DedeBIZ
/
DedeV6
关注 2
点赞 0
派生 0
代码 合并请求 0 版本发布 25 动态
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
1896 提交
3 分支
3.1GB
目录树: 1430bfa99f
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '1430bfa99f'
${ noResults }
DedeV6/src/system/memberlogin.class.php

563 行
19KB
原始文件 Blame 文件历史 

  1. <?php

  2. if (!defined('DEDEINC')) exit ('dedebiz');

  3. /**

  4.  * 会员登录

  5.  *

  6.  * @version        $id:userlogin.class.php 15:59 2010年7月5日 tianya $

  7.  * @package        DedeBIZ.Libraries

  8.  * @copyright      Copyright (c) 2022 DedeBIZ.COM

  9.  * @license        https://www.dedebiz.com/license

  10.  * @link           https://www.dedebiz.com

  11.  */

  12. //使用缓存助手

  13. helper('cache');

  14. /**

  15.  *  检查会员名的合法性

  16.  *

  17.  * @access    public

  18.  * @param     string  $uid  会员UID

  19.  * @param     string  $msgtitle  提示标题

  20.  * @param     string  $ckhas  检查是否存在

  21.  * @return    string

  22.  */

  23. function CheckUserID($uid, $msgtitle = '会员名', $ckhas = TRUE)

  24. {

  25.     global $cfg_mb_notallow, $cfg_mb_idmin, $cfg_md_idurl, $cfg_soft_lang, $dsql;

  26.     if ($cfg_mb_notallow != '') {

  27.         $nas = explode(',', $cfg_mb_notallow);

  28.         if (in_array($uid, $nas)) {

  29.             return $msgtitle.'系统禁止的标识';

  30.         }

  31.     }

  32.     if ($cfg_md_idurl == 'Y' && preg_match("/[^a-z0-9]/i", $uid)) {

  33.         return $msgtitle.'必须由英文字母和数字组合';

  34.     }

  35.     if ($cfg_soft_lang == 'utf-8') {

  36.         $ck_uid = utf82gb($uid);

  37.     } else {

  38.         $ck_uid = $uid;

  39.     }

  40.     for ($i = 0; isset($ck_uid[$i]); $i++) {

  41.         if (ord($ck_uid[$i]) > 0x80) {

  42.             if (isset($ck_uid[$i + 1]) && ord($ck_uid[$i + 1]) > 0x40) {

  43.                 $i++;

  44.             } else {

  45.                 return $msgtitle.'建议用英文字母和数字组合';

  46.             }

  47.         } else {

  48.             if (preg_match("/[^0-9a-z@\.-]/i", $ck_uid[$i])) {

  49.                 return $msgtitle.'使用[0-9a-zA-Z_@!.-]范围以内字符';

  50.             }

  51.         }

  52.     }

  53.     if ($ckhas) {

  54.         $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE userid LIKE '$uid' ");

  55.         if (is_array($row)) return $msgtitle."已存在";

  56.     }

  57.     return 'ok';

  58. }

  59. /**

  60.  *  检查会员是否被禁言

  61.  *

  62.  * @return    void

  63.  */

  64. function CheckNotAllow()

  65. {

  66.     global $cfg_ml;

  67.     if (empty($cfg_ml->M_ID)) return;

  68.     if ($cfg_ml->M_Spacesta == -2) {

  69.         ShowMsg("您已经被禁言,请与管理员联系", "-1");

  70.         exit();

  71.     } else if ($cfg_ml->M_Spacesta == -10) {

  72.         ShowMsg("系统开启了邮件审核机制,您的帐号需要审核后才能发信息", "-1");

  73.         exit();

  74.     } else if ($cfg_ml->M_Spacesta < 0) {

  75.         ShowMsg('系统开启了审核机制,您的帐号需要管理员审核后才能发信息', '-1');

  76.         exit();

  77.     }

  78. }

  79. function FormatUsername($username)

  80. {

  81.     $username = str_replace("`", "‘", $username);

  82.     $username = str_replace("'", "‘", $username);

  83.     $username = str_replace("\"", "“", $username);

