/**
* 登录接口
*/
public function login()
{
$db = M('user');
$user = $db->where(array('username' => I('username')))->find();
if (!$user || $user['password'] != I('password', '', 'md5')) {
//登录失败
$result = array('result' => 1);
} else {
//更新最后一次登录时间与IP
$data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip());
$db->save($data);
$session_id = session_id();
$result = array('result' => 0, 'session_id' => $session_id, 'rolename' => "导游部经理", 'phone' => "12341234001", 'nickname' => "路人甲", 'account' => session("username"));
session(C('USER_AUTH_KEY'), $user['id']);
session('username', $user['username']);
session('logintime', date('Y-m-d H:i:s', $user['logintime']));
session('loginip', $user['loginip']);
//超级管理员识别
if ($user['username'] == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
// p($_SESSION);
//读取用户权限
import('ORG.Util.RBAC');
RBAC::saveAccessList();
}
echo json_encode($result);
}
function checkLogin()
{
if (empty($_POST['username'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['username'] = $_POST['username'];
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
if ($authInfo['username'] == 'admin') {
$_SESSION['administrator'] = true;
}
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!');
}
}
public function login()
{
//判断是否使用post方法传值
if (!IS_POST) {
halt('页面错误');
}
//读取数据库账号信息
$db = M('user');
$user = $db->where(array('username' => I('username')))->find();
if (!$user || $user['password'] != I('password')) {
$this->error('账号或密码错误');
}
//更新最后一次登录时间与IP
$data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip());
$db->save($data);
//设置session
session(C('USER_AUTH_KEY'), $user['id']);
session('username', $user['username']);
session('logintime', date('Y-m-d H:i:s', $user['logintime']));
session('loginip', $user['loginip']);
//超级管理员识别
if ($user['username'] == C('RBAC_SUPPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
//读取用户权限
import('ORG.Util.RBAC');
RBAC::saveAccessList();
redirect(__GROUP__);
}
public function login()
{
$user = M('user')->where(array('user_name' => $_POST['user_name']))->find();
if (!$user || $user['user_password'] != I('user_password', '', 'md5')) {
$this->error('账号或密码错误', U('Admin/Login/index'));
}
if (!$user['user_status']) {
$this->error('非法用户', U('Index/Index/index'));
} else {
session('user_organization', $user['user_nikename']);
}
//更新最后一次登陆ip
$user = array('user_id' => $user['user_id'], 'user_name' => $user['user_name'], 'user_password' => I('user_password', '', 'md5'), 'login_ip' => get_client_ip());
M('user')->save($user);
//往session中写入数据
session(C('USER_AUTH_KEY'), $user['user_id']);
session('username', $user['user_name']);
session('userpwd', I('user_password', '', 'md5'));
//超级管理员识别
if ($user['user_name'] == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
//读取用户权限
import('ORG.Util.RBAC');
RBAC::saveAccessList();
$this->redirect('Admin/Index/index');
}
public function login()
{
if (!IS_POST) {
halt('页面不存在');
}
//sae平台特殊处理验证码
if (md5(strtoupper($_POST['code'])) != $_SESSION['verify']) {
//验证错误处理代码
$this->error('验证码错误');
}
// if(I('code', '', 'strtolower') != session('verify')){
// $this->error('验证码错误');
// }
$db = M('user');
$user = $db->where(array('username' => I('username')))->find();
if (!$user || $user['password'] != I('password', '', 'md5')) {
$this->error('username or password wrong!');
}
//更新最后一次登录时间与IP
$data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip());
$db->save($data);
session(C('USER_AUTH_KEY'), $user['id']);
session('username', $user['username']);
session('logintime', date('Y-m-d H:i:s', $user['logintime']));
session('loginip', $user['loginip']);
//超级管理员识别
if ($user['username'] == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
// p($_SESSION);
//读取用户权限
import('ORG.Util.RBAC');
RBAC::saveAccessList();
redirect(__GROUP__);
}
public function login()
{
if (!IS_POST) {
_404('页面不存在');
}
/*if(I('code', '', 'md5') != session('verify')){
$this->error('验证码错误');
}*/
$username = I('username');
$pwd = I('password', '', 'md5');
$user = M('user')->where(array('username' => $username))->find();
if (!$user || $user['password'] != $pwd) {
