$_SESSION['auth'] = 1;
} elseif ($arr['isAuth'] === 2) {
$_SESSION['login'] = $login;
$_SESSION['auth'] = 2;
} else {
header("Location: /MyShop/?error_msg=" . $arr['error_msg']);
exit;
}
} elseif (isset($_POST['reg'])) {
//регистрация
$name = clearStr($_POST['name']);
$phone = clearStr($_POST['tel']);
$login = clearStr($_POST['login']);
$password = clearStr($_POST['pass']);
$email = clearStr($_POST['email']);
regUser($name, $login, $password, $email, $phone, $role = "inactive");
if (!empty($error_reg)) {
header("Location: /MyShop/?error_reg=" . $error_reg);
exit;
} else {
header("Location: success.php");
exit;
}
} elseif (isset($_POST['logOut'])) {
session_destroy();
header("Location:" . $_SERVER['SCRIPT_NAME']);
exit;
} elseif (!isset($_POST['del']) and !isset($_POST['update'])) {
$title = clearStr($_POST['title']);
$description = $_POST['description'];
$price = clearInt($_POST['price']);
function api_login()
{
$type = getAppType();
if ($type != "user" && $type != "emp" && $type != "admin") {
throw new MyException(E_PARAM, "Unknown type `{$type}`");
}
$token = param("token");
if (isset($token)) {
$rv = parseLoginToken($token);
$uname = $rv["uname"];
$pwd = $rv["pwd"];
} else {
$uname = mparam("uname");
list($pwd, $code) = mparam(["pwd", "code"]);
}
$wantAll = param("wantAll/b", 0);
if (isset($code) && $code != "") {
validateDynCode($code, $uname);
unset($pwd);
}
$key = "uname";
if (ctype_digit($uname[0])) {
$key = "phone";
}
$obj = null;
# user login
if ($type == "user") {
$obj = "User";
$sql = sprintf("SELECT id,pwd FROM User WHERE {$key}=%s", Q($uname));
$row = queryOne($sql, PDO::FETCH_ASSOC);
$ret = null;
if ($row === false) {
// code通过验证,直接注册新用户
if (isset($code)) {
$pwd = AUTO_PWD_PREFIX . genDynCode("d4");
$ret = regUser($uname, $pwd);
$ret["_isNew"] = 1;
}
} else {
if (isset($code) || isset($pwd) && hashPwd($pwd) == $row["pwd"]) {
if (!isset($pwd)) {
$pwd = $row["pwd"];
}
// 用于生成token
$ret = ["id" => $row["id"]];
}
}
if (!isset($ret)) {
throw new MyException(E_AUTHFAIL, "bad uname or password", "手机号或密码错误");
}
$_SESSION["uid"] = $ret["id"];
} else {
if ($type == "emp") {
$obj = "Employee";
$sql = sprintf("SELECT id,pwd FROM Employee WHERE {$key}=%s", Q($uname));
$row = queryOne($sql, PDO::FETCH_ASSOC);
if ($row === false || isset($pwd) && hashPwd($pwd) != $row["pwd"]) {
throw new MyException(E_AUTHFAIL, "bad uname or password", "用户名或密码错误");
}
$_SESSION["empId"] = $row["id"];
$ret = ["id" => $row["id"]];
} else {
if ($type == "admin") {
list($uname1, $pwd1) = getCred(getenv("P_ADMIN_CRED"));
if (!isset($uname1)) {
throw new MyException(E_AUTHFAIL, "admin user is not enabled.", "超级管理员用户未设置,不可登录。");
}
if ($uname != $uname1 || $pwd != $pwd1) {
throw new MyException(E_AUTHFAIL, "bad uname or password", "用户名或密码错误");
}
$adminId = 1;
$_SESSION["adminId"] = $adminId;
$ret = ["id" => $adminId, "uname" => $uname1];
}
}
}
if ($wantAll && $obj) {
$rv = tableCRUD("get", $obj);
$ret += $rv;
}
if (!isset($token)) {
genLoginToken($ret, $uname, $pwd);
}
return $ret;
}
