public function saveconfigAction()
{
$config = $this->adminService->getSystemConfig();
$params = $this->_getAllParams();
$newConfig = array_merge($config, $params);
$this->log->debug("Config updated to " . print_r($params, true));
$this->adminService->saveConfig($newConfig);
// exit();
$this->redirect('admin');
}
/**
* 权限验证
*/
protected function chekcAuth()
{
$admin_service = new AdminService();
$controller = $this->request->getControllerName();
$action = $this->request->getActionName();
//登录页面和验证码不需要权限验证
if ($controller == 'admin' && ($action == 'login' || $action == 'captcha') || $controller == 'index' || empty($controller)) {
return true;
}
//验证用户是否登录
if ($admin_service->checkLogin() == false) {
return $this->redirect('/admin/login');
}
if ($admin_service->checkAuth($controller, $action) == false) {
if ($this->request->isAjax()) {
return $this->showJson(403, '对不起,您没有权限。');
} else {
echo "对不起,您没有权限。";
exit;
}
}
}
<?php
require_once 'AdminService.class.php';
$id = $_POST['id'];
$password = $_POST['password'];
$adminService = new AdminService();
$name=$adminService->checkAdmin($id,$password);
if($name!="") {
header("Location: empManage.php?name=$name");
exit();
} else {
header("Location:login.php?errno=1");
exit();
}
?>
</li>
</ul>
<div class="move-bg"></div>
</div>
</div>
<div class="daohang">
<div class="menu">
<ul>
<li class="menu-item_cur"><a href="http://localhost/healthyone/view/accountManage.php">审核认证</a></li>
</ul>
</div>
</div>
<div class="content">
<?php
require '../model/adminService.class.php';
$res = AdminService::findAllSpecial();
while ($item = $res->fetchArray(SQLITE3_ASSOC)) {
echo "\t<div class='item'> \n\t\t<form name='consult' method='post' action='http://localhost/healthyOne/controller/accountProcess.php?operation=2'>\n\t\t\t<p class='name'><b>" . $item['USERNAME'] . " (" . $item['TYPE'] . ")" . "</b></p>\n\t\t\t<p class='profile'>" . $item['INTRODUCTION'] . "</p>";
echo "<input type='hidden' name='id' value='" . $item['USERNAME'] . "'></input>";
if ($item['ISPASS'] != 1) {
echo "<input class='pass_submit' type='submit' value='通过'/>";
} else {
echo "<input class='pass_submit' type='button' value='已通过'/>";
}
echo "</form>";
echo "</div>";
}
?>
</div>
<script language="javascript">
function firm() {
/**
* Created by PhpStorm.
* User: 宏
* Date: 2016/2/1
* Time: 20:56
*/
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/lavender/model/AdminService.class.php';
if (isset($_POST['username']) && isset($_POST['password']) && $_POST['checkcode']) {
$username = $_POST['username'];
$password = $_POST['password'];
$checkcode = $_POST['checkcode'];
} else {
echo "请求非法";
exit;
}
if ($checkcode != 520) {
echo "<script type='text/javascript'>history.go(-1);alert('内部验证码错误!');</script>";
exit;
}
$adminService = new AdminService();
$res_class = $adminService->AdminLogin($username, $password);
if ($res_class->getUsername()) {
$_SESSION['adminname'] = $res_class->getUsername();
$_SESSION['adminlevel'] = $res_class->getLevel();
header("location:../admin.php");
exit;
} else {
echo "<script type='text/javascript'>history.go(-1);alert('用户名或密码错误!');</script>";
exit;
}
/**
* 登录日志
*/
public function loginlogAction()
{
$request = $this->getRequest();
$admin_service = new AdminService();
$page = (int) $request->getParam('page');
$username = Star_String::escape($request->getParam('username'));
$start_date = trim($request->getParam('start_date'));
$end_date = trim($request->getParam('end_date'));
