public function action_index()
{
$member = array('message' => '', 'input' => '');
$view = new View('admin/login');
$not_login = false;
$show_captcha = false;
$db = Database::instance(Model_Admin::DATABASE);
if ($db->count_records('admin_login_error_log', array('timeline<=' => TIME - 86400))) {
# 清除24小时前的登录错误信息
$db->where('timeline<=', TIME - 86400)->delete('admin_login_error_log');
}
$error = $db->from('admin_login_error_log')->where('ip', HttpIO::IP)->limit(1)->get()->current();
if ($error) {
$error_num = $error['error_num'];
$config = Core::config('admin/core');
if ($error_num >= $config['login_error_show_captcha_num'] - 1) {
$show_captcha = true;
}
if ($config['login_max_error_num'] && $error_num >= $config['login_max_error_num']) {
$not_login = true;
$this->message = '尝试次数太多,暂不可登录';
}
}
if (!$not_login && HttpIO::METHOD == 'POST') {
$member = $this->post($_POST, $error_num);
if ($member) {
$member->last_login_ip = HttpIO::IP;
$member->last_login_time = TIME;
$member->last_login_session_id = $this->session()->id();
$member->value_increment('login_num');
$member->update();
# 开启session
$this->session()->start();
$this->session()->set_member($member);
$url = $_POST['forward'] ? HttpIO::POST('forward', HttpIO::PARAM_TYPE_URL) : Core::url('/');
$this->redirect($url);
} else {
$view->shake = true;
}
}
$login_message = $this->session()->get('admin_member_login_message');
$view->show_captcha = $show_captcha;
$view->message = $login_message ? $login_message : $this->message;
$view->error_input = $this->error_input;
if ($_POST) {
$view->username = $_POST['username'];
}
$view->render();
}
public function action_login()
{
$debug_user = $_POST['debug_user'];
$debug_hash = $_POST['debug_hash'];
if (isset($this->password[$debug_user]) && $this->password[$debug_user] == md5($debug_hash)) {
Core::cookie()->set('_debug_open', Core::get_debug_hash($debug_user, $this->password[$debug_user]), null, '/');
if (isset($_POST['forward']) && $_POST['forward']) {
$this->redirect(HttpIO::POST('forward', HttpIO::PARAM_TYPE_URL));
} else {
$this->redirect('/opendebugger');
}
} else {
$this->redirect('/opendebugger' . (isset($_POST['forward']) && $_POST['forward'] ? '?forward=' . urlencode(HttpIO::POST('forward', HttpIO::PARAM_TYPE_URL)) : ''));
}
}
/**
* 保存用户note
*/
public function action_notepad()
{
if (null === $this->session()->member()->notepad) {
$this->session()->member()->notepad = '';
}
$this->session()->member()->notepad = HttpIO::POST('data');
try {
$s = $this->session()->member()->update();
if ($s) {
$this->message('保存成功', 1);
} else {
$this->message('操作成功', 0);
}
} catch (Exception $e) {
$this->message('保存数据失败。', -1);
}
}
/**
* 检查内部调用HASH是否有效
*
* @return boolean
*/
protected static function check_system_request_allow()
{
$hash = $_SERVER['HTTP_X_MYQEE_SYSTEM_HASH'];
// 请求验证HASH
$time = $_SERVER['HTTP_X_MYQEE_SYSTEM_TIME'];
// 请求验证时间
$rstr = $_SERVER['HTTP_X_MYQEE_SYSTEM_RSTR'];
// 请求随机字符串
$project = $_SERVER['HTTP_X_MYQEE_SYSTEM_PROJECT'];
// 请求的项目
$path_info = $_SERVER['HTTP_X_MYQEE_SYSTEM_PATHINFO'];
// 请求的path_info
$isadmin = $_SERVER['HTTP_X_MYQEE_SYSTEM_ISADMIN'];
// 是否ADMIN
$isrest = $_SERVER['HTTP_X_MYQEE_SYSTEM_ISREST'];
// 是否RESTFul请求
if (!$hash || !$time || !$rstr || !$project || !$path_info) {
return false;
}
// 请求时效检查
if (microtime(1) - $time > 600) {
Core::log('system.error.request.timeout', array('msg' => 'system request timeout', 'time1' => microtime(1), 'time0' => $time), LOG_WARNING);
return false;
}
// 验证IP
if ('127.0.0.1' !== HttpIO::IP && HttpIO::IP !== $_SERVER["SERVER_ADDR"]) {
