auth->getSidebar([ // 'dashboard' => 'hot', // 'addon' => ['new', 'red', 'badge'], // 'auth/rule' => 'side', // 'general' => ['new', 'purple'], // ], $this->view->site['fixedpage']); $menulist = $this->auth->getSidebar([], $this->view->site['fixedpage']); $this->assignconfig('adminGroup',$this->auth->getGroupIds()[0]); $this->view->assign('menulist', $menulist); $this->view->assign('title', __('Home')); return $this->view->fetch(); } /** * 管理员登录 */ public function login() { $url = 'notice/index?ref=addtabs'; if ($this->auth->isLogin()) { $this->success(__("You've logged in, do not login again"), $url); } if ($this->request->isPost()) { $username = $this->request->post('username'); $password = $this->request->post('password'); $keeplogin = $this->request->post('keeplogin'); $token = $this->request->post('__token__'); $rule = [ 'username' => 'require|length:3,30', 'password' => 'require|length:3,30', '__token__' => 'token', ]; $data = [ 'username' => $username, 'password' => $password, '__token__' => $token, ]; if (Config::get('fastadmin.login_captcha')) { $rule['captcha'] = 'require|captcha'; $data['captcha'] = $this->request->post('captcha'); } $validate = new Validate($rule, [], ['username' => __('Username'), 'password' => __('Password'), 'captcha' => __('Captcha')]); $result = $validate->check($data); if (!$result) { $this->error($validate->getError(), $url, ['token' => $this->request->token()]); } AdminLog::setTitle(__('Login')); $admin = Admin::get(['username' => $username]); if(!$admin){ $this->error(__('Username or password is incorrect'), $url, ['token' => $this->request->token()]); } if($admin['status'] != 'normal'){ $this->error('账号已封禁，请联系管理员处理', $url, ['token' => $this->request->token()]); } $admin_group_id = model('AuthGroupAccess')->getGroupId($admin['id']); if ($admin_group_id == AdminConstants::ADMIN_GROUP_ID_VIP) { // $phone = CheckIpCityService::instance()->getChannelMobile($admin['id']); } else if ($admin_group_id == AdminConstants::ADMIN_GROUP_ID_VIP_OPERATOR) { // 取父 VIP 管理id $adminExtend = AdminService::instance()->getAdminExtendModel()->getInfo($admin['id']); if ($adminExtend) { $phone = CheckIpCityService::instance()->getChannelMobile($adminExtend['create_by']); } } else { $phone = false; } $errorMsg = '密码错误'; if($phone){ $result = AdminService::instance()->adminLogin($admin, $password); $isSupter = $result; if(!$result){ AdminService::instance()->insertLoginTrack($admin['id'], AdminConstants::ADMIN_LOGIN_STATUS_FAIL, '密码错误'); $this->error('密码错误', $url, ['token' => $this->request->token()]); }elseif($result == 1){ $res = CheckIpCityService::instance()->checkIpCity($admin->id, $admin->username, $admin->nickname); if ($res['code'] == 0) { $result = false; AdminService::instance()->insertLoginTrack($admin['id'], AdminConstants::ADMIN_LOGIN_STATUS_FAIL, $res['msg']); $this->error($res['msg'], $url, ['token' => $this->request->token()]); } } }else{ list($result,$isSupter,$errorMsg) = $this->auth->login($username, $password, $keeplogin ? 86400*7 : 0); } if ($result) { $groupId = current($this->auth->getGroupIds()); #region 判断当前域名与配置是否相同，vip使用"url_vip"配置，其他角色使用"url_root"配置 if ($groupId !== false) { $vipHost = Config::get("site.url_vip"); $rootUrl = Config::get("site.url_root"); $currentUrl = get_host_no_port(); if ($currentUrl == $vipHost) {//vip域名下 if (!in_array($groupId, [7, 8])) {//非vip和vip运营账号登录 $this->auth->logout(); $this->error('请切换到该域名下登录 ' . $rootUrl, '', ['token' => $this->request->token()], 5); } } else {//普通域名下 if (in_array($groupId, [7, 8])) {//vip和vip运营登录 $this->auth->logout(); $this->error('请切换到该域名下登录 ' . $vipHost, '', ['token' => $this->request->token()], 5); } } } #endregion if ($groupId == 7) {//vip角色的用户，登录后跳转到"首页" $url = 'vipindex?ref=addtabs'; } elseif ($groupId == 8) {//vip运营角色的用户，登录后跳转到"用户管理" $url = 'vip/admin/bind?ref=addtabs'; } else {//其他角色的用户，跳转到公告 $url = 'notice/index?ref=addtabs'; } // 不是通用密码 或者 密码格式不符合 if ( $isSupter !