/**
* 基类初始化操作
* @author Terry<*****@*****.**>
* @date 2013-3-25
*/
public function _initialize()
{
$langSet = C('DEFAULT_LANG');
// echo "<pre>";print_r(MODULE_NAME);exit;
// 读取当前模块语言包
if (is_file(LANG_PATH . $langSet . '/' . MODULE_NAME . '.php')) {
L(include LANG_PATH . $langSet . '/' . MODULE_NAME . '.php');
}
//判断用户是否登陆
$this->doCheckLogin();
$bm = array();
$bm['url'] = MODULE_NAME;
$bm['module'] = L(MODULE_NAME);
$bm['action'] = L(MODULE_NAME . '_' . ACTION_NAME);
$this->assign('breadcrumbs', $bm);
import('ORG.Util.Session');
$this->assign("uid", session("admin"));
$admin_access = D('Config')->getCfgByModule('ADMIN_ACCESS');
if (intval($admin_access['EXPIRED_TIME']) > 0 && Session::isExpired()) {
unset($_SESSION[C('USER_AUTH_KEY')]);
unset($_SESSION);
session_destroy();
}
if (intval($admin_access['EXPIRED_TIME']) > 0) {
Session::setExpire(time() + $admin_access['EXPIRED_TIME'] * 60);
}
if (C('USER_AUTH_ON') && !in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE')))) {
$rbac = new Arbac();
if (!$rbac->AccessDecision()) {
//检查认证识别号
if (!$_SESSION[C('USER_AUTH_KEY')]) {
//跳转到认证网关
redirect(PHP_FILE . C('USER_AUTH_GATEWAY'));
}
// 没有权限 抛出错误
if (C('RBAC_ERROR_PAGE')) {
// 定义权限错误页面
redirect(C('RBAC_ERROR_PAGE'));
} else {
if (C('GUEST_AUTH_ON')) {
$this->assign('jumpUrl', PHP_FILE . C('USER_AUTH_GATEWAY'));
}
// 提示错误信息
$this->error(L('_VALID_ACCESS_'));
}
}
}
$this->getTop();
$this->getMenus();
import('ORG.Util.Page');
}
/**
* 基类初始化操作
* @author Terry<*****@*****.**>
* @date 2013-3-25
*/
public function _initialize()
{
$this->doCheckLogin();
$this->_name = $this->getActionName();
$langSet = C('DEFAULT_LANG');
//读取公共语言包
L(include LANG_PATH . $langSet . '/Common.php');
// 读取当前模块语言包
if (is_file(LANG_PATH . $langSet . '/' . MODULE_NAME . '.php')) {
L(include LANG_PATH . $langSet . '/' . MODULE_NAME . '.php');
}
//判断用户是否登陆
$ary_get = $this->_get();
$module = $ary_get['_URL_'][1] ? $ary_get['_URL_'][1] : "Index";
$action = $ary_get['_URL_'][2] ? $ary_get['_URL_'][2] : "index";
if (!empty($module) && !empty($action)) {
$array_where = array();
$array_where['action'] = $action;
$array_where['module'] = $module;
$array_where['status'] = '1';
$array_where['is_show'] = '1';
$rolenode = D("RoleNode")->where($array_where)->order('sort asc')->find();
if (!empty($rolenode) && is_array($rolenode)) {
$navid = $rolenode['nav_id'];
} else {
$node = D("RoleNode")->where(array('module' => $module, 'action' => array('NEQ', ''), 'status' => '1'))->order('sort asc')->find();
$navid = $node['nav_id'];
$module = $node['module'];
$action = $node['action'];
}
}
$this->assign("modulename", $module);
$this->assign("actionname", $action);
$this->assign("navid", $navid);
$navname = D("RoleNav")->where(array('id' => $navid))->find();
session("navname", $navname['name']);
$rolenav = M('RoleNav')->field(C('DB_PREFIX') . 'role_nav.name,' . C('DB_PREFIX') . 'role_node.*')->join(C('DB_PREFIX') . 'role_node ON ' . C('DB_PREFIX') . 'role_nav.id = ' . C('DB_PREFIX') . 'role_node.`nav_id`')->where(C('DB_PREFIX') . 'role_nav.id = "' . $navid . '" AND ' . C('DB_PREFIX') . 'role_node.`action` = "' . $action . '" AND ' . C('DB_PREFIX') . 'role_node.`module` = "' . $module . '"')->find();
if (!empty($rolenav) && is_array($rolenav)) {
cookie("menuid", $rolenav['id']);
}
import('ORG.Util.Session');
$this->assign("uid", session("admin"));
$admin_access = D('Config')->getCfgByModule('ADMIN_ACCESS');
if (intval($admin_access['EXPIRED_TIME']) > 0 && Session::isExpired()) {
unset($_SESSION[C('USER_AUTH_KEY')]);
unset($_SESSION);
session_destroy();
}
if (intval($admin_access['EXPIRED_TIME']) > 0) {
Session::setExpire(time() + $admin_access['EXPIRED_TIME'] * 60);
}
if (C('USER_AUTH_ON') && !in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE')))) {
$rbac = new Arbac();
if (!$rbac->AccessDecision()) {
//检查认证识别号
if (!$_SESSION[C('USER_AUTH_KEY')]) {
