📄 正在查看:admin/control/admin_control.class.php
1<?php
2/**
3 * (C)2012-2014 twcms.com TongWang Inc.
4 * Author: wuzhaohuan <kongphp@gmail.com>
5 */
6
7defined('TWCMS_PATH') or exit;
8
9class admin_control extends control {
10 public $_user = array(); // 用户
11 public $_group = array(); // 用户组
12
13 public $_navs = array(); // 导航
14 public $_pkey = ''; // 父级
15 public $_ukey = ''; // 当前
16 public $_title = ''; // 标题
17 public $_place = ''; // 位置
18
19 function __construct() {
20 $_ENV['_config']['FORM_HASH'] = form_hash();
21 $this->assign('C', $_ENV['_config']);
22 $this->assign_value('core', F_APP_NAME);
23
24 $admauth = R($_ENV['_config']['cookie_pre'].'admauth', 'R');
25
26 $err = 0;
27 if(empty($admauth)) {
28 $err = 1;
29 }else{
30 $admauth = str_auth($admauth);
31 if(empty($admauth)) {
32 $err = 1;
33 }else{
34 $arr = explode("\t", $admauth);
35 if(count($arr) < 5) {
36 $err = 1;
37 }else{
38 $uid = $arr[0];
39 $username = $arr[1];
40 $password = $arr[2];
41 $groupid = $arr[3];
42 $ip = $arr[4];
43
44 $user = &$this->user;
45 $user_group = &$this->user_group;
46
47 $this->_user = $user->get($uid);
48 $this->_group = $user_group->get($groupid);
49
50 if(empty($this->_group)) {
51 $err = 1;
52 }elseif($this->_user['password'] != $password || $this->_user['username'] != $username || $this->_user['groupid'] != $groupid) {
53 $err = 1;
54 }elseif($_ENV['_ip'] != $ip) {
55 _setcookie('admauth', '', 1);
56 $this->message(0, '您的IP已经改变,为了安全考虑,请重新登录!', 'index.php?u=index-login');
57 }else{
58 // 初始化导航数组
59 $this->init_navigation();
60
61 // 检查用户组权限 (如果非管理员将重新定义导航数组)
62 $this->check_user_group();
63
64 // 初始化标题、位置
65 $this->init_title_place();
66
67 $this->assign('_user', $this->_user);
68 $this->assign('_group', $this->_group);
69 $this->assign('_navs', $this->_navs);
70 $this->assign('_pkey', $this->_pkey);
71 $this->assign('_ukey', $this->_ukey);
72 $this->assign('_title', $this->_title);
73 $this->assign('_place', $this->_place);
74 }
75 }
76 }
77 }
78
79 if(R('control') == 'index' && R('action') == 'login') {
80 if(!$err) {
81 exit('<html><body><script>top.location="./"</script></body></html>');
82 }
83 }elseif($err) {
84 if(R('ajax')) {
85 $this->message(0, '非法访问,请登陆后再试!', 'index.php?u=index-login');
86 }
87 exit('<html><body><script>top.location="index.php?u=index-login"</script></body></html>');
88 }
89
90 // hook admin_admin_control_construct_after.php
91 }
92
93 // 检查是不是管理员
94 protected function check_isadmin() {
95 if($this->_group['groupid'] != 1) {
96 $this->message(0, '对不起,您不是管理员,无权访问。', -1);
97 }
98 }
99
100 // 检查用户组权限
101 protected function check_user_group() {
102 if($this->_group['groupid'] == 1) return;
103 if($this->_group['groupid'] > 5) {
104 log::write("无权用户组尝试登录后台", 'login_log.php');
105 $this->message(0, '对不起,您所在的用户组无权访问后台', -1);
106 }else{
107 $purviews = _json_decode($this->_group['purviews']);
108 /*
