/**
* login for both nurse and admin
*/
function login()
{
$user_type = $_REQUEST['user_type'];
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
if ($user_type == 'admin') {
include '../models/model_admin.php';
$admin = new admin();
$row = $admin->login($username, $password);
if (!$row) {
echo '{"result":0,"message": "Your details as an admin are wrong."}';
return;
}
set_admin_session($row);
echo '{"result":1,"message": "' . $_SESSION['admin_fn'] . ' is logged in"}';
return;
} elseif ($user_type == 'nurse') {
include '../models/model_nurse.php';
$nurse = new nurse();
$row = $nurse->login($username, $password);
if (!$row) {
echo '{"result":0,"message": "Your details as a nurse are wrong."}';
return;
}
set_nurse_session($row);
echo '{"result":1,"message": "' . $_SESSION['nurse_name'] . ' is logged in"}';
return;
}
}
$row = $db->GetRow($sql);
if (!$row) {
// 没有找到这个记录
setcookie($_COOKIE['ECSCP']['admin_id'], '', 1);
setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1);
if (!empty($_REQUEST['is_ajax'])) {
make_json_error($_LANG['priv_error']);
} else {
ecs_header("Location: privilege.php?act=login\n");
}
exit;
} else {
// 检查密码是否正确
if (md5($row['password'] . $_CFG['hash_code']) == $_COOKIE['ECSCP']['admin_pass']) {
!isset($row['last_time']) && ($row['last_time'] = '');
set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['last_time']);
// 更新最后登录时间和IP
$db->query('UPDATE ' . $ecs->table('admin_user') . " SET last_login = '******', last_ip = '" . real_ip() . "'" . " WHERE user_id = '" . $_SESSION['admin_id'] . "'");
} else {
setcookie($_COOKIE['ECSCP']['admin_id'], '', 1);
setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1);
if (!empty($_REQUEST['is_ajax'])) {
make_json_error($_LANG['priv_error']);
} else {
ecs_header("Location: privilege.php?act=login\n");
}
exit;
}
}
} else {
if (!empty($_REQUEST['is_ajax'])) {
/**
* 用户登录函数
* 验证登录,设置COOKIE
*
* @param array $post
*/
function API_UserLogin($post)
{
$post['username'] = isset($post['UserId']) ? trim($post['UserId']) : '';
$post['password'] = isset($post['Password']) ? strtolower(trim($post['Password'])) : '';
/* 检查密码是否正确 */
$sql = "SELECT user_id, user_name, password, action_list, last_login" . " FROM " . $GLOBALS['ecs']->table('admin_user') . " WHERE user_name = '" . $post['username'] . "'";
$row = $GLOBALS['db']->getRow($sql);
if ($row) {
if ($row['password'] != $post['password']) {
client_show_message(103);
}
require_once ROOT_PATH . ADMIN_PATH . '/includes/lib_main.php';
// 登录成功
set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['last_login']);
// 更新最后登录时间和IP
$GLOBALS['db']->query("UPDATE " . $GLOBALS['ecs']->table('admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['admin_id']}'");
client_show_message(100, true, VERSION, 0, true, EC_CHARSET);
} else {
client_show_message(103);
}
}
$row = $db->GetRow($sql);
if (!$row) {
// 没有找到这个记录
setcookie($_COOKIE['ECSCP']['admin_id'], '', 1);
setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1);
if (!empty($_REQUEST['is_ajax'])) {
make_json_error($_LANG['priv_error']);
} else {
ecs_header("Location: privilege.php?act=login\n");
}
exit;
} else {
// 检查密码是否正确
if (md5($row['password'] . $_CFG['hash_code']) == $_COOKIE['ECSCP']['admin_pass']) {
!isset($row['last_time']) && ($row['last_time'] = '');
set_admin_session($row['user_id'], $row['user_name'], $row['role_id'], $row['group_id'], $row['ext'], $row['action_list'], $row['last_time']);
