DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
275 Commits
3 Branches
110MB
Tree: 66f402eac8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '66f402eac8'
${ noResults }
DedeV6/src/include/userlogin.class.php

472 lines
13KB
Raw Blame History 

  1. <?php if (!defined('DEDEINC')) exit('Request Error!');

  2. /**

  3.  * 管理员登录类

  4.  *

  5.  * @version        $Id: userlogin.class.php 1 15:59 2010年7月5日Z tianya $

  6.  * @package        DedeBIZ.Libraries

  7.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  8.  * @license        https://www.dedebiz.com/license

  9.  * @link           https://www.dedebiz.com

  10.  */

  11. session_start();

  12. 

  13. /**

  14.  *  检验用户是否有权使用某功能,这个函数是一个回值函数

  15.  *  CheckPurview函数只是对他回值的一个处理过程

  16.  *

  17.  * @access    public

  18.  * @param     string  $n  功能名称

  19.  * @return    mix  如果具有则返回TRUE

  20.  */

  21. function TestPurview($n)

  22. {

  23.     $rs = FALSE;

  24.     $purview = $GLOBALS['cuserLogin']->getPurview();

  25.     if (preg_match('/admin_AllowAll/i', $purview)) {

  26.         return TRUE;

  27.     }

  28.     if ($n == '') {

  29.         return TRUE;

  30.     }

  31.     if (!isset($GLOBALS['groupRanks'])) {

  32.         $GLOBALS['groupRanks'] = explode(' ', $purview);

  33.     }

  34.     $ns = explode(',', $n);

  35.     foreach ($ns as $n) {

  36.         //只要找到一个匹配的权限,即可认为用户有权访问此页面

  37.         if ($n == '') {

  38.             continue;

  39.         }

  40.         if (in_array($n, $GLOBALS['groupRanks'])) {

  41.             $rs = TRUE;

  42.             break;

  43.         }

  44.     }

  45.     return $rs;

  46. }

  47. 

  48. /**

  49.  *  对权限检测后返回操作对话框

  50.  *

  51.  * @access    public

  52.  * @param     string  $n  功能名称

  53.  * @return    string

  54.  */

  55. function CheckPurview($n)

  56. {

  57.     if (!TestPurview($n)) {

  58.         ShowMsg("对不起,你没有权限执行此操作!<br/><br/><a href='javascript:history.go(-1);'>点击此返回上一页&gt;&gt;</a>", 'javascript:;');

  59.         exit();

  60.     }

  61. }

  62. 

  63. /**

  64.  *  是否没权限限制(超级管理员)

  65.  *

  66.  * @access    public

  67.  * @param     string

  68.  * @return    bool

  69.  */

  70. function TestAdmin()

  71. {

  72.     $purview = $GLOBALS['cuserLogin']->getPurview();

  73.     if (preg_match('/admin_AllowAll/i', $purview)) {

  74.         return TRUE;

  75.     } else {

  76.         return FALSE;

  77.     }

  78. }

  79. 

  80. $DedeUserCatalogs = array();

  81. 

  82. /**

  83.  *  检测用户是否有权限操作某栏目

  84.  *

  85.  * @access    public

  86.  * @param     int   $cid  频道id

  87.  * @param     string   $msg  返回消息

  88.  * @return    string

  89.  */

  90. function CheckCatalog($cid, $msg)

  91. {

  92.     global $cfg_admin_channel, $admin_catalogs;

  93.     if ($cfg_admin_channel == 'all' || TestAdmin()) {

  94.         return TRUE;

  95.     }

  96.     if (!in_array($cid, $admin_catalogs)) {

  97.         ShowMsg(" $msg <br/><br/><a href='javascript:history.go(-1);'>点击此返回上一页&gt;&gt;</a>", 'javascript:;');

  98.         exit();

  99.     }

  100.     return TRUE;

  101. }

  102. 

