public static function process($aconfig = '')
{
global $ARCurrent;
$ARCurrent->arDontCache = true;
$context = pobject::getContext();
$me = $context["arCurrentObject"];
// ConfigArray
$context = $me->getContext();
$template = $me->getvar('arCallFunction');
if (!is_array($aconfig)) {
$aconfig = array();
}
$temp = $me->store->get_config('files') . 'temp/';
$config = array('template' => $template, 'url' => $me->make_url(), 'tempfolder' => $temp, 'TTF_folder' => CAPTCHA_TTF_FOLDER, 'TTF_RANGE' => array('andalemo.ttf', 'arial.ttf', 'ariblk.ttf', 'comic.ttf', 'cour.ttf', 'georgia.ttf', 'impact.ttf', 'times.ttf', 'trebuc.ttf', 'verdana.ttf'), 'chars' => 5, 'minsize' => 20, 'maxsize' => 30, 'maxrotation' => 25, 'noise' => FALSE, 'websafecolors' => FALSE, 'refreshlink' => TRUE, 'lang' => 'en', 'maxtry' => 3, 'badguys_url' => '/', 'secretstring' => 'A very, very secret string which is used to generate a md5-key!', 'secretposition' => 15, 'debug' => FALSE);
foreach ($aconfig as $akey => $aval) {
switch ($akey) {
case 'maxsize':
case 'maxrotation':
case 'noise':
case 'websafecolors':
case 'lang':
case 'maxtry':
case 'badguys_url':
case 'secretstring':
case 'secretposition':
case 'minsize':
case 'chars':
case 'debug':
$config[$akey] = $aval;
break;
}
}
$captcha = new mod_captcha($config);
if ($me->getvar('show')) {
$captchaCase = 'show';
} else {
$case = $captcha->validate_submit();
switch ($case) {
case 1:
$captchaCase = 'valid';
break;
case 2:
$captchaCase = 'invalid';
break;
case 3:
$captchaCase = 'expired';
break;
default:
$captchaCase = 'normal';
break;
}
}
$context['captcha'] = $captcha;
$me->setContext($context);
return $captchaCase;
}
public function authenticate($data, $type = null)
{
$timestamp = time();
//当前时间戳
$admin_recordfile = PATH_ADMIN . "/data/log/admin_log.php";
//用户登录log记录文件
$F_count = F_L_count($admin_recordfile, 2000);
$L_T = 3600 - ($timestamp - @filemtime($admin_recordfile));
//20分钟内
$L_left = 15 - $F_count;
if ($F_count > 1500000000 && $L_T > 0) {
// 登录失败次数过多检测
throw new Exception("连续登陆错误超过15次,请20分钟后再试.");
}
$s = new mod_captcha(PATH_ADMIN . '/data/captcha/');
$s->session_word = 'flpm_login';
$username = trim(array_var($data, "username"));
$password = trim(array_var($data, "password"));
$captcha = trim(array_var($data, "captcha"));
$logintype = trim(array_var($data, "logintype"));
$cpuinfo = mod_member::get_oneamdinbyusername($username);
if (in_array($cpuinfo['level'], array(8, 9))) {
$logintype = 1;
}
$password = $password;
if (VERIFY_CODE == 1 && $type == null) {
if ($captcha == '') {
self::log_error_login($username, $password);
throw new Exception('请输入验证码!');
} else {
if ($logintype != 3) {
if (!$s->check_word($captcha)) {
throw new Exception('请输入正确的验证码!');
}
}
}
}
if ($type == 'sso') {
$logintype = 2;
}
if ($logintype == 1) {
$username = $username;
$password = $password;
if (!in_array($cpuinfo['level'], array(8, 9))) {
throw new Exception('不允许此方式登录!');
}
} elseif ($logintype == 2) {
$bossuser = mod_oracle::bossuser($username);
$bossuser = $bossuser[0];
if ($type == null) {
if (md5($password) != $bossuser['PASSWORD']) {
throw new Exception('密码不正确!');
}
} else {
if ($password != $bossuser['PASSWORD']) {
throw new Exception('密码不正确!');
}
}
$bossname = $bossuser['LOGIN_NAME'];
$vid = mod_member::getnamebybossname($bossname);
if (!$vid) {
$localuserinfo = mod_member::get_oneamdinbyusername($bossname);
if (!$localuserinfo) {
$addname = $bossname;
$addtruename = $bossuser['NAME'];
$addpassword = '******';
$addemail = $bossuser['EMAIL'];
$addadminlevel = '2';
$user_id = mod_member::member_add($addname, $addtruename, $addpassword, $addemail, $addadminlevel);
$adddata['bossname'] = $bossuser['LOGIN_NAME'];
mod_member::addbossuser($adddata, $user_id);
$addright = mod_member::get_right('1');
mod_member::saverights($addright, $addname);
$addsubject = '飞流九天产品后台账户创建通知';
$mailtxt = mailtxt($addname, $addpassword, $addemail);
//$addemail && @mod_mail::send($addemail,$addname,$addsubject,$mailtxt,'html');
$username = $addname;
$password = md5($addpassword);
} else {
$data = array();
$data['bossname'] = $bossname;
mod_member::addbossuser($data, $localuserinfo['user_id']);
$username = $localuserinfo['name'];
$password = md5($localuserinfo['password']);
}
} else {
$username = $vid['user_name'];
$password = $vid['password'];
$user_id = $vid['user_id'];
}
} elseif ($logintype == 3) {
$bossuser = mod_oracle::bossuser($username);
$bossuser = $bossuser[0];
if ($username != $bossuser['LOGIN_NAME']) {
return false;
}
if ($password != $bossuser['PASSWORD']) {
return false;
}
}
if (self::verify_login_in($username, $password, $logintype)) {
$auth_key = self::get_user_agent();
if ($logintype == 1) {
$auth_password = md5($password);
} elseif ($logintype == 2) {
$auth_password = $password;
}
$auth_username = $username;
self::update_login($user_id);
$cookie_value = authcode($auth_username . ':' . $auth_key . ':' . $auth_password, $operation = 'ENCODE');
$cookie_expire = time() + 7200;
//20分钟
$cook_pre = AUTH_KEY . '_admin_auth';
$_COOKIE[$cook_pre] = $cookie_value;
setcookie(AUTH_KEY . '_admin_auth', $cookie_value, $cookie_expire, PATH_COOKIE);
return true;
}
}
