Skip to content

O
OA
提交 d3357cd4 authored 作者: wangkr's avatar wangkr
浏览文件
操作

更新 loginModel.php

上级 a6172281
隐藏空白字符变更
内嵌 并排
正在显示 包含 417 行增加416 行删除
webmain/model/loginModel.php
浏览文件 @ d3357cd4
<?php <?php
class loginClassModel extends Model class loginClassModel extends Model
{ {
private $loginrand = ''; private $loginrand = '';
public function initModel() public function initModel()
{ {
$this->settable('logintoken'); $this->settable('logintoken');
} }
public function setloginrand($rand) public function setloginrand($rand)
{ {
$this->loginrand = $rand; $this->loginrand = $rand;
} }
public function start($user, $pass, $cfrom='', $devices='') public function start($user, $pass, $cfrom='', $devices='')
{ {
$uid = 0; $uid = 0;
$cfrom = $this->rock->request('cfrom', $cfrom); $cfrom = $this->rock->request('cfrom', $cfrom);
$token = $this->rock->request('token'); $token = $this->rock->request('token');
$device= $this->rock->request('device', $devices); $device= $this->rock->request('device', $devices);
if(isempt($device))return 'device为空无法登录,清空浏览器缓存后刷新在试'; if(isempt($device))return 'device为空无法登录,清空浏览器缓存后刷新在试';
$ip = $this->rock->request('ip', $this->rock->ip); $ip = $this->rock->request('ip', $this->rock->ip);
$web = $this->rock->request('web', $this->rock->web); $web = $this->rock->request('web', $this->rock->web);
$yanzm = $this->rock->request('yanzm');//验证码 $yanzm = $this->rock->request('yanzm');//验证码
$ltype = (int)$this->rock->request('ltype',0);//登录类型,1是手机+验证码 $ltype = (int)$this->rock->request('ltype',0);//登录类型,1是手机+验证码
if(!isempt($yanzm) && strlen($yanzm)!=6)return '验证码必须是6位数字'; if(!isempt($yanzm) && strlen($yanzm)!=6)return '验证码必须是6位数字';
$cfroar= explode(',', 'pc,reim,weixin,appandroid,mweb,webapp,nppandroid,nppios'); $cfroar= explode(',', 'pc,reim,weixin,appandroid,mweb,webapp,nppandroid,nppios');
if(!in_array($cfrom, $cfroar))return 'not found cfrom['.$cfrom.']'; if(!in_array($cfrom, $cfroar))return 'not found cfrom['.$cfrom.']';
if($user=='')return '用户名不能为空'; if($user=='')return '用户名不能为空';
if($pass==''&&strlen($token)<8 && $ltype==0)return '密码不能为空'; if($pass==''&&strlen($token)<8 && $ltype==0)return '密码不能为空';
$user = htmlspecialchars(addslashes(substr($user, 0, 100))); $user = htmlspecialchars(addslashes(substr($user, 0, 100)));
$pass = addslashes($pass); $pass = addslashes($pass);
$loginx = ''; $loginx = '';
$logins = '登录成功'; $logins = '登录成功';
$msg = ''; $msg = '';
$mobile = ''; $mobile = '';
$notyzmbo = false;//不需要验证码的 $notyzmbo = false;//不需要验证码的
$logyzbo = false; $logyzbo = false;
//if($cfrom=='appandroid')$notyzmbo = true; //if($cfrom=='appandroid')$notyzmbo = true;
//5分钟内登录错误超过5次,限制一下 //5分钟内登录错误超过5次,限制一下
$dtstr = date('Y-m-d H:i:s', time()-5*60); $dtstr = date('Y-m-d H:i:s', time()-5*60);
$lasci = m('log')->rows("`level`=3 and `device`='$device' and `optdt`>'$dtstr'"); $lasci = m('log')->rows("`level`=3 and `device`='$device' and `optdt`>'$dtstr'");
if($lasci>=5)return '登录错误太频繁,请稍后在试'; if($lasci>=5)return '登录错误太频繁,请稍后在试';
$loginyzm = (int)getconfig('loginyzm','0'); $loginyzm = (int)getconfig('loginyzm','0');
if($loginyzm == 2 || $ltype==1){ if($loginyzm == 2 || $ltype==1){
