$_GPC['aid']),'uniacid'); $_W['aid'] = $_GPC['aid']; } $set = Setting::wlsetting_read('base'); if(checksubmit() || $_W['isajax']) { if($_GPC['aid']){ $this->staffLogin($_GPC);//代理商员工登录 }else{ isetcookie('__wlagent_staff_session', '', -10000);//删除员工登录信息 $this->_login($_GPC['referer']);//代理商登陆 } } include wl_template('user/agent_login'); } /** * Comment: 代理商/员工退出登录 */ public function logout(){ global $_W,$_GPC; if($_GPC['__wlagent_staff_session']){ isetcookie('__wlagent_session', '', -10000);//删除代理商登录信息 isetcookie('__wlagent_staff_session', '', -10000);//删除员工登录信息 header('Location:' . web_url('user/login/agent_login',array('aid'=>$_W['aid']))); }else if($_GPC['__wlagent_session']){ isetcookie('__wlagent_session', '', -10000);//删除代理商登录信息 isetcookie('__wlagent_staff_session', '', -10000);//删除员工登录信息 header('Location:' . web_url('user/login/agent_login')); } } /** * Comment: 代理商登陆操作 * @param string $forward */ public function _login($forward = '') { global $_GPC, $_W; $member = array(); $username = trim($_GPC['username']); pdo_query('DELETE FROM'.tablename('users_failed_login'). ' WHERE lastupdate < :timestamp', array(':timestamp' => TIMESTAMP-300)); $failed = pdo_get('users_failed_login', array('username' => $username, 'ip' => CLIENT_IP)); if ($failed['count'] >= 5) { wl_message('输入密码错误次数超过5次，请在5分钟后再登录',referer(), 'info'); } if(empty($username)) { wl_message('请输入要登录的用户名'); } $member['uniacid'] = $_GPC['i']; $member['username'] = $username; $member['password'] = $_GPC['password']; if(empty($member['password'])) { wl_message('请输入密码'); } $record = User::agentuser_single($member); if(!empty($record)) { if($record['status'] != 1) { wl_message('您的账号正在审核或是已经被系统禁止，请联系网站管理员解决！'); } if (!empty($record['endtime']) && $record['endtime'] < TIMESTAMP) { wl_message('您的账号有效期限已过，请联系网站管理员解决！'); } $cookie = array(); $cookie['id'] = $record['id']; $cookie['uniacid'] = $record['uniacid']; $cookie['hash'] = md5($record['password'] . $record['salt']); $session = base64_encode(json_encode($cookie)); isetcookie('__wlagent_session', $session, 7 * 86400, true); $status = array(); $status['id'] = $record['id']; $status['lastvisit'] = TIMESTAMP; $status['lastip'] = CLIENT_IP; User::agentuser_update($status); pdo_delete('users_failed_login', array('id' => $failed['id'])); wl_message("欢迎回来，{$record['username']}。", web_url('dashboard/dashboard')); } else { if (empty($failed)) { pdo_insert('users_failed_login', array('ip' => CLIENT_IP, 'username' => $username, 'count' => '1', 'lastupdate' => TIMESTAMP)); } else { pdo_update('users_failed_login', array('count' => $failed['count'] + 1, 'lastupdate' => TIMESTAMP), array('id' => $failed['id'])); } wl_message('登录失败，请检查您输入的用户名和密码！'); } } /** * Comment: 代理商员工登录 * Author: zzw * @param $info 登录信息 */ protected function staffLogin($info){ global $_W; #1、接收参数信息 $aid = $info['aid']; $account = $info['username']; $password = $info['password']; #2、判断信息是否完整 if(!$account){ wl_message('登录失败！请填写账号信息。'); }else if (!$password){ wl_message('登录失败！请填写账号密码。'); } #3、判断代理商是否存在 $agent = pdo_get(PDO_NAME."agentusers",array('id'=>$aid)); if(!$agent){ wl_message('登录失败！代理商信息不存在。'); }else if ($agent['status'] != 1){ wl_message('登录失败！该代理商正在审核或是已经被禁用，请联系网站管理员解决。'); }else if(!empty($agent['endtime']) && $agent['endtime'] < TIMESTAMP){ wl_message('登录失败！该代理商运营有效期已过，请联系网站管理员解决。'); } #4、判断是否存在该账号 $existence = pdo_get(PDO_NAME."agentadmin",array('account'=>$account)); if(!$existence){ wl_message('登录失败！账号不存在。'); } #5、判断账号密码是否正确 $userInfo = pdo_get(PDO_NAME."agentadmin",array('account'=>$account,'password'=>md5($password))); if(!$userInfo){ wl_message('登录失败！密码错误。'); } #6、登录成功后的操作 - 模拟代理商登录成功 $cookie['id'] = $agent['id']; $cookie['uniacid'] = $agent['uniacid']; $cookie['hash'] = md5($agent['password'] . $agent['salt']); $session = base64_encode(json_encode($cookie)); isetcookie('__wlagent_session', $session, 7 * 86400, true); #7、登录成功后的操作 - 员工登录成功，储存员工登录信息 $userCookie['aid'] = $aid; $userCookie['uniacid'] = $_W['uniacid']; $userCookie['account'] = $account; $userCookie['password'] = md5($password); $userSession = base64_encode(json_encode($userCookie)); isetcookie('__wlagent_staff_session', $userSession, 7 * 86400, true); #8、获取该管理员的昵称信息 $mid = $userInfo['mid']; $nickname = pdo_getcolumn(PDO_NAME."member",array('id'=>$mid),'nickname'); wl_message("欢迎回来，{$nickname}。", web_url('dashboard/dashboard')); } //平台员工登录 public function adminStaffLogin(){ global $_W,$_GPC; //参数信息获取 $account = $_GPC['username'] ? : ''; $password = $_GPC['password'] ? : ''; $uniacid = $_GPC['i'] ? : $_W['uniacid']; $set = Setting::wlsetting_read('base'); if($account) { if(!$account || !$password) wl_message('请完善账号密码!'); //判断账号密码是否正确 $where = [ 'account' => $account, 'password' => md5($password), 'uniacid' => $uniacid, 'aid' => 0,//平台员工aid固定为1 ]; $existence = pdo_get(PDO_NAME."agentadmin",$where); if(!$existence) wl_message('账号密码错误！'); //模拟后台登录 $_W['highest_role'] = 'founder'; //记录员工登录信息 $user = [ 'uniacid' => $uniacid, 'account' => $account, 'password' => md5($password) ]; $userSession = base64_encode(json_encode($user)); isetcookie('__wlsystem_staff_session', $userSession, 7 * 86400, true); //获取该管理员的昵称信息 $nickname = pdo_getcolumn(PDO_NAME."member",['id' => $existence['mid']],'nickname'); $url = web_url('dashboard/dashboard/index'); wl_message("欢迎回来，{$nickname}。", $url); } include wl_template('user/agent_login'); } //平台员工退出登录 public function adminStaffLogout(){ global $_W,$_GPC; //删除员工登录信息 if($_GPC['__wlsystem_staff_session'] || $_GPC['__session']){ isetcookie('__session', '', -10000);//删除模拟的管理员登录信息 isetcookie('__wlsystem_staff_session', '', -10000);//删除员工登录信息 } $loginUrl = $_W['siteroot']."web/citysys.php?p=user&ac=login&do=adminStaffLogin&i={$_W['uniacid']}";//平台员工登录 header('Location:' . $loginUrl); } }