DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
911 Commits
3 Branches
110MB
Tree: 9213b03687
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9213b03687'
${ noResults }
DedeV6/src/system/userlogin.class.php

445 lines
14KB
Raw Blame History 

  1. <?php

  2. if (!defined('DEDEINC')) exit('dedebiz');

  3. /**

  4.  * 管理员登录类

  5.  *

  6.  * @version        $Id: userlogin.class.php 1 15:59 2010年7月5日Z tianya $

  7.  * @package        DedeBIZ.Libraries

  8.  * @copyright      Copyright (c) 2022, DedeBIZ.COM

  9.  * @license        https://www.dedebiz.com/license

  10.  * @link           https://www.dedebiz.com

  11.  */

  12. session_start();

  13. /**

  14.  *  检验用户是否有权使用某功能,这个函数是一个回值函数

  15.  *  CheckPurview函数只是对他回值的一个处理过程

  16.  *

  17.  * @access    public

  18.  * @param     string  $n  功能名称

  19.  * @return    mix  如果具有则返回TRUE

  20.  */

  21. function TestPurview($n)

  22. {

  23.     $rs = FALSE;

  24.     $purview = $GLOBALS['cuserLogin']->getPurview();

  25.     if (preg_match('/admin_AllowAll/i', $purview)) {

  26.         return TRUE;

  27.     }

  28.     if ($n == '') {

  29.         return TRUE;

  30.     }

  31.     if (!isset($GLOBALS['groupRanks'])) {

  32.         $GLOBALS['groupRanks'] = explode(' ', $purview);

  33.     }

  34.     $ns = explode(',', $n);

  35.     foreach ($ns as $n) {

  36.         //只要找到一个匹配的权限,即可认为用户有权访问此页面

  37.         if ($n == '') {

  38.             continue;

  39.         }

  40.         if (in_array($n, $GLOBALS['groupRanks'])) {

  41.             $rs = TRUE;

  42.             break;

  43.         }

  44.     }

  45.     return $rs;

  46. }

  47. /**

  48.  *  对权限检测后返回操作对话框

  49.  *

  50.  * @access    public

  51.  * @param     string  $n  功能名称

  52.  * @return    string

  53.  */

  54. function CheckPurview($n)

  55. {

  56.     if (!TestPurview($n)) {

  57.         ShowMsg("对不起,您没有权限执行此操作<br><br><a href='javascript:history.go(-1);'>点击此返回上一页&gt;</a>", 'javascript:;');

  58.         exit();

  59.     }

  60. }

  61. /**

  62.  *  是否没权限限制(超级管理员)

  63.  *

  64.  * @access    public

  65.  * @param     string

  66.  * @return    bool

  67.  */

  68. function TestAdmin()

  69. {

  70.     $purview = $GLOBALS['cuserLogin']->getPurview();

  71.     if (preg_match('/admin_AllowAll/i', $purview)) {

  72.         return TRUE;

  73.     } else {

  74.         return FALSE;

  75.     }

  76. }

  77. $DedeUserCatalogs = array();

  78. /**

  79.  *  检测用户是否有权限操作某栏目

  80.  *

  81.  * @access    public

  82.  * @param     int   $cid  频道id

  83.  * @param     string   $msg  返回消息

  84.  * @return    string

  85.  */

  86. function CheckCatalog($cid, $msg)

  87. {

  88.     global $cfg_admin_channel, $admin_catalogs;

  89.     if ($cfg_admin_channel == 'all' || TestAdmin()) {

  90.         return TRUE;

  91.     }

  92.     if (!in_array($cid, $admin_catalogs)) {

  93.         ShowMsg(" $msg <br><br><a href='javascript:history.go(-1);'>点击此返回上一页&gt;</a>", 'javascript:;');

  94.         exit();

  95.     }

  96.     return TRUE;

  97. }

  98. /**

  99.  *  发布文档临时附件信息缓存、发文档前先清空附件信息

  100.  *  发布文档时涉及的附件保存到缓存里,完成后把它与文档关连

  101.  *

  102.  * @access    public

  103.  * @param     string   $fid  文件ID

  104.  * @param     string   $filename  文件名称

  105.  * @return    void

  106.  */

  107. function AddMyAddon($fid, $filename)

  108. {

  109.     $cacheFile = DEDEDATA.'/cache/addon-'.session_id().'.inc';

  110.     if (!file_exists($cacheFile)) {

  111.         $fp = fopen($cacheFile, 'w');

