|
|
取消了口令卡
- class AdminManageController extends AdminController {
-
- private $db,$role_db;
- function __construct() {
- parent::__construct();
- $this->db = M('Admin');
- $this->role_db = D('Admin_role');
- $this->op = new \Admin\Classes\admin_op();
- }
-
- public function init() {
- $userid = session('user_auth.userid');
- $admin_username = session('user_auth.username');
- $page = $_GET['page'] ? intval($_GET['page']) : '1';
- $infos = $this->db->page($page, 20)->select();
- $pages = $this->db->pages;
- $rolesarr = M('admin_role')->order('roleid asc')->select();//getcache('role');
- $roles = array();
- foreach($rolesarr as $val){
- $roles[$val['roleid']]= $val['rolename'];
- }
- $this->assign('admin_username',$admin_username);
- $this->assign('infos',$infos);
- $this->assign('roles',$roles);
- //var_dump($roles);
- $this->display('admin_list');
- }
- /**
- * 添加管理员
- */
- public function add() {
- if(isset($_POST['dosubmit'])) {
- if($this->check_admin_manage_code()==false){
- showmessage("error auth code");
- }
- $info = array();
- if(!$this->op->checkname($_POST['info']['username'])){
- showmessage(L('admin_already_exists'));
- }
- $info = checkuserinfo($_POST['info']);
- if(!checkpasswd($info['password'])){
- showmessage(L('pwd_incorrect'));
- }
- $encrypt = create_randomstr();
- $password = user_md5($info['password'],$encrypt); //password($info['password']);
- $info['password'] = $password;
- $info['encrypt'] = $encrypt;
- $info['status'] = 1;
- $admin_fields = array('username', 'email', 'password', 'encrypt','roleid','realname','status');
- foreach ($info as $k=>$value) {
- if (!in_array($k, $admin_fields)){
- unset($info[$k]);
- }
- }
- $addres = $this->db->add($info);
- if($addres){
- showmessage(L('operation_success'),'?m=admin&c=admin_manage&a=init');
- }
- } else {
- $roles = $this->role_db->where(array('disabled'=>'0'))->select();
- $admin_manage_code = $this->get_admin_manage_code();
- $this->assign('roles', $roles);
- $this->assign('admin_manage_code', $admin_manage_code);
- $this->display('admin_add');
- }
- }
- /**
- * 修改管理员
- */
- public function edit() {
- if(isset($_POST['dosubmit'])) {
- if($this->check_admin_manage_code()==false){
- showmessage("error auth code");
- }
- $memberinfo = $info = array();
- $info = checkuserinfo($_POST['info']);
- if(isset($info['password']) && !empty($info['password']))
- {
- $this->op->edit_password($info['userid'], $info['password']);
- }
- $userid = $info['userid'];
- $info['status'] = 1;
- $admin_fields = array('username', 'email', 'roleid','realname','status');
- foreach ($info as $k=>$value) {
- if (!in_array($k, $admin_fields)){
- unset($info[$k]);
- }
- }
- $this->db->where(array('userid'=>$userid))->save($info);
- showmessage(L('operation_success'),'','','edit');
- } else {
- $info = $this->db->where(array('userid'=>$_GET['userid']))->find();
- extract($info);
- $roles = $this->role_db->where(array('disabled'=>'0'))->select();
- $show_header = true;
- $admin_manage_code = $this->get_admin_manage_code();
- $this->assign($info);
- $this->assign('admin_manage_code',$admin_manage_code);
- $this->assign('roles',$roles);
- // $this->assign('roleid',session('user_auth.roleid'));
- //print_r($_SESSION);
- $this->display('admin_edit');
- }
- }
-
- public function public_edit_info(){
- $userid = session('user_auth.userid');
-
- //print_r($_SESSION);
- if(isset($_POST['dosubmit'])) {
- $admin_fields = array('email','realname','lang');
- $info = array();
- $info = $_POST['info'];
- if(trim($info['lang'])=='') $info['lang'] = 'zh-cn';
- foreach ($info as $k=>$value) {
- if (!in_array($k, $admin_fields)){
- unset($info[$k]);
- }
- }