$start_date = Star_Date::isDate($start_date) == false ? date('Y-m-01') : $start_date;
$end_date = Star_Date::isDate($end_date) == false ? date('Y-m-d') : $end_date;
$start_time = Star_Date::dateToTime($start_date);
$end_time = Star_Date::dateToTime($end_date, false);
$page_size = 20;
$params = array('username' => $username, 'start_time' => $start_time, 'end_time' => $end_time);
$login_data = $admin_service->getLoginLogByPage($page, $page_size, $params);
$this->view->assign(array('page' => $login_data['page'], 'login_logs' => $login_data['login_logs'], 'start_date' => $start_date, 'end_date' => $end_date, 'username' => $username));
}
/**
* 设置csrf_token
*/
protected function _initCsrfToken()
{
$csrf_token = AdminService::getCsrfToken();
$this->view->assign('csrf_token', $csrf_token);
}
<?php
require_once "../service/AdminService.class.php";
//接受用户数据
//1.用户username
$username = $_POST['username'];
//2.密码
$password = $_POST['password'];
//实例化一个AdminService对象
$adminService = new AdminService();
if ($name = $adminService->checkAdmin($username, $password)) {
//合法
session_start();
$_SESSION['username'] = $name;
header("location:/main.php");
} else {
//非法
header("location:/login.php?errno=1");
}
//$res=mysql_query($sql,$conn);
<?php
require '../model/adminService.class.php';
$username = $_POST['username'];
$password = $_POST['password'];
$res = AdminService::check($username, $password);
echo $res;
if ($res) {
$type = AdminService::checkType($username);
Session_start();
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$_SESSION['type'] = $type;
if ($type == 1) {
header("Location: http://localhost/healthyone/view/health.php");
} else {
if ($type == 2) {
header("Location: http://localhost/healthyone/view/consultManage.php");
} else {
if ($type == 3) {
header("Location: http://localhost/healthyone/view/activityManage.php");
}
}
}
exit;
} else {
header("Location: http://localhost/healthyone/index.php?errno=0");
exit;
}
public function actionManageAdmin()
{
$oper = $_POST['oper'];
$vcosAdmin = new VcosAdmin();
$vcosAdmin->admin_id = empty($_POST['admin_id']) ? $_POST['id'] : $_POST['admin_id'];
$vcosAdmin->admin_name = $_POST['admin_name'];
$vcosAdmin->admin_password = $_POST['admin_password'];
$vcosAdmin->admin_email = $_POST['admin_email'];
$vcosAdmin->real_name = $_POST['real_name'];
$vcosAdmin->admin_post = $_POST['admin_post'];
$vcosAdmin->role_id = $_POST['role_name'];
$vcosAdmin->admin_state = $_POST['admin_state'];
switch ($oper) {
case 'add':
AdminService::addAdmin($vcosAdmin);
break;
case 'edit':
AdminService::editAdmin($vcosAdmin);
break;
case 'del':
AdminService::delAdmin($vcosAdmin);
break;
default:
break;
}
}
/**
* 退出
*/
public function loginoutAction()
{
$admin_service = new AdminService();
$admin_service->loginOut();
$this->redirect('/admin/login');
}
<li class="menu-item_cur"><a href="http://localhost/healthyone/view/setting.php">基本信息</a></li>
<li class="menu-item"><a href="http://localhost/healthyone/view/avataSetting.php">头像设置</a></li>
<li class="menu-item"><a href="http://localhost/healthyone/view/passwordSetting.php">修改密码</a></li>
</ul>
</div>
</div>
<?php
require '../model/adminService.class.php';
$name = "";
$sex = 0;
$year = 1915;
$month = 1;
$day = 1;
$hobby = "跑步";
$declaration = "";
$res = AdminService::findAccount($username);
if ($item = $res->fetchArray(SQLITE3_ASSOC)) {
$name = $item['NAME'];
$sex = $item['SEX'];
$array = explode("-", $item['BIRTHDAY']);
$year = $array[0];
$month = $array[1];
$day = $array[2];
$hobby = $item['HOBBY'];
