function login()
{
$post = $this->post;
if (count($post)) {
$phone = $post['phone'];
$pass = $post['pass'];
if (!validate('phone', $phone)) {
$this->redirect(_HOST . "login");
}
if (!validate('pass', $pass)) {
$this->redirect(_HOST . "login");
}
$result = $this->load('employee')->login($phone, secret($pass));
if ($result) {
$per = $result['permissions'];
if (!empty($per)) {
$result['permissions'] = array_map("strtolower", unserialize($per));
}
$this->session['user'] = $result;
$this->redirect('index');
} else {
$this->redirect("login");
}
} else {
return $this->view(V_PATH . "login.html", array("css" => CSS, 'host' => _HOST));
}
}
/**
* save token to db
*/
public static function initWxTokenToDB()
{
global $db;
$url = wxTokenUrl() . "&appid=" . appid() . "&secret=" . secret();
// 请求微信token
//LogUtil::logs("initWxTokenToDB tokenurl====>".$url, getLogFile('/business.log'));
$arr = RequestUtil::httpGet($url);
$newToken = $arr['access_token'];
//LogUtil::logs("initWxTokenToDB newToken====>".$newToken, getLogFile('/business.log'));
// 请求微信ticket
$newTicket = self::initTicket($newToken);
$updatetime = DateUtil::getCurrentTime();
// 加锁文件
if (file_exists($lockfile)) {
//LogUtil::logs("initWxTokenToDB ====> file in writing, only can read\r\n", getLogFile('/business.log'));
exit;
}
// save or update;
$db->exec("INSERT INTO wx_token(id, token, updatetime, ticket) \r\n\t\tvalues(1, '{$newToken}','{$updatetime}','{$newTicket}') \r\n\t\tON DUPLICATE KEY UPDATE token='{$newToken}', updatetime='{$updatetime}', ticket='{$newTicket}'");
// 关闭锁文件
fclose($lockTemp);
// 删除锁文件
unlink($lockfile);
return $newToken;
}
function put()
{
$guest_id = isset($this->session['guest']) ? $this->session['guest'] : 0;
if (!empty($guest_id)) {
$post = $this->post;
$old_pass = $post["old_pass"];
$new_pass = $post["new_pass"];
if (strlen($old_pass) < 6 || strlen($new_pass) < 6) {
return json_encode(array("error_code" => 11));
}
$old_pass = secret($old_pass);
$new_pass = secret($new_pass);
$result = $this->load("guest")->updatePass(array("guest_id" => $guest_id, "old_pass" => $old_pass, "new_pass" => $new_pass));
if ($result) {
return json_encode(array("error_code" => 0));
} else {
//修改密码失败
return json_encode(array("error_code" => 12));
}
} else {
return json_encode(array("error_code" => 1));
}
}
function get()
{
$session_sms = isset($this->session['sms']) ? $this->session['sms'] : 0;
if (!empty($session_sms)) {
$sms = $this->post["sms"];
if ($this->session['sms'] == $sms) {
$phone = $this->session['phone'];
$new_pass = randomPass(6);
$s_pass = secret($new_pass);
$ret = $this->load("guest")->updatePassByPhone($phone, $s_pass);
if ($ret) {
$result = send_sms_code($phone, "新密码:" . $new_pass . ",请妥善保存");
return json_encode(array("error_code" => 0));
} else {
//update fail
return json_encode(array("error_code" => 13));
}
} else {
return json_encode(array("error_code" => 7));
}
} else {
return json_encode(array("error_code" => 6));
}
}
die(JSON::encode($return_data));
}
$user_id = $_SESSION['user_id'];
$method = $_SERVER['REQUEST_METHOD'];
$resource = isset($_REQUEST['api_data']) ? trim($_REQUEST['api_data']) : 'hot';
/* 根据不同的API_RESOURCE来做不同的处理 */
switch ($resource) {
case 'hot':
include_once 'includes/controller/goods/lib_controller_list.php';
api_return($resource, li_st());
break;
case 'view':
include_once 'includes/controller/goods/lib_controller_view.php';
api_return($resource, view());
break;
case 'idcard':
include_once 'includes/controller/goods/lib_controller_new.php';
api_return($resource, idcard());
break;
case 'secret':
include_once 'includes/controller/goods/lib_controller_secret.php';
api_return($resource, secret());
break;
case 'order':
include_once 'includes/controller/goods/lib_controller_order.php';
api_return($resource, order());
break;
default:
