Example #1
0
 public function call($ac, $useTrans)
 {
     global $DBH;
     if ($useTrans && !$DBH->inTransaction()) {
         $DBH->beginTransaction();
     }
     $fn = "api_{$ac}";
     if (preg_match('/^(\\w+)\\.(add|set|get|del|query)$/', $ac, $ms)) {
         $tbl = $ms[1];
         # TODO: check meta
         if (!preg_match('/^\\w+$/', $tbl)) {
             throw new MyException(E_PARAM, "bad table {$tbl}");
         }
         $ac1 = $ms[2];
         $ret = tableCRUD($ac1, $tbl);
     } elseif (function_exists($fn)) {
         $ret = $fn();
     } else {
         throw new MyException(E_PARAM, "Bad request - unknown ac: {$ac}");
     }
     if ($useTrans && $DBH && $DBH->inTransaction()) {
         $DBH->commit();
     }
     if (!isset($ret)) {
         $ret = "OK";
     }
     setRet(0, $ret);
     return $ret;
 }
Example #2
0
function api_login()
{
    $type = getAppType();
    if ($type != "user" && $type != "emp" && $type != "admin") {
        throw new MyException(E_PARAM, "Unknown type `{$type}`");
    }
    $token = param("token");
    if (isset($token)) {
        $rv = parseLoginToken($token);
        $uname = $rv["uname"];
        $pwd = $rv["pwd"];
    } else {
        $uname = mparam("uname");
        list($pwd, $code) = mparam(["pwd", "code"]);
    }
    $wantAll = param("wantAll/b", 0);
    if (isset($code) && $code != "") {
        validateDynCode($code, $uname);
        unset($pwd);
    }
    $key = "uname";
    if (ctype_digit($uname[0])) {
        $key = "phone";
    }
    $obj = null;
    # user login
    if ($type == "user") {
        $obj = "User";
        $sql = sprintf("SELECT id,pwd FROM User WHERE {$key}=%s", Q($uname));
        $row = queryOne($sql, PDO::FETCH_ASSOC);
        $ret = null;
        if ($row === false) {
            // code通过验证,直接注册新用户
            if (isset($code)) {
                $pwd = AUTO_PWD_PREFIX . genDynCode("d4");
                $ret = regUser($uname, $pwd);
                $ret["_isNew"] = 1;
            }
        } else {
            if (isset($code) || isset($pwd) && hashPwd($pwd) == $row["pwd"]) {
                if (!isset($pwd)) {
                    $pwd = $row["pwd"];
                }
                // 用于生成token
                $ret = ["id" => $row["id"]];
            }
        }
        if (!isset($ret)) {
            throw new MyException(E_AUTHFAIL, "bad uname or password", "手机号或密码错误");
        }
        $_SESSION["uid"] = $ret["id"];
    } else {
        if ($type == "emp") {
            $obj = "Employee";
            $sql = sprintf("SELECT id,pwd FROM Employee WHERE {$key}=%s", Q($uname));
            $row = queryOne($sql, PDO::FETCH_ASSOC);
            if ($row === false || isset($pwd) && hashPwd($pwd) != $row["pwd"]) {
                throw new MyException(E_AUTHFAIL, "bad uname or password", "用户名或密码错误");
            }
            $_SESSION["empId"] = $row["id"];
            $ret = ["id" => $row["id"]];
        } else {
            if ($type == "admin") {
                list($uname1, $pwd1) = getCred(getenv("P_ADMIN_CRED"));
                if (!isset($uname1)) {
                    throw new MyException(E_AUTHFAIL, "admin user is not enabled.", "超级管理员用户未设置,不可登录。");
                }
                if ($uname != $uname1 || $pwd != $pwd1) {
                    throw new MyException(E_AUTHFAIL, "bad uname or password", "用户名或密码错误");
                }
                $adminId = 1;
                $_SESSION["adminId"] = $adminId;
                $ret = ["id" => $adminId, "uname" => $uname1];
            }
        }
    }
    if ($wantAll && $obj) {
        $rv = tableCRUD("get", $obj);
        $ret += $rv;
    }
    if (!isset($token)) {
        genLoginToken($ret, $uname, $pwd);
    }
    return $ret;
}