public function login(){
if(IS_AJAX){
$User_mod= M('members');
$client_ip=get_client_ip();
if($_POST['ac']=="check_username"){
$map['username']=array('eq',$_POST['username']);
$user=$User_mod->where($map)->find();
if($user){
if($user['state']==1){
$this->ajaxReturn(1,"用户名存在!",1);
session($client_ip.$_POST['username'],null);
}elseif($user['state']==2){
$next_login_time=$user['last_lock_time']+C('lock_login_time');
if($next_login_time<time()){
$map_claer_lock['username']=array('eq',$_POST['username']);
//$data_claer_lock['last_lock_time']="";
//$data_claer_lock['last_lock_ip']="";
$data_claer_lock['state']=1;
$claer_lock=$User_mod->where($map_claer_lock)->save($data_claer_lock);
if($claer_lock){
session($client_ip.$_POST['username'],null);
$this->ajaxReturn(1,"用户名存在!",1);
}
}else{
$this->ajaxReturn(date("Y-m-d H:i:s",$next_login_time),"密码错误次数超限,该账户已锁定!",7);
//$this->ajaxReturn(7,"密码错误次数超限,该账户已锁定!",7);
exit();
}
}elseif($user['state']==3){
$this->ajaxReturn(8,"账户已经被禁用,请联系管理员!",8);
exit();
}
}else{
$this->ajaxReturn(2,"用户名不存在!",2);
}
}else if($_POST['ac']=="do_login"){
if($_POST['username']==null or $_POST['password']==null ){
$this->ajaxReturn(0,"用户名或密码为空",0);
exit();
}
$map['username']=array('eq',$_POST['username']);
$user=$User_mod->where($map)->find();
if($user){
if($user['state']==1){
$password_input=$this->password_hash($_POST['password'],$user['salt']);
if($password_input==$user['password']){
session($client_ip.$_POST['username'],null);
session('uid',$user['uid']);
if($_SESSION['user_openid']){
$data['user_openid']=$_SESSION['user_openid'];
$user_add_openid=$User_mod->where($map)->save($data);
if($user_add_openid){
$this->ajaxReturn($user['username'],"绑定成功!",3);
}else{
$this->ajaxReturn(4,"绑定失败!",4);
}
}else{
$map_login_history['username']=array('eq',$_POST['username']);
$data_login_history['last_login_ip']=$client_ip;
$data_login_history['last_login_time']=time();
$User_mod->where($map_login_history)->save($data_login_history);
$this->ajaxReturn($user['username'],"登录成功!",5);
}
}else{
if($_SESSION[$client_ip.$_POST['username']]==NULL){
session($client_ip.$_POST['username'],1);
}else{
session($client_ip.$_POST['username'],++$_SESSION[$client_ip.$_POST['username']]);
}
$allow_login_error_time=C('allow_login_error_time');
if($_SESSION[$client_ip.$_POST['username']] >$allow_login_error_time){
$map_login_lock['username']=array('eq',$_POST['username']);
$data_login_lock['last_lock_time']=time();
$data_login_lock['last_lock_ip']=$client_ip;
$data_login_lock['state']=2;
$User_mod->where($map_login_lock)->save($data_login_lock);
$next_login_time=$user['last_lock_time']+C('lock_login_time');
$this->ajaxReturn(date("Y-m-d H:i:s",$next_login_time),"密码错误次数超限,该账户已锁定!",7);
//$this->ajaxReturn(7,"密码错误次数超限,该账户已锁定!",7);
}else{
$this->ajaxReturn($allow_login_error_time-$_SESSION[$client_ip.$_POST['username']],"用户名和密码不匹配!",6);
}
}
}elseif($user['state']==2){
$next_login_time=$user['last_lock_time']+C('lock_login_time');
if($next_login_time<time()){
$map_claer_lock['username']=array('eq',$_POST['username']);
//$data_claer_lock['last_lock_time']="";
//$data_claer_lock['last_lock_ip']="";
$data_claer_lock['state']=1;
$claer_lock=$User_mod->where($map_claer_lock)->save($data_claer_lock);
session($client_ip,null);
/* if($claer_lock){
$this->ajaxReturn(1,"用户名存在!",1);
} */
}else{
$this->ajaxReturn(date("Y-m-d H:i:s",$next_login_time),"密码错误次数超限,该账户已锁定!",7);
//$this->ajaxReturn(7,"密码错误次数超限,该账户已锁定!",7);
exit();
}
}elseif($user['state']==3){
$this->ajaxReturn(8,"账户已经被禁用,请联系管理员!",8);
exit();
}
}else{
$this->ajaxReturn(2,"用户名不存在!",2);
}
}else{
$this->ajaxReturn(0,"非法请求!",0);exit();
}
}else{
$this->display();
}
}