public function _initialize()
{
// 用户权限检查
if (C('USER_AUTH_ON') && !in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE')))) {
if (!Rbac::AccessDecision()) {
//检查认证识别号
if (!$_SESSION[C('USER_AUTH_KEY')]) {
if (IS_AJAX) {
$this->ajaxReturn(true, "", 301);
} else {
//跳转到认证网关
redirect(C('USER_AUTH_GATEWAY'));
}
}
// 没有权限 抛出错误
if (C('RBAC_ERROR_PAGE')) {
// 定义权限错误页面
redirect(C('RBAC_ERROR_PAGE'));
} else {
if (C('GUEST_AUTH_ON')) {
$this->assign('jumpUrl', C('USER_AUTH_GATEWAY'));
}
// 提示错误信息
$this->error(L('_VALID_ACCESS_'));
}
}
}
}
function _initialize()
{
$this->siteid = get_siteid();
// 用户权限检查
if (C('USER_AUTH_ON') && !in_array(CONTROLLER_NAME, explode(',', C('NOT_AUTH_MODULE')))) {
if (!RBAC::AccessDecision()) {
//检查认证识别号
if (!$_SESSION[C('USER_AUTH_KEY')]) {
//跳转到认证网关
//$this->error('请先登录后台管理','index.php/Admin/Public/login/');
redirect('index.php/Admin/Public/login/');
}
// 没有权限 抛出错误
if (C('RBAC_ERROR_PAGE')) {
// 定义权限错误页面
$this->assign('jumpUrl', __MODULE__ . C('RBAC_ERROR_PAGE'));
$this->error('您没有权限操作该项');
D('Log')->addLog(2);
// redirect(C('RBAC_ERROR_PAGE'));
} else {
if (C('GUEST_AUTH_ON')) {
$this->assign('jumpUrl', PHP_FILE . C('USER_AUTH_GATEWAY'));
}
// 提示错误信息
$this->error(L('_VALID_ACCESS_'));
}
}
}
// 记录操作日志
if (!in_array(ACTION_NAME, array('public_session_life'))) {
D('Log')->addLog(1);
}
}
public function dologin()
{
if (!IS_POST) {
$this->error('路径非法', 'index');
}
if (I('post.username') == '') {
$this->error('请输入登录名!');
}
if (I('post.password') == '') {
$this->error('请输入密码!');
}
$ip = get_client_ip();
$log = wx_opera_log(I('post.username'), '登录', '登录', $ip, 'dologin');
$db = M('user');
$user = $db->where(array('user_name' => I('post.username')))->find();
if (!$user || $user['user_pass'] != I('post.password', '', 'md5')) {
$this->error('登录信息错误,请重新登陆!', 'index');
} else {
session(C('USER_AUTH_KEY'), $user['id']);
session('username', $user['user_name']);
session('logintime', date('Y-m-d H:i:s', $user['user_logtime']));
//超级管理员识别
if ($user['user_name'] == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
//读取用户权限
import('Org.Util.Rbac');
Rbac::saveAccessList();
$data['user_logtime'] = time();
$db->where("id=" . $user['id'])->save($data);
$this->success('登陆成功', redirect('Index/index'));
}
}
public function _initialize()
{
$access = \Org\Util\Rbac::AccessDecision();
if (!$access) {
$this->error('你没有权限');
}
}
public function loginsubmit()
{
$username = I('post.username');
$password = I('post.password');
$user_group = I('post.user_group');
$verify = I('post.verify');
if (!check_verify($verify)) {
$this->error('验证码输入错误!');
}
$res = \Org\Util\Rbac::authenticate(array('username' => $username, 'group' => $user_group));
if (false == $res) {
$this->error('帐号不存在或密码错误!');
} else {
$signpassword = sign_password($password);
if ($res['password'] != $signpassword) {
$this->error('用户名或密码错误!');
}
}
$member = M('Member')->where(array('id' => $res['id']))->find();
//更新活动时间
M('Member')->where(array('id' => $res['id']))->save(array('timeupdate' => date('Y-m-d H:i:s'), 'lastip' => get_client_ip()));
session('member', $member);
cookie('login', true);
if ($res['username'] == C('SPECIAL_USER')) {
session(C('ADMIN_AUTH_KEY'), true);
}
session(C('USER_AUTH_KEY'), $res['id']);
// 缓存访问权限
\Org\Util\Rbac::saveAccessList();
$this->success('登陆成功!');
}
public function grade_login()
{
if (!check_verify(I('code', ''))) {
$this->error('验证码错误');
}
$username = I('username');
$user = M('user')->where(array('username' => $username))->find();
$pwd = I('password', '', 'md5');
