苏州网络推广商_怎么写自己的网页_北京网_营业推广经典案例

一、登录接口调整

        在根目录下app文件夹下controller文件夹下common文件夹下Login.php文件中，修改doLogin接口，代码如下：

    //登录public function doLogin(){$param = $this->request->param();$validate = new \app\validate\common\Login;$result = $validate->check($param);//参数验证if (!$result) return err($validate->getError());//验证码的正确性if (!app()->make(\Other\Captcha::class)->check($param['captcha_code'])) return err('验证码错误');if (time() + 5 < strtotime($param['login_time'])) return err('非法登录');$resData = Admin::dataFind(['email' => trim($param['username'])], 'id,realname,password,ip,status', true);//用户信息的正确性if (empty($resData) && empty($resData['id'])) return err('用户不存在');if ($resData['status'] !== 1) return err('该账号已被禁用');$systemParam = SystemModel::dataFind(['id' => 1],'security_password,platform_token_expira');if ($resData['password'] !== sha1($param['password'] . $systemParam['security_password'])) return err('账号对应的密码错误');$loginIp = $this->request->header('x-real-ip');if(!empty($resData['ip'])){if($resData['ip'] != $loginIp)return err('禁止访问,不在IP白名单中');}//写入Token日志$data['token_type'] = 1;$data['menu_name'] = 'CommonLoginDoLogin';$data['admin_id'] = $resData['id'];$data['random_number'] = alnum();$data['client_id'] = '';$data['login_ip'] = $loginIp;$data['create_time'] = date('Y-m-d',strtotime($param['login_time']));$data['login_time'] = $param['login_time'];$data['expire_time'] = strtotime($param['login_time']) + $systemParam['platform_token_expira'];$token = $data['admin_id'] . $data['random_number'];$data['token'] = sha1(sha1($token) . strtotime($data['login_time']));TokenModel::save($data,[]);//加入跨站攻击验证队列Redis::select(config('cache.stores.redis.token_db'))->setex('token_' . $data['token'],$systemParam['platform_token_expira'],$resData['id']);Redis::select(config('cache.stores.redis.token_db'))->setex('token_' . $resData['id'],$systemParam['platform_token_expira'],Encrypt::encryptRsa($data['token']));Redis::select(config('cache.stores.redis.data_db_api'))->set($token,$loginIp);/*$emailSender = new EmailSender();$emailSender::send($param['username'],'登录系统',$resData['realname'].'于'.$param['login_time'].'登录系统');*/return succ('登录成功',Encrypt::encryptRsa($token));}

