ecshop/OMS
1
0
Fork 0
mirror of https://gitee.com/ShopeX/OMS synced 2026-03-22 18:35:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
OMS/app/desktop/lib/user.php
chenping f0995730af chore: 修改Copyright时间
2026-01-04 19:08:31 +08:00

593 lines
20 KiB
PHP
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
/**
* Copyright 2012-2026 ShopeX (https://www.shopex.cn)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
class desktop_user{
private $mark_modified = false;
private $userGroup = array();
function __construct(){
$this->account_type = pam_account::get_account_type('desktop');
if(isset($_SESSION['account'][$this->account_type])){
$this->user_id = $_SESSION['account'][$this->account_type];
$_inner_key = sprintf("account_user_%s",$this->user_id);
$this->user_data = cachecore::fetch($_inner_key);
if ($this->user_data === false) {
$this->user_data = app::get('desktop')->model('users')->dump($this->user_id,'*',array( ':account@pam'=>array('*') ));
//缓存15分钟
cachecore::store($_inner_key, $this->user_data, 60*15);
}
if (empty($this->user_data)) {
unset($_SESSION['account'][$this->account_type]);
}
}
}
/**
* 队列导出数据时设置user_id = op_id 查询数据时来判断权限。
* @Author: xueding
* @Vsersion: 2022/6/29 上午10:44
* @param $user_id
*/
public function setVirtualLogin($user_id)
{
if ($user_id) {
$this->user_id = $user_id;
$this->user_data = app::get('desktop')->model('users')->dump($this->user_id,'*',array( ':account@pam'=>array('*') ));
}
}
function get_name(){
return $this->user_data['name'];
}
function get_login_name(){
return $this->user_data['account']['login_name'];
}
function get_id(){
return $this->user_id;
}
function is_super(){
return $this->user_data['super'];
}
function get_status(){
return $this->user_data['status'];
}
function get_mobile(){
return $this->user_data['mobile'];
}
function logout(){
}
function valid(){
}
function valid_permission(){
}
function get_conf($key,&$return){
if(!isset($this->config)){
$info = app::get('desktop')->model('users')->dump($this->user_id,'config');
$this->config = $info['config'];
}
if(array_key_exists($key,(array)$this->config)){
$return = $this->config[$key];
return true;
}else{
return false;
}
}
function set_conf($key,$value){
$this->config[$key] = $value;
if(!$this->mark_modified){
$this->mark_modified = true;
register_shutdown_function(array(&$this,'save_conf'));
}
return true;
}
/**
* 保存_conf
* @return mixed 返回操作结果
*/
public function save_conf(){
$info = app::get('desktop')->model('users')->dump($this->user_id,'config');
$this->config = array_merge((array)$info['config'],(array)$this->config);
app::get('desktop')->model('users')->update(
array('config'=>$this->config),
array('user_id'=>$this->user_id));
}
function get_theme(){
if($this->get_conf('desktop_theme',$current_theme)){
return $current_theme;
}else{
return 'desktop/default';
}
}
function has_roles(){
return array(0);
}
#获取用户操作权限 permission ID
function group(){
if($_SESSION['account']['user_permission']) {
return $_SESSION['account']['user_permission'];
}
$hasrole = app::get('desktop')->model('hasrole');
$roles = app::get('desktop')->model('roles');
$menus = app::get('desktop')->model('menus');
$sdf = $hasrole->getList('role_id',array('user_id'=>$this->user_id));
$pass = array();
if ($sdf) {
$roleIdArr = array_column($sdf, 'role_id');
$pass = $roles->getList('workground,data_authority', ['role_id|in'=>$roleIdArr]);
}
// foreach($sdf as $val){
// $pass[] = $roles->dump($val,'workground,data_authority');
// }
$group = array();
foreach($pass as $key){
$work = unserialize($key['workground']);
if(!$work){echo app::get('desktop')->_("无任何权限");exit;}
foreach($work as $val){
$group[] = $val;
}
//增加数据权限判断
$data_authority = unserialize($key['data_authority']);
if ($data_authority) {
