public static function AccessDecision($appName = APP_NAME) { if (RBAC::checkAccess()) { $accessGuid = md5($appName . MODULE_NAME . ACTION_NAME); if (empty($_SESSION[C('ADMIN_AUTH_KEY')])) { if (C('USER_AUTH_TYPE') == 2) { $accessList = RBAC::getAccessList($_SESSION[C('USER_AUTH_KEY')]); } else { if ($_SESSION[$accessGuid]) { return true; } $accessList = $_SESSION['_ACCESS_LIST']; } $module = defined('P_MODULE_NAME') ? P_MODULE_NAME : MODULE_NAME; if (!isset($accessList[strtoupper($appName)][strtoupper($module)][strtoupper(ACTION_NAME)])) { $_SESSION[$accessGuid] = false; return false; } else { $_SESSION[$accessGuid] = true; } } else { return true; } } return true; }
/** * 左侧菜单 * * @author Vonwey <*****@*****.**> * @CreateDate: 2013-12-23 上午11:09:49 */ public function left() { $id = intval($_REQUEST['id']) ? intval($_REQUEST['id']) : 1; if (isset($_SESSION[C('USER_AUTH_KEY')])) { //显示菜单项 $menu = array(); if (isset($_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]])) { //如果已经缓存,直接读取缓存 $menu = $_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]]; } else { //读取数据库模块列表生成菜单项 $node = M("Node"); $where['is_menu'] = 1; $where['status'] = 1; $where['pid'] = $id; $list = $node->where($where)->field('id,action,module,module_name')->order('sort asc')->select(); if (isset($_SESSION['_ACCESS_LIST']) && !$_SESSION[C('ADMIN_AUTH_KEY')]) { $accessList = $_SESSION['_ACCESS_LIST']; } else { if (!$_SESSION[C('ADMIN_AUTH_KEY')]) { import('@.ORG.Util.RBAC'); $accessList = RBAC::getAccessList($_SESSION[C('USER_AUTH_KEY')]); } } foreach ($list as $key => $module) { $data['pid'] = $module['id']; $data['is_menu'] = 1; $second = $node->where($data)->field('id,action,module,module_name')->order('sort asc')->select(); if (isset($accessList[strtoupper(APP_NAME)][strtoupper($module['module'])]) || $_SESSION[C('ADMIN_AUTH_KEY')]) { //设置模块访问权限 $module['access'] = 1; $menu[$key] = $module; } foreach ($second as $i => $value) { if (isset($accessList[strtoupper(APP_NAME)][strtoupper($value['module'])]) || $_SESSION[C('ADMIN_AUTH_KEY')]) { //设置操作访问权限 $value['access'] = 1; $item[$i] = $value; } if (!isset($item[$i]['access'])) { unset($item[$i]); } } if (!isset($menu[$key]['access'])) { unset($menu[$key]); } else { $menu[$key]['nodes'] = $item; } unset($item); } //缓存菜单访问 //$_SESSION['menu'.$_SESSION[C('USER_AUTH_KEY')]] = $menu; } $this->assign('menus', $menu); } $this->display(); }
public function menu() { $this->checkUser(); // dump($_SESSION[C('USER_AUTH_KEY')]); if (isset($_SESSION[C('USER_AUTH_KEY')])) { //显示菜单项 $menu = array(); if (isset($_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]])) { //如果已经缓存,直接读取缓存 $menu = $_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]]; // dump($menu); } else { //读取数据库模块列表生成菜单项 $node = M("Node"); $id = $node->getField("id"); $where['level'] = 2; $where['status'] = 1; $where['pid'] = $id; $list = $node->where($where)->field('id,name,group_id,title')->order('sort asc')->select(); //dump($list); if (isset($_SESSION['_ACCESS_LIST'])) { $accessList = $_SESSION['_ACCESS_LIST']; // dump($accessList); } else { // import('@.ORG.Util.RBAC'); $accessList = RBAC::getAccessList($_SESSION[C('USER_AUTH_KEY')]); //dump($accessList); } foreach ($list as $key => $module) { //这里的APP_NAME为Application;可以直接换成admin,或者MODULE_NAME // if(isset($accessList[strtoupper(APP_NAME)][strtoupper($module['name'])]) || $_SESSION['administrator']) //提取用户权限内的菜单(控制器) if (isset($accessList[strtoupper(MODULE_NAME)][strtoupper($module['name'])]) || $_SESSION[C('ADMIN_AUTH_KEY')]) { //设置模块访问权限 $module['access'] = 1; $menu[$key] = $module; } } //缓存菜单访问 $_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]] = $menu; } if (!empty($_GET['tag'])) { $this->assign('menuTag', $_GET['tag']); //groud_id //应用id // dump($_GET['tag']); } //dump($menu); $this->assign('menu', $menu); } C('SHOW_RUN_TIME', false); // 运行时间显示 C('SHOW_PAGE_TRACE', false); $this->display(); }
public function menu() { $this->checkUser(); if (isset($_SESSION[C('USER_AUTH_KEY')])) { //显示菜单项 $menu = array(); $_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]] = null; if (isset($_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]])) { //如果已经缓存,直接读取缓存 $menu = $_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]]; } else { //读取数据库模块列表生成菜单项 $node = M("Node"); $id = $node->getField("id"); $where['level'] = 2; $where['status'] = 1; $where['pid'] = $id; $list = $node->where($where)->field('id,name,title')->order('sort asc')->select(); if (isset($_SESSION['_ACCESS_LIST'])) { $accessList = $_SESSION['_ACCESS_LIST']; } else { $accessList = RBAC::getAccessList($_SESSION[C('USER_AUTH_KEY')]); } foreach ($list as $key => $module) { if (isset($accessList[strtoupper(MODULE_NAME)][strtoupper($module['name'])]) || $_SESSION['administrator']) { //设置模块访问权限 $module['access'] = 1; $menu[$key] = $module; } } //缓存菜单访问 $_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]] = $menu; } if (!empty($_GET['tag'])) { $this->assign('menuTag', $_GET['tag']); } $this->assign('menu', $menu); } C('SHOW_RUN_TIME', false); // 运行时间显示 C('SHOW_PAGE_TRACE', false); $this->display(); }
public static function AccessDecision($appName = APP_NAME) { //检查是否需要认证 if (RBAC::checkAccess()) { //存在认证识别号,则进行进一步的访问决策 $accessGuid = md5($appName . MODULE_NAME . ACTION_NAME); if (empty($_SESSION[C('ADMIN_AUTH_KEY')])) { if (C('USER_AUTH_TYPE') == 2) { //加强验证和即时验证模式 更加安全 后台权限修改可以即时生效 //通过数据库进行访问检查 $accessList = RBAC::getAccessList($_SESSION[C('USER_AUTH_KEY')]); } else { // 如果是管理员或者当前操作已经认证过,无需再次认证 if ($_SESSION[$accessGuid]) { return true; } //登录验证模式,比较登录后保存的权限访问列表 $accessList = $_SESSION['_ACCESS_LIST']; } //判断是否为组件化模式,如果是,验证其全模块名 $module = defined('P_MODULE_NAME') ? P_MODULE_NAME : MODULE_NAME; if (!isset($accessList[strtoupper($appName)][strtoupper($module)][strtoupper(ACTION_NAME)])) { $_SESSION[$accessGuid] = false; return false; } else { $_SESSION[$accessGuid] = true; } } else { //管理员无需认证 return true; } } return true; }