  103. /**

  104.  *  发布文档临时附件信息缓存、发文档前先清空附件信息

  105.  *  发布文档时涉及的附件保存到缓存里,完成后把它与文档关连

  106.  *

  107.  * @access    public

  108.  * @param     string   $fid  文件ID

  109.  * @param     string   $filename  文件名称

  110.  * @return    void

  111.  */

  112. function AddMyAddon($fid, $filename)

  113. {

  114.     $cacheFile = DEDEDATA . '/cache/addon-' . session_id() . '.inc';

  115.     if (!file_exists($cacheFile)) {

  116.         $fp = fopen($cacheFile, 'w');

  117.         fwrite($fp, '<' . '?php' . "\r\n");

  118.         fwrite($fp, "\$myaddons = array();\r\n");

  119.         fwrite($fp, "\$maNum = 0;\r\n");

  120.         fclose($fp);

  121.     }

  122.     include($cacheFile);

  123.     $fp = fopen($cacheFile, 'a');

  124.     $arrPos = $maNum;

  125.     $maNum++;

  126.     fwrite($fp, "\$myaddons[\$maNum] = array('$fid', '$filename');\r\n");

  127.     fwrite($fp, "\$maNum = $maNum;\r\n");

  128.     fclose($fp);

  129. }

  130. 

  131. /**

  132.  *  清理附件,如果关连的文档ID,先把上一批附件传给这个文档ID

  133.  *

  134.  * @access    public

  135.  * @param     string  $aid  文档ID

  136.  * @param     string  $title  文档标题

  137.  * @return    empty

  138.  */

  139. function ClearMyAddon($aid = 0, $title = '')

  140. {

  141.     global $dsql;

  142.     $cacheFile = DEDEDATA . '/cache/addon-' . session_id() . '.inc';

  143.     $_SESSION['bigfile_info'] = array();

  144.     $_SESSION['file_info'] = array();

  145.     if (!file_exists($cacheFile)) {

  146.         return;

  147.     }

  148. 

  149.     //把附件与文档关连

  150.     if (!empty($aid)) {

  151.         include($cacheFile);

  152.         foreach ($myaddons as $addons) {

  153.             if (!empty($title)) {

  154.                 $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid',title='$title' where aid='{$addons[0]}'");

  155.             } else {

  156.                 $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid' where aid='{$addons[0]}' ");

  157.             }

  158.         }

  159.     }

  160.     @unlink($cacheFile);

  161. }

  162. 

  163. /**

  164.  * 登录类

  165.  *

  166.  * @package          userLogin

  167.  * @subpackage       DedeBIZ.Libraries

  168.  * @link             https://www.dedebiz.com

  169.  */

  170. class userLogin

  171. {

  172.     var $userName = '';

  173.     var $userPwd = '';

  174.     var $userID = '';

  175.     var $adminDir = '';

  176.     var $userType = '';

  177.     var $userChannel = '';

  178.     var $userPurview = '';

  179.     var $keepUserIDTag = 'dede_admin_id';

  180.     var $keepUserTypeTag = 'dede_admin_type';

  181.     var $keepUserChannelTag = 'dede_admin_channel';

  182.     var $keepUserNameTag = 'dede_admin_name';

  183.     var $keepUserPurviewTag = 'dede_admin_purview';

  184.     var $keepAdminStyleTag = 'dede_admin_style';

  185.     var $adminStyle = 'dedecms';

  186. 

  187.     //php5构造函数

  188.     function __construct($admindir = '')

  189.     {

  190.         global $admin_path;

  191.         if (isset($_SESSION[$this->keepUserIDTag])) {

  192.             $this->userID = $_SESSION[$this->keepUserIDTag];

  193.             $this->userType = $_SESSION[$this->keepUserTypeTag];

  194.             $this->userChannel = $_SESSION[$this->keepUserChannelTag];

  195.             $this->userName = $_SESSION[$this->keepUserNameTag];

  196.             $this->userPurview = $_SESSION[$this->keepUserPurviewTag];

  197.             $this->adminStyle = $_SESSION[$this->keepAdminStyleTag];

  198.         }

  199. 

  200.         if ($admindir != '') {

  201.             $this->adminDir = $admindir;

  202.         } else {

  203.             $this->adminDir = $admin_path;

  204.         }

  205.     }

  206. 

  207.     function userLogin($admindir = '')

  208.     {

  209.         $this->__construct($admindir);

  210.     }

  211. 

  212.     /**

  213.      *  检验用户是否正确

  214.      *

  215.      * @access    public

  216.      * @param     string    $username  用户名

  217.      * @param     string    $userpwd  密码

  218.      * @return    string

  219.      */

  220.     function checkUser($username, $userpwd)

  221.     {

  222.         global $dsql;

  223. 

