EMS/web.ems
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
fc6a0bca7e3a7c556b5a7bde657780470e6de8a0
web.ems/wxc2_omc/security/login/alter_password.php
simonzhangsz fc6a0bca7e update web
2024-10-21 11:37:26 +08:00

645 lines
19 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
/*********************************************************
程序说明:
功能说明:本程序实现对系统操作员的资料进行编辑
调用关系:调用:header.inc
变量说明:
返回值:无
作者:
修改注释:
NO.1
姓名:
时间:
修改说明:
*********************************************************/
require("../../inc/header.inc");
?>
<body leftmargin="15" rightmargin="10" onload="javascript:adjust_frame('up');" onresize="javascript:adjust_frame('up');" style="background-color:#FFFAF4;overflow:hidden;overflow-x:hidden;overflow-y:hidden;">
<?php
//adjust_head();
//adjust_title_head();
/*
echo "<br>";
echo "<table id=\"table_up\" border=\"0\" width=\"100%\">";
echo "<tr>";
echo "<td width=\"50%\" align=\"left\">";
echo "$strAdvanced > $strOmcUser";
echo "</td>";
echo "</tr>";
echo "</table>";*/
//adjust_title_tail();
adjust_content_head();
echo "<br>";
$DEBUG =0;
$pubDb ='OMC_PUB';
$table_name ='sysUser';
$history_name='sysPwdHistory';
if (!isset($privilegeFlag)) {
$privilegeFlag = 0;
}
//lyj to get pwdStrength
$strength_name ='sysPwdStrength';
$strengthSql = "SELECT *
FROM $strength_name
";
if($DEBUG)echo "$strengthSql <br>";
$strengthResult = mysqli_query($pubConn,$strengthSql );
echo mysqli_error($pubConn);
$pwdStrengSult= mysqli_fetch_array($strengthResult);
$ucCategory=$pwdStrengSult['ucCategory'];
$maxLength=$pwdStrengSult['maxLength'];
$patrn=$_REQUEST['patrn'];
if($DEBUG) echo "userInfo[ID] = $userInfo[ID]<br>";
$confMode=$_REQUEST['confMode'];
$userName=$_REQUEST['userName'];
$selectedLanguage=$_REQUEST['selectedLanguage'];
if($DEBUG) echo "confMode=$confMode, userName=$userName<br>";
$old_userName=$_REQUEST['old_userName'];
?>
<script type="text/JavaScript" charset="utf-8">
<!--
function question_Validator(theForm)
{
<?php
if( $userName != '')
{
?>
if(theForm.new_password_1.value != theForm.new_password_2.value){
var NotCoherent="<?php echo $strInputPasswordIsNotCoherent; ?>";
alert(NotCoherent);
theForm.new_password_1.focus();
return (false);
}
<?php
}else{
?>
if(theForm.userName.value.length < 6 )
{
var lang="<?php echo $language; ?>";
if (lang=='eng')
alert("Account name length should exceed 6");
else
alert("用户名长度小于6");
theForm.userName.focus();
return (false);
}
if(theForm.userName.value==''){
var AccountEmpty="<?php echo $strAccountCannotBeEmpty; ?>";
alert(AccountEmpty);
theForm.userName.focus();
return(false);
}else if(theForm.password.value==''){
var PasswordEmpty="<?php echo $strPasswordCannotBeEmpty; ?>";
alert(PasswordEmpty);
theForm.userName.focus();
return(false);
}else if(theForm.realName.value==''){
var InputName="<?php echo $strPleaseInputRealName; ?>";
alert(InputName);
theForm.userName.focus();
return(false);
}else{
if(theForm.password.value != theForm.re_password.value){
var RepeatPassword="<?php echo $strInputPasswordIsNotCoherent; ?>";
alert(RepeatPassword);
theForm.re_password.focus();
return (false);
}
}
<?php
}
?>
return (true);
}
function set_value(check_box,check_input,check_value)
{ if(check_box.checked){
check_input.value=check_value;
}else{
check_input.value='';
}
}
