public function registerActAction()
{
$m['username'] = $this->getParam('username');
$m['password'] = $this->getParam('password');
if (!$m['username'] || !$m['password']) {
$error = 'Username and password are required !';
$this->showError($error, 'index');
}
// Username exists ?
$where = array('username' => $m['username']);
$num = $this->m_user->Where($where)->Total();
if ($num) {
$msg = '注册名已存在, 请更换';
$this->showError($msg, 'index');
}
$userID = $this->m_user->Insert($m);
if (!$userID) {
$error = '注册失败,请重试';
$this->showError($error, 'index');
} else {
$msg = '注册成功,请登录';
$url = '/login';
}
jsAlert($msg);
jsRedirect($url);
}
public function seckillAction()
{
$eId = $this->getParam('eid');
$reqTime = $_SERVER['REQUEST_TIME'];
$eventInfo = $this->event->checkEventDate($eId, $reqTime);
if ($eventInfo == -1) {
jsAlert('该场抢购过期了,下次再来吧!');
} elseif ($eventInfo == -2) {
jsAlert('抢购还未开始,再等等吧!');
} elseif ($eventInfo == 0) {
$this->goHome();
} else {
if (is_array($eventInfo)) {
$secRow = $this->event->seckill($eventInfo['num'], $eId);
if ($secRow == -1) {
jsAlert('抢购失败,再试一次!');
} elseif ($secRow == 0) {
jsAlert("已经抢光了");
} elseif ($secRow == 1) {
jsAlert('恭喜您,抢到了!');
}
}
}
$this->goHome();
}
public function delAction()
{
$articleID = $this->getQuery('articleID');
$code = $this->m_article->DeleteById($articleID);
if (!$code) {
jsAlert('删除文章失败, 请重试');
}
$this->redirect('/user/profile');
}
public function delAction()
{
$id = $this->getParam('id');
if ($id) {
$row = $this->goodsModel->delGoodsByID($id);
}
if (false === $row) {
jsAlert('删除失败');
}
$this->goHome();
}
/**
* 函数名称:editAction
* 功能描述:载入编辑
*/
public function editAction()
{
$ruleid = $this->get('ruleid');
$groupid = $this->getSession('groupid');
$checkResult = $this->checkIsHaveAuth($ruleid, $groupid);
if ($checkResult) {
$this->addAction();
$authModel = new Admin_AuthModel();
$result = $authModel->loadEdit($ruleid);
$this->assign('editParam', $result);
} else {
jsAlert('您不具有该权限');
}
}
public function checkLoginAction()
{
$username = $this->getPost('username');
$password = $this->getPost('password');
$captcha = $this->getPost('captcha');
if (!$username || !$password || !$captcha) {
jsAlert('信息不完整!');
jsRedirect($this->homeUrl);
} else {
if (strtolower($captcha) != strtolower($this->getSession('adminCaptcha'))) {
jsAlert('验证码不正确!');
jsRedirect($this->homeUrl);
}
}
// 管理员登陆
if ($this->adminAccount == $username) {
$data = $this->m_admin->checkLogin($username, $password);
} else {
// 普通角色登陆
$data = $this->m_role->checkRole($username, $password);
}
if (!$data) {
// Login fail
$log['status'] = 0;
jsAlert('账号或密码不正确!');
jsRedirect($this->homeUrl);
} else {
// Login OK, log this action and find privileges
$this->setSession('adminID', $data['id']);
$this->setSession('adminName', $username);
// admin 拥有所有的权限
if ($this->adminAccount == $username) {
$this->setSession('priv', 'ALL');
} else {
// 不是管理员, 记录其 roleID, 用于查找权限
// 1: 取得登录的角色所拥有的权限
$priv = $this->m_role->getPrivilegeByRoleID($data['id']);
// 如果角色没有分配到任何权限, 提示, 并且退出, 有则 SESSION 记录其所有的权限,供进一步处理
if (!$priv['privilege']) {
jsAlert('您还没有任何权限, 请联系管理员!');
jsRedirect($this->homeUrl);
} else {
$this->setSession('priv', $priv);
}
}
}
jsRedirect('/admin/index/main');
}
public function registerActAction()
{
$m['username'] = $this->getPost('username');
$m['password'] = $this->getPost('password');
if (!$m['username'] || !$m['password']) {
$error = 'Username and password are required !';
$this->showError($error, 'index');
}
$userID = $this->m_user->Insert($m);
if (!$userID) {
$error = '注册失败,请重试';