$this->error('账号或密码错误');
} else {
if ($user['lock']) {
$this->error('用户被锁定');
}
}
//更新数据库
$data = array('id' => $user['id'], 'loginTime' => time(), 'loginIp' => get_client_ip());
M('user')->save($data);
//读取权限
session(C('USER_AUTH_KEY'), $user['id']);
session('username', $user['username']);
session('loginTime', date('y-m-d H:i:s'), $user['loginTime']);
session('loginIp', $user['loginIp']);
if ($user['username'] == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
import('ORG.Util.RBAC');
RBAC::saveAccessList();
//P($_SESSION);
//die();
$this->redirect('Admin/Index/index');
}
public function index()
{
if (IS_POST) {
$this->checkToken();
$returnLoginInfo = D("Public")->auth();
//生成认证条件
if ($returnLoginInfo['status'] == 1) {
$map = array();
// 支持使用绑定帐号登录
$map['email'] = $this->_post('email');
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['aid'];
$_SESSION['email'] = $authInfo['email'];
if ($authInfo['email'] == C('ADMIN_AUTH_KEY')) {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
// 缓存访问权限
RBAC::saveAccessList();
}
echo json_encode($returnLoginInfo);
} else {
if (isset($_COOKIE[$this->loginMarked])) {
$this->redirect("Index/index");
}
$systemConfig = (include WEB_ROOT . 'Common/systemConfig.php');
$this->assign("site", $systemConfig);
$this->display("Common:login");
}
}
public function login()
{
$systemConfig = (include WEB_ROOT . 'Common/systemConfig.php');
if (IS_POST) {
$pubmod = new PublicModel();
$returnLoginInfo = $pubmod->auth();
if ($returnLoginInfo['status'] == 1) {
$map = array();
// 支持使用绑定帐号登录
$map['a_name'] = $this->_post('name');
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['a_id'];
#var_dump($_SESSION[C('USER_AUTH_KEY')]);exit;
$_SESSION['a_name'] = $authInfo['a_name'];
if ($authInfo['a_name'] == C('ADMIN_AUTH_KEY')) {
//是否是管理员登录
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
// 缓存访问权限
RBAC::saveAccessList();
$_SESSION['username'] = $authInfo['a_name'];
//记录管理员log
$data = array("a_id" => $authInfo['a_id'], "l_content" => "管理员[" . $authInfo['a_name'] . "]于[" . date("Y-m-d H:i:s") . "]登录了[唐亮工长俱乐部]后台管理系统!");
M("Log")->add($data);
$this->success("登录成功", U("Index/index"));
exit;
} else {
$this->error($returnLoginInfo['info']);
exit;
}
}
$this->assign("systemConfig", $systemConfig);
$this->display();
}
public function login()
{
if (!IS_POST) {
halt('页面不存在3');
}
// if(I('code','','md5')!=session('verify')){
// $this->error('验证码错误');
// }
$username = I('username');
$pwd = I('password', '', 'md5');
$user = M('user')->where(array('username' => $username))->find();
if (!$user || $user['password'] != $pwd) {
$this->error('账号或密码错误!');
}
if ($user['lock']) {
$this->error('用户被锁了');
}
$data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip());
M('user')->save($data);
session(C('USER_AUTH_KEY'), $user['id']);
session('username', $user['username']);
session('logintime', date('Y-m-d H:i:s', $user['logintime']));
session('loginip', $user['loginip']);
//超级管理员识别
if ($user['username'] == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
//读取用户权限
import('ORG.Util.RBAC');
RBAC::saveAccessList();
p($_SESSION);
die;
$this->redirect('Admin/Index/index');
}
/**
* @name checkLogin
* @access
* @const 指明常量
* @module Home
* @param
* @return $info[ "info" => "xxxx",
"state" => x0x,
]
* @throws
* @todo 保证安全,滑动式验证码
* @var 加密md5(hash('sha256', ($goal_stu['salt'] % 3))).sha1(I('post.password'))
* @version 1.0
*/
public function checkLogin()
{
$user = M('user');
$salt_condition = array("username" => I('post.user_name'), "statis" => 1);
$goal_salt = $user->where($salt_condition)->find();
if (!session("?testtime")) {
session('testtime', 0);
}
if (session("testtime") > 4) {
$info = array("info" => "尝试次数过多,请稍后再试", "state" => 400);
echo json_encode($info);
} else {
if (!$goal_salt) {
$student = M('student');
$stu_condition = array('stu_id' => I('post.user_name'), 'status' => 1);
$goal_stu = $student->where($stu_condition)->find();
if (!$goal_stu) {
$info = array("info" => "用户不存在", "state" => 401);
session('testtime', session('testtime') + 1);
echo json_encode($info);
} elseif ($goal_stu) {
