-
Notifications
You must be signed in to change notification settings - Fork 4
/
user.php
408 lines (276 loc) · 11.3 KB
/
user.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
<?php
!defined('DEBUG') AND exit('Access Denied.');
include _include(XIUNOPHP_PATH.'xn_send_mail.func.php');
$action = param(1);
is_numeric($action) AND $action = '';
// hook user_start.php
if(empty($action)) {
// hook user_index_start.php
$_uid = param(1, 0);
empty($_uid) AND $_uid = $uid;
$_user = user_read($_uid);
empty($_user) AND message(-1, lang('user_not_exists'));
$header['title'] = $_user['username'];
$header['mobile_title'] = $_user['username'];
// hook user_index_end.php
include _include(APP_PATH.'view/htm/user.htm');
} elseif($action == 'thread') {
// hook user_thread_start.php
$_uid = param(2, 0);
empty($_uid) AND $_uid = $uid;
$_user = user_read($_uid);
empty($_user) AND message(-1, lang('user_not_exists'));
$header['title'] = $_user['username'];
$header['mobile_title'] = $_user['username'];
$page = param(3, 1);
$pagesize = 20;
$totalnum = $_user['threads'];
$pagination = pagination(url("user-thread-$_uid-{page}"), $totalnum, $page, $pagesize);
$threadlist = mythread_find_by_uid($_uid, $page, $pagesize);
thread_list_access_filter($threadlist, $gid);
// hook user_thread_end.php
include _include(APP_PATH.'view/htm/user_thread.htm');
} elseif($action == 'login') {
// hook user_login_get_post.php
if($method == 'GET') {
// hook user_login_get_start.php
$referer = user_http_referer();
$header['title'] = lang('user_login');
// hook user_login_get_end.php
include _include(APP_PATH.'view/htm/user_login.htm');
} else if($method == 'POST') {
// hook user_login_post_start.php
$email = param('email'); // 邮箱或者手机号 / email or mobile
$password = param('password');
empty($email) AND message('email', lang('email_is_empty'));
if(is_email($email, $err)) {
$_user = user_read_by_email($email);
empty($_user) AND message('email', lang('email_not_exists'));
} else {
$_user = user_read_by_username($email);
empty($_user) AND message('email', lang('username_not_exists'));
}
!is_password($password, $err) AND message('password', $err);
$check = (md5($password.$_user['salt']) == $_user['password']);
// hook user_login_post_password_check_after.php
!$check AND message('password', lang('password_incorrect'));
// 更新登录时间和次数
// update login times
user_update($_user['uid'], array('login_ip'=>$longip, 'login_date' =>$time , 'logins+'=>1));
// 全局变量 $uid 会在结束后,在函数 register_shutdown_function() 中存入 session (文件: model/session.func.php)
// global variable $uid will save to session in register_shutdown_function() (file: model/session.func.php)
$uid = $_user['uid'];
$_SESSION['uid'] = $uid;
user_token_set($_user['uid']);
// hook user_login_post_end.php
// 设置 token,下次自动登陆。
message(0, lang('user_login_successfully'));
}
} elseif($action == 'create') {
// hook user_create_get_post.php
empty($conf['user_create_on']) AND message(-1, lang('user_create_not_on'));
if($method == 'GET') {
// hook user_create_get_start.php
$referer = user_http_referer();
$header['title'] = lang('create_user');
// hook user_create_get_end.php
include _include(APP_PATH.'view/htm/user_create.htm');
} else if($method == 'POST') {
// hook user_create_post_start.php
$email = param('email');
$username = param('username');
$password = param('password');
$code = param('code');
empty($email) AND message('email', lang('please_input_email'));
empty($username) AND message('username', lang('please_input_username'));
empty($password) AND message('password', lang('please_input_password'));