- $this->db->where(array('userid'=>$userid))->save($info);
- cookie('sys_lang', $info['lang'],SYS_TIME+86400*30);
- showmessage(L('operation_success'),HTTP_REFERER);
- } else {
- $info = $this->db->where(array('userid'=>$userid))->find();
- extract($info);
-
- $lang_dirs = glob(APP_PATH.'/Common/Lang/*');
- $dir_array = array();
- foreach($lang_dirs as $dirs) {
- $dir_array[] = str_replace(APP_PATH.'/Common/Lang/','',$dirs);
- }
- $this->assign($info);
- $this->assign('dir_array',$dir_array);
- $this->display('admin_edit_info');
-
- }
- }
-
- public function public_edit_pwd(){
-
- $userid = session('user_auth.userid');
- if(isset($_POST['dosubmit'])) {
- $r = $this->db->where(array('userid'=>$userid))->field('password,encrypt')->find();
-
- if ( user_md5($_POST['old_password'],$r['encrypt']) !== $r['password'] ) showmessage(L('old_password_wrong'),HTTP_REFERER);
- if(isset($_POST['new_password']) && !empty($_POST['new_password'])) {
- $this->op->edit_password($userid, $_POST['new_password']);
- }
- showmessage(L('password_edit_succ_logout'),'?m=Admin&c=Public&a=logout');
- } else {
- $info = $this->db->where(array('userid'=>$userid))->find();
- extract($info);
- $this->assign($info);
- $this->display('admin_edit_pwd');
- }
-
- }
- /**
- * 异步检测用户名
- */
- function public_checkname_ajx() {
- $username = isset($_GET['username']) && trim($_GET['username']) ? trim($_GET['username']) : exit(0);
- if ($this->db->field('userid')->where(array('username'=>$username))->find()){
- exit('0');
- }
- exit('1');
- }
-
- /**
- * 异步检测密码
- */
- function public_password_ajx() {
- $userid = session('user_auth.userid');
- $r = array();
- $r = $this->db->field('password,encrypt')->where(array('userid'=>$userid))->find();
- if ( user_md5($_GET['old_password'],$r['encrypt']) == $r['password'] ) {
- exit('1');
- }
- exit('0');
- }
- /**
- * 异步检测emial合法性
- */
- function public_email_ajx() {
- $email = $_GET['email'];
- $userid = session('user_auth.userid');
- $check = $this->db->field('userid')->where(array('email'=>$email))->find();
- if ($check && $check['userid']!=$userid){
- exit('0');
- }else{
- exit('1');
- }
- }
- //电子口令卡
- function card() {
- if (C( 'safe_card') != 1) {
- showmessage(L('your_website_opened_the_card_no_password'));
- }
- $userid = isset($_GET['userid']) && intval($_GET['userid']) ? intval($_GET['userid']) : showmessage(L('user_id_cannot_be_empty'));
- $data = array();
- if ($data = $this->db->where(array('userid'=>$userid))->field('`card`,`username`')->find()) {
- $pic_url = '';
- if ($data['card']) {
- pc_base::load_app_class('card', 'admin', 0);
- $pic_url = card::get_pic($data['card']);
- }
- $show_header = true;
- $this->display('admin_card');
- } else {
- showmessage(L('users_were_not_found'));
- }
- }
- //绑定电子口令卡
- function creat_card() {
- if (C( 'safe_card') != 1) {
- showmessage(L('your_website_opened_the_card_no_password'));
- }
- $userid = isset($_GET['userid']) && intval($_GET['userid']) ? intval($_GET['userid']) : showmessage(L('user_id_cannot_be_empty'));
- $data = $card = '';
- if ($data = $this->db->field( '`card`,`username`')->where(array('userid'=>$userid))->find()) {
- if (empty($data['card'])) {
- pc_base::load_app_class('card', 'admin', 0);
- $card = card::creat_card();
- if ($this->db->update(array('card'=>$card), array('userid'=>$userid))) {
- showmessage(L('password_card_application_success'), '?m=admin&c=admin_manage&a=card&userid='.$userid);
- } else {
- showmessage(L('a_card_with_a_local_database_please_contact_the_system_administrators'));
- }
- } else {
- showmessage(L('please_lift_the_password_card_binding'),HTTP_REFERER);
- }
- } else {
- showmessage(L('users_were_not_found'));
- }
- }
- //解除口令卡绑定
