loumengning
/
shop
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
201 Commits
3 Branches
51 MiB
 
 
 
 
 
 
Tree: acc62b0d25
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'acc62b0d25'
${ noResults }
shop/application/common/library/Auth.php

565 lines
15 KiB
Raw Blame History 

  1. <?php

  2. 

  3. namespace app\common\library;

  4. 

  5. use app\common\model\User;

  6. use app\common\model\UserRule;

  7. use fast\Random;

  8. use think\Config;

  9. use think\Db;

  10. use think\Exception;

  11. use think\Hook;

  12. use think\Request;

  13. use think\Validate;

  14. 

  15. class Auth

  16. {

  17.     protected static $instance = null;

  18.     protected $_error = '';

  19.     protected $_logined = false;

  20.     protected $_user = null;

  21.     protected $_token = '';

  22.     //Token默认有效时长

  23.     protected $keeptime = 2592000;

  24.     //protected $keeptime = 10;

  25.     protected $requestUri = '';

  26.     protected $rules = [];

  27.     //默认配置

  28.     protected $config = [];

  29.     protected $options = [];

  30.     protected $allowFields = ['id', 'username', 'nickname', 'mobile', 'avatar', 'score'];

  31. 

  32.     public function __construct($options = [])

  33.     {

  34.         if ($config = Config::get('user')) {

  35.             $this->config = array_merge($this->config, $config);

  36.         }

  37.         $this->options = array_merge($this->config, $options);

  38.     }

  39. 

  40.     /**

  41.      *

  42.      * @param array $options 参数

  43.      * @return Auth

  44.      */

  45.     public static function instance($options = [])

  46.     {

  47.         if (is_null(self::$instance)) {

  48.             self::$instance = new static($options);

  49.         }

  50. 

  51.         return self::$instance;

  52.     }

  53. 

  54.     /**

  55.      * 获取User模型

  56.      * @return User

  57.      */

  58.     public function getUser()

  59.     {

  60.         return $this->_user;

  61.     }

  62. 

  63.     /**

  64.      * 兼容调用user模型的属性

  65.      *

  66.      * @param string $name

  67.      * @return mixed

  68.      */

  69.     public function __get($name)

  70.     {

  71.         return $this->_user ? $this->_user->$name : null;

  72.     }

  73. 

  74.     /**

  75.      * 根据Token初始化

  76.      *

  77.      * @param string $token Token

  78.      * @return boolean

  79.      */

  80.     public function init($token)

  81.     {

  82.         if ($this->_logined) {

  83.             return true;

  84.         }

  85.         if ($this->_error) {

  86.             return false;

  87.         }

  88.         $data = Token::get($token);

  89.         if (!$data) {

  90.             return false;

  91.         }

  92.         $user_id = intval($data['user_id']);

  93.         if ($user_id > 0) {

  94.             $user = User::get($user_id);

  95.             if (!$user) {

  96.                 $this->setError('Account not exist');

  97.                 return false;

  98.             }

  99.             if ($user['status'] != 'normal') {

  100.                 $this->setError('Account is locked');

  101.                 return false;

  102.             }

  103.             $this->_user = $user;

  104.             $this->_logined = true;

  105.             $this->_token = $token;

  106. 

  107.             //初始化成功的事件

  108.             Hook::listen("user_init_successed", $this->_user);

  109. 

  110.             return true;

  111.         } else {

  112.             $this->setError('You are not logged in');

  113.             return false;

  114.         }

  115.     }

  116. 

  117.     /**

  118.      * 注册用户

  119.      *

  120.      * @param string $username 用户名

  121.      * @param string $password 密码

  122.      * @param string $email    邮箱

  123.      * @param string $mobile   手机号

  124.      * @param array  $extend   扩展参数

  125.      * @return boolean

  126.      */

  127.     public function register($username, $password, $email = '', $mobile = '', $extend = [])

  128.     {

  129.         // 检测用户名或邮箱、手机号是否存在

  130.         if (User::getByUsername($username)) {

  131.             $this->setError('Username already exist');

  132.             return false;

  133.         }

  134.         if ($email && User::getByEmail($email)) {

  135.             $this->setError('Email already exist');

  136.             return false;

  137.         }

  138.         if ($mobile && User::getByMobile($mobile)) {

  139.             $this->setError('Mobile already exist');

  140.             return false;

  141.         }

  142. 

  143.         $ip = request()->ip();

  144.         $time = time();

  145. 