$allow_ip = Core::config('system_exec_allow_ip');
if (is_array($allow_ip) && $allow_ip) {
$allow = false;
foreach ($allow_ip as $ip) {
if (HttpIO::IP === $ip) {
$allow = true;
break;
}
if (strpos($allow_ip, '*')) {
// 对IP进行匹配
if (preg_match('#^' . str_replace('\\*', '[^\\.]+', preg_quote($allow_ip, '#')) . '$#', HttpIO::IP)) {
$allow = true;
break;
}
}
}
if (!$allow) {
Core::log('system.error.request.ip', array('ip' => HttpIO::IP), LOG_WARNING);
return false;
}
}
}
$body = http_build_query(HttpIO::POST(null, HttpIO::PARAM_TYPE_OLDDATA));
// 系统调用密钥
$system_exec_pass = Core::config('system_exec_key');
$key = Core::config()->get('system_exec_key', 'system', true);
if (!$key || abs(TIME - $key['time']) > 86400 * 10) {
return false;
}
$other = $path_info . '_' . ($isadmin ? 1 : 0) . '_' . ($isrest ? 1 : 0) . $key['str'];
if ($system_exec_pass && strlen($system_exec_pass) >= 10) {
// 如果有则使用系统调用密钥
$new_hash = sha1($body . $time . $system_exec_pass . $rstr . '_' . $other);
} else {
// 没有,则用系统配置和数据库加密
$new_hash = sha1($body . $time . serialize(Core::config('core')) . serialize(Core::config('database')) . $rstr . '_' . $other);
}
if ($new_hash == $hash) {
return true;
} else {
Core::log('system.error.request.hash', array('hash' => $hash), LOG_WARNING);
return false;
}
}
protected function save(ORM_Admin_Member_Data $member)
{
try {
if (!$member->id > 0) {
# 创建新用户
if (!$_POST['username']) {
throw new Exception('用户名不能空', -1);
}
if (!$_POST['new_password']) {
throw new Exception('密码不能空', -1);
}
if ($_POST['new_password'] != $_POST['new_password_2']) {
throw new Exception('两次输入的密码不一致,请重新确认', -1);
}
$model_admin = new Model_Admin_Administrator();
if ($model_admin->get_by_username($_POST['username'])) {
throw new Exception('此用户名已存在,请换一个', -1);
}
}
$member->nickname = $_POST['nickname'];
$setting = HttpIO::POST('setting');
# 修改权限模式
if ($this->show_edit_perm) {
# _group_admin 保留项
if (isset($setting['_group_admin'])) {
unset($setting['_group_admin']);
}
# 修改权限
$this->change_member_perm($member);
} elseif (!$member->id > 0) {
$member->perm_setting = null;
}
if ($setting) {
if ($member->setting) {
$member->setting = array_merge($member->setting, $setting);
} else {
$member->setting = $setting;
}
}
# 修改用户其它信息
$this->change_member_other_info($member);
$tr = $member->orm()->db()->transaction();
$tr->start();
try {
# 保存数据
if ($member->id > 0) {
$is_add = false;
# 修改用户
$member->update();
} else {
$is_add = true;
# 设置用户名
$member->username = $_POST['username'];
# 密码,在更新数据时会由ORM进行加密处理
$member->password = $_POST['new_password'];
# 所属项目
$member->project = Core::$project;
# 锁定=否
$member->shielded = 0;
# 插入用户数据
$member->insert();
}
if ($this->show_edit_perm) {
# 保存组权限设置
$this->save_member_group_perm($member, $is_add);
}
$tr->commit();
$msg = '操作成功';
$code = 1;
} catch (Exception $e) {
$tr->rollback();
throw $e;
}
} catch (Exception $e) {
$code = $e->getCode();
$msg = $e->getMessage();
}
$this->message($msg, $code);
}
/**
* 记录慢查询
*
* @return boolean
*/
protected static function save_slow_query()
{
if (!Database::$slow_querys) {
return true;
}
$queries = array();
foreach (Database::$slow_querys as $item) {
$queries[] = array('from' => $item[0], 'to' => $item[1], 'use' => $item[1] - $item[0], 'sql' => $item[2]);
}
$data = array('url' => $_SERVER["SCRIPT_URI"] . ('' !== $_SERVER["QUERY_STRING"] ? '?' . $_SERVER["QUERY_STRING"] : ''), 'method' => HttpIO::METHOD, 'time' => TIME, 'ip' => HttpIO::IP, 'page_time' => microtime(1) - START_TIME, 'post' => HttpIO::POST(), 'queries' => $queries);
// 写入LOG
return Core::log('database.slow_query', $data, LOG_WARNING);
}
