protected function _initialize() { parent::_initialize(); $this->assign("user", session("global_user")); //当前一级导航激活menu if (I('get.activemenuid', 0) !== 0) { session('activemenuid', I('get.activemenuid')); session('activesubmenuid', 0); } //当前三级导航 if (I('get.activesubmenuid', 0) !== 0) { session('activesubmenuid', I('get.activesubmenuid')); } //获取配置 $this->getConfig(); //对页面一些配置赋值 $this->assignPageVars(); // 是否是超级管理员 define('IS_ROOT', is_administrator()); // 当前用户的菜单 $this->get_current_usermenu(); //检测IP是否受限制 $this->checkAllowIP(); //定义版本 if (defined("APP_DEBUG") && APP_DEBUG) { define("APP_VERSION", time()); } else { define("APP_VERSION", C('APP_VERSION')); } //权限检测 // if ($this -> checkAuthority() === false) { // $this -> error(L('ERR_NO_PERMISSION')); // } }
/** * 禁用 */ public function disable() { if (is_administrator(I('uid', 0))) { $this->error("禁止对超级管理员进行禁用操作!"); } parent::disable("uid"); }
public function beAdmin() { if (!is_login()) { $this->error(L('_ERROR_PLEASE_LOGIN_BEFORE_APPLY_') . L('_PERIOD_')); } $this->checkAuth(null, -1, L('_INFO_AUTHORITY_LACK_FOR_PRESENTER_')); $tid = I('tid', 0, 'intval'); $topicModel = D('Topic'); $topic = $topicModel->find($tid); if ($topic) { if ($topic['uadmin']) { //已经存在管理员 $this->error(L('_FAIL_APPLY_') . L('_PERIOD_')); } else { if (is_administrator() || check_auth('Weibo/Topic/beAdmin')) { $topic['uadmin'] = is_login(); $result = $topicModel->save($topic); if ($result) { $this->success(L('_SUCCESS_BECOME_PRESENTER_') . L('_PERIOD_'), 'refresh'); } else { $this->error(L('_FAIL_OPERATION_') . L('_PERIOD_')); } } else { $this->error(L('_ERROR_AUTHORITY_LACK_FOR_APPLY_PRESENTER_') . L('_PERIOD_')); } } } else { $this->error(L('_ERROR_TOPIC_INEXISTENT_') . L('_PERIOD_')); } }
/** * 显示指定模型列表数据 */ public function lists() { if (!is_administrator($this->mid)) { redirect(addons_url('UserCenter://UserCenter/lists')); } // 获取模型信息 $model = $this->model; // 搜索条件 $mp_ids = M('public_link')->where("uid='{$this->mid}'")->getFields('mp_id'); $map['id'] = 0; if (!empty($mp_ids)) { $map['id'] = $map3['mp_id'] = array('in', $mp_ids); $list = M('public_link')->where($map3)->group('mp_id')->field('mp_id,count(1) as num')->select(); foreach ($list as $vo) { $countArr[$vo['mp_id']] = $vo['num']; } } // 读取模型数据列表 $name = parse_name(get_table_name($model['id']), true); $data = M($name)->field(true)->where($map)->order($order)->select(); foreach ($data as $d) { $d['count'] = $countArr[$d['id']]; $d['is_creator'] = $d['uid'] == $this->mid ? 1 : 0; $listArr[$d['is_creator']][] = $d; } $list_data['list_data'] = $listArr; $this->assign($list_data); $this->display('Publics/lists'); }
function check_access($name = NULL, $value = NULL) { // This script takes no inputs. Checks if user has access rights to the page if (!is_administrator($name, $value)) { switch (basename($_SERVER['PHP_SELF'])) { // Check current page: case 'add_post.php': $action = 'add a post'; break; case 'delete_post.php': $action = 'delete a post'; break; case 'edit_post.php': $action = 'edit a post'; break; case 'categories.php': $action = 'manage categories'; break; default: $action = 'have admin rights'; } print '<div class="well"><h2>Access Denied!</h2> <p class="lead">Please <a href="login.php">log in</a> if you want to ' . $action . '.</p>'; include 'common/footer.html'; exit; } }
