public function post($f3) { global $smarty; // 首先做参数合法性验证 $validator = new Validator($f3->get('POST')); $input = array(); $input['user_name'] = $validator->required('用户名不能为空')->validate('user_name'); $input['password'] = $validator->required('密码不能为空')->validate('password'); $p_captcha = $validator->required('验证码不能为空')->validate('captcha'); if (!$this->validate($validator)) { goto out_fail; } // 检查验证码是否有效 $captchaController = new \Controller\Image\Captcha(); if (!$captchaController->validateCaptcha($p_captcha)) { $this->addFlashMessage("验证码错误"); goto out_fail; } $adminService = new AdminUserService(); // 验证用户登陆 $admin = $adminService->doAuthAdmin($input['user_name'], $input['user_name'], $input['password']); if (!$admin) { $this->addFlashMessage("登陆失败,用户名、密码错误"); goto out_fail; } // 记录用户的登陆信息 $adminUserInfo = $admin->toArray(); unset($adminUserInfo['password']); // 不要记录密码 // 取得用户的角色权限 $adminUserInfo['role_action_list'] = ''; if ($adminUserInfo['role_id'] > 0) { $metaRoleService = new MetaRoleService(); $role = $metaRoleService->loadRoleById($adminUserInfo['role_id']); if (!$role->isEmpty()) { // 赋值角色权限 $adminUserInfo['role_action_list'] = $role['meta_data']; } } AuthHelper::saveAuthUser($adminUserInfo); try { // 记录用户登录日志 AdminLog::logAdminOperate('user.login', '用户登录', 'IP:' . $f3->get('IP')); } catch (\Exception $e) { // do nothing } $this->addFlashMessage("登陆成功"); // 跳转到用户之前看的页面,如果之前没有看过的页面那就回到首页 RouteHelper::jumpBack($this, '/', true); return; // 这里正常返回 out_fail: // 失败从这里入口 $smarty->display('user_login.tpl', 'User|Login|post'); }
/** * 判断当前用户是否有某个权限 * * @param string $needPrivilege * * @return bool */ protected function hasPrivilege($needPrivilege) { $authAdminUser = AuthHelper::getAuthUser(); if (empty($authAdminUser)) { goto out_fail; } // 检查权限 if (!AdminUserService::verifyPrivilege($needPrivilege, $authAdminUser['action_list'] . ',' . $authAdminUser['role_action_list'])) { goto out_fail; } return true; out_fail: return false; }
/** * 判断用户是否有某种权限 * * @param $params * @param $content * @param Smarty_Internal_Template $template * @param $repeat */ function smarty_helper_block_verify_privilege($params, $content, Smarty_Internal_Template $template, &$repeat) { if ($repeat) { return ''; } if (array_key_exists('privilege', $params) && !empty($params['privilege'])) { $authAdminUser = AuthHelper::getAuthUser(); if (empty($authAdminUser)) { return ''; } // 检查权限 if (!AdminUserService::verifyPrivilege($params['privilege'], $authAdminUser['action_list'] . ',' . $authAdminUser['role_action_list'])) { return ''; } return $content; // 成功从这里返回 } }
public function post($f3) { // 权限检查 $this->requirePrivilege('manage_goods_edit_edit_post'); global $smarty; $isCreateGoods = false; // 是否是创建新商品 // 参数验证 $validator = new Validator($f3->get('GET')); $goods_id = $validator->digits()->filter('ValidatorIntValue')->validate('goods_id'); if (!