Thinksaas2.0.1登录无限加积分BUG

ts2.0.1版本中,登录获取积分有一个BUG,导致其不断的获取积分。修改一下app/user/action/login.php即可解决,修改case "do"这一段为如下。若不会,也可以下载附件,将附件中login.php文件覆盖掉app/user/action/login.php文件即可。

case "do":
 
 if($_POST['token'] != $_SESSION['token']) {
 tsNotice('非法操作!');
 }
 
 /*禁止以下IP用户登陆或注册*/
 $arrIp = aac('system')->antiIp();
 if(in_array(getIp(),$arrIp)){
 header('Location: '.SITE_URL);
 exit;
 }
 
 $jump = trim($_POST['jump']);
 
 $email = trim($_POST['email']);
 
 $pwd = trim($_POST['pwd']);
 
 $cktime = $_POST['cktime'];
 
 if($email=='' || $pwd=='') tsNotice('Email和密码都不能为空!');
 
 $isEmail = $new['user']->findCount('user',array(
 'email'=>$email,
 ));
 
 $strUser = $new['user']->find('user',array(
 'email'=>$email,
 ));
 //此处预留其他登录接口
 
 if($isEmail == 0) tsNotice('Email不存在,你可能还没有注册!');
 
 
 if(md5($strUser['salt'].$pwd)!==$strUser['pwd']) tsNotice('密码错误!');
 
 //用户信息
 $strData = $new['user']->find('user_info',array(
 'userid'=>$strUser['userid'],
 ));
 
 $uptime = time();
 
 //更新登录时间,用作自动登录
 $new['user']->update('user_info',array(
 'email'=>$email,
 ),array(
 'ip'=>getIp(),  	//更新登录ip
 'uptime'=>$uptime,  //更新登录时间
 ));
 
 //记住登录Cookie,根据用户Email和最后登录时间
 if($cktime != ''){   
 setcookie("ts_email", $strData['email'], time()+$cktime,'/');   
 setcookie("ts_uptime", $uptime, time()+$cktime,'/');
 }
 
 //用户session信息
 $sessionData = array(
 'userid' => $strData['userid'],
 'username'	=> $strData['username'],
 'path'	=> $strData['path'],
 'face'	=> $strData['face'],
 'isadmin'	=> $strData['isadmin'],
 'uptime'	=> $uptime,
 );
 $_SESSION['tsuser']	= $sessionData; 
 
 //一天之内登录只算一次积分
 if($strData['uptime'] < strtotime(date('Y-m-d'))){
 //对积分进行处理
 $new['user']->doScore($app,$ac,$ts);
 }
 
 //跳转
 if($jump != ''){
 header("Location: ".$jump);
 }else{
 header('Location: '.SITE_URL);
 }
 
 break;

登录BUG(右键另存为)

2013-12-22 19:30:24 来自:依然大头
倒序阅读

你的回应

意见反馈