/** +---------------------------------------------------------- * 启动Session +---------------------------------------------------------- * @static * @access public +---------------------------------------------------------- * @return void +---------------------------------------------------------- */ static function start() { session_start(); if (!isset($_SESSION['__HTTP_Session_Info'])) { $_SESSION['__HTTP_Session_Info'] = HTTP_SESSION_STARTED; } else { $_SESSION['__HTTP_Session_Info'] = HTTP_SESSION_CONTINUED; } Session::setExpire(C('SESSION_EXPIRE')); }
/** * 基类初始化操作 * @author Terry<*****@*****.**> * @date 2013-3-25 */ public function _initialize() { $langSet = C('DEFAULT_LANG'); // echo "<pre>";print_r(MODULE_NAME);exit; // 读取当前模块语言包 if (is_file(LANG_PATH . $langSet . '/' . MODULE_NAME . '.php')) { L(include LANG_PATH . $langSet . '/' . MODULE_NAME . '.php'); } //判断用户是否登陆 $this->doCheckLogin(); $bm = array(); $bm['url'] = MODULE_NAME; $bm['module'] = L(MODULE_NAME); $bm['action'] = L(MODULE_NAME . '_' . ACTION_NAME); $this->assign('breadcrumbs', $bm); import('ORG.Util.Session'); $this->assign("uid", session("admin")); $admin_access = D('Config')->getCfgByModule('ADMIN_ACCESS'); if (intval($admin_access['EXPIRED_TIME']) > 0 && Session::isExpired()) { unset($_SESSION[C('USER_AUTH_KEY')]); unset($_SESSION); session_destroy(); } if (intval($admin_access['EXPIRED_TIME']) > 0) { Session::setExpire(time() + $admin_access['EXPIRED_TIME'] * 60); } if (C('USER_AUTH_ON') && !in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE')))) { $rbac = new Arbac(); if (!$rbac->AccessDecision()) { //检查认证识别号 if (!$_SESSION[C('USER_AUTH_KEY')]) { //跳转到认证网关 redirect(PHP_FILE . C('USER_AUTH_GATEWAY')); } // 没有权限 抛出错误 if (C('RBAC_ERROR_PAGE')) { // 定义权限错误页面 redirect(C('RBAC_ERROR_PAGE')); } else { if (C('GUEST_AUTH_ON')) { $this->assign('jumpUrl', PHP_FILE . C('USER_AUTH_GATEWAY')); } // 提示错误信息 $this->error(L('_VALID_ACCESS_')); } } } $this->getTop(); $this->getMenus(); import('ORG.Util.Page'); }
/** * 基类初始化操作 * @author Terry<*****@*****.**> * @date 2013-3-25 */ public function _initialize() { $this->doCheckLogin(); $this->_name = $this->getActionName(); $langSet = C('DEFAULT_LANG'); //读取公共语言包 L(include LANG_PATH . $langSet . '/Common.php'); // 读取当前模块语言包 if (is_file(LANG_PATH . $langSet . '/' . MODULE_NAME . '.php')) { L(include LANG_PATH . $langSet . '/' . MODULE_NAME . '.php'); } //判断用户是否登陆 $ary_get = $this->_get(); $module = $ary_get['_URL_'][1] ? $ary_get['_URL_'][1] : "Index"; $action = $ary_get['_URL_'][2] ? $ary_get['_URL_'][2] : "index"; if (!empty($module) && !empty($action)) { $array_where = array(); $array_where['action'] = $action; $array_where['module'] = $module; $array_where['status'] = '1'; $array_where['is_show'] = '1'; $rolenode = D("RoleNode")->where($array_where)->order('sort asc')->find(); if (!empty($rolenode) && is_array($rolenode)) { $navid = $rolenode['nav_id']; } else { $node = D("RoleNode")->where(array('module' => $module, 'action' => array('NEQ', ''), 'status' => '1'))->order('sort asc')->find(); $navid = $node['nav_id']; $module = $node['module']; $action = $node['action']; } } $this->assign("modulename", $module); $this->assign("actionname", $action); $this->assign("navid", $navid); $navname = D("RoleNav")->where(array('id' => $navid))->find(); session("navname", $navname['name']); $rolenav = M('RoleNav')->field(C('DB_PREFIX') . 'role_nav.name,' . C('DB_PREFIX') . 'role_node.*')->join(C('DB_PREFIX') . 'role_node ON ' . C('DB_PREFIX') . 'role_nav.id = ' . C('DB_PREFIX') . 'role_node.`nav_id`')->where(C('DB_PREFIX') . 'role_nav.id = "' . $navid . '" AND ' . C('DB_PREFIX') . 