function savepsw()
 {
     $objData = array('psw' => $this->_post('psw', ''));
     //内容规则检查
     T('content/validate');
     $validate = array(array('psw', 'min_length', '密码长度必须大于4位', 4));
     if (!validate::check($validate, $objData)) {
         $this->JsonReturn(validate::getError());
     }
     if ($objData['psw'] != $this->_post('repsw')) {
         $this->JsonReturn('两次密码不一致,请检查');
     }
     if ($objData['psw']) {
         $psw = D('admin')->setUserPassword($objData['psw']);
         if ($psw != steadmin::$adminInfo['psw']) {
             D('steadmin')->update(array('psw' => $psw), array('user_id' => steadmin::$adminInfo['user_id']));
             D('steadmin')->setUserLogin(array('user_id' => steadmin::$adminInfo['user_id'], 'psw' => $psw), 0, false);
             //===记录操作日志====
             parent::saveSySLog(2, array(), 0, array('user_id' => steadmin::$adminInfo['user_id']), '修改密码-编辑');
             //===记录操作日志====
             $this->JsonReturn('操作成功', null, 1);
         }
     }
     $this->JsonReturn('密码未变更', null, 0);
 }
 function save()
 {
     if (load('string')) {
         $feedback = array();
         $feedback['fb_time'] = $this->_post('fbtime', '');
         $feedback['fb_type'] = $this->_postid('fbtype', 0);
         $feedback['fb_status'] = $this->_postid('fbstatus', 0);
         $feedback['fb_content'] = $this->_post('fbcontent', '');
         $feedback['fb_upload'] = $this->_post('fbupload', '');
         $feedbackConfig = C('feedback');
         if (!isHave($feedbackConfig['type']) || !is_array($feedbackConfig['type']) || !isHave($feedbackConfig['maxLen']) || !is_numeric($feedbackConfig['maxLen'])) {
             return $this->JsonReturn('配置信息错误');
         }
         T('content/validate');
         $validation = array(array('fb_time', 'required', '请选择时间'), array('fb_type', 'required', '请选择类型'), array('fb_status', 'required', '请选择处理状态'), array('fb_content', 'required', '填填写反馈'), array('fb_content', 'max_length', '反馈内容请不要超过' . $feedbackConfig['maxLen'] . '个字符', $feedbackConfig['maxLen']));
         if (!isHave($feedbackConfig['type'][$feedback['fb_type']])) {
             return $this->JsonReturn('无该反馈类型' . $feedback['fb_type']);
         }
         if (!isHave($feedbackConfig['status'][$feedback['fb_status']])) {
             return $this->JsonReturn('无该处理结果');
         }
         if (!validate::check($validation, $feedback)) {
             return $this->JsonReturn(validate::getError());
         }
         // validate 中并没有如 2015-08-03 这样的无时间格式检查
         if (!strtotime($feedback['fb_time'])) {
             return $this->JsonReturn('时间错误');
         }
         /* TODO
          * 对于upload应该怎么样检查
          */
         $fb_insert = array('worker_uid' => steadmin::$adminInfo['user_id'], 'type_id' => $feedback['fb_type'], 'status_id' => $feedback['fb_status'], 'feedback' => $feedback['fb_content'], 'fb_time' => inTime($feedback['fb_time']), 'upload' => $feedback['fb_upload'], 'ct_time' => TIME);
         if (D('feedback')->insert($fb_insert)) {
             return $this->JsonReturn('保存成功,可继续添加反馈', null, 1);
         } else {
             return $this->JsonReturn('保存失败');
         }
     } else {
         $this->JsonReturn('加载string函数库时发生了错误');
     }
 }
<?php

require_once '../core/init.php';
req::once('functions/rand_pass.php');
$user = new user();
if ($user->notHasPermission('logged in')) {
    redirect::to('index.php');
}
if (input::exists()) {
    $validate = new validate();
    $validate->check($_POST, array());
    if ($validate->passed()) {
        try {
            //database actions
        } catch (Exception $e) {
            die($e->getMessage());
        }
    }
}
 public function save()
 {
     parent::_authUser(array(1, 5, 7, 9));
     $id = $this->_postid('id', 0);
     if (!$id) {
         $this->JsonReturn('参数丢失');
     }
     $rs = M('ste_shop')->where(array('shop_id' => $id))->find();
     if (!$rs) {
         showError('店铺不存在');
     }
     if (!parent::_checkUser($rs['user_id'], $id) && (parent::_checkIsPresident() && $rs['service_id'] != steadmin::$adminInfo['service_id'])) {
         showError('编辑权限不足');
