From 7e6314a701516ee50aa00dc3be0e639ddd664057 Mon Sep 17 00:00:00 2001 From: Karson Date: Tue, 20 Jun 2023 11:51:59 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=BC=BA=E5=90=8E=E5=8F=B0=E5=AE=89?= =?UTF-8?q?=E5=85=A8=E9=99=90=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 优化登录判断机制 移除冗余代码 --- application/admin/controller/Index.php | 5 +- application/admin/controller/auth/Admin.php | 6 +- application/admin/lang/zh-cn/index.php | 1 + application/admin/library/Auth.php | 80 +++++++++++++++++---- application/admin/model/Admin.php | 26 ++++--- application/admin/view/index/login.html | 7 +- 6 files changed, 92 insertions(+), 33 deletions(-) diff --git a/application/admin/controller/Index.php b/application/admin/controller/Index.php index 135f31f2..b988cb29 100644 --- a/application/admin/controller/Index.php +++ b/application/admin/controller/Index.php @@ -70,6 +70,8 @@ class Index extends Backend if ($this->auth->isLogin()) { $this->success(__("You've logged in, do not login again"), $url); } + //保持会话有效时长,单位:小时 + $keeyloginhours = 24; if ($this->request->isPost()) { $username = $this->request->post('username'); $password = $this->request->post('password'); @@ -95,7 +97,7 @@ class Index extends Backend $this->error($validate->getError(), $url, ['token' => $this->request->token()]); } AdminLog::setTitle(__('Login')); - $result = $this->auth->login($username, $password, $keeplogin ? 86400 : 0); + $result = $this->auth->login($username, $password, $keeplogin ? $keeyloginhours * 3600 : 0); if ($result === true) { Hook::listen("admin_login_after", $this->request); $this->success(__('Login successful'), $url, ['url' => $url, 'id' => $this->auth->id, 'username' => $username, 'avatar' => $this->auth->avatar]); @@ -113,6 +115,7 @@ class Index extends Backend } $background = Config::get('fastadmin.login_background'); $background = $background ? (stripos($background, 'http') === 0 ? $background : config('site.cdnurl') . $background) : ''; + $this->view->assign('keeyloginhours', $keeyloginhours); $this->view->assign('background', $background); $this->view->assign('title', __('Login')); Hook::listen("admin_login_init", $this->request); diff --git a/application/admin/controller/auth/Admin.php b/application/admin/controller/auth/Admin.php index a7dc6da6..85f8fb49 100644 --- a/application/admin/controller/auth/Admin.php +++ b/application/admin/controller/auth/Admin.php @@ -129,7 +129,7 @@ class Admin extends Backend exception(__("Please input correct password")); } $params['salt'] = Random::alnum(); - $params['password'] = md5(md5($params['password']) . $params['salt']); + $params['password'] = $this->auth->getEncryptPassword($params['password'], $params['salt']); $params['avatar'] = '/assets/img/avatar.png'; //设置新管理员默认头像。 $result = $this->model->validate('Admin.add')->save($params); if ($result === false) { @@ -183,7 +183,7 @@ class Admin extends Backend exception(__("Please input correct password")); } $params['salt'] = Random::alnum(); - $params['password'] = md5(md5($params['password']) . $params['salt']); + $params['password'] = $this->auth->getEncryptPassword($params['password'], $params['salt']); } else { unset($params['password'], $params['salt']); } @@ -192,7 +192,7 @@ class Admin extends Backend $adminValidate->rule([ 'username' => 'require|regex:\w{3,30}|unique:admin,username,' . $row->id, 'email' => 'require|email|unique:admin,email,' . $row->id, - 'mobile' => 'regex:1[3-9]\d{9}|unique:admin,mobile,' . $row->id, + 'mobile' => 'regex:1[3-9]\d{9}|unique:admin,mobile,' . $row->id, 'password' => 'regex:\S{32}', ]); $result = $row->validate('Admin.edit')->save($params); diff --git a/application/admin/lang/zh-cn/index.php b/application/admin/lang/zh-cn/index.php index 316de2aa..a8350b39 100644 --- a/application/admin/lang/zh-cn/index.php +++ b/application/admin/lang/zh-cn/index.php @@ -60,5 +60,6 @@ return [ 'Forum' => '交流社区', 'QQ qun' => 'QQ交流群', 'Captcha' => '验证码', + 'The duration of the session is %s hours' => '设定会话有效时长为%s小时', 'Security tips' => ' 安全提示:为了你的后台安全,请勿将后台管理入口设置为admin或admin.php', ]; diff --git a/application/admin/library/Auth.php b/application/admin/library/Auth.php index 4bf42c01..4d3eed7a 100644 --- a/application/admin/library/Auth.php +++ b/application/admin/library/Auth.php @@ -51,7 +51,7 @@ class Auth extends \fast\Auth $this->setError('Please try again after 1 day'); return false; } - if ($admin->password != md5(md5($password) . $admin->salt)) { + if ($admin->password != $this->getEncryptPassword($password, $admin->salt)) { $admin->loginfailure++; $admin->save(); $this->setError('Password is incorrect'); @@ -63,7 +63,8 @@ class Auth extends \fast\Auth $admin->token = Random::uuid(); $admin->save(); Session::set("admin", $admin->toArray()); - $this->keeplogin($keeptime); + Session::set("admin.safecode", $this->getEncryptSafecode($admin)); + $this->keeplogin($admin, $keeptime); return