public function signin() { $username = isset($_POST['username']) ? $_POST['username'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; $captcha = isset($_POST['captcha']) ? $_POST['captcha'] : ''; //合法性验证 if (empty($captcha)) { $this->failure('index.php', '验证码不能为空!'); } if (empty($username) || empty($password)) { $this->failure('index.php', '用户名或密码不能为空!'); } //有效性验证 if (!Captcha::checkCaptcha($captcha)) { $this->failure('index.php', '验证码错误!'); } //验证用户信息(操作数据库:模型) $admin = new AdminModel(); if ($user = $admin->checkByUsernameAndPassword($username, $password)) { $_SESSION['user'] = $user; $admin->updateLoginInfo($user['a_id']); $this->success('index.php?module=index&action=index', '登录成功!'); } else { $this->failure('index.php', '用户名或密码错误!'); } }
public function signin(){ $username = isset($_POST['username']) ? $_POST['username'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; $captcha = isset($_POST['captcha']) ? $_POST['captcha'] : ''; if(empty($captcha)){ $this->failure('index.php','验证码不能为空'); } if(empty($username)){ $this->failure('index.php','用户名或者密码都不能为空'); } if(Captcha::checkCaptcha($captcha)){ $this->failure('index.php','验证码错误'); } $admin = new AdminModel(); if($user = $admin->checkByUsernameAndPassword($username,$password)){ $_SESSION['user'] = $user; $admin->updateLoginInfo($user['a_id']); $this->success('index.php?module=index&action=index','登录成功'); }else{ $this->failure('index.php','验证码错误'); } }
public function signin(){ //假设经过验证 //接收数据 $username = isset($_POST['username']) ? $_POST['username'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; $captcha = isset($_POST['captcha']) ? $_POST['captcha'] : ''; //合法性验证 if(empty($captcha)){ $this->failure('index.php','验证码不能为空!'); } if(empty($username) || empty($password)){ $this->failure('index.php','用户名或者密码都不能为空!'); } //有效性验证 if(!Captcha::checkCaptcha($captcha)){ $this->failure('index.php','验证码错误!'); } //验证用户信息(操作数据库:模型) $admin = new AdminModel(); if($user = $admin->checkByUsernameAndPassword($username,$password)) { //成功 $_SESSION['user'] = $user; //更新用户信息 $admin->updateLoginInfo($user['a_id']); //跳转到首页 $this->success('index.php?module=index&action=index','登录成功,正在跳转!'); }else{ //失败 $this->failure('index.php','用户名或者密码不正确!'); } }
//user authentication用户验证 $username = isset($_POST['username']) ? $_POST['username'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; $captcha = isset($_POST['captcha']) ? $_POST['captcha'] : ''; // data validation数据合法性验证 if (empty($username) || empty($password)) { //missing data,return 信息不完整,返回到登录界面 admin_redirect('privilege.php', '帐号密码不能为空', 3); } //echo $captcha; //连接数据库前连接验证码 if (empty($captcha)) { admin_redirect('privilege.php', '必须先填写验证码', 3); } //($_SESSION['captcha']); if (!Captcha::checkCaptcha($captcha)) { admin_redirect('privilege.php', '验证码不正确', 3); } //check user验证用户有效性(登录) $admin = new Admin(); $user = $admin->checkByUsernameAndPassword($username, $password); if ($user) { //save $user to session将$user保存到session //session_start(); $_SESSION['user'] = $user; //判断用户是否记住用户信息 if (isset($_POST['remember'])) { //用户选择了保存 //设置cookie 记住用户id即可,把信息存放到浏览器 setcookie('user_id', $user['a_id'], time() + 7 * 24 * 3600); }
<?php Validator::extend('captcha', function ($attribute, $value, $parameters) { return Captcha::checkCaptcha($value); });
/** * registerNewUser() * * handles the entire registration process. checks all error possibilities, and creates a new user in the database if * everything is fine * @return boolean Gives back the success status of the registration */ public function registerNewUser() { $captcha = new Captcha(); if (!$captcha->checkCaptcha()) { $this->errors[] = FEEDBACK_CAPTCHA_WRONG; } elseif (empty($_POST['user_name'])) { $this->errors[] = FEEDBACK_USERNAME_FIELD_EMPTY; } elseif (empty($_POST['user_password_new']) || empty($_POST['user_password_repeat'])) { $this->errors[] = FEEDBACK_PASSWORD_FIELD_EMPTY; } elseif ($_POST['user_password_new'] !