ecshop二次開發——新註冊使用者後臺確認功能
阿新 • • 發佈:2019-01-28
需求:
1. 新註冊的使用者需要後臺管理員進行確認之後才能成為正式使用者。
2. 新使用者註冊之後,提示請等待管理員確認後才能使用。
3. 新註冊的使用者,如果管理員沒有對其註冊身份進行確認,在登入時會提示請等待管理員確認之後才能登入。
在觀察資料庫表的時候發現,users表中有個is_validated欄位,預設是0,表明沒有通過驗證。我們基於這個欄位來實現本文要求的功能。
升級說明
新註冊的使用者需要後臺管理員確認之後才能成為正式註冊的使用者。在使用者提交註冊資訊之後,提示使用者管理員會通過電話對其身份進行確認。未確認的使用者無法登入,未確認使用者登入時會提示需要確認的資訊。
升級方法
【1】在languages\zh_cn\admin\users.php
$_LANG['invalid_is_validated'] = '只能輸入0或1。0為無效,1為有效';
【2】在languages\zh_cn\user.php中增加:
$_LANG['login_failure_invalid'] = '需管理員確認身份之後才能登陸';
【3】修改includes\modules\integrates\integrate.php中的login函式為:
/** * 使用者登入函式 * * @access public * @param string $username * @param string $password * * @return int */ function login($username,$password, $remember = null) { $rt = $this->check_user($username, $password); if ($rt > 0) { if($this->need_sync) { $this->sync($username,$password); } $this->set_session($username); $this->set_cookie($username, $remember); return 1; } else if ($rt == -1) { //If the user is not valid, returns -1. return -1; } else { return 0; } }
修改add_user函式為:
/** * 新增一個新使用者 * * @access public * @param * * @return int */ functionadd_user($username, $password, $email, $gender = -1, $bday = 0, $reg_date=0,$md5password='') { /* 將使用者新增到整合方 */ if($this->check_user($username) != 0) { $this->error =ERR_USERNAME_EXISTS; return false; } /* 檢查email是否重複 */ $sql = "SELECT" . $this->field_id . " FROM" . $this->table($this->user_table). " WHERE" . $this->field_email . " = '$email'"; if($this->db->getOne($sql, true) > 0) { $this->error =ERR_EMAIL_EXISTS; return false; } $post_username =$username; if ($md5password) { $post_password =$this->compile_password(array('md5password'=>$md5password)); } else { $post_password =$this->compile_password(array('password'=>$password)); } $fields =array($this->field_name, $this->field_email, $this->field_pass); $values =array($post_username, $email, $post_password); if ($gender > -1) { $fields[] =$this->field_gender; $values[] =$gender; } if ($bday) { $fields[] =$this->field_bday; $values[] = $bday; } if ($reg_date) { $fields[] =$this->field_reg_date; $values[] =$reg_date; } $sql = "INSERTINTO " . $this->table($this->user_table). " (". implode(',', $fields) . ")". " VALUES('" . implode("', '", $values) . "')"; $this->db->query($sql); if($this->need_sync) { $this->sync($username, $password); } return true; }
【4】修改includes\modules\integrates\ecshop.php檔案內容為:
<?php
/**
* ECSHOP 會員資料處理類
*============================================================================
* * 版權所有 2005-2012 上海商派網路科技有限公司,並保留所有權利。
* 網站地址: http://www.ecshop.com
* ----------------------------------------------------------------------------
* 這是一個免費開源的軟體;這意味著您可以在不用於商業目的的前提下對程式程式碼
* 進行修改、使用和再發布。
*============================================================================
* $Author: liubo $
* $Id: ecshop.php 172172011-01-19 06:29:08Z liubo $
*/
if (!defined('IN_ECS'))
{
die('Hacking attempt');
}
/* 模組的基本資訊 */
if (isset($set_modules) && $set_modules == TRUE)
{
$i = (isset($modules)) ?count($modules) : 0;
/* 會員資料整合外掛的程式碼必須和檔名保持一致 */
$modules[$i]['code'] = 'ecshop';
/* 被整合的第三方程式的名稱 */
$modules[$i]['name'] = 'ECSHOP';
/* 被整合的第三方程式的版本 */
$modules[$i]['version'] ='2.0';
/* 外掛的作者 */
$modules[$i]['author'] = 'ECSHOPR&D TEAM';
/* 外掛作者的官方網站 */
$modules[$i]['website'] ='http://www.ecshop.com';
return;
}
require_once(ROOT_PATH .'includes/modules/integrates/integrate.php');
class ecshop extends integrate
{
var $is_ecshop = 1;
var $is_validated = '0';
function __construct($cfg)
{
$this->ecshop($cfg);
}
/**
*
*
* @access public
* @param
*
* @return void
*/
function ecshop($cfg)
{
parent::integrate(array());
$this->user_table ='users';
$this->field_id ='user_id';
$this->ec_salt ='ec_salt';
$this->field_name ='user_name';
$this->field_pass ='password';
$this->field_email= 'email';
$this->field_gender= 'sex';
$this->field_bday ='birthday';
$this->field_reg_date = 'reg_time';
$this->need_sync =false;
$this->is_ecshop =1;
$this->is_validated= "is_validated";
}
/**
* 檢查指定使用者是否存在及密碼是否正確(過載基類check_user函式,支援zc加密方法)
*
* @access public
* @param string $username 使用者名稱
*
* @return int
*/
functioncheck_user($username, $password = null)
{
if ($this->charset!= 'UTF8')
{
$post_username =ecs_iconv('UTF8', $this->charset, $username);
}
else
{
$post_username =$username;
}
if ($password ===null)
{
$sql ="SELECT " . $this->field_id .
