fix:优化auth权限,登录逻辑获取信息
This commit is contained in:
Ying
@@ -37,57 +37,45 @@ class Login extends AdminController
|
||||
public function index(): \support\Response
|
||||
{
|
||||
// 禁止重复访问
|
||||
if (isset(request()->adminData['id'])) {
|
||||
$session = get_admin_info();
|
||||
if (isset($session['id'])) {
|
||||
return $this->redirect('/admin/index');
|
||||
}
|
||||
|
||||
if (request()->isPost()) {
|
||||
|
||||
$user = request()->post('name');
|
||||
$pwd = request()->post('pwd');
|
||||
$captcha = request()->post('captcha');
|
||||
if ((isset(request()->adminData['count'])
|
||||
&& request()->adminData['count'] >= 5)
|
||||
&& (isset(request()->adminData['time'])
|
||||
&& request()->adminData['time'] >= strtotime('- 5 minutes'))
|
||||
) {
|
||||
$error = '错误次数过多,请稍后再试!';
|
||||
$this->writeLoginLogs($error);
|
||||
return $this->error($error);
|
||||
if ((isset($session['count']) && $session['count'] >= 5)
|
||||
&& (isset($session['time']) && $session['time'] >= strtotime('- 5 minutes'))) {
|
||||
return $this->displayResponse('错误次数过多,请稍后再试!');
|
||||
}
|
||||
|
||||
// 验证码
|
||||
if (isset(request()->adminData['isCaptcha'])) {
|
||||
if (isset($session['isCaptcha'])) {
|
||||
if (!$captcha || !$this->captchaCheck($captcha)) {
|
||||
$error = '验证码错误!';
|
||||
$this->writeLoginLogs($error);
|
||||
return $this->error($error);
|
||||
return $this->displayResponse('验证码错误!');
|
||||
}
|
||||
}
|
||||
|
||||
// 验证表单令牌
|
||||
if (!request()->checkToken('__token__', \request()->all())) {
|
||||
$error = '表单令牌错误!';
|
||||
$this->writeLoginLogs($error);
|
||||
return $this->error($error, '', ['token' => token()]);
|
||||
if (!request()->checkToken('__token__', request()->all())) {
|
||||
return $this->displayResponse('表单令牌错误!', ['token' => token()]);
|
||||
} else {
|
||||
|
||||
$result = Admin::checkLogin($user, $pwd);
|
||||
if (empty($result)) {
|
||||
request()->adminData['time'] = time();
|
||||
request()->adminData['isCaptcha'] = true;
|
||||
request()->adminData['count'] = isset(request()->adminData['count']) ? request()->adminData['count'] + 1 : 1;
|
||||
request()->session()->set(AdminSession, request()->adminData);
|
||||
$error = '用户名或密码错误!';
|
||||
$this->writeLoginLogs($error);
|
||||
Event::emit('adminLoginError', \request()->all());
|
||||
return $this->error($error, '', ['token' => token()]);
|
||||
$session['time'] = time();
|
||||
$session['isCaptcha'] = true;
|
||||
$session['count'] = isset($session['count']) ? $session['count'] + 1 : 1;
|
||||
request()->session()->set(AdminSession, $session);
|
||||
// 执行登录失败事件
|
||||
Event::emit('adminLoginError', request()->all());
|
||||
return $this->displayResponse('用户名或密码错误!', ['token' => token()]);
|
||||
}
|
||||
|
||||
if ($result['status'] !== 1) {
|
||||
$error = '账号已被禁用!';
|
||||
$this->writeLoginLogs($error);
|
||||
return $this->error($error);
|
||||
return $this->displayResponse('账号已被禁用!');
|
||||
}
|
||||
|
||||
$result->login_ip = request()->getRealIp();
|
||||
@@ -97,30 +85,41 @@ class Login extends AdminController
|
||||
try {
|
||||
|
||||
$result->save();
|
||||
$session = array_merge(request()->adminData, $result->toArray());
|
||||
$session = array_merge($session, $result->toArray());
|
||||
request()->session()->set(AdminSession, $session);
|
||||
} catch (\Throwable $th) {
|
||||
return $this->error($th->getMessage());