二、调整控制台接口

        1、读取数据

                在根目录下app文件夹下model文件夹下common文件夹下Token.php文件中，修改setToken静态方法，代码如下：

    //修改token整个状态public static function setToken($token, $attack, $clientIp){$data['admin_id'] = 0;$data['username'] = '';$data['avatar'] = '';$data['realname'] = '';$data['email'] = '';$data['ip'] = '';$data['department_id'] = 0;$data['grade_id'] = 0;$data['role_id'] = 0;$data['random_number'] = '';$data['client_id'] = '';$data['login_ip'] = '';$redisToken = Redis::select(config('cache.stores.redis.token_db'))->get('token_'.$token);if(empty($redisToken))return array('status' => false, 'info' => 'token已经过期咯,请重新登录!', 'data' => $data);//获取系统配置的过期时间$systemParam = SystemModel::dataFind(['id' => 1],'platform_token_expira');//验证是否跨站攻击$attackToken = Redis::select(config('cache.stores.redis.token_db'))->get('token_' . $redisToken);if(!empty($attackToken)){if ($attackToken === $attack){//如果传过来加密后的token与Redis里面记录的一样，就禁止访问、延长过期时间并加入黑名单Redis::select(config('cache.stores.redis.token_db'))->expire('token_'.$token, $systemParam['platform_token_expira']);//加入黑名单//Redis::select(config('cache.stores.redis.default_db'))->sadd('black-list', $clientIp);//return array('status' => false, 'info' => '跨站攻击', 'data' => $data);}}Redis::select(config('cache.stores.redis.token_db'))->expire('token_'.$token, $systemParam['platform_token_expira']);Redis::select(config('cache.stores.redis.token_db'))->setex('token_' . $redisToken, $systemParam['platform_token_expira'], $attack);$resAdminFind = Admin::dataFind(['id' => $redisToken], 'username,avatar,realname,email,ip,department_id,grade_id,role_id,status',true);if ($resAdminFind['status'] !== 1) return array('status' => false, 'info' => '该用户已被禁用', 'data' => $data);$resTokenFind = self::dataFind(['token' => $token],'random_number,client_id,login_ip',true);$data['admin_id'] = $redisToken;$data['username'] = $resAdminFind['username'];$data['avatar'] = $resAdminFind['avatar'];$data['realname'] = $resAdminFind['realname'];$data['email'] = $resAdminFind['email'];$data['ip'] = $resAdminFind['ip'];$data['department_id'] = $resAdminFind['department_id'];$data['grade_id'] = $resAdminFind['grade_id'];$data['role_id'] = $resAdminFind['role_id'];$data['random_number'] = $resTokenFind['random_number'];$data['client_id'] = $resTokenFind['client_id'];$data['login_ip'] = $resTokenFind['login_ip'];return array('status' => true, 'info' => '', 'data' => $data);}

        2、赋值数据

                在根目录下app文件夹下controller文件夹下Base.php文件中，修改token验证方法，也就是isLoginAuth方法，代码如下：

    //token验证private function isLoginAuth(){$headInfo = $this->request->header();if(!isset($headInfo['authorization']))throw new BaseError('非法操作!');if(empty($headInfo['authorization']))throw new BaseError('操作异常!');if(!empty($this->loginIp)){if($this->loginIp != $headInfo['x-real-ip'])throw new BaseError('危险操作!');}$tokenValue = explode('|', Encrypt::decryptRsa($headInfo['authorization']));//解密 --转换tokenif(count($tokenValue) != 2)throw new BaseError('登录认证权限错误',50034,200);$token = sha1(sha1($tokenValue[0]).strtotime($tokenValue[1]));$res = Token::setToken($token, $headInfo['authorization'], $headInfo['x-real-ip']);if($res['status'] === false)throw new BaseError($res['info'],50034,200);//赋值错误信息$this->userId = $res['data']['admin_id'];$this->avatar = $res['data']['avatar'];$this->username = $res['data']['username'];$this->realname = $res['data']['realname'];$this->email = $res['data']['email'];$this->ip = $res['data']['ip'];$this->departmentId = $res['data']['department_id'];$this->gradeId = $res['data']['grade_id'];$this->roleId = $res['data']['role_id'];$this->token = $token;$this->randomNumber = $res['data']['random_number'];$this->loginIp = $res['data']['login_ip'];$this->clientId = $res['data']['client_id'];}

三、调整操作日志记录

        在根目录下app文件夹下controller文件夹下Base.php文件中，修改setToken方法，代码如下：

    /*** 操作日志记录* User: 龙哥·三年风水* Date: 2024/12/12* Time: 17:11* @ param $tokenType 操作类型* @ param $menuName 权限名称*/protected function setToken($tokenType,$menuName){$data['token_type'] = $tokenType;$data['menu_name'] = $menuName;$data['admin_id'] = $this->userId;$data['random_number'] = $this->randomNumber;$data['client_id'] = $this->clientId;$data['login_ip'] = $this->loginIp;$data['create_time'] = date('Y-m-d',time());$data['login_time'] = date('Y-m-d H:i:s',time());$data['expire_time'] = time();$data['token'] = $this->token;Token::save($data,[]);}

四、修改表结构

        在对应的数据库中修改登录者操作日志表，添加两个字段client_id、login_ip。具体代码如下：