/** * 后台控制器初始化 */ protected function _initialize() { // 获取当前用户ID if (defined('UID')) { return; } define('UID', is_login()); if (!UID) { // 还没登录 跳转到登录页面 $this->redirect('Public/login'); } /* 读取数据库中的配置 */ $config = S('DB_CONFIG_DATA'); if (!$config) { $config = D('Config')->lists(); S('DB_CONFIG_DATA', $config); } C($config); //添加配置 // 是否是超级管理员 define('IS_ROOT', is_administrator()); if (!IS_ROOT && C('ADMIN_ALLOW_IP')) { // 检查IP地址访问 if (!in_array(get_client_ip(), explode(',', C('ADMIN_ALLOW_IP')))) { $this->error('403:禁止访问'); } } }
public function beAdmin() { if (!is_login()) { $this->error('必须先登录才能申请成为主持人。'); } $this->checkAuth(null, -1, '没有权限成为主持人'); $tid = I('tid', 0, 'intval'); $topicModel = D('Topic'); $topic = $topicModel->find($tid); if ($topic) { if ($topic['uadmin']) { //已经存在管理员 $this->error('已经有人捷足先登了呢。申请没有成功。'); } else { if (is_administrator() || check_auth('Weibo/Topic/beAdmin')) { $topic['uadmin'] = is_login(); $result = $topicModel->save($topic); if ($result) { $this->success('恭喜,您已抢先成为本话题的主持人。', 'refresh'); } else { $this->error('抱歉,操作失败。可能是数据库原因导致。请联系管理员。'); } } else { $this->error('抱歉,您无权申请成为话题主持人。'); } } } else { $this->error('抱歉,此话题不存在。'); } }
public function _initialize() { /* 获取用户ID */ define('UID', is_login()); /* 判断是否登录 */ if (!UID) { $this->redirect('Public/login'); } /* 判断是否为超级管理员 */ define('IS_ROOT', is_administrator()); /* 检测访问权限 */ $access = $this->accessControl(); if ($access === false) { R('Empty/index'); } elseif ($access === NULL) { /* 检测分类栏目有关的各项动态权限 */ $dynamic = $this->checkDynamic(); if ($dynamic === NULL) { /* 检测非动态权限 */ $rule = strtolower(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME); if (!$this->checkRule($rule)) { R('Empty/index'); } } elseif ($dynamic === false) { R('Empty/index'); } } }
/** * 后台控制器初始化 */ protected function _initialize() { // 获取当前用户ID define('UID', is_login()); if (!UID) { // 还没登录 跳转到登录页面 $this->redirect('Public/login'); } // 是否是超级管理员 define('IS_ROOT', is_administrator()); if (!IS_ROOT && C('ADMIN_ALLOW_IP')) { // 检查IP地址访问 if (!in_array(get_client_ip(), explode(',', C('ADMIN_ALLOW_IP')))) { $this->error('403:禁止访问'); } } // 检测访问权限 $access = $this->accessControl(); if ($access === false) { $this->error('403:禁止访问'); } elseif ($access === null) { $dynamic = $this->checkDynamic(); //检测分类栏目有关的各项动态权限 if ($dynamic === null) { //检测非动态权限 $rule = strtolower(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME); if (!$this->checkRule($rule, array('in', '1,2'))) { $this->error('未授权访问!'); } } elseif ($dynamic === false) { $this->error('未授权访问!'); } } $this->assign('__MENU__', $this->getMenus()); }
/** * 后台控制器初始化 */ protected function _initialize() { // 获取当前用户ID if (defined('UID')) { return; } $user = get_user(); if (!$user) { $this->redirect('Other/Public/login?type=miss_token'); } $this->_user = $user; define('UID', $user['uid']); if (!session('admin_login')) { // 缓存用户信息 session('user_auth', ['uid' => $user['uid'], 'uname' => $user['uname']]); session('admin_login', true); } // 是否是超级管理员 define('IS_ROOT', is_administrator()); // 检测系统权限 if (!IS_ROOT) { $access = $this->accessControl(); if (false === $access) { $this->error('403:禁止访问'); } elseif (null === $access) { // 检测访问权限 $rule = strtolower(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME); if (!