  112.         fwrite($fp, '<'.'?php'."\r\n");

  113.         fwrite($fp, "\$myaddons = array();\r\n");

  114.         fwrite($fp, "\$maNum = 0;\r\n");

  115.         fclose($fp);

  116.     }

  117.     include($cacheFile);

  118.     $fp = fopen($cacheFile, 'a');

  119.     $arrPos = $maNum;

  120.     $maNum++;

  121.     fwrite($fp, "\$myaddons[\$maNum] = array('$fid', '$filename');\r\n");

  122.     fwrite($fp, "\$maNum = $maNum;\r\n");

  123.     fclose($fp);

  124. }

  125. /**

  126.  *  清理附件,如果关连的文档ID,先把上一批附件传给这个文档ID

  127.  *

  128.  * @access    public

  129.  * @param     string  $aid  文档ID

  130.  * @param     string  $title  文档标题

  131.  * @return    empty

  132.  */

  133. function ClearMyAddon($aid = 0, $title = '')

  134. {

  135.     global $dsql;

  136.     $cacheFile = DEDEDATA.'/cache/addon-'.session_id().'.inc';

  137.     $_SESSION['bigfile_info'] = array();

  138.     $_SESSION['file_info'] = array();

  139.     if (!file_exists($cacheFile)) {

  140.         return;

  141.     }

  142.     //把附件与文档关连

  143.     if (!empty($aid)) {

  144.         include($cacheFile);

  145.         foreach ($myaddons as $addons) {

  146.             if (!empty($title)) {

  147.                 $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid',title='$title' where aid='{$addons[0]}'");

  148.             } else {

  149.                 $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid' where aid='{$addons[0]}' ");

  150.             }

  151.         }

  152.     }

  153.     @unlink($cacheFile);

  154. }

  155. /**

  156.  * 登录类

  157.  *

  158.  * @package          userLogin

  159.  * @subpackage       DedeBIZ.Libraries

  160.  * @link             https://www.dedebiz.com

  161.  */

  162. class userLogin

  163. {

  164.     var $userName = '';

  165.     var $userPwd = '';

  166.     var $userID = '';

  167.     var $adminDir = '';

  168.     var $userType = '';

  169.     var $userChannel = '';

  170.     var $userPurview = '';

  171.     var $keepUserIDTag = 'dede_admin_id';

  172.     var $keepUserTypeTag = 'dede_admin_type';

  173.     var $keepUserChannelTag = 'dede_admin_channel';

  174.     var $keepUserNameTag = 'dede_admin_name';

  175.     var $keepUserPurviewTag = 'dede_admin_purview';

  176.     var $keepAdminStyleTag = 'dede_admin_style';

  177.     var $adminStyle = 'DedeBIZ';

  178.     //php5构造函数

  179.     function __construct($admindir = '')

  180.     {

  181.         global $admin_path;

  182.         if (isset($_SESSION[$this->keepUserIDTag])) {

  183.             $this->userID = $_SESSION[$this->keepUserIDTag];

  184.             $this->userType = $_SESSION[$this->keepUserTypeTag];

  185.             $this->userChannel = $_SESSION[$this->keepUserChannelTag];

  186.             $this->userName = $_SESSION[$this->keepUserNameTag];

  187.             $this->userPurview = $_SESSION[$this->keepUserPurviewTag];

  188.             $this->adminStyle = $_SESSION[$this->keepAdminStyleTag];

  189.         }

  190.         if ($admindir != '') {

  191.             $this->adminDir = $admindir;

  192.         } else {

  193.             $this->adminDir = $admin_path;

  194.         }

  195.     }

  196.     function userLogin($admindir = '')

  197.     {

  198.         $this->__construct($admindir);

  199.     }

  200.     /**

  201.      *  检验用户是否正确

  202.      *

  203.      * @access    public

  204.      * @param     string    $username  用户名

  205.      * @param     string    $userpwd  密码

  206.      * @return    string

  207.      */

  208.     function checkUser($username, $userpwd)

  209.     {

  210.         global $dsql;

  211.         //只允许用户名和密码用0-9,a-z,A-Z,'@','_','.','-'这些字符

  212.         $this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username);

  213.         $this->userPwd = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userpwd);

  214.         $pwd = substr(md5($this->userPwd), 5, 20);

  215.         $dsql->SetQuery("SELECT admin.*,atype.purviews FROM `#@__admin` admin LEFT JOIN `#@__admintype` atype ON atype.`rank`=admin.usertype WHERE admin.userid LIKE '".$this->userName."' LIMIT 0,1");

