public function login_success($uid, $uname) { // 更新最后登录信息 $this->where('uid=' . $uid)->save(['last_login_ip' => get_client_ip(1), 'last_login_time' => time()]); $this->where('uid=' . $uid)->setInc('login_num'); // 让之前的token失效 $token_name = C('COOKIE_TOKEN'); $token = cookie($token_name); if ($token) { M('user_login')->where(['token' => $token])->setField('token_status', 0); cookie($token_name, null); } cookie('token') && cookie('token', null); // 生成用户令牌 $crypt = new \Think\Crypt('think'); $token = $crypt->encrypt($uid, uniqid()); // 写入登录信息 list($app, $os, $version) = app_info(); M('user_login')->add(['uid' => $uid, 'uname' => $uname, 'token' => $token, 'token_status' => 1, 'user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '', 'ip' => get_client_ip(1), 'created' => time(), 'app' => $app ?: '']); cookie($token_name, $token, 86400 * 90); // 客户端无法正常自动管理cookie,故手动增加一个头信息 header('X-Auth-Token: ' . $token); return $token; }
/** * 跳到重置密码 */ public function toResetPass() { $key = I('key'); $keyFactory = new \Think\Crypt(); $key = $keyFactory->decrypt($key, C('SESSION_PREFIX')); $key = explode('_', $key); if (time() > floatval($key[2]) + 30 * 60) { $this->error('连接已失效!'); } if (intval($key[1]) == 0) { $this->error('无效的用户!'); } session('REST_userId', $key[1]); session('REST_Time', $key[2]); session('REST_success', '1'); $this->display('default/forget_pass3'); }
/** * 重置密码 * * @param int $uid 用户手机号 * @param string $password 新密码 */ protected function _updatePassword($mobile, $password) { // 验证密码长度 strlen($password) >= 6 or ajax_error('PASSWORD_LENGTH_ERROR', '密码最小长度为6位!'); strlen($password) <= 32 or ajax_error('PASSWORD_LENGTH_ERROR', '密码最大长度为32位!'); // 检验用户 $userModel = D('User'); $user = $userModel->field('uid,uname,salt')->where(['mobile' => $mobile])->find() or ajax_error('ACCOUNT_NOT_FOUND', '此账号不存在!'); $uid = $user['uid']; // 更新密码 $userModel->where('uid=' . $uid)->setField('password', $userModel->password($password, $user['salt'])); // 让旧的登录信息全部失效 M('user_login')->where('uid=' . $uid)->setField('token_status', 0); // 生成新的用户令牌 $crypt = new \Think\Crypt('think'); $token = $crypt->encrypt($uid, uniqid()); // 写入登录信息 M('user_login')->add(['uid' => $uid, 'uname' => $user['uname'], 'token' => $token, 'token_status' => 1, 'user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '', 'ip' => get_client_ip(1), 'created' => time()]); // 保存cookie cookie('token', $token); ajax_success(); }
/** * 修改密码初始化 */ public function updatePassword() { $user = get_user(); if (!$user) { $this->redirect('Other/Public/login?type=miss_token'); exit; } $uid = $user['uid']; if (IS_POST) { // 获取参数 $old_password = I('post.old'); empty($old_password) && $this->error('请输入原密码'); $password = $data['password'] = I('post.password'); empty($data['password']) && $this->error('请输入新密码'); $repassword = I('post.repassword'); empty($repassword) && $this->error('请输入确认密码'); if ($data['password'] !== $repassword) { $this->error('您输入的新密码与确认密码不一致'); } // 验证密码长度 strlen($password) >= 6 or $this->error('密码最小长度为6位!'); strlen($password) <= 32 or $this->error('密码最大长度为32位!'); // 检验用户 $userModel = D('User'); $user = $userModel->field('uid,uname,password,salt')->find($uid) or $this->error('此账号不存在!'); // 检验旧密码 $userModel->password($old_password, $user['salt']) == $user['password'] or $this->error('旧密码不正确!'); // 更新密码 $userModel->where('uid=' . $uid)->setField('password', $userModel->password($password, $user['salt'])); // 让旧的登录信息全部失效 M('user_login')->where('uid=' . $uid)->setField('token_status', 0); // 生成新的用户令牌 $crypt = new \Think\Crypt('think'); $token = $crypt->encrypt($uid, uniqid()); // 写入登录信息 M('user_login')->add(['uid' => $uid, 'uname' => $user['uname'], 'token' => $token, 'token_status' => 1, 'user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '', 'ip' => get_client_ip(1), 'created' => time()]); // 保存cookie cookie('token', $token); $this->success('修改密码成功!'); exit; } $this->meta_title = '修改密码'; $this->display('Public/updatepassword'); }
public function login() { if (IS_AJAX) { if (check_verify(I('post.verify'), 1)) { $Member = M('Member'); $is_email = $Member->regex(I('post.username'), 'email'); if ($is_email) { $resuser = $Member->where('email=\'' . I('post.username') . '\'')->find(); } else { $resuser = $Member->where('username=\'' . I('post.username') . '\'')->find(); } if (sys_md5(I('post.password')) == $resuser['password']) { if (!$resuser['status']) { $this->error(L('USER_STOP')); } $data = array('login_ip' => get_client_ip(), 'last_login_time' => time()); $saveres = $Member->where(array('id' => $resuser['id']))->save($data); if ($saveres) { $Member->where(array('id' => $resuser['id']))->setInc('login_count'); } if (I('post.keep') == 'on') { $crypt = new \Think\Crypt(); $userinfo = array('username' => $crypt->encrypt($resuser['username'], sys_md5(C('DATA_AUTH_KEY'), 'isky71'), 3600 * 24 * 15), 'password' => $crypt->encrypt($resuser['password'], sys_md5(C('DATA_AUTH_KEY'), 'CMS'), 3600 * 24 * 15)); $str = $crypt->encrypt(json_encode($userinfo), C('DATA_AUTH_KEY') . $__SERVER["HTTP_USER_AGENT"]); cookie('member', $str, 3600 * 24 * 15); } session(C('USER_AUTH_KEY'), $resuser['id']); session('uname', $resuser['username']); $this->success(L('LOGIN_SUCCESS'), U('Index/index', $this->vl)); } else { $this->error(L('LOGIN_ERROR')); } } else { $this->error(L('VERIFY_ERROR')); } } else { if (session(C('USER_AUTH_KEY'))) { $this->redirect('Index/index'); } elseif (cookie('member')) { $crypt = new \Think\Crypt(); $userjson = $crypt->decrypt(cookie('member'), C('DATA_AUTH_KEY') . $__SERVER["HTTP_USER_AGENT"]); $userarr = json_decode($userjson, TRUE); foreach ($userarr as $key => $value) { if ($key == 'username') { $uname = $crypt->decrypt($value, sys_md5(C('DATA_AUTH_KEY'), 'isky71')); } if ($key == 'password') { $pwd = $crypt->decrypt($value, sys_md5(C('DATA_AUTH_KEY'), 'CMS')); } } $Member = M('Member'); $ures = $Member->where('username=\'' . $uname . '\'')->find(); if ($ures && $ures['password'] == $pwd) { session(C('USER_AUTH_KEY'), $ures['id']); session('uname', $ures['username']); $this->redirect('Index/index'); } else { cookie(NULL); $this->display(); } } else { $this->display(); } } }