/** * 初始化 */ public function init() { parent::init(); $this->topic = new TopicModel(); $this->referer = isset($_SERVER["HTTP_REFERER"]) ? str_replace('http://' . $_SERVER['HTTP_HOST'], '', $_SERVER["HTTP_REFERER"]) : '/admin/index/index'; //设置白名单(在白名单内不需要tid,否则需要提供tid //这样可以避免在专题相关的控制器和方法中再次判断 用户对专题权限 $url_arr = array("/admin/topic/index", "/admin/topic/index/", "/admin/topicdata/index", "/admin/topicdata/index/", "/admin/topic/add/", "/admin/topic/add", "/admin/topicdata/trashindex", "/admin/topicdata/trashindex/"); if (!in_array($_SERVER['REQUEST_URI'], $url_arr)) { $tid = $this->getRequest()->getQuery("tid"); //如果不存在tid 非法请求 if (!$tid) { Alert::danger("非法请求"); Yaf_Controller_Abstract::redirect("/admin/topic/index/"); exit; } //根据tid查询当前用户是否是管理员或者是该专题的所有者,如果不是则提示权限不足 if (!$this->checkrole($tid)) { Alert::danger("权限不足"); Yaf_Controller_Abstract::redirect("/admin/topic/index/"); exit; } } //判断是否是管理员 并赋值给模板 $this->getView()->assign("is_admin", $this->is_admin()); }
/** * 将专题文章导出为excel表格 */ public function export2excelAction() { $data = []; $where = ''; $startTime = $this->getRequest()->getQuery('starttime') ? $this->getRequest()->getQuery('starttime') : date('Ymd', time()); $endTime = $this->getRequest()->getQuery('endtime') ? $this->getRequest()->getQuery('endtime') : date('Ymd', time()); if (!$this->is_admin()) { $where .= "userid=" . $this->_user['uid']; $where .= " AND status=1"; } else { $where .= " status=1"; } if ((int) $this->getRequest()->getQuery('tid')) { $tid = (int) $this->getRequest()->getQuery('tid'); $data['topic_name'] = $this->topic->get('topic', 'topic_name', ['topic_id' => $tid]); $where .= " AND tid= '{$tid}'"; } else { Alert::danger("参数错误"); Yaf_Controller_Abstract::redirect($this->referer); exit; } if ($this->getRequest()->getPost('sid')) { $where .= " AND sid=" . $this->getRequest()->getPost('sid'); $this->getView()->assign('sid', $this->getRequest()->getPost('sid')); } elseif ($this->getRequest()->getQuery('sid')) { $where .= " AND sid=" . $this->getRequest()->getQuery('sid'); $this->getView()->assign('sid', $this->getRequest()->getQuery('sid')); } //判断是否有搜索条件 if ($this->getRequest()->getPost('id', 0)) { $where .= " AND id=" . $this->getRequest()->getPost('id'); $this->getView()->assign('id', $this->getRequest()->getPost('id')); } if ($this->getRequest()->getPost('title', 0)) { $where .= " AND title LIKE '%" . $this->getRequest()->getPost('title'); $where .= "%'"; $this->getView()->assign('title', $this->getRequest()->getPost('title')); } if ($startTime && $endTime) { $startTime = strtotime($startTime . '000000'); $endTime = strtotime($endTime . '235959'); if ($startTime < $endTime) { $where .= " AND (inputtime BETWEEN '{$startTime}' AND '{$endTime}')"; } else { Alert::danger("参数错误"); Yaf_Controller_Abstract::redirect($this->referer); exit; } } else { Alert::danger("参数错误"); Yaf_Controller_Abstract::redirect($this->referer); exit; } $where2 = $where; $where .= " ORDER BY id ASC"; $sql = "SELECT id,title,tid,sid,userid,username,status,inputtime FROM topic_data WHERE {$where}"; //echo $sql; $data['data'] = $this->topic->query($sql); //获取专题path foreach ($data['data'] as $k => $v) { $data['data'][$k]['topic_path'] = $this->topic->get("topic", "topic_path", ["topic_id" => $v['tid'], "LIMIT" => 1]); } unset($where); //获取当期用户所有的栏目 if (!$this->is_admin()) { $where['userid'] = $this->_user['uid']; } $where['ORDER'] = ["parent_id ASC", "id ASC"]; $subclass_list = $this->topic->select('topic_subclass', ['id', 'title', 'path'], $where); foreach ($subclass_list as $k => $v) { $subclass[$v['id']] = $v; } $this->getView()->assign('subclass', $subclass); $this->getView()->assign('subclass_list', $subclass_list); $this->getView()->assign('data', $data); }
