From 95face548ffc0da62d66a43232ad02c0e41f7c67 Mon Sep 17 00:00:00 2001 From: Naoki Ono Date: Tue, 13 Oct 2020 11:02:21 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- App/Bootstrap.php | 8 +- App/Router.php | 6 - App/admin/controller/CommonController.php | 8 +- App/admin/view/include/js.html | 2 +- App/admin/view/user/login.html | 4 +- App/admin/view/user/user_group_add copy.html | 36 ---- App/home/member/Login.php | 20 -- App/home/member/LoginController.php | 7 +- App/library/Auth.class.php | 199 ------------------- Public/.htaccess | 16 +- composer.json | 1 - 11 files changed, 22 insertions(+), 285 deletions(-) delete mode 100644 App/admin/view/user/user_group_add copy.html delete mode 100644 App/home/member/Login.php delete mode 100644 App/library/Auth.class.php diff --git a/App/Bootstrap.php b/App/Bootstrap.php index a809125..f3fe836 100644 --- a/App/Bootstrap.php +++ b/App/Bootstrap.php @@ -10,11 +10,13 @@ public function __construct() { define('APP_PATH', str_replace('\\', '/', realpath(dirname(__FILE__) . '/')) . "/"); define('ROOT_PATH', str_replace('\\', '/', realpath(dirname(__FILE__, 2) . '/')) . "/"); define('PUBLIC_PATH', ROOT_PATH . 'Public'); - $whoops = new \Whoops\Run; - $whoops->pushHandler(new \Whoops\Handler\PrettyPageHandler); - $whoops->register(); + define('PHP_CONFIG_AUTO_PATH', APP_PATH . 'config/'); define('PHP_CONFIG_PATH', APP_PATH . 'config/'); + // 调试模式 + // $whoops = new \Whoops\Run; + // $whoops->pushHandler(new \Whoops\Handler\PrettyPageHandler); + // $whoops->register(); } public static function Auth_Config($key = null) { if (self::$app == null) { diff --git a/App/Router.php b/App/Router.php index 429166c..999d7e3 100644 --- a/App/Router.php +++ b/App/Router.php @@ -7,14 +7,8 @@ Route::get('/', 'App\Home\Controller\HomeController@main'); Route::get('/login', 'App\Home\Member\Login@index'); -Route::get('/phpinit', function() { - phpinfo(); -}); Route::get('/code', 'App\Home\Controller\QrodeController@index'); Route::get('/captcha', 'App\Home\Member\Captcha@index'); -Route::get('/about', function() { - echo 'about!'; -}); Route::error(function() { echo '404 !'; }); diff --git a/App/admin/controller/CommonController.php b/App/admin/controller/CommonController.php index 421d875..e758d20 100644 --- a/App/admin/controller/CommonController.php +++ b/App/admin/controller/CommonController.php @@ -5,10 +5,10 @@ class CommonController { protected $templateEngine; protected $_medoo_mysql; public function __construct() { - ini_set('session.save_path', realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/App/file/tmp')); - ini_set('session.auto_start', 0); - ini_set('session.gc_probability', 1); - ini_set('session.gc_maxlifetime', 1500); + // ini_set('session.save_path', realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/App/file/tmp')); + // ini_set('session.auto_start', 0); + // ini_set('session.gc_probability', 1); + // ini_set('session.gc_maxlifetime', 1500); session_start(); $loader = new \Twig\Loader\FilesystemLoader(APP_PATH . 'admin/view'); $this->templateEngine = new \Twig\Environment($loader, ['debug' => true, 'cache' => APP_PATH . './file/cache_admin', 'auto_reload' => true, ]); diff --git a/App/admin/view/include/js.html b/App/admin/view/include/js.html index a1e8a8c..096b73f 100644 --- a/App/admin/view/include/js.html +++ b/App/admin/view/include/js.html @@ -1,4 +1,4 @@ - \ No newline at end of file +
diff --git a/App/admin/view/user/login.html b/App/admin/view/user/login.html index 3aa4f4a..79f1163 100644 --- a/App/admin/view/user/login.html +++ b/App/admin/view/user/login.html @@ -121,7 +121,7 @@

