Design/EasySoft-ZenTaoPMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 30 Wiki Activity

* finish task #2246.

Browse Source 
* code task #2252.
This commit is contained in:
wangyidong
2015-05-12 11:14:46 +08:00
parent 9a0dda6d07
commit ff8ac1f30f
19 changed files with 457 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
module/admin/config.php
View File

@@ -8,3 +8,6 @@ $config->url->faq = 'http://www.zentao.net/ask-faq.html';
$config->url->extension = 'http://www.zentao.net/extension-browse.html';
$config->url->donation = 'http://www.zentao.net/help-donation.html';
$config->url->service = 'http://www.cnezsoft.com/article-browse-1078.html';
if(!isset($config->safe)) $config->safe = new stdclass();
$config->safe->weak = '123456,password,12345,12345678,qwerty,123456789,1234,1234567,abc123,111111,123123';

34
module/admin/control.php
View File

@@ -120,4 +120,38 @@ class admin extends control
echo "Repairing TABLE: " . $result->Table . "\t" . $result->Msg_type . ":" . $result->Msg_text . "\n";
}
}
/**
* Account safe.
*
* @access public
* @return void
*/
public function safe()
{
if($_POST)
{
$data = fixer::input('post')->get();
$this->loadModel('setting')->setItems('system.common.safe', $data);
die(js::reload('parent'));
}
$this->view->title = $this->lang->admin->safe->common . $this->lang->colon . $this->lang->admin->safe->account;
$this->view->position[] = $this->lang->admin->safe->common;
$this->display();
}
/**
* Check weak user.
*
* @access public
* @return void
*/
public function checkWeak()
{
$this->view->title = $this->lang->admin->safe->common . $this->lang->colon . $this->lang->admin->safe->checkWeak;
$this->view->position[] = html::a(inlink('safe'), $this->lang->admin->safe->common);
$this->view->position[] = $this->lang->admin->safe->checkWeak;
$this->view->weakUsers = $this->loadModel('user')->getWeakUsers();
$this->display();
}
}

14
module/admin/lang/en.php
View File

@@ -42,3 +42,17 @@ $lang->admin->bind = new stdclass();
$lang->admin->bind->caption = 'Bind with community account';
$lang->admin->bind->action = 'bind';
$lang->admin->bind->success = "Bind success";
$lang->admin->safe = new stdclass();
$lang->admin->safe->common = 'Safe';
$lang->admin->safe->account = 'Account';
$lang->admin->safe->checkPwd = 'Check password';
$lang->admin->safe->weak = 'weak Password';
$lang->admin->safe->checkWeak = 'Weak password check';
$lang->admin->safe->weakUser = 'Weak password account';
$lang->admin->safe->modeList[0] = 'Do not check';
$lang->admin->safe->modeList[1] = 'Intermediate';
$lang->admin->safe->modeList[2] = 'Strong';
$lang->admin->safe->noticeMode = 'The system will log in, create and modify the user password, check the user password.';

14
module/admin/lang/zh-cn.php
View File

@@ -42,3 +42,17 @@ $lang->admin->bind = new stdclass();
$lang->admin->bind->caption = '关联社区账号';
$lang->admin->bind->action = '关联';
$lang->admin->bind->success = "关联账户成功";
$lang->admin->safe = new stdclass();
$lang->admin->safe->common = '安全';
$lang->admin->safe->account = '账号';
$lang->admin->safe->checkPwd = '密码检查';
$lang->admin->safe->weak = '常用弱口令';
$lang->admin->safe->checkWeak = '弱口令检查';
$lang->admin->safe->weakUser = '弱口令账号';
$lang->admin->safe->modeList[0] = '不检查';
$lang->admin->safe->modeList[1] = '中';
$lang->admin->safe->modeList[2] = '强';
$lang->admin->safe->noticeMode = '系统会在登录、创建和修改用户、修改密码的时候检查用户口令。';

