DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1313 Commits
3 Branches
110MB
Tree: 3ff4efefd0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3ff4efefd0'
${ noResults }
DedeV6/src/system/memberlogin.class.php

535 lines
18KB
Raw Blame History 

  1. <?php

  2. if (!defined('DEDEINC')) exit('dedebiz');

  3. /**

  4.  * 会员登录类

  5.  *

  6.  * @version        $id:userlogin.class.php 15:59 2010年7月5日 tianya $

  7.  * @package        DedeBIZ.Libraries

  8.  * @copyright      Copyright (c) 2022 DedeBIZ.COM

  9.  * @license        https://www.dedebiz.com/license

  10.  * @link           https://www.dedebiz.com

  11.  */

  12. //使用缓存助手

  13. helper('cache');

  14. /**

  15.  *  检查用户名的合法性

  16.  *

  17.  * @access    public

  18.  * @param     string  $uid  用户UID

  19.  * @param     string  $msgtitle  提示标题

  20.  * @param     string  $ckhas  检查是否存在

  21.  * @return    string

  22.  */

  23. function CheckUserID($uid, $msgtitle = '用户名', $ckhas = TRUE)

  24. {

  25.     global $cfg_mb_notallow, $cfg_mb_idmin, $cfg_md_idurl, $cfg_soft_lang, $dsql;

  26.     if ($cfg_mb_notallow != '') {

  27.         $nas = explode(',', $cfg_mb_notallow);

  28.         if (in_array($uid, $nas)) {

  29.             return $msgtitle.'为系统禁止的标识';

  30.         }

  31.     }

  32.     if ($cfg_md_idurl == 'Y' && preg_match("/[^a-z0-9]/i", $uid)) {

  33.         return $msgtitle.'必须由英文字母或数字组成';

  34.     }

  35.     if ($cfg_soft_lang == 'utf-8') {

  36.         $ck_uid = utf82gb($uid);

  37.     } else {

  38.         $ck_uid = $uid;

  39.     }

  40.     for ($i = 0; isset($ck_uid[$i]); $i++) {

  41.         if (ord($ck_uid[$i]) > 0x80) {

  42.             if (isset($ck_uid[$i + 1]) && ord($ck_uid[$i + 1]) > 0x40) {

  43.                 $i++;

  44.             } else {

  45.                 return $msgtitle.'可能含有乱码,建议您改用英文字母和数字组合';

  46.             }

  47.         } else {

  48.             if (preg_match("/[^0-9a-z@\.-]/i", $ck_uid[$i])) {

  49.                 return $msgtitle.'不能含有 [@]、[.]、[-]以外的特殊符号';

  50.             }

  51.         }

  52.     }

  53.     if ($ckhas) {

  54.         $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE userid LIKE '$uid' ");

  55.         if (is_array($row)) return $msgtitle."已经存在";

  56.     }

  57.     return 'ok';

  58. }

  59. /**

  60.  *  检查用户是否被禁言

  61.  *

  62.  * @return    void

  63.  */

  64. function CheckNotAllow()

  65. {

  66.     global $cfg_ml;

  67.     if (empty($cfg_ml->M_ID)) return;

  68.     if ($cfg_ml->M_Spacesta == -2) {

  69.         ShowMsg("您已经被禁言,请与管理员联系", "-1");

  70.         exit();

  71.     } else if ($cfg_ml->M_Spacesta == -10) {

  72.         ShowMsg("系统开启了邮件审核机制,因此您的帐号需要审核后才能发信息", "-1");

  73.         exit();

  74.     } else if ($cfg_ml->M_Spacesta < 0) {

  75.         ShowMsg('系统开启了审核机制,因此您的帐号需要管理员审核后才能发信息', '-1');

  76.         exit();

  77.     }

  78. }

  79. function FormatUsername($username)

  80. {

  81.     $username = str_replace("`", "‘", $username);