/** * 编辑角色 * @param void * @return void */ public function editAction() { $role_detail = array(); //角色ID $role_id = intval($this->getRequest()->getPost("rid", 0)); if (!$role_id) { Yaf_Controller_Abstract::redirect("/admin/role/index/"); exit; } $role_detail['role_id'] = $role_id; //角色名 $name = trim($this->getRequest()->getPost('name', 0)); if (!$name) { Yaf_Controller_Abstract::redirect("/admin/role/add?id=" . $role_id); exit; } $role_detail['role_name'] = $name; //角色状态 $status = intval($this->getRequest()->getPost('status', 0)); $role_detail['is_forbid'] = $status; //角色描述 $description = trim($this->getRequest()->getPost('description', 0)); if (!$description) { Yaf_Controller_Abstract::redirect('/admin/role/add?id=' . $role_id); exit; } $role_detail['role_description'] = $description; //添加时间 $role_detail['add_time'] = date('Y-m-d H:i:s'); $result = $this->db_role->modify_role($role_detail); if (!$result) { Yaf_Controller_Abstract::redirect("/admin/role/add?id=" . $role_id); exit; } else { echo "<script>alert('保存成功');location.href='/admin/role/index/'</script>"; } exit; }
/** * 删除栏目 * @param void * @return void */ function deleteAction() { //接收参数 $category_id = (int) $_GET['cid']; //暂不考虑管理员权限 if ($category_id) { $result = $this->category->delete_category($category_id); if (!$result) { Alert::danger('删除失败'); Yaf_Controller_Abstract::redirect("/admin/category/index/"); } else { Alert::success('删除成功'); Yaf_Controller_Abstract::redirect("/admin/category/index/"); } } else { Yaf_Controller_Abstract::redirect("/admin/category/index/"); } exit; }
/** * 编辑页面 * @author zhangteng */ public function updateAction() { $data = []; //如果有数据提交就插入数据库 if ($this->getRequest()->isPost()) { $id = intval($this->getRequest()->getPost('id')); $page['description'] = trim($this->getRequest()->getPost('desc')); $page['keywords'] = trim($this->getRequest()->getPost('keywords')); $page['replace_words'] = trim($this->getRequest()->getPost('replace')); $ret = $this->Keyword->replace_keywords_update($id, $page); //更新成功页面跳转 if ($ret !== false) { $referer = $this->redirect($this->getRequest()->getPost('referer')); Alert::success("更新成功"); Yaf_Controller_Abstract::redirect("/admin/replace/index"); exit; } } else { //展示编辑页面 $data['referer'] = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '/admin/keyword/index'; $id = intval($this->getRequest()->getQuery('id')); //根据id取数据并展示在页面上 if ($page = $this->Keyword->get_article_Keywords($id)) { $this->getView()->assign('id', $id); $this->getView()->assign('data', $data); $this->getView()->assign('page', $page); } else { //失败跳回上一页 Yaf_Controller_Abstract::redirect("/admin/replace/index"); } } }
/** * 初始化 * @param void * @return void */ protected function init() { //获取配置信息 $this->config = Yaf_Application::app()->getConfig(); //缓存信息 $this->redis = Yaf_Registry::get('redis'); $this->memcache = Yaf_Registry::get('memcache'); //cookie信息 $this->cookie = array('cookie_pre' => Yaf_Registry::get('config')->get('cookie')->pre, 'cookie_path' => Yaf_Registry::get('config')->get('cookie')->path, 'cookie_domain' => Yaf_Registry::get('config')->get('cookie')->domain); //用户模型初始化 $this->db_user = new UserModel(); $this->db_menu = new MenuModel(); $this->db_privilege = new PrivilegeModel(); //检查终端cookie if (isset($_COOKIE[$this->cookie['cookie_pre'] . 'user_auth']) && $_COOKIE[$this->cookie['cookie_pre'] . 'user_auth']) { $user_auth_cleartext = core::authcode($_COOKIE[$this->cookie['cookie_pre'] . 'user_auth'], 'DECODE'); list($this->_user['uid'], $this->_user['username'], $this->_user['roleid']) = explode('\\t', $user_auth_cleartext); } //路由地址 $request_info = Yaf_Controller_Abstract::getRequest(); $request_info = get_object_vars($request_info); //登陆状态 if (intval($this->_user['uid'])) { if (strtolower($request_info['module']) == 'admin' && strtolower($request_info['controller']) == 'user' && strtolower($request_info['action']) == 'login') { Yaf_Controller_Abstract::redirect("/admin/index/index/"); } $this->getView()->assign('user_profile', $this->_user); //权限控制 if ($this->_user['roleid'] == 1) { //超级管理员,权限无限制 } else { session_start(); if (!