$this->validate($validator)) { goto out_fail_list_goods; } unset($validator); // 用户提交的商品信息做验证 $goods = $f3->get('POST[goods]'); if (empty($goods)) { goto out_fail_validate; } $validator = new Validator($goods); $goodsInfo = array(); //表单数据验证、过滤 $goodsInfo['goods_name'] = $validator->required('商品名不能为空')->validate('goods_name'); $goodsInfo['goods_name_short'] = $validator->required('商品短标题不能为空')->validate('goods_name_short'); $goodsInfo['keywords'] = $validator->validate('keywords'); $goodsInfo['seo_title'] = $validator->validate('seo_title'); $goodsInfo['seo_keyword'] = $validator->validate('seo_keyword'); $goodsInfo['seo_description'] = $validator->validate('seo_description'); $goodsInfo['goods_sn'] = $validator->validate('goods_sn'); $goodsInfo['warehouse'] = $validator->validate('warehouse'); $goodsInfo['shelf'] = $validator->validate('shelf'); $goodsInfo['cat_id'] = $validator->required('商品分类不能为空')->filter('ValidatorIntValue')->validate('cat_id'); // 记录管理员 $authAdminUser = AuthHelper::getAuthUser(); $goodsInfo['admin_user_id'] = $validator->filter('ValidatorIntValue')->validate('admin_user_id'); // 如果没有选择管理员,就用当前管理员 if (empty($goodsInfo['admin_user_id'])) { $goodsInfo['admin_user_id'] = $authAdminUser['user_id']; $goodsInfo['admin_user_name'] = $authAdminUser['user_name']; } else { $adminUserService = new AdminUserService(); $adminUser = $adminUserService->loadAdminById($goodsInfo['admin_user_id']); if ($adminUser->isEmpty()) { $this->addFlashMessage('管理员[' . $goodsInfo['admin_user_id'] . ']不存在'); goto out_fail_validate; } $goodsInfo['admin_user_name'] = $adminUser['user_name']; unset($adminUser); unset($adminUserService); } $goodsInfo['brand_id'] = $validator->filter('ValidatorIntValue')->validate('brand_id'); $goodsInfo['suppliers_id'] = $validator->required('供货商不能为空')->filter('ValidatorIntValue')->validate('suppliers_id'); $goodsInfo['is_alone_sale'] = $validator->filter('ValidatorIntValue')->validate('is_alone_sale'); $goodsInfo['is_best'] = $validator->filter('ValidatorIntValue')->validate('is_best'); $goodsInfo['is_new'] = $validator->filter('ValidatorIntValue')->validate('is_new'); $goodsInfo['is_hot'] = $validator->filter('ValidatorIntValue')->validate('is_hot'); $goodsInfo['is_on_sale'] = $validator->filter('ValidatorIntValue')->validate('is_on_sale'); $goodsInfo['market_price'] = Money::toStorage($validator->validate('market_price')); $goodsInfo['shop_price'] = Money::toStorage($validator->validate('shop_price')); $goodsInfo['shipping_fee'] = Money::toStorage($validator->validate('shipping_fee')); $goodsInfo['shipping_free_number'] = $validator->validate('shipping_free_number'); $goodsInfo['goods_number'] = abs($validator->filter('ValidatorIntValue')->validate('goods_number')); $goodsInfo['virtual_buy_number'] = $validator->filter('ValidatorIntValue')->validate('virtual_buy_number'); $goodsInfo['suppliers_price'] = Money::toStorage($validator->validate('suppliers_price')); $goodsInfo['suppliers_shipping_fee'] = Money::toStorage($validator->validate('suppliers_shipping_fee')); $goodsInfo['sort_order'] = $validator->validate('sort_order'); $goodsInfo['warn_number'] = $validator->filter('ValidatorIntValue')->validate('warn_number'); $goodsInfo['goods_brief'] = @$goods['goods_brief']; //不需要过滤 html $goodsInfo['goods_notice'] = @$goods['goods_notice']; //不需要过滤 html $goodsInfo['goods_after_service'] = @$goods['goods_after_service']; //不需要过滤 html $goodsInfo['seller_note'] = $validator->validate('seller_note'); $goodsInfo['system_tag_list'] = Utils::makeTagString(@$goods['system_tag_list']); // 生成系统的 tag string $goodsInfo['update_time'] = Time::gmTime(); // 商品的更新时间 $goodsInfo['goods_desc'] = @$goods['goods_desc']; //不需要过滤 html if (!