From 39c0465ee38d7c08f162b3f851bfa1b69c87edcb Mon Sep 17 00:00:00 2001 From: qinzongqing Date: Fri, 7 Apr 2023 19:05:18 +0800 Subject: [PATCH] =?UTF-8?q?=E5=88=9D=E6=AC=A1=E6=8F=90=E4=BA=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .htaccess | 5 + .htrouter.php | 20 ++ README.md | 0 app/config/config.ini | 10 + app/config/config.php | 30 +++ app/config/consts.php | 117 +++++++++++ app/config/loader.php | 21 ++ app/config/router.php | 42 ++++ app/config/services.php | 187 ++++++++++++++++++ app/controllers/ControllerBase.php | 137 +++++++++++++ app/controllers/ErrorsController.php | 22 +++ app/controllers/Oauth2Controller.php | 31 +++ app/controllers/SmsController.php | 63 ++++++ app/controllers/UrlsController.php | 23 +++ app/library/CryptAES.php | 124 ++++++++++++ app/library/NoticeCenter.php | 112 +++++++++++ app/models/ModelBase.php | 12 ++ app/plugins/NotFoundPlugin.php | 45 +++++ app/plugins/SecurityPlugin.php | 108 ++++++++++ app/views/errors/show401.volt | 1 + app/views/errors/show404.volt | 1 + app/views/errors/show500.volt | 1 + app/views/index.phtml | 21 ++ app/views/index.volt | 1 + app/views/index/index.phtml | 7 + app/views/layouts/index.volt | 1 + app/views/layouts/main.volt | 86 ++++++++ app/views/layouts/page_limit.volt | 11 ++ .../_www_tiffany_sms_app_views_index.volt.php | 1 + cache/volt/.gitignore | 2 + index.html | 1 + public/.htaccess | 8 + public/index.php | 72 +++++++ robots.txt | 2 + 34 files changed, 1325 insertions(+) create mode 100644 .htaccess create mode 100644 .htrouter.php create mode 100644 README.md create mode 100644 app/config/config.ini create mode 100644 app/config/config.php create mode 100644 app/config/consts.php create mode 100644 app/config/loader.php create mode 100644 app/config/router.php create mode 100644 app/config/services.php create mode 100644 app/controllers/ControllerBase.php create mode 100644 app/controllers/ErrorsController.php create mode 100644 app/controllers/Oauth2Controller.php create mode 100644 app/controllers/SmsController.php create mode 100644 app/controllers/UrlsController.php create mode 100644 app/library/CryptAES.php create mode 100644 app/library/NoticeCenter.php create mode 100644 app/models/ModelBase.php create mode 100644 app/plugins/NotFoundPlugin.php create mode 100644 app/plugins/SecurityPlugin.php create mode 100644 app/views/errors/show401.volt create mode 100644 app/views/errors/show404.volt create mode 100644 app/views/errors/show500.volt create mode 100644 app/views/index.phtml create mode 100644 app/views/index.volt create mode 100644 app/views/index/index.phtml create mode 100644 app/views/layouts/index.volt create mode 100644 app/views/layouts/main.volt create mode 100644 app/views/layouts/page_limit.volt create mode 100644 cache/_www_tiffany_sms_app_views_index.volt.php create mode 100644 cache/volt/.gitignore create mode 100644 index.html create mode 100644 public/.htaccess create mode 100644 public/index.php create mode 100644 robots.txt diff --git a/.htaccess b/.htaccess new file mode 100644 index 0000000..aa6a7f7 --- /dev/null +++ b/.htaccess @@ -0,0 +1,5 @@ + + RewriteEngine on + RewriteRule ^$ public/ [L] + RewriteRule (.*) public/$1 [L] + \ No newline at end of file diff --git a/.htrouter.php b/.htrouter.php new file mode 100644 index 0000000..0978828 --- /dev/null +++ b/.htrouter.php @@ -0,0 +1,20 @@ + + * + * For the full copyright and license information, please view + * the LICENSE file that was distributed with this source code. + */ + +$uri = urldecode(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH)); + +if ($uri !