| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274 | <?php/* *   1,在postman中选择验证方式为no auth. * *   2,添加header,key为:Authrization,value为Bearer xxxxxxxxxxxxx. * *      注意:key的拼写必须一样(包括大小写),value中的Bearer和xxxxxxxx之间至少要有一个空格,xxxxxx为发送的access_token。 */namespace app\common\controllers;use app\common\helpers\Identify;use app\modules\admin\models\Attachment;use app\modules\admin\models\AttachmentIndex;use app\modules\admin\models\Config;use app\modules\ad\models\AdData;use app\models\EmailCert;use app\models\MobileCert;use app\modules\ucenter\models\User;use yii\rest\ActiveController;use yii\filters\Cors;use yii\filters\auth\CompositeAuth;use yii\filters\auth\HttpBasicAuth;use yii\filters\auth\HttpBearerAuth;use yii\filters\auth\QueryParamAuth;use Yii;class AController extends ActiveController{    public $modelClass = 'app\modules\ucenter\models\User';    public $post;    public $get;    public $user;    public $user_id;    public $userInfo;    public $attconfig;    public $ossconfig;    public $baseconfig;    public $wapconfig;    public $imageconfig;    public $csrconfig;    public $higherconfig;    public $payconfig;    public $coinconfig;    public $pointconfig;    public $baiduconfig;    public $openauthconfig;    public $smsconfig;    public $mailerconfig;    public $ueditorconfig;    public $docconfig;    public $mpconfig;    public $wxappconfig;    public $bdappconfig;    public $transferconfig;    public $withdrawconfig;    public $commissionconfig;    public $shoppingconfig;    public $cmsconfig;    public $badwordconfig;    public $posterconfig;    public $docname = '文档';    public $colname = '合辑';    public $optional = [        'sendverifycode',//发送验证码        'checkverifycode',//校验验证码        'register',//注册        'login',//登录        'fastlogin',//快速登录        'resetpwd',//重置密码        'docmd5check',        'doctitlecheck',        'sharedoc',        'gettag',        'error',    ];    public function behaviors()    {        $behaviors = parent::behaviors();        // remove authentication filter        unset($behaviors['authenticator']);        // 这个是跨域配置        $behaviors['corsFilter'] = [            'class' => Cors::class,            'cors' => [                'Origin' => CORS_DOMAIN,                'Access-Control-Request-Method' => ['GET','POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],                // Allow only POST and PUT methods                'Access-Control-Request-Headers' => ['*'],                // Allow only headers 'X-Wsse'                'Access-Control-Allow-Credentials' => true,                // Allow OPTIONS caching                'Access-Control-Max-Age' => 0,                // Allow the X-Pagination-Current-Page header to be exposed to the browser.                'Access-Control-Expose-Headers' => ['X-Pagination-Current-Page'],            ],        ];        $behaviors['authenticator'] = [            'class' => CompositeAuth::class,            'authMethods' => [                //HttpBasicAuth::className(),                HttpBearerAuth::class,                //QueryParamAuth::className(),            ],            'optional' =>$this->optional,            'except'=> ['options'] //认证排除OPTIONS请求        ];        return $behaviors;    }    public function init()    {        parent::init();        //加入全局配置        $configResultList = Config::find()->all();        if(is_array($configResultList))foreach($configResultList as $configResult)        {            $configName = str_replace('config','',$configResult->name);            $configName = str_replace('attachment','att',$configName).'config';            $this->$configName = string2array($configResult->value);        }        $this->docname = $this->docconfig['docname']?$this->docconfig['docname']:'文档';        $this->colname = $this->docconfig['colname']?