private function validate_cp($email, $password, $no_log = false)
{
$password = $this->encrypt($email, $password);
$pdo = $this->get_read_pdo();
$sql = "SELECT `id`, `balance`, `username`, `corp`, `owner`,\n `last_login_time`, `last_login_ip`\n FROM `t_diy_user`\n WHERE `email`=:email AND `password`=:password AND `status`=0";
$state = $pdo->prepare($sql);
$state->execute(array(':email' => $email, ':password' => $password));
$this->user = $user = $state->fetch(PDO::FETCH_ASSOC);
if ($no_log) {
return !!$user;
}
// 记录这次登录
$time = date('Y-m-d H:i:s');
$ip = Utils::get_client_ip();
$DB = $this->get_write_pdo();
$success = $user ? 1 : 0;
$sql = "INSERT INTO `t_diy_user_login_log`\n (`email`, `ip`, `time`, `success`)\n VALUES (:email, '{$ip}', '{$time}', {$success})";
$state = $DB->prepare($sql);
$state->execute(['email' => $email]);
if (!$user) {
return false;
}
// 记录最后一次登录
$me = $user['id'];
$sql = "UPDATE `t_diy_user`\n SET `last_login_time`='{$time}', `last_login_ip`='{$ip}'\n WHERE `id`='{$me}'";
$DB->exec($sql);
// 记录到session
session_start();
$_SESSION['email'] = $email;
$_SESSION['id'] = $user['id'];
$_SESSION['role'] = self::$CP_PERMISSION;
$_SESSION['fullname'] = $user['username'];
$_SESSION['balance'] = $user['balance'];
$_SESSION['last_login'] = array('time' => $user['last_login_time'], 'ip' => $user['last_login_ip']);
return true;
}
