From cdebb284c33b8a9eee54745b4934a83fd3849355 Mon Sep 17 00:00:00 2001 From: Karson Date: Wed, 19 May 2021 17:52:34 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E8=8F=9C=E5=8D=95=E8=A7=84?= =?UTF-8?q?=E5=88=99=E4=B8=AD=E7=9A=84=E6=9D=A1=E4=BB=B6=E5=88=A4=E6=96=AD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- extend/fast/Auth.php | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/extend/fast/Auth.php b/extend/fast/Auth.php index 396c4cfc..81429ef3 100644 --- a/extend/fast/Auth.php +++ b/extend/fast/Auth.php @@ -140,7 +140,7 @@ class Auth /** * 根据用户id获取用户组,返回值为数组 - * @param int $uid 用户id + * @param int $uid 用户id * @return array 用户所属的用户组 array( * array('uid'=>'用户id','group_id'=>'用户组id','name'=>'用户组名称','rules'=>'用户组拥有的规则id,多个,号隔开'), * ...) @@ -205,9 +205,17 @@ class Auth if (!empty($rule['condition']) && !in_array('*', $ids)) { //根据condition进行验证 $user = $this->getUserInfo($uid); //获取用户信息,一维数组 - $command = preg_replace('/\{(\w*?)\}/', '$user[\'\\1\']', $rule['condition']); - @(eval('$condition=(' . $command . ');')); - if ($condition) { + $nums = 0; + $condition = str_replace(['&&', '||'], "\r\n", $rule['condition']); + $condition = preg_replace('/\{(\w*?)\}/', '\\1', $condition); + $conditionArr = explode("\r\n", $condition); + foreach ($conditionArr as $index => $item) { + preg_match("/^(\w+)\s?([\>\<\=]+)\s?(.*)$/", trim($item), $matches); + if ($matches && isset($user[$matches[1]]) && version_compare($user[$matches[1]], $matches[3], $matches[2])) { + $nums++; + } + } + if ($conditionArr && ((stripos($rule['condition'], "||") !== false && $nums > 0) || count($conditionArr) == $nums)) { $rulelist[$rule['id']] = strtolower($rule['name']); } } else { @@ -254,4 +262,4 @@ class Auth return $user_info[$uid]; } -} \ No newline at end of file +}