public function loginsubmit()
 {
     $username = I('post.username');
     $password = I('post.password');
     $user_group = I('post.user_group');
     $verify = I('post.verify');
     if (!check_verify($verify)) {
         $this->error('验证码输入错误!');
     }
     $res = \Org\Util\Rbac::authenticate(array('username' => $username, 'group' => $user_group));
     if (false == $res) {
         $this->error('帐号不存在或密码错误!');
     } else {
         $signpassword = sign_password($password);
         if ($res['password'] != $signpassword) {
             $this->error('用户名或密码错误!');
         }
     }
     $member = M('Member')->where(array('id' => $res['id']))->find();
     //更新活动时间
     M('Member')->where(array('id' => $res['id']))->save(array('timeupdate' => date('Y-m-d H:i:s'), 'lastip' => get_client_ip()));
     session('member', $member);
     cookie('login', true);
     if ($res['username'] == C('SPECIAL_USER')) {
         session(C('ADMIN_AUTH_KEY'), true);
     }
     session(C('USER_AUTH_KEY'), $res['id']);
     // 缓存访问权限
     \Org\Util\Rbac::saveAccessList();
     $this->success('登陆成功!');
 }
Пример #2
0
 public function grade_login()
 {
     if (!check_verify(I('code', ''))) {
         $this->error('验证码错误');
     }
     $username = I('username');
     $user = M('user')->where(array('username' => $username))->find();
     $pwd = I('password', '', 'md5');
     if (!$user | $user['password'] != $pwd) {
         $this->error('用户名或密码错误');
     }
     if ($user['lock']) {
         $this->error('用户被锁定,请联系管理员解锁');
     }
     $data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip());
     M('user')->save($data);
     session(C('USER_AUTH_KEY'), $user['id']);
     session('username', $user['username']);
     session('lastlogintime', date('Y-m-d H:i', $user['logintime']));
     session('lastloginip', $user['loginip']);
     if ($user['username'] == C('RBAC_SUPERADMIN')) {
         session(C('ADMIN_AUTH_KEY'), true);
     }
     import('Org.Util.Rbac');
     Rbac::saveAccessList();
     //        dump($_SESSION);die;
     $this->redirect('Grade/Grade/grade_index');
 }
 public function dologin()
 {
     if (!IS_POST) {
         $this->error('路径非法', 'index');
     }
     if (I('post.username') == '') {
         $this->error('请输入登录名!');
     }
     if (I('post.password') == '') {
         $this->error('请输入密码!');
     }
     $ip = get_client_ip();
     $log = wx_opera_log(I('post.username'), '登录', '登录', $ip, 'dologin');
     $db = M('user');
     $user = $db->where(array('user_name' => I('post.username')))->find();
     if (!$user || $user['user_pass'] != I('post.password', '', 'md5')) {
         $this->error('登录信息错误,请重新登陆!', 'index');
     } else {
         session(C('USER_AUTH_KEY'), $user['id']);
         session('username', $user['user_name']);
         session('logintime', date('Y-m-d H:i:s', $user['user_logtime']));
         //超级管理员识别
         if ($user['user_name'] == C('RBAC_SUPERADMIN')) {
             session(C('ADMIN_AUTH_KEY'), true);
         }
         //读取用户权限
         import('Org.Util.Rbac');
         Rbac::saveAccessList();
         $data['user_logtime'] = time();
         $db->where("id=" . $user['id'])->save($data);
         $this->success('登陆成功', redirect('Index/index'));
     }
 }
Пример #4
0
 private function dologin(array $authInfo)
 {
     $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
     //  $_SESSION['email'] = $authInfo['email'];
     $_SESSION['loginUserName'] = $authInfo['nickname'];
     $_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
     $_SESSION['login_count'] = $authInfo['account'];
     //$_SESSION['token_auth'] = $authInfo['token_auth'];
     if ($authInfo['account'] == 'super_admin') {
         $_SESSION[C('ADMIN_AUTH_KEY')] = true;
     }
     // 保存登录信息
     $User = M('User');
     $ip = get_client_ip();
     $time = date('Ymd H:i:s');
     $data = array();
     $data['id'] = $authInfo['id'];
     $data['last_login_time'] = $time;
     $data['login_count'] = array('exp', 'login_count+1');
     $data['last_login_ip'] = $ip;
     $User->save($data);
     // 缓存访问权限
     Rbac::saveAccessList();
     $this->success('登录成功', __APP__ . '/Home/Index/index');
 }
Пример #5
0
 protected function _addLoginSession($inData)
 {
     session(C('USER_AUTH_KEY'), $inData['id']);
     session('username', $inData['username']);