function Check(lang, theform,realStrength,maxLength){
var password=theform.new_password_1.value;
//password strength---lyj
// matching ---lyj
var nowStrength =" <?php echo $strPwdStrength1 ?>"+realStrength+"<?php echo $strPwdStrength3 ?>"+maxLength;
if(realStrength == 4){
var front="^(?![A-z0-9]+$)(?=.[^%&',;=?$\x22])(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9]).{8,";
}
if(realStrength == 3){
var front="^(?![a-zA-Z]+$)(?![A-Z0-9]+$)(?![A-Z._~!@#$%^&*]+$)(?![a-z0-9]+$)(?![a-z._~!@#$%^&*]+$)(?![0-9._~!@#$%^&*]+$)[a-zA-Z0-9._~!@#$%^&*]{8,";
}
if(realStrength == 2 ){
var front="^(?![A-Z]+$)(?![a-z]+$)(?![0-9]*$)(?![!@#$%^&*_+-/=?]+$)\\S{6,";
}
if(realStrength == 1){
var front ="^[a-zA-Z_0-9_!@#$%^&*()+.]{8,";
}
var back=maxLength+'}$';
var patrn1=front+back;
var patrn=RegExp(patrn1);
if (!patrn.test(password)){
if (lang=='eng')
alert("password must contain digits, uppercase letters, lowercase letters, and special characters");
if (lang=='chn')
alert(nowStrength);
theform.new_password_1.focus();
theform.new_password_1.select();
return (false);
}
return (true);
}
//-->
</script>
<?php
$str_sql="SELECT *
FROM $table_name
WHERE userName = '$userName'
";
echo $_REQUEST['username'];
$result = @mysqli_query($pubConn,$str_sql);
$myrows = @mysqli_fetch_array($result);
?>
<?php
if (($confMode == 'add')||($confMode == 'edit')){
?>
<form action="<?php echo"$PHP_SELF?table_name=$table_name&old_userName=$myrows[userName]&confMode=$confMode&realName=$myrows[realName]"; ?>" method="POST" onsubmit="return question_Validator(this) && Check('<?php echo $language;?>',this,'<?php echo $ucCategory;?>','<?php echo $maxLength;?>')" name="operForm">
<!-- <table border="1" width="100%" cellpadding="2" cellspacing="0" bordercolor="#666666" bordercolordark="#FFFFFF" height="189" bgcolor="#FFFFEF">
-->
<table class="formCenter">
<tr>
<td colspan=3 vAlign="top" bgcolor="#E6E6E6" height="12"><b>
<?php
if($userName != ''){
echo $strOperatorList;
}else{
echo $strAddOperator;
}
?>
</b></td>
</tr>
<tr>
<td><?php echo $strRealName; ?></td>
<td><input type="text" name="realName" maxlength="16" size="16" value="<?php echo"$myrows[realName]"?>" class="text" ></td>
<td width="150"> <?php echo $strLessThanSixteencharacters; ?></td>
</tr>
<?php
echo "<tr>";
echo "<td>$strAccountName</td>";
$userName = $myrows['userName'];
if ( $confMode == 'edit' ) {
echo "<td>$myrows[userName]</td>";
} else {
echo "<td><input type=\"text\" name=\"userName\" maxlength=\"16\" size=\"16\" class=\"text\"></td>";
}
echo "<td width=\"150\">$strMoreThanSixAndLessThanSixteencharacters;</td>";
echo "</tr>";
//修改用户资料
if($userName != ''){
?>
<tr>
<td> <?php echo "$strModifyPassword"; ?>(<?php echo "$strSuggestedLengthEqualSixcharacters"; ?>)</td>
<td>
<?php echo "$strNewPassword"; ?>:<input type="password" name="new_password_1" maxlength="128" size="16" class="text">
<td width="150" rowspan=2> <?php echo "$strPasswordStrengthPolicy"; ?></td>
</tr>
<tr>
<td> &nbsp;&nbsp;&nbsp;</td>
<td>
<?php echo "$strRepeatInput"; ?><input type="password" name="new_password_2" maxlength="128" size="16" class="text">
</tr>
<?php
}else{
//添加用户
?>
<tr>
<td><?php echo $strSystemLoginPassword; ?></td>
<td><input type="password" name="password" maxlength="16" size="16" value="<?php echo"$myrows[password]"?>" class="text"></td>
