Example #1
0
/**
@fn dbconn($fnConfirm=$GLOBALS["dbConfirmFn"])
@param fnConfirm fn(dbConnectionString), 如果返回false, 则程序中止退出。
@key dbConfirmFn 连接数据库前回调。

连接数据库

数据库由全局变量$DB(或环境变量P_DB)指定,格式可以为:

	host1/carsvc (无扩展名,表示某主机host1下的mysql数据库名;这时由 全局变量$DBCRED 或环境变量 P_DBCRED 指定用户名密码。

	dir1/dir2/carsvc.db (以.db文件扩展名标识的文件路径,表示SQLITE数据库)

环境变量 P_DBCRED 指定用户名密码,格式为 base64(dbuser:dbpwd).
*/
function dbconn($fnConfirm = null)
{
    global $DBH;
    if (isset($DBH)) {
        return $DBH;
    }
    global $DB, $DBCRED, $USE_MYSQL;
    // e.g. P_DB="../carsvc.db"
    if (!$USE_MYSQL) {
        $C = ["sqlite:" . $DB, '', ''];
    } else {
        // e.g. P_DB="115.29.199.210/carsvc"
        // e.g. P_DB="115.29.199.210:3306/carsvc"
        if (!preg_match('/^"?(.*?)(:(\\d+))?\\/(\\w+)"?$/', $DB, $ms)) {
            throw new MyException(E_SERVER, "bad db=`{$DB}`", "未知数据库");
        }
        $dbhost = $ms[1];
        $dbport = $ms[3] ?: 3306;
        $dbname = $ms[4];
        list($dbuser, $dbpwd) = getCred($DBCRED);
        $C = ["mysql:host={$dbhost};dbname={$dbname};port={$dbport}", $dbuser, $dbpwd];
    }
    if ($fnConfirm == null) {
        @($fnConfirm = $GLOBALS["dbConfirmFn"]);
    }
    if ($fnConfirm && $fnConfirm($C[0]) === false) {
        exit;
    }
    try {
        $DBH = new MyPDO($C[0], $C[1], $C[2]);
    } catch (PDOException $e) {
        $msg = $GLOBALS["TEST_MODE"] ? $e->getMessage() : "dbconn fails";
        throw new MyException(E_DB, $msg, "数据库连接失败");
    }
    if ($USE_MYSQL) {
        $DBH->exec('set names utf8');
    }
    $DBH->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    # by default use PDO::ERRMODE_SILENT
    # enable real types (works on mysql after php5.4)
    # require driver mysqlnd (view "PDO driver" by "php -i")
    $DBH->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
    $DBH->setAttribute(PDO::ATTR_STRINGIFY_FETCHES, false);
    return $DBH;
}
Example #2
0
function api_login()
{
    $type = getAppType();
    if ($type != "user" && $type != "emp" && $type != "admin") {
        throw new MyException(E_PARAM, "Unknown type `{$type}`");
    }
    $token = param("token");
    if (isset($token)) {
        $rv = parseLoginToken($token);
        $uname = $rv["uname"];
        $pwd = $rv["pwd"];
    } else {
        $uname = mparam("uname");
        list($pwd, $code) = mparam(["pwd", "code"]);
    }
    $wantAll = param("wantAll/b", 0);
    if (isset($code) && $code != "") {
        validateDynCode($code, $uname);
        unset($pwd);
    }
    $key = "uname";
    if (ctype_digit($uname[0])) {
        $key = "phone";
    }
    $obj = null;
    # user login
    if ($type == "user") {
        $obj = "User";
        $sql = sprintf("SELECT id,pwd FROM User WHERE {$key}=%s", Q($uname));
        $row = queryOne($sql, PDO::FETCH_ASSOC);
        $ret = null;
        if ($row === false) {
            // code通过验证,直接注册新用户
            if (isset($code)) {
                $pwd = AUTO_PWD_PREFIX . genDynCode("d4");
                $ret = regUser($uname, $pwd);
                $ret["_isNew"] = 1;
            }
        } else {
            if (isset($code) || isset($pwd) && hashPwd($pwd) == $row["pwd"]) {
                if (!isset($pwd)) {
                    $pwd = $row["pwd"];
                }
                // 用于生成token
                $ret = ["id" => $row["id"]];
            }
        }
        if (!isset($ret)) {
            throw new MyException(E_AUTHFAIL, "bad uname or password", "手机号或密码错误");
        }
        $_SESSION["uid"] = $ret["id"];
    } else {
        if ($type == "emp") {
            $obj = "Employee";
            $sql = sprintf("SELECT id,pwd FROM Employee WHERE {$key}=%s", Q($uname));
            $row = queryOne($sql, PDO::FETCH_ASSOC);
            if ($row === false || isset($pwd) && hashPwd($pwd) != $row["pwd"]) {
                throw new MyException(E_AUTHFAIL, "bad uname or password", "用户名或密码错误");
            }
            $_SESSION["empId"] = $row["id"];
            $ret = ["id" => $row["id"]];
        } else {
            if ($type == "admin") {
                list($uname1, $pwd1) = getCred(getenv("P_ADMIN_CRED"));
                if (!isset($uname1)) {
                    throw new MyException(E_AUTHFAIL, "admin user is not enabled.", "超级管理员用户未设置,不可登录。");
                }
                if ($uname != $uname1 || $pwd != $pwd1) {
                    throw new MyException(E_AUTHFAIL, "bad uname or password", "用户名或密码错误");
                }
                $adminId = 1;
                $_SESSION["adminId"] = $adminId;
                $ret = ["id" => $adminId, "uname" => $uname1];
            }
        }
    }
    if ($wantAll && $obj) {
        $rv = tableCRUD("get", $obj);
        $ret += $rv;
    }
    if (!isset($token)) {
        genLoginToken($ret, $uname, $pwd);
    }
    return $ret;
}