he/DzzOffice
1
0
Fork 0
mirror of https://github.com/DzzXH/DzzOffice.git synced 2026-01-15 14:35:21 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

优化XH通用登录

Browse Source
This commit is contained in:
小胡
2023-06-22 21:33:58 +08:00
Unverified
parent 690cd0f118
commit 633f3bb0e7
1 changed files with 66 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
user/sso/xhlogin.php Normal file
View File

@@ -0,0 +1,66 @@
<?php
if($_G['setting']['quick_login']){
$time=trim($_GET['time']);
$username = trim($_GET['username']);
$email= trim($_GET['email']);
$token= trim($_GET['token']);
if($email && $username && $token && $time){
if ($time < (time() - 5)) showmessage('验证时间已过期,请重新获取');
$key=$_G['setting']['quick_key'];
$md5=md5(''.$username.''.''.$email.''.''.$key.''.''.$time.'');
if (!($token === $md5)) {
showmessage('XH通用登录KAY不正确');
return;
}
if(($user=C::t('user')->fetch_by_username($username)) || ($user=C::t('user')->fetch_by_email($email))){//用户已经存在时
if ($user['adminid']) showmessage('为了安全,禁止管理员通过这种方式登录');
$idstring = explode('_', $user['emailsenddate']);
if ($idstring[0] == (time() - $idstring[1]) < 86400) {
dsetcookie('auth', authcode("{$user['password']}\t{$user['uid']}", 'ENCODE'), 0, 1, true);
}
showmessage('Login_success',$_G['siteurl']);
}else{
if($_G['setting']['bbclosed']) showmessage(lang('site_closed_please_admin'));//判断站点是否关闭
require_once libfile('function/user','','user');
if(!check_username($username)) showmessage(lang('user_name_sensitive'));
$password=$_G['setting']['quick_password'];
$user=uc_add_user($username, $password, $email);
$uid=$user['uid'];
if($uid<1) showmessage(lang('import_failure'));
$base = array(
'uid' => $uid,
'adminid' => 0,
'groupid' =>9,
'regdate' => TIMESTAMP,
'emailstatus' => 1,
);
if($_GET['mobile']){
if(!preg_match("/^\d+$/",$_GET['mobile'])){
}elseif(C::t('user')->fetch_by_phone($_GET['mobile']) ) {
}else{
$base['phone']=$_GET['mobile'];
}
}
if($_GET['weixinid']){
if(!preg_match("/^[a-zA-Z\d_]{5,}$/i",$_GET['weixinid'])){
}elseif(C::t('user')->fetch_by_weixinid($_GET['weixinid'])) {
}else{
$base['weixinid']=$_GET['weixinid'];
}
}
$sitename=$_G['setting']['sitename'];
C::t('user')->update($uid,$base);
$idstring = explode('_', $user['emailsenddate']);
if ($idstring[0] == (time() - $idstring[1]) < 86400) {
dsetcookie('auth', authcode("{$user['password']}\t{$user['uid']}", 'ENCODE'), 0, 1, true);
}
showmessage('Login_success',$_G['siteurl']);
}
}
}else{
showmessage('未开启XH通用登录');
}