protected function pwdHash()
{
if (isset($_POST['password'])) {
return pwdHash($_POST['password']);
} else {
return false;
}
}
public function pwdHash($passwd)
{
if ($passwd) {
return pwdHash($passwd);
} else {
return false;
}
}
protected function pwdHash()
{
if (isset($_POST['password'])) {
$password = $_POST['password'] . getSalt();
return pwdHash($password);
} else {
return false;
}
}
public function checkLogin()
{
if (empty($_POST['account'])) {
$this->error('Bạn chưa nhập tài khoản!');
} elseif (empty($_POST['password'])) {
$this->error('Ban chưa nhập mật khẩu!');
} elseif ('' === trim($_POST['verify'])) {
$this->error('Bạn chưa nhập mã xác thực!');
}
//Generate the certification requirements
$map = array();
// Support the use of binding account login
$map['account'] = $_POST['account'];
$map["status"] = array('gt', 0);
if ($_SESSION['verify'] != md5($_POST['verify'])) {
$this->error('Mã xác thực không đúng!');
}
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//Authentication using the user name, password, and the state
if (false === $authInfo) {
$this->error('Tài khoản không tồn tại hoặc đã bị khoá!');
} else {
if ($authInfo['password'] != pwdHash($_POST['password'])) {
$this->error('Mật khẩu không đúng!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['loginUserName'] = $authInfo['nickname'];
$_SESSION['lastLoginTime'] = $authInfo['last_login_time'];
$_SESSION['login_count'] = $authInfo['login_count'];
$_SESSION['user_type'] = $authInfo['type_id'];
if ($authInfo['account'] == 'admin') {
$_SESSION['administrator'] = true;
}
//Save login information
$User = M('User');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['last_login_time'] = $time;
$data['login_count'] = array('exp', '(login_count+1)');
$data['last_login_ip'] = $ip;
$User->save($data);
$_SESSION['loginId'] = $loginId;
// Cache access rights
RBAC::saveAccessList();
$this->success('Đăng nhập thành công');
}
}
public function changePwd()
{
$this->checkUser();
//对表单提交处理进行处理或者增加非表单数据
$map = array();
$map['password'] = pwdHash($_POST['oldpassword']);
if (isset($_POST['email'])) {
$map['email'] = $_POST['email'];
} elseif (isset($_SESSION[C('USER_AUTH_KEY')])) {
$map['id'] = $_SESSION[C('USER_AUTH_KEY')];
}
if (trim($_POST['repassword']) != trim($_POST['password'])) {
$this->error('两次密码不一致!');
}
//检查用户
$User = M("User");
$aa = $User->where($map)->find();
//echo $aa['id'];die();
if ($aa['id'] == '') {
$this->error('旧密码不符!');
} else {
$User->password = pwdHash($_POST['password']);
$User->save();
//echo "<script>alert('密码修改成功!');window.parent.location.reload();</script>";
$this->assign('jumpUrl', U("index"));
$this->success('密码修改成功!');
}
}
try {
$query->execute([$_POST['newDpt'], $_POST['dept']]);
} catch (PDOException $e) {
if ($e->errorInfo[0] != 23000) {
// Ignoring if department already exists, reporting otherwise
postResponse("error", $e->errorInfo[2]);
}
}
$dept_code = strtoupper($_POST['newDpt']);
} else {
rangeCheck('dept', 2, 5);
$dept_code = strtoupper($_POST['dept']);
}
// Add faculty to the databases
$query = $db->prepare('INSERT INTO faculty(uName,fac_name,pswd,dept_code,dateRegd) VALUES (?,?,?,?,?)');
$pswd = pwdHash($uName, $_POST['pswd']);
try {
$query->execute(array($uName, $_POST['fullName'], $pswd, $dept_code, date("d M Y h:i A")));