$this->checkRule($rule, array('in', '1,2'))) { $this->error('未授权用户:' . $user['uname']); } else { // 检测分类及内容有关的各项动态权限 $dynamic = $this->checkDynamic(); if (false === $dynamic) { $this->error('未授权用户:' . $user['uname']); } } } } // 初始化数据表 $this->_table = $this->_table ?: str_replace('/', '_', CONTROLLER_NAME); $this->assign('__MENU__', $this->getMenus()); $this->assign('_node_name', $this->_node_name); // 初始化通知 $notificationModel = new \Common\Model\SystemNotificationModel(); $notificationModel->updateStatus() or system_warn($notificationModel->getError()); $type = session('SYSTEM_NOTIFICATION_TYPE'); if (!is_array($type)) { $type = []; foreach (D('SystemNotification')->type_config as $key => $config) { if (check_auth($config[2])) { $type[] = $key; } } session('SYSTEM_NOTIFICATION_TYPE', $type); } $this->assign('notification_is_allow', check_auth('system/notification')); $this->assign('notification', $type ? M('SystemNotification')->where(['is_read' => 0, 'type' => ['in', $type]])->count() : 0); $this->_log(); }
public function edit($id = 0, $lid = 0, $floor = 0, $lname = '', $address = '', $area = 0, $shi = 0, $ting = 0, $wei = 0, $totalprice = 0, $charge = 0, $description = '', $pics = '', $kanfang_charge = 0, $files = '') { $id = intval($id); if (IS_POST) { $data['lid'] = 0; //个人房源没有所属楼盘 $data['floor'] = intval($floor); $data['lname'] = text($lname); $data['address'] = text($address); $data['area'] = $area; $data['shi'] = intval($shi); $data['ting'] = intval($ting); $data['wei'] = intval($wei); $data['totalprice'] = intval($totalprice); $data['charge'] = intval($charge); $data['kanfang_charge'] = intval($kanfang_charge); $data['description'] = text($description); $data['type'] = 0; //标记为个人房源 $data['uid'] = $this->mid; $data['status'] = 1; $data['pics'] = $pics; $data['files'] = $files; //为了优化搜索,此处添加title冗余,并添加索引 $data['title'] = $data['lname'] . ' ' . $data['floor'] . '楼 ' . $data['area'] . '平 ' . $data['shi'] . '室 ' . $data['totalprice'] . '万'; if ($id) { $data['id'] = $id; //编辑一个房源 if (!($this->mid == $this->d_object->where(array('id' => $data['id']))->getField('uid')) && !is_administrator()) { $this->error('对不起,您的权限不足'); } $data['uptime'] = time(); if ($this->d_object->savePic($id, $data['pics']) || $this->d_object->save($data)) { $this->ajaxReturnHandle(1, '编辑房源成功', U('object/index')); } else { $this->ajaxReturnHandle(0, '编辑房源失败'); } } else { //新增一个房源 $data['createtime'] = time(); if ($id = $this->d_object->add($data)) { $this->d_object->savePic($id, $data['pics']); $this->ajaxReturnHandle(1, '新增房源成功', U('object/index')); } else { $this->ajaxReturnHandle(0, '新增房源失败'); } } } else { if ($id) { $data = $this->d_object->alias('a')->field('a.*,group_concat(b.pid) as pics')->join('__OBJECT_PIC__ b on a.id = b.oid')->find($id); $this->assign('data', $data); $this->display(); } else { $this->display(); } } }
/** * 后台控制器初始化 */ protected function _initialize() { // 修复 编辑公众号等级插件权限的”好人“、”环境“bug $addons = M('addons')->where(array('status' => 1))->field('id,title')->select(); $tmpStr = ""; foreach ($addons as $k => $v) { $tmpStr .= $v['id'] . ":" . $v['title'] . "\r\n"; } M('attribute')->where(array('name' => 'addon_status'))->save(array('extra' => $tmpStr)); // 修复bug end 2015/3/27 艾逗笔 // 获取当前用户ID if (defined('UID')) { return; } define('UID', is_login()); if (!UID) { // 还没登录 跳转到登录页面 $this->redirect('Public/login'); } /* 读取数据库中的配置 */ $config = S('DB_CONFIG_DATA'); if (!$config) { $config = api('Config/lists'); S('DB_CONFIG_DATA', $config); } C($config); //添加配置 // 是否是超级管理员 define('IS_ROOT', is_administrator()); if (!IS_ROOT && C('ADMIN_ALLOW_IP')) { // 检查IP地址访问 if (!in_array(get_client_ip(), explode(',', C('ADMIN_ALLOW_IP')))) { $this->error('403:禁止访问'); } } // 检测系统权限 if (!IS_ROOT) { $access = $this->accessControl(); if (false === $access) { $this->error('403:禁止访问'); } elseif (null === $access) { //检测访问权限 $rule = strtolower(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME); if (!checkRule($rule)) { $this->error('未授权访问!'); } else { // 检测分类及内容有关的各项动态权限 $dynamic = $this->checkDynamic(); if (false === $dynamic) { $this->error('未授权访问!'); } } } } $this->assign('__MENU__', $this->getMenus()); }
