KodExplorer/controller/user.class.php

<?php
/*
* @link http://www.kalcaddle.com/
* @author warlee | e-mail:kalcaddle@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kalcaddle.com/tools/licenses/license.txt
*/

class user extends Controller
{
    private $user;  //用户相关信息
    private $auth;  //用户所属组权限
    private $notCheck;
    function __construct(){
        parent::__construct();
        $this->tpl  = TEMPLATE  . 'user/';
        if(!isset($_SESSION)){//避免session不可写导致循环跳转
            $this->login("session write error!");
        }else{
            $this->user = &$_SESSION['kod_user'];
        }
        //不需要判断的action
        $this->notCheck = array('loginFirst','login','logout','loginSubmit','checkCode','public_link');
    }
    
    /**
     * 登录状态检测;并初始化数据状态
     */
    public function loginCheck(){
        if (ST == 'share') return true;//共享页面
        if(in_array(ACT,$this->notCheck)){//不需要判断的action
            return;
        }else if($_SESSION['kod_login']===true && $_SESSION['kod_user']['name']!=''){
            define('USER',USER_PATH.$this->user['name'].'/');
            define('USER_TEMP',USER.'data/temp/');
            define('USER_RECYCLE',USER.'recycle/');
            if (!file_exists(USER)) {
                $this->logout();
            }
            if ($this->user['role'] == 'root') {
                define('MYHOME',USER.'home/');
                define('HOME','');
                $GLOBALS['web_root'] = WEB_ROOT;//服务器目录
                $GLOBALS['is_root'] = 1;
            }else{
                define('MYHOME','/');
                define('HOME',USER.'home/');
                $GLOBALS['web_root'] = str_replace(WEB_ROOT,'',HOME);//从服务器开始到用户目录
                $GLOBALS['is_root'] = 0;
            }
            $this->config['user_share_file']   = USER.'data/share.php';    // 收藏夹文件存放地址.
            $this->config['user_fav_file']     = USER.'data/fav.php';    // 收藏夹文件存放地址.
            $this->config['user_seting_file']  = USER.'data/config.php'; //用户配置文件
            $this->config['user']  = fileCache::load($this->config['user_seting_file']);
            if($this->config['user']['theme']==''){
                $this->config['user'] = $this->config['setting_default'];
            }
            return;
        }else if($_COOKIE['kod_name']!='' && $_COOKIE['kod_token']!=''){
            $member = new fileCache(USER_SYSTEM.'member.php');
            $user = $member->get($_COOKIE['kod_name']);
            if (!is_array($user) || !isset($user['password'])) {
                $this->logout();
            }
            if(md5($user['password'].get_client_ip()) == $_COOKIE['kod_token']){
                session_start();//re start
                $_SESSION['kod_login'] = true;
                $_SESSION['kod_user']= $user;
                setcookie('kod_name', $_COOKIE['kod_name'], time()+3600*24*365); 
                setcookie('kod_token',$_COOKIE['kod_token'],time()+3600*24*365); //密码的MD5值再次md5
                header('location:'.get_url());
                exit;
            }
            $this->logout();//session user数据不存在
        }else{
            if ($this->config['setting_system']['auto_login'] != '1') {
                $this->logout();//不自动登录
            }else{
                if (!file_exists(USER_SYSTEM.'install.lock')) {
                    $this->display('install.html');exit;
                }
                header('location:./index.php?user/loginSubmit&name=guest&password=guest');
            }
        }
    }

    //临时文件访问
    public function public_link(){
        load_class('mcrypt');
        $pass = $this->config['setting_system']['system_password'];
        $path = Mcrypt::decode($this->in['fid'],$pass);//一天内解密有效
        if (strlen($path) == 0) {
            show_json($this->L['error'],false);
        }
        if (!file_exists($path)) {
            show_tips($this->L['not_exists']);
        }
        file_put_out($path);
    }
    public function common_js(){
        $basic_path = BASIC_PATH;
        if (!$GLOBALS['is_root']) {
            $basic_path = '/';//对非root用户隐藏所有地址
        }
        $the_config = array(
            'lang'          => LANGUAGE_TYPE,
            'is_root'       => $GLOBALS['is_root'],
            'user_name'     => $this->user['name'],
            'web_root'      => $GLOBALS['web_root'],
            'web_host'      => HOST,
            'static_path'   => STATIC_PATH,
            'basic_path'    => $basic_path,
            'app_host'      => APPHOST,
            'myhome'        => MYHOME,
            'upload_max'    => $this->config['settings']['upload_chunk_size'],
            'version'       => KOD_VERSION,
            'version_desc'  => $this->config['settings']['version_desc'],

