通过加密cookie是网站安全性更高,登录信息不保存在session中,在function.php文件在建立两个函数,加密和解密函数。
/** * 加密函数 * @param string $txt 需要加密的字符串 * @param string $key 密钥 * @return string 返回加密结果 */ function encrypt($txt, $key = ''){ if (empty($txt)) return $txt; if (empty($key)) $key = md5(MD5_KEY); $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_."; $ikey ="-x6g6ZWm2G9g_vr0Bo.pOq3kRIxsZ6rm"; $nh1 = rand(0,64); $nh2 = rand(0,64); $nh3 = rand(0,64); $ch1 = $chars{$nh1}; $ch2 = $chars{$nh2}; $ch3 = $chars{$nh3}; $nhnum = $nh1 + $nh2 + $nh3; $knum = 0;$i = 0; while(isset($key{$i})) $knum +=ord($key{$i++}); $mdKey = substr(md5(md5(md5($key.$ch1).$ch2.$ikey).$ch3),$nhnum%8,$knum%8 + 16); $txt = base64_encode(time().'_'.$txt); $txt = str_replace(array('+','/','='),array('-','_','.'),$txt); $tmp = ''; $j=0;$k = 0; $tlen = strlen($txt); $klen = strlen($mdKey); for ($i=0; $i<$tlen; $i++) { $k = $k == $klen ? 0 : $k; $j = ($nhnum+strpos($chars,$txt{$i})+ord($mdKey{$k++}))d; $tmp .= $chars{$j}; } $tmplen = strlen($tmp); $tmp = substr_replace($tmp,$ch3,$nh2 % ++$tmplen,0); $tmp = substr_replace($tmp,$ch2,$nh1 % ++$tmplen,0); $tmp = substr_replace($tmp,$ch1,$knum % ++$tmplen,0); return $tmp; } /** * 解密函数 * @param string $txt 需要解密的字符串 * @param string $key 密匙 * @return string 字符串类型的返回结果 */ function decrypt($txt, $key = '', $ttl = 0){ if (empty($txt)) return $txt; if (empty($key)) $key = md5(MD5_KEY); $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_."; $ikey ="-x6g6ZWm2G9g_vr0Bo.pOq3kRIxsZ6rm"; $knum = 0;$i = 0; $tlen = @strlen($txt); while(isset($key{$i})) $knum +=ord($key{$i++}); $ch1 = @$txt{$knum % $tlen}; $nh1 = strpos($chars,$ch1); $txt = @substr_replace($txt,'',$knum % $tlen--,1); $ch2 = @$txt{$nh1 % $tlen}; $nh2 = @strpos($chars,$ch2); $txt = @substr_replace($txt,'',$nh1 % $tlen--,1); $ch3 = @$txt{$nh2 % $tlen}; $nh3 = @strpos($chars,$ch3); $txt = @substr_replace($txt,'',$nh2 % $tlen--,1); $nhnum = $nh1 + $nh2 + $nh3; $mdKey = substr(md5(md5(md5($key.$ch1).$ch2.$ikey).$ch3),$nhnum % 8,$knum % 8 + 16); $tmp = ''; $j=0; $k = 0; $tlen = @strlen($txt); $klen = @strlen($mdKey); for ($i=0; $i<$tlen; $i++) { $k = $k == $klen ? 0 : $k; $j = strpos($chars,$txt{$i})-$nhnum - ord($mdKey{$k++}); while ($j<0) $j+=64; $tmp .= $chars{$j}; } $tmp = str_replace(array('-','_','.'),array('+','/','='),$tmp); $tmp = trim(base64_decode($tmp)); if (preg_match("/\d{10}_/s",substr($tmp,0,11))){ if ($ttl > 0 && (time() - substr($tmp,0,11) > $ttl)){ $tmp = null; }else{ $tmp = substr($tmp,11); } } return $tmp; } 后台系统登录页面的操作处理方法: //登录 public function login(){ if(IS_POST){ //验证验证码 if(!$this->checkverify(I('post.captcha'))){ $this->error(L('verify_error'));//L函数方便多语言系统,内容是“验证码错误” } $Admin=D('admin'); $res=$Admin->checkLogin(I('post.name'),I('post.pass'));//这里其实就是在model里面通过M('admin')->where(array('admin_name'=>$name,'admin_password'=>$pass))->find(); if(is_array($res) && !empty($res)) { //admin_name用户名。amdin_id主键。admin_gid是权限组id。admin_is_super是否是超级管理员 $data=array('name'=>$res['admin_name'], 'id'=>$res['admin_id'],'gid'=>$res['admin_gid'],'sp'=>$res['admin_is_super']); $this->systemSetKey($data); $this->redirect(U('Index/index')); }else{ $this->error(L('user_pass_error'));//L函数方便多语言系统,内容是“用户名或密码错误” } }else{ $this->display(); } } private function systemSetKey($user=''){ if(is_array($user) && !empty($user)){ cookie(COOKIE_PRE.'sys_key',encrypt(serialize($user),MD5_KEY),3600);//这里的COOKIE_PRE是一个常量,你可以在入口文件直接定义个常量。user是一个数据然后序列化成字符串 } } 后台系统首页的验证管理员信息的方法
在基类中写验证:
<?php namespace Admin\Controller; use Think\Controller; class BaseController extends Controller { protected $admin_info; //管理员资料 name id group protected $permission; //权限内容 public function __construct(){ /** * 验证用户是否登录 * $admin_info 管理员资料 name id * id为1 是超级管理员 */ $this->admin_info = $this->systemLogin(); if ($this->admin_info['id'] != 1){ // 验证权限,这个省略 } parent::__construct(); } /** * 系统后台登录验证 * * @param * @return array 数组类型的返回结果 */ protected final function systemLogin(){ //取得cookie内容,解密,和系统匹配 $user = unserialize(decrypt(cookie(COOKIE_PRE.'sys_key'),MD5_KEY)); if (!key_exists('gid',(array)$user) || !isset($user['sp']) || (empty($user['name']) || empty($user['id']))){ $this->redirect(U('Public/login')); }else { $this->systemSetKey($user); } return $user; } /** * 系统后台 会员登录后 将会员验证内容写入对应cookie中 * @param string $name 用户名 * @param int $id 用户ID * @return bool 布尔类型的返回结果 */