  146.         $data = [

  147.             'username' => $username,

  148.             'password' => $password,

  149.             'email'    => $email,

  150.             'mobile'   => $mobile,

  151.             'level'    => 1,

  152.             'score'    => 0,

  153.             'avatar'   => '',

  154.         ];

  155.         $params = array_merge($data, [

  156.             'nickname'  => $username,

  157.             'salt'      => Random::alnum(),

  158.             'jointime'  => $time,

  159.             'joinip'    => $ip,

  160.             'logintime' => $time,

  161.             'loginip'   => $ip,

  162.             'prevtime'  => $time,

  163.             'status'    => 'normal'

  164.         ]);

  165.         $params['password'] = $this->getEncryptPassword($password, $params['salt']);

  166.         $params = array_merge($params, $extend);

  167. 

  168.         //账号注册时需要开启事务,避免出现垃圾数据

  169.         Db::startTrans();

  170.         try {

  171.             $user = User::create($params, true);

  172. 

  173.             $this->_user = User::get($user->id);

  174. 

  175.             //设置Token

  176.             $this->_token = Random::uuid();

  177.             Token::set($this->_token, $user->id, $this->keeptime);

  178. 

  179.             //注册成功的事件

  180.             Hook::listen("user_register_successed", $this->_user, $data);

  181.             Db::commit();

  182.         } catch (Exception $e) {

  183.             $this->setError($e->getMessage());

  184.             Db::rollback();

  185.             return false;

  186.         }

  187.         return true;

  188.     }

  189. 

  190.     /**

  191.      * 用户登录

  192.      *

  193.      * @param string $account  账号,用户名、邮箱、手机号

  194.      * @param string $password 密码

  195.      * @return boolean

  196.      */

  197.     public function login($account, $password)

  198.     {

  199.         $field = Validate::is($account, 'email') ? 'email' : (Validate::regex($account, '/^1\d{10}$/') ? 'mobile' : 'username');

  200.         $user = User::get([$field => $account]);

  201.         if (!$user) {

  202.             $this->setError('Account is incorrect');

  203.             return false;

  204.         }

  205. 

  206.         if ($user->status != 'normal') {

  207.             $this->setError('Account is locked');

  208.             return false;

  209.         }

  210.         if ($user->password != $this->getEncryptPassword($password, $user->salt)) {

  211.             $this->setError('Password is incorrect');

  212.             return false;

  213.         }

  214. 

  215.         //直接登录会员

  216.         $this->direct($user->id);

  217. 

  218.         return true;

  219.     }

  220. 

  221.     /**

  222.      * 注销

  223.      *

  224.      * @return boolean

  225.      */

  226.     public function logout()

  227.     {

  228.         if (!$this->_logined) {

  229.             $this->setError('You are not logged in');

  230.             return false;

  231.         }

  232.         //设置登录标识

  233.         $this->_logined = false;

  234.         //删除Token

  235.         Token::delete($this->_token);

  236.         //注销成功的事件

  237.         Hook::listen("user_logout_successed", $this->_user);

  238.         return true;

  239.     }

  240. 

  241.     /**

  242.      * 修改密码

  243.      * @param string $newpassword       新密码

  244.      * @param string $oldpassword       旧密码

  245.      * @param bool   $ignoreoldpassword 忽略旧密码

  246.      * @return boolean

  247.      */

  248.     public function changepwd($newpassword, $oldpassword = '', $ignoreoldpassword = false)

  249.     {

  250.         if (!$this->_logined) {

  251.             $this->setError('You are not logged in');

  252.             return false;

  253.         }

  254.         //判断旧密码是否正确

  255.         if ($this->_user->password == $this->getEncryptPassword($oldpassword, $this->_user->salt) || $ignoreoldpassword) {

  256.             Db::startTrans();

  257.             try {

  258.                 $salt = Random::alnum();

  259.                 $newpassword = $this->getEncryptPassword($newpassword, $salt);

  260.                 $this->_user->save(['loginfailure' => 0, 'password' => $newpassword, 'salt' => $salt]);

  261. 

  262.                 Token::delete($this->_token);

  263.                 //修改密码成功的事件

  264.                 Hook::listen("user_changepwd_successed", $this->_user);

  265.                 Db::commit();

  266.             } catch (Exception $e) {

  267.                 Db::rollback();

  268.                 $this->setError($e->getMessage());

  269.                 return false;

  270.             }

  271.             return true;

  272.         } else {

  273.             $this->setError('Password is incorrect');

  274.             return false;

  275.         }

  276.     }

  277. 

