国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

userlogin.class.php 13KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471
  1. <?php if (!defined('DEDEINC')) exit('Request Error!');
  2. /**
  3. * 管理员登录类
  4. *
  5. * @version $Id: userlogin.class.php 1 15:59 2010年7月5日Z tianya $
  6. * @package DedeBIZ.Libraries
  7. * @copyright Copyright (c) 2020, DedeBIZ.COM
  8. * @license https://www.dedebiz.com/license
  9. * @link https://www.dedebiz.com
  10. */
  11. session_start();
  12. /**
  13. * 检验用户是否有权使用某功能,这个函数是一个回值函数
  14. * CheckPurview函数只是对他回值的一个处理过程
  15. *
  16. * @access public
  17. * @param string $n 功能名称
  18. * @return mix 如果具有则返回TRUE
  19. */
  20. function TestPurview($n)
  21. {
  22. $rs = FALSE;
  23. $purview = $GLOBALS['cuserLogin']->getPurview();
  24. if (preg_match('/admin_AllowAll/i', $purview)) {
  25. return TRUE;
  26. }
  27. if ($n == '') {
  28. return TRUE;
  29. }
  30. if (!isset($GLOBALS['groupRanks'])) {
  31. $GLOBALS['groupRanks'] = explode(' ', $purview);
  32. }
  33. $ns = explode(',', $n);
  34. foreach ($ns as $n) {
  35. //只要找到一个匹配的权限,即可认为用户有权访问此页面
  36. if ($n == '') {
  37. continue;
  38. }
  39. if (in_array($n, $GLOBALS['groupRanks'])) {
  40. $rs = TRUE;
  41. break;
  42. }
  43. }
  44. return $rs;
  45. }
  46. /**
  47. * 对权限检测后返回操作对话框
  48. *
  49. * @access public
  50. * @param string $n 功能名称
  51. * @return string
  52. */
  53. function CheckPurview($n)
  54. {
  55. if (!TestPurview($n)) {
  56. ShowMsg("对不起,你没有权限执行此操作!<br/><br/><a href='javascript:history.go(-1);'>点击此返回上一页&gt;&gt;</a>", 'javascript:;');
  57. exit();
  58. }
  59. }
  60. /**
  61. * 是否没权限限制(超级管理员)
  62. *
  63. * @access public
  64. * @param string
  65. * @return bool
  66. */
  67. function TestAdmin()
  68. {
  69. $purview = $GLOBALS['cuserLogin']->getPurview();
  70. if (preg_match('/admin_AllowAll/i', $purview)) {
  71. return TRUE;
  72. } else {
  73. return FALSE;
  74. }
  75. }
  76. $DedeUserCatalogs = array();
  77. /**
  78. * 检测用户是否有权限操作某栏目
  79. *
  80. * @access public
  81. * @param int $cid 频道id
  82. * @param string $msg 返回消息
  83. * @return string
  84. */
  85. function CheckCatalog($cid, $msg)
  86. {
  87. global $cfg_admin_channel, $admin_catalogs;
  88. if ($cfg_admin_channel == 'all' || TestAdmin()) {
  89. return TRUE;
  90. }
  91. if (!in_array($cid, $admin_catalogs)) {
  92. ShowMsg(" $msg <br/><br/><a href='javascript:history.go(-1);'>点击此返回上一页&gt;&gt;</a>", 'javascript:;');
  93. exit();
  94. }
  95. return TRUE;
  96. }
  97. /**
  98. * 发布文档临时附件信息缓存、发文档前先清空附件信息
  99. * 发布文档时涉及的附件保存到缓存里,完成后把它与文档关连
  100. *
  101. * @access public
  102. * @param string $fid 文件ID
  103. * @param string $filename 文件名称
  104. * @return void
  105. */
  106. function AddMyAddon($fid, $filename)
  107. {
  108. $cacheFile = DEDEDATA . '/cache/addon-' . session_id() . '.inc';
  109. if (!file_exists($cacheFile)) {
  110. $fp = fopen($cacheFile, 'w');
  111. fwrite($fp, '<' . '?php' . "\r\n");
  112. fwrite($fp, "\$myaddons = array();\r\n");
  113. fwrite($fp, "\$maNum = 0;\r\n");
  114. fclose($fp);
  115. }
  116. include($cacheFile);
  117. $fp = fopen($cacheFile, 'a');
