public function updateProfile()
{
$user = User::get();
$user->displayName = Input::get('displayName', $user->displayName);
$user->email = Input::get('email', $user->email);
$user->save();
$token = create_token($user);
return Response::json(array('token' => $token));
}
public function test_red()
{
// $ret=M('Test')->order('id desc')->find();
$ret = create_token();
$save['token'] = $ret;
$save['create_time'] = time();
$save = M('Save_token')->add($save);
dump(strlen($ret));
dump($ret);
die;
}
/**
* 名称
* @return void
* @param args array 请求参数
* @param act string 请求方法
*/
protected function soap($args, $act = '')
{
$soap_uri = 'http://' . $_SERVER["HTTP_HOST"] . '/web/index.php';
$soap_host = PASSPORT_URL;
$token = create_token($args);
$client = new SoapClient(null, array('location' => $soap_host . 'soap.php', 'uri' => $soap_uri));
//
if (empty($act)) {
return array(0, '缺少方法');
}
try {
if ($rs = $client->get($act, $args, $token)) {
return $rs;
}
} catch (SoapFault $e) {
die('SOAP Error: ' . $e->getMessage());
}
exit;
}
/**
* 自动登录
*/
public function checkToken($admin_id, $token)
{
$data = array('admin_id' => $admin_id, 'token' => $token);
if ($this->where($data)->find()) {
//如果token验证通过,就返回用户信息
//如果token验证通过,我们还是要存用户信息到session中,所以我们在这个方法中一步完成
$userinfo = D('Admin')->find($admin_id);
session('USERINFO', $userinfo);
//保存token到数据库和cookie
cookie('admin_id', $admin_id, 604800);
//保存一周
$token = create_token();
cookie('token', $token, 604800);
//保存一周
D('AdminToken')->addToken($admin_id, $token);
} else {
return false;
}
}
function start_session($conn)
{
//DEBUG
//END DEBUG
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$time = time();
if (!isset($_COOKIE['token'])) {
$workerId = $_GET['workerId'];
$assignmentId = $_GET['assignmentId'];
$timeExpire = $time + 3600;
$turkSubmitTo = $_GET['turkSubmitTo'];
$token = create_token($workerId, $userAgent, $time);
set_app_cookies($token, $workerId, $turkSubmitTo, $timeExpire);
store_session($conn, $assignmentId, $workerId, $timeExpire, $time, $userAgent, $token);
} else {
$truth = validate_session($conn, $_COOKIE['token'], $_COOKIE['workerId'], $userAgent);
if (!$truth) {
//GOTO FAIL
echo 'failed';
header('Location: /gotofail.html');
}
}
}
public function checkLogin()
{
if ($_SESSION['verify'] != md5($_POST['verify'])) {
//$this->error('验证码错误!');
}
$model = M('Member');
$data['mobile'] = $_POST['mobile'];
$vo = $model->field('id,mobile,salt,password')->where($data)->find();
if (!$_POST['baiduUserId'] || $_POST['baiduUserId'] == '(null)') {
$msg['error_code'] = 1001;
$msg['notice'] = '百度ID不存在';
echo json_encode($msg);
exit;
}
if (!$vo) {
$msg['error_code'] = 1001;
$msg['notice'] = '用户不存在';
echo json_encode($msg);
exit;
}
if ($vo['password'] != md5($_POST['password'] . $vo['salt'] . $vo['salt'][1])) {
$msg['notice'] = '密码错误';
$msg['error_code'] = 8002;
echo json_encode($msg);
exit;
}
//清除其他百度id
if ($vo['baiduUserId'] != $_POST['baiduUserId'] && $vo['baiduUserId']) {
//file_put_contents('./1.txt',$vo['baiduUserId'].'/'.$_POST['baiduUserId']);
//踢出
$sent_array['module'] = 'Public';
$sent_array['action'] = 'logout';
$sent_array['id'] = 0;
$custom_content = json_encode($sent_array);
$MsgContent = '在其他地方登陆';
push_msg($vo['baiduUserId'], $vo['mb_system'], $MsgContent, $custom_content);
}
$_data['id'] = $vo['id'];
$_sdata['last_login_ip'] = _get_ip();
$_sdata['login_count'] = $vo['login_count'] + 1;
$_sdata['last_login_time'] = time();
$_sdata['baiduUserId'] = $_POST['baiduUserId'];
$_sdata['mb_system'] = $_POST['mb_system'] ? $_POST['mb_system'] : 2;