51
module/admin/view/checkweak.html.php Normal file
View File

@@ -0,0 +1,51 @@
<?php
/**
* The safe view file of admin module of ZenTaoPMS.
*
* @copyright Copyright 2009-2015 青岛易软天创网络科技有限公司(QingDao Nature Easy Soft Network Technology Co,LTD, www.cnezsoft.com)
* @license ZPL (http://zpl.pub/page/zplv11.html)
* @author Yidong Wang <yidong@cnezsoft.com>
* @package admin
* @version $Id$
* @link http://www.zentao.net
*/
?>
<?php include '../../common/view/header.html.php';?>
<div id='featurebar'>
<ul class='nav'>
<li class='active'><?php echo html::a($this->inlink('safe'), $lang->admin->safe->account);?></li>
</ul>
</div>
<div class='container mw-800px'>
<div id="titlebar">
<div class="heading">
<strong><?php echo $lang->admin->safe->weakUser?></strong>
<?php echo html::a(inlink('safe'), $lang->goback, '', "class=''")?>
</div>
</div>
<table class='table table-condensed table-hover table-striped table-fixed'>
<thead>
<th class='w-id'><?php echo $lang->idAB;?></th>
<th><?php echo $lang->user->realname;?></th>
<th><?php echo $lang->user->account;?></th>
<th><?php echo $lang->user->phone;?></th>
<th><?php echo $lang->user->mobile;?></th>
<th><?php echo $lang->user->birthday;?></th>
<th class='w-50px'><?php echo $lang->actions;?></th>
</thead>
<tbody>
<?php foreach($weakUsers as $user):?>
<tr>
<td><?php echo $user->id?></td>
<td><?php echo $user->realname?></td>
<td><?php echo $user->account?></td>
<td><?php echo $user->phone?></td>
<td><?php echo $user->mobile?></td>
<td><?php echo $user->birthday?></td>
<td><?php common::printIcon('user', 'edit', "userID=$user->id", '', 'list');?></td>
</tr>
<?php endforeach;?>
</tbody>
</table>
</div>
<?php include '../../common/view/footer.html.php';?>

38
module/admin/view/safe.html.php Normal file
View File

@@ -0,0 +1,38 @@
<?php
/**
* The safe view file of admin module of ZenTaoPMS.
*
* @copyright Copyright 2009-2015 青岛易软天创网络科技有限公司(QingDao Nature Easy Soft Network Technology Co,LTD, www.cnezsoft.com)
* @license ZPL (http://zpl.pub/page/zplv11.html)
* @author Yidong Wang <yidong@cnezsoft.com>
* @package admin
* @version $Id$
* @link http://www.zentao.net
*/
?>
<?php include '../../common/view/header.html.php';?>
<div id='featurebar'>
<ul class='nav'>
<li class='active'><?php echo html::a($this->inlink('safe'), $lang->admin->safe->account);?></li>
</ul>
</div>
<div class='container mw-800px'>
<form method='post' target='hiddenwin'>
<table class='table table-form'>
<tr>
<th class='w-100px'><?php echo $lang->admin->safe->checkPwd?></th>
<td><?php echo html::select('mode', $lang->admin->safe->modeList, isset($config->safe->mode) ? $config->safe->mode : 0, "class='form-control'")?></td>
<td><?php echo $lang->admin->safe->noticeMode?></td>
</tr>
<tr>
<th><?php echo $lang->admin->safe->weak?></th>
<td colspan='2'><?php echo html::input('weak', $config->safe->weak, "class='form-control'")?></td>
</tr>
<tr>
<th></th>
<td colspan='2'><?php echo html::submitButton() . html::a(inlink('checkWeak'), $lang->admin->safe->checkWeak, '', "class='btn'");?></td>
</tr>
</table>
</form>
</div>
<?php include '../../common/view/footer.html.php';?>

