public function updateProfile() { $user = User::get(); $user->displayName = Input::get('displayName', $user->displayName); $user->email = Input::get('email', $user->email); $user->save(); $token = create_token($user); return Response::json(array('token' => $token)); }
public function test_red() { // $ret=M('Test')->order('id desc')->find(); $ret = create_token(); $save['token'] = $ret; $save['create_time'] = time(); $save = M('Save_token')->add($save); dump(strlen($ret)); dump($ret); die; }
/** * 名称 * @return void * @param args array 请求参数 * @param act string 请求方法 */ protected function soap($args, $act = '') { $soap_uri = 'http://' . $_SERVER["HTTP_HOST"] . '/web/index.php'; $soap_host = PASSPORT_URL; $token = create_token($args); $client = new SoapClient(null, array('location' => $soap_host . 'soap.php', 'uri' => $soap_uri)); // if (empty($act)) { return array(0, '缺少方法'); } try { if ($rs = $client->get($act, $args, $token)) { return $rs; } } catch (SoapFault $e) { die('SOAP Error: ' . $e->getMessage()); } exit; }
/** * 自动登录 */ public function checkToken($admin_id, $token) { $data = array('admin_id' => $admin_id, 'token' => $token); if ($this->where($data)->find()) { //如果token验证通过,就返回用户信息 //如果token验证通过,我们还是要存用户信息到session中,所以我们在这个方法中一步完成 $userinfo = D('Admin')->find($admin_id); session('USERINFO', $userinfo); //保存token到数据库和cookie cookie('admin_id', $admin_id, 604800); //保存一周 $token = create_token(); cookie('token', $token, 604800); //保存一周 D('AdminToken')->addToken($admin_id, $token); } else { return false; } }
function start_session($conn) { //DEBUG //END DEBUG $userAgent = $_SERVER['HTTP_USER_AGENT']; $time = time(); if (!isset($_COOKIE['token'])) { $workerId = $_GET['workerId']; $assignmentId = $_GET['assignmentId']; $timeExpire = $time + 3600; $turkSubmitTo = $_GET['turkSubmitTo']; $token = create_token($workerId, $userAgent, $time); set_app_cookies($token, $workerId, $turkSubmitTo, $timeExpire); store_session($conn, $assignmentId, $workerId, $timeExpire, $time, $userAgent, $token); } else { $truth = validate_session($conn, $_COOKIE['token'], $_COOKIE['workerId'], $userAgent); if (!$truth) { //GOTO FAIL echo 'failed'; header('Location: /gotofail.html'); } } }
public function checkLogin() { if ($_SESSION['verify'] != md5($_POST['verify'])) { //$this->error('验证码错误!'); } $model = M('Member'); $data['mobile'] = $_POST['mobile']; $vo = $model->field('id,mobile,salt,password')->where($data)->find(); if (!$_POST['baiduUserId'] || $_POST['baiduUserId'] == '(null)') { $msg['error_code'] = 1001; $msg['notice'] = '百度ID不存在'; echo json_encode($msg); exit; } if (!$vo) { $msg['error_code'] = 1001; $msg['notice'] = '用户不存在'; echo json_encode($msg); exit; } if ($vo['password'] != md5($_POST['password'] . $vo['salt'] . $vo['salt'][1])) { $msg['notice'] = '密码错误'; $msg['error_code'] = 8002; echo json_encode($msg); exit; } //清除其他百度id if ($vo['baiduUserId'] != $_POST['baiduUserId'] && $vo['baiduUserId']) { //file_put_contents('./1.txt',$vo['baiduUserId'].'/'.$_POST['baiduUserId']); //踢出 $sent_array['module'] = 'Public'; $sent_array['action'] = 'logout'; $sent_array['id'] = 0; $custom_content = json_encode($sent_array); $MsgContent = '在其他地方登陆'; push_msg($vo['baiduUserId'], $vo['mb_system'], $MsgContent, $custom_content); } $_data['id'] = $vo['id']; $_sdata['last_login_ip'] = _get_ip(); $_sdata['login_count'] = $vo['login_count'] + 1; $_sdata['last_login_time'] = time(); $_sdata['baiduUserId'] = $_POST['baiduUserId']; $_sdata['mb_system'] = $_POST['mb_system'] ? $_POST['mb_system'] : 2; $model->where($_data)->save($_sdata); //list($usec, $sec) = explode(' ', microtime()); //echo ceil($usec*1000000);exit; //重新生成token $token = create_token($vo['id'], $vo['salt']); //存储token set_token($vo, $token); $vo['error_code'] = 0; $vo['token'] = $token; $vo['baiduUserId'] = $_POST['baiduUserId']; unset($vo['password']); echo json_encode($vo); exit; }
