Uchome采用cookie+数据库的方式来进行用户登录验证的
一。登录
1:登录表单由source/do_login.php 处理
2:然后验证用户名以及密码的正确性,不正确则跳转并提示登录失败
3:若验证通过之后,再将获取到得用户账户信息赋给setarr变量数组
4:更新member表
5:将用户登录信息写入到Uchome的session表中
6:将用户名与密码加密写入cookie中
if(submitcheck('loginsubmit')) { $password = $_POST['password']; $username = trim($_POST['username']); $cookietime = intval($_POST['cookietime']); $cookiecheck = $cookietime?' checked':''; $membername = $username; if(empty($_POST['username'])) { showmessage('users_were_not_empty_please_re_login', 'do.php?ac='.$_SCONFIG['login_action']); } if($_SCONFIG['seccode_login']) { include_once(S_ROOT.'./source/function_cp.php'); if(!ckseccode($_POST['seccode'])) { $_SGLOBAL['input_seccode'] = 1; include template('do_login'); exit; } } //同步获取用户源 if(!$passport = getpassport($username, $password)) { showmessage('login_failure_please_re_login', 'do.php?ac='.$_SCONFIG['login_action']); } $setarr = array( 'uid' => $passport['uid'], 'username' => addslashes($passport['username']), 'password' => md5("$passport[uid]|$_SGLOBAL[timestamp]")//本地密码随机生成 ); include_once(S_ROOT.'./source/function_space.php'); //开通空间 $query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('space')." WHERE uid='$setarr[uid]'"); if(!$space = $_SGLOBAL['db']->fetch_array($query)) { $space = space_open($setarr['uid'], $setarr['username'], 0, $passport['email']); } $_SGLOBAL['member'] = $space; //实名 realname_set($space['uid'], $space['username'], $space['name'], $space['namestatus']); //检索当前用户 $query = $_SGLOBAL['db']->query("SELECT password FROM ".tname('member')." WHERE uid='$setarr[uid]'"); if($value = $_SGLOBAL['db']->fetch_array($query)) { $setarr['password'] = addslashes($value['password']); } else { //更新本地用户库 inserttable('member', $setarr, 0, true); } //清理在线session insertsession($setarr); //设置cookie ssetcookie('auth', authcode("$setarr[password] $setarr[uid]", 'ENCODE'), $cookietime); //加密cookie: passowrd和uid ssetcookie('loginuser', $passport['username'], 31536000); ssetcookie('_refer', ''); //同步登录 if($_SCONFIG['uc_status']) { include_once S_ROOT.'./uc_client/client.php'; $ucsynlogin = uc_user_synlogin($setarr['uid']); } else { $ucsynlogin = ''; } //好友邀请 if($invitearr) { //成为好友 invite_update($invitearr['id'], $setarr['uid'], $setarr['username'], $invitearr['uid'], $invitearr['username'], $app); } $_SGLOBAL['supe_uid'] = $space['uid']; //判断用户是否设置了头像 $reward = $setarr = array(); $experience = $credit = 0; $avatar_exists = ckavatar($space['uid']); if($avatar_exists) { if(!$space['avatar']) { //奖励积分 $reward = getreward('setavatar', 0); $credit = $reward['credit']; $experience = $reward['experience']; if($credit) { $setarr['credit'] = "credit=credit+$credit"; } if($experience) { $setarr['experience'] = "experience=experience+$experience"; } $setarr['avatar'] = 'avatar=1'; $setarr['updatetime'] = "updatetime=$_SGLOBAL[timestamp]"; } } else { if($space['avatar']) { $setarr['avatar'] = 'avatar=0'; } } if($setarr) { $_SGLOBAL['db']->query("UPDATE ".tname('space')." SET ".implode(',', $setarr)." WHERE uid='$space[uid]'");//更新空间信息 } if(empty($_POST['refer'])) { $_POST['refer'] = 'space.php?do=home'; } realname_get(); showmessage('login_success', $app?"userapp.php?id=$app":$_POST['refer'], 1, array($ucsynlogin)); }
二。验证
1.cp.php
//权限判断 if(empty($_SGLOBAL['supe_uid'])) { //检查supe_uid if($_SERVER['REQUEST_METHOD'] == 'GET') { ssetcookie('_refer', rawurlencode($_SERVER['REQUEST_URI'])); //保存网站链接,登录后跳转 } else { ssetcookie('_refer', rawurlencode('cp.php?ac='.$ac)); } showmessage('to_login', 'do.php?ac='.$_SCONFIG['login_action']); }
2.space.php
//是否公开 if(empty($isinvite) && empty($_SCONFIG['networkpublic'])) { checklogin();//需要登录 }
//检查是否登录 function checklogin() { global $_SGLOBAL, $_SCONFIG; if(empty($_SGLOBAL['supe_uid'])) { //同样是检查supe_uid ssetcookie('_refer', rawurlencode($_SERVER['REQUEST_URI'])); showmessage('to_login', 'do.php?ac='.$_SCONFIG['login_action']); } }
//判断当前用户登录状态 function checkauth() { global $_SGLOBAL, $_SC, $_SCONFIG, $_SCOOKIE, $_SN; if($_SGLOBAL['mobile'] && $_GET['m_auth'])
$_SCOOKIE['auth'] = $_GET['m_auth'];
if($_SCOOKIE['auth']) { @list($password, $uid) = explode(" ", authcode($_SCOOKIE['auth'], 'DECODE')); //解密cookie:password和uid $_SGLOBAL['supe_uid'] = intval($uid); if($password && $_SGLOBAL['supe_uid']) {
//判断cookie时保存的内容 是否与 session表或member表里的相同。 $query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('session')." WHERE uid='$_SGLOBAL[supe_uid]'"); if($member = $_SGLOBAL['db']->fetch_array($query)) { if($member['password'] == $password) { $_SGLOBAL['supe_username'] = addslashes($member['username']); $_SGLOBAL['session'] = $member; } else { $_SGLOBAL['supe_uid'] = 0; } } else { $query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('member')." WHERE uid='$_SGLOBAL[supe_uid]'"); if($member = $_SGLOBAL['db']->fetch_array($query)) { if($member['password'] == $password) { $_SGLOBAL['supe_username'] = addslashes($member['username']); $session = array('uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'password' => $password); include_once(S_ROOT.'./source/function_space.php'); insertsession($session);//登录 } else { $_SGLOBAL['supe_uid'] = 0; } } else { $_SGLOBAL['supe_uid'] = 0; } } } }
//都不相同,则清除cookie if(empty($_SGLOBAL['supe_uid'])) { clearcookie(); } else { $_SGLOBAL['username'] = $member['username']; } }