phpcms2008判断是否登陆成功都是用 if($_userid && $_groupid == 1 && $_SESSION['is_admin'] == 1)来判断,但我看了登陆的代码:member.class.php中的login方法:
/**
* 用户登录方法
*
* @param STRING $username
* @param CHAR $password
* @param INT $cookietime
* @return true
*/
function login($username, $password, $cookietime = 0)
{
if(!$this->is_username($username)) ## 检查用户名是否符合规定
{
return false;
}
$userid = $this->get_userid($username); ## 根据用户名获得用户id
$r = $this->get($userid, '*', 1); ## 取得用户信息
if(!$r)
{
$this->msg = 'username_not_exist';
return FALSE;
} $md5_password = $this->password($password);
if($r['password'] != $md5_password)
{
if($r['password'] == substr($md5_password, 8, 16))
{
$arr_password = array('password'=>$md5_password);
$this->db->update($this->table, $arr_password, "userid='$userid'");
$this->db->update($this->table_cache, $arr_password, "userid='$userid'");
}
else
{
$this->msg = 'password_not_right';
return FALSE;
}
}
if($r['groupid'] == 1) ## 管理员
{
$_SESSION['admin_groupid'] = $r['groupid']; ##如果groupid==1,将管理员id:1赋值给 $_SESSION['admin_groupid']
}
$this->cache_group = cache_read('member_group_'.$r['groupid'].'.php');
if($r['groupid'] == 5 && !$this->cache_group['allowvisit']) ## 5:待审核
{
$this->msg = 'your_account_is_approvalling';
return FALSE;
}
elseif($r['groupid'] == 4 && !$this->cache_group['allowvisit']) ## 4:待邮件验证
{
$this->msg = 'your_account_not_validate';
return FALSE;
}
elseif($r['groupid'] == 2) ## 2:禁用
{
$this->msg = 'your_account_banned_by_admin';
return FALSE;
}
elseif($r['disabled']) ## 锁定帐户
{
$this->msg = 'your_account_banned_by_admin';
return FALSE;
}
if(!$this->cache_group['allowvisit'])
{
$this->msg = 'your_account_banned_by_admin';
return false;
}
$this->_userid = $r['userid'];
if(!$cookietime) $get_cookietime = get_cookie('cookietime'); ## 取得cookie名为cookietime的值
$_cookietime = $cookietime ? intval($cookietime) : ($get_cookietime ? $get_cookietime : 0); ## cookie时间
$cookietime = $_cookietime ? TIME + $_cookietime : 0;
$phpcms_auth_key = md5(AUTH_KEY.$_SERVER['HTTP_USER_AGENT']); ## b992afa767bdd04a0e6bb6c5c6644ed0
//'AUTH_KEY'ookie密钥:'MQGYMDqqEvoDhEYKkZPV');
//$_SERVER['HTTP_USER_AGENT']:该页面的用户代理的信息:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; WebSaver; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
$phpcms_auth = phpcms_auth($this->_userid."\t".$md5_password, 'ENCODE', $phpcms_auth_key); ## $md5_password:md5($password)
//如:UzBcA1EHBVQFDlZdBlEBWFEHVAdXAAYFVgFQBgQDXAhRXA==
set_cookie('auth', $phpcms_auth, $cookietime);
set_cookie('cookietime', $_cookietime, $cookietime);
if(CHARSET=='gbk')
{
$username = $this->escape($username);
set_cookie('username', $username, $cookietime);
}
$this->db->query("UPDATE $this->table_info SET lastloginip='".IP."',lastlogintime=".TIME.",logintimes=logintimes+1 WHERE userid='$this->_userid'");
require_once PHPCMS_ROOT.'member/include/group.class.php';
$group = new group();
$group->extend_update();
return $r;
}登陆成功后并没有设置$_userid和$_groupid == 1,请问这两个值是登陆时哪里设置的?