public function checkLogin() { if (empty($_POST['account'])) { $this->ajaxReturn($_POST, '帐号必须!'); } elseif (empty($_POST['password'])) { $this->ajaxReturn($_POST, '密码必须!'); } //生成认证条件 $map = array(); // 支持使用绑定帐号登录 $map['account'] = $_POST['account']; $map['password'] = md5($_POST['password']); //$map["status"]='1'; //if($_SESSION['verify'] != md5($_POST['verify'])) { // $this->error('验证码错误!'); //} import('ORG.Util.RBAC'); $authInfo = RBAC::authenticate($map); //使用用户名、密码和状态的方式进行认证 //dump($map); //dump($authInfo); if (!$authInfo) { $this->ajaxReturn($authInfo, '帐号或密码错误', 0); } else { if ($authInfo['password'] != md5($_POST['password'])) { $this->ajaxReturn($authInfo, '密码错误!', 0); } $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id']; $_SESSION['email'] = $authInfo['email']; $_SESSION['nickname'] = $authInfo['nickname']; $_SESSION['password'] = $authInfo['password']; $_SESSION['lastLoginTime'] = $authInfo['last_login_time']; $_SESSION['remark'] = $authInfo['remark']; $_SESSION['status'] = $authInfo['status']; $_SESSION['last_login_ip'] = $authInfo['last_login_ip']; //取出相关角色信息 $ru = M('role_user'); $con['user_id'] = $authInfo['id']; $rul = $ru->where($con)->select(); $role = M('role'); $con1['id'] = $rul[0]['role_id']; $rl = $role->where($con1)->select(); $_SESSION['role'] = $rl[0]['name']; //取出相关可访问资源信息 $ac = M('access'); $con2['role_id'] = $rl[0]['id']; $acl = $ac->where($con2)->select(); for ($i = 0; $i < count($acl); $i++) { $resourceIds[$i] = $acl[$i]['node_id']; } $resourceIds = implode(",", $resourceIds); //把数组转化成字符串 //dump($resourceIds); $_SESSION['resourceIds'] = $resourceIds; //$_SESSION['login_count'] = $authInfo['login_count']; if ($authInfo['account'] == 'admin') { $_SESSION['administrator'] = true; } //保存登录信息 //保存登录信息 $User = M('User'); $ip = get_client_ip(); $time = time(); $data = array(); $data['id'] = $authInfo['id']; $data['last_login_time'] = $time; $data['login_count'] = array('exp', 'login_count+1'); $data['last_login_ip'] = $ip; $User->save($data); // 缓存访问权限 $_SESSION['_ACCESS_LIST'] = RBAC::getAccessList($authInfo['id']); //dump($_SESSION); RBAC::saveAccessList(); $this->ajaxReturn($authInfo, '登录成功!', 1); } }
/** * 无需审核直接发布 * @return bool 如果不用审核返回true,需要返回false */ private function noVerify() { $user_id = get_current_user_id(); $access_list = RBAC::getAccessList($user_id); if ($access_list['ADMIN']['POSTS']['NOVERIFY'] != '' || $user_id == 1) { return true; } else { return false; } }
/** * @FBI Warning !除非你有空闲时间,否则不要没事读这段丧心病狂的代码。。。。 * @return string */ private function show_all_menu() { C('admin_sub_menu', array_change_key_case(C('admin_sub_menu'))); C('admin_big_menu', array_change_key_case(C('admin_big_menu'))); $accessList = RBAC::getAccessList($_SESSION[C('USER_AUTH_KEY')]); $cache_access = array_change_key_case($accessList[strtoupper(MODULE_NAME)]); $cache = C('admin_big_menu'); if ($_SESSION[C('ADMIN_AUTH_KEY')] != true) { foreach ($cache as $cache_key => $cache_each) { if (!array_key_exists($cache_key, $cache_access)) { unset($cache[$cache_key]); } else { } } } if ($_SESSION[C('ADMIN_AUTH_KEY')] != true) { foreach ($cache_access as $cache2_key => $cache2_each) { foreach ($cache2_each as $key => $value) { $cache2_each[$key] = strtolower($cache2_key) . '/' . strtolower($key); } $cache_access[$cache2_key] = array_flip(array_change_key_case($cache2_each)); } $cache2 = array_change_key_case(C('admin_sub_menu')); foreach ($cache2 as $cache2_key => $cache2_each) { $cache2[$cache2_key] = array_change_key_case($cache2_each); } foreach ($cache_access as $cache_access_key => $cache_access_each) { foreach ($cache_access_each as $cache_access_each_key => $cache_access_each_each) { if (!empty($cache2[$cache_access_key][$cache_access_each_key])) { $cache_access[$cache_access_key][$cache_access_each_key] = $cache2[$cache_access_key][$cache_access_each_key]; } else { unset($cache_access[$cache_access_key][$cache_access_each_key]); } } } C('admin_sub_menu', $cache_access); } $count = count($cache); $i = 1; $menu = ""; foreach ($cache as $url => $name) { if ($i == 1) { $css = $url == strtolower(CONTROLLER_NAME) || !$cache[strtolower(CONTROLLER_NAME)] ? "start active" : "start"; $menu .= '<li class="' . $css . '"><a href="javascript:;"> <i class="icon-home"></i> <span class="title">' . $name . '</span> <span class="arrow "></span> </a><ul class="sub-menu">'; $cache = C('admin_sub_menu'); foreach ($cache as $big_url => $big_name) { if ($big_url == $url) { foreach ($big_name as $sub_url => $sub_name) { $sub_true_url = explode('/', $sub_url); $css = !strcasecmp($sub_true_url[1], strtolower(ACTION_NAME)) ? "active" : ""; $menu .= '<li class="' . $css . '"><a href="' . U("Admin/" . "{$sub_url}") . '">' . $sub_name . '</a></li>'; } } } $menu .= '</ul></li>'; } else { if ($i == $count) { $css = $url == strtolower(CONTROLLER_NAME) ? "last active" : "last"; $menu .= '<li class="' . $css . '"><a href="javascript:;"> <i class="icon-cogs"></i> <span class="title">' . $name . '</span> <span class="arrow "></span> </a><ul class="sub-menu">'; $cache = C('admin_sub_menu'); foreach ($cache as $big_url => $big_name) { if ($big_url == $url) { foreach ($big_name as $sub_url => $sub_name) { $sub_true_url = explode('/', $sub_url); $css = !strcasecmp($sub_true_url[1], strtolower(ACTION_NAME)) ? "active" : ""; $menu .= '<li class="' . $css . '"><a href="' . U("Admin/" . "{$sub_url}") . '">' . $sub_name . '</a></li>'; } } } $menu .= '</ul></li>'; } else { $css = $url == strtolower(CONTROLLER_NAME) ? "start active" : ""; $menu .= '<li class="' . $css . '"><a href="javascript:;"> <i class="icon-cogs"></i> <span class="title">' . $name . '</span> <span class="arrow "></span> </a><ul class="sub-menu">'; $cache = C('admin_sub_menu'); foreach ($cache as $big_url => $big_name) { if ($big_url == $url) { foreach ($big_name as $sub_url => $sub_name) { $sub_true_url = explode('/', $sub_url); $css = !strcasecmp($sub_true_url[1], strtolower(ACTION_NAME)) ? "active" : ""; $menu .= '<li class="' . $css . '"><a href="' . U("Admin/" . "{$sub_url}") . '">' . $sub_name . '</a></li>'; } } } $menu .= '</ul></li>'; } } $i++; } return $menu; }
static function AccessDecision() { //检查是否需要认证 if (RBAC::checkAccess()) { //检查认证识别号 if (!Session::is_set(C('USER_AUTH_KEY'))) { //跳转到认证网关 redirect(PHP_FILE . C('USER_AUTH_GATEWAY')); } //存在认证识别号,则进行进一步的访问决策 $accessGuid = md5(APP_NAME . MODULE_NAME . ACTION_NAME); if (!Session::is_setLocal('administrator')) { //管理员无需认证 if (C('USER_AUTH_TYPE') == 2) { //加强验证和即时验证模式 更加安全 后台权限修改可以即时生效 //通过数据库进行访问检查 $accessList = RBAC::getAccessList(); } else { // 如果是管理员或者当前操作已经认证过,无需再次认证 if (Session::is_set($accessGuid)) { return; } //登录验证模式,比较登录后保存的权限访问列表 $accessList = Session::get('_ACCESS_LIST'); } if (!isset($accessList[strtoupper(APP_NAME)][strtoupper(MODULE_NAME)][strtoupper(ACTION_NAME)])) { throw_exception(L('_VALID_ACCESS_')); } else { Session::set($accessGuid, true); } } } return true; }
public static function AccessDecision($appName = APP_NAME) { //检查是否需要认证 if (RBAC::checkAccess()) { //存在认证识别号,则进行进一步的访问决策 $accessGuid = md5($appName . MODULE_NAME . ACTION_NAME); if (empty($_SESSION[C('ADMIN_AUTH_KEY')])) { if (C('USER_AUTH_TYPE') == 2) { //加强验证和即时验证模式 更加安全 后台权限修改可以即时生效 //通过数据库进行访问检查 $accessList = RBAC::getAccessList($_SESSION[C('USER_AUTH_KEY')]); } else { // 如果是管理员或者当前操作已经认证过,无需再次认证 if ($_SESSION[$accessGuid]) { return $_SESSION[$accessGuid]; } //登录验证模式,比较登录后保存的权限访问列表 $accessList = $_SESSION['_ACCESS_LIST']; } //栏目权限 if (!isset($_SESSION[C('USER_CONTENT_KEY')])) { $table = array('role' => C('RBAC_ROLE_TABLE'), 'user' => C('RBAC_USER_TABLE')); $sql = "select role.typeids from " . $table['role'] . " as role," . $table['user'] . " as user" . " where user.user_id=" . $_SESSION[C('USER_AUTH_KEY')] . " and user.role_id=role.id and role.status=1"; //echo $sql; $rs = M()->query($sql); if ($rs) { $_SESSION[C('USER_CONTENT_KEY')] = $rs[0]['typeids']; } else { $_SESSION[C('USER_CONTENT_KEY')] = ''; } } //判断是否为组件化模式,如果是,验证其全模块名 $module = defined('P_MODULE_NAME') ? P_MODULE_NAME : MODULE_NAME; //追影改写默认为无需认证 只有设置了才验证因为没有添加进node的实在太多 $model_node = new Model(C('RBAC_NODE_TABLE'), NULL); $t2 = $model_node->where("upper(`name`)='" . strtoupper($module) . "' and level=2")->find(); if (!$t2) { $_SESSION[$accessGuid] = false; return false; } $t = $model_node->where("upper(`name`)='" . strtoupper(ACTION_NAME) . "' and level=3 and pid=" . $t2['id'])->find(); //echo $model_node->getLastSql(); if ($t) { //方法存在于node检查是否有权限 if (!isset($accessList[strtoupper($appName)][strtoupper($module)][strtoupper(ACTION_NAME)])) { $_SESSION[$accessGuid] = false; return false; } else { $_SESSION[$accessGuid] = true; return true; } } else { //方法不存在只module检查 if (!isset($accessList[strtoupper($appName)][strtoupper($module)])) { $_SESSION[$accessGuid] = false; return false; } else { $_SESSION[$accessGuid] = true; return true; } } } else { //管理员无需认证 return true; } } return true; }
