/**
* 初始化
*/
public function init()
{
parent::init();
$this->topic = new TopicModel();
$this->referer = isset($_SERVER["HTTP_REFERER"]) ? str_replace('http://' . $_SERVER['HTTP_HOST'], '', $_SERVER["HTTP_REFERER"]) : '/admin/index/index';
//设置白名单(在白名单内不需要tid,否则需要提供tid
//这样可以避免在专题相关的控制器和方法中再次判断 用户对专题权限
$url_arr = array("/admin/topic/index", "/admin/topic/index/", "/admin/topicdata/index", "/admin/topicdata/index/", "/admin/topic/add/", "/admin/topic/add", "/admin/topicdata/trashindex", "/admin/topicdata/trashindex/");
if (!in_array($_SERVER['REQUEST_URI'], $url_arr)) {
$tid = $this->getRequest()->getQuery("tid");
//如果不存在tid 非法请求
if (!$tid) {
Alert::danger("非法请求");
Yaf_Controller_Abstract::redirect("/admin/topic/index/");
exit;
}
//根据tid查询当前用户是否是管理员或者是该专题的所有者,如果不是则提示权限不足
if (!$this->checkrole($tid)) {
Alert::danger("权限不足");
Yaf_Controller_Abstract::redirect("/admin/topic/index/");
exit;
}
}
//判断是否是管理员 并赋值给模板
$this->getView()->assign("is_admin", $this->is_admin());
}
/**
* 将专题文章导出为excel表格
*/
public function export2excelAction()
{
$data = [];
$where = '';
$startTime = $this->getRequest()->getQuery('starttime') ? $this->getRequest()->getQuery('starttime') : date('Ymd', time());
$endTime = $this->getRequest()->getQuery('endtime') ? $this->getRequest()->getQuery('endtime') : date('Ymd', time());
if (!$this->is_admin()) {
$where .= "userid=" . $this->_user['uid'];
$where .= " AND status=1";
} else {
$where .= " status=1";
}
if ((int) $this->getRequest()->getQuery('tid')) {
$tid = (int) $this->getRequest()->getQuery('tid');
$data['topic_name'] = $this->topic->get('topic', 'topic_name', ['topic_id' => $tid]);
$where .= " AND tid= '{$tid}'";
} else {
Alert::danger("参数错误");
Yaf_Controller_Abstract::redirect($this->referer);
exit;
}
if ($this->getRequest()->getPost('sid')) {
$where .= " AND sid=" . $this->getRequest()->getPost('sid');
$this->getView()->assign('sid', $this->getRequest()->getPost('sid'));
} elseif ($this->getRequest()->getQuery('sid')) {
$where .= " AND sid=" . $this->getRequest()->getQuery('sid');
$this->getView()->assign('sid', $this->getRequest()->getQuery('sid'));
}
//判断是否有搜索条件
if ($this->getRequest()->getPost('id', 0)) {
$where .= " AND id=" . $this->getRequest()->getPost('id');
$this->getView()->assign('id', $this->getRequest()->getPost('id'));
}
if ($this->getRequest()->getPost('title', 0)) {
$where .= " AND title LIKE '%" . $this->getRequest()->getPost('title');
$where .= "%'";
$this->getView()->assign('title', $this->getRequest()->getPost('title'));
}
if ($startTime && $endTime) {
$startTime = strtotime($startTime . '000000');
$endTime = strtotime($endTime . '235959');
if ($startTime < $endTime) {
$where .= " AND (inputtime BETWEEN '{$startTime}' AND '{$endTime}')";
} else {
Alert::danger("参数错误");
Yaf_Controller_Abstract::redirect($this->referer);
exit;
}
} else {
Alert::danger("参数错误");
Yaf_Controller_Abstract::redirect($this->referer);
exit;
}
$where2 = $where;
$where .= " ORDER BY id ASC";
$sql = "SELECT id,title,tid,sid,userid,username,status,inputtime FROM topic_data WHERE {$where}";
//echo $sql;
$data['data'] = $this->topic->query($sql);
//获取专题path
foreach ($data['data'] as $k => $v) {
$data['data'][$k]['topic_path'] = $this->topic->get("topic", "topic_path", ["topic_id" => $v['tid'], "LIMIT" => 1]);
}
unset($where);
//获取当期用户所有的栏目
if (!$this->is_admin()) {
$where['userid'] = $this->_user['uid'];
}
$where['ORDER'] = ["parent_id ASC", "id ASC"];
$subclass_list = $this->topic->select('topic_subclass', ['id', 'title', 'path'], $where);
foreach ($subclass_list as $k => $v) {
$subclass[$v['id']] = $v;
}
$this->getView()->assign('subclass', $subclass);
$this->getView()->assign('subclass_list', $subclass_list);
$this->getView()->assign('data', $data);
}
/**
* 编辑角色
* @param void
* @return void
*/
public function editAction()
{
$role_detail = array();
//角色ID
$role_id = intval($this->getRequest()->getPost("rid", 0));
