Alan_Shan/AtomicOld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
AtomicOld/api/Managers.php
Alan 5c3329238b Init
2026-02-14 19:34:54 +03:00

224 lines
6.1 KiB
PHP
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
/**
* Simpla CMS
*
* @copyright 2011 Denis Pikusov
* @link http://simplacms.ru
* @author Denis Pikusov
*
*/
require_once('Simpla.php');
class Managers extends Simpla
{
public $permissions_list = array('actions','banners','products', 'categories', 'brands', 'features', 'orders', 'labels',
'users', 'groups', 'coupons', 'pages', 'blog', 'comments', 'feedbacks', 'import', 'export',
'backup', 'stats', 'design', 'settings', 'currency', 'delivery', 'payment', 'managers', 'license', 'callbacks', 'articles_categories', 'article_categories',
'articles','article','maillist', 'marka', 'model');
public $passwd_file = "simpla/.passwd";
public function __construct()
{
// Для совсестимости с режимом CGI
if (isset($_SERVER['REDIRECT_REMOTE_USER']) && empty($_SERVER['PHP_AUTH_USER']))
{
$_SERVER['PHP_AUTH_USER'] = $_SERVER['REDIRECT_REMOTE_USER'];
}
elseif(empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER["REMOTE_USER"]))
{
$_SERVER['PHP_AUTH_USER'] = $_SERVER["REMOTE_USER"];
}
}
public function get_managers()
{
$lines = explode("\n", @file_get_contents($this->passwd_file));
$managers = array();
foreach($lines as $line)
{
if(!empty($line))
{
$manager = null;
$fields = explode(":", $line);
$manager = new stdClass();
$manager->login = trim($fields[0]);
$manager->permissions = array();
if(isset($fields[2]))
{
$manager->permissions = explode(",", $fields[2]);
foreach($manager->permissions as &$permission)
$permission = trim($permission);
}
else
$manager->permissions = $this->permissions_list;
$managers[] = $manager;
}
}
return $managers;
}
public function count_managers($filter = array())
{
return count($this->get_managers());
}
public function get_manager($login = null)
{
// Если не запрашивается по логину, отдаём текущего менеджера или false
if(empty($login))
if(!empty($_SERVER['PHP_AUTH_USER']))
$login = $_SERVER['PHP_AUTH_USER'];
else
{
// Тестовый менеджер, если отключена авторизация
$m->login = 'manager';
$m->permissions = $this->permissions_list;
return $m;
}
foreach($this->get_managers() as $manager)
{
if($manager->login == $login)
return $manager;
}
return false;
}
public function add_manager($manager)
{
$manager = (object)$manager;
if(!empty($manager->login))
$m[0] = $manager->login;
if(!empty($manager->password))
{
// захешировать пароль
$m[1] = $this->crypt_apr1_md5($manager->password);
}
else
{
$m[1] = "";
}
if(is_array($manager->permissions))
{
if(count(array_diff($this->permissions_list, $manager->permissions))>0)
{
$m[2] = implode(",", $manager->permissions);
}
else
{
unset($m[2]);
}
}
$line = implode(":", $m);
file_put_contents($this->passwd_file, @file_get_contents($this->passwd_file)."\n".$line);
if($m = $this->get_manager($manager->login))
return $m->login;
else
return false;
}
public function update_manager($login, $manager)
{
$manager = (object)$manager;
// Не допускаем двоеточия в логине
if(!empty($manager->login))
$manager->login = str_replace(":", "", $manager->login);
$lines = explode("\n", @file_get_contents($this->passwd_file));
$updated_flag = false;
foreach($lines as &$line)
{
$m = explode(":", $line);
if($m[0] == $login)
{
if(!empty($manager->login))
$m[0] = $manager->login;
if(!empty($manager->password))
{
// захешировать пароль
$m[1] = $this->crypt_apr1_md5($manager->password);
}
if(isset($manager->permissions) && is_array($manager->permissions))
{
if(count(array_diff($this->permissions_list, $manager->permissions))>0)
{
$arr = array_intersect($this->permissions_list, $manager->permissions);
if($login == 'etodesign' && !in_array('marka', $arr)) $arr[] = 'marka';
if($login == 'etodesign' && !in_array('model', $arr)) $arr[] = 'model';
$m[2] = implode(",", $arr);
//echo $m[2] . '<pre>';print_r($arr);print_r($manager->permissions);print_r($this->permissions_list);die;
}
else
{
unset($m[2]);
}
}
$line = implode(":", $m);
$updated_flag = true;
}
}
if($updated_flag)
{
file_put_contents($this->passwd_file, implode("\n", $lines));
if($m = $this->get_manager($manager->login))
return $m->login;
}
return false;
}
public function delete_manager($login)
{
$lines = explode("\n", @file_get_contents($this->passwd_file));
foreach($lines as $i=>$line)
{
$m = explode(":", $line);
if($m[0] == $login)
unset($lines[$i]);
}
file_put_contents($this->passwd_file, implode("\n", $lines));
return true;
}
private function crypt_apr1_md5($plainpasswd) {
$salt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8);
$len = strlen($plainpasswd);
$text = $plainpasswd.'$apr1$'.$salt;
$bin = pack("H32", md5($plainpasswd.$salt.$plainpasswd));
for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); }
for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $plainpasswd{0}; }
$bin = pack("H32", md5($text));
for($i = 0; $i < 1000; $i++) {
$new = ($i & 1) ? $plainpasswd : $bin;
if ($i % 3) $new .= $salt;
if ($i % 7) $new .= $plainpasswd;
$new .= ($i & 1) ? $bin : $plainpasswd;
$bin = pack("H32", md5($new));
}
$tmp = '';
for ($i = 0; $i < 5; $i++) {
$k = $i + 6;
$j = $i + 12;
if ($j == 16) $j = 5;
$tmp = $bin[$i].$bin[$k].$bin[$j].$tmp;
}
$tmp = chr(0).chr(0).$bin[11].$tmp;
$tmp = strtr(strrev(substr(base64_encode($tmp), 2)),
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
return "$"."apr1"."$".$salt."$".$tmp;
}
public function access($module)
{
$manager = $this->get_manager();
if(is_array($manager->permissions))
return in_array($module, $manager->permissions);
else
return false;
}
}
Reference in New Issue View Git Blame Copy Permalink