You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
450 lines
19 KiB
450 lines
19 KiB
<?php
|
|
|
|
defined('IN_IA') or exit('Access Denied');
|
|
load()->model('user');
|
|
load()->func('file');
|
|
load()->classs('oauth2/oauth2client');
|
|
load()->model('setting');
|
|
|
|
$dos = array('base', 'post', 'bind', 'validate_mobile', 'bind_mobile', 'unbind', 'check_mobile_sms_code', 'change_mobile');
|
|
$do = in_array($do, $dos) ? $do : 'base';
|
|
|
|
if ('post' == $do) {
|
|
$type = trim($_GPC['type']);
|
|
$extra_filed_key = safe_gpc_string($_GPC['extra_field_key']);
|
|
$extra_filed_val = safe_gpc_string($_GPC['extra_field_val']);
|
|
if ($_W['isfounder']) {
|
|
$uid = is_array($_GPC['uid']) ? 0 : intval($_GPC['uid']);
|
|
} else {
|
|
$uid = $_W['uid'];
|
|
}
|
|
if (empty($uid) || empty($type)) {
|
|
iajax(-1, '参数错误,请刷新后重试!', '');
|
|
}
|
|
$user = user_single($uid);
|
|
if (empty($user)) {
|
|
iajax(-1, '用户不存在或已经被删除!', '');
|
|
}
|
|
|
|
if (USER_STATUS_CHECK == $user['status'] || USER_STATUS_BAN == $user['status']) {
|
|
iajax(-1, '访问错误,该用户未审核或者已被禁用,请先修改用户状态!', '');
|
|
}
|
|
|
|
$users_profile_exist = table('users_profile')->getByUid($uid);
|
|
if ('birth' == $type) {
|
|
if ($users_profile_exist['year'] == $_GPC['year'] && $users_profile_exist['month'] == $_GPC['month'] && $users_profile_exist['day'] == $_GPC['day']) {
|
|
iajax(0, '未作修改!', '');
|
|
}
|
|
} elseif ('reside' == $type) {
|
|
if ($users_profile_exist['province'] == $_GPC['province'] && $users_profile_exist['city'] == $_GPC['city'] && $users_profile_exist['district'] == $_GPC['district']) {
|
|
iajax(0, '未作修改!', '');
|
|
}
|
|
} else {
|
|
if (in_array($type, array('username', 'password', 'welcome_link'))) {
|
|
if ($user[$type] == $_GPC[$type] && 'password' != $type) {
|
|
iajax(0, '未做修改!', '');
|
|
}
|
|
} else {
|
|
if ($users_profile_exist[$type] == $_GPC[$type] && empty($extra_filed_key)) {
|
|
iajax(0, '未作修改!', '');
|
|
}
|
|
}
|
|
}
|
|
switch ($type) {
|
|
case 'avatar':
|
|
case 'realname':
|
|
case 'address':
|
|
case 'qq':
|
|
case 'mobile':
|
|
if ('mobile' == $type) {
|
|
$match = preg_match(REGULAR_MOBILE, trim($_GPC[$type]));
|
|
if (empty($match)) {
|
|
iajax(-1, '手机号不正确', '');
|
|
}
|
|
$users_mobile = pdo_get('users_profile', array('mobile' => trim($_GPC[$type]), 'uid <>' => $uid));
|
|
$bind_mobile = pdo_get('users_bind', array('bind_sign' => trim($_GPC[$type]), 'uid <>' => $uid));
|
|
if (!empty($users_mobile) || !empty($bind_mobile)) {
|
|
iajax(-1, '手机号已存在,请联系管理员', '');
|
|
}
|
|
}
|
|
if ($users_profile_exist) {
|
|
$result = pdo_update('users_profile', array($type => trim($_GPC[$type])), array('uid' => $uid));
|
|
} else {
|
|
$data = array(
|
|
'uid' => $uid,
|
|
'createtime' => TIMESTAMP,
|
|
$type => safe_gpc_string($_GPC[$type]),
|
|
);
|
|
$result = pdo_insert('users_profile', $data);
|
|
}
|
|
if ('mobile' == $type) {
|
|
$data = array(
|
|
'uid' => $uid,
|
|
'bind_sign' => trim($_GPC[$type]),
|
|
'third_nickname' => trim($_GPC[$type]),
|
|
'third_type' => USER_REGISTER_TYPE_MOBILE,
|
|
);
|
|
$users_bind_exist = pdo_get('users_bind', array('uid' => $uid, 'third_type' => USER_REGISTER_TYPE_MOBILE));
|
|
if ($users_bind_exist) {
|
|