$declaration = $item['DECLARATION'];
}
?>
<div class="content">
<form name="information" method="post" action="http://localhost/healthyOne/controller/accountProcess.php?operation=0">
<p class="item"><b>姓名</b><input id="name_input" type="text" name="name" value="<?php
echo $name;
<?php
require '../model/adminService.class.php';
$username = $_POST['username'];
$password = $_POST['password'];
$type = 1;
if (is_array($_GET) && count($_GET) > 0) {
if (isset($_GET["type"])) {
$type = $_GET["type"];
}
}
$res = AdminService::add($username, $password, $type);
if ($res) {
if ($type == 1) {
AdminService::addCommonUser($username);
header("Location: http://localhost/healthyone/index.php?success=1");
} elseif ($type == 2) {
$introduction = $_POST['introduction'];
$job = $_POST['job'];
echo $job;
AdminService::addSpecialUser($username, $job, $introduction);
header("Location: http://localhost/healthyone/index.php?success=2");
}
exit;
} else {
header("Location: http://localhost/healthyone/view/signUp.php?errno=0");
exit;
}
<?php
try {
$adminOnly = true;
require_once $_SERVER['DOCUMENT_ROOT'] . '/com/initialize.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/com/class/adminService.php';
$adminService = new AdminService();
$errorFields = array();
$ajaxReturn = array('validation' => false, 'error' => false);
if (!isset($_GET['function'])) {
throw new Exception('No function was given.');
} elseif ($_GET['function'] === 'activateJob') {
if (!isset($_GET['jobID']) || !$adminService->isIntR($_GET['jobID'])) {
$errorFields[] = 'jobID';
throw new Exception('validation');
}
$ajaxReturn['data'] = $adminService->activateJob($_GET['jobID']);
} elseif ($_GET['function'] === 'activateUser') {
if (!isset($_GET['userID']) || !$adminService->isIntR($_GET['userID'])) {
$errorFields[] = 'userID';
throw new Exception('validation');
}
$ajaxReturn['data'] = $adminService->activateUser($_GET['userID']);
} elseif ($_GET['function'] === 'createJob') {
if (!isset($_GET['location']) || !$adminService->isStringR($_GET['location'])) {
$errorFields[] = 'location';
}
if (!isset($_GET['job']) || !$adminService->isStringR($_GET['job'])) {
$errorFields[] = 'job';
}
if (!isset($_GET['account']) || !$adminService->isStringR($_GET['account'])) {
$password = $_POST['password'];
$captch_code = $_POST['yzm'];
session_start();
if ($captch_code != $_SESSION['yzm']) {
header("Location:login.php?errno=2");
exit;
}
//3.获取用户是否选中保存id
if (empty($_POST['keep'])) {
if (!empty($_COOKIE['id'])) {
setcookie("id", $id, time() - 100);
}
} else {
setcookie("id", $id, time() + 7 * 2 * 24 * 3600);
}
//实例一个adminService方法
$adminService = new AdminService();
$name = $adminService->chekcAdimn($id, $password);
if ($name != "") {
//合法
// header("Location:empManage.php?name=$name");
session_start();
$_SESSION['loginuser'] = $name;
header("Location:index.php?name={$name}");
//header("Location:top.php?name=$name");
exit;
} else {
//非法
header("Location:login.php?errno=1");
exit;
}
<?php
require_once "../model/adminService.class.php";
$id = $_POST['id'];
$pwd = $_POST['pwd'];
if (!empty($_POST['save_user'])) {
setcookie("id", $id, time() + 3600, "/empManage/views/user");
} else {
//if(!empty($_COOKIE['id'])){
setcookie("id", $id, time() - 200, "/empManage/views/user");
//}
}
$adminService = new AdminService();
if ($adminService->checkAdmin($id, $pwd)) {
header("Location: /empManage/views/user/empManage.php?name=admin");
exit;
} else {
header("Location: /empManage/views/user/login.php?error=1");