(isset($_SESSION['cms']['privilege_allowed_url']) && count($_SESSION['cms']['privilege_allowed_url']))) { //获取授权的url $privilege_list = (array) $this->db_privilege->get_role_privilege_list($this->_user['roleid']); //权限map $privilege_id_list = array(); foreach ($privilege_list as $key => $value) { $privilege_id_list[] = $value['privilege_id']; } $privilege_map_list_result = $this->db_privilege->get_privilege_detail($privilege_id_list); $privilege_map_list = array(); foreach ($privilege_map_list_result as $key => $value) { $privilege_map_list[$value['privilege_id']]['url'] = $value['url']; $privilege_map_list[$value['privilege_id']]['page_url'] = $value['page_url']; } //格式化url列表 $allowed_url = array(); $allowed_page = array(); foreach ($privilege_list as $key => $value) { $allowed_url[] = $privilege_map_list[$value['privilege_id']]['url']; if ($privilege_map_list[$value['privilege_id']]['page_url']) { $allowed_page[] = $privilege_map_list[$value['privilege_id']]['page_url']; } } $allowed_url[] = "/admin/index/index"; $this->_user['privilege_list'] = $_SESSION['cms']['privilege_allowed_url'] = $allowed_url; $this->_user['privilege_page_list'] = $_SESSION['cms']['privilege_allowed_page'] = $allowed_page; } else { $this->_user['privilege_page_list'] = $_SESSION['cms']['privilege_allowed_page']; $this->_user['privilege_list'] = $_SESSION['cms']['privilege_allowed_url']; } //不检查的动作列表 $privilege_not_check_list = array('/admin/user/deallogout'); //不检查的页面列表 $page_not_check_list = array('/admin/index/index'); //检查授权 $current_url = '/' . strtolower($request_info['module']) . '/' . strtolower($request_info['controller']) . '/' . strtolower($request_info['action']); if (in_array($current_url, $privilege_not_check_list) or in_array($current_url, $page_not_check_list)) { //过滤不检查的动作 和 页面 } else { if (!in_array($current_url, array_merge($this->_user['privilege_list'], $this->_user['privilege_page_list']))) { $referer = $_SERVER['HTTP_REFERER']; echo "<script>alert('权限不足,操作失败,若操作,请联系管理员');location.href='{$referer}'</script>"; exit; } } } } else { //访问控制 $allowed_controller = array('user'); $allowed_action = array('login', 'deallogin', 'logout', 'code', 'forgetpassword', 'dealforgetpassword', 'resetpassword', 'getcode'); if (!(in_array(strtolower($request_info['controller']), $allowed_controller) && in_array(strtolower($request_info['action']), $allowed_action))) { //redirect到登陆页 Yaf_Controller_Abstract::redirect('/admin/user/login'); } } // var_dump($current_privilege_list,$current_menu_list,$current_menu_id);die; //菜单信息 $menu_list = array(); $top_menu = array(); $menu_list = $this->db_menu->get_menu_list(); //格式化菜单 $menu_format = array(); foreach ($menu_list as $key => $value) { if (!$value['parent_id']) { $top_menu[] = $value; } } foreach ($top_menu as $key => $value) { $parent_id = $value['menu_id']; $tmp_arr1 = array(); foreach ($menu_list as $k => $v) { if ($v['parent_id'] == $parent_id && in_array($v['url'], array_merge($this->_user['privilege_list'], $this->_user['privilege_page_list'])) || $v['parent_id'] == $parent_id && $this->_user['roleid'] == 1) { $tmp_arr1[] = $v; unset($menu_list[$k]); } } // a 2 2 5var_dump(array_merge($this->_user['privilege_list'], $this->_user['privilege_page_list'])); $tmp_arr2['top'] = $value; $tmp_arr2['child'] = $tmp_arr1; if ($this->_user['roleid'] != 1 && count($tmp_arr2['child']) == 0) { unset($tmp_arr2); continue; } $menu_format[] = $tmp_arr2; } $this->getView()->assign('menu_list', $menu_format); }