$result_bind = pdo_update('users_bind', $data, array('uid' => $uid, 'third_type' => USER_REGISTER_TYPE_MOBILE));
|
|
} else {
|
|
$result_bind = pdo_insert('users_bind', $data);
|
|
}
|
|
if (!$result_bind) {
|
|
iajax(-1, '操作失败,请联系管理员解决!', '');
|
|
}
|
|
}
|
|
break;
|
|
case 'username':
|
|
if (!$_W['isadmin'] && $_W['uid'] != $user['owner_uid']) {
|
|
iajax(-1, '无权限修改,请联系网站创始人!');
|
|
}
|
|
$username = safe_gpc_string($_GPC['username']);
|
|
$name_exist = pdo_get('users', array('username' => $username));
|
|
if (!empty($name_exist)) {
|
|
iajax(-1, '用户名已存在,请更换其他用户名!', '');
|
|
}
|
|
$result = pdo_update('users', array('username' => $username), array('uid' => $uid));
|
|
break;
|
|
case 'vice_founder_name':
|
|
$userinfo = user_single(array('username' => safe_gpc_string($_GPC['vice_founder_name'])));
|
|
|
|
if (empty($userinfo) || ACCOUNT_MANAGE_GROUP_VICE_FOUNDER != $userinfo['founder_groupid']) {
|
|
iajax(-1, '用户不存在或该用户不是副创始人', '');
|
|
}
|
|
pdo_update('users', array('owner_uid' => $userinfo['uid']), array('uid' => $uid));
|
|
$founder_own_user_table = table('users_founder_own_users');
|
|
$founder_own_user_exists = $founder_own_user_table->getFounderByUid($uid);
|
|
|
|
if (!empty($founder_own_user_exists)) {
|
|
$result = $founder_own_user_table->updateOwnUser($uid, $userinfo['uid']);
|
|
} else {
|
|
$result = $founder_own_user_table->addOwnUser($uid, $userinfo['uid']);
|
|
}
|
|
|
|
|
|
if ($result) {
|
|
$uni_account_users = table('uni_account_users');
|
|
$synchronize_data = $uni_account_users->where(array('uid' => $uid, 'role' => 'owner'))->getall('uniacid');
|
|
if (!empty($synchronize_data)) {
|
|
foreach ($synchronize_data as $k => $v) {
|
|
$founder_id = '';
|
|
$founder_id = table('uni_account_users')->where(array('uniacid' => $k, 'role' => 'vice_founder'))->getcolumn('id');
|
|
|
|
if ($founder_id) {
|
|
$uni_account_result = table('uni_account_users')->where(array('id' => $founder_id))->fill(array('uid' => $userinfo['uid']))->save();
|
|
} else {
|
|
$save_data = array(
|
|
'uniacid' => $k,
|
|
'uid' => $userinfo['uid'],
|
|
'role' => 'vice_founder',
|
|
'rank' => 0,
|
|
'createtime' => 0
|
|
);
|
|
$uni_account_result = table('uni_account_users')->fill($save_data)->save();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
break;
|
|
case 'remark':
|
|
$result = pdo_update('users', array('remark' => safe_gpc_string($_GPC['remark'])), array('uid' => $uid));
|
|
break;
|
|
case 'welcome_link':
|
|
$welcome_link = intval($_GPC['welcome_link']);
|
|
$result = pdo_update('users', array('welcome_link' => $welcome_link), array('uid' => $uid));
|
|
break;
|
|
case 'password':
|
|
if ($_GPC['newpwd'] !== $_GPC['renewpwd']) {
|
|
iajax(-1, '两次密码不一致!', '');
|
|
}
|
|
$_GPC['newpwd'] = safe_gpc_string($_GPC['newpwd']);
|
|
$check_safe = safe_check_password($_GPC['newpwd']);
|
|
if (is_error($check_safe)) {
|
|
iajax(-1, $check_safe['message']);
|
|
}
|
|
|
|
if (!$_W['isfounder'] && empty($user['register_type'])) {
|
|
$pwd = user_password($_GPC['oldpwd'], $uid);
|
|
$pwd_hash = user_password_hash($pwd, $uid);
|
|
if ($pwd_hash != $user['hash']) {
|
|
iajax(-1, '原密码不正确!', '');
|
|
}
|
|
}
|
|
$newpwd = user_password($_GPC['newpwd'], $uid);
|
|
$newpwd_hash = user_password_hash($newpwd, $uid);