== '/' && file_exists(__DIR__ . '/public' . $uri)) { + return false; +} + +$_GET['_url'] = $_SERVER['REQUEST_URI']; + +require_once __DIR__ . '/public/index.php'; diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/app/config/config.ini b/app/config/config.ini new file mode 100644 index 0000000..7037b07 --- /dev/null +++ b/app/config/config.ini @@ -0,0 +1,10 @@ +[application] +controllersDir = app/controllers/ +modelsDir = app/models/ +viewsDir = app/views/ +pluginsDir = app/plugins/ +formsDir = app/forms/ +libraryDir = app/library/ +baseUri = / +[setting] +debug=0 \ No newline at end of file diff --git a/app/config/config.php b/app/config/config.php new file mode 100644 index 0000000..93eab1e --- /dev/null +++ b/app/config/config.php @@ -0,0 +1,30 @@ + [ + 'adapter' => 'Mysql', + 'host' => MYSQL_CONNECT_HOST, + 'username' => MYSQL_CONNECT_USERNAME, + 'password' => MYSQL_CONNECT_PASSWORD, + 'dbname' => MYSQL_CONNECT_DBNAME, + 'charset' => 'utf8', + ], + 'application' => [ + 'appDir' => APP_PATH . '/', + 'controllersDir' => APP_PATH . '/controllers/', + 'modelsDir' => APP_PATH . '/models/', + 'migrationsDir' => APP_PATH . '/migrations/', + 'viewsDir' => APP_PATH . '/views/', + 'pluginsDir' => APP_PATH . '/plugins/', + 'libraryDir' => APP_PATH . '/library/', + 'cacheDir' => BASE_PATH . '/cache/', + 'baseUri' => '/', + ] +]); diff --git a/app/config/consts.php b/app/config/consts.php new file mode 100644 index 0000000..06163f7 --- /dev/null +++ b/app/config/consts.php @@ -0,0 +1,117 @@ +"是", + NOT_DEL=>"否" + ); +} +//================状态、类别等数值相关常量结束================== +?> \ No newline at end of file diff --git a/app/config/loader.php b/app/config/loader.php new file mode 100644 index 0000000..8d0bd88 --- /dev/null +++ b/app/config/loader.php @@ -0,0 +1,21 @@ +registerDirs( + [ + $config->application->appDir, + $config->application->controllersDir, + $config->application->modelsDir, + $config->application->migrationsDir, + $config->application->viewsDir, + $config->application->libraryDir, + $config->application->pluginsDir, + $config->application->cacheDir, + $config->application->baseUri + ] +)->register(); diff --git a/app/config/router.php b/app/config/router.php new file mode 100644 index 0000000..f705148 --- /dev/null +++ b/app/config/router.php @@ -0,0 +1,42 @@ +getRouter(); + +if(!empty($_SERVER['HTTP_HOST']) && (preg_match("@weapp\.wemediacn@", strtolower($_SERVER['HTTP_HOST'])))){ + if(!empty($_SERVER['REQUEST_URI']) && preg_match("@\/([a-z0-9]{1,20})\/stretch@", strtolower($_SERVER['REQUEST_URI']), $matches)){ + $custom_dir = $matches[1]; + $router->add( + "/{$custom_dir}/tiffany/api/:controller/:action/:params", + array( + "controller"=>1, + "action"=>2, + "params"=>3 + ) + ); + }else{ + $router->add( + "/d/tiffany/api/:controller/:action/:params", + array( + "controller"=>1, + "action"=>2, + "params"=>3 + ) + ); + } + +} +else{ + $router->add( + "/tiffany/api/:controller/:action/:params", + array( + "controller"=>1, + "action"=>2, + "params"=>3 + ) + ); +} + +$router->handle( + $_SERVER["REQUEST_URI"] +); +?