DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
172 Commits
3 Branches
110MB
Tree: 8d541209e5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8d541209e5'
${ noResults }
DedeV6/src/include/userlogin.class.php

519 lines
14KB
Raw Blame History 

  1. <?php   if(!defined('DEDEINC')) exit('Request Error!');

  2. /**

  3.  * 管理员登录类

  4.  *

  5.  * @version        $Id: userlogin.class.php 1 15:59 2010年7月5日Z tianya $

  6.  * @package        DedeCMS.Libraries

  7.  * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.

  8.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  9.  * @license        https://www.dedebiz.com/license/v6

  10.  * @link           https://www.dedebiz.com

  11.  */

  12. session_start();

  13. 

  14. /**

  15.  *  检验用户是否有权使用某功能,这个函数是一个回值函数

  16.  *  CheckPurview函数只是对他回值的一个处理过程

  17.  *

  18.  * @access    public

  19.  * @param     string  $n  功能名称

  20.  * @return    mix  如果具有则返回TRUE

  21.  */

  22. function TestPurview($n)

  23. {

  24.     $rs = FALSE;

  25.     $purview = $GLOBALS['cuserLogin']->getPurview();

  26.     if(preg_match('/admin_AllowAll/i',$purview))

  27.     {

  28.         return TRUE;

  29.     }

  30.     if($n=='')

  31.     {

  32.         return TRUE;

  33.     }

  34.     if(!isset($GLOBALS['groupRanks']))

  35.     {

  36.         $GLOBALS['groupRanks'] = explode(' ',$purview);

  37.     }

  38.     $ns = explode(',',$n);

  39.     foreach($ns as $n)

  40.     {

  41.         //只要找到一个匹配的权限,即可认为用户有权访问此页面

  42.         if($n=='')

  43.         {

  44.             continue;

  45.         }

  46.         if(in_array($n,$GLOBALS['groupRanks']))

  47.         {

  48.             $rs = TRUE; break;

  49.         }

  50.     }

  51.     return $rs;

  52. }

  53. 

  54. /**

  55.  *  对权限检测后返回操作对话框

  56.  *

  57.  * @access    public

  58.  * @param     string  $n  功能名称

  59.  * @return    string

  60.  */

  61. function CheckPurview($n)

  62. {

  63.     if(!TestPurview($n))

  64.     {

  65.         ShowMsg("对不起,你没有权限执行此操作!<br/><br/><a href='javascript:history.go(-1);'>点击此返回上一页&gt;&gt;</a>",'javascript:;');

  66.         exit();

  67.     }

  68. }

  69. 

  70. /**

  71.  *  是否没权限限制(超级管理员)

  72.  *

  73.  * @access    public

  74.  * @param     string

  75.  * @return    bool

  76.  */

  77. function TestAdmin()

  78. {

  79.     $purview = $GLOBALS['cuserLogin']->getPurview();

  80.     if(preg_match('/admin_AllowAll/i',$purview))

  81.     {

  82.         return TRUE;

  83.     }

  84.     else

  85.     {

  86.         return FALSE;

  87.     }

  88. }

  89. 

  90. $DedeUserCatalogs = Array();

  91. 

  92. /**

  93.  *  检测用户是否有权限操作某栏目

  94.  *

  95.  * @access    public

  96.  * @param     int   $cid  频道id

  97.  * @param     string   $msg  返回消息

  98.  * @return    string

  99.  */

  100. function CheckCatalog($cid, $msg)

  101. {

  102.     global $cfg_admin_channel, $admin_catalogs;

  103.     if($cfg_admin_channel=='all' || TestAdmin())

  104.     {

  105.         return TRUE;

  106.     }

  107.     if( !in_array($cid, $admin_catalogs) )

  108.     {

  109.         ShowMsg(" $msg <br/><br/><a href='javascript:history.go(-1);'>点击此返回上一页&gt;&gt;</a>",'javascript:;');

  110.         exit();

  111.     }

  112.     return TRUE;

  113. }

  114. 

