defined('IN_PHPCMS') or exit('No permission resources.');
pc_base::load_app_class('admin','admin',0);
class index extends admin {
public function __construct() {
parent::__construct();
$this->db = pc_base::load_model('admin_model');
$this->menu_db = pc_base::load_model('menu_model');
$this->panel_db = pc_base::load_model('admin_panel_model');
}
/*
* 登陆成功后,进行的页面
*/
public function init () {
$userid = $_SESSION['userid'];//获取userid
$admin_username = param::get_cookie('admin_username');//获取用户名
$roles = getcache('role','commons');//获取缓存文件中的角色信息,如:1-超级管理员 2-站点管理员 3-运营总监 等等
$rolename = $roles[$_SESSION['roleid']];//获取角色id
$site = pc_base::load_app_class('sites');//载入sites.class.php文件
$sitelist = $site->get_list($_SESSION['roleid']);//获取所有站点配置信息,代表此角色具有管理多个站点的权限
$currentsite = $this->get_siteinfo(param::get_cookie('siteid'));//获取当前默认站点信息
/*管理员收藏栏*/
$adminpanel = $this->panel_db->select(array('userid'=>$userid), "*",20 , 'datetime');
include $this->admin_tpl('index');//载入后台首页模板
}
public function login() {
//<form="index.php?m=admin&c=index&a=login&dosubmit=1"></form>
if(isset($_GET['dosubmit'])) {
//不为口令卡验证
if (!isset($_GET['card'])) {
//用户名
$username = isset($_POST['username']) ? trim($_POST['username']) : showmessage(L('nameerror'),HTTP_REFERER);
//验证码
$code = isset($_POST['code']) && trim($_POST['code']) ? trim($_POST['code']) : showmessage(L('input_code'), HTTP_REFERER);
//如果验证码不相同
if ($_SESSION['code'] != strtolower($code)) {
showmessage(L('code_error'), HTTP_REFERER);//提示验证码错误
}
} else { //口令卡验证
if (!isset($_SESSION['card_verif']) || $_SESSION['card_verif'] != 1) {
showmessage(L('your_password_card_is_not_validate'), '?m=admin&c=index&a=public_card');
}
$username = $_SESSION['card_username'] ? $_SESSION['card_username'] : showmessage(L('nameerror'),HTTP_REFERER);
}
//密码错误剩余重试次数
$this->times_db = pc_base::load_model('times_model');//zp_times数据表
$rtime = $this->times_db->get_one(array('username'=>$username,'isadmin'=>1));//根据条件获取一条数据
$maxloginfailedtimes = getcache('common','commons');//获取缓存文件中的信息
$maxloginfailedtimes = (int)$maxloginfailedtimes['maxloginfailedtimes'];//获取允许的最大登陆失败次数
if($rtime['times'] >= $maxloginfailedtimes) {//如果当前登陆次数大于系统允许的最大登陆次数
$minute = 60-floor((SYS_TIME-$rtime['logintime'])/60);//锁定1小时
showmessage(L('wait_1_hour',array('minute'=>$minute)));//提示1小时后再登陆
}
//查询帐号
$r = $this->db->get_one(array('username'=>$username));//查询zp_admin数据表
if(!$r) showmessage(L('user_not_exist'),'?m=admin&c=index&a=login');//提示用户不存在
//密码
$password = md5(md5(trim((!isset($_GET['card']) ? $_POST['password'] : $_SESSION['card_password']))).$r['encrypt']);
//密码相同
if($r['password'] != $password) {
$ip = ip();//ip地址
if($rtime && $rtime['times'] < $maxloginfailedtimes) {//当前登陆次数小于系统允许的最大登陆次数
$times = $maxloginfailedtimes-intval($rtime['times']);//剩余登陆次数
//注意:$times于下面这行代码中的'times'=>'+=1'是不同的
$this->times_db->update(array('ip'=>$ip,'isadmin'=>1,'times'=>'+=1'),array('username'=>$username));
} else {
//如果是第一次登陆失败,记录登陆次数信息
$this->times_db->delete(array('username'=>$username,'isadmin'=>1));
$this->times_db->insert(array('username'=>$username,'ip'=>$ip,'isadmin'=>1,'logintime'=>SYS_TIME,'times'=>1));
$times = $maxloginfailedtimes;
}
