📄 authentication.php
字号:
<?php
session_start();
$_SESSION['session_id'] = session_id();
class Authentication
{
var $validateuser = false;
var $msg = '';
var $employeeid;
var $userType;
//-----------------------------------------------------------------------------
function getLoginId()
{
return $this->employeeid;
}
//-----------------------------------------------------------------------------
function getLoginUserName()
{
return isset($_SESSION['loginusername']) ? $_SESSION['loginusername'] : '';
}
//-----------------------------------------------------------------------------
function getUserRoles()
{
$empid = isset($_SESSION['employeeid']) ? $_SESSION['employeeid'] : '';
if($empid == 'superadmin')
return 'superadmin';
return isset($this->userRoles) ? $this->userRoles : '';
}
//-----------------------------------------------------------------------------
function Authentication($fileName='',$pageBase='',$security,$userType)
{
$cmd = isset($_REQUEST['cmd']) ? $_REQUEST['cmd'] : '';
if(empty($fileName) || empty($pageBase) )
{
die('Invalid Arguments for pageBage (parent) Constructor.');
}
if(!$security)
{
$this->validateuser = true;
return;
}
$this->pageBase = $pageBase;
$empid = isset($_SESSION['employeeid']) ? $_SESSION['employeeid'] : '';
if ($empid != 'superadmin' && $userType == 'superadmin')
{
// die ('only superadmin can access this page');
$this->showAccessError('Only Super Admin can access this page.');
$this->validateuser = false;//show a child temp form error msge (work in process)
return;
}
if($empid == 'superadmin' && $cmd != 'logout')
{
$this->validateuser = true;
return;
}
if($cmd == 'login')
{
if($this->validateuser == true) return;
$username = isset($_REQUEST['username']) ? $_REQUEST['username'] : '';
$pwd = isset($_REQUEST['pwd']) ? $_REQUEST['pwd'] : '';
$id = $pageBase->db->getField('admin','id','name="'.$username.'" and pwd="'.$pwd.'"');
if(!empty($id))
{
$login_status = $pageBase->db->getField('admin','type','id='.$id);
if($login_status == '0' || $login_status == '')
{
$this->msg = 'Your Account is Inactive Now, Please Contact to Super Admin.';
$this->validateuser = false;
return false;
}
else
{
$this->validateuser = true;
$_SESSION['employeeid'] = $login_status;
//$un = $pageBase->db->getField('customer','company_name','id='.$id);
$_SESSION['loginusername'] = $login_status;
//$this->userType = 'client';
$this->userType = $login_status;
header('location:'.$_SERVER['HTTP_REFERER']);
die();
}
}
else
{
$this->msg = 'Invalid User Name or Password.';
$this->validateuser = false;
return false;
}
//-------------temp start--------
$this->pageBase->addError('Invalid Login Informatoin');
$this->validateuser = false;
return false;
//-----------temp end--------
}
else
if($cmd == 'logout')
{
$this->validateuser = false;
unset($_SESSION['employeeid']);
header('location:'.APP_WEB_ROOT.'/admin/index.php');
die();
}
else
if(!isset($_SESSION['employeeid']))
{
$this->validateuser = false;
return;
}
$login_status = $pageBase->db->getField('employeelogin','elstatus','employeeid='.$empid);
if($login_status == 'inactive')
{
$msg = 'Sorry Your Login is No Longer Active Please : Contact To Super Admin';
$this->showAccessError($msg);
die();
}
//--------------------------
//-------------------------------------------------------------------------
//print APP_WEB_ROOT.'<br />';
//
//------------------Both apper lies should be the same basic path-----------
$fileName = APP_WEB_SERVER.$fileName;
$chars = strlen(APP_WEB_ROOT);
$file = substr($fileName,$chars+1);
$fileid = $pageBase->db->getField('page','id','filename="'.$file.'"');
$this->employeeid = isset($_SESSION['employeeid']) ? $_SESSION['employeeid'] : '';
if(isset($_SESSION['employeeid']))
{
if(($_SESSION['employeeid']) == 'superadmin')