} catch (PDOException $e) {
if ($e->errorInfo[0] == 23000) {
postResponse("error", "Username already exists");
} else {
postResponse("error", $e->errorInfo[2]);
}
}
if ($newAdmin) {
changeUserLevel($uName, 'dean');
$_SESSION['logged_in'] = true;
$_SESSION['uName'] = $uName;
$_SESSION['level'] = "dean";
$_SESSION['fName'] = $_POST['fullName'];
/**
* @Title: guiUserImport
* @Description: todo(后台用户导入excel)
* @author renling
* @date 2013-6-26 下午4:48:21
* @throws
*/
public function guiUserImport()
{
//读取配置字段
$MisImportFieldconfigModel = D('MisImportSpecial');
$MisImportFieldconfigList = $MisImportFieldconfigModel->where(" tablename='User' and status=1")->find();
$fieldAll = explode(',', $MisImportFieldconfigList['fieldname']);
//获得操作类型
$operation = $_POST['operation'];
import('@.ORG.UploadFile');
if ($_FILES) {
$upload = new UploadFile();
// 实例化上传类
$upload->savePath = UPLOAD_PATH . "user_excel/";
//C('savePath'); // 上传目录
$upload->saveRule = date("Y_m_d_H_i_s") . rand(1000, 9999);
$upload->allowExts = array("xls", "xlsx");
if (!$upload->upload()) {
// 上传错误提示错误信息
$this->error($upload->getErrorMsg());
} else {
// 上传成功 获取上传文件信息
$info = $upload->getUploadFileInfo();
}
$filetype = end(explode(".", $info[0]['savename']));
if ($filetype == "xls") {
import('@.ORG.PHPExcel.IOFactory', '', $ext = '.php');
$inputFileName = UPLOAD_PATH . "user_excel/" . $info[0]['savename'];
if ($filetype == "xls") {
$inputFileType = 'Excel5';
}
$objReader = PHPExcel_IOFactory::createReader($inputFileType);
$objPHPExcel = $objReader->load($inputFileName);
$objPHPExcel->setActiveSheetIndex(0);
$sheetData = $objPHPExcel->getActiveSheet()->toArray(null, true, true, true);
$dataList = $sheetData;
$excel = true;
//部门表模型
$MisSystemDepartmentModel = D('MisSystemDepartment');
//人事模型
$MisHrBasicEmployeeModel = D('MisHrBasicEmployee');
//用户表模型
$UserModel = D('User');
//职务表
$DutyModel = D('Duty');
//用户基础权限角色表
$RoleUserModel = D('RoleUser');
//基础权限组
$role = C('USER_BASIC_ROLE_GROUP');
//用户高级权限角色表
$RolegroupUserModel = D('RolegroupUser');
//高级权限组
$roleGroup = C('USER_SENIOR_ROLE_GROUP');
$i = 0;
$parentMap = array();
foreach ($dataList as $k => $v) {
//把标题列除外
if ($i >= 1) {
//判断名称是否存在部门表
$list = $MisSystemDepartmentModel->where("status=1 and name='" . $v['D'] . "'")->find();
if (!$list) {
$this->error("第" . ($i + 1) . "条" . $v['D'] . "部门不存在,请先新建部门再导入数据!");
exit;
}
//查询后台用户的员工编号 通过身份证号码
$employeid = $MisHrBasicEmployeeModel->where(" status=1 and working=1 and chinaid='" . $v['H'] . "'")->find();
if (!$employeid) {
$this->error("第" . ($i + 1) . "条" . $v['C'] . "人事基本资料不存在,请先新建此人人事基本资料再导入数据!");
exit;
}
// 判断此后台用户是否已存在
$UserList = $UserModel->where("status=1 and account='" . $v['A'] . "'")->find();
//查看职务是否存在
$Duty = $DutyModel->where(" status=1 and name='" . $v['E'] . "'")->find();
if (!$Duty) {
$this->error("第" . ($i + 1) . "条" . $v['E'] . "职务不存在,请先新建该职务再导入数据!");
exit;
}
//获得相同职务的审批职级
$auditduty = $UserModel->where(" status=1 and duty_id='" . $Duty['id'] . "'")->find();
if ($MisImportFieldconfigList) {
//用户已配置导入字段
if (in_array('A', $fieldAll)) {
$saveMap['account'] = $v['A'];
//用户名
}
if (in_array('B', $fieldAll)) {
//姓名
$saveMap['name'] = $v['B'];
}
if (in_array('C', $fieldAll)) {
//性别
if ($v['C'] == "男") {
$saveMap['sex'] = 1;
