public function login()
{
$systemConfig = (include WEB_ROOT . 'Common/systemConfig.php');
if (IS_POST) {
$pubmod = new PublicModel();
$returnLoginInfo = $pubmod->auth();
if ($returnLoginInfo['status'] == 1) {
$map = array();
// 支持使用绑定帐号登录
$map['a_name'] = $this->_post('name');
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['a_id'];
#var_dump($_SESSION[C('USER_AUTH_KEY')]);exit;
$_SESSION['a_name'] = $authInfo['a_name'];
if ($authInfo['a_name'] == C('ADMIN_AUTH_KEY')) {
//是否是管理员登录
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
// 缓存访问权限
RBAC::saveAccessList();
$_SESSION['username'] = $authInfo['a_name'];
//记录管理员log
$data = array("a_id" => $authInfo['a_id'], "l_content" => "管理员[" . $authInfo['a_name'] . "]于[" . date("Y-m-d H:i:s") . "]登录了[唐亮工长俱乐部]后台管理系统!");
M("Log")->add($data);
$this->success("登录成功", U("Index/index"));
exit;
} else {
$this->error($returnLoginInfo['info']);
exit;
}
}
$this->assign("systemConfig", $systemConfig);
$this->display();
}
public function doCookies()
{
$map['account'] = $_COOKIE['username'];
$map['status'] = array('gt', 0);
import('@.ORG.RBAC');
$authInfo = RBAC::authenticate($map);
if (!$authInfo) {
$this->error('登录错误:可能这个账户已被禁用!');
}
if ($authInfo['password'] != md5($_COOKIE['password'])) {
$this->error('登录失败:密码错误!');
}
$model = D('User');
$model->find($authInfo['id']);
$model->last_login_time = time();
$model->last_login_ip = get_client_ip();
$model->save();
Session::set(C('USER_AUTH_KEY'), $authInfo['id']);
Session::set('email', $authInfo['email']);
Session::set('loginUserName', !empty($authInfo['nickname']) ? $authInfo['nickname'] : $authInfo['account']);
Session::set('login_count', $authInfo['login_count']);
if ($authInfo['isadministrator'] == 1) {
Session::set('administrator', true);
}
RBAC::saveAccessList();
$this->redirect('Admin/Index');
}
public function index()
{
if (IS_POST) {
$this->checkToken();
$returnLoginInfo = D("Public")->auth();
//生成认证条件
if ($returnLoginInfo['status'] == 1) {
$map = array();
// 支持使用绑定帐号登录
$map['email'] = $this->_post('email');
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['aid'];
$_SESSION['email'] = $authInfo['email'];
if ($authInfo['email'] == C('ADMIN_AUTH_KEY')) {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
// 缓存访问权限
RBAC::saveAccessList();
}
echo json_encode($returnLoginInfo);
} else {
if (isset($_COOKIE[$this->loginMarked])) {
$this->redirect("Index/index");
}
$systemConfig = (include WEB_ROOT . 'Common/systemConfig.php');
$this->assign("site", $systemConfig);
$this->display("Common:login");
}
}
function checkLogin()
{
if (empty($_POST['username'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['username'] = $_POST['username'];
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
if ($authInfo['username'] == 'admin') {
$_SESSION['administrator'] = true;
}
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!');
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
} elseif (empty($_POST['verify'])) {
$this->error('验证码必须!');
}
// 登录验证码获取
$verifyCodeStr = $_POST['verify'];
$verifyCodeNum = array_flip($_SESSION['verifyCode']);
$len = strlen(trim($_POST['verify']));
for ($i = 0; $i < $len; $i++) {
$verify .= $verifyCodeNum[$verifyCodeStr[$i]];
}
if ($verify != '0123456789') {
$this->error('验证码错误!');
}
$User = M('User');
//生成认证条件
$map = array();
$map["account"] = $_POST['account'];
$map["status"] = array('gt', 0);
//$authInfo = $User->find($map);
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['email'] = $authInfo['email'];
$_SESSION['loginUserName'] = $authInfo['nickname'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['login_count'] = $authInfo['login_count'];
if ($authInfo['account'] == 'admin') {
$_SESSION['administrator'] = true;
}
//保存登录信息
$User = M('User');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', 'login_count+1');
$data['last_login_ip'] = $ip;
$User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!');
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
} elseif (empty($_POST['verify'])) {
$this->error('验证码必须!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['account'] = $_POST['account'];
$map["status"] = array('gt', 0);
$data = array();
$data['ip'] = get_client_ip();
$data['date'] = date("Y-m-d H:i:s");
$data['username'] = $_POST['account'];
$data['module'] = MODULE_NAME;
$data['action'] = ACTION_NAME;
$data['querystring'] = U(MODULE_NAME . '/' . ACTION_NAME);