if (!$user | $user['password'] != $pwd) {
$this->error('用户名或密码错误');
}
if ($user['lock']) {
$this->error('用户被锁定,请联系管理员解锁');
}
$data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip());
M('user')->save($data);
session(C('USER_AUTH_KEY'), $user['id']);
session('username', $user['username']);
session('lastlogintime', date('Y-m-d H:i', $user['logintime']));
session('lastloginip', $user['loginip']);
if ($user['username'] == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
import('Org.Util.Rbac');
Rbac::saveAccessList();
// dump($_SESSION);die;
$this->redirect('Grade/Grade/grade_index');
}
protected function check_user_rule()
{
if (C('USER_AUTH_ON') && !in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE')))) {
if (!\Org\Util\Rbac::AccessDecision()) {
//检查认证识别号
if (!$_SESSION[C('USER_AUTH_KEY')]) {
//跳转到认证网关
if (IS_AJAX) {
$this->ajaxError('请先登陆');
} else {
redirect(PHP_FILE . C('USER_AUTH_GATEWAY'));
}
} else {
// 没有权限 抛出错误
if (C('RBAC_ERROR_PAGE')) {
// 定义权限错误页面
if (IS_AJAX) {
$this->ajaxError('您没有权限');
} else {
redirect(C('RBAC_ERROR_PAGE'));
}
} else {
$this->error('您没有权限');
}
}
}
}
}
private function dologin(array $authInfo)
{
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
// $_SESSION['email'] = $authInfo['email'];
$_SESSION['loginUserName'] = $authInfo['nickname'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['login_count'] = $authInfo['account'];
//$_SESSION['token_auth'] = $authInfo['token_auth'];
if ($authInfo['account'] == 'super_admin') {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
// 保存登录信息
$User = M('User');
$ip = get_client_ip();
$time = date('Ymd H:i:s');
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', 'login_count+1');
$data['last_login_ip'] = $ip;
$User->save($data);
// 缓存访问权限
Rbac::saveAccessList();
$this->success('登录成功', __APP__ . '/Home/Index/index');
}
{
public function index()
{
$this->redirect(CONTROLLER_NAME . '_index');
}
public function _initialize()
{
if (!isset($_SESSION[C('USER_AUTH_KEY')])) {
$this->redirect('Material/Index/index');
{
public function index()
{
$this->redirect(CONTROLLER_NAME . '_index');
}
public function _initialize()
{
if (!isset($_SESSION[C('USER_AUTH_KEY')])) {
$this->redirect('Admin/Index/index');
protected function _addLoginSession($inData)
{
session(C('USER_AUTH_KEY'), $inData['id']);
session('username', $inData['username']);
session('email', $inData['email']);
if ($inData['is_supperadmin']) {
session(C('ADMIN_AUTH_KEY'), true);
}
Rbac::saveAccessList();
}
protected function _initialize()
{
if (!Rbac::AccessDecision()) {
// 未通过认证
// 登录检查
Rbac::checkLogin();
// 提示错误信息 无权限
$this->error(L('_VALID_ACCESS_'));
//echo("没有权限");
}
}
/**
* 管理员登录
*/
public function login()
{
if (IS_GET) {
$this->display();
} else {
//登录逻辑
session(C('ADMIN_AUTH_KEY'), true);
session(C('USER_AUTH_KEY'), 3);
Rbac::saveAccessList(3);
$this->success("登录成功", "../Index/index");
}
}
public function _initialize()
{
if (!isset($_SESSION[C('USER_AUTH_KEY')])) {
$this->redirect('Admin/Login/index');
}
/* 不需要验证权限的方法处理 */
$notAuth = in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE'))) || in_array(ACTION_NAME, explode(',', C('NOT_AUTH_ACTION')));
if (C('USER_AUTH_ON') && !$notAuth) {
import('ORG.Util.RBAC');
Rbac::AccessDecision() || $this->error('没有权限');
}
}
public function _initialize()
{
if (!isset($_SESSION[C('USER_AUTH_KEY')])) {
$this->redirect('Home/Login/index');
}
$notAuth = in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE'))) || in_array(ACTION_NAME, explode(',', C('NOT_AUTH_ACTION')));