" FROM" . $this->table($this->user_table).
"WHERE " . $this->field_name . "='" . $post_username ."'";
return$this->db->getOne($sql);
}
else
{
//We also get theis_validated value
$sql = "SELECTuser_id, password, is_validated, salt,ec_salt " .
" FROM" . $this->table($this->user_table).
"WHERE user_name='$post_username'";
$row =$this->db->getRow($sql);
$ec_salt=$row['ec_salt'];
if (empty($row))
{
return 0;
}
$is_validated =$row['is_validated'];
if (0 ==$is_validated)
{
//We use -1 denote that that user resigsteredby not validated.
return -1;
}
if(empty($row['salt']))
{
if($row['password'] !=$this->compile_password(array('password'=>$password,'ec_salt'=>$ec_salt)))
{
return 0;
}
else
{
if(empty($ec_salt))
{
$ec_salt=rand(1,9999);
$new_password=md5(md5($password).$ec_salt);
$sql = "UPDATE".$this->table($this->user_table)."SET password= '".$new_password."',ec_salt='".$ec_salt."'".
"WHERE user_name='$post_username'";
$this->db->query($sql);
}
return$row['user_id'];
}
}
else
{
/* 如果salt存在,使用salt方式加密驗證,驗證通過洗白使用者密碼*/
$encrypt_type= substr($row['salt'], 0, 1);
$encrypt_salt= substr($row['salt'], 1);
/* 計算加密後密碼 */
$encrypt_password = '';
switch($encrypt_type)
{
caseENCRYPT_ZC :
$encrypt_password = md5($encrypt_salt.$password);
break;
/* 如果還有其他加密方式新增到這裡 */
//caseother :
// ----------------------------------
// break;
caseENCRYPT_UC :
$encrypt_password = md5(md5($password).$encrypt_salt);
break;
default:
$encrypt_password = '';
}
if($row['password'] != $encrypt_password)
{
return 0;
}
$sql ="UPDATE " . $this->table($this->user_table) .
"SET password = '". $this->compile_password(array('password'=>$password)) . "',salt=''".
"WHERE user_id = '$row[user_id]'";
$this->db->query($sql);
return$row['user_id'];
}
}
}
/**
* 編輯使用者資訊($password, $email, $gender, $bday) 過載父類的方法
*
* @access public
* @param
*
* @return void
*/
function edit_user($cfg)
{
if (empty($cfg['username']))
{
return false;
}
else
{
$cfg['post_username'] = $cfg['username'];
}
$values = array();
if (!empty($cfg['password']) && empty($cfg['md5password']))
{
$cfg['md5password'] = md5($cfg['password']);
}
if ((!empty($cfg['md5password'])) &&$this->field_pass != 'NULL')
{
$values[] = $this->field_pass . "='" .$this->compile_password(array('md5password'=>$cfg['md5password'])) ."'";
}
if ((!empty($cfg['email'])) && $this->field_email !='NULL')
{
/* 檢查email是否重複 */
$sql = "SELECT " . $this->field_id .
" FROM " .$this->table($this->user_table).
" WHERE " . $this->field_email . " ='$cfg[email]' ".
" AND " . $this->field_name . " !='$cfg[post_username]'";
if ($this->db->getOne($sql, true) > 0)
{
$this->error = ERR_EMAIL_EXISTS;
return false;
}
// 檢查是否為新E-mail
$sql = "SELECT count(*)" .
" FROM " .$this->table($this->user_table).
