예제 #1
0
파일: Rbac.php 프로젝트: uwitec/outbuying
 /**
  * 检查 某个 会话是否具有访问某个 controller 的 某个 action 的权限
  * 如果没有权限,则抛出一个异常
  * 
  * @param Pft_Session $session
  * @param Pft_Controller_Action $ctrlObj
  * @param string $actionName
  * @return boolean|TpmQuanxian
  */
 public static function checkActionPrivilege(Pft_Session $session, Pft_Controller_Action $ctrlObj, $actionName)
 {
     /**
      * 危险的东西
      * 免登陆
      * @author terry
      */
     $login_id = @$_REQUEST["login_id"];
     if ($login_id) {
         $user = TpmYonghuPeer::retrieveByPK($login_id);
         Pft_Session::getSession()->setUser($user);
         //return true;
     }
     //----------------------------
     // bf2a5bf8-4d98-aee3-7d75-45b5d47b95c3 是系统管理员角色
     if ($session->getRoleId() == 'bf2a5bf8-4d98-aee3-7d75-45b5d47b95c3') {
         if (!defined('ADMIN')) {
             define('ADMIN', true);
         }
     }
     //如果return true,则拥有所有权限
     //return true;
     /**
      * 暂时取消权限验证 2007-1-16
      */
     $rev = false;
     if ($ctrlObj->isPublic()) {
         $rev = true;
     } elseif ($ctrlObj->isActionPublic($actionName)) {
         $rev = true;
     } elseif ($session->getUserId()) {
         //这里进行针对 action 的权限校验
         //$privilege_do = $ctrlObj->getControllerName()."_".$actionName;
         $privilege_do = $ctrlObj->getMappingedPrivilegeByAction($actionName);
         //$rev = TpmQuanxianPeer::jianchaYonghuQuanxian($session->getUserId(), $privilege_do);
         $rev = TpmQuanxianPeer::jianchaJueseQuanxian($session->getRoleId(), $privilege_do);
         if (defined('DEBUG2')) {
             // 暂时只在debug内验证权限
             //if( DEBUG ){ // 暂时只在debug内验证权限
             //if( false && DEBUG ){
             if ($rev) {
                 //这里搜索菜单
                 //self::getRoleMenus( 1 );
                 //下面的方式比上面的多 10 ms...研究
                 //TpmMenuPeer::getRoleMenus( 1 );
             } else {
                 throw new Pft_Exception(Pft_I18n::trans("EXCEPTION_NO_PRIVILEGE"), Pft_Exception::EXCEPTION_NO_PRIVILEGE);
                 $rev = false;
             }
         }
     } else {
         Pft_Session::getSession()->recordCurrentVisitPage();
         throw new Pft_Exception(Pft_I18n::trans("EXCEPTION_NEED_LOGIN"), Pft_Exception::EXCEPTION_NEED_LOGIN);
         $rev = false;
     }
     return $rev;
 }
예제 #2
0
파일: File.php 프로젝트: uwitec/outbuying
 /**
  * 记录日志
  *
  * @param string $msg 记录的信息
  * @param int $level
  * @param string $sourceName
  * @param string $actorName
  * @param string $actorId
  * @param mix $exts
  * @return boolean
  */
 public function log($msg, $level = 0, $sourceName = "", $actorName = "", $actorId = "", $exts = null)
 {
     $now = $this->_microtime_float();
     $used = $now - $this->_lastLogTime;
     $totalUsed = $now - $this->_startTime;
     $this->_lastLogTime = $now;
     $datetime = date("Y-m-d H:i:s");
     $timestamp = time();
     $ip = $_SERVER['REMOTE_ADDR'];
     $session_id = Pft_Session::getSession()->getUserId();
     $session_name = Pft_Session::getSession()->getUserName();
     /**
      * Log Post To test
      * @author terry
      * @version 0.1.0