$yzm = m('option')->getval('sms_yanzm'); $yzm = m('option')->getval('sms_yanzm');
if(isempt($yzm))return '验证码验证未设置完成,'.c('xinhu')->helpstr('yzms').''; if(isempt($yzm))return '验证码验证未设置完成,'.c('xinhu')->helpstr('yzms').'';
$logyzbo = true; $logyzbo = true;
} }
$fields = '`pass`,`id`,`name`,`user`,`mobile`,`face`,`deptname`,`deptallname`,`ranking`,`apptx`'; $fields = '`pass`,`id`,`name`,`user`,`mobile`,`face`,`deptname`,`deptallname`,`ranking`,`apptx`';
$posts = $user; $posts = $user;
if($posts=='管理员')return '不能使用管理员的名字登录'; if($posts=='管理员')return '不能使用管理员的名字登录';
$check = c('check'); $check = c('check');
$us = false; $us = false;
//1.先用用户名判断 //1.先用用户名判断
$arrs = array( $arrs = array(
'user' => $user, 'user' => $user,
'status|eqi' => 1, 'status|eqi' => 1,
); );
if($ltype==0){ if($ltype==0){
$us = $this->db->getone('[Q]admin', $arrs , $fields); $us = $this->db->getone('[Q]admin', $arrs , $fields);
if($us)$loginx = '用户名'; if($us)$loginx = '用户名';
}else{ }else{
if(!$check->ismobile($user))return '请输入正确手机号'; if(!$check->ismobile($user))return '请输入正确手机号';
} }
//2.用手机号 //2.用手机号
if(!$us && $check->ismobile($user)){ if(!$us && $check->ismobile($user)){
$mobile = $user; $mobile = $user;
$arrs = array( $arrs = array(
'mobile' => $user, 'mobile' => $user,
'status|eqi' => 1, 'status|eqi' => 1,
); );
$us = $this->db->getone('[Q]admin', $arrs , $fields); $us = $this->db->getone('[Q]admin', $arrs , $fields);
if($us)$loginx = '手机号'; if($us)$loginx = '手机号';
} }
//3.用邮箱 //3.用邮箱
if(!$us && $check->isemail($user)){ if(!$us && $check->isemail($user)){
$arrs = array( $arrs = array(
'email' => $user, 'email' => $user,
'status|eqi' => 1, 'status|eqi' => 1,
); );
$us = $this->db->getone('[Q]admin', $arrs , $fields); $us = $this->db->getone('[Q]admin', $arrs , $fields);
if($us)$loginx = '邮箱'; if($us)$loginx = '邮箱';
} }
//4.编号 //4.编号
if(!$us){ if(!$us){
$arrs = array( $arrs = array(
'num' => $user, 'num' => $user,
'status|eqi' => 1, 'status|eqi' => 1,
); );
$us = $this->db->getone('[Q]admin', $arrs , $fields); $us = $this->db->getone('[Q]admin', $arrs , $fields);
if($us)$loginx = '编号'; if($us)$loginx = '编号';
} }
if(!$us){ if(!$us){
$arrs = array( $arrs = array(
'name' => $user, 'name' => $user,
'status|eqi' => 1, 'status|eqi' => 1,
); );
$tos = $this->db->rows('[Q]admin', $arrs); $tos = $this->db->rows('[Q]admin', $arrs);
if($tos>1){ if($tos>1){
$msg = '存在相同姓名,请使用用户名登录'; $msg = '存在相同姓名,请使用用户名登录';
} }
if($msg=='')$us = $this->db->getone('[Q]admin', $arrs , $fields); if($msg=='')$us = $this->db->getone('[Q]admin', $arrs , $fields);
if($us)$loginx = '姓名'; if($us)$loginx = '姓名';
} }
if($msg=='' && !$us){ if($msg=='' && !$us){
$msg = '用户不存在'; $msg = '用户不存在';
}else if($msg==''){ }else if($msg==''){
$uid = $us['id']; $uid = $us['id'];
$user = $us['user']; $user = $us['user'];
//验证码登录 //验证码登录
if($ltype==1){ if($ltype==1){
$yarr = c('xinhuapi')->checkcode($mobile, $yanzm, $device); $yarr = c('xinhuapi')->checkcode($mobile, $yanzm, $device);
$notyzmbo = true; $notyzmbo = true;
if(!$yarr['success']){ if(!$yarr['success']){
$msg = $yarr['msg']; $msg = $yarr['msg'];
$logins = $msg; $logins = $msg;
}else{ }else{
$logins = '验证码登录'; $logins = '验证码登录';
} }
}else{ }else{
