/** * Authenticates a user. * The example implementation makes sure if the username and password * are both 'demo'. * In practical applications, this should be changed to authenticate * against some persistent user identity storage (e.g. database). * @return boolean whether authentication succeeds. */ public function authenticate() { $model = new Admin('login'); $model->attributes = $_POST['LoginForm']; if ($model->validate()) { $data = $model->find('username=:username', array('username' => $model->username)); if ($data === null) { $this->errorCode = self::ERROR_USERNAME_INVALID; $model->addError('username', '用户不存在'); parent::_backendLogger(array('catalog' => 'login', 'intro' => '登录失败,用户不存在:' . $model->username, 'user_id' => 0)); } elseif (!$this->validatePassword($data->password)) { $this->errorCode = self::ERROR_PASSWORD_INVALID; $model->addError('password', '密码不正确'); parent::_backendLogger(array('catalog' => 'login', 'intro' => '登录失败,密码不正确:' . $model->username . ',使用密码:' . $model->password, 'user_id' => 0)); } elseif ($data->group_id == 2) { $this->errorCode = self::ERROR_UNKNOWN_IDENTITY; $model->addError('username', '用户已经锁定,请联系管理'); } else { $this->errorCode = self::ERROR_NONE; } } return $this->errorCode; }