/** * 登录接口 */ public function login() { $db = M('user'); $user = $db->where(array('username' => I('username')))->find(); if (!$user || $user['password'] != I('password', '', 'md5')) { //登录失败 $result = array('result' => 1); } else { //更新最后一次登录时间与IP $data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip()); $db->save($data); $session_id = session_id(); $result = array('result' => 0, 'session_id' => $session_id, 'rolename' => "导游部经理", 'phone' => "12341234001", 'nickname' => "路人甲", 'account' => session("username")); session(C('USER_AUTH_KEY'), $user['id']); session('username', $user['username']); session('logintime', date('Y-m-d H:i:s', $user['logintime'])); session('loginip', $user['loginip']); //超级管理员识别 if ($user['username'] == C('RBAC_SUPERADMIN')) { session(C('ADMIN_AUTH_KEY'), true); } // p($_SESSION); //读取用户权限 import('ORG.Util.RBAC'); RBAC::saveAccessList(); } echo json_encode($result); }
function checkLogin() { if (empty($_POST['username'])) { $this->error('帐号错误!'); } elseif (empty($_POST['password'])) { $this->error('密码必须!'); } //生成认证条件 $map = array(); // 支持使用绑定帐号登录 $map['username'] = $_POST['username']; import('ORG.Util.RBAC'); $authInfo = RBAC::authenticate($map); //使用用户名、密码和状态的方式进行认证 if (false === $authInfo) { $this->error('帐号不存在或已禁用!'); } else { if ($authInfo['password'] != md5($_POST['password'])) { $this->error('密码错误!'); } $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id']; if ($authInfo['username'] == 'admin') { $_SESSION['administrator'] = true; } // 缓存访问权限 RBAC::saveAccessList(); $this->success('登录成功!'); } }
public function login() { //判断是否使用post方法传值 if (!IS_POST) { halt('页面错误'); } //读取数据库账号信息 $db = M('user'); $user = $db->where(array('username' => I('username')))->find(); if (!$user || $user['password'] != I('password')) { $this->error('账号或密码错误'); } //更新最后一次登录时间与IP $data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip()); $db->save($data); //设置session session(C('USER_AUTH_KEY'), $user['id']); session('username', $user['username']); session('logintime', date('Y-m-d H:i:s', $user['logintime'])); session('loginip', $user['loginip']); //超级管理员识别 if ($user['username'] == C('RBAC_SUPPERADMIN')) { session(C('ADMIN_AUTH_KEY'), true); } //读取用户权限 import('ORG.Util.RBAC'); RBAC::saveAccessList(); redirect(__GROUP__); }
public function login() { $user = M('user')->where(array('user_name' => $_POST['user_name']))->find(); if (!$user || $user['user_password'] != I('user_password', '', 'md5')) { $this->error('账号或密码错误', U('Admin/Login/index')); } if (!$user['user_status']) { $this->error('非法用户', U('Index/Index/index')); } else { session('user_organization', $user['user_nikename']); } //更新最后一次登陆ip $user = array('user_id' => $user['user_id'], 'user_name' => $user['user_name'], 'user_password' => I('user_password', '', 'md5'), 'login_ip' => get_client_ip()); M('user')->save($user); //往session中写入数据 session(C('USER_AUTH_KEY'), $user['user_id']); session('username', $user['user_name']); session('userpwd', I('user_password', '', 'md5')); //超级管理员识别 if ($user['user_name'] == C('RBAC_SUPERADMIN')) { session(C('ADMIN_AUTH_KEY'), true); } //读取用户权限 import('ORG.Util.RBAC'); RBAC::saveAccessList(); $this->redirect('Admin/Index/index'); }
public function login() { if (!IS_POST) { halt('页面不存在'); } //sae平台特殊处理验证码 if (md5(strtoupper($_POST['code'])) != $_SESSION['verify']) { //验证错误处理代码 $this->error('验证码错误'); } // if(I('code', '', 'strtolower') != session('verify')){ // $this->error('验证码错误'); // } $db = M('user'); $user = $db->where(array('username' => I('username')))->find(); if (!$user || $user['password'] != I('password', '', 'md5')) { $this->error('username or password wrong!'); } //更新最后一次登录时间与IP $data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip()); $db->save($data); session(C('USER_AUTH_KEY'), $user['id']); session('username', $user['username']); session('logintime', date('Y-m-d H:i:s', $user['logintime'])); session('loginip', $user['loginip']); //超级管理员识别 if ($user['username'] == C('RBAC_SUPERADMIN')) { session(C('ADMIN_AUTH_KEY'), true); } // p($_SESSION); //读取用户权限 import('ORG.Util.RBAC'); RBAC::saveAccessList(); redirect(__GROUP__); }