|
|
if ($newpwd_hash == $user['hash']) {
|
|
iajax(0, '未作修改!', '');
|
|
}
|
|
$result = pdo_update('users', array('password' => $newpwd), array('uid' => $uid));
|
|
break;
|
|
case 'endtime':
|
|
if (!$_W['isfounder']) {
|
|
iajax(-1, '无权限操作!');
|
|
}
|
|
if (1 == $_GPC['endtype']) {
|
|
$endtime = 0;
|
|
} else {
|
|
$endtime = strtotime($_GPC['endtime']);
|
|
}
|
|
if (user_is_vice_founder() && !empty($_W['user']['endtime']) && ($endtime > $_W['user']['endtime'] || empty($endtime))) {
|
|
iajax(-1, '副创始人给用户设置的时间不能超过自己的到期时间');
|
|
}
|
|
$result = pdo_update('users', array('endtime' => $endtime), array('uid' => $uid));
|
|
pdo_update('users_profile', array('send_expire_status' => 0), array('uid' => $uid));
|
|
$uni_account_user = pdo_getall('uni_account_users', array('uid' => $uid, 'role' => 'owner'));
|
|
if (!empty($uni_account_user)) {
|
|
foreach ($uni_account_user as $account) {
|
|
cache_delete(cache_system_key('uniaccount', array('uniacid' => $account['uniacid'])));
|
|
}
|
|
}
|
|
break;
|
|
case 'birth':
|
|
if ($users_profile_exist) {
|
|
$result = pdo_update('users_profile', array('birthyear' => intval($_GPC['year']), 'birthmonth' => intval($_GPC['month']), 'birthday' => intval($_GPC['day'])), array('uid' => $uid));
|
|
} else {
|
|
$data = array(
|
|
'uid' => $uid,
|
|
'createtime' => TIMESTAMP,
|
|
'birthyear' => intval($_GPC['year']),
|
|
'birthmonth' => intval($_GPC['month']),
|
|
'birthday' => intval($_GPC['day']),
|
|
);
|
|
$result = pdo_insert('users_profile', $data);
|
|
}
|
|
break;
|
|
case 'reside':
|
|
$province = safe_gpc_string($_GPC['province']);
|
|
$city = safe_gpc_string($_GPC['city']);
|
|
$district = safe_gpc_string($_GPC['district']);
|
|
if ($users_profile_exist) {
|
|
$result = pdo_update('users_profile', array('resideprovince' => $province, 'residecity' => $city, 'residedist' => $district), array('uid' => $uid));
|
|
} else {
|
|
$data = array(
|
|
'uid' => $uid,
|
|
'createtime' => TIMESTAMP,
|
|
'resideprovince' => $province,
|
|
'residecity' => $city,
|
|
'residedist' => $district,
|
|
);
|
|
$result = pdo_insert('users_profile', $data);
|
|
}
|
|
break;
|
|
default:
|
|
$allow_fields = array(
|
|
'realname', 'nickname', 'avatar', 'qq', 'mobile', 'gender', 'birthyear', 'birthmonth', 'birthday', 'constellation', 'zodiac', 'idcard', 'studentid', 'grade', 'address', 'zipcode', 'nationality', 'resideprovince', 'residecity', 'residedist', 'graduateschool', 'company', 'education', 'occupation', 'position', 'revenue', 'affectivestatus', 'lookingfor', 'bloodtype', 'height', 'weight', 'alipay', 'msn', 'email', 'taobao', 'site', 'bio', 'interest',
|
|
);
|
|
if (empty($extra_filed_key) || !in_array($extra_filed_key, $allow_fields)) {
|
|
iajax(-1, '参数错误', '');
|
|
}
|
|
if ($users_profile_exist) {
|
|
$result = pdo_update('users_profile', array($extra_filed_key => $extra_filed_val), array('uid' => $uid));
|
|
} else {
|
|
$data = array(
|
|
'uid' => $uid,
|
|
$extra_filed_key => $extra_filed_val,
|
|
);
|
|
$result = pdo_insert('users_profile', $data);
|
|
}
|
|
break;
|
|
}
|
|
if ($result) {
|
|
pdo_update('users_profile', array('edittime' => TIMESTAMP), array('uid' => $uid));
|
|
$type == 'password' ? iajax(0, '修改成功,请重新登录!', url('user/login')) : iajax(0, '修改成功!', '');
