|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471 |
- <?php if (!defined('DEDEINC')) exit('Request Error!');
- /**
- * 管理员登录类
- *
- * @version $Id: userlogin.class.php 1 15:59 2010年7月5日Z tianya $
- * @package DedeBIZ.Libraries
- * @copyright Copyright (c) 2020, DedeBIZ.COM
- * @license https://www.dedebiz.com/license
- * @link https://www.dedebiz.com
- */
- session_start();
-
- /**
- * 检验用户是否有权使用某功能,这个函数是一个回值函数
- * CheckPurview函数只是对他回值的一个处理过程
- *
- * @access public
- * @param string $n 功能名称
- * @return mix 如果具有则返回TRUE
- */
- function TestPurview($n)
- {
- $rs = FALSE;
- $purview = $GLOBALS['cuserLogin']->getPurview();
- if (preg_match('/admin_AllowAll/i', $purview)) {
- return TRUE;
- }
- if ($n == '') {
- return TRUE;
- }
- if (!isset($GLOBALS['groupRanks'])) {
- $GLOBALS['groupRanks'] = explode(' ', $purview);
- }
- $ns = explode(',', $n);
- foreach ($ns as $n) {
- //只要找到一个匹配的权限,即可认为用户有权访问此页面
- if ($n == '') {
- continue;
- }
- if (in_array($n, $GLOBALS['groupRanks'])) {
- $rs = TRUE;
- break;
- }
- }
- return $rs;
- }
-
- /**
- * 对权限检测后返回操作对话框
- *
- * @access public
- * @param string $n 功能名称
- * @return string
- */
- function CheckPurview($n)
- {
- if (!TestPurview($n)) {
- ShowMsg("对不起,你没有权限执行此操作!<br/><br/><a href='javascript:history.go(-1);'>点击此返回上一页>></a>", 'javascript:;');
- exit();
- }
- }
-
- /**
- * 是否没权限限制(超级管理员)
- *
- * @access public
- * @param string
- * @return bool
- */
- function TestAdmin()
- {
- $purview = $GLOBALS['cuserLogin']->getPurview();
- if (preg_match('/admin_AllowAll/i', $purview)) {
- return TRUE;
- } else {
- return FALSE;
- }
- }
-
- $DedeUserCatalogs = array();
-
- /**
- * 检测用户是否有权限操作某栏目
- *
- * @access public
- * @param int $cid 频道id
- * @param string $msg 返回消息
- * @return string
- */
- function CheckCatalog($cid, $msg)
- {
- global $cfg_admin_channel, $admin_catalogs;
- if ($cfg_admin_channel == 'all' || TestAdmin()) {
- return TRUE;
- }
- if (!in_array($cid, $admin_catalogs)) {
- ShowMsg(" $msg <br/><br/><a href='javascript:history.go(-1);'>点击此返回上一页>></a>", 'javascript:;');
- exit();
- }
- return TRUE;
- }
-
- /**
- * 发布文档临时附件信息缓存、发文档前先清空附件信息
- * 发布文档时涉及的附件保存到缓存里,完成后把它与文档关连
- *
- * @access public
- * @param string $fid 文件ID
- * @param string $filename 文件名称
- * @return void
- */
- function AddMyAddon($fid, $filename)
- {
- $cacheFile = DEDEDATA . '/cache/addon-' . session_id() . '.inc';
- if (!file_exists($cacheFile)) {
- $fp = fopen($cacheFile, 'w');
- fwrite($fp, '<' . '?php' . "\r\n");
- fwrite($fp, "\$myaddons = array();\r\n");
- fwrite($fp, "\$maNum = 0;\r\n");
- fclose($fp);
- }
- include($cacheFile);
- $fp = fopen($cacheFile, 'a');
- $arrPos = $maNum;
- $maNum++;
- fwrite($fp, "\$myaddons[\$maNum] = array('$fid', '$filename');\r\n");
- fwrite($fp, "\$maNum = $maNum;\r\n");
- fclose($fp);
- }
-
- /**
- * 清理附件,如果关连的文档ID,先把上一批附件传给这个文档ID
- *
- * @access public
- * @param string $aid 文档ID
- * @param string $title 文档标题
- * @return empty
- */
- function ClearMyAddon($aid = 0, $title = '')
- {
- global $dsql;
- $cacheFile = DEDEDATA . '/cache/addon-' . session_id() . '.inc';
- $_SESSION['bigfile_info'] = array();
- $_SESSION['file_info'] = array();
- if (!file_exists($cacheFile)) {
- return;
- }
-
- //把附件与文档关连
- if (!empty($aid)) {
- include($cacheFile);
- foreach ($myaddons as $addons) {
- if (!empty($title)) {
- $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid',title='$title' where aid='{$addons[0]}'");
- } else {
- $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid' where aid='{$addons[0]}' ");
- }