/**
* 检查内部调用HASH是否有效
*
* @return boolean
*/
protected static function check_system_request_allow()
{
$hash = $_SERVER['HTTP_X_MYQEE_SYSTEM_HASH'];
//请求验证HASH
$time = $_SERVER['HTTP_X_MYQEE_SYSTEM_TIME'];
//请求验证时间
$rstr = $_SERVER['HTTP_X_MYQEE_SYSTEM_RSTR'];
//请求时的随机字符串
if (!$hash || !$time || !$rstr) {
return false;
}
# 请求时效检查
if (\microtime(1) - $time > 600) {
static::log('system request timeout', 'system-request');
return false;
}
# 验证IP
if ('127.0.0.1' != \HttpIO::IP && \HttpIO::IP != $_SERVER["SERVER_ADDR"]) {
$allow_ip = static::config('core.system_exec_allow_ip');
if (\is_array($allow_ip) && $allow_ip) {
$allow = false;
foreach ($allow_ip as $ip) {
if (\HttpIO::IP == $ip) {
$allow = true;
break;
}
if (\strpos($allow_ip, '*')) {
# 对IP进行匹配
if (\preg_match('#^' . \str_replace('\\*', '[^\\.]+', \preg_quote($allow_ip, '#')) . '$#', \HttpIO::IP)) {
$allow = true;
break;
}
}
}
if (!$allow) {
static::log('system request not allow ip:' . \HttpIO::IP, 'system-request');
return false;
}
}
}
$body = \http_build_query(\HttpIO::POST(null, \HttpIO::PARAM_TYPE_OLDDATA));
# 系统调用密钥
$system_exec_pass = static::config('core.system_exec_key');
if ($system_exec_pass && \strlen($system_exec_pass) >= 10) {
# 如果有则使用系统调用密钥
$newhash = \sha1($body . $time . $system_exec_pass . $rstr);
} else {
# 没有,则用系统配置和数据库加密
$newhash = \sha1($body . $time . \serialize(static::config('core')) . \serialize(static::config('database')) . $rstr);
}
if ($newhash == $hash) {
return true;
} else {
static::log('system request hash error', 'system-request');
return false;
}
}
/**
* 记录慢查询
*
* @return boolean
*/
protected static function save_slow_query()
{
if (!Database::$slow_querys) {
return true;
}
// 记录URL信息
$data = "\n" . str_pad(HttpIO::METHOD, 4, ' ') . ' ' . date('H:i:s', TIME) . ' - ' . str_pad((int) (1000 * (microtime(1) - START_TIME)), 6, ' ', STR_PAD_LEFT) . ' - ' . str_pad(HttpIO::IP, 15) . ' ' . $_SERVER["SCRIPT_URI"] . ('' !== $_SERVER["QUERY_STRING"] ? '?' . $_SERVER["QUERY_STRING"] : '') . (HttpIO::METHOD == 'POST' ? ' POST:' . json_encode(HttpIO::POST()) : '') . "\n";
foreach (Database::$slow_querys as $item) {
$data .= ' ' . date('H:i:s', $item[0]) . ' - ' . str_pad((int) $item[1], 6, ' ', STR_PAD_LEFT) . ' - ' . $item[2] . "\n";
}
// 写入LOG
Core::log($data, 'log', 'slow_query/' . date('Y/m_d', TIME));
}
/**
* 执行指定URI的控制器
*
* @param string $uri
*/
public static function execute($uri)
{
$found = self::find_controller($uri);
if ($found) {
require $found['file'];
$class_name = $found['namespace'] . $found['class'];
if (class_exists($class_name, false)) {
$controller = new $class_name();
Controller::$controllers[] = $controller;
$rm_controoler = function () use($controller) {
foreach (Controller::$controllers as $k => $c) {
if ($c === $controller) {
unset(Controller::$controllers[$k]);
}
}
Controller::$controllers = array_values(Controller::$controllers);
};
$arguments = $found['args'];
if ($arguments) {
$action = current($arguments);
if (0 === strlen($action)) {
$action = 'default';
}
} else {
$action = 'index';
}
$action_name = 'action_' . $action;
if (!method_exists($controller, $action_name)) {
if ($action_name != 'action_default' && method_exists($controller, 'action_default')) {
$action_name = 'action_default';
} elseif (method_exists($controller, '__call')) {
$controller->__call($action_name, $arguments);
$rm_controoler();
return;
} else {
$rm_controoler();
throw new Exception(__('Page Not Found'), 404);
}
} else {
array_shift($arguments);
}
$ispublicmethod = new ReflectionMethod($controller, $action_name);
if (!$ispublicmethod->isPublic()) {
