//查询数据表members,usergroups //取出用户认证信息包括UID,用户名,密码,安全提问,管理权限,用户组ID,页面风格,上次访问,最后发帖,是否允许隐身 $member = $db->fetch_first("SELECT m.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw, m.secques AS discuz_secques, m.email, m.adminid, m.groupid, m.styleid AS styleidmem, m.lastvisit, m.lastpost, u.allowinvisible FROM {$tablepre}members m LEFT JOIN {$tablepre}usergroups u USING (groupid) WHERE m.uid='$ucresult[uid]'");
[Discuz!] (C)2001-2009 Comsenz Inc.
This is NOT a freeware, use is subject to license terms 登陆系统,判断用户名、密码 $Id: logging.php 17399 2008-12-17 09:13:08Z monkey $
*/define('NOROBOT', TRUE);//定义操作页面
define('CURSCRIPT', 'logging');//包含公共文件
require_once './include/common.inc.php';//包含misc函数文件(控制管理PM,评分PM,评分记录,附件高亮显示,IP转换为地理位置)
require_once DISCUZ_ROOT.'./include/misc.func.php';require_once DISCUZ_ROOT.'./uc_client/client.php';//判断动作
//注销
if($action == 'logout' && !empty($formhash)) {
if($_DCACHE['settings']['frameon'] && $_DCOOKIE['frameon'] == 'yes') {
$extrahead .= '<script>if(top != self) {parent.leftmenu.location.reload();}</script>';
} if($formhash != FORMHASH) {
showmessage('logout_succeed', dreferer());
} $ucsynlogout = $allowsynlogin ? uc_user_synlogout() : '';
//清除cookies
clearcookies();
//重置用户状态为游客
$groupid = 7;
$discuz_uid = 0;
//清除用户名和密码
$discuz_user = $discuz_pw = '';
//重置页面样式
$styleid = $_DCACHE['settings']['styleid'];
//显示注销成功页面
showmessage('logout_succeed', dreferer());}
//用户登陆
elseif($action == 'login') { //判断用户是否为游客
if($discuz_uid) {
//初始化变量
$ucsynlogin = '';
//显示登陆成功页面
showmessage('login_succeed', $indexname);
}
//登陆用户名的字段名
$field = $loginfield == 'uid' ? 'uid' : 'username'; //登陆验证 ,判断是否被限制登录
if(!($loginperm = logincheck())) {
showmessage('login_strike');
} $seccodecheck = $seccodestatus & 2; if($seccodecheck && $seccodedata['loginfailedcount']) {
$seccodecheck = $db->result_first("SELECT count(*) FROM {$tablepre}failedlogins WHERE ip='$onlineip' AND count>='$seccodedata[loginfailedcount]' AND $timestamp-lastupdate<=900");
}
//判断是否为提交登陆
if(!submitcheck('loginsubmit', 1, $seccodecheck)) {
//显示登陆页面
$discuz_action = 6; $referer = dreferer(); $thetimenow = '(GMT '.($timeoffset > 0 ? '+' : '').$timeoffset.') '.
dgmdate("$dateformat $timeformat", $timestamp + $timeoffset * 3600). $styleselect = '';
$query = $db->query("SELECT styleid, name FROM {$tablepre}styles WHERE available='1'");
while($styleinfo = $db->fetch_array($query)) {
$styleselect .= "<option value=\"$styleinfo[styleid]\">$styleinfo[name]</option>\n";
} $cookietimecheck = !empty($_DCOOKIE['cookietime']) ? 'checked="checked"' : ''; if($seccodecheck) {
$seccode = random(6, 1) + $seccode{0} * 1000000;
} $username = !empty($_DCOOKIE['loginuser']) ? htmlspecialchars($_DCOOKIE['loginuser']) : '';
include template('login'); } else {
//判断是否安全提问页面登陆
if(isset($loginauth)) {
list($username, $password) = daddslashes(explode("\t", authcode($loginauth, 'DECODE')), 1);
}
//验证用户登录,用户名正确无误返回用户基本数据,否则返回相应的错误信息。
$ucresult = uc_user_login($username, $password, $loginfield == 'uid', 1, $questionid, $answer);
list($tmp['uid'], $tmp['username'], $tmp['password'], $tmp['email'], $duplicate) = daddslashes($ucresult, 1);
$ucresult = $tmp; if($duplicate && $ucresult['uid'] > 0) {
//如果旧ID等于用户登录ID
if($olduid = $db->result_first("SELECT uid FROM {$tablepre}members WHERE username='".addslashes($ucresult['username'])."'")) {
//导入合并用户时的函数处理文件
require_once DISCUZ_ROOT.'./include/membermerge.func.php';
//对用户信息合并
membermerge($olduid, $ucresult['uid']);
//移除重名用户记录