     session('email', $inData['email']);
     if ($inData['is_supperadmin']) {
         session(C('ADMIN_AUTH_KEY'), true);
     }
     Rbac::saveAccessList();
 }
Пример #6
0
 /**
  * 管理员登录
  */
 public function login()
 {
     if (IS_GET) {
         $this->display();
     } else {
         //登录逻辑
         session(C('ADMIN_AUTH_KEY'), true);
         session(C('USER_AUTH_KEY'), 3);
         Rbac::saveAccessList(3);
         $this->success("登录成功", "../Index/index");
     }
 }
Пример #7
0
 /**
  * 登录
  */
 public function login()
 {
     if (!IS_POST) {
         E('页面不存在');
     }
     $msg = array('errno' => 0, 'error' => '', 'url' => '');
     $username = I('username');
     $pwd = I('password', '', 'md5');
     $user = M('sysuser')->where(array('username' => $username))->find();
     if (!$user || $user['password'] != $pwd) {
         $msg['errno'] = 1;
         $msg['error'] = '用户名或密码错误';
         $this->ajaxReturn($msg);
     }
     if ($user['lock']) {
         $msg['errno'] = 1;
         $msg['error'] = '用户被锁定';
         $this->ajaxReturn($msg);
     }
     $data = array('id' => $user['id'], 'logintime' => time(), 'loginip' => get_client_ip());
     M('sysuser')->save($data);
     session(C('USER_AUTH_KEY'), $user['id']);
     session('username', $user['username']);
     session('logintime', date('Y-m-d H:i:s', $user['logintime']));
     session('loginip', $user['loginip']);
     /* 判断是否为超级管理员 */
     if ($user['username'] == C('RBAC_SUPERADMIN')) {
         session('superadmin', true);
     }
     import('ORG.Util.RBAC');
     //引入RBAC类
     Rbac::saveAccessList();
     //保存权限到SESSION
     $msg['error'] = '登录成功';
     $msg['url'] = U('Admin/Index/index');
     $this->ajaxReturn($msg);
 }
 public function checkLogin()
 {
     if (empty($_POST['account'])) {
         $this->error('帐号错误!');
     } elseif (empty($_POST['password'])) {
         $this->error('密码必须!');
     } elseif (empty($_POST['verify'])) {
         $this->error('验证码必须!');
     }
     //生成认证条件
     $map = array();
     // 支持使用绑定帐号登录
     $map['account'] = $_POST['account'];
     $map["status"] = array('gt', 0);
     if (!$this->check_verify(I('verify'))) {
         $this->error('验证码错误!');
     }
     $authInfo = Rbac::authenticate($map);
     //使用用户名、密码和状态的方式进行认证
     if (false === $authInfo) {
         $this->error('帐号不存在或已禁用!');
     } else {
         if ($authInfo['password'] != md5($_POST['password'])) {
             $this->error('密码错误!');
         }
         $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
         $_SESSION['email'] = $authInfo['email'];
         $_SESSION['loginUserName'] = $authInfo['nickname'];
         $_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
         $_SESSION['login_count'] = $authInfo['login_count'];
         if ($authInfo['account'] == 'admin') {
             $_SESSION['administrator'] = true;
         }
         //保存登录信息
         $User = M('User');
         $ip = get_client_ip();
         $time = time();
         $data = array();
         $data['id'] = $authInfo['id'];
         $data['last_login_time'] = $time;
         $data['login_count'] = array('exp', 'login_count+1');
         $data['last_login_ip'] = $ip;
         $User->save($data);
         // 缓存访问权限
         Rbac::saveAccessList();
         $this->success('登录成功!');
     }
 }
 public function checkLogin()
 {
     if (empty($_POST['account'])) {
         $this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
         $this->error('帐号错误!');
     } elseif (empty($_POST['password'])) {
         $this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
         $this->error('密码必须!');
     } elseif (empty($_POST['verify'])) {
         $this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
         $this->error('验证码必须!');
     }
     // 生成认证条件
     $map = array();
     // 支持使用绑定帐号登录
     $map['account'] = $_POST['account'];
     $map["status"] = array('gt', 0);
     $data = array();
     $data['ip'] = get_client_ip();
     $data['date'] = date("Y-m-d H:i:s");
     $data['username'] = $_POST['account'];
     $data['module'] = MODULE_NAME;
     $data['action'] = ACTION_NAME;
     $data['querystring'] = U(MODULE_NAME . '/' . ACTION_NAME);
     if ($_SESSION['verify'] != md5($_POST['verify'])) {
         $this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
         $this->error('验证码错误!');
     }