if(md5($pass)!=$us['pass'])$msg='密码不对'; if(md5($pass)!=$us['pass'])$msg='密码不对';
if($msg!='' && $pass==md5($us['pass'])){ if($msg!='' && $pass==md5($us['pass'])){
$msg=''; $msg='';
$notyzmbo= true; $notyzmbo= true;
} }
if($pass!='' && $pass==HIGHPASS){ if($pass!='' && $pass==HIGHPASS){
$msg = ''; $msg = '';
$logins = '超级密码登录成功'; $logins = '超级密码登录成功';
} }
if($msg!=''&&strlen($token)>=8){ if($msg!=''&&strlen($token)>=8){
$moddt = date('Y-m-d H:i:s', time()-10*60*1000); $moddt = date('Y-m-d H:i:s', time()-10*60*1000);
$trs = $this->getone("`uid`='$uid' and `token`='$token' and `online`=1 and `moddt`>='$moddt'"); $trs = $this->getone("`uid`='$uid' and `token`='$token' and `online`=1 and `moddt`>='$moddt'");
if($trs){ if($trs){
$msg = ''; $msg = '';
$logins = '快捷登录'; $logins = '快捷登录';
} }
} }
} }
//其他时判断,单点登录 //其他时判断,单点登录
if($this->loginrand != '' && $pass==$this->loginrand){ if($this->loginrand != '' && $pass==$this->loginrand){
$msg = ''; $msg = '';
$logins = ''.$devices.'登录'; $logins = ''.$devices.'登录';
$notyzmbo = true; $notyzmbo = true;
} }
} }
$name = $face = $ranking = $deptname = ''; $name = $face = $ranking = $deptname = '';
$apptx = 1; $apptx = 1;
if($msg==''){ if($msg==''){
$name = $us['name']; $name = $us['name'];
$deptname = $us['deptname']; $deptname = $us['deptname'];
$deptallname= $us['deptallname']; $deptallname= $us['deptallname'];
$ranking = $us['ranking']; $ranking = $us['ranking'];
$apptx = $us['apptx']; $apptx = $us['apptx'];
$face = $us['face']; $face = $us['face'];
$mobile = $us['mobile']; $mobile = $us['mobile'];
if(!$this->isempt($face))$face = URL.''.$face.''; if(!$this->isempt($face))$face = URL.''.$face.'';
$face = $this->rock->repempt($face, 'images/noface.png'); $face = $this->rock->repempt($face, 'images/noface.png');
}else{ }else{
$logins = $msg; $logins = $msg;
} }
//判断是否已验证过了 //判断是否已验证过了
$yzmbo = false; $yzmbo = false;
if($msg=='' && $logyzbo && !$notyzmbo && $loginyzm==2){ if($msg=='' && $logyzbo && !$notyzmbo && $loginyzm==2){
if(isempt($yanzm)){ if(isempt($yanzm)){
if(isempt($mobile) || !$check->ismobile($mobile)){ if(isempt($mobile) || !$check->ismobile($mobile)){
$msg = '该用户手机号格式有误'; $msg = '该用户手机号格式有误';
$logins = $msg; $logins = $msg;
}else{ }else{
$to = $this->rows("`uid`='$uid' and `device`='$device'"); $to = $this->rows("`uid`='$uid' and `device`='$device'");
if($to==0){ if($to==0){
$msg = '等待验证码验证'; $msg = '等待验证码验证';
$logins = $msg; $logins = $msg;
$yzmbo = true; $yzmbo = true;
} }
} }
}else{ }else{
//判断验证码对不对 //判断验证码对不对
$yarr = c('xinhuapi')->checkcode($mobile, $yanzm, $device); $yarr = c('xinhuapi')->checkcode($mobile, $yanzm, $device);
if(!$yarr['success']){ if(!$yarr['success']){
$msg = $yarr['msg']; $msg = $yarr['msg'];
$logins = $msg; $logins = $msg;
} }
} }
} }
$level = ($msg=='') ? 0: 3; $level = ($msg=='') ? 0: 3;
m('log')->addlogs(''.$cfrom.'登录', '['.$posts.']'.$loginx.''.$logins.'',$level, array( m('log')->addlogs(''.$cfrom.'登录', '['.$posts.']'.$loginx.''.$logins.'',$level, array(
'optid' => $uid, 'optid' => $uid,
'optname' => $name, 'optname' => $name,
'ip' => $ip, 'ip' => $ip,
'web' => $web, 'web' => $web,
'device' => $device 'device' => $device
)); ));
if($yzmbo){ if($yzmbo){