            'json_data'     => "",
            'theme'         => $this->config['user']['theme'], //列表排序依照的字段
            'list_type'     => $this->config['user']['list_type'], //列表排序依照的字段
            'sort_field'    => $this->config['user']['list_sort_field'], //列表排序依照的字段  
            'sort_order'    => $this->config['user']['list_sort_order'], //列表排序升序or降序
            'musictheme'    => $this->config['user']['musictheme'],
            'movietheme'    => $this->config['user']['movietheme']
        );

        if (!isset($GLOBALS['auth'])) {
            $GLOBALS['auth'] = array();
        }
        $js  = 'LNG='.json_encode($GLOBALS['L']).';';
        $js .= 'AUTH='.json_encode($GLOBALS['auth']).';';
        $js .= 'G='.json_encode($the_config).';';
        header("Content-Type:application/javascript");
        echo $js;
    }

    /**
     * 登录view
     */
    public function login($msg = ''){
        if (!file_exists(USER_SYSTEM.'install.lock')) {
            $this->display('install.html');exit;
        }
        $this->assign('msg',$msg);
        if (is_wap()) {
            $this->display('login_wap.html');
        }else{
            $this->display('login.html');
        } 
        exit;
    }

    /**
     * 首次登录
     */
    public function loginFirst(){
        touch(USER_SYSTEM.'install.lock');
        header('location:./index.php?user/login');
        exit;
    }
    /**
     * 退出处理
     */
    public function logout(){
        session_start();
        user_logout();
    }
    
    /**
     * 登录数据提交处理
     */
    public function loginSubmit(){
        if(!isset($this->in['name']) || !isset($this->in['password'])) {
            $msg = $this->L['login_not_null'];
        }else{
            //错误三次输入验证码            
            $name = rawurldecode($this->in['name']);
            $password = rawurldecode($this->in['password']);
            
            session_start();//re start 有新的修改后调用
            if(need_check_code() && isset($_SESSION['code_error_time'])  && 
               intval($_SESSION['code_error_time']) >=3 && 
               $_SESSION['check_code'] !== strtolower($this->in['check_code'])){
                // pr($_SESSION['check_code'].'--'.strtolower($this->in['check_code']));exit;
                $this->login($this->L['code_error']);
            }
            $member = new fileCache(USER_SYSTEM.'member.php');
            $user = $member->get($name);
            if ($user ===false){
                $msg = $this->L['user_not_exists'];
            }else if(md5($password)==$user['password']){
                if($user['status'] == 0){//初始化app
                    $app = init_controller('app');
                    $app->init_app($user);
                }
                $_SESSION['kod_login'] = true;
                $_SESSION['kod_user']= $user;
                setcookie('kod_name', $user['name'], time()+3600*24*365);
                if ($this->in['rember_password'] == '1') {
                    setcookie('kod_token',md5($user['password'].get_client_ip()),time()+3600*24*365);
                }
                header('location:./index.php');
                return;
            }else{
                $msg = $this->L['password_error'];
            }
            $_SESSION['code_error_time'] = intval($_SESSION['code_error_time']) + 1;
        }
        $this->login($msg);
    }

    /**
     * 修改密码
     */
    public function changePassword(){
        $password_now=$this->in['password_now'];
        $password_new=$this->in['password_new'];
        if (!$password_now && !$password_new)show_json($this->L['password_not_null'],false);
        if ($this->user['password']==md5($password_now)){
            $member_file = USER_SYSTEM.'member.php';
            $sql=new fileCache(USER_SYSTEM.'member.php');
            $this->user['password'] = md5($password_new);
            $sql->update($this->user['name'],$this->user);
            setcookie('kod_token',md5(md5($password_new)),time()+3600*24*365);
            show_json('success');
        }else {
            show_json($this->L['old_password_error'],false);
        }
    }

