diff --git a/app/common.php b/app/common.php index 4d02d322..46c856db 100755 --- a/app/common.php +++ b/app/common.php @@ -7,8 +7,8 @@ // | Author: molong // +---------------------------------------------------------------------- // 应用公共文件 -use think\facade\Session; use app\model\Member; +use think\facade\Session; /** * @@ -33,18 +33,23 @@ function form($field = [], $data = []) { * @param array $param 参数 * @return mixed */ -function ad($name, $param = []){ +function ad($name, $param = []) { return ''; } -function parse_field_bind(){ - +function parse_field_bind() { + } -function time_format($value){ +function time_format($value) { return date('Y-m-d H:i:s', $value); } +// 不区分大小写的in_array实现 +function in_array_case($value, $array) { + return in_array(strtolower($value), array_map('strtolower', $array)); +} + /** * 获取客户端IP地址 * @param integer $type 返回类型 0 返回IP地址 1 返回IPV4地址数字 @@ -101,10 +106,10 @@ function msubstr($str, $start = 0, $length, $charset = "utf-8", $suffix = true) $slice = ''; } } else { - $re['utf-8'] = "/[\x01-\x7f]|[\xc2-\xdf][\x80-\xbf]|[\xe0-\xef][\x80-\xbf]{2}|[\xf0-\xff][\x80-\xbf]{3}/"; + $re['utf-8'] = "/[\x01-\x7f]|[\xc2-\xdf][\x80-\xbf]|[\xe0-\xef][\x80-\xbf]{2}|[\xf0-\xff][\x80-\xbf]{3}/"; $re['gb2312'] = "/[\x01-\x7f]|[\xb0-\xf7][\xa0-\xfe]/"; - $re['gbk'] = "/[\x01-\x7f]|[\x81-\xfe][\x40-\xfe]/"; - $re['big5'] = "/[\x01-\x7f]|[\x81-\xfe]([\x40-\x7e]|\xa1-\xfe])/"; + $re['gbk'] = "/[\x01-\x7f]|[\x81-\xfe][\x40-\xfe]/"; + $re['big5'] = "/[\x01-\x7f]|[\x81-\xfe]([\x40-\x7e]|\xa1-\xfe])/"; preg_match_all($re[$charset], $str, $match); $slice = join("", array_slice($match[0], $start, $length)); } @@ -156,7 +161,7 @@ function parse_config_attr($string) { $value = array(); foreach ($array as $val) { list($k, $v) = explode(':', $val); - $value[$k] = $v; + $value[$k] = $v; } } else { $value = $array; @@ -222,7 +227,6 @@ function format_bytes($size, $delimiter = '') { return round($size, 2) . $delimiter . $units[$i]; } - /** * 获取附件信息 * @param int $cover_id @@ -238,7 +242,7 @@ function get_attach($id, $field = false, $is_list = false) { $map[] = ['id', 'IN', explode(",", $id)]; $picture = \app\model\Attach::where($map)->column("*", "id"); return $picture; - }else{ + } else { $map[] = ['id', '=', $id]; $picture = \app\model\Attach::where($map)->find(); if ($field == 'path') { diff --git a/app/controller/admin/Base.php b/app/controller/admin/Base.php index c9fae058..5b4db301 100644 --- a/app/controller/admin/Base.php +++ b/app/controller/admin/Base.php @@ -8,14 +8,11 @@ // +---------------------------------------------------------------------- namespace app\controller\admin; +use app\controller\Base as BaseC; +use app\model\Addons; +use app\model\AuthGroup; use app\model\Menu; use app\model\Model; -use app\model\AuthGroup; -use app\model\Addons; -use app\model\Form; -use app\controller\Base as BaseC; -use think\facade\Cache; -use think\facade\Route; use think\facade\View; class Base extends BaseC { @@ -64,7 +61,7 @@ class Base extends BaseC { $dynamic = $this->checkDynamic(); //检测分类栏目有关的各项动态权限 if ($dynamic === null) { //检测访问权限 - if (!$this->checkRule($this->url_path, array('in', '1,2'))) { + if (!$this->checkRule($url, [1,2])) { $this->error('未授权访问!'); } else { // 检测分类及内容有关的各项动态权限 @@ -80,7 +77,7 @@ class Base extends BaseC { } //菜单设置 $this->getMenu(); - + View::assign('meta_title', isset($this->data['meta_title']) ? $this->data['meta_title'] : $this->getCurrentTitle()); } } @@ -95,9 +92,9 @@ class Base extends BaseC { final protected function checkRule($rule, $type = AuthRule::rule_url, $mode = 'url') { static $Auth = null; if (!$Auth) { - $Auth = new \sent\Auth(); + $Auth = new \sent\auth\Auth(); } - if (!$Auth->check($rule, session('user_auth.uid'), $type, $mode)) { + if (!$Auth->check($rule, session('userInfo.uid'), $type, $mode)) { return false; } return true; @@ -130,9 +127,15 @@ class Base extends BaseC { * @author 朱亚杰 */ final protected function accessControl() { - $allow = $this->config['allow_visit']; - $deny = $this->config['deny_visit']; - $check = strtolower($this->request->controller() . '/' . $this->request->action()); + $allow = []; + $deny = []; + foreach ($this->config['allow_visit'] as $key => $value) { + $allow[] = $value['label']; + } + foreach ($this->config['deny_visit'] as $key => $value) { + $deny[] = $value['label']; + } + $check = strtolower(str_replace(".", "/", $this->request->controller()) . '/' . $this->request->action()); if (!empty($deny) && in_array_case($check, $deny)) { return false; //非超管禁止访问deny中的方法 } @@ -160,7 +163,7 @@ class Base extends BaseC { $row = Menu::where($where)->order('sort asc')->field('id,title,url,icon,"" as style')->select(); foreach ($row as $key => $value) { //此处用来做权限判断 - if (!IS_ROOT && !$this->checkRule($value['url'], 2, null)) { + if (!IS_ROOT && !$this->checkRule(substr($value['url'], 1), 2, null)) { unset($menu['main'][$value['id']]); continue; //继续循环 } @@ -189,7 +192,7 @@ class Base extends BaseC { $map['type'] = 'admin'; $row = Menu::field("id,title,url,icon,`group`,pid,'' as style")->where($map)->order('sort asc')->select(); foreach ($row as $key => $value) { - if (IS_ROOT || $this->checkRule($value['url'], 2, null)) { + if (IS_ROOT || $this->checkRule(substr($value['url'], 1), 2, null)) { if ($controller == $value['url']) { $menu['main'][$value['pid']]['style'] = "active"; $value['style'] = "active"; @@ -214,7 +217,7 @@ class Base extends BaseC { if ('/admin/content/index' == $this->request->url() && input('model_id') == $value['id']) { $value['style'] = "active"; } - $value['url'] = "/admin/".$value['name']."/index"; + $value['url'] = "/admin/" . $value['name'] . "/index"; $value['title'] = $value['title'] . "管理"; $value['icon'] = $value['icon'] ? $value['icon'] : 'file'; $menu[] = $value; @@ -236,7 +239,7 @@ class Base extends BaseC { $class = "\\addons\\" . strtolower($value['name']) . "\\controller\\Admin"; if (is_file($this->app->getRootPath() . '/addons/' . strtolower($value['name']) . "/controller/Admin.php")) { $action = get_class_methods($class); - $value['url'] = "/addons/".$value['name']."/admin/" . $action[0]; + $value['url'] = "/addons/" . $value['name'] . "/admin/" . $action[0]; $menu[$key] = $value; } }