sysConfig = F('sys.config'); C('ADMIN_ACCESS',$this->sysConfig['ADMIN_ACCESS']); import('@.TagLib.TagLibYP'); $this->adminid = $_SESSION['adminid']; $this->groupid = $_SESSION['groupid']; } /** * 登录页 * */ public function index() { if(is_file(RUNTIME_FILE))@unlink(RUNTIME_FILE); $this->menudata = F('Menu'); $this->cache_model=array('Lang','Menu','Config','Module','Role','Category','Posid','Field','Type','Urlrule','Dbsource'); if(empty($this->sysConfig['ADMIN_ACCESS']) || empty($this->menudata)){ foreach($this->cache_model as $r){ savecache($r); } $this->sysConfig = F('sys.config'); C('ADMIN_ACCESS',$this->sysConfig['ADMIN_ACCESS']); } if($this->_adminid){ $this->assign('jumpUrl',U('Index/index')); $this->success(L('logined')); } $this->assign ( 'admin_verify', $this->sysConfig['ADMIN_VERIFY'] ); $this->display(); } /** * 提交登录 * */ public function doLogin() { $dao = M('User'); $ip =get_client_ip(); if(empty($this->sysConfig['ADMIN_ACCESS'])) $this->error(L('NO SYSTEM CONFIG FILE')); $username = get_safe_replace(trim($_POST['username'])); $password = get_safe_replace(trim($_POST['password'])); $verifyCode = trim($_POST['verifyCode']); if(empty($username) || empty($password)){ $this->error(L('empty_username_empty_password')); }elseif($_SESSION['verify'] && $this->sysConfig['ADMIN_VERIFY'] && md5($verifyCode) != $_SESSION['verify']){ $this->error(L('error_verify')); } $time =time(); $logwhere=array(); $logwhere['time']=array('EGT',$time-1800); $logwhere['ip']=array('eq',$ip); $logwhere['error'] =1; $lognum= M('Log')->where($logwhere)->count(); if($lognum>=5)$this->error("错误次数过多，请联系管理人员！"); $condition = array(); $condition['username'] =array('eq',$username); import ( '@.ORG.RBAC' ); $authInfo = RBAC::authenticate($condition); //使用用户名、密码和状态的方式进行认证 if(false === $authInfo) { $data=array(); $data['username']=$username; $data['ip']=$ip; $data['time']=$time; $data['note']=L('empty_userid'); $data['error'] =1; M('Log')->add($data); $this->error(L('empty_userid')); }else { if($authInfo['password'] != sysmd5($password)) { $data=array(); $data['username']=$username; $data['ip']=$ip; $data['time']=$time; $data['note']=L('password_error').':'.$password; $data['error'] =1; M('Log')->add($data); $this->error(L('password_error')); } $_SESSION['username'] = $authInfo['username']; $_SESSION['adminid'] = $_SESSION['userid'] = $authInfo['id']; $_SESSION['groupid'] = $authInfo['groupid']; $_SESSION['adminaccess'] = C('ADMIN_ACCESS'); $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id']; $_SESSION['email'] = $authInfo['email']; $_SESSION['lastLoginTime'] = $authInfo['last_logintime']; $_SESSION['login_count'] = $authInfo['login_count']+1; if($authInfo['groupid']==1) { $_SESSION[C('ADMIN_AUTH_KEY')]=true; } //保存登录信息 $data = array(); $data['id'] = $authInfo['id']; $data['last_logintime'] = $time; $data['last_ip'] = get_client_ip(); $data['login_count'] = array('exp','login_count+1'); $dao->save($data); // 缓存访问权限 RBAC::saveAccessList(); $data=array(); $data['username']=$username; $data['ip']=$ip; $data['time']=$time; $data['note']=L('login_ok'); M('Log')->add($data); if($_POST['ajax']){ $this->ajaxReturn($authInfo,L('login_ok'),1); }else{ $this->assign('jumpUrl',U('Index/index')); $this->success(L('login_ok')); } } } /** * 退出登录 * */ public function logout() { if(isset($_SESSION[C('USER_AUTH_KEY')])) { unset($_SESSION[C('USER_AUTH_KEY')]); unset($_SESSION); session_destroy(); $this->assign('jumpUrl',U('Login/index')); $this->success(L('loginouted')); }else { $this->assign('jumpUrl',U('Login/index')); $this->error(L('logined')); } } function checkEmail(){ $user=M('User'); $email=$_GET['email']; $userid=intval($_GET['userid']); if(empty($userid)){ if($user->getByEmail($email)){ echo 'false'; }else{ echo 'true'; } }else{ //判断邮箱是否已经使用 if($user->where("id!={$userid} and email='{$email}'")->find()){ echo 'false'; }else{ echo 'true'; } } exit; } }