* fix login lock.

2012-09-21 08:18:45 +00:00
parent 09f195d547
commit 14f7dd2c23
5 changed files with 24 additions and 10 deletions
--- a/module/user/config.php
+++ b/module/user/config.php
@@ -2,3 +2,4 @@
 $config->user->create->requiredFields = 'account,realname,password,password1,password2';
 $config->user->edit->requiredFields   = 'account,realname';
 $config->user->failTimes = 5;
+$config->user->lockHours = 0.5;
--- a/module/user/control.php
+++ b/module/user/control.php
@@ -384,7 +384,7 @@ class user extends control
            if($this->post->password) $password = $this->post->password;
            if($this->get->password)  $password = $this->get->password;

-            if($this->user->checkLocked($account)) die(js::error($this->lang->user->loginLocked));
+            if($this->user->checkLocked($account)) die(js::error(sprintf($this->lang->user->loginLocked, $this->config->user->lockHours)));
            
            $user = $this->user->identify($account, $password);

@@ -442,8 +442,17 @@ class user extends control
            }
            else
            {
-                $this->user->failPlus($account);
                if($this->app->getViewType() == 'json') die(json_encode(array('status' => 'failed')));
+                $fails       = $this->user->failPlus($account);
+                $remainTimes = $this->config->user->failTimes - $fails;
+                if($remainTimes <= 0)
+                {
+                    die(js::error(sprintf($this->lang->user->loginLocked, $this->config->user->lockHours)));
+                }
+                else if($remainTimes <= 3)
+                {
+                    die(js::error(sprintf($this->lang->user->lockWarning, $remainTimes)));
+                }
                die(js::error($this->lang->user->loginFailed));
            }
        }
--- a/module/user/lang/en.php
+++ b/module/user/lang/en.php
@@ -46,7 +46,8 @@ $lang->user->editProfile = 'Edit profile';

 $lang->user->errorDeny   = "Sorry, you can't access the <b>%s</b> module's <b>%s</b> feature";
 $lang->user->loginFailed = "Login failed, please check your account and password.";
-$lang->user->loginLocked = "You try the password too many times, please contact the administrator.";
+$lang->user->lockWarning = "You only have %s times to try.";
+$lang->user->loginLocked = "You try the password too many times, please contact the administrator or try again after %s hours.";

 $lang->user->genderList->m = 'Male';
 $lang->user->genderList->f = 'Female';
--- a/module/user/lang/zh-cn.php
+++ b/module/user/lang/zh-cn.php
@@ -46,7 +46,8 @@ $lang->user->editProfile = '修改信息';

 $lang->user->errorDeny   = "抱歉，您无权访问『<b>%s</b>』模块的『<b>%s</b>』功能。请联系管理员获取权限。点击后退返回上页。";
 $lang->user->loginFailed = "登录失败，请检查您的用户名或密码是否填写正确。";
-$lang->user->loginLocked = "密码尝试次数太多，请联系管理员解锁";
+$lang->user->lockWarning = "您还有%s次尝试机会。";
+$lang->user->loginLocked = "密码尝试次数太多，请联系管理员解锁，或%s小时后重试。";

 $lang->user->genderList->m = '男';
 $lang->user->genderList->f = '女';
--- a/module/user/model.php
+++ b/module/user/model.php
@@ -470,14 +470,16 @@ class userModel extends model
        $fails ++; 
        if($fails < $this->config->user->failTimes) 
        {
-            $locked = '0000-00-00';
+            $locked    = '0000-00-00 00:00:00';
+            $failTimes = $fails;
        }
        else
        {
-            $locked = date('Y-m-d', strtotime('today'));
-            $fails  = 0;
+            $locked    = date('Y-m-d H:i:s', mktime() + $this->config->user->lockHours * 60 * 60);
+            $failTimes = 0;
        }
-        $this->dao->update(TABLE_USER)->set('fails')->eq($fails)->set('locked')->eq($locked)->where('account')->eq($account)->exec(false);
+        $this->dao->update(TABLE_USER)->set('fails')->eq($failTimes)->set('locked')->eq($locked)->where('account')->eq($account)->exec(false);
+        return $fails;
    }

    /**
@@ -490,7 +492,7 @@ class userModel extends model
    public function checkLocked($account)
    {
        $user = $this->dao->select('locked')->from(TABLE_USER)->where('account')->eq($account)->fetch(); 
-        if((strtotime($user->locked) - strtotime(date('Y-m-d'))) < 0) return false;
+        if((strtotime($user->locked) - strtotime(date('Y-m-d H:i:s'))) < 0) return false;
        return true;
    }

@@ -503,6 +505,6 @@ class userModel extends model
     */
    public function cleanLocked($account)
    {
-        $this->dao->update(TABLE_USER)->set('fails')->eq(0)->set('locked')->eq('0000-00-00')->where('account')->eq($account)->exec(false);
+        $this->dao->update(TABLE_USER)->set('fails')->eq(0)->set('locked')->eq('0000-00-00 00:00:00')->where('account')->eq($account)->exec(false);
    }
 }