DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
435 Commits
3 Branches
110MB
Tree: 4cb45d9644
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4cb45d9644'
${ noResults }
DedeV6/src/include/userlogin.class.php

473 lines
13KB
Raw Blame History 

  1. <?php

  2. if (!defined('DEDEINC')) exit('dedebiz');

  3. /**

  4.  * 管理员登录类

  5.  *

  6.  * @version        $Id: userlogin.class.php 1 15:59 2010年7月5日Z tianya $

  7.  * @package        DedeBIZ.Libraries

  8.  * @copyright      Copyright (c) 2022, DedeBIZ.COM

  9.  * @license        https://www.dedebiz.com/license

  10.  * @link           https://www.dedebiz.com

  11.  */

  12. session_start();

  13. 

  14. /**

  15.  *  检验用户是否有权使用某功能,这个函数是一个回值函数

  16.  *  CheckPurview函数只是对他回值的一个处理过程

  17.  *

  18.  * @access    public

  19.  * @param     string  $n  功能名称

  20.  * @return    mix  如果具有则返回TRUE

  21.  */

  22. function TestPurview($n)

  23. {

  24.     $rs = FALSE;

  25.     $purview = $GLOBALS['cuserLogin']->getPurview();

  26.     if (preg_match('/admin_AllowAll/i', $purview)) {

  27.         return TRUE;

  28.     }

  29.     if ($n == '') {

  30.         return TRUE;

  31.     }

  32.     if (!isset($GLOBALS['groupRanks'])) {

  33.         $GLOBALS['groupRanks'] = explode(' ', $purview);

  34.     }

  35.     $ns = explode(',', $n);

  36.     foreach ($ns as $n) {

  37.         //只要找到一个匹配的权限,即可认为用户有权访问此页面

  38.         if ($n == '') {

  39.             continue;

  40.         }

  41.         if (in_array($n, $GLOBALS['groupRanks'])) {

  42.             $rs = TRUE;

  43.             break;

  44.         }

  45.     }

  46.     return $rs;

  47. }

  48. 

  49. /**

  50.  *  对权限检测后返回操作对话框

  51.  *

  52.  * @access    public

  53.  * @param     string  $n  功能名称

  54.  * @return    string

  55.  */

  56. function CheckPurview($n)

  57. {

  58.     if (!TestPurview($n)) {

  59.         ShowMsg("对不起,您没有权限执行此操作<br/><br/><a href='javascript:history.go(-1);'>点击此返回上一页&gt;&gt;</a>", 'javascript:;');

  60.         exit();

  61.     }

  62. }

  63. 

  64. /**

  65.  *  是否没权限限制(超级管理员)

  66.  *

  67.  * @access    public

  68.  * @param     string

  69.  * @return    bool

  70.  */

  71. function TestAdmin()

  72. {

  73.     $purview = $GLOBALS['cuserLogin']->getPurview();

  74.     if (preg_match('/admin_AllowAll/i', $purview)) {

  75.         return TRUE;

  76.     } else {

  77.         return FALSE;

  78.     }

  79. }

  80. 

  81. $DedeUserCatalogs = array();

  82. 

  83. /**

  84.  *  检测用户是否有权限操作某栏目

  85.  *

  86.  * @access    public

  87.  * @param     int   $cid  频道id

  88.  * @param     string   $msg  返回消息

  89.  * @return    string

  90.  */

  91. function CheckCatalog($cid, $msg)

  92. {

  93.     global $cfg_admin_channel, $admin_catalogs;

  94.     if ($cfg_admin_channel == 'all' || TestAdmin()) {

  95.         return TRUE;

  96.     }

  97.     if (!in_array($cid, $admin_catalogs)) {

  98.         ShowMsg(" $msg <br/><br/><a href='javascript:history.go(-1);'>点击此返回上一页&gt;&gt;</a>", 'javascript:;');

  99.         exit();

  100.     }

  101.     return TRUE;

  102. }

  103. 

