前提
需要让公网的页面中进行访问的用户进行验证,但不需要验证的过于复杂,但安全性又要相当存在。
环境
语言:PHP8
框架:Laravel
实现代码
{{-- 前置PHP程序 --}}
@php
# 获取参数
$invitation_generate_login_cookie = @$_COOKIE['invitation_generate_login'] ? : '';
if ($invitation_generate_login_cookie) {
$cookie_value_basehex = base64_decode($invitation_generate_login_cookie);
$cookie_value_hex2bin = hex2bin($cookie_value_basehex);
$cookie_value_base = base64_decode($cookie_value_hex2bin);
$cookie_value_exp = explode("||", $cookie_value_base);
$cookie_value_exp = array_filter($cookie_value_exp);
$cookie_arr = array();
if(!empty($cookie_value_exp)){
foreach ($cookie_value_exp as $key => $db) {
$db_exp = explode(":", $db);
$db_exp_name = $db_exp[0];
$cookie_arr[$db_exp_name] = $db_exp[1];
}
}else{
$invitation_generate_login_cookie = "";
$cookie_arr = [];
setcookie('invitation_generate_login', '', (time()-(60*60*24*1)), '/');
}
}
@endphp
{{-- 页面代码 --}}
@if (!$invitation_generate_login_cookie || (!is_array($cookie_arr) || $cookie_arr['time']<=time() || $cookie_arr['name']!='invitation_generate_login' ) )
{{-- 验证COOKIE是否有效 --}}
@php
setcookie('invitation_generate_login', '', (time()-(60*60*24*1)), '/');
@endphp
{{-- 登录页面 --}}
<div id="c-home">
<img class="c-bg" src="/abolo/invitation_generate/images/bg.jpg" alt="{{$page_cat['title']}}">
<div class="c-main">
<img class="c-logo" src="/abolo/invitation_generate/images/logo.png" alt="{{$page_cat['title']}}">
<form method="POST" action="/invitation/generate/login" class="form_method">
<div class="c-pop" style="display:flex;">
<div>
<input type="password" name="password" placeholder="请输入密码" class="layui-input" />
<button type="button" id="btn2" class="layui-btn layui-btn-fluid form_submit">确定</button>
</div>
</div>
</form>
</div>
</div>
@else
{{-- 内容代码 --}}
@endif<script type="text/javascript">
// 防止误触提交
$(document).on('keydown', '.form_method input', function(event) {
if (event.keyCode == 13) {
event.preventDefault();
return false;
}
})
// 提交表单
$(document).on('click', '.form_submit', function(){
// 获取表单&对应表单数据
let $form_this = $(this).parents('.form_method'),
$form_action = $form_this.attr('action'),
$form_data = new FormData($form_this[0]);
// 对表单数据进行加密
let $formget_password = $form_data.get('password');
if ($formget_password) {
let $encrypted_password = btoa($formget_password);
// 更新数据
$form_data.set('password', $encrypted_password);
}
// 提交优化
let load_index = layer.msg("数据提交中...", {icon: 16});
// 提交事件
setTimeout(function(){
$.ajax({
type: "POST",
dataType: "json",
url: $form_action,
data: $form_data,
processData: false,
contentType: false,
success: function (result) {
layer.close(load_index);
if (result.code === 200) {
layer.msg(result.msg, {icon: 1}, function () {
window.location.href = '';
})
}else if(result.code === 0) {
// 数据输出
$(".smart_genlvite_config").hide();
$(".smart_genlvite_image").show();
$(".smart_genlvite_image_src").attr('src', result.data);
$(".smart_genlvite_image_src_download").attr('data-url', result.data);
$(".smart_genlvite_image_src_download").attr('data-title', result.imagetitle);
$(".smart_genlvite_image_src").attr('download', result.imagetitle);
$(".smart_genlvite_image_src").attr('title', result.imagetitle);
// 数据提醒
layer.msg(result.msg, {icon: 1});
}else{
layer.msg(result.msg, {icon: 7});
}
},
async: false,
error : function() {
layer.close(load_index);
layer.msg('请求错误,请稍后重试!', {icon: 7});
},
complete: function(){
layer.close(load_index);
}
})
},200)
})
</script>/**
* @name invitation_generate_login() 智能生成邀请函-登录
* @author ux
* @mtime 2023-07-25
* @request post
* @param password 登录密码
* @return page
*/
public function invitation_generate_login()
{
# 获取数据
$password = request()->input('password');
$password = htmlspecialchars($password);
$pagetype = "invitation_generate_login";
# 验证数据
if (empty($password)) {
return array('code'=>400, 'msg'=>'密码不可为空,请填写密码后进行提交!', 'data'=>[]);
}
# 解密数据
$decode_password = base64_decode($password);
$decode_password = htmlspecialchars($decode_password);
# 验证尝试次数
$verify_count = DB::table("cms_verify")->where('event', $pagetype)->where('ip', request()->ip())->where('status', 0)->where('time', '>=', now()->subHour())->count();
if ($verify_count >= 10) {
return array('code'=>400, 'msg'=>'登录失败次数过多,请一小时后再试尝试!', 'data'=>[]);
}
# 验证密码是否正确
$password_true = DB::table("cms_content")->select('id','summary')->where('summary', $decode_password)->count();
if ($password_true > 0) {
# 登录数据有效期
$cookie_value_timestamp = strtotime('+1 day');
$cookie_value_name = $pagetype;
$cookie_value = "time:".$cookie_value_timestamp."||name:".$cookie_value_name;
# 加密数据
$cookie_value_base = base64_encode($cookie_value);
$cookie_value_bin2hex = bin2hex($cookie_value_base);
$cookie_value_basehex = base64_encode($cookie_value_bin2hex);
# 设置COOKIE
$setcookie = setcookie($pagetype, $cookie_value_basehex, (time()+(60*60*24*1)), '/');
# 返回成功值
return array('code'=>200, 'msg'=>'登录成功!', 'data'=>[]);
}
# 错误登记
$registration = array(
'time' => date("Y-m-d H:i:s", time()),
'event' => $pagetype,
'ip' => request()->ip(),
'status'=> 0,
);
$verify_insert = DB::table("cms_verify")->insert($registration);
$verify_count_residue = (10-1)-$verify_count;
# 统一错误回复
return array('code'=>400, 'msg'=>'密码错误,还剩余'.$verify_count_residue.'错误次数,请重新尝试!', 'data'=>[]);
}版权声明:本文为原创文章,版权归 星环博客 所有,转载请注明出处!
本文链接: https://xhto.cn/archives/281.html
友情提示:添加友联和友联失效404的请联系博主,并确保自己网站已经添加博主为友联!
2023年07月26日 17:22:54
© 本文允许各作者规范转载
黑色的背后是黎明... + 赞赏博主吧!已经穷的开不起站了~
想想你的文章写的特别好https://www.237fa.com/
不错不错,我喜欢看 https://www.237fa.com/
怎么收藏这篇文章?