123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391 |
- <?php
- namespace app\admin\controller;
- use core\basic\Controller;
- use app\admin\model\IndexModel;
- class IndexController extends Controller
- {
- private $model;
- public function __construct()
- {
- $this->model = new IndexModel();
- }
-
- public function index()
- {
- if (session('sid')) {
- location(url('admin/Index/home'));
- }
- $this->assign('admin_check_code', $this->config('admin_check_code'));
- $this->display('index.html');
- }
-
- public function home()
- {
-
- if (get('action') == 'moddb') {
- if ($this->modDB()) {
- alert_back('修改成功!');
- } else {
- alert_back('修改失败!');
- }
- }
-
- if (issetSession('deldb')) {
- @unlink(ROOT_PATH . session('deldb'));
- unset($_SESSION['deldb']);
- }
- $dbsecurity = true;
-
- if (get_db_type() == 'sqlite') {
-
- if (strpos($this->config('database.dbname'), 'pbootcms') !== false) {
- if (get_user_ip() != '127.0.0.1' && $this->modDB()) {
- $dbsecurity = true;
- } else {
- $dbsecurity = false;
- }
- } elseif (file_exists(ROOT_PATH . '/data/pbootcms.db')) {
- rename(ROOT_PATH . '/data/pbootcms.db', ROOT_PATH . '/data/' . get_uniqid() . '.db');
- }
- } elseif (file_exists(ROOT_PATH . '/data/pbootcms.db')) {
- rename(ROOT_PATH . '/data/pbootcms.db', ROOT_PATH . '/data/' . get_uniqid() . '.db');
- }
- $this->assign('dbsecurity', $dbsecurity);
- if (!session('pwsecurity')) {
- location(url('/admin/Index/ucenter'));
- }
- $this->assign('server', get_server_info());
- $this->assign('branch', $this->config('upgrade_branch') == '3.X.dev' ? '3.X.dev' : '3.X');
- $this->assign('revise', $this->config('revise_version') ?: '0');
- $this->assign('snuser', $this->config('sn_user') ?: '0');
- $this->assign('site', get_http_url());
- $this->assign('user_info', $this->model->getUserInfo(session('ucode')));
- $this->assign('sum_msg', model('admin.content.Message')->getCount());
-
- $model = model('admin.content.Model');
- $models = $model->getModelMenu();
- foreach ($models as $key => $value) {
- $models[$key]->count = $model->getModelCount($value->mcode)->count;
- }
- $this->assign('model_msg', $models);
- $this->display('system/home.html');
- }
-
- public function login()
- {
- if (!$_POST) {
- return;
- }
-
- if (extension_loaded("gd") && $this->config('admin_check_code') && strtolower(post('checkcode', 'var')) != session('checkcode')) {
- json(0, '验证码错误!');
- }
-
- $username = post('username');
- $password = post('password');
- if (!preg_match('/^[\x{4e00}-\x{9fa5}\w\-\.@]+$/u', $username)) {
- json(0, '用户名含有不允许的特殊字符!');
- }
- if (!$username) {
- json(0, '用户名不能为空!');
- }
- if (!$password) {
- json(0, '密码不能为空!');
- }
- if (!!$time = $this->checkLoginBlack()) {
- $this->log('登录锁定!');
- json(0, '您登录失败次数太多已被锁定,请' . $time . '秒后再试!');
- }
-
- $where = array(
- 'username' => $username,
- 'password' => encrypt_string($password)
- );
-
- if ((get_db_type() == 'sqlite') && !is_writable(ROOT_PATH . $this->config('database.dbname'))) {
- json(0, '数据库目录写入权限不足!');
- }
- if (!!$login = $this->model->login($where)) {
- session_regenerate_id(true);
- session('sid', encrypt_string(session_id() . $login->id));
- session('M', M);
- session('id', $login->id);
- session('ucode', $login->ucode);
- session('username', $login->username);
- session('realname', $login->realname);
- if ($where['password'] != '14e1b600b1fd579f47433b88e8d85291') {
- session('pwsecurity', true);
- }
- session('acodes', $login->acodes);
- if ($login->acodes) {
- session('acode', $login->acodes[0]);
- } else {
- session('acode', '');
- }
- session('rcodes', $login->rcodes);
- session('levels', $login->levels);
- session('menu_tree', $login->menus);
- session('area_map', $login->area_map);
- session('area_tree', $login->area_tree);
- $this->log('登录成功!');
- json(1, url('admin/Index/home'));
- } else {
- $this->setLoginBlack();
- $this->log('登录失败!');
- session('checkcode', mt_rand(10000, 99999));
- json(0, '用户名或密码错误!');
- }
- }
-
- public function loginOut()
- {
- session_unset();
- location(url('/admin/Index/index'));
- }
-
- public function ucenter()
- {
- if ($_POST) {
- $username = post('username');
- $realname = post('realname');
- $cpassword = post('cpassword');
- $password = post('password');
- $rpassword = post('rpassword');
- if (!$username) {
- alert_back('用户名不能为空!');
- }