public function login() { if (!IS_POST) { _404('页面不存在'); } /*if(I('code', '', 'md5') != session('verify')){ $this->error('验证码错误'); }*/ $username = I('username'); $pwd = I('password', '', 'md5'); $user = M('user')->where(array('username' => $username))->find(); if (!$user || $user['password'] != $pwd) { $this->error('账号或密码错误'); } else { if ($user['lock']) { $this->error('用户被锁定'); } } //更新数据库 $data = array('id' => $user['id'], 'loginTime' => time(), 'loginIp' => get_client_ip()); M('user')->save($data); //读取权限 session(C('USER_AUTH_KEY'), $user['id']); session('username', $user['username']); session('loginTime', date('y-m-d H:i:s'), $user['loginTime']); session('loginIp', $user['loginIp']); if ($user['username'] == C('RBAC_SUPERADMIN')) { session(C('ADMIN_AUTH_KEY'), true); } import('ORG.Util.RBAC'); RBAC::saveAccessList(); //P($_SESSION); //die(); $this->redirect('Admin/Index/index'); }
public function index() { if (IS_POST) { $this->checkToken(); $returnLoginInfo = D("Public")->auth(); //生成认证条件 if ($returnLoginInfo['status'] == 1) { $map = array(); // 支持使用绑定帐号登录 $map['email'] = $this->_post('email'); import('ORG.Util.RBAC'); $authInfo = RBAC::authenticate($map); $_SESSION[C('USER_AUTH_KEY')] = $authInfo['aid']; $_SESSION['email'] = $authInfo['email']; if ($authInfo['email'] == C('ADMIN_AUTH_KEY')) { $_SESSION[C('ADMIN_AUTH_KEY')] = true; } // 缓存访问权限 RBAC::saveAccessList(); } echo json_encode($returnLoginInfo); } else { if (isset($_COOKIE[$this->loginMarked])) { $this->redirect("Index/index"); } $systemConfig = (include WEB_ROOT . 'Common/systemConfig.php'); $this->assign("site", $systemConfig); $this->display("Common:login"); } }
public function login() { $systemConfig = (include WEB_ROOT . 'Common/systemConfig.php'); if (IS_POST) { $pubmod = new PublicModel(); $returnLoginInfo = $pubmod->auth(); if ($returnLoginInfo['status'] == 1) { $map = array(); // 支持使用绑定帐号登录 $map['a_name'] = $this->_post('name'); import('ORG.Util.RBAC'); $authInfo = RBAC::authenticate($map); $_SESSION[C('USER_AUTH_KEY')] = $authInfo['a_id']; #var_dump($_SESSION[C('USER_AUTH_KEY')]);exit; $_SESSION['a_name'] = $authInfo['a_name']; if ($authInfo['a_name'] == C('ADMIN_AUTH_KEY')) { //是否是管理员登录 $_SESSION[C('ADMIN_AUTH_KEY')] = true; } // 缓存访问权限 RBAC::saveAccessList(); $_SESSION['username'] = $authInfo['a_name']; //记录管理员log $data = array("a_id" => $authInfo['a_id'], "l_content" => "管理员[" . $authInfo['a_name'] . "]于[" . date("Y-m-d H:i:s") . "]登录了[唐亮工长俱乐部]后台管理系统!"); M("Log")->add($data); $this->success("登录成功", U("Index/index")); exit; } else { $this->error($returnLoginInfo['info']); exit; } } $this->assign("systemConfig", $systemConfig); $this->display(); }
public function login() { if (!IS_POST) { halt('页面不存在3'); } // if(I('code','','md5')!=session('verify')){ // $this->error('验证码错误'); // } $username = I('username'); $pwd = I('password', '', 'md5'); $user = M('user')->where(array('username' => $username))->find(); if (!$user || $user['password'] != $pwd) { $this->error('账号或密码错误!'); } if ($user['lock']) { $this->error('用户被锁了'); } $data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip()); M('user')->save($data); session(C('USER_AUTH_KEY'), $user['id']); session('username', $user['username']); session('logintime', date('Y-m-d H:i:s', $user['logintime'])); session('loginip', $user['loginip']); //超级管理员识别 if ($user['username'] == C('RBAC_SUPERADMIN')) { session(C('ADMIN_AUTH_KEY'), true); } //读取用户权限 import('ORG.Util.RBAC'); RBAC::saveAccessList(); p($_SESSION); die; $this->redirect('Admin/Index/index'); }
/** * @name checkLogin * @access * @const 指明常量 * @module Home * @param * @return $info[ "info" => "xxxx", "state" => x0x, ] * @throws * @todo 保证安全,滑动式验证码 * @var 加密md5(hash('sha256', ($goal_stu['salt'] % 3))).sha1(I('post.password')) * @version 1.0 */ public function checkLogin() { $user = M('user'); $salt_condition = array("username" => I('post.user_name'), "statis" => 1); $goal_salt = $user->where($salt_condition)->find(); if (!session("?testtime")) { session('testtime', 0); } if (session("testtime") > 4) { $info = array("info" => "尝试次数过多,请稍后再试", "state" => 400); echo json_encode($info); } else { if (!$goal_salt) { $student = M('student'); $stu_condition = array('stu_id' => I('post.user_name'), 'status' => 1); $goal_stu = $student->where($stu_condition)->find(); if (!