/** * 后台控制器初始化 */ protected function _initialize() { // 获取当前用户ID define('UID', is_login()); if (!UID) { // 还没登录 跳转到登录页面 $this->redirect('Public/login'); } /* 读取数据库中的配置 */ $config = S('DB_CONFIG_DATA'); if (!$config) { $config = api('Config/lists'); S('DB_CONFIG_DATA', $config); } C($config); //添加配置 // 是否是超级管理员 define('IS_ROOT', is_administrator()); if (!IS_ROOT && C('ADMIN_ALLOW_IP')) { // 检查IP地址访问 if (!in_array(get_client_ip(), explode(',', C('ADMIN_ALLOW_IP')))) { $this->error('403:禁止访问'); } } // 检测访问权限 $access = $this->accessControl(); if ($access === false) { $this->error('403:禁止访问'); } elseif ($access === null) { $dynamic = $this->checkDynamic(); //检测分类栏目有关的各项动态权限 if ($dynamic === null) { //检测非动态权限 $rule = strtolower(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME); if (!$this->checkRule($rule, array('in', '1,2'))) { $this->error('未授权访问!'); } } elseif ($dynamic === false) { $this->error('未授权访问!'); } } /** * 芒果智能 左侧菜单 * @return control * @author Kevin */ if (strtolower(CONTROLLER_NAME) !== 'think') { cookie('amangocontroller', CONTROLLER_NAME); } $controller = cookie('amangocontroller') ? cookie('amangocontroller') : CONTROLLER_NAME; //dump($controller);die; $this->assign('__MENU__', $this->getMenus($controller)); //dump($controller));die; }
/** * 后台用户登录 */ public function login($account = null, $password = null, $verify = null) { if (IS_POST) { if (!check_verify($verify)) { $this->error('验证码输入错误!'); } $where['mobile'] = $account; $userModel = D('User'); $user = $userModel->field('uid,uname,password,salt,status')->where($where)->find() or $this->error('此账号不存在!'); $userModel->password($password, $user['salt']) == $user['password'] or $this->error('登录密码错误!'); $user['status'] > 0 or $this->error('此账号已被禁用!'); $userModel->login_success($user['uid'], $user['uname']); $uid = $user['uid']; $_POST['password'] = '******'; action_log('系统', '登录'); if (is_administrator($uid)) { $this->success('登录成功!', '/'); exit; } // 检查是否有首页权限,若没有,则跳转到第一个有权限的页面去 $rule_ids = []; $rules = M()->table('zj_system_auth_group g')->join('zj_system_auth_group_access ga ON g.id=ga.group_id')->where('g.status=1 AND ga.uid=' . $uid)->getField('rules', true); if ($rules) { foreach ($rules as $rule) { if ($rule) { $rule_ids = array_merge($rule_ids, explode(',', $rule)); } } } $rule_ids or $this->error('此账号无管理员权限!'); $rules = M('system_auth_rule')->where(['id' => ['in', $rule_ids], 'status' => 1])->getField('name', true) or $this->error('此账号无有效权限!'); // 获取首页地址 if (in_array('Admin/Index/index', $rules)) { $next = '/'; } else { $next = U(substr($rules[0], 6)); foreach ($rules as $rule) { if (strpos($rule, 'index')) { $next = U(substr($rule, 6)); break; } } } // 输出地址 $this->success('登录成功!', $next); } else { if (is_login()) { $this->redirect('/'); } else { C('COLOR_STYLE', 'default_color'); $this->display('Public/login'); } } }