$this->validate($validator)) { goto out_fail_validate; } // 某些时候,我们不允许编辑直接粘贴别人网站的图片上来,所以我们需要过滤图片的域名 $goodsDescAllowImageDomainArray = $f3->get('sysConfig[goods_desc_allow_image_domain_array]'); if ($goodsDescAllowImageDomainArray && is_array($goodsDescAllowImageDomainArray) && !empty($goodsDescAllowImageDomainArray)) { $patternMatch = array(); preg_match_all('/<img(.*?)src="(.*?)"(.*?)\\/?>/', $goodsInfo['goods_desc'], $patternMatch, PREG_SET_ORDER); // 检查每一个图片 foreach ($patternMatch as $matchItem) { $imageUrl = $matchItem[2]; $urlInfo = parse_url($imageUrl); if (!in_array(@$urlInfo['host'], $goodsDescAllowImageDomainArray)) { $this->addFlashMessage('商品详情非法图片 ' . $imageUrl); goto out_fail_validate; } } } // 写入到数据库 unset($goods); $goodsBasicService = new GoodsBasicService(); $goods = $goodsBasicService->loadGoodsById($goods_id); // 判断是否是新建商品 $isCreateGoods = $goods->isEmpty(); if ($isCreateGoods) { // 权限检查 $this->requirePrivilege('manage_goods_create'); $goodsInfo['add_time'] = Time::gmTime(); } $post_goods_sn = $validator->validate('goods_sn'); if ($isCreateGoods && !Utils::isBlank($post_goods_sn)) { $goodsInfo['goods_sn'] = $post_goods_sn; } $goods->copyFrom($goodsInfo); $goods->save(); // 新商品需要自动生成 goods_sn if ($isCreateGoods && Utils::isBlank($post_goods_sn)) { $goods->goods_sn = $f3->get('sysConfig[goods_sn_prefix]') . $goods['goods_id']; $goods->save(); } // 取得供货商信息 $supplierName = ''; if (!empty($goods['suppliers_id'])) { $supplierUserService = new SupplierUserService(); $supplierInfo = $supplierUserService->loadSupplierById($goods['suppliers_id']); if (!$supplierInfo->isEmpty()) { $supplierName = $supplierInfo['suppliers_name']; } } // 记录商品编辑日志 $goodsLogContent = '商品编辑:[' . $goods['admin_user_id'] . ']' . $goods['admin_user_name'] . "\n" . '上架状态:' . ($goods['is_on_sale'] > 0 ? '已上架' : '未上架') . "\n" . '销售价:' . Money::toSmartyDisplay($goods['shop_price']) . ' 供货价:' . Money::toSmartyDisplay($goods['suppliers_price']) . "\n" . '快递费:' . Money::toSmartyDisplay($goods['shipping_fee']) . ' 供货快递费:' . Money::toSmartyDisplay($goods['suppliers_shipping_fee']) . "\n" . ($goods['shipping_free_number'] > 0 ? '' . $goods['shipping_free_number'] . "件免邮\n" : '') . '商品排序:' . $goods['sort_order'] . "\n" . '系统Tag:' . $goods['system_tag_list'] . "\n" . '供货商:[' . $goods['suppliers_id'] . ']' . $supplierName; $goodsLogService = new GoodsLogService(); $goodsLogService->addGoodsLog($goods['goods_id'], $authAdminUser['user_id'], $authAdminUser['user_name'], $isCreateGoods ? '新建商品' : static::$goodsLogDesc, $goodsLogContent); // 成功,显示商品详情 $this->addFlashMessage('商品信息保存成功'); //清除缓存,确保商品显示正确 ClearHelper::clearGoodsCacheById($goods->goods_id); RouteHelper::reRoute($this, RouteHelper::makeUrl('/Goods/Edit/Edit', array('goods_id' => $goods->goods_id), true)); return; // 参数验证失败 out_fail_validate: if (!$goods_id) { // 新建商品验证失败 RouteHelper::reRoute($this, '/Goods/Create'); return; } $smarty->assign('goods', $goodsInfo); $smarty->display('goods_edit_edit.tpl'); return; out_fail_list_goods: RouteHelper::reRoute($this, '/Goods/Search'); }
