tianya
1 year ago
4 changed files with 25 additions and 19 deletions
Unified View
Diff Options
-
+1 -19src/admin/api.php
-
+18 -0src/system/common.func.php
-
+3 -0src/system/memberlogin.class.php
-
+3 -0src/system/userlogin.class.php
+ 1
- 19
src/admin/api.php
View File
| @@ -17,24 +17,6 @@ AjaxHead(); | |||||
| helper('cache'); | helper('cache'); | ||||
| $action = isset($action) && in_array($action, array('is_need_check_code', 'has_new_version', 'get_changed_files', 'update_backup', 'get_update_versions', 'update')) ? $action : ''; | $action = isset($action) && in_array($action, array('is_need_check_code', 'has_new_version', 'get_changed_files', 'update_backup', 'get_update_versions', 'update')) ? $action : ''; | ||||
| $curDir = dirname(GetCurUrl()); //当前目录 | $curDir = dirname(GetCurUrl()); //当前目录 | ||||
| /** | |||||
| * 表中是否存在某个字段 | |||||
| * | |||||
| * @param mixed $tablename 表名称 | |||||
| * @param mixed $field 字段名 | |||||
| * @return void | |||||
| */ | |||||
| function TableHasField($tablename,$field) | |||||
| { | |||||
| global $dsql; | |||||
| $dsql->GetTableFields($tablename,"tfd"); | |||||
| while ($r = $dsql->GetFieldObject("tfd")) { | |||||
| if ($r->name === $field) { | |||||
| return true; | |||||
| } | |||||
| } | |||||
| return false; | |||||
| } | |||||
| /** | /** | ||||
| * 登录鉴权 | * 登录鉴权 | ||||
| * | * | ||||
| @@ -87,7 +69,7 @@ if ($action === 'is_need_check_code') { | |||||
| if (!TableHasField("#@__arctype", "cnoverview")) { | if (!TableHasField("#@__arctype", "cnoverview")) { | ||||
| $unQueryVer[] = "6.1.10"; | $unQueryVer[] = "6.1.10"; | ||||
| } | } | ||||
| if (!TableHasField("#@__admin", "loginerr")) { | |||||
| if (!TableHasField("#@__admin", "loginerr") || !TableHasField("#@__member", "loginerr")) { | |||||
| $unQueryVer[] = "6.2.0"; | $unQueryVer[] = "6.2.0"; | ||||
| } | } | ||||
| if (count($unQueryVer) > 0) { | if (count($unQueryVer) > 0) { | ||||
+ 18
- 0
src/system/common.func.php
View File
| @@ -372,6 +372,24 @@ function ShowMsg($msg, $gourl, $onlymsg = 0, $limittime = 0) | |||||
| } | } | ||||
| echo $msg; | echo $msg; | ||||
| } | } | ||||
| /** | |||||
| * 表中是否存在某个字段 | |||||
| * | |||||
| * @param mixed $tablename 表名称 | |||||
| * @param mixed $field 字段名 | |||||
| * @return void | |||||
| */ | |||||
| function TableHasField($tablename,$field) | |||||
| { | |||||
| global $dsql; | |||||
| $dsql->GetTableFields($tablename,"tfd"); | |||||
| while ($r = $dsql->GetFieldObject("tfd")) { | |||||
| if ($r->name === $field) { | |||||
| return true; | |||||
| } | |||||
| } | |||||
| return false; | |||||
| } | |||||
| /** | /** | ||||
| * 获取验证码的session值 | * 获取验证码的session值 | ||||
| * | * | ||||
+ 3
- 0
src/system/memberlogin.class.php
View File
| @@ -465,6 +465,9 @@ class MemberLogin | |||||
| if ($rs != 'ok') { | if ($rs != 'ok') { | ||||
| return -1; | return -1; | ||||
| } | } | ||||
| if (!TableHasField("#@__member", "loginerr")) { | |||||
| return 0; | |||||
| } | |||||
| $row = $dsql->GetOne("SELECT loginerr,logintime FROM `#@__member` WHERE userid LIKE '$loginuser'"); | $row = $dsql->GetOne("SELECT loginerr,logintime FROM `#@__member` WHERE userid LIKE '$loginuser'"); | ||||
| if (is_array($row)) { | if (is_array($row)) { | ||||
| //1分钟内如果输错3次则需要验证码 | //1分钟内如果输错3次则需要验证码 | ||||
+ 3
- 0
src/system/userlogin.class.php
View File
| @@ -266,6 +266,9 @@ class userLogin | |||||
| function getLoginError($username) | function getLoginError($username) | ||||
| { | { | ||||
| global $dsql; | global $dsql; | ||||
| if (!TableHasField("#@__admin", "loginerr")) { | |||||
| return 0; | |||||
| } | |||||
| $this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username); | $this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username); | ||||
| $row = $dsql->GetOne("SELECT loginerr,logintime FROM `#@__admin` WHERE userid LIKE '$this->userName'"); | $row = $dsql->GetOne("SELECT loginerr,logintime FROM `#@__admin` WHERE userid LIKE '$this->userName'"); | ||||
| if (is_array($row)) { | if (is_array($row)) { | ||||