public function actionPost() { $data = $this->getData('user'); if (!isset($data['username'])) { throw new BadRequest("USERNAME_REQUIRED"); } if (!isset($data['password'])) { throw new BadRequest("PASSWORD_REQUIRED"); } $username = $data['username']; $md5Password = md5($data['password']); $user = User::model($this->getManager()->getComponent('db')); $where = "`username`='{$username}' AND `password`='{$md5Password}'"; $userinfo = $user->where($where)->find(); if ($userinfo != null) { session_start(); $roleId = $userinfo['role_id']; $role = Role::model($this->getManager()->getComponent('db')); $roleinfo = $role->where("`id`={$userinfo['role_id']}")->find(); $_SESSION['userid'] = $userinfo['id']; $_SESSION['username'] = $userinfo['username']; $_SESSION['authtype'] = $userinfo['authtype']; $_SESSION['userrole'] = $roleinfo['name']; $_SESSION['permission'] = Json::toArray($roleinfo['permission']); return array('result' => array('success' => true, 'key' => base64_encode($username . ',' . $md5Password . ',' . session_id()))); } else { throw new BadRequest('USERNAME_PASSWORD_INCORRECT'); } }
public function validate() { // $except中指定的资源不需要认证 $rName = $this->getManager()->getRequest()->getResource(); if (!in_array($rName, $this->except)) { // 验证HTTP_KEY是否有效 if (!isset($_SERVER['HTTP_KEY'])) { throw new Unauthorized(); } $keygen = explode(',', base64_decode($_SERVER['HTTP_KEY'])); list($username, $md5Password, $sessionId) = $keygen; $sessionPath = session_save_path() == '' ? '/SmartGrid/tmp' : session_save_path(); $sessionFile = rtrim($sessionPath, '/') . '/sess_' . $sessionId; if (!file_exists($sessionFile)) { $user = User::model($this->getManager()->getComponent('db')); $where = "`username`='{$username}' AND `password`='{$md5Password}'"; $userinfo = $user->where($where)->find(); if ($userinfo == null) { throw new Unauthorized(); } session_id($sessionId); session_start(); $_SESSION['userid'] = $userinfo['id']; $_SESSION['username'] = $userinfo['username']; $_SESSION['userrole'] = $userinfo['userrole']; $_SESSION['authtype'] = $userinfo['authtype']; $_SESSION['permission'] = json_decode($userinfo['permission']); } session_id($sessionId); session_start(); } }
public function action_addMessage() { if (Request::current()->is_ajax()) { $sender_id = \Registry::getCurrentUser()->id; $user = \Model\User::model()->findByPk($sender_id); $receiver_id = $this->request->post('receiver_id'); $message = $this->request->post('message'); $session = \Model\Chat::model()->findByAttributes(['session' => $receiver_id . "#" . $sender_id]); if ($session) { $sess_send = $receiver_id . "#" . $sender_id; } else { $sess_send = $sender_id . "#" . $receiver_id; } $user_send_message = new \Model\Chat(); $user_send_message->sender_id = $sender_id; $user_send_message->receiver_id = $receiver_id; $user_send_message->message = $message; $user_send_message->session = $sess_send; $user_send_message->save(); $tplObj = \smarty\View::factory('chat' . DS . 'message_ajax'); $tplObj->assign(['item' => $user_send_message, 'session' => $sess_send, 'user' => $user]); $this->response->body($tplObj); return true; } }
public function findImages($search) { $user_id = \Registry::getCurrentUser()->iduser; $user = \Model\User::model()->findByPk($user_id); $criteria = new \DBCriteria(array('condition' => " description LIKE :match OR\n main_text LIKE :match OR\n title LIKE :match OR ", 'params' => array(':match' => "%{$search}%"))); $criteria->limit = $this->limit; $data = \Model\Pages::model()->with('idpageType')->findAll($criteria); $this->template->assign(['results' => $data, 'count_find' => count($data)]); }
public function action_Edit() { if ($item_id = \Utils\Protect::Validate($this->request->param('id'), 'int')) { \Assets::js('sight', base_UI . 'js/admin/Payments/Edit.js'); $this->addCKEditor(); $this->addBootstrapModal(); $this->addSelect2(); //Alerts BootBox \Assets::js('BootBox', base_UI . 'libs/BootBox/bootbox.js'); //Item Data $data = \Model\UserPayment::model()->with('iduser0', 'iduserCredit')->findByPk($item_id); $userCredit = \Model\UserCredit::model()->findAll(); $users = \Model\User::model()->findAll(); $this->template->assign(['data' => $data, 'userCredit' => $userCredit, 'users' => $users]); $this->response->body($this->template->fetch('admin/payments/edit.tpl')); } }
