Kezdőlap Felfedezés Súgó
Regisztráció Bejelentkezés
xiegeng
/
ship-expert
1
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: 85f5f4e552
Branch-ok Tag-ek
ship-expert
/
application
/
admin
/
controller
/
Login.php

Login.php 5.2 KB
Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126 
  1. <?php
    2. 

  2. 

  3. // +----------------------------------------------------------------------
    4. 

  4. // | framework
    5. 

  5. // +----------------------------------------------------------------------
    6. 

  6. // | 版权所有 2014~2018 广州楚才信息科技有限公司 [ http://www.cuci.cc ]
    7. 

  7. // +----------------------------------------------------------------------
    8. 

  8. // | 官方网站: http://framework.thinkadmin.top
    9. 

  9. // +----------------------------------------------------------------------
    10. 

  10. // | 开源协议 ( https://mit-license.org )
    11. 

  11. // +----------------------------------------------------------------------
    12. 

  12. // | github开源项目:https://github.com/zoujingli/framework
    13. 

  13. // +----------------------------------------------------------------------
    14. 

  14. 

  15. namespace app\admin\controller;
    16. 

  16. 

  17. use app\admin\service\AuthService;
    18. 

  18. use library\Controller;
    19. 

  19. use think\Db;
    20. 

  20. 

  21. /**
    22. 

  22.  * 用户登录管理
    23. 

  23.  * Class Login
    24. 

  24.  * @package app\admin\controller
    25. 

  25.  */
    26. 

  26. class Login extends Controller
    27. 

  27. {
    28. 

  28. 

  29.     /**
    30. 

  30.      * 后台登录入口
    31. 

  31.      */
    32. 

  32.     public function index()
    33. 

  33.     {
    34. 

  34.         $this->title = '系统登录';
    35. 

  35.     }
    36. 

  36. 

  37.     /**
    38. 

  38.      * 后台登录页面显示
    39. 

  39.      */
    40. 

  40.     protected function _index_get()
    41. 

  41.     {
    42. 

  42.         if (AuthService::isLogin()) {
    43. 

  43.             $this->redirect('@admin');
    44. 

  44.         } else {
    45. 

  45.             $this->loginskey = session('loginskey');
    46. 

  46.             if (empty($this->loginskey)) {
    47. 

  47.                 $this->loginskey = uniqid();
    48. 

  48.                 session('loginskey', $this->loginskey);
    49. 

  49.             }
    50. 

  50.             $this->fetch();
    51. 

  51.         }
    52. 

  52.     }
    53. 

  53. 

  54.     /**
    55. 

  55.      * 后台登录数据处理
    56. 

  56.      * @throws \think\Exception
    57. 

  57.      * @throws \think\db\exception\DataNotFoundException
    58. 

  58.      * @throws \think\db\exception\ModelNotFoundException
    59. 

  59.      * @throws \think\exception\DbException
    60. 

  60.      * @throws \think\exception\PDOException
    61. 

  61.      */
    62. 

  62.     protected function _index_post()
    63. 

  63.     {
    64. 

  64.         $data = $this->_input([
    65. 

  65.             'username' => $this->request->post('username'),
    66. 

  66.             'password' => $this->request->post('password'),
    67. 

  67.         ], [
    68. 

  68.             'username' => 'require|min:4',
    69. 

  69.             'password' => 'require|min:4',
    70. 

  70.         ], [
    71. 

  71.             'username.require' => '登录账号不能为空!',
    72. 

  72.             'password.require' => '登录密码不能为空!',
    73. 

  73.             'username.min'     => '登录账号长度不能少于4位有效字符!',
    74. 

  74.             'password.min'     => '登录密码长度不能少于4位有效字符!',
    75. 

  75.         ]);
    76. 

  76.         // 用户信息验证
    77. 

  77.         $map = ['is_deleted' => '0', 'username' => $data['username']];
    78. 

  78.         $user = Db::name('SystemUser')->where($map)->order('id desc')->find();
    79. 

  79.         if (empty($user)) $this->error('登录账号或密码错误,请重新输入!');
    80. 

  80.         if (empty($user['status'])) $this->error('账号已经被禁用,请联系管理员!');
    81. 

  81.         // 账号锁定消息
    82. 

  82.         $cache = cache("user_login_{$user['username']}");
    83. 

  83.         if (is_array($cache) && !empty($cache['number']) && !empty($cache['time'])) {
    84. 

  84.             if ($cache['number'] >= 10 && ($diff = $cache['time'] + 3600 - time()) > 0) {
    85. 

  85.                 list($m, $s, $info) = [floor($diff / 60), floor($diff % 60), ''];
    86. 

  86.                 if ($m > 0) $info = "{$m} 分";
    87. 

  87.                 $this->error("<strong class='color-red'>抱歉,该账号已经被锁定!</strong><p class='nowrap'>连续 10 次登录错误,请 {$info} {$s} 秒后再登录!</p>");
    88. 

  88.             }
    89. 

  89.         }
    90. 

  90.         if (md5($user['password'] . session('loginskey')) !== $data['password']) {
    91. 

  91.             if (empty($cache) || empty($cache['time']) || empty($cache['number']) || $cache['time'] + 3600 < time()) {
    92. 

  92.                 $cache = ['time' => time(), 'number' => 1, 'geoip' => $this->request->ip()];
    93. 

  93.             } elseif ($cache['number'] + 1 <= 10) {
    94. 

  94.                 $cache = ['time' => time(), 'number' => $cache['number'] + 1, 'geoip' => $this->request->ip()];
    95. 

  95.             }
    96. 

  96.             cache("user_login_{$user['username']}", $cache);
    97. 

  97.             if (($diff = 10 - $cache['number']) > 0) {
    98. 

  98.                 $this->error("<strong class='color-red'>登录账号或密码错误!</strong><p class='nowrap'>还有 {$diff} 次尝试机会,将锁定一小时内禁止登录!</p>");
    99. 

  99.             } else {
    100. 

  100.                 _syslog('系统管理', "账号{$user['username']}连续10次登录密码错误,请注意账号安全!");
    101. 

  101.                 $this->error("<strong class='color-red'>登录账号或密码错误!</strong><p class='nowrap'>尝试次数达到上限,锁定一小时内禁止登录!</p>");
    102. 

  102.             }
    103. 

  103.         }
    104. 

  104.         // 登录成功并更新账号
    105. 

  105.         cache("user_login_{$user['username']}", null);
    106. 

  106.         Db::name('SystemUser')->where(['id' => $user['id']])->update([
    107. 

  107.             'login_at' => Db::raw('now()'), 'login_ip' => $this->request->ip(), 'login_num' => Db::raw('login_num+1'),
    108. 

  108.         ]);
    109. 

  109.         session('user', $user);
    110. 

  110.         session('loginskey', null);
    111. 

  111.         _syslog('系统管理', '用户登录系统成功');
    112. 

  112.         empty($user['authorize']) || AuthService::applyNode();
    113. 

  113.         $this->success('登录成功,正在进入系统...', url('@admin'));
    114. 

  114.     }
    115. 

  115. 

  116.     /**
    117. 

  117.      * 退出登录
    118. 

  118.      */
    119. 

  119.     public function out()
    120. 

  120.     {
    121. 

  121.         \think\facade\Session::clear();
    122. 

  122.         \think\facade\Session::destroy();
    123. 

  123.         $this->success('退出登录成功!', url('@admin/login'));
    124. 

  124.     }
    125. 

  125. 

  126. }
    127.