thinkphp——PHP异位或加密实现自动登陆

最近做一个网站，需要实现自动登陆的功能，代码如下：

HTML代码

<form onsubmit="return false">
<div class="pop-content accountPage">
<div class="form_item">
<div class="item_tip">用户名/邮箱</div>
<input tabindex="1" name="username" class="form_input" id="username" onblur="blurInputLoginBox($(this))" onfocus="focusInputLoginBox($(this))" autocomplete="off" type="text">
<span class="error">不能为空</span>
<i class="icon-loginright"></i>
<span class="grey">允许用中英文、数字、下划线，提交后不可修改</span>
</div>
<div class="form_item">
<div class="item_tip">密码</div>
<input tabindex="3" name="pwd" class="form_input" id="pwd" onblur="blurInputLoginBox($(this))" onfocus="focusInputLoginBox($(this))" autocomplete="off" type="password">
<span class="error">不能为空</span>
<span class="grey">6 - 20位</span>
<i class="icon-loginright"></i>
</div>
<div class="twoWeeks">
<input class="ckeckBox" name="rememberme" id="rememberme" type="checkbox">
<label for="rememberme">两周内免登录</label>
<a class="a_underline" href="http://www.sucaihuo.com/forget.html">忘记密码？</a>
</div>
<p class="notice_error" id="notice_error"></p>
<input tabindex="7" value="登  录" class="btn_reg btn" id="btn_reg" onclick="subLogin($(this))" type="submit">
<div class="co_login" style="margin:30px 0 0">
联合登录
<a class="a_underline" href="http://www.sucaihuo.com/Index/login/type/qq.html">腾讯QQ</a>
<a class="a_underline" href="http://www.sucaihuo.com/Index/login/type/sina.html">新浪微博</a>
<a class="a_underline" href="http://www.sucaihuo.com/Index/login/type/renren.html">人人网</a>
绑定送<span class="red">200</span>积分
</div>
</div>
</form>

Ajax提交登陆信息，提交地址自行修改

<script type="text/javascript">
function subLogin(obj) {
var username = $.trim($('#username').val());
var pwd = $.trim($('#pwd').val());
var remember;
if($('#rememberme').is(":checked")){
remember=1;
}else{
remember=2;
}
if (username == '') {
showLoginError("请输入用户名或邮箱");
return false;
}
if (pwd == '') {
showLoginError("请输入密码");
return false;
}
obj.addClass('disabled').val('登录中...');
$.post(controller+'Ajax/checkLogin', {username: username, pwd: pwd,rememberme:remember}, function(data) {
if (data.error != '') {
showLoginError(data.error);
} else {
showSuccessTip(data.success);
var url = data.url;
setTimeout("goUrl('" + url + "')", 1000);
}
obj.removeClass('disabled').val('登录');
}, "json")
}
function showLoginError(tip) {
$("#notice_error").text(tip).show();
$("#notice_error").fadeOut(2500);
}
</script>

在Common/function.PHP中

/**
* 异位或加密字符串
* @param [String] $value [需要加密或解密的字符串]
* @param [integer] $type [0:加密 1:解密]
* @param [String]        [返回加密或解密的字符串]
*/
function encryption($value,$type=0){
$key = md5(C('AUTO_LOGIN_KEY'));
//$type==1则加密cookie
if($type==1){
return str_replace('=','',base64_encode($value ^ $key));
}
//解密
$value = base64_decode($value);
return $value ^ $key;
}

PHP
//是否要记录cookie
if(I('rememberme')==1){
$value = $user['id'].'|'.get_client_ip().'|'.$user['username'];
$value = encryption($value,1);
cookie('sucai',$value,array('expire'=>time()+3600*24*7*2,'path'=>'/'));
}

在Home/Controller/CommonController.class.php中

if(isset($_COOKIE('sucai')){
//解析cookie，生成session
$value = encryption(cookie('sucai'));
$value = explode('|',$value);
if($value['1']==get_client_ip()){
session('uid',$value[0]);
session('username',$value['2']);
}
}