token && user status

druphliu · Mar 5, 2016 · 0d50f08 · 0d50f08
1 parent 76d1803
commit 0d50f08
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 12 deletions.
diff --git a/api.php b/api.php
@@ -22,7 +22,9 @@
 if (@!file_exists(DZZ_ROOT . './api/api_' . $mod . '.php')) {
     json_error(lang('message', 'undefined_action'));
 }
-
+//根据token检查是否处于登录状态
+$token = isset($_SERVER['HTTP_X_AUTH_TOKEN'])?$_SERVER['HTTP_X_AUTH_TOKEN']:'';
+check_user_status($token);
 require DZZ_ROOT . './api/api_' . $mod . '.php';
 
 function json_error($t)
@@ -40,4 +42,13 @@ function json_message($status, $message, $data = array())
     return json_encode(array('status' => $status, 'message' => $message, 'data' => $data));
 }
 
+function check_user_status($token)
+{
+    global $_G;
+    $uid = DB::result_first('SELECT uid FROM %t WHERE token=%s', array('user_token', $token));
+    $userInfo = C::t('user')->fetch_by_uid($uid);
+    $_G['uid'] = $uid;
+    $_G['username'] = $userInfo['username'];
+    $_G['phone']  = $userInfo['phone'];
+}
 ?>
diff --git a/api/api_user.php b/api/api_user.php
@@ -10,10 +10,12 @@
 }
 define('CURSCRIPT', 'user');
 require libfile('class/user');
+require libfile('function/user');
 define('NOROBOT', TRUE);
-if(!in_array($_GET['action'], array('login', 'logout'))) {
+if(!in_array($_GET['action'], array('login', 'logout','userInfo'))) {
     $_GET['action']='login';
 }
+$_POST = json_decode(file_get_contents('php://input'),true);
 $ctl_obj = new logging_ctl();
 $ctl_obj->setting = $_G['setting'];
 $method = 'api_'.$_GET['action'];

diff --git a/user/class/class_user.php b/user/class/class_user.php
@@ -243,6 +243,7 @@ function on_logout() {
 	function api_login()
 	{
 		global $_G, $_POST;
+
 		if($_POST){
 			if (!empty($_POST['auth'])) {
 				list($_POST['email'], $_POST['password']) = daddslashes(explode("\t", authcode($_POST['auth'], 'DECODE')));
@@ -256,7 +257,8 @@ function api_login()
 			if (!$_POST['password'] || $_POST['password'] != addslashes($_POST['password'])) {
 				json_error(lang('message','profile_passwd_illegal'));
 			}
-			$result = userlogin($_POST['email'], $_POST['password'], $_POST['questionid'], $_POST['answer'], 'auto', $_G['clientip']);
+			$username = $_POST['uname'];
+			$result = userlogin($username , $_POST['password'], $_POST['questionid'], $_POST['answer'], 'auto', $_G['clientip']);
 			$uid = $result['ucresult']['uid'];
 
 
@@ -279,7 +281,7 @@ function api_login()
 			}
 
 			if ($result['status'] > 0) {
-
+				$token = md5($_G['uid'].time());
 				if ($this->extrafile && file_exists($this->extrafile)) {
 					require_once $this->extrafile;
 				}
@@ -290,8 +292,14 @@ function api_login()
 					dsetcookie('lip', $_G['member']['lastip'] . ',' . $_G['member']['lastvisit']);
 				}
 				C::t('user_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP));
-
-
+				$tokenExit = DB::result_first('SELECT token FROM %t WHERE uid=%s', array('user_token', $_G['uid']));
+				$time = time();
+				if($tokenExit){
+					DB::query('update %t set token=%s,created_at=%s where uid=%s',array('user_token',$token,$time,$_G['uid']));
+				}else{
+					//C::t('user_token')->insert(array('token'=>$token,'created_at'=>time(),'uid'=>$_G['uid']));
+					DB::query('insert into %t values(%s,%s,%s)',array('user_token',$_G['uid'],$token,$time));
+				}
 				$param = array(
 					'username' => $result['ucresult']['username'],
 					'usergroup' => $_G['group']['grouptitle'],
@@ -309,26 +317,25 @@ function api_login()
 				$loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed';
 
 				$location = $_G['groupid'] == 8 ? 'index.php?open=password' : dreferer();
-				$token = 111;
 				$data = array(
 					'username'=>$result['ucresult']['username'],
 					'uid'=>$_G['member']['uid'],
 					'token'=>$token
 				);
 				if (empty($_GET['handlekey']) || !empty($_GET['lssubmit'])) {
 					if (defined('IN_MOBILE')) {
-						json_success(t($loginmessage),$data);
-					} else {
+						json_success(lang($loginmessage),$data);
+					} else {echo 2;
 						if (!empty($_GET['lssubmit'])) {
 
-							json_success(t($loginmessage),$data);
+							json_success(lang($loginmessage),$data);
 						} else {
 
-							json_success(t('location_login_succeed'),$data);
+							json_success(lang('location_login_succeed'),$data);
 						}
 					}
 				} else {
-					json_success(t($loginmessage),$data);
+					json_success(lang($loginmessage),$data);
 				}
 			} else {
 				$password = preg_replace("/^(.{" . round(strlen($_GET['password']) / 4) . "})(.+?)(.{" . round(strlen($_GET['password']) / 6) . "})$/s", "\\1***\\3", $_GET['password']);
@@ -367,6 +374,10 @@ function api_logout()
 		$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
 		json_success(t('logout_succeed'));
 	}
+
+	function api_userInfo(){
+		json_success('success',array('uid'=>2,'username'=>'test','token'=>111));
+	}
 }
 
 class register_ctl {