- function remove_card() {
- if (pc_base::load_config('system', 'safe_card') != 1) {
- showmessage(L('your_website_opened_the_card_no_password'));
- }
- $userid = isset($_GET['userid']) && intval($_GET['userid']) ? intval($_GET['userid']) : showmessage(L('user_id_cannot_be_empty'));
- $data = $result = '';
- if ($data = $this->db->get_one(array('userid'=>$userid), '`card`,`username`,`userid`')) {
- pc_base::load_app_class('card', 'admin', 0);
- if ($result = card::remove_card($data['card'])) {
- $this->db->update(array('card'=>''), array('userid'=>$userid));
- showmessage(L('the_binding_success'), '?m=admin&c=admin_manage&a=card&userid='.$userid);
- }
- } else {
- showmessage(L('users_were_not_found'));
- }
- }
- //添加修改用户 验证串验证
- private function check_admin_manage_code(){
- $admin_manage_code = $_POST['info']['admin_manage_code'];
- $pc_auth_key = md5(C('auth_key').'adminuser');
- $admin_manage_code = sys_auth($admin_manage_code, 'DECODE', $pc_auth_key);
- if($admin_manage_code==""){
- return false;
- }
- $admin_manage_code = explode("_", $admin_manage_code);
- if($admin_manage_code[0]!="adminuser" || $admin_manage_code[1]!=$_POST[pc_hash]){
- return false;
- }
- return true;
- }
- //添加修改用户 生成验证串
- private function get_admin_manage_code(){
- $pc_auth_key = md5(C('auth_key').'adminuser');
- $code = sys_auth("adminuser_".$_GET[pc_hash]."_".time(), 'ENCODE', $pc_auth_key);
- return $code;
- }
- }
角色管理
- class RoleController extends AdminController {
- private $db, $priv_db;
- function __construct() {
- parent::__construct();
- $this->db = M('admin_role');
- $this->priv_db = M('admin_role_priv');
- $this->op = new \Admin\Classes\role_op(); //pc_base::load_app_class('role_op');
- }
-
- /**
- * 角色管理列表
- */
- public function init() {
- $infos = $this->db->order('listorder DESC, roleid DESC')->select();
- $this->assign('infos',$infos);
- $this->display('role_list');
- }
-
- /**
- * 添加角色
- */
- public function add() {
- if(isset($_POST['dosubmit'])) {
- if(!is_array($_POST['info']) || empty($_POST['info']['rolename'])){
- showmessage(L('operation_failure'));
- }
- if($this->op->checkname($_POST['info']['rolename'])){
- showmessage(L('role_duplicate'));
- }
- $insert_id = $this->db->add($_POST['info']);
- $this->_cache();
- if($insert_id){
- showmessage(L('operation_success'),'?m=admin&c=role&a=init');
- }
- } else {
- $this->display('role_add');
- }
-
- }
-
- /**
- * 编辑角色
- */
- public function edit() {
- if(isset($_POST['dosubmit'])) {
- $_POST['roleid'] = intval($_POST['roleid']);
- if(!is_array($_POST['info']) || empty($_POST['info']['rolename'])){
- showmessage(L('operation_failure'));
- }
- $this->db->where(array('roleid'=>$_POST['roleid']))->save($_POST['info']);
- $this->_cache();
- showmessage(L('operation_success'),'?m=admin&c=role&a=init');
- } else {
- $info = $this->db->where(array('roleid'=>$_GET['roleid']))->find();
- extract($info);
- $this->assign($info);
- $this->display('role_edit');
- }
- }
-
- /**
- * 删除角色
- */
- public function delete() {
- $roleid = intval($_GET['roleid']);
- if($roleid == '1') showmessage(L('this_object_not_del'), HTTP_REFERER);
- $this->db->where(array('roleid'=>$roleid))->delete();
- $this->priv_db->where(array('roleid'=>$roleid))->delete();
- $this->_cache();
- showmessage(L('role_del_success'));
- }
- /**
- * 更新角色排序
- */
- public function listorder() {
- if(isset($_POST['dosubmit'])) {
- foreach($_POST['listorders'] as $roleid => $listorder) {
- $this->db->where(array('roleid'=>$roleid))->save(array('listorder'=>$listorder));
- }
- showmessage(L('operation_success'));
- } else {
- showmessage(L('operation_failure'));
- }
- }
-
- /**
- * 角色权限设置
- */
- public function role_priv() {
