1、进入 后台 》 数据库管理 》SQL查询,执行下面的SQL语句:
ALTER TABLE `ecs_users` ADD column `state` tinyint NOT NULL default '0';
注意:这里我使用的是默认数据库前缀ecs_,如果你的数据库前缀不是 ecs_ , 请修改之。
2、打开admin/users.php文件
(1)找到:(大约在206-249行左右)
/*------------------------------------------------------ */
//-- 编辑用户帐号
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'edit')
{
/* 检查权限 */
admin_priv('users_manage');
$sql = "SELECT u.user_name, u.sex, u.birthday, u.pay_points, u.rank_points, u.user_rank , u.user_money, u.frozen_money, u.credit_line, u.parent_id, u2.user_name as parent_username, u.qq, u.msn, u.office_phone, u.home_phone, u.mobile_phone".
" FROM " .$ecs->table('users'). " u LEFT JOIN " . $ecs->table('users') . " u2 ON u.parent_id = u2.user_id WHERE u.user_id='$_GET[id]'";
$row = $db->GetRow($sql);
$row['user_name'] = addslashes($row['user_name']);
$users =& init_users();
$user = $users->get_user_info($row['user_name']);
$sql = "SELECT u.user_id, u.sex, u.birthday, u.pay_points, u.rank_points, u.user_rank , u.user_money, u.frozen_money, u.credit_line, u.parent_id, u2.user_name as parent_username, u.qq, u.msn,
u.office_phone, u.home_phone, u.mobile_phone".
" FROM " .$ecs->table('users'). " u LEFT JOIN " . $ecs->table('users') . " u2 ON u.parent_id = u2.user_id WHERE u.user_id='$_GET[id]'";
$row = $db->GetRow($sql);
if ($row)
{
$user['user_id'] = $row['user_id'];
$user['sex'] = $row['sex'];
$user['birthday'] = date($row['birthday']);
$user['pay_points'] = $row['pay_points'];
$user['rank_points'] = $row['rank_points'];
$user['user_rank'] = $row['user_rank'];
$user['user_money'] = $row['user_money'];
$user['frozen_money'] = $row['frozen_money'];
$user['credit_line'] = $row['credit_line'];
$user['formated_user_money'] = price_format($row['user_money']);
$user['formated_frozen_money'] = price_format($row['frozen_money']);
$user['parent_id'] = $row['parent_id'];
$user['parent_username']= $row['parent_username'];
$user['qq'] = $row['qq'];
$user['msn'] = $row['msn'];
$user['office_phone'] = $row['office_phone'];
$user['home_phone'] = $row['home_phone'];
$user['mobile_phone'] = $row['mobile_phone'];
}
将这段代码修改为:
/*------------------------------------------------------ */
//-- 编辑用户帐号
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'edit')
{
/* 检查权限 */
admin_priv('users_manage');
$sql = "SELECT u.user_name, u.sex, u.birthday, u.pay_points, u.rank_points, u.user_rank , u.user_money, u.frozen_money, u.credit_line, u.parent_id, u2.user_name as parent_username, u.qq, u.msn, u.office_phone, u.home_phone, u.mobile_phone, u.state". /* mod by www.53moban.com 新注册会员登录审核插件 */
" FROM " .$ecs->table('users'). " u LEFT JOIN " . $ecs->table('users') . " u2 ON u.parent_id = u2.user_id WHERE u.user_id='$_GET[id]'";
$row = $db->GetRow($sql);
$row['user_name'] = addslashes($row['user_name']);
$users =& init_users();
$user = $users->get_user_info($row['user_name']);
$sql = "SELECT u.user_id, u.sex, u.birthday, u.pay_points, u.rank_points, u.user_rank , u.user_money, u.frozen_money, u.credit_line, u.parent_id, u2.user_name as parent_username, u.qq, u.msn,
u.office_phone, u.home_phone, u.mobile_phone, u.state". /* 新注册会员登录审核插件 */