# code...
break;
}
function secret_apart($x, $y)
{
return secret($x) + secret($y);
}
// developing on Windows (unlike production server)
$root = dirname($_SERVER['DOCUMENT_ROOT']);
$caller = $_SERVER['REMOTE_ADDR'];
$dbs = (array) json_decode(utf8_encode(file_get_contents("{$root}/.databases")));
if (!($cryptKey = @$dbs['_offsiteKeys']->{$caller})) {
die('access denied, caller ' . $caller);
}
// unique password for each caller (unknown to them)
offlog(17, $args = $_POST);
$id = @$args['id'];
$data = @$args['data'];
if (empty($id) and is_null($data)) {
die('server error (no data)');
}
try {
exit((string) secret($dbs, $cryptKey, $id, $data));
} catch (PDOException $ex) {
die('server error (query)');
}
function secret($dbs, $cryptKey, $id, $data = NULL)
{
global $db;
$maxLen = strlen('9223372036854775807') - 1;
// keep it shorter than biggest usable unsigned "big int" in MySQL
$table = 'offsite';
extract((array) $dbs[$db_name = key($dbs)], EXTR_PREFIX_ALL, 'db');
$db = new PDO("{$db_driver}:host={$db_host};port={$db_port};dbname={$db_name}", $db_user, $db_pass);
if (!isset($data)) {
return offlog(35, $result = lookup('data', $table, $id)) == '' ? '' : base64_encode(ezdecrypt($result, $cryptKey));
}
// retrieval is easy
/**
* Testing for setup
* @global array $profile
*/
function test_mode()
{
global $profile, $p, $g;
if ($profile['allow_test'] != true) {
error_403();
}
@ini_set('max_execution_time', 180);
$test_expire = time() + 120;
$test_ss_enc = 'W7hvmld2yEYdDb0fHfSkKhQX+PM=';
$test_ss = base64_decode($test_ss_enc);
$test_token = "alpha:bravo\ncharlie:delta\necho:foxtrot";
$test_server_private = '11263846781670293092494395517924811173145217135753406847875706165886322533899689335716152496005807017390233667003995430954419468996805220211293016296351031812246187748601293733816011832462964410766956326501185504714561648498549481477143603650090931135412673422192550825523386522507656442905243832471167330268';
$test_client_public = base64_decode('AL63zqI5a5p8HdXZF5hFu8p+P9GOb816HcHuvNOhqrgkKdA3fO4XEzmldlb37nv3+xqMBgWj6gxT7vfuFerEZLBvuWyVvR7IOGZmx0BAByoq3fxYd3Fpe2Coxngs015vK37otmH8e83YyyGo5Qua/NAf13yz1PVuJ5Ctk7E+YdVc');
$res = array();
// bcmath
$res['bcmath'] = extension_loaded('bcmath') ? 'pass' : 'warn - not loaded';
// gmp
if ($profile['allow_gmp']) {
$res['gmp'] = extension_loaded('gmp') ? 'pass' : 'warn - not loaded';
} else {
$res['gmp'] = 'pass - n/a';
}
// get_temp_dir
$res['logfile'] = is_writable($profile['logfile']) ? 'pass' : "warn - log is not writable";
// session & new_assoc
user_session();
list($test_assoc, $test_new_ss) = new_assoc($test_expire);
$res['session'] = $test_assoc != session_id() ? 'pass' : 'fail';
// secret
@session_unregister('shared_secret');
list($check, $check2) = secret($test_assoc);
$res['secret'] = $check == $test_new_ss ? 'pass' : 'fail';
// expire
$res['expire'] = $check2 <= $test_expire ? 'pass' : 'fail';
// base64
$res['base64'] = base64_encode($test_ss) == $test_ss_enc ? 'pass' : 'fail';
// hmac
