public function loginsubmit()
{
$username = I('post.username');
$password = I('post.password');
$user_group = I('post.user_group');
$verify = I('post.verify');
if (!check_verify($verify)) {
$this->error('验证码输入错误!');
}
$res = \Org\Util\Rbac::authenticate(array('username' => $username, 'group' => $user_group));
if (false == $res) {
$this->error('帐号不存在或密码错误!');
} else {
$signpassword = sign_password($password);
if ($res['password'] != $signpassword) {
$this->error('用户名或密码错误!');
}
}
$member = M('Member')->where(array('id' => $res['id']))->find();
//更新活动时间
M('Member')->where(array('id' => $res['id']))->save(array('timeupdate' => date('Y-m-d H:i:s'), 'lastip' => get_client_ip()));
session('member', $member);
cookie('login', true);
if ($res['username'] == C('SPECIAL_USER')) {
session(C('ADMIN_AUTH_KEY'), true);
}
session(C('USER_AUTH_KEY'), $res['id']);
// 缓存访问权限
\Org\Util\Rbac::saveAccessList();
$this->success('登陆成功!');
}
public function grade_login()
{
if (!check_verify(I('code', ''))) {
$this->error('验证码错误');
}
$username = I('username');
$user = M('user')->where(array('username' => $username))->find();
$pwd = I('password', '', 'md5');
if (!$user | $user['password'] != $pwd) {
$this->error('用户名或密码错误');
}
if ($user['lock']) {
$this->error('用户被锁定,请联系管理员解锁');
}
$data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip());
M('user')->save($data);
session(C('USER_AUTH_KEY'), $user['id']);
session('username', $user['username']);
session('lastlogintime', date('Y-m-d H:i', $user['logintime']));
session('lastloginip', $user['loginip']);
if ($user['username'] == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
import('Org.Util.Rbac');
Rbac::saveAccessList();
// dump($_SESSION);die;
$this->redirect('Grade/Grade/grade_index');
}
public function dologin()
{
if (!IS_POST) {
$this->error('路径非法', 'index');
}
if (I('post.username') == '') {
$this->error('请输入登录名!');
}
if (I('post.password') == '') {
$this->error('请输入密码!');
}
$ip = get_client_ip();
$log = wx_opera_log(I('post.username'), '登录', '登录', $ip, 'dologin');
$db = M('user');
$user = $db->where(array('user_name' => I('post.username')))->find();
if (!$user || $user['user_pass'] != I('post.password', '', 'md5')) {
$this->error('登录信息错误,请重新登陆!', 'index');
} else {
session(C('USER_AUTH_KEY'), $user['id']);
session('username', $user['user_name']);
session('logintime', date('Y-m-d H:i:s', $user['user_logtime']));
//超级管理员识别
if ($user['user_name'] == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
//读取用户权限
import('Org.Util.Rbac');
Rbac::saveAccessList();
$data['user_logtime'] = time();
$db->where("id=" . $user['id'])->save($data);
$this->success('登陆成功', redirect('Index/index'));
}
}
private function dologin(array $authInfo)
{
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
// $_SESSION['email'] = $authInfo['email'];
$_SESSION['loginUserName'] = $authInfo['nickname'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['login_count'] = $authInfo['account'];
//$_SESSION['token_auth'] = $authInfo['token_auth'];
if ($authInfo['account'] == 'super_admin') {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
// 保存登录信息
$User = M('User');
$ip = get_client_ip();
$time = date('Ymd H:i:s');
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', 'login_count+1');
$data['last_login_ip'] = $ip;
$User->save($data);
// 缓存访问权限
Rbac::saveAccessList();
$this->success('登录成功', __APP__ . '/Home/Index/index');
}
protected function _addLoginSession($inData)
{
session(C('USER_AUTH_KEY'), $inData['id']);
session('username', $inData['username']);
session('email', $inData['email']);
if ($inData['is_supperadmin']) {
session(C('ADMIN_AUTH_KEY'), true);
}
Rbac::saveAccessList();
}
/**
* 管理员登录
*/
public function login()
{
if (IS_GET) {
$this->display();
} else {
//登录逻辑
session(C('ADMIN_AUTH_KEY'), true);
session(C('USER_AUTH_KEY'), 3);
Rbac::saveAccessList(3);
$this->success("登录成功", "../Index/index");
}
}
/**
* 登录
*/
public function login()
{
if (!IS_POST) {
E('页面不存在');
}
$msg = array('errno' => 0, 'error' => '', 'url' => '');
$username = I('username');
$pwd = I('password', '', 'md5');
$user = M('sysuser')->where(array('username' => $username))->find();