if($conf['user_create_email_on']) {
$sess_email = _SESSION('user_create_email');
$sess_code = _SESSION('user_create_code');
empty($sess_code) AND message('code', lang('click_to_get_verify_code'));
empty($sess_email) AND message('code', lang('click_to_get_verify_code'));
$email != $sess_email AND message('code', lang('verify_code_incorrect'));
$code != $sess_code AND message('code', lang('verify_code_incorrect'));
}
!is_email($email, $err) AND message('email', $err);
$_user = user_read_by_email($email);
$_user AND message('email', lang('email_is_in_use'));
!is_username($username, $err) AND message('username', $err);
$_user = user_read_by_username($username);
$_user AND message('username', lang('username_is_in_use'));
!is_password($password, $err) AND message('password', $err);
$salt = xn_rand(16);
$pwd = md5($password.$salt);
$gid = 101;
$_user = array (
'username' => $username,
'email' => $email,
'password' => $pwd,
'salt' => $salt,
'gid' => $gid,
'create_ip' => $longip,
'create_date' => $time,
'logins' => 1,
'login_date' => $time,
'login_ip' => $longip,
);
$uid = user_create($_user);
$uid === FALSE AND message('email', lang('user_create_failed'));
$user = user_read($uid);
// 更新 session
unset($_SESSION['user_create_email']);
unset($_SESSION['user_create_code']);
$_SESSION['uid'] = $uid;
user_token_set($uid);
$extra = array('token'=>user_token_gen($uid));
// hook user_create_post_end.php
message(0, lang('user_create_sucessfully'), $extra);
}
} elseif($action == 'logout') {
// hook user_logout_start.php
$uid = 0;
$_SESSION['uid'] = $uid;
user_token_clear();
// hook user_logout_end.php
message(0, jump(lang('logout_successfully'), http_referer(), 1));
//message(0, jump('退出成功', './', 1));
// 重设密码第 1 步 | reset password first step
} elseif($action == 'resetpw') {
// hook user_resetpw_get_post.php
!$conf['user_resetpw_on'] AND message(-1, '未开启密码找回功能!');
if($method == 'GET') {
// hook user_resetpw_get_start.php
$header['title'] = lang('resetpw');
// hook user_resetpw_get_end.php
include _include(APP_PATH.'view/htm/user_resetpw.htm');
} else if($method == 'POST') {
// hook user_resetpw_post_start.php
$email = param('email');
empty($email) AND message('email', lang('please_input_email'));
!is_email($email, $err) AND message('email', $err);
$_user = user_read_by_email($email);
!$_user AND message('email', lang('email_is_not_in_use'));
$code = param('code');
empty($code) AND message('code', lang('please_input_verify_code'));
$sess_email = _SESSION('user_resetpw_email');
$sess_code = _SESSION('user_resetpw_code');
empty($sess_code) AND message('code', lang('click_to_get_verify_code'));
empty($sess_email) AND message('code', lang('click_to_get_verify_code'));
$email != $sess_email AND message('code', lang('verify_code_incorrect'));
$code != $sess_code AND message('code', lang('verify_code_incorrect'));
$_SESSION['resetpw_verify_ok'] = 1;
// hook user_resetpw_post_end.php
message(0, lang('check_ok_to_next_step'));
}
// 重设密码第 3 步 | reset password step 3
} elseif($action == 'resetpw_complete') {
// hook user_resetpw_get_post.php
// 校验数据
$email = _SESSION('user_resetpw_email');
$resetpw_verify_ok = _SESSION('resetpw_verify_ok');
(empty($email) || empty($resetpw_verify_ok)) AND message(-1, lang('data_empty_to_last_step'));
$_user = user_read_by_email($email);
empty($_user) AND message(-1, lang('email_not_exists'));
$_uid = $_user['uid'];
if($method == 'GET') {
// hook user_resetpw_get_start.php
$header['title'] = lang('resetpw');
