示例#1
0
 public function index()
 {
     $m = M('auth_rule');
     $field = 'id,name,title';
     $where['pid'] = 0;
     //顶级ID
     $where['status'] = 1;
     //显示状态
     $data = $m->field($field)->where($where)->select();
     $auth = new Auth();
     //没有权限的菜单不显示
     foreach ($data as $k => $v) {
         if (!$auth->check($v['name'], session('aid')) && session('aid') != 1) {
             unset($data[$k]);
         } else {
             // status = 1    为菜单显示状态
             $data[$k]['sub'] = $m->field($field)->where('pid=' . $v['id'] . ' AND status=1')->select();
             $data[$k]['default_name'] = $data[$k]['sub']['0']['name'];
             $data[$k]['default_title'] = $data[$k]['sub']['0']['title'];
             foreach ($data[$k]['sub'] as $k2 => $v2) {
                 if (!$auth->check($v2['name'], session('aid')) && session('aid') != 1) {
                     unset($data[$k]['sub'][$k2]);
                 }
             }
         }
     }
     $this->assign('data', $data);
     // 顶级
     $this->display();
 }
示例#2
0
 protected function _initialize()
 {
     $auth = new Auth();
     if ($auth->check()) {
         $this->error("对不起,您没有权限", "login", 2);
     }
 }
示例#3
0
 protected function _initialize()
 {
     $this->_name = CONTROLLER_NAME;
     if (isLogin()) {
         define('AID', isLogin());
         $this->uid = decrypt(cookie('admin_id'));
         $this->admin_name = decrypt(cookie('admin_name'));
         $this->assign('admin_name', $this->admin_name);
     } else {
         $this->redirect('Public/login');
         exit;
     }
     import('ORG.Util.Auth');
     //加载类库
     $auth = new Auth();
     if (in_array(isLogin(), C("ADMINISTRATOR"))) {
         return true;
     } else {
         if ($auth->check(CONTROLLER_NAME . '-*', isLogin())) {
             true;
         } elseif (!$auth->check(CONTROLLER_NAME . '-' . ACTION_NAME, isLogin())) {
             echo CONTROLLER_NAME . '-' . ACTION_NAME;
             die;
             $this->error('你没有权限');
         }
     }
 }
 public function admin_list()
 {
     $admin = M('admin');
     $val = I('val');
     $auth = new Auth();
     $this->assign('testval', $val);
     if ($val) {
         $map['admin_username'] = array('like', "%" . $val . "%");
     }
     $count = $admin->where($map)->count();
     // 查询满足要求的总记录数
     $Page = new \Think\Page($count, C('DB_PAGENUM'));
     // 实例化分页类 传入总记录数和每页显示的记录数
     foreach ($map as $key => $val) {
         $Page->parameter[$key] = urlencode($val);
     }
     $show = $Page->show();
     // 分页显示输出
     $admin_list = $admin->where($map)->order('admin_id')->limit($Page->firstRow . ',' . $Page->listRows)->select();
     foreach ($admin_list as $k => $v) {
         $group = $auth->getGroups($v['admin_id']);
         $admin_list[$k]['group'] = $group[0]['title'];
     }
     $this->assign('admin_list', $admin_list);
     $this->assign('page', $show);
     $this->display();
 }
示例#5
0
文件: function.php 项目: noikiy/ypx
/**
 * AUTH认证类检测权限
 * @param int $uid 会员id
 * @param string $controller 控制器名称
 * @param string $action 方法名称
 * @param string $sign 数据库标识符
 * @return boolean 成功true 失败false
 */
function checkAuth($uid, $controller = CONTROLLER_NAME, $action = ACTION_NAME, $sign = "-")
{
    $name = $controller . $sign . $action;
    import('ORG.Util.Auth');
    //加载类库
    $auth = new Auth();
