assign('step',1); _wap_assign_header_info('找回密码-第一步','',0,1,0); _wap_display_page('get_password.htm'); } //验证邮箱是否跟用户匹配 elseif($_REQUEST['step'] == 2) { $admin_username = !empty($_POST['username']) ? trim($_POST['username']) : ''; $admin_email = !empty($_POST['email']) ? trim($_POST['email']) : ''; if (empty($admin_username) || empty($admin_email)) { sys_msg('用户名和邮箱不能为空!',1); exit; } /* 管理员用户名和邮件地址是否匹配,并取得原密码 */ $sql = 'SELECT user_id, password, email FROM ' .$ecs->table('supplier_admin_user'). " WHERE user_name = '$admin_username'"; $admin_info = $db->getRow($sql); if(empty($admin_info)) { sys_msg('管理员不存在!',1); exit; } if($admin_info['email'] != $admin_email) { sys_msg('用户名和邮箱不匹配!',1); exit; } /* 生成验证的code */ $admin_id = $admin_info['user_id']; $code = md5($admin_id . $admin_info['password']); /* 设置重置邮件模板所需要的内容信息 */ $template = get_mail_template('send_password'); $reset_email = $ecs->url() . 'user.php?act=get_password&step=3&uid='.$admin_id.'&code='.$code; $smarty->assign('user_name', $admin_username); $smarty->assign('reset_email', $reset_email); $smarty->assign('shop_name', $_CFG['shop_name']); $smarty->assign('send_date', local_date($_CFG['date_format'])); $smarty->assign('sent_date', local_date($_CFG['date_format'])); $content = $smarty->fetch('str:' . $template['template_content']); /* 发送确认重置密码的确认邮件 */ if (send_mail($admin_username, $admin_email, $template['template_subject'], $content, $template['is_html'])) { //提示信息 $link[0]['text'] = $_LANG['back']; $link[0]['href'] = 'privilege.php?act=login'; sys_msg($_LANG['send_success'].$admin_email, 0, $link); } else { sys_msg($_LANG['send_mail_error'], 1); } } //验证hash_code,输入新的密码 elseif($_REQUEST['step'] == 3) { $admin= empty($_REQUEST['uid']) ? 0 : intval($_REQUEST['uid']); $code = empty($_REQUEST['code']) ? '' : trim($_REQUEST['code']); $smarty->assign('step',3); $smarty->assign('adminid',$adminid); $smarty->assign('code',$code); _wap_assign_header_info('找回密码-第二步','',1,1,0); _wap_display_page('get_password.htm'); } //更新密码 elseif($_REQUEST['step'] == 4) { $new_password = isset($_POST['password']) ? trim($_POST['password']) : ''; $adminid = isset($_POST['adminid']) ? intval($_POST['adminid']) : 0; $code = isset($_POST['code']) ? trim($_POST['code']) : ''; if(empty($new_password)) { sys_msg('密码不能为空!',1); } if (empty($code) || $adminid == 0) { sys_msg('参数错误!',1); } /* 以用户的原密码,与code的值匹配 */ $sql = 'SELECT password FROM ' .$ecs->table('supplier_admin_user'). " WHERE user_id = '$adminid'"; $password = $db->getOne($sql); if (md5($adminid . $password) <> $code) { //此链接不合法 $link[0]['link_name'] = $_LANG['back']; $link[0]['link_href'] = 'privilege.php?act=login'; sys_msg('链接已过期!', 1, $link); } //更新管理员的密码 $ec_salt=rand(1,9999); $sql = "UPDATE " .$ecs->table('supplier_admin_user'). "SET password = '".md5(md5($new_password).$ec_salt)."',`ec_salt`='$ec_salt' ". "WHERE user_id = '$adminid'"; $result = $db->query($sql); if ($result) { $link[0]['link_name'] = $_LANG['login_now']; $link[0]['link_href'] = 'privilege.php?act=login'; sys_msg($_LANG['update_pwd_success'], 0, $link); } else { sys_msg($_LANG['update_pwd_failed'], 1); } } }