www.gusucode.com > baigo CMS PHP开源网站管理系统 v1.2.2源码程序 > baigocms_v1.2.2/bg_sso/core/model/admin.class.php
<?php
/*-----------------------------------------------------------------
!!!!警告!!!!
以下为系统文件,请勿修改
-----------------------------------------------------------------*/
//不能非法包含或直接执行
if(!defined("IN_BAIGO")) {
exit("Access Denied");
}
/*-------------管理员模型-------------*/
class MODEL_ADMIN {
private $obj_db;
public $adminStatus = array(); //状态
function __construct() { //构造函数
$this->obj_db = $GLOBALS["obj_db"]; //设置数据库对象
}
/** 创建表 在安装或升级时调用
* mdl_create function.
*
* @access public
* @return void
*/
function mdl_create_table() {
foreach ($this->adminStatus as $_key=>$_value) {
$_arr_status[] = $_key;
}
$_str_status = implode("','", $_arr_status);
$_arr_adminCreate = array(
"admin_id" => "smallint NOT NULL AUTO_INCREMENT COMMENT 'ID'",
"admin_name" => "varchar(30) NOT NULL COMMENT '用户名'",
"admin_pass" => "char(32) NOT NULL COMMENT '密码'",
"admin_rand" => "char(6) NOT NULL COMMENT '随机串'",
"admin_note" => "varchar(30) NOT NULL COMMENT '备注'",
"admin_nick" => "varchar(30) NOT NULL COMMENT '昵称'",
"admin_status" => "enum('" . $_str_status . "') NOT NULL COMMENT '状态'",
"admin_allow" => "varchar(3000) NOT NULL COMMENT '权限'",
"admin_time" => "int NOT NULL COMMENT '创建时间'",
"admin_time_login" => "int NOT NULL COMMENT '登录时间'",
"admin_ip" => "varchar(15) NOT NULL COMMENT '最后 IP 地址'",
);
$_num_mysql = $this->obj_db->create_table(BG_DB_TABLE . "admin", $_arr_adminCreate, "admin_id", "管理员");
if ($_num_mysql > 0) {
$_str_alert = "y020105"; //更新成功
} else {
$_str_alert = "x020105"; //更新成功
}
return array(
"alert" => $_str_alert, //更新成功
);
}
/** 列出字段
* mdl_column function.
*
* @access public
* @return void
*/
function mdl_column() {
$_arr_colRows = $this->obj_db->show_columns(BG_DB_TABLE . "admin");
foreach ($_arr_colRows as $_key=>$_value) {
$_arr_col[] = $_value["Field"];
}
return $_arr_col;
}
/** 修改表 升级时调用
* mdl_alert_table function.
*
* @access public
* @return void
*/
function mdl_alert_table() {
foreach ($this->adminStatus as $_key=>$_value) {
$_arr_status[] = $_key;
}
$_str_status = implode("','", $_arr_status);
$_arr_col = $this->mdl_column();
$_arr_alert = array();
if (!in_array("admin_nick", $_arr_col)) {
$_arr_alert["admin_nick"] = array("ADD", "varchar(30) NOT NULL COMMENT '昵称'");
}
if (in_array("admin_id", $_arr_col)) {
$_arr_alert["admin_id"] = array("CHANGE", "smallint NOT NULL AUTO_INCREMENT COMMENT 'ID'", "admin_id");
}
if (in_array("admin_status", $_arr_col)) {
$_arr_alert["admin_status"] = array("CHANGE", "enum('" . $_str_status . "') NOT NULL COMMENT '状态'", "admin_status");
}
$_arr_adminData = array(
"admin_status" => $_arr_status[0],
);
$this->obj_db->update(BG_DB_TABLE . "admin", $_arr_adminData, "LENGTH(admin_status) < 1"); //将 admin_status 字段为空的记录,更新为默认值
if (in_array("admin_pass", $_arr_col)) {
$_arr_alert["admin_pass"] = array("CHANGE", "char(32) NOT NULL COMMENT '密码'", "admin_pass");
}
if (in_array("admin_rand", $_arr_col)) {
$_arr_alert["admin_rand"] = array("CHANGE", "char(6) NOT NULL COMMENT '随机串'", "admin_rand");
}
$_str_alert = "y0201111";
if ($_arr_alert) {
$_reselt = $this->obj_db->alert_table(BG_DB_TABLE . "admin", $_arr_alert);
if ($_reselt) {
$_str_alert = "y020106";
}
}
return array(
"alert" => $_str_alert,
);
}
/** 登录时更新用户信息
* mdl_login function.
