public static function checkIsLogin() { //自动登录验证 if (session('uid') === null && ($uid = encrytion(cookie(C('COOKIE_PREFIX') . '_AUTO')))) { //清除token unset($_SESSION[$tokenName][md5(session_id())]); if ($User = new \Admin\Model\UserModel()) { $condition['uid'] = $uid; if ($result = $User->where($condition)->find()) { session('uid', $result['uid']); session('name', $result['name']); session('head', $result['head']); session('type', $result['type']); session('msg', $result['msg']); session('tel', $result['tel']); session('email', $result['email']); } else { self::$error = '自动登录失败'; } //后续改成,ajax返回错误信息 } else { self::$error = '数据库连接失败'; } } if ($_SESSION['uid'] === null) { //如果没有设置UID,就返回false,后续再做cookie验证 self::$error = '尚未登录'; return FALSE; } else { if (in_array($_SESSION['type'], array('6', '7'))) { self::$error = '您当前已被限制登录'; return FALSE; } } self::$error = '已登录'; return TRUE; }
public function login() { if (!$this->isPost()) { halt('页面不存在'); } $db = M('user'); $field = array('id', 'username', 'password', 'logintime', 'lock'); $where = array('account' => $this->_post('account')); $user = $db->where($where)->field($field)->find(); if (!$user || $user['password'] != $this->_post('pwd', 'md5')) { $this->error('帐号或密码错误'); } if ($user['lock']) { $this->error('帐号被锁定'); } //是否下次自动登录 if (isset($_POST['auto'])) { //设置cookie并加密 $value = $user['id'] . '|' . get_client_ip() . '|' . $user['username']; $value = encrytion($value, 1); //加密数据 //写入数据 @setcookie('auto', $value, C('AUTO_LOGIN_LIFETIME'), '/'); } /*每天登录获得经验*/ $today = strtotime(date('Y-m-d')); //今天0时0分0秒 $where = array('id' => $user['id']); if ($user['logintime'] < $today) { $db->where($where)->setInc('exp', C('LV_LOGIN')); } //更新时间 $db->where($where)->save(array('logintime' => time())); //写入session信息 session('uid', $user['id']); session('username', $user['username']); redirect($_SERVER['HTTP_REFERER']); }
public function login() { //待优化,不安全 if (IS_GET) { die("<meta charset='utf-8'><h1>非法访问</h1>"); } $tokenName = C('TOKEN_NAME', null, 'token'); if (Behavior\CheckIslogin::checkIsLogin()) { //校验成功,转入后台,这里不做有效性检测,有效性检测交给用户页面 switch (session('type')) { case '0': //超管 $this->success(Behavior\CheckIslogin::getError(), U('/Admin/Index/admin')); break; case '1': //普通管理员 // $this->success('已登陆,正在进入用户中心',U('/Admin/Index/user'));//header('Location: '.U('/admin/index/admin'));直接跳转 break; case '2': //普通用户 $this->success(Behavior\CheckIslogin::getError(), U('/Admin/Index/user')); //header('Location: '.U('/admin/index/admin'));直接跳转 break; case '3': //企业用户 break; } } else { if (IS_POST & I('post.token') == $_SESSION[$tokenName][md5(session_id())]) { //校验token成功后,清除 unset($_SESSION[$tokenName][md5(session_id())]); if ($User = new \Admin\Model\UserModel()) { $condition['uid'] = I('post.uid'); if ($result = $User->where($condition)->find()) { if ($result['pwd'] == I('post.pwd')) { //验证密码,登陆成功后,写cookie/session['uid'] session('uid', $result['uid']); /* *TODO: *memcache缓存,减少服务器维护的session数量和内存 * * */ session('name', $result['name']); session('head', $result['head']); session('type', $result['type']); session('msg', $result['msg']); session('tel', $result['tel']); session('email', $result['email']); //设置自动登录 if (I('post.remember') === 'on') { $value = session('uid'); $value = encrytion($value, 1); @setcookie(C('COOKIE_PREFIX') . '_AUTO', $value, C('AUTO_LOGIN_LIFETIME'), C('COOKIE_PATH')); } $this->success('登陆成功,请稍后', U('/Home/Index/index'), 1); } else { $this->error('密码不正确', U('/Admin/Index/index'), 2); } //后续改成,ajax返回错误信息 } else { $this->error('用户名不正确', U('/Admin/Index/index')); } //后续改成,ajax返回错误信息 } else { die('数据库连接失败'); } } else { $this->error('超时,请重新登录', U('/Admin/Index/index'), 3); } } }