  278.     /**

  279.      * 直接登录账号

  280.      * @param int $user_id

  281.      * @return boolean

  282.      */

  283.     public function direct($user_id)

  284.     {

  285.         $user = User::get($user_id);

  286.         if ($user) {

  287.             Db::startTrans();

  288.             try {

  289.                 $ip = request()->ip();

  290.                 $time = time();

  291. 

  292.                 //判断连续登录和最大连续登录

  293.                 if ($user->logintime < \fast\Date::unixtime('day')) {

  294.                     $user->successions = $user->logintime < \fast\Date::unixtime('day', -1) ? 1 : $user->successions + 1;

  295.                     $user->maxsuccessions = max($user->successions, $user->maxsuccessions);

  296.                 }

  297. 

  298.                 $user->prevtime = $user->logintime;

  299.                 //记录本次登录的IP和时间

  300.                 $user->loginip = $ip;

  301.                 $user->logintime = $time;

  302.                 //重置登录失败次数

  303.                 $user->loginfailure = 0;

  304. 

  305.                 $user->save();

  306. 

  307.                 $this->_user = $user;

  308. 

  309.                 $this->_token = Random::uuid();

  310.                 Token::set($this->_token, $user->id, $this->keeptime);

  311. 

  312.                 $this->_logined = true;

  313. 

  314.                 //登录成功的事件

  315.                 Hook::listen("user_login_successed", $this->_user);

  316.                 Db::commit();

  317.             } catch (Exception $e) {

  318.                 Db::rollback();

  319.                 $this->setError($e->getMessage());

  320.                 return false;

  321.             }

  322.             return true;

  323.         } else {

  324.             return false;

  325.         }

  326.     }

  327. 

  328.     /**

  329.      * 检测是否是否有对应权限

  330.      * @param string $path   控制器/方法

  331.      * @param string $module 模块 默认为当前模块

  332.      * @return boolean

  333.      */

  334.     public function check($path = null, $module = null)

  335.     {

  336.         if (!$this->_logined) {

  337.             return false;

  338.         }

  339. 

  340.         $ruleList = $this->getRuleList();

  341.         $rules = [];

  342.         foreach ($ruleList as $k => $v) {

  343.             $rules[] = $v['name'];

  344.         }

  345.         $url = ($module ? $module : request()->module()) . '/' . (is_null($path) ? $this->getRequestUri() : $path);

  346.         $url = strtolower(str_replace('.', '/', $url));

  347.         return in_array($url, $rules) ? true : false;

  348.     }

  349. 

  350.     /**

  351.      * 判断是否登录

  352.      * @return boolean

  353.      */

  354.     public function isLogin()

  355.     {

  356.         if ($this->_logined) {

  357.             return true;

  358.         }

  359.         return false;

  360.     }

  361. 

  362.     /**

  363.      * 获取当前Token

  364.      * @return string

  365.      */

  366.     public function getToken()

  367.     {

  368.         return $this->_token;

  369.     }

  370. 

  371.     /**

  372.      * 获取会员基本信息

  373.      */

  374.     public function getUserinfo()

  375.     {

  376.         $data = $this->_user->toArray();

  377.         $allowFields = $this->getAllowFields();

  378.         $userinfo = array_intersect_key($data, array_flip($allowFields));

  379.         $userinfo = array_merge($userinfo, Token::get($this->_token));

  380.         return $userinfo;

  381.     }

  382. 

  383.     /**

  384.      * 获取会员组别规则列表

  385.      * @return array

  386.      */

  387.     public function getRuleList()

  388.     {

  389.         if ($this->rules) {

  390.             return $this->rules;

  391.         }

  392.         $group = $this->_user->group;

  393.         if (!$group) {

  394.             return [];

  395.         }

  396.         $rules = explode(',', $group->rules);

  397.         $this->rules = UserRule::where('status', 'normal')->where('id', 'in', $rules)->field('id,pid,name,title,ismenu')->select();

  398.         return $this->rules;

  399.     }

  400. 

  401.     /**

  402.      * 获取当前请求的URI

  403.      * @return string

  404.      */

  405.     public function getRequestUri()

  406.     {

  407.         return $this->requestUri;

  408.     }

  409. 

  410.     /**

  411.      * 设置当前请求的URI

  412.      * @param string $uri

  413.      */

  414.     public function setRequestUri($uri)

  415.     {

  416.         $this->requestUri = $uri;

  417.     }

  418. 

