search
HomePHP FrameworkThinkPHPDolphin background login source code analysis based on ThinkPHP5.1
Dolphin background login source code analysis based on ThinkPHP5.1
藏色散人
藏色散人
Sep 18, 2019 pm 02:02 PM
thinkphp5.1

Dolphin background login source code analysis based on thinkphp5.1

1. First come to the login code, some code screenshots, if you are interested, you can check the source code yourself

Start at login

public function signin()
{
    if ($this->request->isPost()) {
        // 获取post数据
        $data = $this->request->post();   
        $rememberme = isset($data['remember-me']) ? true : false;
        // 登录钩子, 做一些登录前动作, 这里暂时没有实现
        $hook_result = Hook::listen('signin', $data);
        if (!empty($hook_result) && true !== $hook_result[0]) {
            $this->error($hook_result[0]);
        }
        // 验证数据 
        $result = $this->validate($data, 'User.signin');
        if(true !== $result){
            // 验证失败 输出错误信息
            $this->error($result);
        }
        // 验证码  
        if (config('captcha_signin')) {
            $captcha = $this->request->post('captcha', '');
            $captcha == '' && $this->error('请输入验证码');
            if(!captcha_check($captcha, '')){
                //验证失败
                $this->error('验证码错误或失效');
            };
        }
        // 登录
        $UserModel = new UserModel模型分析;   // 进去模型逻辑
        $uid = $UserModel->login($data['username'], $data['password'], $rememberme);
        if ($uid) {
            // 记录行为
            action_log('user_signin', 'admin_user', $uid, $uid);
            $this->jumpUrl();
        } else {
            $this->error($UserModel->getError());
        }
    } else {   // 下面是单点登录的钩子,目前后台不支持
         $hook_result = Hook::listen('signin_sso');
          if (!empty($hook_result) && true !== $hook_result[0]) {
              if (isset($hook_result[0]['url'])) {
                  $this->redirect($hook_result[0]['url']);
              }  if (isset($hook_result[0]['error'])) {
                  $this->error($hook_result[0]['error']);
             } }
          if (is_signin()) {
          $this->jumpUrl();
         } else {
          return $this->fetch();
         }}
}

Enter UserModel model analysis

$UserModel = new UserModel;   
// 调用模型中的Login登录, 账号 密码 是否记住我
$uid = $UserModel->login($data['username'], $data['password'], $rememberme);
public function login($username = '', $password = '', $rememberme = false)\
{
$username = trim($username); 
$password = trim($password);
// 匹配登录方式
if (preg_match("/^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/", $username)) {
// 邮箱登录
$map['email'] = $username;
} elseif (preg_match("/^1\d{10}$/", $username)) {
// 手机号登录
$map['mobile'] = $username;
} else {
// 用户名登录
$map['username'] = $username;
}
$map['status'] = 1;
// 查找用户
$user = $this::get($map);
if (!$user) {
$this->error = '用户不存在或被禁用!';
} else {
// 检查是否分配用户组
if ($user['role'] == 0) {
$this->error = '禁止访问,原因:未分配角色!';
return false;
}  // 检查是可登录后台
if (!RoleModel::where(['id' => $user['role'], 'status' => 1])->value('access')) {
$this->error = '禁止访问,用户所在角色未启用或禁止访问后台!';
return false;
}  if (!Hash::check((string)$password, $user['password'])) {
$this->error = '账号或者密码错误!';
} else {
$uid = $user['id'];
// 更新登录信息
$user['last_login_time'] = request()->time();
$user['last_login_ip']   = request()->ip(1);
if ($user->save()) {
// 自动登录
return $this->autoLogin($this::get($uid), $rememberme);
} else {
// 更新登录信息失败
$this->error = '登录信息更新失败,请重新登录!';
return false;
} } }  return false;
}

Check various permissions and start logging in after there are no problems

public function autoLogin($user, $rememberme = false)
{
    // 记录登录SESSION和COOKIES
    $auth = array(
        'uid'             => $user->id,
        'group'           => $user->group,
        'role'            => $user->role,
        'role_name'       => Db::name('admin_role')->where('id', $user->role)->value('name'),
        'avatar'          => $user->avatar,
        'username'        => $user->username,
        'nickname'        => $user->nickname,
        'last_login_time' => $user->last_login_time,
        'last_login_ip'   => get_client_ip(1),
    );
    session('user_auth', $auth);   // 默认保存session 
    session('user_auth_sign', data_auth_sign($auth));  //参数进行加密
    // 保存用户节点权限, 方面后期直接用
    if ($user->role != 1) {
        $menu_auth = Db::name('admin_role')->where('id', session('user_auth.role'))->value('menu_auth');
        $menu_auth = json_decode($menu_auth, true);
        if (!$menu_auth) {
            session('user_auth', null);
            session('user_auth_sign', null);
            $this->error = '未分配任何节点权限!';
            return false;
        }
    }
    // 记住登录
    if ($rememberme) {   // 存储的cookie  data_auth_sign 对signin 进行加密
        $signin_token = $user->username.$user->id.$user->last_login_time;
        cookie('uid', $user->id, 24 * 3600 * 7);
        cookie('signin_token', data_auth_sign($signin_token), 24 * 3600 * 7);
    }
    return $user->id;   //登录成功返回uid 
}