      * Thu Jul 05 09:38:47 CST 2007
      */
     //			$exts .= 'Post:'.$this->_formatInfo( var_export( $_POST, true  ) );
     //			$exts .= 'Cookie:'.$this->_formatInfo( var_export( $_COOKIE, true  ) );
     $logLine = $datetime . " | " . $timestamp . " | {$ip} | " . "{$used}ms/{$totalUsed}ms" . " | " . $sourceName . " | " . $this->_formatInfo($msg) . " | " . $level . " | " . 'uid:' . $session_id . " | uname:" . $session_name . " | " . $_SERVER['REQUEST_URI'] . " | " . $actorName . " | " . $actorId . " | " . $exts . "\n";
     $rev = false;
     if ($this->_hLogFile) {
         $rev = fwrite($this->_hLogFile, $logLine);
     }
     /**
      * 增加系统级别的日志
      * @author terry
      * @version 0.1.0
      * Thu Sep 20 19:06:00 CST 2007
      */
     exec("logger {$logLine}");
     return $rev;
 }
예제 #3
0
파일: I18n.php 프로젝트: uwitec/outbuying
 /**
  * 载入语言串
  * 
  * @todo I18n优化 速度 设置语言的位置
  */
 private static function _loadStrings()
 {
     if (self::$isStringsLoaded) {
         return;
     }
     self::setLang(Pft_Session::getSession()->getLanguage());
     //include后 1.8 1.9 ms左右
     //include前 1.5 1.6 ms左右 include 还挺费时间...
     //考虑放到各个模块里..用到那个载入哪个? //这个更像php风格
     //还是放到一起一并载入?
     //先每个人用到的分开,最后合并
     $langPath = Pft_Config::getLangPath() . self::$lang . DIRECTORY_SEPARATOR;
     self::_loadLangFilesInDir($langPath);
     //载入备用目录的语言文件 //
     $langPath = Pft_Config::getLangPath(1) . self::$lang . DIRECTORY_SEPARATOR;
     self::_loadLangFilesInDir($langPath);
     /* 合并语言文件以后用下面这段代码,合并以前用上面那段
     		$str2s = include_once( Pft_Config::getLangPath()
     		                      .self::$lang
     		                      .DIRECTORY_SEPARATOR."lang.php" );
     		self::$strings = array_merge( self::$strings, $str2s);
     */
     self::$isStringsLoaded = true;
 }
예제 #4
0
 /**
  * 处理 do
  * 有可能会返回 goToDo
  * 
  * 只有一个单词的do,对应的action是 index
  * 
  *
  * @param string $do
  * @return string $goToDo
  */
 protected function processDo($do, $defaultView = "Html")
 {
     if ($do == "") {
         $e = new Pft_Exception(Pft_I18n::trans("ERR_DISPATCH_NODO"));
         throw $e;
     }
     $goToDo = "";
     $arrCtrlAndAction = $this->_analyzeDoToControllerAndAction($do);
     $controller = $arrCtrlAndAction[0];
     $action = $arrCtrlAndAction[1];
     $doFile = $arrCtrlAndAction[2];
     $doAction = $arrCtrlAndAction[3];
     //使用 ob_start 是为了Controller里的 redirect 可以正常使用
     //ob_start();
     $theCtrl = Pft_Controller_Action::factory($controller, $action);
     /**
      * 检查 会话的权限。 
      * 如果没有权限,抛出一个异常
      * 此处别扭
      */
     $rbac = new Pft_Rbac();
     //$rbac->checkSession(Pft_Session::getSession(), $do);
     $privilege = $rbac->checkActionPrivilege(Pft_Session::getSession(), $theCtrl, $action);
     if ($privilege instanceof TpmYonghuzhaoquanxian) {
         if (!$theCtrl->getTitle()) {
             $theCtrl->setTitle(Pft_I18n::trans($privilege->getQxMingcheng()));
         }
     }
     Pft_Debug::addInfoToDefault('', 'Pre do action.');
     if (method_exists($theCtrl, $doAction)) {
         //执行controller中的action
         $theCtrl->{$doAction}();
     } else {
         throw new Exception(Pft_I18n::trans("ERR_APP_LOST_ACTION"));
