tp的登录
这是很多地方应该可以用到吧,先看图吧,其实我觉得设计得也不是特别合理了,因为我们这要是密码什么的错了,都会刷新验证码了,其实应该是错了3次,才要出现验证码,下次我做的时候,就要改掉
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>微酒庄后台管理系统</title>
<link href="__CSS__/login.css" type="text/css" rel="stylesheet" />
<script type="text/javascript" src="__COMM__/js/jquery-1.9.1.min.js"></script>
<script type="text/javascript" src="__COMM__/js/placeholder.js"></script>
<script type="text/javascript" src="\Public\wap\js\fun.js"></script>
</head>
<body>
<div class="login-form">
<form action="{:U('Login/login')}" method = "post">
<div class="fill-list userName">
<span class="icon"></span>
<input type="text" placeholder="请输入用户名" name = "username" id = "username" />
</div>
<div class="fill-list userPwd">
<span class="icon"></span>
<input type="password" placeholder="请输入密码" name = "password" id = "password" />
</div>
<div class="fill-list yzmIpt" style="display: none" id="codenu">
<input type="text" name = "verify" id = "verify" placeholder="请输入验证码" />
<span class="yzm" onclick="changeVerify()">
<img style="cursor:pointer;" class="verifyimg reloadverify" alt="点击切换" src="{:U('verify',array('rand'=>time()))}" />
</span>
</div>
</form>
<div class="submit-box">
<input class="submit" type="image" src="__COMM__/images/login-btn.png" />
</div>
<!--这个地方用来放置ajax返回值后的效果 这个到时候可以让美工做得稍微漂亮点,这个太丑了,只能用于wap端。 start-->
<div id="side-mask" class="f-hide"></div>
<div id="post-msg" class="f-hide"><i class="fa-Point"></i><i class="fa-Point"></i><i class="fa-Point"></i></div>
<!--end-->
</div>
</body>
</html>
<script>
var codeNum = {$_SESSION.num};
if(codeNum > 6){
$("#codenu").show();
}
$(function(){
$(".submit").click(function(){
var username = $("#username").val();
var password = $("#password").val();
var verify = $("#verify").val();
var codeNum = {$_SESSION.num};
$.post("index.php?s=/Home/TextMe/login_this.html",{
username : username,
password : password,
verify :verify
},function(data,textStatus){
var result = $.parseJSON(data);
if(result.State == 1){
window.location.href="{:U('Index/index')}";
}else{
if(codeNum > 6){
$("#codenu").show();
}
showTips(result.MSG);
/*登录不成功时刷新一下页面,这样就能判断session里面的值了,就可以出现验证码*/
setTimeout('location.reload()',100);
}
})
})
})
function changeVerify(){
$(".yzm").empty();
$rand = Math.random();
$html = '<img class="verifyimg reloadverify" title="点击切换" src="/index.php?s=/Home/Login/verify/rand/'+$rand+'.html" style="cursor:pointer;">';
$(".yzm").append($html);
}
</script>
controller控制层
<?php
/**
* Created by PhpStorm.
* User: Administrator
* Date: 15-9-23
* Time: 下午4:59
* @ 测试
*/
namespace home\Controller;
use Think\Controller;
header("Content-type:text/html;charset=utf-8");
class TextMeController extends Controller{
public function login_this(){
$username = I("post.username");
$password = I("post.password");
if(!isset($_SESSION['num'])){
$_SESSION['num'] = 0;
}else{
$_SESSION['num'] ++;
}
//unset($_SESSION['num']);
//var_dump($_SESSION['num']);
$info = M("xxx")->where(array('un'=>$username,'pw'=>md5(md5($password))))->find();
if(IS_POST){
(''== $username || ''==$password) && exit('{"State":-1,"MSG":"帐号或密码为空"}');
/*判断是否是字母和数字或字母数字的组合*/
if(!ctype_alnum($username)){
exit('{"State":-5,"MSG":"账号格式错误"}');
}
//从这里开始,就是做一些常规的判断了,比如说什么权限啊,密码什么的错误啊,什么的。
if($info){
if($info['role'] == 0 ){
/***将yps_account表中的lost_login_time做更新操作***/
$time_arr = array('lost_login_time'=>time());
M("account")->where(array('id'=>$info['id']))->save($time_arr);
session('userInfo',array('uid'=>$info['id'],'role'=>$info['role'],'groupid'=>$info['groupid'],'un'=>$info['un']));
//菜单存session
$menu = null;
if($info['groupid']){
$menuids = M('role')->where(array('id'=>$info['groupid']))->find();
if(!$menuids){
exit('{"State":-3,"MSG":"您的账号无权限登录"}');
}else{
/*如何存呢?两方面都需要验证 前段需要展示 后端需要验证权限 后端验证部分只需要存href 前端都需要*/
session('MENU',$menuids['menuid']);
}
}else{
session('MENU',0);//此用户拥有的全部菜单
}
$_SESSION['num'] = 0;
exit('{"State":1,"MSG":"跳转中"}');
}else{
exit('{"State":-3,"MSG":"您的账号无权限登录"}');
}
}else{
exit('{"State":-2,"MSG":"账号密码不匹配"}');
}
}
$this->display();
}
public function verify() {
$verify = new \Think\Verify ();
$verify->entry ( 1 );
}
}
其实还是存在很多漏洞的。
引用的js部分 fun.js
这都不是我写的,存起来。
/**显示提示**/
function showTips(v,t){
t = t ? t : 1500;
sidemask = document.getElementById('side-mask'),postmsg = document.getElementById('post-msg');
v && (postmsg.innerHTML = v);
sidemask.className = '';
postmsg.className = '';
setTimeout(hideTips,t);
}
/**隐藏提示**/
function hideTips(){
sidemask = document.getElementById('side-mask'),postmsg = document.getElementById('post-msg');
sidemask.className = 'f-hide';
postmsg.className = 'f-hide';
postmsg.innerHTML = '<i class="fa-Point"></i><i class="fa-Point"></i><i class="fa-Point"></i>';
}