public function call($ac, $useTrans)
{
global $DBH;
if ($useTrans && !$DBH->inTransaction()) {
$DBH->beginTransaction();
}
$fn = "api_{$ac}";
if (preg_match('/^(\\w+)\\.(add|set|get|del|query)$/', $ac, $ms)) {
$tbl = $ms[1];
# TODO: check meta
if (!preg_match('/^\\w+$/', $tbl)) {
throw new MyException(E_PARAM, "bad table {$tbl}");
}
$ac1 = $ms[2];
$ret = tableCRUD($ac1, $tbl);
} elseif (function_exists($fn)) {
$ret = $fn();
} else {
throw new MyException(E_PARAM, "Bad request - unknown ac: {$ac}");
}
if ($useTrans && $DBH && $DBH->inTransaction()) {
$DBH->commit();
}
if (!isset($ret)) {
$ret = "OK";
}
setRet(0, $ret);
return $ret;
}
function api_login()
{
$type = getAppType();
if ($type != "user" && $type != "emp" && $type != "admin") {
throw new MyException(E_PARAM, "Unknown type `{$type}`");
}
$token = param("token");
if (isset($token)) {
$rv = parseLoginToken($token);
$uname = $rv["uname"];
$pwd = $rv["pwd"];
} else {
$uname = mparam("uname");
list($pwd, $code) = mparam(["pwd", "code"]);
}
$wantAll = param("wantAll/b", 0);
if (isset($code) && $code != "") {
validateDynCode($code, $uname);
unset($pwd);
}
$key = "uname";
if (ctype_digit($uname[0])) {
$key = "phone";
}
$obj = null;
# user login
if ($type == "user") {
$obj = "User";
$sql = sprintf("SELECT id,pwd FROM User WHERE {$key}=%s", Q($uname));
$row = queryOne($sql, PDO::FETCH_ASSOC);
$ret = null;
if ($row === false) {
// code通过验证,直接注册新用户
if (isset($code)) {
$pwd = AUTO_PWD_PREFIX . genDynCode("d4");
$ret = regUser($uname, $pwd);
$ret["_isNew"] = 1;
}
} else {
if (isset($code) || isset($pwd) && hashPwd($pwd) == $row["pwd"]) {
if (!isset($pwd)) {
$pwd = $row["pwd"];
}
// 用于生成token
$ret = ["id" => $row["id"]];
}
}
if (!isset($ret)) {
throw new MyException(E_AUTHFAIL, "bad uname or password", "手机号或密码错误");
}
$_SESSION["uid"] = $ret["id"];
} else {
if ($type == "emp") {
$obj = "Employee";
$sql = sprintf("SELECT id,pwd FROM Employee WHERE {$key}=%s", Q($uname));
$row = queryOne($sql, PDO::FETCH_ASSOC);
if ($row === false || isset($pwd) && hashPwd($pwd) != $row["pwd"]) {
throw new MyException(E_AUTHFAIL, "bad uname or password", "用户名或密码错误");
}
$_SESSION["empId"] = $row["id"];
$ret = ["id" => $row["id"]];
} else {
if ($type == "admin") {
list($uname1, $pwd1) = getCred(getenv("P_ADMIN_CRED"));
if (!isset($uname1)) {
throw new MyException(E_AUTHFAIL, "admin user is not enabled.", "超级管理员用户未设置,不可登录。");
}
if ($uname != $uname1 || $pwd != $pwd1) {
throw new MyException(E_AUTHFAIL, "bad uname or password", "用户名或密码错误");
}
$adminId = 1;
$_SESSION["adminId"] = $adminId;
$ret = ["id" => $adminId, "uname" => $uname1];
}
}
}
if ($wantAll && $obj) {
$rv = tableCRUD("get", $obj);
$ret += $rv;
}
if (!isset($token)) {
genLoginToken($ret, $uname, $pwd);
}
return $ret;
}