  104. /**

  105.  *  发布文档临时附件信息缓存、发文档前先清空附件信息

  106.  *  发布文档时涉及的附件保存到缓存里,完成后把它与文档关连

  107.  *

  108.  * @access    public

  109.  * @param     string   $fid  文件ID

  110.  * @param     string   $filename  文件名称

  111.  * @return    void

  112.  */

  113. function AddMyAddon($fid, $filename)

  114. {

  115.     $cacheFile = DEDEDATA.'/cache/addon-'.session_id().'.inc';

  116.     if (!file_exists($cacheFile)) {

  117.         $fp = fopen($cacheFile, 'w');

  118.         fwrite($fp, '<'.'?php'."\r\n");

  119.         fwrite($fp, "\$myaddons = array();\r\n");

  120.         fwrite($fp, "\$maNum = 0;\r\n");

  121.         fclose($fp);

  122.     }

  123.     include($cacheFile);

  124.     $fp = fopen($cacheFile, 'a');

  125.     $arrPos = $maNum;

  126.     $maNum++;

  127.     fwrite($fp, "\$myaddons[\$maNum] = array('$fid', '$filename');\r\n");

  128.     fwrite($fp, "\$maNum = $maNum;\r\n");

  129.     fclose($fp);

  130. }

  131. 

  132. /**

  133.  *  清理附件,如果关连的文档ID,先把上一批附件传给这个文档ID

  134.  *

  135.  * @access    public

  136.  * @param     string  $aid  文档ID

  137.  * @param     string  $title  文档标题

  138.  * @return    empty

  139.  */

  140. function ClearMyAddon($aid = 0, $title = '')

  141. {

  142.     global $dsql;

  143.     $cacheFile = DEDEDATA.'/cache/addon-'.session_id().'.inc';

  144.     $_SESSION['bigfile_info'] = array();

  145.     $_SESSION['file_info'] = array();

  146.     if (!file_exists($cacheFile)) {

  147.         return;

  148.     }

  149. 

  150.     //把附件与文档关连

  151.     if (!empty($aid)) {

  152.         include($cacheFile);

  153.         foreach ($myaddons as $addons) {

  154.             if (!empty($title)) {

  155.                 $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid',title='$title' where aid='{$addons[0]}'");

  156.             } else {

  157.                 $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid' where aid='{$addons[0]}' ");

  158.             }

  159.         }

  160.     }

  161.     @unlink($cacheFile);

  162. }

  163. 

  164. /**

  165.  * 登录类

  166.  *

  167.  * @package          userLogin

  168.  * @subpackage       DedeBIZ.Libraries

  169.  * @link             https://www.dedebiz.com

  170.  */

  171. class userLogin

  172. {

  173.     var $userName = '';

  174.     var $userPwd = '';

  175.     var $userID = '';

  176.     var $adminDir = '';

  177.     var $userType = '';

  178.     var $userChannel = '';

  179.     var $userPurview = '';

  180.     var $keepUserIDTag = 'dede_admin_id';

  181.     var $keepUserTypeTag = 'dede_admin_type';

  182.     var $keepUserChannelTag = 'dede_admin_channel';

  183.     var $keepUserNameTag = 'dede_admin_name';

  184.     var $keepUserPurviewTag = 'dede_admin_purview';

  185.     var $keepAdminStyleTag = 'dede_admin_style';

  186.     var $adminStyle = 'DedeBIZ';

  187. 

  188.     //php5构造函数

  189.     function __construct($admindir = '')

  190.     {

  191.         global $admin_path;

  192.         if (isset($_SESSION[$this->keepUserIDTag])) {

  193.             $this->userID = $_SESSION[$this->keepUserIDTag];

  194.             $this->userType = $_SESSION[$this->keepUserTypeTag];

  195.             $this->userChannel = $_SESSION[$this->keepUserChannelTag];

  196.             $this->userName = $_SESSION[$this->keepUserNameTag];

  197.             $this->userPurview = $_SESSION[$this->keepUserPurviewTag];

  198.             $this->adminStyle = $_SESSION[$this->keepAdminStyleTag];

  199.         }

  200. 

  201.         if ($admindir != '') {

  202.             $this->adminDir = $admindir;

  203.         } else {

  204.             $this->adminDir = $admin_path;

  205.         }

  206.     }

  207. 

  208.     function userLogin($admindir = '')

  209.     {

  210.         $this->__construct($admindir);

  211.     }

  212. 

  213.     /**

  214.      *  检验用户是否正确

  215.      *

  216.      * @access    public

  217.      * @param     string    $username  用户名

  218.      * @param     string    $userpwd  密码

  219.      * @return    string

  220.      */

  221.     function checkUser($username, $userpwd)

  222.     {

  223.         global $dsql;

  224. 

