public function _initialize() { $this->admin_uid = session('admin_uid'); $this->admin_username = session('admin_username'); if (!session('admin_uid') and !session('admin_username')) { redirect(U('Admin/Public/login')); exit; } $userinfo = M('admin_user')->where(array('id' => $this->admin_uid))->find(); if (!$userinfo) { redirect(U('Admin/Public/login')); exit; } if ($userinfo['status'] == 0) { $this->error('该帐户处于冻结状态!', U('Admin/Public/login')); } if (session('admin_login_key') != $userinfo['login_key']) { $this->error('您的帐号在别的地方登录!', U('Admin/Public/logout')); } $this->group_name = M('admin_auth_group_access a')->join('__ADMIN_AUTH_GROUP__ g ON a.group_id=g.id')->where(array('a.uid' => session('admin_uid')))->getField('g.title'); //权限验证 $this->assign("menu", $this->show_menu()); $this->assign("sub_menu", $this->show_sub_menu()); if (in_array(session('admin_uid'), C('AUTH_CONFIG.AUTH_ADMINUID'))) { return true; } $auth = new \Think\Auth(); if (!$auth->check(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME, session('admin_uid'))) { $this->error('没有权限'); } }
public function LoginCheck() { $Data = M('AuthRule'); $result = $Data->find(1); //$this->assign('result',$result); //$this->display(); $Auth = new \Think\Auth(); //需要验证的规则列表,支持逗号分隔的权限规则或索引数组 $name = MODULE_NAME . '/' . ACTION_NAME; //当前用户id echo $result['name']; $uid = $result['id']; //'8'; //分类 $type = MODULE_NAME; //执行check的模式 $mode = 'url'; //'or' 表示满足任一条规则即通过验证; //'and'则表示需满足所有规则才能通过验证 $relation = 'and'; if ($Auth->check($name, $uid, $type, $mode, $relation)) { die('AUTH:SUCCESS!'); } else { die('AUTH:false!'); } }
public function _initialize() { $auth = new \Think\Auth(); if (!$auth->check(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME, session('UID'))) { $this->error('抱歉,您没有权限访问此页面', U('Home/Index/index')); } }
function authcheck($name, $uid, $type = 1, $mode = 'url', $relation = 'or') { if (!in_array($uid, C('ADMINISTRATOR'))) { $auth = new \Think\Auth(); return $auth->check($name, $uid, $type, $mode, $relation) ? true : false; } else { return true; } }
public function _initialize() { $rule = CONTROLLER_NAME . '/' . ACTION_NAME; $auth = new \Think\Auth(); $uid = $_SESSION['id']; if (!$auth->check($rule, $uid)) { $this->error('你没有操作权限', U('Login/index')); //echo "你没有权限"; //exit; } }
protected function _checkAuth() { if (in_array(session('id'), C('ADMINISTRATOR'))) { return true; } else { $AUTH = new \Think\Auth(); if (!$AUTH->check(MODULE_NAME . "/" . CONTROLLER_NAME . "/" . ACTION_NAME, session('id'))) { $this->error('你没有权限!'); } } }
/** * 权限检测 * @param string $rule 检测的规则 * @param string $mode check模式 * @return boolean * @author 朱亚杰 <*****@*****.**> */ protected final function checkRule($rule, $type = AuthRuleModel::RULE_URL, $mode = 'url') { static $Auth = null; if (!$Auth) { $Auth = new \Think\Auth(); } if (!$Auth->check($rule, UID, $type, $mode)) { return false; } return true; }
public function _initialize() { if (empty(session('adminid'))) { $this->error('您没有登陆!', U('login/index')); } $AUTH = new \Think\Auth(); if (!in_array(session('adminid'), C('administrator'))) { if (!$AUTH->check(MODULE_NAME . "/" . CONTROLLER_NAME . "/" . ACTION_NAME, session('adminid'))) { $this->error('你没有权限'); } } }
public function testAction() { $auth = new \Think\Auth(); var_dump($auth->check("brand", is_user_login(), 2)); die; if (!$auth->check(MODULE_NAME, is_user_login(), 2)) { $this->error("无此操作权限!"); } else { echo "xx"; die; } }
