public function __construct() { parent::__construct(); $this->controller_name = $this->getC(); $this->action_name = $this->getA(); //post请求做限制判断 if (($this->controller->is_post() || $this->controller->is_ajax()) && $this->_filterToken()) { $result = $this->controller->check_token(false); if (!$result) { $this->ajaxFailureOutput('当前是伪造请求!'); } } //ajax请求就要做CSRF风险控制 if ($this->controller->is_ajax()) { if (empty($this->user()) && $this->_checkLogin()) { $this->controller->ajax_return(constHelper::AJAX_REDIRECT, '请先登录'); } } else { //载入控件编辑函数 InitPHP::getHelper('admin'); //普通页面访问 就只做跳转 if (empty($this->user()) && $this->_checkLogin()) { $this->controller->redirect(base_url('public/login')); } //TODO 做权限验证 if ($this->_filterAuth() && !$this->_checkAuth()) { $this->comError('您的权限不足,不能访问当前页面'); } } }
/** * 添加用户 * @author pwstrick */ public function add() { InitPHP::getHelper('view/user'); $breadcrumbs = array(array(base_url('user/lists'), '用户列表'), array(base_url('user/add'), '用户添加修改')); $form = add_view(); $attrs = array('id' => 'add_view', 'data-uploadify' => 'cover', 'data-ueditor' => 'txtContent', 'data-hiddeniframe' => 'selectCategory'); $form = $this->form_token_view($form, $attrs); $this->view->assign('form', $form); $this->mainFormTemplate('用户添加', $breadcrumbs); }
/** * 添加分组 * @author pwstrick */ public function grouplistadd() { InitPHP::getHelper('view/system'); $id = (int) $this->p('id'); $operate = $this->operateTitle($id); $url = base_url('system/grouplist'); $breadcrumbs = array(array($url, '分组列表'), array(base_url('system/grouplistadd'), $operate . '分组')); $groupModel = InitPHP::getMysqlDao('group', 'mysql/sys'); $group = $groupModel->getRowById($id); if ($this->controller->is_post()) { $row = array('group_name' => $this->p('group_name')); if ($id > 0) { //更新 $affected = $groupModel->updateById($row, $id); } else { $affected = $groupModel->insert($row); } if ($affected > 0) { $this->ajaxSuccessOutput($operate . '分组成功'); } else { $this->ajaxFailureOutput($operate . '分组失败'); } } $form = grouplistadd_view($group); $attrs = array('id' => 'grouplistadd', 'data-href' => $url); $form = $this->form_token_view($form, $attrs); $this->view->assign('form', $form); $this->mainFormTemplate($operate . '分组', $breadcrumbs); }