Exemplo n.º 1
0
 /**
 +----------------------------------------------------------
 * 启动Session
 +----------------------------------------------------------
 * @static
 * @access public
 +----------------------------------------------------------
 * @return void
 +----------------------------------------------------------
 */
 static function start()
 {
     session_start();
     if (!isset($_SESSION['__HTTP_Session_Info'])) {
         $_SESSION['__HTTP_Session_Info'] = HTTP_SESSION_STARTED;
     } else {
         $_SESSION['__HTTP_Session_Info'] = HTTP_SESSION_CONTINUED;
     }
     Session::setExpire(C('SESSION_EXPIRE'));
 }
Exemplo n.º 2
0
 /**
  * 基类初始化操作
  * @author Terry<*****@*****.**>
  * @date 2013-3-25
  */
 public function _initialize()
 {
     $langSet = C('DEFAULT_LANG');
     //        echo "<pre>";print_r(MODULE_NAME);exit;
     // 读取当前模块语言包
     if (is_file(LANG_PATH . $langSet . '/' . MODULE_NAME . '.php')) {
         L(include LANG_PATH . $langSet . '/' . MODULE_NAME . '.php');
     }
     //判断用户是否登陆
     $this->doCheckLogin();
     $bm = array();
     $bm['url'] = MODULE_NAME;
     $bm['module'] = L(MODULE_NAME);
     $bm['action'] = L(MODULE_NAME . '_' . ACTION_NAME);
     $this->assign('breadcrumbs', $bm);
     import('ORG.Util.Session');
     $this->assign("uid", session("admin"));
     $admin_access = D('Config')->getCfgByModule('ADMIN_ACCESS');
     if (intval($admin_access['EXPIRED_TIME']) > 0 && Session::isExpired()) {
         unset($_SESSION[C('USER_AUTH_KEY')]);
         unset($_SESSION);
         session_destroy();
     }
     if (intval($admin_access['EXPIRED_TIME']) > 0) {
         Session::setExpire(time() + $admin_access['EXPIRED_TIME'] * 60);
     }
     if (C('USER_AUTH_ON') && !in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE')))) {
         $rbac = new Arbac();
         if (!$rbac->AccessDecision()) {
             //检查认证识别号
             if (!$_SESSION[C('USER_AUTH_KEY')]) {
                 //跳转到认证网关
                 redirect(PHP_FILE . C('USER_AUTH_GATEWAY'));
             }
             // 没有权限 抛出错误
             if (C('RBAC_ERROR_PAGE')) {
                 // 定义权限错误页面
                 redirect(C('RBAC_ERROR_PAGE'));
             } else {
                 if (C('GUEST_AUTH_ON')) {
                     $this->assign('jumpUrl', PHP_FILE . C('USER_AUTH_GATEWAY'));
                 }
                 // 提示错误信息
                 $this->error(L('_VALID_ACCESS_'));
             }
         }
     }
     $this->getTop();
     $this->getMenus();
     import('ORG.Util.Page');
 }
Exemplo n.º 3
0
 /**
  * 基类初始化操作
  * @author Terry<*****@*****.**>
  * @date 2013-3-25
  */
 public function _initialize()
 {
     $this->doCheckLogin();
     $this->_name = $this->getActionName();
     $langSet = C('DEFAULT_LANG');
     //读取公共语言包
     L(include LANG_PATH . $langSet . '/Common.php');
     // 读取当前模块语言包
     if (is_file(LANG_PATH . $langSet . '/' . MODULE_NAME . '.php')) {
         L(include LANG_PATH . $langSet . '/' . MODULE_NAME . '.php');
     }
     //判断用户是否登陆
     $ary_get = $this->_get();
     $module = $ary_get['_URL_'][1] ? $ary_get['_URL_'][1] : "Index";
     $action = $ary_get['_URL_'][2] ? $ary_get['_URL_'][2] : "index";
     if (!empty($module) && !empty($action)) {
         $array_where = array();
         $array_where['action'] = $action;
         $array_where['module'] = $module;
         $array_where['status'] = '1';
         $array_where['is_show'] = '1';
