discuz X3登录流程分析

• 2020 年 1 月 7 日
• 筆記

discuz X3登录流程分析

公司最近要将discuz论坛升级至最新版discuz X3。但是公司要用自己的通行证同步登陆。故必须要知道discuzX3的登录流程及原理，才能进行二次开发。

一、涉及到的文件

discuzX3/source/template/default/member/login.htm

discuzX3/member.php

discuzX3/source/module/member/member_logging.php

discuzX3/source/class/class_member.php

discuzX3/source/function/function_member.php

discuzX3/uc_client/client.php

discuzX3/uc_client/control/user.php

二、流程（注意：流程顺序也是按照上面文件依次向下）

1、前台输入账号/email，密码登录，根据login.htm里面的form action=“xxxx”看到将数据提交到member.php中处理。

2、流入member_logging.php

3、流入class_member.php中的on_login（）方法进行处理（大约在30行）。大约在87行：

$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $this->setting['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']);

将数据丢入到function_member.php中处理。

4、流入function_member.php中大约第14行userlogin（）方法。

大约33行：

if($isuid == 3) {      if(!strcmp(dintval($username), $username) && getglobal('setting/uidlogin')) {          $return['ucresult'] = uc_user_login($username, $password, 1, 1, $questionid, $answer, $ip);      } elseif(isemail($username)) {          $return['ucresult'] = uc_user_login($username, $password, 2, 1, $questionid, $answer, $ip);      }      if($return['ucresult'][0] <= 0 && $return['ucresult'][0] != -3) {          $return['ucresult'] = uc_user_login(addslashes($username), $password, 0, 1, $questionid, $answer, $ip);      }  }  else {      $return['ucresult'] = uc_user_login(addslashes($username), $password, $isuid, 1, $questionid, $answer, $ip);  }

5、流入client.php大于304行。

function uc_user_login($username, $password, $isuid = 0, $checkques = 0, $questionid = '', $answer = '') {      $isuid = intval($isuid);      $return = call_user_func(UC_API_FUNC, 'user', 'login', array('username'=>$username, 'password'=>$password, 'isuid'=>$isuid, 'checkques'=>$checkques, 'questionid'=>$questionid, 'answer'=>$answer));      return UC_CONNECT == 'mysql' ? $return : uc_unserialize($return);  }

6、最后流入user.php大约106行，onlogin()方法做最终的账号密码正确性验证。

    function onlogin() {          $this->init_input();          $isuid = $this->input('isuid');          $username = $this->input('username');          $password = $this->input('password');          $checkques = $this->input('checkques');          $questionid = $this->input('questionid');          $answer = $this->input('answer');          if($isuid == 1) {              $user = $_ENV['user']->get_user_by_uid($username);          } elseif($isuid == 2) {              $user = $_ENV['user']->get_user_by_email($username);          } else {              $user = $_ENV['user']->get_user_by_username($username);//从数据库中获取用户数据          }  //showmessage($user['password']);          $passwordmd5 = preg_match('/^w{32}$/', $password) ? $password : md5($password);          if(empty($user)) {              $status = -1;   //用户不存在，或者被删除          }          //elseif($user['password'] != md5($passwordmd5.$user['salt'])) {              //$status = -2; //密码错          //}          //elseif($checkques && $user['secques'] != '' && $user['secques'] != $_ENV['user']->quescrypt($questionid, $answer)) {              //$status = -3; //安全提问错          //}          else {              $status = $user['uid'];          }          $merge = $status != -1 && !$isuid && $_ENV['user']->check_mergeuser($username) ? 1 : 0;          return array($status, $user['username'], $password, $user['email'], $merge);      }

附：discuz X3用户登录uc_user_login()函数详解