foreach($data_authority as $val){
$group[] = $val;
}
}
}
return $group;
}
#检查工作组权限
function chkground($workground)
{
$passWg = [
'desktop_ctl_login',
];
if (in_array($workground, $passWg)) {
return true;
}
if ($workground == 'desktop_ctl_recycle') {
return true;
}
if ($workground == 'taoexlib_ctl_ietask') {
return true;
}
if ($workground == 'omevirtualwms_helper') {
return true;
}
if ($workground == 'desktop_ctl_passport') {
return true;
}
if ($workground == 'desktop_ctl_dashboard' && $_GET['act'] != 'alertpages') {
return true;
}
if ($workground == 'taoapi_view_helper') {
return true;
}
if ($workground == '') {
return true;
}
if ($_GET['goto'] == 'index.php?app=desktop&ctl=recycle&act=index&nobuttion=1') {
return true;
}
if ($_GET['ctl'] == 'adminpanel') {
return true;
}
if ( in_array($_GET['act'],['execlImportDailog', 'execlImportTmpl', 'execlImportTmpl','doExcelImport'] ) ) {
return true;
}
$authorityFinderId = $_GET['_finder']['finder_id'] ?: ($_GET['finder_id'] ?: ($_GET['find_id'] ?: substr(md5($_SERVER['QUERY_STRING']),5,6)));
$menus = app::get('desktop')->model('menus');
$group = $this->group();
$uriArr = $_GET;
if ($_GET['act'] == 'alertpages' && $_GET['hash']) {
parse_str(substr($_GET['hash'], 1), $uriArr);
if ($uriArr['find_id']) {
$authorityFinderId = $uriArr['find_id'];
}
if ($uriArr['finder_id']) {
$authorityFinderId = $uriArr['finder_id'];
}
if ($uriArr['_finder']['finder_id']) {
$authorityFinderId = $uriArr['finder_id'];
}
}
$permission_id = $menus->permissionId($uriArr);
if ($permission_id == '0') {
if (!$_SESSION['account'][$_SESSION['type']]
|| ($_SERVER['HTTP_X_REQUESTED_BY'] == 'shopex-ui' && $_GET['act'] != 'alertpages')
|| strpos($_SERVER['CONTENT_TYPE'], 'multipart/form-data') !== false
|| in_array($authorityFinderId, (array)$_SESSION['authority'])) {
return true;
}
return false;
}
if (in_array($permission_id, $group)) {
if ($authorityFinderId) {
$_SESSION['authority'][$authorityFinderId] = $authorityFinderId;
}
// 删除掉KEY为空的
unset($_SESSION['authority']['']);
return true;
} else {
return false;
}
}
#更新登陆信息
function login(){
$users = app::get('desktop')->model('users') ;
$aUser = $users->dump($this->user_id,'*');
$sdf['lastlogin'] = $_SESSION['login_time']?$_SESSION['login_time']:time();
unset($_SESSION['login_time']);
$sdf['logincount'] = $aUser['logincount']+1;
if($this->user_id){$users->update($sdf,array('user_id'=>$this->user_id));}
}
#todo根据管理员ID获得工作组菜单和相应的子菜单
function get_work_menu(){
$aWorkground = app::get('desktop')->model('menus')->getList(
'menu_id,app_id,menu_title,menu_path,menu_type,workground,menu_group,target,icon,en',
array('menu_type'=>'workground','disabled'=>'false','display' => 'true')
);
$aMenu = app::get('desktop')->model('menus')->getList(
'menu_id,app_id,menu_title,menu_path,menu_type,workground,menu_group,addon,target,icon,en',
array('menu_type'=>'menu','disabled'=>'false','display' =>'true')
);
if($this->is_super()){
foreach($aWorkground as $value){
if($value['menu_title']) $value['menu_title'] = app::get($value['app_id'])->_($value['menu_title']);
$tmp[$value['workground']] = $value;
}
$aData['workground'] = $tmp;
$allkey_workground = array_keys($aData['workground']);
unset($tmp);
foreach($aMenu as $value){
if($value['menu_title']) $value['menu_title'] = app::get($value['app_id'])->_($value['menu_title']);
if($value['menu_group']) $value['menu_group'] = app::get($value['app_id'])->_($value['menu_group']);
$group= $value['menu_group']?$value['menu_group']:'nogroup';
$tmp[$value['workground']][$group][] = $value;
}
$aData['menu'] = $tmp;
}else{
$group = $this->group();
$meuns = app::get('desktop')->model('menus');
$data = array();
$data_menus = array();
$aTmpAll = $meuns->workgroup($group, true);
