Uchome采用cookie+数据库的方式来进行用户登录验证的

一。登录

1:登录表单由source/do_login.php 处理

2:然后验证用户名以及密码的正确性,不正确则跳转并提示登录失败

3:若验证通过之后,再将获取到得用户账户信息赋给setarr变量数组

4:更新member表

5:将用户登录信息写入到Uchome的session表中

6:将用户名与密码加密写入cookie中

if(submitcheck('loginsubmit')) {

    $password = $_POST['password'];

    $username = trim($_POST['username']);

    $cookietime = intval($_POST['cookietime']);

    $cookiecheck = $cookietime?' checked':'';

    $membername = $username;

    if(empty($_POST['username'])) {

        showmessage('users_were_not_empty_please_re_login', 'do.php?ac='.$_SCONFIG['login_action']);

    }

    if($_SCONFIG['seccode_login']) {

        include_once(S_ROOT.'./source/function_cp.php');

        if(!ckseccode($_POST['seccode'])) {

            $_SGLOBAL['input_seccode'] = 1;

            include template('do_login');

            exit;

        }

    }

    //同步获取用户源

    if(!$passport = getpassport($username, $password)) {

        showmessage('login_failure_please_re_login', 'do.php?ac='.$_SCONFIG['login_action']);

    }

    $setarr = array(

        'uid' => $passport['uid'],

        'username' => addslashes($passport['username']),

        'password' => md5("$passport[uid]|$_SGLOBAL[timestamp]")//本地密码随机生成

    );

    include_once(S_ROOT.'./source/function_space.php');

    //开通空间

    $query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('space')." WHERE uid='$setarr[uid]'");

    if(!$space = $_SGLOBAL['db']->fetch_array($query)) {

        $space = space_open($setarr['uid'], $setarr['username'], 0, $passport['email']);

    }

    $_SGLOBAL['member'] = $space;

    //实名

    realname_set($space['uid'], $space['username'], $space['name'], $space['namestatus']);

    //检索当前用户

    $query = $_SGLOBAL['db']->query("SELECT password FROM ".tname('member')." WHERE uid='$setarr[uid]'");

    if($value = $_SGLOBAL['db']->fetch_array($query)) {

        $setarr['password'] = addslashes($value['password']);

    } else {

        //更新本地用户库

        inserttable('member', $setarr, 0, true);

    }

    //清理在线session

    insertsession($setarr);

    //设置cookie

    ssetcookie('auth', authcode("$setarr[password]\t$setarr[uid]", 'ENCODE'), $cookietime);         //加密cookie:  passowrd和uid

    ssetcookie('loginuser', $passport['username'], 31536000);

    ssetcookie('_refer', '');

    //同步登录

    if($_SCONFIG['uc_status']) {

        include_once S_ROOT.'./uc_client/client.php';

        $ucsynlogin = uc_user_synlogin($setarr['uid']);

    } else {

        $ucsynlogin = '';

    }

    //好友邀请

    if($invitearr) {

        //成为好友

        invite_update($invitearr['id'], $setarr['uid'], $setarr['username'], $invitearr['uid'], $invitearr['username'], $app);

    }

    $_SGLOBAL['supe_uid'] = $space['uid'];

    //判断用户是否设置了头像

    $reward = $setarr = array();

    $experience = $credit = 0;

    $avatar_exists = ckavatar($space['uid']);

    if($avatar_exists) {

        if(!$space['avatar']) {

            //奖励积分

            $reward = getreward('setavatar', 0);

            $credit = $reward['credit'];

            $experience = $reward['experience'];

            if($credit) {

                $setarr['credit'] = "credit=credit+$credit";

            }

            if($experience) {

                $setarr['experience'] = "experience=experience+$experience";

            }

            $setarr['avatar'] = 'avatar=1';

            $setarr['updatetime'] = "updatetime=$_SGLOBAL[timestamp]";