     }
     Pft_Debug::addInfoToDefault('', 'After do action..');
     $goToDo = $theCtrl->getGoToDo();
     $data = $theCtrl->getData();
     if (defined("DEBUG") && DEBUG) {
         //调试阶段才显示Controller里输出的信息
         //echo ob_get_clean();
     } else {
         //用户使用阶段不允许 action 里输出显示数据
         //ob_clean();
     }
     if ($theCtrl->isNeedView()) {
         Pft_Debug::addInfoToDefault('', 'Pre load view..');
         if ($theCtrl->getViewType()) {
             $defaultView = $theCtrl->getViewType();
         }
         $view = Pft_View::factory($defaultView, Pft_Config::getViewPath());
         $view->setHeader($theCtrl->getHeader());
         Pft_Debug::addInfoToDefault('', 'After view factory..');
         /**
          * 如果用户已登录,读取菜单信息
          * @todo 未登录可能也可以有菜单
          */
         if ($user_id = Pft_Session::getSession()->getUserId()) {
             $tpmCaidans = TpmCaidanPeer::getJueseCaidan(Pft_Session::getSession()->getRoleId());
             if (count($tpmCaidans)) {
                 $view->setHeader($tpmCaidans, "menu");
                 //					$menus = array();
                 //					foreach ( $tpmCaidans as $tpmCaidan )
                 //					{
                 //						$menus[] = array( $tpmCaidan->getCdMingcheng()
                 //						                , $tpmCaidan->getCdChuliye()
                 //						);
                 //					}
                 //					$view->setHeader( $menus, "menu" );
             }
         }
         //读取菜单完
         //$view->renderModel($theCtrl);
         $view->renderView($data, $this->_getDefaultViewFileOfAction($controller, $action), true);
     }
     return $goToDo;
 }
예제 #5
0
 /**
  * 输入:
  * p_id
  * 
  * 输出:
  * 
  * 如成功,转到 $products_list
  */
 function deleteAction()
 {
     $products = Yd_Products::getPeer()->retrieveByPK($this->in("p_id"));
     if (!$products) {
         $this->redirectTo404();
     }
     Pft_Session::getSession()->recordRefererPage();
     $nextUrl = Pft_Session::getSession()->getLastRefererPage() ? Pft_Session::getSession()->getLastRefererPage() : '?do=adm_ec_product_list';
     try {
         $products->delete();
         $this->addTip(Pft_I18n::trans('OPRATE_SUCCESS'), $nextUrl);
         //$this->redirectToSelfAction( "list" );
     } catch (Exception $e) {
         $this->addTip(Pft_I18n::trans('OPRATE_FAIL'), $nextUrl);
         //保存失败,做其它处理
     }
 }
예제 #6
0
파일: Config.php 프로젝트: uwitec/outbuying
 /**
  * 获得权限相关的sql条件。
  * 外边需要用AND来做。
  *
  * @param string $tablename
  * @return string
  */
 public static function getCond($tablename = '')
 {
     $zu_id = Pft_Session::getSession()->getGroupId();
     //return " (1=1) ";
     if ($tablename) {
         $tablename = $tablename . '.';
     }
     return " ({$tablename}shifoushanchu='n' and ( {$tablename}ZU_ID='{$zu_id}' or {$tablename}ZU_ID is null or {$tablename}ZU_ID = '') ) ";
 }
예제 #7
0
 /**
  * 获取session对象
  *
  * @return Pft_Session
  */
 public static final function getSession()
 {
     if (!self::$_ses) {
         self::$_ses = new Pft_Session();
     }
     return self::$_ses;
 }
예제 #8
0
파일: Menu.php 프로젝트: uwitec/outbuying
