add login check for apis

7 months ago · 6d06b0ce2e
5 changed files with 30 additions and 5 deletions
--- a/plugins/Common.php
+++ b/plugins/Common.php
@ -75,6 +75,7 @@ Class Common {
				@@ -75,6 +75,7 @@ Class Common {

    //用户注册或登录成功时保存用户信息到session
    //login_time, username, friends_code
+    //增加账号映射支持，配置项：tajia_user_map
    public static function saveUserIntoSession($cellphone, $friends_code = '') {
        if(session_status() !== PHP_SESSION_ACTIVE) {
            session_start();
@ -87,6 +88,11 @@ Class Common {
				@@ -87,6 +88,11 @@ Class Common {
            $friends_code = $_COOKIE['friends_code'];
        }

+        //账号映射，手机号码转换成4位数字的短账号
+        if (!empty(FSC::$app['config']['tajia_user_map']) && !empty(FSC::$app['config']['tajia_user_map'][$username])) {
+            $username = FSC::$app['config']['tajia_user_map'][$username];
+        }
+
        $_SESSION['login_time'] = $login_time;
        $_SESSION['username'] = $username;
        $_SESSION['friends_code'] = $friends_code;
--- a/themes/tajian/controller/FrontapiController.php
+++ b/themes/tajian/controller/FrontapiController.php
@ -58,6 +58,16 @@ Class FrontApiController extends SiteController {
				@@ -58,6 +58,16 @@ Class FrontApiController extends SiteController {
            throw new Exception('Oops，操作太快了，请喝杯咖啡休息会吧...');
        }

+        //只允许添加到自己的收藏夹
+        $loginedUser = Common::getUserFromSession();
+        if (empty($loginedUser['username'])) {
+            throw new Exception('Oops，你还没登录哦');
+        }else if (
+            !empty(FSC::$app['config']['multipleUserUriParse'])
+            && (empty(FSC::$app['user_id']) || FSC::$app['user_id'] != $loginedUser['username'])
+        ) {
+            throw new Exception('Oops，请求地址有误');
+        }

        $content = $this->post('content', '');
        $title = $this->post('title', '');
@ -470,6 +480,7 @@ eof;
				@@ -470,6 +480,7 @@ eof;
        $postParams = $this->post();
        if (!empty($postParams)) {
            $cellphone = $this->post('phoneNum', '');
+            $action = $this->post('action', 'register');

            if (empty($cellphone) || Common::isCellphoneNumber($cellphone) == false) {
                $err = "手机号码格式错误，请填写正确的手机号码";
@ -477,7 +488,7 @@ eof;
				@@ -477,7 +488,7 @@ eof;
                $params = array(
                    'phoneNumber' => $cellphone,
                    'codeNumber' => $this->generateRandSmsCode(),
-                    'action' => 'register',
+                    'action' => $action,
                );
                $params['sign'] = $this->sign($params, FSC::$app['config']['service_3rd_api_key']);

@ -607,7 +618,7 @@ eof;
				@@ -607,7 +618,7 @@ eof;
            if (empty($err)) {      //如果数据检查通过，尝试登录
                $newUser = Common::saveUserIntoSession($cellphone);
                if (!empty($newUser)) {
-                    $shareUrl = "/{$cellphone}/";
+                    $shareUrl = "/{$newUser['username']}/";

                    $msg = "登录成功，开始收藏你喜欢的视频吧";
                    $code = 1;
--- a/themes/tajian/controller/SiteController.php
+++ b/themes/tajian/controller/SiteController.php
@ -173,6 +173,13 @@ Class SiteController extends Controller {
				@@ -173,6 +173,13 @@ Class SiteController extends Controller {

    //添加新视频
    public function actionNew() {
+        //判断是否已经登录，自动跳转到自己的添加视频网址
+        $loginedUser = Common::getUserFromSession();
+        if (!empty($loginedUser['username']) && !empty(FSC::$app['config']['multipleUserUriParse']) && empty(FSC::$app['user_id'])) {
+            $shareUrl = "/{$loginedUser['username']}/site/new/";
+            return $this->redirect($shareUrl);
+        }
+
        //获取数据
        $menus = array();        //菜单，一级目录
        $htmlReadme = '';   //Readme.md 内容，底部网站详细介绍
--- a/themes/tajian/views/layout/main.php
+++ b/themes/tajian/views/layout/main.php
@ -44,7 +44,7 @@ if (!empty(FSC::$app['config']['multipleUserUriParse']) && !empty(FSC::$app['use
				@@ -44,7 +44,7 @@ if (!empty(FSC::$app['config']['multipleUserUriParse']) && !empty(FSC::$app['use
        <div class="menu_ls g_ls_menus">
            <a class="this_set" href="<?=$linkPrefix?>/" title="">
                <img src="/img/choice.svg" alt="星星图标" />
-                <span>推荐</span>
+                <span>首页</span>
            </a>
            <a href="<?=$linkPrefix?>/site/new" title="">
                <img src="/img/addvideos.svg" alt="添加图标" />
--- a/www/js/tajian.js
+++ b/www/js/tajian.js
@ -233,7 +233,8 @@ if ($('.bt_sms_JS').get(0)) {
				@@ -233,7 +233,8 @@ if ($('.bt_sms_JS').get(0)) {
        //调用api发送验证码
        var cellphone = $('input[name=username]').val();
        var datas = {
-            'phoneNum': cellphone
+            'phoneNum': cellphone,
+            'action': $('#login_form').get(0) ? 'login' : 'register'
        };
        publicAjax(taJian.apis.sendSmsCode, 'POST', datas, function (data) {
            if (data.code == 0 && data.err) {
@ -306,7 +307,7 @@ if ($('#register_form').get(0)) {
				@@ -306,7 +307,7 @@ if ($('#register_form').get(0)) {
 // 登录
 if ($('#login_form').get(0)) {
    $('#login_form input[name=username]').blur(smsCodeBtnHandler);
-    
+
    $('#login_form .jsbtn').click(function(e) {
        e.preventDefault();