bob
/
westdc-zf1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

修改跨域登录功能

This commit is contained in:
Li Jianxuan 2014-06-11 01:39:18 +00:00
parent f7fbbf4e64
commit 1a6b0375a9
2 changed files with 742 additions and 726 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1181
application/default/controllers/AccountController.php
View File

File diff suppressed because it is too large Load Diff

287
application/module/Users/Member.php
View File

@ -1,138 +1,151 @@
<?php <?php
namespace Users; namespace Users;
class Member class Member
{ {
var $ck='DCC3ER4T8L2EFX94OPDF'; var $ck='DCC3ER4T8L2EFX94OPDF';
var $db; //传入PDO对象 var $db; //传入PDO对象
var $mid; //会员ID var $mid; //会员ID
public $scr; //cookie 安全码 $_COOKIE['scr'] public $scr; //cookie 安全码 $_COOKIE['scr']
public $user;//cookie User $_COOKIE['user'] public $user;//cookie User $_COOKIE['user']
public $srpwd;//执行checkcookie后方可调用 public $srpwd;//执行checkcookie后方可调用
public $memberTable = "users"; public $memberTable = "users";
public $FieldUsername = "username"; public $FieldUsername = "username";
public $FieldPasword = "password"; public $FieldPasword = "password";
public $FieldLastlogin = "ts_last_login"; public $FieldLastlogin = "ts_last_login";
public $FieldEmail = "email"; public $FieldEmail = "email";
public $FieldLastloginIp = "last_login_ip"; public $FieldLastloginIp = "last_login_ip";
public $GravatarEmailField = "gravatar_email"; public $GravatarEmailField = "gravatar_email";
public $RoleMember = "member"; public $rootdomain = "";
function __construct() public $RoleMember = "member";
{
if(empty($db)) function __construct()
{ {
$this->db = \Zend_Registry::get('db'); if(empty($db))
}else{ {
$this->db = $db; $this->db = \Zend_Registry::get('db');
} }else{
$this->db = $db;
$this->config = \Zend_Registry::get('config'); }
if(!empty($_COOKIE['scr'])) $this->config = \Zend_Registry::get('config');
{
$this->scr = $_COOKIE['scr']; if(!empty($_COOKIE['scr']))
} {
if(!empty($_COOKIE['user'])) $this->scr = $_COOKIE['scr'];
{ }
$this->user= $_COOKIE['user']; if(!empty($_COOKIE['user']))
} {
} $this->user= $_COOKIE['user'];
}
/** if(!isset($this->config->auth->domain) && !empty($this->config->auth->domain))
* 检测cookie {
*/ $this->rootdomain = $this->config->auth->domain;
public function checkcookie() }
{ }
$uname = $this->user;
$hash = $this->scr;
/**
if(!empty($uname) && !empty($hash)) * 检测cookie
{ */
if (preg_match("/[<|>|#|$|%|^|*|(|)|{|}|'|\"|;|:]/i",$uname) || preg_match("/[<|>|#|$|%|^|*|(|)|{|}|'|\"|;|:]/i",$hash)) public function checkcookie()
{ {
$this->mid=0; $uname = $this->user;
return false; $hash = $this->scr;
}
else{ if(!empty($uname) && !empty($hash))
$sql = "select {$this->FieldUsername} as userid,{$this->FieldPasword} as pwd from {$this->memberTable} where {$this->FieldUsername}='$uname'"; {
$rs = $this->db->query($sql); if (preg_match("/[<|>|#|$|%|^|*|(|)|{|}|'|\"|;|:]/i",$uname) || preg_match("/[<|>|#|$|%|^|*|(|)|{|}|'|\"|;|:]/i",$hash))
$row = $rs->fetch(); {
$scr = $this->makescr($row['userid'],$row['pwd']); $this->mid=0;
return false;
if($hash == $scr) }
{ else{
$this->srpwd=$row['pwd']; $sql = "select {$this->FieldUsername} as userid,{$this->FieldPasword} as pwd from {$this->memberTable} where {$this->FieldUsername}='$uname'";
return true; $rs = $this->db->query($sql);
} $row = $rs->fetch();
else { $scr = $this->makescr($row['userid'],$row['pwd']);
return false;
} if($hash == $scr)
}//cookie安全 {
}else { $this->srpwd=$row['pwd'];
return false; return true;
}//exit }
}//function checkcookie else {
return false;
/** }
* putcookie }//cookie安全
* }else {
* 登陆成功后放置cookie包含安全码 return false;
* }//exit
* @param String $uname }//function checkcookie
* @param String $pwd
* @param Int $time /**
*/ * putcookie
public function putcookie($uname,$pwd,$time = 604800) *
{ * 登陆成功后放置cookie包含安全码
try { *
$scrString = $this->makescr($uname,$pwd);//加密验证串:防止用户密码被盗防止伪造cookie。 * @param String $uname
* @param String $pwd
if(!is_numeric($time)) * @param Int $time
{ */
$time = 604800; public function putcookie($uname,$pwd,$time = 604800)
} {
try {
setcookie('user',$uname,time()+$time,'/'); $scrString = $this->makescr($uname,$pwd);//加密验证串:防止用户密码被盗防止伪造cookie。
setcookie('scr',$scrString,time()+$time,'/');
if(!is_numeric($time))
return true; {
} catch (Exception $e) { $time = 604800;
return false; }
}
if(empty($this->rootdomain))
}//function putcookie {
setcookie('user',$uname,time()+$time,'/');
/** setcookie('scr',$scrString,time()+$time,'/');
* 生成安全码 }else{
* setcookie('user',$uname,time()+$time,'/',$this->rootdomain);
* @param String $u setcookie('scr',$scrString,time()+$time,'/',$this->rootdomain);
* @param String $p }
*/
public function makescr($u,$p) return true;
{ } catch (Exception $e) {
return substr(md5($u.$p.$this->ck),3,20); return false;
} }
/** }//function putcookie
* 清除cookie
*/ /**
static function flushcookie() * 生成安全码
{ *
setcookie('user','',time()-99999,'/'); * @param String $u
setcookie('scr','',time()-99999,'/'); * @param String $p
} */
public function makescr($u,$p)
public function getUser() {
{ return substr(md5($u.$p.$this->ck),3,20);
$sql = "SELECT * FROM ".$this->memberTable." m ORDER BY m.id DESC"; }
$rs = $this->db->query($sql);
return $rs->fetchAll(); /**
} * 清除cookie
*/
static function flushcookie()
{
setcookie('user','',time()-99999,'/');
setcookie('scr','',time()-99999,'/');
}
public function getUser()
{
$sql = "SELECT * FROM ".$this->memberTable." m ORDER BY m.id DESC";
$rs = $this->db->query($sql);
return $rs->fetchAll();
}
} }