  115. /**

  116.  *  发布文档临时附件信息缓存、发文档前先清空附件信息

  117.  *  发布文档时涉及的附件保存到缓存里,完成后把它与文档关连

  118.  *

  119.  * @access    public

  120.  * @param     string   $fid  文件ID

  121.  * @param     string   $filename  文件名称

  122.  * @return    void

  123.  */

  124. function AddMyAddon($fid, $filename)

  125. {

  126.     $cacheFile = DEDEDATA.'/cache/addon-'.session_id().'.inc';

  127.     if(!file_exists($cacheFile))

  128.     {

  129.         $fp = fopen($cacheFile, 'w');

  130.         fwrite($fp, '<'.'?php'."\r\n");

  131.         fwrite($fp, "\$myaddons = array();\r\n");

  132.         fwrite($fp, "\$maNum = 0;\r\n");

  133.         fclose($fp);

  134.     }

  135.     include($cacheFile);

  136.     $fp = fopen($cacheFile, 'a');

  137.     $arrPos = $maNum;

  138.     $maNum++;

  139.     fwrite($fp, "\$myaddons[\$maNum] = array('$fid', '$filename');\r\n");

  140.     fwrite($fp, "\$maNum = $maNum;\r\n");

  141.     fclose($fp);

  142. }

  143. 

  144. /**

  145.  *  清理附件,如果关连的文档ID,先把上一批附件传给这个文档ID

  146.  *

  147.  * @access    public

  148.  * @param     string  $aid  文档ID

  149.  * @param     string  $title  文档标题

  150.  * @return    empty

  151.  */

  152. function ClearMyAddon($aid=0, $title='')

  153. {

  154.     global $dsql;

  155.     $cacheFile = DEDEDATA.'/cache/addon-'.session_id().'.inc';

  156.     $_SESSION['bigfile_info'] = array();

  157.     $_SESSION['file_info'] = array();

  158.     if(!file_exists($cacheFile))

  159.     {

  160.         return ;

  161.     }

  162.     

  163.     //把附件与文档关连

  164.     if(!empty($aid))

  165.     {

  166.         include($cacheFile);

  167.         foreach($myaddons as $addons)

  168.         {

  169.             if(!empty($title)) {

  170.                 $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid',title='$title' where aid='{$addons[0]}'");

  171.             }

  172.             else {

  173.                 $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid' where aid='{$addons[0]}' ");

  174.             }

  175.         }

  176.     }

  177.     @unlink($cacheFile);

  178. }

  179. 

  180. /**

  181.  * 登录类

  182.  *

  183.  * @package          userLogin

  184.  * @subpackage       DedeCMS.Libraries

  185.  * @link             http://www.dedecms.com

  186.  */

  187. class userLogin

  188. {

  189.     var $userName = '';

  190.     var $userPwd = '';

  191.     var $userID = '';

  192.     var $adminDir = '';

  193.     var $userType = '';

  194.     var $userChannel = '';

  195.     var $userPurview = '';

  196.     var $keepUserIDTag = 'dede_admin_id';

  197.     var $keepUserTypeTag = 'dede_admin_type';

  198.     var $keepUserChannelTag = 'dede_admin_channel';

  199.     var $keepUserNameTag = 'dede_admin_name';

  200.     var $keepUserPurviewTag = 'dede_admin_purview';

  201.     var $keepAdminStyleTag = 'dede_admin_style';

  202.     var $adminStyle = 'dedecms';

  203. 

  204.     //php5构造函数

  205.     function __construct($admindir='')

  206.     {

  207.         global $admin_path;

  208.         if(isset($_SESSION[$this->keepUserIDTag]))

  209.         {

  210.             $this->userID = $_SESSION[$this->keepUserIDTag];

  211.             $this->userType = $_SESSION[$this->keepUserTypeTag];

  212.             $this->userChannel = $_SESSION[$this->keepUserChannelTag];

  213.             $this->userName = $_SESSION[$this->keepUserNameTag];

  214.             $this->userPurview = $_SESSION[$this->keepUserPurviewTag];

  215.             $this->adminStyle = $_SESSION[$this->keepAdminStyleTag];

  216.         }

  217. 

  218.         if($admindir!='')

  219.         {

  220.             $this->adminDir = $admindir;

  221.         }

  222.         else

  223.         {

  224.             $this->adminDir = $admin_path;

  225.         }

  226.     }

  227. 

  228.     function userLogin($admindir='')

  229.     {

  230.         $this->__construct($admindir);

  231.     }

  232. 

  233.     /**

  234.      *  检验用户是否正确

  235.      *

  236.      * @access    public

  237.      * @param     string    $username  用户名

  238.      * @param     string    $userpwd  密码

  239.      * @return    string

  240.      */

  241.     function checkUser($username, $userpwd)

  242.     {

  243.         global $dsql;

  244. 