if ($goal_stu['password'] == md5(hash('sha256', $goal_stu['salt'] % 3)) . sha1(I('post.password'))) {
$info = array("info" => "success", "state" => 200);
session('type', 'stu');
session('stu_id', $goal_stu['stu_id']);
session('username', $goal_stu['stu_name']);
echo json_encode($info);
} else {
session('testtime', session('testtime') + 1);
$info = array("info" => "密码错误", "state" => 404);
echo json_encode($info);
}
} else {
$info = array("info" => "用户不存在", "state" => 401);
session('testtime', session('testtime') + 1);
echo json_encode($info);
}
} else {
$condition = array("username" => I('post.user_name'), "password" => md5(hash('sha256', $goal_salt['salt'] % 3)) . sha1(I('post.password')), "status" => 1);
$goal_user = $user->where($condition)->find();
if (!$goal_user) {
session('testtime', session('testtime') + 1);
$info = array("info" => "密码错误", "state" => 404);
echo json_encode($info);
} else {
$info = array("info" => "success", "state" => 200);
session('testtime', 0);
session(C("USER_AUTH_KEY"), $goal_user["id"]);
session('username', $goal_user['username']);
if ($goal_user['username'] == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
RBAC::saveAccessList();
echo json_encode($info);
}
}
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
} elseif (empty($_POST['verify'])) {
$this->error('验证码必须!');
}
// 登录验证码获取
$verifyCodeStr = $_POST['verify'];
$verifyCodeNum = array_flip($_SESSION['verifyCode']);
$len = strlen(trim($_POST['verify']));
for ($i = 0; $i < $len; $i++) {
$verify .= $verifyCodeNum[$verifyCodeStr[$i]];
}
if ($verify != '0123456789') {
$this->error('验证码错误!');
}
$User = M('User');
//生成认证条件
$map = array();
$map["account"] = $_POST['account'];
$map["status"] = array('gt', 0);
//$authInfo = $User->find($map);
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['email'] = $authInfo['email'];
$_SESSION['loginUserName'] = $authInfo['nickname'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['login_count'] = $authInfo['login_count'];
if ($authInfo['account'] == 'admin') {
$_SESSION['administrator'] = true;
}
//保存登录信息
$User = M('User');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', 'login_count+1');
$data['last_login_ip'] = $ip;
$User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!');
}
}
public function login()
{
if (!IS_POST) {
halt("页面不存在");
}
if (!IS_AJAX) {
halt('页面不存在');
}
$data = array('unum' => I('username'), 'upassword' => md5(I('password')), 'verify_code' => I('verify_code', '', 'md5'));
if ($data['verify_code'] != session('verify')) {
//验证码错误
$this->ajaxReturn(array('status' => 2), 'json');
} else {
if ($data['unum'] == '' || $data['upassword'] == '') {
//服务器端未能接收到用户名或密码
$this->ajaxReturn(array('status' => 0), 'json');
} else {
//验证用户名密码
$map['unum'] = $data['unum'];
$map['upassword'] = $data['upassword'];
$result = M('user')->where($map)->find();
if ($result == null) {
//数据库中没有这个用户
$this->ajaxReturn(array('status' => 1), 'json');
} else {
//登陆成功处理
if (!$result['ustatus']) {
$this->ajaxReturn(array('status' => 4), 'json');
} else {
$data = array('uid' => $result['uid'], 'ulogintime' => time(), 'uloginip' => get_client_ip());
M('user')->save($data);
session('uid', $result['uid']);
session('unum', $result['unum']);
session('uname', $result['uname']);
session('upassword', $result['upassword']);
session('uphone', $result['uphone']);
session('umale', $result['umale']);
session('ubirth', $result['ubirth']);
session('udate', $result['udate']);
session('ustatus', $result['ustatus']);
session('ulogintime', date('Y-m-d H:i:s', $result['ulogintime']));
session('uloginip', $result['uloginip']);
//超级管理员识别
if ($result['unum'] == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
//读取用户权限
import('ORG.Util.RBAC');
RBAC::saveAccessList();
$this->ajaxReturn(array('status' => 3), 'json');
}
}
}
}
}
public function checkLogin()
{
//如果用户名密码(可在此外加验证码)为空则直接阻止用户访问
if (empty($_POST['username'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录,将获得到用户名放到$map中
$map['username'] = $_POST['username'];
$map['active'] = 1;
//加载RBAC类
import('ORG.Util.RBAC');
//通过authenticate去读取出来所有的用户信息,仅传用户名即可
