221 lines
5.8 KiB
PHP
221 lines
5.8 KiB
PHP
<?php
|
||
/**
|
||
* 商业使用授权协议
|
||
*
|
||
* Copyright (c) 2025 [云泽网]. 保留所有权利.
|
||
*
|
||
* 本软件仅供评估使用。任何商业用途必须获得书面授权许可。
|
||
* 未经授权商业使用本软件属于侵权行为,将承担法律责任。
|
||
*
|
||
* 授权购买请联系: 357099073@qq.com
|
||
* 官方网站: https://www.yunzer.cn
|
||
*
|
||
* 评估用户须知:
|
||
* 1. 禁止移除版权声明
|
||
* 2. 禁止用于生产环境
|
||
* 3. 禁止转售或分发
|
||
*/
|
||
|
||
/**
|
||
* 后台管理系统-登录
|
||
*/
|
||
namespace app\admin\controller;
|
||
use think\App;
|
||
use app\AppApi;
|
||
use think\facade\Db;
|
||
use think\facade\View;
|
||
use think\facade\Cookie;
|
||
use think\facade\Request;
|
||
use app\admin\model\YzAdminConfig;
|
||
use app\admin\model\AdminUser;
|
||
use app\admin\model\Log\LogsLogin;
|
||
|
||
class LoginController extends Base
|
||
{
|
||
public $app;
|
||
public $config;
|
||
|
||
public function __construct(App $app)
|
||
{
|
||
$this->app = $app;
|
||
$this->config = new YzAdminConfig();
|
||
}
|
||
|
||
// 登录页面
|
||
public function index()
|
||
{
|
||
# 获取配置
|
||
$config = $this->config->getAll();
|
||
View::assign([
|
||
'config' => $config
|
||
]);
|
||
return View::fetch();
|
||
}
|
||
|
||
// 记录登录日志
|
||
public function recordLoginLog($username, $status, $reason = '')
|
||
{
|
||
$data = [
|
||
'username' => $username,
|
||
'ip_address' => Request::ip(),
|
||
'location' => $this->getLocation(Request::ip()),
|
||
'device_type' => $this->getDeviceType(),
|
||
'user_agent' => Request::header('user-agent'),
|
||
'login_status' => $status,
|
||
'failure_reason' => $reason,
|
||
'login_time' => date('Y-m-d H:i:s')
|
||
];
|
||
LogsLogin::create($data);
|
||
}
|
||
|
||
// 获取IP地址位置
|
||
public function getLocation($ip)
|
||
{
|
||
// 这里可以接入IP地址库或第三方API
|
||
return '未知';
|
||
}
|
||
|
||
// 获取设备类型
|
||
public function getDeviceType()
|
||
{
|
||
$agent = Request::header('user-agent');
|
||
if (preg_match('/(iPhone|iPod|Android|ios|iPad|Mobile)/i', $agent)) {
|
||
return '移动端';
|
||
}
|
||
return 'PC端';
|
||
}
|
||
|
||
// 登录
|
||
public function login()
|
||
{
|
||
if (Request::isPost()) {
|
||
$account = trim(input('post.account'));
|
||
if (empty($account)) {
|
||
$this->recordLoginLog($account, 0, '账号不能为空');
|
||
return json(['code' => 1, 'msg' => '账号不能为空']);
|
||
}
|
||
$pattern = "/^([0-9A-Za-z-_.]+)@([0-9a-z]+.[a-z]{2,3}(.[a-z]{2})?)$/i";
|
||
if (!preg_match($pattern, $account)) {
|
||
$this->recordLoginLog($account, 0, '邮箱格式不正确');
|
||
return json(['code' => 1, 'msg' => '邮箱格式不正确']);
|
||
}
|
||
$password = trim(input('post.password'));
|
||
if (empty($password)) {
|
||
$this->recordLoginLog($account, 0, '密码不能为空');
|
||
return json(['code' => 1, 'msg' => '密码不能为空']);
|
||
}
|
||
$code = trim(input('post.code'));
|
||
if ($code == '') {
|
||
$this->recordLoginLog($account, 0, '验证码不能为空');
|
||
return json(['code' => 1, 'msg' => '验证码不能为空']);
|
||
}
|
||
if (!captcha_check($code)) {
|
||
$this->recordLoginLog($account, 0, '验证码错误');
|
||
return json(['code' => 1, 'msg' => '验证码错误']);