    $result = $auth->check($name, $uid);
    return $result;
}
示例#6
0
 protected function _initialize()
 {
     $auth = new Auth();
     if (!session('userName')) {
         $this->error('您尚未登陆', U('/Home/Index/index'));
     }
     if (!$auth->check()) {
         $this->error('您没有此操作权限');
     }
 }
示例#7
0
 protected function _initialize()
 {
     if (!session('admin')) {
         $this->redirect('Login/index');
     }
     $Auth = new Auth();
     if (!$Auth->check(MODULE_NAME . '/' . CONTROLLER_NAME . '/', session('id'))) {
         echo "<span style='color : red;'>对不起,您没有权限操作此栏目!</span>";
         exit;
     }
 }
示例#8
0
 public function _initialize()
 {
     if (!session('uid')) {
         //如果权限SESSION值为空则跳转进入登入界面
         $this->error('跳转登入页面', U('Home/Login/Index'));
     }
     $auth = new Auth();
     //初始化Auth类
     //MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME 模块/控制器/方法
     //MOUDLE_NAME.'-'.ACTION_NAME 模块/方法
     if (!$auth->check(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME, session('uid'))) {
         $this->error('你没有权限');
     }
 }
 /**
  * 执行行为 run方法是Behavior唯一的接口
  * @access public
  * @param mixed $params 行为参数
  * @return void
  */
 public function run(&$params)
 {
     // 进行权限认证逻辑 如果认证通过 $return = true;
     if (UID == C('ADMINISTRATOR')) {
         buildMenu();
         $params = true;
     } else {
         $controllerName = CONTROLLER_NAME;
         $auth = new Auth();
         if (!$auth->check($controllerName, UID) && !in_array($controllerName, C('NO_AUTH_CHECK'))) {
             A('Public')->noauth();
         } else {
             $params = true;
         }
     }
 }
示例#10
0
 protected function _initialize()
 {
     $sess_auth = session('auth');
     if (!$sess_auth) {
         $this->error('非法访问,请登录', U('Index/index'));
     }
     //超级管理员权限
     if ($sess_auth['uid'] == 1) {
         return true;
     }
     //其他权限
     $auth = new Auth();
     if (!$auth->check(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME, $sess_auth['uid'])) {
         $this->error('没有权限');
     }
 }
 public function _initialize()
 {
     parent::_initialize();
     //session不存在时,不允许直接访问
     if (!session('aid')) {
         $this->error('还没有登录,正在跳转到登录页', U('Public/login'));
     }
     //当前操作的请求                 模块名/方法名
     if (in_array(CONTROLLER_NAME . '/' . ACTION_NAME, $this->not_check)) {
         return true;
     }
     //下面代码动态判断权限
     $auth = new Auth();
     if (!$auth->check(CONTROLLER_NAME . '/' . ACTION_NAME, session('aid')) && session('aid') != 1) {
         $this->error('没有权限');
     }
 }
示例#12
0
 protected function _initialize()
 {
     $session = session('auth');
     if (!$session) {
         $this->error('非法访问', U('Login/index'));
     }
     if ($session['id'] == 1) {
         return true;
     }
     $auth = new Auth();
     if (!$auth->check(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME, $session['id'])) {
         $this->error('没有权限', U('Login/index'));
     }
     /* if($session['id']){
            return true;
        } */
 }
示例#13
0
 protected function _initialize()
 {
     $sess_auth = session('auth');
     if (!$sess_auth) {
         $this->error('非法访问!正在跳转登录页面!', U('Login/index'));
     }
     //如果是超级管理员 就不用验证权限 这里的1要通过用户数据库
     if ($sess_auth['uid'] == 1) {
         return true;
         //返回true 直接进入 表单提交页 后台首页
     }
     $auth = new Auth();