  118. $arrPos = $maNum;
  119. $maNum++;
  120. fwrite($fp, "\$myaddons[\$maNum] = array('$fid', '$filename');\r\n");
  121. fwrite($fp, "\$maNum = $maNum;\r\n");
  122. fclose($fp);
  123. }
  124. /**
  125. * 清理附件,如果关连的文档ID,先把上一批附件传给这个文档ID
  126. *
  127. * @access public
  128. * @param string $aid 文档ID
  129. * @param string $title 文档标题
  130. * @return empty
  131. */
  132. function ClearMyAddon($aid = 0, $title = '')
  133. {
  134. global $dsql;
  135. $cacheFile = DEDEDATA . '/cache/addon-' . session_id() . '.inc';
  136. $_SESSION['bigfile_info'] = array();
  137. $_SESSION['file_info'] = array();
  138. if (!file_exists($cacheFile)) {
  139. return;
  140. }
  141. //把附件与文档关连
  142. if (!empty($aid)) {
  143. include($cacheFile);
  144. foreach ($myaddons as $addons) {
  145. if (!empty($title)) {
  146. $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid',title='$title' where aid='{$addons[0]}'");
  147. } else {
  148. $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid' where aid='{$addons[0]}' ");
  149. }
  150. }
  151. }
  152. @unlink($cacheFile);
  153. }
  154. /**
  155. * 登录类
  156. *
  157. * @package userLogin
  158. * @subpackage DedeBIZ.Libraries
  159. * @link https://www.dedebiz.com
  160. */
  161. class userLogin
  162. {
  163. var $userName = '';
  164. var $userPwd = '';
  165. var $userID = '';
  166. var $adminDir = '';
  167. var $userType = '';
  168. var $userChannel = '';
  169. var $userPurview = '';
  170. var $keepUserIDTag = 'dede_admin_id';
  171. var $keepUserTypeTag = 'dede_admin_type';
  172. var $keepUserChannelTag = 'dede_admin_channel';
  173. var $keepUserNameTag = 'dede_admin_name';
  174. var $keepUserPurviewTag = 'dede_admin_purview';
  175. var $keepAdminStyleTag = 'dede_admin_style';
  176. var $adminStyle = 'dedecms';
  177. //php5构造函数
  178. function __construct($admindir = '')
  179. {
  180. global $admin_path;
  181. if (isset($_SESSION[$this->keepUserIDTag])) {
  182. $this->userID = $_SESSION[$this->keepUserIDTag];
  183. $this->userType = $_SESSION[$this->keepUserTypeTag];
  184. $this->userChannel = $_SESSION[$this->keepUserChannelTag];
  185. $this->userName = $_SESSION[$this->keepUserNameTag];
  186. $this->userPurview = $_SESSION[$this->keepUserPurviewTag];
  187. $this->adminStyle = $_SESSION[$this->keepAdminStyleTag];
  188. }
  189. if ($admindir != '') {
  190. $this->adminDir = $admindir;
  191. } else {
  192. $this->adminDir = $admin_path;
  193. }
  194. }
  195. function userLogin($admindir = '')
  196. {
  197. $this->__construct($admindir);
  198. }
  199. /**
  200. * 检验用户是否正确
  201. *
  202. * @access public
  203. * @param string $username 用户名
  204. * @param string $userpwd 密码
  205. * @return string
  206. */
  207. function checkUser($username, $userpwd)
  208. {
  209. global $dsql;
  210. //只允许用户名和密码用0-9,a-z,A-Z,'@','_','.','-'这些字符
  211. $this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username);
  212. $this->userPwd = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userpwd);
  213. $pwd = substr(md5($this->userPwd), 5, 20);