  245.         //只允许用户名和密码用0-9,a-z,A-Z,'@','_','.','-'这些字符

  246.         $this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username);

  247.         $this->userPwd = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userpwd);

  248.         $pwd = substr(md5($this->userPwd), 5, 20);

  249.         $dsql->SetQuery("SELECT admin.*,atype.purviews FROM `#@__admin` admin LEFT JOIN `#@__admintype` atype ON atype.rank=admin.usertype WHERE admin.userid LIKE '".$this->userName."' LIMIT 0,1");

  250.         $dsql->Execute();

  251.         $row = $dsql->GetObject();

  252.         if(!isset($row->pwd))

  253.         {

  254.             return -1;

  255.         }

  256.         else if($pwd!=$row->pwd)

  257.         {

  258.             return -2;

  259.         }

  260.         else

  261.         {

  262.             $loginip = GetIP();

  263.             $this->userID = $row->id;

  264.             $this->userType = $row->usertype;

  265.             $this->userChannel = $row->typeid;

  266.             $this->userName = $row->uname;

  267.             $this->userPurview = $row->purviews;

  268.             $inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='".time()."' WHERE id='".$row->id."'";

  269.             $dsql->ExecuteNoneQuery($inquery);

  270.             $sql = "UPDATE `#@__member` SET logintime=".time().", loginip='$loginip' WHERE mid=".$row->id;

  271.             $dsql->ExecuteNoneQuery($sql);

  272.             return 1;

  273.         }

  274.     }

  275. 

  276.     /**

  277.      *  保持用户的会话状态

  278.      *

  279.      * @access    public

  280.      * @return    int    成功返回 1 ,失败返回 -1

  281.      */

  282.     function keepUser()

  283.     {

  284.         if($this->userID != '' && $this->userType != '')

  285.         {

  286.             global $admincachefile,$adminstyle;

  287.             if(empty($adminstyle)) $adminstyle = 'dedecms';

  288. 

  289.             @session_register($this->keepUserIDTag);

  290.             $_SESSION[$this->keepUserIDTag] = $this->userID;

  291. 

  292.             @session_register($this->keepUserTypeTag);

  293.             $_SESSION[$this->keepUserTypeTag] = $this->userType;

  294. 

  295.             @session_register($this->keepUserChannelTag);

  296.             $_SESSION[$this->keepUserChannelTag] = $this->userChannel;

  297. 

  298.             @session_register($this->keepUserNameTag);

  299.             $_SESSION[$this->keepUserNameTag] = $this->userName;

  300. 

  301.             @session_register($this->keepUserPurviewTag);

  302.             $_SESSION[$this->keepUserPurviewTag] = $this->userPurview;

  303. 

  304.             @session_register($this->keepAdminStyleTag);

  305.             $_SESSION[$this->keepAdminStyleTag] = $adminstyle;

  306. 

  307.             PutCookie('DedeUserID', $this->userID, 3600 * 24, '/');

  308.             PutCookie('DedeLoginTime', time(), 3600 * 24, '/');

  309.             

  310.             $this->ReWriteAdminChannel();

  311.             

  312.             return 1;

  313.         }

  314.         else

  315.         {

  316.             return -1;

  317.         }

  318.     }

  319.     

  320.     /**

  321.      *  重写用户权限频道

  322.      *

  323.      * @access    public

  324.      * @return    void

  325.      */

  326.     function ReWriteAdminChannel()

  327.     {

  328.         //$this->userChannel

  329.         $cacheFile = DEDEDATA.'/cache/admincat_'.$this->userID.'.inc';

  330.         //管理员管理的频道列表

  331.         $typeid = trim($this->userChannel);

  332.         if( empty($typeid) || $this->getUserType() >= 10 ) {

  333.                 $firstConfig = "\$cfg_admin_channel = 'all';\r\n\$admin_catalogs = array();\r\n";

  334.         }

  335.         else {

  336.                 $firstConfig = "\$cfg_admin_channel = 'array';\r\n";

  337.         }

  338.         $fp = fopen($cacheFile, 'w');

  339.         fwrite($fp, '<'.'?php'."\r\n");

  340.         fwrite($fp, $firstConfig);

  341.         if( !empty($typeid) )

  342.         {

  343.              $typeids = explode(',', $typeid);

  344.              $typeid = '';

  345.              foreach($typeids as $tid)

  346.              {

  347.                      $typeid .= ( $typeid=='' ? GetSonIdsUL($tid) : ','.GetSonIdsUL($tid) );

  348.              }

  349.              $typeids = explode(',', $typeid);

  350.              $typeidsnew = array_unique($typeids);

  351.              $typeid = join(',', $typeidsnew);

  352.              fwrite($fp, "\$admin_catalogs = array($typeid);\r\n");

  353.         }

  354.         fwrite($fp, '?'.'>');

  355.         fclose($fp);

  356.     }

  357. 