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
//如果没有获取到信息
if (false === $authInfo || $authInfo == "") {
$this->error('帐号不存在或已禁用!');
} else {
//通过$authinfo获取的信息与post当中的md5密码进行对比
if (strtolower($authInfo['password']) != strtolower(md5($_POST['password']))) {
$this->error('密码错误!');
}
//激活用户标识号
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['user_id'];
$_SESSION['user'] = $authInfo;
//如果用户标识号是管理员,则激活管理员标识,具有一切可访问权限
if (in_array($authInfo['username'], array('admin', 'system'))) {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
// 通过RBAC类中的静态方法saveAccessList缓存访问权限
RBAC::saveAccessList();
// dump($_SESSION[C('USER_AUTH_KEY')]);
// die();
//判断密码过期
if (D('user')->check_password()) {
$this->assign("jumpUrl", '?m=user&a=password');
$this->success('登录成功!但是密码已经过期,请修改');
} else {
//判断用户从哪进入登陆页面,登陆成功后返回前一个页面
$url = explode("?", $_POST['url']);
$url = explode("&", $url[1]);
if (isset($_POST['url']) && !empty($_POST['url']) && $url['0'] != "m=public" && $url['0'] != "m=public" && $url['0'] != "m=public" && $url['0'] != "m=public" && $url['0'] != "m=public") {
$this->assign("jumpUrl", $_POST['url']);
} else {
$this->assign("jumpUrl", '?m=dashboard&a=index');
}
$this->assign("waitSecond", "2");
$this->success('登录成功!');
}
}
}
function checkLogin()
{
if (empty($_POST['username'])) {
alert("帐号错误", 1);
} elseif (empty($_POST['password'])) {
alert("密码必须!", 1);
} elseif (empty($_POST['verify'])) {
alert('验证码必须!', 1);
}
if (md5($_POST['verify']) != $_SESSION['verify']) {
alert('验证码错误!', 1);
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['username'] = trim($_POST['username']);
$map["status"] = array('gt', 0);
import('@.ORG.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
alert('帐号不存在!', 1);
}
if (empty($authInfo)) {
alert('帐号不存在或已禁用!', 1);
}
$pwdinfo = strcmp($authInfo['password'], md5('wk' . trim($_POST['password']) . 'cms'));
if ($pwdinfo != 0) {
alert('密码错误!', 1);
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['username'] = $_POST['username'];
$_SESSION['cookietime'] = time();
$role = M('role_admin');
$authInfo['role_id'] = $role->where('user_id=' . $authInfo['id'])->getField('role_id');
if ($authInfo['role_id'] == '1') {
$_SESSION['administrator'] = true;
}
//保存登录信息
$admin = M('admin');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['lastlogintime'] = $time;
$data['lastloginip'] = $ip;
$admin->save($data);
// 缓存访问权限
RBAC::saveAccessList();
//保存cookie信息
Cookie::set($_SESSION['cookietime'], '1', 60 * 60 * 3);
//dump($_SESSION);
$this->index();
}
public function checkLogin()
{
if (empty($_POST['username'])) {
$this->error('请填写用户名!');
} elseif (empty($_POST['pwd'])) {
$this->error('请填写密码!');
} elseif (empty($_POST['verify'])) {
$this->error('请填写验证码!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['username'] = $_POST['username'];
//$map["status"] = array('gt',0);
if (session('verify') != md5($_POST['verify'])) {
$this->error('验证码错误!');
}
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在!');
} else {
if ($authInfo['pwd'] != md5($_POST['pwd'])) {
$this->error('密码错误!');
}
//是否禁用
if ($authInfo['status'] == 0) {
$this->error('账号已被管理员禁用!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['uid'];
$_SESSION['email'] = $authInfo['email'];
$_SESSION['loginUserName'] = $authInfo['username'];
$_SESSION['lastLoginTime'] = $authInfo['logintime'];
//$_SESSION['login_count'] = $authInfo['login_count'];
//若是管理员开启管理员权限
if ($authInfo['isadmin'] == 1) {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
//保存登录信息
$User = M('Users');
$ip = get_client_ip();
$time = time();
$data = array();
$data['uid'] = $authInfo['uid'];
$data['logintime'] = $time;
//$data['login_count'] = array('exp','login_count+1');
$data['loginip'] = $ip;
$User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!', __APP__ . '/Index/index');
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('Bạn chưa nhập tài khoản!');
} elseif (empty($_POST['password'])) {
$this->error('Ban chưa nhập mật khẩu!');
} elseif ('' === trim($_POST['verify'])) {
$this->error('Bạn chưa nhập mã xác thực!');
}
//Generate the certification requirements