     }
     $objData = array();
     $noField = array('user_id', 'city_id', 'goods_sales');
     //获取字段内容
     $fieldList = M('ste_shop')->getTableFields($noField);
     foreach ($fieldList['fields'] as $key => $val) {
         $objData[$key] = $val['type'] == 'int' ? $this->_postid($key, $val['value']) : $this->_post($key, $val['value']);
     }
     $objData['tips_list'] = $this->_post('tips_list');
     $objData['hot_goods'] = $this->_post('hot_goods');
     if ($objData['tips_list']) {
         $objData['tips_list'] = ',' . implode(',', $objData['tips_list']) . ',';
     }
     if ($objData['hot_goods']) {
         $objData['hot_goods'] = implode(',', $objData['hot_goods']);
     }
     if ($objData['deployment_users']) {
         $objData['deployment_users'] = implode(',', $objData['deployment_users']);
     }
     //内容规则检查
     T('content/validate');
     $validate = array(array('shop_name', 'range_length', '店铺名称不符合要求', 2, 80), array('pic_url', 'required', '店铺小图不能为空'), array('score_total', 'double', '综合评分不符合要求'), array('score_flavour', 'double', '口味评分不符合要求'), array('score_service', 'double', '服务评分不符合要求'), array('ontime_point', 'int', '准点率必须为整数'));
     if (!validate::check($validate, $objData)) {
         $this->JsonReturn(validate::getError());
     }
     //        z($objData);
     //判断重复
     $checkHas = M('ste_shop')->where(array('shop_name' => $objData['shop_name'], 'shop_alt_name' => $objData['shop_alt_name'], 'city_id' => steadmin::$adminInfo['city_id'], 'status' => 1))->getField('shop_id');
     if ($checkHas && $checkHas != $id) {
         $this->JsonReturn('同名店铺已存在,请检查');
     }
     //        z($objData);
     M('ste_shop')->update($objData, array('shop_id' => $id));
     //判断店铺的服务中心有没有更改
     if ($rs['service_id'] != $objData['service_id']) {
         M('ste_goods')->update(array('service_id' => $objData['service_id']), array('shop_id' => $id));
     }
     //判断店铺的类型是否有更改
     if ($rs['shop_type'] != $objData['shop_type']) {
         D('api')->refreshConfig();
     }
     //===记录操作日志====
     parent::saveSySLog(2, $objData, $id, array('shop_id' => $id), '店铺管理-更新');
     //===记录操作日志====
     $this->JsonReturn('ok', null, 1);
 }
 function save()
 {
     $fid = $this->_postid('fid', 0);
     if (!$fid) {
         showError('参数丢失');
     }
     $feedbackConfig = C('steward/service_log');
     $servicelog = array();
     $servicelog['fb_time'] = $this->_post('fbtime', '');
     $servicelog['type_id'] = $this->_postid('fbtype', 0);
     $servicelog['status_id'] = $this->_postid('fbstatus', 0);
     $servicelog['feedback'] = $this->_post('fbcontent', '');
     $servicelog['upload'] = $this->_post('fbupload');
     $servicelog['order_id'] = $this->_postid('order_id');
     $servicelog['phone'] = $this->_post('phone');
     $servicelog['username'] = $this->_post('username');
     T('content/validate');
     $validation = array(array('fb_time', 'required', '请选择时间'), array('type_id', 'required', '请选择类型'), array('status_id', 'required', '请选择处理状态'), array('feedback', 'required', '填填写反馈'), array('feedback', 'max_length', '反馈内容请不要超过' . $feedbackConfig['maxLen'] . '个字符', $feedbackConfig['maxLen']));
     if (!validate::check($validation, $servicelog)) {
         return $this->JsonReturn(validate::getError());
     }
     if (isHave($servicelog['phone'])) {
         $phoneValidation = array(array('phone', 'phone', '请填写正确的电话号码'));
         if (!validate::check($phoneValidation, $servicelog)) {
             return $this->JsonReturn(validate::getError());
         }
     }
     if (isHave($servicelog['username'])) {
         $usernameValidation = array(array('username', 'username', '请填写正确的电话号码'));
         if (!validate::check($usernameValidation, $servicelog)) {
             return $this->JsonReturn(validate::getError());
         }
     }
     if (!isHave($feedbackConfig['type'][$servicelog['type_id']])) {
         return $this->JsonReturn('无该反馈类型' . $servicelog['type_id']);
     }
     if (!isHave($feedbackConfig['status'][$servicelog['status_id']])) {
         return $this->JsonReturn('无该处理结果');
     }
     $servicelog['fb_time'] = inTime($servicelog['fb_time']);