- }
- }
- @unlink($cacheFile);
- }
-
- /**
- * 登录类
- *
- * @package userLogin
- * @subpackage DedeBIZ.Libraries
- * @link https://www.dedebiz.com
- */
- class userLogin
- {
- var $userName = '';
- var $userPwd = '';
- var $userID = '';
- var $adminDir = '';
- var $userType = '';
- var $userChannel = '';
- var $userPurview = '';
- var $keepUserIDTag = 'dede_admin_id';
- var $keepUserTypeTag = 'dede_admin_type';
- var $keepUserChannelTag = 'dede_admin_channel';
- var $keepUserNameTag = 'dede_admin_name';
- var $keepUserPurviewTag = 'dede_admin_purview';
- var $keepAdminStyleTag = 'dede_admin_style';
- var $adminStyle = 'dedecms';
-
- //php5构造函数
- function __construct($admindir = '')
- {
- global $admin_path;
- if (isset($_SESSION[$this->keepUserIDTag])) {
- $this->userID = $_SESSION[$this->keepUserIDTag];
- $this->userType = $_SESSION[$this->keepUserTypeTag];
- $this->userChannel = $_SESSION[$this->keepUserChannelTag];
- $this->userName = $_SESSION[$this->keepUserNameTag];
- $this->userPurview = $_SESSION[$this->keepUserPurviewTag];
- $this->adminStyle = $_SESSION[$this->keepAdminStyleTag];
- }
-
- if ($admindir != '') {
- $this->adminDir = $admindir;
- } else {
- $this->adminDir = $admin_path;
- }
- }
-
- function userLogin($admindir = '')
- {
- $this->__construct($admindir);
- }
-
- /**
- * 检验用户是否正确
- *
- * @access public
- * @param string $username 用户名
- * @param string $userpwd 密码
- * @return string
- */
- function checkUser($username, $userpwd)
- {
- global $dsql;
-
- //只允许用户名和密码用0-9,a-z,A-Z,'@','_','.','-'这些字符
- $this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username);
- $this->userPwd = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userpwd);
- $pwd = substr(md5($this->userPwd), 5, 20);
- $dsql->SetQuery("SELECT admin.*,atype.purviews FROM `#@__admin` admin LEFT JOIN `#@__admintype` atype ON atype.rank=admin.usertype WHERE admin.userid LIKE '" . $this->userName . "' LIMIT 0,1");
- $dsql->Execute();
- $row = $dsql->GetObject();
- if (!isset($row->pwd)) {
- return -1;
- } else if ($pwd != $row->pwd) {
- return -2;
- } else {
- $loginip = GetIP();
- $this->userID = $row->id;
- $this->userType = $row->usertype;
- $this->userChannel = $row->typeid;
- $this->userName = $row->uname;
- $this->userPurview = $row->purviews;
- $inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='" . time() . "' WHERE id='" . $row->id . "'";
- $dsql->ExecuteNoneQuery($inquery);
- $sql = "UPDATE `#@__member` SET logintime=" . time() . ", loginip='$loginip' WHERE mid=" . $row->id;
- $dsql->ExecuteNoneQuery($sql);
- return 1;
- }
- }
-
- /**
- * 保持用户的会话状态
- *
- * @access public
- * @return int 成功返回 1 ,失败返回 -1
- */
- function keepUser()
- {
- if ($this->userID != '' && $this->userType != '') {
- global $admincachefile, $adminstyle;
- if (empty($adminstyle)) $adminstyle = 'dedecms';
-
- @session_register($this->keepUserIDTag);
- $_SESSION[$this->keepUserIDTag] = $this->userID;
-
- @session_register($this->keepUserTypeTag);
- $_SESSION[$this->keepUserTypeTag] = $this->userType;
-
- @session_register($this->keepUserChannelTag);
- $_SESSION[$this->keepUserChannelTag] = $this->userChannel;
-
- @session_register($this->keepUserNameTag);
- $_SESSION[$this->keepUserNameTag] = $this->userName;
-
- @session_register($this->keepUserPurviewTag);
- $_SESSION[$this->keepUserPurviewTag] = $this->userPurview;
-
- @session_register($this->keepAdminStyleTag);
- $_SESSION[$this->keepAdminStyleTag] = $adminstyle;
-
- PutCookie('DedeUserID', $this->userID, 3600 * 24, '/');