== $_POST['user_password_repeat']) { $this->errors[] = FEEDBACK_PASSWORD_REPEAT_WRONG; } elseif (strlen($_POST['user_password_new']) < 6) { $this->errors[] = FEEDBACK_PASSWORD_TOO_SHORT; } elseif (strlen($_POST['user_name']) > 64 || strlen($_POST['user_name']) < 2) { $this->errors[] = FEEDBACK_USERNAME_TOO_SHORT_OR_TOO_LONG; } elseif (!preg_match('/^[a-z\\d]{2,64}$/i', $_POST['user_name'])) { $this->errors[] = FEEDBACK_USERNAME_DOES_NOT_FIT_PATTERN; } elseif (empty($_POST['user_email'])) { $this->errors[] = FEEDBACK_EMAIL_FIELD_EMPTY; } elseif (strlen($_POST['user_email']) > 64) { $this->errors[] = FEEDBACK_EMAIL_TOO_LONG; } elseif (!filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)) { $this->errors[] = FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN; } elseif (!empty($_POST['user_name']) && strlen($_POST['user_name']) <= 64 && strlen($_POST['user_name']) >= 2 && preg_match('/^[a-z\\d]{2,64}$/i', $_POST['user_name']) && !empty($_POST['user_email']) && strlen($_POST['user_email']) <= 64 && filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL) && !empty($_POST['user_password_new']) && !empty($_POST['user_password_repeat']) && $_POST['user_password_new'] === $_POST['user_password_repeat']) { // escapin' this, additionally removing everything that could be (html/javascript-) code $this->user_name = htmlentities($_POST['user_name'], ENT_QUOTES); $this->user_email = htmlentities($_POST['user_email'], ENT_QUOTES); // no need to escape as this is only used in the hash function $this->user_password = $_POST['user_password_new']; // now it gets a little bit crazy: check if we have a constant HASH_COST_FACTOR defined (in config/hashing.php), // if so: put the value into $this->hash_cost_factor, if not, make $this->hash_cost_factor = null $this->hash_cost_factor = defined('HASH_COST_FACTOR') ? HASH_COST_FACTOR : null; // crypt the user's password with the PHP 5.5's password_hash() function, results in a 60 character hash string // the PASSWORD_DEFAULT constant is defined by the PHP 5.5, or if you are using PHP 5.3/5.4, by the password hashing // compatibility library. the third parameter looks a little bit shitty, but that's how those PHP 5.5 functions // want the parameter: as an array with, currently only used with 'cost' => XX. $this->user_password_hash = password_hash($this->user_password, PASSWORD_DEFAULT, array('cost' => $this->hash_cost_factor)); // check if user already exists $sth = $this->db->prepare("SELECT * FROM users WHERE user_name = :user_name ;"); $sth->execute(array(':user_name' => $this->user_name)); $count = $sth->rowCount(); if ($count == 1) { $this->errors[] = FEEDBACK_USERNAME_ALREADY_TAKEN; } else { // generate random hash for email verification (40 char string) $this->user_activation_hash = sha1(uniqid(mt_rand(), true)); // write new users data into database //$query_new_user_insert = $this->db_connection->query("INSERT INTO users (user_name, user_password_hash, user_email, user_activation_hash) VALUES('".$this->user_name."', '".$this->user_password_hash."', '".$this->user_email."', '".$this->user_activation_hash."');"); $sth = $this->db->prepare("INSERT INTO users (user_name, user_password_hash, user_email, user_activation_hash) VALUES(:user_name, :user_password_hash, :user_email, :user_activation_hash) ;"); $sth->execute(array(':user_name' => $this->user_name, ':user_password_hash' => $this->user_password_hash, ':user_email' => $this->user_email, ':user_activation_hash' => $this->user_activation_hash)); $count = $sth->rowCount(); if ($count == 1) { $this->user_id = $this->db->lastInsertId(); // send a verification email if ($this->sendVerificationEmail()) { // when mail has been send successfully $this->messages[] = FEEDBACK_ACCOUNT_SUCCESSFULLY_CREATED; $this->registration_successful = true; return true; } else { // delete this users account immediately, as we could not send a verification email // the row (which will be deleted) is identified by PDO's lastinserid method (= the last inserted row) // @see http://www.php.net/manual/en/pdo.lastinsertid.php $sth = $this->db->prepare("DELETE FROM users WHERE user_id = :last_inserted_id ;"); $sth->execute(array(':last_inserted_id' => $this->db->lastInsertId())); $this->errors[] = FEEDBACK_VERIFICATION_MAIL_SENDING_FAILED; } } else { $this->errors[] = FEEDBACK_ACCOUNT_CREATION_FAILED; } } } else { $this->errors[] = FEEDBACK_UNKNOWN_ERROR; } // standard return. returns only true of really successful (see above) return false; }