public function login($uname, $pwd)
{
$tablename = $this->tablename;
if ($this->Isnotempty($uname) && $this->Isnotempty($pwd)) {
$uname = \Sham::saddslashes($uname);
$row = $this->S->table->{$tablename}->where($this->fileduname . " = '{$uname}'")->getrow();
if (empty($row)) {
$this->S->json = true;
$this->S->jsonarr = array('code' => -200, 'msg' => '户名不存在');
return false;
} else {
if ($row[$this->filedpwd] == $this->S->pwdhash($pwd)) {
//禁用的用户
if ($row[$this->filedenable] != 1) {
$this->S->json = true;
$this->S->jsonarr = array('code' => -200, 'msg' => '无效用户');
return false;
}
//更改登陆信息
$ar = array($this->fileloginip => \Sham::GetIP(), $this->filelogintm => \Sham::T());
//更改数据库激励
$this->S->table->{$tablename}->where($this->fileduname . " = '{$uname}'")->update($ar);
//日志记录
//dolog
//算法验证保证COOKIE安全
//$filedauthkey $filedgroupid
// 604800 = 7*24*60*60
//路径 //可以通用
$tm = time();
$signature = \Sham::signnature($row[$this->fileduname] . $row[$this->filedtname] . $row[$this->filedauthkey] . $row[$this->filedgroupid] . $tm);
setCookie('vuser_uname', $row[$this->fileduname], $tm + 604800, '/');
setCookie('vuser_tname', $row[$this->filedtname], $tm + 604800, '/');
setCookie('vuser_authkey', $row[$this->filedauthkey], $tm + 604800, '/');
setCookie('vuser_groupid', $row[$this->filedgroupid], $tm + 604800, '/');
setCookie('vuser_tm', $tm, $tm + 604800, '/');
//记录时间
setCookie('vuser_signature', $signature, $tm + 604800, '/');
//签名算法
return true;
} else {
$this->S->json = true;
$this->S->jsonarr = array('code' => -200, 'msg' => '密码错');
return false;
}
}
} else {
$this->S->json = true;
$this->S->jsonarr = array('code' => -200, 'msg' => '用户名密码不能为空');
return false;
}
}
public function update($res)
{
if (!empty($this->where)) {
$wheres = \Sham::getstr($this->where, 0, ' and ');
} else {
die('where missing');
}
$res = \Sham::saddslashes($res);
$this->db->autoExecute($this->tablename, $res, 'UPDATE', $wheres);
return true;
}
/**
+----------------------------------------------------------
* // 魔术转义
+----------------------------------------------------------
* 参数:string 需要转义的内容 反函数 stripslashes
+----------------------------------------------------------
*/
public static function saddslashes($string)
{
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = \Sham::saddslashes($val);
}
} else {
$string = addslashes($string);
}
return $string;
}
public function Umarch_do_user()
{
if ($this->res) {
//用户匹配
$ck = $this->res['roles'];
//用户验证仓库
//所有用户
if (in_array('*', $ck)) {
$this->p = ['deny' => $this->res['deny'], 'allow' => $this->res['allow']];
return true;
}
//登陆用户
if (\Seter\Seter::getInstance()->user->islogin()) {
if (in_array('@', $ck)) {
$this->p = ['deny' => $this->res['deny'], 'allow' => $this->res['allow']];
return true;
}
//管理员
if (in_array('?', $ck)) {
//查询数据库解决
// $tablename = "g_accessrules";
// $tablename_rulelib = "g_rulelib";
//获取表名
$tablename = C('Rbacdb')['accessrules'];
$tablename_rulelib = C('Rbacdb')['accessrules_lib'];
$uname = \Sham::saddslashes(\Seter\Seter::getInstance()->request->cookie['vuser_uname']);
$where_ = $this->Module ? "rule_module = '{$this->Module}'" : '1';
$where_ .= "and rule_action = '{$this->Action}'\n and rule_controller = '{$this->Controller}'\n and enable = 1";
$where = "uname = '{$uname}' and rid in(\n select rule_id from {$tablename_rulelib} where {$where_}\n )";
$sql = "select * from {$tablename} where {$where}";
$row = \Seter\Seter::getInstance()->db->getrow($sql);
if ($row) {
$this->p = ['deny' => $row['deny'], 'allow' => $row['allow']];
return true;
}
}
} else {
//游客
if (in_array('G', $ck)) {
$this->p = ['deny' => $this->res['deny'], 'allow' => $this->res['allow']];
return true;
}
}
//管理员
if (\Seter\Seter::getInstance()->user->isadmin()) {
if (in_array('A', $ck)) {
$this->p = ['deny' => $this->res['deny'], 'allow' => $this->res['allow']];
return true;
}
}
//+--------------------------------------------
}
return false;
}
/**
* @return mixed
* 获取我的用户信息
*/
public function getuserinfo($uname = '')
{
$tablename = $this->tablename;
$uname = $uname ?: $this->S->request->cookie['vuser_uname'] ?: '';
if ($this->checkname($uname)) {
//用户名监测通过
$uname = \Sham::saddslashes($uname);
$row = $this->S->table->{$tablename}->where("{$this->fileduname} = '{$uname}'")->getrow();
//unset($row[$this->filedpwd]);
} else {
//没通过
$row = [];
}
return $row;
}