public function getComment($id) { /* $comment = S('weibo_comment_'.$id); if(!$comment){*/ $comment = $this->find($id); $comment['content'] = parse_comment_content($comment['content']); $comment['user'] = query_user(array('uid', 'nickname', 'avatar32', 'avatar64', 'avatar128', 'avatar256', 'avatar512', 'space_url', 'icons_html', 'rank_link', 'score', 'title', 'weibocount', 'fans', 'following'), $comment['uid']); /* S('weibo_comment_'.$id,$comment); }*/ $comment['can_delete'] = is_administrator(is_login()) || $comment['uid'] == is_login(); return $comment; }
private function canDeleteWeibo($weibo) { //如果是管理员,则可以删除微博 if (is_administrator(get_uid()) || check_auth('deleteWeibo')) { return true; } //如果是自己发送的微博,可以删除微博 if ($weibo['uid'] == get_uid()) { return true; } //返回,不能删除微博 return false; }
/** * 后台控制器初始化 */ protected function _initialize() { // 获取当前用户ID if (defined('UID')) { return; } define('UID', is_login()); if (!UID) { // 还没登录 跳转到登录页面 $this->redirect('Public/login'); } /* 读取数据库中的配置 */ if (!APP_DEBUG) { $config = S('DB_CONFIG_DATA'); } if (!$config) { $config = api('Config/lists'); S('DB_CONFIG_DATA', $config); } C($config); //添加配置 self::initWeChat(); // 是否是超级管理员 define('IS_ROOT', is_administrator()); if (!IS_ROOT && C('ADMIN_ALLOW_IP')) { // 检查IP地址访问 if (!in_array(get_client_ip(), explode(',', C('ADMIN_ALLOW_IP')))) { $this->error('403:禁止访问'); } } // 检测系统权限 if (!IS_ROOT) { $access = $this->accessControl(); if (false === $access) { $this->error('403:禁止访问'); } elseif (null === $access) { //检测访问权限 $rule = strtolower(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME); if (!$this->checkRule($rule, array('in', '1,2'))) { $this->error('未授权访问!'); } else { // 检测分类及内容有关的各项动态权限 $dynamic = $this->checkDynamic(); if (false === $dynamic) { $this->error('未授权访问!'); } } } } //$this->assign('__MENU__', $this->getMenus()); }
/** * 后台控制器初始化 */ protected function _initialize() { // 获取当前用户ID define('UID', is_login()); if (!UID) { // 还没登录 跳转到登录页面 $this->redirect('Public/login'); } /* 读取数据库中的配置 */ $config = S('DB_CONFIG_DATA'); if (!$config) { $config = api('Config/lists'); S('DB_CONFIG_DATA', $config); } C($config); //添加配置 // 是否是超级管理员 define('IS_ROOT', is_administrator()); if (!IS_ROOT && C('ADMIN_ALLOW_IP')) { // 检查IP地址访问 if (!in_array(get_client_ip(), explode(',', C('ADMIN_ALLOW_IP')))) { $this->error('403:禁止访问'); } } // 检测访问权限 $access = $this->accessControl(); if ($access === false) { //除了超级管理员而外,不允许任何管理员访问 $this->error('403:禁止访问'); } elseif ($access === null) { // 允许任何人访问 $dynamic = $this->checkDynamic(); //检测分类栏目有关的各项动态权限 if ($dynamic === null) { //检测非动态权限 $rule = strtolower(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME); if (!$this->checkRule($rule, array('in', '1,2'))) { $this->error('未授权访问!'); } } elseif ($dynamic === false) { $this->error('未授权访问!'); } } $this->assign('__MANAGE_COULD__', $this->checkRule('admin/module/lists', array('in', '1,2'))); $this->assign('__MENU__', $this->getMenus()); $this->assign('__MODULE_MENU__', $this->getModules()); $this->getReport(); }
/** * 业务列表 * @author 温开元<wenkaiyuan.6@163.com 594164084@qq.com> */ public function index() { $title = I('title'); $map['status'] = array('egt', 0); $map['title'] = array('like', '%' . (string) $title . '%'); if (!is_administrator()) { $map['belong_member_id'] = is_login(); } $list = $this->lists('Business', $map); int_to_string($list); // 记录当前列表页的cookie Cookie('__forward__', $_SERVER['REQUEST_URI']); $this->assign('_list', $list); $this->meta_title = '业务列表'; $this->display(); }