  82.     $username = str_replace("'", "‘", $username);

  83.     $username = str_replace("\"", "“", $username);

  84.     $username = str_replace(",", ",", $username);

  85.     $username = str_replace("(", "(", $username);

  86.     $username = str_replace(")", ")", $username);

  87.     return addslashes($username);

  88. }

  89. /**

  90.  * 网站会员登录类

  91.  *

  92.  * @package          MemberLogin

  93.  * @subpackage       DedeBIZ.Libraries

  94.  * @link             https://www.dedebiz.com

  95.  */

  96. class MemberLogin

  97. {

  98.     var $M_ID;

  99.     var $M_LoginID;

  100.     var $M_MbType;

  101.     var $M_Money;

  102.     var $M_Scores;

  103.     var $M_UserName;

  104.     var $M_Rank;

  105.     var $M_Face;

  106.     var $M_LoginTime;

  107.     var $M_KeepTime;

  108.     var $M_Spacesta;

  109.     var $fields;

  110.     var $isAdmin;

  111.     var $M_UpTime;

  112.     var $M_ExpTime;

  113.     var $M_HasDay;

  114.     var $M_JoinTime;

  115.     var $M_Honor = '';

  116.     var $memberCache = 'memberlogin';

  117.     //php5构造函数

  118.     function __construct($kptime = -1, $cache = FALSE)

  119.     {

  120.         global $dsql;

  121.         if ($kptime == -1) {

  122.             $this->M_KeepTime = 3600 * 24 * 7;

  123.         } else {

  124.             $this->M_KeepTime = $kptime;

  125.         }

  126.         $formcache = FALSE;

  127.         $this->M_ID = $this->GetNum(GetCookie("DedeUserID"));

  128.         $this->M_LoginTime = GetCookie("DedeLoginTime");

  129.         $this->fields = array();

  130.         $this->isAdmin = FALSE;

  131.         if (empty($this->M_ID)) {

  132.             $this->ResetUser();

  133.         } else {

  134.             $this->M_ID = intval($this->M_ID);

  135. 

  136.             if ($cache) {

  137.                 $this->fields = GetCache($this->memberCache, $this->M_ID);

  138.                 if (empty($this->fields)) {

  139.                     $this->fields = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='{$this->M_ID}' ");

  140.                 } else {

  141.                     $formcache = TRUE;

  142.                 }

  143.             } else {

  144.                 $this->fields = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='{$this->M_ID}' ");

  145.             }

  146.             if (is_array($this->fields)) {

  147.                 //间隔一小时更新一次用户登录时间

  148.                 if (time() - $this->M_LoginTime > 3600) {

  149.                     $dsql->ExecuteNoneQuery("update `#@__member` set logintime='".time()."',loginip='".GetIP()."' WHERE mid='".$this->fields['mid']."';");

  150.                     PutCookie("DedeLoginTime", time(), $this->M_KeepTime);

  151.                 }

  152.                 $this->M_LoginID = $this->fields['userid'];

  153.                 $this->M_MbType = $this->fields['mtype'];

  154.                 $this->M_Money = $this->fields['money'];

  155.                 $this->M_UserName = FormatUsername($this->fields['uname']);

  156.                 $this->M_Scores = $this->fields['scores'];

  157.                 $this->M_Face = $this->fields['face'];

  158.                 $this->M_Rank = $this->fields['rank'];

  159.                 $this->M_Spacesta = $this->fields['spacesta'];

  160.                 $sql = "SELECT titles From `#@__scores` WHERE integral<={$this->fields['scores']} ORDER BY integral DESC";

  161.                 $scrow = $dsql->GetOne($sql);

  162.                 $this->fields['honor'] = $scrow['titles'];

  163.                 $this->M_Honor = $this->fields['honor'];

  164.                 if ($this->fields['matt'] == 10) $this->isAdmin = TRUE;