     D('serviceLog')->update($servicelog, array('fid' => $fid));
     $this->JsonReturn('保存成功', null, 1);
 }
Example #6
0
<?php

require_once '../core/init.php';
req::once('functions/rand_pass.php');
$user = new user();
if ($user->notHasPermission('logged in')) {
    redirect::to('index.php');
}
if (input::exists()) {
    $validate = new validate();
    $validate->check($_POST, array('name' => array('required' => true, 'max' => 256), 'amount' => array('required' => true)));
    if ($validate->passed()) {
        try {
            $db = db::getInstance();
            $item_id = $db->insert('items', array('name' => input::get('name'), 'amount' => input::get('amount'), 'added-by' => $user->data()->id));
            $list_data = $db->get('lists', input::get('list_id'));
            if (!empty($data)) {
                $data = $data->firstResult();
            } else {
                die;
            }
            $new_items = $list_data->items . ',' . $item_id;
            $db->update('lists', $list_data->id, array('items' => $new_items));
        } catch (Exception $e) {
            die($e->getMessage());
        }
    }
}
Example #7
0
<?php

require_once '../Core/init.php';
$dbh = null;
$user = new user(null, $_log);
$_db = db::getInstance();
if (!$user->isLoggedIn()) {
    redirect::to('../index.php');
}
if (input::exists()) {
    if (token::check(input::get('token'))) {
        $validate = new validate();
        $validation = $validate->check($_POST, array('Name' => array('required' => true, 'min' => 2, 'max' => 50)));
        if ($validation->passed()) {
            try {
                $user->update(array('Name' => input::get('Name')));
                session::flash('home', 'Your details have been updated. ');
                redirect::to('index.php');
            } catch (Exception $e) {
                die($e->getMessage());
            }
        } else {
            foreach ($validation->errors() as $error) {
                echo $error, '<br>';
            }
        }
    }
}
// if (!isset($_POST["didsave"])) {
// 	$_POST["didsave"] = 0;
// }
Example #8
0
		</div>
	</div> <!--Row div-->
	
</div>  <!--container div -->
<script type="text/javascript">
	
	$('#notVerified').hide();
</script>

</body>
</html>
<?php 
if ($input == true) {
    if ($token == true) {
        $validate = new validate();
        $validation = $validate->check($_POST, array('Username' => array('required' => true)));
        if ($validation->passed()) {
            $user = new user(null, $_log);
            $remember = input::get('remember') === 'on' ? true : false;
            $login = $user->login(input::get('Username'), input::get('Password'), $remember);
            if ($user->verified(input::get('Username')) && $user->find(input::get('Username'))) {
                if ($login) {
                    redirect::to('../index.php');
                }
            } else {
                echo "<script type='text/javascript'> notVerifiedShow(); </script>";
            }
            // else {
            // 	echo 'Sorry, logging in failed';
            // }
        } else {
Example #9
0
<?php

require_once '../Core/init.php';
$user = new user(null, $_log);
if ($user->verified($_GET['Username'])) {
    redirect::to('../index.php');
}
$_db = db::getInstance();
$username = $_GET["Username"];
$confirmCode = $_GET["ConfirmCode"];
//echo $unit_id;
if (input::exists()) {
    if (token::check(input::get('token'))) {
        $validate = new validate();
        $validation = $validate->check($_POST, array('Password' => array('required' => true, 'min' => 6), 'password_again' => array('required' => true, 'matches' => 'Password')));
        if ($validation->passed()) {
            //session::flash('success','You registered successfully!');
            //header('Location: index.php');
            $user = new user(null, $_log);
            $salt = hash::salt(32);
            if ($data = $_db->get('Users', array('Username', '=', $username))) {
                //var_dump($data);
                if ($data->counts() > 0) {
                    if ($data->first()->User_Verified == 0) {