$this->showError($error, 'index');
} else {
$msg = '注册成功,请登录';
$url = '/login';
}
jsAlert($msg);
jsRedirect($url);
}
public function resetActAction()
{
$t = $this->getPost('t');
$m = array();
$m['password'] = md5($t['newPass']);
if ($this->adminAccount == $_SESSION['adminName']) {
$where = array('username' => $_SESSION['adminName']);
$data = $this->load('Admin')->Where($where)->UpdateOne($m);
}
if ($data !== FALSE) {
unset($_SESSION['admin'], $_SESSION['priv'], $_SESSION['adminID'], $_SESSION['adminName']);
$msg = '密码修改成功,请重新登录!';
$url = '/admin/login';
} else {
$msg = '密码修改失败!';
$url = '/admin/index/reset';
}
jsAlert($msg);
jsRedirect($url);
}
/**
* 函数名称:gotoURL
* 功能描述:js跳转并提示信息
* @param string $message
* @param string $URL
*/
function gotoURL($message = '', $URL = '')
{
if (!isset($URL)) {
$URL = $_SERVER['HTTP_REFERER'];
}
if (isset($message)) {
jsAlert($message);
}
echo "<script type='text/javascript'>window.location.href='{$URL}'</script>";
}
public function profileActAction()
{
$m['realname'] = $this->getPost('realname');
$m['provinceID'] = $this->getPost('areaProvince');
$m['cityID'] = $this->getPost('areaCity');
$m['regionID'] = $this->getPost('areaRegion');
$m['province'] = $this->load('Province')->getProvinceNameByID($m['provinceID']);
$m['city'] = $this->load('City')->getCityNameByID($m['cityID']);
if ($m['regionID']) {
$m['region'] = $this->load('Region')->getRegionNameByID($m['regionID']);
}
$code = $this->m_user->UpdateByID($m, USER_ID);
// Upload avatar if selected
if ($_FILES['avatar']['name']) {
Helper::import('File');
Yaf_Loader::import('L_Upload.class.php');
$fileName = CUR_TIMESTAMP;
$up = new L_Upload($_FILES['avatar'], UPLOAD_PATH . '/');
$result = $up->upload($fileName);
if ($result == 1) {
$m['avatar'] = $fileName . '.' . $up->extension;
$this->m_user->UpdateByID($m, USER_ID);
} else {
jsAlert($result);
}
}
if (FALSE === $code && $result != 1) {
jsAlert('编辑个人信息失败, 请重试');
}
$this->redirect('/user/profile/edit');
}
public function delAction()
{
$id = $this->getParam('id');
if ($id) {
$this->eventsModel->beginTransaction();
//删除场次,将剩余数量恢复到总剩余库存中
$oldEvents = $this->eventsModel->SelectByID(array('goods_id', 'num'), $id);
if ($oldEvents['num']) {
$fields = array('current_stock');
$goodsData = $this->goodsModel->getGoodsByID($fields, $oldEvents['goods_id']);
$this->goodsModel->updateCurrentStockByGoodsID($oldEvents['goods_id'], $goodsData['current_stock'] + $oldEvents['num']);
}
$eventsRow = $this->eventsModel->delEventsByID($id);
if ($eventsRow) {
$this->eventsModel->Commit();
} else {
$this->eventsModel->Rollback();
jsAlert('删除失败');
}
}
$this->goHome();
}
// invoke OnManagerAuthentication event
$rt = $modx->invokeEvent("OnManagerAuthentication", array("userid" => $internalKey, "username" => $username, "userpassword" => $givenPassword, "savedpassword" => $dbasePassword, "rememberme" => $rememberme));
// check if plugin authenticated the user
if (!$rt || is_array($rt) && !in_array(TRUE, $rt)) {
// check user password - local authentication
if ($dbasePassword != md5($givenPassword)) {
jsAlert($e->errors[901]);
$newloginerror = 1;
}
}
if ($use_captcha == 1) {
if (!isset($_SESSION['veriword'])) {
jsAlert('Captcha is not configured properly.');
return;
} elseif ($_SESSION['veriword'] != $captcha_code) {
jsAlert($e->errors[905]);
$newloginerror = 1;
}
}
if ($newloginerror) {
//increment the failed login counter
$failedlogins += 1;
$sql = "update {$dbase}.`" . $table_prefix . "user_attributes` SET failedlogincount='{$failedlogins}' where internalKey={$internalKey}";