1
module/common/lang/en.php
View File

@@ -283,6 +283,7 @@ $lang->admin->menu->custom = array('link' => 'Custom|custom|index', 'subModul
$lang->admin->menu->mail = array('link' => 'Email|mail|index', 'subModule' => 'mail');
$lang->admin->menu->convert = array('link' => 'Import|convert|index', 'subModule' => 'convert');
$lang->admin->menu->backup = array('link' => 'Backup|backup|index', 'subModule' => 'backup');
$lang->admin->menu->safe = array('link' => 'Safe|admin|safe',);
$lang->admin->menu->cron = array('link' => 'Cron|cron|index', 'subModule' => 'cron');
$lang->admin->menu->trashes = array('link' => 'Trash|action|trash', 'subModule' => 'action');
$lang->admin->menu->dev = array('link' => 'Develop|dev|api', 'alias' => 'db', 'subModule' => 'dev,editor');

3
module/common/lang/menuOrder.php
View File

@@ -115,7 +115,8 @@ $lang->admin->menuOrder[40] = 'convert';
$lang->admin->menuOrder[45] = 'cron';
$lang->admin->menuOrder[50] = 'backup';
$lang->admin->menuOrder[55] = 'dev';
$lang->admin->menuOrder[60] = 'trashes';
$lang->admin->menuOrder[60] = 'safe';
$lang->admin->menuOrder[65] = 'trashes';
$lang->convert->menuOrder = $lang->admin->menuOrder;
$lang->upgrade->menuOrder = $lang->admin->menuOrder;
$lang->action->menuOrder = $lang->admin->menuOrder;

1
module/common/lang/zh-cn.php
View File

@@ -283,6 +283,7 @@ $lang->admin->menu->custom = array('link' => '自定义|custom|index', 'subMo
$lang->admin->menu->mail = array('link' => '发信|mail|index', 'subModule' => 'mail');
$lang->admin->menu->convert = array('link' => '导入|convert|index', 'subModule' => 'convert');
$lang->admin->menu->backup = array('link' => '备份|backup|index', 'subModule' => 'backup');
$lang->admin->menu->safe = array('link' => '安全|admin|safe',);
$lang->admin->menu->cron = array('link' => '计划任务|cron|index', 'subModule' => 'cron');
$lang->admin->menu->trashes = array('link' => '回收站|action|trash', 'subModule' => 'action');
$lang->admin->menu->dev = array('link' => '二次开发|dev|api', 'alias' => 'db', 'subModule' => 'dev,editor');

18
module/my/view/changepassword.html.php
View File

@@ -21,9 +21,18 @@
<th class='rowhead w-80px'><?php echo $lang->user->account;?></th>
<td><?php echo $user->account . html::hidden('account',$user->account);?></td>
</tr>
<tr>
<th><?php echo $lang->user->originalPwd;?></th>
<td><?php echo html::password('originalPwd', '', "class='form-control'");?></td>
</tr>
<tr>
<th><?php echo $lang->user->password;?></th>
<td><?php echo html::password('password1', '', "class='form-control'");?></td>
<td>
<span class='input-group'>
<?php echo html::password('password1', '', "class='form-control' autocomplete='off' onkeyup='checkPwd(this.value)'");?>
<span class='input-group-addon' id='pwdLevel'></span>
</span>
</td>
</tr>
<tr>
<th><?php echo $lang->user->password2;?></th>
@@ -37,4 +46,11 @@
</form>
</div>
<?php js::set('pwdLevelList', $lang->user->pwdLevelList)?>
<script>
function checkPwd(password)
{
$('#pwdLevel').html(pwdLevelList[pwdLevel(password)]);
}
</script>
<?php include '../../common/view/footer.html.php';?>

