예제 #1
0
 public function IndexAction()
 {
     // 校验CSRF
     if (!$this->security->checkToken()) {
         return $this->response->setJsonContent(['102', '校验失败']);
     }
     //判断是否IP黑名单, 或者IP是登录已经超过次数,还有CAPTCHA
     if (!empty($getIpSes = $this->session->get($this->clientIp))) {
         trim($this->request->getPost('captcha', 'lower'));
         $sessionInfo = $this->session->get($this->clientIp);
         //查看是否黑名单
         if ($sessionInfo['bl'] != 0) {
             // BL == BLACKLIST 黑名单
             return $this->response->setJsonContent(['102', '你所在IP异常, 请2小时候后重试']);
         }
         //校验captcha
         if (!empty($sessionInfo['cc']) && strtolower($sessionInfo['cc']) == trim($this->request->getPost('captcha', 'lower'))) {
             return $this->response->setJsonContent(['102', '验证码不正确哦']);
         }
     }
     //获取用户名和密码
     $name = $this->request->getPost('nickname', 'email');
     $password = $this->request->getPost('password');
     //判断是否为空
     if (empty($name) || empty($password)) {
         return $this->response->setJsonContent(['101', '用户名或密码不能为空']);
     }
     $auth = Admin::findFirst("username = {$name} OR email = {$name}");
     if ($auth == false) {
         return $this->response->setJsonContent(['301', '用户不存在']);
     }
     if ($auth['status'] != 1) {
         return $this->response->setJsonContent(['102', '账号异常,请联系客服']);
     }
     if ($this->Encrypt($auth['password'], $auth['salt']) != $this->Encrypt($password, $auth['salt'])) {
         return $this->response->setJsonContent(['102', '用户或密码错误']);
     }
     //  2小时登录大于100次就要输入验证码
     empty($getIpSes) ? $this->session->set($this->clientIp, ['t' => '1']) : $getIpSes['t'] > 100 ? $this->session->set($this->clientIp, ['t' => ++$getIpSes['t'], 'bl' => 1]) : $this->session->set($this->clientIp, ['t' => ++$getIpSes['t']]);
     //开始写入session
     $this->session->set('adminAuth', ['uid' => $auth['uid'], 'name' => $auth['username'], 'sign_time' => time()]);
     $this->session->set('lock_time', time());
     //防止不同机器登录, 对应services->auth->singleSign()
     $this->cache->save('admin_' . $auth['uid'], time());
     //TODO 记录登录信息
     $this->service->admin()->logInfo();
 }
예제 #2
0
 /**
  * 从数据库中更新保存在session中的用户信息
  */
 public function refreshUser()
 {
     /** @var Admin $user */
     $user = $this->getSession()->get($this->sessionKey);
     if (!$user) {
         return null;
     } else {
         // 从数据库中读取用户信息
         $user = Admin::findFirst($user->admin_id);
         $roles = $this->getRoles($user);
         // 重新生成session_id
         session_regenerate_id();
         // 保存用户信息到session
         $this->getSession()->set($this->sessionKey, $user);
         // 保存用户角色权限到session
         if ($this->sessionRoles) {
             $this->getSession()->set($this->sessionRoles, $roles);
         }
         return $user;
     }
 }