$model->where($_data)->save($_sdata);
//list($usec, $sec) = explode(' ', microtime());
//echo ceil($usec*1000000);exit;
//重新生成token
$token = create_token($vo['id'], $vo['salt']);
//存储token
set_token($vo, $token);
$vo['error_code'] = 0;
$vo['token'] = $token;
$vo['baiduUserId'] = $_POST['baiduUserId'];
unset($vo['password']);
echo json_encode($vo);
exit;
}
$errors['email'] = "L'adresse email n'est pas valide";
} else {
$req = $pdo->prepare('SELECT id FROM Users WHERE email = ? ');
$req->execute([$_POST['email']]);
$user = $req->fetch();
if ($user) {
$errors['email'] = "Cette adresse email existe déjà.";
}
}
if (empty($_POST['password']) || $_POST['password'] != $_POST['password-confirm']) {
$errors['password'] = "******";
}
if (empty($errors)) {
$req = $pdo->prepare('INSERT INTO Users SET username = ? , password = ? , email = ? , confirmation_token = ? ');
$password = password_hash($_POST['username'], PASSWORD_BCRYPT);
$token = create_token(60);
$req->execute([$_POST['username'], $password, $_POST['email'], $token]);
$user_id = $pdo->lastInsertId();
mail($_POST['email'], 'Confirmation de la création de votre compte', "Afin de valider votre compte, merci de cliquer sur ce lien\n\nhttp://localhost:8888/tuto_espace_membre/confirm.php?id={$user_id}&token={$token}");
header('Location: login.php');
exit;
}
}
?>
<?php
require 'inc/header.php';
?>
<h1>S'inscrire</h1>
<?php
if (!empty($errors)) {
<?php
header("Access-Control-Allow-Origin: *");
if (!empty($_SERVER['HTTP_X_REQUESTED_WITH'])) {
if (strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
if (!empty($_GET['t']) && $_GET['t'] == 'get') {
$t = create_token();
$html = '<table id="butttton-' . $t . '"><tr>
<td align="center" valign="middle"><button id="butttton"></button></td></tr>
</table>';
echo json_encode(array('html' => $html, 't' => $t));
} else {
if (!empty($_POST['t'])) {
$t = $_POST['t'];
if (use_token($t)) {
add_click();
}
}
}
exit;
}
}
function use_token($token)
{
$found = false;
$filename = 'tokens.php';
if (!@file_exists($filename)) {
$handle = @fopen($filename, 'wb');
if (!$handle) {
exit('Uh. Error creating file: ' . $filename);
}
$response->setBody('{ "message": "There is already a Twitter account that belongs to you" }');
$response->setStatus(409);
$app->stop();
}
$token = explode(' ', $request->headers->get($config->getAuthHeader()))[1];
$payloadObject = JWT::decode($token, 'secret');
$payload = json_decode(json_encode($payloadObject), true);
$user_model->linkTwitter($payload['sub'], $profile['user_id'], $profile['screen_name']);
$response->setBody('{ "token": "' . create_token($payload['sub'], $app->request->getUrl(), $config->getSecret('TOKEN_SECRET')) . '"}');
} else {
if ($user_model->hasTwitter($profile['user_id'])) {
$user_id = $user_model->getUserTwitter($profile['user_id'])['id'];
$response->setBody('{ "token": "' . create_token($user_id, $app->request->getUrl(), $config->getSecret('TOKEN_SECRET')) . '"}');
} else {
$user_id = $user_model->createUserTwitter($profile['user_id'], $profile['screen_name']);
$response->setBody('{ "token": "' . create_token($user_id, $app->request->getUrl(), $config->getSecret('TOKEN_SECRET')) . '"}');
}
}
}
});
});
$app->get('/me', function () use($app, $config, $user_model) {
$response = $app->response();
$response->headers->set('Content-Type', 'application/json');
$user_id = findUserId($app->request->headers->get($config->getAuthHeader()), $config->getSecret('TOKEN_SECRET'));
$response->setBody(json_encode($user_model->getUserWithId($user_id)));