> \ No newline at end of file diff --git a/app/config/services.php b/app/config/services.php new file mode 100644 index 0000000..16bf58b --- /dev/null +++ b/app/config/services.php @@ -0,0 +1,187 @@ +set('NoticeCenter', function () +{ + $noticeCenter = new NoticeCenter(); + return $noticeCenter; +}); + +/** + * Shared configuration service + */ +$di->setShared('config', function () { + return include APP_PATH . "/config/config.php"; +}); + +/** + * The URL component is used to generate all kind of urls in the application + */ +$di->setShared('url', function () { + $config = $this->getConfig(); + $url = new UrlResolver(); + $url->setBaseUri($config->application->baseUri); + + return $url; +}); + +/** + * Setting up the view component + */ +$di->setShared('view', function () { + $config = $this->getConfig(); + $view = new View(); + $view->setDI($this); + $view->setViewsDir($config->application->viewsDir); + + $view->registerEngines([ + '.volt' => function ($view) { + $config = $this->getConfig(); + + $volt = new VoltEngine($view, $this); + + $volt->setOptions([ + 'path' => $config->application->cacheDir, + 'separator' => '_' + ]); + + return $volt; + }, + '.phtml' => PhpEngine::class + + ]); + + return $view; +}); + +/** + * Database connection is created based in the parameters defined in the configuration file + */ +$di->setShared('db', function () { + $config = $this->getConfig(); + + $class = 'Phalcon\Db\Adapter\Pdo\\' . $config->database->adapter; + $params = [ + 'host' => MYSQL_CONNECT_HOST, + 'username' => MYSQL_CONNECT_USERNAME, + 'password' => MYSQL_CONNECT_PASSWORD, + 'dbname' => MYSQL_CONNECT_DBNAME, + 'charset' => "utf8" + ]; + + if ($config->database->adapter == 'Postgresql') { + unset($params['charset']); + } + + return new $class($params); +}); + $di->setShared('read_db', function () { + $config = $this->getConfig(); + + $class = 'Phalcon\Db\Adapter\Pdo\\' . $config->database->adapter; + $params = [ + 'host' => 'rr-bp1z8643dc476j0yw.mysql.rds.aliyuncs.com', + 'username' => MYSQL_CONNECT_USERNAME, + 'password' => MYSQL_CONNECT_PASSWORD, + 'dbname' => MYSQL_CONNECT_DBNAME, + 'charset' => "utf8" + ]; + + if ($config->database->adapter == 'Postgresql') { + unset($params['charset']); + } + + return new $class($params); + }); + +/** + * If the configuration specify the use of metadata adapter use it or use memory otherwise + */ +$di->setShared('modelsMetadata', function () { + return new MetaDataAdapter(); +}); + +/** + * Register the session flash service with the Twitter Bootstrap classes + */ +$di->set('flash', function () { + $escaper = new Escaper(); + $flash = new Flash($escaper); + $flash->setImplicitFlush(false); + $flash->setCssClasses([ + 'error' => 'alert alert-danger', + 'success' => 'alert alert-success', + 'notice' => 'alert alert-info', + 'warning' => 'alert alert-warning' + ]); + + return $flash; +}); + +/** + * Start the session the first time some component request the session service + */ +$di->setShared('session', function () { + $session = new SessionManager(); + $files = new SessionAdapter([ + 'savePath' => sys_get_temp_dir(), + ]); + $session->setAdapter($files); + $session->start(); + + return $session; +}); + +/** + * 载入redis + */ +$di->set('redis', function () +{ + $redisObj = new Redis (); + if( + preg_match("@weapp\.wemediacn@", strtolower($_SERVER['HTTP_HOST'])) + || + preg_match("@dev-shorturl\.wemediacn@", strtolower($_SERVER['HTTP_HOST'])) + || + preg_match("@we-shorturl\.wemediacn@", strtolower($_SERVER['HTTP_HOST'])) + ) + { + $redisObj->connect('r-bp11564d96842414128.redis.rds.aliyuncs.com', 6379); + $redisObj->auth('3Nsb4Pmsl9bcLs24mL12l'); + } elseif ($_SERVER['HTTP_HOST'] == '127.0.0.1'){ //本地环境 + $redisObj->connect('mysql5.weu.me', 6379); + } else{ + $redisObj->connect('r-bp1i8kwmlrnp6hhrkf.redis.rds.aliyuncs.com', 6379); + $redisObj->auth('r-bp1i8kwmlrnp6hhrkf'); + } + + $redisObj->select(REDIS_DB_NUMBER); + return $redisObj; +}); + +$di->set('qy_send', function () use($di) +{ + $qy_send = new QySend($di); + return $qy_send; +}); \ No newline at end of file diff --git a/app/controllers/ControllerBase.php b/app/controllers/ControllerBase.php new file mode 100644 index 0000000..2003238 --- /dev/null +++ b/app/controllers/ControllerBase.php @@ -0,0 +1,137 @@ +_PublicHelper = new PublicHelper(); + //$this->_LogObj = new LogClient(); + //选择redis库(测试及开发为130,正式为30) + $this->redis->select(REDIS_DB_NUMBER); + } + + /** + * curl get + */ + function __https_request($url){ + $curl = curl_init(); + curl_setopt($curl, CURLOPT_URL, $url); + curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE); + curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE); + curl_setopt($curl, CURLOPT_SSLVERSION, 1); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); + $data = curl_exec($curl); + if (curl_errno($curl)) { + return 'ERROR ' . curl_error($curl); + } + curl_close($curl); + return $data; + } + + /** + * curl post + */ + function __http_post_request($url, $postArr){ + $curl = curl_init(); + curl_setopt($curl, CURLOPT_URL, $url); + curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); + //curl_setopt ( $curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); + curl_setopt($curl, CURLOPT_SSLVERSION, 1); + curl_setopt($curl, CURLOPT_TIMEOUT, 60); + curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 15); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, 0); + curl_setopt($curl, CURLOPT_POST, 1); + curl_setopt($curl, CURLOPT_POSTFIELDS, $postArr); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); + $data = curl_exec($curl); + curl_close($curl); + return $data; + } + + /** + * 跳转页面方法封装,针对后台跳转使用 + */ + function __response_redirect($url=""){ + header("Location: $url"); exit; + } + + /** + * 获取客户ip + */ + function __get_client_ip(){ + if(!empty($_SERVER["HTTP_CLIENT_IP"])){ + $cip = $_SERVER["HTTP_CLIENT_IP"]; + } + elseif(!empty($_SERVER["HTTP_X_FORWARDED_FOR"])){ + $cip = $_SERVER["HTTP_X_FORWARDED_FOR"]; + } + elseif(!empty($_SERVER["REMOTE_ADDR"])){ + $cip = $_SERVER["REMOTE_ADDR"]; + } + else{ + $cip = "UNKNOWN"; + } + return $cip; + } + + /** + * 清除html标签 + */ + function __delhtml($str){ + $str = trim($str); + $str = str_replace(array('"', "'"), array("", ""), $str); + //开始 + $st = -1; + //结束 + $et = -1; + $stmp = array(); + $stmp[] = " "; + $len = strlen($str); + for($i=0; $i<$len; $i++){ + $ss = substr($str, $i, 1); + //ord("<")==60 + if(ord($ss)==60){ + $st = $i; + } + //ord(">")==62 + if(ord($ss)==62){ + $et = $i; + if($st!=-1){ + $stmp [] = substr($str, $st, $et-$st+1); + } + } + } + $str = str_replace($stmp, "", $str); + return $str; + } + + /** + * 转换xml为数组 + */ + function __change_xml_to_array($xmlfile){ + $ob = simplexml_load_string($xmlfile, 'SimpleXMLElement', LIBXML_NOCDATA); + $json = json_encode($ob); + $configData = json_decode($json, true); + return $configData; + } + + /** + * 随机生成8位字符 + */ + function _get_act_code(){ + $str = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; + $code = substr(str_shuffle($str), 0, 8); + return $code; + } + +} +?