |||
$query1 = "UPDATE `#@__member` SET pwd='$pwd',sex='$sex'{$addupquery} where mid='".$cfg_ml->M_ID."' "; | |||
$query1 = "UPDATE `#@__member` SET $pp='$pwd',sex='$sex'{$addupquery} where mid='".$cfg_ml->M_ID."' "; | |||
$dsql->ExecuteNoneQuery($query1); | |||
//如果是管理员,修改其后台密码 | |||
if ($cfg_ml->fields['matt'] == 10 && $pwd2 != "") { | |||
$query2 = "UPDATE `#@__admin` SET pwd='$pwd2' where id='".$cfg_ml->M_ID."' "; | |||
$query2 = "UPDATE `#@__admin` SET $pp='$pwd2' where id='".$cfg_ml->M_ID."' "; | |||
$dsql->ExecuteNoneQuery($query2); | |||
} | |||
//清除会员缓存 | |||
@@ -67,11 +67,17 @@ if ($step == 1) { | |||
$logintime = time(); | |||
$joinip = GetIP(); | |||
$loginip = GetIP(); | |||
$pwd = password_hash($userpwd, PASSWORD_BCRYPT); | |||
$pp = "pwd"; | |||
if (function_exists('password_hash')) { | |||
$pp = "pwd_new"; | |||
$pwd = password_hash($userpwd, PASSWORD_BCRYPT); | |||
} else { | |||
$pwd = md5($userpwd); | |||
} | |||
$mtype = '个人'; | |||
$spaceSta = ($cfg_mb_spacesta < 0 ? $cfg_mb_spacesta : 0); | |||
$inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`pwd`, `pwd_new` ,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,`matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` ) | |||
VALUES ('$mtype','$userid','','$pwd','$uname','','10','$dfmoney','','$dfscores','0','$spaceSta','','','','$jointime','$joinip','$logintime','$loginip'); "; | |||
$inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`$pp`,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,`matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` ) | |||
VALUES ('$mtype','$userid','$pwd','$uname','','10','$dfmoney','','$dfscores','0','$spaceSta','','','','$jointime','$joinip','$logintime','$loginip'); "; | |||
if ($dsql->ExecuteNoneQuery($inQuery)) { | |||
$mid = $dsql->GetLastID(); | |||
//写入默认会员详细资料 | |||
@@ -93,20 +93,26 @@ if ($dopost == "") { | |||
if ($row['pwd'] == $sn) { | |||
if ($pwd != "") { | |||
if ($pwd == $pwdok) { | |||
$pwdok = md5($pwdok); | |||
$pp = "pwd"; | |||
if (function_exists('password_hash')) { | |||
$pp = "pwd_new"; | |||
$pwdok = password_hash($pwdok, PASSWORD_BCRYPT); | |||
} else { | |||
$pwdok = md5($pwdok); | |||
} | |||
$sql = "DELETE FROM `#@__pwd_tmp` WHERE `mid` = '$id';"; | |||
$db->executenonequery($sql); | |||
$sql = "UPDATE `#@__member` SET `pwd` = '$pwdok' WHERE `mid` = '$id';"; | |||
$sql = "UPDATE `#@__member` SET `$pp` = '$pwdok' WHERE `mid` = '$id';"; | |||
if ($db->executenonequery($sql)) { | |||
showmsg('修改密码成功,请牢记新密码', 'login.php'); | |||
ShowMsg('修改密码成功,请牢记新密码', 'login.php'); | |||
exit; | |||
} | |||
} | |||
} | |||
showmsg('对不起,新密码为空或填写不一致', '-1'); | |||
ShowMsg('对不起,新密码为空或填写不一致', '-1'); | |||
exit; | |||
} | |||
showmsg('对不起,临时密码错误', '-1'); | |||
ShowMsg('对不起,临时密码错误', '-1'); | |||
exit; | |||
} | |||
} |