public function login() { if ($this->AjaxRequest) { if (!($name = $this->post("name"))) { return $this->renderJson(['code' => 400, 'errmsg' => 'Missing required parameter:$username.']); } if (!($passwd = $this->post("passwd"))) { return $this->renderjson(['code' => 400, 'errmsg' => "Missing required parameter: {$password}"]); } $userModel = Model::make("User"); if (!($userObj = $userModel->getUserByName($name))) { return $this->renderJson(['code' => 401, "errmsg" => "Incorrect password input"]); } //var_dump( $passwd, $userObj->passwd ); if (!tPassword::verify($passwd, $userObj->passwd)) { return $this->renderJson(['code' => 401, 'errmsg' => "incorrect password input"]); } tSession::login($userObj, $this->server("HTTP_USER_AGENT")); $this->updateLoginInfo($userObj, $this->server("REMOTE_ADDR")); if ($http_referer = $this->post("http_referer")) { $go_url = $http_referer; } else { $go_url = "/admin/dashBoard.html"; } return $this->renderJson(['code' => 200, 'errmsg' => 'ok', 'go_url' => $go_url]); } else { return $this->renderJson(["code" => 403, "errmsg" => "Access forbindden"]); } }
public function chpwd() { if ($this->AjaxRequest) { $user = tSession::getLoginedUserInfo(); $userModel = Model::make("User"); $userObj = $userModel->getUserById($user->id); if (!($old = $this->post("old"))) { return $this->renderJson(400, "Missing required parameter:old password!"); } if (!($newPwd = $this->post("new"))) { return $this->renderJson(400, "Missing requried parameter:new password"); } if (!($confirm = $this->post("confirm"))) { return $this->renderJson(400, "Missing requred parameter:confirm password!"); } if ($newPwd !== $confirm) { return $this->renderJson(400, "两次新密码输入不相同!"); } if (!tPassword::verify($old, $userObj->passwd)) { return $this->renderJson(400, "原密码不正确!"); } $userObj->passwd = tPassword::hash($newPwd); $userObj->save(); return $this->renderJson(["code" => 200, "errmsg" => "ok"]); } }
public static function verifyLoginStatus($userAgent) { $session = Factory::make('session'); $user_login_key = $session->get("_login_cookie_key"); $user_login_val = $session->get("_logined_user") . $userAgent; if (!isset($_COOKIE[$user_login_key])) { return false; } return tPassword::verify($user_login_val, $_COOKIE[$user_login_key]); }