// hook user_resetpw_get_end.php
include _include(APP_PATH.'view/htm/user_resetpw_complete.htm');
} else if($method == 'POST') {
// hook user_resetpw_post_start.php
$password = param('password');
empty($password) AND message('password', lang('please_input_password'));
$salt = $_user['salt'];
$password = md5($password.$salt);
user_update($_uid, array('password'=>$password));
!is_password($password, $err) AND message('password', $err);
unset($_SESSION['user_resetpw_email']);
unset($_SESSION['user_resetpw_code']);
unset($_SESSION['resetpw_verify_ok']);
// hook user_resetpw_post_end.php
message(0, lang('modify_successfully'));
}
// 发送验证码
} elseif($action == 'send_code') {
$method != 'POST' AND message(-1, lang('method_error'));
// hook user_sendcode_start.php
$action2 = param(2);
// 创建用户
if($action2 == 'user_create') {
$email = param('email');
empty($email) AND message('email', lang('please_input_email'));
!is_email($email, $err) AND message('email', $err);
empty($conf['user_create_email_on']) AND message(-1, lang('email_verify_not_on'));
$_user = user_read_by_email($email);
!empty($_user) AND message('email', lang('email_is_in_use'));
$code = rand(100000, 999999);
$_SESSION['user_create_email'] = $email;
$_SESSION['user_create_code'] = $code;
// 重置密码,往老地址发送
} elseif($action2 == 'user_resetpw') {
$email = param('email');
empty($email) AND message('email', lang('please_input_email'));
!is_email($email, $err) AND message('email', $err);
$_user = user_read_by_email($email);
empty($_user) AND message('email', lang('email_is_not_in_use'));
empty($conf['user_resetpw_on']) AND message(-1, lang('resetpw_not_on'));
$code = rand(100000, 999999);
$_SESSION['user_resetpw_email'] = $email;
$_SESSION['user_resetpw_code'] = $code;
} else {
message(-1, 'action2 error');
}
$subject = lang('send_code_template', array('rand'=>$code, 'sitename'=>$conf['sitename']));
$message = $subject;
$smtplist = include _include(APP_PATH.'conf/smtp.conf.php');
$n = array_rand($smtplist);
$smtp = $smtplist[$n];
// hook user_send_code_before.php
$r = xn_send_mail($smtp, $conf['sitename'], $email, $subject, $message);
// hook user_send_code_after.php
if($r === TRUE) {
message(0, lang('send_successfully'));
} else {
xn_log($errstr, 'send_mail_error');
message(-1, $errstr);
}
// 简单的同步登陆实现:| sync login implement simply
/*
将用户信息通过 token 传递给其他系统 | send user information to other system by token
两边系统将 auth_key 设置为一致,用 xn_encrypt() xn_decrypt() 加密解密。all subsystem set auth_key to correct by xn_encrypt() xn_decrypt()
*/
} elseif($action == 'synlogin') {
// 检查过来的 token | check token
$token = param('token');
$return_url = param('return_url');
$s = xn_decrypt($token);
!$s AND message(-1, lang('unauthorized_access'));
list($_time, $_useragent) = explode("\t", $s);
$useragent != $_useragent AND message(-1, lang('authorized_get_failed'));
empty($_SESSION['return_url']) AND $_SESSION['return_url'] = $return_url;
if(!$uid) {
http_location(url('user-login'));
} else {
$return_url = _SESSION('return_url');
empty($return_url) AND message(-1, lang('request_synlogin_again'));
unset($_SESSION['return_url']);
$arr = array(
'uid'=>$user['uid'],
'gid'=>$user['gid'],
'username'=>$user['username'],
'avatar_url'=>$user['avatar_url'],
'email'=>$user['email'],
'mobile'=>$user['mobile'],
);
$s = xn_json_encode($arr);
$s = xn_encrypt($s);
// 将 token 附加到 URL,跳转回去 | add token into URL, jump back
$url = xn_urldecode($return_url).'?token='.$s;
//$url = xn_url_add_arg($return_url, 'token', $s);
http_location($url);
}
} else {
}
// hook user_end.php
?>