  224.         //只允许用户名和密码用0-9,a-z,A-Z,'@','_','.','-'这些字符

  225.         $this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username);

  226.         $this->userPwd = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userpwd);

  227.         $pwd = substr(md5($this->userPwd), 5, 20);

  228.         $dsql->SetQuery("SELECT admin.*,atype.purviews FROM `#@__admin` admin LEFT JOIN `#@__admintype` atype ON atype.rank=admin.usertype WHERE admin.userid LIKE '" . $this->userName . "' LIMIT 0,1");

  229.         $dsql->Execute();

  230.         $row = $dsql->GetObject();

  231.         if (!isset($row->pwd)) {

  232.             return -1;

  233.         } else if ($pwd != $row->pwd) {

  234.             return -2;

  235.         } else {

  236.             $loginip = GetIP();

  237.             $this->userID = $row->id;

  238.             $this->userType = $row->usertype;

  239.             $this->userChannel = $row->typeid;

  240.             $this->userName = $row->uname;

  241.             $this->userPurview = $row->purviews;

  242.             $inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='" . time() . "' WHERE id='" . $row->id . "'";

  243.             $dsql->ExecuteNoneQuery($inquery);

  244.             $sql = "UPDATE `#@__member` SET logintime=" . time() . ", loginip='$loginip' WHERE mid=" . $row->id;

  245.             $dsql->ExecuteNoneQuery($sql);

  246.             return 1;

  247.         }

  248.     }

  249. 

  250.     /**

  251.      *  保持用户的会话状态

  252.      *

  253.      * @access    public

  254.      * @return    int    成功返回 1 ,失败返回 -1

  255.      */

  256.     function keepUser()

  257.     {

  258.         if ($this->userID != '' && $this->userType != '') {

  259.             global $admincachefile, $adminstyle;

  260.             if (empty($adminstyle)) $adminstyle = 'dedecms';

  261. 

  262.             @session_register($this->keepUserIDTag);

  263.             $_SESSION[$this->keepUserIDTag] = $this->userID;

  264. 

  265.             @session_register($this->keepUserTypeTag);

  266.             $_SESSION[$this->keepUserTypeTag] = $this->userType;

  267. 

  268.             @session_register($this->keepUserChannelTag);

  269.             $_SESSION[$this->keepUserChannelTag] = $this->userChannel;

  270. 

  271.             @session_register($this->keepUserNameTag);

  272.             $_SESSION[$this->keepUserNameTag] = $this->userName;

  273. 

  274.             @session_register($this->keepUserPurviewTag);

  275.             $_SESSION[$this->keepUserPurviewTag] = $this->userPurview;

  276. 

  277.             @session_register($this->keepAdminStyleTag);

  278.             $_SESSION[$this->keepAdminStyleTag] = $adminstyle;

  279. 

  280.             PutCookie('DedeUserID', $this->userID, 3600 * 24, '/');

  281.             PutCookie('DedeLoginTime', time(), 3600 * 24, '/');

  282. 

  283.             $this->ReWriteAdminChannel();

  284. 

  285.             return 1;

  286.         } else {

  287.             return -1;

  288.         }

  289.     }

  290. 

  291.     /**

  292.      *  重写用户权限频道

  293.      *

  294.      * @access    public

  295.      * @return    void

  296.      */

  297.     function ReWriteAdminChannel()

  298.     {

  299.         //$this->userChannel

  300.         $cacheFile = DEDEDATA . '/cache/admincat_' . $this->userID . '.inc';

  301.         //管理员管理的频道列表

  302.         $typeid = trim($this->userChannel);

  303.         if (empty($typeid) || $this->getUserType() >= 10) {

  304.             $firstConfig = "\$cfg_admin_channel = 'all';\r\n\$admin_catalogs = array();\r\n";

  305.         } else {

  306.             $firstConfig = "\$cfg_admin_channel = 'array';\r\n";

  307.         }

  308.         $fp = fopen($cacheFile, 'w');

  309.         fwrite($fp, '<' . '?php' . "\r\n");

  310.         fwrite($fp, $firstConfig);

  311.         if (!empty($typeid)) {

  312.             $typeids = explode(',', $typeid);

  313.             $typeid = '';

  314.             foreach ($typeids as $tid) {

  315.                 $typeid .= ($typeid == '' ? GetSonIdsUL($tid) : ',' . GetSonIdsUL($tid));

  316.             }

  317.             $typeids = explode(',', $typeid);

  318.             $typeidsnew = array_unique($typeids);

  319.             $typeid = join(',', $typeidsnew);

  320.             fwrite($fp, "\$admin_catalogs = array($typeid);\r\n");

  321.         }

  322.         fwrite($fp, '?' . '>');

  323.         fclose($fp);

  324.     }

  325. 

