public function action_index() { $member = array('message' => '', 'input' => ''); $view = new View('admin/login'); $not_login = false; $show_captcha = false; $db = Database::instance(Model_Admin::DATABASE); if ($db->count_records('admin_login_error_log', array('timeline<=' => TIME - 86400))) { # 清除24小时前的登录错误信息 $db->where('timeline<=', TIME - 86400)->delete('admin_login_error_log'); } $error = $db->from('admin_login_error_log')->where('ip', HttpIO::IP)->limit(1)->get()->current(); if ($error) { $error_num = $error['error_num']; $config = Core::config('admin/core'); if ($error_num >= $config['login_error_show_captcha_num'] - 1) { $show_captcha = true; } if ($config['login_max_error_num'] && $error_num >= $config['login_max_error_num']) { $not_login = true; $this->message = '尝试次数太多,暂不可登录'; } } if (!$not_login && HttpIO::METHOD == 'POST') { $member = $this->post($_POST, $error_num); if ($member) { $member->last_login_ip = HttpIO::IP; $member->last_login_time = TIME; $member->last_login_session_id = $this->session()->id(); $member->value_increment('login_num'); $member->update(); # 开启session $this->session()->start(); $this->session()->set_member($member); $url = $_POST['forward'] ? HttpIO::POST('forward', HttpIO::PARAM_TYPE_URL) : Core::url('/'); $this->redirect($url); } else { $view->shake = true; } } $login_message = $this->session()->get('admin_member_login_message'); $view->show_captcha = $show_captcha; $view->message = $login_message ? $login_message : $this->message; $view->error_input = $this->error_input; if ($_POST) { $view->username = $_POST['username']; } $view->render(); }
public function action_login() { $debug_user = $_POST['debug_user']; $debug_hash = $_POST['debug_hash']; if (isset($this->password[$debug_user]) && $this->password[$debug_user] == md5($debug_hash)) { Core::cookie()->set('_debug_open', Core::get_debug_hash($debug_user, $this->password[$debug_user]), null, '/'); if (isset($_POST['forward']) && $_POST['forward']) { $this->redirect(HttpIO::POST('forward', HttpIO::PARAM_TYPE_URL)); } else { $this->redirect('/opendebugger'); } } else { $this->redirect('/opendebugger' . (isset($_POST['forward']) && $_POST['forward'] ? '?forward=' . urlencode(HttpIO::POST('forward', HttpIO::PARAM_TYPE_URL)) : '')); } }
/** * 保存用户note */ public function action_notepad() { if (null === $this->session()->member()->notepad) { $this->session()->member()->notepad = ''; } $this->session()->member()->notepad = HttpIO::POST('data'); try { $s = $this->session()->member()->update(); if ($s) { $this->message('保存成功', 1); } else { $this->message('操作成功', 0); } } catch (Exception $e) { $this->message('保存数据失败。', -1); } }
/** * 检查内部调用HASH是否有效 * * @return boolean */ protected static function check_system_request_allow() { $hash = $_SERVER['HTTP_X_MYQEE_SYSTEM_HASH']; // 请求验证HASH $time = $_SERVER['HTTP_X_MYQEE_SYSTEM_TIME']; // 请求验证时间 $rstr = $_SERVER['HTTP_X_MYQEE_SYSTEM_RSTR']; // 请求随机字符串 $project = $_SERVER['HTTP_X_MYQEE_SYSTEM_PROJECT']; // 请求的项目 $path_info = $_SERVER['HTTP_X_MYQEE_SYSTEM_PATHINFO']; // 请求的path_info $isadmin = $_SERVER['HTTP_X_MYQEE_SYSTEM_ISADMIN']; // 是否ADMIN $isrest = $_SERVER['HTTP_X_MYQEE_SYSTEM_ISREST']; // 是否RESTFul请求 if (!$hash || !$time || !$rstr || !$project || !$path_info) { return false; } // 请求时效检查 if (microtime(1) - $time > 600) { Core::log('system.error.request.timeout', array('msg' => 'system request timeout', 'time1' => microtime(1), 'time0' => $time), LOG_WARNING); return false; } // 验证IP if ('127.0.0.1' !== HttpIO::IP && HttpIO::IP !