$_SESSION['auth'] = 1; } elseif ($arr['isAuth'] === 2) { $_SESSION['login'] = $login; $_SESSION['auth'] = 2; } else { header("Location: /MyShop/?error_msg=" . $arr['error_msg']); exit; } } elseif (isset($_POST['reg'])) { //регистрация $name = clearStr($_POST['name']); $phone = clearStr($_POST['tel']); $login = clearStr($_POST['login']); $password = clearStr($_POST['pass']); $email = clearStr($_POST['email']); regUser($name, $login, $password, $email, $phone, $role = "inactive"); if (!empty($error_reg)) { header("Location: /MyShop/?error_reg=" . $error_reg); exit; } else { header("Location: success.php"); exit; } } elseif (isset($_POST['logOut'])) { session_destroy(); header("Location:" . $_SERVER['SCRIPT_NAME']); exit; } elseif (!isset($_POST['del']) and !isset($_POST['update'])) { $title = clearStr($_POST['title']); $description = $_POST['description']; $price = clearInt($_POST['price']);
function api_login() { $type = getAppType(); if ($type != "user" && $type != "emp" && $type != "admin") { throw new MyException(E_PARAM, "Unknown type `{$type}`"); } $token = param("token"); if (isset($token)) { $rv = parseLoginToken($token); $uname = $rv["uname"]; $pwd = $rv["pwd"]; } else { $uname = mparam("uname"); list($pwd, $code) = mparam(["pwd", "code"]); } $wantAll = param("wantAll/b", 0); if (isset($code) && $code != "") { validateDynCode($code, $uname); unset($pwd); } $key = "uname"; if (ctype_digit($uname[0])) { $key = "phone"; } $obj = null; # user login if ($type == "user") { $obj = "User"; $sql = sprintf("SELECT id,pwd FROM User WHERE {$key}=%s", Q($uname)); $row = queryOne($sql, PDO::FETCH_ASSOC); $ret = null; if ($row === false) { // code通过验证,直接注册新用户 if (isset($code)) { $pwd = AUTO_PWD_PREFIX . genDynCode("d4"); $ret = regUser($uname, $pwd); $ret["_isNew"] = 1; } } else { if (isset($code) || isset($pwd) && hashPwd($pwd) == $row["pwd"]) { if (!isset($pwd)) { $pwd = $row["pwd"]; } // 用于生成token $ret = ["id" => $row["id"]]; } } if (!isset($ret)) { throw new MyException(E_AUTHFAIL, "bad uname or password", "手机号或密码错误"); } $_SESSION["uid"] = $ret["id"]; } else { if ($type == "emp") { $obj = "Employee"; $sql = sprintf("SELECT id,pwd FROM Employee WHERE {$key}=%s", Q($uname)); $row = queryOne($sql, PDO::FETCH_ASSOC); if ($row === false || isset($pwd) && hashPwd($pwd) != $row["pwd"]) { throw new MyException(E_AUTHFAIL, "bad uname or password", "用户名或密码错误"); } $_SESSION["empId"] = $row["id"]; $ret = ["id" => $row["id"]]; } else { if ($type == "admin") { list($uname1, $pwd1) = getCred(getenv("P_ADMIN_CRED")); if (!isset($uname1)) { throw new MyException(E_AUTHFAIL, "admin user is not enabled.", "超级管理员用户未设置,不可登录。"); } if ($uname != $uname1 || $pwd != $pwd1) { throw new MyException(E_AUTHFAIL, "bad uname or password", "用户名或密码错误"); } $adminId = 1; $_SESSION["adminId"] = $adminId; $ret = ["id" => $adminId, "uname" => $uname1]; } } } if ($wantAll && $obj) { $rv = tableCRUD("get", $obj); $ret += $rv; } if (!isset($token)) { genLoginToken($ret, $uname, $pwd); } return $ret; }