c8f0197c03a78e7c0d538b6c82e539b7de8648e2.svn-base 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613
  1. <?php
  2. /*
  3. |--------------------------------------------------------------------------
  4. | auth.php 后台管理 权限管理
  5. |--------------------------------------------------------------------------
  6. */
  7. namespace MazeApp\Manage;
  8. use Maze;
  9. use Maze\Session\Save;
  10. use Maze\Security\Internal;
  11. use Maze\Routing\Uri;
  12. class Auth
  13. {
  14. /**
  15. * 后台的session名
  16. *
  17. * @var string
  18. */
  19. private $name;
  20. /**
  21. * save
  22. *
  23. * @var Maze\Plad\Save
  24. */
  25. private $save;
  26. /**
  27. * __construct
  28. *
  29. * @return mixed
  30. */
  31. public function __construct()
  32. {
  33. $this->save = new Save(MAZE_PROJECT, 'cookie');
  34. $this->name = MAZE_PROJECT . '_manage';
  35. }
  36. /**
  37. * 获取角色
  38. *
  39. * @return mixed
  40. */
  41. public function role()
  42. {
  43. $data = Maze::load('/role-list', array('option_name' => '%'.Maze::input('term', 'test').'%'));
  44. if($data)
  45. {
  46. return $data;
  47. }
  48. return array
  49. (
  50. 0 => array('id' => -1, 'value' => '没有找到您搜索的数据', 'label' => '没有找到您搜索的数据'),
  51. );
  52. }
  53. /**
  54. * 获取当前登录的管理员信息
  55. *
  56. * @return mixed
  57. */
  58. public function info()
  59. {
  60. $info = $this->save->get($this->name);
  61. # 插件接管 暂时未实现
  62. //Maze::plugin($this);
  63. return $info;
  64. }
  65. /**
  66. * 获取公告
  67. *
  68. * @return mixed
  69. */
  70. public function notice()
  71. {
  72. $admin = $this->info();
  73. if($admin['config'] && isset($admin['config']['id']) && $admin['config']['id'] > 0)
  74. {
  75. $data = Maze::load('manage/notice-getAll', array('where_config' => $admin['config']['id']));
  76. return $data;
  77. }
  78. return array();
  79. }
  80. /**
  81. * 获取当前登录的管理员信息
  82. *
  83. * @return mixed
  84. */
  85. public function manage()
  86. {
  87. $admin = $this->info();
  88. if($admin && $admin['id'] == 1)
  89. {
  90. return '';
  91. }
  92. return 'display:none;';
  93. }
  94. /**
  95. * 退出登录
  96. *
  97. * @return mixed
  98. */
  99. public function quit()
  100. {
  101. if($this->info())
  102. {
  103. $this->save->un($this->name);
  104. }
  105. Maze::location('login');
  106. }
  107. /**
  108. * login
  109. *
  110. * @return mixed
  111. */
  112. public function login()
  113. {
  114. $param['where_username'] = Maze::input('username');
  115. $password = md5(Maze::input('password'));
  116. //print_r($param);die;
  117. $user = Maze::load('manage/admin-user', $param);
  118. if($user && $user['password'] == $password)
  119. {
  120. $this->save($user);
  121. $refer = Maze::input('refer');
  122. if($refer)
  123. {
  124. $url = parse_url(Internal::decode($refer));
  125. $url['path'] = preg_replace('/^\//', '', $url['path']);
  126. if(Uri::$type == '?')
