首頁 探索 說明
註冊 登入
xiegeng
/
ship-expert
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: a95833c81f
分支列表 標籤列表
ship-expert
/
application
/
admin
/
controller
/
Login.php

Login.php 5.4 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 
  1. <?php
    2. 

  2. 

  3. // +----------------------------------------------------------------------
    4. 

  4. // | ThinkAdmin
    5. 

  5. // +----------------------------------------------------------------------
    6. 

  6. // | 版权所有 2014~2019 广州楚才信息科技有限公司 [ http://www.cuci.cc ]
    7. 

  7. // +----------------------------------------------------------------------
    8. 

  8. // | 官方网站: http://demo.thinkadmin.top
    9. 

  9. // +----------------------------------------------------------------------
    10. 

  10. // | 开源协议 ( https://mit-license.org )
    11. 

  11. // +----------------------------------------------------------------------
    12. 

  12. // | gitee 代码仓库:https://gitee.com/zoujingli/ThinkAdmin
    13. 

  13. // | github 代码仓库:https://github.com/zoujingli/ThinkAdmin
    14. 

  14. // +----------------------------------------------------------------------
    15. 

  15. 

  16. namespace app\admin\controller;
    17. 

  17. 

  18. use app\admin\service\NodeService;
    19. 

  19. use library\Controller;
    20. 

  20. use think\Db;
    21. 

  21. use think\facade\Request;
    22. 

  22. 

  23. /**
    24. 

  24.  * 用户登录管理
    25. 

  25.  * Class Login
    26. 

  26.  * @package app\admin\controller
    27. 

  27.  */
    28. 

  28. class Login extends Controller
    29. 

  29. {
    30. 

  30. 

  31.     /**
    32. 

  32.      * 后台登录入口
    33. 

  33.      * @throws \think\Exception
    34. 

  34.      * @throws \think\db\exception\DataNotFoundException
    35. 

  35.      * @throws \think\db\exception\ModelNotFoundException
    36. 

  36.      * @throws \think\exception\DbException
    37. 

  37.      * @throws \think\exception\PDOException
    38. 

  38.      */
    39. 

  39.     public function index()
    40. 

  40.     {
    41. 

  41.         if (Request::isGet()) {
    42. 

  42.             if (NodeService::islogin()) {
    43. 

  43.                 $this->redirect('@admin');
    44. 

  44.             } else {
    45. 

  45.                 $this->title = '系统登录';
    46. 

  46.                 $this->domain = Request::host(true);
    47. 

  47.                 if (!($this->loginskey = session('loginskey'))) session('loginskey', $this->loginskey = uniqid());
    48. 

  48.                 $this->devmode = in_array($this->domain, ['127.0.0.1', 'localhost']) || is_numeric(stripos($this->domain, 'thinkadmin.top'));
    49. 

  49.                 $this->fetch();
    50. 

  50.             }
    51. 

  51.         } else {
    52. 

  52.             $data = $this->_input([
    53. 

  53.                 'username' => input('username'), 'password' => input('password'),
    54. 

  54.             ], [
    55. 

  55.                 'username' => 'require|min:4', 'password' => 'require|min:4',
    56. 

  56.             ], [
    57. 

  57.                 'username.require' => '登录账号不能为空!',
    58. 

  58.                 'password.require' => '登录密码不能为空!',
    59. 

  59.                 'username.min'     => '登录账号长度不能少于4位有效字符!',
    60. 

  60.                 'password.min'     => '登录密码长度不能少于4位有效字符!',
    61. 

  61.             ]);
    62. 

  62.             // 用户信息验证
    63. 

  63.             $map = ['is_deleted' => '0', 'username' => $data['username']];
    64. 

  64.             $user = Db::name('SystemUser')->where($map)->order('id desc')->find();
    65. 

  65.             if (empty($user)) $this->error('登录账号或密码错误,请重新输入!');
    66. 

  66.             if (empty($user['status'])) $this->error('账号已经被禁用,请联系管理员!');
    67. 

  67.             // 账号锁定消息
    68. 

  68.             $cache = cache("user_login_{$user['username']}");
    69. 

  69.             if (is_array($cache) && !empty($cache['number']) && !empty($cache['time'])) {
    70. 

  70.                 if ($cache['number'] >= 10 && ($diff = $cache['time'] + 3600 - time()) > 0) {
    71. 

  71.                     list($m, $s, $info) = [floor($diff / 60), floor($diff % 60), ''];
    72. 

  72.                     if ($m > 0) $info = "{$m} 分";
    73. 

  73.                     $this->error("<strong class='color-red'>抱歉,该账号已经被锁定!</strong><p class='nowrap'>连续 10 次登录错误,请 {$info} {$s} 秒后再登录!</p>");
    74. 

  74.                 }
    75. 

  75.             }
    76. 

  76.             if (md5($user['password'] . session('loginskey')) !== $data['password']) {
    77. 

  77.                 if (empty($cache) || empty($cache['time']) || empty($cache['number']) || $cache['time'] + 3600 < time()) {
    78. 

  78.                     $cache = ['time' => time(), 'number' => 1, 'geoip' => $this->request->ip()];
    79. 

  79.                 } elseif ($cache['number'] + 1 <= 10) {
    80. 

  80.                     $cache = ['time' => time(), 'number' => $cache['number'] + 1, 'geoip' => $this->request->ip()];
    81. 

  81.                 }
    82. 

  82.                 cache("user_login_{$user['username']}", $cache);
    83. 

  83.                 if (($diff = 10 - $cache['number']) > 0) {
    84. 

  84.                     $this->error("<strong class='color-red'>登录账号或密码错误!</strong><p class='nowrap'>还有 {$diff} 次尝试机会,将锁定一小时内禁止登录!</p>");
    85. 

  85.                 } else {
    86. 

  86.                     sysoplog('系统管理', "账号{$user['username']}连续10次登录密码错误,请注意账号安全!");
    87. 

  87.                     $this->error("<strong class='color-red'>登录账号或密码错误!</strong><p class='nowrap'>尝试次数达到上限,锁定一小时内禁止登录!</p>");
    88. 

  88.                 }
    89. 

  89.             }
    90. 

  90.             // 登录成功并更新账号
    91. 

  91.             cache("user_login_{$user['username']}", null);
    92. 

  92.             Db::name('SystemUser')->where(['id' => $user['id']])->update([
    93. 

  93.                 'login_at'  => Db::raw('now()'),
    94. 

  94.                 'login_ip'  => $this->request->ip(),
    95. 

  95.                 'login_num' => Db::raw('login_num+1'),
    96. 

  96.             ]);
    97. 

  97.             session('loginskey', null);
    98. 

  98.             session('admin_user', $user);
    99. 

  99.             NodeService::applyUserAuth(true);
    100. 

  100.             sysoplog('系统管理', '用户登录系统成功');
    101. 

  101.             $this->success('登录成功', url('@admin'));
    102. 

  102.         }
    103. 

  103.     }
    104. 

  104. 

  105.     /**
    106. 

  106.      * 退出登录
    107. 

  107.      */
    108. 

  108.     public function out()
    109. 

  109.     {
    110. 

  110.         \think\facade\Session::clear();
    111. 

  111.         \think\facade\Session::destroy();
    112. 

  112.         $this->success('退出登录成功!', url('@admin/login'));
    113. 

  113.     }
    114. 

  114. 

  115. }
    116.