  84.     $username = str_replace(",", ",", $username);

  85.     $username = str_replace("(", "(", $username);

  86.     $username = str_replace(")", ")", $username);

  87.     return addslashes($username);

  88. }

  89. /**

  90.  * 网站会员登录类

  91.  *

  92.  * @package          MemberLogin

  93.  * @subpackage       DedeBIZ.Libraries

  94.  * @link             https://www.dedebiz.com

  95.  */

  96. class MemberLogin

  97. {

  98.     var $M_ID;

  99.     var $M_LoginID;

  100.     var $M_MbType;

  101.     var $M_Money;

  102.     var $M_UserMoney;

  103.     var $M_Scores;

  104.     var $M_UserName;

  105.     var $M_Rank;

  106.     var $M_Face;

  107.     var $M_LoginTime;

  108.     var $M_KeepTime;

  109.     var $M_Spacesta;

  110.     var $fields;

  111.     var $M_UpTime;

  112.     var $M_ExpTime;

  113.     var $M_HasDay;

  114.     var $M_JoinTime;

  115.     var $M_Honor = '';

  116.     var $M_SendMax = 1;

  117.     var $memberCache = 'memberlogin';

  118.     var $dsql;

  119.     //php5构造函数

  120.     function __construct($kptime = -1, $cache = FALSE)

  121.     {

  122.         global $dsql;

  123.         $this->dsql = $dsql;

  124.         if ($kptime == -1) {

  125.             $this->M_KeepTime = 3600 * 24 * 7;

  126.         } else {

  127.             $this->M_KeepTime = $kptime;

  128.         }

  129.         $formcache = FALSE;

  130.         $this->M_ID = $this->GetNum(GetCookie("DedeUserID"));

  131.         $this->M_LoginTime = GetCookie("DedeLoginTime");

  132.         $this->fields = array();

  133.         if (empty($this->M_ID)) {

  134.             $this->ResetUser();

  135.         } else {

  136.             $this->M_ID = intval($this->M_ID);

  137.             if ($cache) {

  138.                 $this->fields = GetCache($this->memberCache, $this->M_ID);

  139.                 if (empty($this->fields)) {

  140.                     $this->fields = $this->dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='{$this->M_ID}' ");

  141.                 } else {

  142.                     $formcache = TRUE;

  143.                 }

  144.             } else {

  145.                 $this->fields = $this->dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='{$this->M_ID}' ");

  146.             }

  147.             if (is_array($this->fields)) {

  148.                 //间隔一小时更新一次会员登录时间

  149.                 if (time() - $this->M_LoginTime > 3600) {

  150.                     $this->dsql->ExecuteNoneQuery("update `#@__member` set logintime='".time()."',loginip='".GetIP()."' WHERE mid='".$this->fields['mid']."';");

  151.                     PutCookie("DedeLoginTime", time(), $this->M_KeepTime);

  152.                 }

  153.                 $this->M_LoginID = $this->fields['userid'];

  154.                 $this->M_MbType = $this->fields['mtype'];

  155.                 $this->M_Money = $this->fields['money'];

  156.                 $this->M_UserMoney = $this->fields['user_money'];

  157.                 $this->M_UserName = FormatUsername($this->fields['uname']);

  158.                 $this->M_Scores = $this->fields['scores'];

  159.                 $this->M_Face = $this->fields['face'];

  160.                 $this->M_Rank = $this->fields['rank'];

  161.                 $this->M_Spacesta = $this->fields['spacesta'];

  162.                 $sql = "SELECT titles From `#@__scores` WHERE integral<={$this->fields['scores']} ORDER BY integral DESC";

  163.                 $scrow = $this->dsql->GetOne($sql);

  164.                 $this->fields['honor'] = $scrow['titles'];

  165.                 $this->M_Honor = $this->fields['honor'];

  166.                 $this->M_UpTime = $this->fields['uptime'];

  167.                 $this->M_ExpTime = $this->fields['exptime'];

  168.                 $this->M_SendMax = $this->fields['send_max'];

  169.                 $this->M_JoinTime = MyDate('Y-m-d', $this->fields['jointime']);