> \ No newline at end of file diff --git a/app/controllers/ErrorsController.php b/app/controllers/ErrorsController.php new file mode 100644 index 0000000..5ad7f07 --- /dev/null +++ b/app/controllers/ErrorsController.php @@ -0,0 +1,22 @@ + \ No newline at end of file diff --git a/app/controllers/Oauth2Controller.php b/app/controllers/Oauth2Controller.php new file mode 100644 index 0000000..1872da0 --- /dev/null +++ b/app/controllers/Oauth2Controller.php @@ -0,0 +1,31 @@ + \ No newline at end of file diff --git a/app/controllers/SmsController.php b/app/controllers/SmsController.php new file mode 100644 index 0000000..d6fafbb --- /dev/null +++ b/app/controllers/SmsController.php @@ -0,0 +1,63 @@ + \ No newline at end of file diff --git a/app/controllers/UrlsController.php b/app/controllers/UrlsController.php new file mode 100644 index 0000000..6c6891e --- /dev/null +++ b/app/controllers/UrlsController.php @@ -0,0 +1,23 @@ + \ No newline at end of file diff --git a/app/library/CryptAES.php b/app/library/CryptAES.php new file mode 100644 index 0000000..24857d6 --- /dev/null +++ b/app/library/CryptAES.php @@ -0,0 +1,124 @@ +cipher = $cipher; + } + + public function set_mode($mode) + { + $this->mode = $mode; + } + + public function set_iv($iv) + { + $this->iv = $iv; + } + + public function set_key($key) + { + $this->secret_key = $key; + } + + public function require_pkcs5() + { + $this->pad_method = 'pkcs5'; + } + + protected function pad_or_unpad($str, $ext) + { + if ( is_null($this->pad_method) ) + { + return $str; + } + else + { + $func_name = __CLASS__ . '::' . $this->pad_method . '_' . $ext . 'pad'; + if ( is_callable($func_name) ) + { + $size = mcrypt_get_block_size($this->cipher, $this->mode); + return call_user_func($func_name, $str, $size); + } + } + + return $str; + } + + protected function pad($str) + { + return $this->pad_or_unpad($str, ''); + } + + protected function unpad($str) + { + return $this->pad_or_unpad($str, 'un'); + } + + + public function encrypt($str) + { + $str = $this->pad($str); + $td = mcrypt_module_open($this->cipher, '', $this->mode, ''); + + if ( empty($this->iv) ) + { + $iv = @mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); + } + else + { + $iv = $this->iv; + } + mcrypt_generic_init($td, $this->secret_key, $iv); + $cyper_text = mcrypt_generic($td, $str); + $rt = base64_encode($cyper_text); + mcrypt_generic_deinit($td); + mcrypt_module_close($td); + + return $rt; + } + + + public function decrypt($str){ + $td = mcrypt_module_open($this->cipher, '', $this->mode, ''); + + if ( empty($this->iv) ) + { + $iv = @mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); + } + else + { + $iv = $this->iv; + } + + mcrypt_generic_init($td, $this->secret_key, $iv); + $decrypted_text = mdecrypt_generic($td, base64_decode($str)); + $rt = $decrypted_text; + mcrypt_generic_deinit($td); + mcrypt_module_close($td); + + return $this->unpad($rt); + } + + public static function pkcs5_pad($text, $blocksize) + { + $pad = $blocksize - (strlen($text) % $blocksize); + return $text . str_repeat(chr($pad), $pad); + } + + public static function pkcs5_unpad($text) + { + $pad = ord($text{strlen($text) - 1}); + if ($pad > strlen($text)) return false; + if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false; + return substr($text, 0, -1 * $pad); + } + +} +?> \ No newline at end of file diff --git a/app/library/NoticeCenter.php b/app/library/NoticeCenter.php new file mode 100644 index 0000000..6054073 --- /dev/null +++ b/app/library/NoticeCenter.php @@ -0,0 +1,112 @@ +redis = $di->get("redis"); + $this->access_token = $this->__qy_access_token(QY_CORPID, QY_SECRET); + + } + + /** + * POST方式执行页面 + */ + function __http_post_request($url, $postArr){ + $curl = curl_init(); + curl_setopt($curl, CURLOPT_URL, $url); + curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); + curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); + curl_setopt($curl, CURLOPT_SSLVERSION, 