@@ -32,17 +32,30 @@ if ($dopost == "toadmin") { | |||||
$pwdm = ''; | $pwdm = ''; | ||||
if ($pwd != '') { | if ($pwd != '') { | ||||
$inputpwd = ",pwd"; | $inputpwd = ",pwd"; | ||||
$inputpwdv = ",'".substr(md5($pwd), 5, 20)."'"; | |||||
$pwdm = ",pwd='".md5($pwd)."'"; | |||||
if (function_exists('password_hash')) { | |||||
$inputpwd = ",pwd_new"; | |||||
$inputpwdv = ",'".password_hash($pwd, PASSWORD_BCRYPT)."'"; | |||||
$pwdm = ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'"; | |||||
} else { | |||||
$inputpwdv = ",'".substr(md5($pwd), 5, 20)."'"; | |||||
$pwdm = ",pwd='".md5($pwd)."'"; | |||||
} | |||||
} else { | } else { | ||||
$row = $dsql->GetOne("SELECT * FROM #@__member WHERE mid='$id'"); | |||||
$password = $row['pwd']; | |||||
$inputpwd = ",pwd"; | |||||
$pwd = substr($password, 5, 20); | |||||
$inputpwdv = ",'".$pwd."'"; | |||||
$pwdm = ",pwd='".$password."'"; | |||||
$row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='$id'"); | |||||
if (function_exists('password_hash')) { | |||||
$password = $row['pwd_new']; | |||||
$inputpwd = ",pwd_new"; | |||||
$inputpwdv = ",'".$password."'"; | |||||
$pwdm = ",pwd_new='".$password."'"; | |||||
} else { | |||||
$password = $row['pwd']; | |||||
$inputpwd = ",pwd"; | |||||
$pwd = substr($password, 5, 20); | |||||
$inputpwdv = ",'".$pwd."'"; | |||||
$pwdm = ",pwd='".$password."'"; | |||||
} | |||||
} | } | ||||
$typeids = (empty($typeids)) ? "" : $typeids; | |||||
$typeids = (empty($typeids)) ? array() : $typeids; | |||||
if ($typeids == '') { | if ($typeids == '') { | ||||
ShowMsg("请为该管理员指定管理栏目", "member_toadmin.php?id={$id}"); | ShowMsg("请为该管理员指定管理栏目", "member_toadmin.php?id={$id}"); | ||||
exit(); | exit(); | ||||
@@ -83,11 +96,11 @@ $dsql->SetQuery("SELECT id,typename FROM `#@__arctype` WHERE reid=0 AND (ispart= | |||||
$dsql->Execute('op'); | $dsql->Execute('op'); | ||||
while ($nrow = $dsql->GetObject('op')) { | while ($nrow = $dsql->GetObject('op')) { | ||||
$typeOptions .= "<option value='{$nrow->id}' class='btype'".(in_array($nrow->id, $typeids) ? ' selected' : '').">{$nrow->typename}</option>\r\n"; | $typeOptions .= "<option value='{$nrow->id}' class='btype'".(in_array($nrow->id, $typeids) ? ' selected' : '').">{$nrow->typename}</option>\r\n"; | ||||
$dsql->SetQuery("SELECT id,typename FROM #@__arctype WHERE reid={$nrow->id} AND (ispart=0 OR ispart=1)"); | |||||
$dsql->SetQuery("SELECT id,typename FROM `#@__arctype` WHERE reid={$nrow->id} AND (ispart=0 OR ispart=1)"); | |||||
$dsql->Execute('s'); | $dsql->Execute('s'); | ||||
while ($nrow = $dsql->GetObject('s')) { | while ($nrow = $dsql->GetObject('s')) { | ||||
$typeOptions .= "<option value='{$nrow->id}' class='stype'".(in_array($nrow->id, $typeids) ? ' selected' : '').">—{$nrow->typename}</option>\r\n"; | $typeOptions .= "<option value='{$nrow->id}' class='stype'".(in_array($nrow->id, $typeids) ? ' selected' : '').">—{$nrow->typename}</option>\r\n"; | ||||