if ($_SESSION['verify'] != md5($_POST['verify'])) {
$this->error('验证码错误!');
}
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$data['status'] = 0;
D("Log")->add($data);
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$data['status'] = 0;
D("Log")->add($data);
$this->error('密码错误!');
}
D("Public")->userInfo();
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
// 站点ID设置
$_SESSION['siteid'] = 1;
if ($authInfo['role_id'] == 1) {
$_SESSION['administrator'] = true;
}
//保存登录信息
D('User')->where(array('id' => $authInfo['id']))->save(array('last_login_time' => time(), 'last_login_ip' => $data['id']));
//保存日志
$data['status'] = 1;
$data['userid'] = $authInfo['id'];
D("Log")->add($data);
// 存储访问权限
RBAC::saveAccessList();
$this->success('登录成功!', __GROUP__ . '/Index');
}
}
public function checkLogin()
{
//如果用户名密码(可在此外加验证码)为空则直接阻止用户访问
if (empty($_POST['username'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录,将获得到用户名放到$map中
$map['username'] = $_POST['username'];
$map['active'] = 1;
//加载RBAC类
import('ORG.Util.RBAC');
//通过authenticate去读取出来所有的用户信息,仅传用户名即可
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
//如果没有获取到信息
if (false === $authInfo || $authInfo == "") {
$this->error('帐号不存在或已禁用!');
} else {
//通过$authinfo获取的信息与post当中的md5密码进行对比
if (strtolower($authInfo['password']) != strtolower(md5($_POST['password']))) {
$this->error('密码错误!');
}
//激活用户标识号
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['user_id'];
$_SESSION['user'] = $authInfo;
//如果用户标识号是管理员,则激活管理员标识,具有一切可访问权限
if (in_array($authInfo['username'], array('admin', 'system'))) {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
// 通过RBAC类中的静态方法saveAccessList缓存访问权限
RBAC::saveAccessList();
// dump($_SESSION[C('USER_AUTH_KEY')]);
// die();
//判断密码过期
if (D('user')->check_password()) {
$this->assign("jumpUrl", '?m=user&a=password');
$this->success('登录成功!但是密码已经过期,请修改');
} else {
//判断用户从哪进入登陆页面,登陆成功后返回前一个页面
$url = explode("?", $_POST['url']);
$url = explode("&", $url[1]);
if (isset($_POST['url']) && !empty($_POST['url']) && $url['0'] != "m=public" && $url['0'] != "m=public" && $url['0'] != "m=public" && $url['0'] != "m=public" && $url['0'] != "m=public") {
$this->assign("jumpUrl", $_POST['url']);
} else {
$this->assign("jumpUrl", '?m=dashboard&a=index');
}
$this->assign("waitSecond", "2");
$this->success('登录成功!');
}
}
}
function checkLogin()
{
if (empty($_POST['username'])) {
$this->error("帐号错误");
} elseif (empty($_POST['password'])) {
$this->error("密码必须!");
} elseif (empty($_POST['verify'])) {
$this->error('验证码必须!');
}
if (md5($_POST['verify']) != $_SESSION['verify']) {
$this->error('验证码错误!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['username'] = inject_check($_POST['username']);
$map["status"] = array('gt', 0);
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在!');
}
if (empty($authInfo)) {
$this->error('帐号不存在或已禁用!');
}
$pwdinfo = strcmp($authInfo['password'], md5('wk' . trim($_POST['password']) . 'cms'));
if ($pwdinfo != 0) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['username'] = $_POST['username'];
$_SESSION['cookietime'] = time();
$role = M('role_admin');
$authInfo['role_id'] = $role->where('user_id=' . $authInfo['id'])->getField('role_id');
if ($authInfo['role_id'] == '1') {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
//保存登录信息
$admin = M('admin');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['lastlogintime'] = $time;
$data['lastloginip'] = $ip;
$admin->save($data);
// 缓存访问权限
RBAC::saveAccessList();
//保存cookie信息
import('ORG.Util.Cookie');
Cookie::set($_SESSION['cookietime'], '1', 60 * 60 * 3);
//dump($_SESSION);
$this->index();
}
public function checkLogin()
{
if (empty($_POST['username'])) {
$this->error('请填写用户名!');
} elseif (empty($_POST['pwd'])) {
$this->error('请填写密码!');
} elseif (empty($_POST['verify'])) {
$this->error('请填写验证码!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['username'] = $_POST['username'];
//$map["status"] = array('gt',0);
if (session('verify') != md5($_POST['verify'])) {
$this->error('验证码错误!');
}
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在!');
} else {
if ($authInfo['pwd'] != md5($_POST['pwd'])) {
$this->error('密码错误!');
}
//是否禁用
if ($authInfo['status'] == 0) {
$this->error('账号已被管理员禁用!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['uid'];
$_SESSION['email'] = $authInfo['email'];
$_SESSION['loginUserName'] = $authInfo['username'];
