get('user'); if (empty($user)) return errjson('请填写用户名'); $csql = new \ciy\sql('zc_admin'); $csql->where('mobile', $user); $rsuser = $db->getone($csql); if ($rsuser === false) return errjson($db->error); if (!is_array($rsuser)) { savelog($db, 0, 'LOGINERR', '用户[' . $user . ']不存在，在尝试登录'); return errjson('用户名不存在'); } if ($rsuser['trytime'] > 10) { if (tostamp() - $rsuser['logintimes'] < 600) { savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']登录连续失败'); return errjson('连续输入密码错误，10分钟后再来登录.'); } } if ($rsuser['stpstatus'] != 10) { savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']被禁用，在尝试登录'); return errjson('您的账户已经被禁用.'); } $authtime = $post->getint('auth'); if (abs($authtime / 1000 - tostamp()) > 300) return errjson('您的本地时间与服务器时间相差超过5分钟，请调整本机时间。
服务器时间: ' . date('Y-m-d H:i:s') . '
您本机时间: ' . date('Y-m-d H:i:s', $authtime / 1000)); if ($post->get('pass') != sha256($rsuser['password'] . $authtime)) { $updata = array(); $updata['trytime'] = array('trytime+1'); $updata['logintimes'] = tostamp(); $csql = new \ciy\sql('zc_admin'); $csql->where('id', $rsuser['id']); $db->update($csql, $updata); savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']登录密码错误 密码1:[' . sha256('1' . $_token['salt']) . ']'); return errjson('用户名或密码错误.'); } $id = $rsuser['id']; $db->execute('delete from zc_online where exptimesinsert($csql, $updata) === false) return errjson('online数据库更新失败:' . $db->error); $oid = $db->insert_id(); $updata = array(); $updata['logintimes'] = tostamp(); $updata['trytime'] = 0; $csql = new \ciy\sql('zc_admin'); $csql->where('id', $id); if ($db->update($csql, $updata) === false) return errjson('user数据库更新失败:' . $db->error); savelog($db, $rsuser['id'], 'LOGIN', '登录成功'); return self::getsync($rsuser, $oid, $sid); } public static function json_restorage() { global $db; $rsuser = verifyfast(); $csql = new \ciy\sql('zc_admin'); $csql->where('id', $rsuser['id']); $userrow = $db->getone($csql); $db->execute('update zc_online set usrchg=0 where id=?', array($rsuser['_o'])); return self::getsync($userrow); } static function getsync($userrow, $oid = 0, $sid = '') { global $db; global $_token; if ($oid > 0) { $auth = array(); $auth['id'] = $userrow['id']; $auth['_o'] = $oid; $auth['_s'] = $sid; $authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR); $enauth = encrypt($authstr, 'E', $_token['salt']); if ($_token['type'] == 'cookie') { $headercookie = 'Set-Cookie: ' . $_token['field'] . '=' . $enauth . '; expires=' . gmdate('D, d-M-Y H:i:s T', time() + $_token['swapsec'] + $_token['expsec']) . '; path=/; httponly'; if(ishttps()) $headercookie.= '; SameSite=None; Secure'; header($headercookie); } else { $ret['_ciyauth'] = $enauth; //header('_ciyauth: ' . $enauth); } } $ret['storage'] = array(); $csql = new \ciy\sql('zc_admin'); $csql->column('id,name'); $ret['storage']['adminuser'] = $db->get($csql); $csql = new \ciy\sql('zc_cata'); $csql->order('csort,id'); $ret['storage']['cata'] = $db->get($csql); $departname = ''; if ($userrow['departid'] > 0) { $csql = new \ciy\sql('zc_depart'); $csql->where('id', $userrow['departid']); $csql->column('name'); $departname = $db->get1($csql); } $ret['me'] = array(); $ret['me']['depart'] = $departname; $ret['me']['addtimes'] = $userrow['addtimes']; $ret['me']['icon'] = $userrow['icon']; $ret['me']['mobile'] = $userrow['mobile']; $ret['me']['sex'] = $userrow['sex']; $ret['me']['name'] = $userrow['name']; $power = $userrow['power']; $ret['me']['power'] = $power; $ret['me']['needpass'] = empty($userrow['password']); return succjson($ret); } public static function json_logout() { global $db; $rsuser = verifyuser(); if (is_array($rsuser)) { $csql = new \ciy\sql('zc_online'); $csql->where('id', $rsuser['_o']); $db->delete($csql); } savelog($db, toint(@$rsuser['id']), 'LOGIN', '退出登录'); return succjson(); } }