//p($_SESSION);//die;
if (C('USER_AUTH_ON') && !$notAuth) {
import('Org.Util.Rbac.class.php');
//$rbac ='' ;
\Org\Util\Rbac::AccessDecision() || $this->error('您没用权限访问此版块');
}
}
public function _initialize()
{
$auto_login = new \User\Api\UserApi();
if ($auto_login->AutoLogin()) {
// session _ACCESS_LIST
// print_r($_SESSION);
if (session('user_role') == 3 || session('user_role') == 4) {
$this->redirect('/User/Page/intro');
return;
}
$access = \Org\Util\Rbac::AccessDecision();
if (!$access) {
$this->error('对不起,您没有访问权限');
}
} else {
$this->redirect('/User/Page/intro');
}
}
/**
* 权限过滤
* @return
*/
protected function filterAccess()
{
if (!C('USER_AUTH_ON')) {
return;
}
if (\Org\Util\Rbac::AccessDecision(C('GROUP_AUTH_NAME'))) {
return;
}
if (!$_SESSION[C('USER_AUTH_KEY')]) {
// 登录认证号不存在
return $this->redirect(C('USER_AUTH_GATEWAY'));
}
if ('Public' === CONTROLLER_NAME && 'Public' === ACTION_NAME) {
// 首页无法进入,则登出帐号
D('Admin', 'Service')->logout();
}
return $this->error('您没有权限执行该操作!');
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('用户名是必须的!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['id'] = $_POST['account'];
$map["status"] = array('gt', 0);
$authInfo = \Org\Util\Rbac::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (null === $authInfo) {
$this->error('用户名不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
if ($authInfo['id'] == 'admin') {
$_SESSION['administrator'] = true;
} else {
$_SESSION['administrator'] = false;
}
// //保存登录信息
// $User = M('User');
// $ip = get_client_ip();
// $time = time();
// $data = array();
// $data['id'] = $authInfo['id'];
// $data['last_login_time'] = $time;
// $data['login_count'] = array('exp','login_count+1');
// $data['last_login_ip'] = $ip;
// $User->save($data);
// 缓存访问权限
\Org\Util\RBAC::saveAccessList();
$this->success('登录成功!', __APP__ . '/Home/Index/index');
}
}
protected function filterAuth()
{
// 用户权限检查
if (!RBAC::AccessDecision()) {
// 没有权限 抛出错误
if (C('RBAC_ERROR_PAGE')) {
// 定义权限错误页面
$this->assign('jumpUrl', __MODULE__ . C('RBAC_ERROR_PAGE'));
$this->error('您没有权限操作该项');
model('Log')->addLog(2);
// redirect(C('RBAC_ERROR_PAGE'));
} else {
if (C('GUEST_AUTH_ON')) {
$this->assign('jumpUrl', PHP_FILE . C('USER_AUTH_GATEWAY'));
}
// 提示错误信息
$this->error(L('_VALID_ACCESS_'));
}
}
// 记录操作日志
model('Log')->addLog(1);
}
/**
* 登录
*/
public function login()
{
if (!IS_POST) {
E('页面不存在');
}
$msg = array('errno' => 0, 'error' => '', 'url' => '');
$username = I('username');
$pwd = I('password', '', 'md5');
$user = M('sysuser')->where(array('username' => $username))->find();
if (!$user || $user['password'] != $pwd) {
$msg['errno'] = 1;
$msg['error'] = '用户名或密码错误';
$this->ajaxReturn($msg);
}
if ($user['lock']) {
$msg['errno'] = 1;
$msg['error'] = '用户被锁定';
$this->ajaxReturn($msg);
}
$data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip());
M('sysuser')->save($data);
session(C('USER_AUTH_KEY'), $user['id']);
session('username', $user['username']);
session('logintime', date('Y-m-d H:i:s', $user['logintime']));
session('loginip', $user['loginip']);
/* 判断是否为超级管理员 */
if ($user['username'] == C('RBAC_SUPERADMIN')) {
session('superadmin', true);
}
import('ORG.Util.RBAC');
//引入RBAC类
Rbac::saveAccessList();
//保存权限到SESSION
$msg['error'] = '登录成功';
$msg['url'] = U('Admin/Index/index');
$this->ajaxReturn($msg);
}
protected function filterAuth()
{
// 用户权限检查
if (!RBAC::AccessDecision()) {
// 没有权限 抛出错误
if (C('RBAC_ERROR_PAGE')) {
// 定义权限错误页面
$this->assign('jumpUrl', __MODULE__ . C('RBAC_ERROR_PAGE'));
