会员中心优化调整

src/admin/member_toadmin.php

@@ -32,17 +32,30 @@ if ($dopost == "toadmin") {
     $pwdm = '';
     if ($pwd != '') {
         $inputpwd = ",pwd";
-        $inputpwdv = ",'".substr(md5($pwd), 5, 20)."'";
-        $pwdm = ",pwd='".md5($pwd)."'";
+        if (function_exists('password_hash')) {
+            $inputpwd = ",pwd_new";
+            $inputpwdv = ",'".password_hash($pwd, PASSWORD_BCRYPT)."'";
+            $pwdm = ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'";
+        } else {
+            $inputpwdv = ",'".substr(md5($pwd), 5, 20)."'";
+            $pwdm = ",pwd='".md5($pwd)."'";
+        }
     } else {
-        $row = $dsql->GetOne("SELECT * FROM #@__member WHERE mid='$id'");
-        $password = $row['pwd'];
-        $inputpwd = ",pwd";
-        $pwd = substr($password, 5, 20);
-        $inputpwdv = ",'".$pwd."'";
-        $pwdm = ",pwd='".$password."'";
+        $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='$id'");
+        if (function_exists('password_hash')) {
+            $password = $row['pwd_new'];
+            $inputpwd = ",pwd_new";
+            $inputpwdv = ",'".$password."'";
+            $pwdm = ",pwd_new='".$password."'";
+        } else {
+            $password = $row['pwd'];
+            $inputpwd = ",pwd";
+            $pwd = substr($password, 5, 20);
+            $inputpwdv = ",'".$pwd."'";
+            $pwdm = ",pwd='".$password."'";
+        }
     }
-    $typeids = (empty($typeids)) ? "" : $typeids;
+    $typeids = (empty($typeids)) ? array() : $typeids;
     if ($typeids == '') {
         ShowMsg("请为该管理员指定管理栏目", "member_toadmin.php?id={$id}");
         exit();
@@ -83,11 +96,11 @@ $dsql->SetQuery("SELECT id,typename FROM `#@__arctype` WHERE reid=0 AND (ispart=
 $dsql->Execute('op');
 while ($nrow = $dsql->GetObject('op')) {
     $typeOptions .= "<option value='{$nrow->id}' class='btype'".(in_array($nrow->id, $typeids) ? ' selected' : '').">{$nrow->typename}</option>\r\n";
-    $dsql->SetQuery("SELECT id,typename FROM #@__arctype WHERE reid={$nrow->id} AND (ispart=0 OR ispart=1)");
+    $dsql->SetQuery("SELECT id,typename FROM `#@__arctype` WHERE reid={$nrow->id} AND (ispart=0 OR ispart=1)");
     $dsql->Execute('s');
     while ($nrow = $dsql->GetObject('s')) {
         $typeOptions .= "<option value='{$nrow->id}' class='stype'".(in_array($nrow->id, $typeids) ? ' selected' : '').">—{$nrow->typename}</option>\r\n";
     }
 }
-$row = $dsql->GetOne("SELECT * FROM #@__member WHERE mid='$id'");
+$row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='$id'");
 include DedeInclude('templets/member_toadmin.htm');

src/admin/templets/member_main.htm

@@ -88,7 +88,7 @@
       <tr height="26" align="center" onmousemove="javascript:this.bgColor='#F8FCF1';" onmouseout="javascript:this.bgColor='#ffffff';">
         <td><input name="mid" type="checkbox" id="mid" value="{dede:field.mid/}" class="np"></td>
         <td>{dede:field.mid/}</td>
-        <td><a href="../user/index.php?uid={dede:field.userid/}" target='_blank'>
+        <td>
           <?php
           echo ''.$fields['userid'].'';
           if($fields['spacesta']==-2) echo "<span class='text-danger'>[禁言]</span>";
@@ -97,7 +97,6 @@
             echo "<br><img src='{$fields['face']}' title='浏览会员空间' style='max-width:80px;height:auto'>";
           }
           ?>
-          </a>
         </td>
         <td>{dede:field.email/}<br>
           昵称：{dede:field.uname/}

src/admin/templets/member_view.htm

@@ -171,9 +171,8 @@
           <tr> 
             <td height="26" class="bline">特殊操作：</td>
             <td height="26" class="bline">
-              <a href="member_do.php?dopost=memberlogin&id=<?php echo $row['mid']; ?>&jumpurl=../user/edit_fullinfo.php" target="_blank" class="btn btn-success btn-sm">修改资料</a>
+              <a href="member_do.php?dopost=memberlogin&id=<?php echo $row['mid']; ?>&jumpurl=../user/edit_baseinfo.php" target="_blank" class="btn btn-success btn-sm">修改资料</a>
               <a href="member_do.php?dopost=memberlogin&id=<?php echo $row['mid']; ?>" target="_blank" class="btn btn-success btn-sm">登录此用户面板</a>
-              <a href="../user/index.php?uid=<?php echo $row['userid']; ?>" target="_blank" class="btn btn-success btn-sm">浏览此用户</a>
             </td> 
           </tr>
           <tr> 

src/user/ajax_loginsta.php

@@ -46,7 +46,7 @@ if ($format === 'json') {
     </div>
     <div class="uclink">
         <a href="<?php echo $cfg_memberurl; ?>/index.php">会员中心</a> |
-        <a href="<?php echo $cfg_memberurl; ?>/edit_fullinfo.php">资料</a> |
+        <a href="<?php echo $cfg_memberurl; ?>/edit_baseinfo.php">资料</a> |
         <a href="<?php echo $cfg_memberurl; ?>/index_do.php?fmdo=login&dopost=exit">退出登录</a>
     </div>
 </div><!-- /userinfo -->

