Authored by xiaowei

撞库

... ... @@ -137,20 +137,26 @@ class PassportModel
/*
* 重写递增计数 cache方法
* $key cache-key
* $key cache-key,递增存放变量
* $offset 递增偏移量
* $initValue 初始化值
* $expiry 缓存时间
*/
public static function increment($key, $offset = 1, $initValue = 0, $expire = 1800)
public static function increment($key, $timeKey, $offset = 1, $initValue = 0, $expire = 1800)
{
//初始化key
if (!Cache::get($key)) {
Cache::set($key, $initValue, $expire);
}
//增加偏移量
$cacheValue = intval(Cache::get($key))+$offset;
Cache::set($key, $cacheValue, $expire);
//有效期之外清除key
if (!Cache::get($timeKey) && Cache::get($key)) {
Cache::delete($key);
}
//初始化计时
if (!Cache::get($timeKey) && !Cache::get($key)) {
Cache::set($timeKey, TRUE, $expire);
Cache::set($key, $initValue);
}
//未过期则递增
$cacheValue = intval(Cache::get($key)) + $offset;
Cache::set($key, $cacheValue);
}
}
... ...
... ... @@ -70,7 +70,7 @@ class LoginController extends WebAction
*/
public function authAction()
{
$data = array('code' => 400, 'message' => '您输入的密码及账户名不匹配,是否<a href="'.Helpers::url('/passport/back/index').'" target="_blank">忘记密码?</a>', 'data' => '');
$data = array('code' => 400, 'message' => '您输入的密码及账户名不匹配,是否<a href="' . Helpers::url('/passport/back/index') . '" target="_blank">忘记密码?</a>', 'data' => '');
do {
/* 判断是不是AJAX请求 */
if (!$this->isAjax()) {
... ... @@ -108,26 +108,43 @@ class LoginController extends WebAction
*/
$ip = Helpers::getClientIp();
$ipKey = md5('ip_signin_' . $ip);
$ipTimeKey = md5('ip_signin_time' . $ip);
$accountKey = md5('account_signin_' . $account);
PassportModel::increment($ipKey, 1, 0, 3600);
$accountTimeKey = md5('account_signin_time' . $account);
//cache初始化,非有效时间内清除次数,有效时间内叠加cache计数
if (!Cache::get($accountTimeKey) && Cache::get($accountKey)) {
Cache::delete($accountKey);
}
if (!Cache::get($accountTimeKey) && !Cache::get($accountKey)) {
Cache::set($accountTimeKey, true, 1800);
Cache::set($accountKey, 0);
}
if (!Cache::get($ipTimeKey) && Cache::get($ipKey)) {
Cache::delete($ipKey);
}
if (!Cache::get($ipTimeKey) && !Cache::get($ipKey)) {
Cache::set($ipTimeKey, true, 3600);
Cache::set($ipKey, 0);
}
$accountTimes = Cache::get($accountKey);
if ($accountTimes > 10) {
$ipTimes = Cache::get($ipKey);
if ($accountTimes >= 10) {
$data = array('code' => 400, 'message' => '您的账号已被暂时锁定,请稍后再试', 'data' => '');
break;
}
$ipTimes = Cache::get($ipKey);
if ($ipTimes > 100) {
if ($ipTimes >= 100) {
$data = array('code' => 400, 'message' => '您尝试的次数过多,账号已被暂时锁定,请稍后再试', 'data' => '');
break;
}
$data = LoginData::signin($area, $account, $password, $shoppingKey);
if (!isset($data['code']) || $data['code'] != 200 || !isset($data['data']['uid'])) {
PassportModel::increment($accountKey, 1, 0, 1800);
$data = array('code' => 400, 'message' => '您输入的密码及账户名不匹配,是否<a href="'.Helpers::url('/passport/back/index').'" target="_blank">忘记密码?</a>', 'data' => '');
Cache::set($accountKey, intval(Cache::get($accountKey)) + 1);
Cache::set($ipKey, intval(Cache::get($ipKey)) + 1);
$data = array('code' => 400, 'message' => '您输入的密码及账户名不匹配,是否<a href="' . Helpers::url('/passport/back/index') . '" target="_blank">忘记密码?</a>', 'data' => '');
break;
}
//登录成功
$refer = $this->getCookie('refer');
if (empty($refer) || strstr($refer, 'signin.html') || strstr($refer, 'passport/login/index')) {
$refer = SITE_MAIN;
... ...
... ... @@ -48,7 +48,8 @@ class RegisterController extends WebAction
$ip = Helpers::getClientIp();
$data = array('code' => 400, 'message' => '', 'data' => '');
$ipKey = md5('ip_checkmobile_' . $ip);
PassportModel::increment($ipKey, 1, 0, 3600);
$ipTimeKey = md5('ip_checkmobile_time_' . $ip);
PassportModel::increment($ipKey,$ipTimeKey,1, 0, 3600);
$ipTimes = Cache::get($ipKey);
do{
/* 判断是不是AJAX请求 */
... ... @@ -60,7 +61,7 @@ class RegisterController extends WebAction
$data['message'] = '手机号码格式不正确';
break;
}
if ($ipTimes >= 500) {
if ($ipTimes > 500) {
$data['message'] = '由于你IP受限无法注册';
break;
}
... ... @@ -130,7 +131,8 @@ class RegisterController extends WebAction
}
//发送代码
$sendCodeKey = md5('send_code_' . $area . '_' . $mobile);
PassportModel::increment($sendCodeKey, 1, 0, 3600);
$sendCodeTimeKey = md5('send_code_time_' . $area . '_' . $mobile);
PassportModel::increment($sendCodeKey,$sendCodeTimeKey, 1, 0, 3600);
$sendCodeTimes = Cache::get($sendCodeKey);
if ($sendCodeTimes > 50) {
$data['message'] = '发送验证码太多';
... ...