  170.                 if ($this->M_Rank > 10 && $this->M_UpTime > 0) {

  171.                     $this->M_HasDay = $this->Judgemember();

  172.                 }

  173.                 if (!$formcache) {

  174.                     SetCache($this->memberCache, $this->M_ID, $this->fields, 1800);

  175.                 }

  176.             } else {

  177.                 $this->ResetUser();

  178.             }

  179.         }

  180.     }

  181.     function MemberLogin($kptime = -1)

  182.     {

  183.         $this->__construct($kptime);

  184.     }

  185.     /**

  186.      *  删除缓存,每次登录时和在修改会员资料的地方会清除

  187.      *

  188.      * @access    public

  189.      * @param     string

  190.      * @return    string

  191.      */

  192.     function DelCache($mid)

  193.     {

  194.         DelCache($this->memberCache, $mid);

  195.     }

  196.     /**

  197.      *  判断会员是否到期

  198.      *

  199.      * @return    string

  200.      */

  201.     function Judgemember()

  202.     {

  203.         global $cfg_mb_rank;

  204.         $nowtime = time();

  205.         $mhasDay = $this->M_ExpTime - ceil(($nowtime - $this->M_UpTime) / 3600 / 24) + 1;

  206.         if ($mhasDay <= 0) {

  207.             $this->dsql->ExecuteNoneQuery("UPDATE `#@__member` SET uptime='0',exptime='0',`rank`='$cfg_mb_rank' WHERE mid='".$this->fields['mid']."';");

  208.         }

  209.         return $mhasDay;

  210.     }

  211.     /**

  212.      *  退出cookie的会话

  213.      *

  214.      * @return    void

  215.      */

  216.     function ExitCookie()

  217.     {

  218.         $this->ResetUser();

  219.     }

  220.     /**

  221.      *  验证会员是否已经登录

  222.      *

  223.      * @return    bool

  224.      */

  225.     function IsLogin()

  226.     {

  227.         if ($this->M_ID > 0) return TRUE;

  228.         else return FALSE;

  229.     }

  230.     /**

  231.      *  检测会员上传空间

  232.      *

  233.      * @return    int

  234.      */

  235.     function GetUserSpace()

  236.     {

  237.         $uid = $this->M_ID;

  238.         $row = $this->dsql->GetOne("SELECT sum(filesize) AS fs FROM `#@__uploads` WHERE mid='$uid';");

  239.         return intval($row['fs']);

  240.     }

  241.     /**

  242.      *  检查会员空间是否已满

  243.      *

  244.      * @return    bool

  245.      */

  246.     function CheckUserSpaceIsFull()

  247.     {

  248.         global $cfg_mb_max;

  249.         if ($cfg_mb_max == 0) {

  250.             return false;

  251.         }

  252.         $hasuse = $this->GetUserSpace();

  253.         $maxSize = $cfg_mb_max * 1024 * 1024;

  254.         if ($hasuse >= $maxSize) {

  255.             return true;

  256.         }

  257.         return false;

  258.     }

  259.     /**

  260.      *  更新会员信息统计表

  261.      *

  262.      * @access    public

  263.      * @param     string  $field  字段信息

  264.      * @param     string  $uptype  更新类型

  265.      * @return    string

  266.      */

  267.     function UpdateUserTj($field, $uptype = 'add')

  268.     {

  269.         $mid = $this->M_ID;

  270.         $arr = $this->dsql->GetOne("SELECT * `#@__member_tj` WHERE mid='$mid' ");

  271.         if (!is_array($arr)) {

  272.             $arr = array('article' => 0, 'album' => 0, 'archives' => 0, 'homecount' => 0, 'pagecount' => 0, 'feedback' => 0, 'friend' => 0, 'stow' => 0);

  273.         }

  274.         extract($arr);

  275.         if (isset($$field)) {

  276.             if ($uptype == 'add') {

  277.                 $$field++;

  278.             } else if ($$field > 0) {

  279.                 $$field--;

