Esempio n. 1
0
 public function actionLogin()
 {
     $access = $this->getAccess();
     $defaultUrl = $this->createUrl("default/index");
     if (0 < $access) {
         $this->success(Ibos::lang("Login succeed"), $defaultUrl);
     }
     if (!EnvUtil::submitCheck("formhash")) {
         $data = array("userName" => !empty($this->user) ? $this->user["username"] : "");
         $this->render("login", $data);
     } else {
         $userName = EnvUtil::getRequest("username");
         $passWord = EnvUtil::getRequest("password");
         if (!$passWord || $passWord != addslashes($passWord)) {
             $this->error(Ibos::lang("Passwd illegal"));
         }
         $identity = new ICUserIdentity($userName, $passWord);
         $result = $identity->authenticate(true);
         if (0 < $result) {
             Ibos::app()->user->login($identity);
             if (Ibos::app()->user->uid != 1) {
                 MainUtil::checkLicenseLimit(true);
             }
             $this->success(Ibos::lang("Login succeed"), $defaultUrl);
         } else {
             $passWord = preg_replace("/^(.{" . round(strlen($passWord) / 4) . "})(.+?)(.{" . round(strlen($passWord) / 6) . "})\$/s", "***", $passWord);
             $log = array("user" => $userName, "password" => $passWord, "ip" => Ibos::app()->setting->get("clientip"));
             Log::write($log, "illegal", "module.dashboard.login");
             $this->error(Ibos::lang("Login failed"));
         }
     }
 }
Esempio n. 2
0
 protected function doLogin($userName, $passWord, $loginType, $account, $autoLogin = 1, $cookieTime = 0, $inajax = 0)
 {
     if (!$passWord || $passWord != addslashes($passWord)) {
         $this->error(Ibos::lang("Passwd illegal"));
     }
     $errornum = $this->loginCheck($account);
     $ip = Ibos::app()->setting->get("clientip");
     $identity = new ICUserIdentity($userName, $passWord, $loginType);
     $result = $identity->authenticate();
     if (0 < $result) {
         $user = Ibos::app()->user;
         if (empty($autoLogin)) {
             $user->setState($user::AUTH_TIMEOUT_VAR, TIMESTAMP + $account["timeout"]);
         } else {
             MainUtil::setCookie("autologin", 1, $cookieTime);
         }
         $user->login($identity, $cookieTime);
         if ($user->uid != 1) {
             MainUtil::checkLicenseLimit(true);
         }
         if (!$inajax) {
             $urlForward = EnvUtil::referer();
             $log = array("terminal" => "web", "password" => StringUtil::passwordMask($passWord), "ip" => $ip, "user" => $userName, "loginType" => $loginType, "address" => "", "gps" => "");
             Log::write($log, "login", sprintf("module.user.%d", $user->uid));
             $rule = UserUtil::updateCreditByAction("daylogin", $user->uid);
             if (!$rule["updateCredit"]) {
                 UserUtil::checkUserGroup($user->uid);
             }
             $this->success(Ibos::lang("Login succeed", "", array("{username}" => $user->realname)), $urlForward);
         } else {
             $this->ajaxReturn(array("isSuccess" => true));
         }
     } elseif ($result === 0) {
         $this->error(Ibos::lang("User not fount", "", array("{username}" => $userName)), "", array(), array("error" => $result));
     } elseif ($result === -1) {
         $this->error(Ibos::lang("User lock", "", array("{username}" => $userName)), "", array(), array("error" => $result));
     } elseif ($result === -2) {
         $this->error(Ibos::lang("User disabled", "", array("{username}" => $userName)), "", array(), array("error" => $result));
     } elseif ($result === -3) {
         FailedLogin::model()->updateFailed($ip);
         list($ip1, $ip2) = explode(".", $ip);
         $newIp = $ip1 . "." . $ip2;
         FailedIp::model()->insertIp($newIp);
         $log = array("user" => $userName, "password" => StringUtil::passwordMask($passWord), "ip" => $ip);
         Log::write($log, "illegal", "module.user.login");
         if ($errornum) {
             $this->error("登录失败,您还可以尝试" . ($errornum - 1) . "次");
         } else {
             $this->error(Ibos::lang("User name or password is not correct"), "", array(), array("error" => $result));
         }
     }
 }
Esempio n. 3
0
 public function actionEdit()
 {
     $op = EnvUtil::getRequest("op");
     if ($op && in_array($op, array("enabled", "disabled", "lock")) && Ibos::app()->request->getIsAjaxRequest()) {
         $ids = EnvUtil::getRequest("uid");
         if ($op !== "disabled") {
             MainUtil::checkLicenseLimit();
         }
         return $this->setStatus($op, $ids);
     } else {
         MainUtil::checkLicenseLimit();
     }
     $uid = EnvUtil::getRequest("uid");
     $user = User::model()->fetchByUid($uid);
     if (EnvUtil::submitCheck("userSubmit")) {
         $this->dealWithSpecialParams();
         if (empty($_POST["password"])) {
             unset($_POST["password"]);
         } else {
             $_POST["password"] = md5(md5($_POST["password"]) . $user["salt"]);
             $_POST["lastchangepass"] = TIMESTAMP;
         }
         if (isset($_POST["auxiliarydept"])) {
             $deptIds = StringUtil::getId($_POST["auxiliarydept"]);
             $this->handleAuxiliaryDept($uid, $deptIds, $_POST["deptid"]);
         }
         if (isset($_POST["auxiliarypos"])) {
             $posIds = StringUtil::getId($_POST["auxiliarypos"]);