$errors['email'] = "L'adresse email n'est pas valide"; } else { $req = $pdo->prepare('SELECT id FROM Users WHERE email = ? '); $req->execute([$_POST['email']]); $user = $req->fetch(); if ($user) { $errors['email'] = "Cette adresse email existe déjà."; } } if (empty($_POST['password']) || $_POST['password'] != $_POST['password-confirm']) { $errors['password'] = "******"; } if (empty($errors)) { $req = $pdo->prepare('INSERT INTO Users SET username = ? , password = ? , email = ? , confirmation_token = ? '); $password = password_hash($_POST['username'], PASSWORD_BCRYPT); $token = create_token(60); $req->execute([$_POST['username'], $password, $_POST['email'], $token]); $user_id = $pdo->lastInsertId(); mail($_POST['email'], 'Confirmation de la création de votre compte', "Afin de valider votre compte, merci de cliquer sur ce lien\n\nhttp://localhost:8888/tuto_espace_membre/confirm.php?id={$user_id}&token={$token}"); header('Location: login.php'); exit; } } ?> <?php require 'inc/header.php'; ?> <h1>S'inscrire</h1> <?php if (!empty($errors)) {
<?php header("Access-Control-Allow-Origin: *"); if (!empty($_SERVER['HTTP_X_REQUESTED_WITH'])) { if (strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') { if (!empty($_GET['t']) && $_GET['t'] == 'get') { $t = create_token(); $html = '<table id="butttton-' . $t . '"><tr> <td align="center" valign="middle"><button id="butttton"></button></td></tr> </table>'; echo json_encode(array('html' => $html, 't' => $t)); } else { if (!empty($_POST['t'])) { $t = $_POST['t']; if (use_token($t)) { add_click(); } } } exit; } } function use_token($token) { $found = false; $filename = 'tokens.php'; if (!@file_exists($filename)) { $handle = @fopen($filename, 'wb'); if (!$handle) { exit('Uh. Error creating file: ' . $filename); }
$response->setBody('{ "message": "There is already a Twitter account that belongs to you" }'); $response->setStatus(409); $app->stop(); } $token = explode(' ', $request->headers->get($config->getAuthHeader()))[1]; $payloadObject = JWT::decode($token, 'secret'); $payload = json_decode(json_encode($payloadObject), true); $user_model->linkTwitter($payload['sub'], $profile['user_id'], $profile['screen_name']); $response->setBody('{ "token": "' . create_token($payload['sub'], $app->request->getUrl(), $config->getSecret('TOKEN_SECRET')) . '"}'); } else { if ($user_model->hasTwitter($profile['user_id'])) { $user_id = $user_model->getUserTwitter($profile['user_id'])['id']; $response->setBody('{ "token": "' . create_token($user_id, $app->request->getUrl(), $config->getSecret('TOKEN_SECRET')) . '"}'); } else { $user_id = $user_model->createUserTwitter($profile['user_id'], $profile['screen_name']); $response->setBody('{ "token": "' . create_token($user_id, $app->request->getUrl(), $config->getSecret('TOKEN_SECRET')) . '"}'); } } } }); }); $app->get('/me', function () use($app, $config, $user_model) { $response = $app->response(); $response->headers->set('Content-Type', 'application/json'); $user_id = findUserId($app->request->headers->get($config->getAuthHeader()), $config->getSecret('TOKEN_SECRET')); $response->setBody(json_encode($user_model->getUserWithId($user_id))); }); $app->put('/me', function () use($app, $config, $user_model) { $response = $app->response(); $response->headers->set('Content-Type', 'application/json'); $data = json_decode($app->request()->getBody(), true);