  216.         $dsql->Execute();

  217.         $row = $dsql->GetObject();

  218.         if (!isset($row->pwd)) {

  219.             return -1;

  220.         } else if (!empty($row->pwd_new) && !password_verify($this->userPwd, $row->pwd_new)) {

  221.             return -2;

  222.         } else if (!empty($row->pwd) && $pwd != $row->pwd) {

  223.             return -2;

  224.         }else {

  225.             $upsql = "";

  226.             if (empty($row->pwd_new) && function_exists('password_hash')) {

  227.                 // 升级密码

  228.                 $newpwd = password_hash($this->userPwd, PASSWORD_BCRYPT);

  229.                 $upsql .= ",pwd='',pwd_new='{$newpwd}'";

  230.             }

  231.             $loginip = GetIP();

  232.             $this->userID = $row->id;

  233.             $this->userType = $row->usertype;

  234.             $this->userChannel = $row->typeid;

  235.             $this->userName = $row->uname;

  236.             $this->userPurview = $row->purviews;

  237.             $inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='".time()."'{$upsql} WHERE id='".$row->id."'";

  238.             $dsql->ExecuteNoneQuery($inquery);

  239.             $sql = "UPDATE `#@__member` SET logintime=".time().", loginip='$loginip' WHERE mid=".$row->id;

  240.             $dsql->ExecuteNoneQuery($sql);

  241.             return 1;

  242.         }

  243.     }

  244.     /**

  245.      *  保持用户的会话状态

  246.      *

  247.      * @access    public

  248.      * @return    int    成功返回 1 ,失败返回 -1

  249.      */

  250.     function keepUser()

  251.     {

  252.         if ($this->userID != '' && $this->userType != '') {

  253.             global $admincachefile, $adminstyle;

  254.             if (empty($adminstyle)) $adminstyle = 'DedeBIZ';

  255.             @session_register($this->keepUserIDTag);

  256.             $_SESSION[$this->keepUserIDTag] = $this->userID;

  257.             @session_register($this->keepUserTypeTag);

  258.             $_SESSION[$this->keepUserTypeTag] = $this->userType;

  259.             @session_register($this->keepUserChannelTag);

  260.             $_SESSION[$this->keepUserChannelTag] = $this->userChannel;

  261.             @session_register($this->keepUserNameTag);

  262.             $_SESSION[$this->keepUserNameTag] = $this->userName;

  263.             @session_register($this->keepUserPurviewTag);

  264.             $_SESSION[$this->keepUserPurviewTag] = $this->userPurview;

  265.             @session_register($this->keepAdminStyleTag);

  266.             $_SESSION[$this->keepAdminStyleTag] = $adminstyle;

  267.             PutCookie('DedeUserID', $this->userID, 3600 * 24, '/');

  268.             PutCookie('DedeLoginTime', time(), 3600 * 24, '/');

  269.             $this->ReWriteAdminChannel();

  270.             return 1;

  271.         } else {

  272.             return -1;

  273.         }

  274.     }

  275.     /**

  276.      *  重写用户权限频道

  277.      *

  278.      * @access    public

  279.      * @return    void

  280.      */

  281.     function ReWriteAdminChannel()

  282.     {

  283.         //$this->userChannel

  284.         $cacheFile = DEDEDATA.'/cache/admincat_'.$this->userID.'.inc';

  285.         //管理员管理的频道列表

  286.         $typeid = trim($this->userChannel);

  287.         if (empty($typeid) || $this->getUserType() >= 10) {

  288.             $firstConfig = "\$cfg_admin_channel = 'all';\r\n\$admin_catalogs = array();\r\n";

  289.         } else {

  290.             $firstConfig = "\$cfg_admin_channel = 'array';\r\n";

  291.         }

  292.         $fp = fopen($cacheFile, 'w');

  293.         fwrite($fp, '<'.'?php'."\r\n");

  294.         fwrite($fp, $firstConfig);

  295.         if (!empty($typeid)) {

  296.             $typeids = explode(',', $typeid);

  297.             $typeid = '';

  298.             foreach ($typeids as $tid) {

  299.                 $typeid .= ($typeid == '' ? GetSonIdsUL($tid) : ','.GetSonIdsUL($tid));

  300.             }

  301.             $typeids = explode(',', $typeid);

  302.             $typeidsnew = array_unique($typeids);