$aMenuAll = $meuns->get_menu($group, true);
foreach($group as $key=>$val){
$aTmp = $aTmpAll[$val];
foreach($aMenuAll[$val] as $v){
$group= $v['menu_group']?$v['menu_group']:'nogroup';
if(!@in_array($v,(array)$data_menus[$aTmp[0]['workground']][$group])) $data_menus[$aTmp[0]['workground']][$group][] = $v;
}
foreach($aTmp as $val ){
$data[$val['workground']] =$val;
}
}
$aData['workground'] = $data;
$allkey_workground = array_keys($aData['workground']);
$aData['menu'] = $data_menus;
}
foreach((array)$aData['menu'] as $k1=>$group){
if(!in_array($k1,(array)$allkey_workground)) {
continue;
}
$menu_default = current(current($aData['menu'][$k1]));
$__query = '';
if($menu_default['addon']){
$__params = unserialize($menu_default['addon']);
if(is_array($__params['url_params'])) $__query = '&'.utils::http_build_query($__params['url_params']);
}
if($__query) $menu_default['menu_path'] = $menu_default['menu_path'].$__query;
$aData['workground'][$k1]['menu_path'] = $aData['workground'][$k1]['menu_path']?$aData['workground'][$k1]['menu_path']:$menu_default['menu_path'];
$aData['workground'][$k1]['target'] = $aData['workground'][$k1]['target']?$aData['workground'][$k1]['target']:$menu_default['target'];
foreach($group as $k2=>$menus){
if(!$menus){unset($aData['menu'][$k1][$k2]);continue;}
foreach($menus as $k3=>$menu){
$query = '';
if($menu['addon']){
$params = unserialize($menu['addon']);
if(is_array($params['url_params'])) $query = '&'.utils::http_build_query($params['url_params']);
unset($menu['addon']);
}
$finderId = app::get('desktop')->router()->getFinderVid($menu['menu_path'].$query);
$menu['menu_path'] = $menu['menu_path'].$query.'&finder_vid='.$finderId;
$menu['route_path'] = '/m-'.str_replace('_','',$menu['workground']).'/'.$menu['en'].'/'.$menu['menu_id'];
$aData['menu'][$k1][$k2][$k3] = $menu;
}
}
}
return $aData;
}
#检查当前登录管理员是否有相应的操作权限
function has_permission($permission_id)
{
if($this->is_super()) return true;
if(!$this->userGroup) {
$this->userGroup = $this->group();
}
if(in_array($permission_id,$this->userGroup)){
return true;
}else{
return false;
}
}
/**
* 检查UpdatePwd
* @param mixed $accountId ID
* @param mixed $write write
* @return mixed 返回验证结果
*/
public function checkUpdatePwd($accountId, $write = false){
$return = false;
$cookieExpires = 30*1440*60;
$cacheObj = function_exists('init_domain') ? kernel::single('taoexlib_params_cache') : base_kvstore::instance('sessions');
$remount = '';
$cacheObj->fetch('password_change_remount', $remount);
$remount = unserialize($remount);
if($write) {
if (empty($remount)) {
$remount[] = $accountId;
} elseif(!in_array($accountId, $remount)) {
array_push($remount, $accountId);
}
$return = true;
} else {
if(!$remount){
return false;
}
if(in_array($accountId, $remount)) {
$return = true;
foreach($remount as $k => $val) {
if($accountId == $val) {
unset($remount[$k]);
break;
}
}
}
}
$cacheObj->store('password_change_remount', serialize($remount), $cookieExpires);
return $return;
}
/**
* @description 检查修改密码的有效性
* @access public
* @param string $pswd 新密码
* @param string $error_msg 错误描述
* @param string $name 用户名
* @return boolean true/false
*/
public function validPassWord($pswd, &$error_msg,$name = ''){
if(!preg_match('/[a-z]+/', $pswd) || !preg_match('/[A-Z]+/', $pswd) || !preg_match('/[0-9]/', $pswd)){
$error_msg = '密码必须包含英文数字大小写';
return false;
}
if(!empty($name) && strpos($pswd,$name) !== false){
$error_msg = "密码不能包含【{$name}";
return false;
}
return true;
}
public function checkUserPassWordLength($userId, $pswd, &$error_msg) {
if ('true' == app::get('ome')->getConf('desktop.password.length.limit') ) {
if($userId == 1) {
if(strlen($pswd) < 16){
$error_msg = '密码长度不能小于16位';
return false;
}
if(strlen($pswd) > 32){
