DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2094 Commits
3 Branches
110MB
Tree: d44c0e8d3f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd44c0e8d3f'
${ noResults }
DedeV6/src/system/userlogin.class.php

510 lines
15KB
Raw Blame History 

  1. <?php

  2. if (!defined('DEDEINC')) exit ('dedebiz');

  3. /**

  4.  * 管理员登录

  5.  *

  6.  * @version        $id:userlogin.class.php 15:59 2010年7月5日 tianya $

  7.  * @package        DedeBIZ.Libraries

  8.  * @copyright      Copyright (c) 2022 DedeBIZ.COM

  9.  * @license        https://www.dedebiz.com/license

  10.  * @link           https://www.dedebiz.com

  11.  */

  12. session_start();

  13. /**

  14.  *  检验会员是否有权使用某功能,这个函数是一个回值函数CheckPurview函数只是对他回值的一个处理过程

  15.  *

  16.  * @access    public

  17.  * @param     string  $n  功能名称

  18.  * @return    mix  如果具有则返回TRUE

  19.  */

  20. function TestPurview($n)

  21. {

  22.     $rs = FALSE;

  23.     $purview = $GLOBALS['cuserLogin']->getPurview();

  24.     if (preg_match('/admin_AllowAll/i', $purview)) {

  25.         return TRUE;

  26.     }

  27.     if ($n == '') {

  28.         return TRUE;

  29.     }

  30.     if (!isset($GLOBALS['groupRanks'])) {

  31.         $GLOBALS['groupRanks'] = explode(' ', $purview);

  32.     }

  33.     $ns = explode(',', $n);

  34.     foreach ($ns as $n) {

  35.         //只要找到一个匹配的权限,即可认为会员有权浏览此页面

  36.         if ($n == '') {

  37.             continue;

  38.         }

  39.         if (in_array($n, $GLOBALS['groupRanks'])) {

  40.             $rs = TRUE;

  41.             break;

  42.         }

  43.     }

  44.     return $rs;

  45. }

  46. /**

  47.  *  对权限检测后返回操作对话框

  48.  *

  49.  * @access    public

  50.  * @param     string  $n  功能名称

  51.  * @return    string

  52.  */

  53. function CheckPurview($n)

  54. {

  55.     if (!TestPurview($n)) {

  56.         ShowMsg("您没有权限进行此操作", "-1");

  57.         exit();

  58.     }

  59. }

  60. /**

  61.  *  是否没权限限制(超级管理员)

  62.  *

  63.  * @access    public

  64.  * @param     string

  65.  * @return    bool

  66.  */

  67. function TestAdmin()

  68. {

  69.     $purview = $GLOBALS['cuserLogin']->getPurview();

  70.     if (preg_match('/admin_AllowAll/i', $purview)) {

  71.         return TRUE;

  72.     } else {

  73.         return FALSE;

  74.     }

  75. }

  76. $DedeUserCatalogs = array();

  77. /**

  78.  *  检测会员是否有权限操作某栏目

  79.  *

  80.  * @access    public

  81.  * @param     int   $cid  栏目id

  82.  * @param     string   $msg  返回消息

  83.  * @return    string

  84.  */

  85. function CheckCatalog($cid, $msg)

  86. {

  87.     global $cfg_admin_channel, $admin_catalogs;

  88.     if ($cfg_admin_channel == 'all' || TestAdmin()) {

  89.         return TRUE;

  90.     }

  91.     if (!in_array($cid, $admin_catalogs)) {

  92.         ShowMsg("$msg", "-1");

  93.         exit();

  94.     }

  95.     return TRUE;

  96. }

  97. /**

  98.  *  发布文档临时附件信息缓存、发文档前先清空附件信息

  99.  *  发布文档时涉及的附件保存到缓存里,完成后把它与文档关连

  100.  *

  101.  * @access    public

  102.  * @param     string   $fid  文件ID

  103.  * @param     string   $filename  文件名称

  104.  * @return    void

  105.  */

  106. function AddMyAddon($fid, $filename)