} else {
if ($v['C'] == "女") {
$saveMap['sex'] = 0;
} else {
$saveMap['sex'] = "";
}
}
}
if (in_array('D', $fieldAll)) {
//部门
$saveMap['dept_id'] = $list['id'];
}
if (in_array('E', $fieldAll)) {
$saveMap['duty_id'] = $Duty['id'];
//职务
}
if (in_array('F', $fieldAll)) {
if ($v['F']) {
$saveMap['work_date'] = strtotime($v['F']);
//入职时间
} else {
$saveMap['work_date'] = "";
}
}
if (in_array('G', $fieldAll)) {
//手机号码
$saveMap['mobile'] = $v['G'];
}
if (in_array('I', $fieldAll)) {
//电子邮件
$saveMap['email'] = $v['I'];
}
if (in_array('J', $fieldAll)) {
$saveMap['remark'] = $v['J'];
}
if ($auditduty) {
//有该职务的审核职级
$saveMap['auditduty'] = $auditduty['auditduty'];
//审核职级
} else {
if (in_array('K', $fieldAll)) {
$saveMap['auditduty'] = $Duty['id'];
//职位相同的审核职级
} else {
$saveMap['auditduty'] = "";
//审核职级留空
}
}
} else {
//用户没有配置导入字段默认全部导入
$saveMap['account'] = $v['A'];
//用户名
$saveMap['name'] = $v['B'];
//姓名
if ($v['C'] == "男") {
//性别
$saveMap['sex'] = 1;
} else {
if ($v['C'] == "女") {
$saveMap['sex'] = 0;
} else {
$saveMap['sex'] = "";
}
}
$saveMap['dept_id'] = $list['id'];
//部门
$saveMap['duty_id'] = $Duty['id'];
//职务
if ($v['F']) {
$saveMap['work_date'] = strtotime($v['F']);
//入职时间
} else {
$saveMap['work_date'] = "";
}
$saveMap['mobile'] = $v['G'];
$saveMap['email'] = $v['I'];
$saveMap['remark'] = $v['J'];
if ($auditduty) {
//有该职务的审核职级
$saveMap['auditduty'] = $auditduty['auditduty'];
//审核职级
} else {
$saveMap['auditduty'] = $Duty['id'];
//职位相同的审核职级
}
}
$saveMap['password'] = pwdHash(C('USER_DEFAULT_PASSWORD'));
if ($operation == "add") {
//操作类型是 新增
$saveMap['createid'] = $_SESSION[C('USER_AUTH_KEY')];
$saveMap['createtime'] = time();
$saveMap['employeid'] = $employeid['id'];
$result = $UserModel->add($saveMap);
//插入用户表
if (C('SWITCH_BASIC_ROLE_GROUP') == "On") {
foreach ($role as $rk => $rv) {
$roleMap["role_id"] = $rv;
$roleMap['user_id'] = $result;
$roleMap['companyid'] = $company['id'];
$roleMap['createtime'] = time();
$roleMap['createid'] = $_SESSION[C('USER_AUTH_KEY')];
$RoleUserModel->add($roleMap);
//插入基础权限组
unset($roleMap);
}
}
if (C('SWITCH_SENIOR_ROLE_GROUP') == "On") {
foreach ($roleGroup as $k1 => $v1) {
$roleGroupMap["rolegroup_id"] = $v1;
$roleGroupMap['user_id'] = $result;
$roleGroupMap['companyid'] = $company['id'];
$roleGroupMap['createtime'] = time();
$roleGroupMap['createid'] = $_SESSION[C('USER_AUTH_KEY')];
$RolegroupUserModel->add($roleGroupMap);
//插入高级权限组
unset($roleGroupMap);
}
}
} else {
//操作类型是新增及修改
if ($UserList) {
//修改数据
$saveMap['id'] = $UserList['id'];
$saveMap['updateid'] = $_SESSION[C('USER_AUTH_KEY')];
$saveMap['updatetime'] = time();
$saveMap['employeid'] = $employeid['id'];
$result = $UserModel->save($saveMap);
} else {
//新增
$saveMap['createid'] = $_SESSION[C('USER_AUTH_KEY')];
$saveMap['createtime'] = time();
$saveMap['employeid'] = $employeid['id'];
$result = $UserModel->add($saveMap);
$result = $UserModel->add($saveMap);
//插入部门表
if (C('SWITCH_BASIC_ROLE_GROUP') == "On") {
foreach ($role as $rk => $rv) {
$roleMap["role_id"] = $rv;
$roleMap['user_id'] = $result;
$roleMap['companyid'] = $company['id'];
$roleMap['createtime'] = time();
$roleMap['createid'] = $_SESSION[C('USER_AUTH_KEY')];
$RoleUserModel->add($roleMap);
//插入基础权限组
unset($roleMap);
}
}