$this->docconfig['colname']:'合辑';        if(empty($this->cmsconfig['news_breadname']))$this->cmsconfig['news_breadname'] = '资讯';        if(empty($this->cmsconfig['news_contentname']))$this->cmsconfig['news_contentname'] = '资讯';        if(empty($this->docconfig['breadname']))$this->docconfig['breadname'] = '文档';        if(empty($this->docconfig['docname']))$this->docconfig['docname'] = '文档';        if(empty($this->docconfig['colname']))$this->docconfig['colname'] = '合辑';        if(Yii::$app->request->headers->get('Authorization'))$this->user = User::findIdentityByAccessToken(Yii::$app->request->headers->get('Authorization'));    }    //验证码校验    function checkCode($to,$code)    {        $patternEmail = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,})$/';        $patternMobile = '/^1[3456789]{1}\d{9}$/';        if(preg_match($patternEmail,$to)) $toType = 'email';        if(preg_match($patternMobile,$to)) $toType='mobile';        if($toType=='mobile')        {            $exist = \app\models\MobileCert::find()->where("mobile='".$to."' and request_from = ".REQUEST_FROM)->orderBy(['id'=>SORT_DESC])->one();        }        else if($toType=='email')        {            $exist = \app\models\EmailCert::find()->where("email='".$to."' and request_from = ".REQUEST_FROM)->orderBy(['id'=>SORT_DESC])->one();        }        //判断验证码有效期        if($exist&&(TIMESTAMP-$exist->sent_time>$this->smsconfig['certValidTime']*60||$exist->cert==1))        {            return [                'error' => 1,                'msg' => '验证码无效',                'data' => [],                'code'=>200            ];        }        //判断验证码正确行        if($exist->cert_key!=$code)        {            return [                'error' => 1,                'msg' => '验证码错误',                'data' => [],                'code'=>200            ];        }        $exist->cert = 1;        $exist->cert_time = TIMESTAMP;        $exist->save();    }    //当前用户是否有权限访问和操作所请求的资源    public function checkRights($user_id,$model,$fild_name='user_id')    {        if ($model->$fild_name != $user_id){            return [                'error' => 1,                'msg' => '你只能操作你自己创作的数据',                'data' => [],                'code'=>200            ];        }        else        {            return true;        }    }    //当前用户是否有权限访问和操作所请求的资源    public function checkAccess($action, $model = null, $params = [])    {        /* // check if the user can access $action and $model         // throw ForbiddenHttpException if access should be denied         if ($action === 'update' || $action === 'delete') {             if ($model->user_id !== \Yii::$app->user->id)                 throw new \yii\web\ForbiddenHttpException(sprintf('You can only %s articles that you\'ve created.', $action));         }*/    }    //禁用一些操作    public function actions()    {        $action= parent::actions(); // TODO: Change the autogenerated stub        unset($action['index']);        unset($action['create']);        unset($action['update']);        unset($action['delete']);    }    /**     * @param $action     * @return bool     * @throws \yii\web\BadRequestHttpException     */    public function beforeAction($action)    {        parent::beforeAction($action);        $this->post = Yii::$app->request->post();        $this->get = Yii::$app->request->get();        if(!empty(Yii::$app->user))        {            $this->user = Yii::$app->user->identity;            $this->user_id = Yii::$app->user->id;            $this->userInfo = Identify::getUserInfo(Yii::$app->user->id);        }        return $action;    }    /**     * validateValue     * @return bool     */    public function validateCaptcha($value)    {        $data = unserialize(Yii::$app->security->decryptByKey(base64_decode($value),Yii::$app->params['authKey']));        if(empty($data['ip']) || $data['ip'] != Yii::$app->request->getUserIP()){            return false;        }        if(empty($data['ua']) || $data['ua'] != crc32(Yii::$app->request->getUserAgent())){            return false;        }        if(empty($data['ttl']) || time() > $data['ttl']) {            return false;        }        return true;    }    //缩略图    public function makeThumb($imagePath,$width,$height)    {        $hash = $imagePath?md5($imagePath):'noimage';        return WEB_URL.'p/'.$width.'/'.$height.'/'.$hash.'.jpg';    }    //对接前端Url    public static function urlList($page)    {        $urls['home'] =  REQUEST_FROM==1? WEB_URL: WAP_URL;        $urls['login'] = REQUEST_FROM==1? WEB_URL.'login/': WAP_URL.'login/';        $urls['logout'] = REQUEST_FROM==1? WEB_URL.'logout/': WAP_URL.'logout/';        $urls['ucenter'] = REQUEST_FROM==1? WEB_URL.'ucenter/': WAP_URL.'ucenter/';        $urls['myupload'] = REQUEST_FROM==1? WEB_URL.'myupload/': WAP_URL.'myupload/';        return $urls[$page];    }}
 |