" FROM " .$ecs->table('users'). " u LEFT JOIN " . $ecs->table('users') . " u2 ON u.parent_id = u2.user_id WHERE u.user_id='$_GET[id]'";
$row = $db->GetRow($sql);
if ($row)
{
$user['user_id'] = $row['user_id'];
$user['sex'] = $row['sex'];
$user['birthday'] = date($row['birthday']);
$user['pay_points'] = $row['pay_points'];
$user['rank_points'] = $row['rank_points'];
$user['user_rank'] = $row['user_rank'];
$user['user_money'] = $row['user_money'];
$user['frozen_money'] = $row['frozen_money'];
$user['credit_line'] = $row['credit_line'];
$user['formated_user_money'] = price_format($row['user_money']);
$user['formated_frozen_money'] = price_format($row['frozen_money']);
$user['parent_id'] = $row['parent_id'];
$user['parent_username']= $row['parent_username'];
$user['qq'] = $row['qq'];
$user['msn'] = $row['msn'];
$user['office_phone'] = $row['office_phone'];
$user['home_phone'] = $row['home_phone'];
$user['mobile_phone'] = $row['mobile_phone'];
$user['state'] = $row['state']; /* 新注册会员登录审核插件 */
}
(如果这里做过二次开发的话,其实就是在, u.mobile_phone的后面添加, u.state )
(如果这里做过二次开发的话,其实就是在, u.mobile_phone的后面添加, u.state )
(如果这里做过二次开发的话,其实就是在$user['mobile_phone'] = $row['mobile_phone'];的下面添加$user['state'] = $row['state'];)
(2)找到:(大约在338-355行左右)
/*------------------------------------------------------ */
//-- 更新用户帐号
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'update')
{
/* 检查权限 */
admin_priv('users_manage');
$username = empty($_POST['username']) ? '' : trim($_POST['username']);
$password = empty($_POST['password']) ? '' : trim($_POST['password']);
$email = empty($_POST['email']) ? '' : trim($_POST['email']);
$sex = empty($_POST['sex']) ? 0 : intval($_POST['sex']);
$sex = in_array($sex, array(0, 1, 2)) ? $sex : 0;
$birthday = $_POST['birthdayYear'] . '-' . $_POST['birthdayMonth'] . '-' . $_POST['birthdayDay'];
$rank = empty($_POST['user_rank']) ? 0 : intval($_POST['user_rank']);
$credit_line = empty($_POST['credit_line']) ? 0 : floatval($_POST['credit_line']);
$users =& init_users();
将这段代码修改为:
/*------------------------------------------------------ */
//-- 更新用户帐号
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'update')
{
/* 检查权限 */
admin_priv('users_manage');
$username = empty($_POST['username']) ? '' : trim($_POST['username']);
$password = empty($_POST['password']) ? '' : trim($_POST['password']);
$email = empty($_POST['email']) ? '' : trim($_POST['email']);
$sex = empty($_POST['sex']) ? 0 : intval($_POST['sex']);
$sex = in_array($sex, array(0, 1, 2)) ? $sex : 0;
$birthday = $_POST['birthdayYear'] . '-' . $_POST['birthdayMonth'] . '-' . $_POST['birthdayDay'];
$rank = empty($_POST['user_rank']) ? 0 : intval($_POST['user_rank']);
$credit_line = empty($_POST['credit_line']) ? 0 : floatval($_POST['credit_line']);
$state = empty($_POST['state']) ? 0 : intval($_POST['state']); /* 新注册会员登录审核插件 */
$users =& init_users();
(如果这里做过二次开发的话,其实就是在$credit_line = empty($_POST['credit_line']) ? 0 : floatval($_POST['credit_line']);的下面添加$state = empty($_POST['state']) ? 0 : intval($_POST['state']);)
(3)找到:(大约在401-410行左右,在elseif ($_REQUEST['act'] == 'update')里面)
/* 更新会员的其它信息 */
$other = array();
$other['credit_line'] = $credit_line;
$other['user_rank'] = $rank;
