Yii2 防止用户重复登录
1.新建存放用户登录口令token的表,并生成model
CREATE TABLE IF NOT EXISTS `tbl_admin_session` ( `session_id` int(11) NOT NULL AUTO_INCREMENT, `id` int(11) NOT NULL, `session_token` varchar(56) NOT NULL, PRIMARY KEY (`session_id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
然后在模型login中添加方法:
public function insertSession($id,$sessionToken)
{
$loginAdmin = AdminSession::findOne(["id" => $id]); //查询admin_session表中是否有用户的登录记录
if(!$loginAdmin){ //如果没有记录则新建此记录
$sessionModel = new AdminSession();
$sessionModel->id = $id;
$sessionModel->session_token = $sessionToken;
$result = $sessionModel->save();
}else{ //如果存在记录(则说明用户之前登录过)则更新用户登录token
$loginAdmin->session_token = $sessionToken;
$result = $loginAdmin->update();
}
return $result;
}public function actionLogin()
{
if (!Yii::$app->user->isGuest) {
return $this->goHome();
}
$model = new LoginForm();
if ($model->load(Yii::$app->request->post()) && $model->login()) {
//使用session和表tbl_admin_session记录登录账号的token:time&id&ip,并进行MD5加密
$id = Yii::$app->user->id; //登录用户的ID
$username = $model->username; //登录账号
$ip = Yii::$app->request->userIP; //登录用户主机IP
$token = md5(sprintf("%s&%s&%s",time(),$id,$ip)); //将用户登录时的时间、用户ID和IP联合加密成token存入表
$session = Yii::$app->session;
$session->set(md5(sprintf("%s&%s",$id,$username)),$token); //将token存到session变量中
//?存session token值没必要取键名为$id&$username ,目的是标识用户登录token的键,$id或$username就可以
$model->insertSession($id,$token);//将token存到tbl_admin_session
return $this->goBack();
} else {
return $this->render("login", [
"model" => $model,
]);
}
}
3.新建访问过滤器
<?php
/**
* Created by PhpStorm.
* User: jiangyan
* Date: 2016-05-18
* Time: 17:22
*/
namespace backendlibs;
use backendmodelsAdminSession;
use Yii;
use yiiaseActionFilter;
use yiiwebUnauthorizedHttpException;
class CheckerFilter extends ActionFilter
{
public function beforeAction($action)
{
if(!parent::beforeAction($action)) {
return false;
}
//rbac访问控制
$controllerID = Yii::$app->controller->id;
$actionID = $action->id;
$permissionName = $controllerID . "/" . $actionID;
if(!Yii::$app->user->can($permissionName) && Yii::$app->getErrorHandler()->exception === null && !Yii::$app->user->isGuest && $controllerID != "admin" && $actionID != "logout" && $actionID != "view-self" && $actionID !="update-self") {
throw new UnauthorizedHttpException("对不起, 您现在还没获得此操作的权限");
} else {
// return true;
//登录 所有操作都虚经过过滤器控制输出
if(!Yii::$app->user->isGuest && $actionID != "logout")
{
$id = Yii::$app->user->id;
$session = Yii::$app->session;
$username = Yii::$app->user->identity->username;
$tokenSES = $session->get(md5(sprintf("%s&%s",$id,$username))); //取出session中的用户登录token
$sessionTBL = AdminSession::findOne(["id" => $id]);
$tokenTBL = $sessionTBL->session_token;
if($tokenSES != $tokenTBL) //如果用户登录在 session中token不同于数据表中token
{
Yii::$app->user->logout(); //执行登出操作
Yii::$app->run();
}
}
}
return true;
}
}4..在每个控制器中添加访问过滤器
public function behaviors()
{
return [
"access" => [
"class" => AccessControl::className(),
"rules" => [
[
"actions" => ["login", "error"],
"allow" => true,
],
[
"actions" => ["logout", "index"],
"allow" => true,
"roles" => ["@"],
],
],
],
"verbs" => [
"class" => VerbFilter::className(),
"actions" => [
"logout" => ["post"],
],
],
"checker" => [
"class" => "backendlibsCheckerFilter",
],
/* "myCheck" => [
"class" => "backendlibsMyCheckFilter"
],*/
];
}声明:该文观点仅代表作者本人,入门客AI创业平台信息发布平台仅提供信息存储空间服务,如有疑问请联系rumenke@qq.com。