  419.     /**

  420.      * 获取允许输出的字段

  421.      * @return array

  422.      */

  423.     public function getAllowFields()

  424.     {

  425.         return $this->allowFields;

  426.     }

  427. 

  428.     /**

  429.      * 设置允许输出的字段

  430.      * @param array $fields

  431.      */

  432.     public function setAllowFields($fields)

  433.     {

  434.         $this->allowFields = $fields;

  435.     }

  436. 

  437.     /**

  438.      * 删除一个指定会员

  439.      * @param int $user_id 会员ID

  440.      * @return boolean

  441.      */

  442.     public function delete($user_id)

  443.     {

  444.         $user = User::get($user_id);

  445.         if (!$user) {

  446.             return false;

  447.         }

  448.         Db::startTrans();

  449.         try {

  450.             // 删除会员

  451.             User::destroy($user_id);

  452.             // 删除会员指定的所有Token

  453.             Token::clear($user_id);

  454. 

  455.             Hook::listen("user_delete_successed", $user);

  456.             Db::commit();

  457.         } catch (Exception $e) {

  458.             Db::rollback();

  459.             $this->setError($e->getMessage());

  460.             return false;

  461.         }

  462.         return true;

  463.     }

  464. 

  465.     /**

  466.      * 获取密码加密后的字符串

  467.      * @param string $password 密码

  468.      * @param string $salt     密码盐

  469.      * @return string

  470.      */

  471.     public function getEncryptPassword($password, $salt = '')

  472.     {

  473.         return md5(md5($password) . $salt);

  474.     }

  475. 

  476.     /**

  477.      * 检测当前控制器和方法是否匹配传递的数组

  478.      *

  479.      * @param array $arr 需要验证权限的数组

  480.      * @return boolean

  481.      */

  482.     public function match($arr = [])

  483.     {

  484.         $request = Request::instance();

  485.         $arr = is_array($arr) ? $arr : explode(',', $arr);

  486.         if (!$arr) {

  487.             return false;

  488.         }

  489.         $arr = array_map('strtolower', $arr);

  490.         // 是否存在

  491.         if (in_array(strtolower($request->action()), $arr) || in_array('*', $arr)) {

  492.             return true;

  493.         }

  494. 

  495.         // 没找到匹配

  496.         return false;

  497.     }

  498. 

  499.     /**

  500.      * 设置会话有效时间

  501.      * @param int $keeptime 默认为永久

  502.      */

  503.     public function keeptime($keeptime = 0)

  504.     {

  505.         $this->keeptime = $keeptime;

  506.     }

  507. 

  508.     /**

  509.      * 渲染用户数据

  510.      * @param array  $datalist  二维数组

  511.      * @param mixed  $fields    加载的字段列表

  512.      * @param string $fieldkey  渲染的字段

  513.      * @param string $renderkey 结果字段

  514.      * @return array

  515.      */

  516.     public function render(&$datalist, $fields = [], $fieldkey = 'user_id', $renderkey = 'userinfo')

  517.     {

  518.         $fields = !$fields ? ['id', 'nickname', 'level', 'avatar'] : (is_array($fields) ? $fields : explode(',', $fields));

  519.         $ids = [];

  520.         foreach ($datalist as $k => $v) {

  521.             if (!isset($v[$fieldkey])) {

  522.                 continue;

  523.             }

  524.             $ids[] = $v[$fieldkey];

  525.         }

  526.         $list = [];

  527.         if ($ids) {

  528.             if (!in_array('id', $fields)) {

  529.                 $fields[] = 'id';

  530.             }

  531.             $ids = array_unique($ids);

  532.             $selectlist = User::where('id', 'in', $ids)->column($fields);

  533.             foreach ($selectlist as $k => $v) {

  534.                 $list[$v['id']] = $v;

  535.             }

  536.         }

  537.         foreach ($datalist as $k => &$v) {

  538.             $v[$renderkey] = isset($list[$v[$fieldkey]]) ? $list[$v[$fieldkey]] : null;

  539.         }

  540.         unset($v);

  541.         return $datalist;

  542.     }

  543. 

  544.     /**

  545.      * 设置错误信息

  546.      *

  547.      * @param $error 错误信息

  548.      * @return Auth

  549.      */

  550.     public function setError($error)

  551.     {

  552.         $this->_error = $error;

  553.         return $this;

  554.     }

  555. 

  556.     /**

  557.      * 获取错误信息

  558.      * @return string

  559.      */

  560.     public function getError()

  561.     {

  562.         return $this->_error ? __($this->_error) : '';

  563.     }

  564. }