$other['msn'] = isset($_POST['extend_field1']) ? htmlspecialchars(trim($_POST['extend_field1'])) : '';
$other['qq'] = isset($_POST['extend_field2']) ? htmlspecialchars(trim($_POST['extend_field2'])) : '';
$other['office_phone'] = isset($_POST['extend_field3']) ? htmlspecialchars(trim($_POST['extend_field3'])) : '';
$other['home_phone'] = isset($_POST['extend_field4']) ? htmlspecialchars(trim($_POST['extend_field4'])) : '';
$other['mobile_phone'] = isset($_POST['extend_field5']) ? htmlspecialchars(trim($_POST['extend_field5'])) : '';
将这段代码修改为:
/* 更新会员的其它信息 */
$other = array();
$other['credit_line'] = $credit_line;
$other['user_rank'] = $rank;
$other['state'] = $state; /* 新注册会员登录审核插件 */
$other['msn'] = isset($_POST['extend_field1']) ? htmlspecialchars(trim($_POST['extend_field1'])) : '';
$other['qq'] = isset($_POST['extend_field2']) ? htmlspecialchars(trim($_POST['extend_field2'])) : '';
$other['office_phone'] = isset($_POST['extend_field3']) ? htmlspecialchars(trim($_POST['extend_field3'])) : '';
$other['home_phone'] = isset($_POST['extend_field4']) ? htmlspecialchars(trim($_POST['extend_field4'])) : '';
$other['mobile_phone'] = isset($_POST['extend_field5']) ? htmlspecialchars(trim($_POST['extend_field5'])) : '';
(如果这里做过二次开发的话,其实就是在$other['user_rank'] = $rank;的下面添加$other['state'] = $state;)
(4)找到:(大约在665-749行左右)
/**
* 返回用户列表数据
*
* @access public
* @param
*
* @return void
*/
function user_list()
{
$result = get_filter();
if ($result === false)
{
/* 过滤条件 */
$filter['keywords'] = empty($_REQUEST['keywords']) ? '' : trim($_REQUEST['keywords']);
if (isset($_REQUEST['is_ajax']) && $_REQUEST['is_ajax'] == 1)
{
$filter['keywords'] = json_str_iconv($filter['keywords']);
}
$filter['rank'] = empty($_REQUEST['rank']) ? 0 : intval($_REQUEST['rank']);
$filter['pay_points_gt'] = empty($_REQUEST['pay_points_gt']) ? 0 : intval($_REQUEST['pay_points_gt']);
$filter['pay_points_lt'] = empty($_REQUEST['pay_points_lt']) ? 0 : intval($_REQUEST['pay_points_lt']);
$filter['sort_by'] = empty($_REQUEST['sort_by']) ? 'user_id' : trim($_REQUEST['sort_by']);
$filter['sort_order'] = empty($_REQUEST['sort_order']) ? 'DESC' : trim($_REQUEST['sort_order']);
$ex_where = ' WHERE 1 ';
if ($filter['keywords'])
{
$ex_where .= " AND user_name LIKE '%" . mysql_like_quote($filter['keywords']) ."%'";
}
if ($filter['rank'])
{
$sql = "SELECT min_points, max_points, special_rank FROM ".$GLOBALS['ecs']->table('user_rank')." WHERE rank_id = '$filter[rank]'";
$row = $GLOBALS['db']->getRow($sql);
if ($row['special_rank'] > 0)
{
/* 特殊等级 */
$ex_where .= " AND user_rank = '$filter[rank]' ";
}
else
{
$ex_where .= " AND rank_points >= " . intval($row['min_points']) . " AND rank_points < " . intval($row['max_points']);
}
}
if ($filter['pay_points_gt'])
{
$ex_where .=" AND pay_points >= '$filter[pay_points_gt]' ";
}
if ($filter['pay_points_lt'])
{
$ex_where .=" AND pay_points < '$filter[pay_points_lt]' ";
}
$filter['record_count'] = $GLOBALS['db']->getOne("SELECT COUNT(*) FROM " . $GLOBALS['ecs']->table('users') . $ex_where);
/* 分页大小 */
$filter = page_and_size($filter);
$sql = "SELECT user_id, user_name, email, is_validated, user_money, frozen_money, rank_points, pay_points, reg_time ".