  214. $dsql->SetQuery("SELECT admin.*,atype.purviews FROM `#@__admin` admin LEFT JOIN `#@__admintype` atype ON atype.rank=admin.usertype WHERE admin.userid LIKE '" . $this->userName . "' LIMIT 0,1");
  215. $dsql->Execute();
  216. $row = $dsql->GetObject();
  217. if (!isset($row->pwd)) {
  218. return -1;
  219. } else if ($pwd != $row->pwd) {
  220. return -2;
  221. } else {
  222. $loginip = GetIP();
  223. $this->userID = $row->id;
  224. $this->userType = $row->usertype;
  225. $this->userChannel = $row->typeid;
  226. $this->userName = $row->uname;
  227. $this->userPurview = $row->purviews;
  228. $inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='" . time() . "' WHERE id='" . $row->id . "'";
  229. $dsql->ExecuteNoneQuery($inquery);
  230. $sql = "UPDATE `#@__member` SET logintime=" . time() . ", loginip='$loginip' WHERE mid=" . $row->id;
  231. $dsql->ExecuteNoneQuery($sql);
  232. return 1;
  233. }
  234. }
  235. /**
  236. * 保持用户的会话状态
  237. *
  238. * @access public
  239. * @return int 成功返回 1 ,失败返回 -1
  240. */
  241. function keepUser()
  242. {
  243. if ($this->userID != '' && $this->userType != '') {
  244. global $admincachefile, $adminstyle;
  245. if (empty($adminstyle)) $adminstyle = 'dedecms';
  246. @session_register($this->keepUserIDTag);
  247. $_SESSION[$this->keepUserIDTag] = $this->userID;
  248. @session_register($this->keepUserTypeTag);
  249. $_SESSION[$this->keepUserTypeTag] = $this->userType;
  250. @session_register($this->keepUserChannelTag);
  251. $_SESSION[$this->keepUserChannelTag] = $this->userChannel;
  252. @session_register($this->keepUserNameTag);
  253. $_SESSION[$this->keepUserNameTag] = $this->userName;
  254. @session_register($this->keepUserPurviewTag);
  255. $_SESSION[$this->keepUserPurviewTag] = $this->userPurview;
  256. @session_register($this->keepAdminStyleTag);
  257. $_SESSION[$this->keepAdminStyleTag] = $adminstyle;
  258. PutCookie('DedeUserID', $this->userID, 3600 * 24, '/');
  259. PutCookie('DedeLoginTime', time(), 3600 * 24, '/');
  260. $this->ReWriteAdminChannel();
  261. return 1;
  262. } else {
  263. return -1;
  264. }
  265. }
  266. /**
  267. * 重写用户权限频道
  268. *
  269. * @access public
  270. * @return void
  271. */
  272. function ReWriteAdminChannel()
  273. {
  274. //$this->userChannel
  275. $cacheFile = DEDEDATA . '/cache/admincat_' . $this->userID . '.inc';
  276. //管理员管理的频道列表
  277. $typeid = trim($this->userChannel);
  278. if (empty($typeid) || $this->getUserType() >= 10) {
  279. $firstConfig = "\$cfg_admin_channel = 'all';\r\n\$admin_catalogs = array();\r\n";
  280. } else {
  281. $firstConfig = "\$cfg_admin_channel = 'array';\r\n";
  282. }
  283. $fp = fopen($cacheFile, 'w');
  284. fwrite($fp, '<' . '?php' . "\r\n");
  285. fwrite($fp, $firstConfig);
  286. if (!empty($typeid)) {
  287. $typeids = explode(',', $typeid);
  288. $typeid = '';
  289. foreach ($typeids as $tid) {
  290. $typeid .= ($typeid == '' ? GetSonIdsUL($tid) : ',' . GetSonIdsUL($tid));
  291. }
  292. $typeids = explode(',', $typeid);
  293. $typeidsnew = array_unique($typeids);
  294. $typeid = join(',', $typeidsnew);
  295. fwrite($fp, "\$admin_catalogs = array($typeid);\r\n");
  296. }
