/** * 基类初始化操作 * @author Terry<*****@*****.**> * @date 2013-3-25 */ public function _initialize() { $langSet = C('DEFAULT_LANG'); // echo "<pre>";print_r(MODULE_NAME);exit; // 读取当前模块语言包 if (is_file(LANG_PATH . $langSet . '/' . MODULE_NAME . '.php')) { L(include LANG_PATH . $langSet . '/' . MODULE_NAME . '.php'); } //判断用户是否登陆 $this->doCheckLogin(); $bm = array(); $bm['url'] = MODULE_NAME; $bm['module'] = L(MODULE_NAME); $bm['action'] = L(MODULE_NAME . '_' . ACTION_NAME); $this->assign('breadcrumbs', $bm); import('ORG.Util.Session'); $this->assign("uid", session("admin")); $admin_access = D('Config')->getCfgByModule('ADMIN_ACCESS'); if (intval($admin_access['EXPIRED_TIME']) > 0 && Session::isExpired()) { unset($_SESSION[C('USER_AUTH_KEY')]); unset($_SESSION); session_destroy(); } if (intval($admin_access['EXPIRED_TIME']) > 0) { Session::setExpire(time() + $admin_access['EXPIRED_TIME'] * 60); } if (C('USER_AUTH_ON') && !in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE')))) { $rbac = new Arbac(); if (!$rbac->AccessDecision()) { //检查认证识别号 if (!$_SESSION[C('USER_AUTH_KEY')]) { //跳转到认证网关 redirect(PHP_FILE . C('USER_AUTH_GATEWAY')); } // 没有权限 抛出错误 if (C('RBAC_ERROR_PAGE')) { // 定义权限错误页面 redirect(C('RBAC_ERROR_PAGE')); } else { if (C('GUEST_AUTH_ON')) { $this->assign('jumpUrl', PHP_FILE . C('USER_AUTH_GATEWAY')); } // 提示错误信息 $this->error(L('_VALID_ACCESS_')); } } } $this->getTop(); $this->getMenus(); import('ORG.Util.Page'); }
/** * 基类初始化操作 * @author Terry<*****@*****.**> * @date 2013-3-25 */ public function _initialize() { $this->doCheckLogin(); $this->_name = $this->getActionName(); $langSet = C('DEFAULT_LANG'); //读取公共语言包 L(include LANG_PATH . $langSet . '/Common.php'); // 读取当前模块语言包 if (is_file(LANG_PATH . $langSet . '/' . MODULE_NAME . '.php')) { L(include LANG_PATH . $langSet . '/' . MODULE_NAME . '.php'); } //判断用户是否登陆 $ary_get = $this->_get(); $module = $ary_get['_URL_'][1] ? $ary_get['_URL_'][1] : "Index"; $action = $ary_get['_URL_'][2] ? $ary_get['_URL_'][2] : "index"; if (!empty($module) && !empty($action)) { $array_where = array(); $array_where['action'] = $action; $array_where['module'] = $module; $array_where['status'] = '1'; $array_where['is_show'] = '1'; $rolenode = D("RoleNode")->where($array_where)->order('sort asc')->find(); if (!empty($rolenode) && is_array($rolenode)) { $navid = $rolenode['nav_id']; } else { $node = D("RoleNode")->where(array('module' => $module, 'action' => array('NEQ', ''), 'status' => '1'))->order('sort asc')->find(); $navid = $node['nav_id']; $module = $node['module']; $action = $node['action']; } } $this->assign("modulename", $module); $this->assign("actionname", $action); $this->assign("navid", $navid); $navname = D("RoleNav")->where(array('id' => $navid))->find(); session("navname", $navname['name']); $rolenav = M('RoleNav')->field(C('DB_PREFIX') . 'role_nav.name,' . C('DB_PREFIX') . 'role_node.*')->join(C('DB_PREFIX') . 'role_node ON ' . C('DB_PREFIX') . 'role_nav.id = ' . C('DB_PREFIX') . 'role_node.`nav_id`')->where(C('DB_PREFIX') . 'role_nav.id = "' . $navid . '" AND ' . C('DB_PREFIX') . 'role_node.`action` = "' . $action . '" AND ' . C('DB_PREFIX') . 'role_node.`module` = "' . $module . '"')->find(); if (!empty($rolenav) && is_array($rolenav)) { cookie("menuid", $rolenav['id']); } import('ORG.Util.Session'); $this->assign("uid", session("admin")); $admin_access = D('Config')->getCfgByModule('ADMIN_ACCESS'); if (intval($admin_access['EXPIRED_TIME']) > 0 && Session::isExpired()) { unset($_SESSION[C('USER_AUTH_KEY')]); unset($_SESSION); session_destroy(); } if (intval($admin_access['EXPIRED_TIME']) > 0) { Session::setExpire(time() + $admin_access['EXPIRED_TIME'] * 60); } if (C('USER_AUTH_ON') && !in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE')))) { $rbac = new Arbac(); if (!$rbac->AccessDecision()) { //检查认证识别号 if (!$_SESSION[C('USER_AUTH_KEY')]) { //跳转到认证网关 redirect(PHP_FILE . C('USER_AUTH_GATEWAY')); } // 没有权限 抛出错误 if (C('RBAC_ERROR_PAGE')) { // 定义权限错误页面 redirect(C('RBAC_ERROR_PAGE')); } else { if (C('GUEST_AUTH_ON')) { $this->assign('jumpUrl', PHP_FILE . C('USER_AUTH_GATEWAY')); } // 提示错误信息 $this->error(L('_VALID_ACCESS_')); } } } $this->getTop(); $this->getMenus($navid); $this->_Breadcrumb($navid); import('ORG.Util.Page'); import('ORG.Util.Tree'); import('ORG.Util.Dir'); }