if (!$role_id) {
Yaf_Controller_Abstract::redirect("/admin/role/index/");
exit;
}
$role_detail['role_id'] = $role_id;
//角色名
$name = trim($this->getRequest()->getPost('name', 0));
if (!$name) {
Yaf_Controller_Abstract::redirect("/admin/role/add?id=" . $role_id);
exit;
}
$role_detail['role_name'] = $name;
//角色状态
$status = intval($this->getRequest()->getPost('status', 0));
$role_detail['is_forbid'] = $status;
//角色描述
$description = trim($this->getRequest()->getPost('description', 0));
if (!$description) {
Yaf_Controller_Abstract::redirect('/admin/role/add?id=' . $role_id);
exit;
}
$role_detail['role_description'] = $description;
//添加时间
$role_detail['add_time'] = date('Y-m-d H:i:s');
$result = $this->db_role->modify_role($role_detail);
if (!$result) {
Yaf_Controller_Abstract::redirect("/admin/role/add?id=" . $role_id);
exit;
} else {
echo "<script>alert('保存成功');location.href='/admin/role/index/'</script>";
}
exit;
}
/**
* 删除栏目
* @param void
* @return void
*/
function deleteAction()
{
//接收参数
$category_id = (int) $_GET['cid'];
//暂不考虑管理员权限
if ($category_id) {
$result = $this->category->delete_category($category_id);
if (!$result) {
Alert::danger('删除失败');
Yaf_Controller_Abstract::redirect("/admin/category/index/");
} else {
Alert::success('删除成功');
Yaf_Controller_Abstract::redirect("/admin/category/index/");
}
} else {
Yaf_Controller_Abstract::redirect("/admin/category/index/");
}
exit;
}
/**
* 编辑页面
* @author zhangteng
*/
public function updateAction()
{
$data = [];
//如果有数据提交就插入数据库
if ($this->getRequest()->isPost()) {
$id = intval($this->getRequest()->getPost('id'));
$page['description'] = trim($this->getRequest()->getPost('desc'));
$page['keywords'] = trim($this->getRequest()->getPost('keywords'));
$page['replace_words'] = trim($this->getRequest()->getPost('replace'));
$ret = $this->Keyword->replace_keywords_update($id, $page);
//更新成功页面跳转
if ($ret !== false) {
$referer = $this->redirect($this->getRequest()->getPost('referer'));
Alert::success("更新成功");
Yaf_Controller_Abstract::redirect("/admin/replace/index");
exit;
}
} else {
//展示编辑页面
$data['referer'] = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '/admin/keyword/index';
$id = intval($this->getRequest()->getQuery('id'));
//根据id取数据并展示在页面上
if ($page = $this->Keyword->get_article_Keywords($id)) {
$this->getView()->assign('id', $id);
$this->getView()->assign('data', $data);
$this->getView()->assign('page', $page);
} else {
//失败跳回上一页
Yaf_Controller_Abstract::redirect("/admin/replace/index");
}
}
}
/**
* 初始化
* @param void
* @return void
*/
protected function init()
{
//获取配置信息
$this->config = Yaf_Application::app()->getConfig();
//缓存信息
$this->redis = Yaf_Registry::get('redis');
$this->memcache = Yaf_Registry::get('memcache');
//cookie信息
$this->cookie = array('cookie_pre' => Yaf_Registry::get('config')->get('cookie')->pre, 'cookie_path' => Yaf_Registry::get('config')->get('cookie')->path, 'cookie_domain' => Yaf_Registry::get('config')->get('cookie')->domain);
//用户模型初始化
$this->db_user = new UserModel();
$this->db_menu = new MenuModel();
$this->db_privilege = new PrivilegeModel();
//检查终端cookie
if (isset($_COOKIE[$this->cookie['cookie_pre'] . 'user_auth']) && $_COOKIE[$this->cookie['cookie_pre'] . 'user_auth']) {
$user_auth_cleartext = core::authcode($_COOKIE[$this->cookie['cookie_pre'] . 'user_auth'], 'DECODE');
list($this->_user['uid'], $this->_user['username'], $this->_user['roleid']) = explode('\\t', $user_auth_cleartext);
}
//路由地址
$request_info = Yaf_Controller_Abstract::getRequest();
$request_info = get_object_vars($request_info);
//登陆状态
if (intval($this->_user['uid'])) {
if (strtolower($request_info['module']) == 'admin' && strtolower($request_info['controller']) == 'user' && strtolower($request_info['action']) == 'login') {
Yaf_Controller_Abstract::redirect("/admin/index/index/");
}
$this->getView()->assign('user_profile', $this->_user);
