增加了cookie+session自动登陆功能。
This commit is contained in:
Li Jianxuan
parent
f281ce6a39
commit
149943900c
|
|
@ -150,6 +150,9 @@ class AccountController extends Zend_Controller_Action
|
|||
{
|
||||
$auth = Zend_Auth::getInstance();
|
||||
$auth->clearIdentity();
|
||||
require_once 'member.php';
|
||||
$mb=new member();
|
||||
$mb::flushcookie();
|
||||
$this->_redirect('/');
|
||||
}
|
||||
|
||||
|
|
@ -157,6 +160,7 @@ class AccountController extends Zend_Controller_Action
|
|||
{
|
||||
$auth = Zend_Auth::getInstance();
|
||||
$db=Zend_Registry::get('db');
|
||||
|
||||
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
|
||||
$authAdapter->setTableName('users')
|
||||
->setIdentityColumn('username')
|
||||
|
|
@ -164,14 +168,18 @@ class AccountController extends Zend_Controller_Action
|
|||
$authAdapter->setIdentity($u)->setCredential(md5($p));
|
||||
$result = $auth->authenticate($authAdapter);
|
||||
if ($result->isValid()) {
|
||||
|
||||
// success: store database row to auth's storage
|
||||
$data = $authAdapter->getResultRowObject(null,'password');
|
||||
$auth->getStorage()->write($data);
|
||||
if ($this->_request->getParam('remember')) {
|
||||
$authNamespace = new Zend_Session_Namespace('westdc');
|
||||
$authNamespace->setExpirationSeconds(2592000);
|
||||
}
|
||||
$db->query("update users set ts_last_login=now() where username=?",array($u));
|
||||
|
||||
if ($this->_request->getParam('remember')) {
|
||||
require_once 'member.php';
|
||||
$mb = new member();
|
||||
$mb -> putcookie($u,md5($p));
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
'action' => 'login');
|
||||
public function __construct(Zend_Auth $auth)
|
||||
{
|
||||
$this->db=Zend_Registry::get('db');
|
||||
$this->auth = $auth;
|
||||
$this->acl = new Zend_Acl();
|
||||
// add the different user roles
|
||||
|
|
@ -36,6 +37,7 @@
|
|||
$this->acl->allow('member', 'account');
|
||||
// allows administrators access to the admin area
|
||||
$this->acl->allow('administrator', 'admin');
|
||||
|
||||
}
|
||||
/**
|
||||
* preDispatch
|
||||
|
|
@ -50,6 +52,25 @@
|
|||
{
|
||||
// check if a user is logged in and has a valid role,
|
||||
// otherwise, assign them the default role (guest)
|
||||
$mb = new member();
|
||||
$mb->db=$this->db;
|
||||
|
||||
if($mb->checkcookie())
|
||||
{
|
||||
$auth = Zend_Auth::getInstance();
|
||||
$authAdapter = new Zend_Auth_Adapter_DbTable($this->db);
|
||||
$authAdapter->setTableName('users')
|
||||
->setIdentityColumn('username')
|
||||
->setCredentialColumn('password');
|
||||
$authAdapter->setIdentity($mb->user)->setCredential($mb->srpwd);
|
||||
$result = $auth->authenticate($authAdapter);
|
||||
if ($result->isValid()) {
|
||||
$data = $authAdapter->getResultRowObject(null,'password');
|
||||
$auth->getStorage()->write($data);
|
||||
$this->db->query("update users set ts_last_login=now() where username=?",array($mb->user));
|
||||
}
|
||||
}
|
||||
|
||||
if ($this->auth->hasIdentity())
|
||||
$role = $this->auth->getIdentity()->usertype;
|
||||
else
|
||||
|
|
|
|||
|
|
@ -0,0 +1,110 @@
|
|||
<?php
|
||||
class member
|
||||
{
|
||||
var $ck='Dxe8SqIcmyUf';
|
||||
var $db; //传入PDO对象
|
||||
var $mid; //会员ID
|
||||
|
||||
public $scr; //cookie 安全码 $_COOKIE['scr']
|
||||
public $user;//cookie User $_COOKIE['user']
|
||||
|
||||
public $srpwd;//执行checkcookie后方可调用
|
||||
|
||||
function __construct()
|
||||
{
|
||||
if(!empty($_COOKIE['scr']))
|
||||
{
|
||||
$this->scr = $_COOKIE['scr'];
|
||||
}
|
||||
if(!empty($_COOKIE['user']))
|
||||
{
|
||||
$this->user= $_COOKIE['user'];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 检测cookie
|
||||
*/
|
||||
public function checkcookie()
|
||||
{
|
||||
$uname = $this->user;
|
||||
$hash = $this->scr;
|
||||
|
||||
if(!empty($uname) && !empty($hash))
|
||||
{
|
||||
if (preg_match("/[<|>|#|$|%|^|*|(|)|{|}|'|\"|;|:]/i",$uname) || preg_match("/[<|>|#|$|%|^|*|(|)|{|}|'|\"|;|:]/i",$hash))
|
||||
{
|
||||
$this->mid=0;
|
||||
return false;
|
||||
}
|
||||
else{
|
||||
$sql = "select username,password from users where username='$uname'";
|
||||
$rs = $this->db->query($sql);
|
||||
$row = $rs->fetch();
|
||||
$scr = $this->makescr($row['username'],$row['password']);
|
||||
|
||||
if($hash == $scr)
|
||||
{
|
||||
$this->srpwd=$row['password'];
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
}//cookie安全
|
||||
}else {
|
||||
return false;
|
||||
}//exit
|
||||
}//function checkcookie
|
||||
|
||||
/**
|
||||
* putcookie
|
||||
*
|
||||
* 登陆成功后放置cookie,包含安全码
|
||||
*
|
||||
* @param String $uname
|
||||
* @param String $pwd
|
||||
* @param Int $time
|
||||
*/
|
||||
public function putcookie($uname,$pwd,$time = 604800)
|
||||
{
|
||||
try {
|
||||
$scrString = $this->makescr($uname,$pwd);//加密验证串:防止用户密码被盗;防止伪造cookie。
|
||||
|
||||
if(!is_numeric($time))
|
||||
{
|
||||
$time = 604800;
|
||||
}
|
||||
|
||||
setcookie('user',$uname,time()+$time,'/');
|
||||
setcookie('scr',$scrString,time()+$time,'/');
|
||||
|
||||
return true;
|
||||
} catch (Exception $e) {
|
||||
return false;
|
||||
}
|
||||
|
||||
}//function putcookie
|
||||
|
||||
/**
|
||||
* 生成安全码
|
||||
*
|
||||
* @param String $u
|
||||
* @param String $p
|
||||
*/
|
||||
public function makescr($u,$p)
|
||||
{
|
||||
return substr(md5($u.$p.$this->ck),3,20);
|
||||
}
|
||||
|
||||
/**
|
||||
* 清除cookie
|
||||
*/
|
||||
static function flushcookie()
|
||||
{
|
||||
setcookie('user','',time()-99999,'/');
|
||||
setcookie('scr','',time()-99999,'/');
|
||||
}
|
||||
}
|
||||
?>
|
||||
Loading…
Reference in New Issue