  107. {

  108.     $cacheFile = DEDEDATA.'/cache/addon-'.session_id().'.inc';

  109.     if (!file_exists($cacheFile)) {

  110.         $fp = fopen($cacheFile, 'w');

  111.         fwrite($fp, '<'.'?php'."\r\n");

  112.         fwrite($fp, "\$myaddons = array();\r\n");

  113.         fwrite($fp, "\$maNum = 0;\r\n");

  114.         fclose($fp);

  115.     }

  116.     include($cacheFile);

  117.     $fp = fopen($cacheFile, 'a');

  118.     $arrPos = $maNum;

  119.     $maNum++;

  120.     fwrite($fp, "\$myaddons[\$maNum] = array('$fid', '$filename');\r\n");

  121.     fwrite($fp, "\$maNum = $maNum;\r\n");

  122.     fclose($fp);

  123. }

  124. /**

  125.  *  清理附件,如果关连的文档id,先把上一批附件传给这个文档id

  126.  *

  127.  * @access    public

  128.  * @param     string  $aid  文档id

  129.  * @param     string  $title  文档标题

  130.  * @return    empty

  131.  */

  132. function ClearMyAddon($aid = 0, $title = '')

  133. {

  134.     global $dsql;

  135.     $cacheFile = DEDEDATA.'/cache/addon-'.session_id().'.inc';

  136.     $_SESSION['bigfile_info'] = array();

  137.     $_SESSION['file_info'] = array();

  138.     if (!file_exists($cacheFile)) {

  139.         return;

  140.     }

  141.     //把附件与文档关连

  142.     if (!empty($aid)) {

  143.         include($cacheFile);

  144.         foreach ($myaddons as $addons) {

  145.             if (!empty($title)) {

  146.                 $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid',title='$title' where aid='{$addons[0]}'");

  147.             } else {

  148.                 $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid' where aid='{$addons[0]}' ");

  149.             }

  150.         }

  151.     }

  152.     @unlink($cacheFile);

  153. }

  154. /**

  155.  * 登录类

  156.  *

  157.  * @package          userLogin

  158.  * @subpackage       DedeBIZ.Libraries

  159.  * @link             https://www.dedebiz.com

  160.  */

  161. class userLogin

  162. {

  163.     var $userName = '';

  164.     var $userPwd = '';

  165.     var $userID = '';

  166.     var $adminDir = '';

  167.     var $userType = '';

  168.     var $userChannel = '';

  169.     var $userPurview = '';

  170.     var $userFace = '';

  171.     var $keepUserIDTag = 'dede_admin_id';

  172.     var $keepUserTypeTag = 'dede_admin_type';

  173.     var $keepUserChannelTag = 'dede_admin_channel';

  174.     var $keepUserNameTag = 'dede_admin_name';

  175.     var $keepUserPurviewTag = 'dede_admin_purview';

  176.     var $keepAdminStyleTag = 'dede_admin_style';

  177.     var $keepUserFace = 'dede_admin_face';

  178.     var $adminStyle = 'DedeBIZ';

  179.     //php5构造函数

  180.     function __construct($admindir = '')

  181.     {

  182.         global $admin_path;

  183.         if (isset($_SESSION[$this->keepUserIDTag])) {

  184.             $this->userID = $_SESSION[$this->keepUserIDTag];

  185.             $this->userType = $_SESSION[$this->keepUserTypeTag];

  186.             $this->userChannel = $_SESSION[$this->keepUserChannelTag];

  187.             $this->userName = $_SESSION[$this->keepUserNameTag];

  188.             $this->userPurview = $_SESSION[$this->keepUserPurviewTag];

  189.             $this->adminStyle = $_SESSION[$this->keepAdminStyleTag];

  190.             $this->userFace = $_SESSION[$this->keepUserFace];

  191.         }

  192.         if ($admindir != '') {

  193.             $this->adminDir = $admindir;

  194.         } else {

  195.             $this->adminDir = $admin_path;

