blackteay/ThinkAdmin
1
0
Fork 0
mirror of https://gitee.com/zoujingli/ThinkAdmin.git synced 2025-04-06 03:58:04 +08:00
Code Issues Projects Releases Wiki Activity

[更新]修改后台登录

Browse Source
This commit is contained in:
Anyon 2019-04-04 10:34:31 +08:00
parent e8b38b65cc
commit 16d96c96fb
2 changed files with 53 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
application/admin/controller/Login.php
View File

@ -24,12 +24,6 @@ use think\Db;
*/
class Login extends Controller
{
/**
* 设置页面标题
* @var string
*/
public $title = '管理登录';
/**
* 用户登录
* @throws \think\Exception
@ -40,64 +34,62 @@ class Login extends Controller
*/
public function index()
{
$this->title = '管理登录';
$this->applyCsrfToken();
if ($this->request->isGet()) {
session('loginskey', $this->skey = session('loginskey') ? session('loginskey') : uniqid());
$this->fetch();
} else {
$data = $this->_input([
'username' => $this->request->post('username'),
'password' => $this->request->post('password'),
], [
'username' => 'require|min:4',
'password' => 'require|min:4',
], [
'username.require' => '登录账号不能为空!',
'password.require' => '登录密码不能为空!',
'username.min' => '登录账号长度不能少于4位有效字符',
'password.min' => '登录密码长度不能少于4位有效字符',
]);
// 用户信息验证
$map = ['is_deleted' => '0', 'username' => $data['username']];
$user = Db::name('SystemUser')->where($map)->find();
if (empty($user)) $this->error('登录账号或密码错误,请重新输入!');
if (empty($user['status'])) $this->error('账号已经被禁用,请联系管理!');
// 账号锁定消息
$cache = cache("user_login_{$user['username']}");
if (is_array($cache) && !empty($cache['number']) && !empty($cache['time'])) {
if ($cache['number'] >= 10 && ($diff = $cache['time'] + 3600 - time()) > 0) {
list($m, $s, $info) = [floor($diff / 60), floor($diff % 60), ''];
if ($m > 0) $info = "{$m}";
$this->error("<strong class='color-red'>抱歉,该账号已经被锁定!</strong><p class='nowrap'>连续 10 次登录错误,请 {$info} {$s} 秒后再登录!</p>");
}
}
if (md5($user['password'] . session('loginskey')) !== $data['password']) {
if (empty($cache) || empty($cache['time']) || empty($cache['number']) || $cache['time'] + 3600 < time()) {
$cache = ['time' => time(), 'number' => 1, 'geoip' => $this->request->ip()];
} elseif ($cache['number'] + 1 <= 10) {
$cache = ['time' => time(), 'number' => $cache['number'] + 1, 'geoip' => $this->request->ip()];
}
cache("user_login_{$user['username']}", $cache);
if (($diff = 10 - $cache['number']) > 0) {
$this->error("<strong class='color-red'>登录账号或密码错误!</strong><p class='nowrap'>还有 {$diff} 次尝试机会,将锁定一小时内禁止登录!</p>");
} else {
_syslog('系统管理', "账号{$user['username']}连续10次登录密码错误请注意账号安全");
$this->error("<strong class='color-red'>登录账号或密码错误!</strong><p class='nowrap'>尝试次数达到上限,锁定一小时内禁止登录!</p>");
}
}
// 登录成功并更新账号
cache("user_login_{$user['username']}", null);
Db::name('SystemUser')->where(['id' => $user['id']])->update([
'login_at' => Db::raw('now()'),
'login_ip' => $this->request->ip(),
'login_num' => Db::raw('login_num+1'),
]);
session('user', $user);
session('loginskey', null);
if (!empty($user['authorize'])) \app\admin\service\Auth::applyNode();
_syslog('系统管理', '用户登录系统成功');
$this->success('登录成功,正在进入系统...', url('@admin'));
return $this->fetch();
}
$data = $this->_input([
'username' => $this->request->post('username'),
'password' => $this->request->post('password'),
], [
'username' => 'require|min:4',
'password' => 'require|min:4',
], [
'username.require' => '登录账号不能为空!',
'password.require' => '登录密码不能为空!',
'username.min' => '登录账号长度不能少于4位有效字符',
'password.min' => '登录密码长度不能少于4位有效字符',
]);
// 用户信息验证
$map = ['is_deleted' => '0', 'username' => $data['username']];
$user = Db::name('SystemUser')->where($map)->order('id desc')->find();
if (empty($user)) $this->error('登录账号或密码错误,请重新输入!');
if (empty($user['status'])) $this->error('账号已经被禁用,请联系管理员!');
// 账号锁定消息
$cache = cache("user_login_{$user['username']}");
if (is_array($cache) && !empty($cache['number']) && !empty($cache['time'])) {
if ($cache['number'] >= 10 && ($diff = $cache['time'] + 3600 - time()) > 0) {
list($m, $s, $info) = [floor($diff / 60), floor($diff % 60), ''];
if ($m > 0) $info = "{$m}";
$this->error("<strong class='color-red'>抱歉,该账号已经被锁定!</strong><p class='nowrap'>连续 10 次登录错误,请 {$info} {$s} 秒后再登录!</p>");
}
}
if (md5($user['password'] . session('loginskey')) !== $data['password']) {
if (empty($cache) || empty($cache['time']) || empty($cache['number']) || $cache['time'] + 3600 < time()) {
$cache = ['time' => time(), 'number' => 1, 'geoip' => $this->request->ip()];
} elseif ($cache['number'] + 1 <= 10) {
$cache = ['time' => time(), 'number' => $cache['number'] + 1, 'geoip' => $this->request->ip()];
}
cache("user_login_{$user['username']}", $cache);
if (($diff = 10 - $cache['number']) > 0) {
$this->error("<strong class='color-red'>登录账号或密码错误!</strong><p class='nowrap'>还有 {$diff} 次尝试机会,将锁定一小时内禁止登录!</p>");
} else {
_syslog('系统管理', "账号{$user['username']}连续10次登录密码错误请注意账号安全");
$this->error("<strong class='color-red'>登录账号或密码错误!</strong><p class='nowrap'>尝试次数达到上限,锁定一小时内禁止登录!</p>");
}
}
// 登录成功并更新账号
cache("user_login_{$user['username']}", null);
Db::name('SystemUser')->where(['id' => $user['id']])->update([
'login_at' => Db::raw('now()'), 'login_ip' => $this->request->ip(), 'login_num' => Db::raw('login_num+1'),
]);
session('user', $user);
session('loginskey', null);
_syslog('系统管理', '用户登录系统成功');
empty($user['authorize']) || \app\admin\service\Auth::applyNode();
$this->success('登录成功,正在进入系统...', url('@admin'));
}
/**

2
application/admin/service/Log.php
View File

@ -37,7 +37,7 @@ class Log
'geoip' => PHP_SAPI === 'cli' ? '127.0.0.1' : request()->ip(),
'action' => $action,
'content' => $content,
'username' => PHP_SAPI === 'cli' ? 'cli' : session('user.username'),
'username' => PHP_SAPI === 'cli' ? 'cli' : (string)session('user.username'),
];
return Db::name('SystemLog')->insert($data) !== false;
}