if (!$user || $user['password'] != $pwd) {
$msg['errno'] = 1;
$msg['error'] = '用户名或密码错误';
$this->ajaxReturn($msg);
}
if ($user['lock']) {
$msg['errno'] = 1;
$msg['error'] = '用户被锁定';
$this->ajaxReturn($msg);
}
$data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip());
M('sysuser')->save($data);
session(C('USER_AUTH_KEY'), $user['id']);
session('username', $user['username']);
session('logintime', date('Y-m-d H:i:s', $user['logintime']));
session('loginip', $user['loginip']);
/* 判断是否为超级管理员 */
if ($user['username'] == C('RBAC_SUPERADMIN')) {
session('superadmin', true);
}
import('ORG.Util.RBAC');
//引入RBAC类
Rbac::saveAccessList();
//保存权限到SESSION
$msg['error'] = '登录成功';
$msg['url'] = U('Admin/Index/index');
$this->ajaxReturn($msg);
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
} elseif (empty($_POST['verify'])) {
$this->error('验证码必须!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['account'] = $_POST['account'];
$map["status"] = array('gt', 0);
if (!$this->check_verify(I('verify'))) {
$this->error('验证码错误!');
}
$authInfo = Rbac::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['email'] = $authInfo['email'];
$_SESSION['loginUserName'] = $authInfo['nickname'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['login_count'] = $authInfo['login_count'];
if ($authInfo['account'] == 'admin') {
$_SESSION['administrator'] = true;
}
//保存登录信息
$User = M('User');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', 'login_count+1');
$data['last_login_ip'] = $ip;
$User->save($data);
// 缓存访问权限
Rbac::saveAccessList();
$this->success('登录成功!');
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
$this->error('密码必须!');
} elseif (empty($_POST['verify'])) {
$this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
$this->error('验证码必须!');
}
// 生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['account'] = $_POST['account'];
$map["status"] = array('gt', 0);
$data = array();
$data['ip'] = get_client_ip();
$data['date'] = date("Y-m-d H:i:s");
$data['username'] = $_POST['account'];
$data['module'] = MODULE_NAME;
$data['action'] = ACTION_NAME;
$data['querystring'] = U(MODULE_NAME . '/' . ACTION_NAME);
if ($_SESSION['verify'] != md5($_POST['verify'])) {
$this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
$this->error('验证码错误!');
}
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$data['status'] = 0;
D("Log")->add($data);
$this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$data['status'] = 0;
D("Log")->add($data);
$this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
$this->error('密码错误!');
}
$_SESSION['user_info'] = $authInfo;
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
// 站点ID设置
$_SESSION['siteid'] = SITEID;
if ($authInfo['role_id'] == 1) {
$_SESSION['administrator'] = true;
}
//保存登录信息
D('User')->where(array('id' => $authInfo['id']))->save(array('last_login_time' => time(), 'last_login_ip' => $data['id']));
//保存日志
$data['status'] = 1;
$data['userid'] = $authInfo['id'];
D("Log")->add($data);
// 存储访问权限
RBAC::saveAccessList();
$this->success('登录成功!', __MODULE__ . '/Index');
}
}
public function loginAction()
{
if (IS_POST) {
$Verify = new \Think\Verify();
if (!$Verify->check(I('post.verify'))) {
//处理验证码错误
session('verifyErr', '验证码错误');
redirect(U('index'));
return;
}
if (!empty($_POST)) {
$User = M('user');
if (!($data = $User->create())) {
echo 'many form';
die;
}
//$pwd = md5(I('post.password'));
$username = $data['username'];
$pwd = I('post.password');
$info = $User->where(array(username => I('post.username')))->find();
if (!$info) {
session('userErr', '用户名错误');
redirect(U('index'));
return;
} else {
if ($info['password'] === $pwd) {
$data = array('id' => $info['id'], 'logintime' => time(), 'loginip' => get_client_ip());
M('user')->save($data);
//更新用户登陆信息
session(C('USER_AUTH_KEY'), $info['id']);
if ($username == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
Rbac::saveAccessList();
//dump($_SESSION);die;
redirect(U('Admin/index/index', '', ''));
return;
}
//处理密码错误
session('pwdErr', '密码错误');
redirect(U('index'));
return;
}
}
}
$this->display();
/*if(IS_POST){
$Verify = new \Think\Verify();
if($Verify->check(I('verify'))){
if(I('username') != '' && I('password') != ''){
