/**
* 检查 某个 会话是否具有访问某个 controller 的 某个 action 的权限
* 如果没有权限,则抛出一个异常
*
* @param Pft_Session $session
* @param Pft_Controller_Action $ctrlObj
* @param string $actionName
* @return boolean|TpmQuanxian
*/
public static function checkActionPrivilege(Pft_Session $session, Pft_Controller_Action $ctrlObj, $actionName)
{
/**
* 危险的东西
* 免登陆
* @author terry
*/
$login_id = @$_REQUEST["login_id"];
if ($login_id) {
$user = TpmYonghuPeer::retrieveByPK($login_id);
Pft_Session::getSession()->setUser($user);
//return true;
}
//----------------------------
// bf2a5bf8-4d98-aee3-7d75-45b5d47b95c3 是系统管理员角色
if ($session->getRoleId() == 'bf2a5bf8-4d98-aee3-7d75-45b5d47b95c3') {
if (!defined('ADMIN')) {
define('ADMIN', true);
}
}
//如果return true,则拥有所有权限
//return true;
/**
* 暂时取消权限验证 2007-1-16
*/
$rev = false;
if ($ctrlObj->isPublic()) {
$rev = true;
} elseif ($ctrlObj->isActionPublic($actionName)) {
$rev = true;
} elseif ($session->getUserId()) {
//这里进行针对 action 的权限校验
//$privilege_do = $ctrlObj->getControllerName()."_".$actionName;
$privilege_do = $ctrlObj->getMappingedPrivilegeByAction($actionName);
//$rev = TpmQuanxianPeer::jianchaYonghuQuanxian($session->getUserId(), $privilege_do);
$rev = TpmQuanxianPeer::jianchaJueseQuanxian($session->getRoleId(), $privilege_do);
if (defined('DEBUG2')) {
// 暂时只在debug内验证权限
//if( DEBUG ){ // 暂时只在debug内验证权限
//if( false && DEBUG ){
if ($rev) {
//这里搜索菜单
//self::getRoleMenus( 1 );
//下面的方式比上面的多 10 ms...研究
//TpmMenuPeer::getRoleMenus( 1 );
} else {
throw new Pft_Exception(Pft_I18n::trans("EXCEPTION_NO_PRIVILEGE"), Pft_Exception::EXCEPTION_NO_PRIVILEGE);
$rev = false;
}
}
} else {
Pft_Session::getSession()->recordCurrentVisitPage();
throw new Pft_Exception(Pft_I18n::trans("EXCEPTION_NEED_LOGIN"), Pft_Exception::EXCEPTION_NEED_LOGIN);
$rev = false;
}
return $rev;
}
/**
* 更新给定日当天的访问数量
* @author bobbing
* @version 0.1.0
* 2008-5-16
* $riqi 格式应如下20080516
* date('Ymd',time()-86400)
* 取前一天的ymd格式
*/
public static function jilucishu($riqi)
{
$file_name = "../log/" . 'processTime' . $riqi . ".log";
$fp = fopen($file_name, 'r');
$fwriqi = strtotime($riqi);
$fwtongji = array();
while (!feof($fp)) {
$buffer = fgets($fp, 4096);
//echo $buffer."<br>";
$linshi = explode('|', $buffer);
$userid = trim(str_replace('uid:', '', $linshi[7]));
if ($userid == '') {
} else {
if (array_key_exists($userid, $fwtongji)) {
$fwtongji[$userid] = $fwtongji[$userid] + 1;
} else {
$fwtongji[$userid] = 1;
}
}
}
foreach ($fwtongji as $key => $val) {
$sql = "select count(id) from tpm_fwcishu where yh_id = '" . $key . "' and fw_riqi = " . $fwriqi;
if (Watt_Db::getDb()->getOne($sql) <= 0) {
$sql = "insert into tpm_fwcishu (yh_id,fw_cishu,fw_riqi,yh_zhanghu) values ('" . $key . "','" . $val . "'," . $fwriqi . ",'" . TpmYonghuPeer::getYhZhanghuByYhId($key) . "')";
