DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 31 Activity
Browse Source

用户密码调整

tags/6.1.9
tianya 3 years ago
parent
a55f30b837
commit
9213b03687
8 changed files with 44 additions and 12 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -0
      src/admin/member_do.php
  2. +9
    -2
      src/admin/sys_admin_user_add.php
  3. +4
    -0
      src/admin/sys_admin_user_edit.php
  4. +1
    -1
      src/admin/templets/sys_admin_user_add.htm
  5. +2
    -0
      src/install/v57sp2_to_v6.txt
  6. +11
    -3
      src/system/memberlogin.class.php
  7. +11
    -3
      src/system/userlogin.class.php
  8. +3
    -3
      src/user/reg_new.php

+ 3
- 0
src/admin/member_do.php View File

@@ -146,6 +146,9 @@ else if ($dopost == 'edituser') {
CheckPurview('member_Edit');
if (!isset($_POST['id'])) exit('dedebiz');
$pwdsql = empty($pwd) ? '' : ",pwd='".md5($pwd)."'";
if (function_exists('password_hash')) {
$pwdsql = empty($pwd) ? '' : ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'";
}
if (empty($sex)) $sex = '男';
$uptime = GetMkTime($uptime);
if ($matt == 10 && $oldmatt != 10) {


+ 9
- 2
src/admin/sys_admin_user_add.php View File

@@ -28,12 +28,19 @@ if ($dopost == 'add') {
ShowMsg('用户名已存在', '-1');
exit();
}
$pfd = "pwd";
$mpwd = md5($pwd);
$pwd = substr(md5($pwd), 5, 20);
if (function_exists('password_hash')) {
$pfd = "pwd_new";
$mpwd = password_hash($pwd, PASSWORD_BCRYPT);
$pwd = password_hash($pwd, PASSWORD_BCRYPT);
}

$typeid = join(',', $typeids);
if ($typeid == '0') $typeid = '';
//关连前台会员帐号
$adminquery = "INSERT INTO `#@__member` (`mtype`,`userid`,`pwd`,`uname`,`sex`,`rank`,`money`,`email`, `scores` ,`matt` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` )
$adminquery = "INSERT INTO `#@__member` (`mtype`,`userid`,`$pfd`,`uname`,`sex`,`rank`,`money`,`email`, `scores` ,`matt` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` )
VALUES ('个人','$userid','$mpwd','$uname','男','100','0','$email','1000','10','','0','','0','','0',''); ";
$dsql->ExecuteNoneQuery($adminquery);
$mid = $dsql->GetLastID();
@@ -41,7 +48,7 @@ if ($dopost == 'add') {
die($dsql->GetError().' 数据库出错');
}
//后台管理员
$inquery = "INSERT INTO `#@__admin`(id,usertype,userid,pwd,uname,typeid,tname,email)
$inquery = "INSERT INTO `#@__admin`(id,usertype,userid,$pfd,uname,typeid,tname,email)
VALUES('$mid','$usertype','$userid','$pwd','$uname','$typeid','$tname','$email'); ";
$rs = $dsql->ExecuteNoneQuery($inquery);
$adminquery = "INSERT INTO `#@__member_person` (`mid`,`onlynet`,`sex`,`uname`,`qq`,`msn`,`tel`,`mobile`,`place`,`oldplace`,`birthday`,`star`, `income` , `education` , `height` , `bodytype` , `blood` , `vocation` , `smoke` , `marital` , `house` ,`drink` , `datingtype` , `language` , `nature` , `lovemsg` , `address`,`uptime`)


+ 4
- 0
src/admin/sys_admin_user_edit.php View File

@@ -29,6 +29,10 @@ if ($dopost == 'saveedit') {
if ($pwd != '') {
$pwdm = ",pwd='".md5($pwd)."'";
$pwd = ",pwd='".substr(md5($pwd), 5, 20)."'";
if (function_exists('password_hash')) {
$pwdm = ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'";
$pwd = ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'";
}
}
if (empty($typeids)) {
$typeid = '';


+ 1
- 1
src/admin/templets/sys_admin_user_add.htm View File

@@ -104,7 +104,7 @@
</tr>
<tr>
<td colspan="2" align="center" class="py-3">
<button type="submit" class="btn btn-success btn-sm" onClick="DoSubmit('gettag')" class="coolbg np">保存</button>
<button type="submit" class="btn btn-success btn-sm" class="coolbg np">保存</button>
</td>
</tr>
</table>


+ 2
- 0
src/install/v57sp2_to_v6.txt View File

@@ -1,6 +1,8 @@
-- 6.1.9
ALTER TABLE `#@__archives` MODIFY COLUMN `title` varchar(255) NOT NULL DEFAULT '' AFTER `money`;
ALTER TABLE `#@__arctype` MODIFY COLUMN `typename` varchar(255) NOT NULL DEFAULT '' AFTER `sortrank`;
ALTER TABLE `#@__admin` ADD COLUMN `pwd_new` varchar(120) NOT NULL DEFAULT '' AFTER `pwd`;
ALTER TABLE `#@__member` ADD COLUMN `pwd_new` varchar(120) NOT NULL DEFAULT '' AFTER `pwd`;