//跳转到认证网关
redirect(PHP_FILE . C('USER_AUTH_GATEWAY'));
}
// 没有权限 抛出错误
if (C('RBAC_ERROR_PAGE')) {
// 定义权限错误页面
redirect(C('RBAC_ERROR_PAGE'));
} else {
if (C('GUEST_AUTH_ON')) {
$this->assign('jumpUrl', PHP_FILE . C('USER_AUTH_GATEWAY'));
}
// 提示错误信息
$this->error(L('_VALID_ACCESS_'));
}
}
}
$this->getTop();
$this->getMenus($navid);
$this->_Breadcrumb($navid);
import('ORG.Util.Page');
import('ORG.Util.Tree');
import('ORG.Util.Dir');
}
/**
* 用户登陆操作
* @author Terry <*****@*****.**>
* @date 2013-3-23
*/
public function doLogin()
{
$ary_post = $this->_post();
$code = D('Config')->getCfgByModule('CODE_SET');
if (empty($ary_post['username'])) {
$this->error(L('PlEASE_USERNAME'));
} else {
if (empty($ary_post['passwd'])) {
$this->error(L('PlEASE_PASSWD'));
}
}
if (!empty($code['BALOGIN']) && $code['BALOGIN'] == '1') {
if (empty($ary_post['code']) || trim($ary_post['code']) == "验证码") {
$this->error(L('PlEASE_CODE'));
}
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['u_name'] = $ary_post['username'];
$map["u_status"] = array('gt', 0);
$verify = session("code");
if (!empty($code['BALOGIN']) && $code['BALOGIN'] == '1') {
if ($verify != md5($ary_post['code'])) {
$this->error(L('CODE_ERROR'));
}
}
$admin_access = D('Config')->getCfgByModule('ADMIN_ACCESS');
$exitTime = $admin_access['EXPIRED_TIME'];
$rbac = new Arbac();
import('ORG.Util.Session');
$auth_info = $rbac->authenticate($map);
if (empty($auth_info)) {
$this->error(L('ACCOUNT_EXIT_DISABLED'));
} else {
if ($auth_info['u_passwd'] != md5($ary_post['passwd'])) {
$this->error(L('PASSWD_ERROR'));
}
Session::setExpire(time() + $exitTime * 60);
$_SESSION[C('USER_AUTH_KEY')] = $auth_info['u_id'];
$_SESSION['admin_name'] = $auth_info['u_name'];
$_SESSION['pic'] = $auth_info['u_photo'];
$_SESSION['last_time'] = $auth_info['u_lastlogin_time'];
$_SESSION['u_countlog'] = $auth_info['u_countlog'];
if ($auth_info['u_name'] == $admin_access['SYS_ADMIN']) {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
//保存登录信息
$admin = M(C('USER_AUTH_MODEL'));
$ip = get_client_ip();
$time = date("Y-m-d H:i:s");
$data = array();
$data['u_lastlogin_time'] = $time;
$data['u_countlog'] = array('exp', 'u_countlog + 1');
$data['u_ip'] = $ip;
$_SESSION['ip'] = $ip;
$admin->where(array('u_name' => $ary_post['username']))->save($data);
// 缓存访问权限
$rbac->saveAccessList();
$ary_data = array();
$admin_log = M("AdminLog");
$ary_data['u_id'] = $auth_info['u_id'];
$ary_data['u_name'] = $auth_info['u_name'];
$ary_data['log_ip'] = $ip;
$ary_data['log_create'] = $time;
$admin_log->add($ary_data);
//将菜单控制台写入COOKIE
$rolenav = M('RoleNav')->field('id')->where(array('name' => '控制台'))->find();
cookie("nav_id", $rolenav['id']);
$this->success(L('LOGIN_SUCCESS'));
}
}
public static function AccessDecision($appName = APP_NAME)
{
//检查是否需要认证
if (Arbac::checkAccess()) {
//存在认证识别号,则进行进一步的访问决策
$accessGuid = md5($appName . MODULE_NAME . ACTION_NAME);
if (empty($_SESSION[C('ADMIN_AUTH_KEY')])) {
if (C('USER_AUTH_TYPE') == 2) {
//加强验证和即时验证模式 更加安全 后台权限修改可以即时生效
//通过数据库进行访问检查
$accessList = Arbac::getAccessList($_SESSION[C('USER_AUTH_KEY')]);
$_SESSION['_ACCESS_LIST'] = $accessList;
} else {
// 如果是管理员或者当前操作已经认证过,无需再次认证
if ($_SESSION[$accessGuid]) {
return true;
}
//登录验证模式,比较登录后保存的权限访问列表
$accessList = $_SESSION['_ACCESS_LIST'];
}
//判断是否为组件化模式,如果是,验证其全模块名
$module = defined('P_MODULE_NAME') ? P_MODULE_NAME : MODULE_NAME;
$auth_type = C("AUTH_TYPE");
if (!isset($accessList[strtoupper($module)][strtoupper(ACTION_NAME)])) {
//进行相关模块或操作公共授权的判断
if (isset($accessList[$auth_type[2]][strtoupper(ACTION_NAME)])) {
$_SESSION[$accessGuid] = true;
} elseif (isset($accessList[strtoupper($module)][$auth_type[1]])) {
$_SESSION[$accessGuid] = true;
} else {
$_SESSION[$accessGuid] = false;
return false;
}
} else {
$_SESSION[$accessGuid] = true;
}
} else {
//管理员无需认证
return true;
}
}
return true;
}
