sileya-ai
/
vr-shopxo-source
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

登录采用cookie、细节优化

feat/task1-c-wallet
gongfuxiang 2022-05-16 16:35:50 +08:00
parent 16a3fcae54
commit 80cb5d80fd
17 changed files with 94 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/admin/controller/Admin.php
View File

@ -254,7 +254,7 @@ class Admin extends Common
public function LoginInfo()
{
// 是否已登录
if(AdminService::LoginInfo() !== null)
if(!empty($this->admin))
{
return MyRedirect(MyUrl('admin/index/index'));
}

6
app/admin/controller/Common.php
View File

@ -91,8 +91,8 @@ class Common extends BaseController
$this->admin = AdminService::LoginInfo();
// 权限菜单
AdminPowerService::PowerMenuInit();
$this->left_menu = AdminPowerService::MenuData();
AdminPowerService::PowerMenuInit($this->admin);
$this->left_menu = AdminPowerService::MenuData($this->admin);
// 视图初始化
$this->ViewInit();
@ -127,7 +127,7 @@ class Common extends BaseController
*/
protected function IsLogin()
{
if($this->admin === null)
if(empty($this->admin))
{
if(IS_AJAX)
{

34
app/common.php
View File

@ -67,12 +67,19 @@ function MySession($name = '', $value = '')
* @version 1.0.0
* @date 2021-07-17
* @desc description
* @param [string] $name [cookie名称]
* @param [mixed] $value [cookie值]
* @param [string] $name [cookie名称]
* @param [mixed] $value [cookie值]
* @param [boolean] $is_encryption [是否需要加密存储]
*/
function MyCookie($name = '', $value = '')
function MyCookie($name = '', $value = '', $is_encryption = true)
{
return cookie($name, $value);
// 非空则转换数据
if($value !== null && $value !== '' && $is_encryption)
{
$value = urlencode(Authcode(base64_encode(json_encode($value)), 'ENCODE'));
}
$res = cookie($name, $value);
return ($res === '' || !$is_encryption) ? $res : json_decode(base64_decode(Authcode(urldecode($res), 'DECODE')), true);
}
/**
@ -2532,7 +2539,7 @@ function ReturnSquarePoint($lng, $lat, $Distance = 1.2)
}
/**
* [Authcode 明文或密文]
* 明文或密文
* @author Devil
* @blog http://gong.gg/
* @version 0.0.1
@ -2543,7 +2550,8 @@ function ReturnSquarePoint($lng, $lat, $Distance = 1.2)
* @param [integer] $expiry [密钥有效期]
* @return [string] [加密或解密后的数据]
*/
function Authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
function Authcode($string, $operation = 'DECODE', $key = '', $expiry = 0)
{
// 动态密匙长度,相同的明文会生成不同密文就是依靠动态密匙
// 加入随机密钥,可以令密文无任何规律,即便是原文和密钥完全相同,加密结果也会每次不同,增大破解难度。
// 取值越大,密文变动规律越大,密文变化 = 16 的 $ckey_length 次方
@ -2552,7 +2560,7 @@ function Authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
// 密匙
// $GLOBALS['discuz_auth_key'] 这里可以根据自己的需要修改
$key = md5($key ? $key : 'devil');
$key = md5($key ? $key : 'shopxo');
// 密匙a会参与加解密
$keya = md5(substr($key, 0, 16));
@ -2571,18 +2579,21 @@ function Authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
$box = range(0, 255);
$rndkey = array();
// 产生密匙簿
for($i = 0; $i <= 255; $i++) {
for($i = 0; $i <= 255; $i++)
{
$rndkey[$i] = ord($cryptkey[$i % $key_length]);
}
// 用固定的算法,打乱密匙簿,增加随机性,好像很复杂,实际上并不会增加密文的强度
for($j = $i = 0; $i < 256; $i++) {
for($j = $i = 0; $i < 256; $i++)
{
$j = ($j + $box[$i] + $rndkey[$i]) % 256;
$tmp = $box[$i];
$box[$i] = $box[$j];
$box[$j] = $tmp;
}
// 核心加解密部分
for($a = $j = $i = 0; $i < $string_length; $i++) {
for($a = $j = $i = 0; $i < $string_length; $i++)
{
$a = ($a + 1) % 256;
$j = ($j + $box[$a]) % 256;
$tmp = $box[$a];
@ -2591,7 +2602,8 @@ function Authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
// 从密匙簿得出密匙进行异或,再转成字符
$result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
}
if($operation == 'DECODE') {
if($operation == 'DECODE')
{
// substr($result, 0, 10) == 0 验证数据有效性
// substr($result, 0, 10) - time() > 0 验证数据有效性
// substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16) 验证数据完整性