//$data['auth']=false;
//$this->error($data,ajax);
//$this->ajaxReturn($data,'JSON');
//model('Log')->addLog(2);
redirect(C('RBAC_ERROR_PAGE'));
} else {
if (C('GUEST_AUTH_ON')) {
$this->assign('jumpUrl', PHP_FILE . C('USER_AUTH_GATEWAY'));
}
// 提示错误信息
$this->error(L('_VALID_ACCESS_'));
}
}
// 记录操作日志
//model('Log')->addLog(1);
}
protected static function SetUserRoleSession($userid)
{
session('id', $userid);
\Org\Util\Rbac::saveAccessList($userid);
session('user_role', M('ThinkRoleUser')->where('user_id=%d', $userid)->getField('role_id'));
}
public function modPass()
{
$type = I('type');
$oldpass = I('oldpass');
$newpass = I('newpass');
if ('menu' == $type) {
$this->display();
exit;
}
// 生成认证条件
$map = array();
// 支持使用绑定帐号登录
$ses = $_SESSION;
$map['account'] = $_SESSION['login_count'];
$map["status"] = array('gt', 0);
$authInfo = Rbac::authenticate($map);
// 使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($oldpass)) {
echoJson('1', '原密码输入错误');
} else {
$where['id'] = $_SESSION['authId'];
$passdata['password'] = md5($newpass);
$user = M('User');
$res = $user->where($where)->save($passdata);
if ($res) {
echoJson('0', '密码修改成功');
} else {
echoJson('1', ' 服务器忙');
}
}
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->error('密码必须!');
} elseif (empty($_POST['verify'])) {
$this->error('验证码必须!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['account'] = $_POST['account'];
$map["status"] = array('gt', 0);
if (!$this->check_verify(I('verify'))) {
$this->error('验证码错误!');
}
$authInfo = Rbac::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['email'] = $authInfo['email'];
$_SESSION['loginUserName'] = $authInfo['nickname'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['login_count'] = $authInfo['login_count'];
if ($authInfo['account'] == 'admin') {
$_SESSION['administrator'] = true;
}
//保存登录信息
$User = M('User');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', 'login_count+1');
$data['last_login_ip'] = $ip;
$User->save($data);
// 缓存访问权限
Rbac::saveAccessList();
$this->success('登录成功!');
}
}
/**
* @param string $access
* @return bool
*/
function check_access($access = "")
{
$path = explode('/', strtoupper($access));
$accessList = \Org\Util\Rbac::getAccessList($_SESSION[get_opinion('USER_AUTH_KEY')]);
if ((int) $_SESSION[get_opinion('USER_AUTH_KEY')] == 1 || $accessList[$path[0]][$path[1]][$path[2]] != '') {
return true;
} else {
return false;
}
}
/**
* 生成菜单
* 从配置文件中取出菜单的数组
* 查看这个数组是否存在childs元素
* 如果存在childs元素则用这个数组与当前用户允许的访问的模块和操作进行匹配
* 如果匹配到了就把其放入menu数组中去
* 如果不存在childs则根据link来切割获取module和action
* 并判断其是否在允许访问的列表中,如果在则将其允许访问的标志放入menu中去
*/
protected function menu()
{
$a = $_SESSION;
if (isset($_SESSION[C('USER_AUTH_KEY')])) {
// 显示菜单项
$menu = array();
if (isset($_SESSION['menu1' . $_SESSION[C('USER_AUTH_KEY')]])) {
// 如果已经缓存,直接读取缓存
// $menu = $_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]];
} else {
$list = C('MENU');
if (isset($_SESSION['_ACCESS_LIST'])) {
// $accessList = $_SESSION['_ACCESS_LIST'];
$accessList = Rbac::getAccessList($_SESSION[C('USER_AUTH_KEY')]);
} else {
$accessList = Rbac::getAccessList($_SESSION[C('USER_AUTH_KEY')]);
}
// var_dump($accessList);exit();
$menu = $this->get_menu($list, $accessList);
// $_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]] = $menu;
}
// var_dump($menu);exit();
$this->assign('menu', $menu);
}
}
public function loginAction()
{
if (IS_POST) {
$Verify = new \Think\Verify();
if (!$Verify->check(I('post.verify'))) {
//处理验证码错误
session('verifyErr', '验证码错误');