$goal_stu) { $info = array("info" => "用户不存在", "state" => 401); session('testtime', session('testtime') + 1); echo json_encode($info); } elseif ($goal_stu) { if ($goal_stu['password'] == md5(hash('sha256', $goal_stu['salt'] % 3)) . sha1(I('post.password'))) { $info = array("info" => "success", "state" => 200); session('type', 'stu'); session('stu_id', $goal_stu['stu_id']); session('username', $goal_stu['stu_name']); echo json_encode($info); } else { session('testtime', session('testtime') + 1); $info = array("info" => "密码错误", "state" => 404); echo json_encode($info); } } else { $info = array("info" => "用户不存在", "state" => 401); session('testtime', session('testtime') + 1); echo json_encode($info); } } else { $condition = array("username" => I('post.user_name'), "password" => md5(hash('sha256', $goal_salt['salt'] % 3)) . sha1(I('post.password')), "status" => 1); $goal_user = $user->where($condition)->find(); if (!$goal_user) { session('testtime', session('testtime') + 1); $info = array("info" => "密码错误", "state" => 404); echo json_encode($info); } else { $info = array("info" => "success", "state" => 200); session('testtime', 0); session(C("USER_AUTH_KEY"), $goal_user["id"]); session('username', $goal_user['username']); if ($goal_user['username'] == C('RBAC_SUPERADMIN')) { session(C('ADMIN_AUTH_KEY'), true); } RBAC::saveAccessList(); echo json_encode($info); } } } }
public function checkLogin() { if (empty($_POST['account'])) { $this->error('帐号错误!'); } elseif (empty($_POST['password'])) { $this->error('密码必须!'); } elseif (empty($_POST['verify'])) { $this->error('验证码必须!'); } // 登录验证码获取 $verifyCodeStr = $_POST['verify']; $verifyCodeNum = array_flip($_SESSION['verifyCode']); $len = strlen(trim($_POST['verify'])); for ($i = 0; $i < $len; $i++) { $verify .= $verifyCodeNum[$verifyCodeStr[$i]]; } if ($verify != '0123456789') { $this->error('验证码错误!'); } $User = M('User'); //生成认证条件 $map = array(); $map["account"] = $_POST['account']; $map["status"] = array('gt', 0); //$authInfo = $User->find($map); $authInfo = RBAC::authenticate($map); //使用用户名、密码和状态的方式进行认证 if (false === $authInfo) { $this->error('帐号不存在或已禁用!'); } else { if ($authInfo['password'] != md5($_POST['password'])) { $this->error('密码错误!'); } $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id']; $_SESSION['email'] = $authInfo['email']; $_SESSION['loginUserName'] = $authInfo['nickname']; $_SESSION['lastLoginTime'] = $authInfo['last_login_time']; $_SESSION['login_count'] = $authInfo['login_count']; if ($authInfo['account'] == 'admin') { $_SESSION['administrator'] = true; } //保存登录信息 $User = M('User'); $ip = get_client_ip(); $time = time(); $data = array(); $data['id'] = $authInfo['id']; $data['last_login_time'] = $time; $data['login_count'] = array('exp', 'login_count+1'); $data['last_login_ip'] = $ip; $User->save($data); // 缓存访问权限 RBAC::saveAccessList(); $this->success('登录成功!'); } }
public function login() { if (!IS_POST) { halt("页面不存在"); } if (!IS_AJAX) { halt('页面不存在'); } $data = array('unum' => I('username'), 'upassword' => md5(I('password')), 'verify_code' => I('verify_code', '', 'md5')); if ($data['verify_code'] != session('verify')) { //验证码错误 $this->ajaxReturn(array('status' => 2), 'json'); } else { if ($data['unum'] == '' || $data['upassword'] == '') { //服务器端未能接收到用户名或密码 $this->ajaxReturn(array('status' => 0), 'json'); } else { //验证用户名密码 $map['unum'] = $data['unum']; $map['upassword'] = $data['upassword']; $result = M('user')->where($map)->find(); if ($result == null) { //数据库中没有这个用户 $this->ajaxReturn(array('status' => 1), 'json'); } else { //登陆成功处理 if (!$result['ustatus']) { $this->ajaxReturn(array('status' => 4), 'json'); } else { $data = array('uid' => $result['uid'], 'ulogintime' => time(), 'uloginip' => get_client_ip()); M('user')->save($data); session('uid', $result['uid']); session('unum', $result['unum']); session('uname', $result['uname']); session('upassword', $result['upassword']); session('uphone', $result['uphone']); session('umale', $result['umale']); session('ubirth', $result['ubirth']); session('udate', $result['udate']); session('ustatus', $result['ustatus']); session('ulogintime', date('Y-m-d H:i:s', $result['ulogintime'])); session('uloginip', $result['uloginip']); //超级管理员识别 if ($result['unum'] == C('RBAC_SUPERADMIN')) { session(C('ADMIN_AUTH_KEY'), true); } //读取用户权限 import('ORG.Util.RBAC'); RBAC::saveAccessList(); $this->ajaxReturn(array('status' => 3), 'json'); } } } } }
