DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
177 Commits
3 Branches
110MB
Tree: 814d406b07
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '814d406b07'
${ noResults }
DedeV6/src/include/userlogin.class.php

518 lines
14KB
Raw Blame History 

  1. <?php   if(!defined('DEDEINC')) exit('Request Error!');

  2. /**

  3.  * 管理员登录类

  4.  *

  5.  * @version        $Id: userlogin.class.php 1 15:59 2010年7月5日Z tianya $

  6.  * @package        DedeCMS.Libraries

  7.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  8.  * @license        https://www.dedebiz.com/license/v6

  9.  * @link           https://www.dedebiz.com

  10.  */

  11. session_start();

  12. 

  13. /**

  14.  *  检验用户是否有权使用某功能,这个函数是一个回值函数

  15.  *  CheckPurview函数只是对他回值的一个处理过程

  16.  *

  17.  * @access    public

  18.  * @param     string  $n  功能名称

  19.  * @return    mix  如果具有则返回TRUE

  20.  */

  21. function TestPurview($n)

  22. {

  23.     $rs = FALSE;

  24.     $purview = $GLOBALS['cuserLogin']->getPurview();

  25.     if(preg_match('/admin_AllowAll/i',$purview))

  26.     {

  27.         return TRUE;

  28.     }

  29.     if($n=='')

  30.     {

  31.         return TRUE;

  32.     }

  33.     if(!isset($GLOBALS['groupRanks']))

  34.     {

  35.         $GLOBALS['groupRanks'] = explode(' ',$purview);

  36.     }

  37.     $ns = explode(',',$n);

  38.     foreach($ns as $n)

  39.     {

  40.         //只要找到一个匹配的权限,即可认为用户有权访问此页面

  41.         if($n=='')

  42.         {

  43.             continue;

  44.         }

  45.         if(in_array($n,$GLOBALS['groupRanks']))

  46.         {

  47.             $rs = TRUE; break;

  48.         }

  49.     }

  50.     return $rs;

  51. }

  52. 

  53. /**

  54.  *  对权限检测后返回操作对话框

  55.  *

  56.  * @access    public

  57.  * @param     string  $n  功能名称

  58.  * @return    string

  59.  */

  60. function CheckPurview($n)

  61. {

  62.     if(!TestPurview($n))

  63.     {

  64.         ShowMsg("对不起,你没有权限执行此操作!<br/><br/><a href='javascript:history.go(-1);'>点击此返回上一页&gt;&gt;</a>",'javascript:;');

  65.         exit();

  66.     }

  67. }

  68. 

  69. /**

  70.  *  是否没权限限制(超级管理员)

  71.  *

  72.  * @access    public

  73.  * @param     string

  74.  * @return    bool

  75.  */

  76. function TestAdmin()

  77. {

  78.     $purview = $GLOBALS['cuserLogin']->getPurview();

  79.     if(preg_match('/admin_AllowAll/i',$purview))

  80.     {

  81.         return TRUE;

  82.     }

  83.     else

  84.     {

  85.         return FALSE;

  86.     }

  87. }

  88. 

  89. $DedeUserCatalogs = Array();

  90. 

  91. /**

  92.  *  检测用户是否有权限操作某栏目

  93.  *

  94.  * @access    public

  95.  * @param     int   $cid  频道id

  96.  * @param     string   $msg  返回消息

  97.  * @return    string

  98.  */

  99. function CheckCatalog($cid, $msg)

  100. {

  101.     global $cfg_admin_channel, $admin_catalogs;

  102.     if($cfg_admin_channel=='all' || TestAdmin())

  103.     {

  104.         return TRUE;

  105.     }

  106.     if( !in_array($cid, $admin_catalogs) )

  107.     {

  108.         ShowMsg(" $msg <br/><br/><a href='javascript:history.go(-1);'>点击此返回上一页&gt;&gt;</a>",'javascript:;');

  109.         exit();

  110.     }

  111.     return TRUE;

  112. }

  113. 

