建立页面代码如下:
<form class="layui-form" method="post" action="{:url('tologin')}">
<div class="layui-layout layui-layout-login">
<h1>
<strong>{:config('sys.authorizer')}</strong>
<small><em>{:config('sys.name')}</em></small>
</h1>
<div class="layui-user-icon login-box">
<i class="layui-icon layui-icon-username"></i>
<input type="text" placeholder="用户名(demo2)" id="username" name="username" class="login_txtbx" lay-verify="username" autocomplete="off"/>
</div>
<div class="layui-pwd-icon login-box">
<i class="layui-icon layui-icon-password"></i>
<input type="password" placeholder="密码(demo123)" class="login_txtbx" id="password" name="password" lay-verify="password" autocomplete="off"/>
</div>
<div class="layui-val-icon login-box layui-code-box">
<i class="layui-icon layui-icon-vercode"></i>
<input type="text" placeholder="验证码" class="login_txtbx" id="code" name="code" lay-verify="code" autocomplete="off"/><img id="code_img" class="verifyImg" src="{:captcha_src()}" onclick="refreshCodeImg('');" title="点击更换">
</div>
<div class="layui-submit">
{:token()}
<input type="submit" class="submit_btn" lay-submit="" lay-filter="loginForm" value="登 录"/>
</div>
<div class="layui-login-text">
<p>程序设计:{:config('sys.author')}</p>
</div>
</div>
</form>控制器tologin代码如下: public function tologin()
{
$username = input("post.username", "", "trim");
$password = input("post.password", "", "trim");
$code = input("post.code", "", "trim");
$token = input("__token__");
$data = [
'username' => $username,
'password' => $password,
'code' => $code,
'__token__' => $token,
];
$rule = [
'username' => 'require|length:3,20',
'password' => 'require|length:3,20',
'code' => 'require|captcha',
'__token__' => 'token',
];
$msg = [
'username.require' => '用户名不能为空!',
'username.length' => '用户名输入错误!',
'password.require' => '密码不能为空!',
'password.length' => '密码输入错误!',
'code.require' => '验证码不能为空!',
'code.captcha' => '验证码错误!',
'__token__' => '非法操作!',
];
$validate = \Validate::make($rule,$msg);
if (!$validate->check($data)) {
$this->error($validate->getError(), url("admin/Public/login"));
}
if (UserService::getInstance()->login($username, $password)) {
$loginedUrl = cookie("loginedUrl");
if (!$loginedUrl) {
$loginedUrl = url("admin/Index/index");
} else {
cookie("loginedUrl", NULL);
}
$this->success('登陆成功!',$loginedUrl);
} else {
$this->error("用户名或者密码错误,登陆失败!", url("admin/Public/login"));
}
}表单令牌测试方法:使用谷歌浏览器开发者工具手动对源码的value值改变<input type="hidden" name="__token__" value=""> 原来验证登陆都是采用的原始方法对字段逐个验证,增加了代码的维护难度。 if (empty($username) || empty($password)) {
$this->error("用户名或者密码不能为空,请重新输入!");
}
if (empty($code)) {
$this->error("请输入验证码!");
}
//验证码开始验证
if(!captcha_check($code)) {
$this->error("验证码错误,请重新输入!");
}TP5的验证器确实很实用方便。第一次发表学习日志,欢迎高手指正。
最佳答案