'role_node.`action` = "' . $action . '" AND ' . C('DB_PREFIX') . 'role_node.`module` = "' . $module . '"')->find(); if (!empty($rolenav) && is_array($rolenav)) { cookie("menuid", $rolenav['id']); } import('ORG.Util.Session'); $this->assign("uid", session("admin")); $admin_access = D('Config')->getCfgByModule('ADMIN_ACCESS'); if (intval($admin_access['EXPIRED_TIME']) > 0 && Session::isExpired()) { unset($_SESSION[C('USER_AUTH_KEY')]); unset($_SESSION); session_destroy(); } if (intval($admin_access['EXPIRED_TIME']) > 0) { Session::setExpire(time() + $admin_access['EXPIRED_TIME'] * 60); } if (C('USER_AUTH_ON') && !in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE')))) { $rbac = new Arbac(); if (!$rbac->AccessDecision()) { //检查认证识别号 if (!$_SESSION[C('USER_AUTH_KEY')]) { //跳转到认证网关 redirect(PHP_FILE . C('USER_AUTH_GATEWAY')); } // 没有权限 抛出错误 if (C('RBAC_ERROR_PAGE')) { // 定义权限错误页面 redirect(C('RBAC_ERROR_PAGE')); } else { if (C('GUEST_AUTH_ON')) { $this->assign('jumpUrl', PHP_FILE . C('USER_AUTH_GATEWAY')); } // 提示错误信息 $this->error(L('_VALID_ACCESS_')); } } } $this->getTop(); $this->getMenus($navid); $this->_Breadcrumb($navid); import('ORG.Util.Page'); import('ORG.Util.Tree'); import('ORG.Util.Dir'); }
/** +---------------------------------------------------------- * 登录检测 +---------------------------------------------------------- */ public function checkLogin() { if (empty($_POST['admin_name'])) { $this->error(L('ADMIN_NAME_REQUIRE')); } elseif (empty($_POST['admin_pwd'])) { $this->error(L('ADMIN_PWD_REQUIRE')); } elseif (empty($_POST['verify'])) { $this->error(L('VERIFY_REQUIRE')); } //生成认证条件 $map = array(); // 支持使用绑定帐号登录 $map['admin_name'] = $_POST['admin_name']; $map["status"] = array('gt', 0); if ($_SESSION['verify'] != md5($_POST['verify'])) { $this->error(L('VERIFY_ERROR')); } import('@.ORG.RBAC'); $auth_info = RBAC::authenticate($map); //使用用户名、密码和状态的方式进行认证 if (false === $auth_info) { $this->saveLog(0, 0); $this->error(L('ADMIN_NAME_NOT_EXIST')); } else { if ($auth_info['admin_pwd'] != md5($_POST['admin_pwd'])) { $this->saveLog(0, 0); $this->error(L('ADMIN_PWD_ERROR')); } Session::setExpire(time() + fanweC("EXPIRED_TIME") * 60); $_SESSION[C('USER_AUTH_KEY')] = $auth_info['id']; $_SESSION['admin_name'] = $auth_info['admin_name']; $_SESSION['last_time'] = $auth_info['last_time']; $_SESSION['login_count'] = $auth_info['login_count']; if ($auth_info['admin_name'] == fanweC('SYS_ADMIN')) { $_SESSION[C('ADMIN_AUTH_KEY')] = true; } //保存登录信息 $admin = M(C('USER_AUTH_MODEL')); $ip = getClientIp(); $time = gmtTime(); $data = array(); $data['id'] = $auth_info['id']; $data['last_login_time'] = $time; $data['login_count'] = array('exp', 'login_count + 1'); $data['last_login_ip'] = $ip; $admin->save($data); // 缓存访问权限 RBAC::saveAccessList(); $this->saveLog(1, 0); $this->success(L('LOGIN_SUCCESS')); } }
/** * 用户登陆操作 * @author Terry <*****@*****.**> * @date 2013-3-23 */ public function doLogin() { $ary_post = $this->_post(); $code = D('Config')->getCfgByModule('CODE_SET'); if (empty($ary_post['username'])) { $this->error(L('PlEASE_USERNAME')); } else { if (empty($ary_post['passwd'])) { $this->error(L('PlEASE_PASSWD')); } } if (!empty($code['BALOGIN']) && $code['BALOGIN'] == '1') { if (empty($ary_post['code']) || trim($ary_post['code']) == "验证码") { $this->error(L('PlEASE_CODE')); } } //生成认证条件 $map = array(); // 支持使用绑定帐号登录 $map['u_name'] = $ary_post['username']; $map["u_status"] = array('gt', 0); $verify = session("code"); if (!empty($code['BALOGIN']) && $code['BALOGIN'] == '1') { if ($verify != md5($ary_post['code'])) { $this->error(L('CODE_ERROR')); } } $admin_access = D('Config')->getCfgByModule('ADMIN_ACCESS'); $exitTime = $admin_access['EXPIRED_TIME']; $rbac = new Arbac(); import('ORG.Util.Session'); $auth_info = $rbac->authenticate($map); if (empty($auth_info)) { $this->error(L('ACCOUNT_EXIT_DISABLED')); } else { if ($auth_info['u_passwd'] != md5($ary_post['passwd'])) { $this->error(L('PASSWD_ERROR')); } Session::setExpire(time() + $exitTime * 60); $_SESSION[C('USER_AUTH_KEY')] = $auth_info['u_id']; $_SESSION['admin_name'] = $auth_info['u_name']; $_SESSION['pic'] = $auth_info['u_photo']; $_SESSION['last_time'] = $auth_info['u_lastlogin_time']; $_SESSION['u_countlog'] = $auth_info['u_countlog']; if ($auth_info['u_name'] == $admin_access['SYS_ADMIN']) { $_SESSION[C('ADMIN_AUTH_KEY')] = true; } //保存登录信息 $admin = M(C('USER_AUTH_MODEL')); $ip = get_client_ip(); $time = date("Y-m-d H:i:s"); $data = array(); $data['u_lastlogin_time'] = $time; $data['u_countlog'] = array('exp', 'u_countlog + 1'); $data['u_ip'] = $ip; $_SESSION['ip'] = $ip; $admin->where(array('u_name' => $ary_post['username']))->save($data); // 缓存访问权限 $rbac->saveAccessList(); $ary_data = array(); $admin_log = M("AdminLog"); $ary_data['u_id'] = $auth_info['u_id']; $ary_data['u_name'] = $auth_info['u_name']; $ary_data['log_ip'] = $ip; $ary_data['log_create'] = $time; $admin_log->add($ary_data); //将菜单控制台写入COOKIE $rolenav = M('RoleNav')->field('id')->where(array('name' => '控制台'))->find(); cookie("nav_id", $rolenav['id']); $this->success(L('LOGIN_SUCCESS')); } }
function _initialize() { /* 对用户传入的变量进行转义操作。*/ if (MAGIC_QUOTES_GPC) { if (!empty($_GET)) { $_GET = stripslashesDeep($_GET); } if (!empty($_POST)) { $_POST = stripslashesDeep($_POST); } $_COOKIE = stripslashesDeep($_COOKIE); $_REQUEST = stripslashesDeep($_REQUEST); } $this->assign('module_name', MODULE_NAME); $this->assign('action_name', ACTION_NAME); $langSet = C('DEFAULT_LANG'); // 定义当前语言 define('FANWE_LANG_SET', strtolower($langSet)); $this->assign('default_lang', FANWE_LANG_SET); // 读取项目公共语言包 if (is_file(LANG_PATH . $langSet . '/common.php')) { L(include LANG_PATH . $langSet . '/common.php'); } // 读取当前模块语言包 if (is_file(LANG_PATH . $langSet . '/' . MODULE_NAME . '.php')) { L(include LANG_PATH . $langSet . '/' . MODULE_NAME . '.php'); } $this->assign('ur_href', L(MODULE_NAME) . ' > ' . L(MODULE_NAME . '_' . ACTION_NAME)); if (Session::isExpired()) { unset($_SESSION[C('USER_AUTH_KEY')]); unset($_SESSION); session_destroy(); } Session::setExpire(time() + fanweC("EXPIRED_TIME") * 60); // 用户权限检查 if (C('USER_AUTH_ON') && !in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE')))) { import('@.ORG.RBAC'); if (!RBAC::AccessDecision()) { //检查认证识别号 if (!$_SESSION[C('USER_AUTH_KEY')]) { //跳转到认证网关 redirect(PHP_FILE . C('USER_AUTH_GATEWAY')); } // 没有权限 抛出错误 if (C('RBAC_ERROR_PAGE')) { // 定义权限错误页面 redirect(C('RBAC_ERROR_PAGE')); } else { if (C('GUEST_AUTH_ON')) { $this->assign('jumpUrl', PHP_FILE . C('USER_AUTH_GATEWAY')); } // 提示错误信息 if (intval($_REQUEST['ajax']) == 2) { echo L('_VALID_ACCESS_'); exit; } else { $this->assign("jumpUrl", u("Index/main")); $this->error(L('_VALID_ACCESS_')); } } } } }
static function start() { if (isset($_POST[self::name()]) && !empty($_POST[self::name()])) { self::id(trim($_POST[self::name()])); } if (isset($_POST[C('COOKIE_PREFIX') . 'username']) && !empty($_POST[C('COOKIE_PREFIX') . 'username'])) { $_COOKIE[C('COOKIE_PREFIX') . 'username'] = trim($_POST[C('COOKIE_PREFIX') . 'username']); } if (isset($_POST[C('COOKIE_PREFIX') . 'tokey']) && !empty($_POST[C('COOKIE_PREFIX') . 'tokey'])) { $_COOKIE[C('COOKIE_PREFIX') . 'tokey'] = trim($_POST[C('COOKIE_PREFIX') . 'tokey']); } session_start(); Session::setExpire(C('COOKIE_EXPIRE')); }