25
module/my/view/editprofile.html.php
View File

@@ -47,13 +47,18 @@
<table class='table table-form'>
<tr>
<th class='w-90px'><?php echo $lang->user->account;?></th>
<td><?php echo html::input('account', $user->account, "class='form-control' readonly='readonly'");?></td>
<td style='width:33%'><?php echo html::input('account', $user->account, "class='form-control' readonly='readonly'");?></td>
<th class='w-90px'><?php echo $lang->user->commiter;?></th>
<td><?php echo html::input('commiter', $user->commiter, "class='form-control'");?></td>
</tr>
<tr>
<th><?php echo $lang->user->password;?></th>
<td><?php echo html::password('password1', '', "class='form-control'");?></td>
<td>
<span class='input-group'>
<?php echo html::password('password1', '', "class='form-control' autocomplete='off' onkeyup='checkPwd(this.value)'");?>
<span class='input-group-addon' id='pwdLevel'></span>
</span>
</td>
<th><?php echo $lang->user->password2;?></th>
<td><?php echo html::password('password2', '', "class='form-control'");?></td>
</tr>
@@ -93,7 +98,23 @@
</tr>
</table>
</fieldset>
<fieldset>
<legend><?php echo $lang->user->verify;?></legend>
<table class='table table-form'>
<tr>
<th class='w-90px'><?php echo $lang->user->verifyPwd;?></th>
<td><?php echo html::password('verifyPwd', '', "class='form-control' placeholder='{$lang->user->placeholder->verify}'");?></td>
</tr>
</table>
</fieldset>
<div class='text-center'><?php echo html::submitButton('', '', 'btn-primary') . ' &nbsp; ' . html::backButton();?></div>
</form>
</div>
<?php js::set('pwdLevelList', $lang->user->pwdLevelList)?>
<script>
function checkPwd(password)
{
$('#pwdLevel').html(pwdLevelList[pwdLevel(password)]);
}
</script>
<?php include '../../common/view/footer.html.php';?>

16
module/user/control.php
View File

@@ -532,16 +532,13 @@ class user extends control
* @access public
* @return void
*/
public function delete($userID, $confirm = 'no')
public function delete($userID)
{
$user = $this->user->getByID($userID);
if(strpos($this->app->company->admins, ",{$this->app->user->account},") !== false and $this->app->user->account == $user->account) return;
if($confirm == 'no')
{
die(js::confirm($this->lang->user->confirmDelete, $this->createLink('user', 'delete', "userID=$userID&confirm=yes")));
}
else
if($_POST)
{
if(md5($this->post->verifyPwd) != $this->app->user->password) die(js::alert($this->lang->user->error->verifyPwd));
$this->user->delete(TABLE_USER, $userID);
/* if ajax request, send result. */
@@ -559,8 +556,10 @@ class user extends control
}
$this->send($response);
}
die(js::locate($this->session->userList, 'parent'));
die(js::locate($this->session->userList, 'parent.parent'));
}
$this->display();
}
/**
@@ -657,6 +656,9 @@ class user extends control
/* Keep login. */
if($this->post->keepLogin) $this->user->keepLogin($user);
/* Check password. */
if(isset($this->config->safe->mode) and $this->user->pwdLevel($password) < $this->config->safe->mode) echo js::alert($this->lang->user->weakPwd);
/* Go to the referer. */
if($this->post->referer and
strpos($this->post->referer, $loginLink) === false and

5
module/user/js/common.js
View File

@@ -39,3 +39,8 @@ function changeEmail(num)
if(mailsuffix != '' && (mailValue == '' || mailValue == account[num] + mailsuffix)) $('.email_' + num).val($('.account_' + num).val() + mailsuffix);
account[num] = $('.account_' + num).val();
}
function checkPwd(password)
{
$('#pwdLevel').html(pwdLevelList[pwdLevel(password)]);
}

