@@ -146,6 +146,9 @@ else if ($dopost == 'edituser') { | |||||
CheckPurview('member_Edit'); | CheckPurview('member_Edit'); | ||||
if (!isset($_POST['id'])) exit('dedebiz'); | if (!isset($_POST['id'])) exit('dedebiz'); | ||||
$pwdsql = empty($pwd) ? '' : ",pwd='".md5($pwd)."'"; | $pwdsql = empty($pwd) ? '' : ",pwd='".md5($pwd)."'"; | ||||
if (function_exists('password_hash')) { | |||||
$pwdsql = empty($pwd) ? '' : ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'"; | |||||
} | |||||
if (empty($sex)) $sex = '男'; | if (empty($sex)) $sex = '男'; | ||||
$uptime = GetMkTime($uptime); | $uptime = GetMkTime($uptime); | ||||
if ($matt == 10 && $oldmatt != 10) { | if ($matt == 10 && $oldmatt != 10) { | ||||
@@ -28,12 +28,19 @@ if ($dopost == 'add') { | |||||
ShowMsg('用户名已存在', '-1'); | ShowMsg('用户名已存在', '-1'); | ||||
exit(); | exit(); | ||||
} | } | ||||
$pfd = "pwd"; | |||||
$mpwd = md5($pwd); | $mpwd = md5($pwd); | ||||
$pwd = substr(md5($pwd), 5, 20); | $pwd = substr(md5($pwd), 5, 20); | ||||
if (function_exists('password_hash')) { | |||||
$pfd = "pwd_new"; | |||||
$mpwd = password_hash($pwd, PASSWORD_BCRYPT); | |||||
$pwd = password_hash($pwd, PASSWORD_BCRYPT); | |||||
} | |||||
$typeid = join(',', $typeids); | $typeid = join(',', $typeids); | ||||
if ($typeid == '0') $typeid = ''; | if ($typeid == '0') $typeid = ''; | ||||
//关连前台会员帐号 | //关连前台会员帐号 | ||||
$adminquery = "INSERT INTO `#@__member` (`mtype`,`userid`,`pwd`,`uname`,`sex`,`rank`,`money`,`email`, `scores` ,`matt` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` ) | |||||
$adminquery = "INSERT INTO `#@__member` (`mtype`,`userid`,`$pfd`,`uname`,`sex`,`rank`,`money`,`email`, `scores` ,`matt` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` ) | |||||
VALUES ('个人','$userid','$mpwd','$uname','男','100','0','$email','1000','10','','0','','0','','0',''); "; | VALUES ('个人','$userid','$mpwd','$uname','男','100','0','$email','1000','10','','0','','0','','0',''); "; | ||||
$dsql->ExecuteNoneQuery($adminquery); | $dsql->ExecuteNoneQuery($adminquery); | ||||
$mid = $dsql->GetLastID(); | $mid = $dsql->GetLastID(); | ||||
@@ -41,7 +48,7 @@ if ($dopost == 'add') { | |||||
die($dsql->GetError().' 数据库出错'); | die($dsql->GetError().' 数据库出错'); | ||||
} | } | ||||
//后台管理员 | //后台管理员 | ||||
$inquery = "INSERT INTO `#@__admin`(id,usertype,userid,pwd,uname,typeid,tname,email) | |||||
$inquery = "INSERT INTO `#@__admin`(id,usertype,userid,$pfd,uname,typeid,tname,email) | |||||
VALUES('$mid','$usertype','$userid','$pwd','$uname','$typeid','$tname','$email'); "; | VALUES('$mid','$usertype','$userid','$pwd','$uname','$typeid','$tname','$email'); "; | ||||
$rs = $dsql->ExecuteNoneQuery($inquery); | $rs = $dsql->ExecuteNoneQuery($inquery); | ||||
$adminquery = "INSERT INTO `#@__member_person` (`mid`,`onlynet`,`sex`,`uname`,`qq`,`msn`,`tel`,`mobile`,`place`,`oldplace`,`birthday`,`star`, `income` , `education` , `height` , `bodytype` , `blood` , `vocation` , `smoke` , `marital` , `house` ,`drink` , `datingtype` , `language` , `nature` , `lovemsg` , `address`,`uptime`) | $adminquery = "INSERT INTO `#@__member_person` (`mid`,`onlynet`,`sex`,`uname`,`qq`,`msn`,`tel`,`mobile`,`place`,`oldplace`,`birthday`,`star`, `income` , `education` , `height` , `bodytype` , `blood` , `vocation` , `smoke` , `marital` , `house` ,`drink` , `datingtype` , `language` , `nature` , `lovemsg` , `address`,`uptime`) | ||||
@@ -29,6 +29,10 @@ if ($dopost == 'saveedit') { | |||||