/** * 用户登陆操作 * @author Terry <*****@*****.**> * @date 2013-3-23 */ public function doLogin() { $ary_post = $this->_post(); $code = D('Config')->getCfgByModule('CODE_SET'); if (empty($ary_post['username'])) { $this->error(L('PlEASE_USERNAME')); } else { if (empty($ary_post['passwd'])) { $this->error(L('PlEASE_PASSWD')); } } if (!empty($code['BALOGIN']) && $code['BALOGIN'] == '1') { if (empty($ary_post['code']) || trim($ary_post['code']) == "验证码") { $this->error(L('PlEASE_CODE')); } } //生成认证条件 $map = array(); // 支持使用绑定帐号登录 $map['u_name'] = $ary_post['username']; $map["u_status"] = array('gt', 0); $verify = session("code"); if (!empty($code['BALOGIN']) && $code['BALOGIN'] == '1') { if ($verify != md5($ary_post['code'])) { $this->error(L('CODE_ERROR')); } } $admin_access = D('Config')->getCfgByModule('ADMIN_ACCESS'); $exitTime = $admin_access['EXPIRED_TIME']; $rbac = new Arbac(); import('ORG.Util.Session'); $auth_info = $rbac->authenticate($map); if (empty($auth_info)) { $this->error(L('ACCOUNT_EXIT_DISABLED')); } else { if ($auth_info['u_passwd'] != md5($ary_post['passwd'])) { $this->error(L('PASSWD_ERROR')); } Session::setExpire(time() + $exitTime * 60); $_SESSION[C('USER_AUTH_KEY')] = $auth_info['u_id']; $_SESSION['admin_name'] = $auth_info['u_name']; $_SESSION['pic'] = $auth_info['u_photo']; $_SESSION['last_time'] = $auth_info['u_lastlogin_time']; $_SESSION['u_countlog'] = $auth_info['u_countlog']; if ($auth_info['u_name'] == $admin_access['SYS_ADMIN']) { $_SESSION[C('ADMIN_AUTH_KEY')] = true; } //保存登录信息 $admin = M(C('USER_AUTH_MODEL')); $ip = get_client_ip(); $time = date("Y-m-d H:i:s"); $data = array(); $data['u_lastlogin_time'] = $time; $data['u_countlog'] = array('exp', 'u_countlog + 1'); $data['u_ip'] = $ip; $_SESSION['ip'] = $ip; $admin->where(array('u_name' => $ary_post['username']))->save($data); // 缓存访问权限 $rbac->saveAccessList(); $ary_data = array(); $admin_log = M("AdminLog"); $ary_data['u_id'] = $auth_info['u_id']; $ary_data['u_name'] = $auth_info['u_name']; $ary_data['log_ip'] = $ip; $ary_data['log_create'] = $time; $admin_log->add($ary_data); //将菜单控制台写入COOKIE $rolenav = M('RoleNav')->field('id')->where(array('name' => '控制台'))->find(); cookie("nav_id", $rolenav['id']); $this->success(L('LOGIN_SUCCESS')); } }
public static function AccessDecision($appName = APP_NAME) { //检查是否需要认证 if (Arbac::checkAccess()) { //存在认证识别号,则进行进一步的访问决策 $accessGuid = md5($appName . MODULE_NAME . ACTION_NAME); if (empty($_SESSION[C('ADMIN_AUTH_KEY')])) { if (C('USER_AUTH_TYPE') == 2) { //加强验证和即时验证模式 更加安全 后台权限修改可以即时生效 //通过数据库进行访问检查 $accessList = Arbac::getAccessList($_SESSION[C('USER_AUTH_KEY')]); $_SESSION['_ACCESS_LIST'] = $accessList; } else { // 如果是管理员或者当前操作已经认证过,无需再次认证 if ($_SESSION[$accessGuid]) { return true; } //登录验证模式,比较登录后保存的权限访问列表 $accessList = $_SESSION['_ACCESS_LIST']; } //判断是否为组件化模式,如果是,验证其全模块名 $module = defined('P_MODULE_NAME') ? P_MODULE_NAME : MODULE_NAME; $auth_type = C("AUTH_TYPE"); if (!isset($accessList[strtoupper($module)][strtoupper(ACTION_NAME)])) { //进行相关模块或操作公共授权的判断 if (isset($accessList[$auth_type[2]][strtoupper(ACTION_NAME)])) { $_SESSION[$accessGuid] = true; } elseif (isset($accessList[strtoupper($module)][$auth_type[1]])) { $_SESSION[$accessGuid] = true; } else { $_SESSION[$accessGuid] = false; return false; } } else { $_SESSION[$accessGuid] = true; } } else { //管理员无需认证 return true; } } return true; }