     //权限控制 主要针对2 和 3
     //2是test没有权限进入后台首页  退出      3是guest 有权限进入后台首页
     if (!$auth->check(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME, $sess_auth['uid'])) {
         $this->error('没有权限', U('Login/logout'));
     }
 }
示例#14
0
 protected function _initialize()
 {
     //session不存在时,不允许直接访问
     if (!session('aid')) {
         $this->error('还没有登录,正在跳转到登录页', U('Login/login'));
     }
     //session存在时,不需要验证的权限
     $not_check = array('Index/index', 'Index/main', 'Index/clear_cache', 'Index/edit_pwd', 'Index/logout', 'Admin/admin_list', 'Admin/admin_list', 'Admin/admin_edit', 'Admin/admin_add');
     //当前操作的请求                 模块名/方法名
     if (in_array(CONTROLLER_NAME . '/' . ACTION_NAME, $not_check)) {
         return true;
     }
     //下面代码动态判断权限
     $auth = new Auth();
     if (!$auth->check(CONTROLLER_NAME . '/' . ACTION_NAME, session('aid')) && session('aid') != 1) {
         $this->error('没有权限');
     }
 }
示例#15
0
 public function _initialize()
 {
     //登录判定
     if (!session('aid') || !session('a_role')) {
         $this->error('你还没有登录,请先登录', U('Login/Login/index'));
     }
     //角色判定
     if (session('a_role') != "ideaer") {
         $url = ucfirst(session('a_role')) . "/Index/index";
         $this->error("You are not an ideaer.", U($url));
     }
     //权限检查
     $auth = new Auth();
     $rules = MODULE_NAME . "/" . CONTROLLER_NAME . "/" . ACTION_NAME;
     if (!$auth->check($rules, session('aid'))) {
         $this->error("你没有权限", U("Ideaer/Index/index"));
     }
 }
 /**
  * 后台控制器初始化
  */
 protected function _initialize()
 {
     //检查用户登入
     if (!session('?' . C('USER_AUTH_KEY'))) {
         $this->redirect('Public/login');
     }
     //判断是否为超级管理员 若是,则跳过权限检查
     if (session('uname') == C('ADMIN_AUTH_KEY')) {
         return TRUE;
     }
     //检查用户权限
     $auth = new Auth();
     $module_name = CONTROLLER_NAME . '/' . ACTION_NAME;
     if (!$auth->check($module_name, session(C('USER_AUTH_KEY')))) {
         $this->error(L('_VALID_ACCESS_'));
     }
     // url 语言参数
     $this->vl = $vl = LANG_SET == accept_lang() ? '' : C('VAR_LANGUAGE') . '=' . LANG_SET;
     $this->assign('vl', $vl);
     //多语言操作html
     $this->clang = $clang = cookie('lang');
     $langs = '<div id="lang"><div class="btn btn-app btn-xs btn-purple ace-settings-btn">';
     $langs .= '<span class="glyphicon glyphicon-globe"></span></div><div class="lang-list">';
     foreach (S('langs') as $value) {
         if (I('get.lang')) {
             $btncolor = I('get.lang') == $value['value'] ? 'btn-primary' : 'btn-light';
         } else {
             if ($clang) {
                 $btncolor = $value['value'] == $clang ? 'btn-primary' : 'btn-light';
             } else {
                 $btncolor = $value['value'] == LANG_SET ? 'btn-primary' : 'btn-light';
             }
         }
         $langs .= '<a class="btn btn-xs ' . $btncolor . ' mr5 mb5" href="' . urlh($vl . '&lang=' . $value['value']) . '" ';
         $langs .= 'onclick="load(event,this)">' . $value['name'] . '</a>';
     }
     $langs .= '</div></div>';
     $this->assign('langs', S('langs') ? $langs : '');
     //多语言操作cookie
     if (array_key_exists('lang', I('get.'))) {
         cookie('lang', I('get.lang'));
     }
     $this->assign('clang', $clang);
 }
示例#17
0
 public function _initialize()
 {
     //用户登陆信息检测处理
     $sess_User = session('user');