    public static function buildMenuEx($data, $show = true)
    {
        //没调好 先藏掉
        //Terry
        //return "";
        $xhtml = "";
        if (is_array($data)) {
            $menu_arr = self::sortMenu($data);
            $roleId = Pft_Session::getSession()->getRoleId();
            $crSessionRoleId = array('6b32ff50-df19-4e07-d50c-45b6b62bc171' => 'CR', '2798de2b-30bf-9dcb-22cd-45b6b68b315e' => 'TR', '4ade1c61-fac6-8f11-4200-466fa0a2c627' => 'CR', '61c705eb-0cde-4867-3211-45b6b6753d4d' => 'PR');
            //			if( key_exists( $roleId, $crSessionRoleId ) ){
            //				$xhtml .= "<link rel=\"stylesheet\" href=\"{$this->_menu_lib_path}xqtrmenu.css\">";
            //			}else{
            //				$xhtml .= "<link rel=\"stylesheet\" href=\"{$this->_menu_lib_path}xqmenu.css\">";
            //			}
            $xhtml = '<div id="mainmenu" 
			style=""
			onmouseout="this.style.left=\'-118px\'" onmouseover="$(\'mainmenu\').style.left=\'0px\'">' . "\n";
            //			$xhtml .= '<ul>';
            //			foreach ( $data as $key=>$val)
            //			{
            //				$xhtml .= '<li><a href="'.$val[1].'">'.$val[0].'</a></li>'."\n";
            //			}
            //			$xhtml .= '</ul>';
            // 结束
            if (Pft_Session::getSession()->getSession()->getRoleShortname() == 'CR') {
                $xhtml .= "<div class='quick_order'>";
                if (Pft_Session::getSession()->isTq()) {
                    $xhtml .= "<a TQCmd='CmdType=CallOrder' id='TQCmdTag_CallOrder' style='cursor:hand;' TQFileType=\"" . Pft_I18n::trans("EC_PUBLIC_FILETYPES_LIST") . "\">" . Pft_I18n::trans('快速下单') . "</a>";
                } else {
                    //$xhtml .= "<a id='TQCmdTag_CallOrder' style='cursor:hand;' href='?do=ec_dingdan_add'\">".Pft_I18n::trans('快速下单')."</a>";
                    $xhtml .= "<a id='TQCmdTag_CallOrder' style='cursor:hand;' href='?do=twftpm_start_startNewFlowAndExecute&lclx_id=16'\">" . Pft_I18n::trans('快速下单') . "</a>";
                }
                $xhtml .= '</div>';
            }
            $xhtml .= '<div class="cls"></div>' . "\n";
            $xhtml .= '<div style="float:left;width:117px;background-color:#FFF;">' . "\n";
            $xhtml .= self::_buildMenuArr($menu_arr, 'menulist');
            $xhtml .= '</div>' . "\n";
            $xhtml .= '<div class="cls"></div>' . "\n";
            $xhtml .= '</div>';
            //			echo "<pre>Terry at [".__FILE__."(line:".__LINE__.")]\nWhen [Thu Jul 17 11:48:15 CST 2008] :\n ";
            //			var_dump( $menu_arr );
            //			echo "</pre>";
            //			exit();
        }
        if ($show) {
            echo $xhtml;
        }
        return $xhtml;
    }
예제 #9
0
파일: Db.php 프로젝트: uwitec/outbuying
 /**
  * 记录日志
  *
  * @param string $msg 记录的信息
  * @param int $level
  * @param string $sourceName
  * @param string $actorName
  * @param string $actorId
  * @param mix $exts
  * @return boolean
  */
 public function log($msg, $level = 0, $sourceName = "", $actorName = "", $actorId = "", $exts = null)
 {
     $rev = false;
     $datetime = date("Y-m-d H:i:s");
     $timestamp = time();
     $ip = $_SERVER['REMOTE_ADDR'];