  303.             $typeid = join(',', $typeidsnew);

  304.             fwrite($fp, "\$admin_catalogs = array($typeid);\r\n");

  305.         }

  306.         fwrite($fp, '?'.'>');

  307.         fclose($fp);

  308.     }

  309.     /**

  310.      *  结束用户的会话状态

  311.      *

  312.      * @access    public

  313.      * @return    void

  314.      */

  315.     function exitUser()

  316.     {

  317.         ClearMyAddon();

  318.         @session_unregister($this->keepUserIDTag);

  319.         @session_unregister($this->keepUserTypeTag);

  320.         @session_unregister($this->keepUserChannelTag);

  321.         @session_unregister($this->keepUserNameTag);

  322.         @session_unregister($this->keepUserPurviewTag);

  323.         DropCookie('dedeAdmindir');

  324.         DropCookie('DedeUserID');

  325.         DropCookie('DedeLoginTime');

  326.         $_SESSION = array();

  327.     }

  328.     /**

  329.      *  获得用户管理频道的值

  330.      *

  331.      * @access    public

  332.      * @return    array

  333.      */

  334.     function getUserChannel()

  335.     {

  336.         if ($this->userChannel != '') {

  337.             return $this->userChannel;

  338.         } else {

  339.             return '';

  340.         }

  341.     }

  342.     /**

  343.      *  获得用户的权限值

  344.      *

  345.      * @access    public

  346.      * @return    int

  347.      */

  348.     function getUserType()

  349.     {

  350.         if ($this->userType != '') {

  351.             return $this->userType;

  352.         } else {

  353.             return -1;

  354.         }

  355.     }

  356.     /**

  357.      *  获取用户权限值

  358.      *

  359.      * @access    public

  360.      * @return    int

  361.      */

  362.     function getUserRank()

  363.     {

  364.         return $this->getUserType();

  365.     }

  366.     /**

  367.      *  获得用户的ID

  368.      *

  369.      * @access    public

  370.      * @return    int

  371.      */

  372.     function getUserID()

  373.     {

  374.         if ($this->userID != '') {

  375.             return $this->userID;

  376.         } else {

  377.             return -1;

  378.         }

  379.     }

  380.     /**

  381.      *  获得用户的笔名

  382.      *

  383.      * @access    public

  384.      * @return    string

  385.      */

  386.     function getUserName()

  387.     {

  388.         if ($this->userName != '') {

  389.             return $this->userName;

  390.         } else {

  391.             return -1;

  392.         }

  393.     }

  394.     /**

  395.      *  用户权限表

  396.      *

  397.      * @access    public

  398.      * @return    string

  399.      */

  400.     function getPurview()

  401.     {

  402.         return $this->userPurview;

  403.     }

  404. }

  405. /**

  406.  *  获得某id的所有下级id

  407.  *

  408.  * @access    public

  409.  * @param     int   $id  栏目ID

  410.  * @param     int   $channel  频道ID

  411.  * @param     int   $addthis  是否加入当前这个栏目

  412.  * @return    string

  413.  */

  414. function GetSonIdsUL($id, $channel = 0, $addthis = TRUE)

  415. {

  416.     global $cfg_Cs;

  417.     $GLOBALS['idArray'] = array();

  418.     if (!is_array($cfg_Cs)) {

  419.         require_once(DEDEDATA."/cache/inc_catalog_base.inc");

  420.     }

  421.     GetSonIdsLogicUL($id, $cfg_Cs, $channel, $addthis);

  422.     $rquery = join(',', $GLOBALS['idArray']);

  423.     return $rquery;

  424. }

  425. /**

  426.  *  递归逻辑

  427.  *

  428.  * @access    public

  429.  * @param     int  $id  栏目ID

  430.  * @param     array  $sArr  缓存数组

  431.  * @param     int   $channel  频道ID

  432.  * @param     int   $addthis  是否加入当前这个栏目

  433.  * @return    string

  434.  */

  435. function GetSonIdsLogicUL($id, $sArr, $channel = 0, $addthis = FALSE)

  436. {

  437.     if ($id != 0 && $addthis) {

  438.         $GLOBALS['idArray'][$id] = $id;

  439.     }

  440.     foreach ($sArr as $k => $v) {

  441.         if ($v[0] == $id && ($channel == 0 || $v[1] == $channel)) {

  442.             GetSonIdsLogicUL($k, $sArr, $channel, TRUE);

  443.         }

  444.     }

  445. }