  297. fwrite($fp, '?' . '>');
  298. fclose($fp);
  299. }
  300. //
  301. /**
  302. * 结束用户的会话状态
  303. *
  304. * @access public
  305. * @return void
  306. */
  307. function exitUser()
  308. {
  309. ClearMyAddon();
  310. @session_unregister($this->keepUserIDTag);
  311. @session_unregister($this->keepUserTypeTag);
  312. @session_unregister($this->keepUserChannelTag);
  313. @session_unregister($this->keepUserNameTag);
  314. @session_unregister($this->keepUserPurviewTag);
  315. DropCookie('dedeAdmindir');
  316. DropCookie('DedeUserID');
  317. DropCookie('DedeLoginTime');
  318. $_SESSION = array();
  319. }
  320. /**
  321. * 获得用户管理频道的值
  322. *
  323. * @access public
  324. * @return array
  325. */
  326. function getUserChannel()
  327. {
  328. if ($this->userChannel != '') {
  329. return $this->userChannel;
  330. } else {
  331. return '';
  332. }
  333. }
  334. /**
  335. * 获得用户的权限值
  336. *
  337. * @access public
  338. * @return int
  339. */
  340. function getUserType()
  341. {
  342. if ($this->userType != '') {
  343. return $this->userType;
  344. } else {
  345. return -1;
  346. }
  347. }
  348. /**
  349. * 获取用户权限值
  350. *
  351. * @access public
  352. * @return int
  353. */
  354. function getUserRank()
  355. {
  356. return $this->getUserType();
  357. }
  358. /**
  359. * 获得用户的ID
  360. *
  361. * @access public
  362. * @return int
  363. */
  364. function getUserID()
  365. {
  366. if ($this->userID != '') {
  367. return $this->userID;
  368. } else {
  369. return -1;
  370. }
  371. }
  372. /**
  373. * 获得用户的笔名
  374. *
  375. * @access public
  376. * @return string
  377. */
  378. function getUserName()
  379. {
  380. if ($this->userName != '') {
  381. return $this->userName;
  382. } else {
  383. return -1;
  384. }
  385. }
  386. /**
  387. * 用户权限表
  388. *
  389. * @access public
  390. * @return string
  391. */
  392. function getPurview()
  393. {
  394. return $this->userPurview;
  395. }
  396. }
  397. /**
  398. * 获得某id的所有下级id
  399. *
  400. * @access public
  401. * @param int $id 栏目ID
  402. * @param int $channel 频道ID
  403. * @param int $addthis 是否加入当前这个栏目
  404. * @return string
  405. */
  406. function GetSonIdsUL($id, $channel = 0, $addthis = TRUE)
  407. {
  408. global $cfg_Cs;
  409. $GLOBALS['idArray'] = array();
  410. if (!is_array($cfg_Cs)) {
  411. require_once(DEDEDATA . "/cache/inc_catalog_base.inc");
  412. }
  413. GetSonIdsLogicUL($id, $cfg_Cs, $channel, $addthis);
  414. $rquery = join(',', $GLOBALS['idArray']);
  415. return $rquery;
  416. }
  417. /**
  418. * 递归逻辑
  419. *
  420. * @access public
  421. * @param int $id 栏目ID
  422. * @param array $sArr 缓存数组
  423. * @param int $channel 频道ID
  424. * @param int $addthis 是否加入当前这个栏目
  425. * @return string
  426. */
  427. function GetSonIdsLogicUL($id, $sArr, $channel = 0, $addthis = FALSE)
  428. {
  429. if ($id != 0 && $addthis) {
  430. $GLOBALS['idArray'][$id] = $id;
  431. }
  432. foreach ($sArr as $k => $v) {
  433. if ($v[0] == $id && ($channel == 0 || $v[1] == $channel)) {
  434. GetSonIdsLogicUL($k, $sArr, $channel, TRUE);
  435. }
  436. }
  437. }