From 99c66b8a0e86ac32b6eea41a17febb6018828631 Mon Sep 17 00:00:00 2001
From: tianya <8445295+llgoer@user.noreply.gitee.com>
Date: Wed, 4 May 2022 16:49:23 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=9B=B4=E6=96=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/admin/sys_admin_user_edit.php |  9 +++++----
 src/user/edit_baseinfo.php        | 12 +++++++++---
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/admin/sys_admin_user_edit.php b/src/admin/sys_admin_user_edit.php
index 8ef798aa..4bcd4964 100644
--- a/src/admin/sys_admin_user_edit.php
+++ b/src/admin/sys_admin_user_edit.php
@@ -27,11 +27,12 @@ if ($dopost == 'saveedit') {
     }
     $pwdm = '';
     if ($pwd != '') {
-        $pwdm = ",pwd='".md5($pwd)."'";
-        $pwd = ",pwd='".substr(md5($pwd), 5, 20)."'";
         if (function_exists('password_hash')) {
-            $pwdm = ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'";
-            $pwd = ",pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'";
+            $pwdm = ",pwd='',pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'";
+            $pwd = ",pwd='',pwd_new='".password_hash($pwd, PASSWORD_BCRYPT)."'";
+        } else {
+            $pwdm = ",pwd='".md5($pwd)."'";
+            $pwd = ",pwd='".substr(md5($pwd), 5, 20)."'";
         }
     }
     if (empty($typeids)) {
diff --git a/src/user/edit_baseinfo.php b/src/user/edit_baseinfo.php
index 9eb0be10..09ed0f32 100755
--- a/src/user/edit_baseinfo.php
+++ b/src/user/edit_baseinfo.php
@@ -22,7 +22,7 @@ if ($dopost == 'save') {
         ShowMsg('验证码错误', '-1');
         exit();
     }
-    if (function_exists('password_hash')) {
+    if (function_exists('password_hash') && !empty($row['pwd_new'])) {
         if (!is_array($row) || !password_verify($oldpwd, $row['pwd_new'])) {
             ShowMsg('您输入的旧密码错误或没填写，不允许修改资料', '-1');
             exit();
@@ -37,11 +37,15 @@ if ($dopost == 'save') {
         ShowMsg('您两次输入的新密码不一致', '-1');
         exit();
     }
+    $addupquery = '';
+    $admaddupquery = '';
     $pp = "pwd";
+    $pwd = '';
     if ($userpwd == '') {
         if (function_exists('password_hash')) {
             $pp = "pwd_new";
             $pwd = $row['pwd_new'];
+            $addupquery = ',pwd=\'\'';
         } else {
             $pwd = $row['pwd'];
         }
@@ -51,12 +55,14 @@ if ($dopost == 'save') {
             $pp = "pwd_new";
             $pwd = password_hash($userpwd, PASSWORD_BCRYPT);
             $pwd2 = password_hash($userpwd, PASSWORD_BCRYPT);
+            $addupquery = ',pwd=\'\'';
+            $admaddupquery = ',pwd=\'\'';
         } else {
             $pwd = md5($userpwd);
             $pwd2 = substr(md5($userpwd), 5, 20);
         }
     }
-    $addupquery = '';
+    
     //修改安全问题或Email
     if ($email != $row['email'] || ($newsafequestion != 0 && $newsafeanswer != '')) {
         if ($row['safequestion'] != 0 && ($row['safequestion'] != $safequestion || $row['safeanswer'] != $safeanswer)) {
@@ -102,7 +108,7 @@ if ($dopost == 'save') {
     $dsql->ExecuteNoneQuery($query1);
     //如果是管理员，修改其后台密码
     if ($cfg_ml->fields['matt'] == 10 && $pwd2 != "") {
-        $query2 = "UPDATE `#@__admin` SET $pp='$pwd2' where id='".$cfg_ml->M_ID."' ";
+        $query2 = "UPDATE `#@__admin` SET $pp='$pwd2'{$admaddupquery} where id='".$cfg_ml->M_ID."' ";
         $dsql->ExecuteNoneQuery($query2);
     }
     //清除会员缓存