1); + curl_setopt($curl, CURLOPT_TIMEOUT, 60); + curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 15); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, 0); + curl_setopt($curl, CURLOPT_POST, 1); + curl_setopt($curl, CURLOPT_POSTFIELDS, $postArr); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); + $data = curl_exec($curl); + curl_close($curl); + return $data; + } + + /** + * 获取企业号acces_token + * $corpid,$corpsecret为权限组的id和密钥 + */ + function __qy_access_token($corpid,$corpsecret) + { + $this->redis->select(REDIS_DB_NUMBER); + $rediskey = 'qy_' . $corpid . '_' . $corpsecret; + $qy_acces_token = $this->redis->get($rediskey); + if(!empty($qy_acces_token)){ + return $qy_acces_token; + }else{ + $url = "https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=$corpid&corpsecret=$corpsecret"; + $info = $this->__https_request($url); + $tokenArr = json_decode($info,true); + $qy_acces_token = $tokenArr['access_token']; + $this->redis->setex($rediskey,7000, $qy_acces_token); + return $qy_acces_token; + } + } + + + + + + /** + * GET方式执行页面 + */ + function __https_request($url) + { + $curl = curl_init(); + curl_setopt($curl, CURLOPT_URL, $url); + curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE); + curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE); + curl_setopt($curl, CURLOPT_SSLVERSION, 1); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); + $data = curl_exec($curl); + if(curl_errno($curl)){ + return 'ERROR '.curl_error($curl); + } + curl_close($curl); + return $data; + } + + + /** + * we企业号消息提醒(自定义发送人群) + */ + function send_user_remind($userArr, $content) + { + if(strstr($_SERVER['HTTP_HOST'], 'weapp')) + { + return true; + }elseif(strstr($_SERVER['HTTP_HOST'], '127.0.0.1')) + { + return true; + } + if(is_array($userArr)){ + $user_str = implode("|", $userArr); + }else{ + $user_str = $userArr; + } + $str = '{ + "touser": "'.$user_str.'", + "toparty": "", + "totag": "", + "msgtype": "text", + "agentid": '.QY_AGENTID.', + "text": { + "content": "'.$content.'" + }, + "safe":0 + }'; + $url = 'https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token='.$this->access_token; + return $this->__http_post_request($url, $str); + } +} \ No newline at end of file diff --git a/app/models/ModelBase.php b/app/models/ModelBase.php new file mode 100644 index 0000000..5255da0 --- /dev/null +++ b/app/models/ModelBase.php @@ -0,0 +1,12 @@ +db->query($sql); + return $result; + } + +} +?> \ No newline at end of file diff --git a/app/plugins/NotFoundPlugin.php b/app/plugins/NotFoundPlugin.php new file mode 100644 index 0000000..8b287c4 --- /dev/null +++ b/app/plugins/NotFoundPlugin.php @@ -0,0 +1,45 @@ +getMessage () . PHP_EOL . $exception->getTraceAsString () ); + if ($exception instanceof DispatcherException) { + switch ($exception->getCode ()) { + case Dispatcher::EXCEPTION_HANDLER_NOT_FOUND : + case Dispatcher::EXCEPTION_ACTION_NOT_FOUND : + $dispatcher->forward ( array ( + 'controller' => 'errors', + 'action' => 'show404' + ) ); + return false; + } + } + if ($this->config->setting->debug > 1) { + throw $exception; + } + $dispatcher->forward ( array ( + 'controller' => 'errors', + 'action' => 'show500' + ) ); + return false; + } +} +?