/** * POST登录 * @param string $account * @param string $password * @param string $captcha * @param bool $save_status */ public function PostLogin($account, $password, $captcha, $save_status) { if (empty($account) || empty($password)) { $this->throwMsg(-10); } $save_status = !empty($save_status); if (!$this->Captcha($captcha)) { //验证码检测 $this->throwMsg(-5); } $account = strtolower($account); $password = strtolower($password); $this->GetAccountUser($account); lib()->load('UserCheck'); if (!UserCheck::CheckPasswordChar($password)) { $this->throwMsg(-3); } $ip = Ip::getInstance(); $max_error_count = hook()->apply("UserLogin_max_error_count", 6); $now_ip = $ip->realip(); if ($max_error_count <= $this->user->getErrorLoginCount() && $ip->fill($now_ip) === $ip->fill($this->user->getErrorLoginIp()) && explode(" ", $this->user->getErrorLoginTime())[0] == date("Y-m-d")) { //登录被限制 $this->throwMsg(-8); } else { if (UserCheck::CreatePassword($password, $this->user->getSalt()) !== $this->user->getPassword()) { //错误登录记录 $this->user->set(array("error_login_count" => 1 + $this->user->getErrorLoginCount(), 'error_login_time' => date("Y-m-d H:i:s"), 'error_login_ip' => $now_ip)); if ($this->user->getErrorLoginCount() >= $max_error_count) { hook()->apply("UserLogin_PostLogin_restrictions", NULL, $this->user); } $this->throwMsg(-4); } else { if (in_array($this->user->getStatus(), [0, 1, 2])) { if ($this->user->getErrorLoginCount() > 0) { //错误登录清零 $this->user->set(array("error_login_count" => 0)); } } else { //登录受限制,无法登录 $this->throwMsg(-9); } } } try { //登录成功后的COOKIE设置 if (strlen($this->user->getCookieLogin()) < 10) { $this->user->set(array("cookie_login" => salt_hash(time() . $this->user->getEmail(), salt(20)))); } if ($save_status) { cookie()->set("UserLogin", $this->user->getId() . "\t" . $this->user->getCookieLogin(), hook()->apply("UserLogin_PostLogin_CookieTime", time() + 60 * 60 * 24 * 7)); } else { cookie()->set("UserLogin", $this->user->getId() . "\t" . $this->user->getCookieLogin()); } } catch (\Exception $ex) { $this->throwMsg(-6); } try { //最后登录信息 self::setLastLoginInfo($this->user); } catch (\Exception $ex) { $this->code = -7; } hook()->apply('UserLogin_PostLogin_Success', NULL, $this->user); }
/** * @param $list array * @throws \Exception */ public function set($list) { $data = []; $update = []; foreach ($list as $name => $value) { $name = trim($name); if ($name !== 'id' && in_array($name, self::$column_list)) { $data[$name] = $value; $update["user_" . $name] = $value; if (substr($name, -3) === '_ip') { $update["user_" . $name] = Ip::getInstance()->ip2bin($value); } } } lib()->load('UserCheck'); if (isset($update['user_aliases']) && empty($update['user_aliases'])) { throw new \Exception(_("Aliases can't set empty.")); } if (isset($update['user_email']) && !UserCheck::CheckEmailChar($update['user_email'])) { throw new \Exception(_("Email verify check Error")); } if (isset($update['user_name']) && !UserCheck::CheckUsernameChar($update['user_name'])) { throw new \Exception(_("Username verify check Error")); } if (isset($update['user_password']) && !UserCheck::CheckPasswordChar($update['user_password'])) { throw new \Exception(_("Password verify check Error")); } if (isset($update['user_url']) && $update['user_url'] != "" && !filter_var($update['user_url'], FILTER_VALIDATE_URL)) { throw new \Exception(_("Url check error")); } if (count($update) > 0) { if (db()->update("users", $update, ['id' => $this->id]) === false) { throw new \Exception(_("Can't update User info.") . debug("SQL msg:" . implode(",", db()->error()['write']))); } foreach ($data as $n => $v) { $this->{$n} = $v; } } }