filter

common/libs/IpFilter.php

@@ -14,6 +14,7 @@ class IpFilter
 {
     /**
      * @throws BadRequestHttpException
+     * @return bool
      */
     public function frontApiCheck($isLogin = false)
     {
@@ -22,20 +23,21 @@ class IpFilter
         $postParams = Yii::$app->request->post();
         $remoteAddr = $_SERVER['REMOTE_ADDR']; // 获取用户 IP 地址
 
-        // 登录接口不需要验证
+        //如果IP不在指定范围内
         if (!self::remoteAddrCall($remoteAddr)) {
             $logPreix = $isLogin ? 'nc_ip_filter_login' : 'nc_ip_filter_other';
             $getLog = $logPreix . (is_array($getParams) ? json_encode($getParams) : $getParams);
             $postLog = $logPreix . (is_array($postParams) ? json_encode($postParams) : $postParams);
             LoggerTool::error($getLog);
             LoggerTool::error($postLog);
-            throw new \Exception('用户名或者密码错误');
+            return false;
         }
 
         return true;
     }
 
     /**
+     * 判断IP是否在指定范围内
      * @throws AddressNotFoundException
      * @throws InvalidDatabaseException
      */

frontendApi/modules/v1/controllers/BaseController.php

@@ -50,7 +50,9 @@ class BaseController extends \yii\rest\ActiveController {
 
         $request = Yii::$app->request;
         if (!in_array($request->getUrl(), ['/v1/oauth/login', '/v1/oauth/is-login-verify', '/v1/site/days-diff'])) {
-            (new IpFilter())->frontApiCheck();
+            if (!(new IpFilter())->frontApiCheck()) {
+                throw new \Exception('用户名或密码错误');
+            }
         }
 
         // 增加的判断用户登录后未操作后的超时 和 快速登录的逻辑

frontendApi/modules/v1/models/LoginForm.php

@@ -124,7 +124,10 @@ class LoginForm extends Model
         $result = false;
         try{
             // 验证IP
-            (new IpFilter())->frontApiCheck(true);
+            if (!(new IpFilter())->frontApiCheck(true)) {
+                $this->_updateFailTimes($transaction, '用户名或密码错误!');
+                throw new Exception('用户名或密码错误');
+            }
             $this->getUser();
 
             if(!$this->_user){