fe / YOHOBUYPC · Commits

Go to a project

Authored by xiaowei
Commit 5a88ddd45a162b95fec31870cc893ce83b046b94 1 parent ac4c3f85

YBW-3425 登录bug

Inline Side-by-side
Showing 2 changed files with 23 additions and 4 deletions
@@ -6,6 +6,7 @@ use LibModels\Web\Passport\LoginData; @@ -6,6 +6,7 @@ use LibModels\Web\Passport\LoginData;
6 use Passport\PassportModel as PassportModel; 6 use Passport\PassportModel as PassportModel;
7 use Configs\ChannelConfig; 7 use Configs\ChannelConfig;
8 use WebPlugin\Helpers; 8 use WebPlugin\Helpers;
  9 +use WebPlugin\Cache;
9 10
10 class LoginController extends WebAction 11 class LoginController extends WebAction
11 { 12 {
@@ -61,8 +62,7 @@ class LoginController extends WebAction @@ -61,8 +62,7 @@ class LoginController extends WebAction
61 */ 62 */
62 public function authAction() 63 public function authAction()
63 { 64 {
64 - $data = array('code' => 400, 'message' => '账号或密码不正确', 'data' => '');  
65 - 65 + $data = array('code' => 400, 'message' => '您输入的密码及账户名不匹配,是否忘记密码?', 'data' => '');
66 do { 66 do {
67 /* 判断是不是AJAX请求 */ 67 /* 判断是不是AJAX请求 */
68 if (!$this->isAjax()) { 68 if (!$this->isAjax()) {
@@ -91,10 +91,29 @@ class LoginController extends WebAction @@ -91,10 +91,29 @@ class LoginController extends WebAction
91 break; 91 break;
92 } 92 }
93 93
94 - /* 调用登录接口进行登录 */ 94 + /* 购物车 */
95 $shoppingKey = Helpers::getShoppingKeyByCookie(); 95 $shoppingKey = Helpers::getShoppingKeyByCookie();
  96 + /*
  97 + * 登录-防恶意机制
  98 + * 同一用户名登录密码错误次数超10次,需30分钟后尝试
  99 + * 同一ip登录密码错误次数超100次,需1小时后尝试 , ip错误提示语:您尝试的次数过多,账号已被暂时锁定,请稍后再试
  100 + */
  101 + $ip = Helpers::getClientIp();
  102 + $ipKey = md5('ip_signin_' . $ip);
  103 + $accountKey = md5('account_signin_' . $account);
  104 + $accountTimes = Cache::increment($accountKey, 1, 0, 1800);
  105 + $ipTimes = Cache::increment($ipKey, 1, 0, 3600);
  106 + if ($accountTimes > 10) {
  107 + $data = array('code' => 400, 'message' => '您输入的密码及账户名不匹配,是否忘记密码?', 'data' => '');
  108 + break;
  109 + }
  110 + if ($ipTimes > 100) {
  111 + $data = array('code' => 400, 'message' => '您尝试的次数过多,账号已被暂时锁定,请稍后再试', 'data' => '');
  112 + break;
  113 + }
96 $data = LoginData::signin($area, $account, $password, $shoppingKey); 114 $data = LoginData::signin($area, $account, $password, $shoppingKey);
97 if (!isset($data['code']) || $data['code'] != 200 || !isset($data['data']['uid'])) { 115 if (!isset($data['code']) || $data['code'] != 200 || !isset($data['data']['uid'])) {
  116 + $data = array('code' => 400, 'message' => '您输入的密码及账户名不匹配,是否忘记密码?', 'data' => '');
98 break; 117 break;
99 } 118 }
100 119
@@ -59,7 +59,7 @@ class RegisterController extends WebAction @@ -59,7 +59,7 @@ class RegisterController extends WebAction
59 $data['message'] = '手机号码格式不正确'; 59 $data['message'] = '手机号码格式不正确';
60 break; 60 break;
61 } 61 }
62 - if ($ip_times >= 1000) { 62 + if ($ip_times >= 500) {
63 $data['message'] = '由于你IP受限无法注册'; 63 $data['message'] = '由于你IP受限无法注册';
64 break; 64 break;
65 } 65 }