|
||||
}
|
||||
|
||||
$success = '登录成功!';
|
||||
$this->writeLoginLogs($success, true);
|
||||
Event::emit('adminLoginSuccess', $result->toArray());
|
||||
return $this->success($success, $this->JumpUrl);
|
||||
return $this->displayResponse('登录成功!', [] , $this->JumpUrl);
|
||||
}
|
||||
}
|
||||
|
||||
return view('login/index', [
|
||||
'captcha' => request()->adminData['isCaptcha'] ?? false,
|
||||
'captcha' => $session['isCaptcha'] ?? false,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* 退出登录
|
||||
* @param string $msg
|
||||
* @param array $data
|
||||
* @param string $url
|
||||
* @return Response
|
||||
*/
|
||||
private function displayResponse(string $msg = 'error', array $data = [], string $url = ''): Response
|
||||
{
|
||||
$this->adminLoginLog($msg, $url ? 1 : 0);
|
||||
return empty($url) ? $this->error($msg, $url, $data) : $this->success($msg, $url);
|
||||
}
|
||||
|
||||
/**
|
||||
* 写入登录日志
|
||||
* @param string $error
|
||||
* @param int $status
|
||||
*/
|
||||
private function writeLoginLogs(string $error, int $status = 0)
|
||||
private function adminLoginLog(string $error, int $status = 0)
|
||||
{
|
||||
$name = \request()->input('name');
|
||||
$userAgent = \request()->header('user-agent');
|
||||
@@ -131,7 +130,7 @@ class Login extends AdminController
|
||||
$user_os = '未知';
|
||||
}
|
||||
|
||||
$user_browser = preg_replace('/[^(]+\((.*?)[^)]+\) .*?/','$1',$userAgent);
|
||||
$user_browser = preg_replace('/[^(]+\((.*?)[^)]+\) .*?/', '$1', $userAgent);
|
||||
|
||||
$data = [
|
||||
'user_ip' => request()->getRealIp(),
|
||||
|
||||
@@ -325,7 +325,7 @@ class Admin extends AdminController
|
||||
$page = input('page', 1);
|
||||
$limit = input('limit', 3);
|
||||
// 计算最大页码
|
||||
$data = AdminNotice::with(['admin'])->where(['type' => $type, 'admin_id' => \request()->admin_id])
|
||||
$data = AdminNotice::with(['admin'])->where(['type' => $type, 'admin_id' => get_admin_id()])
|
||||
->order('id', 'desc')->paginate(['list_rows' => $limit, 'page' => $page])->toArray();
|
||||
return $this->success('获取成功', '', $data);
|
||||
}
|
||||
@@ -333,7 +333,7 @@ class Admin extends AdminController
|
||||
foreach ($array as $item) {
|
||||
$where = [
|
||||
['type', '=', $item],
|
||||
['admin_id', '=', request()->admin_id]
|
||||
['admin_id', '=', get_admin_id()]
|
||||
];
|
||||
$count[$item] = AdminNotice::where($where)->where('status', 0)->count();
|
||||
$list[$item] = AdminNotice::with(['admin'])->withoutField('content')->where($where)->limit(3)->order('id desc')->select()->toArray();
|
||||
@@ -358,7 +358,7 @@ class Admin extends AdminController
|
||||
$type = input('type', 'notice');
|
||||
|
||||
if (!empty($id)) {
|
||||
$detail = AdminNotice::with(['admin'])->where(['id' => $id, 'admin_id' => \request()->admin_id])->find();
|
||||
$detail = AdminNotice::with(['admin'])->where(['id' => $id, 'admin_id' => get_admin_id()])->find();
|
||||
if (empty($detail)) {
|
||||
return $this->error('404 Not Found');
|
||||
}
|
||||
@@ -383,7 +383,7 @@ class Admin extends AdminController
|
||||
{
|
||||
if (\request()->post()) {
|
||||
$post = request()->post();
|
||||
$post['send_id'] = request()->admin_id;
|
||||
$post['send_id'] = get_admin_id();
|
||||
$post['type'] = 'message';
|
||||
$post['send_ip'] = request()->getRealIp();
|
||||
$post['create_time'] = time();
