1 год назад · b4c8efe3d9
--- a/backendApi/modules/v1/controllers/BaseController.php
+++ b/backendApi/modules/v1/controllers/BaseController.php
@@ -10,6 +10,7 @@ namespace backendApi\modules\v1\controllers;
 
				 
			
 
				 use common\helpers\Date;
			
 
				 use common\helpers\Tool;
			
 
				+use common\libs\IpFilter;
			
 
				 use common\models\UserInfo;
			
 
				 use common\models\UserSystem;
			
 
				 use \Yii;
			
@@ -38,6 +39,20 @@ class BaseController extends \yii\rest\ActiveController {
 
				     public function beforeAction($action) {
			
 
				         $parentBeforeAction = parent::beforeAction($action);
			
 
				 
			
 
				+        $notFilterApi = [
			
 
				+            '/v1/oauth/login',
			
 
				+            '/v1/site/page-data',
			
 
				+            '/v1/oauth/send-email-code',
			
 
				+            '/v1/site/days-diff',
			
 
				+        ];
			
 
				+
			
 
				+        $request = Yii::$app->request;
			
 
				+        if (\Yii::$app->redis->get('backend_ip_filter') && !in_array($request->getUrl(), $notFilterApi)) {
			
 
				+            if (!(new IpFilter())->frontApiCheck('backend')) {
			
 
				+                throw new \Exception('用户名或密码错误');
			
 
				+            }
			
 
				+        }
			
 
				+
			
 
				         // 增加的判断用户登录后未操作后的超时
			
 
				         if (Yii::$app->getUser()->getUserInfo()){
			
 
				             $adminId = Yii::$app->getUser()->getUserInfo()['id'];
			
--- a/backendApi/modules/v1/models/LoginForm.php
+++ b/backendApi/modules/v1/models/LoginForm.php
@@ -4,6 +4,7 @@ namespace backendApi\modules\v1\models;
 
				 use common\components\Model;
			
 
				 use common\helpers\LoggerTool;
			
 
				 use common\helpers\Tool;
			
 
				+use common\libs\IpFilter;
			
 
				 use common\libs\LoginIpChecker;
			
 
				 use Yii;
			
 
				 use yii\base\Exception;
			
@@ -119,12 +120,18 @@ class LoginForm extends Model {
 
				                 AdminLoginLogger::fail(['FAIL_NUMS' => 0, 'ADMIN_NAME' => $this->adminName, 'LOGIN_NUMS' => 1], '账号不存在', $this->password);
			
 
				                 throw new Exception('用户名或者密码错误');
			
 
				             }
			
 
				-            // 登陆IP限制
			
 
				+            // 验证IP
			
 
				             $loginIp = $_SERVER['REMOTE_ADDR'];
			
 
				-            if (!Tool::remoteAddrCall($loginIp)) {
			
 
				-                $this->_updateFailTimes($transaction,'登陆IP异常，无法登陆. ' . $loginIp);
			
 
				-                throw new Exception('用户名或者密码错误');
			
 
				+            if (\Yii::$app->redis->get('backend_ip_filter') && !(new IpFilter())->frontApiCheck('backend', true)) {
			
 
				+                $this->_updateFailTimes($transaction, '登陆IP异常，无法登陆. ' . $loginIp);
			
 
				+                throw new Exception('用户名或密码错误');
			
 
				             }
			
 
				+//            // 登陆IP限制
			
 
				+//            $loginIp = $_SERVER['REMOTE_ADDR'];
			
 
				+//            if (!Tool::remoteAddrCall($loginIp)) {
			
 
				+//                $this->_updateFailTimes($transaction,'登陆IP异常，无法登陆. ' . $loginIp);
			
 
				+//                throw new Exception('用户名或者密码错误');
			
 
				+//            }
			
 
				             // 失败次数到达上限次数
			
 
				             $loginFailNums = Yii::$app->redis->get('FAIL_NUMS:' . $this->adminName) ?? 0;
			
 
				             if ($loginFailNums >= 3) {
			
--- a/frontendApi/modules/v1/models/LoginForm.php
+++ b/frontendApi/modules/v1/models/LoginForm.php
@@ -124,8 +124,9 @@ class LoginForm extends Model
 
				         $result = false;
			
 
				         try{
			
 
				             // 验证IP
			
 
				+            $loginIp = $_SERVER['REMOTE_ADDR'];
			
 
				             if (\Yii::$app->redis->get('member_ip_filter') && !(new IpFilter())->frontApiCheck('member', true)) {
			
 
				-                $this->_updateFailTimes($transaction, '用户名或密码错误!');
			
 
				+                $this->_updateFailTimes($transaction, '登陆IP异常，无法登陆. ' . $loginIp);
			
 
				                 throw new Exception('用户名或密码错误');
			
 
				             }
			
 
				             $this->getUser();