国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

113 lines
4.1KB

  1. <?php
  2. /**
  3. * @version $Id: edit_baseinfo.php 1 8:38 2010年7月9日Z tianya $
  4. * @package DedeBIZ.User
  5. * @copyright Copyright (c) 2022, DedeBIZ.COM
  6. * @license https://www.dedebiz.com/license
  7. * @link https://www.dedebiz.com
  8. */
  9. require_once(dirname(__FILE__)."/config.php");
  10. CheckRank(0, 0);
  11. $menutype = 'config';
  12. if (!isset($dopost)) $dopost = '';
  13. $pwd2 = (empty($pwd2)) ? "" : $pwd2;
  14. $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='".$cfg_ml->M_ID."'");
  15. $face = $row['face'];
  16. if ($dopost == 'save') {
  17. $svali = GetCkVdValue();
  18. //校验CSRF
  19. CheckCSRF();
  20. if (strtolower($vdcode) != $svali || $svali == '') {
  21. ReSETVdValue();
  22. ShowMsg('验证码错误', '-1');
  23. exit();
  24. }
  25. if (function_exists('password_hash')) {
  26. if (!is_array($row) || !password_verify($oldpwd, $row['pwd_new'])) {
  27. ShowMsg('您输入的旧密码错误或没填写,不允许修改资料', '-1');
  28. exit();
  29. }
  30. } else {
  31. if (!is_array($row) || $row['pwd'] != md5($oldpwd)) {
  32. ShowMsg('您输入的旧密码错误或没填写,不允许修改资料', '-1');
  33. exit();
  34. }
  35. }
  36. if ($userpwd != $userpwdok) {
  37. ShowMsg('您两次输入的新密码不一致', '-1');
  38. exit();
  39. }
  40. $pp = "pwd";
  41. if ($userpwd == '') {
  42. if (function_exists('password_hash')) {
  43. $pp = "pwd_new";
  44. $pwd = $row['pwd_new'];
  45. } else {
  46. $pwd = $row['pwd'];
  47. }
  48. } else {
  49. if (function_exists('password_hash'))
  50. {
  51. $pp = "pwd_new";
  52. $pwd = password_hash($userpwd, PASSWORD_BCRYPT);
  53. $pwd2 = password_hash($userpwd, PASSWORD_BCRYPT);
  54. } else {
  55. $pwd = md5($userpwd);
  56. $pwd2 = substr(md5($userpwd), 5, 20);
  57. }
  58. }
  59. $addupquery = '';
  60. //修改安全问题或Email
  61. if ($email != $row['email'] || ($newsafequestion != 0 && $newsafeanswer != '')) {
  62. if ($row['safequestion'] != 0 && ($row['safequestion'] != $safequestion || $row['safeanswer'] != $safeanswer)) {
  63. ShowMsg('您的旧安全问题及答案不正确,不能修改Email或安全问题', '-1');
  64. exit();
  65. }
  66. //修改Email
  67. if ($email != $row['email']) {
  68. if (!CheckEmail($email)) {
  69. ShowMsg('Email格式不正确', '-1');
  70. exit();
  71. } else {
  72. $addupquery .= ",email='$email'";
  73. }
  74. }
  75. //修改安全问题
  76. if ($newsafequestion != 0 && $newsafeanswer != '') {
  77. if (strlen($newsafeanswer) > 30) {
  78. ShowMsg('您的新安全问题的答案太长了,请保持在30字节以内', '-1');
  79. exit();
  80. } else {
  81. $newsafequestion = HtmlReplace($newsafequestion, 1);
  82. $newsafeanswer = HtmlReplace($newsafeanswer, 1);
  83. $addupquery .= ",safequestion='$newsafequestion',safeanswer='$newsafeanswer'";
  84. }
  85. }
  86. }
  87. //修改uname
  88. if ($uname != $row['uname']) {
  89. $rs = CheckUserID($uname, '昵称或公司名称', FALSE);
  90. if ($rs != 'ok') {
  91. ShowMsg($rs, '-1');
  92. exit();
  93. }
  94. $addupquery .= ",uname='$uname'";
  95. }
  96. //性别
  97. if (!in_array($sex, array('男', '女', '保密'))) {
  98. ShowMsg('请选择正常的性别', '-1');
  99. exit();
  100. }
  101. $query1 = "UPDATE `#@__member` SET $pp='$pwd',sex='$sex'{$addupquery} where mid='".$cfg_ml->M_ID."' ";
  102. $dsql->ExecuteNoneQuery($query1);
  103. //如果是管理员,修改其后台密码
  104. if ($cfg_ml->fields['matt'] == 10 && $pwd2 != "") {
  105. $query2 = "UPDATE `#@__admin` SET $pp='$pwd2' where id='".$cfg_ml->M_ID."' ";
  106. $dsql->ExecuteNoneQuery($query2);
  107. }
  108. //清除会员缓存
  109. $cfg_ml->DelCache($cfg_ml->M_ID);
  110. ShowMsg('成功更新您的基本资料', 'edit_baseinfo.php', 0, 5000);
  111. exit();
  112. }
  113. include(DEDEMEMBER."/templets/edit_baseinfo.htm");