public function action_delete() { if (\Request::current()->is_ajax()) { $user_id = \Registry::getCurrentUser()->id; $value = $this->request->post('value'); $status = false; if ((int) $value == 1) { $User = \Model\User::model()->findByPk($user_id); if ($User->delete()) { $status = true; } if ($status) { $this->response->body(json_encode(['code' => 1])); } else { $this->response->body(json_encode(['code' => 0])); } } else { $User = \Model\User::model()->findByPk($user_id); $User->access_level = 0; // Deleted if ($User->save()) { $this->response->body(json_encode(['code' => 1])); } else { $this->response->body(json_encode(['code' => 0])); } } } }
public function action_register() { if (!\Request::current()->is_ajax()) { \Assets::js('register', base_UI . 'js/Auth/register.js'); $this->response->body($this->template->fetch('Auth/register.tpl')); } else { $attrs = ['email', 'pass', 'pass2', 'first_name', 'bdate']; foreach ($attrs as $item) { if (!isset($_POST[$item])) { $this->response->body(json_encode(['code' => -3])); return; } } if ($userInfo = User::model()->findByAttributes(['email' => $_POST['email']])) { $this->response->body(json_encode(['code' => -4])); return; } if ($_POST['pass'] !== $_POST['pass2']) { $this->response->body(json_encode(['code' => -1])); return; } //Create new account $_POST['last_login'] = time(); $user_id = \Auth\Base::create($_POST); if ($user_id == false) { $this->response->body(json_encode(['code' => -2])); return true; } else { $this->response->body(json_encode(['code' => true])); return true; } } }
public function chatInit() { // Init Current Chat Session $sender_id = \Registry::getCurrentUser()->id; $receiver_id = $this->request->post('receiver_id'); $user = \Model\User::model()->findByPk($sender_id); if (!$user) { $this->response->body(json_encode(['status' => -777, 'error' => 'Access Denied!'])); return true; } if ($receiver_id) { if ($receiver_id > $sender_id) { $this->chat_session = $receiver_id . "#" . $sender_id; } else { $this->chat_session = $sender_id . "#" . $receiver_id; } } }
public function action_GetJson() { $data = User::model()->findAll(); $access = new \Auth\Access(\Registry::getCurrentUser()->access_level); if ($access->get(\Auth\Access::User_Is_Admin)) { $aoColumnsData = []; /** @var $item User */ foreach ($data as $item) { $currentUserAccess = new \Auth\Access($item->access_level); $tmp = ['id' => $item->iduser, 'fio' => $item->first_name, 'email' => $item->email, 'Access' => $currentUserAccess->get(\Auth\Access::User_Login) ? 'Yes' : 'No']; $aoColumnsData[] = $tmp; } $this->response->body(json_encode(['aaData' => $aoColumnsData])); } else { throw new \HTTP_Exception_403('Admin Only'); } }
/** * @param $mail * @param $pass * @return bool|int */ public static function createSession($mail, $pass) { /** @var $userInfo User */ if (!($userInfo = User::model()->findByAttributes(['email' => $mail]))) { return -1; } //$pass = Protect::Crypt($pass.\Cookie::$salt,$userInfo->salt); $pass = Protect::Crypt($pass . $userInfo->salt, $userInfo->salt); //Если пароли не совпадают if ($pass != $userInfo->pass) { return -2; } $access = new \Auth\Access($userInfo->access_level); $isAdmin = $access->get(\Auth\Access::User_Is_Admin); $isModerator = $access->get(\Auth\Access::User_Is_Moderator); //Если юзверю не разрешено логинится /*if( !$isAdmin && !$isModerator ) { return -3; }*/ return self::startSession($userInfo); }
/** * @return bool|\Model\UserSession */ public function isGuest() { $status = \Auth\Base::Check(); if ($status == false) { return true; } else { $data = User::model()->findByPk($status->iduser); \Registry::setCurrentUser($data); return false; } }