$map = array();
// Support the use of binding account login
$map['account'] = $_POST['account'];
$map["status"] = array('gt', 0);
if ($_SESSION['verify'] != md5($_POST['verify'])) {
$this->error('Mã xác thực không đúng!');
}
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//Authentication using the user name, password, and the state
if (false === $authInfo) {
$this->error('Tài khoản không tồn tại hoặc đã bị khoá!');
} else {
if ($authInfo['password'] != pwdHash($_POST['password'])) {
$this->error('Mật khẩu không đúng!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['loginUserName'] = $authInfo['nickname'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['login_count'] = $authInfo['login_count'];
$_SESSION['user_type'] = $authInfo['type_id'];
if ($authInfo['account'] == 'admin') {
$_SESSION['administrator'] = true;
}
//Save login information
$User = M('User');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', '(login_count+1)');
$data['last_login_ip'] = $ip;
$User->save($data);
$_SESSION['loginId'] = $loginId;
// Cache access rights
RBAC::saveAccessList();
$this->success('Đăng nhập thành công');
}
}
public function insert(){
$username = $this->_post('username');
$password = $this->_post('password','md5');
if(empty($username)||empty($password)){
$this->error('请输入帐号密码',U('Admin/index'));
}
$code=$this->_post('code','intval,md5',0);
if($code != $_SESSION['verify']){
$this->error('验证码错误',U('Admin/index'));
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['username'] = $username;
$map['status'] = 1;
$authInfo = RBAC::authenticate($map,'User');
//exit;
//使用用户名、密码和状态的方式进行认证
if($authInfo['password']!=$password)$this->error('账号密码不匹配,请认真填写');
if((false == $authInfo)) {
$this->error('帐号不存在或已禁用!');
}else {
session(C('USER_AUTH_KEY'), $authInfo['id']);
session('userid',$authInfo['id']); //用户ID
session('username',$authInfo['username']); //用户名
session('roleid',$authInfo['role']); //角色ID
if($authInfo['username']==C('SPECIAL_USER')) {
session(C('ADMIN_AUTH_KEY'), true);
}
//保存登录信息
$User = M('User');
$ip = get_client_ip();
$data = array();
if($ip){ //如果获取到客户端IP,则获取其物理位置
$Ip = new IpLocation(); // 实例化类
$location = $Ip->getlocation($ip); // 获取某个IP地址所在的位置
$data['last_location'] = '';
if($location['country'] && $location['country']!='CZ88.NET') $data['last_location'].=$location['country'];
if($location['area'] && $location['area']!='CZ88.NET') $data['last_location'].=' '.$location['area'];
}
$data['id'] = $authInfo['id'];
$data['last_login_time'] = time();
$data['last_login_ip'] = get_client_ip();
$User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
redirect(U('System/index'));
}
}
public function checkLogin()
{
$User = D('User');
if (empty($_POST['account'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
} elseif (empty($_POST['verify'])) {
$this->error('验证码必须!');
}
// 登录验证码获取
$verifyCodeStr = $_POST['verify'];
$verifyCodeNum = array_flip($_SESSION['verifyCode']);
$len = strlen(trim($_POST['verify']));
for ($i = 0; $i < $len; $i++) {
$verify .= $verifyCodeNum[$verifyCodeStr[$i]];
}
//生成认证条件
$map = array();
$map["account"] = $_POST['account'];
$map["status"] = array('gt', 0);
$authInfo = $User->find($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('用户名不存在或已禁用!');
} else {
if ($authInfo['account'] != $_POST['account']) {
$this->error('帐号错误!');
}
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
if ($authInfo['verify'] != $verify) {
$this->error('验证码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['loginUserName'] = $authInfo['account'];
$_SESSION['loginUserId'] = $authInfo['id'];
if ($authInfo['account'] == 'admin') {
// 管理员不受权限控制影响
$_SESSION['administrator'] = true;
} else {
$_SESSION['administrator'] = false;
}
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!');
}
}
public static function checkLogin()
{
if (RBAC::checkAccess()) {
if (!$_SESSION[C('USER_AUTH_KEY')]) {
if (C('GUEST_AUTH_ON')) {
if (!isset($_SESSION['_ACCESS_LIST'])) {
RBAC::saveAccessList(C('GUEST_AUTH_ID'));
}
} else {
redirect(PHP_FILE . C('USER_AUTH_GATEWAY'));
}
}
}
return true;
}
/**
* 登陆验证操作.