} | } | ||||
} | } | ||||
$row = $dsql->GetOne("SELECT * FROM #@__member WHERE mid='$id'"); | |||||
$row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='$id'"); | |||||
include DedeInclude('templets/member_toadmin.htm'); | include DedeInclude('templets/member_toadmin.htm'); |
@@ -88,7 +88,7 @@ | |||||
<tr height="26" align="center" onmousemove="javascript:this.bgColor='#F8FCF1';" onmouseout="javascript:this.bgColor='#ffffff';"> | <tr height="26" align="center" onmousemove="javascript:this.bgColor='#F8FCF1';" onmouseout="javascript:this.bgColor='#ffffff';"> | ||||
<td><input name="mid" type="checkbox" id="mid" value="{dede:field.mid/}" class="np"></td> | <td><input name="mid" type="checkbox" id="mid" value="{dede:field.mid/}" class="np"></td> | ||||
<td>{dede:field.mid/}</td> | <td>{dede:field.mid/}</td> | ||||
<td><a href="../user/index.php?uid={dede:field.userid/}" target='_blank'> | |||||
<td> | |||||
<?php | <?php | ||||
echo ''.$fields['userid'].''; | echo ''.$fields['userid'].''; | ||||
if($fields['spacesta']==-2) echo "<span class='text-danger'>[禁言]</span>"; | if($fields['spacesta']==-2) echo "<span class='text-danger'>[禁言]</span>"; | ||||
@@ -97,7 +97,6 @@ | |||||
echo "<br><img src='{$fields['face']}' title='浏览会员空间' style='max-width:80px;height:auto'>"; | echo "<br><img src='{$fields['face']}' title='浏览会员空间' style='max-width:80px;height:auto'>"; | ||||
} | } | ||||
?> | ?> | ||||
</a> | |||||
</td> | </td> | ||||
<td>{dede:field.email/}<br> | <td>{dede:field.email/}<br> | ||||
昵称:{dede:field.uname/} | 昵称:{dede:field.uname/} | ||||
@@ -171,9 +171,8 @@ | |||||
<tr> | <tr> | ||||
<td height="26" class="bline">特殊操作:</td> | <td height="26" class="bline">特殊操作:</td> | ||||
<td height="26" class="bline"> | <td height="26" class="bline"> | ||||
<a href="member_do.php?dopost=memberlogin&id=<?php echo $row['mid']; ?>&jumpurl=../user/edit_fullinfo.php" target="_blank" class="btn btn-success btn-sm">修改资料</a> | |||||
<a href="member_do.php?dopost=memberlogin&id=<?php echo $row['mid']; ?>&jumpurl=../user/edit_baseinfo.php" target="_blank" class="btn btn-success btn-sm">修改资料</a> | |||||
<a href="member_do.php?dopost=memberlogin&id=<?php echo $row['mid']; ?>" target="_blank" class="btn btn-success btn-sm">登录此用户面板</a> | <a href="member_do.php?dopost=memberlogin&id=<?php echo $row['mid']; ?>" target="_blank" class="btn btn-success btn-sm">登录此用户面板</a> | ||||
<a href="../user/index.php?uid=<?php echo $row['userid']; ?>" target="_blank" class="btn btn-success btn-sm">浏览此用户</a> | |||||
</td> | </td> | ||||
</tr> | </tr> | ||||
<tr> | <tr> | ||||
@@ -46,7 +46,7 @@ if ($format === 'json') { | |||||
</div> | </div> | ||||
<div class="uclink"> | <div class="uclink"> | ||||
<a href="<?php echo $cfg_memberurl; ?>/index.php">会员中心</a> | | <a href="<?php echo $cfg_memberurl; ?>/index.php">会员中心</a> | | ||||
