其实所谓的token,就是一串加密的字符串
需求:用户登录访问页面后,在未退出登录账号的情况下,再次访问页面无需再次登录
首先我们抛开过期时间不管
设计思路:主要是前端有个缓存可以存取一些信息一段时间,所以
- 在注册时生成一串加密好的数字,连同用户信息一起添加到数据库的用户表中,token字段必须唯一
- 用户登录成功,查询出这个用户的token返回给前端保存起来
- 用户再次登录时,前端把保存起来的token传给后端,后端验证无误后,让用户无需再次输入账号密码登录就能访问页面
假如需求是注册成功后自动登录 ,则在注册接口添加用户信息成功后再根据用户账号查询出用户token返回给前端,和上图图2方法一样
接下来是做token的有效期
首先得知道为什么要做token有效期。假如token生成后就一直不变,那么有一天被不速之客在前端页面获取到了用户的token,那么他则可以为所欲为了。所以为了防止token泄漏,我们得为token做一个有效期,一般为三天,如果用户三天都没有登录过,那么我们得让用户重新登录一下
主要是想好在哪里插入和更新token的有效期:
- 在用户注册的时候插入token的有效期
- 在用户登录的时候更新token的有效期和token
- 用户每次访问页面时,判断token有效期是否过期:未过期则只更新token有效期,过期则同时更新token有效期和token
注:更新token有效期不一定要更新token哦!!过期或登录时才同时token,变一下token,你懂的
详细代码如下:
//注册信息
public function registerInfo($mobile, $company_name, $company_car_num, $linkman, $password)
{
$admin_mode = AdminModel::getInstance();
$user = $admin_mode->where(['phone' => $mobile])->find();
if($user) {
$this->displayByError("手机号码已存在!!!!!!",-1);
}
$company_model = CompanyModel::getInstance();
$company = $company_model->where(['name' => $company_name])->find();
if ($company) {
$this->displayByError('公司名已注册');
}
$data = array(
'linkman' => $linkman,
'password' => $password,
'company_id' => 0,
'phone' => $mobile,
'token' => md5(time() . $password . $mobile),
'username' => $mobile,
'role_id'=>2,
'stop' => 0
);
$admin_mode->add($data);
$admin_id = $admin_mode->getLastInsID();
$data2 = array(
'name' => $company_name,
'car_num' => $company_car_num,
'admin_id' => $admin_id,
'phone' => $mobile
);
$company_model->add($data2);
$company_id = $admin_mode->getLastInsID();
$admin_mode->where(['phone' => $mobile])->save(['company_id'=>$company_id]);
$user = $admin_mode->where(['phone' => $mobile])->find();
$this->displayByData($user);
}
//手机绑定
public function mobileBinding($mobile, $verify,$company_name,$company_car_num,$linkman,$password)
{
$admin_mode = AdminModel::getInstance();
$company_model = CompanyModel::getInstance();
$admin = $admin_mode->where(['phone' => $mobile])->find();
if ($admin) {
$this->displayByError('用户已存在');
}
//验证码有效期
$valid_time = ValidateModel::getInstance()->where(['phone'=>$mobile])->value('valid_time');
if(strtotime($valid_time) < time()){//验证码过期了
$data = array(
'verify' => sprintf('%04d',rand(0,9999)),
'valid_time' => date("Y-m-d H:i:s",time()+600)//有效期10分鐘
);
ValidateModel::getInstance()->where(['phone'=>$mobile])->save($data);
}
$is_right = ValidateModel::getInstance()->where(['phone' => $mobile, 'verify' => $verify])->find();
if (!$is_right) {
$this->displayByError('验证码有误');
}
$company = $company_model->where(['name' => $company_name])->find();
if ($company) {
$this->displayByError('公司名已注册');
}
BaseModel::getInstance()->startTrans();
try{
//用户表
$data = array(
'username' => $mobile,
'phone' => $mobile,
'linkman' => $linkman,
'password' => $password,
'token' => md5(time() . rand(0, time())),
'valid_time' => date('Y-m-d H:i:s',time()+259200),//token三天有效期
'role_id'=>2,//商家
);
$admin_mode->add($data);
$admin_id = $admin_mode->getLastInsID();
//公司表
$data2 = array(
'name' => $company_name,
'car_num' => $company_car_num,
'admin_id' => $admin_id
);
$company_model->add($data2);
$company_id = $admin_mode->getLastInsID();
$admin_mode->where(['phone' => $mobile])->save(['company_id'=>$company_id]);
BaseModel::getInstance()->commit();
//重新查询一下,返回用户信息
$user = $admin_mode->where(['phone' => $mobile])->find();
$this->displayByData($user);
}catch (\Exception $e){
BaseModel::getInstance()->rollback();
}
$this->displayByError();
}
//用户登录
public function login($mobile, $password)
{
$res = AdminModel::getInstance()->where(['phone' => $mobile])->find();
if (!$res) {
$this->displayByError('用户不存在,请注册');
}
$res2 = AdminModel::getInstance()->where(['phone' => $mobile, 'password' => $password])->find();
if (!$res2) {
$this->displayByError('密码错误');
}
if ($res['is_stop'] != 1) {
$this->displayByError('请联系客服激活账号');
}
$data = array(
'token' => md5(time() . $password . $mobile),
'valid_time' => date('Y-m-d H:i:s',time()+259200),//token三天有效期
);
AdminModel::getInstance()->where(['phone'=>$mobile])->save($data);
$user_info = AdminModel::getInstance()->where(['phone' => $mobile])->find();//重新查询用户信息
$this->displayByData($user_info);//返回用户信息给前端
}
class AdminLogin extends BaseController
{
protected $admin;
protected $company_id;
protected $admin_power;
public function __construct()
{
parent::__construct();
if($_REQUEST['debug']){
$this->admin = AdminModel::getInstance()->where(['id'=>$_REQUEST['debug']])->find();
if(!$this->admin){
$this->displayByError("用户不存在,请注册");
}
}else{
$token = $_REQUEST['admin_token']?$_REQUEST['admin_token']:0;
$this->admin = AdminModel::getInstance()->adminInfo($token);//查询用户是否存在
if(!$this->admin){
$this->displayByError("请重新登录",501);//两个同时登录,被顶下去了
}
if($this->admin['is_stop'] != 1){
$this->displayByError('请联系客服缴费激活账号');
}
//token三天有效期
if(strtotime($this->admin['valid_time'])<time()){//过期
$data = array(
'token' => md5(time() . $this->admin['password'] . $this->admin['phone']),
'valid_time' => date('Y-m-d H:i:s',time()+259200),//token三天有效期
);
AdminModel::getInstance()->where(['phone'=>$this->admin['phone']])->save($data);
$this->displayByError("认证过期,请重新登录",502);
}
$data = array(
'valid_time' => date('Y-m-d H:i:s',time()+259200),//token三天有效期
);
AdminModel::getInstance()->where(['phone'=>$this->admin['phone']])->save($data);
}
$this->company_id = $this->admin['company_id'];
$this->filterData();
}
}
good Luck!!
、