redirect(U('index'));
return;
}
if (!empty($_POST)) {
$User = M('user');
if (!($data = $User->create())) {
echo 'many form';
die;
}
//$pwd = md5(I('post.password'));
$username = $data['username'];
$pwd = I('post.password');
$info = $User->where(array(username => I('post.username')))->find();
if (!$info) {
session('userErr', '用户名错误');
redirect(U('index'));
return;
} else {
if ($info['password'] === $pwd) {
$data = array('id' => $info['id'], 'logintime' => time(), 'loginip' => get_client_ip());
M('user')->save($data);
//更新用户登陆信息
session(C('USER_AUTH_KEY'), $info['id']);
if ($username == C('RBAC_SUPERADMIN')) {
session(C('ADMIN_AUTH_KEY'), true);
}
Rbac::saveAccessList();
//dump($_SESSION);die;
redirect(U('Admin/index/index', '', ''));
return;
}
//处理密码错误
session('pwdErr', '密码错误');
redirect(U('index'));
return;
}
}
}
$this->display();
/*if(IS_POST){
$Verify = new \Think\Verify();
if($Verify->check(I('verify'))){
if(I('username') != '' && I('password') != ''){
$data = array (
$username => I('username')
);
$password = I('password');
$Model = new \Think\Model();
$user = $Model->query('select * from user where username = "******"');
//$user = M('user')->where($data)->find();
if($user) {
if($user[0]['password'] == md5($password)){
session('uid', $user[0]['id']);
session('username', $user[0]['username']);
redirect(U('Home/index/index', '', ''));
}else{
//密码错误
$pwderr = '密码错误';
$this->assign('pwderr', $pwderr);
$this->display();
}
}else {
//用户名不存在
$nouser = '******';
$this->assign('nouser', $nouser);
$this->display();
}
}
}else{
//验证码错误
$verifyErr = '验证码错误';
$this->assign('verifyErr', $verifyErr);
$this->display();
}
}else {
$this->display();
}*/
}
public function checkLogin($username, $password, $verify)
{
$this->jumpUrl = __MODULE__ . C('USER_AUTH_GATEWAY');
if (empty($username) || empty($password) || empty($verify)) {
$this->errorCode = 10001;
$this->errorMessage = '用户名|密码|验证码都必须!';
return false;
}
if (session('verify') != md5($verify)) {
$this->errorCode = 10001;
$this->errorMessage = '验证码错误!';
return false;
}
// 生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['account'] = $username;
$map["status"] = array('gt', 0);
$authInfo = RBAC::authenticate($map);
$allow_try_error_time = C('ALLOW_TRY_ERROR_TIME', null, 5);
if ($authInfo['try_time'] >= $allow_try_error_time) {
$this->errorCode = 10002;
$this->errorMessage = '登录失败次数过多,帐号已被禁用,请与管理员联系!';
return false;
}
model('User')->where(array('id' => $authInfo['id']))->save(array('try_time' => array('exp', '`try_time` + 1')));
$data = array();
$data['ip'] = get_client_ip();
$data['date'] = date("Y-m-d H:i:s");
$data['username'] = $username;
$data['module'] = MODULE_NAME;
$data['action'] = ACTION_NAME;
$data['querystring'] = U(MODULE_NAME . '/' . ACTION_NAME);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$data['status'] = 0;
model("Log")->add($data);
$this->errorCode = 10003;
$this->errorMessage = '帐号不存在或已禁用!';
return false;
} else {
if ($authInfo['password'] != md5($password)) {
$data['status'] = 0;
model("Log")->add($data);
$this->errorCode = 10003;
$this->errorMessage = '密码错误!你还有' . ($allow_try_error_time - 1 - $authInfo['try_time']) . '尝试次机会';
return false;
}
// 保存Session
session('user_info', $authInfo);
session(C('USER_AUTH_KEY'), $authInfo['id']);
session('lastLoginTime', $authInfo['last_login_time']);
if ($authInfo['role_id'] == 1) {
session('administrator', true);
}
//保存登录信息
model('User')->where(array('id' => $authInfo['id']))->save(array('last_login_time' => time(), 'last_login_ip' => $data['id'], 'try_time' => 0));