$_SESSION['lastLoginTime'] = $authInfo['logintime'];
//$_SESSION['login_count'] = $authInfo['login_count'];
//若是管理员开启管理员权限
if ($authInfo['isadmin'] == 1) {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
//保存登录信息
$User = M('Users');
$ip = get_client_ip();
$time = time();
$data = array();
$data['uid'] = $authInfo['uid'];
$data['logintime'] = $time;
//$data['login_count'] = array('exp','login_count+1');
$data['loginip'] = $ip;
$User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!', __APP__ . '/Index/index');
}
}
public function insert(){
$username = $this->_post('username');
$password = $this->_post('password','md5');
if(empty($username)||empty($password)){
$this->error('请输入帐号密码',U('Admin/index'));
}
$code=$this->_post('code','intval,md5',0);
if($code != $_SESSION['verify']){
$this->error('验证码错误',U('Admin/index'));
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['username'] = $username;
$map['status'] = 1;
$authInfo = RBAC::authenticate($map,'User');
//exit;
//使用用户名、密码和状态的方式进行认证
if($authInfo['password']!=$password)$this->error('账号密码不匹配,请认真填写');
if((false == $authInfo)) {
$this->error('帐号不存在或已禁用!');
}else {
session(C('USER_AUTH_KEY'), $authInfo['id']);
session('userid',$authInfo['id']); //用户ID
session('username',$authInfo['username']); //用户名
session('roleid',$authInfo['role']); //角色ID
if($authInfo['username']==C('SPECIAL_USER')) {
session(C('ADMIN_AUTH_KEY'), true);
}
//保存登录信息
$User = M('User');
$ip = get_client_ip();
$data = array();
if($ip){ //如果获取到客户端IP,则获取其物理位置
$Ip = new IpLocation(); // 实例化类
$location = $Ip->getlocation($ip); // 获取某个IP地址所在的位置
$data['last_location'] = '';
if($location['country'] && $location['country']!='CZ88.NET') $data['last_location'].=$location['country'];
if($location['area'] && $location['area']!='CZ88.NET') $data['last_location'].=' '.$location['area'];
}
$data['id'] = $authInfo['id'];
$data['last_login_time'] = time();
$data['last_login_ip'] = get_client_ip();
$User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
redirect(U('System/index'));
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('Bạn chưa nhập tài khoản!');
} elseif (empty($_POST['password'])) {
$this->error('Ban chưa nhập mật khẩu!');
} elseif ('' === trim($_POST['verify'])) {
$this->error('Bạn chưa nhập mã xác thực!');
}
//Generate the certification requirements
$map = array();
// Support the use of binding account login
$map['account'] = $_POST['account'];
$map["status"] = array('gt', 0);
if ($_SESSION['verify'] != md5($_POST['verify'])) {
$this->error('Mã xác thực không đúng!');
}
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//Authentication using the user name, password, and the state
if (false === $authInfo) {
$this->error('Tài khoản không tồn tại hoặc đã bị khoá!');
} else {
if ($authInfo['password'] != pwdHash($_POST['password'])) {
$this->error('Mật khẩu không đúng!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['loginUserName'] = $authInfo['nickname'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['login_count'] = $authInfo['login_count'];
$_SESSION['user_type'] = $authInfo['type_id'];
if ($authInfo['account'] == 'admin') {
$_SESSION['administrator'] = true;
}
//Save login information
$User = M('User');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', '(login_count+1)');
$data['last_login_ip'] = $ip;
$User->save($data);
$_SESSION['loginId'] = $loginId;
// Cache access rights
RBAC::saveAccessList();
$this->success('Đăng nhập thành công');
}
}
/**
* 登录验证
*
* @author Vonwey <*****@*****.**>
* @CreateDate: 2013-12-19 下午2:41:40
*/
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
} elseif (empty($_POST['verify'])) {
$this->error('验证码必须!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['username'] = $_POST['account'];
$map["status"] = array('gt', 0);
if (session('verify') != md5($_POST['verify'])) {
$this->error('验证码错误!');
}
import('@.ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['email'] = $authInfo['email'];
$_SESSION['loginUserName'] = $authInfo['username'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['login_count'] = $authInfo['username'];
if ($authInfo['username'] == 'admin') {
$_SESSION['administrator'] = true;
}
//保存登录信息
$User = M('User');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', 'login_count+1');
$data['last_login_ip'] = $ip;
$User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
$this->redirect('?m=Index&a=index');
}
}
/**
* 登陆验证操作.
