token

data/model/mb_user_token.model.php

@@ -11,8 +11,6 @@ defined('InShopNC') or exit('Access Invalid!');
 
 class mb_user_tokenModel extends Model
 {
-    const token_expire = 3;     // 单位：分钟
-
     public function __construct()
     {
         parent::__construct('mb_user_token');
@@ -76,7 +74,7 @@ class mb_user_tokenModel extends Model
         $ret = $this->addMbUserToken($mb_user_token_info);
         if ($ret) {
             $key = func::gen_token_key($token);
-            wcache($key, array('info' => serialize($mb_user_token_info)),'',self::token_expire);
+            wcache($key, array('info' => serialize($mb_user_token_info)),'',func::token_expire);
 
             return $token;
         } else {
@@ -85,6 +83,18 @@ class mb_user_tokenModel extends Model
     }
 
     /**
+     * 删除token
+     *
+     * @param $token
+     * @return mixed
+     */
+    public function del_token($token){
+        $key = func::gen_token_key($token);
+        dcache($key);
+        return $this->where(array('token'=>$token))->delete();
+    }
+
+    /**
      * 删除
      *
      * @param int $condition 条件

helper/func.php

@@ -8,6 +8,11 @@
 
 class func
 {
+
+    const auth_code_expire = 5;   // 单位：分钟
+    const token_expire = 3;     // 单位：分钟
+
+
     // 生成验证码key
     public static function gen_auth_code_key($mobile)
     {

mobile/control/control.php

@@ -125,8 +125,19 @@ class mbMemberControl extends mobileControl
         parent::__construct();
     }
 
+    /**
+     * 校验token
+     *
+     * @param $token
+     * @return bool
+     */
     public function checkToken($token)
     {
+        if (empty($token)) {
+            $this->err_code = errcode::ErrInputParam;
+            return false;
+        }
+
         $key = func::gen_token_key($token);
         $ret = rcache($key);
         if (empty($ret)) {
@@ -136,6 +147,12 @@ class mbMemberControl extends mobileControl
                 $this->err_code = errcode::ErrLogin;
                 return false;
             }
+            // 判断过期
+            if (time() - $mb_user_token_info['login_time'] > func::token_expire) {
+                $model_mb_user_token->del_token($token);
+                $this->err_code = errcode::ErrTokenExpire;
+                return false;
+            }
         } else {
             $mb_user_token_info = unserialize($ret['info']);
         }
@@ -154,7 +171,6 @@ class mbMemberControl extends mobileControl
         $this->member_info['store_id'] = $seller_info['store_id'];
 
         $this->err_code = errcode::Success;
-
         return true;
     }
 }

mobile/control/member_cart.php

@@ -12,7 +12,7 @@
 
 defined('InShopNC') or exit('Access Invalid!');
 
-class member_cartControl extends mobileMemberControl
+class member_cartControl extends mbMemberControl
 {
     public function __construct()
     {
@@ -24,6 +24,11 @@ class member_cartControl extends mobileMemberControl
      */
     public function cart_listOp()
     {
+        $token = trim($_GET['key']);
+        if($this->checkToken($token)){
+            return joutput_error($this->err_code);
+        }
+
         $model_cart = Model('cart');
         $model_goods = Model('goods');
 
@@ -68,6 +73,11 @@ class member_cartControl extends mobileMemberControl
      */
     public function cart_addOp()
     {
+        $token = trim($_GET['key']);
+        if($this->checkToken($token)){
+            return joutput_error($this->err_code);
+        }
+
         $goods_id = intval($_POST['goods_id']);
         $quantity = intval($_POST['quantity']);
         if ($goods_id <= 0 || $quantity <= 0) {
@@ -117,6 +127,11 @@ class member_cartControl extends mobileMemberControl
 
     public function cart_editOp()
     {
+        $token = trim($_GET['key']);
+        if($this->checkToken($token)){
+            return joutput_error($this->err_code);
+        }
+
         $cart_list = explode(',', urldecode($_POST['cart_list']));
         $new_cart_list = array();
         if (is_array($cart_list)) {
@@ -170,6 +185,11 @@ class member_cartControl extends mobileMemberControl
      */
     public function cart_delOp()
     {
+        $token = trim($_GET['key']);
+        if($this->checkToken($token)){
+            return joutput_error($this->err_code);
+        }
+
         $cart_id = intval($_POST['cart_id']);
 
         $model_cart = Model('cart');
@@ -190,6 +210,11 @@ class member_cartControl extends mobileMemberControl
      */
     public function cart_edit_quantityOp()
     {
+        $token = trim($_GET['key']);
+        if($this->checkToken($token)){
+            return joutput_error($this->err_code);
+        }
+
         $cart_id = intval(abs($_POST['cart_id']));
         $quantity = intval(abs($_POST['quantity']));
         if (empty($cart_id) || empty($quantity)) {

mobile/control/member_login.php

@@ -16,9 +16,6 @@ class LoginType extends SplEnum
 
 class member_loginControl extends mbMemberControl
 {
-    const auth_code_expire = 5;   // 单位：分钟
-    const token_expire = 3;     // 单位：分钟
-
     public function __construct()
     {
         parent::__construct();
@@ -44,7 +41,7 @@ class member_loginControl extends mbMemberControl
         $status = $sms->send($mobile, array('code' => $code, 'type' => Sms::register_code, 'time' => '5'));
         if ($status == 0) {
             $key = func::gen_auth_code_key($mobile);
-            wcache($key, array('code' => $code, 'mobile' => $mobile), '', self::auth_code_expire);
+            wcache($key, array('code' => $code, 'mobile' => $mobile), '', func::auth_code_expire);
         } else {
             return joutput_error(errcode::ErrSms, "send error={$status}.");
         }
@@ -136,7 +133,7 @@ class member_loginControl extends mbMemberControl
                     } else {
                         $ret_val = array();
                         $ret_val['token'] = $token;
-                        $ret_val['cache_expiration_time'] = time() + self::token_expire * 60;
+                        $ret_val['cache_expiration_time'] = time() + func::token_expire * 60;
                         $ret_val['systime'] = time();
                         return joutput_data($ret_val);
                     }
@@ -157,7 +154,7 @@ class member_loginControl extends mbMemberControl
                     } else {
                         $ret_val = array();
                         $ret_val['token'] = $token;
-                        $ret_val['cache_expiration_time'] = time() + self::token_expire * 60;
+                        $ret_val['cache_expiration_time'] = time() + func::token_expire * 60;
                         $ret_val['systime'] = time();
                         return joutput_data($ret_val);
                     }