isPost()){ $username = input('?post.account')?input('post.account','','trim'):''; $password = input('?post.password')?input('post.password','','trim'):''; $jzma = input('?post.jzma')?input('post.jzma','','trim'):''; if(!$username||!$password){ $this->error('用户名或密码错误'); } $ret = (new \app\common\util\ThrottlesUtil(config('app.login_throttles')))->tooManyAttempts($username); // 登录限流 if($ret){ $this->error('账号已被锁定，请稍后重试'); } $info = Db::name('user')->where('account',$username)->where('del',0)->find(); if(empty($info)) $this->error('用户信息不存在'); if($info['enable']==0) $this->error('该账号被禁用'); if(!password_verify($password,$info['password'])){ $this->error('用户名或密码错误'); } $rolesId = Db::name('user_roles')->where('user_id',$info['id'])->value('roles_id'); if(!$rolesId){ $this->error('用户未设置角色，无法登陆'); } $orgs = model('Org')->getListByRoles($info['id']); if(empty($orgs)){ $this->error('用户没有组织，无法登陆'); } /* 更新登录信息 */ $data = array( 'last_login_time' => date('Y-m-d H:i:s') ); Db::name('user')->where('id',$info['id'])->update($data); /* 记录登录SESSION和COOKIES */ $auth = array( 'id' => $info['id'], 'account' => $info['account'], 'real_name' => $info['real_name'], 'last_login_time' => $data['last_login_time'], 'rolesId' => $rolesId?$rolesId:0 ); session('user_auth',$auth); session('user_auth_sign',data_auth_sign($auth)); session('orgId',$orgs[0]['id']); session('orgName',$orgs[0]['name']); (new \app\common\util\ThrottlesUtil(config('app.login_throttles')))->resetAttempts($username); // 登录成功，重置限流 if(!empty($jzma)){ $day = 30; cookie("user_auth",$auth,time()+3600*24*$day); cookie("user_auth_sign",data_auth_sign($auth),time()+3600*24*$day); cookie("orgId",$orgs[0]['id'],time()+3600*24*$day); cookie("orgName",$orgs[0]['name'],time()+3600*24*$day); }else{ cookie("user_auth",null); cookie("user_auth_sign",null); cookie("orgId",null); cookie("orgName",null); } $url = $_SERVER['HTTP_REFERER']?$_SERVER['HTTP_REFERER']:url('Index/index'); $this->success('登录成功',$url); }else{ $config = Db::name('config') ->where('name','web_site_title') ->value('value'); if(is_login()){ $url = request()->domain().'/home/index.html'; $this->redirect($url); } $forgeturl = request()->domain().'/common/forget.html'; $this->assign('forgeturl',$forgeturl); $this->assign('title',$config); return $this->fetch(); } } public function forget(){ if(request()->isPost()) { $username = input('?post.account')?input('post.account','','trim'):''; $password = input('?post.password')?input('post.password','','trim'):''; $code = input('?post.code')?input('post.code','','trim'):''; if(!$username){ $this->error('手机号不能为空'); } if(!$code){ $this->error('验证码不能为空'); } if(!$password){ $this->error('新密码不能为空'); } if(!verify_sms($username,$code)){ $this->error('验证码信息错误'); } $info = Db::name('user') ->where('mobile',$username) ->where('del',0)->find(); if(empty($info)) $this->error('用户信息不存在'); if($info['enable']==0) $this->error('该账号被禁用'); $pas = password_hash($password, PASSWORD_DEFAULT); $sdata = [ 'update_time' => date('Y-m-d H:i:s'), 'password' =>$pas ]; $res = Db::name('user') ->where('id',$info['id']) ->update($sdata); $res?$this->success('修改成功',request()->domain().'/common/login.html'):$this->error('修改失败'); }else{ $config = Db::name('config') ->where('name', 'web_site_title') ->value('value'); $loginurl = request()->domain().'/common/login.html'; $this->assign('loginurl',$loginurl); $this->assign('title',$config); return $this->fetch(); } } public function sms(){ $phone = input('mobile'); if(empty($phone)){ $this->error('手机号不能为空'); } $res = send_verify_sms($phone); if(!$res){ $this->error('发送失败'); } $this->success('发送成功'); } /** * 退出登录 */ public function logout(){ session('user_auth',null); session('user_auth_sign',null); cookie("user_auth",null); cookie("user_auth_sign",null); $this->redirect(request()->domain().'/common/login.html'); } /** * 无权限跳转页面 */ public function access(){ return $this->fetch(); } /** * 403页面 */ public function forbid(){ return $this->fetch('403'); } }