== $_SERVER["SERVER_ADDR"]) { $allow_ip = Core::config('system_exec_allow_ip'); if (is_array($allow_ip) && $allow_ip) { $allow = false; foreach ($allow_ip as $ip) { if (HttpIO::IP === $ip) { $allow = true; break; } if (strpos($allow_ip, '*')) { // 对IP进行匹配 if (preg_match('#^' . str_replace('\\*', '[^\\.]+', preg_quote($allow_ip, '#')) . '$#', HttpIO::IP)) { $allow = true; break; } } } if (!$allow) { Core::log('system.error.request.ip', array('ip' => HttpIO::IP), LOG_WARNING); return false; } } } $body = http_build_query(HttpIO::POST(null, HttpIO::PARAM_TYPE_OLDDATA)); // 系统调用密钥 $system_exec_pass = Core::config('system_exec_key'); $key = Core::config()->get('system_exec_key', 'system', true); if (!$key || abs(TIME - $key['time']) > 86400 * 10) { return false; } $other = $path_info . '_' . ($isadmin ? 1 : 0) . '_' . ($isrest ? 1 : 0) . $key['str']; if ($system_exec_pass && strlen($system_exec_pass) >= 10) { // 如果有则使用系统调用密钥 $new_hash = sha1($body . $time . $system_exec_pass . $rstr . '_' . $other); } else { // 没有,则用系统配置和数据库加密 $new_hash = sha1($body . $time . serialize(Core::config('core')) . serialize(Core::config('database')) . $rstr . '_' . $other); } if ($new_hash == $hash) { return true; } else { Core::log('system.error.request.hash', array('hash' => $hash), LOG_WARNING); return false; } }
protected function save(ORM_Admin_Member_Data $member) { try { if (!$member->id > 0) { # 创建新用户 if (!$_POST['username']) { throw new Exception('用户名不能空', -1); } if (!$_POST['new_password']) { throw new Exception('密码不能空', -1); } if ($_POST['new_password'] != $_POST['new_password_2']) { throw new Exception('两次输入的密码不一致,请重新确认', -1); } $model_admin = new Model_Admin_Administrator(); if ($model_admin->get_by_username($_POST['username'])) { throw new Exception('此用户名已存在,请换一个', -1); } } $member->nickname = $_POST['nickname']; $setting = HttpIO::POST('setting'); # 修改权限模式 if ($this->show_edit_perm) { # _group_admin 保留项 if (isset($setting['_group_admin'])) { unset($setting['_group_admin']); } # 修改权限 $this->change_member_perm($member); } elseif (!$member->id > 0) { $member->perm_setting = null; } if ($setting) { if ($member->setting) { $member->setting = array_merge($member->setting, $setting); } else { $member->setting = $setting; } } # 修改用户其它信息 $this->change_member_other_info($member); $tr = $member->orm()->db()->transaction(); $tr->start(); try { # 保存数据 if ($member->id > 0) { $is_add = false; # 修改用户 $member->update(); } else { $is_add = true; # 设置用户名 $member->username = $_POST['username']; # 密码,在更新数据时会由ORM进行加密处理 $member->password = $_POST['new_password']; # 所属项目 $member->project = Core::$project; # 锁定=否 $member->shielded = 0; # 插入用户数据 $member->insert(); } if ($this->show_edit_perm) { # 保存组权限设置 $this->save_member_group_perm($member, $is_add); } $tr->commit(); $msg = '操作成功'; $code = 1; } catch (Exception $e) { $tr->rollback(); throw $e; } } catch (Exception $e) { $code = $e->getCode(); $msg = $e->getMessage(); } $this->message($msg, $code); }
/** * 记录慢查询 * * @return boolean */ protected static function save_slow_query() { if (!Database::$slow_querys) { return true; } $queries = array(); foreach (Database::$slow_querys as $item) { $queries[] = array('from' => $item[0], 'to' => $item[1], 'use' => $item[1] - $item[0], 'sql' => $item[2]); } $data = array('url' => $_SERVER["SCRIPT_URI"] . ('' !== $_SERVER["QUERY_STRING"] ? '?' . $_SERVER["QUERY_STRING"] : ''), 'method' => HttpIO::METHOD, 'time' => TIME, 'ip' => HttpIO::IP, 'page_time' => microtime(1) - START_TIME, 'post' => HttpIO::POST(), 'queries' => $queries); // 写入LOG return Core::log('database.slow_query', $data, LOG_WARNING); }
