TP 验证登录权限

1、登录页面

<!doctype html>
<html>
    <head>
    	<meta charset="utf-8">
    	<title>后台登录页</title>
    	<link href="__PUBLIC__/css/css.css" rel="stylesheet" type="text/css">
    	<link href="__PUBLIC__/css/reset.css" rel="stylesheet" type="text/css">
    	<link href="__PUBLIC__/css/houtHeader.css" rel="stylesheet" type="text/css">
        <script src="__PUBLIC__/js/jquery-1.11.2.min.js"></script>
		<script src="__PUBLIC__/js/placeholder.js"></script>
    </head>
    
    <body style="background-color:#313842">
    	<div class="login_zt_bg">
        	<div class="login_bg">
            	<div class="login">
                	<div class="login_logo"><img src="__PUBLIC__/img/login_logo.png"></div>
                    <div class="login_form">
                    	<form action="__URL__/check_login" method="post">
                        	<input type="text" placeholder="账号 User ID" class="user" name="user">
                        	<input type="password" placeholder="密码 Password"class="pass" name="pass">
                            <input type="text" placeholder="请输入验证码" class="yzm" name="yzm"><img src="__URL__/verify/"  οnclick="this.src='__URL__/verify/'+Math.random()" >
                            <div class="clear"></div>
                            <span><input type="checkbox" class="check">记住密码</span>
                            <a href="">忘记密码?</a>
                            <div class="clear"></div>
                            <input type="submit" value="登陆" class="sub_login" style="color:#de9546">
                        </form>
                    </div>
                </div>
            </div>
        </div>
    </body>
</html>

2、验证登录信息，写入session

<?php 
	class AdminAction extends action{

	
		//生成验证码
		public function verify(){
	        import('ORG.Util.Image');
	        Image::buildImageVerify();
    	}

    	//验证登录信息
    	public function check_login(){
			if($_SESSION['verify'] != md5($_POST['yzm'])) {
		       $this->error('验证码错误！');
		    }


		    $phone = $_POST['user'];
            $password = $_POST['pass']; 
            $User =  M('user'); 
            $result = $User->where("phone= "."'$phone'".' AND password= '." '$password' ")->find();
            if($result){
               $_SESSION['login'] = 'yes';
               $this->redirect("Index/index");
            }else{
                $this->error('用户名或密码错误！');//
            }

		 /*   elseif(){

		    }else{
		       $this->success('验证码正确！');	
		    }*/
		}

		//退出后台系统
        public function LoginOut(){
        	import('ORG.Util.Session');
        	Session::clear();
        	$this->redirect("Admin/login");
        }


	}
?>

3、跳转其它页面是否有权限查看

<?php

class FlashAction extends Action {

    function _initialize(){
     //if(!in_array(MODEL_NAME.'/'.ACTION_NAME,explode(',',"Public/login,Public/LoginOn,Public/verify"))){
     if(!isset($_SESSION['login']) and (empty(session('login'))))
     {
             $this->redirect("Admin/login");
     }
               
     //}
    }
........