*
* @access public
* @param mixed $num_adminId
* @param mixed $str_adminPass
* @param mixed $str_adminRand
* @return void
*/
function mdl_login($num_adminId, $str_adminPass, $str_adminRand) {
$_arr_adminData = array(
"admin_pass" => $str_adminPass, //密码 md5 加密,加盐后再次 md5 加密,每次登录更新加盐值
"admin_rand" => $str_adminRand, //加盐
"admin_time_login" => time(),
"admin_ip" => fn_getIp(true),
);
$_num_mysql = $this->obj_db->update(BG_DB_TABLE . "admin", $_arr_adminData, "admin_id=" . $num_adminId); //更新数据
if ($_num_mysql > 0) {
$_str_alert = "y020103"; //更新成功
} else {
return array(
"alert" => "x020103", //更新失败
);
}
return array(
"admin_id" => $_num_adminId,
"alert" => $_str_alert, //成功
);
}
/** 修改个人信息
* mdl_profile function.
*
* @access public
* @param mixed $num_adminId
* @return void
*/
function mdl_profile($num_adminId) {
$_arr_adminData = array(
"admin_nick" => $this->adminProfile["admin_nick"],
);
$_num_adminId = $num_adminId;
$_num_mysql = $this->obj_db->update(BG_DB_TABLE . "admin", $_arr_adminData, "admin_id=" . $_num_adminId); //更新数据
if ($_num_mysql > 0) {
$_str_alert = "y020108"; //更新成功
} else {
return array(
"alert" => "x020103", //更新失败
);
}
return array(
"admin_id" => $_num_adminId,
"alert" => $_str_alert, //成功
);
}
/** 修改密码
* mdl_pass function.
*
* @access public
* @param mixed $num_adminId
* @return void
*/
function mdl_pass($num_adminId) {
$_arr_adminData = array(
"admin_pass" => $this->adminPass["admin_pass_do"], //密码 md5 加密,加盐后再次 md5 加密
"admin_rand" => $this->adminPass["admin_rand"], //加盐
);
$_num_adminId = $num_adminId;
$_num_mysql = $this->obj_db->update(BG_DB_TABLE . "admin", $_arr_adminData, "admin_id=" . $_num_adminId); //更新数据
if ($_num_mysql > 0) {
$_str_alert = "y020109"; //更新成功
} else {
return array(
"alert" => "x020103", //更新失败
);
}
return array(
"admin_id" => $_num_adminId,
"alert" => $_str_alert, //成功
);
}
/** 管理员创建、编辑提交
* mdl_submit function.
*
* @access public
* @param string $str_adminPass (default: "")
* @param string $str_adminRand (default: "")
* @return void
*/
function mdl_submit($str_adminPass = "", $str_adminRand = "") {
$_arr_adminData = array(
"admin_name" => $this->adminSubmit["admin_name"],
"admin_note" => $this->adminSubmit["admin_note"],
"admin_status" => $this->adminSubmit["admin_status"],
"admin_allow" => $this->adminSubmit["admin_allow"],
"admin_nick" => $this->adminSubmit["admin_nick"],
);
if ($this->adminSubmit["admin_id"] < 1) {
$_arr_insert = array(
"admin_pass" => $str_adminPass,
"admin_rand" => $str_adminRand,
"admin_time" => time(),
"admin_time_login" => time(),
"admin_ip" => fn_getIp(),
);
$_arr_data = array_merge($_arr_adminData, $_arr_insert);
$_num_adminId = $this->obj_db->insert(BG_DB_TABLE . "admin", $_arr_data); //更新数据
if ($_num_adminId > 0) {
$_str_alert = "y020101"; //更新成功
} else {
return array(
"alert" => "x020101", //更新失败
);
}
} else {
if ($str_adminPass) {
$_arr_adminData["admin_pass"] = $str_adminPass; //如果密码不为空则修改
}
if ($str_adminRand) {
$_arr_adminData["admin_rand"] = $str_adminRand; //如果密码不为空则修改
}
$_num_adminId = $this->adminSubmit["admin_id"];
$_num_mysql = $this->obj_db->update(BG_DB_TABLE . "admin", $_arr_adminData, "admin_id=" . $_num_adminId); //更新数据
if ($_num_mysql > 0) {
$_str_alert = "y020103"; //更新成功
} else {
return array(
"alert" => "x020103", //更新失败
);
}
}
return array(
"admin_id" => $_num_adminId,
"alert" => $_str_alert, //成功
);
}
/** 编辑状态
* mdl_status function.
