private function _doLogin()
{
$enabled_captcha = false;
$captcha = intval($this->_CFG['captcha']);
if ($captcha & CAPTCHA_ADMIN && (!($captcha & CAPTCHA_LOGIN_FAIL) || $captcha & CAPTCHA_LOGIN_FAIL && $_SESSION['login_fail'] > 2) > 0) {
$enabled_captcha = true;
}
if ($enabled_captcha && isset($_SESSION[CAPTCHA_CODE]) && !empty($_SESSION[CAPTCHA_CODE])) {
/* 检查验证码是否正确 */
if (empty($_REQUEST['verify']) || !SeccodeUtil::check_word(CAPTCHA_CODE, $_REQUEST['verify'])) {
$this->ajaxReturn('', '验证码输入错误', 0);
}
}
$userObj = D('AdminUsers');
$user_name = $_REQUEST['admin_name'];
$password = $_REQUEST['admin_pwd'];
$password = md5(md5($password));
$userInfo = $userObj->infoByUserName($user_name);
if (!isset($_SESSION['login_fail'])) {
$_SESSION['login_fail'] = 0;
}
//用户名不存在
if (!$userInfo || !$userInfo['user_id']) {
$_SESSION['login_fail'] += 1;
$this->ajaxReturn('', '用户名不存在', 0);
}
//密码不正确
if ($userInfo['password'] != $password) {
$_SESSION['login_fail'] += 1;
$this->ajaxReturn('', '密码不正确', 0);
}
//已被锁定
if ($userInfo['is_locked']) {
$this->ajaxReturn('', '帐号已被锁定', 0);
}
$lastLogin = LocalTime::getInstance()->gmtime();
$userObj->edit_user($userInfo['user_id'], array('last_login' => $lastLogin, 'last_ip' => get_client_ip()));
$_SESSION[C('SESSION_PREFIX') . 'user_id'] = $userInfo['user_id'];
$_SESSION[C('SESSION_PREFIX') . 'user_name'] = $userInfo['user_name'];
//是否超级管理员
$_SESSION[C('SESSION_PREFIX') . 'is_super'] = $userInfo['is_super'];
$_SESSION[C('SESSION_PREFIX') . 'name'] = $userInfo['name'];
//用户的角色
$aurModel = D('AdminUserRole');
$_SESSION[C('SESSION_PREFIX') . 'user_roles'] = $aurModel->getUserRole($userInfo['user_id']);
unset($_SESSION['login_fail']);
$this->ajaxReturn('', '', 1);
}
/**
* 验证码
*
*/
public function verifycode()
{
import('@.ORG.Seccode');
import('@.ORG.SeccodeUtil');
@ob_end_clean();
//清除之前出现的多余输入
$seccode = SeccodeUtil::make_seccode(CAPTCHA_CODE);
//随机生成验证码内容并保存到session中
$code = new Seccode();
$code->root_path = APP_PATH;
$code->code = $seccode;
//验证码内容
$code->type = 0;
//验证码类型,0:英文图片、1:中文图片、2:Flash 验证码、3:语音验证码、4:位图验证码
$code->width = $this->_CFG['captcha_width'];
//验证码宽度
$code->height = $this->_CFG['captcha_height'];
//验证码高度
$code->background = 0;
//随机图片背景
$code->adulterate = 1;
//随机背景图形
$code->ttf = 1;
//验证码
$code->angle = 0;
//随机倾斜度
$code->color = 1;
//随机颜色
$code->size = 0;
//随机大小
$code->shadow = 1;
//文字阴影
$code->animator = 1;
//GIF 动画
$code->warping = 0;
//随机扭曲
$code->fontpath = LIB_PATH . '/ORG/seccode/font/';
//字体包路径
$code->datapath = LIB_PATH . '/ORG/seccode/';
//背景图片、字体、声音等文件路径
$code->includepath = LIB_PATH . '/ORG/';
$code->display();
}
public function login()
{
//验证码
$enabled_captcha = false;
$captcha = intval($this->_CFG['captcha']);
if ($captcha & CAPTCHA_LOGIN && !isset($_REQUEST['ac'])) {
$enabled_captcha = true;
}
if ($this->isPost()) {
if (C('TOKEN_ON') && !checkFormToken($_REQUEST)) {
die('hack attemp.');
}
if ($enabled_captcha && isset($_SESSION[CAPTCHA_CODE]) && !empty($_SESSION[CAPTCHA_CODE])) {
/* 检查验证码是否正确 */
if (empty($_REQUEST['verify']) || !SeccodeUtil::check_word(CAPTCHA_CODE, $_REQUEST['verify'])) {
