getPurview(); if(preg_match('/admin_AllowAll/i',$purview)) { return TRUE; } if($n=='') { return TRUE; } if(!isset($GLOBALS['groupRanks'])) { $GLOBALS['groupRanks'] = explode(' ',$purview); } $ns = explode(',',$n); foreach($ns as $n) { //只要找到一个匹配的权限，即可认为用户有权访问此页面 if($n=='') { continue; } if(in_array($n,$GLOBALS['groupRanks'])) { $rs = TRUE; break; } } return $rs; } /** * 对权限检测后返回操作对话框 * * @access public * @param string $n 功能名称 * @return string */ function CheckPurview($n) { if(!TestPurview($n)) { ShowMsg("对不起，你没有权限执行此操作！

点击此返回上一页>>",'javascript:;'); exit(); } } /** * 是否没权限限制(超级管理员) * * @access public * @param string * @return bool */ function TestAdmin() { $purview = $GLOBALS['cuserLogin']->getPurview(); if(preg_match('/admin_AllowAll/i',$purview)) { return TRUE; } else { return FALSE; } } $DedeUserCatalogs = Array(); /** * 检测用户是否有权限操作某栏目 * * @access public * @param int $cid 频道id * @param string $msg 返回消息 * @return string */ function CheckCatalog($cid, $msg) { global $cfg_admin_channel, $admin_catalogs; if($cfg_admin_channel=='all' || TestAdmin()) { return TRUE; } if( !in_array($cid, $admin_catalogs) ) { ShowMsg(" $msg

点击此返回上一页>>",'javascript:;'); exit(); } return TRUE; } /** * 发布文档临时附件信息缓存、发文档前先清空附件信息 * 发布文档时涉及的附件保存到缓存里，完成后把它与文档关连 * * @access public * @param string $fid 文件ID * @param string $filename 文件名称 * @return void */ function AddMyAddon($fid, $filename) { $cacheFile = DEDEDATA.'/cache/addon-'.session_id().'.inc'; if(!file_exists($cacheFile)) { $fp = fopen($cacheFile, 'w'); fwrite($fp, '<'.'?php'."\r\n"); fwrite($fp, "\$myaddons = array();\r\n"); fwrite($fp, "\$maNum = 0;\r\n"); fclose($fp); } include($cacheFile); $fp = fopen($cacheFile, 'a'); $arrPos = $maNum; $maNum++; fwrite($fp, "\$myaddons[\$maNum] = array('$fid', '$filename');\r\n"); fwrite($fp, "\$maNum = $maNum;\r\n"); fclose($fp); } /** * 清理附件，如果关连的文档ID，先把上一批附件传给这个文档ID * * @access public * @param string $aid 文档ID * @param string $title 文档标题 * @return empty */ function ClearMyAddon($aid=0, $title='') { global $dsql; $cacheFile = DEDEDATA.'/cache/addon-'.session_id().'.inc'; $_SESSION['bigfile_info'] = array(); $_SESSION['file_info'] = array(); if(!file_exists($cacheFile)) { return ; } //把附件与文档关连 if(!empty($aid)) { include($cacheFile); foreach($myaddons as $addons) { if(!empty($title)) { $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid',title='$title' where aid='{$addons[0]}'"); } else { $dsql->ExecuteNoneQuery("Update `#@__uploads` set arcid='$aid' where aid='{$addons[0]}' "); } } } @unlink($cacheFile); } /** * 登录类 * * @package userLogin * @subpackage DedeCMS.Libraries * @link http://www.dedecms.com */ class userLogin { var $userName = ''; var $userPwd = ''; var $userID = ''; var $adminDir = ''; var $userType = ''; var $userChannel = ''; var $userPurview = ''; var $keepUserIDTag = 'dede_admin_id'; var $keepUserTypeTag = 'dede_admin_type'; var $keepUserChannelTag = 'dede_admin_channel'; var $keepUserNameTag = 'dede_admin_name'; var $keepUserPurviewTag = 'dede_admin_purview'; var $keepAdminStyleTag = 'dede_admin_style'; var $adminStyle = 'dedecms'; //php5构造函数 function __construct($admindir='') { global $admin_path; if(isset($_SESSION[$this->keepUserIDTag])) { $this->userID = $_SESSION[$this->keepUserIDTag]; $this->userType = $_SESSION[$this->keepUserTypeTag]; $this->userChannel = $_SESSION[$this->keepUserChannelTag]; $this->userName = $_SESSION[$this->keepUserNameTag]; $this->userPurview = $_SESSION[$this->keepUserPurviewTag]; $this->adminStyle = $_SESSION[$this->keepAdminStyleTag]; } if($admindir!='') { $this->adminDir = $admindir; } else { $this->adminDir = $admin_path; } } function userLogin($admindir='') { $this->__construct($admindir); } /** * 检验用户是否正确 * * @access public * @param string $username 用户名 * @param string $userpwd 密码 * @return string */ function checkUser($username, $userpwd) { global $dsql; //只允许用户名和密码用0-9,a-z,A-Z,'@','_','.','-'这些字符 $this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username); $this->userPwd = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userpwd); $pwd = substr(md5($this->userPwd), 5, 20); $dsql->SetQuery("SELECT admin.*,atype.purviews FROM `#@__admin` admin LEFT JOIN `#@__admintype` atype ON atype.rank=admin.usertype WHERE admin.userid LIKE '".$this->userName."' LIMIT 0,1"); $dsql->Execute(); $row = $dsql->GetObject(); if(!isset($row->pwd)) { return -1; } else if($pwd!