/** * 检查权限 * @param name string|array 需要验证的规则列表,支持逗号分隔的权限规则或索引数组 * @param uid int 认证用户的id * @param string mode 执行check的模式 * @param relation string 如果为 'or' 表示满足任一条规则即通过验证;如果为 'and'则表示需满足所有规则才能通过验证 * @return boolean 通过验证返回true;失败返回false */ function authcheck($name, $uid, $type = 1, $mode = 'url', $relation = 'or') { $tmp = explode('/', $name); $modular = $tmp ? $tmp[1] : ''; //当前模块 $noCheckModu = explode(',', C('NOT_AUTH_MODULE')); //免验证模块 if (!in_array($uid, C('ADMINISTRATOR')) && !in_array($modular, $noCheckModu)) { $auth = new \Think\Auth(); return $auth->check($name, $uid, $type, $mode, $relation) ? true : false; } else { return true; } }
public function _initialize() { // 验证登陆 if (!session('aid')) { $this->error('您还没有登录,请先登录…', U('Admin/Login/index'), 3); } //验证权限 $AUTH = new \Think\Auth(); //类库位置应该位于ThinkPHP\Library\Think\ //MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME ==> Admin/Index/index if (!$AUTH->check(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME, session('aid'))) { $this->error('没有权限'); } }
/** * 权限检测 * @param string $rule 检测的规则 * @param string $mode check模式 * @return boolean */ protected final function checkRule($rule, $type, $mode = 'url') { if (IS_ROOT) { return true; //管理员允许访问任何页面 } static $Auth = null; if (!$Auth) { $Auth = new \Think\Auth(); } if (!$Auth->check($rule, UID, $type, $mode)) { return false; } return true; }
/** * 权限检测 * @param string $rule 检测的规则 * @param string $mode check模式 * @return boolean * @author 朱亚杰 <*****@*****.**> */ protected final function checkRule($rule, $type = AuthRuleModel::RULE_URL, $mode = 'url') { if (IS_ROOT) { return true; //管理员允许访问任何页面 } static $Auth = null; if (!$Auth) { $Auth = new \Think\Auth(); } if (!$Auth->check($rule, UID, array('in', '1,2'), $mode)) { return false; } return true; }
public function _initialize() { //判断管理员是否登录 if ($_SESSION['manage']['sign'] != 1) { $this->redirect("Login/index"); } //判断登录的模块是否在用户组的权限之内 $auth = new \Think\Auth(); $url = CONTROLLER_NAME . '/' . ACTION_NAME; $uid = $_SESSION['manage']['id']; if ($auth->check($url, $uid)) { return true; } else { $this->error("无权限", U("Index/index")); } }
public function run(&$params) { //Home模块、Index控制器、DEBUG模式下不执行权限验证 if (CONTROLLER_NAME != "Index" && !APP_DEBUG) { //判断是否登陆 if (null == session("user.id")) { E("未登录系统", 401); } else { //判断当前用户权限 $auth = new \Think\Auth(); if ($auth->check(strtolower(MODULE_NAME . "/" . CONTROLLER_NAME . "/" . ACTION_NAME . "/" . $_SERVER["REQUEST_METHOD"]), session("user.id"))) { } else { E("无权限的操作", 403); } } } }
/** * 初始化权限系统 * @date: 2015-12-9 上午03:47:30 * @author: zhouqg * @param: variable * @return: */ public function auth() { $adminAuth = $_SESSION['admin_auth']; $auth = new \Think\Auth(); //初始化权限系统 $name = MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME; $uid = $_SESSION['id']; $where['name'] = $name; $where['status'] = '1'; $m = D('Auth_rule')->where($where)->find(); if ($m) { //只对已经添加的规则做权限判断 if (!$auth->check($name, $uid)) { $this->error('没有权限'); } } }
/** * 权限验证 * @param rule string|array 需要验证的规则列表,支持逗号分隔的权限规则或索引数组 * @param uid int 认证用户的id * @param string mode 执行check的模式 * @param relation string 如果为 'or' 表示满足任一条规则即通过验证;如果为 'and'则表示需满足所有规则才能通过验证 * @return boolean 通过验证返回true;失败返回false */ function authCheck($rule, $uid, $type = 1, $mode = 'url', $relation = 'or') { //超级管理员跳过验证 $auth = new \Think\Auth(); //获取当前uid所在的角色组id $groups = $auth->getGroups($uid); // var_dump($rule); // echo 'uid='.$uid; // var_dump($auth->check($rule,$uid,$type,$mode,$relation));die(); //这里偷懒了,因为我设置的是一个用户对应一个角色组,所以直接取值.如果是对应多个角色组的话,需另外处理 //if(in_array($groups[0]['id'], C('ADMINISTRATOR'))){ if (in_array($uid, C('ADMINISTRATOR'))) { return true; } else { return $auth->check($rule, $uid, $type, $mode, $relation) ? true : false; } }
public function viewtel($id = '') { $m = M('auth_rule'); $field = 'id,name,title'; $where['pid'] = 0; //顶级ID $where['status'] = 1; //显示状态 $data = $m->field($field)->where($where)->select(); $auth = new \Think\Auth(); //没有权限的菜单不显示 if (!$auth->check('Member/viewtel', session('aid')) && session('aid') != 1) { echo '没有权限查看手机号'; } else { $m = M('member'); $id = I('id'); $info = $m->field('tel,loginname,realname')->where('id=' . $id)->find(); // echo $info['tel']; $this->assign('data', $info); $this->display(); } }
