//利用到了yii2 框架之中的验证规则 进行判定而已 也不是很高深的东西 但是 使用框架自身的轮子 会有安全性能的隐患
1注册reg controller 中 我都以admin 为例子
public function actionAdd() { $model = new Admin(); if (Yii::$app->request->isPost) { $post = Yii::$app->request->post(); if ($re=($model->reg($post))) { Yii::$app->session->setFlash('info','添加成功'); return $this->refresh(); } Yii::$app->session->setFlash('info','添加失败'); } return $this->render('add',['model'=>$model]); }
2.1 model
public function reg($data) { $this->scenario = 'adminadd'; if ($this->load($data) && $this->validate()) { $this->adminpass = Yii::$app->getSecurity()->generatePasswordHash($this->adminpass); //这儿使用到了yii框架的hash 密码 获取的时候使用validatepassword 验证 $this->createtime = time(); if ($this->save(false)) { return true; } return false; } return false; }
2.2 model 中的rules 验证规则
public function rules() { return [ ['adminuser', 'required', 'message' => '管理员账号不能为空', 'on' => ['login', 'seekpass', 'changepass', 'adminadd', 'changeemail']], ['adminpass', 'required', 'message' => '管理员密码不能为空', 'on' => ['login', 'changepass', 'adminadd', 'changeemail']], ['rememberMe', 'boolean', 'on' => 'login'], ['adminpass', 'validatePass', 'on' => ['login', 'changeemail']], ['adminpass', 'validatePassword', 'on' => ['login']], ['adminemail', 'required', 'message' => '电子邮箱不能为空', 'on' => ['seekpass', 'adminadd', 'changeemail']], ['adminemail', 'email', 'message' => '电子邮箱格式不正确', 'on' => ['seekpass', 'adminadd', 'changeemail']], ['adminemail', 'unique', 'message' => '电子邮箱已被注册', 'on' => ['adminadd', 'changeemail']], ['adminuser', 'unique', 'message' => '管理员已被注册', 'on' => 'adminadd'], ['adminemail', 'validateEmail', 'on' => 'seekpass'], ['repass', 'required', 'message' => '确认密码不能为空', 'on' => ['changepass', 'adminadd']], ['repass', 'compare', 'compareAttribute' => 'adminpass', 'message' => '两次密码输入不一致', 'on' => ['changepass', 'adminadd']], ]; }
3 view 页面的展示 这个不重要
<?php use yii\bootstrap\ActiveForm; use yii\helpers\Html; $this->title = '注册'; ?> <!-- main container --> <div class="container-fluid"> <div id="pad-wrapper" class="new-user"> <div class="row-fluid header"> <h3>注册员工</h3> </div> <div class="row-fluid form-wrapper"> <!-- left column --> <div class="span9 with-sidebar"> <div class="container"> <?php if (Yii::$app->session->hasFlash('info')) { echo Yii::$app->session->getFlash('info'); } $form = ActiveForm::begin([ 'options' => ['class' => 'new_user_form inline-input'], 'fieldConfig' => [ 'template' => '<div class="span12 field-box">{label}{input}</div>{error}' ], ]); ?> <?php echo $form->field($model, 'adminuser')->textInput(['class' => 'span9']); ?> <?php echo $form->field($model, 'adminemail')->textInput(['class' => 'span9']); ?> <?php echo $form->field($model, 'adminpass')->passwordInput(['class' => 'span9']); ?> <?php echo $form->field($model, 'repass')->passwordInput(['class' => 'span9']); ?> <div class="span11 field-box actions"> <?php echo Html::submitButton('创建', ['class' => 'btn-glow primary']); ?> <span>或者</span> <?php echo Html::resetButton('取消', ['class' => 'reset']); ?> </div> <?php ActiveForm::end(); ?> </div> </div> <!-- side right column --> <div class="span3 form-sidebar pull-right"> <div class="alert alert-info hidden-tablet"> <i class="icon-lightbulb pull-left"></i> 请在左侧填写员工相关信息,包括员工账号,电子邮箱,以及密码 </div> </div> </div> </div> </div> </div> <!-- end main container -->