    /**
     * 权限验证；统一入口检验
     */
    public function authCheck(){
        if (isset($GLOBALS['is_root']) && $GLOBALS['is_root'] == 1) return;
        if (in_array(ACT,$this->notCheck)) return;
        if (!array_key_exists(ST,$this->config['role_setting']) ) return;
        if (!in_array(ACT,$this->config['role_setting'][ST]) &&
            ST.':'.ACT != 'user:common_js') return;//输出处理过的权限

        //有权限限制的函数
        $key = ST.':'.ACT;
        $group  = new fileCache(USER_SYSTEM.'group.php');
        $auth= $group->get($this->user['role']);
        
        //向下版本兼容处理
        //未定义；新版本首次使用默认开放的功能
        if(!isset($auth['userShare:set'])){
            $auth['userShare:set'] = 1;
        }
        if(!isset($auth['explorer:fileDownload'])){
            $auth['explorer:fileDownload'] = 1;
        }
        //默认扩展功能 等价权限
        $auth['user:common_js'] = 1;//权限数据配置后输出到前端
        $auth['explorer:pathChmod']         = $auth['explorer:pathRname'];
        $auth['explorer:pathDeleteRecycle'] = $auth['explorer:pathDelete'];
        $auth['explorer:pathCopyDrag']      = $auth['explorer:pathCuteDrag'];
        
        $auth['explorer:fileDownloadRemove']= $auth['explorer:fileDownload'];
        $auth['explorer:zipDownload']       = $auth['explorer:fileDownload'];
        $auth['explorer:fileProxy']         = $auth['explorer:fileDownload'];
        $auth['editor:fileGet']             = $auth['explorer:fileDownload'];
        $auth['explorer:officeView']        = $auth['explorer:fileDownload'];
        $auth['explorer:officeSave']        = $auth['editor:fileSave'];
        $auth['userShare:del']              = $auth['userShare:set'];
        if ($auth[$key] != 1) show_json($this->L['no_permission'],false);

        $GLOBALS['auth'] = $auth;//全局
        //扩展名限制：新建文件&上传文件&重命名文件&保存文件&zip解压文件
        $check_arr = array(
            'mkfile'    =>  $this->check_key('path'),
            'pathRname' =>  $this->check_key('rname_to'),
            'fileUpload'=>  isset($_FILES['file']['name'])?$_FILES['file']['name']:'',
            'fileSave'  =>  $this->check_key('path')
        );
        if (array_key_exists(ACT,$check_arr) && !checkExt($check_arr[ACT])){
            show_json($this->L['no_permission_ext'],false);
        }
    }
    private function check_key($key){
        return isset($this->in[$key])? rawurldecode($this->in[$key]):'';
    }

    public function checkCode() {
        session_start();//re start
        $code = rand_string(4);
        $_SESSION['check_code'] = strtolower($code);
        check_code($code);
    }
}
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`<?php`
			`/*`
			`* @link http://www.kalcaddle.com/`
			`* @author warlee \| e-mail:kalcaddle@qq.com`
			`* @copyright warlee 2014.(Shanghai)Co.,Ltd`
			`* @license http://kalcaddle.com/tools/licenses/license.txt`
			`*/`

