新增独立的后台管理入口

修复前台Auth类权限的BUG
修复后台自动登录的BUG
移除空余的配置文件和第三方前端插件

application/admin/controller/Index.php

@@ -12,8 +12,8 @@ use think\Validate;
 class Index extends Backend
 {
 
-    protected $noNeedLogin = ['login', 'logout'];
-    protected $noNeedRight = ['index'];
+    protected $noNeedLogin = ['login'];
+    protected $noNeedRight = ['index', 'logout'];
     protected $layout = '';
 
     public function _initialize()

application/admin/library/Auth.php

@@ -79,7 +79,7 @@ class Auth extends \fast\Auth
         if ($id && $keeptime && $expiretime && $key && $expiretime > time())
         {
             $admin = Admin::get($id);
-            if (!$admin)
+            if (!$admin || !$admin->token)
             {
                 return false;
             }

application/common/controller/Backend.php

@@ -165,7 +165,7 @@ class Backend extends Controller
             'controllername' => $controllername,
             'actionname'     => $actionname,
             'jsname'         => 'backend/' . str_replace('.', '/', $controllername),
-            'moduleurl'      => url("/{$modulename}", '', false),
+            'moduleurl'      => rtrim(url("/{$modulename}", '', false), '/'),
             'language'       => $lang,
             'referer'        => Session::get("referer")
         ];

application/common/controller/Frontend.php

@@ -7,17 +7,42 @@ use app\common\model\Configvalue;
 use think\Config;
 use think\Controller;
 use think\Lang;
+use think\Session;
 
 class Frontend extends Controller
 {
 
     /**
+     * 返回码,默认为null,当设置了该值后将输出json数据
+     * @var int
+     */
+    protected $code = null;
+
+    /**
+     * 返回内容,默认为null,当设置了该值后将输出json数据
+     * @var mixed
+     */
+    protected $data = null;
+
+    /**
+     * 返回文本,默认为空
+     * @var mixed
+     */
+    protected $msg = '';
+
+    /**
      *
      * @var Auth
      */
     protected $user = null;
 
     /**
+     * 无需登录的方法，默认全部都无需登录
+     * @var array
+     */
+    protected $noNeedLogin = ['*'];
+
+    /**
      * 布局模板
      * @var string
      */
@@ -38,10 +63,21 @@ class Frontend extends Controller
 
         // 检测当前是否登录并进行初始化
         $this->user->init();
-
+        
+        // 检测是否需要验证登录
+        if (!$this->user->match($this->noNeedLogin))
+        {
+            //检测是否登录
+            if (!$this->user->isLogin())
+            {
+                $url = Session::get('referer');
+                $url = $url ? $url : $this->request->url();
+                $this->error(__('Please login first'), url('/user/login', ['url' => $url]));
+            }
+        }
+        
         // 将auth对象渲染至视图
         $this->view->assign("user", $this->user);
-
         // 如果有使用模板布局
         if ($this->layout)
         {
@@ -68,7 +104,7 @@ class Frontend extends Controller
         $this->assign('site', $site);
         $this->assign('config', $config);
     }
-    
+
     /**
      * 加载语言文件
      * @param string $name
@@ -78,4 +114,17 @@ class Frontend extends Controller
         Lang::load(APP_PATH . $this->request->module() . '/lang/' . Lang::detect() . '/' . str_replace('.', '/', $name) . '.php');
     }
 
+    /**
+     * 析构方法
+     *
+     */
+    public function __destruct()
+    {
+        //判断是否设置code值,如果有则变动response对象的正文
+        if (!is_null($this->code))
+        {
+            $this->result($this->data, $this->code, $this->msg, 'json');
+        }
+    }
+
 }

application/common/library/Auth.php

@@ -9,12 +9,13 @@ use fast\ucenter\client\Client;
 use think\Cookie;
 use think\Db;
 use think\Exception;
+use think\Request;
 use think\Validate;
 
 /**
  * Auth类
  */
-class Auth
+class Auth implements \JsonSerializable, \ArrayAccess
 {
 
     const ERR_ACCOUNT_IS_INCORRECT = 'Account is incorrect';
@@ -58,6 +59,15 @@ class Auth
         return self::$instance;
     }
 
+    /**
+     * 
+     * @return User
+     */
+    public function getModel()
+    {
+        return $this->user;
+    }
+
     public function __get($name)
     {
         return $this->check() ? $this->user->$name : NULL;
@@ -277,6 +287,10 @@ class Auth
             {
                 return FALSE;
             }
+            if (Token::identity($token) != $user['id'])
+            {
+                return FALSE;
+            }
             $this->user = $user;
             $this->_logined = TRUE;
             return TRUE;
@@ -415,8 +429,7 @@ class Auth
             }
         }
         // 调用事务删除账号
-        $result = Db::transaction(function($db) use($user_id)
-                {
+        $result = Db::transaction(function($db) use($user_id) {
                     // 删除会员
                     User::destroy($user_id);
 