$empty = true; } if (!isset($data['password']) || $data['password'] == "") { $messages['error_password'] = '******'; $empty = true; } if (!$empty) { $login = mysqli_real_escape_string($MV, htmlspecialchars(trim($data['login']))); $pass = mysqli_real_escape_string($MV, htmlspecialchars(trim($data['password']))); $query = "SELECT u.user_id\n FROM nf_users u\n WHERE (u.email = '" . $login . "' OR u.username = '******' OR u.phone = '" . $login . "')\n AND u.password = '******'\n "; if ($res = @mysqli_query($MV, $query)) { if ($_res = @mysqli_fetch_assoc($res)) { //user id $userid = $_res['user_id']; //generate token $users_token = create_token(); $ua = getBrowser(); $browser = $ua['name'] . "," . $ua['version'] . "," . $ua['platform']; $ip_address = get_ip(); $query = "INSERT INTO nf_users_tokens(\n users_token\n , user_id\n , start_time\n , end_time\n , last_activity\n , ip_address\n , browser\n ) VALUES (\n '" . $users_token . "'\n , '" . $userid . "'\n , NOW()\n , '" . date('Y-m-d H:i:s', $cookie_exp) . "'\n , NOW()\n , '" . $ip_address . "'\n , '" . $browser . "'\n \n )\n "; if (@mysqli_query($MV, $query)) { setcookie("tkn", $users_token, $cookie_exp, '/', '.' . DOMAIN); //set cookie until cookie_expire } else { $messages['error'] = '!!!_BD Error_!!!'; } } else { $messages['error'] = '!!!_Invalid login or password._!!!'; } } else { $messages['error'] = '!!!_BD Error_!!!';
function check_soapclient($client_data = array(), $client_token) { $client_legitimate = false; $get_token = array(); if (empty($client_data) || !is_array($client_data) || count($client_data) < 1) { $client_legitimate = false; } else { if (!defined('PASSPORT_KEY')) { $client_legitimate = false; } else { $get_token = create_token($client_data); if ($get_token === $client_token) { $client_legitimate = true; } else { $client_legitimate = false; } } } return $client_legitimate; }
/** * 用户登录。 * 验证验证码 * 验证用户名 * 验证密码 * @param string $username 用户名 * @param string $password 密码 * @return boolean true成功 false失败 */ public function login($username, $password) { //判断验证码是否匹配 $code = I('post.captcha'); $captcha = new \Think\Verify(); if ($captcha->check($code) === false) { $this->error = '验证码不正确'; return false; } //1.根据用户名获取对应的记录,得到盐和密码 $row = $this->getByUsername($username); if ($row) { //2.有记录,说明用户名是存在的,进行密码验证 $salt = $row['salt']; $db_password = $row['password']; //3.使用加盐加密进行验证 if (my_mcrypt($password, $salt) == $db_password) { // session('USERINFO',$row); login($row); //是否需要保存登录信息 if (I('post.remember')) { //保存token到数据库和cookie cookie('admin_id', $row['id'], 604800); //保存一周 $token = create_token(); cookie('token', $token, 604800); //保存一周 D('AdminToken')->addToken($row['id'], $token); } $this->savePermission(); return true; //验证通过,用户名和密码匹配 } else { $this->error = '密码不正确'; return false; } } else { $this->error = '用户名不存在'; return false; } }
<?php include "connect.php"; include "token.php"; $name = addslashes($_POST['name']); $password = addslashes($_POST['password']); $query = "SELECT * FROM person WHERE name = '" . $name . "' AND password = '******'"; $result = mysql_query($query); if ($row = mysql_fetch_assoc($result)) { $row["token"] = create_token($row["id"]); } else { header("http/1.1 400 Bad Request"); $row = array("error" => "account or password error"); } echo json_encode($row);