2014-04-01 18:00:42 +00:00
|
|
|
|
<?php
|
|
|
|
|
|
/*
|
|
|
|
|
|
* @link http://www.kalcaddle.com/
|
|
|
|
|
|
* @author warlee | e-mail:kalcaddle@qq.com
|
|
|
|
|
|
* @copyright warlee 2014.(Shanghai)Co.,Ltd
|
|
|
|
|
|
* @license http://kalcaddle.com/tools/licenses/license.txt
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
class user extends Controller
|
|
|
|
|
|
{
|
2014-07-06 18:24:21 +00:00
|
|
|
|
private $user; //用户相关信息
|
2014-04-01 18:00:42 +00:00
|
|
|
|
private $auth; //用户所属组权限
|
2014-07-06 18:24:21 +00:00
|
|
|
|
private $notCheck;
|
2014-06-15 15:35:50 +00:00
|
|
|
|
function __construct(){
|
2014-04-01 18:00:42 +00:00
|
|
|
|
parent::__construct();
|
2014-07-06 18:24:21 +00:00
|
|
|
|
$this->tpl = TEMPLATE . 'user/';
|
|
|
|
|
|
$this->user = &$_SESSION['user'];
|
|
|
|
|
|
$this->notCheck = array('loginFirst','loginSubmit','checkCode');//不需要判断的action
|
2014-04-01 18:00:42 +00:00
|
|
|
|
}
|
2014-07-06 18:24:21 +00:00
|
|
|
|
|
2014-05-11 15:03:08 +00:00
|
|
|
|
/**
|
2014-04-01 18:00:42 +00:00
|
|
|
|
* 登陆状态检测;并初始化数据状态
|
|
|
|
|
|
*/
|
2014-07-06 18:24:21 +00:00
|
|
|
|
public function loginCheck(){
|
2014-06-15 15:35:50 +00:00
|
|
|
|
if(isset($_SESSION['isLogin']) && $_SESSION['isLogin'] === true){
|
2014-04-01 18:00:42 +00:00
|
|
|
|
define('USER',USER_PATH.$this->user['name'].'/');
|
2014-06-08 06:47:38 +00:00
|
|
|
|
if (!file_exists(USER)) {
|
|
|
|
|
|
$this->logout();
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
2014-04-01 18:00:42 +00:00
|
|
|
|
if ($this->user['role'] == 'root') {
|
|
|
|
|
|
define('MYHOME',USER.'home/');
|
|
|
|
|
|
define('HOME','');
|
|
|
|
|
|
$GLOBALS['web_root'] = WEB_ROOT;//服务器目录
|
|
|
|
|
|
$GLOBALS['is_root'] = 1;
|
|
|
|
|
|
}else{
|
|
|
|
|
|
define('MYHOME','/');
|
|
|
|
|
|
define('HOME',USER.'home/');
|
|
|
|
|
|
$GLOBALS['web_root'] = str_replace(WEB_ROOT,'',HOME);//从服务器开始到用户目录
|
|
|
|
|
|
$GLOBALS['is_root'] = 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
$this->config['user_fav_file'] = USER.'data/fav.php'; // 收藏夹文件存放地址.