			`class user extends Controller`
			`{`
v2.6 2014-07-06 18:24:21 +00:00			`private $user; //用户相关信息`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`private $auth; //用户所属组权限`
v2.6 2014-07-06 18:24:21 +00:00			`private $notCheck;`
version 2.5 2014-06-15 15:35:50 +00:00			`function __construct(){`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`parent::__construct();`
v2.6 2014-07-06 18:24:21 +00:00			`$this->tpl = TEMPLATE . 'user/';`
v3.0 2015-03-22 20:54:54 +00:00			`if(!isset($_SESSION)){//避免session不可写导致循环跳转`
			`$this->login("session write error!");`
			`}else{`
			`$this->user = &$_SESSION['kod_user'];`
			`}`
			`//不需要判断的action`
			`$this->notCheck = array('loginFirst','login','logout','loginSubmit','checkCode','public_link');`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`}`
v2.6 2014-07-06 18:24:21 +00:00
2.2 Version 2014-05-11 15:03:08 +00:00			`/**`
ver 3.2 2015-10-25 15:39:11 +00:00			`* 登录状态检测;并初始化数据状态`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`*/`
v2.6 2014-07-06 18:24:21 +00:00			`public function loginCheck(){`
v3.0 2015-03-22 20:54:54 +00:00			`if (ST == 'share') return true;//共享页面`
			`if(in_array(ACT,$this->notCheck)){//不需要判断的action`
			`return;`
v3.03 ####update: - 分享可以修改路径；避免文件移动后原始分享路径失效问题 - 分享后自动刷新当前目录；跟新配置数据 - 文件管理当前文件夹不可写，对应右键菜单功能屏蔽 ####fix bug - cookie自动登录失败，导致页面css丢失问题 - 解压不了、权限验证过于严格问题 - 左侧树目录被底部盖住问题 - 分享office不了预览问题 - 用户组；用户组列表选择错误 - 菜单编辑中文部分乱码 - 图片预览优化 2015-03-26 09:50:26 +00:00			`}else if($_SESSION['kod_login']===true && $_SESSION['kod_user']['name']!=''){`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`define('USER',USER_PATH.$this->user['name'].'/');`
v3.0 2015-03-22 20:54:54 +00:00			`define('USER_TEMP',USER.'data/temp/');`
			`define('USER_RECYCLE',USER.'recycle/');`
2.4 version 2014-06-08 06:47:38 +00:00			`if (!file_exists(USER)) {`
			`$this->logout();`
			`}`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`if ($this->user['role'] == 'root') {`
			`define('MYHOME',USER.'home/');`
			`define('HOME','');`
			`$GLOBALS['web_root'] = WEB_ROOT;//服务器目录`
			`$GLOBALS['is_root'] = 1;`
			`}else{`
			`define('MYHOME','/');`
			`define('HOME',USER.'home/');`
			`$GLOBALS['web_root'] = str_replace(WEB_ROOT,'',HOME);//从服务器开始到用户目录`
			`$GLOBALS['is_root'] = 0;`
			`}`
v3.0 2015-03-22 20:54:54 +00:00			`$this->config['user_share_file'] = USER.'data/share.php'; // 收藏夹文件存放地址.`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`$this->config['user_fav_file'] = USER.'data/fav.php'; // 收藏夹文件存放地址.`
			`$this->config['user_seting_file'] = USER.'data/config.php'; //用户配置文件`
			`$this->config['user'] = fileCache::load($this->config['user_seting_file']);`
v3.03 ####update: - 分享可以修改路径；避免文件移动后原始分享路径失效问题 - 分享后自动刷新当前目录；跟新配置数据 - 文件管理当前文件夹不可写，对应右键菜单功能屏蔽 ####fix bug - cookie自动登录失败，导致页面css丢失问题 - 解压不了、权限验证过于严格问题 - 左侧树目录被底部盖住问题 - 分享office不了预览问题 - 用户组；用户组列表选择错误 - 菜单编辑中文部分乱码 - 图片预览优化 2015-03-26 09:50:26 +00:00			`if($this->config['user']['theme']==''){`
v3.0 2015-03-22 20:54:54 +00:00			`$this->config['user'] = $this->config['setting_default'];`
			`}`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`return;`
v3.03 ####update: - 分享可以修改路径；避免文件移动后原始分享路径失效问题 - 分享后自动刷新当前目录；跟新配置数据 - 文件管理当前文件夹不可写，对应右键菜单功能屏蔽 ####fix bug - cookie自动登录失败，导致页面css丢失问题 - 解压不了、权限验证过于严格问题 - 左侧树目录被底部盖住问题 - 分享office不了预览问题 - 用户组；用户组列表选择错误 - 菜单编辑中文部分乱码 - 图片预览优化 2015-03-26 09:50:26 +00:00			`}else if($_COOKIE['kod_name']!='' && $_COOKIE['kod_token']!=''){`
v3.0 2015-03-22 20:54:54 +00:00			`$member = new fileCache(USER_SYSTEM.'member.php');`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`$user = $member->get($_COOKIE['kod_name']);`
version 2.72 2014-09-16 16:22:35 +00:00			`if (!is_array($user) \|\| !isset($user['password'])) {`
v3.03 ####update: - 分享可以修改路径；避免文件移动后原始分享路径失效问题 - 分享后自动刷新当前目录；跟新配置数据 - 文件管理当前文件夹不可写，对应右键菜单功能屏蔽 ####fix bug - cookie自动登录失败，导致页面css丢失问题 - 解压不了、权限验证过于严格问题 - 左侧树目录被底部盖住问题 - 分享office不了预览问题 - 用户组；用户组列表选择错误 - 菜单编辑中文部分乱码 - 图片预览优化 2015-03-26 09:50:26 +00:00			`$this->logout();`
version 2.72 2014-09-16 16:22:35 +00:00			`}`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`if(md5($user['password'].get_client_ip()) == $_COOKIE['kod_token']){`
2.4 version 2014-06-08 06:47:38 +00:00			`session_start();//re start`
* version 2.61 搜索优化；编辑器自动补全优化 2014-07-11 18:33:26 +00:00			`$_SESSION['kod_login'] = true;`
			`$_SESSION['kod_user']= $user;`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`setcookie('kod_name', $_COOKIE['kod_name'], time()+360024365);`
			`setcookie('kod_token',$_COOKIE['kod_token'],time()+360024365); //密码的MD5值再次md5`
			`header('location:'.get_url());`
v2.6 2014-07-06 18:24:21 +00:00			`exit;`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`}`
v3.03 ####update: - 分享可以修改路径；避免文件移动后原始分享路径失效问题 - 分享后自动刷新当前目录；跟新配置数据 - 文件管理当前文件夹不可写，对应右键菜单功能屏蔽 ####fix bug - cookie自动登录失败，导致页面css丢失问题 - 解压不了、权限验证过于严格问题 - 左侧树目录被底部盖住问题 - 分享office不了预览问题 - 用户组；用户组列表选择错误 - 菜单编辑中文部分乱码 - 图片预览优化 2015-03-26 09:50:26 +00:00			`$this->logout();//session user数据不存在`
v3.0 2015-03-22 20:54:54 +00:00			`}else{`
			`if ($this->config['setting_system']['auto_login'] != '1') {`
			`$this->logout();//不自动登录`
			`}else{`
			`if (!file_exists(USER_SYSTEM.'install.lock')) {`
			`$this->display('install.html');exit;`
			`}`
			`header('location:./index.php?user/loginSubmit&name=guest&password=guest');`
			`}`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`}`
			`}`

