/** * 登录 * * @param string|User $user * @param string $password * @param boolean $reUser * @return boolean */ public function signIn($user, $password, $reUser = false) { if (!$user instanceof User) { $username = $user; if (!$username) { return null; } // Load the user $user = User::findFirstByUserName($username); if (!$user) { $user = User::findFirstByUserPhone($username); } if (!$user) { $user = User::findFirstByUserEmail($username); } } if ($user) { $roles = $this->getRoles($user); // Create a hashed password if (is_string($password)) { $hashPassword = $this->hash($password, $user->salt); } //如果用户被允许登录且密码匹配,则完成登录 if (isset($roles['login']) && $user->User_passwd === $hashPassword) { // 早期密码是不加盐的,为了兼容早期代码 // 旧密码验证通过后,保存加盐后的新密码 if (empty($user->salt) && !empty($password)) { $user->salt = mt_rand(1000, 100000); $user->User_passwd = $this->hash($password, $user->salt); } $this->performLogin($user, $reUser, $roles); return true; // 登录成功 } else { return false; // 登录失败 } } return null; // 没找到用户 }