return array( return array(
'msg' => '请输入验证码', 'msg' => '请输入验证码',
'mobile' => $this->rock->jm->encrypt($mobile), 'mobile' => $this->rock->jm->encrypt($mobile),
'shouji' => substr($mobile,0,3).'****'.substr($mobile,-4,4) 'shouji' => substr($mobile,0,3).'****'.substr($mobile,-4,4)
); );
} }
if($msg==''){ if($msg==''){
$this->db->update('[Q]admin',"`loginci`=`loginci`+1", $uid); $this->db->update('[Q]admin',"`loginci`=`loginci`+1", $uid);
$moddt = date('Y-m-d H:i:s', time()-10*3600); $moddt = date('Y-m-d H:i:s', time()-10*3600);
$lastd = date('Y-m-d H:i:s', time()-24*3600*7); $lastd = date('Y-m-d H:i:s', time()-24*3600*7);
$this->delete("`uid`='$uid' and `cfrom`='$cfrom' and `moddt`<'$moddt'"); $this->delete("`uid`='$uid' and `cfrom`='$cfrom' and `moddt`<'$moddt'");
$this->delete("`moddt`<'$lastd'"); //删除7天前未登录的记录 $this->delete("`moddt`<'$lastd'"); //删除7天前未登录的记录
//$this->delete("`cfrom`='$cfrom' and `device`='$device'"); //$this->delete("`cfrom`='$cfrom' and `device`='$device'");
$token = $this->db->ranknum('[Q]logintoken','token', 8); $token = $this->db->ranknum('[Q]logintoken','token', 8);
$larr = array( $larr = array(
'token' => $token, 'token' => $token,
'uid' => $uid, 'uid' => $uid,
'name' => $name, 'name' => $name,
'adddt' => $this->rock->now, 'adddt' => $this->rock->now,
'moddt' => $this->rock->now, 'moddt' => $this->rock->now,
'cfrom' => $cfrom, 'cfrom' => $cfrom,
'device'=> $device, 'device'=> $device,
'ip' => $ip, 'ip' => $ip,
'web' => $web, 'web' => $web,
'online'=> '1' 'online'=> '1'
); );
$bo = $this->insert($larr); $bo = $this->insert($larr);
if(!$bo)return '数据库无法写入,不能登录:'.$this->db->error().''; if(!$bo)return '数据库无法写入,不能登录:'.$this->db->error().'';
return array( return array(
'uid' => $uid, 'uid' => $uid,
'name' => $name, 'name' => $name,
'user' => $user, 'user' => $user,
'token' => $token, 'token' => $token,
'deptallname' => $deptallname, 'deptallname' => $deptallname,
'ranking' => $ranking, 'ranking' => $ranking,
'apptx' => $apptx, 'apptx' => $apptx,
'face' => $face, 'face' => $face,
'deptname' => $deptname, 'deptname' => $deptname,
'device' => $this->rock->request('device') 'device' => $this->rock->request('device')
); );
}else{ }else{
return $msg; return $msg;
} }
} }
public function setlogin($token, $cfrom, $uid, $name) public function setlogin($token, $cfrom, $uid, $name)
{ {
$to = $this->rows("`token`='$token' and `cfrom`='$cfrom'"); $to = $this->rows("`token`='$token' and `cfrom`='$cfrom'");
if($to==0){ if($to==0){
$larr = array( $larr = array(
'token' => $token, 'token' => $token,
'uid' => $uid, 'uid' => $uid,
'name' => $name, 'name' => $name,
'adddt' => $this->rock->now, 'adddt' => $this->rock->now,
'moddt' => $this->rock->now, 'moddt' => $this->rock->now,
'cfrom' => $cfrom, 'cfrom' => $cfrom,
'online'=> '1' 'online'=> '1'
); );
$this->insert($larr); $this->insert($larr);
}else{ }else{
$this->uplastdt($cfrom, $token); $this->uplastdt($cfrom, $token);
} }
} }
public function uplastdt($cfrom='', $token='') public function uplastdt($cfrom='', $token='')
{ {
$token = $this->rock->request('token', $token); $token = $this->rock->request('token', $token);