public function checkLogin() { //如果用户名密码(可在此外加验证码)为空则直接阻止用户访问 if (empty($_POST['username'])) { $this->error('帐号错误!'); } elseif (empty($_POST['password'])) { $this->error('密码必须!'); } //生成认证条件 $map = array(); // 支持使用绑定帐号登录,将获得到用户名放到$map中 $map['username'] = $_POST['username']; $map['active'] = 1; //加载RBAC类 import('ORG.Util.RBAC'); //通过authenticate去读取出来所有的用户信息,仅传用户名即可 $authInfo = RBAC::authenticate($map); //使用用户名、密码和状态的方式进行认证 //如果没有获取到信息 if (false === $authInfo || $authInfo == "") { $this->error('帐号不存在或已禁用!'); } else { //通过$authinfo获取的信息与post当中的md5密码进行对比 if (strtolower($authInfo['password']) != strtolower(md5($_POST['password']))) { $this->error('密码错误!'); } //激活用户标识号 $_SESSION[C('USER_AUTH_KEY')] = $authInfo['user_id']; $_SESSION['user'] = $authInfo; //如果用户标识号是管理员,则激活管理员标识,具有一切可访问权限 if (in_array($authInfo['username'], array('admin', 'system'))) { $_SESSION[C('ADMIN_AUTH_KEY')] = true; } // 通过RBAC类中的静态方法saveAccessList缓存访问权限 RBAC::saveAccessList(); // dump($_SESSION[C('USER_AUTH_KEY')]); // die(); //判断密码过期 if (D('user')->check_password()) { $this->assign("jumpUrl", '?m=user&a=password'); $this->success('登录成功!但是密码已经过期,请修改'); } else { //判断用户从哪进入登陆页面,登陆成功后返回前一个页面 $url = explode("?", $_POST['url']); $url = explode("&", $url[1]); if (isset($_POST['url']) && !empty($_POST['url']) && $url['0'] != "m=public" && $url['0'] != "m=public" && $url['0'] != "m=public" && $url['0'] != "m=public" && $url['0'] != "m=public") { $this->assign("jumpUrl", $_POST['url']); } else { $this->assign("jumpUrl", '?m=dashboard&a=index'); } $this->assign("waitSecond", "2"); $this->success('登录成功!'); } } }
function checkLogin() { if (empty($_POST['username'])) { alert("帐号错误", 1); } elseif (empty($_POST['password'])) { alert("密码必须!", 1); } elseif (empty($_POST['verify'])) { alert('验证码必须!', 1); } if (md5($_POST['verify']) != $_SESSION['verify']) { alert('验证码错误!', 1); } //生成认证条件 $map = array(); // 支持使用绑定帐号登录 $map['username'] = trim($_POST['username']); $map["status"] = array('gt', 0); import('@.ORG.RBAC'); $authInfo = RBAC::authenticate($map); //使用用户名、密码和状态的方式进行认证 if (false === $authInfo) { alert('帐号不存在!', 1); } if (empty($authInfo)) { alert('帐号不存在或已禁用!', 1); } $pwdinfo = strcmp($authInfo['password'], md5('wk' . trim($_POST['password']) . 'cms')); if ($pwdinfo != 0) { alert('密码错误!', 1); } $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id']; $_SESSION['username'] = $_POST['username']; $_SESSION['cookietime'] = time(); $role = M('role_admin'); $authInfo['role_id'] = $role->where('user_id=' . $authInfo['id'])->getField('role_id'); if ($authInfo['role_id'] == '1') { $_SESSION['administrator'] = true; } //保存登录信息 $admin = M('admin'); $ip = get_client_ip(); $time = time(); $data = array(); $data['id'] = $authInfo['id']; $data['lastlogintime'] = $time; $data['lastloginip'] = $ip; $admin->save($data); // 缓存访问权限 RBAC::saveAccessList(); //保存cookie信息 Cookie::set($_SESSION['cookietime'], '1', 60 * 60 * 3); //dump($_SESSION); $this->index(); }
public function checkLogin() { if (empty($_POST['username'])) { $this->error('请填写用户名!'); } elseif (empty($_POST['pwd'])) { $this->error('请填写密码!'); } elseif (empty($_POST['verify'])) { $this->error('请填写验证码!'); } //生成认证条件 $map = array(); // 支持使用绑定帐号登录 $map['username'] = $_POST['username']; //$map["status"] = array('gt',0); if (session('verify') != md5($_POST['verify'])) { $this->error('验证码错误!'); } import('ORG.Util.RBAC'); $authInfo = RBAC::authenticate($map); //使用用户名、密码和状态的方式进行认证 if (false === $authInfo) { $this->error('帐号不存在!'); } else { if ($authInfo['pwd'] != md5($_POST['pwd'])) { $this->error('密码错误!'); } //是否禁用 if ($authInfo['status'] == 0) { $this->error('账号已被管理员禁用!'); } $_SESSION[C('USER_AUTH_KEY')] = $authInfo['uid']; $_SESSION['email'] = $authInfo['email']; $_SESSION['loginUserName'] = $authInfo['username']; $_SESSION['lastLoginTime'] = $authInfo['logintime']; //$_SESSION['login_count'] = $authInfo['login_count']; //若是管理员开启管理员权限 if ($authInfo['isadmin'] == 1) { $_SESSION[C('ADMIN_AUTH_KEY')] = true; } //保存登录信息 $User = M('Users'); $ip = get_client_ip(); $time = time(); $data = array(); $data['uid'] = $authInfo['uid']; $data['logintime'] = $time; //$data['login_count'] = array('exp','login_count+1'); $data['loginip'] = $ip; $User->save($data); // 缓存访问权限 RBAC::saveAccessList(); $this->success('登录成功!', __APP__ . '/Index/index'); } }
