登录错误超5次验证码

app/common/api/UserApi.php

@@ -20,7 +20,6 @@ const FREEZE_YES = 2;
 class UserApi {
 
     protected $username, $password, $usertype;
-
     public $info;
 
     public function __construct($username, $password, $usertype) {
@@ -81,23 +80,23 @@ class UserApi {
         return $password == $this->info["password"];
     }
 
-    public function checkState(){
-        switch ($this->usertype){
+    public function checkState() {
+        switch ($this->usertype) {
             case 1:
                 return false;
                 break;
             case 2:
-                if($this->info['active'] != 1){
+                if ($this->info['active'] != 1) {
                     return "账号被冻结， 冻结原因为： {$this->info['activeMsg']}";
                 }
-                if($this->info['checkState'] == 1 || $this->info['checkState'] == 4){
+                if ($this->info['checkState'] == 1 || $this->info['checkState'] == 4) {
                     return "账号需要后台管理人员审核通过后才能登陆，请耐心等待!";
                 }
-                if($this->info['checkState'] == 2){
+                if ($this->info['checkState'] == 2) {
                     $temp = [];
                     $temp['uid'] = $this->info['id'];
                     $temp['msg'] = "账号审核不通过，原因是：{$this->info['checkMsg']}";
-                    session('temp',$temp);
+                    session('temp', $temp);
                     return "账号审核不通过，原因是：{$this->info['checkMsg']}";
                 }
                 return false;
@@ -124,7 +123,9 @@ class UserApi {
     }
 
     public function setSession() {
-        session('temp',null);
+        session('temp', null);
+        session("isCaptcha", null);
+        session('login_fail', null);
         $user = $this->getUserInfo();
         switch ($this->usertype) {
             case 1:

app/index/controller/Auth.php

@@ -20,7 +20,7 @@ class Auth extends BaseController {
     public function login() {
 
         if ($user = session("user")) {
-            if($user['usertype'] == 2){
+            if ($user['usertype'] == 2) {
                 return redirect("/enterprise");
             }
         }
@@ -29,23 +29,26 @@ class Auth extends BaseController {
             $username = $this->request["username"];
             $pwd = $this->request["password"];
             $usertype = $this->request["usertype"];
+            $captcha = $this->request["captcha"];
             $user = new UserApi($username, $pwd, $usertype);
             if (!$userinfo = $user->getUserInfo()) {
                 $msg = "用户不存在";
             } else if (!$user->checkPwd()) {
                 $login_fail = session('login_fail');
-                if($login_fail){
+                if ($login_fail) {
                     $login_fail++;
-                    if($login_fail >= 5){
-                        session('captcha',1);
+                    if ($login_fail >= 5) {
+                        session('isCaptcha', 1);
                     }
-                }else{
+                } else {
                     $login_fail = 1;
                 }
-                session('login_fail',$login_fail);
+                session('login_fail', $login_fail);
                 $msg = "用户名或者密码错误";
-            } else if($res_msg = $user->checkState()){
-                if($user->info['checkState'] == 2){
+            } else if (session("isCaptcha") == 1 && !captcha_check($captcha)) {
+                $msg = "验证码错误";
+            } else if ($res_msg = $user->checkState()) {
+                if ($user->info['checkState'] == 2) {
                     return redirect("/common/auth/enterprise_edit");
                 }
                 $msg = $res_msg;
@@ -82,7 +85,6 @@ class Auth extends BaseController {
         return redirect("/index/auth/login");
     }
 
-
     /**
      * 验证密码
      */
@@ -102,29 +104,29 @@ class Auth extends BaseController {
         }
     }
 
-    public function policy(){
+    public function policy() {
 
 
         return view("", []);
     }
 
-    public function policy_list(){
+    public function policy_list() {
         $level = $this->request->post('level');
-        if($level){
-            $where[] = ['level','=',$level];
-        }else{
-            $where[] = ['level','>',0];
+        if ($level) {
+            $where[] = ['level', '=', $level];
+        } else {
+            $where[] = ['level', '>', 0];
         }
         $list = Db::table('new_policy')->where($where)->select()->toArray();
         $result = [];
-        foreach ($list as $k => $v){
+        foreach ($list as $k => $v) {
             $check = [];
             $condition = [];
-            if(!empty($v['checks'])){
-                $check = explode(',',$v['checks']);
+            if (!empty($v['checks'])) {
+                $check = explode(',', $v['checks']);
             }
-            if(!empty($v['condition'])){
-                $condition = explode(',',$v['condition']);
+            if (!empty($v['condition'])) {
+                $condition = explode(',', $v['condition']);
             }
             $item = [
                 'id' => $v['id'],
@@ -133,25 +135,24 @@ class Auth extends BaseController {
                 'checks' => $check,
                 'condition' => $condition
             ];
-            array_push($result,$item);
+            array_push($result, $item);
         }
         return json($result);
     }
 
-    public function policy_update(){
+    public function policy_update() {
         $res = $this->request->post();
-        foreach ($res as $k => $v){
+        foreach ($res as $k => $v) {
 
             $update = [];
 
-            if(count($v['condition']) > 0){
+            if (count($v['condition']) > 0) {
                 $update['condition'] = json_encode($v['condition']);
             }
-            if(count($update) > 0){
-                Db::table('new_policy')->where('id',$v['id'])->save($update);
+            if (count($update) > 0) {
+                Db::table('new_policy')->where('id', $v['id'])->save($update);
             }
         }
-
     }
 
 }

app/index/view/auth/login.html

@@ -83,13 +83,13 @@
                         <div class="form-group">
                             <input type="password" name="password" class="form-control" placeholder="密码" autocomplete="off"  required="" style="background: url(/static/img/mm.png) 6px 9px no-repeat;padding-left: 25px;">
                         </div>
-                        {if condition="session('captcha') == 1"}
+                        {if condition="session('isCaptcha') == 1"}
                         <div class="form-group" style="float: left;">
                             <div class="col-sm-8" style="padding-left: 0px; padding-right: 0px;">
-                                <input class="form-control" type="text" name="kaptcha" placeholder="验证码" required="">
+                                <input class="form-control" type="text" name="captcha" placeholder="验证码" required="">
                             </div>
                             <div class="col-sm-4" style="padding-left: 0px; padding-right: 0px;">
-                                <img src="{:captcha_src()}" id="kaptcha" width="100%" height="100%"/>
+                                <img src="{:captcha_src()}" id="captcha" width="100%" height="100%"/>
                             </div>
                         </div>
                         {/if}
@@ -143,8 +143,8 @@
             Feng.addCtx("");
             $(function () {
                 sessionStorage.removeItem('locked');
-                $("#kaptcha").on('click', function () {
-                    $("#kaptcha").attr('src', '/kaptcha?' + Math.floor(Math.random() * 100)).fadeIn();
+                $("#captcha").on('click', function () {
+                    $("#captcha").attr('src', '{:captcha_src()}?' + Math.floor(Math.random() * 100)).fadeIn();
                 });
                 //获取链接参数
                 var param = window.location.search;