/** * 管理员权限管理 * * @param $f3 */ public function Privilege($f3) { // 权限检查 $this->requirePrivilege('manage_account_admin_privilege_get'); global $smarty; // 参数验证 $validator = new Validator($f3->get('GET')); $user_id = $validator->required()->digits()->min(1)->validate('user_id'); if (!$this->validate($validator)) { goto out_fail; } // 查询管理员信息 $adminUserService = new AdminUserService(); $adminUser = $adminUserService->loadAdminById($user_id); if ($adminUser->isEmpty()) { // 不存在的管理员 $this->addFlashMessage('管理员不存在'); goto out_fail; } else { if (AdminUserService::verifyPrivilege(AdminUserService::privilegeAll, $adminUser['action_list'])) { // 拥有最高权限的管理员只有他自己能编辑自己 $authAdminUser = AuthHelper::getAuthUser(); if ($authAdminUser['user_id'] != $adminUser['user_id']) { $this->addFlashMessage('超级管理员只有他自己能操作自己的信息'); RouteHelper::reRoute($this, '/Account/Admin/ListUser'); } } } if (!Request::isRequestPost()) { // 没有 post ,只是普通的显示 goto out_display; } // 权限检查 $this->requirePrivilege('manage_account_admin_privilege_post'); $action_list_str = ''; $actionCodeArray = $f3->get('POST[action_code]'); if (empty($actionCodeArray)) { // 清空了所有权限 $action_list_str = ''; goto update_privilege; } if (in_array(AdminUserService::privilegeAll, $actionCodeArray)) { // 权限检查,只有自身拥有 privilegeAll 权限的人才能给别人授权 privilegeAll $this->requirePrivilege(AdminUserService::privilegeAll); // 用户有所有的权限 $action_list_str = AdminUserService::privilegeAll; goto update_privilege; } // 生成权限字符串 $action_list_str = implode(',', $actionCodeArray); update_privilege: $adminUser->role_id = $f3->get('POST[role_id]'); $adminUser->action_list = $action_list_str; $adminUser->save(); $this->addFlashMessage('管理员权限保存成功'); out_display: $smarty->assign($adminUser->toArray()); // 取得权限显示列表 $metaPrivilegeService = new MetaPrivilegeService(); $smarty->assign('privilegeArray', $metaPrivilegeService->fetchPrivilegeArray()); $smarty->display('account_admin_privilege.tpl'); return; // 正常从这里返回 out_fail: // 失败,返回管理员列表 RouteHelper::reRoute($this, RouteHelper::makeUrl('/Account/Admin/ListUser', array('user_id' => $user_id), true)); }
public function post($f3) { global $smarty; // 首先做参数合法性验证 $validator = new Validator($f3->get('POST')); $input = array(); $input['user_real_name'] = $validator->required('管理员名称不能为空')->validate('user_real_name'); $input['oldpassword'] = $validator->validate('oldpassword'); $input['password'] = $validator->validate('password'); $input['user_desc'] = $validator->validate('user_desc'); // 用户打算修改密码 if (!Utils::isBlank($input['password'])) { $validator->required('必须提供旧密码才能修改密码')->validate('oldpassword'); if ($f3->get('sysConfig[is_demo]')) { $this->addFlashMessage('演示系统不允许修改密码'); goto out; } } // 提供的旧密码,但是新密码为空 if (!Utils::isBlank($input['oldpassword'])) { $validator->required('新密码不能为空')->validate('password'); } if (!