true; } @@ -101,7 +102,7 @@ class Auth extends \fast\Auth return false; } //token有变更 - if ($key != md5(md5($id) . md5($keeptime) . md5($expiretime) . $admin->token . config('token.key'))) { + if ($key != $this->getKeeploginKey($admin, $keeptime, $expiretime)) { return false; } $ip = request()->ip(); @@ -110,8 +111,9 @@ class Auth extends \fast\Auth return false; } Session::set("admin", $admin->toArray()); + Session::set("admin.safecode", $this->getEncryptSafecode($admin)); //刷新自动登录的时效 - $this->keeplogin($keeptime); + $this->keeplogin($admin, $keeptime); return true; } else { return false; @@ -124,18 +126,64 @@ class Auth extends \fast\Auth * @param int $keeptime * @return boolean */ - protected function keeplogin($keeptime = 0) + protected function keeplogin($admin, $keeptime = 0) { if ($keeptime) { $expiretime = time() + $keeptime; - $key = md5(md5($this->id) . md5($keeptime) . md5($expiretime) . $this->token . config('token.key')); - $data = [$this->id, $keeptime, $expiretime, $key]; - Cookie::set('keeplogin', implode('|', $data), 86400 * 7); + $key = $this->getKeeploginKey($admin, $keeptime, $expiretime); + Cookie::set('keeplogin', implode('|', [$admin['id'], $keeptime, $expiretime, $key]), $keeptime); return true; } return false; } + /** + * 获取密码加密后的字符串 + * @param string $password 密码 + * @param string $salt 密码盐 + * @return string + */ + public function getEncryptPassword($password, $salt = '') + { + return md5(md5($password) . $salt); + } + + /** + * 获取密码加密后的自动登录码 + * @param string $password 密码 + * @param string $salt 密码盐 + * @return string + */ + public function getEncryptKeeplogin($params, $keeptime) + { + $expiretime = time() + $keeptime; + $key = md5(md5($params['id']) . md5($keeptime) . md5($expiretime) . $params['token'] . config('token.key')); + return implode('|', [$this->id, $keeptime, $expiretime, $key]); + } + + /** + * 获取自动登录Key + * @param $params + * @param $keeptime + * @param $expiretime + * @return string + */ + public function getKeeploginKey($params, $keeptime, $expiretime) + { + $key = md5(md5($params['id']) . md5($keeptime) . md5($expiretime) . $params['token'] . config('token.key')); + return $key; + } + + /** + * 获取加密后的安全码 + * @param $params + * @return string + */ + public function getEncryptSafecode($params) + { + return md5(md5($params['username']) . md5(substr($params['password'], 0, 6)) . config('token.key')); + } + public function check($name, $uid = '', $relation = 'or', $mode = 'url') { $uid = $uid ? $uid : $this->id; @@ -180,13 +228,19 @@ class Auth extends \fast\Auth if (!$admin) { return false; } + $my = Admin::get($admin['id']); + if (!$my) { + return false; + } + //校验安全码,可用于判断关键信息发生了变更需要重新登录 + if (!isset($admin['safecode']) || $this->getEncryptSafecode($my) !== $admin['safecode']) { + $this->logout(); + return false; + } //判断是否同一时间同一账号只能在一个地方登录 if (Config::get('fastadmin.login_unique')) { - $my = Admin::get($admin['id']); - if (!$my || $my['token'] != $admin['token']) { - $this->logined = false; //重置登录状态 - Session::delete("admin"); - Cookie::delete("keeplogin"); + if ($my['token'] != $admin['token']) { + $this->logout(); return false; } } diff --git a/application/admin/model/Admin.php b/application/admin/model/Admin.php index 8c47f6f7..dbe62410 100644 --- a/application/admin/model/Admin.php +++ b/application/admin/model/Admin.php @@ -13,22 +13,20 @@ class Admin extends Model // 定义时间戳字段名 protected $createTime = 'createtime'; protected $updateTime = 'updatetime'; + protected $hidden = [ + 'password', + 'salt' + ]; - /** - * 重置用户密码 - * @author baiyouwen - */ - public function resetPassword($uid, $NewPassword) + public static function init() { - $passwd = $this->encryptPassword($NewPassword); - $ret = $this->where(['id' => $uid])->update(['password' => $passwd]); - return $ret; - } - - // 密码加密 - protected function encryptPassword($password, $salt = '', $encrypt = 'md5') - { - return $encrypt($password . $salt); + self::beforeWrite(function ($row) { + $changed = $row->getChangedData(); + //如果修改了用户或或密码则需要重新登录 + if (isset($changed['username']) || isset($changed['password']) || isset($changed['salt'])) { + $row->token = ''; + } + }); } } diff --git a/application/admin/view/index/login.html b/application/admin/view/index/login.html index 68d4a5f8..b2b0322f 100644 --- a/application/admin/view/index/login.html +++ b/application/admin/view/index/login.html @@ -28,7 +28,7 @@ box-shadow: 0 0 30px rgba(0, 0, 0, 0.1); background: rgba(255, 255, 255, 1); border: none; - overflow: hidden; + /*overflow: hidden;*/ padding: 0; } @@ -55,6 +55,7 @@ .login-head { background: #899fe1; + border-radius: 3px 3px 0 0; } .login-form { @@ -122,12 +123,14 @@ {/if} + {if $keeyloginhours>0}
-
+ {/if}