/**
* 网站访问基础身份认证 - 严格保护模式
* @todo 暂时废弃
*/
public static function baseAccessAuth()
{
return array('status' => true);
self::preAuth();
// 一次页面重载 ,只验证一次
static $pass = false;
if ($pass) {
return array('status' => true);
}
array('info' => '', 'status' => false, 'url' => U('System/HyStart/login'));
$test = $_SERVER['HTTP_USER_AGENT'] === session('USER_AGENT');
if (!$test) {
return array('info' => '检测到网络环境异常,为了保障您的信息安全,请重新登录!<br>请勿在登录系统期间清空缓存或切换浏览器模式!', 'status' => false, 'url' => U('HyStart/login'), 'time' => 5);
}
$key = session('HOMYIT_BASE_AUTH_SEED');
$counter = session('HOMYIT_BASE_AUTH_COUNTER') + 1;
$text = $_COOKIE['_homyit_token_'];
$decode = aes_decrypt_base($text, $key);
if (preg_match('/Homyit(\\d+)#/', $decode, $m)) {
if ($m[1] >= $counter) {
session('HOMYIT_BASE_AUTH_COUNTER', $m[1]);
return array('status' => true);
}
}
return array('info' => '身份认证异常!为了保障您的信息安全,请重新登录!', 'status' => false, 'url' => U('System/HyStart/login'), 'time' => 3);
}
/**
* AJAX入口
*/
public function ajax()
{
$logStep .= "登录验证";
$json = array('status' => false, 'info' => '', 'data' => '');
$u = aes_decrypt_base(I('u'), session('LOGIN_KEY'));
$this->model = new HyAccountModel();
switch (I('get.q')) {
// 登录验证
case 'login':
if (!($user = $this->model->login($u))) {
$json['info'] = '账号不存在或已禁用!' . $u;
break;
}
$key = substr($user['password'], 5, 32);
$true = aes_decrypt_base(I('p'), $key);
if ($user['password'] != $true) {
$json['info'] = '输入的密码有误!';
$logStep .= " >> <span class='text-warning'>密码错误</span>";
break;
}
// 单点登录限制
if (C('SINGLE_POINT_ONLINE') && $user['session_id'] && $user['session_id'] != session_id()) {
$lastTime = M(ltrim(C('SESSION_TABLE'), C('DB_PREFIX')))->getFieldBySession_id($user['session_id'], 'session_expire');
if ($lastTime && TIME - $lastTime < C('SESSION_OPTIONS.expire')) {
$json['info'] = '用户已经在线!如非正常退出,请稍后再试!';
break;
}
}
$logStep .= " >> <span class='text-success'>成功</span>";
$json['info'] = '用户身份验证成功,玩命加载中...';
$json['data'] = rand(10000000, 99999999);
// 缓存身份认证信息
session('USER_AGENT', $_SERVER['HTTP_USER_AGENT']);
session('HOMYIT_BASE_AUTH_COUNTER', $json['data']);
session('HOMYIT_BASE_AUTH_SEED', substr(sha1($user['password'] . '#' . $json['data']), 7, 32));
// 更新登录记录
$data['id'] = $user['id'];
$data['login_last_time'] = time();
$data['login_times'] = ++$user['login_times'];
$data['session_id'] = session_id();
$this->model->save($data);
// 用户信息缓存
session('userId', $user['id']);
session('userName', $user['name']);
session('avatarFile', avatar_file($user['avatar_file']));
// 登录成功后置方法
$this->model->onLoginPass($user);
// 角色信息缓存
$roleIdArr = array_unique(explode(',', trim($user['roles'], ',')));
session('roleIdArr', $roleIdArr);
$this->roleCache($roleIdArr[0]);
$json['status'] = true;
break;
// 忘记密码 - 发送验证码
// 忘记密码 - 发送验证码
case 'forgetSendVerify':
$email = trim(I('e'));
$user = $this->model->where(array('user_no' => $u, 'status' => 1))->find();
if (!$user) {
$json['info'] = '账号不存在或已禁用!';
break;
}
if (sha1(val_decrypt($user['email'])) != $email) {
$logStep .= " >> <span class='text-warning'>忘记密码重置 - 邮箱验证失败!</span>";
$json['info'] = '您输入的邮箱地址与系统中保存的不一致,如有异议可联系辅导员!';
break;
}
if (!preg_match('/^\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*$/', $user['email'])) {
$logStep .= " >> <span class='text-warning'>忘记密码重置 - 系统中的邮箱不合法!</span>";
$json['info'] = '邮箱地址不合法!';
break;
}
if (!($verify = $this->model->forgetPwdSendVerify($user['email']))) {
$json['info'] = '邮件发送失败,请稍后重试!';
break;
}
session($user['user_no'] . '_forgetVerify', $verify);
$json['status'] = true;
$json['info'] = '邮件发送成功,请查收发送的验证码,并填入下框';
break;
// 忘记密码 - 重置密码
// 忘记密码 - 重置密码
case 'forgetRestPwd':
$user = $this->model->where(array('user_no' => $u, 'status' => 1))->find();
if (!$user) {
$logStep .= " >> <span class='text-danger'>疑似攻击,已成功拦截!</span>";
$json['info'] = '请勿非法操作!';
break;
}
$verify = trim(I('v'));
if (!$verify || $verify != session($user['user_no'] . '_forgetVerify')) {
session($user['user_no'] . '_forgetVerify', null);
$logStep .= " >> <span class='text-warning'>忘记密码重置 - 邮箱验证码无效!</span>";
$json['info'] = '您输入的验证码不正确,请重试!';
break;
}
$this->model->where(array('id' => $user['id']))->save(array('password' => D('HyAccount')->pwdEncrypt(trim(I('p')), true)));
$json['status'] = true;
$json['info'] = '密码重置成功,请重新登录!';
break;
}
// 登录日志
if ($user['id']) {
$log = array('user_id' => $user['id'], 'controller' => CONTROLLER_NAME, 'action' => ACTION_NAME, 'post' => json_encode(I('post.')), 'description' => ' >> ' . $logStep, 'ip' => get_client_ip(), 'create_time' => time());
M('frame_log')->add($log);
}
$this->ajaxReturn($json);
}