  196.         }

  197.     }

  198.     function userLogin($admindir = '')

  199.     {

  200.         $this->__construct($admindir);

  201.     }

  202.     /**

  203.      *  检验会员是否正确

  204.      *

  205.      * @access    public

  206.      * @param     string    $username  账号

  207.      * @param     string    $userpwd  密码

  208.      * @return    string

  209.      */

  210.     function checkUser($username, $userpwd)

  211.     {

  212.         global $dsql;

  213.         //只允许账号和密码用0-9,a-z,A-Z,'@','_','.','-'这些字符

  214.         $this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username);

  215.         $this->userPwd = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userpwd);

  216.         $pwd = substr(md5($this->userPwd), 5, 20);

  217.         $dsql->SetQuery("SELECT admin.*,atype.purviews,member.face FROM `#@__admin` admin LEFT JOIN `#@__admintype` atype ON atype.`rank`=admin.usertype LEFT JOIN `#@__member` member ON member.mid = admin.id  WHERE admin.userid LIKE '".$this->userName."' LIMIT 0,1");

  218.         $dsql->Execute();

  219.         $row = $dsql->GetObject();

  220.         if (!isset($row->pwd)) {

  221.             return -1;

  222.         } else if (!empty($row->pwd_new) && !password_verify($this->userPwd, $row->pwd_new)) {

  223.             $this->loginError($row->id);

  224.             return -2;

  225.         } else if (!empty($row->pwd) && $pwd != $row->pwd) {

  226.             $this->loginError($row->id);

  227.             return -2;

  228.         } else {

  229.             $upsql = "";

  230.             if (empty($row->pwd_new) && function_exists('password_hash')) {

  231.                 //升级密码

  232.                 $newpwd = password_hash($this->userPwd, PASSWORD_BCRYPT);

  233.                 $upsql .= ",pwd='',pwd_new='{$newpwd}'";

  234.             }

  235.             $loginip = GetIP();

  236.             $this->userID = $row->id;

  237.             $this->userType = $row->usertype;

  238.             $this->userChannel = $row->typeid;

  239.             $this->userName = $row->uname;

  240.             $this->userPurview = $row->purviews;

  241.             $this->userFace = $row->face;

  242.             $inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='".time()."'{$upsql},loginerr=0 WHERE id='".$row->id."'";

  243.             $dsql->ExecuteNoneQuery($inquery);

  244.             $sql = "UPDATE `#@__member` SET logintime=".time().", loginip='$loginip' WHERE mid=".$row->id;

  245.             $dsql->ExecuteNoneQuery($sql);

  246.             return 1;

  247.         }

  248.     }

  249. 

  250.     

  251.     /**

  252.      * 是否需要验证码

  253.      *

  254.      * @param  mixed $username

  255.      * @return bool

  256.      */

  257.     function isNeedCheckCode($username)

  258.     {

  259.         $num = $this->getLoginError($username);

  260.         return $num >= 3 ? true : false;

  261.     }

  262.     

  263.     /**

  264.      * 1分钟以内登录错误的次数

  265.      *

  266.      * @param  mixed $username

  267.      * @return int 登录错误次数

  268.      */

  269.     function getLoginError($username)

  270.     {

  271.         global $dsql;

  272.         if (!TableHasField("#@__admin", "loginerr")) {

  273.             return 0;

  274.         }

  275.         $this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username);

  276.         $row = $dsql->GetOne("SELECT loginerr,logintime FROM `#@__admin` WHERE userid LIKE '$this->userName'");

  277.         if (is_array($row)) {

  278.             //1分钟内如果输错3次则需要验证码

  279.             return (time() - (int)$row['logintime']) < 60 ?  (int)$row['loginerr'] : 0;

  280.         } else {

  281.             return -1;

  282.         }

  283.     }

  284. 