/** * 编辑页面 * @author zhangteng */ public function dateAction() { $data = []; $id = intval($this->getRequest()->getQuery('id')); //展示栏目分类 $this->getView()->assign('categorys', $this->category->categoryList(NULL, 0, 50, 'orderid', ['catid', 'catname'])); //如果有数据提交就插入数据库 if ($this->getRequest()->isPost()) { $id = intval($this->getRequest()->getPost('id')); $page['title'] = $this->getRequest()->getPost('title'); $page['catid'] = intval($this->getRequest()->getPost('catid')); $page['description'] = $this->getRequest()->getPost('desc'); $page['url'] = filter_var($this->getRequest()->getPost('url'), FILTER_VALIDATE_URL) ? $this->getRequest()->getPost('url') : ''; $page['updatetime'] = $_SERVER['REQUEST_TIME']; $page['content'] = $this->getRequest()->getPost('content'); $ret = $this->page->page_update($id, $page); //更新成功页面跳转 if ($ret) { echo "<script>alert('更新成功');</script>"; $this->redirect($this->getRequest()->getPost('referer')); } } else { //展示编辑页面 $data['referer'] = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '/admin/page/index'; //根据id取数据并展示在页面上 if ($page = $this->page->getPageById($id)) { $data['page'] = $page; $this->getView()->assign('data', $data); } else { //失败跳回上一页 Yaf_Controller_Abstract::redirect("/admin/page/index"); } } }
/** * * @param string $tpl the default tpl the controller used; this will be override to use the general admin layout * @param array $parameters parameters of the view * * @return string the render layout including the page (component) */ protected function render($tpl, array $parameters = array()) { if ($tpl == 'edit' || $tpl == 'confirm' || $tpl == 'logdetails') { return parent::render($tpl, $parameters); } $tpl = 'index'; //check with active menu we are on $parameters['active'] = $this->getRequest()->getActionName(); if ($this->getRequest()->getActionName() == "index") { $parameters['active'] = ""; } if ($this->getRequest()->getActionName() == "tabledate") { $parameters['active'] = $this->_request->getParam("table"); } $parameters['title'] = $this->title; $parameters['baseUrl'] = $this->baseUrl; return $this->getView()->render($tpl . ".phtml", $parameters); }
public function articlesettingAction() { exit; if ($this->getRequest()->getPost('dosubmit', 0)) { $data = $this->getRequest()->getPost('config'); if ($data) { foreach ($data as $key => $value) { $this->db_config->update_option(['conf_value' => $value], ['conf_name' => $key]); } Alert::success("操作成功"); Yaf_Controller_Abstract::redirect($this->referer); exit; } } else { $data = $this->db_config->get_config(); $this->getView()->assign("data", $data); } }
/** * 处理保存密码 * @param void * @return void */ public function dealAddProtectAction() { $question = intval($this->getRequest()->getPost("question", 0)); $user_detail['question'] = $question; $answer = trim($this->getRequest()->getPost('answer', 0)); $user_detail['answer'] = $answer; if (!($question && $answer)) { if (!$question && !$answer) { } else { Yaf_Controller_Abstract::redirect("/admin/user/setPasswordProtect"); exit; } } $result = $this->user->update_admin_user($user_detail, $this->_user['uid']); if ($result) { echo "<script>alert('保存成功');location.href='/admin/user/setPasswordProtect'</script>"; } else { Yaf_Controller_Abstract::redirect("/admin/user/setPasswordProtect"); exit; } exit; }
/** * 改变专题状态 */ public function changeTopicStatusAction() { (int) ($topic_id = $this->getRequest()->getQuery('tid')); $data['is_show'] = $this->getRequest()->getQuery('isshow'); if (!$topic_id) { Alert::danger("非法请求"); Yaf_Controller_Abstract::redirect($this->referer); exit; } //判断当前操作者是否具有权限 if (!$this->checkrole($topic_id)) { Alert::danger("权限错误"); Yaf_Controller_Abstract::redirect($this->referer); exit; } if ($this->topic->update('topic', $data, ['topic_id' => $topic_id])) { Alert::success("操作成功"); Yaf_Controller_Abstract::redirect($this->referer); } else { Alert::danger("操作失败"); Yaf_Controller_Abstract::redirect($this->referer); } exit; }