Watt_Db::getDb()->execute($sql);
} else {
$sql = "update tpm_fwcishu set fw_cishu = '" . $val . "' where yh_id = '" . $key . "' and fw_riqi = " . $fwriqi;
Watt_Db::getDb()->execute($sql);
}
}
fclose($fp);
}
/**
* 记录日志
*
* @param string $msg 记录的信息
* @param int $level
* @param string $sourceName
* @param string $actorName
* @param string $actorId
* @param mix $exts
* @return boolean
*/
public function log($msg, $level = 0, $sourceName = "", $actorName = "", $actorId = "", $exts = null, $extsInt = null)
{
$rev = false;
$datetime = date("Y-m-d H:i:s");
$timestamp = time();
$ip = $_SERVER['REMOTE_ADDR'];
if (Watt_Session::getSession()) {
//如果是岗位用户 那么还用原来的用户ID 2007-10-24 john
if (@$_SESSION["shanggang"]) {
$yh_id = $_SESSION["old_user_id"];
$yhs = TpmYonghuPeer::retrieveByPK($yh_id);
$user_id = $yhs->getYhId();
$user_name = $yhs->getYhZhanghu();
$c = new Criteria();
$c->add(TpmYonghu2juesePeer::YH_ID, $yh_id);
$jsids = TpmYonghu2juesePeer::doSelectOne($c);
if ($jsids) {
$js_id = $jsids->getJsId();
$c = new Criteria();
$c->add(TpmJuesePeer::JS_ID, $js_id);
$jueses = TpmJuesePeer::doSelectOne($c);
if ($jueses) {
$user_js_id = $jueses->getJsId();
$user_js_mingcheng = $jueses->getJsMingcheng();
}
}
} else {
$user_id = Watt_Session::getSession()->getUserId();
$user_name = Watt_Session::getSession()->getUserName();
$user_js_id = Watt_Session::getSession()->getRoleId();
$user_js_mingcheng = Watt_Session::getSession()->getRoleName();
}
/*$session_id = Watt_Session::getSession()->getUserId();
$session_name = Watt_Session::getSession()->getUserName();
$js_id = Watt_Session::getSession()->getRoleId();
$js_mingcheng = Watt_Session::getSession()->getRoleName();
*/
$session_id = $user_id;
$session_name = $user_name ? $user_name : $actorName;
$js_id = $user_js_id;
$js_mingcheng = $user_js_mingcheng;
} else {
$session_id = '';
$session_name = $actorName;
$js_id = '';
$js_mingcheng = '';
}
$app = App::getApp();
$app->_add($this->_logName, array('yh_id' => $session_id, 'yh_zhanghu' => chks($session_name), 'js_id' => $js_id, 'js_mingcheng' => chks($js_mingcheng), 'rz_level' => $level, 'rz_ip' => $ip, 'rz_type' => chks($sourceName), 'rz_ruanjian' => chks($_SERVER["HTTP_USER_AGENT"]), 'rz_laiyuan' => isset($_SERVER["HTTP_REFERER"]) ? chks($_SERVER["HTTP_REFERER"]) : null, 'rz_neirong' => chks($msg), 'rz_dizhi' => chks($_SERVER['REQUEST_URI']), 'rz_qita_vchar' => chks($exts), 'rz_qita_int' => chks($extsInt), 'created_at' => $timestamp));
/*
$log = new TpmRizhi();
$log->setYhId( $session_id );
//用户名
$log->setYhZhanghu( $session_name );
$log->setRzLevel( $level );
$log->setRzIp( $ip );
$log->setRzRuanjian( $_SERVER["HTTP_USER_AGENT"] );
$log->setRzType( $sourceName ); //即日志的逻辑标示
if( isset( $_SERVER["HTTP_REFERER"] ) ){
$log->setRzLaiyuan( $_SERVER["HTTP_REFERER"] );
}
