public function admin($ca = '', $k1 = '', $k2 = '', $k3 = '') { // 验证用户的登陆状态 $userip = ip2long($_SERVER['REMOTE_ADDR']); $username = $this->session->userdata('username'); $sip = ming_md5($userip); $sname = $this->session->userdata($sip); if (empty($username) or $this->session->userdata($sip) != $sname) { redirect(base_url() . 'login'); } /*对后台所有操作进行划分*/ // 1、包含 '-' 表示是一个model层的操作,返回成功或失败页面,动作本身不包含视图 if (strpos($ca, '-')) { $c = substr($ca, 0, strpos($ca, '-')); $a = substr($ca, strpos($ca, '-') + 1); $this->{$a}($c, $k1, $k2, $k3); // 2、其他的所有类型执行相同操作 } else { // 获取数据 $tmp = $this->get($ca, $k1, $k2, $k3); $data['data'] = $tmp ? $tmp : ''; // 加载公共视图 top $data['del_confirm'] = $this->del_confirm; // 确认是否删除提示语 if ($ca == 'news_edit') { $data['width'] = $this->news_edit_pic_width; } // news_edit页面图片显示的宽度 $this->load->view('back/top', $data); $this->load->view('back/' . $ca); $this->load->view('back/foot'); } }
/** * @ 登陆验证 */ public function verify($access = '') { // 1、若IP被封锁弹出错误提示 并对ip是否记录在表中进行标识($ip_filter)方便后面直接使用 $userip = ip2long($_SERVER['REMOTE_ADDR']); $tmp = $this->db->select('expires, input_failure_count, login_date')->where('lock_ip', $userip)->get('ip_filter'); $affected_rows = $this->db->affected_rows(); if ($affected_rows === 0) { $ip_filter = FALSE; } else { $ip_filter = TRUE; $tmp = $tmp->row(); $input_failure_count = $tmp->input_failure_count; $expires = $tmp->expires; $login_date = $tmp->login_date; if (time() < $expires) { jump($this->lock_error, 'http'); exit; } } $affected_rows = ''; // 2、若用户输入为空弹出错误提示 $this->load->library('form_validation'); $this->form_validation->set_error_delimiters('', ''); $flag = $this->_verify('login'); if ($flag === FALSE) { $tips = validation_errors(); jump($tips, 'http'); exit; } // 3、若验证码输入不正确弹出错误提示 $post_code = $this->input->post('code', TRUE); // 用户输入 $session_code = $this->session->flashdata('code'); // 系统生成 if ($post_code != $session_code) { jump($this->code_error, 'http'); exit; } // 4、判断登入动作来自前台还是后台并对$db进行赋值 $db = $access == 'back' ? 'admin' : 'member'; // 5、账号不存在调用$this->_filter方法 并弹出错误提示 $username = $this->input->post('username', TRUE); $tmp = $this->db->select('username, password')->where('username', $username)->get($db); $affected_rows = $this->db->affected_rows(); if ($affected_rows == 0) { $this->_filter($ip_filter, $userip, $input_failure_count, $login_date); jump($this->user_not_exist, 'http'); exit; } // 6、密码输入不正确调用$this->_filter方法 并弹出错误提示 $tmp = $tmp->row(); $sql_pwd = $tmp->password; $input_pwd = ming_sha($this->input->post('password', TRUE)); if ($input_pwd != $sql_pwd) { // a 调用$this->_filter方法更新filter表 $this->_filter($ip_filter, $userip, $input_failure_count, $login_date); // b 记录日志信息 $this->_log($username, $userip); // c 并弹出错误提示 jump($this->pwd_error, 'http'); exit; } else { // 写入日志 $this->_log($username, $userip, 'success'); // 更新filter表 if ($ip_filter === TRUE) { $this->db->update('ip_filter', array('input_failure_count' => 0), array('lock_ip' => $userip)); } // 写入session $this->session->set_userdata('username', $username); $this->session->set_userdata(ming_md5($userip), ming_md5($username)); // 跳转后台首页 redirect(base_url() . $this->back_index); } }