             $this->handleAuxiliaryPosition($uid, $posIds, $_POST["positionid"]);
         }
         $data = User::model()->create();
         User::model()->updateByUid($uid, $data);
         OrgUtil::update();
         $this->success(Ibos::lang("Save succeed", "message"), $this->createUrl("user/index"));
     } else {
         if (empty($user)) {
             $this->error(Ibos::lang("Request param"), $this->createUrl("user/index"));
         }
         $user["auxiliarydept"] = DepartmentRelated::model()->fetchAllDeptIdByUid($user["uid"]);
         $user["auxiliarypos"] = PositionRelated::model()->fetchAllPositionIdByUid($user["uid"]);
         $account = Ibos::app()->setting->get("setting/account");
         if ($account["mixed"]) {
             $preg = "[0-9]+[A-Za-z]+|[A-Za-z]+[0-9]+";
         } else {
             $preg = "^[A-Za-z0-9\\!\\@\\#\$\\%\\^\\&\\*\\.\\~]{" . $account["minlength"] . ",32}\$";
         }
         $this->setPageTitle(Ibos::lang("Edit user"));
         $this->setPageState("breadCrumbs", array(array("name" => Ibos::lang("Organization"), "url" => $this->createUrl("department/index")), array("name" => Ibos::lang("User manager"), "url" => $this->createUrl("user/index")), array("name" => Ibos::lang("Edit user"))));
         $this->render("edit", array("user" => $user, "passwordLength" => $account["minlength"], "preg" => $preg));
     }
 }
Esempio n. 4
0
 public function actionLogin()
 {
     if (!Ibos::app()->user->isGuest) {
         $return = array("login" => true, "formhash" => FORMHASH, "uid" => Yii::app()->user->uid, "user" => user::model()->fetchByUid(Ibos::app()->user->uid), "APPID" => Ibos::app()->setting->get("setting/iboscloud/appid"));
         if (EnvUtil::getRequest("issetuser") != "true") {
             $userData = UserUtil::getUserByPy();
             $return["userData"] = $userData;
         }
         if (ModuleUtil::getIsEnabled("weibo")) {
             $udata = UserData::model()->getUserData();
         }
         $return["user"]["following_count"] = isset($udata["following_count"]) ? $udata["following_count"] : 0;
         $return["user"]["follower_count"] = isset($udata["follower_count"]) ? $udata["follower_count"] : 0;
         $return["user"]["weibo_count"] = isset($udata["weibo_count"]) ? $udata["weibo_count"] : 0;
         $this->ajaxReturn($return, "JSONP");
     }
     $account = Ibos::app()->setting->get("setting/account");
     $userName = EnvUtil::getRequest("username");
     $passWord = EnvUtil::getRequest("password");
     $gps = EnvUtil::getRequest("gps");
     $address = EnvUtil::getRequest("address");
     $ip = Ibos::app()->setting->get("clientip");
     $cookieTime = 0;
     if (!$passWord || $passWord != addslashes($passWord)) {
         $this->ajaxReturn(array("login" => false, "msg" => Ibos::lang("Passwd illegal", "user.default")), "JSONP");
     }
     $identity = new ICUserIdentity($userName, $passWord);
     $result = $identity->authenticate(false);
     if (0 < $result) {
         $user = Ibos::app()->user;
         if ($account["allowshare"] != 1) {
             $user->setStateKeyPrefix(Ibos::app()->setting->get("sid"));
         }
         MainUtil::setCookie("autologin", 1, $cookieTime);
         $user->login($identity, $cookieTime);
         if ($user->uid != 1) {
             MainUtil::checkLicenseLimit(true);
         }
         $urlForward = EnvUtil::referer();
         $log = array("terminal" => "app", "password" => StringUtil::passwordMask($passWord), "ip" => $ip, "user" => $userName, "loginType" => "username", "address" => $address, "gps" => $gps);
         Log::write($log, "login", sprintf("module.user.%d", Ibos::app()->user->uid));
         $return = array("login" => true, "formhash" => EnvUtil::formHash(), "uid" => Ibos::app()->user->uid, "user" => user::model()->fetchByUid(Ibos::app()->user->uid), "APPID" => Ibos::app()->setting->get("setting/iboscloud/appid"));
         if (ModuleUtil::getIsEnabled("weibo")) {
             $udata = UserData::model()->getUserData();
         }
         $return["user"]["following_count"] = isset($udata["following_count"]) ? $udata["following_count"] : 0;
         $return["user"]["follower_count"] = isset($udata["follower_count"]) ? $udata["follower_count"] : 0;
         $return["user"]["weibo_count"] = isset($udata["weibo_count"]) ? $udata["weibo_count"] : 0;
         if (EnvUtil::getRequest("issetuser") != "true") {
             $userData = UserUtil::getUserByPy();
             $return["userData"] = $userData;
         }
         $this->ajaxReturn($return, "JSONP");
     } elseif ($result === 0) {
         $this->ajaxReturn(array("login" => false, "msg" => Ibos::lang("User not fount", "user.default", array("{username}" => $userName))), "JSONP");
     } elseif ($result === -1) {
         $this->ajaxReturn(array("login" => false, "msg" => Ibos::lang("User lock", "user.default", array("{username}" => $userName))), "JSONP");
     } elseif ($result === -2) {
         $this->ajaxReturn(array("login" => false, "msg" => Ibos::lang("User disabled", "", array("{username}" => $userName))), "JSONP");
     } elseif ($result === -3) {
         $log = array("user" => $userName, "password" => StringUtil::passwordMask($passWord), "ip" => $ip);
         Log::write($log, "illegal", "module.user.login");
         $this->ajaxReturn(array("login" => false, "msg" => Ibos::lang("User name or password is not correct", "user.default")), "JSONP");
     }
 }