  280.             }

  281.         }

  282.         $inquery = "INSERT INTO `#@__member_tj` (`mid`,`article`,`album`,`archives`,`homecount`,`pagecount`,`feedback`,`friend`,`stow`) VALUES ('$mid','$article','$album','$archives','$homecount','$pagecount','$feedback','$friend','$stow'); ";

  283.         $this->dsql->ExecuteNoneQuery("DELETE FROM `#@__member_tj` WHERE mid='$mid' ");

  284.         $this->dsql->ExecuteNoneQuery($inquery);

  285.     }

  286.     /**

  287.      *  重置会员信息

  288.      *

  289.      * @return    void

  290.      */

  291.     function ResetUser()

  292.     {

  293.         $this->fields = '';

  294.         $this->M_ID = 0;

  295.         $this->M_LoginID = '';

  296.         $this->M_Rank = 0;

  297.         $this->M_Face = "";

  298.         $this->M_Money = 0;

  299.         $this->M_UserMoney = 0;

  300.         $this->M_UserName = "";

  301.         $this->M_LoginTime = 0;

  302.         $this->M_MbType = '';

  303.         $this->M_Scores = 0;

  304.         $this->M_Spacesta = -2;

  305.         $this->M_UpTime = 0;

  306.         $this->M_ExpTime = 0;

  307.         $this->M_JoinTime = 0;

  308.         $this->M_HasDay = 0;

  309.         DropCookie('DedeUserID');

  310.         DropCookie('DedeLoginTime');

  311.     }

  312.     /**

  313.      *  获取整数值

  314.      *

  315.      * @access    public

  316.      * @param     string  $fnum  处理的数值

  317.      * @return    string

  318.      */

  319.     function GetNum($fnum)

  320.     {

  321.         $fnum = preg_replace("/[^0-9\.]/", '', $fnum);

  322.         return $fnum;

  323.     }

  324.     /**

  325.      *  会员登录,把登录密码转为指定长度md5数据

  326.      *

  327.      * @access    public

  328.      * @param     string  $pwd  需要加密的密码

  329.      * @return    string

  330.      */

  331.     function GetEncodePwd($pwd)

  332.     {

  333.         global $cfg_mb_pwdtype;

  334.         if (empty($cfg_mb_pwdtype)) $cfg_mb_pwdtype = '32';

  335.         switch ($cfg_mb_pwdtype) {

  336.             case 'l16':

  337.                 return substr(md5($pwd), 0, 16);

  338.             case 'r16':

  339.                 return substr(md5($pwd), 16, 16);

  340.             case 'm16':

  341.                 return substr(md5($pwd), 8, 16);

  342.             default:

  343.                 return md5($pwd);

  344.         }

  345.     }    

  346.     /**

  347.      *  会员登录,把数据库密码转为特定长度,如果数据库密码是明文,本程序不支持

  348.      *

  349.      * @access    public

  350.      * @param     string

  351.      * @return    string

  352.      */

  353.     function GetShortPwd($dbpwd)

  354.     {

  355.         global $cfg_mb_pwdtype;

  356.         if (empty($cfg_mb_pwdtype)) $cfg_mb_pwdtype = '32';

  357.         $dbpwd = trim($dbpwd);

  358.         if (strlen($dbpwd) == 16) {

  359.             return $dbpwd;

  360.         } else {

  361.             switch ($cfg_mb_pwdtype) {

  362.                 case 'l16':

  363.                     return substr($dbpwd, 0, 16);

  364.                 case 'r16':

  365.                     return substr($dbpwd, 16, 16);

  366.                 case 'm16':

  367.                     return substr($dbpwd, 8, 16);

  368.                 default:

  369.                     return $dbpwd;

  370.             }

  371.         }

  372.     }

  373.     /**

  374.      * 投稿是否被限制

  375.      *

  376.      * @return array

  377.      */

  378.     function IsSendLimited()

  379.     {

  380.         $arr = $this->dsql->GetOne("SELECT COUNT(*) as dd FROM `#@__arctiny` WHERE mid='{$this->M_ID}'");

  381.         if (is_array($arr)) {

  382.             if ($this->M_SendMax < 1) {

  383.                 return false;

  384.             }

  385.             if ($arr['dd'] >= $this->M_SendMax) {

  386.                 return true;