- if (!$cpassword) {
- alert_back('当前密码不能为空!');
- }
- if (!preg_match('/^[\x{4e00}-\x{9fa5}\w\-\.@]+$/u', $username)) {
- alert_back('用户名含有不允许的特殊字符!');
- }
- $data = array(
- 'username' => $username,
- 'realname' => $realname,
- 'update_user' => $username
- );
-
- if ($password) {
- if ($password != $rpassword) {
- alert_back('确认密码不正确!');
- }
- $data['password'] = encrypt_string($password);
- if ($data['password'] != '14e1b600b1fd579f47433b88e8d85291') {
- session('pwsecurity', true);
- } else {
- session('pwsecurity', false);
- }
- }
-
- if ($this->model->checkUserPwd(encrypt_string($cpassword))) {
- if ($this->model->modUserInfo($data)) {
- session('username', post('username'));
- session('realname', post('realname'));
- $this->log('用户资料成功!');
- success('用户资料修改成功!', -1);
- }
- } else {
- $this->log('用户资料修改时当前密码错误!');
- alert_location('当前密码错误!', -1);
- }
- }
- $this->display('system/ucenter.html');
- }
-
- public function area()
- {
- if ($_POST) {
- $acode = post('acode');
- if (in_array($acode, session('acodes'))) {
- session('acode', $acode);
- cookie('lg', $acode);
- }
- location(url('admin/Index/home'));
- }
- }
-
- public function clearCache()
- {
- if (get('delall')) {
- $rs = path_delete(RUN_PATH);
- } else {
- $rs = (path_delete(RUN_PATH . '/cache') && path_delete(RUN_PATH . '/complile') && path_delete(RUN_PATH . '/config') && path_delete(RUN_PATH . '/upgrade'));
- }
- cache_config();
- if ($rs) {
- if (extension_loaded('Zend OPcache')) {
- opcache_reset();
- }
- $this->log('清理缓存成功!');
- alert_back('清理缓存成功!', 1);
- } else {
- $this->log('清理缓存失败!');
- alert_back('清理缓存失败!', 0);
- }
- }
-
-
- public function clearOnlySysCache()
- {
- if (get('delall')) {
- $rs = path_delete(RUN_PATH);
- } else {
- $rs = (path_delete(RUN_PATH . '/complile') && path_delete(RUN_PATH . '/config') && path_delete(RUN_PATH . '/upgrade'));
- }
- cache_config();
- if ($rs) {
- if (extension_loaded('Zend OPcache')) {
- opcache_reset();
- }
- $this->log('清理缓存成功!');
- alert_back('清理缓存成功!', 1);
- } else {
- $this->log('清理缓存失败!');
- alert_back('清理缓存失败!', 0);
- }
- }
-
-
- public function clearSession()
- {
- ignore_user_abort(true);
- set_time_limit(7200);
- ob_start();
- $output['code'] = 1;
- $output['data'] = '执行成功,后台自动清理中!';
- $output['tourl'] = '';
- echo json_encode($output);
- ob_end_flush();
- flush();
- $rs = path_delete(RUN_PATH . '/session', false, array(
- 'sess_' . session_id()
- ));
- }
-
- public function upload()
- {
- $upload = upload('upload');
- if (is_array($upload)) {
- json(1, $upload);
- } else {
- json(0, $upload);
- }
- }
-
- private function checkLoginBlack()
- {
-
- $ip_black = RUN_PATH . '/data/' . md5('login_black') . '.php';
- if (file_exists($ip_black)) {
- $data = require $ip_black;
- $user_ip = get_user_ip();
- $lock_time = $this->config('lock_time') ?: 900;
- $lock_count = $this->config('lock_count') ?: 5;
- if (isset($data[$user_ip]) && $data[$user_ip]['count'] >= $lock_count && time() - $data[$user_ip]['time'] < $lock_time) {
- return $lock_time - (time() - $data[$user_ip]['time']);
- }
- }
- return false;
- }
-
- private function setLoginBlack()
- {
-
- $ip_black = RUN_PATH . '/data/' . md5('login_black') . '.php';
- if (file_exists($ip_black)) {
- $data = require $ip_black;
- } else {
- $data = array();
- }
-
- $user_ip = get_user_ip();
- $lock_time = $this->config('lock_time') ?: 900;
- $lock_count = $this->config('lock_count') ?: 5;
- if (isset($data[$user_ip]) && $data[$user_ip]['count'] < $lock_count && time() - $data[$user_ip]['time'] < $lock_time) {
- $data[$user_ip] = array(
- 'time' => time(),
- 'count' => $data[get_user_ip()]['count'] + 1
- );
- } else {
- $data[$user_ip] = array(
- 'time' => time(),
- 'count' => 1
- );
- }
-
- check_file($ip_black, true);
- return file_put_contents($ip_black, "<?php\nreturn " . var_export($data, true) . ";");
- }
-
- private function modDB()
- {
- $file = CONF_PATH . '/database.php';
- $sname = $this->config('database.dbname');
- $dname = '/data/' . get_uniqid() . '.db';
- $sconfig = file_get_contents($file);
- $dconfig = str_replace($sname, $dname, $sconfig);
- if (file_put_contents($file, $dconfig)) {
- if (!copy(ROOT_PATH . $sname, ROOT_PATH . $dname)) {
- file_put_contents($file, $sconfig);
- } else {
- session('deldb', $sname);
- return true;
- }
- }
- return false;
- }
- }
|