11
module/user/lang/en.php
View File

@@ -27,6 +27,7 @@ $lang->user->gender = 'Gender';
$lang->user->email = 'Email';
$lang->user->basicInfo = 'Basic info';
$lang->user->accountInfo = 'Account info';
$lang->user->verify = 'Safety verification';
$lang->user->contactInfo = 'Contact info';
$lang->user->skype = 'Skype';
$lang->user->qq = 'QQ';
@@ -43,6 +44,8 @@ $lang->user->ip = 'Last IP';
$lang->user->last = 'Last login';
$lang->user->status = 'Status';
$lang->user->ditto = 'Ditto';
$lang->user->originalPwd = 'Original password';
$lang->user->verifyPwd = 'Verify password';
$lang->user->index = "Index";
$lang->user->view = "Info";
@@ -103,6 +106,7 @@ $lang->user->errorDeny = "Sorry, you can't access the <b>%s</b> module's <b>%s
$lang->user->loginFailed = "Login failed, please check your account and password.";
$lang->user->lockWarning = "You only have %s times to try.";
$lang->user->loginLocked = "You try the password too many times, please contact the administrator or try again after %s minutes.";
$lang->user->weakPwd = "Your password strength is less than the system settings.";
$lang->user->roleList[''] = '';
$lang->user->roleList['dev'] = 'Developer';
@@ -118,6 +122,10 @@ $lang->user->roleList['others'] = 'Others';
$lang->user->genderList['m'] = 'Male';
$lang->user->genderList['f'] = 'Female';
$lang->user->pwdLevelList[0] = 'Weak';
$lang->user->pwdLevelList[1] = 'Intermediate';
$lang->user->pwdLevelList[2] = 'Strong';
$lang->user->statusList['active'] = 'Activate';
$lang->user->statusList['delete'] = 'Deleted';
@@ -131,6 +139,7 @@ $lang->user->placeholder->role = '';
$lang->user->placeholder->group = '';
$lang->user->placeholder->join = 'The date the employee joined the company';
$lang->user->placeholder->commiter = 'The account in version control systems';
$lang->user->placeholder->verify = 'You need to enter the password to verify.';
$lang->user->error = new stdclass();
$lang->user->error->account = "ID %sLetters/underline/numbers, three above";
@@ -139,6 +148,8 @@ $lang->user->error->realname = "ID %splease input realname";
$lang->user->error->password = "ID %spassword must be six letters at least";
$lang->user->error->mail = "ID %splease input correct email address";
$lang->user->error->role = "ID %splease input role";
$lang->user->error->verifyPwd = "Please enter the correct password";
$lang->user->error->originalPwd = "The original password is not correct";
$lang->user->contacts = new stdclass();
$lang->user->contacts->common = 'Contacts';

11
module/user/lang/zh-cn.php
View File

@@ -27,6 +27,7 @@ $lang->user->gender = '性别';
$lang->user->email = '邮箱';
$lang->user->basicInfo = '基本信息';
$lang->user->accountInfo = '帐号信息';
$lang->user->verify = '安全验证';
$lang->user->contactInfo = '联系信息';
$lang->user->skype = 'Skype';
$lang->user->qq = 'QQ';
@@ -43,6 +44,8 @@ $lang->user->ip = '最后IP';
$lang->user->last = '最后登录';
$lang->user->status = '状态';
$lang->user->ditto = '同上';
$lang->user->originalPwd = '原密码';
$lang->user->verifyPwd = '验证密码';
$lang->user->index = "用户视图首页";
$lang->user->view = "用户详情";
@@ -103,6 +106,7 @@ $lang->user->errorDeny = "抱歉,您无权访问『<b>%s</b>』模块的『<
$lang->user->loginFailed = "登录失败,请检查您的用户名或密码是否填写正确。";
$lang->user->lockWarning = "您还有%s次尝试机会。";
$lang->user->loginLocked = "密码尝试次数太多,请联系管理员解锁,或%s分钟后重试。";
$lang->user->weakPwd = "您的密码强度小于系统设定。";
$lang->user->roleList[''] = '';
$lang->user->roleList['dev'] = '研发';
@@ -118,6 +122,10 @@ $lang->user->roleList['others'] = '其他';
$lang->user->genderList['m'] = '男';
$lang->user->genderList['f'] = '女';
$lang->user->pwdLevelList[0] = '弱';
$lang->user->pwdLevelList[1] = '中';
$lang->user->pwdLevelList[2] = '强';
$lang->user->statusList['active'] = '正常';
$lang->user->statusList['delete'] = '删除';
@@ -131,6 +139,7 @@ $lang->user->placeholder->role = '职位影响内容和用户列表的顺
$lang->user->placeholder->group = '分组决定用户的权限列表。';
$lang->user->placeholder->join = '入职日期';
$lang->user->placeholder->commiter = '版本控制系统(subversion)中的帐号';
$lang->user->placeholder->verify = '需要输入你的密码加以验证';
$lang->user->error = new stdclass();
$lang->user->error->account = "ID %s英文、数字和下划线的组合三位以上";
@@ -139,6 +148,8 @@ $lang->user->error->realname = "ID %s必须填写真实姓名";
$lang->user->error->password = "ID %s密码必须六位以上";
$lang->user->error->mail = "ID %s请填写正确的邮箱地址";
$lang->user->error->role = "ID %s职位不能为空";
$lang->user->error->verifyPwd = "请输入正确验证密码";
$lang->user->error->originalPwd = "原密码不正确";
$lang->user->contacts = new stdclass();
$lang->user->contacts->common = '联系人';