<td width="150"><?php echo $strMoreThanSixAndLessThanSixteencharacters; ?></td>
</tr>
<tr>
<td><?php echo $strRepeatInputtingPassword; ?></td>
<td> <input type="password" name="re_password" maxlength="16" size="16" class="text">
<td width="150"> <?php echo $strMoreThanSixAndLessThanSixteencharacters; ?></td>
</tr>
<?php
}
?>
<tr>
<td><?php echo $strTimeOfLastAccountInfoUpdate; ?></td>
<td>
<?php
if($userName){
echo "$myrows[updateTime]";
}else{
//$updateTime=date("Y-m-d h:i:s",time());
$updateTime=date("Y-m-d H:i:s",mktime(date("H"),date("i"),date("s"),date("m"),date("d"),date("Y")));
echo"$updateTime";
}
?>
</td>
<td>&nbsp;</td>
</tr>
<tr>
<td colspan=3 width=600><?php echo $strPleaseReviewTheTableCarefully; ?></td>
</tr>
<tr align="center">
<td colspan=3 width=600 align=center><p>
<?php
if($userName == ''){
echo "<input type=\"submit\" name=\"uadd\" value=\"$strAdd\" class=\"button\">&nbsp;&nbsp;";
}else{
echo "<input type=\"submit\" name=\"change\" value=\"$strSave\" class=\"button\">&nbsp;&nbsp;";
echo "<input type=\"hidden\" name=\"userName\" value=\"$userName\">";
echo "<input type=\"hidden\" name=\"privilegeFlag\" value=\"$privilegeFlag\">";
}
?>
</td>
</tr>
</table>
</form>
<?php
}///end edit
?>
<?php
//增加用户
//echo "<br>realName=$realName,userName=$userName,password=$password,privilege=$privilege,updateTime=$updateTime";
$uadd=$_POST['uadd'];
$change=$_POST['change'];
if($uadd){
$user_permit = 0;
$userName=$_POST['userName'];
$realName=$_POST['realName'];
$password=$_POST['password'];
//---lyj
$salt = mcrypt_create_iv(16);
$password= $password.$salt;
//---lyj
$selected_permit=$_POST['selected_permit'];
for($i=1; $i < sizeof($privilegeDefArr);$i++){
if($selected_permit == $i){
$user_permit=$privilegeDefArr[$i]['permit'];
break;
}
}
$privilege=$user_permit;
$select_sql ="SELECT count(*) as number_of_records
FROM $table_name
WHERE userName='$userName' ";
$result = mysqli_query($pubConn,$select_sql);
$record = @mysqli_fetch_object($result);
$number_of_records = $record->number_of_records;
//echo "<br>number_of_records=$number_of_records";
//echo "<br>select_sql=$select_sql";
if($number_of_records){
echo "<script language=\"javascript\"> ";
echo "alert('";
echo "$strTheRecordExits,$strAddFails";
echo "'); ";
echo "</script>";
$userName=$old_userNamer;
echo " <meta http-equiv=\"refresh\" content=\"0; url=./userList.php\"> ";
adjust_content_tail();
exit();
}else{ //没注册过的话 则增加新用户
// $str_sql="REPLACE INTO $table_name
// ( realName,userName,password,privilege,updateTime)
// VALUES
// ('$realName','$userName',md5('$password'),'$privilege',CURRENT_TIMESTAMP)
// ";
$str_sql="REPLACE INTO $table_name
( realName,userName,password,privilege,updateTime,salt)
VALUES
('$realName','$userName',md5('$password'),'$privilege',CURRENT_TIMESTAMP,$salt)
";
$log_name=$strAddUser."\'$userName\'";
$result=mysqli_query($pubConn,$str_sql);
echo mysqli_error($pubConn);
if ($result)
$log_name=$log_name.$strSuccessful;
else
$log_name=$log_name.$strFail;
insertLog("$log_name");
if(!$result){
echo "<script language=\"javascript\"> ";
echo "alert('";
echo "$strAddFails";
echo "'); ";
echo "</script>";
$userName=$old_userNamer;
echo " <meta http-equiv=\"refresh\" content=\"0; url=./userList.php\"> ";