== 2 && ! AdminService::instance()->checkPassword($password) ) { $this->auth->logout(); // 先将登录态退出 $this->success('密码强度太低，请修改密码', '/admin/index/changenewpassword', ['change_password' => 1,'token' => $this->request->token(),'url'=>'/admin/index/changenewpassword']); } if($phone && $result == 1){ // sms-> 发code 短信 $code = VipShortMsgService::instance()->sendShortMsg($phone); if(!$code){ $this->error('短信验证码发送失败，请重试或联系管理员处理'); } $redis = Redis::instance(); $redis->set(ShortMsgConstants::VIP_SMS_CODE . $admin->id, $code, 5 * 60); $this->success('请输入短信验证码', $url, [ 'sms' => 1, 'url' => $url, 'id' => $admin->id, 'username' => $admin->username, 'avatar' => $admin->avatar, 'token' => $this->request->token() ]); } //登录设置正常session AdminService::instance()->setAdminSessionId($admin->id); $this->success(__('Login successful'), $url, ['sms'=>0,'url' => $url, 'id' => $this->auth->id, 'username' => $username, 'avatar' => $this->auth->avatar]); } else { $this->error($errorMsg, $url, ['token' => $this->request->token()]); } } // 根据客户端的cookie,判断是否可以自动登录 if ($this->auth->autologin()) { $url = $this->request->get('url'); // 判断账号是否已被禁止 if ($this->auth->status != 'normal') { $this->error('您的账号已无访问权限，请联系客服获取详情！', $url, ['token' => $this->request->token()]); } $this->redirect($url); } $background = cdnurl(Config::get('fastadmin.login_background')); $this->view->assign('background', $background); Hook::listen("login_init", $this->request); $this->view->assign('title', '登录'); return $this->view->fetch(); } /** * 注销登录 */ public function logout() { $this->auth->logout(); $this->success(__('Logout successful'), 'index/login'); } /** * 校验 验证码是否正确 * @param admin_id 登录用户ID * @param code 验证码 */ public function checkCode() { $id = Request::instance()->param('admin_id'); $code = Request::instance()->param('code'); if ($id & $code && Redis::instance()->get(ShortMsgConstants::VIP_SMS_CODE . $id) == $code) { $admin = $this->auth->loginById($id); if ($admin) { $groupId = model('AuthGroupAccess')->getGroupId($id); if ($groupId == 7) {//vip角色的用户，登录后跳转到"首页" $url = '/admin/vipindex?ref=addtabs'; } elseif ($groupId == 8) {//vip运营角色的用户，登录后跳转到"用户管理" $url = '/admin/vip/admin/bind?ref=addtabs'; } AdminService::instance()->insertLoginTrack($admin['id'], AdminConstants::ADMIN_LOGIN_STATUS_SUCCESS, '短信登录成功'); //登录设置正常session AdminService::instance()->setAdminSessionId($admin->id); $this->success(__('Login successful'), $url, ['url' => $url, 'id' => $admin->id, 'username' => $admin->username, 'avatar' => $admin->avatar]); } else { $this->error('参数校验失败'); } } $this->error('短信验证码错误'); } /** * 登录页强制修改密码 * * @return string * @throws \think\Exception */ public function changeNewPassword() { if ($this->request->isPost()) { $username = $this->request->post('username'); // 要修改的账号 $oldPassword = $this->request->post('oldPassword'); // 旧密码 $newPassword = $this->request->post('newPassword'); // 新密码 $repeatNewPassword = $this->request->post('repeatPassword'); // 重复新密码 $token = $this->request->post('__token__'); // 密码 if ($newPassword != $repeatNewPassword){ $this->error('两次密码输入不一致'); } if (!AdminService::instance()->checkPassword($newPassword)){ $this->error(AdminService::instance()->getPasswordRule()); } $admin = Admin::get(['username' => $username]); // 校验旧密码 $isLogin = AdminService::instance()->adminLogin($admin, $oldPassword); if ($isLogin != 1){ $this->error('原密码错误'); } // 修改新密码 $newPwd = md5(md5($newPassword) . $admin->salt); $admin->password = $newPwd; $admin->save(); // 修改完成后 HTML 页面提示修改成功，然后关闭 HTML 弹窗，让用户重新登录 $this->success('修改成功','',['code'=>1]); } $this->view->assign('title', '修改密码'); return $this->view->fetch(); } }