YII 用户登录 借鉴ecshop salt思路

UserIdentity.php

<?php

/**
 * UserIdentity represents the data needed to identity a user.
 * It contains the authentication method that checks if the provided
 * data can identity the user.
 */
class UserIdentity extends CUserIdentity
{
	/**
	 * Authenticates a user.
	 * The example implementation makes sure if the username and password
	 * are both 'demo'.
	 * In practical applications, this should be changed to authenticate
	 * against some persistent user identity storage (e.g. database).
	 * @return boolean whether authentication succeeds.
	 */
		public function authenticate()
		{
		
			//校验数据的真实性
			//find 没有就返回空  findAll返回空数组
			$user_model = AdminUser::model()->find('user_name=:username',array(':username'=>$this->username));
			if ($user_model === null) {
				
				//用户名判断
				$this->errorCode = self::ERROR_USERNAME_INVALID;
				return false;
			}elseif ($user_model->password !== md5(md5($this->password).$user_model->ec_salt)){
				//用户输入密码 . ec_salt 之后md5加密即可
				//密码判断
				//echo $user_model->password.'   '.md5(md5($this->password).$user_model->ec_salt).'<br>';
				//echo $this->password.'    '.md5($this->password).$user_model->ec_salt.'   '.md5(md5($this->password).$user_model->ec_salt);
				//die;
				$this->errorCode = self::ERROR_PASSWORD_INVALID;
				return false;
			}else{
				//合法
				$this->errorCode = self::ERROR_NONE;
				$lifeTime = 30 * 24 * 3600;
				session_set_cookie_params($lifeTime);
				Yii::app()->session['admin_msg'] = $user_model;//将对象存入admin_msg中
				Yii::app()->session['YD[admin_id]'] = $user_model->user_id;
				Yii::app()->session['YD[admin_name]'] = $user_model->user_name;
				Yii::app()->session['YD[action_list]'] = $user_model->action_list;
				Yii::app()->session['YD[belong_house]'] = $user_model->belong_house;// 管辖范围
				Yii::app()->session['YD[imgURL]'] = trim($user_model->custom_head_img) ? '/'.$user_model->custom_head_img : '';// 头像URL
				Yii::app()->session['YD[audioURL]'] = trim($user_model->custom_ringtones) ? '/'.$user_model->custom_ringtones : '';// 个性提醒URL
				
				if (empty($user_model->ec_salt)) {
					$ec_salt = rand(1, 9999);
					$new_possword = md5(md5($this->password).$ec_salt);
					YD_MysqlUtil::YD_execute("UPDATE {{admin_user}} SET ec_salt='$ec_salt', password='$new_possword' WHERE user_id='".Yii::app()->session['YD[admin_id]']."'");
				}
				return true;
			}
		
		/* $users=array(
			// username => password
			'demo'=>'demo',
			'admin'=>'admin',
		);
		if(!isset($users[$this->username]))
			$this->errorCode=self::ERROR_USERNAME_INVALID;
		elseif($users[$this->username]!==$this->password)
			$this->errorCode=self::ERROR_PASSWORD_INVALID;
		else
			$this->errorCode=self::ERROR_NONE;
		return !$this->errorCode; */
	}
}