adjust_content_tail();
exit();
}else{
echo "<script language=\"javascript\"> ";
echo "alert('";
echo "$strAddSucceeds";
echo "'); ";
echo "</script>";
echo " <meta http-equiv=\"refresh\" content=\"0; url=./userList.php\"> ";
adjust_content_tail();
exit();
}
}
}elseif($change){ //修改用户资料
//修改记录时不能修改userName
$userName=$_POST['userName'];
$realName=$_POST['realName'];
$new_password_1=$_POST['new_password_1'];
if($DEBUG)echo "userName=$userName";
if($DEBUG)echo "realName=$realName";
//to get ConfigNum
$configNumSql="SELECT configNum
FROM $table_name
WHERE userName='$userName'
";
$configResult=mysqli_query($pubConn,$configNumSql);
echo mysqli_error($pubConn);
$configRow=mysqli_fetch_array($configResult);
$configNum=$configRow['configNum'];
if($DEBUG) echo "configNum=$configNum <br>";
if($new_password_1)
{
$selectHis_sql="SELECT password
FROM $history_name
WHERE userName='$userName'
ORDER BY insertTime DESC LIMIT $configNum";
if($DEBUG) echo $selectHis_sql;
$hisResult=mysqli_query($pubConn,$selectHis_sql);
echo mysqli_error($pubConn);
$allRow=array();
while($hisRow=mysqli_fetch_array($hisResult)){
$allRow[]=$hisRow;
}
if ($DEBUG)
{
echo "<pre>";
print_r($allRow); //放要展示的数组变量
echo "</pre>";
}
for($i=0;$i<sizeof($allRow);$i++){
if($new_password_1==$allRow[$i]['password']){
echo" <script>
var configInfo='$Info';
alert(configInfo);
history.go(-1);
</script>";
exit();
}
}
}
//校验是否为黑名单密码
if(isset($new_password_1)){
$blackTable='sysBlackPwd';
$blackSQL="SELECT blackPwd
FROM $blackTable
";
$blackResult = mysqli_query($pubConn,$blackSQL);
if($DEBUG) echo "blacksql=$blackSQL";
$blackRow=array();
while($allBlackRow=mysqli_fetch_array($blackResult)){
$blackRow[]=$allBlackRow;
}
for($i=0;$i<sizeof($blackRow);$i++){
if($new_password_1 == $blackRow[$i]['blackPwd']){
?>
<script>
var info= "<?php echo $plsRe;?>";
alert(info);
history.go(-1);
</script>
<?php
exit;
}
}
}
//lyj
$selected_permit=$_POST['selected_permit'];
$privilegeFlag=$_POST['privilegeFlag'];
if ( 1 == $privilegeFlag ) {
$user_permit = 0;
for($i=1; $i < sizeof($privilegeDefArr);$i++){
if($selected_permit == $i){
$user_permit=$privilegeDefArr[$i]['permit'];
break;
}
}
$privilege=$user_permit;
}
if($userName != $old_userName){
echo "<script language=\"javascript\"> ";
echo "alert('";
echo "$strAddFails,$strCannotChangeUserName,$strIfYouWangToChangeItPleaseUseAddFunction";
echo "'); ";
echo "</script>";
$userName=$old_userName;
}else{
if($new_password_1 != ''){ //修改密码
$saltSql="SELECT salt
FROM $table_name
WHERE userName='$userName'
";
if($DEBUG) echo "<br>saltSql=$saltSql<br>";
$saltResult= mysqli_query($pubConn,$saltSql);
echo mysqli_error($pubConn);
$Saltrow =mysqli_fetch_array($saltResult);
$salt=$Saltrow['salt'];
$password=$new_password_1.$salt;
$chkSQL="SELECT privilege
FROM $table_name
WHERE userName='$userName' AND password=md5('$password')
";
if($DEBUG) echo "<br>chkSQL=$chkSQL<br>";
$chkResult = mysqli_query($pubConn,$chkSQL);
echo mysqli_error($pubConn);
$row = mysqli_fetch_array($chkResult);
if ($language=='eng') $samePassAlert="new password is the same with the old password!";
// echo "$samePassAlert";
if(mysqli_num_rows($chkResult) > 0){
echo "<script languge=\"javascript\">";
echo "var errorAlert='$samePassAlert';";
echo "alert(errorAlert);";
echo "history.go(-1)";