if ($pwd != '') { | if ($pwd != '') { | ||||
$pwdm = ",pwd='".md5($pwd)."'"; | $pwdm = ",pwd='".md5($pwd)."'"; | ||||
$pwd = ",pwd='".substr(md5($pwd), 5, 20)."'"; | $pwd = ",pwd='".substr(md5($pwd), 5, 20)."'"; | ||||
if (function_exists('password_hash')) { | |||||
$pwdm = ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'"; | |||||
$pwd = ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'"; | |||||
} | |||||
} | } | ||||
if (empty($typeids)) { | if (empty($typeids)) { | ||||
$typeid = ''; | $typeid = ''; | ||||
@@ -104,7 +104,7 @@ | |||||
</tr> | </tr> | ||||
<tr> | <tr> | ||||
<td colspan="2" align="center" class="py-3"> | <td colspan="2" align="center" class="py-3"> | ||||
<button type="submit" class="btn btn-success btn-sm" onClick="DoSubmit('gettag')" class="coolbg np">保存</button> | |||||
<button type="submit" class="btn btn-success btn-sm" class="coolbg np">保存</button> | |||||
</td> | </td> | ||||
</tr> | </tr> | ||||
</table> | </table> | ||||
@@ -1,6 +1,8 @@ | |||||
-- 6.1.9 | -- 6.1.9 | ||||
ALTER TABLE `#@__archives` MODIFY COLUMN `title` varchar(255) NOT NULL DEFAULT '' AFTER `money`; | ALTER TABLE `#@__archives` MODIFY COLUMN `title` varchar(255) NOT NULL DEFAULT '' AFTER `money`; | ||||
ALTER TABLE `#@__arctype` MODIFY COLUMN `typename` varchar(255) NOT NULL DEFAULT '' AFTER `sortrank`; | ALTER TABLE `#@__arctype` MODIFY COLUMN `typename` varchar(255) NOT NULL DEFAULT '' AFTER `sortrank`; | ||||
ALTER TABLE `#@__admin` ADD COLUMN `pwd_new` varchar(120) NOT NULL DEFAULT '' AFTER `pwd`; | |||||
ALTER TABLE `#@__member` ADD COLUMN `pwd_new` varchar(120) NOT NULL DEFAULT '' AFTER `pwd`; | |||||
-- 6.1.8 | -- 6.1.8 | ||||
INSERT INTO `#@__sysconfig` VALUES ('710', 'cfg_tags_dir', 'TAGS生成目录', 7, 'string', '{cmspath}/a/tags'); | INSERT INTO `#@__sysconfig` VALUES ('710', 'cfg_tags_dir', 'TAGS生成目录', 7, 'string', '{cmspath}/a/tags'); | ||||
@@ -389,11 +389,19 @@ class MemberLogin | |||||
return '0'; | return '0'; | ||||
} | } | ||||
//matt=10 是管理员关连的前台帐号,为了安全起见,这个帐号只能从后台登录,不能直接从前台登录 | //matt=10 是管理员关连的前台帐号,为了安全起见,这个帐号只能从后台登录,不能直接从前台登录 | ||||
$row = $dsql->GetOne("SELECT mid,matt,pwd,logintime FROM `#@__member` WHERE userid LIKE '$loginuser' "); | |||||
$row = $dsql->GetOne("SELECT mid,matt,pwd,pwd_new,logintime FROM `#@__member` WHERE userid LIKE '$loginuser' "); | |||||
if (is_array($row)) { | if (is_array($row)) { | ||||
if ($this->GetShortPwd($row['pwd']) != $this->GetEncodePwd($loginpwd)) { | |||||
if (!empty($row['pwd_new']) && !password_verify($loginpwd, $row['pwd_new'])) { | |||||
return -1; | |||||
}else if (!empty($row['pwd']) && $this->GetShortPwd($row['pwd']) != $this->GetEncodePwd($loginpwd)) { | |||||
return -1; | return -1; | ||||
} else { | } else { | ||||
if (empty($row['pwd_new']) && function_exists('password_hash')) { | |||||
// 升级密码 | |||||
$newpwd = password_hash($loginpwd, PASSWORD_BCRYPT); | |||||
$inquery = "UPDATE `#@__member` SET pwd='',pwd_new='{$newpwd}' WHERE mid='".$row['mid']."'"; | |||||
$dsql->ExecuteNoneQuery($inquery); | |||||
} | |||||
//管理员帐号不允许从前台登录 | //管理员帐号不允许从前台登录 | ||||
if ($row['matt'] == 10) { | if ($row['matt'] == 10) { | ||||
return -2; | return -2; | ||||
@@ -419,7 +427,7 @@ class MemberLogin | |||||
global $cfg_login_adds, $dsql; | global $cfg_login_adds, $dsql; | ||||
//登录增加积分(上一次登录时间必须大于两小时) | //登录增加积分(上一次登录时间必须大于两小时) | ||||
if (time() - $logintime > 7200 && $cfg_login_adds > 0) { | if (time() - $logintime > 7200 && $cfg_login_adds > 0) { | ||||