        }

    } else {

        if($space['avatar']) {

            $setarr['avatar'] = 'avatar=0';

        }

    }

    if($setarr) {

        $_SGLOBAL['db']->query("UPDATE ".tname('space')." SET ".implode(',', $setarr)." WHERE uid='$space[uid]'");//更新空间信息

    }

    if(empty($_POST['refer'])) {

        $_POST['refer'] = 'space.php?do=home';

    }

    realname_get();

    showmessage('login_success', $app?"userapp.php?id=$app":$_POST['refer'], 1, array($ucsynlogin));

}

二。验证

1.cp.php

//权限判断

if(empty($_SGLOBAL['supe_uid'])) {                  //检查supe_uid

    if($_SERVER['REQUEST_METHOD'] == 'GET') {

        ssetcookie('_refer', rawurlencode($_SERVER['REQUEST_URI'])); //保存网站链接,登录后跳转

    } else {

        ssetcookie('_refer', rawurlencode('cp.php?ac='.$ac));

    }

    showmessage('to_login', 'do.php?ac='.$_SCONFIG['login_action']);

}

2.space.php

//是否公开

if(empty($isinvite) && empty($_SCONFIG['networkpublic'])) {

    checklogin();//需要登录

}
//检查是否登录

function checklogin() {

    global $_SGLOBAL, $_SCONFIG;

    if(empty($_SGLOBAL['supe_uid'])) {                       //同样是检查supe_uid

        ssetcookie('_refer', rawurlencode($_SERVER['REQUEST_URI']));

        showmessage('to_login', 'do.php?ac='.$_SCONFIG['login_action']);

    }

}
//判断当前用户登录状态

function checkauth() {

    global $_SGLOBAL, $_SC, $_SCONFIG, $_SCOOKIE, $_SN;

    if($_SGLOBAL['mobile'] && $_GET['m_auth'])
     $_SCOOKIE['auth'] = $_GET['m_auth'];

    if($_SCOOKIE['auth']) {

        @list($password, $uid) = explode("\t", authcode($_SCOOKIE['auth'], 'DECODE'));                  //解密cookie:password和uid

        $_SGLOBAL['supe_uid'] = intval($uid);

        if($password && $_SGLOBAL['supe_uid']) {
        //判断cookie时保存的内容 是否与 session表或member表里的相同。

            $query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('session')." WHERE uid='$_SGLOBAL[supe_uid]'");

            if($member = $_SGLOBAL['db']->fetch_array($query)) {

                if($member['password'] == $password) {

                    $_SGLOBAL['supe_username'] = addslashes($member['username']);

                    $_SGLOBAL['session'] = $member;

                } else {

                    $_SGLOBAL['supe_uid'] = 0;

                }

            } else {

                $query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('member')." WHERE uid='$_SGLOBAL[supe_uid]'");

                if($member = $_SGLOBAL['db']->fetch_array($query)) {

                    if($member['password'] == $password) {

                        $_SGLOBAL['supe_username'] = addslashes($member['username']);

                        $session = array('uid' => $_SGLOBAL['supe_uid'], 'username' => $_SGLOBAL['supe_username'], 'password' => $password);

                        include_once(S_ROOT.'./source/function_space.php');

                        insertsession($session);//登录

                    } else {

                        $_SGLOBAL['supe_uid'] = 0;

                    }

                } else {

                    $_SGLOBAL['supe_uid'] = 0;

                }

            }

        }

    }
   //都不相同,则清除cookie

    if(empty($_SGLOBAL['supe_uid'])) {

        clearcookie();

    } else {

        $_SGLOBAL['username'] = $member['username'];

    }

}

uchome登录验证的更多相关文章

  1. ASP.NET MVC 登录验证

     好久没写随笔了,这段时间没 什么事情,领导 一直没安排任务,索性 一直在研究代码,说实在的,这个登录都 搞得我云里雾里的,所以这次我可能也讲得不是 特别清楚,但是 我尽力把我知道的讲出来,顺便也对自 ...