|
|
|
|
|
|
$this->config['user_seting_file'] = USER.'data/config.php'; //用户配置文件
|
|
|
|
|
|
$this->config['user'] = fileCache::load($this->config['user_seting_file']);
|
|
|
|
|
|
return;
|
2014-07-06 18:24:21 +00:00
|
|
|
|
}else if(in_array(ACT,$this->notCheck)){//不需要判断的action
|
2014-04-01 18:00:42 +00:00
|
|
|
|
return;
|
|
|
|
|
|
}else if(isset($_COOKIE['kod_name']) && isset($_COOKIE['kod_token'])){
|
|
|
|
|
|
$member = new fileCache($this->config['system_file']['member']);
|
|
|
|
|
|
$user = $member->get($_COOKIE['kod_name']);
|
|
|
|
|
|
if(md5($user['password'].get_client_ip()) == $_COOKIE['kod_token']){
|
2014-06-08 06:47:38 +00:00
|
|
|
|
session_start();//re start
|
2014-04-01 18:00:42 +00:00
|
|
|
|
$_SESSION['isLogin'] = true;
|
|
|
|
|
|
$_SESSION['user']= $user;
|
|
|
|
|
|
setcookie('kod_name', $_COOKIE['kod_name'], time()+3600*24*365);
|
|
|
|
|
|
setcookie('kod_token',$_COOKIE['kod_token'],time()+3600*24*365); //密码的MD5值再次md5
|
|
|
|
|
|
header('location:'.get_url());
|
2014-07-06 18:24:21 +00:00
|
|
|
|
exit;
|
2014-04-01 18:00:42 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
$this->login();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-06-15 15:35:50 +00:00
|
|
|
|
|
2014-04-01 18:00:42 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* 登陆view
|
|
|
|
|
|
*/
|
2014-07-06 18:24:21 +00:00
|
|
|
|
public function login($msg = ''){
|
|
|
|
|
|
if (!file_exists(USER_SYSTEM.'install.lock')) {
|
|
|
|
|
|
$this->display('install.html');exit;
|
|
|
|
|
|
}
|
2014-04-01 18:00:42 +00:00
|
|
|
|
$this->assign('msg',$msg);
|
2014-07-06 18:24:21 +00:00
|
|
|
|
$this->display('login.html');
|
2014-04-01 18:00:42 +00:00
|
|
|
|
exit;
|
|
|
|
|
|
}
|
2014-06-15 15:35:50 +00:00
|
|
|
|
|
2014-07-06 18:24:21 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* 首次登陆
|
|
|
|
|
|
*/
|
|
|
|
|
|
public function loginFirst(){
|
|
|
|
|
|
touch(USER_SYSTEM.'install.lock');
|
|
|
|
|
|
header('location:./index.php');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2014-06-15 15:35:50 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* 退出处理
|
|
|
|
|
|
*/
|
|
|
|
|
|
public function logout(){
|
|
|
|
|
|
session_start();
|
|
|
|
|
|
setcookie('kod_name', null, time()-3600);
|
|
|
|
|
|
setcookie('kod_token', null, time()-3600);
|
|
|
|
|
|
session_destroy();
|
|
|
|
|
|
header('location:./index.php?user/login');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-06 18:24:21 +00:00
|
|
|
|
/**
|
2014-04-01 18:00:42 +00:00
|
|
|
|
* 登陆数据提交处理
|
|
|
|
|
|
*/
|
2014-07-06 18:24:21 +00:00
|
|
|
|
public function loginSubmit(){
|
|
|
|
|
|
if(!isset($this->in['name']) || !isset($this->in['password'])) {
|
2014-04-01 18:00:42 +00:00
|
|
|
|
$msg = $this->L['login_not_null'];
|
2014-07-06 18:24:21 +00:00
|
|
|
|
}else{
|
2014-04-01 18:00:42 +00:00
|
|
|
|
//错误三次输入验证码
|
|
|
|
|
|
session_start();//re start
|
2014-06-15 15:35:50 +00:00
|
|
|
|
$name = $this->in['name'];
|
2014-04-01 18:00:42 +00:00
|
|
|
|
if(intval($_SESSION['code_error_time']) >=3 &&
|
|
|
|
|
|
$_SESSION['check_code'] !== strtolower($this->in['check_code'])){