*
* @version 0.0.2 去掉验证码机制 by GenialX
* @since 0.0.1
*
* @author 水木清华
* @author GenialX
*/
function checklogin()
{
//此处多余可自行改为Model自动验证
if (empty(I('post.email', ''))) {
$this->error('请输入登陆邮箱!');
} elseif (empty(I('post.password', ''))) {
$this->error('密码必须!');
}
$map = array();
$map['email'] = I('post.email');
$map['status'] = array('gt', 0);
import('ORG.Util.RBAC');
//C('USER_AUTH_MODEL','User');
//验证账号密码
$authInfo = RBAC::authenticate($map);
if (empty($authInfo)) {
$this->error('账号不存在或者被禁用!');
} else {
if ($authInfo['password'] != I("post.password")) {
$this->error('密码错误!');
} else {
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
//记录认证标记,必须有。其他信息根据情况取用。
$_SESSION['user'] = $authInfo['username'];
//判断是否为管理员
//if($authInfo['username']=='admin'){
//$_SESSION[C('ADMIN_AUTH_KEY')]=true; }
//以下操作为记录本次登录信息
$user = M('Member');
$data = array();
$data['id'] = $authInfo['id'];
$lasttime = date('Y-m-d H:i:s');
$data['last_login_time'] = $lasttime;
$user->save($data);
RBAC::saveAccessList();
//用于检测用户权限的方法,并保存到Session中
if (I('post.callBackUrl', '')) {
$callBackUrl = I("post.callBackUrl", '');
} else {
$callBackUrl = '/';
}
$this->assign('jumpUrl', $callBackUrl);
$this->success('登录成功!');
}
}
}
function checklogin()
{
//此处多余可自行改为Model自动验证
if (empty($_POST['username'])) {
$this->error('请输入帐号!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
} elseif (empty($_POST['verify'])) {
$this->error('验证码必须!');
}
$map = array();
$map['username'] = $_POST['username'];
$map['status'] = array('gt', 0);
if ($_SESSION['verify'] != md5($_POST['verify'])) {
$this->error('验证码错误!');
}
import('ORG.Util.RBAC');
//C('USER_AUTH_MODEL','User');
//验证账号密码
$authInfo = RBAC::authenticate($map);
if (empty($authInfo)) {
$this->error('账号不存在或者被禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
} else {
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
//记录认证标记,必须有。其他信息根据情况取用。
$_SESSION['user'] = $authInfo['username'];
//判断是否为管理员
//if($authInfo['username']=='admin'){
//$_SESSION[C('ADMIN_AUTH_KEY')]=true; }
//以下操作为记录本次登录信息
$user = M('Member');
$data = array();
$data['id'] = $authInfo['id'];
$lasttime = date('Y-m-d H:i:s');
$data['last_login_time'] = $lasttime;
$user->save($data);
RBAC::saveAccessList();
//用于检测用户权限的方法,并保存到Session中
$this->assign('jumpUrl', __APP__ . '/User/index');
$this->success('登录成功!');
}
}
}
public function checkLogin()
{
if (empty($_POST['username'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
}
//生成认证条件
$map = array();
$map['username'] = $_POST['username'];
//用户账号
$map["status"] = array('gt', 0);
//大于0
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//按照条件查找所有用户信息
//使用用户名、密码和状态的方式进行认证
if ($authInfo === false) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
//Md5验证密码
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
//生成用户标识id SESSION
if ($authInfo['username'] == 'admin') {
//如果是管理员用户
$_SESSION['administrator'] = true;
//开启管理员标识,拥有所有访问权限
}
//更新登录信息
$User = M('User');
//用户表
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = time();
$data['login_count'] = array('exp', 'login_count+1');
$data['last_login_ip'] = get_client_ip();
$User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!', __APP__ . '/Index/index');
}
}
function checklogin()
{
if (empty($_POST['ChrName'])) {
$this->assign('waitSecond', 3);
$this->error('帐号错误!');
} elseif (empty($_POST['ChrPwd'])) {
$this->assign('waitSecond', 3);
$this->error('密码必须!');
} elseif (empty($_POST['verify'])) {
$this->assign('waitSecond', 3);
$this->error('验证码必须!');
}
$map = array();
$map['username'] = $_POST['ChrName'];
$map['if_lock'] = 0;
if ($_SESSION['verify'] != md5($_POST['verify'])) {
$this->assign('waitSecond', 3);
$this->error('验证码错误!');
}
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
if (empty($authInfo)) {
$this->assign('waitSecond', 3);
$this->error('账号不存在或者被禁用!');
} else {
if ($authInfo['password'] != md5($_POST['ChrPwd'] . C('USER_PASSWORD_CODE'))) {
$this->assign('waitSecond', 3);
$this->error('账号密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['USER_Name'] = $authInfo['username'];
$user = M('Admin');
$data = array();
$data['id'] = $authInfo['id'];
$data['login_time'] = time();
$data['login_ip'] = get_client_ip();
$user->save($data);
$user->where('id=' . $authInfo['id'])->setInc('login_times');
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
RBAC::saveAccessList();
$this->assign('jumpUrl', __APP__ . '/Index/index');
$this->success('登录成功!');
}
}
public function login($username, $password)
{
if (empty($username) || empty($password)) {
$res["code"] = "101";
$res["msg"] = "参数不全!";
return $res;
}
$map['account'] = $username;
$map['status'] = array('gt', 0);
import('@.ORG.RBAC');
$authInfo = RBAC::authenticate($map);
if (!$authInfo) {
$res["code"] = "101";
//
$res["msg"] = "登录错误:可能这个账户已被禁用!";
return $res;