     if (!is_array($sess_User)) {
         $this->error('您还未登录 ' . C('TITLE'), U('Login/index'));
     }
     session('login_time', time());
     //超级管理员免验证
     if ($sess_User['info']['uid'] == C("ADMIN")) {
         return true;
     }
     //检查普通用户权限
     $AuthModel = new Auth();
     if (!$AuthModel->check(CONTROLLER_NAME . '/' . ACTION_NAME, $sess_User['info']['uid'])) {
         echo "<div style='padding:10px;'>没有权限</div>";
         exit;
     }
 }
 protected function _initialize()
 {
     //自动运行,为了判断左侧导航、右侧导航的选中状态,S为导航ID
     session('se', I('se'));
     //session不存在时,不允许直接访问
     if (!$_SESSION['aid']) {
         $this->error('还没有登录,正在跳转到登录页', U('Admin/Login/login'));
     }
     //session存在时,不需要验证的权限
     $not_check = array('Index/index', 'Login/login', 'Sys/runsys', 'Sys/runemail', 'Sys/admin_list_add', 'Sys/admin_list_edit', 'Sys/admin_list_runedit', 'Sys/admin_list_del', 'Sys/admin_list_runedit', 'Sys/ruleorder', 'Sys/admin_rule_add', 'Sys/admin_rule_del', 'Sys/admin_rule_edit', 'Sys/admin_rule_runedit', 'Sys/admin_rule_state', 'Sys/admin_group_state', 'Sys/admin_group_access', 'Sys/admin_group_del', 'Sys/admin_group_edit', 'Sys/admin_group_runaccess');
     //用户组设置:状态、配置、删除、修改
     //当前操作的请求                 模块名/方法名
     if (in_array(CONTROLLER_NAME . '/' . ACTION_NAME, $not_check)) {
         return true;
     }
     //下面代码动态判断权限
     $auth = new Auth();
     if (!$auth->check(CONTROLLER_NAME . '/' . ACTION_NAME, $_SESSION['aid']) && $_SESSION['aid'] != 1) {
         $this->error('没有权限', 0, 0);
     }
 }
示例#19
0
 protected function _initialize()
 {
     $auth = new Auth();
     $admin = session("admin");
     if (!$admin) {
         $this->error("请先登录!", U("Login/login"));
     }
     //超级管理员有全部权限
     if ($admin['priv_id'] == 1) {
         return true;
     }
     $url = MODULE_NAME . "/" . CONTROLLER_NAME . "/" . ACTION_NAME;
     //默认都有访问后台首页的权限
     $filter_auth = array(MODULE_NAME . "/" . "Index/index", MODULE_NAME . "/" . "Index/top", MODULE_NAME . "/" . "Index/menu", MODULE_NAME . "/" . "Index/main", MODULE_NAME . "/" . "Index/drag");
     if (in_array($url, $filter_auth)) {
         return true;
     }
     if (!$auth->check($url, $admin['admin_id'])) {
         $this->error("没权限访问");
     }
 }
示例#20
0
 public function getLeftMenu()
 {
     $sess_Uid = session('uid');
     $Auth = new Auth();
     $AuthGroups = $Auth->getGroups($sess_Uid);
     foreach ($AuthGroups as $v) {
         $AuthRules[] = $v['rules'];
     }
     $AuthRules = implode(',', $AuthRules);
     $where = array('rule_id' => I('id', '', 'int'), 'display' => 1, 'id' => array('in', $AuthRules));
     $table_AuthRule = M("AuthRule")->where($where)->order("sort asc")->field("id,title")->select();
     foreach ($table_AuthRule as $k => $v) {
         $where = array('rule_id' => $v['id'], 'display' => 1, 'id' => array('in', $AuthRules));
         $table_AuthRule_son = M("AuthRule")->where($where)->order("sort asc")->field("id,title as text,cls,name as url")->select();
         foreach ($table_AuthRule_son as $k2 => $v2) {
             $table_AuthRule_son[$k2]['url'] = __MODULE__ . "/" . $v2['url'];
             $table_AuthRule_son[$k2]['type'] = true;
             $table_AuthRule_son[$k2]['iconCls'] = $v2['cls'];
         }
         $table_AuthRule[$k]['children'] = $table_AuthRule_son;
     }