  387.             } else {

  388.                 return false;

  389.             }

  390.         } else {

  391.             return true;

  392.         }

  393.     }

  394.     /**

  395.      *  检查会员是否合法

  396.      *

  397.      * @access    public

  398.      * @param     string  $loginuser  登录会员名

  399.      * @param     string  $loginpwd  会员密码

  400.      * @return    string

  401.      */

  402.     function CheckUser(&$loginuser, $loginpwd)

  403.     {

  404.         //检测会员名的合法性

  405.         $rs = CheckUserID($loginuser, '会员名', FALSE);

  406.         //会员名不正确时返回验证错误,原登录名通过引用返回错误提示信息

  407.         if ($rs != 'ok') {

  408.             $loginuser = $rs;

  409.             return '0';

  410.         }

  411.         //matt=10是管理员关连的前台帐号,为了安全起见,这个帐号只能从后台登录,不能直接从前台登录

  412.         $row = $this->dsql->GetOne("SELECT mid,matt,pwd,pwd_new,logintime FROM `#@__member` WHERE userid LIKE '$loginuser' ");

  413.         if (is_array($row)) {

  414.             if (!empty($row['pwd_new']) && !password_verify($loginpwd, $row['pwd_new'])) {

  415.                 $this->loginError($loginuser);

  416.                 return -1;

  417.             } else if (!empty($row['pwd']) && $this->GetShortPwd($row['pwd']) != $this->GetEncodePwd($loginpwd)) {

  418.                 $this->loginError($loginuser);

  419.                 return -1;

  420.             } else {

  421.                 if (empty($row['pwd_new']) && function_exists('password_hash')) {

  422.                     //升级密码

  423.                     $newpwd = password_hash($loginpwd, PASSWORD_BCRYPT);

  424.                     $inquery = "UPDATE `#@__member` SET pwd='',pwd_new='{$newpwd}' WHERE mid='".$row['mid']."'";

  425.                     $this->dsql->ExecuteNoneQuery($inquery);

  426.                 }

  427.                 //管理员帐号不允许从前台登录

  428.                 if ($row['matt'] == 10) {

  429.                     return -2;

  430.                 } else {

  431.                     $this->PutLoginInfo($row['mid'], $row['logintime']);

  432.                     return 1;

  433.                 }

  434.             }

  435.         } else {

  436.             return 0;

  437.         }

  438.     }

  439.     /**

  440.      * 是否需要验证码

  441.      *

  442.      * @param  mixed $loginuser

  443.      * @return bool

  444.      */

  445.     function isNeedCheckCode($loginuser)

  446.     {

  447.         $num = $this->getLoginError($loginuser);

  448.         return $num >= 3 ? true : false;

  449.     }

  450.     /**

  451.      * 1分钟以内登录错误的次数

  452.      *

  453.      * @param  mixed $loginuser

  454.      * @return int 登录错误次数

  455.      */

  456.     function getLoginError($loginuser)

  457.     {

  458.         $rs = CheckUserID($loginuser, '会员名', FALSE);

  459.         //会员名不正确时返回验证错误,原登录名通过引用返回错误提示信息

  460.         if ($rs != 'ok') {

  461.             return -1;

  462.         }

  463.         if (!TableHasField("#@__member", "loginerr")) {

  464.             return 0;

  465.         }

  466.         $row = $this->dsql->GetOne("SELECT loginerr,logintime FROM `#@__member` WHERE userid LIKE '$loginuser'");

  467.         if (is_array($row)) {

  468.             //1分钟内如果输错3次则需要验证码

  469.             return (time() - (int)$row['logintime']) < 60 ?  (int)$row['loginerr'] : 0;

  470.         } else {

  471.             return -1;

  472.         }

  473.     }

  474.     /**

  475.      * 记录登录错误

  476.      *

  477.      * @return void

  478.      */

  479.     function loginError($loginuser)

  480.     {

  481.         $rs = CheckUserID($loginuser, '会员名', FALSE);

  482.         //会员名不正确时返回验证错误,原登录名通过引用返回错误提示信息

  483.         if ($rs != 'ok') {

  484.             return;

