<?php
/*
 * [JINYUN!] (C)2001-2099 Jinyunweb.com
 * This is NOT a freeware, use is subject to license terms
 * $Id: 2017-12-13 03:39:35 apple $
*/
define('JY_API',true);
$thises=array('custom','manage');
if($_GET['this'] && !in_array($_GET['this'],$thises)){
	exit('bad error');
}
require_once './core/core.php';
if(!$_SESSION['token']){
	if($_SESSION['this']=='manage' && !check_permission($_RQ['plugin'],$_RQ['action'],$_RQ['op'])){
		exi('会话过期，请重新进入！','error','./index.php?core/user.login/');
	}else{
		if($_SESSION['container']!='wechat' && $_SESSION['os']!='windows' && $_SESSION['container']!='mobile'){
			exi('会话过期，请重新进入！','error','reload','','','',true);
		}
	}
}
if(!$_SESSION['this']){
	exi('bad error','error');
}
//兼容插件入口
if(($_RQ['c'] && $_RQ['a']) || $_RQ['action']=='module'){
	if(!$_SESSION['uid']){
		exi('请先登陆！','error','','./index.php?a=user.login');
	}
	require ROOT_D.'/api/open_jyapi/index.php';
	exit;
}
//整理action
if(!$_RQ['action']){
	exit('error action:none');
}
if(preg_match('/[^\w\.]/',$_RQ['action'])){
	exit('error action:wrong'.$_RQ['action']);
}
if(!$_RQ['plugin']){
	exit('error plugin');
}
if(preg_match('/\W/',$_RQ['plugin'])){
	exit('error plugin:wrong');
}
//验证token，只验证post表单,非机器人
if(!IS_ROBOT && !$_SESSION['uptoken'] && POST && (!$_RQ['token'] || $_SESSION['token']!=$_RQ['token'])){
	if($_RQ['plugin']!='core' || $_RQ['action']!='tools.file'){
		$_SESSION['uptoken']=1;
		$msg='token超时，请重新进入';
		if(!$_RQ['token']){
			$msg .='.';
		}elseif(!$_SESSION['token']){
			$check=pdo_getcolumn('core_session',array('expire >'=>0),'expire');
			if(!$check){
				exi('数据库出问题了，【core_session】等表不存在！','error');
			}
			$msg .='..';
		}else{
			$msg .='...';
		}
		exi($msg,'error','reload','','','',true);
	}
}

//检测用户权限:看权限集中是否包含该权限，如不包含，则直接放过。如包含，则判断用户权限集中是否包含该权限；没有则提示无权访问。
if($_SESSION['this']=='manage'){
	if(!check_permission($_RQ['plugin'],$_RQ['action'],$_RQ['op'])){
		if(!$_SESSION['uid']){
			if((strpos($_RQ['action'],'sys.') === false && $_RQ['plugin']!='core') || $_RQ['plugin']=='core'){
				exi('无权访问，请先登陆！','error','./index.php?p=core&a=user.login');
			}
		}else{
			if($_RQ['plugin'] && $_RQ['plugin']!='core' && $_RQ['plugin']!='undefined'){
				$check=pdo_getcolumn('core_plugins',array('name'=>$_RQ['plugin']),'id');
				if(!$check){
					$allplugins = cache_read('cloud_getallplugins');
					$allplugins=json_decode($allplugins,true);
					$plugintitle=$allplugins[$_RQ['plugin']]['title']?:$_RQ['plugin'];
					exi('未安装相关插件《'.$plugintitle.'》，请联系管理员！','error');
				}
			}
			if($_RQ['action']!='basic.module_home' && $_RQ['action']!='sys.login' && $_RQ['action']!='sys.register'){
				cfc('user')->update_permission();
				if($_RQ['action']!='account.welcome'){
					exi('无权访问，请管理员帮你开通相关权限！','error');
				}else{
					exi('无权访问，请管理员帮你开通相关权限！','error');
				}
			}
		}
	}
}
if($_SESSION['this']=='custom'){
	if($_RQ['plugin'] && $_RQ['plugin']!='core'){
		$check=pdo_getcolumn('core_plugins',array('name'=>$_RQ['plugin']),'id');
		if(!$check){
			$allplugins = cache_read('cloud_getallplugins');
			$allplugins=json_decode($allplugins,true);
			$plugintitle=$allplugins[$_RQ['plugin']]['title']?:$_RQ['plugin'];
			exi('未安装相关插件《'.$plugintitle.'》，请联系管理员！','error');
		}
	}
	//if(!check_account_permission($_RQ['plugin'])){
		//exi('无权访问！','error');
	//}
}
//定义是否来自场景体
if($_RQ['current_plugin'] && !preg_match('/\W/',$_RQ['current_plugin'])){
	$_SESSION['current_plugin']=trim($_RQ['current_plugin']);
}
if(!$_SESSION['current_plugin'] && $_RQ['plugin']!='core'){
	$is_legao=pdo_getcolumn('core_plugins',array('name'=>$_RQ['plugin']),'is_legao');
	if($is_legao){
		$_SESSION['current_plugin']=$_RQ['plugin'];
	}
}
//整理access_json保存备用
$get=$_GET;
unset($get['plugin'],$get['action'],$get['op'],$get['this'],$get['token'],$get['nosession'],$get['is_access']);
if($get){
	$query=http_build_query($get);
}
$_AR['access_json']="{$_RQ['plugin']}/{$_RQ['action']}/{$_RQ['op']}/".$query;
if(get_access_setting($_RQ['plugin']) && $_RQ['is_access']){
	exi('','','reload');
}
access(array('plugin'=>$_RQ['plugin'],'action'=>$_RQ['action']));