$dsql->ExecuteNoneQuery("Update `#@__member` set `scores`=`scores`+{$cfg_login_adds} where mid='$uid' "); | |||||
$dsql->ExecuteNoneQuery("UPDATE `#@__member` SET `scores`=`scores`+{$cfg_login_adds} where mid='$uid' "); | |||||
} | } | ||||
$this->M_ID = $uid; | $this->M_ID = $uid; | ||||
$this->M_LoginTime = time(); | $this->M_LoginTime = time(); | ||||
@@ -217,16 +217,24 @@ class userLogin | |||||
$row = $dsql->GetObject(); | $row = $dsql->GetObject(); | ||||
if (!isset($row->pwd)) { | if (!isset($row->pwd)) { | ||||
return -1; | return -1; | ||||
} else if ($pwd != $row->pwd) { | |||||
} else if (!empty($row->pwd_new) && !password_verify($this->userPwd, $row->pwd_new)) { | |||||
return -2; | return -2; | ||||
} else { | |||||
} else if (!empty($row->pwd) && $pwd != $row->pwd) { | |||||
return -2; | |||||
}else { | |||||
$upsql = ""; | |||||
if (empty($row->pwd_new) && function_exists('password_hash')) { | |||||
// 升级密码 | |||||
$newpwd = password_hash($this->userPwd, PASSWORD_BCRYPT); | |||||
$upsql .= ",pwd='',pwd_new='{$newpwd}'"; | |||||
} | |||||
$loginip = GetIP(); | $loginip = GetIP(); | ||||
$this->userID = $row->id; | $this->userID = $row->id; | ||||
$this->userType = $row->usertype; | $this->userType = $row->usertype; | ||||
$this->userChannel = $row->typeid; | $this->userChannel = $row->typeid; | ||||
$this->userName = $row->uname; | $this->userName = $row->uname; | ||||
$this->userPurview = $row->purviews; | $this->userPurview = $row->purviews; | ||||
$inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='".time()."' WHERE id='".$row->id."'"; | |||||
$inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='".time()."'{$upsql} WHERE id='".$row->id."'"; | |||||
$dsql->ExecuteNoneQuery($inquery); | $dsql->ExecuteNoneQuery($inquery); | ||||
$sql = "UPDATE `#@__member` SET logintime=".time().", loginip='$loginip' WHERE mid=".$row->id; | $sql = "UPDATE `#@__member` SET logintime=".time().", loginip='$loginip' WHERE mid=".$row->id; | ||||
$dsql->ExecuteNoneQuery($sql); | $dsql->ExecuteNoneQuery($sql); | ||||
@@ -67,11 +67,11 @@ if ($step == 1) { | |||||
$logintime = time(); | $logintime = time(); | ||||
$joinip = GetIP(); | $joinip = GetIP(); | ||||
$loginip = GetIP(); | $loginip = GetIP(); | ||||
$pwd = md5($userpwd); | |||||
$pwd = password_hash($userpwd, PASSWORD_BCRYPT); | |||||
$mtype = '个人'; | $mtype = '个人'; | ||||
$spaceSta = ($cfg_mb_spacesta < 0 ? $cfg_mb_spacesta : 0); | $spaceSta = ($cfg_mb_spacesta < 0 ? $cfg_mb_spacesta : 0); | ||||
$inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`pwd` ,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,`matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` ) | |||||
VALUES ('$mtype','$userid','$pwd','$uname','','10','$dfmoney','','$dfscores','0','$spaceSta','','','','$jointime','$joinip','$logintime','$loginip'); "; | |||||
$inQuery = "INSERT INTO `#@__member` (`mtype` ,`userid` ,`pwd`, `pwd_new` ,`uname` ,`sex` ,`rank` ,`money` ,`email` ,`scores` ,`matt`, `spacesta` ,`face`,`safequestion`,`safeanswer` ,`jointime` ,`joinip` ,`logintime` ,`loginip` ) | |||||
VALUES ('$mtype','$userid','','$pwd','$uname','','10','$dfmoney','','$dfscores','0','$spaceSta','','','','$jointime','$joinip','$logintime','$loginip'); "; | |||||
if ($dsql->ExecuteNoneQuery($inQuery)) { | if ($dsql->ExecuteNoneQuery($inQuery)) { | ||||
$mid = $dsql->GetLastID(); | $mid = $dsql->GetLastID(); | ||||
//写入默认会员详细资料 | //写入默认会员详细资料 | ||||