分析利用VIP卡号登陆ecshop

2009-08-25 17:18 来源:www.chinab4c.com 作者:ecshop专家

     在使用ecshop电子商务系统过程中,我遇见一个朋友。要开VIP会员卡进行登陆站点。其实也不复杂。就是在会员信息的字段里面增加几个。

    1:alter table ecs_users add column vipcard_sn varchar(120),  add column vipcard_pwd varchar(120)  , add column vipother varchar(256)
    2:在后台编辑会员基本信息的地方加几个输入框。

     <tr>
      <td class="label">VIP卡号</td>
      <td><input name="vipcard_sn" type="text" id="vipcard_sn" value="{$user.vipcard_sn}" size="40" maxlength="60" /></td>
    </tr>
    <tr>
      <td class="label">VIP密码</td>
      <td><input name="vipcard_pwd" type="text" id="vipcard_pwd" value="{$user.vipcard_pwd}" size="40" maxlength="60" /></td>
    </tr>
    <tr>
      <td class="label">消费记录</td>
      <td><input name="vipother" type="text" id="vipother" value="{$user.vipother}" size="40" maxlength="60" /></td>
    </tr>

   3:编辑会员信息增加以下程序

    $vipcard_sn = empty($_POST['vipcard_sn']) ? '' : trim($_POST['vipcard_sn']);
    $vipcard_pwd = empty($_POST['vipcard_pwd']) ? '' : trim($_POST['vipcard_pwd']);
    $vipother = empty($_POST['vipother']) ? '' : trim($_POST['vipother']);

  
        $user['vipcard_sn']        = $row['vipcard_sn'];
        $user['vipcard_pwd']        = $row['vipcard_pwd'];
        $user['vipother']        = $row['vipother'];

      sql语句中增加以下数据'vipcard_sn' => $vipcard_sn,'vipcard_pwd' => $vipcard_pwd,'vipother' => $vipother。做为数组。sql语句的控制字段增加u.vipcard_sn, u.vipcard_pwd, u.vipother,

 

4:前台登陆验证的JS

function userLogin_card()
{
  var frm      = document.forms['formLogin_card'];
  var vipcard_sn = frm.elements['vipcard_sn'].value;
  var vipcard_pwd = frm.elements['vipcard_pwd'].value;
  var msg = '';

  if (vipcard_sn.length == 0)
  {
    msg += '卡号不能为空' + '\n';
  }

  if (vipcard_pwd.length == 0)
  {
    msg += '密码不能为空' + '\n';
  }

  if (msg.length > 0)
  {
    alert(msg);
    return false;
  }
  else
  {
    return true;
  }
}
 

5:前台登陆界面

elseif ($action == 'login_card'){
 if (empty($back_act) && isset($GLOBALS['_SERVER']['HTTP_REFERER']))
    {
        $back_act = strpos($GLOBALS['_SERVER']['HTTP_REFERER'], 'user.php') ? './index.php' : $GLOBALS['_SERVER']['HTTP_REFERER'];
    }
    else
    {
        $back_act = 'user.php';
    }

    $captcha = intval($_CFG['captcha']);
    if (($captcha & CAPTCHA_LOGIN) && (!($captcha & CAPTCHA_LOGIN_FAIL) || (($captcha & CAPTCHA_LOGIN_FAIL) && $_SESSION['login_fail'] > 2)) && gd_version() > 0)
    {
        $GLOBALS['smarty']->assign('enabled_captcha', 1);
        $GLOBALS['smarty']->assign('rand', mt_rand());
    }

    $smarty->assign('back_act', $back_act);
    $smarty->display('user_passport.dwt');
}

 

6:处理前台登陆。

elseif ($action == 'act_login_card')
{
    $vipcard_sn = isset($_POST['vipcard_sn']) ? trim($_POST['vipcard_sn']) : '';
    $vipcard_pwd = isset($_POST['vipcard_pwd']) ? trim($_POST['vipcard_pwd']) : '';
    $back_act = isset($_POST['back_act']) ? trim($_POST['back_act']) : '';
 

    $captcha = intval($_CFG['captcha']);
    if (($captcha & CAPTCHA_LOGIN) && (!($captcha & CAPTCHA_LOGIN_FAIL) || (($captcha & CAPTCHA_LOGIN_FAIL) && $_SESSION['login_fail'] > 2)) && gd_version() > 0)
    {
        if (empty($_POST['captcha']))
        {
            show_message($_LANG['invalid_captcha'], $_LANG['relogin_lnk'], 'user.php', 'error');
        }

        /* 检查验证码 */
        include_once('includes/cls_captcha.php');

        $validator = new captcha();
        $validator->session_word = 'captcha_login';
        if (!$validator->check_word($_POST['captcha']))
        {
            show_message($_LANG['invalid_captcha'], $_LANG['relogin_lnk'], 'user.php', 'error');
        }
    }

    if ($user->login_card($vipcard_sn, $vipcard_pwd))
    {
        update_user_info();
        recalculate_price();

        $ucdata = isset($user->ucdata)? $user->ucdata : '';
        show_message($_LANG['login_success'] . $ucdata , array($_LANG['back_up_page'], $_LANG['profile_lnk']), array($back_act,'user.php'), 'info');
    }
    else
    {
        $_SESSION['login_fail'] ++ ;
        show_message($_LANG['login_failure'], $_LANG['relogin_lnk'], 'user.php', 'error');
    }
}

 

7:修改登陆核心文件中程序。增加卡登陆的函数


function login_card($vipcard_sn, $vipcard_pwd)
    { 
     $vipcard_pwd = $this->compile_password(array('password'=>$vipcard_pwd));
     $user_name = $GLOBALS['db'] -> getOne("select user_name from ".$GLOBALS['ecs']->table('users')." where vipcard_sn ='{$vipcard_sn}' and password = '{$vipcard_pwd}'");
     
        if ($user_name)
        {
           
            $this->set_session($user_name);
         
            $this->set_cookie($user_name);
   
            return true;
        }
        else
        {
            return false;
        }
    }