src/user/edit_baseinfo.php

@@ -22,19 +22,39 @@ if ($dopost == 'save') {
         ShowMsg('验证码错误', '-1');
         exit();
     }
-    if (!is_array($row) || $row['pwd'] != md5($oldpwd)) {
-        ShowMsg('您输入的旧密码错误或没填写，不允许修改资料', '-1');
-        exit();
+    if (function_exists('password_hash')) {
+        if (!is_array($row) || !password_verify($oldpwd, $row['pwd_new'])) {
+            ShowMsg('您输入的旧密码错误或没填写，不允许修改资料', '-1');
+            exit();
+        }
+    } else {
+        if (!is_array($row) || $row['pwd'] != md5($oldpwd)) {
+            ShowMsg('您输入的旧密码错误或没填写，不允许修改资料', '-1');
+            exit();
+        }
     }
     if ($userpwd != $userpwdok) {
         ShowMsg('您两次输入的新密码不一致', '-1');
         exit();
     }
+    $pp = "pwd";
     if ($userpwd == '') {
-        $pwd = $row['pwd'];
+        if (function_exists('password_hash')) {
+            $pp = "pwd_new";
+            $pwd = $row['pwd_new'];
+        } else {
+            $pwd = $row['pwd'];
+        }
     } else {
-        $pwd = md5($userpwd);
-        $pwd2 = substr(md5($userpwd), 5, 20);
+        if (function_exists('password_hash')) 
+        {
+            $pp = "pwd_new";
+            $pwd = password_hash($userpwd, PASSWORD_BCRYPT);
+            $pwd2 = password_hash($userpwd, PASSWORD_BCRYPT);
+        } else {
+            $pwd = md5($userpwd);
+            $pwd2 = substr(md5($userpwd), 5, 20);
+        }
     }
     $addupquery = '';
     //修改安全问题或Email
@@ -78,11 +98,11 @@ if ($dopost == 'save') {
         ShowMsg('请选择正常的性别', '-1');
         exit();
     }
-    $query1 = "UPDATE `#@__member` SET pwd='$pwd',sex='$sex'{$addupquery} where mid='".$cfg_ml->M_ID."' ";
+    $query1 = "UPDATE `#@__member` SET $pp='$pwd',sex='$sex'{$addupquery} where mid='".$cfg_ml->M_ID."' ";
     $dsql->ExecuteNoneQuery($query1);
     //如果是管理员，修改其后台密码
     if ($cfg_ml->fields['matt'] == 10 && $pwd2 != "") {
-        $query2 = "UPDATE `#@__admin` SET pwd='$pwd2' where id='".$cfg_ml->M_ID."' ";
+        $query2 = "UPDATE `#@__admin` SET $pp='$pwd2' where id='".$cfg_ml->M_ID."' ";
         $dsql->ExecuteNoneQuery($query2);
     }
     //清除会员缓存

src/user/reg_new.php

@@ -67,11 +67,17 @@ if ($step == 1) {
         $logintime = time();
         $joinip = GetIP();
         $loginip = GetIP();
-        $pwd = password_hash($userpwd, PASSWORD_BCRYPT);
+        $pp = "pwd";
+        if (function_exists('password_hash')) {
+            $pp = "pwd_new";
+            $pwd = password_hash($userpwd, PASSWORD_BCRYPT);
+        } else {
+            $pwd = md5($userpwd);
+        }
         $mtype = '个人';
         $spaceSta = ($cfg_mb_spacesta < 0 ? $cfg_mb_spacesta : 0);
-        $inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`pwd`, `pwd_new` ,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,`matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` )
-        VALUES ('$mtype','$userid','','$pwd','$uname','','10','$dfmoney','','$dfscores','0','$spaceSta','','','','$jointime','$joinip','$logintime','$loginip'); ";
+        $inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`$pp`,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,`matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` )
+        VALUES ('$mtype','$userid','$pwd','$uname','','10','$dfmoney','','$dfscores','0','$spaceSta','','','','$jointime','$joinip','$logintime','$loginip'); ";
         if ($dsql->ExecuteNoneQuery($inQuery)) {
             $mid = $dsql->GetLastID();
             //写入默认会员详细资料

src/user/resetpassword.php

@@ -93,20 +93,26 @@ if ($dopost == "") {
         if ($row['pwd'] == $sn) {
             if ($pwd != "") {
                 if ($pwd == $pwdok) {
-                    $pwdok = md5($pwdok);
+                    $pp = "pwd";
+                    if (function_exists('password_hash')) {
+                        $pp = "pwd_new";
+                        $pwdok = password_hash($pwdok, PASSWORD_BCRYPT);
+                    } else {
+                        $pwdok = md5($pwdok);
+                    }
                     $sql = "DELETE FROM `#@__pwd_tmp` WHERE `mid` = '$id';";
                     $db->executenonequery($sql);
-                    $sql = "UPDATE `#@__member` SET `pwd` = '$pwdok' WHERE `mid` = '$id';";
+                    $sql = "UPDATE `#@__member` SET `$pp` = '$pwdok' WHERE `mid` = '$id';";
                     if ($db->executenonequery($sql)) {
-                        showmsg('修改密码成功，请牢记新密码', 'login.php');
+                        ShowMsg('修改密码成功，请牢记新密码', 'login.php');
                         exit;
                     }
                 }
             }
-            showmsg('对不起，新密码为空或填写不一致', '-1');
+            ShowMsg('对不起，新密码为空或填写不一致', '-1');
             exit;
         }
-        showmsg('对不起，临时密码错误', '-1');
+        ShowMsg('对不起，临时密码错误', '-1');
         exit;
     }
 }