$rm_controoler();
throw new Exception(__('Request Method Not Allowed.'), 405);
}
unset($ispublicmethod);
# 将参数传递给控制器
$controller->action = $action_name;
$controller->controller = $found['class'];
$controller->ids = $found['ids'];
if (IS_SYSTEM_MODE) {
# 系统内部调用参数
$controller->arguments = @unserialize(HttpIO::POST('data', HttpIO::PARAM_TYPE_OLDDATA));
} else {
$controller->arguments = $arguments;
}
# 前置方法
if (method_exists($controller, 'before')) {
$controller->before();
}
# 执行方法
$count_arguments = count($arguments);
switch ($count_arguments) {
case 0:
$controller->{$action_name}();
break;
case 1:
$controller->{$action_name}($arguments[0]);
break;
case 2:
$controller->{$action_name}($arguments[0], $arguments[1]);
break;
case 3:
$controller->{$action_name}($arguments[0], $arguments[1], $arguments[2]);
break;
case 4:
$controller->{$action_name}($arguments[0], $arguments[1], $arguments[2], $arguments[3]);
break;
default:
call_user_func_array(array($controller, $action_name), $arguments);
break;
}
# 后置方法
if (method_exists($controller, 'after')) {
$controller->after();
}
# 移除控制器
$rm_controoler();
} else {
throw new Exception(__('Page Not Found'), 404);
}
} else {
throw new Exception(__('Page Not Found'), 404);
}
}
/**
* 执行请求,并将输出结果返回
*
* @param string $path_info 路径信息
* @param boolean $print 是否直接输出
* @param boolean $use_route 是否尝试在路由中搜索
* @param boolean $is_internal 是否内部调用,默认:否
* @param string $controller_dir 指定控制器目录,命令行下默认为shell,网站运行为controllers
* @return string
*/
public static function execute($uri, $print = true, $use_route = true, $is_internal = false, $controller_dir = null)
{
$ob_open = false;
if (!$print && !IS_CLI) {
ob_start();
$ob_open = true;
}
$params = false;
# 路由设置
if (IS_CLI != true && true === $use_route && Core::$project_config['route'] && ($route = Core::route()->get($uri))) {
$params = $route;
# 默认控制器
if ($params['controller']) {
$params['controller'] = str_replace('/', '_', $params['controller']);
} else {
$params['controller'] = Core::$project_config['default_controller'];
}
$dir = 'controllers';
if (IS_SYSTEM_MODE) {
$file = '[system]/' . $params['controller'];
} elseif (IS_CLI) {
$file = '[shell]/' . $params['controller'];
} elseif (Core::$is_admin_url) {
$file = '[admin]/' . $params['controller'];
} else {
$file = $params['controller'];
}
if ($controller_dir && preg_match('#^[a-zA-Z0-9_]+$#', $controller_dir)) {
$dir = $controller_dir;
$file = strtolower(str_replace('__', '/', $file));
}
if (!Core::find_file($dir, $file, null, true)) {
Core::debug()->error('没有找到控制器:' . $params['controller']);
if ($ob_open) {
ob_end_clean();
}
return false;
}
$is_use_route = true;
if (Core_Route::$last_route) {
Core_Route::$current_route = Core_Route::$last_route;
Core_Route::$route_list[] = Core_Route::$current_route;
}
} else {
$params = HttpIO::find_controller($uri, $controller_dir, $is_internal);
if (!IS_CLI && null === HttpIO::$uri && HttpIO::METHOD == 'GET' && !$is_internal && isset($params['need_redirect']) && $params['need_redirect'] == true) {
# 页面结尾自动加/
$request = explode('?', $_SERVER['REQUEST_URI'], 2);
Core::close_buffers(false);
HttpIO::redirect($request[0] . '/' . (isset($request[1]) ? '?' . $request[1] : ''), 301);
exit;
}
$is_use_route = false;
}
if (false === $params) {
Core::debug()->error('没有找到指定页面');
if ($ob_open) {
ob_end_clean();
}
return false;
}
# 初始化$uri
if (null === HttpIO::$uri) {
HttpIO::$uri = $uri;
}
if (null === HttpIO::$params) {
HttpIO::$params = $params;
}
# 控制器名称
$controller_name = 'Controller_' . $params['controller'];