/** * 我的群组 */ public function myGroup() { $Group = D('Group')->where(array('status' => 1, 'uid' => is_login()))->order('create_time desc,member_count desc')->select(); foreach ($Group as &$v) { $v['user'] = query_user(array('nickname', 'avatar64'), $v['uid']); $v['logo'] = getThumbImageByCoverId($v['logo'], 200, 200); if (is_login() == $v['uid'] || is_administrator(get_uid())) { $v['is_login'] = 1; } else { $v['is_login'] = 0; } } // dump($Group);exit; $this->assign('group', $Group); $this->display(T('Application://Mob@group/index')); }
protected function _initialize() { define('UID', is_login()); if (!UID) { $this->redirect('Public/login'); } $this->login_user = $login_user = session('user_auth'); if (is_developer()) { $developer = array('developer' => 1); $this->login_user = array_merge($this->login_user, $developer); } $user_info = D('User')->getUserById($login_user['uid']); $this->login_user = array_merge($this->login_user, $user_info); // 是否是超级管理员 define('IS_ROOT', is_administrator() || is_developer()); if (!IS_ROOT && C('ADMIN_ALLOW_IP')) { // 检查IP地址访问 if (!in_array(get_client_ip(), explode(',', C('ADMIN_ALLOW_IP')))) { $this->error('403:禁止访问'); } } // 检测访问权限 // $access = $this->accessControl(); // if ( $access === false ) { // $this->error('403:禁止访问'); // }elseif( $access === null ) { // $dynamic = $this->checkDynamic();//检测分类栏目有关的各项动态权限 // if( $dynamic === null ){ // //检测非动态权限 // $rule = strtolower(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME); // if ( !$this->checkRule($rule,array('in','1,2')) ){ // $this->error('未授权访问!'); // } // }elseif( $dynamic === false ){ // $this->error('未授权访问!'); // } // } // $this->assign('__MENU__', $this->getMenus()); //如果给了参数developer_mode=1,则为developer模式 $developer_mode = I('get.developer_mode', '', 'intval'); if ($developer_mode == 1) { session('developer_mode', true); } }
public function lists() { if (!is_administrator($this->mid)) { redirect(addons_url('UserCenter://UserCenter/lists')); } // $this->assign ( 'add_button', false ); $this->assign('search_url', U('lists')); $model = $this->getModel('keyword'); $page = I('p', 1, 'intval'); // 默认显示第一页数据 // 解析列表规则 $list_data = $this->_list_grid($model); $fields = $list_data['fields']; // foreach ( $list_data ['list_grids'] as &$vo ) { // if (isset ( $vo ['href'] )) { // $vo ['href'] = '[DELETE]|删除'; // } // } // 搜索条件 $map = $this->_search_map($model, $fields); $map['token'] = get_token(); $row = empty($model['list_row']) ? 20 : $model['list_row']; empty($fields) || in_array('id', $fields) || array_push($fields, 'id'); $name = parse_name(get_table_name($model['id']), true); $list_data['list_data'] = M($name)->field(empty($fields) ? true : $fields)->where($map)->order('id DESC')->page($page, $row)->select(); // 分页 $count = M($name)->where($map)->count(); if ($count > $row) { $page = new \Think\Page($count, $row); $page->setConfig('theme', '%FIRST% %UP_PAGE% %LINK_PAGE% %DOWN_PAGE% %END% %HEADER%'); $list_data['_page'] = $page->show(); } $addons = M('addons')->where("type=1")->field('name,title')->select(); foreach ($addons as $a) { $addonsArr[$a['name']] = $a['title']; } foreach ($list_data['list_data'] as &$vo) { $vo['addon'] = $addonsArr[$vo['addon']]; } $this->assign($list_data); // dump($list_data); $this->display('Addons/lists'); }