$data = array (
$username => I('username')
);
$password = I('password');
$Model = new \Think\Model();
$user = $Model->query('select * from user where username = "******"');
//$user = M('user')->where($data)->find();
if($user) {
if($user[0]['password'] == md5($password)){
session('uid', $user[0]['id']);
session('username', $user[0]['username']);
redirect(U('Home/index/index', '', ''));
}else{
//密码错误
$pwderr = '密码错误';
$this->assign('pwderr', $pwderr);
$this->display();
}
}else {
//用户名不存在
$nouser = '******';
$this->assign('nouser', $nouser);
$this->display();
}
}
}else{
//验证码错误
$verifyErr = '验证码错误';
$this->assign('verifyErr', $verifyErr);
$this->display();
}
}else {
$this->display();
}*/
}
public function checkLogin($username, $password, $verify)
{
$this->jumpUrl = __MODULE__ . C('USER_AUTH_GATEWAY');
if (empty($username) || empty($password) || empty($verify)) {
$this->errorCode = 10001;
$this->errorMessage = '用户名|密码|验证码都必须!';
return false;
}
if (session('verify') != md5($verify)) {
$this->errorCode = 10001;
$this->errorMessage = '验证码错误!';
return false;
}
// 生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['account'] = $username;
$map["status"] = array('gt', 0);
$authInfo = RBAC::authenticate($map);
$allow_try_error_time = C('ALLOW_TRY_ERROR_TIME', null, 5);
if ($authInfo['try_time'] >= $allow_try_error_time) {
$this->errorCode = 10002;
$this->errorMessage = '登录失败次数过多,帐号已被禁用,请与管理员联系!';
return false;
}
model('User')->where(array('id' => $authInfo['id']))->save(array('try_time' => array('exp', '`try_time` + 1')));
$data = array();
$data['ip'] = get_client_ip();
$data['date'] = date("Y-m-d H:i:s");
$data['username'] = $username;
$data['module'] = MODULE_NAME;
$data['action'] = ACTION_NAME;
$data['querystring'] = U(MODULE_NAME . '/' . ACTION_NAME);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$data['status'] = 0;
model("Log")->add($data);
$this->errorCode = 10003;
$this->errorMessage = '帐号不存在或已禁用!';
return false;
} else {
if ($authInfo['password'] != md5($password)) {
$data['status'] = 0;
model("Log")->add($data);
$this->errorCode = 10003;
$this->errorMessage = '密码错误!你还有' . ($allow_try_error_time - 1 - $authInfo['try_time']) . '尝试次机会';
return false;
}
// 保存Session
session('user_info', $authInfo);
session(C('USER_AUTH_KEY'), $authInfo['id']);
session('lastLoginTime', $authInfo['last_login_time']);
if ($authInfo['role_id'] == 1) {
session('administrator', true);
}
//保存登录信息
model('User')->where(array('id' => $authInfo['id']))->save(array('last_login_time' => time(), 'last_login_ip' => $data['id'], 'try_time' => 0));
//保存日志
$data['status'] = 1;
$data['userid'] = $authInfo['id'];
model("Log")->add($data);
// 存储访问权限
RBAC::saveAccessList();
// 设置默认站点
$sites = logic('site')->getAccessibleSites();
$current_site = current($sites);
set_siteid($current_site['id']);
return true;
}
}
protected static function SetUserRoleSession($userid)
{
session('id', $userid);
\Org\Util\Rbac::saveAccessList($userid);
session('user_role', M('ThinkRoleUser')->where('user_id=%d', $userid)->getField('role_id'));
}
/**
* 管理员登录认证
* @param array $admin 管理员信息
* @return array
*/
public function login($admin)
{
$Admin = $this->getM();
// 邮箱是否存在
if (!$this->existAccount($admin['email'])) {
return $this->errorResultReturn('邮箱不存在!');
}
$account = $Admin->getByEmail($admin['email']);
// 密码验证
if ($account['password'] != $this->encrypt($admin['password'])) {
return $this->errorResultReturn('密码不正确!');
}
// 是否启用
if (!$this->isActive($admin['email'])) {
return $this->errorResultReturn('账户已被禁用!');
}
$loginMarked = C('LOGIN_MARKED');
$shell = $this->genShell($account['id'], $account['password']);
// 生成登录session
$_SESSION[$loginMarked] = $shell;
// 生成登录cookie
$shell .= '_' . time();
setcookie($loginMarked, $shell, 0, '/');
$_SESSION['current_account'] = $account;
// 权限认证
if (C('USER_AUTH_ON')) {
$_SESSION[C('USER_AUTH_KEY')] = $account['id'];
if ($account['is_super']) {
// 超级管理员无需认证
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
// 缓存访问权限
\Org\Util\Rbac::saveAccessList();
}
// 更新最后登录时间
$Admin->where("id={$account['id']}")->save(array('last_login_at' => time()));
return $this->resultReturn(true);
}