     $authInfo = RBAC::authenticate($map);
     //使用用户名、密码和状态的方式进行认证
     if (false === $authInfo) {
         $data['status'] = 0;
         D("Log")->add($data);
         $this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
         $this->error('帐号不存在或已禁用!');
     } else {
         if ($authInfo['password'] != md5($_POST['password'])) {
             $data['status'] = 0;
             D("Log")->add($data);
             $this->assign('jumpUrl', __MODULE__ . C('USER_AUTH_GATEWAY'));
             $this->error('密码错误!');
         }
         $_SESSION['user_info'] = $authInfo;
         $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
         $_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
         // 站点ID设置
         $_SESSION['siteid'] = SITEID;
         if ($authInfo['role_id'] == 1) {
             $_SESSION['administrator'] = true;
         }
         //保存登录信息
         D('User')->where(array('id' => $authInfo['id']))->save(array('last_login_time' => time(), 'last_login_ip' => $data['id']));
         //保存日志
         $data['status'] = 1;
         $data['userid'] = $authInfo['id'];
         D("Log")->add($data);
         // 存储访问权限
         RBAC::saveAccessList();
         $this->success('登录成功!', __MODULE__ . '/Index');
     }
 }
 public function loginAction()
 {
     if (IS_POST) {
         $Verify = new \Think\Verify();
         if (!$Verify->check(I('post.verify'))) {
             //处理验证码错误
             session('verifyErr', '验证码错误');
             redirect(U('index'));
             return;
         }
         if (!empty($_POST)) {
             $User = M('user');
             if (!($data = $User->create())) {
                 echo 'many form';
                 die;
             }
             //$pwd = md5(I('post.password'));
             $username = $data['username'];
             $pwd = I('post.password');
             $info = $User->where(array(username => I('post.username')))->find();
             if (!$info) {
                 session('userErr', '用户名错误');
                 redirect(U('index'));
                 return;
             } else {
                 if ($info['password'] === $pwd) {
                     $data = array('id' => $info['id'], 'logintime' => time(), 'loginip' => get_client_ip());
                     M('user')->save($data);
                     //更新用户登陆信息
                     session(C('USER_AUTH_KEY'), $info['id']);
                     if ($username == C('RBAC_SUPERADMIN')) {
                         session(C('ADMIN_AUTH_KEY'), true);
                     }
                     Rbac::saveAccessList();
                     //dump($_SESSION);die;
                     redirect(U('Admin/index/index', '', ''));
                     return;
                 }
                 //处理密码错误
                 session('pwdErr', '密码错误');
                 redirect(U('index'));
                 return;
             }
         }
     }
     $this->display();
     /*if(IS_POST){
           $Verify = new \Think\Verify();
           if($Verify->check(I('verify'))){
               if(I('username') != '' && I('password') != ''){
                   $data = array (
                       $username => I('username')
                   );
                   $password = I('password');
                   $Model = new \Think\Model();
                   $user = $Model->query('select * from user where username = "******"');
                   //$user = M('user')->where($data)->find();
                   if($user) {
                       if($user[0]['password'] == md5($password)){
                            session('uid', $user[0]['id']);
                            session('username', $user[0]['username']);
                            redirect(U('Home/index/index', '', ''));
                       }else{
                           //密码错误
                           $pwderr = '密码错误';
                           $this->assign('pwderr', $pwderr);
                           $this->display();
                       }
                   }else {
                       //用户名不存在
                       $nouser = '******';
                       $this->assign('nouser', $nouser);
                       $this->display();
                   }
               }
           }else{
               //验证码错误
               $verifyErr = '验证码错误';
               $this->assign('verifyErr', $verifyErr);