Admin Login

- - +
+
\ No newline at end of file diff --git a/App/admin/view/user/user_group_add copy.html b/App/admin/view/user/user_group_add copy.html deleted file mode 100644 index 1f4b264..0000000 --- a/App/admin/view/user/user_group_add copy.html +++ /dev/null @@ -1,36 +0,0 @@ -{{ include('/include/head.html') }} - - - -
- -
-
-
-

新增角色

-
- -
-
-
-
- 创建权限的用户组 - -
- -
-
- -
- -
-
- - - - - -{{ include('include/footer.html') }} \ No newline at end of file diff --git a/App/home/member/Login.php b/App/home/member/Login.php deleted file mode 100644 index fab10ea..0000000 --- a/App/home/member/Login.php +++ /dev/null @@ -1,20 +0,0 @@ -check('1', '1')) { - echo ' 有权限'; - } else { - //没有显示操作按钮的权限 - echo ' 你没有权限访问'; - } - } -} - diff --git a/App/home/member/LoginController.php b/App/home/member/LoginController.php index 185cb69..22d8d0a 100644 --- a/App/home/member/LoginController.php +++ b/App/home/member/LoginController.php @@ -5,13 +5,10 @@ use App\home\member\_Validate; class LoginController { public function index() { + } public function login() { - $data = ['name' => 'thinkphp', 'email' => 'thinkphp', 'age' => 'thinkphp@qq.com222', ]; - $validateNew = new _Validate(); - if (!$validateNew->check($data)) { - var_dump($validateNew->getError()); - } + } } diff --git a/App/library/Auth.class.php b/App/library/Auth.class.php deleted file mode 100644 index 4c9afbe..0000000 --- a/App/library/Auth.class.php +++ /dev/null @@ -1,199 +0,0 @@ -check('规则名称', '用户ID'); - * - * 2、同时对多条规则进行认证,可以设置多条规则的关系[or|and] - * $auth = new \think\Auth(); - * $auth->check('规则1,规则2,...', '用户ID', 'and'); - * -> and表示用户需要同时具有规则列表权限。 - * -> or 表示用户只需要具有任一规则权限。 - * - * 3、规则表达式用法 - * 在[auth_rule]表中[condition]字段,如果定义了表达式,则同时进行表达式验证。 - * 比如 {score}>5 and {score}<100 表示用户分数在5~100之间时才会通过认证。 - * [score]为用户表字段,表达式字段用{}包裹。 - * - * 配置说明: - * 1、正式开发需要在应用配置目录添加根为auth的配置项,参考下面$_config属性 - */ -class Auth -{ - - public $Author = 'shensuping'; - // 默认配置 - protected $_config = [ - 'auth_on' => true, // 认证开关 - 'auth_type' => 1, // 认证方式,1为实时认证;2为登录认证。 - 'auth_group' => 'think_auth_group', // 用户组数据表名 - 'auth_group_access' => 'think_auth_group_access', // 用户-用户组关系表 - 'auth_rule' => 'think_auth_rule', // 权限规则表 - 'auth_user' => 'think_user', // 用户信息表 - 'auth_user_id_field'=> 'id', // 用户表ID字段名 - 'administrator' => [], // 超级管理员列表 - ]; - public function __construct() - { - - $Bootstrap = new Bootstrap(); - $auth = $Bootstrap->Auth_Config(); - - if (!empty($auth)) { - $this->_config = array_merge($this->_config, $auth); - } - } - /** - * 验证权限 - * @param mixed $name 规则验证列表支持逗号分隔或者数组 - * @param integer $uid 用户ID - * @param string $relation 关系类型 or | and - * @param string $mode 执行模式 url - * @return boolean 验证结果 - */ - public function check($name, $uid, $relation = 'or', $mode = 'url') - { - // 没有开启认证,直接通过 - if (!$this->_config['auth_on']) { - return true; - } - // 超级管理员,直接通过 - if (!empty($this->_config['administrator']) && in_array($uid, $this->_config['administrator'])) { - return true; - } - $authlist = $this->getAuthList($uid); - - if (is_string($name)) { - $name = strtolower($name); - if (strpos($name, ',') === false) { - $name = [$name]; - } else { - $name = explode(',', $name); - } - } - $list = []; - if ($mode === 'url') { - $REQUEST = unserialize(strtolower(serialize(Request::param()))); - } - foreach ($authlist as $auth) { - $query = preg_replace('/^.+\?/U', '', $auth); - if ($mode === 'url' && $query !== $auth) { - parse_str($query, $param); - $intersect = array_intersect_assoc($REQUEST, $param); - $auth = preg_replace('/\?.