v3.0 2015-03-22 20:54:54 +00:00			`//临时文件访问`
			`public function public_link(){`
			`load_class('mcrypt');`
			`$pass = $this->config['setting_system']['system_password'];`
ver 3.2 2015-10-25 15:39:11 +00:00			`$path = Mcrypt::decode($this->in['fid'],$pass);//一天内解密有效`
v3.0 2015-03-22 20:54:54 +00:00			`if (strlen($path) == 0) {`
			`show_json($this->L['error'],false);`
			`}`
ver 3.2 2015-10-25 15:39:11 +00:00			`if (!file_exists($path)) {`
			`show_tips($this->L['not_exists']);`
			`}`
v3.0 2015-03-22 20:54:54 +00:00			`file_put_out($path);`
			`}`
			`public function common_js(){`
			`$basic_path = BASIC_PATH;`
v3.1正式版修复beta的bug 2015-03-26 15:13:55 +00:00			`if (!$GLOBALS['is_root']) {`
v3.0 2015-03-22 20:54:54 +00:00			`$basic_path = '/';//对非root用户隐藏所有地址`
			`}`
			`$the_config = array(`
v3.01 修复3.0的几个bug 2015-03-24 09:31:30 +00:00			`'lang' => LANGUAGE_TYPE,`
v3.0 2015-03-22 20:54:54 +00:00			`'is_root' => $GLOBALS['is_root'],`
v3.01 修复3.0的几个bug 2015-03-24 09:31:30 +00:00			`'user_name' => $this->user['name'],`
v3.0 2015-03-22 20:54:54 +00:00			`'web_root' => $GLOBALS['web_root'],`
			`'web_host' => HOST,`
			`'static_path' => STATIC_PATH,`
v3.03 ####update: - 分享可以修改路径；避免文件移动后原始分享路径失效问题 - 分享后自动刷新当前目录；跟新配置数据 - 文件管理当前文件夹不可写，对应右键菜单功能屏蔽 ####fix bug - cookie自动登录失败，导致页面css丢失问题 - 解压不了、权限验证过于严格问题 - 左侧树目录被底部盖住问题 - 分享office不了预览问题 - 用户组；用户组列表选择错误 - 菜单编辑中文部分乱码 - 图片预览优化 2015-03-26 09:50:26 +00:00			`'basic_path' => $basic_path,`
v3.0 2015-03-22 20:54:54 +00:00			`'app_host' => APPHOST,`
			`'myhome' => MYHOME,`
ver 3.2 2015-10-25 15:39:11 +00:00			`'upload_max' => $this->config['settings']['upload_chunk_size'],`
			`'version' => KOD_VERSION,`
			`'version_desc' => $this->config['settings']['version_desc'],`
v3.0 2015-03-22 20:54:54 +00:00
ver 3.2 2015-10-25 15:39:11 +00:00			`'json_data' => "",`
v3.0 2015-03-22 20:54:54 +00:00			`'theme' => $this->config['user']['theme'], //列表排序依照的字段`
			`'list_type' => $this->config['user']['list_type'], //列表排序依照的字段`
			`'sort_field' => $this->config['user']['list_sort_field'], //列表排序依照的字段`
			`'sort_order' => $this->config['user']['list_sort_order'], //列表排序升序or降序`
			`'musictheme' => $this->config['user']['musictheme'],`
			`'movietheme' => $this->config['user']['movietheme']`
			`);`

