public function login($uname, $pwd) { $tablename = $this->tablename; if ($this->Isnotempty($uname) && $this->Isnotempty($pwd)) { $uname = \Sham::saddslashes($uname); $row = $this->S->table->{$tablename}->where($this->fileduname . " = '{$uname}'")->getrow(); if (empty($row)) { $this->S->json = true; $this->S->jsonarr = array('code' => -200, 'msg' => '户名不存在'); return false; } else { if ($row[$this->filedpwd] == $this->S->pwdhash($pwd)) { //禁用的用户 if ($row[$this->filedenable] != 1) { $this->S->json = true; $this->S->jsonarr = array('code' => -200, 'msg' => '无效用户'); return false; } //更改登陆信息 $ar = array($this->fileloginip => \Sham::GetIP(), $this->filelogintm => \Sham::T()); //更改数据库激励 $this->S->table->{$tablename}->where($this->fileduname . " = '{$uname}'")->update($ar); //日志记录 //dolog //算法验证保证COOKIE安全 //$filedauthkey $filedgroupid // 604800 = 7*24*60*60 //路径 //可以通用 $tm = time(); $signature = \Sham::signnature($row[$this->fileduname] . $row[$this->filedtname] . $row[$this->filedauthkey] . $row[$this->filedgroupid] . $tm); setCookie('vuser_uname', $row[$this->fileduname], $tm + 604800, '/'); setCookie('vuser_tname', $row[$this->filedtname], $tm + 604800, '/'); setCookie('vuser_authkey', $row[$this->filedauthkey], $tm + 604800, '/'); setCookie('vuser_groupid', $row[$this->filedgroupid], $tm + 604800, '/'); setCookie('vuser_tm', $tm, $tm + 604800, '/'); //记录时间 setCookie('vuser_signature', $signature, $tm + 604800, '/'); //签名算法 return true; } else { $this->S->json = true; $this->S->jsonarr = array('code' => -200, 'msg' => '密码错'); return false; } } } else { $this->S->json = true; $this->S->jsonarr = array('code' => -200, 'msg' => '用户名密码不能为空'); return false; } }
public function update($res) { if (!empty($this->where)) { $wheres = \Sham::getstr($this->where, 0, ' and '); } else { die('where missing'); } $res = \Sham::saddslashes($res); $this->db->autoExecute($this->tablename, $res, 'UPDATE', $wheres); return true; }
/** +---------------------------------------------------------- * // 魔术转义 +---------------------------------------------------------- * 参数:string 需要转义的内容 反函数 stripslashes +---------------------------------------------------------- */ public static function saddslashes($string) { if (is_array($string)) { foreach ($string as $key => $val) { $string[$key] = \Sham::saddslashes($val); } } else { $string = addslashes($string); } return $string; }
public function Umarch_do_user() { if ($this->res) { //用户匹配 $ck = $this->res['roles']; //用户验证仓库 //所有用户 if (in_array('*', $ck)) { $this->p = ['deny' => $this->res['deny'], 'allow' => $this->res['allow']]; return true; } //登陆用户 if (\Seter\Seter::getInstance()->user->islogin()) { if (in_array('@', $ck)) { $this->p = ['deny' => $this->res['deny'], 'allow' => $this->res['allow']]; return true; } //管理员 if (in_array('?', $ck)) { //查询数据库解决 // $tablename = "g_accessrules"; // $tablename_rulelib = "g_rulelib"; //获取表名 $tablename = C('Rbacdb')['accessrules']; $tablename_rulelib = C('Rbacdb')['accessrules_lib']; $uname = \Sham::saddslashes(\Seter\Seter::getInstance()->request->cookie['vuser_uname']); $where_ = $this->Module ? "rule_module = '{$this->Module}'" : '1'; $where_ .= "and rule_action = '{$this->Action}'\n and rule_controller = '{$this->Controller}'\n and enable = 1"; $where = "uname = '{$uname}' and rid in(\n select rule_id from {$tablename_rulelib} where {$where_}\n )"; $sql = "select * from {$tablename} where {$where}"; $row = \Seter\Seter::getInstance()->db->getrow($sql); if ($row) { $this->p = ['deny' => $row['deny'], 'allow' => $row['allow']]; return true; } } } else { //游客 if (in_array('G', $ck)) { $this->p = ['deny' => $this->res['deny'], 'allow' => $this->res['allow']]; return true; } } //管理员 if (\Seter\Seter::getInstance()->user->isadmin()) { if (in_array('A', $ck)) { $this->p = ['deny' => $this->res['deny'], 'allow' => $this->res['allow']]; return true; } } //+-------------------------------------------- } return false; }
/** * @return mixed * 获取我的用户信息 */ public function getuserinfo($uname = '') { $tablename = $this->tablename; $uname = $uname ?: $this->S->request->cookie['vuser_uname'] ?: ''; if ($this->checkname($uname)) { //用户名监测通过 $uname = \Sham::saddslashes($uname); $row = $this->S->table->{$tablename}->where("{$this->fileduname} = '{$uname}'")->getrow(); //unset($row[$this->filedpwd]); } else { //没通过 $row = []; } return $row; }