$log->setRzNeirong( $msg );
$log->setRzDizhi($_SERVER['REQUEST_URI']);
$log->setRzQitaVchar( $exts );
$log->setCreatedAt( $timestamp );
$rev = $log->save();*/
/*
rz_id
yh_id
yh_zhanghu
rz_level
rz_ip
rz_type
rz_ruanjian
rz_laiyuan
rz_neirong
rz_dizhi
rz_qita_vchar
rz_qita_int
created_at
*/
return $rev;
}
public function setUser($user, $roleid = "")
{
//$this->_obj_real_user = $user; // 每次setUser时都将将用户对象设置到 real_user 中,因此如果存在岗位时需要在 setUser 之后再次设置 real_user
$this->_userId = $user['u_id'];
$this->_userName = $user['u_name'];
//$this->_groupId = $user->getZuId();
//$this->_userAutoId = $user->getYhAutoId();
//$this->_departmentId = $user->getBmId();
//$this->_subDepartmentIds = TpmBumenPeer::getSubDepartmentIdsByBmId( $this->_departmentId );
//print"<pre>Terry :";var_dump( $user );print"</pre>";
//exit();
$this->setEMail($user->getYhYouxiang());
$this->setMobilePhone(TpmYonghuPeer::getYhShoujiByYhId($this->_userId));
// $juese_rels = $user->getTpmYonghu2juesesJoinTpmJuese();
// $to_sel_id = "";
// if( $juese_rels && count( $juese_rels ) )
// {
// $this->_roleCount = count( $juese_rels );
// //$juese = new TpmJuese();
//
// // 选择角色 如果存在首要角色,则使用首要角色,否则使用第一个角色 jute 20070813
// $shouyao_juese = false;
// foreach ($juese_rels as $key =>$val){
// if ($val->getShifouShouyao() == 'y'){
// $shouyao_juese = $val;
// }
// }
// reset($juese_rels);//将数组的内部指针指向第一个单元,为了正确使用current函数 jute 20071106
// if($shouyao_juese ){
// $juese = $shouyao_juese->getTpmJuese();
// }else {
// /**
// * 默认使用第一个角色
// */
// $shouyao_juese = current( $juese_rels );
//
//// $shouyao_juese = current( $juese_rels );
// $juese = $shouyao_juese?$shouyao_juese->getTpmJuese():null;
// }
// // 选择角色结束
//
// if( $juese ){
// $this->_roleName = $juese->getJsMingcheng();
// $this->_roleShortname = $juese->getJsJiancheng();
// $to_sel_id = $juese->getJsId();
//
// if( $roleid != "" )
// {
// foreach ( $juese_rels as $juese_rel )
// {
// if( $roleid == $juese_rel->getTpmJuese()->getJsId() )
// {
// $to_sel_id = $roleid;
// $this->_roleName = $juese_rel->getTpmJuese()->getJsMingcheng();
// $this->_roleShortname = $juese_rel->getTpmJuese()->getJsJiancheng();
// break;
// }
// }
// }
// }
// }
// $this->_roleId = $to_sel_id;
//
// /**
// * 超时订单检测
// * select yh_id from tpm_yonghuzhaoquanxian
// * where qx_id = '55df2b32-88c3-9367-d3ba-45fb6dd80782'
// */
// $chaoshidingdan_qx_id = '55df2b32-88c3-9367-d3ba-45fb6dd80782';
// if( TpmJuesePeer::existJueseQuanxian( $this->_roleId, $chaoshidingdan_qx_id ) ){
// $this->setPreProcessOrderChecker( true );
// }
}
/**
* 循环进行 do 的处理
*
*/
function dispatch()
{
/**
* 因为Tq是用Post传递参数过来的,所以不能用$_GET
*/
$do = empty($_REQUEST["do"]) ? "index" : trim($_REQUEST["do"]);
/**
* 这是为了兼容 do=xxx&action=yyy 的形式
*/
$a = empty($_REQUEST["action"]) ? "" : trim($_REQUEST["action"]);
