www.gusucode.com > iWebshop开源PHP商城系统 v2.8源码程序 > iwebshop/classes/checkrights.php
<?php /** * @copyright (c) 2014 www.aircheng.com * @file CheckRight.php * @brief 权限校验类,包括admin(管理员),seller(商家),user(注册用户) * @author chendeshan * @date 2014/7/29 12:22:07 * @version 2.7 */ class CheckRights extends IInterceptorBase { /** * admin分享给seller的action * 控制器名称(controller) @ 动作名称(action) */ private static $adminShareSellerAction = array ( 'goods@search_spec', 'goods@select_spec', 'goods@spec_edit', 'goods@spec_update', 'order@shop_template', 'order@pick_template', 'order@merge_template', 'order@expresswaybill_template', 'order@expresswaybill_print', 'pic@*', ); /** * @brief 商家action校验 * 非session会话变量的校验,有些情境下比如flash调用时候,session不起作用, * 需要通过其他方式校验身份权限 */ private static $sellerAction = array('seller@goods_img_upload' => 'sellerImageUpload'); //管理员action校验 (同上商家action校验 private static $adminAction = array('goods@goods_img_upload' => 'adminImageUpload'); //检查sessionId public static function getSessionId() { return isset($_COOKIE[session_name()]) && $_COOKIE[session_name()] ? $_COOKIE[session_name()] : ""; } /** * @brief 获取通用的管理员数组 */ public static function getAdmin() { if(!self::getSessionId()) { return null; } $admin = array( 'admin_id' => ISafe::get('admin_id'), 'admin_name' => ISafe::get('admin_name'), 'admin_pwd' => ISafe::get('admin_pwd'), 'admin_role_name' => ISafe::get('admin_role_name'), ); if(self::isValidAdmin($admin['admin_name'],$admin['admin_pwd'])) { return $admin; } else { ISafe::clear('admin_id'); ISafe::clear('admin_name'); ISafe::clear('admin_pwd'); ISafe::clear('admin_role_name'); return null; } } /** * @brief 获取通用的商户数组 */ public static function getSeller() { $seller = array( 'seller_id' => ISafe::get('seller_id'), 'seller_name' => ISafe::get('seller_name'), 'seller_pwd' => ISafe::get('seller_pwd'), ); if(self::isValidSeller($seller['seller_name'],$seller['seller_pwd'])) { return $seller; } else { ISafe::clear('seller_id'); ISafe::clear('seller_name'); ISafe::clear('seller_pwd'); return null; } } /** * @brief 获取通用的注册用户数组 */ public static function getUser() { $user = array( 'user_id' => ISafe::get('user_id'), 'username' => ISafe::get('username'), 'head_ico' => ISafe::get('head_ico'), 'user_pwd' => ISafe::get('user_pwd'), ); if(self::isValidUser($user['username'],$user['user_pwd'])) { return $user; } else { ISafe::clear('user_id'); ISafe::clear('username'); ISafe::clear('head_ico'); ISafe::clear('user_pwd'); return null; } } /** * [接口]对所有的管理类(sys,seller)控制器进行动作拦截 */ public static function onCreateAction() { $controllerInstance = IWeb::$app->getController(); switch($controllerInstance->getId()) { case "seller": { //检查商家身份 self::checkSellerRights(); } break; default: { //检查管理员身份 self::checkAdminRights(); } break; } } /** * [接口]对所有的前台控制器进行动作拦截 */ public static function checkUserRights() { $object = IWeb::$app->getController(); $object->user = self::getUser(); } /** * @brief 检查商家权限是否通过 * @return boolean */ public static function checkSellerRights() { $object = IWeb::$app->getController(); $controllerId = $object->getId(); $actionId = $object->getAction()->getId(); //1,针对独立配置的action检测 if(isset(self::$sellerAction[$controllerId."@".$actionId]) && method_exists(__CLASS__,self::$sellerAction[$controllerId."@".$actionId])) { call_user_func(array(__CLASS__,self::$sellerAction[$controllerId."@".$actionId])); return; } //2,其余action检测 else { $object->seller = self::getSeller(); if(!$object->seller) { $object->redirect('/systemseller/index'); } } } //后台管理员权限校验 public static function checkAdminRights() { $object = IWeb::$app->getController(); $controllerId = $object->getId(); $actionId = $object->getAction()->getId(); //1,针对独立配置的action检测 if(isset(self::$adminAction[$controllerId."@".$actionId]) && method_exists(__CLASS__,self::$adminAction[$controllerId."@".$actionId])) { call_user_func(array(__CLASS__,self::$adminAction[$controllerId."@".$actionId])); return; } //2,admin共享给seller else if( (in_array($controllerId."