> \ No newline at end of file diff --git a/app/plugins/SecurityPlugin.php b/app/plugins/SecurityPlugin.php new file mode 100644 index 0000000..3930976 --- /dev/null +++ b/app/plugins/SecurityPlugin.php @@ -0,0 +1,108 @@ +persistent->acl )) { + $acl = new AclList (); + // Register roles + $roles = array ( + 'users' => new Role ( 'Users' ), + 'guests' => new Role ( 'Guests' ) + ); + foreach ( $roles as $role ) { + $acl->addRole ( $role ); + } + // Private area resources + $privateResources = array (); + foreach ( $privateResources as $resource => $actions ) { + $acl->addResource ( new Resource ( $resource ), $actions ); + } + // Public area resources + $publicResources = array ( + 'index' => array ( + 'index' + ), + 'logs' => array ( + 'index' + ), + 'errors' => array ( + 'show401', + 'show404', + 'show500' + ), + 'session' => array ( + 'index', + 'register', + 'start', + 'end' + ) + ); + foreach ( $publicResources as $resource => $actions ) { + $acl->addResource ( new Resource ( $resource ), $actions ); + } + // Grant access to public areas to both users and guests + foreach ( $roles as $role ) { + foreach ( $publicResources as $resource => $actions ) { + foreach ( $actions as $action ) { + $acl->allow ( $role->getName (), $resource, $action ); + } + } + } + // Grant access to private area to role Users + foreach ( $privateResources as $resource => $actions ) { + foreach ( $actions as $action ) { + $acl->allow ( 'Guests', $resource, $action ); + } + } + // The acl is stored in session, APC would be useful here too + $this->persistent->acl = $acl; + } + return $this->persistent->acl; + } + /** + * This action is executed before execute any action in the application + * + * @param Event $event + * @param Dispatcher $dispatcher + * @return bool + */ + public function beforeDispatch(Event $event, Dispatcher $dispatcher) { + $auth = $this->session->get ( 'auth' ); + if (! $auth) { + $role = 'Guests'; + } else { + $role = 'Users'; + } + $controller = $dispatcher->getControllerName (); + $controller = strtolower ( $controller ); + $action = $dispatcher->getActionName (); + $controller = strtolower ( $action ); + $acl = $this->getAcl (); + $allowed = $acl->isAllowed ( $role, $controller, $action ); + if ($allowed != Acl::ALLOW) { + $dispatcher->forward(array( + 'controller' => 'errors', + 'action' => 'show401' + )); + $this->session->destroy(); + return false; + } + } +} +?> \ No newline at end of file diff --git a/app/views/errors/show401.volt b/app/views/errors/show401.volt new file mode 100644 index 0000000..8a923ef --- /dev/null +++ b/app/views/errors/show401.volt @@ -0,0 +1 @@ +{{ content() }} \ No newline at end of file diff --git a/app/views/errors/show404.volt b/app/views/errors/show404.volt new file mode 100644 index 0000000..8a923ef --- /dev/null +++ b/app/views/errors/show404.volt @@ -0,0 +1 @@ +{{ content() }} \ No newline at end of file diff --git a/app/views/errors/show500.volt b/app/views/errors/show500.volt new file mode 100644 index 0000000..8a923ef --- /dev/null +++ b/app/views/errors/show500.volt @@ -0,0 +1 @@ +{{ content() }} \ No newline at end of file diff --git a/app/views/index.phtml b/app/views/index.phtml new file mode 100644 index 0000000..cd415c3 --- /dev/null +++ b/app/views/index.phtml @@ -0,0 +1,21 @@ + + + + + + + + Phalcon PHP Framework + + + + +
+ getContent(); ?> +
+ + + + + + diff --git a/app/views/index.volt b/app/views/index.volt new file mode 100644 index 0000000..8a923ef --- /dev/null +++ b/app/views/index.volt @@ -0,0 +1 @@ +{{ content() }} \ No newline at end of file diff --git a/app/views/index/index.phtml b/app/views/index/index.phtml new file mode 100644 index 0000000..f6c384f --- /dev/null +++ b/app/views/index/index.phtml @@ -0,0 +1,7 @@ +
+

Congratulations!