*
* @version 0.0.2 去掉验证码机制 by GenialX
* @since 0.0.1
*
* @author 水木清华
* @author GenialX
*/
function checklogin()
{
//此处多余可自行改为Model自动验证
if (empty(I('post.email', ''))) {
$this->error('请输入登陆邮箱!');
} elseif (empty(I('post.password', ''))) {
$this->error('密码必须!');
}
$map = array();
$map['email'] = I('post.email');
$map['status'] = array('gt', 0);
import('ORG.Util.RBAC');
//C('USER_AUTH_MODEL','User');
//验证账号密码
$authInfo = RBAC::authenticate($map);
if (empty($authInfo)) {
$this->error('账号不存在或者被禁用!');
} else {
if ($authInfo['password'] != I("post.password")) {
$this->error('密码错误!');
} else {
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
//记录认证标记,必须有。其他信息根据情况取用。
$_SESSION['user'] = $authInfo['username'];
//判断是否为管理员
//if($authInfo['username']=='admin'){
//$_SESSION[C('ADMIN_AUTH_KEY')]=true; }
//以下操作为记录本次登录信息
$user = M('Member');
$data = array();
$data['id'] = $authInfo['id'];
$lasttime = date('Y-m-d H:i:s');
$data['last_login_time'] = $lasttime;
$user->save($data);
RBAC::saveAccessList();
//用于检测用户权限的方法,并保存到Session中
if (I('post.callBackUrl', '')) {
$callBackUrl = I("post.callBackUrl", '');
} else {
$callBackUrl = '/';
}
$this->assign('jumpUrl', $callBackUrl);
$this->success('登录成功!');
}
}
}
public function login()
{
if (!IS_POST) {
halt('页面不存在');
}
if (I('code', '', 'md5') != session('verify')) {
$this->error('验证码错误');
}
$username = I('username');
$pwd = I('password', '', 'md5');
$user = M('user')->where(array('username' => $username))->find();
if (!$user || $user['password'] != $pwd) {
$this->error('账号或密码错误');
}
if ($user['lock']) {
$this->error('用户被锁定');
}
$data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip());
M('user')->save($data);
session(C('USER_AUTH_KEY'), $user['id']);
session('username', $user['username']);
session('logintime', date('Y-m-d H:i:s', $user['logintime']));
session('loginip', $user['loginip']);
//超级管理员识别
if ($user['username'] == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
//读取用户权限
import('ORG.Util.RBAC');
RBAC::saveAccessList();
// select node.id,node.name from
// hd_role as role,
// hd_role_user as user,
// hd_access as access ,
// hd_node as node
// where user.user_id='2' and
// user.role_id=role.id and
// ( access.role_id=role.id or (access.role_id=role.pid and role.pid!=0 ) ) and
// role.status=1 and
// access.node_id=node.id and
// node.level=2 and
// node.pid=1 and
// node.status=1
// die;
$this->redirect('Admin/Index/index');
}
public function checkLogin()
{
if (empty($_POST['username'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
}
//生成认证条件
$map = array();
$map['username'] = $_POST['username'];
//用户账号
$map["status"] = array('gt', 0);
//大于0
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//按照条件查找所有用户信息
//使用用户名、密码和状态的方式进行认证
if ($authInfo === false) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
//Md5验证密码
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
//生成用户标识id SESSION
if ($authInfo['username'] == 'admin') {
//如果是管理员用户
$_SESSION['administrator'] = true;
//开启管理员标识,拥有所有访问权限
}
//更新登录信息
$User = M('User');
//用户表
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = time();
$data['login_count'] = array('exp', 'login_count+1');
$data['last_login_ip'] = get_client_ip();
$User->save($data);
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!', __APP__ . '/Index/index');
}
}
function checklogin()
{
if (empty($_POST['ChrName'])) {
$this->assign('waitSecond', 3);
$this->error('帐号错误!');
} elseif (empty($_POST['ChrPwd'])) {
$this->assign('waitSecond', 3);
$this->error('密码必须!');
} elseif (empty($_POST['verify'])) {
$this->assign('waitSecond', 3);
$this->error('验证码必须!');
}
$map = array();
$map['username'] = $_POST['ChrName'];
$map['if_lock'] = 0;
if ($_SESSION['verify'] != md5($_POST['verify'])) {
$this->assign('waitSecond', 3);
$this->error('验证码错误!');
}
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