if (C('SWITCH_SENIOR_ROLE_GROUP') == "On") {
foreach ($roleGroup as $k1 => $v1) {
$roleGroupMap["rolegroup_id"] = $v1;
$roleGroupMap['user_id'] = $result;
$roleGroupMap['companyid'] = $company['id'];
$roleGroupMap['createtime'] = time();
$roleGroupMap['createid'] = $_SESSION[C('USER_AUTH_KEY')];
$RolegroupUserModel->add($roleGroupMap);
//插入高级权限组
unset($roleGroupMap);
}
}
}
}
if (!$result) {
$this->error("第" . ($i + 1) . "条数据有误,请查看!");
exit;
}
}
$i++;
}
$this->success("导入成功!");
} else {
$this->error('文件格式不正确,请上传后缀为xls的文件!');
}
}
}
public function chgpwd()
{
if (!$this->isPost()) {
$this->user('修改密码');
exit;
}
$id = getUserId();
$oldpassword = $this->_post('oldpassword', 'mysql_escape_string');
$password = $this->_post('password', 'mysql_escape_string');
$model = D("User");
$data = $model->where("id={$id}")->find();
//校验
if ($data['password'] == pwdHash($oldpassword . $data['salt'])) {
$data['salt'] = getSalt();
$data['password'] = pwdHash($password . $data['salt']);
$model->where("id={$id}")->save($data);
$this->success($model->getError());
} else {
$this->error("原密码错误!");
}
}
public function SetSystem()
{
$EmployeeId = $_GET['id'];
if ($EmployeeId) {
$User = D("User");
$Employee = D("Employee");
$EmployeeName = $Employee->where('id = ' . $EmployeeId)->getField('employeeName');
$data['account'] = $EmployeeName;
$data['userName'] = $EmployeeName;
$data['password'] = pwdHash('111111');
$data['create_time'] = time();
$data['status'] = '1';
$data['employeeID'] = $EmployeeId;
$UserId = $User->add($data);
$EmployeeData['id'] = $EmployeeId;
$EmployeeData['isSystemUser'] = 1;
$Employee->save($EmployeeData);
$this->assign('jumpUrl', Cookie::get('_currentUrl_'));
$this->success('设置成功!');
} else {
$this->error('设置失败!');
}
}
public function changePwd()
{
$this->checkUser();
//对表单提交处理进行处理或者增加非表单数据
if (md5($_POST['verify']) != $_SESSION['verify']) {
$this->error('验证码错误!');
}
$map = array();
$map['password'] = pwdHash(I('oldpassword'));
if (isset($_SESSION['id'])) {
$map['id'] = $_SESSION['id'];
}
//检查用户
$User = M("Member");
if (!$User->where($map)->field('id')->find()) {
$this->error('输入的旧密码不正确!');
} else {
$User->password = pwdHash(I('password'));
$User->save();
$this->success('密码修改成功!');
}
}
public function checkPassword()
{
$this->checkUser();
//验证码
if (isset($_POST['verify'])) {
if ($_SESSION['verify'] != md5($_POST['verify'])) {
$this->error('验证码错误!');
}
} else {
//印象码
$YinXiangMa_response = $this->YinXiangMa_ValidResult(@$_POST['YinXiangMa_challenge'], @$_POST['YXM_level'][0], @$_POST['YXM_input_result']);
if ($YinXiangMa_response !== "true") {
$this->ajaxReturn('验证码错误', '验证码错误', 0);
}
}
$id = session('id');
if (empty($id)) {
$this->error('没有登录', U('Member/login'));
}
$password = I('password', '');
if ('' === $password) {
$this->error('新密码不能为空!');
}
$oldpassword = I('oldpassword', '');
if ('' === $oldpassword) {
$this->error('旧密码不能为空!');
}
//检查用户
$User = M("Member");
if (!$User->where(array('id' => $id, 'password' => pwdHash($oldpassword)))->find()) {
$this->error('旧密码输入错误!');
} else {
$data = array('password' => pwdHash($password));
if (false !== $User->where(array('id' => $id))->save($data)) {
$this->success('密码修改成功!');
} else {
$this->success('密码修改失败!');
}
}
}
/**
* 修改自己的密码和其它信息
*
*/
public function edit_self()
{