         $rolenode = D("RoleNode")->where($array_where)->order('sort asc')->find();
         if (!empty($rolenode) && is_array($rolenode)) {
             $navid = $rolenode['nav_id'];
         } else {
             $node = D("RoleNode")->where(array('module' => $module, 'action' => array('NEQ', ''), 'status' => '1'))->order('sort asc')->find();
             $navid = $node['nav_id'];
             $module = $node['module'];
             $action = $node['action'];
         }
     }
     $this->assign("modulename", $module);
     $this->assign("actionname", $action);
     $this->assign("navid", $navid);
     $navname = D("RoleNav")->where(array('id' => $navid))->find();
     session("navname", $navname['name']);
     $rolenav = M('RoleNav')->field(C('DB_PREFIX') . 'role_nav.name,' . C('DB_PREFIX') . 'role_node.*')->join(C('DB_PREFIX') . 'role_node ON ' . C('DB_PREFIX') . 'role_nav.id = ' . C('DB_PREFIX') . 'role_node.`nav_id`')->where(C('DB_PREFIX') . 'role_nav.id =  "' . $navid . '" AND ' . C('DB_PREFIX') . 'role_node.`action` =  "' . $action . '" AND ' . C('DB_PREFIX') . 'role_node.`module` =  "' . $module . '"')->find();
     if (!empty($rolenav) && is_array($rolenav)) {
         cookie("menuid", $rolenav['id']);
     }
     import('ORG.Util.Session');
     $this->assign("uid", session("admin"));
     $admin_access = D('Config')->getCfgByModule('ADMIN_ACCESS');
     if (intval($admin_access['EXPIRED_TIME']) > 0 && Session::isExpired()) {
         unset($_SESSION[C('USER_AUTH_KEY')]);
         unset($_SESSION);
         session_destroy();
     }
     if (intval($admin_access['EXPIRED_TIME']) > 0) {
         Session::setExpire(time() + $admin_access['EXPIRED_TIME'] * 60);
     }
     if (C('USER_AUTH_ON') && !in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE')))) {
         $rbac = new Arbac();
         if (!$rbac->AccessDecision()) {
             //检查认证识别号
             if (!$_SESSION[C('USER_AUTH_KEY')]) {
                 //跳转到认证网关
                 redirect(PHP_FILE . C('USER_AUTH_GATEWAY'));
             }
             // 没有权限 抛出错误
             if (C('RBAC_ERROR_PAGE')) {
                 // 定义权限错误页面
                 redirect(C('RBAC_ERROR_PAGE'));
             } else {
                 if (C('GUEST_AUTH_ON')) {
                     $this->assign('jumpUrl', PHP_FILE . C('USER_AUTH_GATEWAY'));
                 }
                 // 提示错误信息
                 $this->error(L('_VALID_ACCESS_'));
             }
         }
     }
     $this->getTop();
     $this->getMenus($navid);
     $this->_Breadcrumb($navid);
     import('ORG.Util.Page');
     import('ORG.Util.Tree');
     import('ORG.Util.Dir');
 }
Exemplo n.º 4
0
 /**
      +----------------------------------------------------------
 * 登录检测
      +----------------------------------------------------------
 */
 public function checkLogin()
 {
     if (empty($_POST['admin_name'])) {
         $this->error(L('ADMIN_NAME_REQUIRE'));
     } elseif (empty($_POST['admin_pwd'])) {
         $this->error(L('ADMIN_PWD_REQUIRE'));
     } elseif (empty($_POST['verify'])) {
         $this->error(L('VERIFY_REQUIRE'));
     }
     //生成认证条件
     $map = array();
     // 支持使用绑定帐号登录
     $map['admin_name'] = $_POST['admin_name'];
     $map["status"] = array('gt', 0);
     if ($_SESSION['verify'] != md5($_POST['verify'])) {
         $this->error(L('VERIFY_ERROR'));
     }
     import('@.ORG.RBAC');
     $auth_info = RBAC::authenticate($map);
     //使用用户名、密码和状态的方式进行认证
     if (false === $auth_info) {