148
module/user/model.php
View File

@@ -206,9 +206,21 @@ class userModel extends model
->setDefault('join', '0000-00-00')
->setIF($this->post->password1 != false, 'password', md5($this->post->password1))
->setIF($this->post->password1 == false, 'password', '')
->remove('group, password1, password2')
->remove('group, password1, password2, verifyPwd')
->get();
if(isset($this->config->safe->mode) and $this->pwdLevel($this->post->password1) < $this->config->safe->mode)
{
dao::$errors['password1'][] = $this->lang->user->weakPwd;
return false;
}
if(empty($_POST['verifyPwd']) or md5($this->post->verifyPwd) != $this->app->user->password)
{
dao::$errors['verifyPwd'][] = $this->lang->user->error->verifyPwd;
return false;
}
$this->dao->insert(TABLE_USER)->data($user)
->autoCheck()
->batchCheck($this->config->user->create->requiredFields, 'notempty')
@@ -234,6 +246,8 @@ class userModel extends model
*/
public function batchCreate()
{
if(empty($_POST['verifyPwd']) or md5($this->post->verifyPwd) != $this->app->user->password) die(js::alert($this->lang->user->error->verifyPwd));
$users = fixer::input('post')->get();
$data = array();
$accounts = array();
@@ -297,7 +311,7 @@ class userModel extends model
*/
public function update($userID)
{
if(!$this->checkPassword()) return;
if(!$this->checkPassword(true)) return;
$oldUser = $this->getById($userID);
@@ -305,9 +319,21 @@ class userModel extends model
$user = fixer::input('post')
->setDefault('join', '0000-00-00')
->setIF($this->post->password1 != false, 'password', md5($this->post->password1))
->remove('password1, password2, groups')
->remove('password1, password2, groups,verifyPwd')
->get();
if(isset($this->config->safe->mode) and $user->password and $this->pwdLevel($this->post->password1) < $this->config->safe->mode)
{
dao::$errors['password1'][] = $this->lang->user->weakPwd;
return false;
}
if(empty($_POST['verifyPwd']) or md5($this->post->verifyPwd) != $this->app->user->password)
{
dao::$errors['verifyPwd'][] = $this->lang->user->error->verifyPwd;
return false;
}
$this->dao->update(TABLE_USER)->data($user)
->autoCheck()
->batchCheck($this->config->user->edit->requiredFields, 'notempty')
@@ -340,6 +366,7 @@ class userModel extends model
$this->dao->insert(TABLE_USERGROUP)->data($data)->exec();
}
}
if($user->password and $user->account == $this->app->user->account) $this->app->user->password = $user->password;
}
/**
@@ -350,6 +377,8 @@ class userModel extends model
*/
public function batchEdit()
{
if(empty($_POST['verifyPwd']) or md5($this->post->verifyPwd) != $this->app->user->password) die(js::alert($this->lang->user->error->verifyPwd));
$oldUsers = $this->dao->select('id, account')->from(TABLE_USER)->where('id')->in(array_keys($this->post->account))->fetchPairs('id', 'account');
$accountGroup = $this->dao->select('id, account')->from(TABLE_USER)->where('account')->in($this->post->account)->fetchGroup('account', 'id');
@@ -406,10 +435,23 @@ class userModel extends model
$user = fixer::input('post')