  165.                 $this->M_UpTime = $this->fields['uptime'];

  166.                 $this->M_ExpTime = $this->fields['exptime'];

  167.                 $this->M_JoinTime = MyDate('Y-m-d', $this->fields['jointime']);

  168.                 if ($this->M_Rank > 10 && $this->M_UpTime > 0) {

  169.                     $this->M_HasDay = $this->Judgemember();

  170.                 }

  171.                 if (!$formcache) {

  172.                     SetCache($this->memberCache, $this->M_ID, $this->fields, 1800);

  173.                 }

  174.             } else {

  175.                 $this->ResetUser();

  176.             }

  177.         }

  178.     }

  179.     function MemberLogin($kptime = -1)

  180.     {

  181.         $this->__construct($kptime);

  182.     }

  183.     /**

  184.      *  删除缓存,每次登录时和在修改用户资料的地方会清除

  185.      *

  186.      * @access    public

  187.      * @param     string

  188.      * @return    string

  189.      */

  190.     function DelCache($mid)

  191.     {

  192.         DelCache($this->memberCache, $mid);

  193.     }

  194.     /**

  195.      *  判断会员是否到期

  196.      *

  197.      * @return    string

  198.      */

  199.     function Judgemember()

  200.     {

  201.         global $dsql, $cfg_mb_rank;

  202.         $nowtime = time();

  203.         $mhasDay = $this->M_ExpTime - ceil(($nowtime - $this->M_UpTime) / 3600 / 24) + 1;

  204.         if ($mhasDay <= 0) {

  205.             $dsql->ExecuteNoneQuery("UPDATE `#@__member` SET uptime='0',exptime='0',`rank`='$cfg_mb_rank' WHERE mid='".$this->fields['mid']."';");

  206.         }

  207.         return $mhasDay;

  208.     }

  209.     /**

  210.      *  退出cookie的会话

  211.      *

  212.      * @return    void

  213.      */

  214.     function ExitCookie()

  215.     {

  216.         $this->ResetUser();

  217.     }

  218.     /**

  219.      *  验证用户是否已经登录

  220.      *

  221.      * @return    bool

  222.      */

  223.     function IsLogin()

  224.     {

  225.         if ($this->M_ID > 0) return TRUE;

  226.         else return FALSE;

  227.     }

  228.     /**

  229.      *  检测用户上传空间

  230.      *

  231.      * @return    int

  232.      */

  233.     function GetUserSpace()

  234.     {

  235.         global $dsql;

  236.         $uid = $this->M_ID;

  237.         $row = $dsql->GetOne("SELECT sum(filesize) AS fs FROM `#@__uploads` WHERE mid='$uid'; ");

  238.         return $row['fs'];

  239.     }

  240.     /**

  241.      *  检查用户空间信息

  242.      *

  243.      * @return    void

  244.      */

  245.     function CheckUserSpace()

  246.     {

  247.         global $cfg_mb_max;

  248.         $uid = $this->M_ID;

  249.         $hasuse = $this->GetUserSpace();

  250.         $maxSize = $cfg_mb_max * 1024 * 1024;

  251.         if ($hasuse >= $maxSize) {

  252.             ShowMsg('您的空间已满,不允许上传新文件', '-1');

  253.             exit();

  254.         }

  255.     }

  256.     /**

  257.      *  更新用户信息统计表

  258.      *

  259.      * @access    public

  260.      * @param     string  $field  字段信息

  261.      * @param     string  $uptype  更新类型

  262.      * @return    string

  263.      */

  264.     function UpdateUserTj($field, $uptype = 'add')

  265.     {

  266.         global $dsql;

  267.         $mid = $this->M_ID;

  268.         $arr = $dsql->GetOne("Select * `#@__member_tj` WHERE mid='$mid' ");

  269.         if (!is_array($arr)) {

  270.             $arr = array('article' => 0, 'album' => 0, 'archives' => 0, 'homecount' => 0, 'pagecount' => 0, 'feedback' => 0, 'friend' => 0, 'stow' => 0);