function _initialize() { // 用户权限检查 if (!empty($_SESSION[C('USER_AUTH_KEY')])) { //权限验证 基于Auth 过滤admin 超级唯一最高权限用户 if ($_SESSION['administrator']) { return; } else { //首页框架无需验证 $name = ACTION_NAME; switch ($name) { case 'insert': $name = 'add'; break; case 'update': $name = 'edit'; default: break; } $currentDetail = CONTROLLER_NAME . '_all'; $current = CONTROLLER_NAME . '_' . $name; $noAuth = array('Index_index', 'Merchant_getcity'); if (!in_array($current, $noAuth)) { $auth = new \Think\Auth(); $arr = $auth->check($current . ',' . $currentDetail, $_SESSION[C('USER_AUTH_KEY')]); if (!$arr) { $this->error('你无改权限操作该界面'); exit; } else { // $session_auth [] = $current; } } } } else { // $this->error('登录过期',__ROOT__.C('USER_AUTH_GATEWAY')); $this->redirect(__ROOT__ . C('USER_AUTH_GATEWAY')); } }
protected function loadMenus() { $menu = C("menus"); //check if i'm a teamleader $model = D("User"); $uid = is_user_login(); // if(!$model->isMcmanager($uid) && $model->isTeamleader($uid) ) if ($model->isTeamleader($uid)) { $menu = array_merge($menu, C("menus_team_leader")); } $auth = new \Think\Auth(); $Model = M("SysConfig"); $config = $Model->find(); foreach ($menu as $key => $value) { $url = $value['url']; $module = explode('/', $url); if (is_user_brand()) { // if(!in_array(strtolower($module[0]), json_decode($config['default_role']))) // { // if(!$auth->check($module[0],is_user_login(),2)) // { // unset($menu[$key]); // continue; // } // } if ($module[0] != "Brand") { unset($menu[$key]); continue; } } else { if ($module[0] != 'Teamleader' && !$auth->check($module[0], is_user_login(), 2)) { unset($menu[$key]); continue; } } } $brand_id = get_brand_id(); if ($brand_id == 35) { $isReception = D("User")->isReception(UID); if ($isReception) { foreach ($menu as $key => $value) { if ($value['title'] == "前台") { $menu[$key]['child'][] = array("id" => 0, "title" => "活动", "pid" => 4, "url" => "Reception/Spider/index"); } } } } $this->assign("menus", $menu); }
function check_auth($rule, $type = AuthRuleModel::RULE_URL) { if (is_administrator()) { return true; //管理员允许访问任何页面 } static $Auth = null; if (!$Auth) { $Auth = new \Think\Auth(); } if (!$Auth->check($rule, get_uid(), $type)) { return false; } return true; }
/** * 权限检测 * @param $rule * @param $type * @param string $mode * @return bool */ public final function checkRule($rule, $type = AuthRuleModel::RULE_URL, $mode = 'url') { $user = D('Useradmin'); if ($this->isAdmin()) { return true; //管理员允许访问任何页面 } static $auth = null; if (!$auth) { $auth = new \Think\Auth(); } if (!$auth->check($rule, $user->isLogin(), $type, $mode)) { return false; } return true; }
function check_auth($rule = '', $except_uid = -1, $type = AuthRuleModel::RULE_URL) { if (is_administrator()) { return true; //管理员允许访问任何页面 } if ($except_uid != -1) { if (!is_array($except_uid)) { $except_uid = explode(',', $except_uid); } if (in_array(is_login(), $except_uid)) { return true; } } $rule = empty($rule) ? MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME : $rule; // 检测是否有该权限 if (!M('auth_rule')->where(array('name' => $rule, 'status' => 1))->find()) { return false; } static $Auth = null; if (!$Auth) { $Auth = new \Think\Auth(); } if (!$Auth->check($rule, get_uid(), $type)) { return false; } return true; }
/** * 权限检测 * @param string $rule 检测的规则 * @param string $mode check模式 * @return boolean */ private function checkRule($rule, $mode = 'url') { static $Auth = null; if (!$Auth) { $Auth = new \Think\Auth(); } if (!$Auth->check($rule, UID, 2, $mode)) { return false; } return true; }