登录验证部分实例
上一讲我已经说了RBAC的流程,这次通过实际代码来分析。首先讲登录部分,登录无非就是验证用户名密码以及验证码是否正确,我们可以新建一个CommonAction的公共类,用来校验权限,其他所有类继承此类。该类内部写一个初始化方法,用于验证,这一讲先不详细讲解。继续说登录,由于登录是公开模块的方法,所以可以新建一个PublicAction类,用于公共的免验证方法,同时在配置文件中添加'NOT_AUTH_MODULE' => 'Public', //默认不需要认证的模块<br>
'USER_AUTH_GATEWAY' => '/Public/login',//默认的认证网关然后开始编写Public类,具体代码如下:<?php <br />
class PublicAction extends CommonAction{<br>
<br>
//验证码显示<br>
public function verify(){<br>
import("ORG.Util.Image");<br>
Image::buildImageVerify(4,1,"png",100,28,"verify"); <br>
}<br>
//验证是否账号密码<br>
function checklogin(){<br>
//此处多余可自行改为Model自动验证<br>
if(empty($_POST['username'])) {<br>
$this->error('帐号错误!');<br>
}elseif (empty($_POST['password'])){<br>
$this->error('密码必须!');<br>
}elseif (empty($_POST['verify'])){<br>
$this->error('验证码必须!');<br>
}<br>
$map=array();<br>
$map['username']=$_POST['username'];<br>
$map['status']=array('gt',0);<br>
if($_SESSION['verify'] != md5($_POST['verify'])) {<br>
$this->error('验证码错误!');<br>
}<br>
<br>
import('ORG.Util.RBAC');<br>
//C('USER_AUTH_MODEL','User');<br>
//验证账号密码<br>
$authInfo=RBAC::authenticate($map);<br>
<br>
if(empty($authInfo)){<br>
$this->error('账号不存在或者被禁用!');<br>
}else{<br>
if($authInfo['password']!=md5($_POST['password'])){<br>
$this->error('账号密码错误!');<br>
}else{<br>
<br>
$_SESSION[C('USER_AUTH_KEY')]=$authInfo['id'];//记录认证标记,必须有。其他信息根据情况取用。<br>
$_SESSION['email']=$authInfo['email'];<br>
$_SESSION['nickname']=$authInfo['nickname'];<br>
$_SESSION['user']=$authInfo['username'];<br>
$_SESSION['last_login_date']=$authInfo['last_login_date'];<br>
$_SESSION['last_login_ip']=$authInfo['last_login_ip'];<br>
//判断是否为超级管理员<br>
if($authInfo['username']=='admin'){<br>
$_SESSION[C('ADMIN_AUTH_KEY')]=true;<br>
}<br>
//以下操作为记录本次登录信息<br>
$user=M('User');<br>
$lastdate=date('Y-m-d H:i:s');<br>
$data=array();<br>
$data['id']=$authInfo['id'];<br>
$data['last_login_date']=$lastdate;<br>
$data['last_login_ip']=$_SERVER["REMOTE_ADDR"];<br>
$user->save($data);<br>
RBAC::saveAccessList();//用于检测用户权限的方法,并保存到Session中<br>
$this->assign('jumpUrl',.'/Index/index');<br>
$this->success('登录成功!');<br>
}<br>
}<br>
}<br>
//退出登录操作<br>
function logout(){<br>
if(!empty($_SESSION[C('USER_AUTH_KEY')])){<br>
unset($_SESSION[C('USER_AUTH_KEY')]);<br>
$_SESSION=array();<br>
session_destroy();<br>
$this->assign('jumpUrl',/Code.'/login');<br>
$this->success('登出成功');<br>
}else{<br>
$this->error('已经登出了');<br>
}<br>
}<br>
<br>
<br>
}以上代码仅实现功能,没有做优化,有些验证的操作可以放到model,session也不用一 一赋值,用数组即可,我想已经入门的应该可以自己改的更好。
AD:真正免费,域名+虚机+企业邮箱=0元
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Dreamweaver Mac version
Visual web development tools
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
Atom editor mac version download
The most popular open source editor
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
SublimeText3 Mac version
God-level code editing software (SublimeText3)