" WHERE " . $this->field_email ." = '$cfg[email]' ";
if($this->db->getOne($sql, true) == 0)
{
// 新的E-mail
$sql = "UPDATE " . $GLOBALS['ecs']->table('users'). " SET is_validated = 0 WHERE user_name = '$cfg[post_username]'";
$this->db->query($sql);
}
$values[] = $this->field_email . "='".$cfg['email'] . "'";
}
if (isset($cfg['gender']) && $this->field_gender !='NULL')
{
$values[] = $this->field_gender . "='" .$cfg['gender'] . "'";
}
if ((!empty($cfg['bday'])) && $this->field_bday !='NULL')
{
$values[] = $this->field_bday . "='" .$cfg['bday'] . "'";
}
if ((!is_null($cfg['is_validated'])) &&$this->is_validated != 'NULL')
{
$values[] = $this->is_validated . "='" .$cfg['is_validated'] . "'";
}
if ($values)
{
$sql = "UPDATE " .$this->table($this->user_table).
" SET " . implode(', ', $values).
" WHERE " . $this->field_name ."='" . $cfg['post_username'] . "' LIMIT 1";
$this->db->query($sql);
if ($this->need_sync)
{
if (empty($cfg['md5password']))
{
$this->sync($cfg['username']);
}
else
{
$this->sync($cfg['username'], '',$cfg['md5password']);
}
}
}
return true;
}
}
?>
【5】修改admin\templates\users_list.htm中的:
<td align="center">{if $user.is_validated} <imgsrc="images/yes.gif"> {else} <imgsrc="images/no.gif"> {/if}</td>
為:
<td align="center"><spanonclick="listTable.edit(this, 'edit_is_validated', {$user.user_id})"id="is_validated_text">{if $user.is_validated} <imgsrc="images/yes.gif"> {else} <img src="images/no.gif">{/if}</td></span></td>
【6】修改admin\js\listtable.js中的listTable.edit響應函式為:
/**
* 建立一個可編輯區
*/
listTable.edit = function(obj, act, id)
{
var tag =obj.firstChild.tagName;
if (typeof(tag) !="undefined" && tag.toLowerCase() == "input")
{
return;
}
/* 儲存原始的內容 */
var org = obj.innerHTML;
var val = Browser.isIE ?obj.innerText : obj.textContent;
/* 建立一個輸入框 */
var txt =document.createElement("INPUT");
txt.value = (val == 'N/A') ?'' : val;
txt.style.width =(obj.offsetWidth + 12) + "px" ;
/* 隱藏物件中的內容,並將輸入框加入到物件中 */
obj.innerHTML ="";
obj.appendChild(txt);
txt.focus();
/* 編輯區輸入事件處理函式 */
txt.onkeypress = function(e)
{
var evt =Utils.fixEvent(e);
var obj = Utils.srcElement(e);
if (evt.keyCode == 13)
{
obj.blur();
return false;
}
if (evt.keyCode == 27)
{
obj.parentNode.innerHTML= org;
}
}
/* 編輯區失去焦點的處理函式 */
txt.onblur = function(e)
{
if(Utils.trim(txt.value).length > 0)
{
res =Ajax.call(listTable.url, "act="+act+"&val=" +encodeURIComponent(Utils.trim(txt.value)) + "&id=" +id, null,"POST", "JSON", false);
if (res.message)
{
alert(res.message);
}
if(res.id &&(res.act == 'goods_auto' || res.act == 'article_auto'))
{
document.getElementById('del'+res.id).innerHTML = "<ahref=\""+ thisfile +"?goods_id="+ res.id+"&act=del\" onclick=\"returnconfirm('"+deleteck+"');\">"+deleteid+"</a>";
}
obj.innerHTML =(res.error == 0) ? res.content : org;
}
else
{
obj.innerHTML = org;
}
if (act =='edit_is_validated')
{
if (obj.innerHTML == '1')
{
obj.innerHTML ='<img src="images/yes.gif">';
}
else
{
obj.innerHTML = '<imgsrc="images/no.gif">';
}
}
}
}
【7】在admin\users.php中增加:
/*------------------------------------------------------ */
//-- 編輯會員有效性
/*------------------------------------------------------ */
elseif ($_REQUEST['act'] == 'edit_is_validated')
{
/* 檢查許可權 */
check_authz_json('users_manage');
$id =empty($_REQUEST['id']) ? 0 : intval($_REQUEST['id']);
$is_validated =is_null($_REQUEST['val']) ? '' : json_str_iconv(trim($_REQUEST['val']));
$users =&init_users();
$sql = "SELECTuser_name, email FROM " . $ecs->table('users') . " WHERE user_id ='$id'";
$row =$db->GetRow($sql);
$username =$row["user_name"];
$email =$row["email"];
if (($is_validated == '0')|| ($is_validated == 1))
{
if($users->edit_user(array('username'=>$username, 'email'=>$email,'is_validated'=>$is_validated)))
{
admin_log(addslashes($username),'edit', 'users');