  127. {
  128. /*
  129. Uri::$type = '';
  130. if(strpos($url['query'], '?') !== false)
  131. {
  132. Uri::$type = '?';
  133. }
  134. */
  135. $refer = Maze::url(str_replace($url['path'] . Uri::$type, '', $url['query']));
  136. }
  137. else
  138. {
  139. $refer = Maze::url($url['path'] . '?' . $url['query']);
  140. }
  141. Maze::out($refer);
  142. }
  143. else
  144. {
  145. Maze::out(Maze::url('home'));
  146. }
  147. }
  148. else
  149. {
  150. Maze::abert('登录失败');
  151. }
  152. }
  153. public function save(&$user)
  154. {
  155. if($user['config'])
  156. {
  157. $user['config'] = Maze::load('manage/config-one', array('where_id' => $user['config']));
  158. }
  159. if($user['id'] == 1)
  160. {
  161. $user['oper'] = 'all';
  162. $user['auth'] = 'all';
  163. $user['top'] = 'all';
  164. }
  165. else
  166. {
  167. $role = Maze::load('manage/role-get', array('where_id' => $user['role']));
  168. if($role)
  169. {
  170. $user['oper'] = array();
  171. $user['auth'] = '';
  172. $user['top'] = '';
  173. foreach($role as $k => $v)
  174. {
  175. if($v['oper'])
  176. {
  177. if(strpos($v['oper'], ',') !== false)
  178. {
  179. $user['oper'] += explode(',', $v['oper']);
  180. }
  181. else
  182. {
  183. $user['oper'][] = $v['oper'];
  184. }
  185. }
  186. if($v['auth'])
  187. {
  188. $user['auth'][] = $v['auth'];
  189. }
  190. if($v['top'])
  191. {
  192. $user['top'][] = $v['top'];
  193. }
  194. }
  195. $user['oper'] = implode(',', $user['oper']);
  196. $user['auth'] = implode(',', $user['auth']);
  197. $user['top'] = implode(',', $user['top']);
  198. if(strpos($user['oper'], 'all') !== false)
  199. {
  200. $user['oper'] = 'all';
  201. }
  202. if(strpos($user['auth'], 'all') !== false)
  203. {
  204. $user['auth'] = 'all';
  205. }
  206. if(strpos($user['top'], 'all') !== false)
  207. {
  208. $user['top'] = 'all';
  209. }
  210. }
  211. }
  212. $this->save->add($this->name, $user, 3600*24*7);
  213. }
  214. /**
  215. * set
  216. *
  217. * @return mixed
  218. */
  219. public function set()
  220. {
  221. $param['refer'] = Maze::input('refer');
  222. return $param;
  223. }
  224. /**
  225. * location_login
  226. *
  227. * @return mixed
  228. */
  229. public function location_login()
  230. {
  231. $refer = Internal::encode(Maze::url());
  232. return Maze::location('login?refer=' . $refer);
  233. }
  234. /**
  235. * init
  236. *
  237. * @return mixed
  238. */
  239. public function init()
  240. {
  241. //$this->check(Uri::$value);
  242. $admin = $this->info();
  243. if(!$admin)
  244. {
  245. return $this->location_login();
  246. }
  247. /*
  248. if(!Uri::$value)
  249. {
  250. return;
  251. }
  252. //print_r(Uri::$url);die;
  253. $param['where_project'] = Maze::input('key', MAZE_PROJECT_NAME);
  254. $param['where_table'] = Maze::input('table', 'other');
  255. $param['where_uri'] = Uri::$value;
  256. $data = Maze::load('manage/auth-get', $param);
  257. if(!$data)
  258. {
  259. $update['add_name'] = $this->table($param['where_table'], $param['where_project']) . $this->name($param['where_uri']);
  260. //print_r($update);die;
  261. $update['add_uri'] = $param['where_uri'];
  262. $update['add_type'] = $this->type($update['add_uri']);
  263. $update['add_project'] = $param['where_project'];
  264. $update['add_table'] = $param['where_table'];