}
if ($authInfo['password'] != md5($password)) {
$res["code"] = "102";
//
$res["msg"] = "登录失败:密码错误!";
return $res;
}
$model = D('User');
$model->find($authInfo['id']);
$model->last_login_time = time();
$model->last_login_ip = get_client_ip();
$model->save();
//保存Session
$session_id = md5(uniqid(rand()));
$dao = D("Session");
$list = $dao->where("adminid=" . $authInfo['id'])->find();
if ($list) {
$session_id = $list["sessionid"];
$data["dateline"] = time();
$dao->where("adminid=" . $authInfo['id'])->save($data);
} else {
$dao->AddSession($session_id, $authInfo['id']);
}
$res["code"] = 0;
$res["sessionid"] = $session_id;
$res["adminid"] = $authInfo['id'];
return $res;
}
/**
* 认证用户,传入where查询 $map['user表字段']
* @param $map
* @return string
*/
public function auth($map)
{
$authInfo = RBAC::authenticate($map);
if (false === $authInfo || $authInfo == null) {
$log['log_user_id'] = -1;
$log['log_user_name'] = I('post.username');
$log['log_password'] = I('post.password');
$log['log_ip'] = get_client_ip();
$log['log_status'] = -1;
D('login_log')->data($log)->add();
return $this->jsonResult(0, "用户名或者密码错误");
} else {
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['user_id'];
if ($authInfo['user_login'] == get_opinion('Admin') || $authInfo['user_id'] == 1) {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
//记住我
if (I('post.remember') == 1) {
if ($authInfo['user_session'] != '') {
cookie('user_session', $authInfo['user_session'], 3600000);
} else {
if ($authInfo['user_session'] == '') {
$user_session = D('User', 'Logic')->genHash($authInfo);
cookie('user_session', $user_session, 3600000);
}
}
}
// 缓存访问权限
RBAC::saveAccessList();
$log['log_user_id'] = $authInfo['user_id'];
$log['log_user_name'] = I('post.username');
$log['log_password'] = encrypt(I('post.password'));
$log['log_ip'] = get_client_ip();
$log['log_status'] = 1;
D('login_log')->data($log)->add();
return $this->jsonResult(1, "登录成功", U("Admin/Index/index"));
}
}
public function login()
{
// $ipLocation = new IpLocation();
// $ip_info = $ipLocation->getIpInfo();
$verify = new \Think\Verify();
if (!$verify->check(I('post.vertify'))) {
$this->error("验证码错误");
}
$map = array();
$map['user_login'] = $_POST['username'];
$map['user_status'] = array('gt', 0);
$authInfo = RBAC::authenticate($map);
if (false === $authInfo) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['user_pass'] != encrypt($_POST['password'])) {
$this->error('密码错误或者帐号已禁用');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['user_id'];
if ($authInfo['user_login'] == get_opinion('Admin')) {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
//记住我
if (I('post.remember') == 1) {
if ($authInfo['user_session'] != '') {
cookie('user_session', $authInfo['user_session'], 36000);
} else {
if ($authInfo['user_session'] == '') {
$user_session = D('User', 'Logic')->genHash($authInfo);
cookie('user_session', $user_session, 36000);
}
}
}
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!', U("Weixin/Home/index"), false);
}
}
public function checkLogin()
{
if (empty($_POST['username'])) {
$this->error('请输入用户名');
} elseif (empty($_POST['password'])) {
$this->error('请输入密码');
}
if (empty($_POST['verify'])) {
$this->error('请输入验证码!');
}
if ($_SESSION['verify'] != md5($_POST['verify'])) {
$this->error('验证码错误!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['username'] = $_POST['username'];
$map["status"] = array("eq", 0);
import('@.ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (NULL === $authInfo) {
$this->error('用户名不存在或已经列入黑名单,请联系管理员!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error("密码错误");
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['uid'];
$_SESSION["username"] = $authInfo['username'];
$_SESSION["mobile"] = $authInfo['mobile'];
$_SESSION["truename"] = $authInfo['truename'];
$_SESSION['administrator'] = true;
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!', U('home/room/index/'));
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('请输入用户名');
} elseif (empty($_POST['password'])) {
$this->error('请输入密码');
}
if (empty($_POST['verify'])) {
$this->error('请输入验证码!');
}
if ($_SESSION['verify'] != md5($_POST['verify'])) {
$this->error('验证码错误!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['account'] = $_POST['account'];
$map["status"] = array("eq", 1);
import('@.ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('用户名不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error("密码错误");
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION["account"] = $authInfo['account'];
$_SESSION["type_id"] = $authInfo['type_id'];
$_SESSION['administrator'] = true;
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!', U('admin/appoint/index/'));
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
}
/*elseif (empty($_POST['verify'])){
$this->error('验证码必须!');
