Discuz X3 Logon Process Analysis

Discuz X3 Logon Process Analysis

Recently, the company wants to upgrade the discuz forum to the latest version of discuz X3. However, the company needs to use its own pass for Synchronous login. Therefore, the login process and principle of discuzX3 must be known before secondary development.

1. Files involved

DiscuzX3/source/template/default/member/login.htm

DiscuzX3/member. php

DiscuzX3/source/module/member/member_logging.php

DiscuzX3/source/class/class_member.php

DiscuzX3/source/function/function_member.php

DiscuzX3/uc_client/client. php

DiscuzX3/uc_client/control/user. php

2. Process Note: The process order is also down according to the above files)

1. Enter the account/email, password, and form action = "xxxx" in login login.htm to submit the data to member. php for processing.

2. Inbound member_logging.php

3. The on_login method in class_member.php is about 30 rows ). About 87 rows:

$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $this->setting['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']);

Drop the data into function_member.php for processing.

4. About 14th rows of userlogin in function_member.php) method.

About 33 rows:

if($isuid == 3) {    if(!strcmp(dintval($username), $username) && getglobal('setting/uidlogin')) {        $return['ucresult'] = uc_user_login($username, $password, 1, 1, $questionid, $answer, $ip);    } elseif(isemail($username)) {        $return['ucresult'] = uc_user_login($username, $password, 2, 1, $questionid, $answer, $ip);    }    if($return['ucresult'][0] <= 0 && $return['ucresult'][0] != -3) {        $return['ucresult'] = uc_user_login(addslashes($username), $password, 0, 1, $questionid, $answer, $ip);    }}else {    $return['ucresult'] = uc_user_login(addslashes($username), $password, $isuid, 1, $questionid, $answer, $ip);}

5. The number of incoming requests to client. php exceeds 304.

function uc_user_login($username, $password, $isuid = 0, $checkques = 0, $questionid = '', $answer = '') {    $isuid = intval($isuid);    $return = call_user_func(UC_API_FUNC, 'user', 'login', array('username'=>$username, 'password'=>$password, 'isuid'=>$isuid, 'checkques'=>$checkques, 'questionid'=>$questionid, 'answer'=>$answer));    return UC_CONNECT == 'mysql' ? $return : uc_unserialize($return);}

6. There are about 106 lines of user. php. The onlogin () method is used to verify the correctness of the final account and password.

Function onlogin () {$ this-> init_input (); $ isuid = $ this-> input ('isuid '); $ username = $ this-> input ('username'); $ password = $ this-> input ('Password '); $ checkques = $ this-> input ('checkques'); $ questionid = $ this-> input ('questionid '); $ answer = $ this-> input ('answer'); if ($ isuid = 1) {$ user = $ _ ENV ['user']-> get_user_by_uid ($ username);} elseif ($ isuid = 2) {$ user = $ _ ENV ['user']-> get_user_by_email ($ Username);} else {$ user =$ _ ENV ['user']-> get_user_by_username ($ username ); // obtain user data from the database} // showmessage ($ user ['Password']); $ passwordmd5 = preg_match ('/^ \ w {32} $ /', $ password )? $ Password: md5 ($ password); if (empty ($ user) {$ status =-1; // the user does not exist, or deleted} // elseif ($ user ['Password']! = Md5 ($ passwordmd5. $ user ['salt']) {// $ status =-2; // incorrect password //} // elseif ($ checkques & $ user ['secques']! = ''& $ User ['secques']! = $ _ ENV ['user']-> quescrypt ($ questionid, $ answer) {// $ status =-3; // security question///} else {$ status = $ user ['uid'];} $ merge = $ status! =-1 &&! $ Isuid & $ _ ENV ['user']-> check_mergeuser ($ username )? 1: 0; return array ($ status, $ user ['username'], $ password, $ user ['email '], $ merge );}

Appendix: Detailed description of the discuz X3 User Logon uc_user_login () function

This article is from the "PHPer Xu Qin-Focus on PHP Technology" blog, please be sure to keep this source http://xuqin.blog.51cto.com/5183168/1293599