$db_user = M('user');
$info = $this->_param();
$info['id'] = $_SESSION[C('USER_AUTH_KEY')];
if ($info['act'] == 'todo') {
if ($info['old_password']) {
if ($info['old_password'] == $info['new_password']) {
$this->error('新密码与旧密码不能相同,请更换!');
}
$password = pwdHash($info['old_password']);
$rs = $db_user->where("id='{$info['id']}' AND password='******'")->count();
if (!$rs) {
$this->error('原密码不正确!不能修改信息');
}
$info['password'] = pwdHash($info['new_password']);
}
$rs = $db_user->data($info)->save();
if ($rs) {
$this->success('修改成功!');
} else {
$this->error('操作失败!');
}
} else {
$info = $db_user->where("id='{$_SESSION[C('USER_AUTH_KEY')]}'")->find();
$db_role_user = M('role_user');
$pre = C('DB_PREFIX');
$list_role = $db_role_user->join("{$pre}role ON {$pre}role.id={$pre}role_user.role_id")->where("user_id='{$_SESSION[C('USER_AUTH_KEY')]}'")->select();
$this->assign('list_role', $list_role);
$this->assign('info', $info);
$this->display();
}
}
public function changePwd()
{
$this->checkUser();
//对表单提交处理进行处理或者增加非表单数据
if (md5($_POST['verify']) != $_SESSION['verify']) {
echo $this->returnajax(300, "验证码错误!");
die;
}
$map = array();
$map['pass'] = pwdHash($_POST['oldpass']);
if (isset($_POST['user'])) {
$map['user'] = $_POST['user'];
} elseif (isset($_SESSION['shop_id'])) {
$map['id'] = $_SESSION['shop_id'];
}
//检查用户
$User = M("shop_user");
if (!$User->where($map)->field('id')->find()) {
echo $this->returnajax(300, "旧密码不符或者用户名错误!");
die;
} else {
$User->pass = pwdHash($_POST['pass']);
$User->save();
$this->success('密码修改成功!');
}
}
public function lookupresat()
{
//根据用户名查询用户信息
$account = $_POST['account'];
$UserModel = D('User');
$UserVo = $UserModel->where("status=1 and account ='" . $account . "' or zhname='" . $account . "'")->find();
//随机生成6位数
$rand = rand(100000, 999999);
$date['password'] = pwdHash($rand);
//修改该用户名密码
$userResult = $UserModel->where("id=" . $UserVo['id'])->save($date);
$UserModel->commit();
if (!$userResult) {
$this->error("密码修改失败,请联系系统管理员!");
}
$CommonAction = A("Common");
if ($_POST['resetValidate'] == 'mobile') {
//第二,发送手机验证信息内容
$content = "您在特米洛企业信息化管理平台,重置密码为" . $rand;
//验证手机号码是否有重复的。
$count = $UserModel->where('mobile = ' . $UserVo['mobile'] . " and id neq " . $UserVo['id'])->count("*");
if ($count > 1) {
$this->error("手机号码重复,请更换!");
exit;
}
$result = $CommonAction->SendTelmMsg($content, $UserVo['mobile']);
if ($result) {
$_SESSION['msg'] = "手机" . $UserVo['mobile'];
$this->display("findpasswordnotice");
} else {
$this->error("操作失败!");
}
} else {
//邮箱发送
$title = "[特米洛企业信息化管理平台]请查收您的密码";
$content = "亲爱的用户,您好! 您在[特米洛企业信息化管理平台]的密码已重置为" . $rand;
$configEmailModel = D('MisSystemEmail');
$vo['name'] = C("EMAIL_SERVERNAME");
$vo['address'] = "brianl_yang";
$vo['server'] = "163.com";
$vo['email'] = C("EMAIL_SERVERADDRESS");
$vo['pop3'] = "pop.163.com";
$vo['smtp'] = "smtp.163.com";
$vo['password'] = C("EMAIL_PASSWORD");
$vo['pop3port'] = 110;
$vo['smtpport'] = 25;
$email = array($UserVo['email']);
$result = $CommonAction->SendEmail($title, $content, $email, "", $vo, 1);
if ($result) {
$_SESSION['msg'] = "邮箱" . $UserVo['email'];
$this->display("findpasswordnotice");
} else {
$this->error("操作失败!");
}
}
}
/**
* @Title: 密码修改
* @Description: todo(密码修改)
* @author qchlian
* @date 2013-3-29
*/
public function changePwd()