}*/
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['account'] = $_POST['account'];
/*$map["status"] = array('gt',0);
if(session('verify') != md5($_POST['verify'])) {
$this->error('验证码错误!');
}*/
import('@.ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//dump($authInfo);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['email'] = $authInfo['email'];
$_SESSION['userName'] = $authInfo['account'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['login_count'] = $authInfo['login_count'];
/*if($authInfo['account']=='admin') {
$_SESSION['administrator'] = true;
}*/
$menu = array();
if (isset($_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]])) {
//如果已经缓存,直接读取缓存
$menu = $_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]];
} else {
//读取数据库模块列表生成菜单项
$node = M("Node");
$id = $node->getField("id");
$where['level'] = 2;
$where['status'] = 1;
$where['pid'] = $id;
$list = $node->where($where)->field('id,name,group_id,title')->order('sort asc')->select();
if (isset($_SESSION['_ACCESS_LIST'])) {
$accessList = $_SESSION['_ACCESS_LIST'];
} else {
import('@.ORG.Util.RBAC');
$accessList = RBAC::getAccessList($_SESSION[C('USER_AUTH_KEY')]);
}
foreach ($list as $key => $module) {
if (isset($accessList[strtoupper(APP_NAME)][strtoupper($module['name'])]) || $_SESSION['administrator']) {
//设置模块访问权限
$module['access'] = 1;
$menu[$key] = $module;
}
}
//缓存菜单访问
$_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]] = $menu;
}
//保存登录信息
$User = M('User');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', 'login_count+1');
$data['last_login_ip'] = $ip;
$User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
//dump($_SESSION);
//exit(0);
$this->success('登录成功!', U('Projects/index'));
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->ajaxReturn($_POST, '帐号必须!');
} elseif (empty($_POST['password'])) {
$this->ajaxReturn($_POST, '密码必须!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['account'] = $_POST['account'];
$map['password'] = md5($_POST['password']);
//$map["status"]='1';
//if($_SESSION['verify'] != md5($_POST['verify'])) {
// $this->error('验证码错误!');
//}
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
//dump($map);
//dump($authInfo);
if (!$authInfo) {
$this->ajaxReturn($authInfo, '帐号或密码错误', 0);
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->ajaxReturn($authInfo, '密码错误!', 0);
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['email'] = $authInfo['email'];
$_SESSION['nickname'] = $authInfo['nickname'];
$_SESSION['password'] = $authInfo['password'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['remark'] = $authInfo['remark'];
$_SESSION['status'] = $authInfo['status'];
$_SESSION['last_login_ip'] = $authInfo['last_login_ip'];
//取出相关角色信息
$ru = M('role_user');
$con['user_id'] = $authInfo['id'];
$rul = $ru->where($con)->select();
$role = M('role');
$con1['id'] = $rul[0]['role_id'];
$rl = $role->where($con1)->select();
$_SESSION['role'] = $rl[0]['name'];
//取出相关可访问资源信息
$ac = M('access');
$con2['role_id'] = $rl[0]['id'];
$acl = $ac->where($con2)->select();
for ($i = 0; $i < count($acl); $i++) {
$resourceIds[$i] = $acl[$i]['node_id'];
}
$resourceIds = implode(",", $resourceIds);
//把数组转化成字符串
//dump($resourceIds);
$_SESSION['resourceIds'] = $resourceIds;
//$_SESSION['login_count'] = $authInfo['login_count'];
if ($authInfo['account'] == 'admin') {
$_SESSION['administrator'] = true;
}
//保存登录信息
//保存登录信息
$User = M('User');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', 'login_count+1');
$data['last_login_ip'] = $ip;
$User->save($data);
// 缓存访问权限
$_SESSION['_ACCESS_LIST'] = RBAC::getAccessList($authInfo['id']);
//dump($_SESSION);
RBAC::saveAccessList();
$this->ajaxReturn($authInfo, '登录成功!', 1);
}
}
public function checkLogin()
{
$reg = "^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)\$";
if (empty($_POST['username'])) {
$this->error('用户名必须!');
} elseif (!ereg($reg, $_POST['username'])) {
$this->error('用户名格式不正确!');
} else {
if (empty($_POST['password'])) {
$this->error('密码必须!');
}
}
// else if (empty($_REQUEST['verify'])) {
// $this->error('验证码必须!');
// }
$map = array();
//生成认证条件
$map['username'] = $_POST['username'];
// 支持使用绑定帐号登录
// if ($_SESSION['verify'] != md5($_REQUEST['verify'])) {
// $this->error('验证码错误!');
// }
import('@.ORG.RBAC');
$authInfo = RBAC::authenticate($map);
if (false === $authInfo) {
//使用用户名、密码和状态的方式进行认证
$this->error('用户名不存在!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
//缓存数据
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
if (!empty($authInfo['name'])) {
$_SESSION['loginUserName'] = $authInfo['name'];
} else {
$position = strpos($authInfo['username'], '@');
$_SESSION['loginUserName'] = substr($authInfo['username'], 0, $position);
}
$_SESSION['lastLoginTime'] = $authInfo['update_time'];
