【phpcms-v9】phpcms-v9中系统管理员登陆页面控制器文件分析:phpcms/modules/admin/index.php
- defined('IN_PHPCMS') or exit('No permission resources.');
- pc_base::load_app_class('admin','admin',0);
- class index extends admin {
- public function __construct() {
- parent::__construct();
- $this->db = pc_base::load_model('admin_model');
- $this->menu_db = pc_base::load_model('menu_model');
- $this->panel_db = pc_base::load_model('admin_panel_model');
- }
- /*
- * 登陆成功后,进行的页面
- */
- public function init () {
- $userid = $_SESSION['userid'];//获取userid
- $admin_username = param::get_cookie('admin_username');//获取用户名
- $roles = getcache('role','commons');//获取缓存文件中的角色信息,如:1-超级管理员 2-站点管理员 3-运营总监 等等
- $rolename = $roles[$_SESSION['roleid']];//获取角色id
- $site = pc_base::load_app_class('sites');//载入sites.class.php文件
- $sitelist = $site->get_list($_SESSION['roleid']);//获取所有站点配置信息,代表此角色具有管理多个站点的权限
- $currentsite = $this->get_siteinfo(param::get_cookie('siteid'));//获取当前默认站点信息
- /*管理员收藏栏*/
- $adminpanel = $this->panel_db->select(array('userid'=>$userid), "*",20 , 'datetime');
- include $this->admin_tpl('index');//载入后台首页模板
- }
- public function login() {
- //<form="index.php?m=admin&c=index&a=login&dosubmit=1"></form>
- if(isset($_GET['dosubmit'])) {
- //不为口令卡验证
- if (!isset($_GET['card'])) {
- //用户名
- $username = isset($_POST['username']) ? trim($_POST['username']) : showmessage(L('nameerror'),HTTP_REFERER);
- //验证码
- $code = isset($_POST['code']) && trim($_POST['code']) ? trim($_POST['code']) : showmessage(L('input_code'), HTTP_REFERER);
- //如果验证码不相同
- if ($_SESSION['code'] != strtolower($code)) {
- showmessage(L('code_error'), HTTP_REFERER);//提示验证码错误
- }
- } else { //口令卡验证
- if (!isset($_SESSION['card_verif']) || $_SESSION['card_verif'] != 1) {
- showmessage(L('your_password_card_is_not_validate'), '?m=admin&c=index&a=public_card');
- }
- $username = $_SESSION['card_username'] ? $_SESSION['card_username'] : showmessage(L('nameerror'),HTTP_REFERER);
- }
- //密码错误剩余重试次数
- $this->times_db = pc_base::load_model('times_model');//zp_times数据表
- $rtime = $this->times_db->get_one(array('username'=>$username,'isadmin'=>1));//根据条件获取一条数据
- $maxloginfailedtimes = getcache('common','commons');//获取缓存文件中的信息
- $maxloginfailedtimes = (int)$maxloginfailedtimes['maxloginfailedtimes'];//获取允许的最大登陆失败次数
- if($rtime['times'] >= $maxloginfailedtimes) {//如果当前登陆次数大于系统允许的最大登陆次数
- $minute = 60-floor((SYS_TIME-$rtime['logintime'])/60);//锁定1小时
- showmessage(L('wait_1_hour',array('minute'=>$minute)));//提示1小时后再登陆
- }
- //查询帐号
- $r = $this->db->get_one(array('username'=>$username));//查询zp_admin数据表
- if(!$r) showmessage(L('user_not_exist'),'?m=admin&c=index&a=login');//提示用户不存在
- //密码
- $password = md5(md5(trim((!isset($_GET['card']) ? $_POST['password'] : $_SESSION['card_password']))).$r['encrypt']);
- //密码相同
- if($r['password'] != $password) {
- $ip = ip();//ip地址
- if($rtime && $rtime['times'] < $maxloginfailedtimes) {//当前登陆次数小于系统允许的最大登陆次数
- $times = $maxloginfailedtimes-intval($rtime['times']);//剩余登陆次数
- //注意:$times于下面这行代码中的'times'=>'+=1'是不同的
- $this->times_db->update(array('ip'=>$ip,'isadmin'=>1,'times'=>'+=1'),array('username'=>$username));
- } else {
- //如果是第一次登陆失败,记录登陆次数信息
- $this->times_db->delete(array('username'=>$username,'isadmin'=>1));
- $this->times_db->insert(array('username'=>$username,'ip'=>$ip,'isadmin'=>1,'logintime'=>SYS_TIME,'times'=>1));