->setIF($this->post->password1 != false, 'password', md5($this->post->password1))
->remove('account, password1, password2')
->remove('account, password1, password2, originalPwd')
->get();
if(isset($this->config->safe->mode) and $this->pwdLevel($this->post->password1) < $this->config->safe->mode)
{
dao::$errors['password1'][] = $this->lang->user->weakPwd;
return false;
}
if(empty($_POST['originalPwd']) or md5($this->post->originalPwd) != $this->app->user->password)
{
dao::$errors['originalPwd'][] = $this->lang->user->error->originalPwd;
return false;
}
$this->dao->update(TABLE_USER)->data($user)->autoCheck()->where('id')->eq((int)$userID)->exec();
$this->app->user->password = $user->password;
}
/**
@@ -418,9 +460,9 @@ class userModel extends model
* @access public
* @return bool
*/
public function checkPassword()
public function checkPassword($canNoPwd = false)
{
if(empty($_POST['password1'])) dao::$errors['password'][] = sprintf($this->lang->error->notempty, $this->lang->user->password);
if(!$canNoPwd and empty($_POST['password1'])) dao::$errors['password'][] = sprintf($this->lang->error->notempty, $this->lang->user->password);
if($this->post->password1 != false)
{
if($this->post->password1 != $this->post->password2) dao::$errors['password'][] = $this->lang->error->passwordsame;
@@ -824,4 +866,98 @@ class userModel extends model
return $data;
}
/**
* Get weak users.
*
* @access public
* @return array
*/
public function getWeakUsers()
{
$users = $this->dao->select('*')->from(TABLE_USER)->where('deleted')->eq(0)->fetchAll();
$weaks = array();
foreach(explode(',', $this->config->safe->weak) as $weak)
{
$weak = md5(trim($weak));
$weaks[$weak] = $weak;
}
$weakUsers = array();
foreach($users as $user)
{
if(isset($weaks[$user->password])
or $user->password == md5($user->account)
or ($user->phone and $user->password == md5($user->phone))
or ($user->mobile and $user->password == md5($user->mobile))
or ($user->birthday and $user->password == md5($user->birthday))
)
{
$weakUsers[] = $user;
}
}
return $weakUsers;
}
/**
* Get password level.
*
* @param string $password
* @access public
* @return int
*/
public function pwdLevel($password)
{
if(strlen($password) == 0) return 0;
$strength = 0;
$length = strlen($password);
if(strtolower($password) != $password) $strength += 1;
if(strtoupper($password) == $password) $strength += 1;
if($length >= 4 && $length <= 7)
{
$strength += 1;
}
elseif($length >= 8 && $length <= 15)
{
$strength += 2;
}
elseif($length >= 16 && $length <= 35)
{
$strength += 3;
}
elseif($length > 35)
{
$strength += 4;
}
$uniqueChars = '';
$chars = str_split($password);
foreach($chars as $letter)
{
if($letter >= 48 && $letter <= 57)
{
$strength += 1;
}
elseif($letter >= 65 && $letter <= 90)
{
$strength += 1;
}
elseif(!($letter >= 97 && $letter <= 122))
{
$strength += 2;
}
if(strpos($uniqueChars, $letter) === false) $uniqueChars .= $letter;
}
$strength += strlen($uniqueChars) * 2;
$strength = $strength > 99 ? 99 : $strength;
$strength = floor($strength / 10);
$strength = floor($strength / 3);
return $strength;
}
}