if (empty($authInfo)) {
$this->assign('waitSecond', 3);
$this->error('账号不存在或者被禁用!');
} else {
if ($authInfo['password'] != md5($_POST['ChrPwd'] . C('USER_PASSWORD_CODE'))) {
$this->assign('waitSecond', 3);
$this->error('账号密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['USER_Name'] = $authInfo['username'];
$user = M('Admin');
$data = array();
$data['id'] = $authInfo['id'];
$data['login_time'] = time();
$data['login_ip'] = get_client_ip();
$user->save($data);
$user->where('id=' . $authInfo['id'])->setInc('login_times');
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
RBAC::saveAccessList();
$this->assign('jumpUrl', __APP__ . '/Index/index');
$this->success('登录成功!');
}
}
public function login()
{
//判断是否POST提交
if (!IS_POST) {
$this->error("页面不存在");
}
$verify = I('param.verify', '');
//判断验证码
// if(!check_verify($verify)){
// $this->error("亲,验证码输错了哦!");
// }
//获取密码MD5加密
$pwd = I('user_pass', '', 'md5');
//查询是否有这个用户
$User = M('user')->where(array('user_name' => $_POST['user_name']))->find();
if (!$User) {
$this->error("账号不存在");
} else {
//查询密码是否正确于用户名类型是否是1ADMIN用户
if ($User['user_pass'] == $pwd) {
//写入本次登陆数据
// $data = array(
// 'id' => $User['id'],
// 'last_login_time' => date('Y-m-d H:i:s',time()),
// 'last_login_ip' => get_client_ip(),
// );
// M('user')->save($data);
session(C('USER_AUTH_KEY'), $User['id']);
session('user_name', $User['user_name']);
//超级管理员识别
if ($User['user_name'] == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
//读取用户权限
RBAC::saveAccessList();
$this->success("添加成功!", U("Index/index"));
} else {
$this->error("密码错误");
}
}
}
/**
* 认证用户,传入where查询 $map['user表字段']
* @param $map
* @return string
*/
public function auth($map)
{
$authInfo = RBAC::authenticate($map);
if (false === $authInfo || $authInfo == null) {
$log['log_user_id'] = -1;
$log['log_user_name'] = I('post.username');
$log['log_password'] = I('post.password');
$log['log_ip'] = get_client_ip();
$log['log_status'] = -1;
D('login_log')->data($log)->add();
return $this->jsonResult(0, "用户名或者密码错误");
} else {
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['user_id'];
if ($authInfo['user_login'] == get_opinion('Admin') || $authInfo['user_id'] == 1) {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
//记住我
if (I('post.remember') == 1) {
if ($authInfo['user_session'] != '') {
cookie('user_session', $authInfo['user_session'], 3600 * 24 * 30);
} else {
if ($authInfo['user_session'] == '') {
$user_session = D('User', 'Logic')->genHash($authInfo);
cookie('user_session', $user_session, 3600 * 24 * 30);
}
}
}
// 缓存访问权限
RBAC::saveAccessList();
$log['log_user_id'] = $authInfo['user_id'];
$log['log_user_name'] = I('post.username');
$log['log_password'] = encrypt(I('post.password'));
$log['log_ip'] = get_client_ip();
$log['log_status'] = 1;
D('login_log')->data($log)->add();
return $this->jsonResult(1, "登录成功", U("Admin/Index/index"));
}
}
public function login()
{
// $ipLocation = new IpLocation();
// $ip_info = $ipLocation->getIpInfo();
$verify = new \Think\Verify();
if (!$verify->check(I('post.vertify'))) {
$this->error("验证码错误");
}
$map = array();
$map['user_login'] = $_POST['username'];
$map['user_status'] = array('gt', 0);
$authInfo = RBAC::authenticate($map);
if (false === $authInfo) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['user_pass'] != encrypt($_POST['password'])) {
$this->error('密码错误或者帐号已禁用');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['user_id'];
if ($authInfo['user_login'] == get_opinion('Admin')) {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
//记住我
if (I('post.remember') == 1) {
if ($authInfo['user_session'] != '') {
cookie('user_session', $authInfo['user_session'], 36000);
} else {
if ($authInfo['user_session'] == '') {
$user_session = D('User', 'Logic')->genHash($authInfo);
cookie('user_session', $user_session, 36000);
}
}
}
