public function signin()
{
$username = isset($_POST['username']) ? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : '';
//合法性验证
if (empty($captcha)) {
$this->failure('index.php', '验证码不能为空!');
}
if (empty($username) || empty($password)) {
$this->failure('index.php', '用户名或密码不能为空!');
}
//有效性验证
if (!Captcha::checkCaptcha($captcha)) {
$this->failure('index.php', '验证码错误!');
}
//验证用户信息(操作数据库:模型)
$admin = new AdminModel();
if ($user = $admin->checkByUsernameAndPassword($username, $password)) {
$_SESSION['user'] = $user;
$admin->updateLoginInfo($user['a_id']);
$this->success('index.php?module=index&action=index', '登录成功!');
} else {
$this->failure('index.php', '用户名或密码错误!');
}
}
public function signin(){
$username = isset($_POST['username']) ? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : '';
if(empty($captcha)){
$this->failure('index.php','验证码不能为空');
}
if(empty($username)){
$this->failure('index.php','用户名或者密码都不能为空');
}
if(Captcha::checkCaptcha($captcha)){
$this->failure('index.php','验证码错误');
}
$admin = new AdminModel();
if($user = $admin->checkByUsernameAndPassword($username,$password)){
$_SESSION['user'] = $user;
$admin->updateLoginInfo($user['a_id']);
$this->success('index.php?module=index&action=index','登录成功');
}else{
$this->failure('index.php','验证码错误');
}
}
public function signin(){
//假设经过验证
//接收数据
$username = isset($_POST['username']) ? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : '';
//合法性验证
if(empty($captcha)){
$this->failure('index.php','验证码不能为空!');
}
if(empty($username) || empty($password)){
$this->failure('index.php','用户名或者密码都不能为空!');
}
//有效性验证
if(!Captcha::checkCaptcha($captcha)){
$this->failure('index.php','验证码错误!');
}
//验证用户信息(操作数据库:模型)
$admin = new AdminModel();
if($user = $admin->checkByUsernameAndPassword($username,$password))
{
//成功
$_SESSION['user'] = $user;
//更新用户信息
$admin->updateLoginInfo($user['a_id']);
//跳转到首页
$this->success('index.php?module=index&action=index','登录成功,正在跳转!');
}else{
//失败
$this->failure('index.php','用户名或者密码不正确!');
}
}
//user authentication用户验证
$username = isset($_POST['username']) ? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : '';
// data validation数据合法性验证
if (empty($username) || empty($password)) {
//missing data,return 信息不完整,返回到登录界面
admin_redirect('privilege.php', '帐号密码不能为空', 3);
}
//echo $captcha;
//连接数据库前连接验证码
if (empty($captcha)) {
admin_redirect('privilege.php', '必须先填写验证码', 3);
}
//($_SESSION['captcha']);
if (!Captcha::checkCaptcha($captcha)) {
admin_redirect('privilege.php', '验证码不正确', 3);
}
//check user验证用户有效性(登录)
$admin = new Admin();
$user = $admin->checkByUsernameAndPassword($username, $password);
if ($user) {
//save $user to session将$user保存到session
//session_start();
$_SESSION['user'] = $user;
//判断用户是否记住用户信息
if (isset($_POST['remember'])) {
//用户选择了保存
//设置cookie 记住用户id即可,把信息存放到浏览器
setcookie('user_id', $user['a_id'], time() + 7 * 24 * 3600);
}
<?php
Validator::extend('captcha', function ($attribute, $value, $parameters) {
return Captcha::checkCaptcha($value);
});
/**
* registerNewUser()
*
* handles the entire registration process. checks all error possibilities, and creates a new user in the database if
* everything is fine
* @return boolean Gives back the success status of the registration
*/
public function registerNewUser()
{
$captcha = new Captcha();
if (!$captcha->checkCaptcha()) {
$this->errors[] = FEEDBACK_CAPTCHA_WRONG;
} elseif (empty($_POST['user_name'])) {
$this->errors[] = FEEDBACK_USERNAME_FIELD_EMPTY;
} elseif (empty($_POST['user_password_new']) || empty($_POST['user_password_repeat'])) {
$this->errors[] = FEEDBACK_PASSWORD_FIELD_EMPTY;
} elseif ($_POST['user_password_new'] !== $_POST['user_password_repeat']) {
$this->errors[] = FEEDBACK_PASSWORD_REPEAT_WRONG;
} elseif (strlen($_POST['user_password_new']) < 6) {
$this->errors[] = FEEDBACK_PASSWORD_TOO_SHORT;
} elseif (strlen($_POST['user_name']) > 64 || strlen($_POST['user_name']) < 2) {
$this->errors[] = FEEDBACK_USERNAME_TOO_SHORT_OR_TOO_LONG;
} elseif (!preg_match('/^[a-z\\d]{2,64}$/i', $_POST['user_name'])) {
$this->errors[] = FEEDBACK_USERNAME_DOES_NOT_FIT_PATTERN;