  225.         //只允许用户名和密码用0-9,a-z,A-Z,'@','_','.','-'这些字符

  226.         $this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username);

  227.         $this->userPwd = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userpwd);

  228.         $pwd = substr(md5($this->userPwd), 5, 20);

  229.         $dsql->SetQuery("SELECT admin.*,atype.purviews FROM `#@__admin` admin LEFT JOIN `#@__admintype` atype ON atype.rank=admin.usertype WHERE admin.userid LIKE '".$this->userName."' LIMIT 0,1");

  230.         $dsql->Execute();

  231.         $row = $dsql->GetObject();

  232.         if (!isset($row->pwd)) {

  233.             return -1;

  234.         } else if ($pwd != $row->pwd) {

  235.             return -2;

  236.         } else {

  237.             $loginip = GetIP();

  238.             $this->userID = $row->id;

  239.             $this->userType = $row->usertype;

  240.             $this->userChannel = $row->typeid;

  241.             $this->userName = $row->uname;

  242.             $this->userPurview = $row->purviews;

  243.             $inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='".time()."' WHERE id='".$row->id."'";

  244.             $dsql->ExecuteNoneQuery($inquery);

  245.             $sql = "UPDATE `#@__member` SET logintime=".time().", loginip='$loginip' WHERE mid=".$row->id;

  246.             $dsql->ExecuteNoneQuery($sql);

  247.             return 1;

  248.         }

  249.     }

  250. 

  251.     /**

  252.      *  保持用户的会话状态

  253.      *

  254.      * @access    public

  255.      * @return    int    成功返回 1 ,失败返回 -1

  256.      */

  257.     function keepUser()

  258.     {

  259.         if ($this->userID != '' && $this->userType != '') {

  260.             global $admincachefile, $adminstyle;

  261.             if (empty($adminstyle)) $adminstyle = 'DedeBIZ';

  262. 

  263.             @session_register($this->keepUserIDTag);

  264.             $_SESSION[$this->keepUserIDTag] = $this->userID;

  265. 

  266.             @session_register($this->keepUserTypeTag);

  267.             $_SESSION[$this->keepUserTypeTag] = $this->userType;

  268. 

  269.             @session_register($this->keepUserChannelTag);

  270.             $_SESSION[$this->keepUserChannelTag] = $this->userChannel;

  271. 

  272.             @session_register($this->keepUserNameTag);

  273.             $_SESSION[$this->keepUserNameTag] = $this->userName;

  274. 

  275.             @session_register($this->keepUserPurviewTag);

  276.             $_SESSION[$this->keepUserPurviewTag] = $this->userPurview;

  277. 

  278.             @session_register($this->keepAdminStyleTag);

  279.             $_SESSION[$this->keepAdminStyleTag] = $adminstyle;

  280. 

  281.             PutCookie('DedeUserID', $this->userID, 3600 * 24, '/');

  282.             PutCookie('DedeLoginTime', time(), 3600 * 24, '/');

  283. 

  284.             $this->ReWriteAdminChannel();

  285. 

  286.             return 1;

  287.         } else {

  288.             return -1;

  289.         }

  290.     }

  291. 

  292.     /**

  293.      *  重写用户权限频道

  294.      *

  295.      * @access    public

  296.      * @return    void

  297.      */

  298.     function ReWriteAdminChannel()

  299.     {

  300.         //$this->userChannel

  301.         $cacheFile = DEDEDATA.'/cache/admincat_'.$this->userID.'.inc';

  302.         //管理员管理的频道列表

  303.         $typeid = trim($this->userChannel);

  304.         if (empty($typeid) || $this->getUserType() >= 10) {

  305.             $firstConfig = "\$cfg_admin_channel = 'all';\r\n\$admin_catalogs = array();\r\n";

  306.         } else {

  307.             $firstConfig = "\$cfg_admin_channel = 'array';\r\n";

  308.         }

  309.         $fp = fopen($cacheFile, 'w');

  310.         fwrite($fp, '<'.'?php'."\r\n");

  311.         fwrite($fp, $firstConfig);

  312.         if (!empty($typeid)) {

  313.             $typeids = explode(',', $typeid);

  314.             $typeid = '';

  315.             foreach ($typeids as $tid) {

  316.                 $typeid .= ($typeid == '' ? GetSonIdsUL($tid) : ','.GetSonIdsUL($tid));

  317.             }

  318.             $typeids = explode(',', $typeid);

  319.             $typeidsnew = array_unique($typeids);

  320.             $typeid = join(',', $typeidsnew);

  321.             fwrite($fp, "\$admin_catalogs = array($typeid);\r\n");

  322.         }

  323.         fwrite($fp, '?'.'>');

  324.         fclose($fp);

  325.     }

  326. 

