【thinkphp】之管理员登录 (layui)
1.先设置token
防止跨站脚本攻击
html:layui发异步
<script>
$(function () {
layui.use('form', function(){
var form = layui.form;
form.verify({
usern1ame: function(value) {
if (value.length < 5) {
return '用户名至少大于5个字符啊';
}
},
password: function(value) {
if (value.length < 5) {
return '密码至少大于6个字符啊';
}
},
});
form.on('submit(login)', function(data){
//发异步,把数据提交给php
$.post("{:url('/admin/login')}",data.field,function(res){//回调,返回成功或者失败的状态
if(res.status=='success'){
layer.alert(res.msg, {icon:6},function () {
location.href="{:url('/admin/index')}";
});
}else{
layer.msg(res.msg);
}
},'json');
return false;
});
});
})
</script>
2.验证验证码和token
//获取验证码和token
$data=$request->only(['code','__token__']);//获取验证码和token字段
$validate=new Validate;//引入验证类
$rule=['code|验证码'=>'captcha|token'];
if(!$validate->check($data,$rule)){
return json(['status'=>'fail','msg'=>$validate->getError()]);
}
3.开始登录
控制器:
$username=$request->param('username','trim');
$password=$request->param('password','trim');
$AdministratorModel=new AdministratorModel();//实例化模型
$res=$AdministratorModel->checkAdmin($username,$password);
模型:
public function checkAdmin($username,$password){
//查询有没有这个用户名
$user=$this->where('username',$username)->find();
if(!$user){
return (['status'=>'fail','msg'=>'用户名不存在']);
}else{
$pass=md5($password.$user['salt']);
if($pass==$user['password']) {
session('username',$username);//保存登录状态
session('id',$user['id']);
return (['status'=>'success','msg'=>'登录成功']);
}else{
return (['status'=>'fail','msg'=>'密码输入错误']);
}
}
完整代码:
hml
控制器:
模型:
![C6%K{PY@WX]QE%IO[`_AHPF.png](/ueditor/php/upload/image/20200615/1592188987129237.png "1592188987129237.png")