public function checkLogin() { if (empty($_POST['account'])) { $this->error('Bạn chưa nhập tài khoản!'); } elseif (empty($_POST['password'])) { $this->error('Ban chưa nhập mật khẩu!'); } elseif ('' === trim($_POST['verify'])) { $this->error('Bạn chưa nhập mã xác thực!'); } //Generate the certification requirements $map = array(); // Support the use of binding account login $map['account'] = $_POST['account']; $map["status"] = array('gt', 0); if ($_SESSION['verify'] != md5($_POST['verify'])) { $this->error('Mã xác thực không đúng!'); } import('ORG.Util.RBAC'); $authInfo = RBAC::authenticate($map); //Authentication using the user name, password, and the state if (false === $authInfo) { $this->error('Tài khoản không tồn tại hoặc đã bị khoá!'); } else { if ($authInfo['password'] != pwdHash($_POST['password'])) { $this->error('Mật khẩu không đúng!'); } $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id']; $_SESSION['loginUserName'] = $authInfo['nickname']; $_SESSION['lastLoginTime'] = $authInfo['last_login_time']; $_SESSION['login_count'] = $authInfo['login_count']; $_SESSION['user_type'] = $authInfo['type_id']; if ($authInfo['account'] == 'admin') { $_SESSION['administrator'] = true; } //Save login information $User = M('User'); $ip = get_client_ip(); $time = time(); $data = array(); $data['id'] = $authInfo['id']; $data['last_login_time'] = $time; $data['login_count'] = array('exp', '(login_count+1)'); $data['last_login_ip'] = $ip; $User->save($data); $_SESSION['loginId'] = $loginId; // Cache access rights RBAC::saveAccessList(); $this->success('Đăng nhập thành công'); } }
public function insert(){ $username = $this->_post('username'); $password = $this->_post('password','md5'); if(empty($username)||empty($password)){ $this->error('请输入帐号密码',U('Admin/index')); } $code=$this->_post('code','intval,md5',0); if($code != $_SESSION['verify']){ $this->error('验证码错误',U('Admin/index')); } //生成认证条件 $map = array(); // 支持使用绑定帐号登录 $map['username'] = $username; $map['status'] = 1; $authInfo = RBAC::authenticate($map,'User'); //exit; //使用用户名、密码和状态的方式进行认证 if($authInfo['password']!=$password)$this->error('账号密码不匹配,请认真填写'); if((false == $authInfo)) { $this->error('帐号不存在或已禁用!'); }else { session(C('USER_AUTH_KEY'), $authInfo['id']); session('userid',$authInfo['id']); //用户ID session('username',$authInfo['username']); //用户名 session('roleid',$authInfo['role']); //角色ID if($authInfo['username']==C('SPECIAL_USER')) { session(C('ADMIN_AUTH_KEY'), true); } //保存登录信息 $User = M('User'); $ip = get_client_ip(); $data = array(); if($ip){ //如果获取到客户端IP,则获取其物理位置 $Ip = new IpLocation(); // 实例化类 $location = $Ip->getlocation($ip); // 获取某个IP地址所在的位置 $data['last_location'] = ''; if($location['country'] && $location['country']!='CZ88.NET') $data['last_location'].=$location['country']; if($location['area'] && $location['area']!='CZ88.NET') $data['last_location'].=' '.$location['area']; } $data['id'] = $authInfo['id']; $data['last_login_time'] = time(); $data['last_login_ip'] = get_client_ip(); $User->save($data); // 缓存访问权限 RBAC::saveAccessList(); redirect(U('System/index')); } }
public function checkLogin() { $User = D('User'); if (empty($_POST['account'])) { $this->error('帐号错误!'); } elseif (empty($_POST['password'])) { $this->error('密码必须!'); } elseif (empty($_POST['verify'])) { $this->error('验证码必须!'); } // 登录验证码获取 $verifyCodeStr = $_POST['verify']; $verifyCodeNum = array_flip($_SESSION['verifyCode']); $len = strlen(trim($_POST['verify'])); for ($i = 0; $i < $len; $i++) { $verify .= $verifyCodeNum[$verifyCodeStr[$i]]; } //生成认证条件 $map = array(); $map["account"] = $_POST['account']; $map["status"] = array('gt', 0); $authInfo = $User->find($map); //使用用户名、密码和状态的方式进行认证 if (false === $authInfo) { $this->error('用户名不存在或已禁用!'); } else { if ($authInfo['account'] != $_POST['account']) { $this->error('帐号错误!'); } if ($authInfo['password'] != md5($_POST['password'])) { $this->error('密码错误!'); } if ($authInfo['verify'] != $verify) { $this->error('验证码错误!'); } $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id']; $_SESSION['loginUserName'] = $authInfo['account']; $_SESSION['loginUserId'] = $authInfo['id']; if ($authInfo['account'] == 'admin') { // 管理员不受权限控制影响 $_SESSION['administrator'] = true; } else { $_SESSION['administrator'] = false; } // 缓存访问权限 RBAC::saveAccessList(); $this->success('登录成功!'); } }