" FROM " . $GLOBALS['ecs']->table('users') . $ex_where .
" ORDER by " . $filter['sort_by'] . ' ' . $filter['sort_order'] .
" LIMIT " . $filter['start'] . ',' . $filter['page_size'];
$filter['keywords'] = stripslashes($filter['keywords']);
set_filter($filter, $sql);
}
else
{
$sql = $result['sql'];
$filter = $result['filter'];
}
$user_list = $GLOBALS['db']->getAll($sql);
$count = count($user_list);
for ($i=0; $i<$count; $i++)
{
$user_list[$i]['reg_time'] = local_date($GLOBALS['_CFG']['date_format'], $user_list[$i]['reg_time']);
}
$arr = array('user_list' => $user_list, 'filter' => $filter,
'page_count' => $filter['page_count'], 'record_count' => $filter['record_count']);
return $arr;
}
将这段代码修改为:
/**
* 返回用户列表数据
*
* @access public
* @param
*
* @return void
*/
function user_list()
{
$result = get_filter();
if ($result === false)
{
/* 过滤条件 */
$filter['keywords'] = empty($_REQUEST['keywords']) ? '' : trim($_REQUEST['keywords']);
if (isset($_REQUEST['is_ajax']) && $_REQUEST['is_ajax'] == 1)
{
$filter['keywords'] = json_str_iconv($filter['keywords']);
}
$filter['rank'] = empty($_REQUEST['rank']) ? 0 : intval($_REQUEST['rank']);
$filter['pay_points_gt'] = empty($_REQUEST['pay_points_gt']) ? 0 : intval($_REQUEST['pay_points_gt']);
$filter['pay_points_lt'] = empty($_REQUEST['pay_points_lt']) ? 0 : intval($_REQUEST['pay_points_lt']);
$filter['sort_by'] = empty($_REQUEST['sort_by']) ? 'user_id' : trim($_REQUEST['sort_by']);
$filter['sort_order'] = empty($_REQUEST['sort_order']) ? 'DESC' : trim($_REQUEST['sort_order']);
$ex_where = ' WHERE 1 ';
if ($filter['keywords'])
{
$ex_where .= " AND user_name LIKE '%" . mysql_like_quote($filter['keywords']) ."%'";
}
if ($filter['rank'])
{
$sql = "SELECT min_points, max_points, special_rank FROM ".$GLOBALS['ecs']->table('user_rank')." WHERE rank_id = '$filter[rank]'";
$row = $GLOBALS['db']->getRow($sql);
if ($row['special_rank'] > 0)
{
/* 特殊等级 */
$ex_where .= " AND user_rank = '$filter[rank]' ";
}
else
{
$ex_where .= " AND rank_points >= " . intval($row['min_points']) . " AND rank_points < " . intval($row['max_points']);
}
}
if ($filter['pay_points_gt'])
{
$ex_where .=" AND pay_points >= '$filter[pay_points_gt]' ";
}
if ($filter['pay_points_lt'])
{
$ex_where .=" AND pay_points < '$filter[pay_points_lt]' ";
}
$filter['record_count'] = $GLOBALS['db']->getOne("SELECT COUNT(*) FROM " . $GLOBALS['ecs']->table('users') . $ex_where);
/* 分页大小 */
$filter = page_and_size($filter);
$sql = "SELECT user_id, user_name, email, is_validated, user_money, frozen_money, rank_points, pay_points, reg_time, state ". /* 新注册会员登录审核插件 */
" FROM " . $GLOBALS['ecs']->table('users') . $ex_where .
" ORDER by " . $filter['sort_by'] . ' ' . $filter['sort_order'] .