*$/U', '', $auth); - if (in_array($auth, $name) && $intersect == $param) { - $list[] = $auth; - } - } elseif (in_array($auth, $name)) { - $list[] = $auth; - } - } - if ($relation === 'or' && !empty($list)) { - return true; - } - $diff = array_diff($name, $list); - if ($relation === 'and' && empty($diff)) { - return true; - } - return false; - } - /** - * 根据用户ID获取用户组,返回值为数组 - * @param integer $uid 用户ID - * @return array 用户所属用户组 ['uid'=>'用户ID', 'group_id'=>'用户组ID', 'title'=>'用户组名', 'rules'=>'用户组拥有的规则ID,多个用英文,隔开'] - */ - public function getGroups($uid) - { - static $groups = []; - if (isset($groups[$uid])) { - return $groups[$uid]; - } - $user_groups = Db::name($this->_config['auth_group_access']) - ->alias('a') - ->join($this->_config['auth_group'].' g', "a.group_id = g.id") - ->field('uid,group_id,title,rules') - ->where('a.uid', $uid) - ->where('g.status', 1) - ->select(); - $groups[$uid] = $user_groups ?: []; - return $groups[$uid]; - } - /** - * 获得权限列表 - * @param integer $uid 用户ID - * @param integer $type 规则类型 - * @return array 权限列表 - */ - protected function getAuthList($uid) - { - static $_authlist = []; - if (isset($_authlist[$uid])) { - return $_authlist[$uid]; - } - if ($this->_config['auth_type'] === 2 && Session::has('_auth_list_'.$uid)) { - return Session::get('_auth_list_'.$uid); - } - // 读取用户所属用户组 - $groups = $this->getGroups($uid); - $ids = []; // 保存用户所属用户组设置的所有权限规则ID - foreach ($groups as $g) { - $ids = array_merge($ids, explode(',', trim($g['rules'], ','))); - } - $ids = array_unique($ids); - if (empty($ids)) { - $_authlist[$uid] = []; - return []; - } - $map = [ - ['id', 'in', $ids], - ['status', '=', 1] // 只查正常状态的数据 - ]; - // 读取用户组所有权限规则 - $rules = Db::name($this->_config['auth_rule'])->where($map)->field('condition,name')->select(); - // 循环规则,判断结果。 - $authlist = []; - foreach ($rules as $rule) { - if (!empty($rule['condition'])) { // 根据condition进行验证 - $user = $this->getUserInfo($uid); // 获取用户信息,一维数组 - $command = preg_replace('/\{(\w*?)\}/', '$user[\'\\1\']', $rule['condition']); - // dump($command); // debug - @(eval('$condition=('.$command.');')); - if ($condition) { - $authlist[] = strtolower($rule['name']); - } - } else { - // 只要存在就记录 - $authlist[] = strtolower($rule['name']); - } - } - $_authlist[$uid] = $authlist; - if ($this->_config['auth_type'] == 2) { - Session::set('_auth_list_'.$uid, $authlist); - } - return array_unique($authlist); - } - /** - * 获得用户资料,根据自己的情况读取数据库 - */ - protected function getUserInfo($uid) { - static $userinfo = []; - if (!isset($userinfo[$uid])) { - $userinfo[$uid] = Db::name($this->_config['auth_user'])->where((string)$this->_config['auth_user_id_field'], $uid)->find(); - } - return $userinfo[$uid]; - } -} \ No newline at end of file diff --git a/Public/.htaccess b/Public/.htaccess index b6a57a7..2f020c6 100644 --- a/Public/.htaccess +++ b/Public/.htaccess @@ -1,8 +1,8 @@ -RewriteEngine On -RewriteBase / - -# Allow any files or directories that exist to be displayed directly -RewriteCond %{REQUEST_FILENAME} !-f -RewriteCond %{REQUEST_FILENAME} !-d - -RewriteRule ^(.*)$ index.php?$1 [QSA,L] \ No newline at end of file + + Options +FollowSymlinks -Multiviews + RewriteEngine On + + RewriteCond %{REQUEST_FILENAME} !-d + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^(.*)$ index.php?/$1 [QSA,PT,L] + \ No newline at end of file diff --git a/composer.json b/composer.json index fd26a39..aaa81b2 100644 --- a/composer.json +++ b/composer.json @@ -17,7 +17,6 @@ "App\\": "App" }, "files":[ - "App/library/Auth.class.php", "App/library/Validatecode.php", "App/library/File.class.php" ]