zhengxifeng
/
zc100
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
暂无描述
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
100 提交
3 分支
目录树: aea49c8dd0
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 'aea49c8dd0'
${ noResults }
zc100/application/admin/behavior/ActionBeginBehavior.php

ActionBeginBehavior.php 6.2KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179 
  1. <?php

  2. 

  3. namespace app\admin\behavior;

  4. 

  5. use think\Db;

  6. 

  7. /**

  8.  * 系统行为扩展:新增/更新/删除之后的后置操作

  9.  */

  10. load_trait('controller/Jump');

  11. class ActionBeginBehavior {

  12.     use \traits\controller\Jump;

  13.     protected static $actionName;

  14.     protected static $controllerName;

  15.     protected static $moduleName;

  16.     protected static $method;

  17. 

  18.     /**

  19.      * 构造方法

  20.      * @param Request $request Request对象

  21.      * @access public

  22.      */

  23.     public function __construct()

  24.     {

  25. 

  26.     }

  27. 

  28.     // 行为扩展的执行入口必须是run

  29.     public function run(&$params){

  30.         self::$actionName = request()->action();

  31.         self::$controllerName = request()->controller();

  32.         self::$moduleName = request()->module();

  33.         self::$method = request()->method();

  34.         $this->_initialize();

  35.     }

  36. 

  37.     private function _initialize() {

  38.         $this->security_verify();

  39.         if ('POST' == self::$method) {

  40.             $this->clearWeapp();

  41.             $this->instyes();

  42.         } else {

  43.             $this->unotice();

  44.             $this->verifyfile();

  45.         }

  46.         $this->language_access();

  47.     }

  48. 

  49.     /**

  50.      * 多语言功能操作权限

  51.      * @return [type] [description]

  52.      */

  53.     private function language_access()

  54.     {

  55.         $controllerArr = ['Weapp','Filemanager','Sitemap','Member','Seo','Channeltype','Tools'];

  56.         $ctlActArr = ['Admin@index','Admin@add','Admin@del','System@water','System@thumb','System@api_conf'];

  57.         if (in_array(self::$controllerName, $controllerArr) || in_array(self::$controllerName.'@'.self::$actionName, $ctlActArr)) {

  58.             $main_lang = get_main_lang();

  59.             $admin_lang = get_admin_lang();

  60.             if (is_language() && $main_lang != $admin_lang) {

  61.                 $lang_title = model('Language')->where('mark',$main_lang)->value('title');

  62.                 $this->error('当前语言没有此功能,请切换到【'.$lang_title.'】语言');

  63.             }

  64.         }

  65.     }

  66. 

  67.     private function security_verify()

  68.     {

  69.         $ctl_act = self::$controllerName.'@'.self::$actionName;

  70.         if (in_array(self::$controllerName, ['Filemanager', 'Weapp']) || in_array($ctl_act, ['Arctype@ajax_newtpl','Archives@ajax_newtpl'])) {

  71.             $security = tpSetting('security');

  72. 

  73.             /*---------强制必须开启密保问题认证 start----------*/

  74.             if (in_array(self::$controllerName, ['Filemanager']) || in_array($ctl_act, ['Arctype@ajax_newtpl','Archives@ajax_newtpl'])) {

  75.                 if (empty($security['security_ask_open'])) {

  76.                     $this->error("<span style='display:none;'>__html__</span>需要开启密保问题设置", url('Security/index'), '', 3);

  77.                 }

  78.             }

  79.             /*---------强制必须开启密保问题认证 end----------*/

  80. 

  81.             $nosubmit = input('param.nosubmit/d');

  82.             if ('POST' == self::$method && empty($nosubmit)) {

  83.                 if (empty($security['security_ask_open']) || !security_verify_func($ctl_act)) {

  84.                     return true;

  85.                 }

  86.                 $admin_id = session('?admin_id') ? (int)session('admin_id') : 0;

  87.                 $admin_info = Db::name('admin')->field('admin_id,last_ip')->where(['admin_id'=>$admin_id])->find();

  88.                 // 当前管理员密保问题验证过的IP地址

  89.                 $security_answerverify_ip = !empty($security['security_answerverify_ip']) ? $security['security_answerverify_ip'] : '-1';

  90.                 // 同IP不验证

  91.                 if ($admin_info['last_ip'] == $security_answerverify_ip) {

  92.                     return true;

  93.                 }

  94. 