                        if ($data->first()->Confirm_Hash == $confirmCode) {
                            $oldUser = $data->first()->Old_User;
                            try {
                                $user->updateUser(array('Password' => hash::make(input::get('Password'), $salt), 'Salt' => $salt, 'User_Verified' => 1, 'Confirm_Hash' => null, 'Old_User' => null), $_GET['Username']);
                                session::flash('home', 'Your password has been created');
                                $_log->info('Username verified: ' . $username);
                                // Will be logged
Example #10
0
<?php

require_once '../core/init.php';
req::once('functions/rand_pass.php');
$user = new user();
if ($user->hasPermission('logged in')) {
    redirect::to('index.php');
}
if (input::exists()) {
    $validate = new validate();
    $validate->check($_POST, array('email' => array('required' => true, 'min' => 2, 'max' => 32, 'unique' => 'users', 'email' => true), 'password' => array('required' => true, 'min' => 6, 'max' => 32), 'confirmation' => array('required' => true, 'matches' => 'password')));
    if ($validate->passed()) {
        $user = new user();
        $salt = hash::salt(32);
        $activation_code = random_code(16);
        $activation_hash = hash::make($activation_code);
        try {
            $id = $user->create(array('email' => input::get('email'), 'type' => input::get('account_type'), 'status' => 'u', 'password' => hash::make(input::get('password'), $salt), 'salt' => $salt, 'activation_code' => $activation_hash));
            mail(input::get('email'), 'Thank you for registering with MyBasket', 'To activate your account, go here: ' . config::get('site_url') . '/activate.php?code=' . $activation_code . '&user='******'email'));
            $db = db::getInstance();
            if (input::get('account_type') === 'l') {
                $db->insert('lab_user_data', array('user_id' => $id));
            } else {
                if (input::get('account_type') === 'd') {
                    $db->insert('ds_user_data', array('user_id' => $id));
                }
            }
        } catch (Exception $e) {
            die($e->getMessage());
        }
    }
<?php

require_once 'core/init.php';
if (Input::exists()) {
    if (Token::check(Input::get('token'))) {
        $validate = new validate();
        $validation = $validate->check($_POST, array('username' => array('required' => true, 'min' => 4, 'max' => 20, 'unique' => 'users'), 'password' => array('required' => true, 'min' => 5), 'password_again' => array('required' => true, 'matches' => 'password'), 'name' => array('required' => true, 'min' => 4, 'max' => 50)));
        if ($validation->passed()) {
            $user = new User();
            $salt = Hash::salt(32);
            try {
                $user->create(array('username' => Input::get('username'), 'password' => Hash::make(Input::get('password'), $salt), 'salt' => $salt, 'name' => Input::get('name'), 'joined' => date('Y-m-d H:i:s'), 'group' => 1));
            } catch (Exception $e) {
                die($e->getMessage());
            }
        } else {
            foreach ($validation->errors() as $error) {
                echo $error, '<br>';
            }
        }
    }
}
?>
<form action="" method="post">
	<div class="field">
	    <label for="username">Username</label>
	    <input type="text" name="username" id="username" value="<?php 
echo escape(Input::get('username'));
?>
">
	</div>
 function save()
 {
     $id = $this->_postid('id', 0);
     if (!$id) {
         $this->JsonReturn('参数丢失');
     }
     $objData = array();
     $noFields = array('logincount', 'loginip', 'logintime', 'regdateline', 'build_uid', 'shop_id', 'unionid');
     if (!parent::_checkIsAdmin()) {
         $noFields = array_merge($noFields, array('city_id', 'service_id'));
     }
     //获取字段内容
     $fieldList = D('steadmin')->getTableFields($noFields);
     foreach ($fieldList['fields'] as $key => $val) {
         $objData[$key] = $val['type'] == 'int' ? $this->_postid($key, $val['value']) : $this->_post($key, $val['value']);