     $this->ajaxReturn($table_AuthRule);
 }
						<span class="btn btn-info"></span>

						<span class="btn btn-warning"></span>

						<span class="btn btn-danger"></span>
					</div>
				</div><!-- /.sidebar-shortcuts -->

				<ul class="nav nav-list">
<?php 
use Common\Controller\AuthController;
use Think\Auth;
$m = M('auth_rule');
$field = 'id,name,title,css';
$data = $m->field($field)->where('pid=0 AND status=1')->order('sort')->select();
$auth = new Auth();
foreach ($data as $k => $v) {
    if (!$auth->check($v['name'], cookie('aid')) && cookie('aid') != 1) {
        unset($data[$k]);
    }
}
?>

<?php 
if (is_array($data)) {
    foreach ($data as $key => $v) {
        ?>
<li class="<?php 
        if (CONTROLLER_NAME == $v['name']) {
            ?>
active open<?php 
 public function admin_edit()
 {
     if (!empty($_POST)) {
         //修改所属组
         $access = M('auth_group_access');
         if (empty($_POST['group_id'])) {
             $this->error('请选择用户组');
         }
         $result = $access->where('uid=' . $_POST['id'])->find();
         if (empty($result)) {
             $map['uid'] = $_POST['id'];
             $map['group_id'] = $_POST['group_id'];
             $access->add($map);
         } else {
             $save['group_id'] = $_POST['group_id'];
             $access->where('uid=' . $_POST['id'])->save($save);
         }
         $data['id'] = $_POST['id'];
         $data['mobile'] = $_POST['mobile'];
         $data['email'] = $_POST['email'];
         if ($_POST['status'] >= 0) {
             $data['status'] = $_POST['status'];
         }
         $m = M('admin');
         $result = $m->where('id=' . $data['id'])->save($data);
         if ($result === false) {
             $this->error('修改失败');
         } else {
             $this->success('修改成功');
         }
     } else {
         $m = M('admin');
         $result = $m->where('id=' . I('id'))->find();
         //获取当前所属组
         $auth = new Auth();
         $group = $auth->getGroups($result['id']);
         $result['title'] = $group[0]['title'];
         $result['group_id'] = $group[0]['group_id'];
         $this->assign('vo', $result);
         //获取所有组
         $m = M('auth_group');
         $group = $m->order('id DESC')->select();
         $this->assign('group', $group);
         $this->display();
     }
 }
	<div class="sidebar-shortcuts" id="sidebar-shortcuts">
	<!--四个毫无意义的按钮-->
		<div class="sidebar-shortcuts-large" id="sidebar-shortcuts-large">
			<button class="btn btn-success"><i class="ace-icon fa fa-signal"></i></button>
			<button class="btn btn-info"><i class="ace-icon fa fa-pencil"></i></button>
			<button class="btn btn-warning"><i class="ace-icon fa fa-users"></i></button>
			<button class="btn btn-danger"><i class="ace-icon fa fa-cogs"></i></button>
		</div>
	</div>
	<ul class="nav nav-list">
		<?php 
use Common\Controller\AuthController;
use Think\Auth;
$auth_rule = M('auth_rule');
$menu = $auth_rule->field("id,name,pid,title,css")->where('status=1')->order('sort')->select();
$auth = new Auth();
foreach ($menu as $k => $v) {
    if (!$auth->check($v['name'], $_SESSION['aid']) && $_SESSION['aid'] != 1) {
        unset($menu[$k]);
    }
}
$menu = getMenu($menu);
?>
		<?php 
if (is_array($menu)) {
    foreach ($menu as $key => $vo) {
        ?>
<li class="<?php 
        if (CONTROLLER_NAME == $vo['name']) {
            ?>
active open<?php