/** * 构造self::$member */ protected function ini_member() { if (null === static::$member && isset($_SESSION['member_id']) && $_SESSION['member_id'] > 0) { $orm_member = new \ORM_Admin_Member_Finder(); static::$member = $orm_member->where('id', $_SESSION['member_id'])->find(null, true)->current(); } }
/** * Session在加载时读取用户数据 */ protected static function load_member_data() { if (null === Session::$member && isset($_SESSION['member']['id']) && $_SESSION['member']['id'] > 0) { $orm_member = new ORM_Admin_Member_Finder(); $member = $orm_member->get_by_id($_SESSION['member']['id']); if ($member) { if ($_SESSION['member']['password'] != $member->password) { // 在别处修改过密码 unset($_SESSION['member']); } else { Session::$member = $member; } } } }
/** * On first session instance creation, sets up the driver and creates session. */ public function __construct($vars = null) { // This part only needs to be run once if (Session::$instance === null) { // Load config Session::$config = Core::config('session'); if (!isset(Session::$config['name']) || !preg_match('#^(?=.*[a-z])[a-z0-9_]++$#iD', Session::$config['name'])) { // Name the session, this will also be the name of the cookie Session::$config['name'] = 'PHPSESSINID'; } if (isset(Session::$config['driver']) && class_exists('Session_Driver_' . Session::$config['driver'], true)) { $driver_name = 'Session_Driver_' . Session::$config['driver']; if (isset(Session::$config['driver_config'])) { $this->driver = new $driver_name(Session::$config['driver_config']); } else { $this->driver = new $driver_name(); } } else { $this->driver = new Session_Driver_Default(); } if ($vars) { // Set the new data $this->set($vars); } if (!isset($_SESSION['_flash_session_'])) { $_SESSION['_flash_session_'] = array(); } Session::$flash =& $_SESSION['_flash_session_']; # 清理Flash Session $this->expire_flash(); $_SESSION['SID'] = $this->driver->session_id(); if (!isset($_SESSION['_last_actived_time_']) || TIME - 600 > $_SESSION['_last_actived_time_']) { # 更新最后活动时间 10分钟更新一次 $_SESSION['_last_actived_time_'] = TIME; } # 确保关闭前执行保存 Core::register_shutdown_function(array('Session', 'write_close')); Session::$instance = $this; if (null === Session::$member && isset($_SESSION['member_id']) && $_SESSION['member_id'] > 0) { $orm_member = new ORM_Admin_Member_Finder(); Session::$member = $orm_member->where('id', $_SESSION['member_id'])->find(null, true)->current(); } } }
public function action_delete($member_id) { $member_id = (int) $member_id; if (!$member_id > 0) { $this->message('参数错误'); } $orm_member = new ORM_Admin_Member_Finder(); $member = $orm_member->get_by_id($member_id); if (!$member) { $this->message('指定的用户不存在或已被删除'); if (false) { $member = new ORM_Admin_Member_Data(); } } try { $this->check_auth_for_delete($member); } catch (Exception $e) { $this->message($e->getMessage(), $e->getCode()); } $status = $member->delete(); if ($status) { $this->message('删除成功', 1); } else { $this->message('未删除数据', 0); } }
/** * 返回属于改组所有用户对象 * * @return \ORM_Admin_Member_Result */ public function members() { $orm = new \ORM_Admin_Member_Finder(); return $orm->get_all_members_by_group_id($this->id); }
/** * 处理提交 * * @param array $data * @return \Member 失败则返回false */ protected function post($data, $error_num) { if (!$data['username']) { $this->message = \__('Username can not be empty'); $this->error_input = 'username'; return false; } if (!$data['password']) { $this->message = \__('The password can not be empty'); $this->error_input = 'password'; return false; } $db = \Database::instance(\Model_Admin::DATABASE); try { if ($error_num) { # 有登录错误 $config = \Core::config('admin.login'); if ($error_num >= $config['error_show_captcha_num'] - 1) { if (\Captcha::valid($data['captcha']) < 0) { $this->error_input = 'captcha'; throw new \Exception(\__('Verification code error')); } } } $member_finder = new \ORM_Admin_Member_Finder(); $member = $member_finder->get_member_by_username($data['username']); if (!$member) { $this->error_input = 'username'; throw new \Exception(\__('User does not exist')); } if (!$member->check_password($data['password'])) { $this->error_input = 'password'; throw new \Exception(\__('Password is incorrect')); } if ($error_num) { # 清除登录记录 $db->delete('admin_login_error_log', array('ip' => \HttpIO::IP)); } $id = (int) $member->id; $_POST['password'] = '******'; //日志中隐藏密码项 if ($member->project != \Bootstrap::$project && !$member->perm()->is_super_perm()) { throw new \Exception(\__('Not allowed to login through this page'), -1); } if ($member->shielded) { $this->error_input = 'username'; throw new \Exception(\__('You have been blocked'), -1); } } catch (\Exception $e) { if (0 === $e->getCode()) { # 验证失败 $error_num++; if (1 === $error_num) { $db->insert('admin_login_error_log', array('ip' => \HttpIO::IP, 'timeline' => \TIME, 'error_num' => 1, 'last_error_msg' => $e->getMessage(), 'last_post_username' => $data['username'])); } else { $db->update('admin_login_error_log', array('timeline' => \TIME, 'error_num+' => 1, 'last_error_msg' => $e->getMessage(), 'last_post_username' => $data['username']), array('ip' => \HttpIO::IP)); } } $this->message = $e->getMessage(); $id = 0; $member = false; } # 记录登录日志 $db->insert('admin_log', array('uri' => $_SERVER["REQUEST_URI"], 'type' => 'login', 'ip' => \HttpIO::IP, 'referer' => $_SERVER["HTTP_REFERER"], 'post' => \serialize($_POST), 'admin_id' => $id)); return $member; }
/** * 根据用户名获取用户对象 * * @param string $username * @return Member */ public function get_by_username($username) { $orm_member = new \ORM_Admin_Member_Finder(); return $orm_member->where('username', $username)->find(null, true)->current(); }