<a href="<?php echo $cfg_memberurl; ?>/edit_fullinfo.php">资料</a> | | |||||
<a href="<?php echo $cfg_memberurl; ?>/edit_baseinfo.php">资料</a> | | |||||
<a href="<?php echo $cfg_memberurl; ?>/index_do.php?fmdo=login&dopost=exit">退出登录</a> | <a href="<?php echo $cfg_memberurl; ?>/index_do.php?fmdo=login&dopost=exit">退出登录</a> | ||||
</div> | </div> | ||||
</div><!-- /userinfo --> | </div><!-- /userinfo --> |
@@ -22,19 +22,39 @@ if ($dopost == 'save') { | |||||
ShowMsg('验证码错误', '-1'); | ShowMsg('验证码错误', '-1'); | ||||
exit(); | exit(); | ||||
} | } | ||||
if (!is_array($row) || $row['pwd'] != md5($oldpwd)) { | |||||
ShowMsg('您输入的旧密码错误或没填写,不允许修改资料', '-1'); | |||||
exit(); | |||||
if (function_exists('password_hash')) { | |||||
if (!is_array($row) || !password_verify($oldpwd, $row['pwd_new'])) { | |||||
ShowMsg('您输入的旧密码错误或没填写,不允许修改资料', '-1'); | |||||
exit(); | |||||
} | |||||
} else { | |||||
if (!is_array($row) || $row['pwd'] != md5($oldpwd)) { | |||||
ShowMsg('您输入的旧密码错误或没填写,不允许修改资料', '-1'); | |||||
exit(); | |||||
} | |||||
} | } | ||||
if ($userpwd != $userpwdok) { | if ($userpwd != $userpwdok) { | ||||
ShowMsg('您两次输入的新密码不一致', '-1'); | ShowMsg('您两次输入的新密码不一致', '-1'); | ||||
exit(); | exit(); | ||||
} | } | ||||
$pp = "pwd"; | |||||
if ($userpwd == '') { | if ($userpwd == '') { | ||||
$pwd = $row['pwd']; | |||||
if (function_exists('password_hash')) { | |||||
$pp = "pwd_new"; | |||||
$pwd = $row['pwd_new']; | |||||
} else { | |||||
$pwd = $row['pwd']; | |||||
} | |||||
} else { | } else { | ||||
$pwd = md5($userpwd); | |||||
$pwd2 = substr(md5($userpwd), 5, 20); | |||||
if (function_exists('password_hash')) | |||||
{ | |||||
$pp = "pwd_new"; | |||||
$pwd = password_hash($userpwd, PASSWORD_BCRYPT); | |||||
$pwd2 = password_hash($userpwd, PASSWORD_BCRYPT); | |||||
} else { | |||||
$pwd = md5($userpwd); | |||||
$pwd2 = substr(md5($userpwd), 5, 20); | |||||
} | |||||
} | } | ||||
$addupquery = ''; | $addupquery = ''; | ||||
//修改安全问题或Email | //修改安全问题或Email | ||||
@@ -78,11 +98,11 @@ if ($dopost == 'save') { | |||||
ShowMsg('请选择正常的性别', '-1'); | ShowMsg('请选择正常的性别', '-1'); | ||||
exit(); | exit(); | ||||
} | } | ||||
$query1 = "UPDATE `#@__member` SET pwd='$pwd',sex='$sex'{$addupquery} where mid='".$cfg_ml->M_ID."' "; | |||||
$query1 = "UPDATE `#@__member` SET $pp='$pwd',sex='$sex'{$addupquery} where mid='".$cfg_ml->M_ID."' "; | |||||
$dsql->ExecuteNoneQuery($query1); | $dsql->ExecuteNoneQuery($query1); | ||||
//如果是管理员,修改其后台密码 | //如果是管理员,修改其后台密码 | ||||
if ($cfg_ml->fields['matt'] == 10 && $pwd2 != "") { | if ($cfg_ml->fields['matt'] == 10 && $pwd2 != "") { | ||||
$query2 = "UPDATE `#@__admin` SET pwd='$pwd2' where id='".$cfg_ml->M_ID."' "; | |||||
$query2 = "UPDATE `#@__admin` SET $pp='$pwd2' where id='".$cfg_ml->M_ID."' "; | |||||
$dsql->ExecuteNoneQuery($query2); | $dsql->ExecuteNoneQuery($query2); | ||||