109 提示:$purviews 返回的结果如下,如果有特别需求,开发者可根据下面的结构进行扩展。
110 array(
111 'navs' => array(), //显示的导航数组
112 'whitelist' => array('content'=>array('index'=>1,'comment'=>1)) //白名单,允许执行的权限
113 )
114 */
115
116 // 重新定义导航数组
117 isset($purviews['navs']) && $this->_navs = $purviews['navs'];
118
119 // 判断权限,如果不在白名单中终止执行
120 $control = &$_GET['control'];
121 $action = &$_GET['action'];
122 if($control != 'index' && $control != 'my' && !isset($purviews['whitelist'][$control][$action])) {
123 $this->message(0, '对不起,您所在的用户组无权访问', -1);
124 }
125 }
126 }
127
128 // 初始化标题、位置
129 public function init_title_place() {
130 $this->_ukey = $_GET['control'].'-'.$_GET['action'];
131 if(!isset($this->_navs[1][$this->_ukey])) return;
132 $this->_pkey = $this->_navs[1][$this->_ukey]['p'];
133 $this->_title = $this->_navs[1][$this->_ukey]['name'];
134 $this->_place = $this->_navs[0][$this->_pkey].' » '.$this->_title;
135 }
136
137 // 清除缓存
138 public function clear_cache() {
139 $this->runtime->truncate();
140
141 try{ unlink(RUNTIME_PATH.'_runtime.php'); }catch(Exception $e) {}
142 $tpmdir = array('_control', '_model', '_view');
143 foreach($tpmdir as $dir) _rmdir(RUNTIME_PATH.APP_NAME.$dir);
144 foreach($tpmdir as $dir) _rmdir(RUNTIME_PATH.F_APP_NAME.$dir);
145 return TRUE;
146 }
147
148 // 初始化导航数组
149 protected function init_navigation() {
150 $this->_navs = array(
151 array(
152 'my'=>'我的',
153 'setting'=>'设置',
154 'category'=>'分类',
155 'content'=>'内容',
156 'theme'=>'主题',
157 'plugin'=>'插件',
158 // 'user'=>'用户',
159 'tool'=>'工具',
160 ),
161 array(
162 'my-index'=>array('name'=>'后台首页', 'p'=>'my'),
163 'my-password'=>array('name'=>'修改密码', 'p'=>'my'),
164 'my-newtab'=>array('name'=>'新标签页', 'p'=>'my'),
165
166 'setting-index'=>array('name'=>'基本设置', 'p'=>'setting'),
167 'setting-seo'=>array('name'=>'SEO设置', 'p'=>'setting'),
168 'setting-link'=>array('name'=>'链接设置', 'p'=>'setting'),
169 'setting-attach'=>array('name'=>'上传设置', 'p'=>'setting'),
170 'setting-image'=>array('name'=>'图片设置', 'p'=>'setting'),
171
172 'category-index'=>array('name'=>'分类管理', 'p'=>'category'),
173 'navigate-index'=>array('name'=>'导航管理', 'p'=>'category'),
174
175 'article-index'=>array('name'=>'文章管理', 'p'=>'content'),
176 'product-index'=>array('name'=>'产品管理', 'p'=>'content'),
177 'photo-index'=>array('name'=>'图集管理', 'p'=>'content'),
178 'comment-index'=>array('name'=>'评论管理', 'p'=>'content'),
179 'tag-index'=>array('name'=>'标签管理', 'p'=>'content'),
180
181 'theme-index'=>array('name'=>'主题管理', 'p'=>'theme'),
182
183 'plugin-index'=>array('name'=>'插件管理', 'p'=>'plugin'),
184
185 // 'user-index'=>array('name'=>'用户管理', 'p'=>'user'),
186 // 'user_group-index'=>array('name'=>'用户组管理', 'p'=>'user'),
187
188 'tool-index'=>array('name'=>'清除缓存', 'p'=>'tool'),
189 'tool-rebuild'=>array('name'=>'重新统计', 'p'=>'tool'),
190 ),
191 );
192
193 // hook admin_admin_control_init_nav_after.php
194 }
195
196 // hook admin_admin_control_after.php
197}
198