} elseif (empty($_POST['user_email'])) {
$this->errors[] = FEEDBACK_EMAIL_FIELD_EMPTY;
} elseif (strlen($_POST['user_email']) > 64) {
$this->errors[] = FEEDBACK_EMAIL_TOO_LONG;
} elseif (!filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)) {
$this->errors[] = FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN;
} elseif (!empty($_POST['user_name']) && strlen($_POST['user_name']) <= 64 && strlen($_POST['user_name']) >= 2 && preg_match('/^[a-z\\d]{2,64}$/i', $_POST['user_name']) && !empty($_POST['user_email']) && strlen($_POST['user_email']) <= 64 && filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL) && !empty($_POST['user_password_new']) && !empty($_POST['user_password_repeat']) && $_POST['user_password_new'] === $_POST['user_password_repeat']) {
// escapin' this, additionally removing everything that could be (html/javascript-) code
$this->user_name = htmlentities($_POST['user_name'], ENT_QUOTES);
$this->user_email = htmlentities($_POST['user_email'], ENT_QUOTES);
// no need to escape as this is only used in the hash function
$this->user_password = $_POST['user_password_new'];
// now it gets a little bit crazy: check if we have a constant HASH_COST_FACTOR defined (in config/hashing.php),
// if so: put the value into $this->hash_cost_factor, if not, make $this->hash_cost_factor = null
$this->hash_cost_factor = defined('HASH_COST_FACTOR') ? HASH_COST_FACTOR : null;
// crypt the user's password with the PHP 5.5's password_hash() function, results in a 60 character hash string
// the PASSWORD_DEFAULT constant is defined by the PHP 5.5, or if you are using PHP 5.3/5.4, by the password hashing
// compatibility library. the third parameter looks a little bit shitty, but that's how those PHP 5.5 functions
// want the parameter: as an array with, currently only used with 'cost' => XX.
$this->user_password_hash = password_hash($this->user_password, PASSWORD_DEFAULT, array('cost' => $this->hash_cost_factor));
// check if user already exists
$sth = $this->db->prepare("SELECT * FROM users WHERE user_name = :user_name ;");
$sth->execute(array(':user_name' => $this->user_name));
$count = $sth->rowCount();
if ($count == 1) {
$this->errors[] = FEEDBACK_USERNAME_ALREADY_TAKEN;
} else {
// generate random hash for email verification (40 char string)
$this->user_activation_hash = sha1(uniqid(mt_rand(), true));
// write new users data into database
//$query_new_user_insert = $this->db_connection->query("INSERT INTO users (user_name, user_password_hash, user_email, user_activation_hash) VALUES('".$this->user_name."', '".$this->user_password_hash."', '".$this->user_email."', '".$this->user_activation_hash."');");
$sth = $this->db->prepare("INSERT INTO users (user_name, user_password_hash, user_email, user_activation_hash) VALUES(:user_name, :user_password_hash, :user_email, :user_activation_hash) ;");
$sth->execute(array(':user_name' => $this->user_name, ':user_password_hash' => $this->user_password_hash, ':user_email' => $this->user_email, ':user_activation_hash' => $this->user_activation_hash));
$count = $sth->rowCount();
if ($count == 1) {
$this->user_id = $this->db->lastInsertId();
// send a verification email
if ($this->sendVerificationEmail()) {
// when mail has been send successfully
$this->messages[] = FEEDBACK_ACCOUNT_SUCCESSFULLY_CREATED;
$this->registration_successful = true;
return true;
} else {
// delete this users account immediately, as we could not send a verification email
// the row (which will be deleted) is identified by PDO's lastinserid method (= the last inserted row)
// @see http://www.php.net/manual/en/pdo.lastinsertid.php
$sth = $this->db->prepare("DELETE FROM users WHERE user_id = :last_inserted_id ;");
$sth->execute(array(':last_inserted_id' => $this->db->lastInsertId()));
$this->errors[] = FEEDBACK_VERIFICATION_MAIL_SENDING_FAILED;
}
} else {
$this->errors[] = FEEDBACK_ACCOUNT_CREATION_FAILED;
}
}
} else {
$this->errors[] = FEEDBACK_UNKNOWN_ERROR;
}
// standard return. returns only true of really successful (see above)
return false;
}
