public function _initialize() { if (!isset($_SESSION[C('USER_AUTH_KEY')])) { $this->redirect('Admin/Login/index'); } $notAuth = in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODEL'))) || in_array(ACTION_NAME, explode(',', C('NOT_AUTH_ACTION'))); if (C('USER_AUTH_ON') && !$notAuth) { $Rbac = new \Org\Util\Rbac(); $Rbac->AccessDecision() || $this->error('没有权限'); } }
private function _successHandle($user) { $data = array('admin_id' => $user['admin_id'], 'last_login_time' => time(), 'last_login_ip' => get_client_ip()); M('admin_user')->save($data); session(C('USER_AUTH_KEY'), $user['admin_id']); session('user_name', $user['admin_name']); session('user_login_time', date('Y-m-d H:i:s', $user['last_login_time'])); session('user_login_ip', $user['last_login_ip']); //超级管理员识别 if ($user['admin_name'] == C('RBAC_SUPERADMIN')) { session(C('ADMIN_AUTH_KEY'), true); } //读取用户权限 $Rbac = new \Org\Util\Rbac(); $Rbac->saveAccessList(); $this->success('登陆成功', __ROOT__ . '/index.php/Admin/Index/index'); }
public function login() { if (!IS_POST) { $this->error('页面不存在'); } $verify = new \Think\Verify(); if (!$verify->check(I('post.code'))) { $this->error('验证码错误'); } $username = I('post.username'); $pwd = I('post.password', '', 'md5'); $user = M('user')->where(array('user_stu_num' => $username))->find(); if (!$user || $user['user_password'] != $pwd) { $this->error('账号或密码错误'); } if ($user['lock']) { $this->error('用户被锁定'); } $data = array('user_id' => $user['user_id'], 'user_log_time' => time(), 'user_log_ip' => get_client_ip()); M('user')->save($data); //查到登陆者相应的部门 $uid = $user['user_id']; $dept = M('user_dept_role')->where("user_id = {$uid}")->select(); $deptId = $dept[0]['dept_id']; session('deptId', $deptId); session(C('USER_AUTH_KEY'), $user['user_id']); session('user_name', $user['user_name']); session('user_log_time', date('Y-m-d H:i:s', $user['user_log_time'])); session('user_log_ip', $user['user_log_ip']); //超级管理员识别 if ($user['user_name'] == C('RBAC_SUPERADMIN')) { session(C('ADMIN_AUTH_KEY'), true); } //读取用户权限 $Rbac = new \Org\Util\Rbac(); $Rbac->saveAccessList(); $this->success('登陆成功', __ROOT__ . '/index.php/Admin/Index/index'); }