/** * 检查内部调用HASH是否有效 * * @return boolean */ protected static function check_system_request_allow() { $hash = $_SERVER['HTTP_X_MYQEE_SYSTEM_HASH']; //请求验证HASH $time = $_SERVER['HTTP_X_MYQEE_SYSTEM_TIME']; //请求验证时间 $rstr = $_SERVER['HTTP_X_MYQEE_SYSTEM_RSTR']; //请求时的随机字符串 if (!$hash || !$time || !$rstr) { return false; } # 请求时效检查 if (\microtime(1) - $time > 600) { static::log('system request timeout', 'system-request'); return false; } # 验证IP if ('127.0.0.1' != \HttpIO::IP && \HttpIO::IP != $_SERVER["SERVER_ADDR"]) { $allow_ip = static::config('core.system_exec_allow_ip'); if (\is_array($allow_ip) && $allow_ip) { $allow = false; foreach ($allow_ip as $ip) { if (\HttpIO::IP == $ip) { $allow = true; break; } if (\strpos($allow_ip, '*')) { # 对IP进行匹配 if (\preg_match('#^' . \str_replace('\\*', '[^\\.]+', \preg_quote($allow_ip, '#')) . '$#', \HttpIO::IP)) { $allow = true; break; } } } if (!$allow) { static::log('system request not allow ip:' . \HttpIO::IP, 'system-request'); return false; } } } $body = \http_build_query(\HttpIO::POST(null, \HttpIO::PARAM_TYPE_OLDDATA)); # 系统调用密钥 $system_exec_pass = static::config('core.system_exec_key'); if ($system_exec_pass && \strlen($system_exec_pass) >= 10) { # 如果有则使用系统调用密钥 $newhash = \sha1($body . $time . $system_exec_pass . $rstr); } else { # 没有,则用系统配置和数据库加密 $newhash = \sha1($body . $time . \serialize(static::config('core')) . \serialize(static::config('database')) . $rstr); } if ($newhash == $hash) { return true; } else { static::log('system request hash error', 'system-request'); return false; } }
/** * 记录慢查询 * * @return boolean */ protected static function save_slow_query() { if (!Database::$slow_querys) { return true; } // 记录URL信息 $data = "\n" . str_pad(HttpIO::METHOD, 4, ' ') . ' ' . date('H:i:s', TIME) . ' - ' . str_pad((int) (1000 * (microtime(1) - START_TIME)), 6, ' ', STR_PAD_LEFT) . ' - ' . str_pad(HttpIO::IP, 15) . ' ' . $_SERVER["SCRIPT_URI"] . ('' !== $_SERVER["QUERY_STRING"] ? '?' . $_SERVER["QUERY_STRING"] : '') . (HttpIO::METHOD == 'POST' ? ' POST:' . json_encode(HttpIO::POST()) : '') . "\n"; foreach (Database::$slow_querys as $item) { $data .= ' ' . date('H:i:s', $item[0]) . ' - ' . str_pad((int) $item[1], 6, ' ', STR_PAD_LEFT) . ' - ' . $item[2] . "\n"; } // 写入LOG Core::log($data, 'log', 'slow_query/' . date('Y/m_d', TIME)); }
/** * 执行指定URI的控制器 * * @param string $uri */ public static function execute($uri) { $found = self::find_controller($uri); if ($found) { require $found['file']; $class_name = $found['namespace'] . $found['class']; if (class_exists($class_name, false)) { $controller = new $class_name(); Controller::$controllers[] = $controller; $rm_controoler = function () use($controller) { foreach (Controller::$controllers as $k => $c) { if ($c === $controller) { unset(Controller::$controllers[$k]); } } Controller::$controllers = array_values(Controller::$controllers); }; $arguments = $found['args']; if ($arguments) { $action = current($arguments); if (0 === strlen($action)) { $action = 'default'; } } else { $action = 'index'; } $action_name = 'action_' . $action; if (!method_exists($controller, $action_name)) { if ($action_name != 'action_default' && method_exists($controller, 'action_default')) { $action_name = 'action_default'; } elseif (method_exists($controller, '__call')) { $controller->__call($action_name, $arguments); $rm_controoler(); return; } else { $rm_controoler(); throw new Exception(__('Page Not Found'), 404); } } else { array_shift($arguments); } $ispublicmethod = new ReflectionMethod($controller, $action_name); if (!