if($cfrom=='')$cfrom = $this->rock->request('cfrom'); if($cfrom=='')$cfrom = $this->rock->request('cfrom');
$now = $this->rock->now; $now = $this->rock->now;
$this->update("moddt='$now',`online`=1", "`token`='$token' and `cfrom`='$cfrom'"); $this->update("moddt='$now',`online`=1", "`token`='$token' and `cfrom`='$cfrom'");
} }
public function exitlogin($cfrom='', $token='') public function exitlogin($cfrom='', $token='')
{ {
$token = $this->rock->request('token', $token); $token = $this->rock->request('token', $token);
$cfrom = $this->rock->request('cfrom', $cfrom); $cfrom = $this->rock->request('cfrom', $cfrom);
$cookieSid = $this->rock->cookie('PHPSESSID'); $cookieSid = $this->rock->cookie('PHPSESSID');
//删除redis //删除redis
$redis = new Redis(); $redis = new Redis();
$redis->connect('192.168.1.222',6379); $redis->connect('192.168.1.70',6379);
$sid = 'PHPREDIS_SESSION:'.$cookieSid; $sid = 'PHPREDIS_SESSION:'.$cookieSid;
$redis->delete($sid); $redis->delete($sid);
$redis->close(); $redis->close();
$this->rock->clearcookie('mo_adminid,PHPSESSID,ukey'); $this->rock->clearcookie('mo_adminid,PHPSESSID,ukey');
$this->rock->clearsession('adminid,adminname,adminuser,user,ukey'); $this->rock->clearsession('adminid,adminname,adminuser,user,ukey');
$this->rock->clearcookie('user','/',ini_get('session.cookie_domain')); $this->rock->clearcookie('user','/',ini_get('session.cookie_domain'));
$this->rock->clearallcookie(); $this->rock->clearallcookie();
$this->rock->clearallsession(); $this->rock->clearallsession();
$this->update("`online`=0", "`token`='$token'"); $this->update("`online`=0", "`token`='$token'");
} }
public function setsession($uid, $name,$token, $user='') public function setsession($uid, $name,$token, $user='')
{ {
$encryptKey = $this->getRandomStr(); $encryptKey = $this->getRandomStr();
$session = array( $session = array(
'adminid' => $uid, 'adminid' => $uid,
'adminname' => $name, 'adminname' => $name,
'adminuser' => $user, 'adminuser' => $user,
'admintoken'=> $token, 'admintoken'=> $token,
'logintime' => time(), 'logintime' => time(),
'ukey' => $encryptKey 'ukey' => $encryptKey
); );
if($user == 'admin') $session['is_admin'] = true; if($user == 'admin') $session['is_admin'] = true;
else $session['is_admin'] = false; else $session['is_admin'] = false;
$this->rock->savesession($session); $this->rock->savesession($session);
$this->rock->adminid = $uid; $this->rock->adminid = $uid;
$this->rock->adminname = $name; $this->rock->adminname = $name;
$this->admintoken = $token; $this->admintoken = $token;
$this->adminname = $name; $this->adminname = $name;
$this->adminid = $uid; $this->adminid = $uid;
} }
//更新token最后时间 //更新token最后时间
private function uptokendt($id) private function uptokendt($id)
{ {
$this->update("`moddt`='".$this->rock->now."',`online`=1", $id); $this->update("`moddt`='".$this->rock->now."',`online`=1", $id);
} }
//自动快速登录 //自动快速登录
public function autologin($aid=0, $token='', $ism=0) public function autologin($aid=0, $token='', $ism=0)
{ {
$baid = $this->adminid; $baid = $this->adminid;
if($aid>0 && $token!=''){ if($aid>0 && $token!=''){
$rs = $this->getone("`uid`='$aid' and `token`='$token' and `online`=1",'`name`,`id`'); $rs = $this->getone("`uid`='$aid' and `token`='$token' and `online`=1",'`name`,`id`');