- $times = $maxloginfailedtimes;
- }
- //提示还能登陆的次数
- showmessage(L('password_error',array('times'=>$times)),'?m=admin&c=index&a=login',3000);
- }
- $this->times_db->delete(array('username'=>$username));//清空当前登陆次数信息
- //查看是否使用口令卡
- if (!isset($_GET['card']) && $r['card'] && pc_base::load_config('system', 'safe_card') == 1) {
- $_SESSION['card_username'] = $username;
- $_SESSION['card_password'] = $_POST['password'];
- header("location:?m=admin&c=index&a=public_card");
- exit;
- } elseif (isset($_GET['card']) && pc_base::load_config('system', 'safe_card') == 1 && $r['card']) {//对口令卡进行验证
- isset($_SESSION['card_username']) ? $_SESSION['card_username'] = '' : '';
- isset($_SESSION['card_password']) ? $_SESSION['card_password'] = '' : '';
- isset($_SESSION['card_password']) ? $_SESSION['card_verif'] = '' : '';
- }
- //更新zp_admin数据表中登陆信息
- $this->db->update(array('lastloginip'=>ip(),'lastlogintime'=>SYS_TIME),array('userid'=>$r['userid']));
- $_SESSION['userid'] = $r['userid'];//用户id
- $_SESSION['roleid'] = $r['roleid'];//角色id
- //随机生成的6位hash,主要用来判断是否为系统管理员登陆
- $_SESSION['pc_hash'] = random(6,'abcdefghigklmnopqrstuvwxwyABCDEFGHIGKLMNOPQRSTUVWXWY0123456789');
- $_SESSION['lock_screen'] = 0;//是否锁频
- $default_siteid = self::return_siteid();//返回角色所属的站点id
- $cookie_time = SYS_TIME+86400*30;//cookie保存时间为一个月
- if(!$r['lang']) $r['lang'] = 'zh-cn';//语言包
- //注意:有必要看一下param::set_cookie函数的定义
- param::set_cookie('admin_username',$username,$cookie_time);//用户名置入cookie中
- param::set_cookie('siteid', $default_siteid,$cookie_time);//站点id置入cookie中
- param::set_cookie('userid', $r['userid'],$cookie_time);//用户id置入cookie中
- param::set_cookie('admin_email', $r['email'],$cookie_time);//用户邮箱置入cookie中
- param::set_cookie('sys_lang', $r['lang'],$cookie_time);//语言包置入cookie中
- showmessage(L('login_success'),'?m=admin&c=index');//提示登陆成功,并跳转到index控制器
- } else {
- pc_base::load_sys_class('form', '', 0);//后台模板文件一般需要此form类
- include $this->admin_tpl('login');//显示login.tpl.php模板文件
- }
- }
- public function public_card() {
- $username = $_SESSION['card_username'] ? $_SESSION['card_username'] : showmessage(L('nameerror'),HTTP_REFERER);
- $r = $this->db->get_one(array('username'=>$username));
- if(!$r) showmessage(L('user_not_exist'),'?m=admin&c=index&a=login');
- if (isset($_GET['dosubmit'])) {
- pc_base::load_app_class('card', 'admin', 0);
- $result = card::verification($r['card'], $_POST['code'], $_POST['rand']); //开源代码Vevb.com
- $_SESSION['card_verif'] = 1;
- header("location:?m=admin&c=index&a=login&dosubmit=1&card=1");
- exit;
- }
- pc_base::load_app_class('card', 'admin', 0);
- $rand = card::authe_rand($r['card']);
- include $this->admin_tpl('login_card');
- }
- /*
- * 退出登录
- */
- public function public_logout() {
- $_SESSION['userid'] = 0;//将session中userid设置为0
- $_SESSION['roleid'] = 0;//将session中roleid设置为0
- param::set_cookie('admin_username','');//将cookie中系统管理员名设置为空
- param::set_cookie('userid',0);//将cookie中userid设置为空
- //退出phpsso
- $phpsso_api_url = pc_base::load_config('system', 'phpsso_api_url');//接口地址
- //跟137-138行代码类似
- $phpsso_logout = '<script type="text/javascript" src="'.$phpsso_api_url.'/api.php?op=logout" reload="1"></script>';
- //退出后返回登录界面
- showmessage(L('logout_success').$phpsso_logout,'?m=admin&c=index&a=login');
- }
新闻热点
疑难解答