echo "</script>";
exit;
}
if ( 1 == $privilegeFlag ) {
$str_sql= "UPDATE $table_name
SET realName = '$realName',password = md5('$password'),privilege = '$privilege',updateTime=CURRENT_TIMESTAMP,alterPwd = '0',loginNum='1'
WHERE userName ='$userName'
";
$pwdHistory_sql="REPLACE INTO $history_name
(realName,userName,password,configNum,insertTime)
VALUES
('$realName','$userName','$new_password_1','$configNum',CURRENT_TIMESTAMP)
";
$result1=mysqli_query($pubConn,$pwdHistory_sql);
} else{
$str_sql= "UPDATE $table_name
SET realName = '$realName',password = md5('$password'),updateTime=CURRENT_TIMESTAMP,alterPwd = '0',loginNum='1'
WHERE userName ='$userName'
";
$pwdHistory_sql="REPLACE INTO $history_name
(realName,userName,password,configNum,insertTime)
VALUES
('$realName','$userName','$new_password_1','$configNum',CURRENT_TIMESTAMP)
";
$result1=mysqli_query($pubConn,$pwdHistory_sql);
}
}else{ //不修改密码
if ( 1 == $privilegeFlag ) {
$str_sql= "UPDATE $table_name
SET realName = '$realName',privilege = '$privilege',updateTime=CURRENT_TIMESTAMP
WHERE userName ='$userName'
";
} else {
$str_sql= "UPDATE $table_name
SET realName = '$realName',updateTime=CURRENT_TIMESTAMP
WHERE userName ='$userName'
";
}
}
//echo "<br>str_sql=$str_sql";
$log_name=$strEditUser."\'$userName\'";
$result = mysqli_query($pubConn,$str_sql);
if ($result)
$log_name = $log_name.$strSuccessful;
else
$log_name = $log_name.$strFail;
insertLog("$log_name");
if(!$result){ //插入日志中的$result
echo "<script language=\"javascript\"> ";
echo "alert('";
echo "$strModificationFails";
echo "'); ";
echo "</script>";
$userName=$old_userNamer;
}else{
echo "<script language=\"javascript\"> ";
echo "alert('";
echo "$strModificationSucceeds";
echo "'); ";
echo "</script>";
}
echo " <meta http-equiv=\"refresh\" content=\"0; url=./login.php\"> ";
}
}
//删除用户
//if($delete)
if ($confMode == 'del')
{
//echo "<br>userName=$userName";
$sureDel = $_POST['sureDel'];
//$userName=$_REQUEST['userName'];
echo "$sureDel<br>";
if (($sureDel == 'Yes')||($sureDel=='是')){
$delSql="DELETE FROM $table_name WHERE userName='$userName'";
if($DEBUG) echo "<br>delSql = $delSql";
$del_result = mysqli_query($pubConn,$delSql);
//echo "<br>del_result=$del_result";
if ($del_result==1){
echo "<br><font size=3 color=blue>$strDelete $strSuccessful</font>";
$log_name=$strDelUser."\'$userName\'".$strSuccessful;
insertLog("$log_name");
}
echo " <meta http-equiv=\"refresh\" content=\"1; url=./userList.php\"> ";
}
elseif (($sureDel == 'No')||($sureDel=='否')){
echo "<br><font size=3 color=blue>$strDelCancel</font>";
echo " <meta http-equiv=\"refresh\" content=\"3; url=./userList.php\"> ";
//$confMode='edit';
}
else{
echo "<font size=3 color=black>$strSureDel<font size=3 color=blue>$userName </font>?</font>";
echo "<form method=\"POST\" name=\"confForm\" action=\"$PHP_SELF\">";
echo "<input type=\"submit\" name=\"sureDel\" value=$strYes class=\"button\">";
echo "<input type=\"submit\" name=\"sureDel\" value=$strNo class=\"button\">";
echo "<input type=\"hidden\" name=\"confMode\" value=\"del\">";
echo "<input type=\"hidden\" name=\"userName\" value=\"$userName\">";
echo "</form>";
adjust_content_tail();
exit();
}
}
adjust_content_tail();
?>
</html>
Reference in New Issue View Git Blame Copy Permalink