public static function checkIsLogin()
 {
     //自动登录验证
     if (session('uid') === null && ($uid = encrytion(cookie(C('COOKIE_PREFIX') . '_AUTO')))) {
         //清除token
         unset($_SESSION[$tokenName][md5(session_id())]);
         if ($User = new \Admin\Model\UserModel()) {
             $condition['uid'] = $uid;
             if ($result = $User->where($condition)->find()) {
                 session('uid', $result['uid']);
                 session('name', $result['name']);
                 session('head', $result['head']);
                 session('type', $result['type']);
                 session('msg', $result['msg']);
                 session('tel', $result['tel']);
                 session('email', $result['email']);
             } else {
                 self::$error = '自动登录失败';
             }
             //后续改成,ajax返回错误信息
         } else {
             self::$error = '数据库连接失败';
         }
     }
     if ($_SESSION['uid'] === null) {
         //如果没有设置UID,就返回false,后续再做cookie验证
         self::$error = '尚未登录';
         return FALSE;
     } else {
         if (in_array($_SESSION['type'], array('6', '7'))) {
             self::$error = '您当前已被限制登录';
             return FALSE;
         }
     }
     self::$error = '已登录';
     return TRUE;
 }
 public function login()
 {
     if (!$this->isPost()) {
         halt('页面不存在');
     }
     $db = M('user');
     $field = array('id', 'username', 'password', 'logintime', 'lock');
     $where = array('account' => $this->_post('account'));
     $user = $db->where($where)->field($field)->find();
     if (!$user || $user['password'] != $this->_post('pwd', 'md5')) {
         $this->error('帐号或密码错误');
     }
     if ($user['lock']) {
         $this->error('帐号被锁定');
     }
     //是否下次自动登录
     if (isset($_POST['auto'])) {
         //设置cookie并加密
         $value = $user['id'] . '|' . get_client_ip() . '|' . $user['username'];
         $value = encrytion($value, 1);
         //加密数据
         //写入数据
         @setcookie('auto', $value, C('AUTO_LOGIN_LIFETIME'), '/');
     }
     /*每天登录获得经验*/
     $today = strtotime(date('Y-m-d'));
     //今天0时0分0秒
     $where = array('id' => $user['id']);
     if ($user['logintime'] < $today) {
         $db->where($where)->setInc('exp', C('LV_LOGIN'));
     }
     //更新时间
     $db->where($where)->save(array('logintime' => time()));
     //写入session信息
     session('uid', $user['id']);
     session('username', $user['username']);
     redirect($_SERVER['HTTP_REFERER']);
 }
 public function login()
 {
     //待优化,不安全
     if (IS_GET) {
         die("<meta charset='utf-8'><h1>非法访问</h1>");
     }
     $tokenName = C('TOKEN_NAME', null, 'token');
     if (Behavior\CheckIslogin::checkIsLogin()) {
         //校验成功,转入后台,这里不做有效性检测,有效性检测交给用户页面
         switch (session('type')) {
             case '0':
                 //超管
                 $this->success(Behavior\CheckIslogin::getError(), U('/Admin/Index/admin'));
                 break;
             case '1':
                 //普通管理员
                 // $this->success('已登陆,正在进入用户中心',U('/Admin/Index/user'));//header('Location: '.U('/admin/index/admin'));直接跳转
                 break;
             case '2':
                 //普通用户
                 $this->success(Behavior\CheckIslogin::getError(), U('/Admin/Index/user'));
                 //header('Location: '.U('/admin/index/admin'));直接跳转
                 break;
             case '3':
                 //企业用户
                 break;
         }
     } else {
         if (IS_POST & I('post.token') == $_SESSION[$tokenName][md5(session_id())]) {
             //校验token成功后,清除
             unset($_SESSION[$tokenName][md5(session_id())]);
             if ($User = new \Admin\Model\UserModel()) {
                 $condition['uid'] = I('post.uid');
                 if ($result = $User->where($condition)->find()) {
                     if ($result['pwd'] == I('post.pwd')) {
                         //验证密码,登陆成功后,写cookie/session['uid']
                         session('uid', $result['uid']);
                         /*
                          *TODO:
                          *memcache缓存,减少服务器维护的session数量和内存
                          *
                          *
                          */
                         session('name', $result['name']);
                         session('head', $result['head']);
                         session('type', $result['type']);
                         session('msg', $result['msg']);
                         session('tel', $result['tel']);
                         session('email', $result['email']);
                         //设置自动登录
                         if (I('post.remember') === 'on') {
                             $value = session('uid');
                             $value = encrytion($value, 1);
                             @setcookie(C('COOKIE_PREFIX') . '_AUTO', $value, C('AUTO_LOGIN_LIFETIME'), C('COOKIE_PATH'));
                         }
                         $this->success('登陆成功,请稍后', U('/Home/Index/index'), 1);
                     } else {
                         $this->error('密码不正确', U('/Admin/Index/index'), 2);
                     }
                     //后续改成,ajax返回错误信息
                 } else {
                     $this->error('用户名不正确', U('/Admin/Index/index'));
                 }
                 //后续改成,ajax返回错误信息
             } else {
                 die('数据库连接失败');
             }
         } else {
             $this->error('超时,请重新登录', U('/Admin/Index/index'), 3);
         }
     }
 }