@@ -457,6 +470,31 @@ class Auth
     {
         return md5(md5($password) . $salt);
     }
+    
+    
+
+    /**
+     * 检测当前控制器和方法是否匹配传递的数组
+     *
+     * @param array $arr 需要验证权限的数组
+     */
+    public function match($arr = [])
+    {
+        $request = Request::instance();
+        $arr = is_array($arr) ? $arr : explode(',', $arr);
+        if (!$arr)
+        {
+            return FALSE;
+        }
+        // 是否存在
+        if (in_array(strtolower($request->action()), $arr) || in_array('*', $arr))
+        {
+            return TRUE;
+        }
+
+        // 没找到匹配
+        return FALSE;
+    }
 
     /**
      * 同步登录信息
@@ -577,4 +615,36 @@ class Auth
         return __($this->_error);
     }
 
+    public function __toString()
+    {
+        return $this->user->toJson();
+    }
+
+    // JsonSerializable
+    public function jsonSerialize()
+    {
+        return $this->user->toArray();
+    }
+
+    // ArrayAccess
+    public function offsetSet($name, $value)
+    {
+        $this->user->setAttr($name, $value);
+    }
+
+    public function offsetExists($name)
+    {
+        return $this->user->__isset($name);
+    }
+
+    public function offsetUnset($name)
+    {
+        $this->user->__unset($name);
+    }
+
+    public function offsetGet($name)
+    {
+        return $this->user->getAttr($name);
+    }
+
 }

application/index/controller/User.php

@@ -18,6 +18,7 @@ class User extends Frontend
 
     // 使用布局
     protected $layout = 'bootstrap';
+    protected $noNeedLogin = ['*'];
 
     public function _initialize()
     {

public/admin.php

@@ -0,0 +1,35 @@
+<?php
+
+// +----------------------------------------------------------------------
+// | ThinkPHP [ WE CAN DO IT JUST THINK ]
+// +----------------------------------------------------------------------
+// | Copyright (c) 2006-2016 http://thinkphp.cn All rights reserved.
+// +----------------------------------------------------------------------
+// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
+// +----------------------------------------------------------------------
+// | Author: liu21st <liu21st@gmail.com>
+// +----------------------------------------------------------------------
+// [ 后台入口文件 ]
+// 使用此文件可以达到隐藏admin模块的效果
+// 建议将admin.php改成其它任意的文件名，同时修改config.php中的'deny_module_list',把admin模块也添加进去
+// 定义应用目录
+define('APP_PATH', __DIR__ . '/../application/');
+
+// 判断是否安装FastAdmin
+if (!file_exists(APP_PATH . 'admin/command/Install/install.lock'))
+{
+    header("location:./install.php");
+    exit;
+}
+
+// 加载框架引导文件
+require __DIR__ . '/../thinkphp/base.php';
+
+// 绑定到admin模块
+\think\Route::bind('admin');
+
+// 设置根url
+\think\Url::root('');
+
+// 执行应用
+\think\App::run()->send();

public/assets/js/backend/example/bootstraptable.js

@@ -42,7 +42,8 @@ define(['jquery', 'bootstrap', 'backend', 'table', 'form'], function ($, undefin
                         {field: 'createtime', title: __('Create time'), formatter: Table.api.formatter.datetime, operate: 'BETWEEN', type: 'datetime', addclass: 'datetimepicker', data: 'data-date-format="YYYY-MM-DD HH:mm:ss"'},
                         //我们向操作栏额外添加上一个详情按钮,并保留已有的编辑和删除控制,同时为这个按钮添加上点击事件
                         {field: 'operate', title: __('Operate'), events: Controller.api.events.operate, formatter: function (value, row, index) {
-                                return Table.api.formatter.operate.call(this, value, row, index, table);
+                                var detail = '<a class="btn btn-xs btn-success btn-detail">详情</a> ';
+                                return detail + Table.api.formatter.operate.call(this, value, row, index, table);
                             }}
                     ],
                 ],