$test_sig = base64_decode('/VXgHvZAOdoz/OTa5+XJXzSGhjs=');
$check = hmac($test_ss, $test_token);
$res['hmac'] = $check == $test_sig ? 'pass' : sprintf("fail - '%s'", base64_encode($check));
if ($profile['use_bigmath']) {
// bigmath powmod
$test_server_public = '102773334773637418574009974502372885384288396853657336911033649141556441102566075470916498748591002884433213640712303846640842555822818660704173387461364443541327856226098159843042567251113889701110175072389560896826887426539315893475252988846151505416694218615764823146765717947374855806613410142231092856731';
$check = bmpowmod($g, $test_server_private, $p);
$res['bmpowmod-1'] = $check == $test_server_public ? 'pass' : sprintf("fail - '%s'", $check);
// long
$test_client_long = '133926731803116519408547886573524294471756220428015419404483437186057383311250738749035616354107518232016420809434801736658109316293127101479053449990587221774635063166689561125137927607200322073086097478667514042144489248048756916881344442393090205172004842481037581607299263456852036730858519133859409417564';
$res['long'] = long($test_client_public) == $test_client_long ? 'pass' : 'fail';
// bigmath powmod 2
$test_client_share = '19333275433742428703546496981182797556056709274486796259858099992516081822015362253491867310832140733686713353304595602619444380387600756677924791671971324290032515367930532292542300647858206600215875069588627551090223949962823532134061941805446571307168890255137575975911397744471376862555181588554632928402';
$check = bmpowmod($test_client_long, $test_server_private, $p);
$res['bmpowmod-2'] = $check == $test_client_share ? 'pass' : sprintf("fail - '%s'", $check);
// bin
$test_client_mac_s1 = base64_decode('G4gQQkYM6QmAzhKbVKSBahFesPL0nL3F2MREVwEtnVRRYI0ifl9zmPklwTcvURt3QTiGBd+9Dn3ESLk5qka6IO5xnILcIoBT8nnGVPiOZvTygfuzKp4tQ2mXuIATJoa7oXRGmBWtlSdFapH5Zt6NJj4B83XF/jzZiRwdYuK4HJI=');
$check = bin($test_client_share);
$res['bin'] = $check == $test_client_mac_s1 ? 'pass' : sprintf("fail - '%s'", base64_encode($check));
} else {
$res['bigmath'] = 'fail - big math functions are not available.';
}
// sha1_20
$test_client_mac_s1 = base64_decode('G4gQQkYM6QmAzhKbVKSBahFesPL0nL3F2MREVwEtnVRRYI0ifl9zmPklwTcvURt3QTiGBd+9Dn3ESLk5qka6IO5xnILcIoBT8nnGVPiOZvTygfuzKp4tQ2mXuIATJoa7oXRGmBWtlSdFapH5Zt6NJj4B83XF/jzZiRwdYuK4HJI=');
$test_client_mac_s2 = base64_decode('0Mb2t9d/HvAZyuhbARJPYdx3+v4=');
$check = sha1_20($test_client_mac_s1);
$res['sha1_20'] = $check == $test_client_mac_s2 ? 'pass' : sprintf("fail - '%s'", base64_encode($check));
// x_or
$test_client_mac_s3 = base64_decode('i36ZLYAJ1rYEx1VEHObrS8hgAg0=');
$check = x_or($test_client_mac_s2, $test_ss);
$res['x_or'] = $check == $test_client_mac_s3 ? 'pass' : sprintf("fail - '%s'", base64_encode($check));
$out = "<table border=1 cellpadding=4>\n";
foreach ($res as $test => $stat) {
$code = substr($stat, 0, 4);
$color = $code == 'pass' ? '#9f9' : ($code == 'warn' ? '#ff9' : '#f99');
$out .= sprintf("<tr><th>%s</th><td style='background:%s'>%s</td></tr>\n", $test, $color, $stat);
