retryTimes = Yii::$app->params['retryTimes']; } //表单验证规则 public function rules() { return array( array(['user_name','user_pwd','code'], 'required'), array('user_name', 'match','pattern'=>'/^[\x{4e00}-\x{9fa5}_a-zA-Z0-9]{5,36}$/u','message'=>'无效账号或密码'), array('code', 'match','pattern'=>'/^[\w\_]{4,6}$/','message'=>'无效验证码'), array('user_pwd', 'match','pattern'=>'/^[0-9a-zA-Z_!@#$%^&*?]{6,32}$/','message'=>'无效账号或密码'), ); } public function attributeLabels() { return array( 'user_name' => Yii::t('attr','admin.user_name'), 'user_pwd' => Yii::t('attr','admin.user_pwd'), 'code' => Yii::t('attr','admin.code'), ); } //判断是否已经超过尝试次数，超过则中断 private function _exceededTimes() { $ip = MYIP; $startTime = intval(TIMESTAMP-$this->timeOut); $model = LoginTimes::find()->where('user_name=:user_name and ip=:ip and is_admin=1 and login_time>:login_time',array(':user_name'=>$this->user_name,':ip'=>$ip,':login_time'=>$startTime))->limit(1)->one(); if(!empty($model)) { $times = $model->times; if($times>=$this->retryTimes) { return true; } else { return false; } } else { return false; } } //登录尝试次数控制 private function _failedTimes() { $ip = MYIP; $startTime = intval(TIMESTAMP-$this->timeOut); $model = LoginTimes::find()->where('user_name=:user_name and ip=:ip and is_admin=1 and login_time>:login_time',array(':user_name'=>$this->user_name,':ip'=>$ip,':login_time'=>$startTime))->limit(1)->one();; if(!empty($model)) { $times = $model->times; if($times>=$this->retryTimes) { /*$ipBanned = new IpBanned(); $ipBanned->ip = MYIP; $ipBanned->expires = TIMESTAMP+3600; $ipBanned->save();*/ $timesInfo = '您的登录失败次数达到上限！'; } else { $times++; $model->times=$times; $model->login_time = TIMESTAMP; $model->save(); if($times==$this->retryTimes) { /*$ipBanned = new IpBanned(); $ipBanned->ip = MYIP; $ipBanned->expires = TIMESTAMP+3600; $ipBanned->save();*/ $timesInfo = '您的登录失败次数达到上限！'; } else { $timesInfo = '您还能尝试登录'.intval($this->retryTimes-$times).'次！'; } } } else { //清空超出时限的登录尝试记录 LoginTimes::deleteAll('user_name=:user_name and is_admin=1',array(':user_name'=>$this->user_name)); $model = new LoginTimes; $model->user_name = $this->user_name; $model->ip = $ip; $model->login_time = TIMESTAMP; $model->is_admin=1; $model->times = 1; $model->save(); $timesInfo = '您还能尝试登录'.intval($this->retryTimes-1).'次！'; } return $timesInfo; } //后台登录 public function login() { if(empty($this->code)) { $this->addError('AdminLoginForm','验证码不能为空'); return false; } if(strtolower($this->code)!=strtolower(Session::getInitCls()->get(Yii::$app->params['capcha']))) { $this->addError('AdminLoginForm','验证码不正确'); return false; } // if(TIMESTAMP-Yii::$app->session[Yii::$app->params['capchaTime']]>Yii::$app->params['capchaTimeout']) // { // // $this->addError('AdminLoginForm','验证码超时，请刷新后重试'); // return false; // } if(empty($this->user_name)) { $this->addError('AdminLoginForm','账号不能为空'); return false; } if(empty($this->user_pwd)) { $this->addError('AdminLoginForm','密码不能为空'); return false; } //如果已经超出尝试次数 if($this->_exceededTimes()) { $this->addError('AdminLoginForm','您的登录失败次数达到上限'); return false; } //获取管理员信息 $admin = Admin::find()->where('MD5(user_name)=:user_name',array(':user_name'=>$this->user_name))->limit(1)->one(); //管理员不存在 if(empty($admin)) { $this->addError('AdminLoginForm','账号或密码错误'.$this->_failedTimes()); return false; } //管理员已被禁用 if($admin->disabled==1) { $this->addError('AdminLoginForm','账号已被禁用'); return false; } $this->user_name = $admin->user_name; //密码不正确 if(md5($this->user_pwd.$admin->encrypt)!=$admin->user_pwd) { $this->addError('AdminLoginForm','账号或密码错误'.$this->_failedTimes()); return false; } else { $role = Role::find()->where(['role_id'=>$admin->role_id])->one(); //角色被禁用 if(empty($role)||$role->disabled) { $this->addError('AdminLoginForm','角色已被禁用，请联系管理员'); return false; } else { $identityInfo = array(); $identityInfo['admin_id']=$admin->admin_id; $identityInfo['user_name']=$admin->user_name; $identityInfo['role_id']=$admin->role_id; $identityInfo['email']=$admin->email; $identityInfo['real_name']=$admin->real_name; $identityInfo['role_name']=$role->role_name; $identityInfo['avatar']=$admin->avatar; $identityInfo['cookieHash'] = sys_auth($admin->user_name); if(!empty($admin->last_login_ip)) { $identityInfo['last_login_ip']=$admin->last_login_ip; } if(!empty($admin->last_login_time)){ $identityInfo['last_login_time']=$admin->last_login_time; } $identityInfo = sys_auth(array2string($identityInfo)); Cookie::setCookie(Yii::$app->params['adminCookieName'],$identityInfo);//使用COOKIE记录用户身份信息 //为锁屏功能设置的一个开关变量 Cookie::setCookie('lockscreen',0); //更新用户最后登录时间和IP $admin->last_login_ip = MYIP; $admin->last_login_time = TIMESTAMP; if($admin->save(false)) { return true; } } } } }