{
$step = intval($_POST['step']);
if ($step) {
//对表单提交处理进行处理或者增加非表单数据
if (md5($_POST['verify']) != $_SESSION['verify']) {
$this->error('验证码错误!');
}
$map = array();
$map['password'] = pwdHash($_POST['oldpassword']);
if (isset($_POST['account'])) {
$map['account'] = $_POST['account'];
} elseif (isset($_SESSION[C('USER_AUTH_KEY')])) {
$map['id'] = $_SESSION[C('USER_AUTH_KEY')];
}
//检查用户
$User = M("User");
if (!$User->where($map)->field('id')->find()) {
$this->error('旧密码不符或者用户名错误!');
} else {
$User->password = pwdHash($_POST['repassword']);
$result = $User->save();
if (!$result) {
$this->error(L('_ERROR_'));
} else {
$this->success('密码修改成功!');
}
}
}
$this->display();
}
/**
* 更新数据
* (non-PHPdoc)
* @see CommonAction::update()
*/
public function update()
{
$id = intval($_REQUEST['id']);
$name = $this->getActionName();
$model = D($name);
$RoleUser = M("role_user");
$data['user_id'] = $_REQUEST['id'];
$data['role_id'] = $_REQUEST['role_id'];
if (!$RoleUser->find($data['user_id'])) {
$role = $RoleUser->where("user_id = {$data['user_id']}")->save($data);
} else {
$role = $RoleUser->add($data);
}
$model->update_time = time();
$model->id = $_REQUEST['id'];
$model->status = $_REQUEST['status'];
$model->username = $_REQUEST['account'];
if ($_REQUEST['password']) {
$model->password = pwdHash($_POST['password']);
}
// 更新数据
$list = $model->save();
if (false != $list || $role != false) {
$this->success("更新成功!", C('SITE_URL') . "?m=User");
} else {
//错误提示
$this->error("修改失败!", C('SITE_URL') . "?m=User");
}
}
/**
* 更新会员信息
*
* @author Vonwey <*****@*****.**>
* @CreateDate: 2013-12-12 下午4:05:22
*/
public function update()
{
$model = M("Member");
if ($_POST['password']) {
$_POST['password'] = pwdHash($_POST['password']);
}
if (false === $model->create()) {
$this->error($model->getError());
}
// 更新数据
$list = $model->save();
if (false !== $list) {
$detail = M("member_detail");
$condition['uid'] = $_POST['id'];
$_POST['uid'] = $_POST['id'];
$data['id_card'] = $_POST['id_card'] ? $_POST['id_card'] : '';
$data['bank_short'] = $_POST['bank_short'] ? $_POST['bank_short'] : '';
$data['card_author'] = $_POST['card_author'] ? $_POST['card_author'] : '';
$data['card_number'] = $_POST['card_number'] ? $_POST['card_number'] : '';
$data['uid'] = $_POST['id'];
// 更新数据
$list = $detail->where($condition)->save($data);
if ($detail->where("uid = " . $_POST['id'])->find()) {
$list = $detail->where($condition)->save($data);
} else {
$list = $detail->where($condition)->add($data);
}
if (false !== $list) {
//成功提示
$this->success('编辑成功!');
} else {
//错误提示
$this->error('编辑失败!');
}
} else {
//错误提示
$this->error('编辑失败!');
}
}
public function changePwd()
{
$this->checkUser();
//对表单提交处理进行处理或者增加非表单数据
if (md5($_POST['verify']) != $_SESSION['verify']) {
$this->error('验证码错误!');
}
$map = array();
$map['password'] = pwdHash($_POST['oldpassword']);
if (isset($_POST['account'])) {
$map['account'] = $_POST['account'];
} elseif (isset($_SESSION[C('USER_AUTH_KEY')])) {
$map['id'] = $_SESSION[C('USER_AUTH_KEY')];
}
//检查用户
$User = M("User");
if (!$User->where($map)->field('id')->find()) {
$this->error('旧密码不符或者用户名错误!');
} else {
$User->password = pwdHash($_POST['password']);
$User->save();
$this->success('密码修改成功!');
}
}
/**