$ispublicmethod->isPublic()) { $rm_controoler(); throw new Exception(__('Request Method Not Allowed.'), 405); } unset($ispublicmethod); # 将参数传递给控制器 $controller->action = $action_name; $controller->controller = $found['class']; $controller->ids = $found['ids']; if (IS_SYSTEM_MODE) { # 系统内部调用参数 $controller->arguments = @unserialize(HttpIO::POST('data', HttpIO::PARAM_TYPE_OLDDATA)); } else { $controller->arguments = $arguments; } # 前置方法 if (method_exists($controller, 'before')) { $controller->before(); } # 执行方法 $count_arguments = count($arguments); switch ($count_arguments) { case 0: $controller->{$action_name}(); break; case 1: $controller->{$action_name}($arguments[0]); break; case 2: $controller->{$action_name}($arguments[0], $arguments[1]); break; case 3: $controller->{$action_name}($arguments[0], $arguments[1], $arguments[2]); break; case 4: $controller->{$action_name}($arguments[0], $arguments[1], $arguments[2], $arguments[3]); break; default: call_user_func_array(array($controller, $action_name), $arguments); break; } # 后置方法 if (method_exists($controller, 'after')) { $controller->after(); } # 移除控制器 $rm_controoler(); } else { throw new Exception(__('Page Not Found'), 404); } } else { throw new Exception(__('Page Not Found'), 404); } }
/** * 执行请求,并将输出结果返回 * * @param string $path_info 路径信息 * @param boolean $print 是否直接输出 * @param boolean $use_route 是否尝试在路由中搜索 * @param boolean $is_internal 是否内部调用,默认:否 * @param string $controller_dir 指定控制器目录,命令行下默认为shell,网站运行为controllers * @return string */ public static function execute($uri, $print = true, $use_route = true, $is_internal = false, $controller_dir = null) { $ob_open = false; if (!$print && !IS_CLI) { ob_start(); $ob_open = true; } $params = false; # 路由设置 if (IS_CLI != true && true === $use_route && Core::$project_config['route'] && ($route = Core::route()->get($uri))) { $params = $route; # 默认控制器 if ($params['controller']) { $params['controller'] = str_replace('/', '_', $params['controller']); } else { $params['controller'] = Core::$project_config['default_controller']; } $dir = 'controllers'; if (IS_SYSTEM_MODE) { $file = '[system]/' . $params['controller']; } elseif (IS_CLI) { $file = '[shell]/' . $params['controller']; } elseif (Core::$is_admin_url) { $file = '[admin]/' . $params['controller']; } else { $file = $params['controller']; } if ($controller_dir && preg_match('#^[a-zA-Z0-9_]+$#', $controller_dir)) { $dir = $controller_dir; $file = strtolower(str_replace('__', '/', $file)); } if (!Core::find_file($dir, $file, null, true)) { Core::debug()->error('没有找到控制器:' . $params['controller']); if ($ob_open) { ob_end_clean(); } return false; } $is_use_route = true; if (Core_Route::$last_route) { Core_Route::$current_route = Core_Route::$last_route; Core_Route::$route_list[] = Core_Route::$current_route; } } else { $params = HttpIO::find_controller($uri, $controller_dir, $is_internal); if (!IS_CLI && null === HttpIO::$uri && HttpIO::METHOD == 'GET' && !$is_internal && isset($params['need_redirect']) && $params['need_redirect'] == true) { # 页面结尾自动加/ $request = explode('?', $_SERVER['REQUEST_URI'], 2); Core::close_buffers(false); HttpIO::redirect($request[0] . '/' . (isset($request[1]) ? '?' . $request[1] : ''), 301); exit; } $is_use_route = false; } if (false === $params) { Core::debug()->error('没有找到指定页面'); if ($ob_open) { ob_end_clean(); } return false; } # 初始化$uri if (null === HttpIO::$uri) { HttpIO::$uri = $uri; } if (null === HttpIO::$params) { HttpIO::$params = $params; } # 控制器名称 $controller_name = 'Controller_' . $params['controller']; # 参数 $arguments = isset($params['arguments']) ? $params['arguments'] : array(); if (IS_SYSTEM_MODE) { $params['arguments'] = @unserialize(HttpIO::POST('data', HttpIO::PARAM_TYPE_OLDDATA)); } if ($is_internal) { $prefix = 'sub_action'; } else { $prefix = 'action'; } # 方法 $action_name = $params['action']; if (!