国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

151 lines
4.4KB

  1. <?php
  2. /**
  3. * 密码重设
  4. *
  5. * @version $Id: resetpassword.php 1 8:38 2010年7月9日Z tianya $
  6. * @package DedeCMS.Member
  7. * @copyright Copyright (c) 2007 - 2020, DesDev, Inc.
  8. * @license http://help.dedecms.com/usersguide/license.html
  9. * @link http://www.dedecms.com
  10. */
  11. require_once(dirname(__FILE__)."/config.php");
  12. require_once(DEDEMEMBER."/inc/inc_pwd_functions.php");
  13. if(empty($dopost)) $dopost = "";
  14. $id = isset($id)? intval($id) : 0;
  15. if($dopost == "")
  16. {
  17. include(dirname(__FILE__)."/templets/resetpassword.htm");
  18. }
  19. elseif($dopost == "getpwd")
  20. {
  21. //验证验证码
  22. if(!isset($vdcode)) $vdcode = '';
  23. $svali = GetCkVdValue();
  24. if(strtolower($vdcode) != $svali || $svali=='')
  25. {
  26. ResetVdValue();
  27. ShowMsg("对不起,验证码输入错误!","-1");
  28. exit();
  29. }
  30. //验证邮箱,用户名
  31. if(empty($mail) && empty($userid))
  32. {
  33. showmsg('对不起,请输入用户名或邮箱', '-1');
  34. exit;
  35. } else if (!preg_match("#(.*)@(.*)\.(.*)#", $mail))
  36. {
  37. showmsg('对不起,请输入正确的邮箱格式', '-1');
  38. exit;
  39. } else if (CheckUserID($userid, '', false) != 'ok')
  40. {
  41. ShowMsg("你输入的用户名 {$userid} 不合法!","-1");
  42. exit();
  43. }
  44. $member = member($mail, $userid);
  45. //以邮件方式取回密码;
  46. if($type == 1)
  47. {
  48. //判断系统邮件服务是否开启
  49. if($cfg_sendmail_bysmtp == "Y")
  50. {
  51. sn($member['mid'],$userid,$member['email']);
  52. }else
  53. {
  54. showmsg('对不起邮件服务暂未开启,请联系管理员', 'login.php');
  55. exit();
  56. }
  57. //以安全问题取回密码;
  58. } else if ($type == 2)
  59. {
  60. if($member['safequestion'] == 0)
  61. {
  62. showmsg('对不起您尚未设置安全密码,请通过邮件方式重设密码', 'login.php');
  63. exit;
  64. }
  65. require_once(dirname(__FILE__)."/templets/resetpassword3.htm");
  66. }
  67. exit();
  68. }
  69. else if($dopost == "safequestion")
  70. {
  71. $mid = preg_replace("#[^0-9]#", "", $id);
  72. $sql = "SELECT safequestion,safeanswer,userid,email FROM #@__member WHERE mid = '$mid'";
  73. $row = $db->GetOne($sql);
  74. if(empty($safequestion)) $safequestion = '';
  75. if(empty($safeanswer)) $safeanswer = '';
  76. if($row['safequestion'] == $safequestion && $row['safeanswer'] == $safeanswer)
  77. {
  78. sn($mid, $row['userid'], $row['email'], 'N');
  79. exit();
  80. }
  81. else
  82. {
  83. ShowMsg("对不起,您的安全问题或答案回答错误","-1");
  84. exit();
  85. }
  86. }
  87. else if($dopost == "getpasswd")
  88. {
  89. //修改密码
  90. if(empty($id))
  91. {
  92. ShowMsg("对不起,请不要非法提交","login.php");
  93. exit();
  94. }
  95. $mid = preg_replace("#[^0-9]#", "", $id);
  96. $row = $db->GetOne("SELECT * FROM #@__pwd_tmp WHERE mid = '$mid'");
  97. if(empty($row))
  98. {
  99. ShowMsg("对不起,请不要非法提交","login.php");
  100. exit();
  101. }
  102. if(empty($setp))
  103. {
  104. $tptim= (60*60*24*3);
  105. $dtime = time();
  106. if($dtime - $tptim > $row['mailtime'])
  107. {
  108. $db->executenonequery("DELETE FROM `#@__pwd_tmp` WHERE `md` = '$id';");
  109. ShowMsg("对不起,临时密码修改期限已过期","login.php");
  110. exit();
  111. }
  112. require_once(dirname(__FILE__)."/templets/resetpassword2.htm");
  113. }
  114. elseif($setp == 2)
  115. {
  116. if(isset($key)) $pwdtmp = $key;
  117. $sn = md5(trim($pwdtmp));
  118. if($row['pwd'] == $sn)
  119. {
  120. if($pwd != "")
  121. {
  122. if($pwd == $pwdok)
  123. {
  124. $pwdok = md5($pwdok);
  125. $sql = "DELETE FROM `#@__pwd_tmp` WHERE `mid` = '$id';";
  126. $db->executenonequery($sql);
  127. $sql = "UPDATE `#@__member` SET `pwd` = '$pwdok' WHERE `mid` = '$id';";
  128. if($db->executenonequery($sql))
  129. {
  130. showmsg('更改密码成功,请牢记新密码', 'login.php');
  131. exit;
  132. }
  133. }
  134. }
  135. showmsg('对不起,新密码为空或填写不一致', '-1');
  136. exit;
  137. }
  138. showmsg('对不起,临时密码错误', '-1');
  139. exit;
  140. }
  141. }