*
* @access public
* @param mixed $str_status
* @return void
*/
function mdl_status($str_status) {
$_str_adminId = implode(",", $this->adminIds["admin_ids"]);
$_arr_adminUpdate = array(
"admin_status" => $str_status,
);
$_num_mysql = $this->obj_db->update(BG_DB_TABLE . "admin", $_arr_adminUpdate, "admin_id IN (" . $_str_adminId . ")"); //删除数据
//如影响行数大于0则返回成功
if ($_num_mysql > 0) {
$_str_alert = "y020103"; //成功
} else {
$_str_alert = "x020103"; //失败
}
return array(
"alert" => $_str_alert,
);
}
/** 读取
* mdl_read function.
*
* @access public
* @param mixed $str_admin
* @param string $str_by (default: "admin_id")
* @param int $num_notId (default: 0)
* @return void
*/
function mdl_read($str_admin, $str_by = "admin_id", $num_notId = 0) {
$_arr_adminSelect = array(
"admin_id",
"admin_name",
"admin_pass",
"admin_note",
"admin_nick",
"admin_rand",
"admin_time",
"admin_time_login",
"admin_ip",
"admin_allow",
"admin_status",
);
if (is_numeric($str_admin)) {
$_str_sqlWhere = $str_by . "=" . $str_admin; //如果读取值为数字
} else {
$_str_sqlWhere = $str_by . "='" . $str_admin . "'";
}
if ($num_notId > 0) {
$_str_sqlWhere .= " AND admin_id<>" . $num_notId;
}
$_arr_adminRows = $this->obj_db->select(BG_DB_TABLE . "admin", $_arr_adminSelect, $_str_sqlWhere, "", "", 1, 0); //检查本地表是否存在记录
if (isset($_arr_adminRows[0])) { //用户名不存在则返回错误
$_arr_adminRow = $_arr_adminRows[0];
} else {
return array(
"alert" => "x020102", //不存在记录
);
}
if (isset($_arr_adminRow["admin_allow"])) {
$_arr_adminRow["admin_allow"] = fn_jsonDecode($_arr_adminRow["admin_allow"], "no"); //json 解码
} else {
$_arr_adminRow["admin_allow"] = array();
}
$_arr_adminRow["alert"] = "y020102";
return $_arr_adminRow;
}
/** 列出
* mdl_list function.
*
* @access public
* @param mixed $num_no
* @param int $num_except (default: 0)
* @param array $arr_search (default: array())
* @return void
*/
function mdl_list($num_no, $num_except = 0, $arr_search = array()) {
$_arr_adminSelect = array(
"admin_id",
"admin_name",
"admin_note",
"admin_nick",
"admin_status",
"admin_time",
"admin_time_login",
"admin_ip",
);
$_str_sqlWhere = $this->sql_process($arr_search);
$_arr_adminRows = $this->obj_db->select(BG_DB_TABLE . "admin", $_arr_adminSelect, $_str_sqlWhere, "", "admin_id DESC", $num_no, $num_except); //查询数据
return $_arr_adminRows;
}
/** 计数
* mdl_count function.
*
* @access public
* @param array $arr_search (default: array())
* @return void
*/
function mdl_count($arr_search = array()) {
$_str_sqlWhere = $this->sql_process($arr_search);
$_num_adminCount = $this->obj_db->count(BG_DB_TABLE . "admin", $_str_sqlWhere); //查询数据
return $_num_adminCount;
}
/** 删除
* mdl_del function.
*
* @access public
* @return void
*/
function mdl_del() {
$_str_adminId = implode(",", $this->adminIds["admin_ids"]);
$_num_mysql = $this->obj_db->delete(BG_DB_TABLE . "admin", "admin_id IN (" . $_str_adminId . ")"); //删除数据
//如车影响行数小于0则返回错误
if ($_num_mysql > 0) {
$_str_alert = "y020104"; //成功
} else {
$_str_alert = "x020104"; //失败
}
return array(
"alert" => $_str_alert,
);
}
/** 修改个人信息表单验证
* input_profile function.
*
* @access public
* @return void
*/
function input_profile() {
if (!fn_token("chk")) { //令牌
return array(
"alert" => "x030206",
);
}
$_arr_adminNick = validateStr(fn_post("admin_nick"), 0, 30);
switch ($_arr_adminNick["status"]) {
case "too_long":
return array(
"alert" => "x020212",
);
break;
case "ok":
$this->adminProfile["admin_nick"] = $_arr_adminNick["str"];
break;
}
$this->adminProfile["alert"] = "ok";
return $this->adminProfile;
}
/** 修改密码表单验证
* input_pass function.
