/**
* 验证跳转
* @method token
*
* @author NewFuture[NewFuture@yunyin.org]
*
* @param get.type string 验证类型
* @param get.key string 验证的key
*/
public function token()
{
$type = I('get.type');
$key = I('get.key');
switch ($type) {
case 'login':
//登录验证
/* 登录,根据key读取缓存的id,写入session和cookie完成登录,跳转到信息页 */
if ($id = S('AUTH_' . $key)) {
session('use_id', $id);
$token = update_token($id, C('STUDENT'));
cookie('token', $token, 3600 * 24 * 30);
S('AUTH_' . $key, null);
redirect('/User/', 0, L('AUTH_SUCCESS'));
}
break;
case 'register':
//注册验证
/* 登录,根据key读取缓存的注册数据,写入session,跳转到注册页面 */
if ($data = S('REG_' . $key)) {
session('authData', $data);
S('REG_' . $key, null);
$this->redirect('/User/register');
}
break;
}
redirect(C('BASE_URL'));
//所有其他情况或者信息获取,调转到首页
}
/**
* 首次注册,设置置密码
* @method signup
* @param ignore int 是否使用认证的默认密码
* @param password 密码
*/
public function signup()
{
$reg_data = session('authData');
if (!$reg_data) {
$this->error(L('REG_INVALID'));
}
/*重设密码或者使用密码*/
if (I('ignore')) {
//使用默认密码
$password = $reg_data['password'];
} else {
/*获取设置的秘密并重置*/
$password = I('post.password');
if (!$password) {
$this->error(L('PASSWORD_EMPTY'));
}
if (!I('isMD5')) {
$password = md5($password);
}
}
$reg_data['password'] = encode($password, $reg_data['student_number']);
if ($uid = M('User')->add($reg_data)) {
//注册成功!
session('authData', null);
session('use_id', $uid);
$token = update_token($uid, C('STUDENT'));
cookie('token', $token, 3600 * 24 * 30);
$this->success(L('REG_SUCC'), 'index');
} else {
//注册失败
\Think\Log::record('注册失败:ip:' . get_client_ip() . ',number:' . $reg_data['student_number']);
$this->error(L('REG_ERROR'));
}
}
/**
* 登录验证
* @method auth()
*
* @author 云小印[yunyin.org]
*
* @param pri_id
* @param password
*/
public function auth()
{
$Printer = M('Printer');
$account = I('post.account', null, C('REGEX_ACCOUNT'));
if (!$account) {
$this->error('无效账号:' . I('post.account'));
}
$result = $Printer->where('account="%s"', $account)->field('id,password,status')->find();
if ($result) {
$key = 'auth_p_' . $account;
$times = S($key);
$password = encode(md5(I('post.password')), $account);
if ($times > C('MAX_TRIES')) {
\Think\Log::record('打印店爆破警告:ip:' . get_client_ip() . ',account:' . $account, 'NOTIC', true);
$this->error('此账号尝试次数过多,已经暂时封禁,请于一小时后重试!(ps:你的行为已被系统记录)');
} elseif ($result['password'] == $password) {
session('pri_id', $result['id']);
$token = update_token($result['id'], C('PRINTER_WEB'));
cookie('token', $token, 3600 * 24 * 30);
S($key, null);
$this->redirect('Printer/File/index');
return;
} else {
S($key, $times + 1, 3600);
}
}
$this->error('验证失败');
}
/**
*token
*api令牌管理
* 支持操作put,delete
*@return json,xml
*@author NewFuture
*/
public function token()
{
$token = I('token', null, C('REGEX_TOKEN'));
switch ($this->_method) {
case 'delete':
//删除token
if (M('token')->where('token="%s"', md5($token))->delete() === false) {
$data['msg'] = '删除成功!';
} else {
$data['err'] = '删除失败!';
}
break;
case 'put':
//强制更新token
$token = update_token($token);
if ($token) {
$data['token'] = $token;
} else {
$data['err'] = '更新失败!';
}
break;
default:
$data['err'] = 'unkown method';
break;
}
$this->response($data, $this->_type == 'xml' ? 'xml' : 'json');
}