  485.         }

  486.         $loginip = GetIP();

  487.         $inquery = "UPDATE `#@__member` SET loginip='$loginip',logintime='".time()."',loginerr=loginerr+1 WHERE userid='".$loginuser."'";

  488.         $this->dsql->ExecuteNoneQuery($inquery);

  489.     }

  490.     /**

  491.      *  保存会员cookie

  492.      *

  493.      * @access    public

  494.      * @param     string  $uid  会员id

  495.      * @param     string  $logintime  登录限制时间

  496.      * @return    void

  497.      */

  498.     function PutLoginInfo($uid, $logintime = 0)

  499.     {

  500.         global $cfg_login_adds;

  501.         //登录添加积分(上一次登录时间必须大于两小时)

  502.         if (time() - $logintime > 7200 && $cfg_login_adds > 0) {

  503.             $this->dsql->ExecuteNoneQuery("UPDATE `#@__member` SET `scores`=`scores`+{$cfg_login_adds} WHERE mid='$uid' ");

  504.         }

  505.         $this->M_ID = $uid;

  506.         $this->M_LoginTime = time();

  507.         $loginip = GetIP();

  508.         $inquery = "UPDATE `#@__member` SET loginip='$loginip',logintime='".$this->M_LoginTime."',loginerr=0 WHERE mid='".$uid."'";

  509.         $this->dsql->ExecuteNoneQuery($inquery);

  510.         if ($this->M_KeepTime > 0) {

  511.             PutCookie('DedeUserID', $uid, $this->M_KeepTime);

  512.             PutCookie('DedeLoginTime', $this->M_LoginTime, $this->M_KeepTime);

  513.         } else {

  514.             PutCookie('DedeUserID', $uid);

  515.             PutCookie('DedeLoginTime', $this->M_LoginTime);

  516.         }

  517.     }

  518.     function GetMemberTypeName()

  519.     {

  520.         if ($this->M_Rank == 0) {

  521.             return '注册会员';

  522.         } else {

  523.             $row = $this->dsql->GetOne("SELECT membername FROM `#@__arcrank` WHERE `rank`='".$this->M_Rank."'");

  524.             return $row['membername'];

  525.         }

  526.     }

  527.     /**

  528.      *  获得会员目前的状态

  529.      *

  530.      * @access    public

  531.      * @return    string

  532.      */

  533.     function GetSta()

  534.     {

  535.         $sta = '';

  536.         if ($this->M_Rank == 0) {

  537.             $sta .= "您目前等级是:注册会员";

  538.         } else {

  539.             $row = $this->dsql->GetOne("SELECT membername FROM `#@__arcrank` WHERE `rank`='".$this->M_Rank."'");

  540.             $sta .= "您目前等级是:".$row['membername'];

  541.             $rs = $this->dsql->GetOne("SELECT id FROM `#@__admin` WHERE userid='".$this->M_LoginID."'");

  542.             if (!is_array($rs)) {

  543.                 if ($this->M_Rank > 10 && $this->M_HasDay > 0) $sta .= ",剩余<span class='text-primary'>".$this->M_HasDay."</span>天";

  544.                 elseif ($this->M_Rank > 10) $sta .= ",<span class='text-danger'>会员已到期</span>";

  545.             }

  546.         }

  547.         $sta .= ",积分<span class='text-primary'>{$this->M_Scores}</span>分,金币<span class='text-primary'>{$this->M_Money}</span>个,余额<span class='text-primary'>{$this->M_UserMoney}</span>元";

  548.         return $sta;

  549.     }

  550.     //获取能够发布文档的栏目

  551.     public static function GetEnabledChannels() {

  552.         global $dsql;

  553.         $result = array();

  554.         $dsql->SetQuery("SELECT channeltype FROM `#@__arctype` GROUP BY channeltype");

  555.         $dsql->Execute();

  556.         $candoChannel = '';

  557.         while ($row = $dsql->GetObject()) {

  558.             $result[] = $row->channeltype;

  559.         }

  560.         return $result;

  561.     }

  562. }//End Class

  563. ?>