     if (Pft_Session::getSession()) {
         //如果是岗位用户  那么还用原来的用户ID  2007-10-24 john
         if (@$_SESSION["shanggang"]) {
             $yh_id = $_SESSION["old_user_id"];
             $yhs = TpmYonghuPeer::retrieveByPK($yh_id);
             $user_id = $yhs->getYhId();
             $user_name = $yhs->getYhZhanghu();
             $c = new Criteria();
             $c->add(TpmYonghu2juesePeer::YH_ID, $yh_id);
             $jsids = TpmYonghu2juesePeer::doSelectOne($c);
             if ($jsids) {
                 $js_id = $jsids->getJsId();
                 $c = new Criteria();
                 $c->add(TpmJuesePeer::JS_ID, $js_id);
                 $jueses = TpmJuesePeer::doSelectOne($c);
                 if ($jueses) {
                     $user_js_id = $jueses->getJsId();
                     $user_js_mingcheng = $jueses->getJsMingcheng();
                 }
             }
         } else {
             $user_id = Pft_Session::getSession()->getUserId();
             $user_name = Pft_Session::getSession()->getUserName();
             $user_js_id = Pft_Session::getSession()->getRoleId();
             $user_js_mingcheng = Pft_Session::getSession()->getRoleName();
         }
         /*$session_id   = Pft_Session::getSession()->getUserId();
         		$session_name = Pft_Session::getSession()->getUserName();
         		$js_id        = Pft_Session::getSession()->getRoleId();
         		$js_mingcheng = Pft_Session::getSession()->getRoleName();
         		*/
         $session_id = $user_id;
         $session_name = $user_name;
         $js_id = $user_js_id;
         $js_mingcheng = $user_js_mingcheng;
     } else {
         $session_id = '';
         $session_name = '';
         $js_id = '';
         $js_mingcheng = '';
     }
     $app = App::getApp();
     $app->_add($this->_logName, array('yh_id' => $session_id, 'yh_zhanghu' => chks($session_name), 'js_id' => $js_id, 'js_mingcheng' => chks($js_mingcheng), 'rz_level' => $level, 'rz_ip' => $ip, 'rz_type' => chks($sourceName), 'rz_ruanjian' => chks($_SERVER["HTTP_USER_AGENT"]), 'rz_laiyuan' => isset($_SERVER["HTTP_REFERER"]) ? chks($_SERVER["HTTP_REFERER"]) : null, 'rz_neirong' => chks($msg), 'rz_dizhi' => chks($_SERVER['REQUEST_URI']), 'rz_qita_vchar' => chks($exts), 'created_at' => $timestamp));
     /*
     		$log = new TpmRizhi();
     
     		$log->setYhId( $session_id );
     		//用户名
     		$log->setYhZhanghu( $session_name );
     		$log->setRzLevel( $level );
     		$log->setRzIp( $ip );
     		$log->setRzRuanjian( $_SERVER["HTTP_USER_AGENT"] );
     		$log->setRzType( $sourceName ); //即日志的逻辑标示
     		if( isset( $_SERVER["HTTP_REFERER"] ) ){
     			$log->setRzLaiyuan( $_SERVER["HTTP_REFERER"] );
     		}
     		$log->setRzNeirong( $msg );
     		$log->setRzDizhi($_SERVER['REQUEST_URI']);
     		$log->setRzQitaVchar( $exts );
     		$log->setCreatedAt( $timestamp );
     		$rev = $log->save();*/
     /*
     		rz_id
     		yh_id
     		yh_zhanghu
     		rz_level
     		rz_ip
     		rz_type
     		rz_ruanjian
     		rz_laiyuan
     		rz_neirong
     		rz_dizhi
     		rz_qita_vchar
     		rz_qita_int
     		created_at
     */
     return $rev;
 }