make_json_result(stripcslashes($is_validated));
}
else
{
$msg =($users->error == ERR_EMAIL_EXISTS) ? $GLOBALS['_LANG']['email_exists'] :$GLOBALS['_LANG']['edit_user_failed'];
make_json_error($msg);
}
}
else
{
make_json_error($GLOBALS['_LANG']['invalid_is_validated']);
}
}
【8】user.php中將:
show_message(sprintf($_LANG['register_success'], $username .$ucdata), array($_LANG['back_up_page'], $_LANG['profile_lnk']),array($back_act, 'user.php'), 'info');
改為:
show_message(sprintf($_LANG['register_success'], $username .$ucdata), array($_LANG['back_up_page']), array($back_act), 'info');
將
if ($user->check_user($username) || admin_registered($username))
改為:
if (($user->check_user($username) != 0) ||admin_registered($username))
將:
if ($user->login($username, $password,isset($_POST['remember'])))
{
update_user_info();
recalculate_price();
$ucdata =isset($user->ucdata)? $user->ucdata : '';
show_message($_LANG['login_success'] . $ucdata ,array($_LANG['back_up_page'], $_LANG['profile_lnk']),array($back_act,'user.php'), 'info');
}
改為:
$rt = $user->login($username,$password,isset($_POST['remember']));
if ($rt > 0)
{
update_user_info();
recalculate_price();
$ucdata =isset($user->ucdata)? $user->ucdata : '';
show_message($_LANG['login_success'] . $ucdata ,array($_LANG['back_up_page'], $_LANG['profile_lnk']),array($back_act,'user.php'), 'info');
}
else if ($rt == -1)
{
show_message($_LANG['login_failure_invalid'], $_LANG['relogin_lnk'],'user.php', 'error');
}
將:
if ($user->login($username, $password))
{
update_user_info(); //更新使用者資訊
recalculate_price();// 重新計算購物車中的商品價格
$smarty->assign('user_info', get_user_info());
$ucdata =empty($user->ucdata)? "" : $user->ucdata;
$result['ucdata'] =$ucdata;
$result['content'] =$smarty->fetch('library/member_info.lbi');
}
改為:
$rt =$user->login($username, $password);
if ($rt > 0)
{
update_user_info(); //更新使用者資訊
recalculate_price();// 重新計算購物車中的商品價格
$smarty->assign('user_info', get_user_info());
$ucdata =empty($user->ucdata)? "" : $user->ucdata;
$result['ucdata'] =$ucdata;
$result['content'] =$smarty->fetch('library/member_info.lbi');
}
else if ($rt == -1)
{
if ($_SESSION['login_fail'] > 2)
{
$smarty->assign('enabled_captcha', 1);
$result['html'] =$smarty->fetch('library/member_info.lbi');
}
$result['error'] = 1;
$result['content'] = $_LANG['login_failure_invalid'];
}
將:
if (($user_info && (!empty($code) &&md5($user_info['user_id'] . $_CFG['hash_code'] . $user_info['reg_time']) ==$code)) || ($_SESSION['user_id']>0 && $_SESSION['user_id'] ==$user_id && $user->check_user($_SESSION['user_name'],$old_password)))
改為:
if (($user_info && (!empty($code) &&md5($user_info['user_id'] . $_CFG['hash_code'] . $user_info['reg_time']) ==$code)) || ($_SESSION['user_id']>0 && $_SESSION['user_id'] ==$user_id && ($user->check_user($_SESSION['user_name'],$old_password) > 0)))
【9】flow.php中將:
if ($user->login($_POST['username'],$_POST['password'],isset($_POST['remember'])))
{
update_user_info(); //更新使用者資訊
recalculate_price(); // 重新計算購物車中的商品價格
/* 檢查購物車中是否有商品 沒有商品則跳轉到首頁 */
$sql ="SELECT COUNT(*) FROM " . $ecs->table('cart') . " WHEREsession_id = '" . SESS_ID . "' ";
if($db->getOne($sql) > 0)
{
ecs_header("Location:flow.php?step=checkout\n");
}
else
{
ecs_header("Location:index.php\n");
}
exit;
}
改為:
$rt = $user->login($_POST['username'],$_POST['password'],isset($_POST['remember']));
if ($rt > 0)
{
update_user_info(); //更新使用者資訊
recalculate_price(); // 重新計算購物車中的商品價格
/* 檢查購物車中是否有商品 沒有商品則跳轉到首頁 */
$sql ="SELECT COUNT(*) FROM " . $ecs->table('cart') . " WHEREsession_id = '" . SESS_ID . "' ";
if($db->getOne($sql) > 0)
{
ecs_header("Location: flow.php?step=checkout\n");
}
else
{
ecs_header("Location:index.php\n");
}
exit;
}
else if ($rt ==-1)
{
show_message($_LANG['login_failure_invalid'],$_LANG['relogin_lnk'], 'user.php', 'error');
}