登陆+密码复杂度

application/inter/controller/Doctors.php

@@ -82,6 +82,11 @@ class Doctors extends Base
             log::record('-----------cache信息----------------');
             $dinfo = DB::table('doctors')->where('id',$doctor['id'])->field('password')->find();
             $password = $_REQUEST['oldpass'];
+            $return = $this->pregPassword($password);
+            if($return !== 1)
+            {
+                return json_encode(['status'=>'fail','code'=>'1203','msg'=>'密码最低8位并且必须满足大小写字母带数字与字符']);
+            }
             log::record('-----------------密码区域----------');
             log::record($password);
             log::record($dinfo['password']);

application/inter/controller/Login.php

@@ -74,11 +74,22 @@ class Login extends Controller
                 return json_encode(['status'=>'fail','code'=>'1101','msg'=>'密码不能为空']);
             }
             //医生信息
-            $info = DB::table('doctors')->where('username',$param['userName'])->field('is_send_message,is_admin,message_push,id,exam_class,attachment,username,password,login_time,login_failure,realname,email,phone,doctor_title,institution_id,department_id,doctor_role,is_report')->find();
+            $info = DB::table('doctors')->where('username',$param['userName'])->field('is_send_message,is_admin,message_push,id,exam_class,attachment,username,password,login_time,login_failure,realname,email,phone,doctor_title,institution_id,department_id,doctor_role,is_report,fail_time')->find();
             log::record($info);
             if(!$info){
                 return json_encode(['status'=>'fail','code'=>'1004','msg'=>'用户名'.$param['userName'].'或密码错误']);
             }
+            if($info['login_failure'] >5)
+            {
+                $fail = strtotime($info['fail_time']);
+                $diff = time()-$fail;
+                if($diff < 300)
+                {
+                    return json_encode(['status'=>'fail','code'=>'1009','msg'=>'系统繁忙，请'.(300-$diff).'秒后再试']);
+                }else{
+                    DB::table('doctors')->where('username',$param['userName'])->update(['login_failure'=>0]);
+                }
+            }
 
             if(md5($param['pwd']) != $info['password']) {
 
@@ -94,6 +105,7 @@ class Login extends Controller
                     DB::table('doctors')->where('username',$param['userName'])->update(['login_failure'=>0]);
                 }
                 DB::table('doctors')->where('username',$param['userName'])->setInc('login_failure');
+                DB::table('doctors')->where('username',$param['userName'])->update(['fail_time'=>date('Y-m-d H:i:s')]);
                 return json_encode(['status'=>'fail','code'=>'1004','msg'=>'用户名'.$param['userName'].'或者密码错误','info'=>$info['login_failure']]);
             }
 
@@ -131,9 +143,10 @@ class Login extends Controller
             log::record('----登录信息----');
             log::record(Cache::get($sessionid));
             log::record('----登录信息----');
+            $pwd_preg = $this->pregPassword($info['password']);
             unset($info['password']);
             $info['phone'] = $check;
-            return json_encode(['status'=>'ok','code'=>'0000','info'=>$info,'sessionid'=>$sessionid,'phone'=>$check]);
+            return json_encode(['status'=>'ok','code'=>'0000','info'=>$info,'sessionid'=>$sessionid,'phone'=>$check,'pregPwd'=>$pwd_preg]);
 
         }catch(\Exception $e){
             return json_encode(['status'=>'fail','code'=>'2000','msg'=>$e->getMessage()]);

thinkphp/library/think/Controller.php

@@ -241,4 +241,13 @@ class Controller
         return json_encode($array);
     }
 
+    function pregPassword($str){
+        if(strlen($str) < 9)
+        {
+            return 0;
+        }
+        $preg = "/^(?=.*[0-9])(?=.*[A-Z])(?=.*[a-z])(?=.*[!@#$%^&*,\.])[0-9a-zA-Z!@#$%^&*,\\.]{8,12}$/";
+        return preg_match($preg,$str);
+    }
+
 }