public function act() { if (!$this->check_param('username, password, issave')) { LF\V('Json.Base')->init(Const_Code::LOGIN_PARAM_ERROR, '登录传递参数错误'); return; } $username = trim(Request::get_param('username', 'post')); $password = trim(Request::get_param('password', 'post')); $is_save = (int) Request::get_param('issave', 'post'); $time = time(); $seckey = LF\lb_read_system('seckey'); $user_id = (int) LF\M('User')->check_password($username, md5($username . $password)); if (!$user_id) { LF\V('Json.Base')->init(Const_Code::LOGIN_FAIL, '帐号验证失败'); return; } $user = LF\M('User')->get_by_id($user_id); $expire_time = $is_save ? 86400 * 30 : 0; Cookie::set_cookie('userid', $user_id, $expire_time); Cookie::set_cookie('username', $user['name'], $expire_time); Cookie::set_cookie('userrole', $user['role'], $expire_time); Cookie::set_cookie('time', $time, $expire_time); Cookie::set_cookie('secstr', md5($user_id . '$' . $user['name'] . '$' . $user['role'] . '$' . $time . '$' . $seckey), $expire_time); LF\V('Json.Base')->init(Const_Code::SUCCESS, '帐号验证通过'); }
protected function check_cookie() { $user_id = Util_Server_Request::get_cookie('userid'); $user_name = Util_Server_Request::get_cookie('username'); $user_role = Util_Server_Request::get_cookie('userrole'); $time = Util_Server_Request::get_cookie('time'); $secstr = Util_Server_Request::get_cookie('secstr'); $seckey = LF\lb_read_system('seckey'); return $secstr === md5($user_id . '$' . $user_name . '$' . $user_role . '$' . $time . '$' . $seckey); }