$this->validate($validator)) { goto out; } $authAdminUser = AuthHelper::getAuthUser(); $adminUserService = new AdminUserService(); // 验证用户登陆 $adminUser = $adminUserService->loadAdminById($authAdminUser['user_id']); if ($adminUser->isEmpty()) { $this->addFlashMessage("非法登陆用户"); RouteHelper::reRoute($this, '/User/Logout', false); } // 用户打算修改密码,但是旧密码不对 if (!empty($input['password']) && !$adminUserService->verifyPassword($authAdminUser['user_id'], $input['oldpassword'])) { $this->addFlashMessage('旧密码不对'); goto out; } // 更新数据 unset($input['oldpassword']); $adminUserService->updateAdmin($adminUser, $input); // 记录用户的登陆信息 $adminUserInfo = $adminUser->toArray(); unset($adminUserInfo['password']); // 不要记录密码 // 取得用户的角色权限 $adminUserInfo['role_action_list'] = ''; if ($adminUserInfo['role_id'] > 0) { $metaRoleService = new MetaRoleService(); $role = $metaRoleService->loadRoleById($adminUserInfo['role_id']); if (!$role->isEmpty()) { // 赋值角色权限 $adminUserInfo['role_action_list'] = $role['meta_data']; } } AuthHelper::saveAuthUser($adminUserInfo); $this->addFlashMessage("修改资料成功"); $smarty->assign($adminUserInfo); out: // 从这里出去 $smarty->display('my_profile.tpl'); }
public function post($f3) { // 首先做参数合法性验证 $validator = new Validator($f3->get('GET')); $order_id = $validator->required('订单ID非法')->digits('订单ID非法')->min(1, true, '订单ID非法')->validate('order_id'); if (!$this->validate($validator)) { goto out_fail; } $validator = new Validator($f3->get('POST')); $payGatewayType = $validator->required('必须选择一种支付方式')->validate('pay_gateway_type'); $surplus = Money::toStorage($validator->float('余额格式错误')->min(0, true, '余额格式错误')->validate('surplus')); $bonusSn = $validator->validate('bonus_sn'); // 客服信息 $orderInfoKefuInfo = array(); $orderInfoKefuInfo['kefu_user_id'] = abs(intval($validator->digits()->validate('kefu_user_id'))); $orderInfoKefuInfo['kefu_user_rate'] = abs(intval($validator->digits()->validate('kefu_user_rate'))); $orderInfoKefuInfo['kefu_user_comment'] = $validator->validate('kefu_user_comment'); if (!$this->validate($validator)) { goto out_fail; } // 取得用户信息 $userInfo = AuthHelper::getAuthUser(); $userBasicService = new UserBasicService(); $userInfo = $userBasicService->loadUserById($userInfo['user_id']); // 支付某一个特定的订单需要把订单加载到临时购物车里面 $orderBasicService = new OrderBasicService(); // 检查权限 $orderInfo = $orderBasicService->loadOrderInfoById($order_id); if ($orderInfo->isEmpty() || $userInfo['user_id'] != $orderInfo['user_id'] || OrderBasicService::OS_UNCONFIRMED != $orderInfo['order_status']) { $this->addFlashMessage('订单ID非法'); goto out_fail; } // 更新客服信息 if ($orderInfoKefuInfo['kefu_user_id'] > 0) { $adminUserService = new AdminUserService(); $adminUser = $adminUserService->loadAdminById($orderInfoKefuInfo['kefu_user_id']); if (!