About data_auth_sign encryption method

 function data_auth_sign($data = [])
{
    // 数据类型检测
    if(!is_array($data)){
        $data = (array)$data;
    }
    // 排序
    ksort($data);
    // url编码并生成query字符串
    $code = http_build_query($data);
    // 生成签名
    $sign = sha1($code);
    return $sign;
}
登录后进行登录行为记录,大家可以根据自己需求选择是否记录
最后进行登陆后跳转,分析用户可以跳转的 url
private function jumpUrl()
{
    if (session('user_auth.role') == 1) {  // 判断是否管理员
        $this->success('登录成功', url('admin/index/index'));
    }
    // 是否有指定默认跳转模块
    $default_module = RoleModel::where('id', session('user_auth.role'))->value('default_module');
    $menu = MenuModel::get($default_module);
    if (!$menu) {
        $this->error('当前角色未指定默认跳转模块!');
    }
    if ($menu['url_type'] == 'link') {
        $this->success('登录成功', $menu['url_value']);
    }
    $menu_url = explode('/', $menu['url_value']);
    role_auth();
    $url = action('admin/ajax/getSidebarMenu', ['module_id' => $default_module, 'module' => $menu['module'], 'controller' => $menu_url[1]]);
    if ($url == '') {
        $this->error('权限不足');
    } else {
        $this->success('登录成功', $url);
    }
}

The above is the detailed content of Dolphin background login source code analysis based on ThinkPHP5.1. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:learnku. If there is any infringement, please contact admin@php.cn delete
Related Article
What is the difference between think book and thinkpadWhat is the difference between think book and thinkpadMar 06, 2025 pm 02:16 PM

This article compares Lenovo's ThinkBook and ThinkPad laptop lines. ThinkPads prioritize durability and performance for professionals, while ThinkBooks offer a stylish, affordable option for everyday use. The key differences lie in build quality, p

How to prevent SQL injection tutorialHow to prevent SQL injection tutorialMar 06, 2025 pm 02:10 PM

This article explains how to prevent SQL injection in ThinkPHP applications. It emphasizes using parameterized queries via ThinkPHP's query builder, avoiding direct SQL concatenation, and implementing robust input validation & sanitization. Ad

How can I use ThinkPHP to build command-line applications?How can I use ThinkPHP to build command-line applications?Mar 12, 2025 pm 05:48 PM

This article demonstrates building command-line applications (CLIs) using ThinkPHP's CLI capabilities. It emphasizes best practices like modular design, dependency injection, and robust error handling, while highlighting common pitfalls such as insu

How to deal with thinkphp vulnerability? How to deal with thinkphp vulnerabilityHow to deal with thinkphp vulnerability? How to deal with thinkphp vulnerabilityMar 06, 2025 pm 02:08 PM

This article addresses ThinkPHP vulnerabilities, emphasizing patching, prevention, and monitoring. It details handling specific vulnerabilities via updates, security patches, and code remediation. Proactive measures like secure configuration, input

How to install the software developed by thinkphp How to install the tutorialHow to install the software developed by thinkphp How to install the tutorialMar 06, 2025 pm 02:09 PM

This article details ThinkPHP software installation, covering steps like downloading, extraction, database configuration, and permission verification. It addresses system requirements (PHP version, web server, database, extensions), common installat

How to fix thinkphp vulnerability How to deal with thinkphp vulnerabilityHow to fix thinkphp vulnerability How to deal with thinkphp vulnerabilityMar 06, 2025 pm 02:04 PM

This tutorial addresses common ThinkPHP vulnerabilities. It emphasizes regular updates, security scanners (RIPS, SonarQube, Snyk), manual code review, and penetration testing for identification and remediation. Preventative measures include secure

What Are the Key Considerations for Using ThinkPHP in a Serverless Architecture?What Are the Key Considerations for Using ThinkPHP in a Serverless Architecture?Mar 18, 2025 pm 04:54 PM

The article discusses key considerations for using ThinkPHP in serverless architectures, focusing on performance optimization, stateless design, and security. It highlights benefits like cost efficiency and scalability, but also addresses challenges

How to use thinkphp tutorialHow to use thinkphp tutorialMar 06, 2025 pm 02:11 PM

This article introduces ThinkPHP, a free, open-source PHP framework. It details ThinkPHP's MVC architecture, features (routing, database interaction), advantages (rapid development, ease of use), and disadvantages (potential over-engineering, commun

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Show More

Hot Article

Repo: How To Revive Teammates
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
How Long Does It Take To Beat Split Fiction?
4 weeks agoByDDD
R.E.P.O. Save File Location: Where Is It & How to Protect It?
4 weeks agoByDDD
Show More

Hot Tools

Dreamweaver Mac version

Dreamweaver Mac version

Visual web development tools

MantisBT

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Show More

Hot Topics

Where is the login entrance for gmail email?
7367
15
Java Tutorial
1628
14
CakePHP Tutorial
1354
52
Laravel Tutorial
1266
25
PHP Tutorial
1214
29
Show More