$this->assign('jumpUrl', reUrl('User/login'));
$this->error('验证码输入错误');
}
}
if (!$_REQUEST['nick'] || !$_REQUEST['pw']) {
exit('data invalid.');
}
$nick = $_REQUEST['nick'];
$save = isset($_REQUEST['save']) && $_REQUEST['save'] ? true : false;
$pw = $_REQUEST['pw'];
$ucService = service('Uc');
$user = $ucService->login($nick, $pw);
//成功登录到UC
if (is_array($user)) {
//获取本地信息
$uModel = D('User');
$_user = $uModel->info($user['uid'], array('user_id', 'nick', 'email', 'password', 'is_locked'));
//在本地注册
if (!$_user) {
$uModel->_add(array('user_id' => $user['uid'], 'nick' => $user['username'], 'email' => $user['email'], 'password' => md5($user['password'])));
} else {
//是否被锁定
if ($_user['is_locked']) {
if ($this->isAjax()) {
$this->ajaxReturn('', '该账号已被锁定', 0);
} else {
$this->error('该账号已被锁定');
}
}
$uModel->update($user['uid'], array('password' => md5($user['password'])));
}
//绑定
if (isset($_REQUEST['ac']) && $_REQUEST['ac'] == 'dobind') {
if ($_REQUEST['type'] == 'sina') {
include_once DOC_ROOT_PATH . 'Addons/plugins/login/sina.class.php';
$sina = new sina();
$openid = $sina->get_openid();
} elseif ($_REQUEST['type'] == 'qq') {
include_once DOC_ROOT_PATH . 'Addons/plugins/login/qq.class.php';
$qq = new qq();
$openid = $qq->get_openid();
} elseif ($_REQUEST['type'] == 'taobao') {
include_once DOC_ROOT_PATH . 'Addons/plugins/login/tb.class.php';
$tb = new tb();
$openid = $tb->get_openid();
}
if (!$openid) {
$this->ajaxReturn('', '', 0);
}
$platform = M('user_platform');
if ($platform->where("user_id='{$user['uid']}' AND `type`='{$_REQUEST['type']}' AND openid='{$openid}'")->find()) {
$platform->where("user_id='{$user['uid']}' AND `type`='{$_REQUEST['type']}' AND openid='{$openid}'")->delete();
}
$data = array('user_id' => $user['uid'], 'type' => $_REQUEST['type'], 'openid' => $openid);
$platform->data($data)->add();
$this->ajaxReturn('', '', 1);
}
$userService = service('User');
$avatar = $ucService->get_avatar($user['uid']);
$userService->after_logined(array('user_id' => $user['uid'], 'nick' => $user['username'], 'avatar' => $avatar), $save);
$_SESSION['login_type'] = '200';
$syncHtml = $ucService->build_synlogin($user['uid']);
if (cookie('r_url')) {
$this->assign('jumpUrl', cookie('r_url'));
cookie('r_url', null);
} else {
$this->assign('jumpUrl', reUrl('User/index'));
}
$this->success('登陆成功' . $syncHtml);
} else {
if ($this->isAjax()) {
$this->ajaxReturn('', $user, 0);
} else {
$this->error($user);
}
}
}
$r_url = isset($_GET['r_url']) && $_GET['r_url'] ? $_GET['r_url'] : $this->_refererUrl;
if ($r_url == 'http://' . $_SERVER['HTTP_HOST'] . reUrl('User/login') || $r_url == 'http://' . $_SERVER['HTTP_HOST'] . reUrl('User/reg')) {
$r_url = '';
}
cookie('r_url', $r_url);
$this->assign('_hash_', buildFormToken());
$this->assign('captcha', $enabled_captcha);
$this->assign('mt', mt_rand());
$this->assign('page_title', '用户登陆 - ');
$this->assign('page_keywords', $this->_CFG['site_keywords']);
$this->assign('page_description', $this->_CFG['site_description']);
$this->display();
}