//提示还能登陆的次数
showmessage(L('password_error',array('times'=>$times)),'?m=admin&c=index&a=login',3000);
}
$this->times_db->delete(array('username'=>$username));//清空当前登陆次数信息
//查看是否使用口令卡
if (!isset($_GET['card']) && $r['card'] && pc_base::load_config('system', 'safe_card') == 1) {
$_SESSION['card_username'] = $username;
$_SESSION['card_password'] = $_POST['password'];
header("location:?m=admin&c=index&a=public_card");
exit;
} elseif (isset($_GET['card']) && pc_base::load_config('system', 'safe_card') == 1 && $r['card']) {//对口令卡进行验证
isset($_SESSION['card_username']) ? $_SESSION['card_username'] = '' : '';
isset($_SESSION['card_password']) ? $_SESSION['card_password'] = '' : '';
isset($_SESSION['card_password']) ? $_SESSION['card_verif'] = '' : '';
}
//更新zp_admin数据表中登陆信息
$this->db->update(array('lastloginip'=>ip(),'lastlogintime'=>SYS_TIME),array('userid'=>$r['userid']));
$_SESSION['userid'] = $r['userid'];//用户id
$_SESSION['roleid'] = $r['roleid'];//角色id
//随机生成的6位hash,主要用来判断是否为系统管理员登陆
$_SESSION['pc_hash'] = random(6,'abcdefghigklmnopqrstuvwxwyABCDEFGHIGKLMNOPQRSTUVWXWY0123456789');
$_SESSION['lock_screen'] = 0;//是否锁频
$default_siteid = self::return_siteid();//返回角色所属的站点id
$cookie_time = SYS_TIME+86400*30;//cookie保存时间为一个月
if(!$r['lang']) $r['lang'] = 'zh-cn';//语言包
//注意:有必要看一下param::set_cookie函数的定义
param::set_cookie('admin_username',$username,$cookie_time);//用户名置入cookie中
param::set_cookie('siteid', $default_siteid,$cookie_time);//站点id置入cookie中
param::set_cookie('userid', $r['userid'],$cookie_time);//用户id置入cookie中
param::set_cookie('admin_email', $r['email'],$cookie_time);//用户邮箱置入cookie中
param::set_cookie('sys_lang', $r['lang'],$cookie_time);//语言包置入cookie中
showmessage(L('login_success'),'?m=admin&c=index');//提示登陆成功,并跳转到index控制器
} else {
pc_base::load_sys_class('form', '', 0);//后台模板文件一般需要此form类
include $this->admin_tpl('login');//显示login.tpl.php模板文件
}
}
public function public_card() {
$username = $_SESSION['card_username'] ? $_SESSION['card_username'] : showmessage(L('nameerror'),HTTP_REFERER);
$r = $this->db->get_one(array('username'=>$username));
if(!$r) showmessage(L('user_not_exist'),'?m=admin&c=index&a=login');
if (isset($_GET['dosubmit'])) {
pc_base::load_app_class('card', 'admin', 0);
$result = card::verification($r['card'], $_POST['code'], $_POST['rand']);
$_SESSION['card_verif'] = 1;
header("location:?m=admin&c=index&a=login&dosubmit=1&card=1");
exit;
}
pc_base::load_app_class('card', 'admin', 0);
$rand = card::authe_rand($r['card']);
include $this->admin_tpl('login_card');
}
/*
* 退出登录
*/
public function public_logout() {
$_SESSION['userid'] = 0;//将session中userid设置为0
$_SESSION['roleid'] = 0;//将session中roleid设置为0
param::set_cookie('admin_username','');//将cookie中系统管理员名设置为空
param::set_cookie('userid',0);//将cookie中userid设置为空
//退出phpsso
$phpsso_api_url = pc_base::load_config('system', 'phpsso_api_url');//接口地址
//跟137-138行代码类似
$phpsso_logout = '<script type="text/javascript" src="'.$phpsso_api_url.'/api.php?op=logout" reload="1"></script>';
//退出后返回登录界面
showmessage(L('logout_success').$phpsso_logout,'?m=admin&c=index&a=login');
}
【phpcms-v9】phpcms-v9中系统管理员登陆页面控制器文件分析:phpcms/modules/admin/index.php
最新推荐文章于 2021-03-10 19:23:41 发布