         $this->saveLog(0, 0);
         $this->error(L('ADMIN_NAME_NOT_EXIST'));
     } else {
         if ($auth_info['admin_pwd'] != md5($_POST['admin_pwd'])) {
             $this->saveLog(0, 0);
             $this->error(L('ADMIN_PWD_ERROR'));
         }
         Session::setExpire(time() + fanweC("EXPIRED_TIME") * 60);
         $_SESSION[C('USER_AUTH_KEY')] = $auth_info['id'];
         $_SESSION['admin_name'] = $auth_info['admin_name'];
         $_SESSION['last_time'] = $auth_info['last_time'];
         $_SESSION['login_count'] = $auth_info['login_count'];
         if ($auth_info['admin_name'] == fanweC('SYS_ADMIN')) {
             $_SESSION[C('ADMIN_AUTH_KEY')] = true;
         }
         //保存登录信息
         $admin = M(C('USER_AUTH_MODEL'));
         $ip = getClientIp();
         $time = gmtTime();
         $data = array();
         $data['id'] = $auth_info['id'];
         $data['last_login_time'] = $time;
         $data['login_count'] = array('exp', 'login_count + 1');
         $data['last_login_ip'] = $ip;
         $admin->save($data);
         // 缓存访问权限
         RBAC::saveAccessList();
         $this->saveLog(1, 0);
         $this->success(L('LOGIN_SUCCESS'));
     }
 }
Exemplo n.º 5
0
 /**
  * 用户登陆操作
  * @author Terry <*****@*****.**>
  * @date 2013-3-23
  */
 public function doLogin()
 {
     $ary_post = $this->_post();
     $code = D('Config')->getCfgByModule('CODE_SET');
     if (empty($ary_post['username'])) {
         $this->error(L('PlEASE_USERNAME'));
     } else {
         if (empty($ary_post['passwd'])) {
             $this->error(L('PlEASE_PASSWD'));
         }
     }
     if (!empty($code['BALOGIN']) && $code['BALOGIN'] == '1') {
         if (empty($ary_post['code']) || trim($ary_post['code']) == "验证码") {
             $this->error(L('PlEASE_CODE'));
         }
     }
     //生成认证条件
     $map = array();
     // 支持使用绑定帐号登录
     $map['u_name'] = $ary_post['username'];
     $map["u_status"] = array('gt', 0);
     $verify = session("code");
     if (!empty($code['BALOGIN']) && $code['BALOGIN'] == '1') {
         if ($verify != md5($ary_post['code'])) {
             $this->error(L('CODE_ERROR'));
         }
     }
     $admin_access = D('Config')->getCfgByModule('ADMIN_ACCESS');
     $exitTime = $admin_access['EXPIRED_TIME'];
     $rbac = new Arbac();
     import('ORG.Util.Session');
     $auth_info = $rbac->authenticate($map);
     if (empty($auth_info)) {
         $this->error(L('ACCOUNT_EXIT_DISABLED'));
     } else {
         if ($auth_info['u_passwd'] != md5($ary_post['passwd'])) {
             $this->error(L('PASSWD_ERROR'));
         }
         Session::setExpire(time() + $exitTime * 60);
         $_SESSION[C('USER_AUTH_KEY')] = $auth_info['u_id'];
         $_SESSION['admin_name'] = $auth_info['u_name'];
         $_SESSION['pic'] = $auth_info['u_photo'];
         $_SESSION['last_time'] = $auth_info['u_lastlogin_time'];
         $_SESSION['u_countlog'] = $auth_info['u_countlog'];
         if ($auth_info['u_name'] == $admin_access['SYS_ADMIN']) {
             $_SESSION[C('ADMIN_AUTH_KEY')] = true;
         }
         //保存登录信息
         $admin = M(C('USER_AUTH_MODEL'));
         $ip = get_client_ip();
         $time = date("Y-m-d H:i:s");
         $data = array();
         $data['u_lastlogin_time'] = $time;
         $data['u_countlog'] = array('exp', 'u_countlog + 1');
         $data['u_ip'] = $ip;
         $_SESSION['ip'] = $ip;
         $admin->where(array('u_name' => $ary_post['username']))->save($data);