//权限控制
if ($this->_user['roleid'] == 1) {
//超级管理员,权限无限制
} else {
session_start();
if (!(isset($_SESSION['cms']['privilege_allowed_url']) && count($_SESSION['cms']['privilege_allowed_url']))) {
//获取授权的url
$privilege_list = (array) $this->db_privilege->get_role_privilege_list($this->_user['roleid']);
//权限map
$privilege_id_list = array();
foreach ($privilege_list as $key => $value) {
$privilege_id_list[] = $value['privilege_id'];
}
$privilege_map_list_result = $this->db_privilege->get_privilege_detail($privilege_id_list);
$privilege_map_list = array();
foreach ($privilege_map_list_result as $key => $value) {
$privilege_map_list[$value['privilege_id']]['url'] = $value['url'];
$privilege_map_list[$value['privilege_id']]['page_url'] = $value['page_url'];
}
//格式化url列表
$allowed_url = array();
$allowed_page = array();
foreach ($privilege_list as $key => $value) {
$allowed_url[] = $privilege_map_list[$value['privilege_id']]['url'];
if ($privilege_map_list[$value['privilege_id']]['page_url']) {
$allowed_page[] = $privilege_map_list[$value['privilege_id']]['page_url'];
}
}
$allowed_url[] = "/admin/index/index";
$this->_user['privilege_list'] = $_SESSION['cms']['privilege_allowed_url'] = $allowed_url;
$this->_user['privilege_page_list'] = $_SESSION['cms']['privilege_allowed_page'] = $allowed_page;
} else {
$this->_user['privilege_page_list'] = $_SESSION['cms']['privilege_allowed_page'];
$this->_user['privilege_list'] = $_SESSION['cms']['privilege_allowed_url'];
}
//不检查的动作列表
$privilege_not_check_list = array('/admin/user/deallogout');
//不检查的页面列表
$page_not_check_list = array('/admin/index/index');
//检查授权
$current_url = '/' . strtolower($request_info['module']) . '/' . strtolower($request_info['controller']) . '/' . strtolower($request_info['action']);
if (in_array($current_url, $privilege_not_check_list) or in_array($current_url, $page_not_check_list)) {
//过滤不检查的动作 和 页面
} else {
if (!in_array($current_url, array_merge($this->_user['privilege_list'], $this->_user['privilege_page_list']))) {
$referer = $_SERVER['HTTP_REFERER'];
echo "<script>alert('权限不足,操作失败,若操作,请联系管理员');location.href='{$referer}'</script>";
exit;
}
}
}
} else {
//访问控制
$allowed_controller = array('user');
$allowed_action = array('login', 'deallogin', 'logout', 'code', 'forgetpassword', 'dealforgetpassword', 'resetpassword', 'getcode');
if (!(in_array(strtolower($request_info['controller']), $allowed_controller) && in_array(strtolower($request_info['action']), $allowed_action))) {
//redirect到登陆页
Yaf_Controller_Abstract::redirect('/admin/user/login');
}
}
// var_dump($current_privilege_list,$current_menu_list,$current_menu_id);die;
//菜单信息
$menu_list = array();
$top_menu = array();
$menu_list = $this->db_menu->get_menu_list();
//格式化菜单
$menu_format = array();
foreach ($menu_list as $key => $value) {
if (!$value['parent_id']) {
$top_menu[] = $value;
}
}
foreach ($top_menu as $key => $value) {
$parent_id = $value['menu_id'];
$tmp_arr1 = array();
foreach ($menu_list as $k => $v) {
if ($v['parent_id'] == $parent_id && in_array($v['url'], array_merge($this->_user['privilege_list'], $this->_user['privilege_page_list'])) || $v['parent_id'] == $parent_id && $this->_user['roleid'] == 1) {
$tmp_arr1[] = $v;
unset($menu_list[$k]);
}
}
// a 2 2 5var_dump(array_merge($this->_user['privilege_list'], $this->_user['privilege_page_list']));
$tmp_arr2['top'] = $value;
$tmp_arr2['child'] = $tmp_arr1;
if ($this->_user['roleid'] != 1 && count($tmp_arr2['child']) == 0) {
unset($tmp_arr2);
continue;
}
$menu_format[] = $tmp_arr2;
}
$this->getView()->assign('menu_list', $menu_format);
}
/**
* 编辑页面
* @author zhangteng
*/
public function dateAction()
{
$data = [];
$id = intval($this->getRequest()->getQuery('id'));
//展示栏目分类
$this->getView()->assign('categorys', $this->category->categoryList(NULL, 0, 50, 'orderid', ['catid', 'catname']));
//如果有数据提交就插入数据库
if ($this->getRequest()->isPost()) {