exit;
}
<li class="menu-item_cur"><a href="http://localhost/healthyone/view/SpecialSetting.php">基本信息</a></li>
<li class="menu-item"><a href="http://localhost/healthyone/view/specialAvataSetting.php">头像设置</a></li>
<li class="menu-item"><a href="http://localhost/healthyone/view/SpecialPasswordSetting.php">修改密码</a></li>
</ul>
</div>
</div>
<?php
require '../model/adminService.class.php';
$name = "";
$sex = 0;
$year = 1915;
$month = 1;
$day = 1;
$hobby = "跑步";
$declaration = "";
$res = AdminService::findSpecailAccount($username);
if ($item = $res->fetchArray(SQLITE3_ASSOC)) {
$name = $item['NAME'];
$sex = $item['SEX'];
$array = explode("-", $item['BIRTHDAY']);
$year = $array[0];
$month = $array[1];
$day = $array[2];
$hobby = $item['HOBBY'];
$declaration = $item['INTRODUCTION'];
}
?>
<div class="content">
<form name="information" method="post" action="http://localhost/healthyOne/controller/accountProcess.php?operation=3">
<p class="item"><b>姓名</b><input id="name_input" type="text" name="name" value="<?php
echo $name;
} else {
if ($_GET['operation'] == 2) {
$username = $_POST['id'];
$res = AdminService::passSpecialUser($username);
header("Location: http://localhost/healthyone/view/accountManage.php");
exit;
} else {
if ($_GET['operation'] == 3) {
session_start();
$username = $_SESSION["username"];
$name = $_POST['name'];
$sex = $_POST['sex'];
$birthday = $_POST['year'] . "-" . $_POST['month'] . "-" . $_POST['day'];
$hobby = $_POST['hobby'];
$introduction = $_POST['introduction'];
$res = AdminService::modifySpecialUser($username, $name, $sex, $birthday, $hobby, $introduction);
if ($res) {
header("Location: http://localhost/healthyone/view/specialSetting.php?success=1");
exit;
} else {
header("Location: http://localhost/healthyone/view/specailSetting.php?errno=1");
exit;
}
} else {
if ($_GET['operation'] == 4) {
session_start();
$username = $_SESSION["username"];
$file = $_POST['uploadfile'];
echo $file;
}
}
require_once "../service/AdminService.class.php";
//接受用户数据
$oldPassword = $_POST['oldpassword'];
$newPassword = $_POST['newpassword'];
$newPassword2 = $_POST['newpassword2'];
if ($oldPassword == '') {
header("location:/changePassword.php?err=请输入原始密码!");
exit;
}
if ($newPassword == '') {
header("location:/changePassword.php?err=请输入新密码!");
exit;
}
if ($newPassword2 == '') {
header("location:/changePassword.php?err=请输入确认新密码!");
exit;
}
if ($newPassword != $newPassword2) {
header("location:/changePassword.php?err=2次新密码输入不一致!");
exit;
}
//实例化一个AdminService对象
$adminService = new AdminService();
session_start();
$username = $_SESSION['username'];
if ($adminService->ChangePassword($username, $oldPassword, $newPassword)) {
//合法
header("location:/changePassword.php?err=更新成功");
} else {
header("location:/changePassword.php?err=" . $adminService->getErrMessage());
}
<?php
/**
* Created by PhpStorm.
* User: Administrator
* Date: 2016/1/14 0014
* Time: 下午 1:29
*/
header("Content-type: text/html; charset=utf-8");
require_once "AdminService.class.php";
//接收用户的数据
$id = $_POST['id'];
$password = $_POST['password'];
$adminservice = new AdminService();
if ($name = $adminservice->checkAdmin($id, $password)) {
header("Location:empMain.php?name={$name}");
exit;
} else {
header("Location:login.php?errno=1");
exit;
}
/*
$conn = mysqli_connect("localhost","root","090324","empmanage");
if(!$conn){
die("连接失败".mysql_error());
}
$sql = "select password,name from admin where id=$id";
$res = mysqli_query($conn,$sql);
if($row=mysqli_fetch_assoc($res)){