public static function checkLogin() { if (RBAC::checkAccess()) { if (!$_SESSION[C('USER_AUTH_KEY')]) { if (C('GUEST_AUTH_ON')) { if (!isset($_SESSION['_ACCESS_LIST'])) { RBAC::saveAccessList(C('GUEST_AUTH_ID')); } } else { redirect(PHP_FILE . C('USER_AUTH_GATEWAY')); } } } return true; }
/** * 登陆验证操作. * * @version 0.0.2 去掉验证码机制 by GenialX * @since 0.0.1 * * @author 水木清华 * @author GenialX */ function checklogin() { //此处多余可自行改为Model自动验证 if (empty(I('post.email', ''))) { $this->error('请输入登陆邮箱!'); } elseif (empty(I('post.password', ''))) { $this->error('密码必须!'); } $map = array(); $map['email'] = I('post.email'); $map['status'] = array('gt', 0); import('ORG.Util.RBAC'); //C('USER_AUTH_MODEL','User'); //验证账号密码 $authInfo = RBAC::authenticate($map); if (empty($authInfo)) { $this->error('账号不存在或者被禁用!'); } else { if ($authInfo['password'] != I("post.password")) { $this->error('密码错误!'); } else { $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id']; //记录认证标记,必须有。其他信息根据情况取用。 $_SESSION['user'] = $authInfo['username']; //判断是否为管理员 //if($authInfo['username']=='admin'){ //$_SESSION[C('ADMIN_AUTH_KEY')]=true; } //以下操作为记录本次登录信息 $user = M('Member'); $data = array(); $data['id'] = $authInfo['id']; $lasttime = date('Y-m-d H:i:s'); $data['last_login_time'] = $lasttime; $user->save($data); RBAC::saveAccessList(); //用于检测用户权限的方法,并保存到Session中 if (I('post.callBackUrl', '')) { $callBackUrl = I("post.callBackUrl", ''); } else { $callBackUrl = '/'; } $this->assign('jumpUrl', $callBackUrl); $this->success('登录成功!'); } } }
public function login() { if (!IS_POST) { halt('页面不存在'); } if (I('code', '', 'md5') != session('verify')) { $this->error('验证码错误'); } $username = I('username'); $pwd = I('password', '', 'md5'); $user = M('user')->where(array('username' => $username))->find(); if (!$user || $user['password'] != $pwd) { $this->error('账号或密码错误'); } if ($user['lock']) { $this->error('用户被锁定'); } $data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip()); M('user')->save($data); session(C('USER_AUTH_KEY'), $user['id']); session('username', $user['username']); session('logintime', date('Y-m-d H:i:s', $user['logintime'])); session('loginip', $user['loginip']); //超级管理员识别 if ($user['username'] == C('RBAC_SUPERADMIN')) { session(C('ADMIN_AUTH_KEY'), true); } //读取用户权限 import('ORG.Util.RBAC'); RBAC::saveAccessList(); // select node.id,node.name from // hd_role as role, // hd_role_user as user, // hd_access as access , // hd_node as node // where user.user_id='2' and // user.role_id=role.id and // ( access.role_id=role.id or (access.role_id=role.pid and role.pid!=0 ) ) and // role.status=1 and // access.node_id=node.id and // node.level=2 and // node.pid=1 and // node.status=1 // die; $this->redirect('Admin/Index/index'); }
public function checkLogin() { if (empty($_POST['username'])) { $this->error('帐号错误!'); } elseif (empty($_POST['password'])) { $this->error('密码必须!'); } //生成认证条件 $map = array(); $map['username'] = $_POST['username']; //用户账号 $map["status"] = array('gt', 0); //大于0 import('ORG.Util.RBAC'); $authInfo = RBAC::authenticate($map); //按照条件查找所有用户信息 //使用用户名、密码和状态的方式进行认证 if ($authInfo === false) { $this->error('帐号不存在或已禁用!'); } else { if ($authInfo['password'] != md5($_POST['password'])) { //Md5验证密码 $this->error('密码错误!'); } $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id']; //生成用户标识id SESSION if ($authInfo['username'] == 'admin') { //如果是管理员用户 $_SESSION['administrator'] = true; //开启管理员标识,拥有所有访问权限 } //更新登录信息 $User = M('User'); //用户表 $data = array(); $data['id'] = $authInfo['id']; $data['last_login_time'] = time(); $data['login_count'] = array('exp', 'login_count+1'); $data['last_login_ip'] = get_client_ip(); $User->save($data); // 缓存访问权限 RBAC::saveAccessList(); $this->success('登录成功!', __APP__ . '/Index/index'); } }