$id = intval($this->getRequest()->getPost('id'));
$page['title'] = $this->getRequest()->getPost('title');
$page['catid'] = intval($this->getRequest()->getPost('catid'));
$page['description'] = $this->getRequest()->getPost('desc');
$page['url'] = filter_var($this->getRequest()->getPost('url'), FILTER_VALIDATE_URL) ? $this->getRequest()->getPost('url') : '';
$page['updatetime'] = $_SERVER['REQUEST_TIME'];
$page['content'] = $this->getRequest()->getPost('content');
$ret = $this->page->page_update($id, $page);
//更新成功页面跳转
if ($ret) {
echo "<script>alert('更新成功');</script>";
$this->redirect($this->getRequest()->getPost('referer'));
}
} else {
//展示编辑页面
$data['referer'] = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '/admin/page/index';
//根据id取数据并展示在页面上
if ($page = $this->page->getPageById($id)) {
$data['page'] = $page;
$this->getView()->assign('data', $data);
} else {
//失败跳回上一页
Yaf_Controller_Abstract::redirect("/admin/page/index");
}
}
}
/**
*
* @param string $tpl the default tpl the controller used; this will be override to use the general admin layout
* @param array $parameters parameters of the view
*
* @return string the render layout including the page (component)
*/
protected function render($tpl, array $parameters = array())
{
if ($tpl == 'edit' || $tpl == 'confirm' || $tpl == 'logdetails') {
return parent::render($tpl, $parameters);
}
$tpl = 'index';
//check with active menu we are on
$parameters['active'] = $this->getRequest()->getActionName();
if ($this->getRequest()->getActionName() == "index") {
$parameters['active'] = "";
}
if ($this->getRequest()->getActionName() == "tabledate") {
$parameters['active'] = $this->_request->getParam("table");
}
$parameters['title'] = $this->title;
$parameters['baseUrl'] = $this->baseUrl;
return $this->getView()->render($tpl . ".phtml", $parameters);
}
public function articlesettingAction()
{
exit;
if ($this->getRequest()->getPost('dosubmit', 0)) {
$data = $this->getRequest()->getPost('config');
if ($data) {
foreach ($data as $key => $value) {
$this->db_config->update_option(['conf_value' => $value], ['conf_name' => $key]);
}
Alert::success("操作成功");
Yaf_Controller_Abstract::redirect($this->referer);
exit;
}
} else {
$data = $this->db_config->get_config();
$this->getView()->assign("data", $data);
}
}
/**
* 处理保存密码
* @param void
* @return void
*/
public function dealAddProtectAction()
{
$question = intval($this->getRequest()->getPost("question", 0));
$user_detail['question'] = $question;
$answer = trim($this->getRequest()->getPost('answer', 0));
$user_detail['answer'] = $answer;
if (!($question && $answer)) {
if (!$question && !$answer) {
} else {
Yaf_Controller_Abstract::redirect("/admin/user/setPasswordProtect");
exit;
}
}
$result = $this->user->update_admin_user($user_detail, $this->_user['uid']);
if ($result) {
echo "<script>alert('保存成功');location.href='/admin/user/setPasswordProtect'</script>";
} else {
Yaf_Controller_Abstract::redirect("/admin/user/setPasswordProtect");
exit;
}
exit;
}
/**
* 改变专题状态
*/
public function changeTopicStatusAction()
{
(int) ($topic_id = $this->getRequest()->getQuery('tid'));
$data['is_show'] = $this->getRequest()->getQuery('isshow');
if (!$topic_id) {
Alert::danger("非法请求");
Yaf_Controller_Abstract::redirect($this->referer);
exit;
}
//判断当前操作者是否具有权限
if (!$this->checkrole($topic_id)) {
Alert::danger("权限错误");
Yaf_Controller_Abstract::redirect($this->referer);
exit;
}
if ($this->topic->update('topic', $data, ['topic_id' => $topic_id])) {
Alert::success("操作成功");
Yaf_Controller_Abstract::redirect($this->referer);
} else {
Alert::danger("操作失败");
Yaf_Controller_Abstract::redirect($this->referer);
}
exit;
}
/**
* 改变子类的状态
*/
public function changeSubStatus()
{
$subclass_id = $this->getRequest()->getQuery('sid');
if (!$subclass_id) {
Alert::danger("非法请求");
Yaf_Controller_Abstract::redirect($this->referer);
exit;
}
//判断当前操作者是否具有权限