  358.     //

  359.     /**

  360.      *  结束用户的会话状态

  361.      *

  362.      * @access    public

  363.      * @return    void

  364.      */

  365.     function exitUser()

  366.     {

  367.         ClearMyAddon();

  368.         @session_unregister($this->keepUserIDTag);

  369.         @session_unregister($this->keepUserTypeTag);

  370.         @session_unregister($this->keepUserChannelTag);

  371.         @session_unregister($this->keepUserNameTag);

  372.         @session_unregister($this->keepUserPurviewTag);

  373.         DropCookie('dedeAdmindir');

  374.         DropCookie('DedeUserID');

  375.         DropCookie('DedeLoginTime');

  376.         $_SESSION = array();

  377.     }

  378. 

  379.     /**

  380.      *  获得用户管理频道的值

  381.      *

  382.      * @access    public

  383.      * @return    array

  384.      */

  385.     function getUserChannel()

  386.     {

  387.         if($this->userChannel != '')

  388.         {

  389.             return $this->userChannel;

  390.         }

  391.         else

  392.         {

  393.             return '';

  394.         }

  395.     }

  396. 

  397.     /**

  398.      *  获得用户的权限值

  399.      *

  400.      * @access    public

  401.      * @return    int

  402.      */

  403.     function getUserType()

  404.     {

  405.         if($this->userType != '')

  406.         {

  407.             return $this->userType;

  408.         }

  409.         else

  410.         {

  411.             return -1;

  412.         }

  413.     }

  414. 

  415.     /**

  416.      *  获取用户权限值

  417.      *

  418.      * @access    public

  419.      * @return    int

  420.      */

  421.     function getUserRank()

  422.     {

  423.         return $this->getUserType();

  424.     }

  425. 

  426.     /**

  427.      *  获得用户的ID

  428.      *

  429.      * @access    public

  430.      * @return    int

  431.      */

  432.     function getUserID()

  433.     {

  434.         if($this->userID != '')

  435.         {

  436.             return $this->userID;

  437.         }

  438.         else

  439.         {

  440.             return -1;

  441.         }

  442.     }

  443. 

  444.     /**

  445.      *  获得用户的笔名

  446.      *

  447.      * @access    public

  448.      * @return    string

  449.      */

  450.     function getUserName()

  451.     {

  452.         if($this->userName != '')

  453.         {

  454.             return $this->userName;

  455.         }

  456.         else

  457.         {

  458.             return -1;

  459.         }

  460.     }

  461. 

  462.     /**

  463.      *  用户权限表

  464.      *

  465.      * @access    public

  466.      * @return    string

  467.      */

  468.     function getPurview()

  469.     {

  470.         return $this->userPurview;

  471.     }

  472. }

  473. 

  474. /**

  475.  *  获得某id的所有下级id

  476.  *

  477.  * @access    public

  478.  * @param     int   $id  栏目ID

  479.  * @param     int   $channel  频道ID

  480.  * @param     int   $addthis  是否加入当前这个栏目

  481.  * @return    string

  482.  */

  483. function GetSonIdsUL($id, $channel=0, $addthis=TRUE)

  484. {

  485.     global $cfg_Cs;

  486.     $GLOBALS['idArray'] = array();

  487.     if( !is_array($cfg_Cs) )

  488.     {

  489.         require_once(DEDEDATA."/cache/inc_catalog_base.inc");

  490.     }

  491.     GetSonIdsLogicUL($id,$cfg_Cs,$channel,$addthis);

  492.     $rquery = join(',', $GLOBALS['idArray']);

  493.     return $rquery;

  494. }

  495. 

  496. /**

  497.  *  递归逻辑

  498.  *

  499.  * @access    public

  500.  * @param     int  $id  栏目ID

  501.  * @param     array  $sArr  缓存数组

  502.  * @param     int   $channel  频道ID

  503.  * @param     int   $addthis  是否加入当前这个栏目

  504.  * @return    string

  505.  */

  506. function GetSonIdsLogicUL($id,$sArr,$channel=0,$addthis=FALSE)

  507. {

  508.     if($id!=0 && $addthis)

  509.     {

  510.         $GLOBALS['idArray'][$id] = $id;

  511.     }

  512.     foreach($sArr as $k=>$v)

  513.     {

  514.         if( $v[0]==$id && ($channel==0 || $v[1]==$channel ))

  515.         {

  516.             GetSonIdsLogicUL($k,$sArr,$channel,TRUE);

  517.         }

  518.     }

  519. }