public function set($filename) { $rand = \Hnust\randStr(8); $path = Config::BASE_PATH . Config::TEMP_PATH . '/' . $rand; $info = array('uid' => $this->uid, 'rand' => $rand, 'path' => $path, 'filename' => $filename, 'time' => time()); $this->cache->set($rand, $info, 604800); return $info; }
public function login() { $passwd = \Hnust\input('passwd'); //获取用户信息 $sql = 'SELECT `error`, `passwd`, `rank` FROM `user` WHERE `uid` = ?'; $result = Mysql::execute($sql, array($this->uid)); //未查找到用户 if (empty($result)) { $this->code = Config::RETURN_ERROR; $this->msg = '该用户不存在,请检查用户名是否正确或长期未使用(长期未使用账号会被系统自动清理)'; return false; } //密码错误次数过多 if ($result[0]['error'] >= Config::getConfig('max_passwd_error')) { $this->code = Config::RETURN_ERROR; $this->msg = '您的错误次数过多,已被限制使用'; return false; } //密码不正确 if ($result[0]['passwd'] !== \Hnust\passwdEncrypt($this->uid, $passwd)) { //错误次数加1 $sql = 'UPDATE `user` SET `error` = (`error` + 1) WHERE `uid` = ? LIMIT 1'; Mysql::execute($sql, array($this->uid)); $this->code = Config::RETURN_ERROR; $this->msg = '您输入的密码有误'; return false; } //选取不重复的token $loginInfo = array('uid' => $this->uid, 'time' => time(), 'ua' => $_SERVER['HTTP_USER_AGENT']); do { $this->token = \Hnust\randStr(32); } while (!$this->authCache->hadd('token', $this->token, $loginInfo)); $this->authCache->sadd($this->uid, $this->token); //更新用户信息 $sql = 'UPDATE `user` SET `error` = 0, `lastTime` = CURRENT_TIMESTAMP WHERE `uid` = ?'; Mysql::execute($sql, array($this->uid)); //设置cookies $cookieTime = time() + Config::getConfig('max_remember_time'); setcookie('token', $this->token, $cookieTime, Config::WEB_PATH . '/'); $this->msg = '登陆成功'; $this->code = Config::RETURN_RECORD_PAGE; $this->info = $this->user(); return true; }
public function user() { $type = \Hnust\input('type'); $uid = \Hnust\input('uid'); //添加用户 if ('add' === $type) { $rank = \Hnust\input('rank'); $sql = "SELECT * FROM\n (SELECT COUNT(*) `user` FROM `user` WHERE `uid` = ?) `a` ,\n (SELECT COUNT(*) `student` FROM `student` WHERE `sid` = ?) `b`"; $result = Mysql::execute($sql, array($uid, $uid)); if (empty($result)) { return $this->msg = '添加失败'; } elseif ($result[0]['user'] > 0) { return $this->msg = '添加失败,用户已存在'; } elseif ($result[0]['student'] <= 0) { return $this->msg = '添加失败,未找到对应学号'; } $randPasswd = \Hnust\randStr(6); $passwd = \Hnust\passwdEncrypt($uid, md5($randPasswd)); //选取与数据库不重复的ApiToken do { $apiToken = \Hnust\randStr(32); $sql = 'SELECT COUNT(*) `count` FROM `user` WHERE `apiToken` = ? '; $result = Mysql::execute($sql, array($apiToken)); } while ('0' != $result[0]['count']); //添加新用户 $sql = "INSERT INTO `user`(\n `uid`, `inviter`, `passwd`, `apiToken`,\n `lastTime`, `regTime`, `rank`\n ) VALUES (?, ?, ?, ?, NOW(), NOW(), ?)"; $sqlArr = array($uid, $this->uid, $passwd, $apiToken, $rank); if (Mysql::execute($sql, $sqlArr)) { $push = new \Hnust\Analyse\Push(); $push->add($uid, 1, '系统安全提示:', '您的密码过弱,请立即修改密码!', '#/user'); $this->msg = '成功添加网站用户'; $this->data = "新用户 {$uid} 的密码为 {$randPasswd}"; \Hnust\Utils\Wechat::createUser($uid); } else { $this->msg = '添加失败,数据库有误'; } //解锁用户 } elseif ('unlock' === $type) { $sql = 'UPDATE `user` SET `error` = 0 WHERE `uid` = ? LIMIT 1'; Mysql::execute($sql, array($uid)); $this->code = Config::RETURN_NORMAL; //修改用户权限 } elseif ('change' === $type) { $rank = \Hnust\input('rank'); if ($this->uid == $uid) { return $this->msg = '不能修改自己的权限'; } $sql = 'UPDATE `user` SET `rank` = ? WHERE `uid` = ? LIMIT 1'; Mysql::execute($sql, array($rank, $uid)); $this->code = Config::RETURN_NORMAL; //重置用户密码 } elseif ('reset' === $type) { $randPasswd = \Hnust\randStr(6); $passwd = \Hnust\passwdEncrypt($uid, md5($randPasswd)); $sql = 'UPDATE `user` SET `passwd` = ?, `error` = 0 WHERE `uid` = ? LIMIT 1'; Mysql::execute($sql, array($passwd, $uid)); $this->msg = '重置密码成功'; $this->data = "已成功重置用户密码为{$randPasswd}"; //删除用户 } elseif ('delete' === $type) { if ($uid == $this->uid) { return $this->msg = '不能删除自己'; } $sql = 'DELETE FROM `user` WHERE `uid` = ? LIMIT 1'; Mysql::execute($sql, array($uid)); \Hnust\Utils\Wechat::deleteUser($uid); $this->msg = '删除成功'; //获取用户列表 } else { $sql = "SELECT `u`.`uid`, `s1`.`name`, `s2`.`name` `inviter`,\n `u`.`webCount`, `u`.`wxCount`, `u`.`apiCount`,\n `u`.`error`, `u`.`rank`, `u`.`lastTime`, `u`.`regTime`,\n `wx`.`wid`, `wx`.`status` `wxStatus`,\n IF(`wx`.`time` IS NULL, '', `wx`.`time`) `wxTime`\n FROM `user` `u`\n LEFT JOIN `student` `s1` ON `s1`.`sid` = `u`.`uid`\n LEFT JOIN `student` `s2` ON `s2`.`sid` = `u`.`inviter`\n LEFT JOIN `weixin` `wx` ON `wx`.`uid` = `u`.`uid`"; $this->data = Mysql::execute($sql); //计算用户状态 $maxError = Config::getConfig('max_passwd_error'); for ($i = 0; $i < count($this->data); $i++) { $this->data[$i]['count'] = $this->data[$i]['webCount'] + $this->data[$i]['wxCount'] + $this->data[$i]['apiCount']; if ('0' == $this->data[$i]['error']) { $this->data[$i]['state'] = '正常'; } elseif ($maxError == $this->data[$i]['error']) { $this->data[$i]['state'] = '冻结'; } else { $this->data[$i]['state'] = "{$this->data[$i]['error']}次错误"; } } } }