3
app/index/controller/Common.php
View File

@ -352,7 +352,8 @@ class Common extends BaseController
MyViewAssign('is_load_baidu_map_api', 0);
// 是否加载附件组件
MyViewAssign('is_load_upload_editor', (!empty($this->user) || AdminService::LoginInfo()) ? 1 : 0);
$admin = AdminService::LoginInfo();
MyViewAssign('is_load_upload_editor', (!empty($this->user) || !empty($admin)) ? 1 : 0);
// 存在地图事件则载入
if(in_array(3, array_column($this->nav_quick, 'event_type')))

3
app/index/controller/Index.php
View File

@ -77,7 +77,8 @@ class Index extends Common
MyViewAssign('floor_data_type', $floor_data_type);
// 是否设计模式
$is_design = (!empty($this->data_request['save_url']) && isset($this->data_request['is_design']) && $this->data_request['is_design'] == 1 && $floor_data_type == 2 && AdminService::LoginInfo()) ? 1 : 0;
$admin = AdminService::LoginInfo();
$is_design = (!empty($this->data_request['save_url']) && isset($this->data_request['is_design']) && $this->data_request['is_design'] == 1 && $floor_data_type == 2 && !empty($admin)) ? 1 : 0;
MyViewAssign('is_design', $is_design);
if($is_design == 1)
{

18
app/service/AdminPowerService.php
View File

@ -204,12 +204,18 @@ class AdminPowerService
* @version 1.0.0
* @date 2022-01-23
* @desc description
* @param [boolean] $is_refresh [是否强制刷新]
* @param [array] $admin [管理员信息]
* @param [boolean] $is_refresh [是否强制刷新]
*/
public static function PowerMenuInit($is_refresh = false)
public static function PowerMenuInit($admin, $is_refresh = false)
{
// 不存在管理员信息则读取登录信息
if(empty($admin))
{
$admin = AdminService::LoginInfo();
}
// 基础参数
$admin = AdminService::LoginInfo();
$admin_id = isset($admin['id']) ? intval($admin['id']) : 0;
$role_id = isset($admin['role_id']) ? intval($admin['role_id']) : 0;
@ -322,12 +328,12 @@ class AdminPowerService
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
* @date 2020-09-24
* @date 2022-05-16
* @desc description
* @param [array] $admin [管理员信息]
*/
public static function MenuData()
public static function MenuData($admin)
{
$admin = AdminService::LoginInfo();
if(!empty($admin['id']))
{
$data = MyCache(SystemService::CacheKey('shopxo.cache_admin_left_menu_key').$admin['id']);

16
app/service/AdminService.php
View File

@ -488,11 +488,8 @@ class AdminService
}
}
// 种session
self::LoginSession($admin);
// 返回数据,更新数据库
if(self::LoginInfo())
// 种session,更新数据库
if(self::LoginSession($admin))
{
$data = [
'login_total' => $admin['login_total']+1,
@ -512,7 +509,7 @@ class AdminService
MyCache(SystemService::CacheKey('shopxo.cache_admin_power_plugins_key').$admin['id'], null);
// 权限菜单初始化
AdminPowerService::PowerMenuInit();
AdminPowerService::PowerMenuInit($admin);
return DataReturn('登录成功');
}
@ -533,7 +530,7 @@ class AdminService
*/
public static function LoginInfo()
{
return MySession(self::$admin_login_key);
return MyCookie(self::$admin_login_key);
}
/**
@ -548,7 +545,8 @@ class AdminService
public static function LoginSession($admin)
{
unset($admin['login_pwd'], $admin['login_salt']);
return MySession(self::$admin_login_key, $admin);
MyCookie(self::$admin_login_key, $admin);
return true;
}
/**
@ -561,7 +559,7 @@ class AdminService
*/
public static function LoginLogout()
{
return MySession(self::$admin_login_key, null);
return MyCookie(self::$admin_login_key, null);
}
/**