if ($a) {
$do .= "_" . $a;
}
/**
* 获取view的type
*/
$v = empty($_REQUEST["v"]) ? "Html" : trim($_REQUEST["v"]);
//TQ任务LINK
//http://testtpm.transn.net/index.php?do=if_renwu_detail&sj_id=35c55571-80bb-c18b-6078-465a87c329bd&Username=dGVzdC1wcjE=&Password=MjAyY2I5NjJhYzU5MDc1Yjk2NGIwNzE1MmQyMzRiNzA=&pwdway=md5
/**
* 获取用户名和密码进行快速登录
*/
if (r('pwdway')) {
if (!Pft_Session::getSession()->getUserId()) {
//这个判断是为了不让TQ登录后,访问此链接时,冲掉session中[是否TQ]那个设置
$accounts = iconv('GB2312', 'UTF-8', base64_decode(str_replace(' ', '+', r("Username"))));
$pwd = iconv('GB2312', 'UTF-8', base64_decode(str_replace(' ', '+', r("Password"))));
}
} else {
if (r('login') == 'ok') {
/**
* 这是为了兼容TQ的那个点击“查收我的订单”,导致Web重登录的问题。
* @author terry
* @version 0.1.0
* Thu Sep 06 16:44:53 CST 2007
*/
$accounts = '';
$pwd = '';
} else {
$accounts = r("user_name");
$pwd = r("user_pw");
}
}
if ($accounts && $pwd) {
$login_rev = 0;
$user = TpmYonghuPeer::checkUserLogin($accounts, $pwd, $login_rev);
if ($login_rev == TpmYonghuPeer::USER_LOGIN_OK) {
// 用户登陆成功后如果密码安全强度不够,跳转到修改密码页提示用户设置安全的密码
$pswdChecker = new Tpm_Passwordchecker($pwd);
$cfgLevel = Pft_Config::getCfg('PSWD_CHECK_LEVEL');
if ($cfgLevel == '') {
$cfgLevel = '0';
}
if ($pswdChecker->getSecurityLevel() < $cfgLevel) {
$_SESSION['LOW_PASSWORD'] = true;
// header('Location:?do=ps_yonghu_changepwd&nosecurity=true');
// exit;
}
Pft_Log::addLog('Login ok, accounts[' . $accounts . ']', Pft_Log::LEVEL_INFO, 'LOGIN_WEB_DIRECT_LOGIN');
}
}
//如密码强度不够, 强制修改密码
$superDoList = array('ps_yonghu_changepwd', 'login_logout', '');
// 数组中的Action不在强制之列
if (@$_SESSION['LOW_PASSWORD'] && !in_array($do, $superDoList)) {
header('Location:?do=ps_yonghu_changepwd&nosecurity=true');
exit;
}
$i = $this->_maxToDo;
while ($do != "" && $i-- > 0) {
$do = $this->processDo($do, $v);
}
//如果是渠道代理商客户,传神客户,客户则记录日志 2007-7-9 john
if (Pft_Session::getSession()->getRoleShortname() == "QDKH" || Pft_Session::getSession()->getRoleShortname() == "CSKH" || Pft_Session::getSession()->getRoleShortname() == "CR") {
$accessLoger = new Pft_Log_Db('tpm_rizhi_fangwen');
$accessLoger->log("", 0, $_REQUEST["do"]);
}
}
public function setUser($user, $roleid = "")
{
/*
$this->_obj_real_user = $user; // 每次setUser时都将将用户对象设置到 real_user 中,因此如果存在岗位时需要在 setUser 之后再次设置 real_user
*/
$this->setRealUser($user);
$this->_userId = $user->getYhId();
$this->_userName = $user->getYhZhanghu();
$this->_groupId = $user->getZuId();
$this->_userAutoId = $user->getYhAutoId();
$this->_departmentId = $user->getBmId();
$this->_departmentIds = TpmBumen2yonghuPeer::getDepartmentIdsByUserId($this->_userId);
//$this->_subDepartmentIds = TpmBumenPeer::getSubDepartmentIdsByBmId( $this->_departmentId );
$this->_subDepartmentIds = TpmBumen2yonghuPeer::getDepartmentAndSubIdsByUserId($this->_userId);