$error_msg = '密码长度不能大于32位';
return false;
}
} else {
if(strlen($pswd) < 12){
$error_msg = '密码长度不能小于12位';
return false;
}
if(strlen($pswd) > 32){
$error_msg = '密码长度不能大于32位';
return false;
}
}
}else{
if(strlen($pswd) < 12){
$error_msg = '密码长度不能小于12位';
return false;
}
if(strlen($pswd) > 32){
$error_msg = '密码长度不能大于32位';
return false;
}
}
return true;
}
/**
* 检查RepeatPassWord
* @param mixed $userId ID
* @param mixed $password password
* @param mixed $msg msg
* @return mixed 返回验证结果
*/
public function checkRepeatPassWord($userId, $password, &$msg) {
$userLogsModel = app::get('desktop')->model('user_logs');
$limitTimes = 8;
$oldRows = $userLogsModel->getList('operation_detail', array('obj_id'=>$userId, 'operation_type'=>array(1,4)), 0, $limitTimes, 'log_id desc');
foreach ($oldRows as $v) {
$opDetail = unserialize($v['operation_detail']);
if($password == $opDetail['pam_account']['login_password']) {
$msg = '密码不能与近'.$limitTimes.'次相同';
return false;
}
}
return true;
}
/**
* 检查Password
* @param mixed $password password
* @param mixed $errmsg errmsg
* @return mixed 返回验证结果
*/
public function checkPassword($password, &$errmsg) {
$errmsg = '';
$len = 12;
// 基础正则表达式验证
if (!preg_match("/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{{$len},}$/", $password)) {
$errmsg = '密码必须包含英文数字大小写且至少'.$len.'位';
return false;
}
// 检查是否有递增或递减序列
$length = strlen($password);
for ($i = 0; $i < $length - 2; $i++) {
// 检查数字
if (ctype_digit(substr($password, $i, 3)) && (
((int)$password[$i] + 1 == (int)$password[$i + 1]) &&
((int)$password[$i] + 2 == (int)$password[$i + 2]) ||
((int)$password[$i] - 1 == (int)$password[$i + 1]) &&
((int)$password[$i] - 2 == (int)$password[$i + 2])
)) {
$errmsg = '密码不能包含递增或递减的数字';
return false;
}
// 检查字母
if (ctype_alpha(substr($password, $i, 3)) && (
(ord($password[$i]) + 1 == ord($password[$i + 1])) &&
(ord($password[$i]) + 2 == ord($password[$i + 2])) ||
(ord($password[$i]) - 1 == ord($password[$i + 1])) &&
(ord($password[$i]) - 2 == ord($password[$i + 2]))
)) {
$errmsg = '密码不能包含递增或递减的字母';
return false;
}
}
return true;
}
/**
* 获取_organization_permission
* @return mixed 返回结果
*/
public function get_organization_permission(){
$operationOpsObj = app::get('ome')->model('operation_ops');
$ops = array();
if(!$this->is_super()){
$operationOpsInfo = $operationOpsObj->getList('org_id', array('op_id' => $this->user_id), 0, -1);
if($operationOpsInfo){
foreach($operationOpsInfo as $operationOp){
$ops[] = $operationOp['org_id'];
}
}
}
return $ops;
}
/**
* 是否强制重置密码
*
* @return void
* @author
*/
public function isForceResetPwd($accountId)
{
$cycle = app::get('ome')->getConf('desktop.password.reset.cycle');
if ($cycle) {
// 获取上次修改密码时间
$log = app::get('desktop')->model('user_logs')->getList('operation_time',array('obj_id'=>$accountId),0,1,'log_id desc');
switch ($cycle) {
case 'week':
if ( strtotime('-1 week') > intval($log[0]['operation_time'])) return true;
break;
case 'month':
if (strtotime('-1 month') > intval($log[0]['operation_time'])) return true;
break;
}
}
return false;
}
/**
* 锁定操作员
* @return void
*/
public function lockUser() {
$userLimit = app::get('ome')->getConf('desktop.account.use.limit');
if($userLimit != 'true') {
return;
}
$lastModify = time() - 86400;
$lastLogin = time() - 90 * 86400;
$filterSql = 'last_modify < ' . $lastModify . ' and lastlogin != 0 and lastlogin < ' . $lastLogin;
$filterSql = '('.$filterSql.') or (lastlogin = 0 and last_modify < ' . $lastLogin .')';
$rows = app::get('desktop')->model('users')->getList('user_id',['filter_sql'=>$filterSql]);
if($rows) {
app::get('desktop')->model('users')->update(['is_lock'=>'1','lock_reason'=>'90天未登录'],['user_id'=>array_column($rows, 'user_id')]);
}
}
}
Reference in New Issue View Git Blame Copy Permalink