=$row->pwd) { return -2; } else { $loginip = GetIP(); $this->userID = $row->id; $this->userType = $row->usertype; $this->userChannel = $row->typeid; $this->userName = $row->uname; $this->userPurview = $row->purviews; $inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='".time()."' WHERE id='".$row->id."'"; $dsql->ExecuteNoneQuery($inquery); $sql = "UPDATE `#@__member` SET logintime=".time().", loginip='$loginip' WHERE mid=".$row->id; $dsql->ExecuteNoneQuery($sql); return 1; } } /** * 保持用户的会话状态 * * @access public * @return int 成功返回 1 ，失败返回 -1 */ function keepUser() { if($this->userID != '' && $this->userType != '') { global $admincachefile,$adminstyle; if(empty($adminstyle)) $adminstyle = 'dedecms'; @session_register($this->keepUserIDTag); $_SESSION[$this->keepUserIDTag] = $this->userID; @session_register($this->keepUserTypeTag); $_SESSION[$this->keepUserTypeTag] = $this->userType; @session_register($this->keepUserChannelTag); $_SESSION[$this->keepUserChannelTag] = $this->userChannel; @session_register($this->keepUserNameTag); $_SESSION[$this->keepUserNameTag] = $this->userName; @session_register($this->keepUserPurviewTag); $_SESSION[$this->keepUserPurviewTag] = $this->userPurview; @session_register($this->keepAdminStyleTag); $_SESSION[$this->keepAdminStyleTag] = $adminstyle; PutCookie('DedeUserID', $this->userID, 3600 * 24, '/'); PutCookie('DedeLoginTime', time(), 3600 * 24, '/'); $this->ReWriteAdminChannel(); return 1; } else { return -1; } } /** * 重写用户权限频道 * * @access public * @return void */ function ReWriteAdminChannel() { //$this->userChannel $cacheFile = DEDEDATA.'/cache/admincat_'.$this->userID.'.inc'; //管理员管理的频道列表 $typeid = trim($this->userChannel); if( empty($typeid) || $this->getUserType() >= 10 ) { $firstConfig = "\$cfg_admin_channel = 'all';\r\n\$admin_catalogs = array();\r\n"; } else { $firstConfig = "\$cfg_admin_channel = 'array';\r\n"; } $fp = fopen($cacheFile, 'w'); fwrite($fp, '<'.'?php'."\r\n"); fwrite($fp, $firstConfig); if( !empty($typeid) ) { $typeids = explode(',', $typeid); $typeid = ''; foreach($typeids as $tid) { $typeid .= ( $typeid=='' ? GetSonIdsUL($tid) : ','.GetSonIdsUL($tid) ); } $typeids = explode(',', $typeid); $typeidsnew = array_unique($typeids); $typeid = join(',', $typeidsnew); fwrite($fp, "\$admin_catalogs = array($typeid);\r\n"); } fwrite($fp, '?'.'>'); fclose($fp); } // /** * 结束用户的会话状态 * * @access public * @return void */ function exitUser() { ClearMyAddon(); @session_unregister($this->keepUserIDTag); @session_unregister($this->keepUserTypeTag); @session_unregister($this->keepUserChannelTag); @session_unregister($this->keepUserNameTag); @session_unregister($this->keepUserPurviewTag); DropCookie('dedeAdmindir'); DropCookie('DedeUserID'); DropCookie('DedeLoginTime'); $_SESSION = array(); } /** * 获得用户管理频道的值 * * @access public * @return array */ function getUserChannel() { if($this->userChannel != '') { return $this->userChannel; } else { return ''; } } /** * 获得用户的权限值 * * @access public * @return int */ function getUserType() { if($this->userType != '') { return $this->userType; } else { return -1; } } /** * 获取用户权限值 * * @access public * @return int */ function getUserRank() { return $this->getUserType(); } /** * 获得用户的ID * * @access public * @return int */ function getUserID() { if($this->userID != '') { return $this->userID; } else { return -1; } } /** * 获得用户的笔名 * * @access public * @return string */ function getUserName() { if($this->userName != '') { return $this->userName; } else { return -1; } } /** * 用户权限表 * * @access public * @return string */ function getPurview() { return $this->userPurview; } } /** * 获得某id的所有下级id * * @access public * @param int $id 栏目ID * @param int $channel 频道ID * @param int $addthis 是否加入当前这个栏目 * @return string */ function GetSonIdsUL($id, $channel=0, $addthis=TRUE) { global $cfg_Cs; $GLOBALS['idArray'] = array(); if( !is_array($cfg_Cs) ) { require_once(DEDEDATA."/cache/inc_catalog_base.inc"); } GetSonIdsLogicUL($id,$cfg_Cs,$channel,$addthis); $rquery = join(',', $GLOBALS['idArray']); return $rquery; } /** * 递归逻辑 * * @access public * @param int $id 栏目ID * @param array $sArr 缓存数组 * @param int $channel 频道ID * @param int $addthis 是否加入当前这个栏目 * @return string */ function GetSonIdsLogicUL($id,$sArr,$channel=0,$addthis=FALSE) { if($id!=0 && $addthis) { $GLOBALS['idArray'][$id] = $id; } foreach($sArr as $k=>$v) { if( $v[0]==$id && ($channel==0 || $v[1]==$channel )) { GetSonIdsLogicUL($k,$sArr,$channel,TRUE); } } }