if ($authInfo['part_id'] == 1 or $authInfo['part_id'] == 2) {
$_SESSION['administrator'] = true;
}
//保存登录信息
$User = M('AdminUser');
$data = array();
$data['id'] = $authInfo['id'];
$data['update_time'] = time();
$User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
$this->assign('jumpUrl', U("AdminUser/"));
$this->success('登录成功!');
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
} elseif (empty($_POST['verify'])) {
$this->error('验证码必须!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['account'] = $_POST['account'];
$map["status"] = array('gt', 0);
if (session('verify') != md5($_POST['verify'])) {
$this->error('验证码错误!');
}
import('@.ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['nickname'] = $authInfo['nickname'];
$_SESSION['account'] = $authInfo['account'];
$db_role_user = M('role_user');
$list_role_user = $db_role_user->where("user_id='{$authInfo['id']}'")->select();
foreach ($list_role_user as $val) {
$roles[] = $val['role_id'];
}
$_SESSION['roles'] = $roles;
if (in_array('1', $roles)) {
$_SESSION['administrator'] = true;
}
//保存登录信息
$User = M('User');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', 'login_count+1');
$data['last_login_ip'] = $ip;
$User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
//var_dump($_SESSION);exit;
$this->success('登录成功!', __APP__ . '/Index/Index/index');
}
}
/**
* 提交登录
*
*/
public function doLogin()
{
$dao = M('User');
$ip = get_client_ip();
if (empty($this->sysConfig['ADMIN_ACCESS'])) {
$this->error(L('NO SYSTEM CONFIG FILE'));
}
$username = get_safe_replace(trim($_POST['username']));
$password = get_safe_replace(trim($_POST['password']));
$verifyCode = trim($_POST['verifyCode']);
if (empty($username) || empty($password)) {
$this->error(L('empty_username_empty_password'));
} elseif ($_SESSION['verify'] && $this->sysConfig['ADMIN_VERIFY'] && md5($verifyCode) != $_SESSION['verify']) {
$this->error(L('error_verify'));
}
$time = time();
$logwhere = array();
$logwhere['time'] = array('EGT', $time - 1800);
$logwhere['ip'] = array('eq', $ip);
$logwhere['error'] = 1;
$lognum = M('Log')->where($logwhere)->count();
if ($lognum >= 100) {
$this->error(L('Login_error_count'));
}
$condition = array();
$condition['username'] = array('eq', $username);
import('@.ORG.RBAC');
$authInfo = RBAC::authenticate($condition);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$data = array();
$data['username'] = $username;
$data['ip'] = $ip;
$data['time'] = $time;
$data['note'] = L('empty_userid');
$data['error'] = 1;
M('Log')->add($data);
$this->error(L('empty_userid'));
} else {
if ($authInfo['password'] != sysmd5($password)) {
$data = array();
$data['username'] = $username;
$data['ip'] = $ip;
$data['time'] = $time;
$data['note'] = L('password_error') . ':' . $password;
$data['error'] = 1;
M('Log')->add($data);
$this->error(L('password_error'));
}
$_SESSION['username'] = $authInfo['username'];
$_SESSION['adminid'] = $_SESSION['userid'] = $authInfo['id'];
$_SESSION['groupid'] = $authInfo['groupid'];
$_SESSION['adminaccess'] = C('ADMIN_ACCESS');
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['email'] = $authInfo['email'];
$_SESSION['lastLoginTime'] = $authInfo['last_logintime'];
$_SESSION['login_count'] = $authInfo['login_count'] + 1;
if ($authInfo['groupid'] == 1) {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
//保存登录信息
$data = array();
$data['id'] = $authInfo['id'];
$data['last_logintime'] = $time;
$data['last_ip'] = get_client_ip();
$data['login_count'] = array('exp', 'login_count+1');
$dao->save($data);
// 缓存访问权限
RBAC::saveAccessList();
$data = array();
$data['username'] = $username;
$data['ip'] = $ip;
$data['time'] = $time;
$data['note'] = L('login_ok');
M('Log')->add($data);
if ($_POST['ajax']) {
$this->ajaxReturn($authInfo, L('login_ok'), 1);
} else {
$this->assign('jumpUrl', U('Index/index'));
$this->success(L('login_ok'));
}
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('用户名不能为空!');
} elseif (empty($_POST['password'])) {
$this->error('密码不能为空!');
} elseif (empty($_POST['verify'])) {
$this->error('验证码不能为空!');
}
if (!extension_loaded('curl')) {
$this->error('抱歉,您的服务器,还不支持curl扩展,请配置后登录,如有问题,请咨询www.yufu5.com!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['account'] = $_POST['account'];
$map["status"] = array('gt', 0);
if ($_SESSION['verify'] != md5($_POST['verify'])) {
$this->error('验证码错误!');
}
import('@.ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false == $authInfo) {
$this->error('用户名或密码错误!');
} else {
$error = D('Set')->find();
$errorcount = $error['errorcount'];
$errorinterval = $error['errorinterval'];
$ip = get_client_ip();
$time = time();
$error_count = $authInfo['error_count'];
//ip相同
if ($authInfo['last_login_ip'] == $ip && $authInfo['error_count'] > $errorcount - 1) {
if ($time - $authInfo['error_login_time'] < $errorinterval) {