|
||
}
|
||
$aUser = AdminUser::where('account', $account)->find();
|
||
if (empty($aUser)) {
|
||
$this->recordLoginLog($account, 0, '账号不存在');
|
||
return json(['code' => 1, 'msg' => '账号不存在']);
|
||
}
|
||
if ($aUser['status'] != 1) {
|
||
$this->recordLoginLog($account, 0, '账号已被禁用');
|
||
return json(['code' => 1, 'msg' => '账号已被禁用']);
|
||
}
|
||
if ($aUser['password'] != md5($password)) {
|
||
$this->recordLoginLog($account, 0, '密码错误');
|
||
return json(['code' => 1, 'msg' => '密码错误']);
|
||
}
|
||
$remember = input('post.remember');
|
||
if (!empty($remember)) {
|
||
Cookie::set('admin_id', $aUser['uid'], 60 * 60 * 24 * 7);
|
||
Cookie::set('admin_name', $aUser['name'], 60 * 60 * 24 * 7);
|
||
} else {
|
||
Cookie::set('admin_id', $aUser['uid']);
|
||
Cookie::set('admin_name', $aUser['name']);
|
||
}
|
||
AdminUser::where('uid', $aUser['uid'])->update(
|
||
['login_count' => $aUser['login_count'] + 1, 'update_time' => time()]
|
||
);
|
||
// 生成token(简单的base64编码,包含用户ID和时间戳)
|
||
$tokenData = [
|
||
'user_id' => $aUser['uid'],
|
||
'timestamp' => time(),
|
||
'random' => rand(100000, 999999)
|
||
];
|
||
$token = base64_encode(json_encode($tokenData));
|
||
|
||
// 记录登录成功日志
|
||
$this->recordLoginLog($account, 1);
|
||
|
||
return json([
|
||
'code' => 0,
|
||
'msg' => '登录成功',
|
||
'data' => [
|
||
'token' => $token,
|
||
'user_info' => [
|
||
'id' => $aUser['uid'],
|
||
'account' => $aUser['account'],
|
||
'name' => $aUser['name'],
|
||
'avatar' => $aUser['avatar'] ?? '/static/images/avatar.png',
|
||
'phone' => $aUser['phone'] ?? '',
|
||
'sex' => $aUser['sex'] ?? 1,
|
||
'qq' => $aUser['qq'] ?? '',
|
||
'wechat' => $aUser['wechat'] ?? '',
|
||
'create_time' => $aUser['create_time'] ?? 0
|
||
]
|
||
]
|
||
]);
|
||
}
|
||
}
|
||
|
||
// 退出
|
||
public function logout()
|
||
{
|
||
Cookie::delete('admin_id');
|
||
Cookie::delete('admin_name');
|
||
return json(['code' => 0, 'msg' => '退出成功', 'data' => []]);
|
||
}
|
||
|
||
// 密码重置页面
|
||
public function resetpwdindex()
|
||
{
|
||
return View::fetch('resetpwd');
|
||
}
|
||
|
||
//管理员密码重置
|
||
public function resetpwd()
|
||
{
|
||
$account = trim(input('post.account'));
|
||
if (empty($account)) {
|
||
return json(['code' => 1, 'msg' => '账号不能为空']);
|
||
}
|
||
|
||
$user = AdminUser::where('account', $account)->find();
|
||
|
||
if (!$user) {
|
||
return json(['code' => 1, 'msg' => '未找到该用户名']);
|
||
}
|
||
|
||
// 使用md5进行密码加密处理
|
||
$password = md5('123456');
|
||
|
||
try {
|
||
$res = AdminUser::where('account', $account)
|
||
->update(['password' => $password]);
|
||
|
||
if ($res === false) {
|
||
return json(['code' => 1, 'msg' => '数据库更新失败']);
|
||
}
|
||
|
||
if ($res === 0) {
|
||
return json(['code' => 1, 'msg' => '密码未发生变化']);
|
||
}
|
||
|
||
return json(['code' => 0, 'msg' => '密码重置成功', 'data' => []]);
|
||
} catch (\Exception $e) {
|
||
return json(['code' => 1, 'msg' => '系统错误:' . $e->getMessage()]);
|
||
}
|
||
}
|
||
|
||
} |