ver 3.2 2015-10-25 15:39:11 +00:00			`if (!isset($GLOBALS['auth'])) {`
			`$GLOBALS['auth'] = array();`
			`}`
v3.0 2015-03-22 20:54:54 +00:00			`$js = 'LNG='.json_encode($GLOBALS['L']).';';`
			`$js .= 'AUTH='.json_encode($GLOBALS['auth']).';';`
			`$js .= 'G='.json_encode($the_config).';';`
			`header("Content-Type:application/javascript");`
			`echo $js;`
			`}`
version 2.5 2014-06-15 15:35:50 +00:00
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`/**`
ver 3.2 2015-10-25 15:39:11 +00:00			`* 登录view`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`*/`
v3.0 2015-03-22 20:54:54 +00:00			`public function login($msg = ''){`
v2.6 2014-07-06 18:24:21 +00:00			`if (!file_exists(USER_SYSTEM.'install.lock')) {`
			`$this->display('install.html');exit;`
v3.0 2015-03-22 20:54:54 +00:00			`}`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`$this->assign('msg',$msg);`
ver 3.2 2015-10-25 15:39:11 +00:00			`if (is_wap()) {`
			`$this->display('login_wap.html');`
			`}else{`
			`$this->display('login.html');`
			`}`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`exit;`
			`}`
version 2.5 2014-06-15 15:35:50 +00:00
v2.6 2014-07-06 18:24:21 +00:00			`/**`
ver 3.2 2015-10-25 15:39:11 +00:00			`* 首次登录`
v2.6 2014-07-06 18:24:21 +00:00			`*/`
			`public function loginFirst(){`
			`touch(USER_SYSTEM.'install.lock');`
v3.0 2015-03-22 20:54:54 +00:00			`header('location:./index.php?user/login');`
v3.03 ####update: - 分享可以修改路径；避免文件移动后原始分享路径失效问题 - 分享后自动刷新当前目录；跟新配置数据 - 文件管理当前文件夹不可写，对应右键菜单功能屏蔽 ####fix bug - cookie自动登录失败，导致页面css丢失问题 - 解压不了、权限验证过于严格问题 - 左侧树目录被底部盖住问题 - 分享office不了预览问题 - 用户组；用户组列表选择错误 - 菜单编辑中文部分乱码 - 图片预览优化 2015-03-26 09:50:26 +00:00			`exit;`
v2.6 2014-07-06 18:24:21 +00:00			`}`
version 2.5 2014-06-15 15:35:50 +00:00			`/**`
			`* 退出处理`
			`*/`
			`public function logout(){`
			`session_start();`
ver 3.2 2015-10-25 15:39:11 +00:00			`user_logout();`
version 2.5 2014-06-15 15:35:50 +00:00			`}`