//保存日志
$data['status'] = 1;
$data['userid'] = $authInfo['id'];
model("Log")->add($data);
// 存储访问权限
RBAC::saveAccessList();
// 设置默认站点
$sites = logic('site')->getAccessibleSites();
$current_site = current($sites);
set_siteid($current_site['id']);
return true;
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
$this->error('帐号错误!');
} elseif (empty($_POST['password'])) {
$this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
$this->error('密码必须!');
} elseif (empty($_POST['verify'])) {
$this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
$this->error('验证码必须!');
}
// 生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['account'] = $_POST['account'];
$map["status"] = array('gt', 0);
$data = array();
$data['ip'] = get_client_ip();
$data['date'] = date("Y-m-d H:i:s");
$data['username'] = $_POST['account'];
$data['module'] = MODULE_NAME;
$data['action'] = ACTION_NAME;
$data['querystring'] = U(MODULE_NAME . '/' . ACTION_NAME);
if ($_SESSION['verify'] != md5($_POST['verify'])) {
$this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
$this->error('验证码错误!');
}
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$data['status'] = 0;
D("Log")->add($data);
$this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$data['status'] = 0;
D("Log")->add($data);
$this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
$this->error('密码错误!');
}
$_SESSION['user_info'] = $authInfo;
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
// 站点ID设置
$_SESSION['siteid'] = SITEID;
if ($authInfo['role_id'] == 1) {
$_SESSION['administrator'] = true;
}
//保存登录信息
D('User')->where(array('id' => $authInfo['id']))->save(array('last_login_time' => time(), 'last_login_ip' => $data['id']));
//保存日志
$data['status'] = 1;
$data['userid'] = $authInfo['id'];
D("Log")->add($data);
// 存储访问权限
RBAC::saveAccessList();
$this->success('登录成功!', __MODULE__ . '/Index');
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('帐号错误!', __CONTROLLER__ . '/login', 2);
} elseif (empty($_POST['password'])) {
$this->error('密码必须!', __CONTROLLER__ . '/login', 2);
} elseif (empty($_POST['verify'])) {
$this->error('验证码必须!', __CONTROLLER__ . '/login', 2);
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['account'] = $_POST['account'];
$map["status"] = array('gt', 0);
//3.2.1 的 验证码 检验方法
$verify = $_POST['verify'];
if (!$this->check_verify($verify)) {
$this->error('验证码输入错误!', __CONTROLLER__ . '/login', 2);
}
$authInfo = Rbac::authenticate($map);
//使用用户名、密码和状态 的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在或已禁用!');
} else {
if ($authInfo['password'] != md5($_POST['password'])) {
$this->error('密码错误!', __CONTROLLER__ . '/login', 2);
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['email'] = $authInfo['email'];
$_SESSION['loginUserName'] = empty($authInfo['nickname']) ? $authInfo['account'] : $authInfo['nickname'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['login_count'] = $authInfo['login_count'];
if ($authInfo['account'] == 'admin') {
$_SESSION['administrator'] = true;
}
// $log['vc_operation']="用户登录:登录成功!";
// $log['vc_module']="系统管理";
// $log['creator_id']=$authInfo['id'];
// $log['creator_name']=$authInfo['account'];
// $log['vc_ip']=get_client_ip();
// $log['createtime']=time();
// M("Log")->add($log);
//保存登录信息
$User = M('User');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', 'login_count+1');
$data['last_login_ip'] = $ip;
$User->save($data);
// 缓存访问权限
//RBAC::saveAccessList();
$this->redirect('Admin/Index/index');
}
}