  271.         }

  272.         extract($arr);

  273.         if (isset($$field)) {

  274.             if ($uptype == 'add') {

  275.                 $$field++;

  276.             } else if ($$field > 0) {

  277.                 $$field--;

  278.             }

  279.         }

  280.         $inquery = "INSERT INTO `#@__member_tj` (`mid`,`article`,`album`,`archives`,`homecount`,`pagecount`,`feedback`,`friend`,`stow`) VALUES ('$mid','$article','$album','$archives','$homecount','$pagecount','$feedback','$friend','$stow'); ";

  281.         $dsql->ExecuteNoneQuery("DELETE FROM `#@__member_tj` WHERE mid='$mid' ");

  282.         $dsql->ExecuteNoneQuery($inquery);

  283.     }

  284.     /**

  285.      *  重置用户信息

  286.      *

  287.      * @return    void

  288.      */

  289.     function ResetUser()

  290.     {

  291.         $this->fields = '';

  292.         $this->M_ID = 0;

  293.         $this->M_LoginID = '';

  294.         $this->M_Rank = 0;

  295.         $this->M_Face = "";

  296.         $this->M_Money = 0;

  297.         $this->M_UserName = "";

  298.         $this->M_LoginTime = 0;

  299.         $this->M_MbType = '';

  300.         $this->M_Scores = 0;

  301.         $this->M_Spacesta = -2;

  302.         $this->M_UpTime = 0;

  303.         $this->M_ExpTime = 0;

  304.         $this->M_JoinTime = 0;

  305.         $this->M_HasDay = 0;

  306.         DropCookie('DedeUserID');

  307.         DropCookie('DedeLoginTime');

  308.     }

  309.     /**

  310.      *  获取整数值

  311.      *

  312.      * @access    public

  313.      * @param     string  $fnum  处理的数值

  314.      * @return    string

  315.      */

  316.     function GetNum($fnum)

  317.     {

  318.         $fnum = preg_replace("/[^0-9\.]/", '', $fnum);

  319.         return $fnum;

  320.     }

  321.     /**

  322.      *  用户登录

  323.      *  把登录密码转为指定长度md5数据

  324.      *

  325.      * @access    public

  326.      * @param     string  $pwd  需要加密的密码

  327.      * @return    string

  328.      */

  329.     function GetEncodePwd($pwd)

  330.     {

  331.         global $cfg_mb_pwdtype;

  332.         if (empty($cfg_mb_pwdtype)) $cfg_mb_pwdtype = '32';

  333.         switch ($cfg_mb_pwdtype) {

  334.             case 'l16':

  335.                 return substr(md5($pwd), 0, 16);

  336.             case 'r16':

  337.                 return substr(md5($pwd), 16, 16);

  338.             case 'm16':

  339.                 return substr(md5($pwd), 8, 16);

  340.             default:

  341.                 return md5($pwd);

  342.         }

  343.     }

  344.     /**

  345.      *  把数据库密码转为特定长度

  346.      *  如果数据库密码是明文的,本程序不支持

  347.      *

  348.      * @access    public

  349.      * @param     string

  350.      * @return    string

  351.      */

  352.     function GetShortPwd($dbpwd)

  353.     {

  354.         global $cfg_mb_pwdtype;

  355.         if (empty($cfg_mb_pwdtype)) $cfg_mb_pwdtype = '32';

  356.         $dbpwd = trim($dbpwd);

  357.         if (strlen($dbpwd) == 16) {

  358.             return $dbpwd;

  359.         } else {

  360.             switch ($cfg_mb_pwdtype) {

  361.                 case 'l16':

  362.                     return substr($dbpwd, 0, 16);

  363.                 case 'r16':

  364.                     return substr($dbpwd, 16, 16);

  365.                 case 'm16':

