Yii2 防止用户重复登录
2016-07-21 10:06
681 查看
1.新建存放用户登录口令token的表,并生成model
然后在模型login中添加方法:
2.SiteController中的actionLogin操作中生成token,分别存入tbl_admin_session表和session变量中,
3.新建访问过滤器
4..在每个控制器中添加访问过滤器
CREATE TABLE IF NOT EXISTS `tbl_admin_session` ( `session_id` int(11) NOT NULL AUTO_INCREMENT, `id` int(11) NOT NULL, `session_token` varchar(56) NOT NULL, PRIMARY KEY (`session_id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
然后在模型login中添加方法:
public function insertSession($id,$sessionToken) { $loginAdmin = AdminSession::findOne(['id' => $id]); //查询admin_session表中是否有用户的登录记录 if(!$loginAdmin){ //如果没有记录则新建此记录 $sessionModel = new AdminSession(); $sessionModel->id = $id; $sessionModel->session_token = $sessionToken; $result = $sessionModel->save(); }else{ //如果存在记录(则说明用户之前登录过)则更新用户登录token $loginAdmin->session_token = $sessionToken; $result = $loginAdmin->update(); } return $result; }
2.SiteController中的actionLogin操作中生成token,分别存入tbl_admin_session表和session变量中,
public function actionLogin() { if (!\Yii::$app->user->isGuest) { return $this->goHome(); } $model = new LoginForm(); if ($model->load(Yii::$app->request->post()) && $model->login()) { //使用session和表tbl_admin_session记录登录账号的token:time&id&ip,并进行MD5加密 $id = Yii::$app->user->id; //登录用户的ID $username = $model->username; //登录账号 $ip = Yii::$app->request->userIP; //登录用户主机IP $token = md5(sprintf("%s&%s&%s",time(),$id,$ip)); //将用户登录时的时间、用户ID和IP联合加密成token存入表 $session = Yii::$app->session; $session->set(md5(sprintf("%s&%s",$id,$username)),$token); //将token存到session变量中 //?存session token值没必要取键名为$id&$username ,目的是标识用户登录token的键,$id或$username就可以 $model->insertSession($id,$token);//将token存到tbl_admin_session return $this->goBack(); } else { return $this->render('login', [ 'model' => $model, ]); } }
3.新建访问过滤器
<?php /** * Created by PhpStorm. * User: jiangyan * Date: 2016-05-18 * Time: 17:22 */ namespace backend\libs; use backend\models\AdminSession; use Yii; use yii\base\ActionFilter; use yii\web\UnauthorizedHttpException; class CheckerFilter extends ActionFilter { public function beforeAction($action) { if(!parent::beforeAction($action)) { return false; } //rbac访问控制 $controllerID = Yii::$app->controller->id; $actionID = $action->id; $permissionName = $controllerID . '/' . $actionID; if(!Yii::$app->user->can($permissionName) && Yii::$app->getErrorHandler()->exception === null && !Yii::$app->user->isGuest && $controllerID != 'admin' && $actionID != 'logout' && $actionID != 'view-self' && $actionID !='update-self') { throw new UnauthorizedHttpException('对不起, 您现在还没获得此操作的权限'); } else { // return true; //登录 所有操作都虚经过过滤器控制输出 if(!Yii::$app->user->isGuest && $actionID != 'logout') { $id = Yii::$app->user->id; $session = Yii::$app->session; $username = Yii::$app->user->identity->username; $tokenSES = $session->get(md5(sprintf("%s&%s",$id,$username))); //取出session中的用户登录token $sessionTBL = AdminSession::findOne(['id' => $id]); $tokenTBL = $sessionTBL->session_token; if($tokenSES != $tokenTBL) //如果用户登录在 session中token不同于数据表中token { Yii::$app->user->logout(); //执行登出操作 Yii::$app->run(); } } } return true; } }
4..在每个控制器中添加访问过滤器
public function behaviors() { return [ 'access' => [ 'class' => AccessControl::className(), 'rules' => [ [ 'actions' => ['login', 'error'], 'allow' => true, ], [ 'actions' => ['logout', 'index'], 'allow' => true, 'roles' => ['@'], ], ], ], 'verbs' => [ 'class' => VerbFilter::className(), 'actions' => [ 'logout' => ['post'], ], ], 'checker' => [ 'class' => 'backend\libs\CheckerFilter', ], /* 'myCheck' => [ 'class' => 'backend\libs\MyCheckFilter' ],*/ ]; }
相关文章推荐
- php 文件操作
- Zend Studio使用教程之集成Apigility(二)
- laravel 初见 安装 路由 模块化 2016.07.20回顾
- Thinkphp的参数过滤函数
- php永久登录 记住密码
- [李景山php]thinkphp核心源码注释|Sqlsrv.class.php
- [李景山php]thinkphp核心源码注释|Sqlite.class.php
- [李景山php]thinkphp核心源码注释|Pgsql.class.php
- PHP图片上传程序(完整版)
- [李景山php]thinkphp核心源码注释|Mysql.class.php
- [李景山php]thinkphp核心源码注释|Mongo.class.php
- [李景山php]thinkphp核心源码注释|Firebird.class.php
- [李景山php]thinkphp核心源码注释|Driver.class.php
- [李景山php]thinkphp核心源码注释|Lite.class.php
- 用php生成静态html页面
- [李景山php]每天laravel-20160920|Writer-2
- [李景山php]每天laravel-20160920|Writer-2
- phpcms v9模板制作常用代码集合
- php使用simple_html_dom解析HTML示例
- getppid()