  265. $data['id'] = Maze::load('manage/auth-insert', $update);
  266. }
  267. */
  268. # 第一个为超级管理员
  269. if($admin['id'] == 1)
  270. {
  271. return;
  272. }
  273. $menu = Maze::input('menu');
  274. $project = Maze::input('key');
  275. $table = Maze::input('table');
  276. $menu_id = Maze::input('menu_id');
  277. if($menu_id && $menu_id > 0)
  278. {
  279. $menu = Maze::load('manage/menu-info', $menu_id);
  280. if(!$menu)
  281. {
  282. Maze::abert('没有该权限');
  283. }
  284. //$this->save($admin);
  285. if($menu['key'])
  286. {
  287. if(isset($admin['auth']) && $admin['auth'])
  288. {
  289. if($admin['auth'] == 'all' || $admin['auth'] == '')
  290. {
  291. return;
  292. }
  293. $admin['auth'] = explode(',', $admin['auth']);
  294. if(!in_array($menu['key'], $admin['auth']))
  295. {
  296. Maze::abert('您没有操作权限');
  297. }
  298. }
  299. else
  300. {
  301. Maze::abert('您没有操作权限');
  302. }
  303. }
  304. else
  305. {
  306. Maze::abert('您没有操作权限');
  307. }
  308. }
  309. /*
  310. elseif(strpos(Uri::$url, 'project/list') === false && strpos(Uri::$url, 'log/list') === false)
  311. {
  312. return;
  313. }
  314. */
  315. else
  316. {
  317. //Maze::abert('您没有操作权限');
  318. }
  319. }
  320. # 得到当前管理员的权限
  321. public function admin()
  322. {
  323. $admin = $this->info();
  324. return $admin['auth'] == 'all' ? '' : explode(',', $admin['auth']);
  325. }
  326. # 得到当前头部菜单的权限
  327. public function top()
  328. {
  329. $admin = $this->info();
  330. return $admin['top'] == 'all' ? '' : explode(',', $admin['top']);
  331. }
  332. # 设置头部菜单的权限
  333. public function _setTop($info)
  334. {
  335. if($info)
  336. {
  337. $info['key'] = explode('_', $info['key']);
  338. $this->save->add($this->name . '_topgetv1_' . $info['key'][0], $info, 3600*24*365);
  339. }
  340. }
  341. # 得到当前头部菜单
  342. public function getTop($key)
  343. {
  344. $state = false;
  345. if(is_array($key))
  346. {
  347. $key = $key[0];
  348. $state = true;
  349. }
  350. $data = $this->save->get($this->name . '_topgetv1_' . $key);
  351. # 当数据不存在时,先从数据库里取出一个最新的
  352. if(!$data && $state == true)
  353. {
  354. $info = Maze::load('manage/top-key', array('where_key' => $key));
  355. if($info)
  356. {
  357. $data = Maze::load('manage/top-getOne', array('where_top_id' => $info['id']));
  358. }
  359. }
  360. return $data;
  361. }
  362. public function config()
  363. {
  364. $admin = $this->info();
  365. if($admin['config'] && $admin['config']['id'] > 0)
  366. {
  367. $admin['config'] = Maze::load('manage/config-info', array('where_id' => $admin['config']['id']));
  368. }
  369. $state = isset($admin['config']) && $admin['config'];
  370. $admin['config']['title'] = ($state && $admin['config']['title']) ? $admin['config']['title'] : Maze::$global['base']['name'] . ' 后台管理';
  371. $admin['config']['info'] = ($state && $admin['config']['info']) ? $admin['config']['info'] : Maze::$global['base']['name'] . ' 欢迎您';
  372. $admin['config']['content'] = ($state && $admin['config']['content']) ? $admin['config']['content'] : '欢迎您使用本系统';
  373. $admin['config']['template'] = ($state && $admin['config']['template']) ? $admin['config']['template'] : 1;
  374. return $admin['config'];
  375. }
  376. /**
  377. * oper的判断
  378. *
  379. * @param uri string
  380. * @return mixed
  381. */
  382. public function oper($type = 1)