     }
     $objData['repsw'] = $this->_post('repsw');
     $rs = D('steadmin')->where(array('user_id' => $id))->find();
     if (!parent::_checkIsPresident() && !parent::_checkIsAdmin() && $rs['user_id'] != steadmin::$adminInfo['user_id'] && $rs['build_uid'] !== steadmin::$adminInfo['user_id']) {
         $this->JsonReturn('权限不足');
     }
     //社长
     if (parent::_checkIsPresident()) {
         if ($rs['service_id'] !== steadmin::$adminInfo['service_id']) {
             $this->JsonReturn('权限不足');
         } else {
             $objData['service_id'] = steadmin::$adminInfo['service_id'];
         }
     }
     //内容规则检查
     T('content/validate');
     $validate = array(array('username', 'username', '帐户名称不符合要求', 2, 30), array('real_name', 'username', '真实姓名不符合要求', 2, 30), array('phone', 'phone', '手机号码不符合要求'));
     if ($objData['psw']) {
         $validate[] = array('psw', 'min_length', '密码长度必须大于4位', 4);
     }
     $infoData = array('nick_name' => $this->_post('nick_name'), 'user_avatar' => $this->_post('user_avatar'), 'total_service' => $this->_postid('total_service'), 'average_times' => $this->_postid('average_times'), 'score_service' => $this->_post('score_service'), 'score_speed' => $this->_post('score_speed'), 'total_comment' => $this->_postid('total_comment'), 'wechat_id' => $this->_post('wechat_id'));
     //工作人员完善资料
     if (isset($objData['groupid']) && in_array($objData['groupid'], $this->hasWorkerInfo)) {
         $validateInData = array(array('nick_name', 'username', '称呼不符合要求', 2, 30), array('user_avatar', 'required', '用户头像不能为空'), array('total_service', 'int', '总服务次数不符合要求'), array('average_times', 'int', '服务时间不符合要求'), array('score_service', 'double', '服务评分不符合要求'), array('score_speed', 'double', '速度评分不符合要求'), array('total_comment', 'int', '评论人次不符合要求'));
         if (!validate::check($validateInData, $infoData)) {
             $this->JsonReturn(validate::getError());
         }
         $validate[] = array('service_id', 'int', '商圈不能为空');
     }
     if (!validate::check($validate, $objData)) {
         $this->JsonReturn(validate::getError());
     }
     if ($objData['psw'] && $objData['psw'] != $objData['repsw']) {
         $this->JsonReturn('两次密码不一致');
     }
     if ($objData['psw']) {
         $objData['psw'] = D('admin')->setUserPassword($objData['psw']);
     } else {
         unset($objData['psw']);
     }
     //检测账户名或手机号是否重复
     $exist = D('steadmin')->field('user_id')->where(array('city_id' => steadmin::$adminInfo['city_id'], 'username' => $objData['username']))->find();
     if ($exist && $exist['user_id'] != $id) {
         $this->JsonReturn('该帐户名已存在');
     }
     //        $exist = D('steadmin')->field('user_id')
     //                        ->where(array('city_id' => steadmin::$adminInfo['city_id'], 'phone' => $objData['phone']))->find();
     //        if ($exist && $exist['user_id'] != $id) {
     //            $this->JsonReturn('该手机号已经存在');
     //        }
     //        if ($infoData['wechat_id']) {
     //            $exist = M('ste_worker')->field('user_id')
     //                            ->where(array('wechat_id' => $infoData['wechat_id']))->find();
     //            if ($exist && $exist['user_id'] != $id) {
     //                $this->JsonReturn('该微信号已经存在');
     //            }
     //        }
     if ($this->isLocal) {
         $syncToQyh = false;
     } else {
         $syncToQyh = true;
     }
     if (parent::_checkIsAdmin()) {
         $objData['effective'] = $this->_post('effective', 0);
         if ($objData['effective']) {
             $objData['effective'] = inTime($objData['effective']);
         } else {
             $objData['effective'] = 0;
         }
         $objData['status'] = $objData['status'] ? $objData['status'] : 0;
     }
     if ($objData['groupid'] == 8) {
         //店长身份需要设置店铺
         $objData['shop_id'] = $this->_postid('shop_id', 0);
     } else {
         $objData['shop_id'] = 0;
     }
     if ($objData['groupid'] == 9) {
         //社长身份必须设置服务中心
         $objData['service_id'] = $this->_postid('service_id', 0);
     }
     //社长必须有服务中心