         // 缓存访问权限
         $rbac->saveAccessList();
         $ary_data = array();
         $admin_log = M("AdminLog");
         $ary_data['u_id'] = $auth_info['u_id'];
         $ary_data['u_name'] = $auth_info['u_name'];
         $ary_data['log_ip'] = $ip;
         $ary_data['log_create'] = $time;
         $admin_log->add($ary_data);
         //将菜单控制台写入COOKIE
         $rolenav = M('RoleNav')->field('id')->where(array('name' => '控制台'))->find();
         cookie("nav_id", $rolenav['id']);
         $this->success(L('LOGIN_SUCCESS'));
     }
 }
Exemplo n.º 6
0
 function _initialize()
 {
     /* 对用户传入的变量进行转义操作。*/
     if (MAGIC_QUOTES_GPC) {
         if (!empty($_GET)) {
             $_GET = stripslashesDeep($_GET);
         }
         if (!empty($_POST)) {
             $_POST = stripslashesDeep($_POST);
         }
         $_COOKIE = stripslashesDeep($_COOKIE);
         $_REQUEST = stripslashesDeep($_REQUEST);
     }
     $this->assign('module_name', MODULE_NAME);
     $this->assign('action_name', ACTION_NAME);
     $langSet = C('DEFAULT_LANG');
     // 定义当前语言
     define('FANWE_LANG_SET', strtolower($langSet));
     $this->assign('default_lang', FANWE_LANG_SET);
     // 读取项目公共语言包
     if (is_file(LANG_PATH . $langSet . '/common.php')) {
         L(include LANG_PATH . $langSet . '/common.php');
     }
     // 读取当前模块语言包
     if (is_file(LANG_PATH . $langSet . '/' . MODULE_NAME . '.php')) {
         L(include LANG_PATH . $langSet . '/' . MODULE_NAME . '.php');
     }
     $this->assign('ur_href', L(MODULE_NAME) . ' > ' . L(MODULE_NAME . '_' . ACTION_NAME));
     if (Session::isExpired()) {
         unset($_SESSION[C('USER_AUTH_KEY')]);
         unset($_SESSION);
         session_destroy();
     }
     Session::setExpire(time() + fanweC("EXPIRED_TIME") * 60);
     // 用户权限检查
     if (C('USER_AUTH_ON') && !in_array(MODULE_NAME, explode(',', C('NOT_AUTH_MODULE')))) {
         import('@.ORG.RBAC');
         if (!RBAC::AccessDecision()) {
             //检查认证识别号
             if (!$_SESSION[C('USER_AUTH_KEY')]) {
                 //跳转到认证网关
                 redirect(PHP_FILE . C('USER_AUTH_GATEWAY'));
             }
             // 没有权限 抛出错误
             if (C('RBAC_ERROR_PAGE')) {
                 // 定义权限错误页面
                 redirect(C('RBAC_ERROR_PAGE'));
             } else {
                 if (C('GUEST_AUTH_ON')) {
                     $this->assign('jumpUrl', PHP_FILE . C('USER_AUTH_GATEWAY'));
                 }
                 // 提示错误信息
                 if (intval($_REQUEST['ajax']) == 2) {
                     echo L('_VALID_ACCESS_');
                     exit;
                 } else {
                     $this->assign("jumpUrl", u("Index/main"));
                     $this->error(L('_VALID_ACCESS_'));
                 }
             }
         }
     }
 }
 static function start()
 {
     if (isset($_POST[self::name()]) && !empty($_POST[self::name()])) {
         self::id(trim($_POST[self::name()]));
     }
     if (isset($_POST[C('COOKIE_PREFIX') . 'username']) && !empty($_POST[C('COOKIE_PREFIX') . 'username'])) {
         $_COOKIE[C('COOKIE_PREFIX') . 'username'] = trim($_POST[C('COOKIE_PREFIX') . 'username']);
     }
     if (isset($_POST[C('COOKIE_PREFIX') . 'tokey']) && !empty($_POST[C('COOKIE_PREFIX') . 'tokey'])) {
         $_COOKIE[C('COOKIE_PREFIX') . 'tokey'] = trim($_POST[C('COOKIE_PREFIX') . 'tokey']);
     }
     session_start();
     Session::setExpire(C('COOKIE_EXPIRE'));
 }