update: 登录接口

src/admin/api/application.php

@@ -0,0 +1,4 @@
+<?php
+
+require_once __DIR__ . '/../../core/application.php';
+// require_once ROOT . '/core/adminarea.php';

src/admin/api/login.php

@@ -0,0 +1,37 @@
+<?php
+
+require_once __DIR__ . '/application.php';
+
+@header('Content-Type: application/json; charset=UTF-8');
+
+if (!checkRefererHost()) exit(json_encode(['code' => 403, 'msg' => 'error' ]));
+
+$admin_email = post('email');
+
+if (empty($admin_email)) {
+    exit(json_encode(['code' => -1, 'msg' => 'Email address is required !' ]));
+}
+
+$admin_password = post('password');
+
+if (empty($admin_password)) {
+    exit(json_encode(['code' => -1, 'msg' => 'Password is required !' ]));
+}
+
+$admin_password = hash('sha256', post('password'));
+
+$data = $DB->find('admin', '*', array(
+    'admin_email' => $admin_email,
+    'admin_password' => $admin_password,
+));
+
+if (!empty($data) && is_array($data)) {
+    if (isset($_POST['remember'])) {
+        $_SESSION['UIISC_ADMIN'] = base64_encode($data['admin_key']);
+    } else {
+        $_SESSION['UIISC_ADMIN'] = base64_encode($data['admin_key']);
+    }
+    exit(json_encode(['code' => 0, 'msg' => 'Logged in successfully !' ]));
+} else {
+    exit(json_encode(['code' => -1, 'msg' => 'Invalid email address or password !' ]));
+}

src/admin/api/logout.php

@@ -0,0 +1,18 @@
+<?php
+
+require_once __DIR__ . '/application.php';
+
+@header('Content-Type: application/json; charset=UTF-8');
+
+if (!checkRefererHost()) exit(json_encode(['code' => 403, 'msg' => 'error']));
+
+// ob_start();
+// session_start();
+if (isset($_SESSION['UIISC_ADMIN'])) {
+    unset($_SESSION['UIISC_ADMIN']);
+    exit(json_encode(['code' => 0, 'msg' => 'Logout successfully !']));
+} else {
+    exit(json_encode(['code' => 0, 'msg' => 'Login to continue !']));
+}
+
+exit(json_encode(['code' => -1, 'msg' => 'error !']));

src/admin/views/login/login.php

@@ -1,7 +1,7 @@
 <div class="container" id="login">
     <div class="row">
         <div class="col-md-offset-4 col-md-4 col-sm-offset-3 col-sm-6">
-            <form action="controllers/login/login.php" method="post">
+            <form id="form-login" onsubmit="return loginSubmit()" method="post">
                 <h3 class="m-0 text-center"><?php echo $lang->I18N('login'); ?></h3>
                 <hr />
                 <div class="form-group mb-10">
@@ -26,3 +26,35 @@
         </div>
     </div>
 </div>
+
+<script>
+    function loginSubmit() {
+        var ii = layer.load(2);
+        $.ajax({
+            type: 'POST',
+            url: 'api/login.php',
+            data: $("#form-login").serialize(),
+            dataType: 'json',
+            success: function(data) {
+                layer.close(ii);
+                if (data.code == 0) {
+                    layer.alert(data.msg, {
+                        icon: 1,
+                        closeBtn: false
+                    }, function() {
+                        window.location.href = 'index.php';
+                    });
+                } else {
+                    layer.alert(data.msg, {
+                        icon: 2
+                    });
+                }
+            },
+            error: function(data) {
+                layer.close(ii);
+                layer.msg('服务器错误');
+            }
+        });
+        return false;
+    }
+</script>

src/admin/views/navbar.php

@@ -80,32 +80,29 @@
             icon: 3,
             btn: ['确定', '取消']
         }, function() {
-            window.location.href = 'logout.php';
-            // var ii = layer.load(2);
-            // $.ajax({
-            //     type: 'GET',
-            //     url: 'ajax.php?act=logout',
-            //     dataType: 'json',
-            //     success: function(data) {
-            //         layer.close(ii);
-            //         if (data.code == 0) {
-            //             layer.alert(data.msg, {
-            //                 icon: 1,
-            //                 closeBtn: false
-            //             }, function() {
-            //                 window.location.href = 'login.php';
-            //             });
-            //         } else {
-            //             layer.alert(data.msg, {
-            //                 icon: 2
-            //             });
-            //         }
-            //     },
-            //     error: function(data) {
-            //         layer.close(ii);
-            //         layer.msg('服务器错误');
-            //     }
-            // });
+            var ii = layer.load(2);
+            $.ajax({
+                type: 'POST',
+                url: 'api/logout.php',
+                dataType: 'json',
+                success: function(data) {
+                    layer.close(ii);
+                    if (data.code == 0) {
+                        layer.msg('退出登录成功');
+                        setTimeout(function() {
+                            window.location.href = 'login.php';
+                        }, 2000);
+                    } else {
+                        layer.alert(data.msg, {
+                            icon: 2
+                        });
+                    }
+                },
+                error: function(data) {
+                    layer.close(ii);
+                    layer.msg('服务器错误');
+                }
+            });
         });
     }
 </script>

src/core/library/functions.php

@@ -448,7 +448,7 @@ function email_build_body($title, $nickname, $content, $description = '')
 
 function checkRefererHost()
 {
-    if (!$_SERVER['HTTP_REFERER']) return false;
+    if (!isset($_SERVER['HTTP_REFERER']) || !$_SERVER['HTTP_REFERER']) return false;
     $url_arr = parse_url($_SERVER['HTTP_REFERER']);
     $http_host = $_SERVER['HTTP_HOST'];
     if (strpos($http_host, ':')) $http_host = substr($http_host, 0, strpos($http_host, ':'));