public function admin($ca = '', $k1 = '', $k2 = '', $k3 = '')
{
// 验证用户的登陆状态
$userip = ip2long($_SERVER['REMOTE_ADDR']);
$username = $this->session->userdata('username');
$sip = ming_md5($userip);
$sname = $this->session->userdata($sip);
if (empty($username) or $this->session->userdata($sip) != $sname) {
redirect(base_url() . 'login');
}
/*对后台所有操作进行划分*/
// 1、包含 '-' 表示是一个model层的操作,返回成功或失败页面,动作本身不包含视图
if (strpos($ca, '-')) {
$c = substr($ca, 0, strpos($ca, '-'));
$a = substr($ca, strpos($ca, '-') + 1);
$this->{$a}($c, $k1, $k2, $k3);
// 2、其他的所有类型执行相同操作
} else {
// 获取数据
$tmp = $this->get($ca, $k1, $k2, $k3);
$data['data'] = $tmp ? $tmp : '';
// 加载公共视图 top
$data['del_confirm'] = $this->del_confirm;
// 确认是否删除提示语
if ($ca == 'news_edit') {
$data['width'] = $this->news_edit_pic_width;
}
// news_edit页面图片显示的宽度
$this->load->view('back/top', $data);
$this->load->view('back/' . $ca);
$this->load->view('back/foot');
}
}
/**
* @ 登陆验证
*/
public function verify($access = '')
{
// 1、若IP被封锁弹出错误提示 并对ip是否记录在表中进行标识($ip_filter)方便后面直接使用
$userip = ip2long($_SERVER['REMOTE_ADDR']);
$tmp = $this->db->select('expires, input_failure_count, login_date')->where('lock_ip', $userip)->get('ip_filter');
$affected_rows = $this->db->affected_rows();
if ($affected_rows === 0) {
$ip_filter = FALSE;
} else {
$ip_filter = TRUE;
$tmp = $tmp->row();
$input_failure_count = $tmp->input_failure_count;
$expires = $tmp->expires;
$login_date = $tmp->login_date;
if (time() < $expires) {
jump($this->lock_error, 'http');
exit;
}
}
$affected_rows = '';
// 2、若用户输入为空弹出错误提示
$this->load->library('form_validation');
$this->form_validation->set_error_delimiters('', '');
$flag = $this->_verify('login');
if ($flag === FALSE) {
$tips = validation_errors();
jump($tips, 'http');
exit;
}
// 3、若验证码输入不正确弹出错误提示
$post_code = $this->input->post('code', TRUE);
// 用户输入
$session_code = $this->session->flashdata('code');
// 系统生成
if ($post_code != $session_code) {
jump($this->code_error, 'http');
exit;
}
// 4、判断登入动作来自前台还是后台并对$db进行赋值
$db = $access == 'back' ? 'admin' : 'member';
// 5、账号不存在调用$this->_filter方法 并弹出错误提示
$username = $this->input->post('username', TRUE);
$tmp = $this->db->select('username, password')->where('username', $username)->get($db);
$affected_rows = $this->db->affected_rows();
if ($affected_rows == 0) {
$this->_filter($ip_filter, $userip, $input_failure_count, $login_date);
jump($this->user_not_exist, 'http');
exit;
}
// 6、密码输入不正确调用$this->_filter方法 并弹出错误提示
$tmp = $tmp->row();
$sql_pwd = $tmp->password;
$input_pwd = ming_sha($this->input->post('password', TRUE));
if ($input_pwd != $sql_pwd) {
// a 调用$this->_filter方法更新filter表
$this->_filter($ip_filter, $userip, $input_failure_count, $login_date);
// b 记录日志信息
$this->_log($username, $userip);
// c 并弹出错误提示
jump($this->pwd_error, 'http');
exit;
} else {
// 写入日志
$this->_log($username, $userip, 'success');
// 更新filter表
if ($ip_filter === TRUE) {
$this->db->update('ip_filter', array('input_failure_count' => 0), array('lock_ip' => $userip));
}
// 写入session
$this->session->set_userdata('username', $username);
$this->session->set_userdata(ming_md5($userip), ming_md5($username));
// 跳转后台首页
redirect(base_url() . $this->back_index);
}
}