  326.     //

  327.     /**

  328.      *  结束用户的会话状态

  329.      *

  330.      * @access    public

  331.      * @return    void

  332.      */

  333.     function exitUser()

  334.     {

  335.         ClearMyAddon();

  336.         @session_unregister($this->keepUserIDTag);

  337.         @session_unregister($this->keepUserTypeTag);

  338.         @session_unregister($this->keepUserChannelTag);

  339.         @session_unregister($this->keepUserNameTag);

  340.         @session_unregister($this->keepUserPurviewTag);

  341.         DropCookie('dedeAdmindir');

  342.         DropCookie('DedeUserID');

  343.         DropCookie('DedeLoginTime');

  344.         $_SESSION = array();

  345.     }

  346. 

  347.     /**

  348.      *  获得用户管理频道的值

  349.      *

  350.      * @access    public

  351.      * @return    array

  352.      */

  353.     function getUserChannel()

  354.     {

  355.         if ($this->userChannel != '') {

  356.             return $this->userChannel;

  357.         } else {

  358.             return '';

  359.         }

  360.     }

  361. 

  362.     /**

  363.      *  获得用户的权限值

  364.      *

  365.      * @access    public

  366.      * @return    int

  367.      */

  368.     function getUserType()

  369.     {

  370.         if ($this->userType != '') {

  371.             return $this->userType;

  372.         } else {

  373.             return -1;

  374.         }

  375.     }

  376. 

  377.     /**

  378.      *  获取用户权限值

  379.      *

  380.      * @access    public

  381.      * @return    int

  382.      */

  383.     function getUserRank()

  384.     {

  385.         return $this->getUserType();

  386.     }

  387. 

  388.     /**

  389.      *  获得用户的ID

  390.      *

  391.      * @access    public

  392.      * @return    int

  393.      */

  394.     function getUserID()

  395.     {

  396.         if ($this->userID != '') {

  397.             return $this->userID;

  398.         } else {

  399.             return -1;

  400.         }

  401.     }

  402. 

  403.     /**

  404.      *  获得用户的笔名

  405.      *

  406.      * @access    public

  407.      * @return    string

  408.      */

  409.     function getUserName()

  410.     {

  411.         if ($this->userName != '') {

  412.             return $this->userName;

  413.         } else {

  414.             return -1;

  415.         }

  416.     }

  417. 

  418.     /**

  419.      *  用户权限表

  420.      *

  421.      * @access    public

  422.      * @return    string

  423.      */

  424.     function getPurview()

  425.     {

  426.         return $this->userPurview;

  427.     }

  428. }

  429. 

  430. /**

  431.  *  获得某id的所有下级id

  432.  *

  433.  * @access    public

  434.  * @param     int   $id  栏目ID

  435.  * @param     int   $channel  频道ID

  436.  * @param     int   $addthis  是否加入当前这个栏目

  437.  * @return    string

  438.  */

  439. function GetSonIdsUL($id, $channel = 0, $addthis = TRUE)

  440. {

  441.     global $cfg_Cs;

  442.     $GLOBALS['idArray'] = array();

  443.     if (!is_array($cfg_Cs)) {

  444.         require_once(DEDEDATA . "/cache/inc_catalog_base.inc");

  445.     }

  446.     GetSonIdsLogicUL($id, $cfg_Cs, $channel, $addthis);

  447.     $rquery = join(',', $GLOBALS['idArray']);

  448.     return $rquery;

  449. }

  450. 

  451. /**

  452.  *  递归逻辑

  453.  *

  454.  * @access    public

  455.  * @param     int  $id  栏目ID

  456.  * @param     array  $sArr  缓存数组

  457.  * @param     int   $channel  频道ID

  458.  * @param     int   $addthis  是否加入当前这个栏目

  459.  * @return    string

  460.  */

  461. function GetSonIdsLogicUL($id, $sArr, $channel = 0, $addthis = FALSE)

  462. {

  463.     if ($id != 0 && $addthis) {

  464.         $GLOBALS['idArray'][$id] = $id;

  465.     }

  466.     foreach ($sArr as $k => $v) {

  467.         if ($v[0] == $id && ($channel == 0 || $v[1] == $channel)) {

  468.             GetSonIdsLogicUL($k, $sArr, $channel, TRUE);

  469.         }

  470.     }

  471. }