/** * 验证跳转 * @method token * * @author NewFuture[NewFuture@yunyin.org] * * @param get.type string 验证类型 * @param get.key string 验证的key */ public function token() { $type = I('get.type'); $key = I('get.key'); switch ($type) { case 'login': //登录验证 /* 登录,根据key读取缓存的id,写入session和cookie完成登录,跳转到信息页 */ if ($id = S('AUTH_' . $key)) { session('use_id', $id); $token = update_token($id, C('STUDENT')); cookie('token', $token, 3600 * 24 * 30); S('AUTH_' . $key, null); redirect('/User/', 0, L('AUTH_SUCCESS')); } break; case 'register': //注册验证 /* 登录,根据key读取缓存的注册数据,写入session,跳转到注册页面 */ if ($data = S('REG_' . $key)) { session('authData', $data); S('REG_' . $key, null); $this->redirect('/User/register'); } break; } redirect(C('BASE_URL')); //所有其他情况或者信息获取,调转到首页 }
/** * 首次注册,设置置密码 * @method signup * @param ignore int 是否使用认证的默认密码 * @param password 密码 */ public function signup() { $reg_data = session('authData'); if (!$reg_data) { $this->error(L('REG_INVALID')); } /*重设密码或者使用密码*/ if (I('ignore')) { //使用默认密码 $password = $reg_data['password']; } else { /*获取设置的秘密并重置*/ $password = I('post.password'); if (!$password) { $this->error(L('PASSWORD_EMPTY')); } if (!I('isMD5')) { $password = md5($password); } } $reg_data['password'] = encode($password, $reg_data['student_number']); if ($uid = M('User')->add($reg_data)) { //注册成功! session('authData', null); session('use_id', $uid); $token = update_token($uid, C('STUDENT')); cookie('token', $token, 3600 * 24 * 30); $this->success(L('REG_SUCC'), 'index'); } else { //注册失败 \Think\Log::record('注册失败:ip:' . get_client_ip() . ',number:' . $reg_data['student_number']); $this->error(L('REG_ERROR')); } }
/** * 登录验证 * @method auth() * * @author 云小印[yunyin.org] * * @param pri_id * @param password */ public function auth() { $Printer = M('Printer'); $account = I('post.account', null, C('REGEX_ACCOUNT')); if (!$account) { $this->error('无效账号:' . I('post.account')); } $result = $Printer->where('account="%s"', $account)->field('id,password,status')->find(); if ($result) { $key = 'auth_p_' . $account; $times = S($key); $password = encode(md5(I('post.password')), $account); if ($times > C('MAX_TRIES')) { \Think\Log::record('打印店爆破警告:ip:' . get_client_ip() . ',account:' . $account, 'NOTIC', true); $this->error('此账号尝试次数过多,已经暂时封禁,请于一小时后重试!(ps:你的行为已被系统记录)'); } elseif ($result['password'] == $password) { session('pri_id', $result['id']); $token = update_token($result['id'], C('PRINTER_WEB')); cookie('token', $token, 3600 * 24 * 30); S($key, null); $this->redirect('Printer/File/index'); return; } else { S($key, $times + 1, 3600); } } $this->error('验证失败'); }
/** *token *api令牌管理 * 支持操作put,delete *@return json,xml *@author NewFuture */ public function token() { $token = I('token', null, C('REGEX_TOKEN')); switch ($this->_method) { case 'delete': //删除token if (M('token')->where('token="%s"', md5($token))->delete() === false) { $data['msg'] = '删除成功!'; } else { $data['err'] = '删除失败!'; } break; case 'put': //强制更新token $token = update_token($token); if ($token) { $data['token'] = $token; } else { $data['err'] = '更新失败!'; } break; default: $data['err'] = 'unkown method'; break; } $this->response($data, $this->_type == 'xml' ? 'xml' : 'json'); }