  366.                     return substr($dbpwd, 8, 16);

  367.                 default:

  368.                     return $dbpwd;

  369.             }

  370.         }

  371.     }

  372.     /**

  373.      *  检查用户是否合法

  374.      *

  375.      * @access    public

  376.      * @param     string  $loginuser  登录用户名

  377.      * @param     string  $loginpwd  用户密码

  378.      * @return    string

  379.      */

  380.     function CheckUser(&$loginuser, $loginpwd)

  381.     {

  382.         global $dsql;

  383.         //检测用户名的合法性

  384.         $rs = CheckUserID($loginuser, '用户名', FALSE);

  385.         //用户名不正确时返回验证错误,原登录名通过引用返回错误提示信息

  386.         if ($rs != 'ok') {

  387.             $loginuser = $rs;

  388.             return '0';

  389.         }

  390.         //matt=10 是管理员关连的前台帐号,为了安全起见,这个帐号只能从后台登录,不能直接从前台登录

  391.         $row = $dsql->GetOne("SELECT mid,matt,pwd,pwd_new,logintime FROM `#@__member` WHERE userid LIKE '$loginuser' ");

  392.         if (is_array($row)) {

  393.             if (!empty($row['pwd_new']) && !password_verify($loginpwd, $row['pwd_new'])) {

  394.                 $this->loginError($loginuser);

  395.                 return -1;

  396.             } else if (!empty($row['pwd']) && $this->GetShortPwd($row['pwd']) != $this->GetEncodePwd($loginpwd)) {

  397.                 $this->loginError($loginuser);

  398.                 return -1;

  399.             } else {

  400.                 if (empty($row['pwd_new']) && function_exists('password_hash')) {

  401.                     //升级密码

  402.                     $newpwd = password_hash($loginpwd, PASSWORD_BCRYPT);

  403.                     $inquery = "UPDATE `#@__member` SET pwd='',pwd_new='{$newpwd}' WHERE mid='".$row['mid']."'";

  404.                     $dsql->ExecuteNoneQuery($inquery);

  405.                 }

  406.                 //管理员帐号不允许从前台登录

  407.                 if ($row['matt'] == 10) {

  408.                     return -2;

  409.                 } else {

  410.                     $this->PutLoginInfo($row['mid'], $row['logintime']);

  411.                     return 1;

  412.                 }

  413.             }

  414.         } else {

  415.             return 0;

  416.         }

  417.     }

  418. 

  419.     /**

  420.      * 是否需要验证码

  421.      *

  422.      * @param  mixed $loginuser

  423.      * @return bool

  424.      */

  425.     function isNeedCheckCode($loginuser)

  426.     {

  427.         $num = $this->getLoginError($loginuser);

  428.         return $num >= 3 ? true : false;

  429.     }

  430.     

  431.     /**

  432.      * 1分钟以内登录错误的次数

  433.      *

  434.      * @param  mixed $loginuser

  435.      * @return int 登录错误次数

  436.      */

  437.     function getLoginError($loginuser)

  438.     {

  439.         global $dsql;

  440.         $rs = CheckUserID($loginuser, '用户名', FALSE);

  441.         //用户名不正确时返回验证错误,原登录名通过引用返回错误提示信息

  442.         if ($rs != 'ok') {

  443.             return -1;

  444.         }

  445.         $row = $dsql->GetOne("SELECT loginerr,logintime FROM `#@__member` WHERE userid LIKE '$loginuser'");

  446.         if (is_array($row)) {

  447.             //1分钟内如果输错3次则需要验证码

  448.             return (time() - (int)$row['logintime']) < 60 ?  (int)$row['loginerr'] : 0;

  449.         } else {

  450.             return -1;

  451.         }

  452.     }

  453.     /**

  454.      * 记录登录错误

  455.      *

  456.      * @return void

  457.      */

  458.     function loginError($loginuser)