+
+ +

You're now flying with Phalcon. Great things are about to happen!

+ +

This page is located at views/index/index.phtml

diff --git a/app/views/layouts/index.volt b/app/views/layouts/index.volt new file mode 100644 index 0000000..8a923ef --- /dev/null +++ b/app/views/layouts/index.volt @@ -0,0 +1 @@ +{{ content() }} \ No newline at end of file diff --git a/app/views/layouts/main.volt b/app/views/layouts/main.volt new file mode 100644 index 0000000..4a77b14 --- /dev/null +++ b/app/views/layouts/main.volt @@ -0,0 +1,86 @@ + + + +{{get_title()}} + + + + + + + + + + + +
+
+
+
+
+ +
+
+
+
+
+
+
+
+
+
+ + 您的位置: + + + {{content()}} +
+
+
+
+
+
+
+ 北京众览传媒上海分公司 +
+
+ + \ No newline at end of file diff --git a/app/views/layouts/page_limit.volt b/app/views/layouts/page_limit.volt new file mode 100644 index 0000000..6248ae9 --- /dev/null +++ b/app/views/layouts/page_limit.volt @@ -0,0 +1,11 @@ +
+ +
\ No newline at end of file diff --git a/cache/_www_tiffany_sms_app_views_index.volt.php b/cache/_www_tiffany_sms_app_views_index.volt.php new file mode 100644 index 0000000..cfe003f --- /dev/null +++ b/cache/_www_tiffany_sms_app_views_index.volt.php @@ -0,0 +1 @@ +getContent() ?> \ No newline at end of file diff --git a/cache/volt/.gitignore b/cache/volt/.gitignore new file mode 100644 index 0000000..d6b7ef3 --- /dev/null +++ b/cache/volt/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/index.html b/index.html new file mode 100644 index 0000000..93bf6d8 --- /dev/null +++ b/index.html @@ -0,0 +1 @@ +

Mod-Rewrite is not enabled

Please enable rewrite module on your web server to continue \ No newline at end of file diff --git a/public/.htaccess b/public/.htaccess new file mode 100644 index 0000000..fcf1d37 --- /dev/null +++ b/public/.htaccess @@ -0,0 +1,8 @@ +AddDefaultCharset UTF-8 + + + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} !-d + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^(.*)$ index.php?_url=/$1 [QSA,L] + \ No newline at end of file diff --git a/public/index.php b/public/index.php new file mode 100644 index 0000000..c33ad12 --- /dev/null +++ b/public/index.php @@ -0,0 +1,72 @@ +getConfig(); + + /** + * Include Autoloader + */ + include APP_PATH."/config/loader.php"; + + /** + * Handle the request + */ + $application = new \Phalcon\Mvc\Application($di); + + echo $application->handle($_SERVER['REQUEST_URI'])->getContent(); + +} catch (\Exception $e) { + + $message = array(); + $message[] = $e->getMessage(); + $message[] = $e->getTraceAsString(); + $message[] = "request_uri:{$_SERVER['REQUEST_URI']} "; + var_dump($message); + +} +?> \ No newline at end of file diff --git a/robots.txt b/robots.txt new file mode 100644 index 0000000..9a48dd8 --- /dev/null +++ b/robots.txt @@ -0,0 +1,2 @@ +User-agent: * +Disallow: / \ No newline at end of file