|
|
|
|
|
|
$this->login($this->L['code_error']);
|
|
|
|
|
|
}
|
|
|
|
|
|
$member = new fileCache($this->config['system_file']['member']);
|
|
|
|
|
|
$user = $member->get($name);
|
|
|
|
|
|
if ($user ===false){
|
|
|
|
|
|
$msg = $this->L['user_not_exists'];
|
|
|
|
|
|
$_SESSION['code_error_time'] = intval($_SESSION['code_error_time']) + 1;
|
|
|
|
|
|
}else if(md5($this->in['password'])==$user['password']){
|
|
|
|
|
|
if($user['status'] == 0){//初始化app
|
|
|
|
|
|
$this->init_app($user);
|
|
|
|
|
|
}
|
|
|
|
|
|
$group = new fileCache($this->config['system_file']['group']);
|
|
|
|
|
|
$_SESSION['isLogin'] = true;
|
|
|
|
|
|
$_SESSION['user']= $user;
|
|
|
|
|
|
if ($this->in['rember_password'] == 'on') {
|
|
|
|
|
|
setcookie('kod_name', $user['name'], time()+3600*24*365);
|
|
|
|
|
|
setcookie('kod_token',md5($user['password'].get_client_ip()), time()+3600*24*365);
|
|
|
|
|
|
}
|
2014-06-15 15:35:50 +00:00
|
|
|
|
header('location:./index.php');
|
2014-04-01 18:00:42 +00:00
|
|
|
|
return;
|
|
|
|
|
|
}else{
|
|
|
|
|
|
$_SESSION['code_error_time'] = intval($_SESSION['code_error_time']) + 1;
|
|
|
|
|
|
$msg = $this->L['password_error'];
|
|
|
|
|
|
}
|
2014-07-06 18:24:21 +00:00
|
|
|
|
}
|
2014-04-01 18:00:42 +00:00
|
|
|
|
$this->login($msg);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-07-06 18:24:21 +00:00
|
|
|
|
/**
|
2014-04-01 18:00:42 +00:00
|
|
|
|
* 修改密码
|
|
|
|
|
|
*/
|
2014-06-15 15:35:50 +00:00
|
|
|
|
public function changePassword(){
|
2014-04-01 18:00:42 +00:00
|
|
|
|
$password_now=$this->in['password_now'];
|
|
|
|
|
|
$password_new=$this->in['password_new'];
|
|
|
|
|
|
if (!$password_now && !$password_new)show_json($this->L['password_not_null'],false);
|
|
|
|
|
|
if ($this->user['password']==md5($password_now)){
|
|
|
|
|
|
$sql=new fileCache($this->config['system_file']['member']);
|
|
|
|
|
|
$this->user['password'] = md5($password_new);
|
|
|
|
|
|
$sql->update($this->user['name'],$this->user);
|
|
|
|
|
|
setcookie('kod_token',md5(md5($password_new)),time()+3600*24*365);
|
|
|
|
|
|
show_json('success');
|
|
|
|
|
|
}else {
|
|
|
|
|
|
show_json($this->L['old_password_error'],false);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* 权限验证;统一入口检验
|
|
|
|
|
|
*/
|
|
|
|
|
|
public function authCheck(){
|
2014-05-11 15:03:08 +00:00
|
|
|
|
if ($GLOBALS['is_root'] == 1) return;
|
2014-07-06 18:24:21 +00:00
|
|
|
|
if (in_array(ACT,$this->notCheck)) return;
|
|
|
|
|
|
if (!array_key_exists(ST,$this->config['role_setting']) ) return;
|
|
|
|
|
|
if (!in_array(ACT,$this->config['role_setting'][ST])) return;
|
|
|
|
|
|
|
|
|
|
|
|
//有权限限制的函数
|
|
|
|
|
|
$key = ST.':'.ACT;
|
|
|
|
|
|
$group = new fileCache($this->config['system_file']['group']);
|
|
|
|
|
|
$GLOBALS['auth'] = $auth = $group->get($this->user['role']);
|
|
|
|
|
|
|
|
|
|
|
|
//默认扩张功能等价权限
|
|
|
|
|
|
$auth['explorer:pathChmod'] = $auth['explorer:pathRname'];
|
|
|
|
|
|
$auth['explorer:pathCopyDrag'] = $auth['explorer:pathCuteDrag'];
|
|
|
|
|
|
if ($auth[$key] !== 1) show_json($this->L['no_permission'],false);