/**
* 用户登录方法
*
* @param STRING $username
* @param CHAR $password
* @param INT $cookietime
* @return true
*/
function login($username, $password, $cookietime = 0)
{
if(!$this->is_username($username)) ## 检查用户名是否符合规定
{
return false;
}
$userid = $this->get_userid($username); ## 根据用户名获得用户id
$r = $this->get($userid, '*', 1); ## 取得用户信息
if(!$r)
{
$this->msg = 'username_not_exist';
return FALSE;
} $md5_password = $this->password($password);
if($r['password'] != $md5_password)
{
if($r['password'] == substr($md5_password, 8, 16))
{
$arr_password = array('password'=>$md5_password);
$this->db->update($this->table, $arr_password, "userid='$userid'");
$this->db->update($this->table_cache, $arr_password, "userid='$userid'");
}
else
{
$this->msg = 'password_not_right';
return FALSE;
}
}
if($r['groupid'] == 1) ## 管理员
{
$_SESSION['admin_groupid'] = $r['groupid']; ##如果groupid==1,将管理员id:1赋值给 $_SESSION['admin_groupid']
}
$this->cache_group = cache_read('member_group_'.$r['groupid'].'.php');
if($r['groupid'] == 5 && !$this->cache_group['allowvisit']) ## 5:待审核
{
$this->msg = 'your_account_is_approvalling';
return FALSE;
}
elseif($r['groupid'] == 4 && !$this->cache_group['allowvisit']) ## 4:待邮件验证
{
$this->msg = 'your_account_not_validate';
return FALSE;
}
elseif($r['groupid'] == 2) ## 2:禁用
{
$this->msg = 'your_account_banned_by_admin';
return FALSE;
}
elseif($r['disabled']) ## 锁定帐户
{
$this->msg = 'your_account_banned_by_admin';
return FALSE;
}
if(!$this->cache_group['allowvisit'])
{
$this->msg = 'your_account_banned_by_admin';
return false;
}
$this->_userid = $r['userid'];
if(!$cookietime) $get_cookietime = get_cookie('cookietime'); ## 取得cookie名为cookietime的值
$_cookietime = $cookietime ? intval($cookietime) : ($get_cookietime ? $get_cookietime : 0); ## cookie时间
$cookietime = $_cookietime ? TIME + $_cookietime : 0;
$phpcms_auth_key = md5(AUTH_KEY.$_SERVER['HTTP_USER_AGENT']); ## b992afa767bdd04a0e6bb6c5c6644ed0
//'AUTH_KEY'ookie密钥:'MQGYMDqqEvoDhEYKkZPV');
//$_SERVER['HTTP_USER_AGENT']:该页面的用户代理的信息:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; WebSaver; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
$phpcms_auth = phpcms_auth($this->_userid."\t".$md5_password, 'ENCODE', $phpcms_auth_key); ## $md5_password:md5($password)
//如:UzBcA1EHBVQFDlZdBlEBWFEHVAdXAAYFVgFQBgQDXAhRXA==
set_cookie('auth', $phpcms_auth, $cookietime);
set_cookie('cookietime', $_cookietime, $cookietime);
if(CHARSET=='gbk')
{
$username = $this->escape($username);
set_cookie('username', $username, $cookietime);
}
$this->db->query("UPDATE $this->table_info SET lastloginip='".IP."',lastlogintime=".TIME.",logintimes=logintimes+1 WHERE userid='$this->_userid'");
require_once PHPCMS_ROOT.'member/include/group.class.php';
$group = new group();
$group->extend_update();
return $r;
}登陆成功后并没有设置$_userid和$_groupid == 1,请问这两个值是登陆时哪里设置的?
$_userid = 0; //为0表示没登陆
$_username = '';
$_groupid = 3; // $_groupid 分为:1管理员 2禁用 3游客 4待邮件验证 5等审核 6注册会员没登陆时$_userid的值是0,登陆后就不是0了,就是搞不清楚登陆时在哪里赋值给它了。