* Provides interface and back end routines that handle user logins
* @author Avin E.M; Kunal Dahiya
*/
require_once 'connect_db.php';
require_once 'functions.php';
if ($_POST) {
if (!empty($_POST['uName']) && !empty($_POST['pswd'])) {
$uName = strtolower($_POST['uName']);
$query = $db->prepare('SELECT * FROM faculty WHERE uName = ?');
$query->execute([$uName]);
$faculty = $query->fetch();
if (!$faculty) {
postResponse("error", "Username is not registered!");
}
if ($faculty['pswd'] == pwdHash($uName, $_POST['pswd']) || @ldap_bind(ldap_connect($config['ldap_host']), "uid={$uName}," . $config['ldap_dn'], $_POST['pswd'])) {
$_SESSION['logged_in'] = true;
$_SESSION['fName'] = $faculty['fac_name'];
$_SESSION['uName'] = $uName;
$_SESSION['level'] = $faculty['level'];
$_SESSION['dept'] = $faculty['dept_code'];
} else {
postResponse("error", "Invalid credentials");
}
}
}
if (sessionCheck('logged_in')) {
$home = "faculty.php";
if ($_SESSION['level'] == "dean") {
$home = "dean.php";
}
/**
*
* @Title: addUser
* @Description: todo(添加后台用户W函数)
* @param unknown_type $id
* @param unknown_type $type
* @author renling
* @date 2014-9-10 上午10:16:18
* @throws
*/
public function addUser($id, $type = 1)
{
if ($_POST['isaddUser'] == 1) {
//登陆地址不存在,将登陆地址保存入公司信息
if (!$_POST['loginurl']) {
$MisSystemCompanyModel = D('MisSystemCompany');
$loginurlResult = $MisSystemCompanyModel->where("status=1")->setField("loginurl", $_POST['userurl']);
if (!$loginurlResult) {
$this->error("登陆地址修改失败。");
}
}
$mis_hr_personnel_person_infoDao = M("mis_hr_personnel_person_info");
$personnelData = $mis_hr_personnel_person_infoDao->where("id = " . $id)->find();
$userModel = D('User');
$userdate['account'] = $_POST['account'];
$userdate['employeid'] = $id;
$userdate['email'] = $personnelData['email'];
$userdate['mobile'] = $_POST['phone'];
$userdate['zhname'] = $_POST['zhname'];
$userdate['name'] = $personnelData['name'];
$userdate['sex'] = $personnelData['sex'];
$userdate['duty_id'] = $personnelData['dutylevelid'];
$userdate['dept_id'] = $personnelData['deptid'];
//获取人事岗位对应的角色
$rolegroup_id = getFieldBy($personnelData['worktype'], 'id', 'rolegroup_id', 'mis_hr_job_info');
$userdate['role_id'] = $rolegroup_id;
$userdate['attachrole'] = $rolegroup_id;
$userdate['password'] = pwdHash(C('USER_DEFAULT_PASSWORD'));
$userdate['createid'] = $_SESSION[C('USER_AUTH_KEY')];
$userdate['createtime'] = time();
$userResultid = $userModel->add($userdate);
if (C('SWITCH_SENIOR_ROLE_GROUP') == 'On') {
// 插入用户初始化高级权限组
$this->addRolegroup($userResultid, C("USER_SENIOR_ROLE_GROUP"));
}
if ($userResultid) {
//反写userid到人事表 by xyz 2015-10-22
$pimap['id'] = $id;
$pidata['userid'] = $userResultid;
$pret = $mis_hr_personnel_person_infoDao->where($pimap)->save($pidata);
if (false === $pret) {
$this->error("反写userid到人事表失败");
}
//
$companyid = $_REQUEST['companyid'];
$UserDeptDutyModel = D('UserDeptDuty');
$RolegroupUserModel = D("RolegroupUser");
$companyList = array();
if ($type == 1) {
foreach ($companyid as $key => $val) {
if (in_array($val, array_keys($companyList))) {
$this->error(getFieldBy($val, "id", "name", "mis_system_company") . "添加重复,请查证后提交!");
}
$UserDeptDuty = array();
$UserDeptDuty['userid'] = $userResultid;
$UserDeptDuty['deptid'] = $_POST['deptid'][$key];
$UserDeptDuty['dutyid'] = $_POST['dutylevelid'][$key];
