From ff42d1f2eb4ffed25b140dd41eecd41d4b54388a Mon Sep 17 00:00:00 2001 From: wangchunsheng Date: Fri, 2 Jul 2010 07:58:36 +0000 Subject: [PATCH] + add the suport of get method identify. --- trunk/module/user/control.php | 12 ++++++++++-- trunk/module/user/model.php | 7 ++++++- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/trunk/module/user/control.php b/trunk/module/user/control.php index 3c0ed43975..b22cec6406 100644 --- a/trunk/module/user/control.php +++ b/trunk/module/user/control.php @@ -296,9 +296,17 @@ class user extends control } /* 用户提交了登陆信息,则检查用户的身份。*/ - if(!empty($_POST)) + if(!empty($_POST) or !empty($_GET)) { - $user = $this->user->identify($this->post->account, $this->post->password); + $account = ''; + $password = ''; + if($this->post->account) $account = $this->post->account; + if($this->get->account) $account = $this->get->account; + if($this->post->password) $password = $this->post->password; + if($this->get->password) $password = $this->get->password; + + $user = $this->user->identify($account, $password); + if($user) { /* 对用户进行授权,并登记session。*/ diff --git a/trunk/module/user/model.php b/trunk/module/user/model.php index 11f5b8e2f5..b7a26bd663 100644 --- a/trunk/module/user/model.php +++ b/trunk/module/user/model.php @@ -174,7 +174,12 @@ class userModel extends model ->andWhere('deleted')->eq(0) ->fetch(); - if(strlen($password) == 32) $user = ($password == md5($user->password . $this->session->rand))?$user:''; + /* 密码长度为32位,改用md5 hash方式验证。*/ + if(strlen($password) == 32) + { + $hash = $this->session->rand ? md5($user->password . $this->session->rand) : $user->password; + $user = $password == $hash ? $user : ''; + } if($user) {