  285.     /**

  286.      * 记录登录错误

  287.      *

  288.      * @return void

  289.      */

  290.     function loginError($adminid)

  291.     {

  292.         global $dsql;

  293.         $loginip = GetIP();

  294.         $inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='".time()."',loginerr=loginerr+1 WHERE id='".$adminid."'";

  295.         $dsql->ExecuteNoneQuery($inquery);

  296.     }

  297.     /**

  298.      *  保持会员的会话状态

  299.      *

  300.      * @access    public

  301.      * @return    int    成功返回 1,失败返回 -1

  302.      */

  303.     function keepUser()

  304.     {

  305.         if ($this->userID != '' && $this->userType != '') {

  306.             global $admincachefile, $adminstyle;

  307.             if (empty($adminstyle)) $adminstyle = 'DedeBIZ';

  308.             @session_register($this->keepUserIDTag);

  309.             $_SESSION[$this->keepUserIDTag] = $this->userID;

  310.             @session_register($this->keepUserTypeTag);

  311.             $_SESSION[$this->keepUserTypeTag] = $this->userType;

  312.             @session_register($this->keepUserChannelTag);

  313.             $_SESSION[$this->keepUserChannelTag] = $this->userChannel;

  314.             @session_register($this->keepUserNameTag);

  315.             $_SESSION[$this->keepUserNameTag] = $this->userName;

  316.             @session_register($this->keepUserPurviewTag);

  317.             $_SESSION[$this->keepUserPurviewTag] = $this->userPurview;

  318.             @session_register($this->keepAdminStyleTag);

  319.             $_SESSION[$this->keepAdminStyleTag] = $adminstyle;

  320.             @session_register($this->keepUserFace);

  321.             $_SESSION[$this->keepUserFace] = $this->userFace;

  322.             PutCookie('DedeUserID', $this->userID, 3600 * 24, '/');

  323.             PutCookie('DedeLoginTime', time(), 3600 * 24, '/');

  324.             $this->ReWriteAdminChannel();

  325.             return 1;

  326.         } else {

  327.             return -1;

  328.         }

  329.     }

  330.     /**

  331.      *  重写会员权限栏目

  332.      *

  333.      * @access    public

  334.      * @return    void

  335.      */

  336.     function ReWriteAdminChannel()

  337.     {

  338.         //$this->userChannel

  339.         $cacheFile = DEDEDATA.'/cache/admincat_'.$this->userID.'.inc';

  340.         //管理员管理的栏目列表

  341.         $typeid = trim($this->userChannel);

  342.         if (empty($typeid) || $this->getUserType() >= 10) {

  343.             $firstConfig = "\$cfg_admin_channel = 'all';\r\n\$admin_catalogs = array();\r\n";

  344.         } else {

  345.             $firstConfig = "\$cfg_admin_channel = 'array';\r\n";

  346.         }

  347.         $fp = fopen($cacheFile, 'w');

  348.         fwrite($fp, '<'.'?php'."\r\n");

  349.         fwrite($fp, $firstConfig);

  350.         if (!empty($typeid)) {

  351.             $typeids = explode(',', $typeid);

  352.             $typeid = '';

  353.             foreach ($typeids as $tid) {

  354.                 $typeid .= ($typeid == '' ? GetSonIdsUL($tid) : ','.GetSonIdsUL($tid));

  355.             }

  356.             $typeids = explode(',', $typeid);

  357.             $typeidsnew = array_unique($typeids);

  358.             $typeid = join(',', $typeidsnew);

  359.             fwrite($fp, "\$admin_catalogs = array($typeid);\r\n");

  360.         }

  361.         fwrite($fp, '?'.'>');

  362.         fclose($fp);

  363.     }

  364.     /**

  365.      *  结束会员的会话状态

  366.      *

  367.      * @access    public

  368.      * @return    void

  369.      */

  370.     function exitUser()

  371.     {

  372.         ClearMyAddon();

  373.         @session_unregister($this->keepUserIDTag);

  374.         @session_unregister($this->keepUserTypeTag);

  375.         @session_unregister($this->keepUserChannelTag);

  376.         @session_unregister($this->keepUserNameTag);

  377.         @session_unregister($this->keepUserPurviewTag);