|
|
|
|
|
|
|
|
|
|
|
|
//扩展名限制:新建文件&上传文件&重命名文件&保存文件&zip解压文件
|
|
|
|
|
|
$check_arr = array(
|
|
|
|
|
|
'mkfile' => isset($this->in['path'])?$this->in['path']:'',
|
|
|
|
|
|
'pathRname' => isset($this->in['rname_to'])?$this->in['rname_to']:'',
|
|
|
|
|
|
'fileUpload'=> isset($_FILES['file']['name'])?$_FILES['file']['name']:'',
|
|
|
|
|
|
'fileSave' => isset($this->in['path'])?$this->in['path']:''
|
|
|
|
|
|
);
|
|
|
|
|
|
if (array_key_exists(ACT,$check_arr) && !checkExt($check_arr[ACT])){
|
|
|
|
|
|
show_json($this->L['no_permission_ext'],false);
|
|
|
|
|
|
}
|
2014-04-01 18:00:42 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function checkCode() {
|
|
|
|
|
|
session_start();//re start
|
|
|
|
|
|
header("Content-type: image/png");
|
|
|
|
|
|
$fontsize = 18;$len = 4;
|
|
|
|
|
|
$width = 70;$height=27;
|
|
|
|
|
|
$im = @imagecreatetruecolor($width, $height) or die("create image error!");
|
|
|
|
|
|
$background_color = imagecolorallocate($im, 255, 255, 255);
|
|
|
|
|
|
imagefill($im, 0, 0, $background_color);
|
|
|
|
|
|
for ($i = 0; $i < 2000; $i++) {//获取随机淡色
|
|
|
|
|
|
$line_color = imagecolorallocate($im, mt_rand(180,255),mt_rand(160, 255),mt_rand(100, 255));
|
|
|
|
|
|
imageline($im,mt_rand(0,$width),mt_rand(0,$height), //画直线
|
|
|
|
|
|
mt_rand(0,$width), mt_rand(0,$height),$line_color);
|
|
|
|
|
|
imagearc($im,mt_rand(0,$width),mt_rand(0,$height), //画弧线
|
|
|
|
|
|
mt_rand(0,$width), mt_rand(0,$height), $height, $width,$line_color);
|
|
|
|
|
|
}
|
|
|
|
|
|
$border_color = imagecolorallocate($im, 160, 160, 160);
|
|
|
|
|
|
imagerectangle($im, 0, 0, $width-1, $height-1, $border_color);//画矩形,边框颜色200,200,200
|
|
|
|
|
|
|
|
|
|
|
|
$str = "ABCDEFGHJKMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789";
|
|
|
|
|
|
$code = '';
|
|
|
|
|
|
for ($i = 0; $i < $len; $i++) {//写入随机字串
|
|
|
|
|
|
$current = $str[mt_rand(0, strlen($str)-1)];
|
|
|
|
|
|
$text_color = imagecolorallocate($im,mt_rand(30, 140),mt_rand(30,140),mt_rand(30,140));
|
|
|
|
|
|
imagechar($im,10,$i*$fontsize+6,rand(1,$height/3),$current,$text_color);
|
|
|
|
|
|
$code.= $current;
|
|
|
|
|
|
}
|
|
|
|
|
|
imagepng($im);//显示图
|
|
|
|
|
|
imagedestroy($im);//销毁图片
|
|
|
|
|
|
$_SESSION['check_code'] = strtolower($code);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* 用户app初始化
|
|
|
|
|
|
*/
|
|
|
|
|
|
private function init_app($user) {
|
|
|
|
|
|
$sql=new fileCache($this->config['system_file']['apps']);
|
|
|
|
|
|
$list = $sql->get();
|
|
|
|
|
|
$desktop = USER_PATH.$user['name'].'/home/desktop/';
|
|
|
|
|
|
foreach ($list as $key => $data) {
|
|
|
|
|
|
$path = iconv_system($desktop.$key.'.oexe');
|
|
|
|
|
|
unset($data['name']);
|
|
|
|
|
|
unset($data['desc']);
|
|
|
|
|
|
unset($data['group']);
|
|
|
|
|
|
file_put_contents($path, json_encode($data));
|
|
|
|
|
|
}
|
|
|
|
|
|
$user['status'] = 1;
|
|
|
|
|
|
$member = new fileCache($this->config['system_file']['member']);
|
|
|
|
|
|
$member->update($user['name'],$user);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