v2.6 2014-07-06 18:24:21 +00:00			`/**`
ver 3.2 2015-10-25 15:39:11 +00:00			`* 登录数据提交处理`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`*/`
v2.6 2014-07-06 18:24:21 +00:00			`public function loginSubmit(){`
			`if(!isset($this->in['name']) \|\| !isset($this->in['password'])) {`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`$msg = $this->L['login_not_null'];`
v2.6 2014-07-06 18:24:21 +00:00			`}else{`
v3.0 2015-03-22 20:54:54 +00:00			`//错误三次输入验证码`
			`$name = rawurldecode($this->in['name']);`
			`$password = rawurldecode($this->in['password']);`

			`session_start();//re start 有新的修改后调用`
v3.22发布 2016-08-10 03:59:23 +00:00			`if(need_check_code() && isset($_SESSION['code_error_time']) &&`
ver 2.71 2014-09-02 14:49:20 +00:00			`intval($_SESSION['code_error_time']) >=3 &&`
			`$_SESSION['check_code'] !== strtolower($this->in['check_code'])){`
v3.0 2015-03-22 20:54:54 +00:00			`// pr($_SESSION['check_code'].'--'.strtolower($this->in['check_code']));exit;`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`$this->login($this->L['code_error']);`
			`}`
v3.0 2015-03-22 20:54:54 +00:00			`$member = new fileCache(USER_SYSTEM.'member.php');`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`$user = $member->get($name);`
			`if ($user ===false){`
			`$msg = $this->L['user_not_exists'];`
v3.0 2015-03-22 20:54:54 +00:00			`}else if(md5($password)==$user['password']){`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`if($user['status'] == 0){//初始化app`
v3.0 2015-03-22 20:54:54 +00:00			`$app = init_controller('app');`
			`$app->init_app($user);`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`}`
* version 2.61 搜索优化；编辑器自动补全优化 2014-07-11 18:33:26 +00:00			`$_SESSION['kod_login'] = true;`
			`$_SESSION['kod_user']= $user;`
v3.0 2015-03-22 20:54:54 +00:00			`setcookie('kod_name', $user['name'], time()+360024365);`
			`if ($this->in['rember_password'] == '1') {`
			`setcookie('kod_token',md5($user['password'].get_client_ip()),time()+360024365);`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`}`
version 2.5 2014-06-15 15:35:50 +00:00			`header('location:./index.php');`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`return;`
			`}else{`
			`$msg = $this->L['password_error'];`
			`}`
v3.0 2015-03-22 20:54:54 +00:00			`$_SESSION['code_error_time'] = intval($_SESSION['code_error_time']) + 1;`
v2.6 2014-07-06 18:24:21 +00:00			`}`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`$this->login($msg);`
			`}`

v2.6 2014-07-06 18:24:21 +00:00			`/**`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`* 修改密码`
			`*/`
version 2.5 2014-06-15 15:35:50 +00:00			`public function changePassword(){`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`$password_now=$this->in['password_now'];`
			`$password_new=$this->in['password_new'];`
			`if (!$password_now && !$password_new)show_json($this->L['password_not_null'],false);`
			`if ($this->user['password']==md5($password_now)){`
ver 3.2 2015-10-25 15:39:11 +00:00			`$member_file = USER_SYSTEM.'member.php';`
v3.0 2015-03-22 20:54:54 +00:00			`$sql=new fileCache(USER_SYSTEM.'member.php');`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`$this->user['password'] = md5($password_new);`
			`$sql->update($this->user['name'],$this->user);`
			`setcookie('kod_token',md5(md5($password_new)),time()+360024365);`
			`show_json('success');`
			`}else {`
			`show_json($this->L['old_password_error'],false);`
			`}`
			`}`