  378.         @session_unregister($this->keepUserFace);

  379.         DropCookie('dedeAdmindir');

  380.         DropCookie('DedeUserID');

  381.         DropCookie('DedeLoginTime');

  382.         $_SESSION = array();

  383.     }

  384.     /**

  385.      *  获得会员管理栏目的值

  386.      *

  387.      * @access    public

  388.      * @return    array

  389.      */

  390.     function getUserChannel()

  391.     {

  392.         if ($this->userChannel != '') {

  393.             return $this->userChannel;

  394.         } else {

  395.             return '';

  396.         }

  397.     }

  398.     /**

  399.      *  获得会员的权限值

  400.      *

  401.      * @access    public

  402.      * @return    int

  403.      */

  404.     function getUserType()

  405.     {

  406.         if ($this->userType != '') {

  407.             return $this->userType;

  408.         } else {

  409.             return -1;

  410.         }

  411.     }

  412.     function getUserFace()

  413.     {

  414.         if ($this->userFace != '') {

  415.             return $this->userFace;

  416.         } else {

  417.             return '/static/web/img/admin.png';

  418.         }

  419.     }

  420.     /**

  421.      *  获取会员权限值

  422.      *

  423.      * @access    public

  424.      * @return    int

  425.      */

  426.     function getUserRank()

  427.     {

  428.         return $this->getUserType();

  429.     }

  430.     /**

  431.      *  获得会员的id

  432.      *

  433.      * @access    public

  434.      * @return    int

  435.      */

  436.     function getUserID()

  437.     {

  438.         if ($this->userID != '') {

  439.             return $this->userID;

  440.         } else {

  441.             return -1;

  442.         }

  443.     }

  444.     /**

  445.      *  获得会员的名称

  446.      *

  447.      * @access    public

  448.      * @return    string

  449.      */

  450.     function getUserName()

  451.     {

  452.         if ($this->userName != '') {

  453.             return $this->userName;

  454.         } else {

  455.             return -1;

  456.         }

  457.     }

  458.     /**

  459.      *  会员权限表

  460.      *

  461.      * @access    public

  462.      * @return    string

  463.      */

  464.     function getPurview()

  465.     {

  466.         return $this->userPurview;

  467.     }

  468. }

  469. /**

  470.  *  获得某id的所有下级id

  471.  *

  472.  * @access    public

  473.  * @param     int   $id  栏目id

  474.  * @param     int   $channel  栏目id

  475.  * @param     int   $addthis  是否加入当前这个栏目

  476.  * @return    string

  477.  */

  478. function GetSonIdsUL($id, $channel = 0, $addthis = TRUE)

  479. {

  480.     global $cfg_Cs;

  481.     $GLOBALS['idArray'] = array();

  482.     if (!is_array($cfg_Cs)) {

  483.         require_once(DEDEDATA."/cache/inc_catalog_base.inc");

  484.     }

  485.     GetSonIdsLogicUL($id, $cfg_Cs, $channel, $addthis);

  486.     $rquery = join(',', $GLOBALS['idArray']);

  487.     return $rquery;

  488. }

  489. /**

  490.  *  递归逻辑

  491.  *

  492.  * @access    public

  493.  * @param     int  $id  栏目id

  494.  * @param     array  $sArr  缓存数组

  495.  * @param     int   $channel  栏目id

  496.  * @param     int   $addthis  是否加入当前这个栏目

  497.  * @return    string

  498.  */

  499. function GetSonIdsLogicUL($id, $sArr, $channel = 0, $addthis = FALSE)

  500. {

  501.     if ($id != 0 && $addthis) {

  502.         $GLOBALS['idArray'][$id] = $id;

  503.     }

  504.     foreach ($sArr as $k => $v) {

  505.         if ($v[0] == $id && ($channel == 0 || $v[1] == $channel)) {

  506.             GetSonIdsLogicUL($k, $sArr, $channel, TRUE);

  507.         }

  508.     }

  509. }

  510. ?>