- PutCookie('DedeLoginTime', time(), 3600 * 24, '/');
-
- $this->ReWriteAdminChannel();
-
- return 1;
- } else {
- return -1;
- }
- }
-
- /**
- * 重写用户权限频道
- *
- * @access public
- * @return void
- */
- function ReWriteAdminChannel()
- {
- //$this->userChannel
- $cacheFile = DEDEDATA . '/cache/admincat_' . $this->userID . '.inc';
- //管理员管理的频道列表
- $typeid = trim($this->userChannel);
- if (empty($typeid) || $this->getUserType() >= 10) {
- $firstConfig = "\$cfg_admin_channel = 'all';\r\n\$admin_catalogs = array();\r\n";
- } else {
- $firstConfig = "\$cfg_admin_channel = 'array';\r\n";
- }
- $fp = fopen($cacheFile, 'w');
- fwrite($fp, '<' . '?php' . "\r\n");
- fwrite($fp, $firstConfig);
- if (!empty($typeid)) {
- $typeids = explode(',', $typeid);
- $typeid = '';
- foreach ($typeids as $tid) {
- $typeid .= ($typeid == '' ? GetSonIdsUL($tid) : ',' . GetSonIdsUL($tid));
- }
- $typeids = explode(',', $typeid);
- $typeidsnew = array_unique($typeids);
- $typeid = join(',', $typeidsnew);
- fwrite($fp, "\$admin_catalogs = array($typeid);\r\n");
- }
- fwrite($fp, '?' . '>');
- fclose($fp);
- }
-
- //
- /**
- * 结束用户的会话状态
- *
- * @access public
- * @return void
- */
- function exitUser()
- {
- ClearMyAddon();
- @session_unregister($this->keepUserIDTag);
- @session_unregister($this->keepUserTypeTag);
- @session_unregister($this->keepUserChannelTag);
- @session_unregister($this->keepUserNameTag);
- @session_unregister($this->keepUserPurviewTag);
- DropCookie('dedeAdmindir');
- DropCookie('DedeUserID');
- DropCookie('DedeLoginTime');
- $_SESSION = array();
- }
-
- /**
- * 获得用户管理频道的值
- *
- * @access public
- * @return array
- */
- function getUserChannel()
- {
- if ($this->userChannel != '') {
- return $this->userChannel;
- } else {
- return '';
- }
- }
-
- /**
- * 获得用户的权限值
- *
- * @access public
- * @return int
- */
- function getUserType()
- {
- if ($this->userType != '') {
- return $this->userType;
- } else {
- return -1;
- }
- }
-
- /**
- * 获取用户权限值
- *
- * @access public
- * @return int
- */
- function getUserRank()
- {
- return $this->getUserType();
- }
-
- /**
- * 获得用户的ID
- *
- * @access public
- * @return int
- */
- function getUserID()
- {
- if ($this->userID != '') {
- return $this->userID;
- } else {
- return -1;
- }
- }
-
- /**
- * 获得用户的笔名
- *
- * @access public
- * @return string
- */
- function getUserName()
- {
- if ($this->userName != '') {
- return $this->userName;
- } else {
- return -1;
- }
- }
-
- /**
- * 用户权限表
- *
- * @access public
- * @return string
- */
- function getPurview()
- {
- return $this->userPurview;
- }
- }
-
- /**
- * 获得某id的所有下级id
- *
- * @access public
- * @param int $id 栏目ID
- * @param int $channel 频道ID
- * @param int $addthis 是否加入当前这个栏目
- * @return string
- */
- function GetSonIdsUL($id, $channel = 0, $addthis = TRUE)
- {
- global $cfg_Cs;
- $GLOBALS['idArray'] = array();
- if (!is_array($cfg_Cs)) {
- require_once(DEDEDATA . "/cache/inc_catalog_base.inc");
- }
- GetSonIdsLogicUL($id, $cfg_Cs, $channel, $addthis);
- $rquery = join(',', $GLOBALS['idArray']);
- return $rquery;
- }
-
- /**
- * 递归逻辑
- *
- * @access public
- * @param int $id 栏目ID
- * @param array $sArr 缓存数组
- * @param int $channel 频道ID
- * @param int $addthis 是否加入当前这个栏目
- * @return string
- */
- function GetSonIdsLogicUL($id, $sArr, $channel = 0, $addthis = FALSE)
- {
- if ($id != 0 && $addthis) {
- $GLOBALS['idArray'][$id] = $id;
- }
- foreach ($sArr as $k => $v) {
- if ($v[0] == $id && ($channel == 0 || $v[1] == $channel)) {
- GetSonIdsLogicUL($k, $sArr, $channel, TRUE);
- }
- }
- }
|