discuz X3登录流程分析
公司最近要将discuz论坛升级至最新版discuz X3。但是公司要用自己的通行证同步登陆。故必须要知道discuzX3的登录流程及原理,才能进行二次开发。
一、涉及到的文件
discuzX3/source/template/default/member/login.htm
discuzX3/member.php
discuzX3/source/module/member/member_logging.php
discuzX3/source/class/class_member.php
discuzX3/source/function/function_member.php
discuzX3/uc_client/client.php
discuzX3/uc_client/control/user.php
二、流程(注意:流程顺序也是按照上面文件依次向下)
1、前台输入账号/email,密码登录,根据login.htm里面的form action=“xxxx”看到将数据提交到member.php中处理。
2、流入member_logging.php
3、流入class_member.php中的on_login()方法进行处理(大约在30行)。大约在87行:
1
|
$result
= userlogin(
$_GET
[
'username'
],
$_GET
[
'password'
],
$_GET
[
'questionid'
],
$_GET
[
'answer'
],
$this
->setting[
'autoidselect'
] ?
'auto'
:
$_GET
[
'loginfield'
],
$_G
[
'clientip'
]);
|
将数据丢入到function_member.php中处理。
4、流入function_member.php中大约第14行userlogin()方法。
大约33行:
1
2
3
4
5
6
7
8
9
10
11
12
13
|
if
(
$isuid
== 3) {
if
(!
strcmp
(dintval(
$username
),
$username
) && getglobal(
'setting/uidlogin'
)) {
$return
[
'ucresult'
] = uc_user_login(
$username
,
$password
, 1, 1,
$questionid
,
$answer
,
$ip
);
}
elseif
(isemail(
$username
)) {
$return
[
'ucresult'
] = uc_user_login(
$username
,
$password
, 2, 1,
$questionid
,
$answer
,
$ip
);
}
if
(
$return
[
'ucresult'
][0] <= 0 &&
$return
[
'ucresult'
][0] != -3) {
$return
[
'ucresult'
] = uc_user_login(
addslashes
(
$username
),
$password
, 0, 1,
$questionid
,
$answer
,
$ip
);
}
}
else
{
$return
[
'ucresult'
] = uc_user_login(
addslashes
(
$username
),
$password
,
$isuid
, 1,
$questionid
,
$answer
,
$ip
);
}
|
5、流入client.php大于304行。
1
2
3
4
5
|
function
uc_user_login(
$username
,
$password
,
$isuid
= 0,
$checkques
= 0,
$questionid
=
''
,
$answer
=
''
) {
$isuid
=
intval
(
$isuid
);
$return
= call_user_func(UC_API_FUNC,
'user'
,
'login'
,
array
(
'username'
=>
$username
,
'password'
=>
$password
,
'isuid'
=>
$isuid
,
'checkques'
=>
$checkques
,
'questionid'
=>
$questionid
,
'answer'
=>
$answer
));
return
UC_CONNECT ==
'mysql'
?
$return
: uc_unserialize(
$return
);
}
|
6、最后流入user.php大约106行,onlogin()方法做最终的账号密码正确性验证。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
function
onlogin() {
$this
->init_input();
$isuid
=
$this
->input(
'isuid'
);
$username
=
$this
->input(
'username'
);
$password
=
$this
->input(
'password'
);
$checkques
=
$this
->input(
'checkques'
);
$questionid
=
$this
->input(
'questionid'
);
$answer
=
$this
->input(
'answer'
);
if
(
$isuid
== 1) {
$user
=
$_ENV
[
'user'
]->get_user_by_uid(
$username
);
}
elseif
(
$isuid
== 2) {
$user
=
$_ENV
[
'user'
]->get_user_by_email(
$username
);
}
else
{
$user
=
$_ENV
[
'user'
]->get_user_by_username(
$username
);
//从数据库中获取用户数据
}
//showmessage($user['password']);
$passwordmd5
= preg_match(
'/^\w{32}$/'
,
$password
) ?
$password
: md5(
$password
);
if
(
empty
(
$user
)) {
$status
= -1;
//用户不存在,或者被删除
}
//elseif($user['password'] != md5($passwordmd5.$user['salt'])) {
//$status = -2; //密码错
//}
//elseif($checkques && $user['secques'] != '' && $user['secques'] != $_ENV['user']->quescrypt($questionid, $answer)) {
//$status = -3; //安全提问错
//}
else
{
$status
=
$user
[
'uid'
];
}
$merge
=
$status
!= -1 && !
$isuid
&&
$_ENV
[
'user'
]->check_mergeuser(
$username
) ? 1 : 0;
return
array
(
$status
,
$user
[
'username'
],
$password
,
$user
[
'email'
],
$merge
);
}
|
附:discuz X3用户登录uc_user_login()函数详解
本文转自许琴 51CTO博客,原文链接:http://blog.51cto.com/xuqin/1293599,如需转载请自行联系原作者