$UserDeptDuty['worktype'] = $_POST['worktype'][$key];
$UserDeptDuty['employeid'] = $id;
$UserDeptDuty['typeid'] = 1;
$UserDeptDuty['companyid'] = $_POST['companyid'][$key];
$UserDeptDuty['createid'] = $_SESSION[C('USER_AUTH_KEY')];
$UserDeptDuty['createtime'] = time();
if ($type == 2) {
$UserDeptUserResult = $UserDeptDutyModel->where('employeid=' . $id)->save($UserDeptDuty);
} else {
$UserDeptUserResult = $UserDeptDutyModel->add($UserDeptDuty);
}
$UserDeptDutyModel->commit();
$companyList[$val] = 1;
$RolegroupDate = array();
$RolegroupDate['user_id'] = $userResultid;
$RolegroupDate['companyid'] = $_POST['companyid'][$key];
$RolegroupDate['rolegroup_id'] = getFieldBy($_POST['worktype'][$key], "id", "rolegroup_id", "mis_hr_job_info");
$RolegroupUserResult = $RolegroupUserModel->add($RolegroupDate);
if (!$RolegroupUserResult) {
$this->error("权限组插入错误!");
}
if (!$UserDeptUserResult) {
$this->error("数据异常");
}
}
} else {
//列表新增用户调用方法
$UserDeptDutyMap['employeid'] = $id;
$UserDeptDutyMap['status'] = 1;
$result = $UserDeptDutyModel->where($UserDeptDutyMap)->setField('userid', $userResultid);
$UserDeptDutyList = $UserDeptDutyModel->where($UserDeptDutyMap)->select();
foreach ($UserDeptDutyList as $key => $val) {
$RolegroupDate = array();
$RolegroupDate['user_id'] = $userResultid;
$RolegroupDate['rolegroup_id'] = getFieldBy($val['worktype'], "id", "rolegroup_id", "mis_hr_job_info");
$RolegroupDate['companyid'] = $val['companyid'];
$RolegroupUserResult = $RolegroupUserModel->add($RolegroupDate);
if (!$RolegroupUserResult) {
$this->error("权限组插入错误!");
}
}
}
}
if ($userResultid && $_POST['issendemail']) {
$email = array($_POST['useremail']);
//邮箱发送
$title = "[" . C('COPYRIGHT') . "]请查收您的用户信息";
$content = "亲爱的用户,您好!<br/> 您在[" . C('COPYRIGHT') . "]注册信息如下: <br/>英文登陆名为:'" . $_POST['account'] . "'";
if ($_POST['zhname']) {
$content .= "<br/>中文登陆名为: '" . $_POST['zhname'] . "'";
}
$content .= "<br/>初始密码为: '" . C('USER_DEFAULT_PASSWORD') . "' <br/> 请点击<a href='" . $_POST['userurl'] . "'> " . $_POST['userurl'] . "</a>登陆系统修改您的密码!";
$vo['name'] = C("EMAIL_SERVERNAME");
$vo['address'] = "brianl_yang";
$vo['server'] = "163.com";
$vo['email'] = C("EMAIL_SERVERADDRESS");
$vo['pop3'] = "pop.163.com";
$vo['smtp'] = "smtp.163.com";
$vo['password'] = C("EMAIL_PASSWORD");
$vo['pop3port'] = 110;
$vo['smtpport'] = 25;
$result = $this->SendEmail($title, $content, $email, "", $vo, 1, false);
if ($type != 1) {
if (!$result) {
$this->error("操作失败!");
} else {
$this->success("创建成功!");
}
} else {
if (!$result) {
$this->error("操作失败!");
}
}
} else {
if ($type != 1) {
if ($userResultid) {
$this->success("创建成功!");
}
}
}
}
}
public function change_pwd()
{
$this->checkUser();
//对表单提交处理进行处理或者增加非表单数据
//if(md5($_POST['verify']) != $_session['verify']) {
// $this->error('验证码错误!');
//}
$map = array();
$map['password'] = pwdHash($_POST['oldpassword']);
if (isset($_POST['account'])) {
$map['account'] = $_POST['account'];
} elseif (get_user_id()) {
$map['id'] = get_user_id();
}
//检查用户
$User = M("User");
if (!$User->where($map)->field('id')->find()) {
$this->error('旧密码不符或者用户名错误!');
} else {
$User->password = pwdHash($_POST['password']);
$User->save();
$this->assign('jumpUrl', $this->_get_return_url());
$this->success('密码修改成功!');
}
}