*
* @access public
* @return void
*/
function input_pass() {
if (!fn_token("chk")) { //令牌
return array(
"alert" => "x030206",
);
}
$_arr_adminPassOld = validateStr(fn_post("admin_pass"), 1, 0);
switch ($_arr_adminPassOld["status"]) {
case "too_short":
return array(
"alert" => "x020210",
);
break;
case "ok":
$this->adminPass["admin_pass"] = $_arr_adminPassOld["str"];
break;
}
$_arr_adminPassNew = validateStr(fn_post("admin_pass_new"), 1, 0);
switch ($_arr_adminPassNew["status"]) {
case "too_short":
return array(
"alert" => "x020213",
);
break;
case "ok":
$this->adminPass["admin_pass_new"] = $_arr_adminPassNew["str"];
break;
}
$_arr_adminPassConfirm = validateStr(fn_post("admin_pass_confirm"), 1, 0);
switch ($_arr_adminPassConfirm["status"]) {
case "too_short":
return array(
"alert" => "x020215",
);
break;
case "ok":
$this->adminPass["admin_pass_confirm"] = $_arr_adminPassConfirm["str"];
break;
}
if ($this->adminPass["admin_pass_new"] != $this->adminPass["admin_pass_confirm"]) {
return array(
"alert" => "x020211",
);
}
$this->adminPass["admin_rand"] = fn_rand(6);
$this->adminPass["admin_pass_do"] = fn_baigoEncrypt($this->adminPass["admin_pass_new"], $this->adminPass["admin_rand"]);
$this->adminPass["alert"] = "ok";
return $this->adminPass;
}
/** 登录验证
* input_login function.
*
* @access public
* @return void
*/
function input_login() {
$this->adminLogin["forward"] = fn_getSafe(fn_post("forward"), "txt", "");
if (!$this->adminLogin["forward"]) {
$this->adminLogin["forward"] = base64_encode(BG_URL_ADMIN . "ctl.php");
}
if (!fn_seccode()) { //验证码
return array(
"forward" => $this->adminLogin["forward"],
"alert" => "x030205",
);
}
if (!fn_token("chk")) { //令牌
return array(
"forward" => $this->adminLogin["forward"],
"alert" => "x030206",
);
}
$_arr_adminName = validateStr(fn_post("admin_name"), 1, 30, "str", "strDigit");
switch ($_arr_adminName["status"]) {
case "too_short":
return array(
"forward" => $this->adminLogin["forward"],
"alert" => "x020201",
);
break;
case "too_long":
return array(
"forward" => $this->adminLogin["forward"],
"alert" => "x020202",
);
break;
case "format_err":
return array(
"forward" => $this->adminLogin["forward"],
"alert" => "x020203",
);
break;
case "ok":
$this->adminLogin["admin_name"] = $_arr_adminName["str"];
break;
}
$_arr_adminPass = validateStr(fn_post("admin_pass"), 1, 0);
switch ($_arr_adminPass["status"]) {
case "too_short":
return array(
"forward" => $this->adminLogin["forward"],
"alert" => "x020205",
);
break;
case "ok":
$this->adminLogin["admin_pass"] = $_arr_adminPass["str"];
break;
}
$this->adminLogin["alert"] = "ok";
return $this->adminLogin;
}
/** 创建、编辑表单验证
* input_submit function.
*
* @access public
* @return void
*/
function input_submit() {
if (!fn_token("chk")) { //令牌
return array(
"alert" => "x030206",
);
}
$this->adminSubmit["admin_id"] = fn_getSafe(fn_post("admin_id"), "int", 0);
if ($this->adminSubmit["admin_id"] > 0) {
//检验用户是否存在
$_arr_adminRow = $this->mdl_read($this->adminSubmit["admin_id"]);
if ($_arr_adminRow["alert"] != "y020102") {
return $_arr_adminRow;
}
}
$_arr_adminName = validateStr(fn_post("admin_name"), 1, 30);
switch ($_arr_adminName["status"]) {
case "too_short":
return array(
"alert" => "x020201",
);
break;
case "too_long":
return array(
"alert" => "x020202",
);
break;
case "ok":
$this->adminSubmit["admin_name"] = $_arr_adminName["str"];
break;
}
//检验用户名是否重复
$_arr_adminRow = $this->mdl_read($this->adminSubmit["admin_name"], "admin_name", $this->adminSubmit["admin_id"]);
if ($_arr_adminRow["alert"] == "y020102") {
return array(
"alert" => "x020204",
);
}
$_arr_adminNote = validateStr(fn_post("admin_note"), 0, 30);
switch ($_arr_adminNote["status"]) {
case "too_long":
return array(
"alert" => "x020208",
);
break;
case "ok":
$this->adminSubmit["admin_note"] = $_arr_adminNote["str"];
break;
}
$_arr_adminStatus = validateStr(fn_post("admin_status"), 1, 0);
switch ($_arr_adminStatus["status"]) {
case "too_short":
return array(
"alert" => "x020209",
);
break;
case "ok":
$this->adminSubmit["admin_status"] = $_arr_adminStatus["str"];
break;
}
$_arr_adminNick = validateStr(fn_post("admin_nick"), 0, 30);
switch ($_arr_adminNick["status"]) {
case "too_long":
return array(
"alert" => "x020212",
);
break;
case "ok":
$this->adminSubmit["admin_nick"] = $_arr_adminNick["str"];
break;
}
$this->adminSubmit["admin_allow"] = fn_jsonEncode(fn_post("admin_allow"), "no");
$this->adminSubmit["alert"] = "ok";
return $this->adminSubmit;
}
/** api 创建验证
* api_add function.