  114. /**

  115.  *  发布文档临时附件信息缓存、发文档前先清空附件信息

  116.  *  发布文档时涉及的附件保存到缓存里,完成后把它与文档关连

  117.  *

  118.  * @access    public

  119.  * @param     string   $fid  文件ID

  120.  * @param     string   $filename  文件名称

  121.  * @return    void

  122.  */

  123. function AddMyAddon($fid, $filename)

  124. {

  125.     $cacheFile = DEDEDATA.'/cache/addon-'.session_id().'.inc';

  126.     if(!file_exists($cacheFile))

  127.     {

  128.         $fp = fopen($cacheFile, 'w');

  129.         fwrite($fp, '<'.'?php'."\r\n");

  130.         fwrite($fp, "\$myaddons = array();\r\n");

  131.         fwrite($fp, "\$maNum = 0;\r\n");

  132.         fclose($fp);

  133.     }

  134.     include($cacheFile);

  135.     $fp = fopen($cacheFile, 'a');

  136.     $arrPos = $maNum;

  137.     $maNum++;

  138.     fwrite($fp, "\$myaddons[\$maNum] = array('$fid', '$filename');\r\n");

  139.     fwrite($fp, "\$maNum = $maNum;\r\n");

  140.     fclose($fp);

  141. }

  142. 

  143. /**

  144.  *  清理附件,如果关连的文档ID,先把上一批附件传给这个文档ID

  145.  *

  146.  * @access    public

  147.  * @param     string  $aid  文档ID

  148.  * @param     string  $title  文档标题

  149.  * @return    empty

  150.  */

  151. function ClearMyAddon($aid=0, $title='')

  152. {

  153.     global $dsql;

  154.     $cacheFile = DEDEDATA.'/cache/addon-'.session_id().'.inc';

  155.     $_SESSION['bigfile_info'] = array();

  156.     $_SESSION['file_info'] = array();

  157.     if(!file_exists($cacheFile))

  158.     {

  159.         return ;

  160.     }

  161.     

  162.     //把附件与文档关连

  163.     if(!empty($aid))

  164.     {

  165.         include($cacheFile);

  166.         foreach($myaddons as $addons)

  167.         {

  168.             if(!empty($title)) {

  169.                 $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid',title='$title' where aid='{$addons[0]}'");

  170.             }

  171.             else {

  172.                 $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid' where aid='{$addons[0]}' ");

  173.             }

  174.         }

  175.     }

  176.     @unlink($cacheFile);

  177. }

  178. 

  179. /**

  180.  * 登录类

  181.  *

  182.  * @package          userLogin

  183.  * @subpackage       DedeCMS.Libraries

  184.  * @link             https://www.dedebiz.com

  185.  */

  186. class userLogin

  187. {

  188.     var $userName = '';

  189.     var $userPwd = '';

  190.     var $userID = '';

  191.     var $adminDir = '';

  192.     var $userType = '';

  193.     var $userChannel = '';

  194.     var $userPurview = '';

  195.     var $keepUserIDTag = 'dede_admin_id';

  196.     var $keepUserTypeTag = 'dede_admin_type';

  197.     var $keepUserChannelTag = 'dede_admin_channel';

  198.     var $keepUserNameTag = 'dede_admin_name';

  199.     var $keepUserPurviewTag = 'dede_admin_purview';

  200.     var $keepAdminStyleTag = 'dede_admin_style';

  201.     var $adminStyle = 'dedecms';

  202. 

  203.     //php5构造函数

  204.     function __construct($admindir='')

  205.     {

  206.         global $admin_path;

  207.         if(isset($_SESSION[$this->keepUserIDTag]))

  208.         {

  209.             $this->userID = $_SESSION[$this->keepUserIDTag];

  210.             $this->userType = $_SESSION[$this->keepUserTypeTag];

  211.             $this->userChannel = $_SESSION[$this->keepUserChannelTag];

  212.             $this->userName = $_SESSION[$this->keepUserNameTag];

  213.             $this->userPurview = $_SESSION[$this->keepUserPurviewTag];

  214.             $this->adminStyle = $_SESSION[$this->keepAdminStyleTag];

  215.         }

  216. 

  217.         if($admindir!='')

  218.         {

  219.             $this->adminDir = $admindir;

  220.         }

  221.         else

  222.         {

  223.             $this->adminDir = $admin_path;

  224.         }

  225.     }

  226. 

  227.     function userLogin($admindir='')

  228.     {

  229.         $this->__construct($admindir);

  230.     }

  231. 

  232.     /**

  233.      *  检验用户是否正确

  234.      *

  235.      * @access    public

  236.      * @param     string    $username  用户名

  237.      * @param     string    $userpwd  密码

  238.      * @return    string

  239.      */

  240.     function checkUser($username, $userpwd)

  241.     {

  242.         global $dsql;

  243. 