			`/**`
			`* 权限验证；统一入口检验`
			`*/`
			`public function authCheck(){`
ver 2.71 2014-09-02 14:49:20 +00:00			`if (isset($GLOBALS['is_root']) && $GLOBALS['is_root'] == 1) return;`
v2.6 2014-07-06 18:24:21 +00:00			`if (in_array(ACT,$this->notCheck)) return;`
			`if (!array_key_exists(ST,$this->config['role_setting']) ) return;`
v3.0 2015-03-22 20:54:54 +00:00			`if (!in_array(ACT,$this->config['role_setting'][ST]) &&`
			`ST.':'.ACT != 'user:common_js') return;//输出处理过的权限`
v2.6 2014-07-06 18:24:21 +00:00
			`//有权限限制的函数`
			`$key = ST.':'.ACT;`
v3.0 2015-03-22 20:54:54 +00:00			`$group = new fileCache(USER_SYSTEM.'group.php');`
			`$auth= $group->get($this->user['role']);`

			`//向下版本兼容处理`
			`//未定义；新版本首次使用默认开放的功能`
			`if(!isset($auth['userShare:set'])){`
			`$auth['userShare:set'] = 1;`
			`}`
			`if(!isset($auth['explorer:fileDownload'])){`
v3.01 修复3.0的几个bug 2015-03-24 09:31:30 +00:00			`$auth['explorer:fileDownload'] = 1;`
v3.0 2015-03-22 20:54:54 +00:00			`}`
			`//默认扩展功能等价权限`
			`$auth['user:common_js'] = 1;//权限数据配置后输出到前端`
			`$auth['explorer:pathChmod'] = $auth['explorer:pathRname'];`
			`$auth['explorer:pathDeleteRecycle'] = $auth['explorer:pathDelete'];`
			`$auth['explorer:pathCopyDrag'] = $auth['explorer:pathCuteDrag'];`
v3.01 修复3.0的几个bug 2015-03-24 09:31:30 +00:00
v3.0 2015-03-22 20:54:54 +00:00			`$auth['explorer:fileDownloadRemove']= $auth['explorer:fileDownload'];`
			`$auth['explorer:zipDownload'] = $auth['explorer:fileDownload'];`
			`$auth['explorer:fileProxy'] = $auth['explorer:fileDownload'];`
v3.01 修复3.0的几个bug 2015-03-24 09:31:30 +00:00			`$auth['editor:fileGet'] = $auth['explorer:fileDownload'];`
ver 3.2 2015-10-25 15:39:11 +00:00			`$auth['explorer:officeView'] = $auth['explorer:fileDownload'];`
			`$auth['explorer:officeSave'] = $auth['editor:fileSave'];`
v3.0 2015-03-22 20:54:54 +00:00			`$auth['userShare:del'] = $auth['userShare:set'];`
			`if ($auth[$key] != 1) show_json($this->L['no_permission'],false);`
v2.6 2014-07-06 18:24:21 +00:00
v3.0 2015-03-22 20:54:54 +00:00			`$GLOBALS['auth'] = $auth;//全局`
v2.6 2014-07-06 18:24:21 +00:00			`//扩展名限制：新建文件&上传文件&重命名文件&保存文件&zip解压文件`
			`$check_arr = array(`
v3.0 2015-03-22 20:54:54 +00:00			`'mkfile' => $this->check_key('path'),`
			`'pathRname' => $this->check_key('rname_to'),`
v2.6 2014-07-06 18:24:21 +00:00			`'fileUpload'=> isset($_FILES['file']['name'])?$_FILES['file']['name']:'',`
v3.0 2015-03-22 20:54:54 +00:00			`'fileSave' => $this->check_key('path')`
v2.6 2014-07-06 18:24:21 +00:00			`);`
			`if (array_key_exists(ACT,$check_arr) && !checkExt($check_arr[ACT])){`
			`show_json($this->L['no_permission_ext'],false);`
* version 2.61 搜索优化；编辑器自动补全优化 2014-07-11 18:33:26 +00:00			`}`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`}`
v3.0 2015-03-22 20:54:54 +00:00			`private function check_key($key){`
			`return isset($this->in[$key])? rawurldecode($this->in[$key]):'';`
			`}`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00
			`public function checkCode() {`
			`session_start();//re start`
v3.0 2015-03-22 20:54:54 +00:00			`$code = rand_string(4);`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`$_SESSION['check_code'] = strtolower($code);`
v3.0 2015-03-22 20:54:54 +00:00			`check_code($code);`
2.1版本提交初始化代码 2014-04-01 18:00:42 +00:00			`}`
			`}`