Пример #1
0
 public static function verify_login_in($username, $password, $logintype = 2)
 {
     if ($logintype == 1) {
         $password_md5 = md5($password);
     } elseif ($logintype == 2) {
         $password_md5 = $password;
     } elseif ($logintype == 3) {
         $password_md5 = $password;
     }
     $select = "SELECT * FROM gamebi_admin_user WHERE `user_name`='{$username}' and `password`='{$password_md5}'";
     if (pm_db::query($select)) {
         $data = pm_db::num_rows();
         if ($data > 0) {
             $auth_key = self::get_user_agent();
             $auth_password = $password;
             $auth_username = $username;
             $cookie_value = authcode($auth_username . ':' . $auth_key . ':' . $auth_password, $operation = 'ENCODE');
             $cookie_expire = time() + 7200;
             //20分钟
             $cook_pre = AUTH_KEY . '_admin_auth';
             $_COOKIE[$cook_pre] = $cookie_value;
             setcookie(AUTH_KEY . '_admin_auth', $cookie_value, $cookie_expire, PATH_COOKIE);
             defined('USERNAME') || define('USERNAME', $username);
             $row_info = pm_db::fetch_one();
             defined('TRUENAME') || define('TRUENAME', $row_info['truename']);
             defined('ADMINLEVEL') || define('ADMINLEVEL', $row_info['level']);
             defined('ADMINUSERID') || define('ADMINUSERID', $row_info['user_id']);
             defined('ISSUPERADMIN') || define('ISSUPERADMIN', $row_info['is_super']);
             if (ADMINLEVEL == 1) {
                 defined('If_manager') || define('If_manager', 1);
                 $rightset = array();
             } else {
                 defined('If_manager') || define('If_manager', 0);
                 $rightset = array();
                 $rightset = r_unserialize($row_info['rights']);
                 $crmi = strpos($row_info['rights'], "crmhome_index");
                 $summary = strpos($row_info['rights'], 'summarybutton');
                 defined('CRM') || define('CRM', $crmi);
                 defined('SUMMARY') || define('SUMMARY', $summary);
                 $sys_con = self::get_control();
                 //用户当前进行的操作
                 if (empty($sys_con) || $sys_con['c'] == 'login' || $sys_con['c'] == 'securimage' || globalrt($sys_con) || $_GET['c'] == 'tweet') {
                 } else {
                     $if_auth = false;
                     foreach ($rightset as $k => $v) {
                         if (is_int(strrpos($k, 'fl111'))) {
                             $ka = explode('fl111', $k);
                             foreach ($ka as $v) {
                                 $rt = self::getrt($v);
                                 if ($rt == $sys_con) {
                                     $if_auth = true;
                                 }
                             }
                         } else {
                             $rt = self::getrt($k);
                             if ($rt == $sys_con) {
                                 $if_auth = true;
                             }
                         }
                     }
                     if ($if_auth) {
                         return true;
                     } else {
                         $sourceurl = $_SERVER['HTTP_REFERER'];
                         if ($sourceurl == 'http://gamebi.feiliu.com/?c=login&a=menu' || $sourceurl == '?c=login&a=menu') {
                             $sourceurl = '?c=login&a=welcome';
                         }
                         $error = '抱歉,您没有对应的操作权限,如有所需,请联系管理员。';
                         $http = $sourceurl;
                         $stop_loop = 0;
                         //没权限不跳转
                         self::message($error, $http);
                         exit;
                     }
                 }
             }
             $admin_recordfile = PATH_ADMIN_LOG_PATH . "/admin_log_" . date('Y-m-d') . ".php";
             $onlineip = get_client_ip();
             $new_record = "<?die;?>|{$username}|***|Logging Failed|{$onlineip}|" . time() . "|\n";
             //登陆次数限制
             //writeover($admin_recordfile,$new_record,"ab");
             return true;
         } else {
             self::log_error_login($username, $password);
             setcookie(AUTH_KEY . '_admin_auth', 0, 100, '/', PATH_COOKIE);
             pm_tpl::assign('error', '账号或密码错误');
             pm_tpl::display('login');
             exit;
         }
     }
 }
Пример #2
0
 public function allot()
 {
     $username = $_GET['user'];
     $user_id = $_GET['user_id'];
     $uinfo = mod_member::get_oneamdinbyuser_id($user_id);
     if ($uinfo['user_name'] != $username) {
         mod_login::message('对不起,非法操作');
     }
     if ($_POST['submit']) {
         $sright = r_serialize(forrightserialize($_POST['action_code']));
         mod_member::saverights($sright, $user_id);
         mod_login::message('权限赋予成功');
     } else {
         $rightlist = mod_menu::get_user_action();
         $haveright = mod_member::get_right($user_id);
         $role['action_list'] = forunrightserialize(r_unserialize($haveright));
         pm_tpl::assign('priv_arr', $rightlist);
         pm_tpl::assign('role', $role);
         pm_tpl::assign('uinfo', $uinfo);
         pm_tpl::assign('ur_here', '分派权限');
         $action_link = array('href' => '?c=member&a=member_list', 'text' => '管理员列表');
         pm_tpl::assign('action_link', $action_link);
         pm_tpl::display('member_allot');
     }
 }
function r_unserialize($str, $array = array(), $i = 1)
{
    $str = explode("\n{$i}\n", $str);
    foreach ($str as $key => $value) {
        $k = substr($value, 0, strpos($value, "\t"));
        $v = substr($value, strpos($value, "\t") + 1);
        if (strpos($v, "\n") !== false) {
            $next = $i + 1;
            $array[$k] = r_unserialize($v, $array[$k], $next);
        } elseif (strpos($v, "\t") !== false) {
            $array[$k] = r_array($array[$k], $v);
        } else {
            $array[$k] = $v;
        }
    }
    return $array;
}
Пример #4
0
 public static function get_user_menus($user_id, $r = false)
 {
     $right = forunrightserialize(r_unserialize(self::get_right($user_id)));
     $menu = array();
     foreach ($right as $v) {
         $nv = explode('fl111', $v);
         foreach ($nv as $nvv) {
             $menuinfo = pm_db::fetch_result("SELECT * FROM iosadm_menu WHERE actioncode='{$nvv}' AND status=1");
             if (!$menuinfo) {
                 continue;
             }
             /*if($menuinfo['parent_id']) $menu[$menuinfo['parent_id']] = 1;
             		$menu[$menuinfo['menu_id']] = 1;*/
             $menu[] = $menuinfo;
         }
     }
     return $menu;
 }