} | } | ||||
//清除会员缓存 | //清除会员缓存 | ||||
@@ -67,11 +67,17 @@ if ($step == 1) { | |||||
$logintime = time(); | $logintime = time(); | ||||
$joinip = GetIP(); | $joinip = GetIP(); | ||||
$loginip = GetIP(); | $loginip = GetIP(); | ||||
$pwd = password_hash($userpwd, PASSWORD_BCRYPT); | |||||
$pp = "pwd"; | |||||
if (function_exists('password_hash')) { | |||||
$pp = "pwd_new"; | |||||
$pwd = password_hash($userpwd, PASSWORD_BCRYPT); | |||||
} else { | |||||
$pwd = md5($userpwd); | |||||
} | |||||
$mtype = '个人'; | $mtype = '个人'; | ||||
$spaceSta = ($cfg_mb_spacesta < 0 ? $cfg_mb_spacesta : 0); | $spaceSta = ($cfg_mb_spacesta < 0 ? $cfg_mb_spacesta : 0); | ||||
$inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`pwd`, `pwd_new` ,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,`matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` ) | |||||
VALUES ('$mtype','$userid','','$pwd','$uname','','10','$dfmoney','','$dfscores','0','$spaceSta','','','','$jointime','$joinip','$logintime','$loginip'); "; | |||||
$inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`$pp`,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,`matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` ) | |||||
VALUES ('$mtype','$userid','$pwd','$uname','','10','$dfmoney','','$dfscores','0','$spaceSta','','','','$jointime','$joinip','$logintime','$loginip'); "; | |||||
if ($dsql->ExecuteNoneQuery($inQuery)) { | if ($dsql->ExecuteNoneQuery($inQuery)) { | ||||
$mid = $dsql->GetLastID(); | $mid = $dsql->GetLastID(); | ||||
//写入默认会员详细资料 | //写入默认会员详细资料 | ||||
@@ -93,20 +93,26 @@ if ($dopost == "") { | |||||
if ($row['pwd'] == $sn) { | if ($row['pwd'] == $sn) { | ||||
if ($pwd != "") { | if ($pwd != "") { | ||||
if ($pwd == $pwdok) { | if ($pwd == $pwdok) { | ||||
$pwdok = md5($pwdok); | |||||
$pp = "pwd"; | |||||
if (function_exists('password_hash')) { | |||||
$pp = "pwd_new"; | |||||
$pwdok = password_hash($pwdok, PASSWORD_BCRYPT); | |||||
} else { | |||||
$pwdok = md5($pwdok); | |||||
} | |||||
$sql = "DELETE FROM `#@__pwd_tmp` WHERE `mid` = '$id';"; | $sql = "DELETE FROM `#@__pwd_tmp` WHERE `mid` = '$id';"; | ||||
$db->executenonequery($sql); | $db->executenonequery($sql); | ||||
$sql = "UPDATE `#@__member` SET `pwd` = '$pwdok' WHERE `mid` = '$id';"; | |||||
$sql = "UPDATE `#@__member` SET `$pp` = '$pwdok' WHERE `mid` = '$id';"; | |||||
if ($db->executenonequery($sql)) { | if ($db->executenonequery($sql)) { | ||||
showmsg('修改密码成功,请牢记新密码', 'login.php'); | |||||
ShowMsg('修改密码成功,请牢记新密码', 'login.php'); | |||||
exit; | exit; | ||||
} | } | ||||
} | } | ||||
} | } | ||||
showmsg('对不起,新密码为空或填写不一致', '-1'); | |||||
ShowMsg('对不起,新密码为空或填写不一致', '-1'); | |||||
exit; | exit; | ||||
} | } | ||||
showmsg('对不起,临时密码错误', '-1'); | |||||
ShowMsg('对不起,临时密码错误', '-1'); | |||||
exit; | exit; | ||||
} | } | ||||
} | } |