一些日常忽略的细节程序设置

一、前后台COOKIE设置

前台：

$cookie_time = SYS_TIME+86400*30;
if(!$r['lang']) $r['lang'] = 'zh-cn';
if(!isset($cookietime)) {
$get_cookietime = param::get_cookie('cookietime');
}
$_cookietime = $cookietime ? intval($cookietime) : ($get_cookietime ? $get_cookietime : 0);
$cookietime = $_cookietime ? SYS_TIME + $_cookietime : 0;
$phpcms_auth_key = md5(pc_base::load_config('system', 'auth_key').$this->http_user_agent);
$phpcms_auth = sys_auth($userid."\t".$password, 'ENCODE', $phpcms_auth_key);
param::set_cookie('auth', $phpcms_auth, $cookietime);
param::set_cookie('_userid', $userid, $cookietime);
param::set_cookie('_username', $username, $cookietime);
param::set_cookie('_groupid', $groupid, $cookietime);
param::set_cookie('_nickname', $nickname, $cookietime);

后台：

$_SESSION['userid'] = $r['userid'];
$_SESSION['roleid'] = $r['roleid'];
$_SESSION['pc_hash'] = random(6,'abcdefghigklmnopqrstuvwxwyABCDEFGHIGKLMNOPQRSTUVWXWY0123456789');
$_SESSION['lock_screen'] = 0;
$default_siteid = self::return_siteid();
$cookie_time = SYS_TIME+86400*30;
if(!$r['lang']) $r['lang'] = 'zh-cn';
param::set_cookie('admin_username',$username,$cookie_time);
param::set_cookie('siteid', $default_siteid,$cookie_time);
param::set_cookie('userid', $r['userid'],$cookie_time);
param::set_cookie('admin_email', $r['email'],$cookie_time);
param::set_cookie('sys_lang', $r['lang'],$cookie_time);

二、加解密函数

/**
* 字符串加密、解密函数
*
*
* @param	string	$txt		字符串
* @param	string	$operation	ENCODE为加密，DECODE为解密，可选参数，默认为ENCODE，
* @param	string	$key		密钥：数字、字母、下划线
* @param	string	$expiry		过期时间
* @return	string
*/
function sys_auth($string, $operation = 'ENCODE', $key = '', $expiry = 0) {
$key_length = 4;
$key = md5($key != '' ? $key : pc_base::load_config('system', 'auth_key'));
$fixedkey = md5($key);
$egiskeys = md5(substr($fixedkey, 16, 16));
$runtokey = $key_length ? ($operation == 'ENCODE' ? substr(md5(microtime(true)), -$key_length) : substr($string, 0, $key_length)) : '';
$keys = md5(substr($runtokey, 0, 16) . substr($fixedkey, 0, 16) . substr($runtokey, 16) . substr($fixedkey, 16));
$string = $operation == 'ENCODE' ? sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$egiskeys), 0, 16) . $string : base64_decode(substr($string, $key_length));

$i = 0; $result = '';
$string_length = strlen($string);
for ($i = 0; $i < $string_length; $i++){
$result .= chr(ord($string{$i}) ^ ord($keys{$i % 32}));
}
if($operation == 'ENCODE') {
return $runtokey . str_replace('=', '', base64_encode($result));
} else {
if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$egiskeys), 0, 16)) {
return substr($result, 26);
} else {
return '';
}
}
}

三、COOKIE设置

/**
* 设置 cookie
* @param string $var     变量名
* @param string $value   变量值
* @param int $time    过期时间
*/
public static function set_cookie($var, $value = '', $time = 0) {
$time = $time > 0 ? $time : ($value == '' ? SYS_TIME - 3600 : 0);
$s = $_SERVER['SERVER_PORT'] == '443' ? 1 : 0;
$var = pc_base::load_config('system','cookie_pre').$var;
$_COOKIE[$var] = $value;
if (is_array($value)) {
foreach($value as $k=>$v) {
setcookie($var.'['.$k.']', sys_auth($v, 'ENCODE'), $time, pc_base::load_config('system','cookie_path'), pc_base::load_config('system','cookie_domain'), $s);
}
} else {
setcookie($var, sys_auth($value, 'ENCODE'), $time, pc_base::load_config('system','cookie_path'), pc_base::load_config('system','cookie_domain'), $s);
}
}

/**
* 获取通过 set_cookie 设置的 cookie 变量
* @param string $var 变量名
* @param string $default 默认值
* @return mixed 成功则返回cookie 值，否则返回 false
*/
public static function get_cookie($var, $default = '') {
$var = pc_base::load_config('system','cookie_pre').$var;
$value = isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'DECODE') : $default;
if(in_array($var,array('_userid','siteid'))) {
$value = intval($value);
} elseif($var=='_usename') {
$value = safe_replace($value);
}
return $value;
}

四、配置文件

//Session配置
'session_storage' => 'mysql',
'session_ttl' => 1800,
'session_savepath' => CACHE_PATH.'sessions/',
'session_n' => 0,
//Cookie配置
'cookie_domain' => '', //Cookie 作用域
'cookie_path' => '', //Cookie 作用路径
'cookie_pre' => 'rUtRR_', //Cookie 前缀，同一域名下安装多套系统时，请修改Cookie前缀
'cookie_ttl' => 0, //Cookie 生命周期，0 表示随浏览器进程

五、SESSION设置

PHPCMS的session应用前都必须加这个才能使用

$session_storage = 'session_'.pc_base::load_config('system','session_storage');
pc_base::load_sys_class($session_storage);

六、检测是否登录

后台：

/**
* 判断用户是否已经登陆
*/
final public function check_admin() {
if(ROUTE_M =='admin' && ROUTE_C =='index' && in_array(ROUTE_A, array('login', 'public_card'))) {
return true;
} else {
$userid = param::get_cookie('userid');
if(!isset($_SESSION['userid']) || !isset($_SESSION['roleid']) || !$_SESSION['userid'] || !$_SESSION['roleid'] || $userid != $_SESSION['userid']) showmessage(L('admin_login'),'?m=admin&c=index&a=login');
}
}

后台退出登陆：

public function public_logout() {
$_SESSION['userid'] = 0;
$_SESSION['roleid'] = 0;
param::set_cookie('admin_username','');
param::set_cookie('userid',0);

//退出phpsso
$phpsso_api_url = pc_base::load_config('system', 'phpsso_api_url');
$phpsso_logout = '<script type="text/javascript" src="'.$phpsso_api_url.'/api.php?op=logout" reload="1"></script>';

showmessage(L('logout_success').$phpsso_logout,'?m=admin&c=index&a=login');
}

前台检测是否登录：

$phpcms_auth = param::get_cookie('auth');
//判断是否存在auth cookie
if ($phpcms_auth) {
$auth_key = $auth_key = md5(pc_base::load_config('system', 'auth_key').$_SERVER['HTTP_USER_AGENT']);
list($userid, $password) = explode("\t", sys_auth($phpcms_auth, 'DECODE', $auth_key));

前侧退出登陆：

param::set_cookie('auth', '');
param::set_cookie('_userid', '');
param::set_cookie('_username', '');
param::set_cookie('_groupid', '');
param::set_cookie('_nickname', '');
param::set_cookie('cookietime', '');