private function validate_cp($email, $password, $no_log = false) { $password = $this->encrypt($email, $password); $pdo = $this->get_read_pdo(); $sql = "SELECT `id`, `balance`, `username`, `corp`, `owner`,\n `last_login_time`, `last_login_ip`\n FROM `t_diy_user`\n WHERE `email`=:email AND `password`=:password AND `status`=0"; $state = $pdo->prepare($sql); $state->execute(array(':email' => $email, ':password' => $password)); $this->user = $user = $state->fetch(PDO::FETCH_ASSOC); if ($no_log) { return !!$user; } // 记录这次登录 $time = date('Y-m-d H:i:s'); $ip = Utils::get_client_ip(); $DB = $this->get_write_pdo(); $success = $user ? 1 : 0; $sql = "INSERT INTO `t_diy_user_login_log`\n (`email`, `ip`, `time`, `success`)\n VALUES (:email, '{$ip}', '{$time}', {$success})"; $state = $DB->prepare($sql); $state->execute(['email' => $email]); if (!$user) { return false; } // 记录最后一次登录 $me = $user['id']; $sql = "UPDATE `t_diy_user`\n SET `last_login_time`='{$time}', `last_login_ip`='{$ip}'\n WHERE `id`='{$me}'"; $DB->exec($sql); // 记录到session session_start(); $_SESSION['email'] = $email; $_SESSION['id'] = $user['id']; $_SESSION['role'] = self::$CP_PERMISSION; $_SESSION['fullname'] = $user['username']; $_SESSION['balance'] = $user['balance']; $_SESSION['last_login'] = array('time' => $user['last_login_time'], 'ip' => $user['last_login_ip']); return true; }