  95.                 $this->error("<span style='display:none;'>__html__</span>出于安全考虑<br/>请勿非法越过密保答案验证", null, '', 3);

  96.             }

  97.         }

  98.     }

  99. 

  100.     private function verifyfile()

  101.     {

  102.         $tmp1 = 'cGhwLnBocF9zZXJ2aW'.'NlaW5mbw==';

  103.         $tmp1 = base64_decode($tmp1);

  104.         $data = tpCache($tmp1);

  105.         $data = mchStrCode($data, 'DECODE');

  106.         $data = json_decode($data, true);

  107.         if (empty($data['pid']) || 2 > $data['pid']) return true;

  108.         $file = "./data/conf/{$data['code']}.txt";

  109.         $tmp2 = 'cGhwX3NlcnZpY2VtZWFs';

  110.         $tmp2 = base64_decode($tmp2);

  111.         if (!file_exists($file)) {

  112.             /*多语言*/

  113.             if (is_language()) {

  114.                 $langRow = \think\Db::name('language')->order('id asc')->select();

  115.                 foreach ($langRow as $key => $val) {

  116.                     tpCache('php', [$tmp2=>1], $val['mark']);

  117.                 }

  118.             } else { // 单语言

  119.                 tpCache('php', [$tmp2=>1]);

  120.             }

  121.             /*--end*/

  122.         } else {

  123.             /*多语言*/

  124.             if (is_language()) {

  125.                 $langRow = \think\Db::name('language')->order('id asc')->select();

  126.                 foreach ($langRow as $key => $val) {

  127.                     tpCache('php', [$tmp2=>$data['pid']], $val['mark']);

  128.                 }

  129.             } else { // 单语言

  130.                 tpCache('php', [$tmp2=>$data['pid']]);

  131.             }

  132.             /*--end*/

  133.         }

  134.     }

  135. 

  136.     private function unotice(){

  137.         $str = 'VXNlcnNOb3RpY2U=';

  138.         if (self::$controllerName == base64_decode($str)) {

  139.             $str = 'd2ViLndlYl9pc19hdXRob3J0b2tlbg==';

  140.             $value = tpCache(base64_decode($str));

  141.             if (-1 == $value) {

  142.                 $str = '6K+l5Yqf6IO95LuF6ZmQ5LqO5ZWG5Lia5o6I5p2D5Z+f5ZCN77yB';

  143.                 $this->error(base64_decode($str));

  144.             }

  145.         }

  146.     }

  147. 

  148.     /**

  149.      * 插件每次post提交都清除插件相关缓存

  150.      * @access private

  151.      */

  152.     private function clearWeapp()

  153.     {

  154.         /*只有相应的控制器和操作名才执行,以便提高性能*/

  155.         $ctlActArr = array(

  156.             'Weapp@*',

  157.         );

  158.         $ctlActStr = self::$controllerName.'@*';

  159.         if (in_array($ctlActStr, $ctlActArr)) {

  160.             \think\Cache::clear('hooks');

  161.         }

  162.         /*--end*/

  163.     }

  164. 

  165.     /**

  166.      * @access private

  167.      */

  168.     private function instyes()

  169.     {

  170.         $ca = md5(self::$actionName.'@'.self::$controllerName);

  171.         if ('0e3e00da04fcf78cd9fd7dc763d956fc' == $ca) {

  172.             $s = '5a6J'.'6KOF'.'5oiQ5'.'Yqf';

  173.             if (1605110400 < getTime()) {

  174.                 sleep(5);

  175.                 $this->success(base64_decode($s));

  176.             }

  177.         }

  178.     }

  179. }