3
app/service/AnswerService.php
View File

@ -185,7 +185,8 @@ class AnswerService
public static function AnswerSave($params = [])
{
// 是否开启登录留言,管理员登录状态可继续操作
if(MyC('common_is_login_answer') == 1 && AdminService::LoginInfo() === null)
$admin = AdminService::LoginInfo();
if(MyC('common_is_login_answer') == 1 && empty($admin))
{
$user = UserService::LoginUserInfo();
if(empty($user))

2
app/service/PluginsAdminService.php
View File

@ -1060,7 +1060,7 @@ php;
$plugins = $ret['data'];
// 强制刷新用户权限缓存
AdminPowerService::PowerMenuInit(true);
AdminPowerService::PowerMenuInit(null, true);
// 附件同步到数据库
ResourcesService::AttachmentDiskFilesToDb('plugins_'.$plugins);

6
app/service/SystemService.php
View File

@ -80,7 +80,7 @@ class SystemService
{
$uuid = empty($params['uuid']) ? UUId() : $params['uuid'];
MySession('uuid', $uuid);
cookie('uuid', $uuid);
MyCookie('uuid', $uuid, false);
}
// token
@ -88,14 +88,14 @@ class SystemService
{
$key = UserService::$user_token_key;
MySession($key, $params['token']);
cookie($key, $params['token']);
MyCookie($key, $params['token'], false);
}
// 邀请人id
if(!empty($params['referrer']))
{
MySession('share_referrer_id', $params['referrer']);
cookie('share_referrer_id', $params['referrer']);
MyCookie('share_referrer_id', $params['referrer'], false);
}
}

13
app/service/UserService.php
View File

@ -61,16 +61,16 @@ class UserService
if(APPLICATION == 'web')
{
// web用户session
$user_login_info = MySession(self::$user_login_key);
$user_login_info = MyCookie(self::$user_login_key);
// 用户信息为空指定了token则设置登录信息
if(empty($user_login_info))
{
$token = empty($params['token']) ? MySession(self::$user_token_key) : $params['token'];
$token = empty($params['token']) ? MyCookie(self::$user_token_key) : $params['token'];
if(!empty($token))
{
$user_login_info = self::UserTokenData($token);
if($user_login_info !== null && isset($user_login_info['id']))
if(!empty($user_login_info) && isset($user_login_info['id']))
{
self::UserLoginRecord($user_login_info['id']);
}
@ -115,7 +115,7 @@ class UserService
public static function UserTokenData($token)
{
$user = MyCache(SystemService::CacheKey('shopxo.cache_user_info').$token);
if($user !== null && isset($user['id']))
if(!empty($user) && isset($user['id']))
{
return $user;
}
@ -552,8 +552,7 @@ class UserService
if(APPLICATION == 'web')
{
// 存储session
MySession(self::$user_login_key, $user);
return (MySession(self::$user_login_key) !== null);
MyCookie(self::$user_login_key, $user);
}
return true;
}
@ -2610,7 +2609,7 @@ class UserService
$user = self::LoginUserInfo();
// 清除session
MySession(self::$user_login_key, null);
MyCookie(self::$user_login_key, null);
// html代码
$body_html = [];

2
config/cookie.php
View File

@ -18,7 +18,7 @@ return [
// cookie 保存路径
'path' => '/',
// cookie 有效域名
'domain' => '',
'domain' => __MY_MAIN_DOMAIN__,
// cookie 启用安全传输
'secure' => false,
// httponly设置