|
|
} else {
|
|
iajax(-1, '修改失败,请稍候重试!', '');
|
|
}
|
|
}
|
|
|
|
if ('base' == $do) {
|
|
$user_type = !empty($_GPC['user_type']) ? trim($_GPC['user_type']) : PERSONAL_BASE_TYPE;
|
|
$user = $_W['user'];
|
|
$user['last_visit'] = date('Y-m-d H:i:s', $user['lastvisit']);
|
|
$user['joindate'] = date('Y-m-d H:i:s', $user['joindate']);
|
|
$user['url'] = user_invite_register_url($_W['uid']);
|
|
|
|
$profile = pdo_get('users_profile', array('uid' => $_W['uid']));
|
|
$profile = user_detail_formate($profile);
|
|
|
|
$redirect_urls = array(
|
|
array('id' => WELCOME_DISPLAY_TYPE, 'name' => '用户欢迎页'),
|
|
array('id' => PLATFORM_DISPLAY_TYPE, 'name' => '最后进入的平台或应用'),
|
|
);
|
|
$support_login_urls = user_support_urls();
|
|
|
|
$lists = table('users_bind')->getAllByUid($_W['uid']);
|
|
$bind_qq = array();
|
|
$bind_wechat = array();
|
|
$bind_mobile = array();
|
|
if (!empty($lists)) {
|
|
foreach ($lists as $list) {
|
|
switch ($list['third_type']) {
|
|
case USER_REGISTER_TYPE_QQ:
|
|
$bind_qq = $list;
|
|
break;
|
|
case USER_REGISTER_TYPE_WECHAT:
|
|
$bind_wechat = $list;
|
|
break;
|
|
case USER_REGISTER_TYPE_MOBILE:
|
|
$bind_mobile = $list;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
$endtime = $user['endtime'];
|
|
if (USER_ENDTIME_GROUP_EMPTY_TYPE == $endtime || USER_ENDTIME_GROUP_UNLIMIT_TYPE == $endtime) {
|
|
$endtime = '永久';
|
|
} else {
|
|
$endtime = date('Y-m-d', $endtime);
|
|
}
|
|
|
|
$setting_sms_sign = setting_load('site_sms_sign');
|
|
$bind_sign = !empty($setting_sms_sign['site_sms_sign']['register']) ? $setting_sms_sign['site_sms_sign']['register'] : '';
|
|
|
|
template('user/profile');
|
|
}
|
|
|
|
if ('bind' == $do) {
|
|
$setting_sms_sign = setting_load('site_sms_sign');
|
|
$bind_sign = !empty($setting_sms_sign['site_sms_sign']['register']) ? $setting_sms_sign['site_sms_sign']['register'] : '';
|
|
|
|
$user = table('users')->getById($_W['uid']);
|
|
$user_profile = table('users_profile')->getByUid($_W['uid']);
|
|
|
|
$bind_info = table('users_bind')->getAllByUid($_W['uid']);
|
|
|
|
$signs = array_keys($bind_info);
|
|
|
|
if (!empty($user['openid']) && !in_array($user['openid'], $signs)) {
|
|
pdo_insert('users_bind', array('uid' => $user['uid'], 'bind_sign' => $user['openid'], 'third_type' => $user['register_type'], 'third_nickname' => $user_profile['nickname']));
|
|
}
|
|
|
|
if (!empty($user_profile['mobile']) && !in_array($user_profile['mobile'], $signs)) {
|
|
pdo_insert('users_bind', array('uid' => $user_profile['uid'], 'bind_sign' => $user_profile['mobile'], 'third_type' => USER_REGISTER_TYPE_MOBILE, 'third_nickname' => $user_profile['mobile']));
|
|
}
|
|
|
|
$lists = table('users_bind')->getAllByUid($_W['uid']);
|
|
|
|
$bind_qq = array();
|
|
$bind_wechat = array();
|
|
$bind_mobile = array();
|
|
|
|
if (!empty($lists)) {
|
|
foreach ($lists as $list) {
|
|
switch ($list['third_type']) {
|
|
case USER_REGISTER_TYPE_QQ:
|
|
$bind_qq = $list;
|
|
break;
|
|
case USER_REGISTER_TYPE_WECHAT:
|
|
$bind_wechat = $list;
|
|
break;
|
|
case USER_REGISTER_TYPE_MOBILE:
|
|
$bind_mobile = $list;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
$support_login_urls = user_support_urls();