- $this->menu_db = M('menu');
- $siteid = $siteid ? $siteid : self::get_siteid();
- if(isset($_POST['dosubmit'])){
- if (is_array($_POST['menuid']) && count($_POST['menuid']) > 0) {
-
- $this->priv_db->where(array('roleid'=>$_POST['roleid'],'siteid'=>$_POST['siteid']))->delete();
- $menuinfo = $this->menu_db->field('`id`,`m`,`c`,`a`,`data`')->select();
- foreach ($menuinfo as $_v) $menu_info[$_v[id]] = $_v;
- foreach($_POST['menuid'] as $menuid){
- $info = array();
- $info = $this->op->get_menuinfo(intval($menuid),$menu_info);
- $info['roleid'] = $_POST['roleid'];
- $info['siteid'] = $_POST['siteid'];
- $this->priv_db->add($info);
- }
- } else {
- $this->priv_db->where(array('roleid'=>$_POST['roleid'],'siteid'=>$_POST['siteid']))->delete();
- }
- $this->_cache();
- showmessage(L('operation_success'), HTTP_REFERER);
- } else {
- $siteid = intval($_GET['siteid']);
- $roleid = intval($_GET['roleid']);
- if ($siteid) {
- $menu = new \Think\Tree();
- $menu->icon = array('│ ','├─ ','└─ ');
- $menu->nbsp = ' ';
- $result = $this->menu_db->select();
- $priv_data = $this->priv_db->select(); //获取权限表数据
- $modules = 'admin,system';
- foreach ($result as $n=>$t) {
- $result[$n]['cname'] = L($t['name']); //,'',$modules
- $result[$n]['checked'] = ($this->op->is_checked($t,$_GET['roleid'],$siteid, $priv_data))? ' checked' : '';
- $result[$n]['level'] = $this->op->get_level($t['id'],$result);
- $result[$n]['parentid_node'] = ($t['parentid'])? ' class="child-of-node-'.$t['parentid'].'"' : '';
- }
- $str = "<tr id='node-\$id' \$parentid_node>
- <td style='padding-left:30px;'>\$spacer<input type='checkbox' name='menuid[]' value='\$id' level='\$level' \$checked onclick='javascript:checknode(this);'> \$cname</td>
- </tr>";
-
- $menu->init($result);
- $categorys = $menu->get_tree(0, $str);
- }
- $show_header = true;
- $show_scroll = true;
- $this->assign('siteid',$siteid);
- $this->assign('categorys',$categorys);
- $this->assign('priv_data',$priv_data);
- $this->assign('roleid',$roleid);
- //print_r($priv_data);
- $this->display('role_priv');
- }
- }
-
- public function priv_setting() {
- $sites = new \Admin\Classes\sites() ;// pc_base::load_app_class('sites', 'admin');
- $sites_list = $sites->get_list();
- $roleid = intval($_GET['roleid']);
- $this->assign('sites_list',$sites_list);
- $this->assign('roleid',$roleid);
- $this->display('role_priv_setting');
-
- }
- /**
- * 更新角色状态
- */
- public function change_status(){
- $roleid = intval($_GET['roleid']);
- $disabled = intval($_GET['disabled']);
- $this->db->update(array('disabled'=>$disabled),array('roleid'=>$roleid));
- $this->_cache();
- showmessage(L('operation_success'),'?m=admin&c=role');
- }
- /**
- * 成员管理
- */
- public function member_manage() {
- $this->admin_db = M('admin');
- $roleid = intval($_GET['roleid']);
- $roles = getcache('role'); // getcache('role','commons');
- $infos = $this->admin_db->where(array('roleid'=>$roleid))->select();
- $this->assign('roleid',$roleid);
- $this->assign('roles',$roles);
- $this->assign('infos',$infos);
- $this->display('admin_list');
- }
-
- /**
- * 设置栏目权限
- */
- public function setting_cat_priv() {
- $roleid = isset($_GET['roleid']) && intval($_GET['roleid']) ? intval($_GET['roleid']) : showmessage(L('illegal_parameters'), HTTP_REFERER);
- $op = isset($_GET['op']) && intval($_GET['op']) ? intval($_GET['op']) : '';
- $this->assign('roleid',$roleid);
- $this->assign('op',$op);
- switch ($op) {
- case 1:
- $siteid = isset($_GET['siteid']) && intval($_GET['siteid']) ? intval($_GET['siteid']) : showmessage(L('illegal_parameters'), HTTP_REFERER);
- //pc_base::load_app_class('role_cat', '', 0);
- //$role_cat = \Admin\Classes\role_cat;