public/assets/js/require-backend.js

@@ -24,8 +24,6 @@ require.config({
         // 以下的包从bower的libs目录加载
         'jquery': '../libs/jquery/dist/jquery.min',
         'bootstrap': '../libs/bootstrap/dist/js/bootstrap.min',
-        'bootstrap-validator': '../libs/bootstrap-validator/dist/validator.min',
-        'bootstrap-dialog': '../libs/bootstrap3-dialog/dist/js/bootstrap-dialog.min',
         'bootstrap-datetimepicker': '../libs/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min',
         'bootstrap-select': '../libs/bootstrap-select/dist/js/bootstrap-select.min',
         'bootstrap-table': '../libs/bootstrap-table/dist/bootstrap-table.min',
@@ -33,13 +31,10 @@ require.config({
         'bootstrap-table-mobile': '../libs/bootstrap-table/dist/extensions/mobile/bootstrap-table-mobile',
         'bootstrap-table-lang': '../libs/bootstrap-table/dist/locale/bootstrap-table-zh-CN',
         'tableexport': '../libs/tableExport.jquery.plugin/tableExport.min',
-        'dropzone': '../libs/dropzone/dist/min/dropzone-amd-module.min',
-        'less': '../libs/less/dist/less.min',
         'dragsort': '../libs/dragsort/jquery.dragsort',
         'sortable': '../libs/Sortable/Sortable.min',
         'addtabs': '../libs/jquery-addtabs/jquery.addtabs',
         'slimscroll': '../libs/jquery-slimscroll/jquery.slimscroll',
-        'crontab': '../libs/jqcron/src/jqCron.cn',
         'summernote': '../libs/summernote/dist/lang/summernote-zh-CN.min',
         'validator-core': '../libs/nice-validator/dist/jquery.validator',
         'validator-lang': '../libs/nice-validator/dist/local/zh-CN',
@@ -98,11 +93,6 @@ require.config({
             deps: ['bootstrap', 'slimscroll'],
             exports: '$.AdminLTE'
         },
-        'crontab': ['../libs/jqcron/src/jqCron', 'css!../libs/jqcron/src/jqCron.css'],
-        'bootstrap-checkbox': ['jquery'],
-        'bootstrap-radio': ['jquery'],
-        'bootstrap-switch': ['jquery'],
-        'bootstrap-dialog': ['css!../libs/bootstrap3-dialog/dist/css/bootstrap-dialog.min.css'],
         'bootstrap-datetimepicker': [
             'moment/locale/zh-cn',
 //            'css!../libs/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css',

public/assets/js/require-frontend.js

@@ -24,8 +24,6 @@ require.config({
         // 以下的包从bower的libs目录加载
         'jquery': '../libs/jquery/dist/jquery.min',
         'bootstrap': '../libs/bootstrap/dist/js/bootstrap.min',
-        'bootstrap-validator': '../libs/bootstrap-validator/dist/validator.min',
-        'bootstrap-dialog': '../libs/bootstrap3-dialog/dist/js/bootstrap-dialog.min',
         'bootstrap-datetimepicker': '../libs/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min',
         'bootstrap-select': '../libs/bootstrap-select/dist/js/bootstrap-select.min',
         'bootstrap-table': '../libs/bootstrap-table/dist/bootstrap-table.min',
@@ -33,13 +31,10 @@ require.config({
         'bootstrap-table-mobile': '../libs/bootstrap-table/dist/extensions/mobile/bootstrap-table-mobile',
         'bootstrap-table-lang': '../libs/bootstrap-table/dist/locale/bootstrap-table-zh-CN',
         'tableexport': '../libs/tableExport.jquery.plugin/tableExport.min',
-        'dropzone': '../libs/dropzone/dist/min/dropzone-amd-module.min',
-        'less': '../libs/less/dist/less.min',
         'dragsort': '../libs/dragsort/jquery.dragsort',
         'sortable': '../libs/Sortable/Sortable.min',
         'addtabs': '../libs/jquery-addtabs/jquery.addtabs',
         'slimscroll': '../libs/jquery-slimscroll/jquery.slimscroll',
-        'crontab': '../libs/jqcron/src/jqCron.cn',
         'summernote': '../libs/summernote/dist/lang/summernote-zh-CN.min',
         'validator-core': '../libs/nice-validator/dist/jquery.validator',
         'validator-lang': '../libs/nice-validator/dist/local/zh-CN',
@@ -98,11 +93,6 @@ require.config({
             deps: ['bootstrap', 'slimscroll'],
             exports: '$.AdminLTE'
         },
-        'crontab': ['../libs/jqcron/src/jqCron', 'css!../libs/jqcron/src/jqCron.css'],
-        'bootstrap-checkbox': ['jquery'],
-        'bootstrap-radio': ['jquery'],
-        'bootstrap-switch': ['jquery'],
-        'bootstrap-dialog': ['css!../libs/bootstrap3-dialog/dist/css/bootstrap-dialog.min.css'],
         'bootstrap-datetimepicker': [
             'moment/locale/zh-cn',
 //            'css!../libs/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css',

public/assets/js/require-table.js

@@ -34,6 +34,7 @@ define(['jquery', 'bootstrap', 'backend', 'toastr', 'moment', 'bootstrap-table',
             mobileResponsive: true,
             cardView: true,
             checkOnInit: true,
+            escape:true,
             extend: {
                 index_url: '',
                 add_url: '',

public/install.php

@@ -1,6 +1,8 @@
 <?php
 /**
  * FastAdmin安装程序
+ * 
+ * 安装完成后建议删除此文件
  * @author Karson
  * @website http://www.fastadmin.net
  */