|
|
|
|
template('user/bind');
|
|
}
|
|
|
|
if (in_array($do, array('validate_mobile', 'bind_mobile')) || USER_REGISTER_TYPE_MOBILE == $_GPC['bind_type'] && 'unbind' == $do) {
|
|
$user_bind = table('users_bind')->getByTypeAndUid(USER_REGISTER_TYPE_MOBILE, $_W['uid']);
|
|
|
|
$mobile = safe_gpc_string($_GPC['mobile']);
|
|
$type = trim($_GPC['type']);
|
|
|
|
$mobile_exists = table('users_profile')->where('uid !=', $_W['uid'])->getByMobile($mobile);
|
|
if (empty($mobile)) {
|
|
iajax(-1, '手机号不能为空');
|
|
}
|
|
if (!preg_match(REGULAR_MOBILE, $mobile)) {
|
|
iajax(-1, '手机号格式不正确');
|
|
}
|
|
|
|
if (!empty($type) && $mobile != $user_bind['bind_sign']) {
|
|
iajax(-1, '请输入已绑定的手机号');
|
|
}
|
|
|
|
if (empty($type) && !empty($mobile_exists)) {
|
|
iajax(-1, '手机号已存在');
|
|
}
|
|
}
|
|
if ('validate_mobile' == $do) {
|
|
$user = array('username' => safe_gpc_string($_GPC['mobile']));
|
|
$mobile_exists = user_check($user);
|
|
if ($mobile_exists) {
|
|
iajax(-1, '手机号已经存在');
|
|
}
|
|
iajax(0, '本地校验成功');
|
|
}
|
|
|
|
if ('bind_mobile' == $do) {
|
|
if ($_W['isajax'] && $_W['ispost']) {
|
|
$bind_info = OAuth2Client::create('mobile')->bind();
|
|
|
|
$user = array('username' => safe_gpc_string($_GPC['mobile']));
|
|
$mobile_exists = user_check($user);
|
|
if ($mobile_exists) {
|
|
iajax(-1, '手机号已经存在');
|
|
}
|
|
|
|
if (is_error($bind_info)) {
|
|
iajax(-1, $bind_info['message']);
|
|
}
|
|
iajax(0, '绑定成功', url('user/profile/bind'));
|
|
} else {
|
|
iajax(-1, '非法请求');
|
|
}
|
|
}
|
|
|
|
if ('change_mobile' == $do) {
|
|
$step = 1;
|
|
$bind_mobile = table('users_bind')->getByTypeAndUid(USER_REGISTER_TYPE_MOBILE, $_W['uid']);
|
|
$setting_sms_sign = setting_load('site_sms_sign');
|
|
$bind_sign = !empty($setting_sms_sign['site_sms_sign']['register']) ? $setting_sms_sign['site_sms_sign']['register'] : '';
|
|
template('user/change-mobile');
|
|
}
|
|
|
|
if ('check_mobile_sms_code' == $do) {
|
|
if ($_W['isajax'] && $_W['ispost']) {
|
|
$check_result = OAuth2Client::create('mobile')->paramValidate();
|
|
if (is_error($check_result)) {
|
|
iajax(-1, $check_result['message']);
|
|
}
|
|
$check_authcode = authcode(safe_gpc_string($_GPC['mobile']), 'ENCODE');
|
|
$message = array(
|
|
'message' => '验证成功',
|
|
'check_authcode' => $check_authcode
|
|
);
|
|
iajax(0, $message);
|
|
} else {
|
|
iajax(-1, '非法请求');
|
|
}
|
|
}
|
|
|
|
if ('unbind' == $do) {
|
|
$types = array(1 => 'qq', 2 => 'wechat', 3 => 'mobile');
|
|
if (!in_array($_GPC['bind_type'], array(USER_REGISTER_TYPE_QQ, USER_REGISTER_TYPE_WECHAT, USER_REGISTER_TYPE_MOBILE))) {
|
|
iajax(-1, '类型错误');
|
|
}
|
|
$bind_type = $types[$_GPC['bind_type']];
|
|
if ($_W['isajax'] && $_W['ispost']) {
|
|
$unbind_info = OAuth2Client::create($bind_type, $_W['setting']['thirdlogin'][$bind_type]['appid'], $_W['setting']['thirdlogin'][$bind_type]['appsecret'])->unbind();
|
|
|
|
if (is_error($unbind_info)) {
|
|
iajax(-1, $unbind_info['message']);
|
|
}
|
|
$settings = $_W['setting']['copyright'];
|
|
if ($_W['isadmin'] && $settings['login_verify_status']) {
|
|
$settings['login_verify_status'] = 0;
|
|
setting_save($settings, 'copyright');
|
|
}
|
|
iajax(0, '解绑成功', url('user/profile/bind'));
|
|
}
|
|
iajax(-1, '非法请求');
|
|
}
|