" LIMIT " . $filter['start'] . ',' . $filter['page_size'];
$filter['keywords'] = stripslashes($filter['keywords']);
set_filter($filter, $sql);
}
else
{
$sql = $result['sql'];
$filter = $result['filter'];
}
$user_list = $GLOBALS['db']->getAll($sql);
$count = count($user_list);
for ($i=0; $i<$count; $i++)
{
$user_list[$i]['reg_time'] = local_date($GLOBALS['_CFG']['date_format'], $user_list[$i]['reg_time']);
}
$arr = array('user_list' => $user_list, 'filter' => $filter,
'page_count' => $filter['page_count'], 'record_count' => $filter['record_count']);
return $arr;
}
(如果这里做过二次开发的话,其实就是在, reg_time的后面添加, state)
3、打开admin/templates/user_info.htm文件
找到:(大约在6-9行左右)
<tr>
<td class="label">{$lang.username}:</td>
<td>{if $form_action eq "update"}{$user.user_name}<input type="hidden" name="username" value="{$user.user_name}" />{else}<input type="text" name="username" maxlength="60" value="{$user.user_name}" />{$lang.require_field}{/if}</td>
</tr>
在这段代码的下面添加:
<!-- 新注册会员登录审核插件 begin -->
<tr>
<td class="label">审核:</td>
<td><select name="state" id=""><option value="1" {if $user.state==1}selected{/if}>通过</option><option value="0" {if $user.state==0}selected{/if}>未审核</option></select></td>
</tr>
<!-- 新注册会员登录审核插件 end -->
4、打开admin/templates/users_list.htm文件
找到:(大约在20-29行左右)
<!--用户列表部分-->
<table cellpadding="3" cellspacing="1">
<tr>
<th>
<input οnclick='listTable.selectAll(this, "checkboxes")' type="checkbox">
<a href="javascript:listTable.sort('user_id'); ">{$lang.record_id}</a>{$sort_user_id}
</th>
<th><a href="javascript:listTable.sort('user_name'); ">{$lang.username}</a>{$sort_user_name}</th>
<th><a href="javascript:listTable.sort('email'); ">{$lang.email}</a>{$sort_email}</th>
<th><a href="javascript:listTable.sort('is_validated'); ">{$lang.is_validated}</a>{$sort_is_validate}</th>
在这段代码的下面添加:
<!-- 新注册会员登录审核插件 begin -->
<th>是否已审核</th>
<!-- 新注册会员登录审核插件 end -->
(2)找到:(大约在39-42行左右)
<td><input type="checkbox" name="checkboxes[]" value="{$user.user_id}" notice="{if $user.user_money ne 0}1{else}0{/if}"/>{$user.user_id}</td>
<td class="first-cell">{$user.user_name|escape}</td>
<td><span οnclick="listTable.edit(this, 'edit_email', {$user.user_id})">{$user.email}</span></td>
<td align="center">{if $user.is_validated} <img src="images/yes.gif"> {else} <img src="images/no.gif"> {/if}</td>
在这段代码的下面添加:
<!-- 新注册会员登录审核插件 begin -->
<td align="center">{if $user.state} <img src="images/yes.gif"> {else} <img src="images/no.gif"> {/if}</td>
<!-- 新注册会员登录审核插件 end -->
5、打开根目录下user.php文件
(1)找到:(大约在356-368行左右,在elseif ($action == 'act_login')里面)
if ($user->login($username, $password,isset($_POST['remember'])))
{
update_user_info();
recalculate_price();
$ucdata = isset($user->ucdata)? $user->ucdata : '';
show_message($_LANG['login_success'] . $ucdata , array($_LANG['back_up_page'], $_LANG['profile_lnk']), array($back_act,'user.php'), 'info');
}
else
{
$_SESSION['login_fail'] ++ ;
show_message($_LANG['login_failure'], $_LANG['relogin_lnk'], 'user.php', 'error');
}
在这段代码的上面添加:
/* 新注册会员登录审核插件 begin */
$sql = "SELECT user_name,state FROM ".$ecs->table('users')." WHERE user_name = '".$username."'";