# 参数
$arguments = isset($params['arguments']) ? $params['arguments'] : array();
if (IS_SYSTEM_MODE) {
$params['arguments'] = @unserialize(HttpIO::POST('data', HttpIO::PARAM_TYPE_OLDDATA));
}
if ($is_internal) {
$prefix = 'sub_action';
} else {
$prefix = 'action';
}
# 方法
$action_name = $params['action'];
if (!$action_name) {
$action_name = $prefix . '_' . Core::$project_config['default_action'];
} else {
$action_name = $prefix . '_' . $action_name;
}
# 如果不存在控制器类则抛404页面
if (!class_exists($controller_name, false)) {
Core::debug()->error('控制器:' . $controller_name . '不存在。');
if ($ob_open) {
ob_end_clean();
}
return false;
}
# 构造新控制器
if (!isset(HttpIO::$controlers[$controller_name])) {
HttpIO::$controlers[$controller_name] = new $controller_name();
}
$old_current_controller = HttpIO::$current_controller;
HttpIO::$current_controller = $controller = HttpIO::$controlers[$controller_name];
# 存控制器的数据
static $obj_params = array();
if (!isset($obj_params[$controller_name]) || !is_array($obj_params[$controller_name])) {
$obj_params[$controller_name] = array();
}
if (method_exists($controller, '_callback_get_vars')) {
# 将控制器参数记录下来
$obj_params[$controller_name][] = $controller->_callback_get_vars();
}
if (method_exists($controller, '_callback_set_vars')) {
# 将参数传递给控制器
$controller->_callback_set_vars($params);
}
if (!$is_internal && !method_exists($controller, $action_name)) {
$action_name = $prefix . '_default';
if (!method_exists($controller, $action_name)) {
$action_name = '__call';
$arguments = array($action_name, $arguments);
if (!method_exists($controller, $action_name)) {
Core::debug()->error('控制器:' . $controller_name . '方法:' . $action_name . '不存在。');
if ($ob_open) {
ob_end_clean();
}
return false;
}
}
}
# Method is Public?
$ispublicmethod = new ReflectionMethod($controller, $action_name);
if (!$ispublicmethod->isPublic()) {
Core::debug()->error('控制器:' . $controller_name . '方法:' . $action_name . '受保护。');
if ($ob_open) {
ob_end_clean();
}
return false;
}
if (!$is_internal) {
if (method_exists($controller, 'before')) {
$controller->before();
}
}
# 执行方法
$count_arguments = count($arguments);
switch ($count_arguments) {
case 0:
$controller->{$action_name}();
break;
case 1:
$controller->{$action_name}($arguments[0]);
break;
case 2:
$controller->{$action_name}($arguments[0], $arguments[1]);
break;
case 3:
$controller->{$action_name}($arguments[0], $arguments[1], $arguments[2]);
break;
case 4:
$controller->{$action_name}($arguments[0], $arguments[1], $arguments[2], $arguments[3]);
break;
default:
# Resort to using call_user_func_array for many segments
call_user_func_array(array($controller, $action_name), $arguments);
break;
}
if (!$is_internal) {
if (method_exists($controller, 'after')) {
$controller->after();
}
}
# 将原来的数据重新设置回去
if (method_exists($controller, '_callback_set_vars')) {
if (is_array($obj_params[$controller_name])) {
$tmp_params = array_pop($obj_params[$controller_name]);
$controller->_callback_set_vars($tmp_params);
}
}
HttpIO::$current_controller = $old_current_controller;
unset($old_current_controller);
unset($controller);
if (!count($obj_params[$controller_name])) {
unset(HttpIO::$controlers[$controller_name]);
}
if (true == $is_use_route) {
# 路由列队
array_pop(Core_Route::$route_list);
if (Core_Route::$route_list) {
end(Core_Route::$route_list);
$key = key(Core_Route::$route_list);
Core_Route::$last_route = Core_Route::$current_route = Core_Route::$route_list[$key];
} else {
Core_Route::$route_list = null;
}
}
if (!$print && !IS_CLI) {
$output = ob_get_clean();
return $output;
} else {
if ($ob_open) {
ob_end_clean();
}
return '';
}
}