  459.     {

  460.         global $dsql;

  461.         $rs = CheckUserID($loginuser, '用户名', FALSE);

  462.         //用户名不正确时返回验证错误,原登录名通过引用返回错误提示信息

  463.         if ($rs != 'ok') {

  464.             return;

  465.         }

  466.         $loginip = GetIP();

  467.         $inquery = "UPDATE `#@__member` SET loginip='$loginip',logintime='" . time() . "',loginerr=loginerr+1 WHERE userid='" . $loginuser . "'";

  468.         $dsql->ExecuteNoneQuery($inquery);

  469.     }

  470.     /**

  471.      *  保存用户cookie

  472.      *

  473.      * @access    public

  474.      * @param     string  $uid  用户id

  475.      * @param     string  $logintime  登录限制时间

  476.      * @return    void

  477.      */

  478.     function PutLoginInfo($uid, $logintime = 0)

  479.     {

  480.         global $cfg_login_adds, $dsql;

  481.         //登录增加积分(上一次登录时间必须大于两小时)

  482.         if (time() - $logintime > 7200 && $cfg_login_adds > 0) {

  483.             $dsql->ExecuteNoneQuery("UPDATE `#@__member` SET `scores`=`scores`+{$cfg_login_adds} WHERE mid='$uid' ");

  484.         }

  485.         $this->M_ID = $uid;

  486.         $this->M_LoginTime = time();

  487.         $loginip = GetIP();

  488.         $inquery = "UPDATE `#@__member` SET loginip='$loginip',logintime='".$this->M_LoginTime."',loginerr=0 WHERE mid='".$uid."'";

  489.         $dsql->ExecuteNoneQuery($inquery);

  490.         if ($this->M_KeepTime > 0) {

  491.             PutCookie('DedeUserID', $uid, $this->M_KeepTime);

  492.             PutCookie('DedeLoginTime', $this->M_LoginTime, $this->M_KeepTime);

  493.         } else {

  494.             PutCookie('DedeUserID', $uid);

  495.             PutCookie('DedeLoginTime', $this->M_LoginTime);

  496.         }

  497.     }

  498.     /**

  499.      *  获得会员目前的状态

  500.      *

  501.      * @access    public

  502.      * @param     object  $dsql  数据库连接

  503.      * @return    string

  504.      */

  505.     function GetSta($dsql)

  506.     {

  507.         $sta = '';

  508.         if ($this->M_Rank == 0) {

  509.             $sta .= "您目前的身份是:普通会员";

  510.         } else {

  511.             $row = $dsql->GetOne("Select membername From `#@__arcrank` where `rank`='".$this->M_Rank."'");

  512.             $sta .= "您目前的身份是:".$row['membername'];

  513.             $rs = $dsql->GetOne("Select id From `#@__admin` where userid='".$this->M_LoginID."'");

  514.             if (!is_array($rs)) {

  515.                 if ($this->M_Rank > 10 && $this->M_HasDay > 0) $sta .= " 剩余天数:<span class='text-primary'>".$this->M_HasDay."</span>天";

  516.                 elseif ($this->M_Rank > 10) $sta .= "<span class='text-primary'>会员升级已经到期</span> ";

  517.             }

  518.         }

  519.         $sta .= " 拥有金币:{$this->M_Money} 个,积分:{$this->M_Scores}分";

  520.         return $sta;

  521.     }

  522.     //获取能够发布文档的栏目

  523.     public static function GetEnabledChannels() {

  524.         global $dsql;

  525.         $result = array();

  526.         $dsql->SetQuery("SELECT channeltype FROM `#@__arctype` GROUP BY channeltype");

  527.         $dsql->Execute();

  528.         $candoChannel = '';

  529.         while ($row = $dsql->GetObject()) {

  530.             $result[] = $row->channeltype;

  531.         }

  532.         return $result;

  533.     }

  534. }//End Class

  535. ?>