예제 #1
0
 public function __construct()
 {
     $cookie = Encrypt::decode(base64_decode($_COOKIE['auth']), COOKIE_KEY);
     if ($cookie) {
         list($this->uid, $this->email, $this->nickname) = explode("\t", $cookie);
     }
 }
예제 #2
0
 /**
  * Login
  *
  * @JSON
  */
 public function login()
 {
     /**
      * 1. 判断用户是否已经登录,
      *      若已经登录,则直接跳转到控制面板(仪表盘)中.
      * 2. 加载登录页面模板,进入登录页面.
      */
     $user = User::getCurrent();
     if ($user->uid) {
         header("Location:/member");
     } else {
         if (isset($_REQUEST['email']) && isset($_REQUEST['passwd'])) {
             $result = array('error' => 1, 'message' => '账户不存在啊喂!');
             $email = htmlspecialchars(trim($_REQUEST['email']));
             $passwd = htmlspecialchars(trim($_REQUEST['passwd']));
             $remember_me = htmlspecialchars(trim($_REQUEST['remember_me']));
             $user = User::getUserByEmail($email);
             if ($user) {
                 if ($user->verifyPassword($passwd)) {
                     $result['error'] = 0;
                     $result['message'] = '登录成功,即将跳转到 >仪表盘';
                     $remember_me == 'week' ? $ext = 3600 * 24 * 7 : ($ext = 3600);
                     $expire = time() + $ext;
                     $token = md5($user->uid . ":" . $user->email . ":" . $user->passwd . ":" . $expire . ":" . COOKIE_KEY);
                     setcookie("uid", base64_encode(Encrypt::encode($user->uid, ENCRYPT_KEY)), $expire, "/");
                     setcookie("expire", base64_encode(Encrypt::encode($expire, ENCRYPT_KEY)), $expire, "/");
                     setcookie("token", base64_encode(Encrypt::encode($token, ENCRYPT_KEY)), $expire, "/");
                     $_SESSION['currentUser'] = $user;
                     Logger::getInstance()->info('user [' . $user->email . '] Login success');
                 } else {
                     $result['message'] = "账户名或密码错误, 请检查后再试!";
                     Logger::getInstance()->info('user [' . $user->email . '] Login failed! wrong password');
                 }
             }
             return $result;
         } else {
             $data['globalMessage'] = MessageModel::getGlobalMessage();
             Template::setContext($data);
             Template::setView('panel/login');
         }
     }
 }
예제 #3
0
 public function Login()
 {
     $controller = "Login";
     /**
      * 1. 判断用户是否已经登陆,
      *      若已经登陆,则直接跳转到控制面板(仪表盘)中.
      * 2. 加载登陆页面模板,进入登陆页面.
      */
     //throw new Error("Check Login :"******"Location:/Member");
     } else {
         if (isset($_REQUEST['email']) && isset($_REQUEST['passwd'])) {
             $result = array('error' => 1, 'message' => '账户不存在啊喂!');
             $email = htmlspecialchars($_REQUEST['email']);
             $passwd = htmlspecialchars($_REQUEST['passwd']);
             $remember_me = htmlspecialchars($_REQUEST['remember_me']);
             $user = User::getInstance();
             $user = $user->GetUserByEmail($email);
             if ($user) {
                 if ($user->verifyPassword($passwd)) {
                     $result['error'] = 0;
                     $result['message'] = '登陆成功,即将跳转到 >仪表盘';
                     $remember_me == 'week' ? $ext = 3600 * 24 * 7 : ($ext = 3600);
                     $token = $user->uid . "\t" . $user->email . "\t" . $user->nickname;
                     $token = Encrypt::encode($token, COOKIE_KEY);
                     $tokenOutTime = Encrypt::encode(time(), COOKIE_KEY);
                     setcookie("token", base64_encode($tokenOutTime), time() + $ext, "/");
                     setcookie("auth", base64_encode($token), time() + $ext, "/");
                 } else {
                     $result['message'] = "账户名或密码错误, 请检查后再试!";
                 }
             }
             echo json_encode($result);
             exit;
         } else {
             include Template::load('/panel/login');
         }
     }
 }
예제 #4
0
 /**
  * Get current user object
  * @return User
  */
 public static function getCurrent()
 {
     /** @var User $user */
     $user = $_SESSION['currentUser'];
     if ($user && TIMESTAMP - $user->lastActive > 600) {
         $userObj = self::getUserByUserId($user->uid);
         if (!$userObj) {
             $user = null;
         } elseif ($user->password != $userObj->password) {
             // Password changed
             $user = null;
         } else {
             $userObj->lastActive = TIMESTAMP;
             $user = $userObj;
         }
     } elseif (!$user->uid) {
         $uid = Encrypt::decode(base64_decode($_COOKIE['uid']), ENCRYPT_KEY);
         $expire = Encrypt::decode(base64_decode($_COOKIE['expire']), ENCRYPT_KEY);
         $token = Encrypt::decode(base64_decode($_COOKIE['token']), ENCRYPT_KEY);
         if ($uid && $expire && $token) {
             $userObj = self::getUserByUserId($uid);
             if ($userObj) {
                 $validateToken = md5($userObj->uid . ":" . $userObj->email . ":" . $userObj->passwd . ":" . $expire . ":" . COOKIE_KEY);
                 if ($token == $validateToken) {
                     $userObj->lastActive = TIMESTAMP;
                     $user = $userObj;
                 }
             }
         }
     }
     $_SESSION['currentUser'] = $user;
     return $user;
 }