$rs = mysql_query($sql);
if ($failedlogins >= $failed_allowed) {
//block user for too many fail attempts
$sql = "update {$dbase}.`" . $table_prefix . "user_attributes` SET blockeduntil='" . (time() + $blocked_minutes * 60) . "' where internalKey={$internalKey}";
$rs = mysql_query($sql);
} else {
//sleep to help prevent brute force attacks
$sleep = (int) $failedlogins / 2;
/**
* Assign or update privilege action
*/
public function assignActAction()
{
// 1: 取得选择的权限
$finalArr = array();
foreach ($_POST as $key => $val) {
if (is_array($val)) {
foreach ($val as $k => $v) {
$finalArr[] = $v;
}
}
}
$roleID = $this->getPost('roleID');
$privilege = implode(',', $finalArr);
$data = $this->m_role->updatePrivilegeByRoleID($roleID, $privilege);
if ($data === FALSE) {
jsAlert('更新权限失败');
}
jsRedirect($this->homeUrl);
}
if ($dbasePassword != md5($givenPassword)) {
jsAlert($_lang["login_processor_wrong_password"]);
$newloginerror = 1;
} else {
$field = array();
$field['password'] = $modx->manager->genHash($givenPassword, $internalKey);
$modx->db->update($field, $tbl_manager_users, "username='******'");
}
}
}
if ($use_captcha == 1) {
if (!isset($_SESSION['veriword'])) {
jsAlert($_lang["login_processor_captcha_config"]);
return;
} elseif ($_SESSION['veriword'] != $captcha_code) {
jsAlert($_lang["login_processor_bad_code"]);
$newloginerror = 1;
}
}
if ($newloginerror) {
//increment the failed login counter
$failedlogins += 1;
$fields = array('failedlogincount' => $failedlogins);
if ($failedlogins >= $failed_allowed) {
//block user for too many fail attempts
$fields['blockeduntil'] = time() + $blocked_minutes * 60;
}
$modx->db->update($fields, $tbl_user_attributes, "internalKey='{$internalKey}'");
if ($failedlogins < $failed_allowed) {
//sleep to help prevent brute force attacks
$sleep = (int) $failedlogins / 2;
public function staticAction()
{
jsAlert('该菜单功能没有实现,只用于演示多个子菜单如何添加');
jsRedirect('/admin/article');
}
public function checkLoginAction()
{
$username = $this->getPost('username');
$password = $this->getPost('password');
if (!$username || !$password) {
jsAlert('信息不完整!');
jsRedirect($this->homeUrl);
}
// 管理员登陆
if (SUPER_ADMIN == $username) {
$data = $this->m_admin->checkLogin($username, $password);
} else {
// 普通角色登陆
$data = $this->m_role->checkRole($username, $password);
}
if (!$data) {
// Login fail
$log['status'] = 0;
jsAlert('账号或密码不正确!');
jsRedirect($this->homeUrl);
} else {
// Login OK, log this action and find privileges
$this->setSession('adminID', $data['id']);
$this->setSession('adminName', $username);
// admin 拥有所有的权限
if (SUPER_ADMIN == $username) {
$this->setSession('priv', 'ALL');
} else {
// 不是管理员, 记录其 roleID, 用于查找权限
// 1: 取得登录的角色所拥有的权限
$priv = $this->m_role->getPrivilegeByRoleID($data['id']);
// 如果角色没有分配到任何权限, 提示, 并且退出, 有则 SESSION 记录其所有的权限,供进一步处理
if (!$priv['privilege']) {
jsAlert('您还没有任何权限, 请联系管理员!');
jsRedirect($this->homeUrl);
} else {
$this->setSession('priv', $priv);
}
}
}
// Privileges
include APP_PATH . '/application/modules/Admin/menu.php';
if (SUPER_ADMIN != $this->getSession('adminName')) {
$priv = $this->getSession('priv');
$priv = explode(',', $priv['privilege']);
// 1: 与大菜单对比, 删除会员没有权限的菜单
foreach ($menu as $k => $v) {
foreach ($v as $kk => $vv) {
if (is_array($vv)) {
foreach ($vv as $kkk => $vvv) {
if (!in_array($kkk, $priv)) {
unset($menu[$k][$kk][$kkk]);
}
}
}
}
}
// 2: 进一步处理: 删除没有子菜单的项
foreach ($menu as $k => $v) {
if (!$v['sub']) {
unset($menu[$k]);
}
}
}
$this->setSession('menu', $menu);
jsRedirect('/admin/dashboard');
}
