From 16d96c96fbc644984534c7fc6104bd3b2a64c171 Mon Sep 17 00:00:00 2001 From: Anyon Date: Thu, 4 Apr 2019 10:34:31 +0800 Subject: [PATCH] =?UTF-8?q?[=E6=9B=B4=E6=96=B0]=E4=BF=AE=E6=94=B9=E5=90=8E?= =?UTF-8?q?=E5=8F=B0=E7=99=BB=E5=BD=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/admin/controller/Login.php | 112 ++++++++++++------------- application/admin/service/Log.php | 2 +- 2 files changed, 53 insertions(+), 61 deletions(-) diff --git a/application/admin/controller/Login.php b/application/admin/controller/Login.php index 77c498e19..9b936bf2f 100644 --- a/application/admin/controller/Login.php +++ b/application/admin/controller/Login.php @@ -24,12 +24,6 @@ use think\Db; */ class Login extends Controller { - /** - * 设置页面标题 - * @var string - */ - public $title = '管理登录'; - /** * 用户登录 * @throws \think\Exception @@ -40,64 +34,62 @@ class Login extends Controller */ public function index() { + $this->title = '管理登录'; $this->applyCsrfToken(); if ($this->request->isGet()) { session('loginskey', $this->skey = session('loginskey') ? session('loginskey') : uniqid()); - $this->fetch(); - } else { - $data = $this->_input([ - 'username' => $this->request->post('username'), - 'password' => $this->request->post('password'), - ], [ - 'username' => 'require|min:4', - 'password' => 'require|min:4', - ], [ - 'username.require' => '登录账号不能为空!', - 'password.require' => '登录密码不能为空!', - 'username.min' => '登录账号长度不能少于4位有效字符!', - 'password.min' => '登录密码长度不能少于4位有效字符!', - ]); - // 用户信息验证 - $map = ['is_deleted' => '0', 'username' => $data['username']]; - $user = Db::name('SystemUser')->where($map)->find(); - if (empty($user)) $this->error('登录账号或密码错误,请重新输入!'); - if (empty($user['status'])) $this->error('账号已经被禁用,请联系管理!'); - // 账号锁定消息 - $cache = cache("user_login_{$user['username']}"); - if (is_array($cache) && !empty($cache['number']) && !empty($cache['time'])) { - if ($cache['number'] >= 10 && ($diff = $cache['time'] + 3600 - time()) > 0) { - list($m, $s, $info) = [floor($diff / 60), floor($diff % 60), '']; - if ($m > 0) $info = "{$m} 分"; - $this->error("抱歉,该账号已经被锁定!

连续 10 次登录错误,请 {$info} {$s} 秒后再登录!

"); - } - } - if (md5($user['password'] . session('loginskey')) !== $data['password']) { - if (empty($cache) || empty($cache['time']) || empty($cache['number']) || $cache['time'] + 3600 < time()) { - $cache = ['time' => time(), 'number' => 1, 'geoip' => $this->request->ip()]; - } elseif ($cache['number'] + 1 <= 10) { - $cache = ['time' => time(), 'number' => $cache['number'] + 1, 'geoip' => $this->request->ip()]; - } - cache("user_login_{$user['username']}", $cache); - if (($diff = 10 - $cache['number']) > 0) { - $this->error("登录账号或密码错误!

还有 {$diff} 次尝试机会,将锁定一小时内禁止登录!

"); - } else { - _syslog('系统管理', "账号{$user['username']}连续10次登录密码错误,请注意账号安全!"); - $this->error("登录账号或密码错误!

尝试次数达到上限,锁定一小时内禁止登录!

"); - } - } - // 登录成功并更新账号 - cache("user_login_{$user['username']}", null); - Db::name('SystemUser')->where(['id' => $user['id']])->update([ - 'login_at' => Db::raw('now()'), - 'login_ip' => $this->request->ip(), - 'login_num' => Db::raw('login_num+1'), - ]); - session('user', $user); - session('loginskey', null); - if (!empty($user['authorize'])) \app\admin\service\Auth::applyNode(); - _syslog('系统管理', '用户登录系统成功'); - $this->success('登录成功,正在进入系统...', url('@admin')); + return $this->fetch(); } + $data = $this->_input([ + 'username' => $this->request->post('username'), + 'password' => $this->request->post('password'), + ], [ + 'username' => 'require|min:4', + 'password' => 'require|min:4', + ], [ + 'username.require' => '登录账号不能为空!', + 'password.require' => '登录密码不能为空!', + 'username.min' => '登录账号长度不能少于4位有效字符!', + 'password.min' => '登录密码长度不能少于4位有效字符!', + ]); + // 用户信息验证 + $map = ['is_deleted' => '0', 'username' => $data['username']]; + $user = Db::name('SystemUser')->where($map)->order('id desc')->find(); + if (empty($user)) $this->error('登录账号或密码错误,请重新输入!'); + if (empty($user['status'])) $this->error('账号已经被禁用,请联系管理员!'); + // 账号锁定消息 + $cache = cache("user_login_{$user['username']}"); + if (is_array($cache) && !empty($cache['number']) && !empty($cache['time'])) { + if ($cache['number'] >= 10 && ($diff = $cache['time'] + 3600 - time()) > 0) { + list($m, $s, $info) = [floor($diff / 60), floor($diff % 60), '']; + if ($m > 0) $info = "{$m} 分"; + $this->error("抱歉,该账号已经被锁定!

连续 10 次登录错误,请 {$info} {$s} 秒后再登录!

"); + } + } + if (md5($user['password'] . session('loginskey')) !== $data['password']) { + if (empty($cache) || empty($cache['time']) || empty($cache['number']) || $cache['time'] + 3600 < time()) { + $cache = ['time' => time(), 'number' => 1, 'geoip' => $this->request->ip()]; + } elseif ($cache['number'] + 1 <= 10) { + $cache = ['time' => time(), 'number' => $cache['number'] + 1, 'geoip' => $this->request->ip()]; + } + cache("user_login_{$user['username']}", $cache); + if (($diff = 10 - $cache['number']) > 0) { + $this->error("登录账号或密码错误!

还有 {$diff} 次尝试机会,将锁定一小时内禁止登录!

"); + } else { + _syslog('系统管理', "账号{$user['username']}连续10次登录密码错误,请注意账号安全!"); + $this->error("登录账号或密码错误!

尝试次数达到上限,锁定一小时内禁止登录!

"); + } + } + // 登录成功并更新账号 + cache("user_login_{$user['username']}", null); + Db::name('SystemUser')->where(['id' => $user['id']])->update([ + 'login_at' => Db::raw('now()'), 'login_ip' => $this->request->ip(), 'login_num' => Db::raw('login_num+1'), + ]); + session('user', $user); + session('loginskey', null); + _syslog('系统管理', '用户登录系统成功'); + empty($user['authorize']) || \app\admin\service\Auth::applyNode(); + $this->success('登录成功,正在进入系统...', url('@admin')); } /** diff --git a/application/admin/service/Log.php b/application/admin/service/Log.php index 2dbdbea90..0f706f59f 100644 --- a/application/admin/service/Log.php +++ b/application/admin/service/Log.php @@ -37,7 +37,7 @@ class Log 'geoip' => PHP_SAPI === 'cli' ? '127.0.0.1' : request()->ip(), 'action' => $action, 'content' => $content, - 'username' => PHP_SAPI === 'cli' ? 'cli' : session('user.username'), + 'username' => PHP_SAPI === 'cli' ? 'cli' : (string)session('user.username'), ]; return Db::name('SystemLog')->insert($data) !== false; }