*
* @access public
* @return void
*/
function api_add() {
if (!fn_token("chk")) { //令牌
return array(
"alert" => "x030206",
);
}
$_arr_adminName = validateStr(fn_post("admin_name"), 1, 30);
switch ($_arr_adminName["status"]) {
case "too_short":
return array(
"alert" => "x020201",
);
break;
case "too_long":
return array(
"alert" => "x020202",
);
break;
case "ok":
$this->adminSubmit["admin_name"] = $_arr_adminName["str"];
break;
}
//检验用户名是否重复
$_arr_adminRow = $this->mdl_read($this->adminSubmit["admin_name"], "admin_name");
if ($_arr_adminRow["alert"] == "y020102") {
return array(
"alert" => "x020204",
);
}
$_arr_adminPass = validateStr(fn_post("admin_pass"), 1, 0);
switch ($_arr_adminPass["status"]) {
case "too_short":
return array(
"alert" => "x020210",
);
break;
case "ok":
$this->adminSubmit["admin_pass"] = $_arr_adminPass["str"];
break;
}
$this->adminSubmit["admin_nick"] = $this->adminSubmit["admin_name"];
$this->adminSubmit["admin_note"] = $this->adminSubmit["admin_name"];
$this->adminSubmit["admin_id"] = 0;
$this->adminSubmit["admin_status"] = "enable";
$_arr_adminAllow = array(
"user" => array(
"browse" => 1,
"add" => 1,
"edit" => 1,
"del" => 1,
),
"app" => array(
"browse" => 1,
"add" => 1,
"edit" => 1,
"del" => 1,
),
"log" => array(
"browse" => 1,
"edit" => 1,
"del" => 1,
),
"admin" => array(
"browse" => 1,
"add" => 1,
"edit" => 1,
"del" => 1,
),
"opt" => array(
"dbconfig" => 1,
"base" => 1,
"reg" => 1,
"smtp" => 1,
),
);
$this->adminSubmit["admin_allow"] = fn_jsonEncode($_arr_adminAllow, "no");
$this->adminSubmit["alert"] = "ok";
return $this->adminSubmit;
}
/** 选择管理员
* input_ids function.
*
* @access public
* @return void
*/
function input_ids() {
if (!fn_token("chk")) { //令牌
return array(
"alert" => "x030206",
);
}
$_arr_adminIds = fn_post("admin_ids");
if ($_arr_adminIds) {
foreach ($_arr_adminIds as $_key=>$_value) {
$_arr_adminIds[$_key] = fn_getSafe($_value, "int", 0);
}
$_str_alert = "ok";
} else {
$_str_alert = "x030202";
}
$this->adminIds = array(
"alert" => $_str_alert,
"admin_ids" => $_arr_adminIds
);
return $this->adminIds;
}
/** 列出及统计 SQL 处理
* sql_process function.
*
* @access private
* @param array $arr_search (default: array())
* @return void
*/
private function sql_process($arr_search = array()) {
$_str_sqlWhere = "1=1";
if (isset($arr_search["key"]) && $arr_search["key"]) {
$_str_sqlWhere .= " AND (admin_name LIKE '%" . $arr_search["key"] . "%' OR admin_note LIKE '%" . $arr_search["key"] . "%' OR admin_nick LIKE '%" . $arr_search["key"] . "%')";
}
if (isset($arr_search["status"]) && $arr_search["status"]) {
$_str_sqlWhere .= " AND admin_status='" . $arr_search["status"] . "'";
}
return $_str_sqlWhere;
}
}