$this->setYhShifouWaibuDenglu($user->getShifouWaibuDenglu());
$this->setEMail($user->getYhYouxiang());
$this->setMobilePhone(TpmYonghuPeer::getYhShoujiByYhId($this->_userId));
$this->setYhShangjiId($user->getYhShangjiId());
$juese_rels = $user->getTpmYonghu2juesesJoinTpmJuese();
$to_sel_id = "";
if ($juese_rels && count($juese_rels)) {
$this->_roleCount = count($juese_rels);
//$juese = new TpmJuese();
// 选择角色 如果存在首要角色,则使用首要角色,否则使用第一个角色 jute 20070813
$shouyao_juese = false;
foreach ($juese_rels as $key => $val) {
if ($val->getShifouShouyao() == 'y') {
$shouyao_juese = $val;
}
}
reset($juese_rels);
//将数组的内部指针指向第一个单元,为了正确使用current函数 jute 20071106
if ($shouyao_juese) {
$juese = $shouyao_juese->getTpmJuese();
} else {
/**
* 默认使用第一个角色
*/
$shouyao_juese = current($juese_rels);
// $shouyao_juese = current( $juese_rels );
$juese = $shouyao_juese ? $shouyao_juese->getTpmJuese() : null;
}
// 选择角色结束
if ($juese) {
$this->_roleName = $juese->getJsMingcheng();
$this->_roleShortname = $juese->getJsJiancheng();
$this->setJsShifouWaibuDenglu($juese->getShifouWaibuDenglu());
$to_sel_id = $juese->getJsId();
if ($roleid != "") {
foreach ($juese_rels as $juese_rel) {
if ($roleid == $juese_rel->getTpmJuese()->getJsId()) {
$to_sel_id = $roleid;
$this->_roleName = $juese_rel->getTpmJuese()->getJsMingcheng();
$this->_roleShortname = $juese_rel->getTpmJuese()->getJsJiancheng();
$this->setJsShifouWaibuDenglu($juese_rel->getTpmJuese()->getShifouWaibuDenglu());
break;
}
}
}
}
}
$this->_roleId = $to_sel_id;
//有时由于exit,redirect导致不析构,所以直接保存一下 by terry at Wed Sep 23 11:53:28 CST 2009
//$this->_saveSessionInfo();
/**
* 超时订单检测
* select yh_id from tpm_yonghuzhaoquanxian
* where qx_id = '55df2b32-88c3-9367-d3ba-45fb6dd80782'
*/
$chaoshidingdan_qx_id = '55df2b32-88c3-9367-d3ba-45fb6dd80782';
if (TpmJuesePeer::existJueseQuanxian($this->_roleId, $chaoshidingdan_qx_id)) {
$this->setPreProcessOrderChecker(true);
}
$kehuyonghu = TpmKehuYonghuPeer::retrieveByPK($this->_userId);
if ($kehuyonghu) {
$this->setData('kh_zizhuxiadan', $kehuyonghu->getKhZizhuxiadan());
}
}
/**
* 循环进行 do 的处理
*
*/
function dispatch()
{
/**
* 因为Tq是用Post传递参数过来的,所以不能用$_GET
*/
$do = empty($_REQUEST["do"]) ? "index" : trim($_REQUEST["do"]);
/**
* 这是为了兼容 do=xxx&action=yyy 的形式
*/
$a = empty($_REQUEST["action"]) ? "" : trim($_REQUEST["action"]);
if ($a) {
$do .= "_" . $a;
}
/**
* 获取view的type
*/
$v = empty($_REQUEST["v"]) ? "Html" : trim($_REQUEST["v"]);
//TQ任务LINK
//http://testtpm.transn.net/index.php?do=if_renwu_detail&sj_id=35c55571-80bb-c18b-6078-465a87c329bd&Username=dGVzdC1wcjE=&Password=MjAyY2I5NjJhYzU5MDc1Yjk2NGIwNzE1MmQyMzRiNzA=&pwdway=md5
/**
* 获取用户名和密码进行快速登录
*/
$accounts = '';
$pwd = '';
if (r('pwdway')) {
if (!Watt_Session::getSession()->getUserId()) {
//这个判断是为了不让TQ登录后,访问此链接时,冲掉session中[是否TQ]那个设置