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!', U("Weixin/Home/index"), false);
}
}
/**
* 登陆后台
* @param type $identifier 用户ID,或者用户名
* @param type $password 用户密码,不能为空
* @return type 成功返回true,否则返回false
*/
public function loginAdmin($identifier, $password)
{
if (empty($identifier) || empty($password)) {
return false;
}
$user = $this->getLocalAdminUser($identifier, $password);
if (!$user) {
$this->recordLoginAdmin($identifier, $password, 0, "帐号密码错误");
return false;
}
//判断帐号状态
if ($user['status'] == 0) {
//记录登陆日志
$this->recordLoginAdmin($identifier, $password, 0, "帐号被禁止");
return false;
}
//设置标记
session(C('USER_AUTH_KEY'), $user['id']);
//设置用户名
session("username", $user['username']);
//标记为后台登陆
session("isadmin", true);
//角色
session("roleid", $user['role_id']);
//验证码
session("adminverify", md5($user['password'] . $user['verify']));
//特权。创始人
if ((int) $user['role_id'] === 1) {
session(C('ADMIN_AUTH_KEY'), true);
}
//缓存访问权限
RBAC::saveAccessList();
//记录登陆日志
$this->recordLoginAdmin($identifier, $password, 1);
M("User")->where(array("id" => $user['id']))->save(array("last_login_time" => time(), "last_login_ip" => get_client_ip()));
return true;
}
$this->display("login");
}
//执行登录验证方法
public function checkLogin()
{
if (!IS_POST) {
_halt('页面不存在');
}
//判断验证码
if (I('code', '', 'md5') != session('verify')) {
$this->error('验证码错误');
}
$username = I('name');
$pwd = I('password', '', 'md5');
//判断用户是否存在
$m = M('user');
$user = $m->where(array('username' => $username))->find();
if (!$user || $user['password'] != $pwd) {
$this->error('帐号或密码错误');
}
//判断用户是否被锁定
if ($user['lock']) {
$this->error('用户被锁定');
}
//获取用户登陆后需要修改的数据
$data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip());
$m->save($data);
session(C('USER_AUTH_KEY'), $user['id']);
session(C('ADMIN_AUTH_KEY_B'), $user['username']);
session('logintime', date('Y-m-d H:i:s', $user['logintime']));
session('loginip', $user['loginip']);
//超级管理员识别
if ($user['username'] == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
//读取用户权限
import('ORG.Util.RBAC');
public function checkLogin()
{
if (empty($_POST['username'])) {
$this->error('请输入用户名');
} elseif (empty($_POST['password'])) {
$this->error('请输入密码');
}
if (empty($_POST['verify'])) {
$this->error('请输入验证码!');
}
if ($_SESSION['verify'] != md5($_POST['verify'])) {
$this->error('验证码错误!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['username'] = $_POST['username'];
$map["status"] = array("eq", 0);
import('@.ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (NULL === $authInfo) {
$this->error('用户名不存在或已经列入黑名单,请联系管理员!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error("密码错误");
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['uid'];
$_SESSION["username"] = $authInfo['username'];
$_SESSION["mobile"] = $authInfo['mobile'];
$_SESSION["truename"] = $authInfo['truename'];
$_SESSION['administrator'] = true;
// 缓存访问权限
RBAC::saveAccessList();
$this->success('登录成功!', U('home/room/index/'));
}
}
public function login()
{
if (!IS_POST) {
halt('页面不存在');
}
//系统
//if(I('code','','md5') != session('verify')){$this->error('验证码错误');}
//自定义
if (I('code', '', 'strtolower') != session('verify')) {
$this->error('验证码错误');
}
$user = M('user')->where(array('usernamer' => I('username')))->find();
if (!$user || $user['password'] != I('password', '', 'md5')) {
$this->error('用户名或者密码错误');
}
if ($user['lock']) {
$this->error('用户被锁定');
}
$data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip());
M('user')->save($data);
session(C('USER_AUTH_KEY'), $user['id']);
session('username', $user['usernamer']);
session('logintime', date('Y-m-d H:i:s'), $user['logintime']);
session('loginip', $user['loginip']);
//$_SESSION['loginip']=$user['loginip'];
//超级管理员识别
if ($user['usernamer'] == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
//读取权限
import('ORG.Util.RBAC');
RBAC::saveAccessList();
/*dump($_SESSION);
die;*/
redirect(__GROUP__);
}