});
$app->put('/me', function () use($app, $config, $user_model) {
$response = $app->response();
$response->headers->set('Content-Type', 'application/json');
$data = json_decode($app->request()->getBody(), true);
$empty = true;
}
if (!isset($data['password']) || $data['password'] == "") {
$messages['error_password'] = '******';
$empty = true;
}
if (!$empty) {
$login = mysqli_real_escape_string($MV, htmlspecialchars(trim($data['login'])));
$pass = mysqli_real_escape_string($MV, htmlspecialchars(trim($data['password'])));
$query = "SELECT u.user_id\n FROM nf_users u\n WHERE (u.email = '" . $login . "' OR u.username = '******' OR u.phone = '" . $login . "')\n AND u.password = '******'\n ";
if ($res = @mysqli_query($MV, $query)) {
if ($_res = @mysqli_fetch_assoc($res)) {
//user id
$userid = $_res['user_id'];
//generate token
$users_token = create_token();
$ua = getBrowser();
$browser = $ua['name'] . "," . $ua['version'] . "," . $ua['platform'];
$ip_address = get_ip();
$query = "INSERT INTO nf_users_tokens(\n users_token\n , user_id\n , start_time\n , end_time\n , last_activity\n , ip_address\n , browser\n ) VALUES (\n '" . $users_token . "'\n , '" . $userid . "'\n , NOW()\n , '" . date('Y-m-d H:i:s', $cookie_exp) . "'\n , NOW()\n , '" . $ip_address . "'\n , '" . $browser . "'\n \n )\n ";
if (@mysqli_query($MV, $query)) {
setcookie("tkn", $users_token, $cookie_exp, '/', '.' . DOMAIN);
//set cookie until cookie_expire
} else {
$messages['error'] = '!!!_BD Error_!!!';
}
} else {
$messages['error'] = '!!!_Invalid login or password._!!!';
}
} else {
$messages['error'] = '!!!_BD Error_!!!';
function check_soapclient($client_data = array(), $client_token)
{
$client_legitimate = false;
$get_token = array();
if (empty($client_data) || !is_array($client_data) || count($client_data) < 1) {
$client_legitimate = false;
} else {
if (!defined('PASSPORT_KEY')) {
$client_legitimate = false;
} else {
$get_token = create_token($client_data);
if ($get_token === $client_token) {
$client_legitimate = true;
} else {
$client_legitimate = false;
}
}
}
return $client_legitimate;
}
/**
* 用户登录。
* 验证验证码
* 验证用户名
* 验证密码
* @param string $username 用户名
* @param string $password 密码
* @return boolean true成功 false失败
*/
public function login($username, $password)
{
//判断验证码是否匹配
$code = I('post.captcha');
$captcha = new \Think\Verify();
if ($captcha->check($code) === false) {
$this->error = '验证码不正确';
return false;
}
//1.根据用户名获取对应的记录,得到盐和密码
$row = $this->getByUsername($username);
if ($row) {
//2.有记录,说明用户名是存在的,进行密码验证
$salt = $row['salt'];
$db_password = $row['password'];
//3.使用加盐加密进行验证
if (my_mcrypt($password, $salt) == $db_password) {
// session('USERINFO',$row);
login($row);
//是否需要保存登录信息
if (I('post.remember')) {
//保存token到数据库和cookie
cookie('admin_id', $row['id'], 604800);
//保存一周
$token = create_token();
cookie('token', $token, 604800);
//保存一周
D('AdminToken')->addToken($row['id'], $token);
}
$this->savePermission();
return true;
//验证通过,用户名和密码匹配
} else {
$this->error = '密码不正确';
return false;
}
} else {
$this->error = '用户名不存在';
return false;
}
}
<?php
include "connect.php";
include "token.php";
$name = addslashes($_POST['name']);
$password = addslashes($_POST['password']);
$query = "SELECT * FROM person WHERE name = '" . $name . "' AND password = '******'";
$result = mysql_query($query);
if ($row = mysql_fetch_assoc($result)) {
$row["token"] = create_token($row["id"]);
} else {
header("http/1.1 400 Bad Request");
$row = array("error" => "account or password error");
}
echo json_encode($row);