$accounts = iconv('GB2312', 'UTF-8', base64_decode(str_replace(' ', '+', r("Username"))));
$pwd = iconv('GB2312', 'UTF-8', base64_decode(str_replace(' ', '+', r("Password"))));
}
} else {
//if( r( 'login' ) == 'ok' ){
if (r('login')) {
/**
* 这是为了兼容TQ的那个点击“查收我的订单”,导致Web重登录的问题。
* @author terry
* @version 0.1.0
* Thu Sep 06 16:44:53 CST 2007
*/
$accounts = '';
$pwd = '';
} else {
// if(r('yh_xiaoshou_id')){
// $wkh_id = r( "yh_waibukehu_id" );
// $yh_xiaoshou_id = r( "yh_xiaoshou_id" );
// $yh_xiaoshou_name = TpmYonghuPeer::getYhZhanghuByYhId($yh_xiaoshou_id);
// $nkh_id = TpmKehufromkehuPeer::getNkIdByWkId($wkh_id,$yh_xiaoshou_name);
// $accounts = TpmYonghuPeer::getYhZhanghuByYhId($nkh_id) ;
// $pwd = r( "user_pw" );
// if($pwd==''){
// $pwd = r('yh_xiaoshou_id');
// }
// }else{
$accounts = r("user_name");
$pwd = r("user_pw");
//}
}
}
//var_dump();
//exit;
if ($accounts && $pwd) {
$login_rev = 0;
$user = TpmYonghuPeer::checkUserLogin($accounts, $pwd, $login_rev);
if ($login_rev == TpmYonghuPeer::USER_LOGIN_OK) {
// 用户登陆成功后如果密码安全强度不够,跳转到修改密码页提示用户设置安全的密码
$pswdChecker = new Tpm_Passwordchecker($pwd);
$cfgLevel = Watt_Config::getCfg('PSWD_CHECK_LEVEL');
if ($cfgLevel == '') {
$cfgLevel = '0';
}
if ($pswdChecker->getSecurityLevel() < $cfgLevel) {
$_SESSION['LOW_PASSWORD'] = true;
// header('Location:?do=ps_yonghu_changepwd&nosecurity=true');
// exit;
}
Watt_Log::addLog('Login ok, accounts[' . $accounts . '],[' . session_name() . '=' . session_id() . ']', Watt_Log::LEVEL_INFO, 'LOGIN_WEB_DIRECT_LOGIN');
} else {
if ($login_rev == TpmYonghuPeer::USER_LOGIN_SHOUQUANOK) {
//授权密码登录 jute 20071220
Watt_Log::addLog('Authorizepwd Login ok, accounts[' . $accounts . ']', Watt_Log::LEVEL_INFO, 'LOGIN_WEB_DIRECT_LOGIN');
}
}
}
//如密码强度不够, 强制修改密码
$superDoList = array('ps_yonghu_changepwd', 'login_logout', '');
// 数组中的Action不在强制之列
if (@$_SESSION['LOW_PASSWORD'] && !in_array($do, $superDoList)) {
header('Location:?do=ps_yonghu_changepwd&nosecurity=true');
exit;
}
/**
* 除了译员和客户,只能从内部登录
* @author terry
* @version 0.1.0
* Mon Mar 31 23:24:00 CST 2008
*/
if (Watt_Session::getSession()->getUserName()) {
if (!Watt_Util_Net::isLANIp($_SERVER['REMOTE_ADDR']) && r('do') != 'main_home') {
if (!(Watt_Session::getSession()->getYhShifouWaibuDenglu() || Watt_Session::getSession()->getJsShifouWaibuDenglu())) {
echo '您没有外部访问权限,请联系企业管理员开通';
Watt_Session::getSession()->clearUserSessionInfo();
exit;
}
}
}
$i = $this->_maxToDo;
while ($do != "" && $i-- > 0) {
$do = $this->processDo($do, $v);
}
//如果是渠道代理商客户,传神客户,客户则记录日志 2007-7-9 john
if (Watt_Session::getSession()->getRoleShortname() == "QDKH" || Watt_Session::getSession()->getRoleShortname() == "CSKH" || Watt_Session::getSession()->getRoleShortname() == "CR") {
$accessLoger = new Watt_Log_Db('tpm_rizhi_fangwen');
$accessLoger->log("", 0, $_REQUEST["do"]);
}
}
