account_type = pam_account::get_account_type('desktop'); if(isset($_SESSION['account'][$this->account_type])){ $this->user_id = $_SESSION['account'][$this->account_type]; $_inner_key = sprintf("account_user_%s",$this->user_id); $this->user_data = cachecore::fetch($_inner_key); if ($this->user_data === false) { $this->user_data = app::get('desktop')->model('users')->dump($this->user_id,'*',array( ':account@pam'=>array('*') )); //缓存15分钟 cachecore::store($_inner_key, $this->user_data, 60*15); } if (empty($this->user_data)) { unset($_SESSION['account'][$this->account_type]); } } } /** * 队列导出数据时，设置user_id = op_id 查询数据时来判断权限。 * @Author: xueding * @Vsersion: 2022/6/29 上午10:44 * @param $user_id */ public function setVirtualLogin($user_id) { if ($user_id) { $this->user_id = $user_id; $this->user_data = app::get('desktop')->model('users')->dump($this->user_id,'*',array( ':account@pam'=>array('*') )); } } function get_name(){ return $this->user_data['name']; } function get_login_name(){ return $this->user_data['account']['login_name']; } function get_id(){ return $this->user_id; } function is_super(){ return $this->user_data['super']; } function get_status(){ return $this->user_data['status']; } function get_mobile(){ return $this->user_data['mobile']; } function logout(){ } function valid(){ } function valid_permission(){ } function get_conf($key,&$return){ if(!isset($this->config)){ $info = app::get('desktop')->model('users')->dump($this->user_id,'config'); $this->config = $info['config']; } if(array_key_exists($key,(array)$this->config)){ $return = $this->config[$key]; return true; }else{ return false; } } function set_conf($key,$value){ $this->config[$key] = $value; if(!$this->mark_modified){ $this->mark_modified = true; register_shutdown_function(array(&$this,'save_conf')); } return true; } /** * 保存_conf * @return mixed 返回操作结果 */ public function save_conf(){ $info = app::get('desktop')->model('users')->dump($this->user_id,'config'); $this->config = array_merge((array)$info['config'],(array)$this->config); app::get('desktop')->model('users')->update( array('config'=>$this->config), array('user_id'=>$this->user_id)); } function get_theme(){ if($this->get_conf('desktop_theme',$current_theme)){ return $current_theme; }else{ return 'desktop/default'; } } function has_roles(){ return array(0); } #获取用户操作权限 permission ID function group(){ if($_SESSION['account']['user_permission']) { return $_SESSION['account']['user_permission']; } $hasrole = app::get('desktop')->model('hasrole'); $roles = app::get('desktop')->model('roles'); $menus = app::get('desktop')->model('menus'); $sdf = $hasrole->getList('role_id',array('user_id'=>$this->user_id)); $pass = array(); if ($sdf) { $roleIdArr = array_column($sdf, 'role_id'); $pass = $roles->getList('workground,data_authority', ['role_id|in'=>$roleIdArr]); } // foreach($sdf as $val){ // $pass[] = $roles->dump($val,'workground,data_authority'); // } $group = array(); foreach($pass as $key){ $work = unserialize($key['workground']); if(!$work){echo app::get('desktop')->_("无任何权限");exit;} foreach($work as $val){ $group[] = $val; } //增加数据权限判断 $data_authority = unserialize($key['data_authority']); if ($data_authority) { foreach($data_authority as $val){ $group[] = $val; } } } return $group; } #检查工作组权限 function chkground($workground) { $passWg = [ 'desktop_ctl_login', ]; if (in_array($workground, $passWg)) { return true; } if ($workground == 'desktop_ctl_recycle') { return true; } if ($workground == 'taoexlib_ctl_ietask') { return true; } if ($workground == 'omevirtualwms_helper') { return