7
public/core.php
View File

@ -52,6 +52,9 @@ define('__MY_ROOT_PUBLIC__', defined('IS_ROOT_ACCESS') ? DS.$my_root.'public'.DS
// 当前服务器ip
define('__MY_ADDR__', empty($_SERVER['SERVER_ADDR']) ? '' : $_SERVER['SERVER_ADDR']);
// 主域名
define('__MY_MAIN_DOMAIN__', empty($_SERVER['HTTP_HOST']) ? '' : ((substr_count($_SERVER['HTTP_HOST'], '.') > 1 && !is_numeric(str_replace('.', '', $_SERVER['HTTP_HOST']))) ? substr($_SERVER['HTTP_HOST'], strpos($_SERVER['HTTP_HOST'], '.')+1) : $_SERVER['HTTP_HOST']));
// 项目HOST
define('__MY_HOST__', empty($_SERVER['HTTP_HOST']) ? '' : $_SERVER['HTTP_HOST']);
@ -104,11 +107,11 @@ define('IS_POST', isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'
define('IS_AJAX', ((isset($_SERVER['HTTP_X_REQUESTED_WITH']) && 'xmlhttprequest' == strtolower($_SERVER['HTTP_X_REQUESTED_WITH'])) || isset($_REQUEST['ajax']) && $_REQUEST['ajax'] == 'ajax'));
// 二级域名页面绑定
if(substr_count(__MY_HOST__, '.') > 1 && !is_numeric(str_replace('.', '', __MY_HOST__)))
if(!IS_AJAX && substr_count(__MY_HOST__, '.') > 1 && !is_numeric(str_replace('.', '', __MY_HOST__)))
{
$domain_file = ROOT.'config'.DS.'domain.php';
$second_domain = substr(__MY_HOST__, 0, strpos(__MY_HOST__, '.'));
if(file_exists($domain_file) && $second_domain != 'www')
if(!empty($second_domain) && file_exists($domain_file) && $second_domain != 'www')
{
$data = include($domain_file);
if(!empty($data) && (!empty($data[$second_domain]) || !empty($data['s'])))

23
public/static/common/js/common.js
View File

@ -2228,6 +2228,29 @@ function RequestUrlHandle(url)
return url;
}
/**
* url使用当前host地址
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
* @date 2022-05-16
* @desc description
* @param {string} url [url地址]
*/
function UrlUseCurrentHostHandle(url)
{
var location = url.replace('://', '').indexOf('/');
if(location != -1)
{
var first = url.substr(0, location+4);
if(__my_url__ != first)
{
url = __my_url__+url.substr(location+4);
}
}
return url;
}
// 公共数据操作
$(function()

2
public/static/common/lib/ueditor/dialogs/map/map.html
View File

@ -4,7 +4,7 @@
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<script type="text/javascript" src="../internal.js"></script>
<script type="text/javascript" src="https://api.map.baidu.com/api?v=2.0&ak={{common_baidu_map_ak}}"></script>
<script type="text/javascript" src="https://api.map.baidu.com/api?v=2.0&ak=XSdiGjfg3wOHiKjpYEMG6CYA"></script>
<style type="text/css">
.content{width:530px; height: 350px;margin: 10px auto;}
.content table{width: 100%}

2
public/static/common/lib/ueditor/dialogs/map/show.html
View File

@ -14,7 +14,7 @@
overflow: hidden;
}
</style>
<script type="text/javascript" src="https://api.map.baidu.com/api?v=2.0&ak={{common_baidu_map_ak}}"></script>
<script type="text/javascript" src="https://api.map.baidu.com/api?v=2.0&ak=XSdiGjfg3wOHiKjpYEMG6CYA"></script>
</head>
<body onload="initMap();">

2
public/static/index/default/css/index.css
View File

@ -109,7 +109,7 @@ text-align: center;float:none}
/*标题*/
.items-nav-title{text-align: left;position: relative;margin-top:10px ;}
.items-nav-title .floor-title {float:left;border: none;margin:8px 0 0 0; font-size:16px;font-weight: 600;}
.items-nav-title .floor-title {float:left;border: none;margin-top:8px; font-size:16px;font-weight: 600;}
.items-nav-title .floor-desc {display:block;font-size: 12px;color: #999;float: left;margin-left: 10px;margin-top:12px;}
.items-nav-title .more {display: block;position: absolute;right: 0px;top:12px;font-size: 12px;overflow: hidden;}
.items-nav-title .more .more-link{color: #FFF;background: #F72862 none repeat scroll 0% 0%;display: block;line-height: 20px;padding: 0px 10px; border-radius: 10px;font-size: 14px;}