$this->error('用户名或密码错误超过' . $errorcount . '次,请' . $errorinterval / 60 . '分钟后再试!');
} else {
D('User')->where($map)->setField('error_count', 0);
$error_count = 0;
}
}
if ($authInfo['password'] != md5($_POST['password'])) {
D('User')->where($map)->setInc('error_count', 1);
//密码错误次数
D('User')->where($map)->setField('error_login_time', $time);
$this->error('用户名或密码错误,您还有' . ($errorcount - $error_count) . '次尝试机会!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['email'] = $authInfo['email'];
$_SESSION['loginUserName'] = $authInfo['nickname'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['login_count'] = $authInfo['login_count'];
if ($authInfo['role_id'] == 0) {
$_SESSION['administrator'] = true;
}
//保存登录信息
$User = M('User');
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', 'login_count+1');
$data['error_count'] = 0;
$data['last_login_ip'] = $ip;
$User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!');
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
} elseif (empty($_POST['verify'])) {
$this->error('验证码必须!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['account'] = $_POST['account'];
$map["status"] = array('gt', 0);
$Verify = new Verify();
if (!$Verify->check($_POST['verify'])) {
$this->error("亲,验证码输错了哦!", $this->site_url, 9);
}
// import ( '@.ORG.Util.RBAC' );
//提取登陆账户信息
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false == $authInfo) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['email'] = $authInfo['email'];
$_SESSION['loginUserName'] = $authInfo['nickname'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['login_count'] = $authInfo['login_count'];
$_SESSION['role_id'] = M('role_user')->where('user_id=' . $authInfo['id'])->getField('role_id');
//超级用户判断
if ($authInfo['account'] == C('ADMIN_AUTH_VALUE')) {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
//保存登录信息
$User = M('User');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', 'login_count+1');
$data['last_login_ip'] = $ip;
$User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
//如果没有权限,又登陆成功了,会在这两个页面来回跳转,所以在权限读取时,读取失败之后加销毁session
if ($_SESSION[C('ADMIN_AUTH_KEY')]) {
$this->success('登录成功!', __MODULE__ . '/Index/index');
} else {
$this->success('登录成功!', '/HOme/Goods/index');
}
//print_r($_SESSION['_ACCESS_LIST']);
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
} elseif (empty($_POST['verify'])) {
$this->error('验证码必须!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['account'] = $_POST['account'];
$map["status"] = array('gt', 0);
if ($_SESSION['verify'] != md5($_POST['verify'])) {
$this->error('验证码错误!');
}
import('@.ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (null === $authInfo) {
$this->error('帐号不存在或已被禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['email'] = $authInfo['email'];
$_SESSION['loginUserName'] = $authInfo['nickname'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['login_count'] = $authInfo['login_count'];
if ($authInfo['account'] == 'admin') {
$_SESSION['adminstudent'] = true;
}
//保存登录日志
$log['vc_operation'] = "学生登录:登录成功!";
$log['vc_module'] = "学生查询登陆";
$log['creator_id'] = $authInfo['id'];
$log['creator_name'] = $authInfo['account'];
$log['vc_ip'] = get_client_ip();
$log['createtime'] = time();
M("Log")->add($log);
//保存登录信息
$User = M('Student');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', 'login_count+1');
$data['last_login_ip'] = $ip;
$User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!');
}
}
/**
* @Title: getAuthInfo
* @Description: todo(在signin方法中调用,此方法作用为,获取当前用的部门,部门及子部门。存入session中)
* @param array 当前登录用户数据 $authInfo
* @author liminggang
* @date 2014-8-28 下午6:50:41
* @throws
*/
private function getAuthInfo()
{
//生成认证条件
$map = array();
$map["status"] = 1;
//$map['loginnumstatus'] = 0; //如果一个账号登陆失败N次,将锁定此账号 loginnumstatus则为1
$where = array();
$where['account'] = $_POST['account'];
$where['zhname'] = $_POST['account'];
$where['_logic'] = 'or';
$map['_complex'] = $where;
$where = array();
$authInfo = RBAC::authenticate($map);
if ($_POST['account'] != 'admin') {
$UserDeptDutymap = array();
$UserDeptDutymap['userid'] = $authInfo['id'];
//当前用户id
$UserDeptDutymap['typeid'] = 1;
//获取主岗信息
$UserDeptDutymap['status'] = 1;
//获取状态为1
//$UserDeptDutymap['companyid']=$_POST['companyid'];//选择登陆公司
$companyid = RBAC::authenticate($UserDeptDutymap, 'UserDeptDuty');
// if(!$companyid){
// $this->assign("jumpUrl",__URL__.'/login/');
// $this->error('您还没有该公司权限,请重新选择公司登陆!');
// }
//获取公司
$authInfo['companyid'] = $companyid['companyid'] ? $companyid['companyid'] : 0;
//获取部门
$authInfo['dept_id'] = $companyid['deptid'] ? $companyid['deptid'] : 0;
//获取岗位
$authInfo['sysworktype'] = $companyid['worktype'] ? $companyid['worktype'] : 0;
//获取职级
$authInfo['sysdutyid'] = $companyid['dutyid'] ? $companyid['dutyid'] : 0;
}
return $authInfo;
}