true; } if ($workground == 'desktop_ctl_passport') { return true; } if ($workground == 'desktop_ctl_dashboard' && $_GET['act'] != 'alertpages') { return true; } if ($workground == 'taoapi_view_helper') { return true; } if ($workground == '') { return true; } if ($_GET['goto'] == 'index.php?app=desktop&ctl=recycle&act=index&nobuttion=1') { return true; } if ($_GET['ctl'] == 'adminpanel') { return true; } if ( in_array($_GET['act'],['execlImportDailog', 'execlImportTmpl', 'execlImportTmpl','doExcelImport'] ) ) { return true; } $authorityFinderId = $_GET['_finder']['finder_id'] ?: ($_GET['finder_id'] ?: ($_GET['find_id'] ?: substr(md5($_SERVER['QUERY_STRING']),5,6))); $menus = app::get('desktop')->model('menus'); $group = $this->group(); $uriArr = $_GET; if ($_GET['act'] == 'alertpages' && $_GET['hash']) { parse_str(substr($_GET['hash'], 1), $uriArr); if ($uriArr['find_id']) { $authorityFinderId = $uriArr['find_id']; } if ($uriArr['finder_id']) { $authorityFinderId = $uriArr['finder_id']; } if ($uriArr['_finder']['finder_id']) { $authorityFinderId = $uriArr['finder_id']; } } $permission_id = $menus->permissionId($uriArr); if ($permission_id == '0') { if (!$_SESSION['account'][$_SESSION['type']] || ($_SERVER['HTTP_X_REQUESTED_BY'] == 'shopex-ui' && $_GET['act'] != 'alertpages') || strpos($_SERVER['CONTENT_TYPE'], 'multipart/form-data') !== false || in_array($authorityFinderId, (array)$_SESSION['authority'])) { return true; } return false; } if (in_array($permission_id, $group)) { if ($authorityFinderId) { $_SESSION['authority'][$authorityFinderId] = $authorityFinderId; } // 删除掉KEY为空的 unset($_SESSION['authority']['']); return true; } else { return false; } } #更新登陆信息 function login(){ $users = app::get('desktop')->model('users') ; $aUser = $users->dump($this->user_id,'*'); $sdf['lastlogin'] = $_SESSION['login_time']?$_SESSION['login_time']:time(); unset($_SESSION['login_time']); $sdf['logincount'] = $aUser['logincount']+1; if($this->user_id){$users->update($sdf,array('user_id'=>$this->user_id));} } #todo根据管理员ID获得工作组菜单和相应的子菜单 function get_work_menu(){ $aWorkground = app::get('desktop')->model('menus')->getList( 'menu_id,app_id,menu_title,menu_path,menu_type,workground,menu_group,target,icon,en', array('menu_type'=>'workground','disabled'=>'false','display' => 'true') ); $aMenu = app::get('desktop')->model('menus')->getList( 'menu_id,app_id,menu_title,menu_path,menu_type,workground,menu_group,addon,target,icon,en', array('menu_type'=>'menu','disabled'=>'false','display' =>'true') ); if($this->is_super()){ foreach($aWorkground as $value){ if($value['menu_title']) $value['menu_title'] = app::get($value['app_id'])->_($value['menu_title']); $tmp[$value['workground']] = $value; } $aData['workground'] = $tmp; $allkey_workground = array_keys($aData['workground']); unset($tmp); foreach($aMenu as $value){ if($value['menu_title']) $value['menu_title'] = app::get($value['app_id'])->_($value['menu_title']); if($value['menu_group']) $value['menu_group'] = app::get($value['app_id'])->_($value['menu_group']); $group= $value['menu_group']?$value['menu_group']:'nogroup'; $tmp[$value['workground']][$group][] = $value; } $aData['menu'] = $tmp; }else{ $group = $this->group(); $meuns = app::get('desktop')->model('menus'); $data = array(); $data_menus = array(); $aTmpAll = $meuns->workgroup($group, true); $aMenuAll = $meuns->get_menu($group, true); foreach($group as $key=>$val){ $aTmp = $aTmpAll[$val]; foreach($aMenuAll[$val] as $v){ $group= $v['menu_group']?$v['menu_group']:'nogroup'; if(!