-- 6.1.8
INSERT INTO `#@__sysconfig` VALUES ('710', 'cfg_tags_dir', 'TAGS生成目录', 7, 'string', '{cmspath}/a/tags');


+ 11
- 3
src/system/memberlogin.class.php View File

@@ -389,11 +389,19 @@ class MemberLogin
return '0';
}
//matt=10 是管理员关连的前台帐号,为了安全起见,这个帐号只能从后台登录,不能直接从前台登录
$row = $dsql->GetOne("SELECT mid,matt,pwd,logintime FROM `#@__member` WHERE userid LIKE '$loginuser' ");
$row = $dsql->GetOne("SELECT mid,matt,pwd,pwd_new,logintime FROM `#@__member` WHERE userid LIKE '$loginuser' ");
if (is_array($row)) {
if ($this->GetShortPwd($row['pwd']) != $this->GetEncodePwd($loginpwd)) {
if (!empty($row['pwd_new']) && !password_verify($loginpwd, $row['pwd_new'])) {
return -1;
}else if (!empty($row['pwd']) && $this->GetShortPwd($row['pwd']) != $this->GetEncodePwd($loginpwd)) {
return -1;
} else {
if (empty($row['pwd_new']) && function_exists('password_hash')) {
// 升级密码
$newpwd = password_hash($loginpwd, PASSWORD_BCRYPT);
$inquery = "UPDATE `#@__member` SET pwd='',pwd_new='{$newpwd}' WHERE mid='".$row['mid']."'";
$dsql->ExecuteNoneQuery($inquery);
}
//管理员帐号不允许从前台登录
if ($row['matt'] == 10) {
return -2;
@@ -419,7 +427,7 @@ class MemberLogin
global $cfg_login_adds, $dsql;
//登录增加积分(上一次登录时间必须大于两小时)
if (time() - $logintime > 7200 && $cfg_login_adds > 0) {
$dsql->ExecuteNoneQuery("Update `#@__member` set `scores`=`scores`+{$cfg_login_adds} where mid='$uid' ");
$dsql->ExecuteNoneQuery("UPDATE `#@__member` SET `scores`=`scores`+{$cfg_login_adds} where mid='$uid' ");
}
$this->M_ID = $uid;
$this->M_LoginTime = time();


+ 11
- 3
src/system/userlogin.class.php View File

@@ -217,16 +217,24 @@ class userLogin
$row = $dsql->GetObject();
if (!isset($row->pwd)) {
return -1;
} else if ($pwd != $row->pwd) {
} else if (!empty($row->pwd_new) && !password_verify($this->userPwd, $row->pwd_new)) {
return -2;
} else {
} else if (!empty($row->pwd) && $pwd != $row->pwd) {
return -2;
}else {
$upsql = "";
if (empty($row->pwd_new) && function_exists('password_hash')) {
// 升级密码
$newpwd = password_hash($this->userPwd, PASSWORD_BCRYPT);
$upsql .= ",pwd='',pwd_new='{$newpwd}'";
}
$loginip = GetIP();
$this->userID = $row->id;
$this->userType = $row->usertype;
$this->userChannel = $row->typeid;
$this->userName = $row->uname;
$this->userPurview = $row->purviews;
$inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='".time()."' WHERE id='".$row->id."'";
$inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='".time()."'{$upsql} WHERE id='".$row->id."'";
$dsql->ExecuteNoneQuery($inquery);
$sql = "UPDATE `#@__member` SET logintime=".time().", loginip='$loginip' WHERE mid=".$row->id;
$dsql->ExecuteNoneQuery($sql);


+ 3
- 3
src/user/reg_new.php View File

@@ -67,11 +67,11 @@ if ($step == 1) {
$logintime = time();
$joinip = GetIP();
$loginip = GetIP();
$pwd = md5($userpwd);
$pwd = password_hash($userpwd, PASSWORD_BCRYPT);
$mtype = '个人';
$spaceSta = ($cfg_mb_spacesta < 0 ? $cfg_mb_spacesta : 0);
$inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`pwd` ,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,`matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` )
VALUES ('$mtype','$userid','$pwd','$uname','','10','$dfmoney','','$dfscores','0','$spaceSta','','','','$jointime','$joinip','$logintime','$loginip'); ";
$inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`pwd`, `pwd_new` ,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,`matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` )
VALUES ('$mtype','$userid','','$pwd','$uname','','10','$dfmoney','','$dfscores','0','$spaceSta','','','','$jointime','$joinip','$logintime','$loginip'); ";
if ($dsql->ExecuteNoneQuery($inQuery)) {
$mid = $dsql->GetLastID();
//写入默认会员详细资料


Write Preview
Loading…
Cancel
Save