function checklogin() { if (empty($_POST['ChrName'])) { $this->assign('waitSecond', 3); $this->error('帐号错误!'); } elseif (empty($_POST['ChrPwd'])) { $this->assign('waitSecond', 3); $this->error('密码必须!'); } elseif (empty($_POST['verify'])) { $this->assign('waitSecond', 3); $this->error('验证码必须!'); } $map = array(); $map['username'] = $_POST['ChrName']; $map['if_lock'] = 0; if ($_SESSION['verify'] != md5($_POST['verify'])) { $this->assign('waitSecond', 3); $this->error('验证码错误!'); } import('ORG.Util.RBAC'); $authInfo = RBAC::authenticate($map); if (empty($authInfo)) { $this->assign('waitSecond', 3); $this->error('账号不存在或者被禁用!'); } else { if ($authInfo['password'] != md5($_POST['ChrPwd'] . C('USER_PASSWORD_CODE'))) { $this->assign('waitSecond', 3); $this->error('账号密码错误!'); } $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id']; $_SESSION['USER_Name'] = $authInfo['username']; $user = M('Admin'); $data = array(); $data['id'] = $authInfo['id']; $data['login_time'] = time(); $data['login_ip'] = get_client_ip(); $user->save($data); $user->where('id=' . $authInfo['id'])->setInc('login_times'); $_SESSION[C('ADMIN_AUTH_KEY')] = true; RBAC::saveAccessList(); $this->assign('jumpUrl', __APP__ . '/Index/index'); $this->success('登录成功!'); } }
public function login() { //判断是否POST提交 if (!IS_POST) { $this->error("页面不存在"); } $verify = I('param.verify', ''); //判断验证码 // if(!check_verify($verify)){ // $this->error("亲,验证码输错了哦!"); // } //获取密码MD5加密 $pwd = I('user_pass', '', 'md5'); //查询是否有这个用户 $User = M('user')->where(array('user_name' => $_POST['user_name']))->find(); if (!$User) { $this->error("账号不存在"); } else { //查询密码是否正确于用户名类型是否是1ADMIN用户 if ($User['user_pass'] == $pwd) { //写入本次登陆数据 // $data = array( // 'id' => $User['id'], // 'last_login_time' => date('Y-m-d H:i:s',time()), // 'last_login_ip' => get_client_ip(), // ); // M('user')->save($data); session(C('USER_AUTH_KEY'), $User['id']); session('user_name', $User['user_name']); //超级管理员识别 if ($User['user_name'] == C('RBAC_SUPERADMIN')) { session(C('ADMIN_AUTH_KEY'), true); } //读取用户权限 RBAC::saveAccessList(); $this->success("添加成功!", U("Index/index")); } else { $this->error("密码错误"); } } }
/** * 认证用户,传入where查询 $map['user表字段'] * @param $map * @return string */ public function auth($map) { $authInfo = RBAC::authenticate($map); if (false === $authInfo || $authInfo == null) { $log['log_user_id'] = -1; $log['log_user_name'] = I('post.username'); $log['log_password'] = I('post.password'); $log['log_ip'] = get_client_ip(); $log['log_status'] = -1; D('login_log')->data($log)->add(); return $this->jsonResult(0, "用户名或者密码错误"); } else { $_SESSION[C('USER_AUTH_KEY')] = $authInfo['user_id']; if ($authInfo['user_login'] == get_opinion('Admin') || $authInfo['user_id'] == 1) { $_SESSION[C('ADMIN_AUTH_KEY')] = true; } //记住我 if (I('post.remember') == 1) { if ($authInfo['user_session'] != '') { cookie('user_session', $authInfo['user_session'], 3600 * 24 * 30); } else { if ($authInfo['user_session'] == '') { $user_session = D('User', 'Logic')->genHash($authInfo); cookie('user_session', $user_session, 3600 * 24 * 30); } } } // 缓存访问权限 RBAC::saveAccessList(); $log['log_user_id'] = $authInfo['user_id']; $log['log_user_name'] = I('post.username'); $log['log_password'] = encrypt(I('post.password')); $log['log_ip'] = get_client_ip(); $log['log_status'] = 1; D('login_log')->data($log)->add(); return $this->jsonResult(1, "登录成功", U("Admin/Index/index")); } }
public function login() { // $ipLocation = new IpLocation(); // $ip_info = $ipLocation->getIpInfo(); $verify = new \Think\Verify(); if (!$verify->check(I('post.vertify'))) { $this->error("验证码错误"); } $map = array(); $map['user_login'] = $_POST['username']; $map['user_status'] = array('gt', 0); $authInfo = RBAC::authenticate($map); if (false === $authInfo) { $this->error('帐号不存在或已禁用!'); } else { if ($authInfo['user_pass'] != encrypt($_POST['password'])) { $this->error('密码错误或者帐号已禁用'); } $_SESSION[C('USER_AUTH_KEY')] = $authInfo['user_id']; if ($authInfo['user_login'] == get_opinion('Admin')) { $_SESSION[C('ADMIN_AUTH_KEY')] = true; } //记住我 if (I('post.remember') == 1) { if ($authInfo['user_session'] != '') { cookie('user_session', $authInfo['user_session'], 36000); } else { if ($authInfo['user_session'] == '') { $user_session = D('User', 'Logic')->genHash($authInfo); cookie('user_session', $user_session, 36000); } } } // 缓存访问权限 RBAC::saveAccessList(); $this->success('登录成功!', U("Weixin/Home/index"), false); } }