/** * 改变子类的状态 */ public function changeSubStatus() { $subclass_id = $this->getRequest()->getQuery('sid'); if (!$subclass_id) { Alert::danger("非法请求"); Yaf_Controller_Abstract::redirect($this->referer); exit; } //判断当前操作者是否具有权限 if (!$this->checkrole($subclass_id, "topic_subclass")) { Alert::danger("权限出错"); Yaf_Controller_Abstract::redirect($this->referer); exit; } $data['status'] = $this->getRequest()->getQuery('status'); if ($this->topic->update_subclass($subclass_id, $data)) { Alert::success("权限出错"); } else { Alert::danger("权限出错"); } Yaf_Controller_Abstract::redirect("/admin/topicsubclass/index/"); exit; }
public function editAction() { //判断是否添加 if (trim($this->getRequest()->getPost('document_submit', 0))) { //获取数据 $document_id = trim($this->getRequest()->getPost('document_id', 0)); $pageId = $this->getRequest()->getPost('document_pageid', 0); $table_name = $this->getRequest()->getPost('table_name', 0); //**************依据模型处理与模型关联的数据表********************** $docData = $this->getRequest()->getPost(); $document_catid = trim($this->getRequest()->getPost('document_catid', 0)); if (!$document_catid) { echo '<script>alert("请选择正确的所属栏目!");window.history.go(-1);</script>'; exit; } $document_detail = (array) $this->db_category->get_category_detail($document_catid); $modelid = $document_detail[0]['modelid']; $where = array("AND" => array("status" => 1, "modelid" => $modelid)); //获取该模型的所有启用字段 $fields = $this->db_modelFields->get_column_by_where("field", $where); //自动接收表单数据并过滤 foreach ($docData as $key => $val) { if (in_array($key, $fields)) { $data[$key] = trim($val); } } if (in_array('updatetime', $fields)) { $data['updatetime'] = $_SERVER['time']; } if (in_array('uid', $fields)) { $data['uid'] = $this->_user['uid']; } if (in_array('thumb', $fields)) { $fileInfo = $this->getRequest()->getFiles(); // var_dump($fileInfo); $filename = image::safe_name($fileInfo['thumb']['name'], '/uploadfile/image/'); $data['thumb'] = image::thumb($fileInfo['thumb']['tmp_name'], '/uploadfile/image/' . $filename); } $data['catid'] = $document_catid; // var_dump($data);die; //判断数据是否正常 if (isset($data['title']) && empty($data['title'])) { echo '<script>alert("请填写标题!");window.history.go(-1);</script>'; exit; } if (isset($data['content']) && empty($data['content'])) { echo '<script>alert("请填写内容!");window.history.go(-1);</script>'; exit; } //将数据添加到表中 if ($table_name == 'news') { $content = $data['content']; unset($data['content']); if ($this->db_document->document_update($document_id, $data, $table_name) && $this->db_document->document_update($document_id, array('content' => $content), 'news_data') || $this->db_document->document_update($document_id, $data, $table_name) || $this->db_document->document_update($document_id, array('content' => $content), 'news_data')) { echo '<script>alert("操作成功");window.location.href="/admin/document/index?' . $pageId . '";</script>'; } else { echo '<script>alert("操作失败");window.history.go(-1);</script>'; } } else { if ($id = $this->db_document->document_update($document_id, $data, $table_name)) { echo '<script>alert("操作成功");window.location.href="/admin/document/index?' . $pageId . '";</script>'; } else { echo '<script>alert("操作失败");window.history.go(-1);</script>'; } } exit; } else { Yaf_Controller_Abstract::redirect("/admin/document/index"); exit; } }
/** * 给角色添加权限 * @param void * @return void */ public function addPrivilegeForRoleAction() { $role_id = intval($this->getRequest()->getPost("role_id", 0)); if (!$role_id) { Yaf_Controller_Abstract::redirect("/admin/role/index/"); } $privilege_list = $this->getRequest()->getPost('privilege_item', 0); if (!(isset($privilege_list) && count($privilege_list))) { Yaf_Controller_Abstract::redirect("/admin/privilege/index?rid=" . $role_id); } //先清空该角色所有权限 $this->db_privilege->delete_privilege_for_role($role_id); $result = $this->db_privilege->add_privilege_for_role($role_id, $privilege_list); if ((int) $result[0]) { echo "<script>alert('保存成功');location.href='/admin/role/index/'</script>"; } else { Yaf_Controller_Abstract::redirect("/admin/privilege/index?rid=" . $role_id); } exit; }