$count = $db->getRow($sql);
if($count)
{
if(!$count['state'])
{
show_message("你的账号还未通过审核,暂无法登录网站");
}
}
/* 新注册会员登录审核插件 end */
(2)找到:(大约在235-241行左右,在elseif ($action == 'act_register')里面)
/* 判断是否需要自动发送注册邮件 */
if ($GLOBALS['_CFG']['member_email_validate'] && $GLOBALS['_CFG']['send_verify_email'])
{
send_regiter_hash($_SESSION['user_id']);
}
$ucdata = empty($user->ucdata)? "" : $user->ucdata;
show_message(sprintf($_LANG['register_success'], $username . $ucdata), array($_LANG['back_up_page'], $_LANG['profile_lnk']), array($back_act, 'user.php'), 'info');
将这段代码修改为:
/* 判断是否需要自动发送注册邮件 */
if ($GLOBALS['_CFG']['member_email_validate'] && $GLOBALS['_CFG']['send_verify_email'])
{
send_regiter_hash($_SESSION['user_id']);
}
$ucdata = empty($user->ucdata)? "" : $user->ucdata;
/* 新注册会员登录审核插件 begin */
$user->logout();
show_message("您的会员已经注册成功但需要人工审核!","","index.php");
/* 新注册会员登录审核插件 end */
//show_message(sprintf($_LANG['register_success'], $username . $ucdata), array($_LANG['back_up_page'], $_LANG['profile_lnk']), array($back_act, 'user.php'), 'info');
(3)找到:(大约在250-268行左右)
/* 验证用户注册邮件 */
elseif ($action == 'validate_email')
{
$hash = empty($_GET['hash']) ? '' : trim($_GET['hash']);
if ($hash)
{
include_once(ROOT_PATH . 'includes/lib_passport.php');
$id = register_hash('decode', $hash);
if ($id > 0)
{
$sql = "UPDATE " . $ecs->table('users') . " SET is_validated = 1 WHERE user_id='$id'";
$db->query($sql);
$sql = 'SELECT user_name, email FROM ' . $ecs->table('users') . " WHERE user_id = '$id'";
$row = $db->getRow($sql);
show_message(sprintf($_LANG['validate_ok'], $row['user_name'], $row['email']),$_LANG['profile_lnk'], 'user.php');
}
}
show_message($_LANG['validate_fail']);
}
将这段代码修改为:
/* 验证用户注册邮件 */
elseif ($action == 'validate_email')
{
$hash = empty($_GET['hash']) ? '' : trim($_GET['hash']);
if ($hash)
{
include_once(ROOT_PATH . 'includes/lib_passport.php');
$id = register_hash('decode', $hash);
if ($id > 0)
{
$sql = "UPDATE " . $ecs->table('users') . " SET is_validated = 1 WHERE user_id='$id'";
$db->query($sql);
$sql = 'SELECT user_name, email FROM ' . $ecs->table('users') . " WHERE user_id = '$id' and state=1"; /* 新注册会员登录审核插件 */
$row = $db->getRow($sql);
show_message(sprintf($_LANG['validate_ok'], $row['user_name'], $row['email']),$_LANG['profile_lnk'], 'user.php');
}
}
show_message($_LANG['validate_fail']);
}
(如果这里做过二次开发的话,其实也就是在user_id = '$id'的后面添加 and state=1)
6、打开includes/modules/integrates/ecshop.php文件
找到:(大约在79-177行左右)
/**
* 检查指定用户是否存在及密码是否正确(重载基类check_user函数,支持zc加密方法)
*
* @access public
* @param string $username 用户名
*
* @return int
*/
function check_user($username, $password = null)
{
if ($this->charset != 'UTF8')
{
$post_username = ecs_iconv('UTF8', $this->charset, $username);
}
else
{
$post_username = $username;
}
if ($password === null)
{
$sql = "SELECT " . $this->field_id .
" FROM " . $this->table($this->user_table).
" WHERE " . $this->field_name . "='" . $post_username . "'";
return $this->db->getOne($sql);
}
else
{
$sql = "SELECT user_id, password, salt,ec_salt " .
" FROM " . $this->table($this->user_table).