  244.         //只允许用户名和密码用0-9,a-z,A-Z,'@','_','.','-'这些字符

  245.         $this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username);

  246.         $this->userPwd = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userpwd);

  247.         $pwd = substr(md5($this->userPwd), 5, 20);

  248.         $dsql->SetQuery("SELECT admin.*,atype.purviews FROM `#@__admin` admin LEFT JOIN `#@__admintype` atype ON atype.rank=admin.usertype WHERE admin.userid LIKE '".$this->userName."' LIMIT 0,1");

  249.         $dsql->Execute();

  250.         $row = $dsql->GetObject();

  251.         if(!isset($row->pwd))

  252.         {

  253.             return -1;

  254.         }

  255.         else if($pwd!=$row->pwd)

  256.         {

  257.             return -2;

  258.         }

  259.         else

  260.         {

  261.             $loginip = GetIP();

  262.             $this->userID = $row->id;

  263.             $this->userType = $row->usertype;

  264.             $this->userChannel = $row->typeid;

  265.             $this->userName = $row->uname;

  266.             $this->userPurview = $row->purviews;

  267.             $inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='".time()."' WHERE id='".$row->id."'";

  268.             $dsql->ExecuteNoneQuery($inquery);

  269.             $sql = "UPDATE `#@__member` SET logintime=".time().", loginip='$loginip' WHERE mid=".$row->id;

  270.             $dsql->ExecuteNoneQuery($sql);

  271.             return 1;

  272.         }

  273.     }

  274. 

  275.     /**

  276.      *  保持用户的会话状态

  277.      *

  278.      * @access    public

  279.      * @return    int    成功返回 1 ,失败返回 -1

  280.      */

  281.     function keepUser()

  282.     {

  283.         if($this->userID != '' && $this->userType != '')

  284.         {

  285.             global $admincachefile,$adminstyle;

  286.             if(empty($adminstyle)) $adminstyle = 'dedecms';

  287. 

  288.             @session_register($this->keepUserIDTag);

  289.             $_SESSION[$this->keepUserIDTag] = $this->userID;

  290. 

  291.             @session_register($this->keepUserTypeTag);

  292.             $_SESSION[$this->keepUserTypeTag] = $this->userType;

  293. 

  294.             @session_register($this->keepUserChannelTag);

  295.             $_SESSION[$this->keepUserChannelTag] = $this->userChannel;

  296. 

  297.             @session_register($this->keepUserNameTag);

  298.             $_SESSION[$this->keepUserNameTag] = $this->userName;

  299. 

  300.             @session_register($this->keepUserPurviewTag);

  301.             $_SESSION[$this->keepUserPurviewTag] = $this->userPurview;

  302. 

  303.             @session_register($this->keepAdminStyleTag);

  304.             $_SESSION[$this->keepAdminStyleTag] = $adminstyle;

  305. 

  306.             PutCookie('DedeUserID', $this->userID, 3600 * 24, '/');

  307.             PutCookie('DedeLoginTime', time(), 3600 * 24, '/');

  308.             

  309.             $this->ReWriteAdminChannel();

  310.             

  311.             return 1;

  312.         }

  313.         else

  314.         {

  315.             return -1;

  316.         }

  317.     }

  318.     

  319.     /**

  320.      *  重写用户权限频道

  321.      *

  322.      * @access    public

  323.      * @return    void

  324.      */

  325.     function ReWriteAdminChannel()

  326.     {

  327.         //$this->userChannel

  328.         $cacheFile = DEDEDATA.'/cache/admincat_'.$this->userID.'.inc';

  329.         //管理员管理的频道列表

  330.         $typeid = trim($this->userChannel);

  331.         if( empty($typeid) || $this->getUserType() >= 10 ) {

  332.                 $firstConfig = "\$cfg_admin_channel = 'all';\r\n\$admin_catalogs = array();\r\n";

  333.         }

  334.         else {

  335.                 $firstConfig = "\$cfg_admin_channel = 'array';\r\n";

  336.         }

  337.         $fp = fopen($cacheFile, 'w');

  338.         fwrite($fp, '<'.'?php'."\r\n");

  339.         fwrite($fp, $firstConfig);

  340.         if( !empty($typeid) )

  341.         {

  342.              $typeids = explode(',', $typeid);

  343.              $typeid = '';

  344.              foreach($typeids as $tid)

  345.              {

  346.                      $typeid .= ( $typeid=='' ? GetSonIdsUL($tid) : ','.GetSonIdsUL($tid) );

  347.              }

  348.              $typeids = explode(',', $typeid);

  349.              $typeidsnew = array_unique($typeids);

  350.              $typeid = join(',', $typeidsnew);

  351.              fwrite($fp, "\$admin_catalogs = array($typeid);\r\n");

  352.         }

  353.         fwrite($fp, '?'.'>');

  354.         fclose($fp);

  355.     }

  356. 

