public function adminLogin($username, $admin_name = '', $remember = false) { $admin_info = $this->admin_model->getAdminByUsername($username); $auth_list = array(); if (empty($admin_info)) { $now_time = time(); $password = Password::Encryption($username, mt_rand(100000, 9999999999)); //密码加密 $admin_data = array('username' => $username, 'admin_name' => $admin_name, 'password' => $password, 'department_id' => 0, 'last_login' => $now_time, 'error_times' => 0, 'error_date' => Star_Date::getDate(), 'add_time' => $now_time, 'update_time' => $now_time); $admin_id = $this->admin_model->insert($admin_data); $admin_info = $this->admin_model->getAdminById($admin_id); } else { $admin_data = array('last_login' => time()); $admin_id = $admin_info['admin_id']; $this->updateAdmin($admin_info['admin_id'], $admin_data); } $admin_login_data = array('admin_id' => $admin_id, 'login_ip' => ip2long(Star_Http_Request::getIp()), 'add_time' => time()); $admin_login_model = new AdminLoginModel(); $admin_login_model->insert($admin_login_data); //添加登录记录 //返回部门权限 $department_auth = $this->auth_model->getAuthByDepartment($admin_info['department_id']); //返回管理员权限 $admin_auth = $this->auth_model->getAuthByAdmin($admin_info['admin_id']); if ($department_auth) { foreach ($department_auth as $auth) { $menu_id = $auth['menu_id']; $controller = $auth['controller']; $action = $auth['action']; $auth_list[$menu_id] = $this->getUrl($controller, $action); } } if ($admin_auth) { foreach ($admin_auth as $auth) { $menu_id = $auth['menu_id']; $controller = $auth['controller']; $action = $auth['action']; $auth_list[$menu_id] = $this->getUrl($controller, $action); } } $auth_token = $this->makeAuthSign($auth_list); $token = $this->makeLoginSign($admin_info['admin_id'], $admin_info['username'], $admin_info['department_id'], $admin_info['last_login'], $auth_token); $admin_data = array('admin_id' => $admin_info['admin_id'], 'department_id' => $admin_info['department_id'], 'username' => $admin_info['username'], 'last_login' => $admin_info['last_login'], 'token' => $token, 'auth_token' => $auth_token, 'admin_name' => $admin_info['admin_name']); $this->setLoginInfo($admin_data, $remember); //设置用户登录信息 Star_Cookie::set('auth', base64_encode(json_encode($auth_list)), time() + 86400 * 30, '/', '', false, true); //设置用户权限信息 }
/** * 管理员登录 */ public function loginAction() { $request = $this->getRequest(); $admin_service = new AdminService(); //用户已登录跳转到后台首页 if ($admin_service->checkLogin() == true) { return $this->redirect('/admin'); } if ($request->isPost()) { $username = trim($request->getParam('username')); $password = $request->getParam('password'); $captcha = $request->getParam('captcha'); $remember = $request->getParam('remember'); if (empty($username)) { return $this->showJson(1, '请输入用户名'); } if (empty($password) || strlen($password) < 6) { return $this->showJson(2, '请输入6位以上密码'); } if ($admin_service->checkCaptcha($captcha) == false) { return $this->showJson(3, '帐号或密码有误,请重新输入'); } $admin = $admin_service->getAdminByUsername($username); if (empty($admin)) { return $this->showJson(403, '帐号或密码有误,请重新输入'); } //当天密码错误超过500次 if ($admin['error_times'] > 500) { return $this->showJson(4, '帐号密码输入错误次数过多,请明日再试。'); } //验证密码是否正确 if ($admin['password'] == Password::Encryption($username, $password)) { $admin_service->adminLogin($username, '', $remember); } else { $admin_data = array(); if (Star_Date::getDate() == $admin['error_date']) { $admin_data = array('error_date' => Star_Date::getDate(), 'error_times' => 'error_times + 1'); } else { $admin_data = array('error_date' => Star_Date::getDate(), 'error_times' => 1); } $admin_service->updateAdmin($admin['admin_id'], $admin_data, false); return $this->showJson(403, '帐号或密码有误,请重新输入'); } return $this->showJson(0, '登录成功'); } }
/** * 添加管理员 */ public function addadminAction() { $request = $this->getRequest(); $admin_service = new AdminService(); if ($request->isPost()) { $username = Star_String::escape($request->getParam('username')); $admin_name = Star_String::escape($request->getParam('admin_name')); $department_id = (int) $request->getParam('department_id'); $password = $request->getParam('password'); if (empty($password)) { return $this->showWarning('对不起,密码不能为空。'); } if (Star_String::strLength($password) < 6) { return $this->showWarning('对不起,密码不能少于6个字符。'); } if (empty($username)) { return $this->showWarning('对不起,用户名不能为空。'); } if ($admin_service->getAdminByUsername($username)) { return $this->showWarning('对不起,用户名已经存在了。'); } $admin_data = array('department_id' => $department_id, 'username' => $username, 'admin_name' => $admin_name ? $admin_name : $username, 'password' => Password::Encryption($username, $password), 'error_times' => 0, 'error_date' => Star_Date::getDate(), 'last_login' => time(), 'add_time' => time(), 'update_time' => time()); $admin_id = $admin_service->insertAdmin($admin_data); if ($admin_id) { $menu_ids = $request->getParam('menu_ids'); if (!empty($menu_ids)) { $menu_ids = array_unique($menu_ids); foreach ($menu_ids as $menu_id) { $auth_data = array('menu_id' => (int) $menu_id, 'department_id' => 0, 'admin_id' => $admin_id, 'add_time' => time(), 'update_time' => time()); //添加权限 $admin_service->insertAuth($auth_data); } } return $this->showMessage('恭喜您,成功添加管理员。', '/system/adminmanage'); } else { return $this->showWarning('很遗憾,添加管理员失败。'); } } $departments = $admin_service->getDepartmentOption(); $this->view->assign(array('departments' => $departments, 'admin' => array())); $this->render('admininfo'); }