@".$actionId,self::$adminShareSellerAction) || in_array($controllerId."@*",self::$adminShareSellerAction) ) && ($object->seller = self::getSeller())) { $object->admin = self::getAdmin(); return; } //3,其余action检测 else { $admin = self::getAdmin(); if(!$admin) { $object->redirect('/systemadmin/index'); } //获取管理员数据 $adminRow = self::isValidAdmin($admin['admin_name'],$admin['admin_pwd']); //非超管角色 if($adminRow['role_id'] != 0) { $roleObj = new IModel('admin_role'); $where = 'id = '.$adminRow["role_id"].' and is_del = 0'; $roleRow = $roleObj->getObj($where); //角色权限校验 if(self::checkRight($roleRow['rights']) == false) { IError::show('503','no permission to access'); exit; } } $object->admin = $admin; } } /** * @brief 权限校验拦截 * @param string $ownRight 用户的权限码 * @return bool true:校验通过; false:校验未通过 */ private static function checkRight($ownRight) { $controllerInstance = IWeb::$app->getController(); $actionId = $controllerInstance->getAction()->getId(); //是否需要权限校验 true:需要; false:不需要 $isCheckRight = false; if($controllerInstance->checkRight == 'all') { $isCheckRight = true; } else if(is_array($controllerInstance->checkRight)) { if(isset($controllerInstance->checkRight['check']) && ( ($controllerInstance->checkRight['check'] == 'all') || ( is_array($controllerInstance->checkRight['check']) && in_array($actionId,$controllerInstance->checkRight['check']) ) ) ) { $isCheckRight = true; } if(isset($controllerInstance->checkRight['uncheck']) && is_array($controllerInstance->checkRight['uncheck']) && in_array($actionId,$controllerInstance->checkRight['uncheck'])) { $isCheckRight = false; } } //需要校验权限 if($isCheckRight == true) { $rightCode = $controllerInstance->getId().'@'.$actionId; //拼接的权限校验码 $ownRight = ','.trim($ownRight,',').','; if(stripos($ownRight,','.$rightCode.',') === false) return false; else return true; } else return true; } /** * @brief 校验注册用户身份信息 * @param string $login_info 用户名或者email * @param string $password 用户名的md5密码 * @return array or false 如果合法则返回用户数据;不合法返回false */ public static function isValidUser($login_info,$password) { $login_info = IFilter::act($login_info); $password = IFilter::act($password); $userObj = new IModel('user as u,member as m'); $where = "u.username = '{$login_info}' and m.status = 1 and u.id = m.user_id"; $userRow = $userObj->getObj($where); if(empty($userRow)) { $where = "email = '{$login_info}' and m.status = 1 and u.id = m.user_id"; $userRow = $userObj->getObj($where); } if($userRow && ($userRow['password'] == $password)) { return $userRow; } return false; } /** * @brief 验证卖家身份信息 * @param string $login_info 登录信息 * @param string $password 登录密码 * @param array or false */ private static function isValidSeller($login_info,$password) { $login_info = IFilter::act($login_info); $password = IFilter::act($password); $sellerObj = new IModel('seller'); $where = "seller_name = '{$login_info}' and is_del = 0 and is_lock = 0"; $sellerRow = $sellerObj->getObj($where); if($sellerRow && ($sellerRow['password'] == $password)) { return $sellerRow; } return false; } /** * @brief 验证管理员身份信息 * @param string $login_info 登录信息 * @param string $password 登录密码 * @param array or false */ private static function isValidAdmin($login_info,$password) { $login_info = IFilter::act($login_info); $password = IFilter::act($password); $adminObj = new IModel('admin'); $where = "admin_name='{$login_info}' and is_del = 0"; $adminRow = $adminObj->getObj($where); if($adminRow && ($adminRow['password'] == $password)) { return $adminRow; } return false; } //管理员商品图片上传校验 public static function adminImageUpload() { $result = self::isValidAdmin(IReq::get('admin_name'),IReq::get('admin_pwd')); if($result == false) { die('the sellerImageUpload is stoped'); } } //商家商品图片上传校验 public static function sellerImageUpload() { $result = self::isValidSeller(IReq::get('admin_name'),IReq::get('admin_pwd')); if($result == false) { die('the sellerImageUpload is stoped'); } } }