  2. Shiro安全框架入门篇(登录验证实例详解与源码)

    转载自http://blog.csdn.net/u013142781 一.Shiro框架简单介绍 Apache Shiro是Java的一个安全框架,旨在简化身份验证和授权.Shiro在JavaSE和J ...

  3. 练习:python 操作Mysql 实现登录验证 用户权限管理

    python 操作Mysql 实现登录验证 用户权限管理

  4. AD域登录验证

    AD域登录验证 作者:Grey 原文地址:http://www.cnblogs.com/greyzeng/p/5799699.html 需求 系统在登录的时候,需要根据用户名和密码验证连接域服务器进行 ...

  5. ASP.NET MVC4 Forms 登录验证

    Web.config配置: 在<system.web>节下: <authentication mode="Forms"> <forms loginUr ...

  6. MVC前台页面做登录验证

    最近接触了一个电商平台的前台页面,需要做一个登录验证,具体情况是:当用户想要看自己的订单.积分等等信息,就需要用户登录之后才能查询,那么在MVC项目中我们应该怎么做这个前台的验证呢? 1.我在Cont ...

  7. [MVC学习笔记]5.使用Controller来代替Filter完成登录验证(Session校验)

          之前的学习中,在对Session校验完成登录验证时,通常使用Filter来处理,方法类似与前文的错误日志过滤,即新建Filter类继承ActionFilterAttribute类,重写On ...

  8. ThinkPHP之登录验证

    验证方面写的不是很完整,正在完善当中 <?php /** * Created by dreamcms. * User: Administrator * Date: 2016/9/5 * Time ...

  9. ASP.NET MVC3 实现用户登录验证

    自定义一个授权筛选器类,继承于AuthorizeAttribute: using System; using System.Web; using System.Web.Mvc; namespace M ...

随机推荐

  1. PHP中替换换行符方法总结

    <?php header("content-type:text/html;charset=utf-8"); $str = "aaaa bbbb cccc dddd& ...

  2. 解决error: Your local changes to the following files would be overwritten by merge

    在项目里我们一般都会把自己第一次提交的配置文件忽略本地跟踪 1 [Sun@webserver2 demo]$ git update-index --assume-unchanged <filen ...

  3. 关于使用_bstr_t的一个坑

    编程中需要将_variant_t转换为char*,常用的方法是:(const char*)_bstr_t(c_variant_t); 使用_bstr_t的构造函数:  _bstr_t(const _v ...

  4. js简单的弹出框有关闭按钮

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/ ...

  5. 超全面的JavaWeb笔记day05<xml&dtd&jaxp>

    0.表单提交方式(*****) button提交 超链接提交 事件 1.xml简介和应用(了解) 2.xml文档声明和乱码解决(*****) 文档声明 必须放在第一行第一列 设置xml编码和保存编码一 ...

  6. Java精选笔记_自定义标签

    自定义标签 自定义标签入门 什么是自定义标签 自定义标签可以有效地将HTML代码与Java代码分离,从而使不懂Java编程的HTML设计人员也可以编写出功能强大的JSP页面 JSP规范中定义了多个用于 ...

  7. swift - UIImageView 的使用

    1.创建 var imageView = UIImageView()//初始化 2.图片的显示及图片的改变 imageView = UIImageView(image: UIImage(named: ...

  8. help()

    help() 用于查看函数或模块的帮助信息 In [1]: help(id) # 查看id()这个函数的帮助信息,注意不要写成help(id()) id(...) id(object) -> i ...

  9. UE4射线的碰撞与绘制

    http://blog.csdn.net/qq992817263/article/details/51800657 //起点 终点 FHitResult RayGetHitResult(FVector ...

  10. OnGlobalLayoutListener用法

    1.implements ViewTreeObserver.OnGlobalLayoutListener{} 2.mContentView.getViewTreeObserver().addOnGlo ...