}
$out .= "</table>";
wrap_html($out);
}
function save()
{
$post = $this->post;
$guest_id = (int) $post["guest_id"];
$employee_id = (int) $post['employee_id'];
$should_fee = (double) $post['should_fee'];
$have_fee = (double) $post['have_fee'];
$process_group_id = (int) $post['process_group_id'];
if ($process_group_id == 0) {
return '请指定工商类型';
}
if ($guest_id == 0) {
return '请指定用户';
}
if ($should_fee <= 0) {
return '应付款必须大于0';
}
if ($have_fee < 0) {
return '已付款不能为负数';
}
if ($employee_id == 0) {
return '请指定负责会计';
}
//查询此用户是否已经开通了指定类型的业务
$result = $this->load('business')->findByProcessGroupid($process_group_id, $guest_id);
if ($result) {
return '不能重复开通此业务';
}
//查询当前的登录员工是否负责此用户
$result = $this->load('guest')->findByEmployee($this->session['user']['employee_id'], $guest_id);
if ($result) {
return $this->load('business')->add(array('guest_id' => $guest_id, 'process_group_id' => $process_group_id, 'employee_id' => $employee_id, 'should_fee' => $should_fee, 'have_fee' => $have_fee));
//给用户设定密码 初始密码为000000
$password = secret("000000");
$this->load("guest")->setPass($guest_id, $password);
} else {
return '只能负责此用户员工才能操作';
}
}
<?php
require_once '../../weixin/RequestUtil.php';
require_once '../../weixin/DateUtil.php';
require_once '../../weixin/globleconfig.php';
require_once '../../weixin/LogUtil.php';
require_once '../configs/smarty.inc.php';
// http://www.jb51.net/article/48019.htm
if (isset($_GET["code"])) {
$code = $_GET["code"];
$secret = secret();
$appid = appid();
$oauthurl = wxOauth();
$url = $oauthurl . "?appid=" . $appid . "&secret=" . $secret . "&code=" . $code . "&grant_type=authorization_code";
//LogUtil::logs($url, getLogFile("/business.log"));
$returnJson = RequestUtil::httpGet($url);
// {"access_token":"OezXcEiiBSKSxW0eoylIeG_LpV4TpnX-BxNbAVVAasaRyPm55zyI9CKaVNciQOEw8iu_pEDXCiBKbbSJbzzqarhyfecqXoplnmCl7HsBiWFARy1Ob3MealEkubEDs8KHeRbAr5Awrvr7RR3i5t24GA","expires_in":7200,"refresh_token":"OezXcEiiBSKSxW0eoylIeG_LpV4TpnX-BxNbAVVAasaRyPm55zyI9CKaVNciQOEwUHOmtG9PkoiFUefqTDaX00sVqxhfoyE-jbYDCIjldLBnZvj1QP0gGev-Tw2BWQWTdIOnZ9EQDB0Oi0w2ZlT0lA","openid":"osp6swrNZiWtEuTy-Gj1cBVA1l38","scope":"snsapi_base"}
$openid = $returnJson["openid"];
if (!empty($returnJson["openid"])) {
$smarty->assign('openid', $openid);
$smarty->display('chatingroom/chating.html');
}
}
public function save()
{
$post = $this->post;
$name = isset($post['name']) ? $post['name'] : null;
$phone = isset($post['phone']) ? $post['phone'] : null;
$sex = (int) $post['sex'];
$department_id = (int) $post['department_id'];
$roles_id = (int) $post['roles_id'];
if (!validate('name', $name)) {
return '姓名不符合要求';
}
if (!validate('phone', $phone)) {
return '电话不符合要求';
}
$lastid = $this->load('employee')->add(array('name' => $name, 'pass' => secret('000000'), 'phone' => $phone, 'sex' => $sex, 'roles_id' => $roles_id, 'create_time' => timenow(), 'department_id' => $department_id));
if ($lastid) {
return $this->load('employee')->findById($lastid);
} else {
return 0;
//insert fail
}
}