@in_array($v,(array)$data_menus[$aTmp[0]['workground']][$group])) $data_menus[$aTmp[0]['workground']][$group][] = $v; } foreach($aTmp as $val ){ $data[$val['workground']] =$val; } } $aData['workground'] = $data; $allkey_workground = array_keys($aData['workground']); $aData['menu'] = $data_menus; } foreach((array)$aData['menu'] as $k1=>$group){ if(!in_array($k1,(array)$allkey_workground)) { continue; } $menu_default = current(current($aData['menu'][$k1])); $__query = ''; if($menu_default['addon']){ $__params = unserialize($menu_default['addon']); if(is_array($__params['url_params'])) $__query = '&'.utils::http_build_query($__params['url_params']); } if($__query) $menu_default['menu_path'] = $menu_default['menu_path'].$__query; $aData['workground'][$k1]['menu_path'] = $aData['workground'][$k1]['menu_path']?$aData['workground'][$k1]['menu_path']:$menu_default['menu_path']; $aData['workground'][$k1]['target'] = $aData['workground'][$k1]['target']?$aData['workground'][$k1]['target']:$menu_default['target']; foreach($group as $k2=>$menus){ if(!$menus){unset($aData['menu'][$k1][$k2]);continue;} foreach($menus as $k3=>$menu){ $query = ''; if($menu['addon']){ $params = unserialize($menu['addon']); if(is_array($params['url_params'])) $query = '&'.utils::http_build_query($params['url_params']); unset($menu['addon']); } $finderId = app::get('desktop')->router()->getFinderVid($menu['menu_path'].$query); $menu['menu_path'] = $menu['menu_path'].$query.'&finder_vid='.$finderId; $menu['route_path'] = '/m-'.str_replace('_','',$menu['workground']).'/'.$menu['en'].'/'.$menu['menu_id']; $aData['menu'][$k1][$k2][$k3] = $menu; } } } return $aData; } #检查当前登录管理员是否有相应的操作权限 function has_permission($permission_id) { if($this->is_super()) return true; if(!$this->userGroup) { $this->userGroup = $this->group(); } if(in_array($permission_id,$this->userGroup)){ return true; }else{ return false; } } /** * 检查UpdatePwd * @param mixed $accountId ID * @param mixed $write write * @return mixed 返回验证结果 */ public function checkUpdatePwd($accountId, $write = false){ $return = false; $cookieExpires = 30*1440*60; $cacheObj = function_exists('init_domain') ? kernel::single('taoexlib_params_cache') : base_kvstore::instance('sessions'); $remount = ''; $cacheObj->fetch('password_change_remount', $remount); $remount = unserialize($remount); if($write) { if (empty($remount)) { $remount[] = $accountId; } elseif(!in_array($accountId, $remount)) { array_push($remount, $accountId); } $return = true; } else { if(!$remount){ return false; } if(in_array($accountId, $remount)) { $return = true; foreach($remount as $k => $val) { if($accountId == $val) { unset($remount[$k]); break; } } } } $cacheObj->store('password_change_remount', serialize($remount), $cookieExpires); return $return; } /** * @description 检查修改密码的有效性 * @access public * @param string $pswd 新密码 * @param string $error_msg 错误描述 * @param string $name 用户名 * @return boolean true/false */ public function validPassWord($pswd, &$error_msg,$name = ''){ if(!preg_match('/[a-z]+/', $pswd) || !preg_match('/[A-Z]+/', $pswd) || !preg_match('/[0-9]/', $pswd)){ $error_msg = '密码必须包含英文数字大小写'; return false; } if(!empty($name) && strpos($pswd,$name) !