/-----------------------以上就是简单的注册功能-----------------------------------------------------------------
// 登陆功能 login
controller 中
public function actionLogin() { $this->layout =false; $model = new Admin(); //登录操作 if (Yii::$app->request->isPost) { //获得数据信息 $post = Yii::$app->request->post(); if ($model->login($post)) { $this->redirect(['default/index']); Yii::$app->end(); } } return $this->render('login',['model'=>$model]); }
model
注意查看我上面的验证规则 一点要看清楚 我自定义了两个验证规则 验证用户是否存在 和密码 不匹配的这两种情况
自定义验证1
public function validatePass() { if (!$this->hasErrors()) { $data = self::find()->where('adminuser = :user', [":user" => $this->adminuser])->one(); if (is_null($data)) { $this->addError("adminpass", "用户或密码错误"); return false; } if (!Yii::$app->getSecurity()->validatePassword($this->adminpass, $data->adminpass)) { $this->addError("adminpass", "用户或密码错误"); } } }
自定义验证2
public function validatePassword(){ if (!$this->hasErrors()) { $data = self::find()->where('adminuser = :user', [':user' => $this->adminuser])->one(); if (is_null($data)) { $this->addError('adminpass','用户名不存在'); exit; } $data2 = self::find()->where('adminuser=:user and adminpass = :pass',[':user'=>$this->adminuser,':pass'=>$data->adminpass])->one(); if (is_null($data2)) { $this->addError('adminpass','密码错误'); } } }
model中的login代码
public function login($data) { $this->scenario = "login"; if ($this->load($data) && $this->validate()) { $lifetime = $this->rememberMe ? 24*3600 : 0; $session = Yii::$app->session; session_set_cookie_params($lifetime); $session['admin'] = [ 'adminuser' => $this->adminuser, 'isLogin' => 1, ]; $this->updateAll(['logintime' => time(), 'loginip' => ip2long(Yii::$app->request->userIP)], 'adminuser = :user', [':user' => $this->adminuser]); return (bool)$session['admin']['isLogin']; } return false; }
login view 这个随便大家在网上找就可以了我随便提供一个
<body class="login-bg"> <?php $this->beginBody(); ?> <div class="row-fluid login-wrapper"> <a class="brand" href="<?php echo yii\helpers\Url::to(['/index/index']) ?>"></a> <?php $form = ActiveForm::begin([ 'fieldConfig' => [ 'template' => '{error}{input}', ], ]); ?> <div class="span4 box"> <div class="content-wrap"> <h6>小涛商城 - 后台管理</h6> <?php echo $form->field($model, 'adminuser')->textInput(["class" => "span12", "placeholder" => "管理员账号"]); ?> <?php echo $form->field($model, 'adminpass')->passwordInput(["class" => "span12", "placeholder" => "管理员密码"]); ?> <a href="<?php echo yii\helpers\Url::to(['public/seekpassword']); ?>" class="forgot">忘记密码?</a> <?php echo $form->field($model, 'rememberMe')->checkbox([ 'id' => 'remember-me', 'template' => '<div class="remember">{input}<label for="remember-me">记住我</label></div>', ]); ?> <?php echo Html::submitButton('登录', ["class" => "btn-glow primary login"]); ?> </div> </div> <?php ActiveForm::end(); ?> </div> <?php $js = <<<JS $(function () { // bg switcher var \$btns = $(".bg-switch .bg"); \$btns.click(function (e) { e.preventDefault(); \$btns.removeClass("active"); $(this).addClass("active"); var bg = $(this).data("img"); $("html").css("background-image", "url('img/bgs/" + bg + "')"); }); }); JS; $this->registerJs($js); ?> <?php $this->endBody(); ?> </body>