12
module/user/view/create.html.php
View File

@@ -37,7 +37,12 @@
</tr>
<tr>
<th><?php echo $lang->user->password;?></th>
<td><?php echo html::password('password1', '', "class='form-control' autocomplete='off'");?></td>
<td>
<span class='input-group'>
<?php echo html::password('password1', '', "class='form-control' autocomplete='off' onkeyup='checkPwd(this.value)'");?>
<span class='input-group-addon' id='pwdLevel'></span>
</span>
</td>
</tr>
<tr>
<th><?php echo $lang->user->password2;?></th>
@@ -69,9 +74,14 @@
<th><?php echo $lang->user->gender;?></th>
<td><?php echo html::radio('gender', (array)$lang->user->genderList, 'm');?></td>
</tr>
<tr>
<th><?php echo $lang->user->verifyPwd;?></th>
<td><?php echo html::password('verifyPwd', '', "class='form-control' autocomplete='off' placeholder='{$lang->user->placeholder->verify}'");?></td>
</tr>
<tr><th></th><td><?php echo html::submitButton() . html::backButton();?></td></tr>
</table>
</form>
</div>
<?php js::set('pwdLevelList', $lang->user->pwdLevelList)?>
<?php include '../../common/view/footer.html.php';?>

17
module/user/view/edit.html.php
View File

@@ -54,7 +54,12 @@
</tr>
<tr>
<th><?php echo $lang->user->password;?></th>
<td><?php echo html::password('password1', '', "class='form-control' autocomplete='off'");?></td>
<td>
<span class='input-group'>
<?php echo html::password('password1', '', "class='form-control' autocomplete='off' onkeyup='checkPwd(this.value)'");?>
<span class='input-group-addon' id='pwdLevel'></span>
</span>
</td>
<th><?php echo $lang->user->password2;?></th>
<td><?php echo html::password('password2', '', "class='form-control' autocomplete='off'");?></td>
</tr>
@@ -93,8 +98,16 @@
<th><?php echo $lang->user->zipcode;?></th>
<td><?php echo html::input('zipcode', $user->zipcode, "class='form-control'");?></td>
</tr>
<tr><td colspan='5' class='text-center'><?php echo html::submitButton() . html::backButton();?></td></tr>
</table>
<table align='center' class='table table-form'>
<caption class='text-left text-muted'><?php echo $lang->user->verify;?></caption>
<tr>
<th class='w-90px'><?php echo $lang->user->verifyPwd;?></th>
<td><?php echo html::password('verifyPwd', '', "class='form-control' autocomplete='off' placeholder='{$lang->user->placeholder->verify}'");?></td>
</tr>
<tr><td colspan='2' class='text-center'><?php echo html::submitButton() . html::backButton();?></td></tr>
</table>
</form>
</div>
<?php js::set('pwdLevelList', $lang->user->pwdLevelList)?>
<?php include '../../common/view/footer.html.php';?>

55
www/js/my.full.js
View File

@@ -1261,6 +1261,61 @@ function startCron()
$.ajax({type:"GET", timeout:100, url:createLink('cron', 'ajaxExec')});
}
function pwdLevel(password)
{
if(password.length == 0) return 0;
var strength = 0;
var length = password.length;
if(password.toLowerCase() != password) strength += 1;
if(password.toUpperCase() == password) strength += 1;
if(length >= 4 && length <= 7)
{
strength += 1;
}
else if(length >= 8 && length <= 15)
{
strength += 2;
}
else if(length >= 16 && length <= 35)
{
strength += 3;
}
else if(length > 35)
{
strength += 4;
}
var uniqueChars = '';
for(i = 0; i < length; i++)
{
letter = password.charAt(i);
if(letter >= 48 && letter <= 57)
{
strength += 1;
}
else if((letter >= 65 && letter <= 90))
{
strength += 1;
}
else(!(letter >= 97 && letter <= 122))
{
strength += 2;
}
if(uniqueChars.indexOf(letter) == -1) uniqueChars += letter;
}
strength += uniqueChars.length * 2;
strength = strength > 99 ? 99 : strength;
strength = Math.floor(strength / 10);
strength = Math.floor(strength / 3);
return strength;
}
/* Ping the server every some minutes to keep the session. */
needPing = true;