{
$this->validateuser = true;
return;
}
$sql = "SELECT r.id as rid, r.name as uname FROM employeeroles ur, role r
where ur.employeeid = ".$this->employeeid." and r.id=ur.roleid";
$res =& $pageBase->db->query($sql);
$coma='';
$urStr='';
if (PEAR::isError($res)) {$pageBase->db_error($res);return;}
$rolles = array();
while($res->fetchInto($row))
{
$rolles[] = $row['rid'];
$urStr = $urStr.$coma.$row['uname'];
$coma = ' ,';
}
$this->userRoles = isset($urStr) ? $urStr : '';
if(!empty($fileid))
{
$validCmdid=false;
//echo $fileid.'--'.' cmd:--'.$cmd.'---'.$val.'<br />';
$pageCmdid = $pageBase->db->getField('pagecmds','id',"pageid=$fileid and cmdname='$cmd'");
$validCmdid=false;
if(empty($pageCmdid))
{
$validCmdid=false;
$msg = "$pageCmdid cammond:- ($cmd) is not associated with page := ($file)";
if(APP_MODE == '2')
$this->showAutoComandInserterDialog($file,$cmd);
$this->showAccessError($msg);
}
foreach($rolles as $key=>$roleid)
{
$validCmdid=true;
$accessAllow = $pageBase->db->getField('rolepagescmds','id',"pagecmdid=$pageCmdid and roleid=$roleid and pageid=$fileid");
if(!empty($accessAllow ))
{
$this->validateuser = true;
return;
}
}
if($validCmdid == true)
{
$msg='You are Not authorize to view this page or functionality.';
$this->showAccessError($msg);
die();
}
}
else
{
if(APP_MODE == '2')
$this->showAutoFileInserterDialog($file);
$msg = "File is Not in Database Please contact to Developmnet";
$this->showAccessError($msg);
}
$this->validateuser = true;
}
}
//-----------------------------------------------------------------------------
function validUser()
{
return $this->validateuser;
}
//-----------------------------------------------------------------------------
function showAccessError($msg)
{
$validCmdid=false;
$this->pageBase->subTitle = 'Access Denied';
$this->pageBase->msg = $msg;
$this->pageBase->contentTemplate = 'notauthorize.html';
$this->pageBase->displayPage();
die();
}
//-----------------------------------------------------------------------------
function showAutoFileInserterDialog($file)
{
$validCmdid=false;
$this->pageBase->subTitle = 'Security Of This Page is not Implemented';
$this->pageBase->form->addElement('header','emphead','File Informatin:');
$this->pageBase->form->addElement('static','st_fname','File Name:','<label>'.$file.'</label>');
$this->pageBase->form->addElement('static','st_cname','Command Name:','<label class="subTitle">'."File is not Exist in Database".'</label>');
$this->pageBase->form->addElement('link','linksde','',APP_WEB_ROOT.'/page.auto.php?cmd=file&fileName='.$file,'Click Hear To Proceed');
$this->pageBase->contentTemplate = 'generaltemplates/generalform.html';
$this->pageBase->displayPage();
die();
}
//-----------------------------------------------------------------------------
function showAutoComandInserterDialog($file,$cmdName)
{
$validCmdid=false;
$this->pageBase->subTitle = 'Security Of This Page is not Implemented';
$this->pageBase->form->addElement('header','emphead','File Informatin:');
$this->pageBase->form->addElement('static','st_fname','File Name:','<label>'.$file.'</label>');
$this->pageBase->form->addElement('static','st_cname','Command Name:','<label>'.$cmdName.'</label>');
$this->pageBase->form->addElement('static','st_cname','Command Name:','<label class="subTitle">'."Cammond is not associated with page".'</label>');
$this->pageBase->form->addElement('link','linksde','',APP_WEB_ROOT.'/page.auto.php?cmd=cmd&cmdName='.$cmdName.'&fileName='.$file,'Click Hear To Proceed');
$this->pageBase->contentTemplate = 'generaltemplates/generalform.html';
$this->pageBase->displayPage();
die();
}
//-----------------------------------------------------------------------------
}
?>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -