573音乐网
文章141564评论0
$_user['salt']; $password = md5($password . $salt); is_password($password, $err) || message('password', $err); user_update($_uid, array('password' => $password)); unset($_SESSION['user_resetpw_email']); unset($_SESSION['user_resetpw_code']); message(0, lang('modify_successfully')); } break; case 'send_code': // 发送验证码 'POST' != $method AND message(-1, lang('method_error')); $action2 = param(2); if ('user_create' == $action2) { // 创建用户 $email = param('email'); empty($email) AND message('email', lang('please_input_email')); is_email($email, $err) || message('email', $err); empty($conf['user_create_email_on']) AND message(-1, lang('email_verify_not_on')); $_user = user_read_by_email($email); empty($_user) || message('email', lang('email_is_in_use')); $code = rand(100000, 999999); $_SESSION['user_create_email'] = $email; $_SESSION['user_create_code'] = $code; } elseif ('user_resetpw' == $action2) { // 重置密码,往老地址发送 $email = param('email'); empty($email) AND message('email', lang('please_input_email')); is_email($email, $err) || message('email', $err); $_user = user_read_by_email($email); empty($_user) AND message('email', lang('email_is_not_in_use')); empty($conf['user_resetpw_on']) AND message(-1, lang('resetpw_not_on')); $code = rand(100000, 999999); $_SESSION['user_resetpw_email'] = $email; $_SESSION['user_resetpw_code'] = $code; } else { message(-1, 'action2 error'); } $subject = lang('send_code_template', array('rand' => $code, 'sitename' => $conf['sitename'])); $message = $subject; $smtplist = include _include(APP_PATH . 'conf/smtp.conf.php'); $n = array_rand($smtplist); $smtp = $smtplist[$n]; $r = xn_send_mail($smtp, $conf['sitename'], $email, $subject, $message); if (TRUE === $r) { message(0, lang('send_successfully')); } else { xn_log($errstr, 'send_mail_error'); message(-1, $errstr); } break; case 'synlogin': // 简单的同步登陆实现:| sync login implement simply /* user-synlogin.html?token=token&return_url=url 将用户信息通过 token 传递给其他系统 | send user information to other system by token 两边系统将 auth_key 设置为一致,用 xn_encrypt() xn_decrypt() 加密解密。all subsystem set auth_key to correct by xn_encrypt() xn_decrypt() */ // 检查过来的 token | check token $token = param('token'); $return_url = param('return_url'); $s = xn_decrypt($token); empty($s) AND message(-1, lang('unauthorized_access')); list($_time, $_useragent) = explode("\t", $s); $useragent != $_useragent AND message(-1, lang('authorized_get_failed')); empty($_SESSION['return_url']) AND $_SESSION['return_url'] = $return_url; if (!$uid) { http_location(url('user-login')); } else { $return_url = _SESSION('return_url'); empty($return_url) AND message(-1, lang('request_synlogin_again')); unset($_SESSION['return_url']); $arr = array( 'uid' => $user['uid'], 'gid' => $user['gid'], 'username' => $user['username'], 'avatar_url' => $user['avatar_url'], 'email' => $user['email'], 'mobile' => $user['mobile'], ); $s = xn_json_encode($arr); $s = xn_encrypt($s); // 将 token 附加到 URL,跳转回去 | add token into URL, jump back $url = xn_urldecode($return_url) . '?token=' . $s; http_location($url); } break; default: $_uid = param(1, 0); $page = param(2, 1); $pagesize = $conf['pagesize']; $extra = array(); // 插件预留 empty($_uid) AND $_uid = $uid; $_user = user_read_cache($_uid); empty($_user) AND message(-1, lang('user_not_exists')); $threadlist = well_thread_find_by_uid($_user['uid'], $page, $pagesize); well_thread_list_access_filter($threadlist, $gid); $allowdelete = group_access($gid, 'allowdelete'); $page_url = url('user-' . $_user['uid'] . '-{page}', $extra); $num = $_user['articles'] > $pagesize * $conf['listsize'] ? $pagesize * $conf['listsize'] : $_user['articles']; $pagination = pagination($page_url, $num, $page, $pagesize); $header['title'] = $_user['username'] . ' - ' . lang('thread'); $header['mobile_title'] = ''; include _include(theme_load('user')); break; } ?>