== false){ $error_msg = "密码不能包含【{$name}】"; return false; } return true; } public function checkUserPassWordLength($userId, $pswd, &$error_msg) { if ('true' == app::get('ome')->getConf('desktop.password.length.limit') ) { if($userId == 1) { if(strlen($pswd) < 16){ $error_msg = '密码长度不能小于16位'; return false; } if(strlen($pswd) > 32){ $error_msg = '密码长度不能大于32位'; return false; } } else { if(strlen($pswd) < 12){ $error_msg = '密码长度不能小于12位'; return false; } if(strlen($pswd) > 32){ $error_msg = '密码长度不能大于32位'; return false; } } }else{ if(strlen($pswd) < 12){ $error_msg = '密码长度不能小于12位'; return false; } if(strlen($pswd) > 32){ $error_msg = '密码长度不能大于32位'; return false; } } return true; } /** * 检查RepeatPassWord * @param mixed $userId ID * @param mixed $password password * @param mixed $msg msg * @return mixed 返回验证结果 */ public function checkRepeatPassWord($userId, $password, &$msg) { $userLogsModel = app::get('desktop')->model('user_logs'); $limitTimes = 8; $oldRows = $userLogsModel->getList('operation_detail', array('obj_id'=>$userId, 'operation_type'=>array(1,4)), 0, $limitTimes, 'log_id desc'); foreach ($oldRows as $v) { $opDetail = unserialize($v['operation_detail']); if($password == $opDetail['pam_account']['login_password']) { $msg = '密码不能与近'.$limitTimes.'次相同'; return false; } } return true; } /** * 检查Password * @param mixed $password password * @param mixed $errmsg errmsg * @return mixed 返回验证结果 */ public function checkPassword($password, &$errmsg) { $errmsg = ''; $len = 12; // 基础正则表达式验证 if (!preg_match("/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{{$len},}$/", $password)) { $errmsg = '密码必须包含英文数字大小写且至少'.$len.'位'; return false; } // 检查是否有递增或递减序列 $length = strlen($password); for ($i = 0; $i < $length - 2; $i++) { // 检查数字 if (ctype_digit(substr($password, $i, 3)) && ( ((int)$password[$i] + 1 == (int)$password[$i + 1]) && ((int)$password[$i] + 2 == (int)$password[$i + 2]) || ((int)$password[$i] - 1 == (int)$password[$i + 1]) && ((int)$password[$i] - 2 == (int)$password[$i + 2]) )) { $errmsg = '密码不能包含递增或递减的数字'; return false; } // 检查字母 if (ctype_alpha(substr($password, $i, 3)) && ( (ord($password[$i]) + 1 == ord($password[$i + 1])) && (ord($password[$i]) + 2 == ord($password[$i + 2])) || (ord($password[$i]) - 1 == ord($password[$i + 1])) && (ord($password[$i]) - 2 == ord($password[$i + 2])) )) { $errmsg = '密码不能包含递增或递减的字母'; return false; } } return true; } /** * 获取_organization_permission * @return mixed 返回结果 */ public function get_organization_permission(){ $operationOpsObj = app::get('ome')->model('operation_ops'); $ops = array(); if(!$this->is_super()){ $operationOpsInfo = $operationOpsObj->getList('org_id', array('op_id' => $this->user_id), 0, -1); if($operationOpsInfo){ foreach($operationOpsInfo as $operationOp){ $ops[] = $operationOp['org_id']; } } } return $ops; } /** * 是否强制重置密码 * * @return void * @author */ public function isForceResetPwd($accountId) { $cycle = app::get('ome')->getConf('desktop.password.reset.cycle'); if ($cycle) { // 获取上次修改密码时间 $log = app::get('desktop')->model('user_logs')->getList('operation_time',array('obj_id'=>$accountId),0,1,'log_id desc'); switch ($cycle) { case 'week': if ( strtotime('-1 week') > intval($log[0]['operation_time'])) return true; break; case 'month': if (strtotime('-1 month') > intval($log[0]['operation_time'])) return true; break; } } return false; } /** * 锁定操作员 * @return void */ public function lockUser() { $userLimit = app::get('ome')->getConf('desktop.account.use.limit'); if($userLimit != 'true') { return; } $lastModify = time() - 86400; $lastLogin = time() - 90 * 86400; $filterSql = 'last_modify < ' . $lastModify . ' and lastlogin != 0 and lastlogin < ' . $lastLogin; $filterSql = '('.$filterSql.') or (lastlogin = 0 and last_modify < ' . $lastLogin .')'; $rows = app::get('desktop')->model('users')->getList('user_id',['filter_sql'=>$filterSql]); if($rows) { app::get('desktop')->model('users')->update(['is_lock'=>'1','lock_reason'=>'90天未登录'],['user_id'=>array_column($rows, 'user_id')]); } } }