     if ($objData['groupid'] == 9 && !$objData['service_id']) {
         $this->JsonReturn('服务中心不能为空');
     }
     //社长必须有服务中心
     if ($objData['groupid'] == 9) {
         if (!$objData['service_id']) {
             $this->JsonReturn('服务中心不能为空');
         }
         $checkWhere = array('city_id' => steadmin::$adminInfo['city_id'], 'service_id' => $objData['service_id'], 'groupid' => 9, 'status' => 1);
         $hasUser = D('steadmin')->where($checkWhere)->getField('user_id');
         if ($hasUser && $hasUser != $id || D('steadmin')->where($checkWhere)->count() > 1) {
             $this->JsonReturn('该服务中心已有社长帐号');
         }
     }
     $objData['city_id'] = steadmin::$adminInfo['city_id'];
     unset($objData['repsw']);
     //        z($objData);
     D('steadmin')->update($objData, array('user_id' => $id));
     //===记录操作日志====
     parent::saveSySLog(2, $objData, $id, array('user_id' => $id), '帐号管理-编辑');
     //===记录操作日志====
     if (in_array($objData['groupid'], $this->hasWorkerInfo)) {
         if (!M('ste_worker')->field('user_id')->where(array('user_id' => $id))->find()) {
             $infoData['user_id'] = $id;
             //插入员工信息
             D('steadmin')->addUserDetailInfo($infoData);
         } else {
             M('ste_worker')->update($infoData, array('user_id' => $id));
         }
     }
     if ($syncToQyh) {
         T('weixin/qy/qyWeixin.api');
         qyApi::init(steadmin::$adminInfo['city_id']);
         $qiyehaoinfo['userid'] = $objData['openid'];
         $qiyehaoinfo['name'] = $objData['real_name'];
         $qiyehaoinfo['mobile'] = $objData['phone'];
         if (isHave($infoData['wechat_id'])) {
             $qiyehaoinfo['weixinid'] = $infoData['wechat_id'];
         }
         $groupidname = $this->adminConfig['group'];
         $qiyehaoinfo['position'] = $groupidname[$objData['groupid']];
         if (!qyApi::userUpdate($qiyehaoinfo) && strpos(qyApi::$errorMsg, '60111') !== 0) {
             $this->JsonReturn('同步到企业号通讯录失败 ' . qyApi::$errorMsg);
         }
     }
     $this->JsonReturn('ok', null, 1);
 }
Example #13
0
<?php

require_once '../core/init.php';
$user = new user();
if ($user->hasPermission('logged in')) {
    redirect::to('index.php');
}
if (input::exists()) {
    if (token::check(input::get('token'))) {
        //make sure $_POST has all the required fields filled out
        $validate = new validate();
        $validation = $validate->check($_POST, array('email' => array('required' => true), 'password' => array('required' => true)));
        if ($validate->passed()) {
            $user = new user();
            //check if the login session should be stored
            $remember = input::get('remember') == 'on';
            //login
            $login = $user->login(input::get('email'), input::get('password'), $remember);
            if ($login) {
                //TODO: make sure user has permission to log in (activated and not banned)
                if ($user->data()->status == 'u') {
                    $user->logout();
                } else {
                    if ($user->data()->status == 'b') {
                        $user->logout();
                    } else {
                        // success
                    }
                }
            }
        }
Example #14
0
<?php

require_once 'php/templates/header.php';
?>
<div class="page-header">
<h1><span class="glyphicon glyphicon-user" aria-hidden="true"></span> Change Your Password</h1>
</div>
<?php 
if (!$user->isLoggedIn()) {
    ?>
<script>window.location.href = 'index.php';</script><?php 
}
if (Input::exists()) {
    if (Token::check(Input::get('token'))) {
        $validate = new validate();
        $validation = $validate->check($_POST, array('password_current' => array('required' => true, 'min' => 6), 'password_new' => array('required' => true, 'min' => 6), 'password_new_again' => array('required' => true, 'min' => 6, 'matches' => 'password_new')));
        if ($validation->passed()) {
            if (Hash::make(Input::get('password_current'), $user->data()->salt) !== $user->data()->password) {
                echo 'The current password you have supplied is incorrect';