  383. {
  384. $oper = '';
  385. $admin = $this->info();
  386. //$role['oper'] = '1,2,3,4,5';
  387. if($admin && isset($admin['oper']) && $admin['oper'] != 'all')
  388. {
  389. if(strpos(',' . $admin['oper'], ',' . $type) !== false)
  390. {
  391. return true;
  392. }
  393. else
  394. {
  395. return false;
  396. }
  397. }
  398. else
  399. {
  400. return true;
  401. }
  402. }
  403. /**
  404. * 获取当前uri的类型
  405. *
  406. * @param uri string
  407. * @return mixed
  408. */
  409. private function table($table, $project)
  410. {
  411. if($table == 'other')
  412. {
  413. $table = '';
  414. }
  415. else
  416. {
  417. $path = Maze::load('manage/project.path', $project);
  418. $config = Maze::database(MAZE_PATH . $path . 'database/' . $table . '.php');
  419. $table = $config['lang'];
  420. }
  421. return $table;
  422. }
  423. /*
  424. private function name($name)
  425. {
  426. if($name == 'log/list')
  427. {
  428. $name = '日志列表';
  429. }
  430. if($name == 'project/list')
  431. {
  432. $name = '项目管理';
  433. }
  434. elseif($name == 'home')
  435. {
  436. $name = '首页';
  437. }
  438. elseif(strpos($name, 'list'))
  439. {
  440. $name = '列表';
  441. }
  442. elseif(strpos($name, 'update'))
  443. {
  444. $name = '更新';
  445. }
  446. elseif(strpos($name, 'delete'))
  447. {
  448. $name = '删除';
  449. }
  450. return $name;
  451. }
  452. */
  453. /**
  454. * check
  455. *
  456. * @return mixed
  457. */
  458. private function check($uri)
  459. {
  460. if(strpos($uri, '.html') !== false)
  461. {
  462. //Maze::abert('您没有操作权限');
  463. }
  464. }
  465. /**
  466. * 获取当前uri的类型
  467. *
  468. * @param uri string
  469. * @return mixed
  470. */
  471. public function type($uri)
  472. {
  473. if(strpos($uri, '.') !== false)
  474. {
  475. $type = 3;
  476. }
  477. elseif(strpos($uri, '-') !== false)
  478. {
  479. $type = 2;
  480. }
  481. else
  482. {
  483. $type = 1;
  484. }
  485. return $type;
  486. }
  487. /**
  488. * 获取所有权限列表,并进行统计处理
  489. *
  490. * @return mixed
  491. */
  492. public function get()
  493. {
  494. /*
  495. $auth = Maze::load('manage/auth-all');
  496. $project = Maze::load('manage/project.get');
  497. $result = array();
  498. $url = 'manage/';
  499. foreach($auth as $k => $v)
  500. {
  501. if(isset($project[$v['project']]['lang']))
  502. {
  503. $result[$v['project']]['child'][$k] = $v;
  504. $result[$v['project']]['name'] = $project[$v['project']]['lang'];
  505. $result[$v['project']]['url'] = $url;
  506. }
  507. }
  508. # 1为多维数组
  509. $result['state'] = 1;
  510. */
  511. $result = Maze::load('manage/menu.left', true);
  512. $result['state'] = 1;
  513. return $result;
  514. }
  515. /**
  516. * 修改当前管理员的密码
  517. *
  518. * @return mixed
  519. */
  520. public function password()
  521. {
  522. $admin = $this->info();
  523. $new = Maze::input('new');
  524. $old = Maze::input('old');
  525. if($admin && $admin['id'] > 0 && $new && $old && $new != $old && md5($old) == $admin['password'])
  526. {
  527. $param['set_password'] = $new;
  528. $param['where_id'] = $admin['id'];
  529. Maze::load('manage/admin-password', $param);
  530. $admin['password'] = md5($new);
  531. $this->save->add($this->name, $admin);
  532. return '修改成功';
  533. }
  534. else
  535. {
  536. return '修改失败';
  537. }
  538. }
  539. }