" WHERE user_name='$post_username'";
$row = $this->db->getRow($sql);
$ec_salt=$row['ec_salt'];
if (empty($row))
{
return 0;
}
if (empty($row['salt']))
{
if ($row['password'] != $this->compile_password(array('password'=>$password,'ec_salt'=>$ec_salt)))
{
return 0;
}
else
{
if(empty($ec_salt))
{
$ec_salt=rand(1,9999);
$new_password=md5(md5($password).$ec_salt);
$sql = "UPDATE ".$this->table($this->user_table)."SET password= '" .$new_password."',ec_salt='".$ec_salt."'".
" WHERE user_name='$post_username'";
$this->db->query($sql);
}
return $row['user_id'];
}
}
else
{
/* 如果salt存在,使用salt方式加密验证,验证通过洗白用户密码 */
$encrypt_type = substr($row['salt'], 0, 1);
$encrypt_salt = substr($row['salt'], 1);
/* 计算加密后密码 */
$encrypt_password = '';
switch ($encrypt_type)
{
case ENCRYPT_ZC :
$encrypt_password = md5($encrypt_salt.$password);
break;
/* 如果还有其他加密方式添加到这里 */
//case other :
// ----------------------------------
// break;
case ENCRYPT_UC :
$encrypt_password = md5(md5($password).$encrypt_salt);
break;
default:
$encrypt_password = '';
}
if ($row['password'] != $encrypt_password)
{
return 0;
}
$sql = "UPDATE " . $this->table($this->user_table) .
" SET password = '". $this->compile_password(array('password'=>$password)) . "', salt=''".
" WHERE user_id = '$row[user_id]'";
$this->db->query($sql);
return $row['user_id'];
}
}
}
将这段代码修改为:
/**
* 检查指定用户是否存在及密码是否正确(重载基类check_user函数,支持zc加密方法)
*
* @access public
* @param string $username 用户名
*
* @return int
*/
function check_user($username, $password = null)
{
if ($this->charset != 'UTF8')
{
$post_username = ecs_iconv('UTF8', $this->charset, $username);
}
else
{
$post_username = $username;
}
if ($password === null)
{
$sql = "SELECT " . $this->field_id .
" FROM " . $this->table($this->user_table).
" WHERE " . $this->field_name . "='" . $post_username . "'";
return $this->db->getOne($sql);
}
else
{
$sql = "SELECT user_id, password, salt,ec_salt " .
" FROM " . $this->table($this->user_table).
" WHERE user_name='$post_username' and state=1"; /* 新注册会员登录审核插件 */
$row = $this->db->getRow($sql);
$ec_salt=$row['ec_salt'];
if (empty($row))
{
return 0;
}
if (empty($row['salt']))
{
if ($row['password'] != $this->compile_password(array('password'=>$password,'ec_salt'=>$ec_salt)))
{
return 0;
}
else
{
if(empty($ec_salt))
{
$ec_salt=rand(1,9999);
$new_password=md5(md5($password).$ec_salt);
$sql = "UPDATE ".$this->table($this->user_table)."SET password= '" .$new_password."',ec_salt='".$ec_salt."'".
" WHERE user_name='$post_username'";
$this->db->query($sql);
}
return $row['user_id'];
}
}
else
{
/* 如果salt存在,使用salt方式加密验证,验证通过洗白用户密码 */
$encrypt_type = substr($row['salt'], 0, 1);
$encrypt_salt = substr($row['salt'], 1);
/* 计算加密后密码 */
$encrypt_password = '';
switch ($encrypt_type)
{
case ENCRYPT_ZC :
$encrypt_password = md5($encrypt_salt.$password);
break;
/* 如果还有其他加密方式添加到这里 */
//case other :
// ----------------------------------
// break;
case ENCRYPT_UC :
$encrypt_password = md5(md5($password).$encrypt_salt);
break;
default:
$encrypt_password = '';
}
if ($row['password'] != $encrypt_password)
{
return 0;
}
$sql = "UPDATE " . $this->table($this->user_table) .
" SET password = '". $this->compile_password(array('password'=>$password)) . "', salt=''".
" WHERE user_id = '$row[user_id]'";
$this->db->query($sql);
return $row['user_id'];
}
}
}