uc_user_merge_remove($ucresult['username']);
} else {
//$ucresult['uid'] = -1时别是用户不存在
$ucresult['uid'] = -1;
}
}
//处理登陆
//用户信息置空
$discuz_uid = 0;
$discuz_user = $discuz_pw = $discuz_secques = '';
$member = array();
//如果用户登录成功
if($ucresult['uid'] > 0) {
//查询数据表members,usergroups
//取出用户认证信息包括UID,用户名,密码,安全提问,管理权限,用户组ID,页面风格,上次访问,最后发帖,是否允许隐身
$member = $db->fetch_first("SELECT m.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw, m.secques AS discuz_secques,
m.email, m.adminid, m.groupid, m.styleid AS styleidmem, m.lastvisit, m.lastpost, u.allowinvisible
FROM {$tablepre}members m LEFT JOIN {$tablepre}usergroups u USING (groupid)
WHERE m.uid='$ucresult[uid]'");
if(!$member) {
$ucresult['username'] = addslashes($ucresult['username']);
$auth = authcode("$ucresult[username]\t".FORMHASH, 'ENCODE');
if($inajax) {
$message = 2;
$location = $regname.'?action=activation&auth='.rawurlencode($auth);
include template('login');
} else {
showmessage('login_activation', $regname.'?action=activation&auth='.rawurlencode($auth));
}
}
//安全提问匹配
//从数组中将变量导入到当前的符号表
extract($member);
//处理用户名
$discuz_userss = $discuz_user;
$discuz_user = addslashes($discuz_user); //更新用户邮箱
if(addslashes($email) != $ucresult['email']) {
$db->query("UPDATE {$tablepre}members SET email='$ucresult[email]' WHERE uid='$ucresult[uid]'");
}
//$discuz_secques:.当前用户安全提问信息
//更新会员表用户安全问答
if($questionid > 0 && empty($discuz_secques)) {
$discuz_secques = random(8);
$db->query("UPDATE {$tablepre}members SET secques='$discuz_secques' WHERE uid='$ucresult[uid]'");
} $styleid = intval(empty($_POST['styleid']) ? ($styleidmem ? $styleidmem :
$_DCACHE['settings']['styleid']) : $_POST['styleid']); $cookietime = intval(isset($_POST['cookietime']) ? $_POST['cookietime'] : 0);
//设置cookie
dsetcookie('cookietime', $cookietime, 31536000);
dsetcookie('auth', authcode("$discuz_pw\t$discuz_secques\t$discuz_uid", 'ENCODE'), $cookietime, 1, true);
dsetcookie('loginuser');
dsetcookie('activationauth');
dsetcookie('pmnum'); $sessionexists = 0; if($_DCACHE['settings']['frameon'] && $_DCOOKIE['frameon'] == 'yes') {
$extrahead .= '<script>if(top != self) {parent.leftmenu.location.reload();}</script>';
} $ucsynlogin = $allowsynlogin ? uc_user_synlogin($discuz_uid) : ''; if(!empty($inajax)) {
$msgforward = unserialize($msgforward);
$mrefreshtime = intval($msgforward['refreshtime']) * 1000;
include_once DISCUZ_ROOT.'./forumdata/cache/cache_usergroups.php';
$usergroups = $_DCACHE['usergroups'][$groupid]['grouptitle'];
$message = 1;
include template('login');
} else {
//判断是否为等待验证会员,如果是跳转到会员个人中心显示
if($groupid == 8) {
showmessage('login_succeed_inactive_member', 'memcp.php');
} else {
//如果不是回到上一个页面
showmessage('login_succeed', dreferer());
}
} }//登陆失败
else { $password = preg_replace("/^(.{".round(strlen($password) / 4)."})(.+?)(.{".round(strlen($password) / 6)."})$/s", "\\1***\\3", $password);
//生成密码错误日志记录
$errorlog = dhtmlspecialchars(
$timestamp."\t".
($ucresult['username'] ? $ucresult['username'] : stripslashes($username))."\t".
$password."\t".
($secques ? "Ques #".intval($questionid) : '')."\t".
$onlineip);
//写入的日志文件
writelog('illegallog', $errorlog);
//在数据库中记录登陆失败次数
loginfailed($loginperm);
$fmsg = $ucresult['uid'] == '-3' ? (empty($questionid) || $answer == '' ? 'login_question_empty' : 'login_question_invalid') : 'login_invalid';
//跳转到登陆界面
showmessage($fmsg, 'logging.php?action=login');
} }} else {
showmessage('undefined_action');
}?>
可以一步步测一下,向discuz论坛登录页面及相关页面传入的值(用户名,密码)是否真确.