国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

125 lines
4.7KB

  1. <?php
  2. /**
  3. * @version $id:edit_baseinfo.php 8:38 2010年7月9日 tianya $
  4. * @package DedeBIZ.User
  5. * @copyright Copyright (c) 2022 DedeBIZ.COM
  6. * @license https://www.dedebiz.com/license
  7. * @link https://www.dedebiz.com
  8. */
  9. require_once(dirname(__FILE__)."/config.php");
  10. CheckRank(0, 0);
  11. $menutype = 'config';
  12. if (!isset($dopost)) $dopost = '';
  13. $pwd2 = (empty($pwd2)) ? "" : $pwd2;
  14. $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='".$cfg_ml->M_ID."'");
  15. $face = $row['face'];
  16. $newface = isset($newface)? $newface : '';
  17. if ($dopost == 'save') {
  18. //校验CSRF
  19. CheckCSRF();
  20. if (function_exists('password_hash') && !empty($row['pwd_new'])) {
  21. if (!is_array($row) || !password_verify($oldpwd, $row['pwd_new'])) {
  22. ShowMsg('您输入的旧密码错误或没填写,修改资料失败', '-1');
  23. exit();
  24. }
  25. } else {
  26. if (!is_array($row) || $row['pwd'] != md5($oldpwd)) {
  27. ShowMsg('您输入的旧密码错误或没填写,修改资料失败', '-1');
  28. exit();
  29. }
  30. }
  31. if ($userpwd != $userpwdok) {
  32. ShowMsg('您两次输入的新密码不一致', '-1');
  33. exit();
  34. }
  35. $addupquery = '';
  36. $admaddupquery = '';
  37. $pp = "pwd";
  38. $pwd = '';
  39. if ($userpwd == '') {
  40. if (function_exists('password_hash')) {
  41. $pp = "pwd_new";
  42. $pwd = $row['pwd_new'];
  43. $addupquery = ',pwd=\'\'';
  44. } else {
  45. $pwd = $row['pwd'];
  46. }
  47. } else {
  48. if (function_exists('password_hash'))
  49. {
  50. $pp = "pwd_new";
  51. $pwd = password_hash($userpwd, PASSWORD_BCRYPT);
  52. $pwd2 = password_hash($userpwd, PASSWORD_BCRYPT);
  53. $addupquery = ',pwd=\'\'';
  54. $admaddupquery = ',pwd=\'\'';
  55. } else {
  56. $pwd = md5($userpwd);
  57. $pwd2 = substr(md5($userpwd), 5, 20);
  58. }
  59. }
  60. //修改头像
  61. $target_file = $cfg_basedir.$cfg_user_dir."/{$cfg_ml->M_ID}/newface.png";
  62. if (!empty($newface) && file_exists($target_file)) {
  63. $rnd = mt_rand(10000, 99999);
  64. rename($target_file, $cfg_basedir.$cfg_user_dir."/{$cfg_ml->M_ID}/face{$rnd}.png");
  65. $target_url = $cfg_mediasurl.'/userup'."/{$cfg_ml->M_ID}/face{$rnd}.png";
  66. $addupquery = ",face='{$target_url}'";
  67. @unlink($target_file);
  68. }
  69. //修改安全问题或邮箱
  70. if ($email != $row['email'] || ($newsafequestion != 0 && $newsafeanswer != '')) {
  71. if ($row['safequestion'] != 0 && ($row['safequestion'] != $safequestion || $row['safeanswer'] != $safeanswer)) {
  72. ShowMsg('您的旧安全问题及答案不正确,不能修改邮箱或安全问题', '-1');
  73. exit();
  74. }
  75. //修改邮箱
  76. if (!empty($email)) {
  77. if ($email != $row['email']) {
  78. if (!CheckEmail($email)) {
  79. ShowMsg('邮箱格式不正确', '-1');
  80. exit();
  81. } else {
  82. $addupquery .= ",email='$email'";
  83. }
  84. }
  85. }
  86. //修改安全问题
  87. if ($newsafequestion != 0 && $newsafeanswer != '') {
  88. if (strlen($newsafeanswer) > 30) {
  89. ShowMsg('您的新安全问题的答案太长了,请保持在30字节以内', '-1');
  90. exit();
  91. } else {
  92. $newsafequestion = HtmlReplace($newsafequestion, 1);
  93. $newsafeanswer = HtmlReplace($newsafeanswer, 1);
  94. $addupquery .= ",safequestion='$newsafequestion',safeanswer='$newsafeanswer'";
  95. }
  96. }
  97. }
  98. //修改uname
  99. if ($uname != $row['uname']) {
  100. $rs = CheckUserID($uname, '昵称或公司名称', FALSE);
  101. if ($rs != 'ok') {
  102. ShowMsg($rs, '-1');
  103. exit();
  104. }
  105. $addupquery .= ",uname='$uname'";
  106. }
  107. //性别
  108. if (!in_array($sex, array('男', '女', '保密'))) {
  109. ShowMsg('请选择正常的性别', '-1');
  110. exit();
  111. }
  112. $query1 = "UPDATE `#@__member` SET $pp='$pwd',sex='$sex'{$addupquery} WHERE mid='".$cfg_ml->M_ID."' ";
  113. $dsql->ExecuteNoneQuery($query1);
  114. //如果是管理员,修改其后台密码
  115. if ($cfg_ml->fields['matt'] == 10 && $pwd2 != "") {
  116. $query2 = "UPDATE `#@__admin` SET $pp='$pwd2'{$admaddupquery} WHERE id='".$cfg_ml->M_ID."' ";
  117. $dsql->ExecuteNoneQuery($query2);
  118. }
  119. //清除会员缓存
  120. $cfg_ml->DelCache($cfg_ml->M_ID);
  121. ShowMsg('成功更新您的基本资料', 'edit_baseinfo.php', 0, 5000);
  122. exit();
  123. }
  124. include(DEDEMEMBER."/templets/edit_baseinfo.htm");
  125. ?>