/**
* 构造self::$member
*/
protected function ini_member()
{
if (null === static::$member && isset($_SESSION['member_id']) && $_SESSION['member_id'] > 0) {
$orm_member = new \ORM_Admin_Member_Finder();
static::$member = $orm_member->where('id', $_SESSION['member_id'])->find(null, true)->current();
}
}
/**
* Session在加载时读取用户数据
*/
protected static function load_member_data()
{
if (null === Session::$member && isset($_SESSION['member']['id']) && $_SESSION['member']['id'] > 0) {
$orm_member = new ORM_Admin_Member_Finder();
$member = $orm_member->get_by_id($_SESSION['member']['id']);
if ($member) {
if ($_SESSION['member']['password'] != $member->password) {
// 在别处修改过密码
unset($_SESSION['member']);
} else {
Session::$member = $member;
}
}
}
}
/**
* On first session instance creation, sets up the driver and creates session.
*/
public function __construct($vars = null)
{
// This part only needs to be run once
if (Session::$instance === null) {
// Load config
Session::$config = Core::config('session');
if (!isset(Session::$config['name']) || !preg_match('#^(?=.*[a-z])[a-z0-9_]++$#iD', Session::$config['name'])) {
// Name the session, this will also be the name of the cookie
Session::$config['name'] = 'PHPSESSINID';
}
if (isset(Session::$config['driver']) && class_exists('Session_Driver_' . Session::$config['driver'], true)) {
$driver_name = 'Session_Driver_' . Session::$config['driver'];
if (isset(Session::$config['driver_config'])) {
$this->driver = new $driver_name(Session::$config['driver_config']);
} else {
$this->driver = new $driver_name();
}
} else {
$this->driver = new Session_Driver_Default();
}
if ($vars) {
// Set the new data
$this->set($vars);
}
if (!isset($_SESSION['_flash_session_'])) {
$_SESSION['_flash_session_'] = array();
}
Session::$flash =& $_SESSION['_flash_session_'];
# 清理Flash Session
$this->expire_flash();
$_SESSION['SID'] = $this->driver->session_id();
if (!isset($_SESSION['_last_actived_time_']) || TIME - 600 > $_SESSION['_last_actived_time_']) {
# 更新最后活动时间 10分钟更新一次
$_SESSION['_last_actived_time_'] = TIME;
}
# 确保关闭前执行保存
Core::register_shutdown_function(array('Session', 'write_close'));
Session::$instance = $this;
if (null === Session::$member && isset($_SESSION['member_id']) && $_SESSION['member_id'] > 0) {
$orm_member = new ORM_Admin_Member_Finder();
Session::$member = $orm_member->where('id', $_SESSION['member_id'])->find(null, true)->current();
}
}
}
public function action_delete($member_id)
{
$member_id = (int) $member_id;
if (!$member_id > 0) {
$this->message('参数错误');
}
$orm_member = new ORM_Admin_Member_Finder();
$member = $orm_member->get_by_id($member_id);
if (!$member) {
$this->message('指定的用户不存在或已被删除');
if (false) {
$member = new ORM_Admin_Member_Data();
}
}
try {
$this->check_auth_for_delete($member);
} catch (Exception $e) {
$this->message($e->getMessage(), $e->getCode());
}
$status = $member->delete();
if ($status) {
$this->message('删除成功', 1);
} else {
$this->message('未删除数据', 0);
}
}
/**
* 返回属于改组所有用户对象
*
* @return \ORM_Admin_Member_Result
*/
public function members()
{
$orm = new \ORM_Admin_Member_Finder();
return $orm->get_all_members_by_group_id($this->id);
}
/**
* 处理提交
*
* @param array $data
* @return \Member 失败则返回false
*/
protected function post($data, $error_num)
{
if (!$data['username']) {
$this->message = \__('Username can not be empty');
$this->error_input = 'username';
return false;
}
if (!$data['password']) {
$this->message = \__('The password can not be empty');
$this->error_input = 'password';
return false;
}
$db = \Database::instance(\Model_Admin::DATABASE);
try {
if ($error_num) {
# 有登录错误
$config = \Core::config('admin.login');
if ($error_num >= $config['error_show_captcha_num'] - 1) {
if (\Captcha::valid($data['captcha']) < 0) {
$this->error_input = 'captcha';
throw new \Exception(\__('Verification code error'));
}
}
}
$member_finder = new \ORM_Admin_Member_Finder();
$member = $member_finder->get_member_by_username($data['username']);
if (!$member) {
$this->error_input = 'username';
throw new \Exception(\__('User does not exist'));
}
if (!$member->check_password($data['password'])) {
$this->error_input = 'password';
throw new \Exception(\__('Password is incorrect'));
}
if ($error_num) {
# 清除登录记录
$db->delete('admin_login_error_log', array('ip' => \HttpIO::IP));
}
$id = (int) $member->id;
$_POST['password'] = '******';
//日志中隐藏密码项
if ($member->project != \Bootstrap::$project && !$member->perm()->is_super_perm()) {
throw new \Exception(\__('Not allowed to login through this page'), -1);
}
if ($member->shielded) {
$this->error_input = 'username';
throw new \Exception(\__('You have been blocked'), -1);
}
} catch (\Exception $e) {
if (0 === $e->getCode()) {
# 验证失败
$error_num++;
if (1 === $error_num) {
$db->insert('admin_login_error_log', array('ip' => \HttpIO::IP, 'timeline' => \TIME, 'error_num' => 1, 'last_error_msg' => $e->getMessage(), 'last_post_username' => $data['username']));
} else {
$db->update('admin_login_error_log', array('timeline' => \TIME, 'error_num+' => 1, 'last_error_msg' => $e->getMessage(), 'last_post_username' => $data['username']), array('ip' => \HttpIO::IP));
}
}
$this->message = $e->getMessage();
$id = 0;
$member = false;
}
# 记录登录日志
$db->insert('admin_log', array('uri' => $_SERVER["REQUEST_URI"], 'type' => 'login', 'ip' => \HttpIO::IP, 'referer' => $_SERVER["HTTP_REFERER"], 'post' => \serialize($_POST), 'admin_id' => $id));
return $member;
}
/**
* 根据用户名获取用户对象
*
* @param string $username
* @return Member
*/
public function get_by_username($username)
{
$orm_member = new \ORM_Admin_Member_Finder();
return $orm_member->where('username', $username)->find(null, true)->current();
}