  327.     //

  328.     /**

  329.      *  结束用户的会话状态

  330.      *

  331.      * @access    public

  332.      * @return    void

  333.      */

  334.     function exitUser()

  335.     {

  336.         ClearMyAddon();

  337.         @session_unregister($this->keepUserIDTag);

  338.         @session_unregister($this->keepUserTypeTag);

  339.         @session_unregister($this->keepUserChannelTag);

  340.         @session_unregister($this->keepUserNameTag);

  341.         @session_unregister($this->keepUserPurviewTag);

  342.         DropCookie('dedeAdmindir');

  343.         DropCookie('DedeUserID');

  344.         DropCookie('DedeLoginTime');

  345.         $_SESSION = array();

  346.     }

  347. 

  348.     /**

  349.      *  获得用户管理频道的值

  350.      *

  351.      * @access    public

  352.      * @return    array

  353.      */

  354.     function getUserChannel()

  355.     {

  356.         if ($this->userChannel != '') {

  357.             return $this->userChannel;

  358.         } else {

  359.             return '';

  360.         }

  361.     }

  362. 

  363.     /**

  364.      *  获得用户的权限值

  365.      *

  366.      * @access    public

  367.      * @return    int

  368.      */

  369.     function getUserType()

  370.     {

  371.         if ($this->userType != '') {

  372.             return $this->userType;

  373.         } else {

  374.             return -1;

  375.         }

  376.     }

  377. 

  378.     /**

  379.      *  获取用户权限值

  380.      *

  381.      * @access    public

  382.      * @return    int

  383.      */

  384.     function getUserRank()

  385.     {

  386.         return $this->getUserType();

  387.     }

  388. 

  389.     /**

  390.      *  获得用户的ID

  391.      *

  392.      * @access    public

  393.      * @return    int

  394.      */

  395.     function getUserID()

  396.     {

  397.         if ($this->userID != '') {

  398.             return $this->userID;

  399.         } else {

  400.             return -1;

  401.         }

  402.     }

  403. 

  404.     /**

  405.      *  获得用户的笔名

  406.      *

  407.      * @access    public

  408.      * @return    string

  409.      */

  410.     function getUserName()

  411.     {

  412.         if ($this->userName != '') {

  413.             return $this->userName;

  414.         } else {

  415.             return -1;

  416.         }

  417.     }

  418. 

  419.     /**

  420.      *  用户权限表

  421.      *

  422.      * @access    public

  423.      * @return    string

  424.      */

  425.     function getPurview()

  426.     {

  427.         return $this->userPurview;

  428.     }

  429. }

  430. 

  431. /**

  432.  *  获得某id的所有下级id

  433.  *

  434.  * @access    public

  435.  * @param     int   $id  栏目ID

  436.  * @param     int   $channel  频道ID

  437.  * @param     int   $addthis  是否加入当前这个栏目

  438.  * @return    string

  439.  */

  440. function GetSonIdsUL($id, $channel = 0, $addthis = TRUE)

  441. {

  442.     global $cfg_Cs;

  443.     $GLOBALS['idArray'] = array();

  444.     if (!is_array($cfg_Cs)) {

  445.         require_once(DEDEDATA."/cache/inc_catalog_base.inc");

  446.     }

  447.     GetSonIdsLogicUL($id, $cfg_Cs, $channel, $addthis);

  448.     $rquery = join(',', $GLOBALS['idArray']);

  449.     return $rquery;

  450. }

  451. 

  452. /**

  453.  *  递归逻辑

  454.  *

  455.  * @access    public

  456.  * @param     int  $id  栏目ID

  457.  * @param     array  $sArr  缓存数组

  458.  * @param     int   $channel  频道ID

  459.  * @param     int   $addthis  是否加入当前这个栏目

  460.  * @return    string

  461.  */

  462. function GetSonIdsLogicUL($id, $sArr, $channel = 0, $addthis = FALSE)

  463. {

  464.     if ($id != 0 && $addthis) {

  465.         $GLOBALS['idArray'][$id] = $id;

  466.     }

  467.     foreach ($sArr as $k => $v) {

  468.         if ($v[0] == $id && ($channel == 0 || $v[1] == $channel)) {

  469.             GetSonIdsLogicUL($k, $sArr, $channel, TRUE);

  470.         }

  471.     }

  472. }