  357.     //

  358.     /**

  359.      *  结束用户的会话状态

  360.      *

  361.      * @access    public

  362.      * @return    void

  363.      */

  364.     function exitUser()

  365.     {

  366.         ClearMyAddon();

  367.         @session_unregister($this->keepUserIDTag);

  368.         @session_unregister($this->keepUserTypeTag);

  369.         @session_unregister($this->keepUserChannelTag);

  370.         @session_unregister($this->keepUserNameTag);

  371.         @session_unregister($this->keepUserPurviewTag);

  372.         DropCookie('dedeAdmindir');

  373.         DropCookie('DedeUserID');

  374.         DropCookie('DedeLoginTime');

  375.         $_SESSION = array();

  376.     }

  377. 

  378.     /**

  379.      *  获得用户管理频道的值

  380.      *

  381.      * @access    public

  382.      * @return    array

  383.      */

  384.     function getUserChannel()

  385.     {

  386.         if($this->userChannel != '')

  387.         {

  388.             return $this->userChannel;

  389.         }

  390.         else

  391.         {

  392.             return '';

  393.         }

  394.     }

  395. 

  396.     /**

  397.      *  获得用户的权限值

  398.      *

  399.      * @access    public

  400.      * @return    int

  401.      */

  402.     function getUserType()

  403.     {

  404.         if($this->userType != '')

  405.         {

  406.             return $this->userType;

  407.         }

  408.         else

  409.         {

  410.             return -1;

  411.         }

  412.     }

  413. 

  414.     /**

  415.      *  获取用户权限值

  416.      *

  417.      * @access    public

  418.      * @return    int

  419.      */

  420.     function getUserRank()

  421.     {

  422.         return $this->getUserType();

  423.     }

  424. 

  425.     /**

  426.      *  获得用户的ID

  427.      *

  428.      * @access    public

  429.      * @return    int

  430.      */

  431.     function getUserID()

  432.     {

  433.         if($this->userID != '')

  434.         {

  435.             return $this->userID;

  436.         }

  437.         else

  438.         {

  439.             return -1;

  440.         }

  441.     }

  442. 

  443.     /**

  444.      *  获得用户的笔名

  445.      *

  446.      * @access    public

  447.      * @return    string

  448.      */

  449.     function getUserName()

  450.     {

  451.         if($this->userName != '')

  452.         {

  453.             return $this->userName;

  454.         }

  455.         else

  456.         {

  457.             return -1;

  458.         }

  459.     }

  460. 

  461.     /**

  462.      *  用户权限表

  463.      *

  464.      * @access    public

  465.      * @return    string

  466.      */

  467.     function getPurview()

  468.     {

  469.         return $this->userPurview;

  470.     }

  471. }

  472. 

  473. /**

  474.  *  获得某id的所有下级id

  475.  *

  476.  * @access    public

  477.  * @param     int   $id  栏目ID

  478.  * @param     int   $channel  频道ID

  479.  * @param     int   $addthis  是否加入当前这个栏目

  480.  * @return    string

  481.  */

  482. function GetSonIdsUL($id, $channel=0, $addthis=TRUE)

  483. {

  484.     global $cfg_Cs;

  485.     $GLOBALS['idArray'] = array();

  486.     if( !is_array($cfg_Cs) )

  487.     {

  488.         require_once(DEDEDATA."/cache/inc_catalog_base.inc");

  489.     }

  490.     GetSonIdsLogicUL($id,$cfg_Cs,$channel,$addthis);

  491.     $rquery = join(',', $GLOBALS['idArray']);

  492.     return $rquery;

  493. }

  494. 

  495. /**

  496.  *  递归逻辑

  497.  *

  498.  * @access    public

  499.  * @param     int  $id  栏目ID

  500.  * @param     array  $sArr  缓存数组

  501.  * @param     int   $channel  频道ID

  502.  * @param     int   $addthis  是否加入当前这个栏目

  503.  * @return    string

  504.  */

  505. function GetSonIdsLogicUL($id,$sArr,$channel=0,$addthis=FALSE)

  506. {

  507.     if($id!=0 && $addthis)

  508.     {

  509.         $GLOBALS['idArray'][$id] = $id;

  510.     }

  511.     foreach($sArr as $k=>$v)

  512.     {

  513.         if( $v[0]==$id && ($channel==0 || $v[1]==$channel ))

  514.         {

  515.             GetSonIdsLogicUL($k,$sArr,$channel,TRUE);

  516.         }

  517.     }

  518. }