$adminUser->isEmpty()) { $orderInfoKefuInfo['kefu_user_name'] = $adminUser['user_name']; } else { $orderInfoKefuInfo['kefu_user_id'] = 0; $orderInfoKefuInfo['kefu_user_name'] = null; } unset($adminUser); unset($adminUserService); } else { $orderInfoKefuInfo['kefu_user_id'] = 0; $orderInfoKefuInfo['kefu_user_name'] = null; } $orderInfo->copyFrom($orderInfoKefuInfo); $orderInfo->save(); $cartBasicService = new CartBasicService(); // 加载订单到购物车里 if (!$cartBasicService->loadFromOrderInfo($order_id)) { $this->addFlashMessage('订单加载失败'); goto out_fail; } $cartContext =& $cartBasicService->getCartContextRef(); if ($cartContext->isEmpty()) { $this->addFlashMessage('订单为空,不能支付'); goto out_fail; } // 做第一次购物车计算,需要计算原始订单的金额,后面红包使用的时候有最低订单金额限制 $cartBasicService->calcOrderPrice(); if (!empty($surplus) || !empty($bonusSn)) { if (null != $surplus && $surplus > 0 && $surplus <= $userInfo['user_money']) { // 设置余额支付金额,余额不能超过用户已经有的钱 $cartContext->setValue('surplus', $surplus); } // 设置红包支付 if (!empty($bonusSn)) { $bonusService = new Bonus(); //检查红包是否可以使用 $bonus = $bonusService->fetchUsableBonusBySn($userInfo['user_id'], $cartContext->getValue('order_amount'), $bonusSn); if (empty($bonus)) { $this->addFlashMessage('红包' . $bonusSn . '不能使用'); goto out_fail; } // 设置红包的使用 $cartContext->setValue('bonus_id', $bonus['bonus_id']); $cartContext->setValue('bonus', $bonus['type_money']); } } // 做第二次购物车计算,需要计算使用了余额或者红包 $cartBasicService->calcOrderPayment(); // 更新订单信息 $orderInfo = $cartBasicService->saveOrder($userInfo['user_id'], '买家:' . $userInfo['user_name']); if (!$orderInfo || $orderInfo->isEmpty()) { //订单创建失败,报错 $this->addFlashMessage('更新订单信息失败,请联系客服'); goto out_my_order_detail; } // 如果购物车里面有错误消息,我们需要显示它 if ($cartContext->hasError()) { $this->addFlashMessageArray($cartContext->getAndClearErrorMessageArray()); goto out_my_order_cart; } // 如果订单金额为 0 ,使用 credit 支付网关 if ($orderInfo['order_amount'] <= 0) { $payGatewayType = 'credit'; } $order_id = $orderInfo['order_id']; // 解析参数,我们允许写成 tenpay_cmbchina 代表财付通、招商银行 $payGatewayParamArray = explode('_', $payGatewayType); // 获取支付网关 $payGateway = PaymentGatewayHelper::getPaymentGateway($payGatewayParamArray[0]); // 根据参数做初始化 if (!$payGateway->init($payGatewayParamArray)) { $this->addFlashMessage('支付网关' . $payGatewayType . '初始化失败'); goto out_my_order_detail; } $payRequestUrl = $payGateway->getRequestUrl($order_id, RouteHelper::makeUrl('/Payment/PaymentReturn/' . $payGateway->getGatewayType(), null, false, true), RouteHelper::makeUrl('/Payment/PaymentNotify/' . $payGateway->getGatewayType(), null, false, true)); //notifyUrl if (empty($payRequestUrl)) { $this->addFlashMessage('系统错误:无法生成支付链接'); goto out_my_order_detail; } // 记录支付日志 printLog('[orderId:' . $order_id . ']' . $payRequestUrl, 'PAYMENT', Base::INFO); // 跳转支付 RouteHelper::reRoute($this, $payRequestUrl); return; out_my_order_cart: //失败从这里退出 RouteHelper::reRoute($this, RouteHelper::makeUrl('/My/Order/Cart', array('order_id' => $order_id), true)); return; out_my_order_detail: //失败从这里退出 RouteHelper::reRoute($this, RouteHelper::makeUrl('/My/Order/Detail', array('order_id' => $order_id), true)); return; out_fail: //失败从这里退出 RouteHelper::reRoute($this, '/My/Order'); }