public function _initialize() { parent::_initialize(); //菜单后数量 $maps = array(); $maps['uid'] = array('EXP', 'IS NULL'); $wrl_count = M('Ask')->where($maps)->count(); $_SESSION["menu_nums"]["未认领"] = $wrl_count; $maps = array(); $children = M("Member")->where(array("pid" => UID))->select(); $uid_array = array(); $uid_array[] = UID; if (!empty($children)) { foreach ($children as $key => $value) { $uid_array[] = $value["uid"]; } } $maps['uid'] = array("in", implode(",", $uid_array)); $this->uid_array = $uid_array; $maps['status'] = array("eq", 0); $dsh_count = M('Ask')->where($maps)->count(); $_SESSION["menu_nums"]["待审批"] = $dsh_count; $maps['status'] = array("eq", 1); $blz_count = M('Ask')->where($maps)->count(); $_SESSION["menu_nums"]["办理中"] = $blz_count; $maps['status'] = array('in', '4'); $ydf_count = M('Ask')->where($maps)->count(); $_SESSION["menu_nums"]["已回复"] = $ydf_count; $maps['status'] = array("eq", 60); $thcb_count = M('Ask')->where($maps)->count(); $_SESSION["menu_nums"]["退回重办"] = $thcb_count; $xbwt_count = M("Assist")->where(array("pid" => UID, "reply" => array('EXP', 'IS NULL')))->count(); $_SESSION["menu_nums"]["协办问题"] = $xbwt_count; $maps = array(); $maps['status'] = array("eq", 10); $unpass_count = M('Ask')->where($maps)->count(); $_SESSION["menu_nums"]["审批未通过"] = $unpass_count; $this->group_id = $_SESSION["onethink_admin"]["user_auth"]["group_id"]; if (is_administrator($uid)) { $this->group_id = 1; } $this->assign('group_id', $this->group_id); }
public function edit() { $id = intval(I('param.id')); $d_ask = D('Ask'); if (IS_POST) { $data = $d_ask->create(); if ($id) { $data['id'] = $id; //编辑一个房源 if (!($this->mid == $this->d_ask->where(array('id' => $data['id']))->getField('uid')) && !is_administrator()) { $this->error('对不起,您的权限不足'); } $data['uptime'] = time(); $data['status'] = 1; if ($this->d_ask->save($data)) { $this->ajaxReturnHandle(1, '编辑需求成功', U('home/object/index', array('uid' => $this->mid))); } else { $this->ajaxReturnHandle(0, '编辑需求失败'); } } else { //新增一个房源 $data['uid'] = $this->mid; $data['createtime'] = $data['uptime'] = time(); $data['status'] = 1; if ($id = $this->d_ask->add($data)) { $this->ajaxReturnHandle(1, '新增需求成功', U('home/object/index', array('uid' => $this->mid))); } else { $this->ajaxReturnHandle(0, '新增需求失败'); } } } else { if ($id) { $data = $d_ask->getDetail($id); $data['cbd'] = get_whole_address($data['bid']); //根据cbd,找到其父菜单 $data['cbd']['property'] = $data['fid']; $this->assign('data', $data); $this->display(); } else { $this->display(); } } }
/** * 后台控制器初始化 */ protected function _initialize() { // 获取当前用户ID define('UID', is_admin_login()); if (!UID) { // 还没登录 跳转到登录页面 $this->redirect('Member/Login/login'); } /* 读取数据库中的配置 */ $config = S('DB_CONFIG_DATA'); if (!$config) { $config = api('SystemConfig/lists'); S('DB_CONFIG_DATA', $config); } C($config); //添加配置 // 是否是超级管理员 define('IS_ROOT', is_administrator()); if (!IS_ROOT && C('ADMIN_ALLOW_IP')) { // 检查IP地址访问 if (!in_array(get_client_ip(), explode(',', C('ADMIN_ALLOW_IP')))) { $this->error('403:禁止访问'); } } // // 检测访问权限 // $access = $this->accessControl(); // if ( $access === false ) { // $this->error('403:禁止访问'); // }elseif( $access === null ){ // $dynamic = $this->checkDynamic();//检测分类栏目有关的各项动态权限 // if( $dynamic === null ){ // //检测非动态权限 // $rule = strtolower(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME); // if ( !$this->checkRule($rule,array('in','1,2')) ){ // $this->error('未授权访问!'); // } // }elseif( $dynamic === false ){ // $this->error('未授权访问!'); // } // } $this->assign('__UID__', UID); }