$action_name) { $action_name = $prefix . '_' . Core::$project_config['default_action']; } else { $action_name = $prefix . '_' . $action_name; } # 如果不存在控制器类则抛404页面 if (!class_exists($controller_name, false)) { Core::debug()->error('控制器:' . $controller_name . '不存在。'); if ($ob_open) { ob_end_clean(); } return false; } # 构造新控制器 if (!isset(HttpIO::$controlers[$controller_name])) { HttpIO::$controlers[$controller_name] = new $controller_name(); } $old_current_controller = HttpIO::$current_controller; HttpIO::$current_controller = $controller = HttpIO::$controlers[$controller_name]; # 存控制器的数据 static $obj_params = array(); if (!isset($obj_params[$controller_name]) || !is_array($obj_params[$controller_name])) { $obj_params[$controller_name] = array(); } if (method_exists($controller, '_callback_get_vars')) { # 将控制器参数记录下来 $obj_params[$controller_name][] = $controller->_callback_get_vars(); } if (method_exists($controller, '_callback_set_vars')) { # 将参数传递给控制器 $controller->_callback_set_vars($params); } if (!$is_internal && !method_exists($controller, $action_name)) { $action_name = $prefix . '_default'; if (!method_exists($controller, $action_name)) { $action_name = '__call'; $arguments = array($action_name, $arguments); if (!method_exists($controller, $action_name)) { Core::debug()->error('控制器:' . $controller_name . '方法:' . $action_name . '不存在。'); if ($ob_open) { ob_end_clean(); } return false; } } } # Method is Public? $ispublicmethod = new ReflectionMethod($controller, $action_name); if (!$ispublicmethod->isPublic()) { Core::debug()->error('控制器:' . $controller_name . '方法:' . $action_name . '受保护。'); if ($ob_open) { ob_end_clean(); } return false; } if (!$is_internal) { if (method_exists($controller, 'before')) { $controller->before(); } } # 执行方法 $count_arguments = count($arguments); switch ($count_arguments) { case 0: $controller->{$action_name}(); break; case 1: $controller->{$action_name}($arguments[0]); break; case 2: $controller->{$action_name}($arguments[0], $arguments[1]); break; case 3: $controller->{$action_name}($arguments[0], $arguments[1], $arguments[2]); break; case 4: $controller->{$action_name}($arguments[0], $arguments[1], $arguments[2], $arguments[3]); break; default: # Resort to using call_user_func_array for many segments call_user_func_array(array($controller, $action_name), $arguments); break; } if (!$is_internal) { if (method_exists($controller, 'after')) { $controller->after(); } } # 将原来的数据重新设置回去 if (method_exists($controller, '_callback_set_vars')) { if (is_array($obj_params[$controller_name])) { $tmp_params = array_pop($obj_params[$controller_name]); $controller->_callback_set_vars($tmp_params); } } HttpIO::$current_controller = $old_current_controller; unset($old_current_controller); unset($controller); if (!count($obj_params[$controller_name])) { unset(HttpIO::$controlers[$controller_name]); } if (true == $is_use_route) { # 路由列队 array_pop(Core_Route::$route_list); if (Core_Route::$route_list) { end(Core_Route::$route_list); $key = key(Core_Route::$route_list); Core_Route::$last_route = Core_Route::$current_route = Core_Route::$route_list[$key]; } else { Core_Route::$route_list = null; } } if (!$print && !IS_CLI) { $output = ob_get_clean(); return $output; } else { if ($ob_open) { ob_end_clean(); } return ''; } }