static function AccessDecision($appName = APP_NAME) { //检查是否需要认证 if (RBAC::checkAccess()) { //检查认证识别号 if (!$_SESSION[C('USER_AUTH_KEY')]) { if (C('GUEST_AUTH_ON')) { // 开启游客授权访问 if (!isset($_SESSION['_ACCESS_LIST'])) { // 保存游客权限 RBAC::saveAccessList(C('GUEST_AUTH_ID')); } } else { // 禁止游客访问跳转到认证网关 redirect(PHP_FILE . C('USER_AUTH_GATEWAY')); } } //存在认证识别号,则进行进一步的访问决策 $accessGuid = md5($appName . MODULE_NAME . ACTION_NAME); if (!$_SESSION[C('ADMIN_AUTH_KEY')]) { //管理员无需认证 if (C('USER_AUTH_TYPE') == 2) { //加强验证和即时验证模式 更加安全 后台权限修改可以即时生效 //通过数据库进行访问检查 $accessList = RBAC::getAccessList(); } else { // 如果是管理员或者当前操作已经认证过,无需再次认证 if ($_SESSION[$accessGuid]) { return true; } //登录验证模式,比较登录后保存的权限访问列表 $accessList = $_SESSION['_ACCESS_LIST']; } //判断是否为组件化模式,如果是,验证其全模块名 $module = defined('C_MODULE_NAME') ? C_MODULE_NAME : MODULE_NAME; if (!isset($accessList[strtoupper($appName)][strtoupper($module)][strtoupper(ACTION_NAME)])) { //throw_exception(L('_VALID_ACCESS_')); return false; } else { $_SESSION[$accessGuid] = true; } } } return true; }
public static function AccessDecision($appName = APP_NAME) { //检查是否需要认证 if (RBAC::checkAccess()) { //存在认证识别号,则进行进一步的访问决策 $accessGuid = md5($appName . MODULE_NAME . ACTION_NAME); //判断是否超级管理员,是无需进行权限认证 $ADMIN_AUTH_KEY = session(C('ADMIN_AUTH_KEY')); if (empty($ADMIN_AUTH_KEY)) { //认证类型 1 登录认证 2 实时认证 if (C('USER_AUTH_TYPE') == 2) { //加强验证和即时验证模式 更加安全 后台权限修改可以即时生效 //通过数据库进行访问检查 $accessList = RBAC::getAccessList(session(C('USER_AUTH_KEY'))); } else { // 如果是管理员或者当前操作已经认证过,无需再次认证 if (session($accessGuid)) { return true; } //登录验证模式,比较登录后保存的权限访问列表 $accessList = session("_ACCESS_LIST"); } //判断是否为组件化模式,如果是,验证其全模块名 $module = defined('P_MODULE_NAME') ? P_MODULE_NAME : MODULE_NAME; if (!isset($accessList[strtoupper($appName)][strtoupper($module)][strtoupper(ACTION_NAME)])) { if (self::checkLogin() == true) { if ($appName == "Admin" && in_array(MODULE_NAME, array("Index", "Main")) && in_array(ACTION_NAME, array("index"))) { session($accessGuid, true); return true; } //如果是public_开头的验证通过。 if (substr(ACTION_NAME, 0, 7) == 'public_') { session($accessGuid, true); return true; } //如果是内容模块,直接验证通过,交给内容模块自己控制权限 if ("Contents" == $appName && "Content" == MODULE_NAME) { session($accessGuid, true); return true; } } session($accessGuid, false); return false; } else { session($accessGuid, true); } } else { //进行登陆检测 if (self::checkLogin()) { return true; } return false; } } return true; }
public static function getFileGroupAccessList($authId) { if ($_SESSION[C('ADMIN_AUTH_KEY')]) { return array(); } $authId = $authId ? $authId : $_SESSION[C('USER_AUTH_KEY')]; $file = DConfig_PATH . "/AccessList/access_" . $authId . ".php"; if (!file_exists($file)) { $accessList = RBAC::getAccessList($authId); if (!file_exists(DConfig_PATH . "/AccessList")) { createFolder(dirname(DConfig_PATH . "/AccessList")); mkdir(DConfig_PATH . "/AccessList", 0777); } RBAC::writeover($file, "return " . RBAC::pw_var_export($accessList) . ";\n", true); foreach ($accessList as $k3 => $v3) { foreach ($accessList[$k3] as $k1 => $v1) { foreach ($accessList[$k3][$k1] as $k => $v) { $p = explode("-", $v); $_SESSION[strtolower($k1 . '_' . $k)] = $p[1]; } } } } $access = (require $file); $groupList = array(); $num = 0; foreach ($access as $k1 => $v1) { foreach ($v1 as $k2 => $v2) { if ($k2 == "INDEX") { continue; } foreach ($v2 as $k3 => $v3) { //等于组ID时压入到组数组 if ($k3 == "GROUPID") { $groupList[$num] = $v3; $num++; } } } } $groupList = array_unique($groupList); return $groupList; }