               $this->display();
           }
       }else {
           $this->display();
       }*/
 }
Пример #11
0
 public function checkLogin($username, $password, $verify)
 {
     $this->jumpUrl = __MODULE__ . C('USER_AUTH_GATEWAY');
     if (empty($username) || empty($password) || empty($verify)) {
         $this->errorCode = 10001;
         $this->errorMessage = '用户名|密码|验证码都必须!';
         return false;
     }
     if (session('verify') != md5($verify)) {
         $this->errorCode = 10001;
         $this->errorMessage = '验证码错误!';
         return false;
     }
     // 生成认证条件
     $map = array();
     // 支持使用绑定帐号登录
     $map['account'] = $username;
     $map["status"] = array('gt', 0);
     $authInfo = RBAC::authenticate($map);
     $allow_try_error_time = C('ALLOW_TRY_ERROR_TIME', null, 5);
     if ($authInfo['try_time'] >= $allow_try_error_time) {
         $this->errorCode = 10002;
         $this->errorMessage = '登录失败次数过多,帐号已被禁用,请与管理员联系!';
         return false;
     }
     model('User')->where(array('id' => $authInfo['id']))->save(array('try_time' => array('exp', '`try_time` + 1')));
     $data = array();
     $data['ip'] = get_client_ip();
     $data['date'] = date("Y-m-d H:i:s");
     $data['username'] = $username;
     $data['module'] = MODULE_NAME;
     $data['action'] = ACTION_NAME;
     $data['querystring'] = U(MODULE_NAME . '/' . ACTION_NAME);
     //使用用户名、密码和状态的方式进行认证
     if (false === $authInfo) {
         $data['status'] = 0;
         model("Log")->add($data);
         $this->errorCode = 10003;
         $this->errorMessage = '帐号不存在或已禁用!';
         return false;
     } else {
         if ($authInfo['password'] != md5($password)) {
             $data['status'] = 0;
             model("Log")->add($data);
             $this->errorCode = 10003;
             $this->errorMessage = '密码错误!你还有' . ($allow_try_error_time - 1 - $authInfo['try_time']) . '尝试次机会';
             return false;
         }
         // 保存Session
         session('user_info', $authInfo);
         session(C('USER_AUTH_KEY'), $authInfo['id']);
         session('lastLoginTime', $authInfo['last_login_time']);
         if ($authInfo['role_id'] == 1) {
             session('administrator', true);
         }
         //保存登录信息
         model('User')->where(array('id' => $authInfo['id']))->save(array('last_login_time' => time(), 'last_login_ip' => $data['id'], 'try_time' => 0));
         //保存日志
         $data['status'] = 1;
         $data['userid'] = $authInfo['id'];
         model("Log")->add($data);
         // 存储访问权限
         RBAC::saveAccessList();
         // 设置默认站点
         $sites = logic('site')->getAccessibleSites();
         $current_site = current($sites);
         set_siteid($current_site['id']);
         return true;
     }
 }
Пример #12
0
 protected static function SetUserRoleSession($userid)
 {
     session('id', $userid);
     \Org\Util\Rbac::saveAccessList($userid);
     session('user_role', M('ThinkRoleUser')->where('user_id=%d', $userid)->getField('role_id'));
 }
Пример #13
0
 /**
  * 管理员登录认证
  * @param  array $admin 管理员信息
  * @return array
  */
 public function login($admin)
 {
     $Admin = $this->getM();
     // 邮箱是否存在
     if (!$this->existAccount($admin['email'])) {
         return $this->errorResultReturn('邮箱不存在!');
     }
     $account = $Admin->getByEmail($admin['email']);
     // 密码验证
     if ($account['password'] != $this->encrypt($admin['password'])) {
         return $this->errorResultReturn('密码不正确!');
     }
     // 是否启用
     if (!$this->isActive($admin['email'])) {
         return $this->errorResultReturn('账户已被禁用!');
     }
     $loginMarked = C('LOGIN_MARKED');
     $shell = $this->genShell($account['id'], $account['password']);
     // 生成登录session
     $_SESSION[$loginMarked] = $shell;
     // 生成登录cookie
     $shell .= '_' . time();
     setcookie($loginMarked, $shell, 0, '/');
     $_SESSION['current_account'] = $account;
     // 权限认证
     if (C('USER_AUTH_ON')) {
         $_SESSION[C('USER_AUTH_KEY')] = $account['id'];
         if ($account['is_super']) {
             // 超级管理员无需认证
             $_SESSION[C('ADMIN_AUTH_KEY')] = true;
         }
         // 缓存访问权限
         \Org\Util\Rbac::saveAccessList();
     }
     // 更新最后登录时间
     $Admin->where("id={$account['id']}")->save(array('last_login_at' => time()));
     return $this->resultReturn(true);
 }