- $category = \Admin\Classes\role_cat::get_category($siteid);
- //获取角色当前权限设置
- $priv = \Admin\Classes\role_cat::get_roleid($roleid, $siteid);
- //加载tree
- $tree = new \Think\Tree();
- $categorys = array();
- foreach ($category as $k=>$v) {
- if ($v['type'] == 1) {
- $v['disabled'] = 'disabled';
- $v['init_check'] = '';
- $v['add_check'] = '';
- $v['delete_check'] = '';
- $v['listorder_check'] = '';
- $v['push_check'] = '';
- $v['move_check'] = '';
- } else {
- $v['disabled'] = '';
-
- $v['add_check'] = isset($priv[$v['catid']]['add']) ? 'checked' : '';
- $v['delete_check'] = isset($priv[$v['catid']]['delete']) ? 'checked' : '';
- $v['listorder_check'] = isset($priv[$v['catid']]['listorder']) ? 'checked' : '';
- $v['push_check'] = isset($priv[$v['catid']]['push']) ? 'checked' : '';
- $v['move_check'] = isset($priv[$v['catid']]['remove']) ? 'checked' : '';
- $v['edit_check'] = isset($priv[$v['catid']]['edit']) ? 'checked' : '';
- }
- $v['init_check'] = isset($priv[$v['catid']]['init']) ? 'checked' : '';
- $category[$k] = $v;
- }
- $show_header = true;
- $str = "<tr>
- <td align='center'><input type='checkbox' value='1' onclick='select_all(\$catid, this)' ></td>
- <td>\$spacer\$catname</td>
- <td align='center'><input type='checkbox' name='priv[\$catid][]' \$init_check value='init' ></td>
- <td align='center'><input type='checkbox' name='priv[\$catid][]' \$disabled \$add_check value='add' ></td>
- <td align='center'><input type='checkbox' name='priv[\$catid][]' \$disabled \$edit_check value='edit' ></td>
- <td align='center'><input type='checkbox' name='priv[\$catid][]' \$disabled \$delete_check value='delete' ></td>
- <td align='center'><input type='checkbox' name='priv[\$catid][]' \$disabled \$listorder_check value='listorder' ></td>
- <td align='center'><input type='checkbox' name='priv[\$catid][]' \$disabled \$push_check value='push' ></td>
- <td align='center'><input type='checkbox' name='priv[\$catid][]' \$disabled \$move_check value='remove' ></td>
- </tr>";
-
- $tree->init($category);
- $categorys = $tree->get_tree(0, $str);
- $this->assign('categorys',$categorys);
- $this->assign('siteid',$siteid);
- $this->display('role_cat_priv_list');
- break;
-
- case 2:
- $siteid = isset($_GET['siteid']) && intval($_GET['siteid']) ? intval($_GET['siteid']) : showmessage(L('illegal_parameters'), HTTP_REFERER);
- //pc_base::load_app_class('role_cat', '', 0);
- \Admin\Classes\role_cat::updata_priv($roleid, $siteid, $_POST['priv']);
- showmessage(L('operation_success'),'?m=admin&c=role&a=init', '', 'edit');
- break;
-
- default:
- $sites = new \Admin\Classes\sites();
- $sites_list = $sites->get_list();
- $this->assign('sites_list',$sites_list);
- $this->display('role_cat_priv');
- break;
- }
- }
- /**
- * 角色缓存
- */
- private function _cache() {
- $infos = $this->db->select(array('disabled'=>'0'), $data = '`roleid`,`rolename`', '', 'roleid ASC');
- $role = array();
- foreach ($infos as $info){
- $role[$info['roleid']] = $info['rolename'];
- }
- $this->_cache_siteid($role);
- setcache('role', $role);
- return $infos;
- }
-
- /**
- * 缓存站点数据
- */
- private function _cache_siteid($role) {
- $sitelist = array();
- foreach($role as $n=>$r) {
- $sitelistsarr = $this->priv_db->field('siteid')->where(array('roleid'=>$n))->select();
- $sitelists = array();
- foreach($sitelists as $val){
- $sitelists[$val['siteid']] = $val;
- }
- foreach($sitelists as $site) {
- foreach($site as $v){
- $sitelist[$n][] = intval($v);
- }
- }
- }
- if(is_array($sitelist)) {
- $sitelist = @array_map("array_unique", $sitelist);
- setcache('role_siteid', $sitelist);
- }
- return $sitelist;
- }
-
- }
|
|
发表于 2017-11-5 18:19:09
收藏
楼主