|
||||
@@ -404,7 +404,7 @@ class Admin extends AdminController
|
||||
if (empty($id)) {
|
||||
throw new Exception('参数错误');
|
||||
}
|
||||
AdminNotice::where(['id' => $id, 'admin_id' => request()->admin_id])->update(['status' => $status]);
|
||||
AdminNotice::where(['id' => $id, 'admin_id' => get_admin_id()])->update(['status' => $status]);
|
||||
} catch (Exception $e) {
|
||||
return $this->error('更新失败');
|
||||
}
|
||||
@@ -424,7 +424,7 @@ class Admin extends AdminController
|
||||
$where = [
|
||||
['type', '=', $type],
|
||||
['status', '=', 1],
|
||||
['admin_id', '=', request()->admin_id]
|
||||
['admin_id', '=', get_admin_id()]
|
||||
];
|
||||
try {
|
||||
AdminNotice::where($where)->delete();
|
||||
@@ -446,7 +446,7 @@ class Admin extends AdminController
|
||||
$type = input('type', 'notice');
|
||||
$where = [
|
||||
['type', '=', $type],
|
||||
['admin_id', '=', request()->admin_id]
|
||||
['admin_id', '=', get_admin_id()]
|
||||
];
|
||||
try {
|
||||
AdminNotice::where($where)->update(['status' => 1]);
|
||||
@@ -468,10 +468,9 @@ class Admin extends AdminController
|
||||
*/
|
||||
public function center(Request $request): \support\Response
|
||||
{
|
||||
|
||||
if (request()->isPost()) {
|
||||
$post = request()->post();
|
||||
$post['id'] = $request->admin_id;
|
||||
$post['id'] = get_admin_id();
|
||||
if ($this->model->update($post)) {
|
||||
return $this->success();
|
||||
}
|
||||
@@ -480,7 +479,7 @@ class Admin extends AdminController
|
||||
}
|
||||
|
||||
$title = [];
|
||||
$data = $this->model->find($request->admin_id);
|
||||
$data = $this->model->find(get_admin_id());
|
||||
if (!empty($data['group_id'])) {
|
||||
$group = AdminGroupModel::field('title')
|
||||
->whereIn('id', $data['group_id'])
|
||||
@@ -505,7 +504,7 @@ class Admin extends AdminController
|
||||
{
|
||||
if (request()->isAjax()) {
|
||||
$post = request()->post();
|
||||
$id = $request->admin_id;
|
||||
$id = get_admin_id();
|
||||
try {
|
||||
//code...
|
||||
switch ($post['field']) {
|
||||
@@ -571,7 +570,7 @@ class Admin extends AdminController
|
||||
}
|
||||
|
||||
// 查找数据
|
||||
$where[] = ['id', '=', request()->admin_id];
|
||||
$where[] = ['id', '=', get_admin_id()];
|
||||
$where[] = ['pwd', '=', encryptPwd($pwd)];
|
||||
$result = $this->model->where($where)->find();
|
||||
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
<?php
|
||||
declare (strict_types=1);
|
||||
|
||||
// +----------------------------------------------------------------------
|
||||
// | swiftAdmin 极速开发框架 [基于WebMan开发]
|
||||
// +----------------------------------------------------------------------
|
||||
@@ -11,8 +12,7 @@ declare (strict_types=1);
|
||||
// +----------------------------------------------------------------------
|
||||
|
||||
namespace app\admin\controller\system;
|
||||
|
||||
|
||||
set_time_limit(600);
|
||||
use GuzzleHttp\Exception\TransferException;
|
||||
use support\Response;
|
||||
use system\File;
|
||||
@@ -276,6 +276,9 @@ class Plugin extends AdminController
|
||||
public function config(): Response
|
||||
{
|
||||
$name = input('name');
|
||||
if (!empty($name)) {
|
||||
$name = strtolower(trim($name));
|
||||
}
|
||||
if (preg_replace('/[^a-zA-Z0-9]/i', '', $name) !== $name) {
|
||||
return $this->error('插件名称只能是字母和数字');
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user