/** * 系统基础控制器初始化 */ protected function _initialize() { // 获取当前用户ID define('UID', is_login()); if (!UID) { // 还没登录 跳转到登录页面 $this->redirect('Public/login'); } $this->assign('now_control', ucfirst(strtolower($Think . CONTROLLER_NAME))); $this->assign('now_action', $Think . ACTION_NAME); /* 读取数据库中的配置 */ /*$config = S('DB_CONFIG_DATA'); if(!$config){ $config = D('Config')->lists(); S('DB_CONFIG_DATA',$config); } C($config);*/ // 是否是超级管理员 define('IS_ROOT', is_administrator()); if (!IS_ROOT && C('ADMIN_ALLOW_IP')) { // 检查IP地址访问 if (!in_array(get_client_ip(), explode(',', C('ADMIN_ALLOW_IP')))) { $this->error('403:禁止访问'); } } // 检测访问权限 $access = $this->accessControl(); if ($access === false) { $this->error('403:禁止访问'); } elseif ($access === null && $_SESSION['user']['role'] > 1) { //检测非动态权限 $rule = strtolower(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME); if (!$this->checkRule($rule, array('in', '1,2'))) { D('users')->logout(); session('[destroy]'); $this->error('未授权访问!' . $rule); } } /*$this->assign('__MENU__', $this->chrentMenus()); $this->assign('__TIME__', time());*/ }
/** * 将指定用户添加到指定用户组 */ public function addToGroup() { $uid = I('post.uid', ''); $groupid = I('post.groupid', ''); if (empty($uid) || empty($groupid)) { $this->error("参数错误"); } if (is_administrator($uid)) { $this->error("不能对超级管理员进行操作"); } if ($groupid) { $groupid = intval($groupid); } $result = apiCall("Admin/AuthGroupAccess/addToGroup", array($uid, $groupid)); if ($result['status']) { $this->success("操作成功~", U('Admin/AuthManage/user', array('groupid' => $groupid))); } else { LogRecord($result['info'], __FILE__ . __LINE__); $this->error($result['info']); } }
/** * 后台控制器初始化 */ protected function _initialize() { // 获取当前用户ID if (defined('UID')) { return; } define('UID', is_login()); if (!UID) { // 还没登录 跳转到登录页面 $this->redirect('Public/login'); } // 是否是超级管理员 define('IS_ROOT', is_administrator()); if (!IS_ROOT && C('ADMIN_ALLOW_IP')) { // 检查IP地址访问 if (!in_array(get_client_ip(), explode(',', C('ADMIN_ALLOW_IP')))) { $this->error('403:禁止访问'); } } // 检测系统权限 if (!IS_ROOT) { $access = $this->accessControl(); if (false === $access) { $this->error('403:禁止访问'); } elseif (null === $access) { //检测访问权限 $rule = strtolower(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME); if (!$this->checkRule($rule, array('in', '1,2'))) { $this->error('未授权访问!'); } else { // 检测分类及内容有关的各项动态权限 $dynamic = $this->checkDynamic(); if (false === $dynamic) { $this->error('未授权访问!'); } } } } }
public function deleteComment() { $aCid = I('post.id', 0, 'intval'); if ($aCid <= 0) { $this->error('删除评论失败。评论不存在。'); } //检查权限 $canDelete = check_auth('deleteLocalComment') || is_administrator(); $commentModel = D('Addons://LocalComment/LocalComment'); $comment = $commentModel->find($aCid); $isOnwer = ($comment['uid'] == is_login() and is_login() != 0); if ($canDelete || $isOnwer) { $result = $commentModel->where(array('id' => $aCid))->delete(); if ($result) { $this->success('删除评论成功。', 'refresh'); } else { $this->error('删除评论失败。' . $commentModel->getError()); } } else { $this->error('删除评论失败。' . '权限不足'); } }
protected function _initialize() { defined('UID') or define('UID', is_login()); //defined('UID') or define('UID',1); //调试使用 if (!UID) { // 还没登录 跳转到登录页面 $this->redirect(C('LOGIN_URL')); } $model = new ConfigModel(); $model->loadConfig(); defined('IS_ROOT') or define('IS_ROOT', is_administrator()); // 检测访问权限 $access = $this->accessControl(); if ($access === false) { $this->error('403:禁止访问'); } elseif ($access === null) { //检测非动态权限 $rule = strtolower(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME); if (!$this->checkRule($rule, array('in', '1,2'))) { $this->error('未授权访问!'); } } }