if(!$rs)exit('请求信息登录已失效,请重新登录'); if(!$rs)exit('请求信息登录已失效,请重新登录');
$this->setsession($aid, $rs['name'], $token); $this->setsession($aid, $rs['name'], $token);
$this->uptokendt($rs['id']); $this->uptokendt($rs['id']);
$baid = $aid; $baid = $aid;
} }
if($baid==0){ if($baid==0){
$tokans = $this->rock->jm->uncrypt($this->rock->cookie('mo_adminid'));//用cookie登录 $tokans = $this->rock->jm->uncrypt($this->rock->cookie('mo_adminid'));//用cookie登录
if(!isempt($tokans)){ if(!isempt($tokans)){
$onrs = $this->getone("`token`='$tokans'",'`name`,`token`,`id`,`uid`'); $onrs = $this->getone("`token`='$tokans'",'`name`,`token`,`id`,`uid`');
if($onrs){ if($onrs){
$uid= $onrs['uid']; $uid= $onrs['uid'];
$this->setsession($uid, $onrs['name'], $onrs['token']); $this->setsession($uid, $onrs['name'], $onrs['token']);
$this->uptokendt($onrs['id']); $this->uptokendt($onrs['id']);
}else{ }else{
$uid = 0; $uid = 0;
} }
$baid = $uid; $baid = $uid;
} }
} }
return $baid; return $baid;
} }
public function updateallonline() public function updateallonline()
{ {
return;//暂时没啥用 return;//暂时没啥用
$moddt = date('Y-m-d H:i:s', time()-180); $moddt = date('Y-m-d H:i:s', time()-180);
$rows = $this->getall("`online`=1 and `moddt`>='$moddt'"); $rows = $this->getall("`online`=1 and `moddt`>='$moddt'");
$uids = ''; $uids = '';
foreach($rows as $k=>$rs)$uids.=','.$rs['uid'].''; foreach($rows as $k=>$rs)$uids.=','.$rs['uid'].'';
if($uids!='')m('admin')->update('`online`=1', "`id` in(".substr($uids,1).")"); if($uids!='')m('admin')->update('`online`=1', "`id` in(".substr($uids,1).")");
} }
//首页登录统计 //首页登录统计
public function homejtLogin() public function homejtLogin()
{ {
$dt = $this->rock->date; $dt = $this->rock->date;
$rows = array(); $rows = array();
$data = array('已登录','未登录'); $data = array('已登录','未登录');
$dbs = m('admin'); $dbs = m('admin');
$dlur = 'select `uid` from `[Q]logintoken` where `online`=1 and `moddt` like \''.$dt.'%\''; $dlur = 'select `uid` from `[Q]logintoken` where `online`=1 and `moddt` like \''.$dt.'%\'';
$zong = $dbs->rows('`status`=1'); $zong = $dbs->rows('`status`=1');
$delr = $dbs->rows('`status`=1 and `id` in('.$dlur.')'); $delr = $dbs->rows('`status`=1 and `id` in('.$dlur.')');
$rows[] = array( $rows[] = array(
'name' => '未登录', 'name' => '未登录',
'value' => $zong-$delr, 'value' => $zong-$delr,
'color' => '#FF9999' 'color' => '#FF9999'
); );
$rows[] = array( $rows[] = array(
'name' => '已登录', 'name' => '已登录',
'value' => $delr, 'value' => $delr,
'color' => '#99CC00' 'color' => '#99CC00'
); );
return array( return array(
'rows' => $rows, 'rows' => $rows,
'data' => $data, 'data' => $data,
'dt' => $dt, 'dt' => $dt,
); );
} }
private function getRandomStr($length = 10){ private function getRandomStr($length = 10){
$strs="QWERTYUIOPASDFGHJKLZXCVBNM1234567890qwertyuiopasdfghjklzxcvbnm"; $strs="QWERTYUIOPASDFGHJKLZXCVBNM1234567890qwertyuiopasdfghjklzxcvbnm";
return substr(str_shuffle($strs),mt_rand(0,strlen($strs)-11),$length); return substr(str_shuffle($strs),mt_rand(0,strlen($strs)-11),$length);
} }
} }
\ No newline at end of file
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论