            } else {
                $salt = Hash::salt(32);
                $user->update(array('password' => Hash::make(Input::get('password_new'), $salt), 'salt' => $salt));
                Session::flash('home-success', 'Your password has been updated! You will need to login again.');
                ?>
<script>window.location.href = 'logout.php';</script><?php 
            }
        } else {
            ?>
			<div class="panel panel-danger">
        		<div class="panel-heading">Please fix the following errors</div>
      			<ul class="list-group">
<?php

require_once '../core/init.php';
req::once('functions/rand_pass.php');
$user = new user();
if ($user->notHasPermission('logged in')) {
    die;
}
if (input::exists()) {
    if (token::check(input::get('token'))) {
        $validate = new validate();
        $validate->check($_POST, array('name' => array('required' => true, 'max' => 128)));
        if ($validate->passed()) {
            try {
                //database actions
                $db = db::getInstance();
                $db->insert('lists', array('name' => input::get('name'), 'owner' => $user->data()->id));
            } catch (Exception $e) {
                die($e->getMessage());
            }
        }
    }
}
 public function batch()
 {
     parent::_checkLogin();
     parent::_authUser(array(1, 2, 5, 7, 8));
     $gids = $this->_post('gid');
     if (!$gids || !is_array($gids)) {
         $this->JsonReturn('请先选择需要操作的商品');
     }
     $objData = array();
     $list = array('original_price', 'price_pre', 'price', 'storage_counts', 'start_times', 'end_times', 'px', 'cate_id', 'order_counts');
     foreach ($list as $val) {
         $objData[$val] = $this->_post($val, '');
     }
     //内容规则检查
     T('content/validate');
     $validate = array();
     if ($objData['price']) {
         $validate[] = array('price', 'currency', '商品价格不正确');
     } else {
         unset($objData['price']);
     }
     if ($objData['storage_counts']) {
         $validate[] = array('storage_counts', 'int', '库存不正确');
     } else {
         unset($objData['storage_counts']);
     }
     if ($objData['original_price']) {
         $validate[] = array('original_price', 'currency', '商品原始价格不正确');
     } else {
         unset($objData['original_price']);
     }
     if ($objData['start_times']) {
         $objData['start_times'] = inTime($objData['start_times']);
     } else {
         unset($objData['start_times']);
     }
     if ($objData['end_times']) {
         $objData['end_times'] = inTime($objData['end_times']);
     } else {
         unset($objData['end_times']);
     }
     if (!$objData['cate_id']) {
         unset($objData['cate_id']);
     }
     if (!$objData['price_pre']) {
         unset($objData['price_pre']);
     }
     if ($objData['px'] !== '') {
         $objData['px'] = intval($objData['px']);
     } else {
         unset($objData['px']);
     }
     if ($objData['order_counts'] !== '') {
         $objData['order_counts'] = intval($objData['order_counts']);
     } else {
         unset($objData['order_counts']);
     }
     if (!$objData) {
         $this->JsonReturn('必须有修改项!');
     }
     if ($validate && !validate::check($validate, $objData)) {
         $this->JsonReturn(validate::getError());
     }
     //补充数据
     $objData['refresh_time'] = TIME;
     //        z($objData);
     //取出所以商品,并对商品做权限判断
     $rs = M('ste_goods')->field('user_id,gid,shop_id')->where(array('gid' => $gids))->findAll(false);
     if (!$rs) {
         $this->JsonReturn('没有找到符合条件的商品');
     }
     $ids = array();
     foreach ($rs as $val) {
         if (!parent::_checkUser($val['user_id'], $val['shop_id'])) {
             $this->JsonReturn('操作错误,没有编辑权限');
         } else {
             $ids[] = $val['gid'];
         }
     }
     if ($ids) {
         $total = M('ste_goods')->update($objData, array('gid' => $ids));
         //===记录操作日志====
         parent::saveSySLog(4, $objData, $ids, array('gid' => $ids), '商品管理-批量设置');
         //===记录操作日志====
         $this->JsonReturn('ok', $total, 1);
     } else {
         $this->JsonReturn('没有找到符合条件的商品');
     }
 }