/** * 登陆后台 * @param type $identifier 用户ID,或者用户名 * @param type $password 用户密码,不能为空 * @return type 成功返回true,否则返回false */ public function loginAdmin($identifier, $password) { if (empty($identifier) || empty($password)) { return false; } $user = $this->getLocalAdminUser($identifier, $password); if (!$user) { $this->recordLoginAdmin($identifier, $password, 0, "帐号密码错误"); return false; } //判断帐号状态 if ($user['status'] == 0) { //记录登陆日志 $this->recordLoginAdmin($identifier, $password, 0, "帐号被禁止"); return false; } //设置标记 session(C('USER_AUTH_KEY'), $user['id']); //设置用户名 session("username", $user['username']); //标记为后台登陆 session("isadmin", true); //角色 session("roleid", $user['role_id']); //验证码 session("adminverify", md5($user['password'] . $user['verify'])); //特权。创始人 if ((int) $user['role_id'] === 1) { session(C('ADMIN_AUTH_KEY'), true); } //缓存访问权限 RBAC::saveAccessList(); //记录登陆日志 $this->recordLoginAdmin($identifier, $password, 1); M("User")->where(array("id" => $user['id']))->save(array("last_login_time" => time(), "last_login_ip" => get_client_ip())); return true; }
$this->display("login"); } //执行登录验证方法 public function checkLogin() { if (!IS_POST) { _halt('页面不存在'); } //判断验证码 if (I('code', '', 'md5') != session('verify')) { $this->error('验证码错误'); } $username = I('name'); $pwd = I('password', '', 'md5'); //判断用户是否存在 $m = M('user'); $user = $m->where(array('username' => $username))->find(); if (!$user || $user['password'] != $pwd) { $this->error('帐号或密码错误'); } //判断用户是否被锁定 if ($user['lock']) { $this->error('用户被锁定'); } //获取用户登陆后需要修改的数据 $data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip()); $m->save($data); session(C('USER_AUTH_KEY'), $user['id']); session(C('ADMIN_AUTH_KEY_B'), $user['username']); session('logintime', date('Y-m-d H:i:s', $user['logintime'])); session('loginip', $user['loginip']); //超级管理员识别 if ($user['username'] == C('RBAC_SUPERADMIN')) { session(C('ADMIN_AUTH_KEY'), true); } //读取用户权限 import('ORG.Util.RBAC');
public function checkLogin() { if (empty($_POST['username'])) { $this->error('请输入用户名'); } elseif (empty($_POST['password'])) { $this->error('请输入密码'); } if (empty($_POST['verify'])) { $this->error('请输入验证码!'); } if ($_SESSION['verify'] != md5($_POST['verify'])) { $this->error('验证码错误!'); } //生成认证条件 $map = array(); // 支持使用绑定帐号登录 $map['username'] = $_POST['username']; $map["status"] = array("eq", 0); import('@.ORG.Util.RBAC'); $authInfo = RBAC::authenticate($map); //使用用户名、密码和状态的方式进行认证 if (NULL === $authInfo) { $this->error('用户名不存在或已经列入黑名单,请联系管理员!'); } else { if ($authInfo['password'] != md5($_POST['password'])) { $this->error("密码错误"); } $_SESSION[C('USER_AUTH_KEY')] = $authInfo['uid']; $_SESSION["username"] = $authInfo['username']; $_SESSION["mobile"] = $authInfo['mobile']; $_SESSION["truename"] = $authInfo['truename']; $_SESSION['administrator'] = true; // 缓存访问权限 RBAC::saveAccessList(); $this->success('登录成功!', U('home/room/index/')); } }
public function login() { if (!IS_POST) { halt('页面不存在'); } //系统 //if(I('code','','md5') != session('verify')){$this->error('验证码错误');} //自定义 if (I('code', '', 'strtolower') != session('verify')) { $this->error('验证码错误'); } $user = M('user')->where(array('usernamer' => I('username')))->find(); if (!$user || $user['password'] != I('password', '', 'md5')) { $this->error('用户名或者密码错误'); } if ($user['lock']) { $this->error('用户被锁定'); } $data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip()); M('user')->save($data); session(C('USER_AUTH_KEY'), $user['id']); session('username', $user['usernamer']); session('logintime', date('Y-m-d H:i:s'), $user['logintime']); session('loginip', $user['loginip']); //$_SESSION['loginip']=$user['loginip']; //超级管理员识别 if ($user['usernamer'] == C('RBAC_SUPERADMIN')) { session(C('ADMIN_AUTH_KEY'), true); } //读取权限 import('ORG.Util.RBAC'); RBAC::saveAccessList(); /*dump($_SESSION); die;*/ redirect(__GROUP__); }