public static function hasLogin() { $cookieUid = Typecho_Cookie::get('__typecho_uid'); if (null !== $cookieUid) { $db = Typecho_Db::get(); $user = $db->fetchRow($db->select()->from('table.users')->where('uid = ?', intval($cookieUid))->limit(1)); $cookieAuthCode = Typecho_Cookie::get('__typecho_authCode'); if ($user && Typecho_Common::hashValidate($user['authCode'], $cookieAuthCode)) { return true; } Typecho_Cookie::delete('__typecho_uid'); Typecho_Cookie::delete('__typecho_authCode'); } return false; }
/** * 构造方法 * * @access public * @var void */ public function __construct($request, $response, $params = NULL) { parent::__construct($request, $response, $params); /* 获取插件配置 */ $options = parent::widget('Widget_Options'); $this->_config = $options->plugin('Remix'); /* 初始服务标识 */ if (isset($request->serve) && !empty($request->serve)) { static::$serve = $request->filter('strip_tags', 'trim', 'xss')->serve; } else { static::$serve = 'xiami'; } /* 判断来路 */ $siteParts = parse_url($options->siteUrl); $refParts = parse_url($request->getReferer()); $hash = $request->getServer('HTTP_REMIX_HASH'); if (!$request->isAjax() || $siteParts['host'] != $refParts['host'] || !Typecho_Common::hashValidate($this->_config->hash, $hash)) { throw new Typecho_Widget_Exception(_t('Bad Request!'), 403); } }
/** * 判断用户是否已经登录 * * @access public * @return boolean */ public function hasLogin() { if (NULL !== $this->_hasLogin) { return $this->_hasLogin; } else { $cookieUid = Typecho_Cookie::get('__typecho_uid'); if (NULL !== $cookieUid) { /** 验证登陆 */ $user = $this->db->fetchRow($this->db->select()->from('table.users')->where('uid = ?', intval($cookieUid))->limit(1)); $cookieAuthCode = Typecho_Cookie::get('__typecho_authCode'); if ($user && Typecho_Common::hashValidate($user['authCode'], $cookieAuthCode)) { $this->_user = $user; return $this->_hasLogin = true; } $this->logout(); } return $this->_hasLogin = false; } }
/** * 重置密码 * * @access public * @return void */ public function doReset() { /* 验证token */ $token = $this->request->filter('strip_tags', 'trim', 'xss')->token; list($uid, $hashValidate, $timeStamp) = explode('.', base64_decode($token)); $currentTimeStamp = $this->options->gmtTime; /* 检查链接时效 */ if ($currentTimeStamp - $timeStamp > 3600) { // 链接失效, 返回登录页 $this->notice->set(_t('该链接已失效, 请重新获取'), 'notice'); $this->response->redirect($this->options->loginUrl); } $db = Typecho_Db::get(); $user = $db->fetchRow($db->select()->from('table.users')->where('uid = ?', $uid)); $hashString = $user['name'] . $user['mail'] . $user['password']; $hashValidate = Typecho_Common::hashValidate($hashString, $hashValidate); if (!$hashValidate) { // token错误, 返回登录页 $this->notice->set(_t('该链接已失效, 请重新获取'), 'notice'); $this->response->redirect($this->options->loginUrl); } require_once 'theme/reset.php'; /* 重置密码 */ if ($this->request->isPost()) { /* 验证表单 */ if ($error = $this->resetForm()->validate()) { $this->notice->set($error, 'error'); return false; } $hasher = new PasswordHash(8, true); $password = $hasher->HashPassword($this->request->password); $update = $db->query($db->update('table.users')->rows(array('password' => $password))->where('uid = ?', $user['uid'])); if (!$update) { $this->notice->set(_t('重置密码失败'), 'error'); } $this->notice->set(_t('重置密码成功'), 'success'); $this->response->redirect($this->options->loginUrl); } }
/** * 判断用户是否已经登录 * * @access public * @return void */ public function hasLogin() { if (NULL !== $this->_hasLogin) { return $this->_hasLogin; } else { if (NULL !== $this->request->__typecho_uid) { /** 验证登陆 */ $user = $this->db->fetchRow($this->db->select()->from('table.users')->where('uid = ?', intval($this->request->__typecho_uid))->limit(1)); //var_dump(Typecho_Common::hashValidate($user['authCode'], $this->request->__typecho_authCode)); //die; if ($user && Typecho_Common::hashValidate($user['authCode'], $this->request->__typecho_authCode)) { $this->_user = $user; return $this->_hasLogin = true; } $this->logout(); } return $this->_hasLogin = false; } }