if (!$this->checkrole($subclass_id, "topic_subclass")) {
Alert::danger("权限出错");
Yaf_Controller_Abstract::redirect($this->referer);
exit;
}
$data['status'] = $this->getRequest()->getQuery('status');
if ($this->topic->update_subclass($subclass_id, $data)) {
Alert::success("权限出错");
} else {
Alert::danger("权限出错");
}
Yaf_Controller_Abstract::redirect("/admin/topicsubclass/index/");
exit;
}
public function editAction()
{
//判断是否添加
if (trim($this->getRequest()->getPost('document_submit', 0))) {
//获取数据
$document_id = trim($this->getRequest()->getPost('document_id', 0));
$pageId = $this->getRequest()->getPost('document_pageid', 0);
$table_name = $this->getRequest()->getPost('table_name', 0);
//**************依据模型处理与模型关联的数据表**********************
$docData = $this->getRequest()->getPost();
$document_catid = trim($this->getRequest()->getPost('document_catid', 0));
if (!$document_catid) {
echo '<script>alert("请选择正确的所属栏目!");window.history.go(-1);</script>';
exit;
}
$document_detail = (array) $this->db_category->get_category_detail($document_catid);
$modelid = $document_detail[0]['modelid'];
$where = array("AND" => array("status" => 1, "modelid" => $modelid));
//获取该模型的所有启用字段
$fields = $this->db_modelFields->get_column_by_where("field", $where);
//自动接收表单数据并过滤
foreach ($docData as $key => $val) {
if (in_array($key, $fields)) {
$data[$key] = trim($val);
}
}
if (in_array('updatetime', $fields)) {
$data['updatetime'] = $_SERVER['time'];
}
if (in_array('uid', $fields)) {
$data['uid'] = $this->_user['uid'];
}
if (in_array('thumb', $fields)) {
$fileInfo = $this->getRequest()->getFiles();
// var_dump($fileInfo);
$filename = image::safe_name($fileInfo['thumb']['name'], '/uploadfile/image/');
$data['thumb'] = image::thumb($fileInfo['thumb']['tmp_name'], '/uploadfile/image/' . $filename);
}
$data['catid'] = $document_catid;
// var_dump($data);die;
//判断数据是否正常
if (isset($data['title']) && empty($data['title'])) {
echo '<script>alert("请填写标题!");window.history.go(-1);</script>';
exit;
}
if (isset($data['content']) && empty($data['content'])) {
echo '<script>alert("请填写内容!");window.history.go(-1);</script>';
exit;
}
//将数据添加到表中
if ($table_name == 'news') {
$content = $data['content'];
unset($data['content']);
if ($this->db_document->document_update($document_id, $data, $table_name) && $this->db_document->document_update($document_id, array('content' => $content), 'news_data') || $this->db_document->document_update($document_id, $data, $table_name) || $this->db_document->document_update($document_id, array('content' => $content), 'news_data')) {
echo '<script>alert("操作成功");window.location.href="/admin/document/index?' . $pageId . '";</script>';
} else {
echo '<script>alert("操作失败");window.history.go(-1);</script>';
}
} else {
if ($id = $this->db_document->document_update($document_id, $data, $table_name)) {
echo '<script>alert("操作成功");window.location.href="/admin/document/index?' . $pageId . '";</script>';
} else {
echo '<script>alert("操作失败");window.history.go(-1);</script>';
}
}
exit;
} else {
Yaf_Controller_Abstract::redirect("/admin/document/index");
exit;
}
}
/**
* 给角色添加权限
* @param void
* @return void
*/
public function addPrivilegeForRoleAction()
{
$role_id = intval($this->getRequest()->getPost("role_id", 0));
if (!$role_id) {
Yaf_Controller_Abstract::redirect("/admin/role/index/");
}
$privilege_list = $this->getRequest()->getPost('privilege_item', 0);
if (!(isset($privilege_list) && count($privilege_list))) {
Yaf_Controller_Abstract::redirect("/admin/privilege/index?rid=" . $role_id);
}
//先清空该角色所有权限
$this->db_privilege->delete_privilege_for_role($role_id);
$result = $this->db_privilege->add_privilege_for_role($role_id, $privilege_list);
if ((int) $result[0]) {
echo "<script>alert('保存成功');location.href='/admin/role/index/'</script>";
} else {
Yaf_Controller_Abstract::redirect("/admin/privilege/index?rid=" . $role_id);
}
exit;
}