// 更新最后登录时间和IP
$db->query('UPDATE ' . $ecs->table('admin_user') . " SET last_login = '******', last_ip = '" . real_ip() . "'" . " WHERE user_id = '" . $_SESSION['admin_id'] . "'");
} else {
setcookie($_COOKIE['ECSCP']['admin_id'], '', 1);
setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1);
if (!empty($_REQUEST['is_ajax'])) {
make_json_error($_LANG['priv_error']);
} else {
ecs_header("Location: privilege.php?act=login\n");
}
exit;
}
}
} else {
if (!empty($_REQUEST['is_ajax'])) {
if (!$row) {
// 没有找到这个记录
setcookie($_COOKIE['ECSCP']['admin_id'], '', 1);
setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1);
if (!empty($_REQUEST['is_ajax'])) {
make_json_error($_LANG['priv_error']);
} else {
// die("HTTP_REFERER2");
ecs_header("Location: ../login.php\n");
}
exit;
} else {
// 检查密码是否正确
if (md5($row['password'] . $_CFG['hash_code']) == $_COOKIE['ECSCP']['admin_pass']) {
!isset($row['last_time']) && ($row['last_time'] = '');
set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['role_id'], $row['status_id'], $row['school_code'], $row['class_code']);
// 更新最后登录时间和IP
$db->query('UPDATE hteacher.ht_admin_user ' . " SET last_login = '******', last_ip = '" . real_ip() . "'" . " WHERE user_id = '" . $_SESSION['admin_id'] . "'");
} else {
setcookie($_COOKIE['ECSCP']['admin_id'], '', 1);
setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1);
if (!empty($_REQUEST['is_ajax'])) {
make_json_error($_LANG['priv_error']);
} else {
// die("HTTP_REFERER3");
ecs_header("Location: ../login.php\n");
}
exit;
}
}
} else {
if (!$row) {
// 没有找到这个记录
setcookie($_COOKIE['ECSCP']['admin_id'], '', 1);
setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1);
if (!empty($_REQUEST['is_ajax'])) {
make_json_error($_LANG['priv_error']);
} else {
// die("login1");
ecs_header("Location: ../login.php\n");
}
exit;
} else {
// 检查密码是否正确
if (md5($row['password'] . $_CFG['hash_code']) == $_COOKIE['ECSCP']['admin_pass']) {
!isset($row['last_time']) && ($row['last_time'] = '');
set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['last_time'], $row['role_id'], $row['school_code']);
// 更新最后登录时间和IP
$db->query('UPDATE ' . $ecs->table('admin_user') . " SET last_login = '******', last_ip = '" . real_ip() . "'" . " WHERE user_id = '" . $_SESSION['admin_id'] . "'");
} else {
setcookie($_COOKIE['ECSCP']['admin_id'], '', 1);
setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1);
if (!empty($_REQUEST['is_ajax'])) {
make_json_error($_LANG['priv_error']);
} else {
// die("login2");
ecs_header("Location: ../login.php\n");
}
exit;
}
}
} else {
function weixin_oauth($callback)
{
global $ecs, $db, $_CFG;
$rs = $db->getRow("SELECT * FROM `wxch_config` WHERE `id` = 1");
$param['appid'] = $rs['appid'];
$oauth = intval($_REQUEST['oauth']);
if ($oauth == 0) {
$param['redirect_uri'] = $callback . (strpos($callback, '?') > 0 ? '&' : '?') . 'oauth=1';
$param['response_type'] = 'code';
$param['scope'] = 'snsapi_base';
//'snsapi_userinfo';
$url = 'https://open.weixin.qq.com/connect/oauth2/authorize?' . http_build_query($param) . '#wechat_redirect';
ecs_header("Location: {$url}\n");
exit;
} elseif ($oauth == 1) {
$param['secret'] = $rs['appsecret'];
$param['code'] = $_REQUEST['code'];
$param['grant_type'] = 'authorization_code';
$url = 'https://api.weixin.qq.com/sns/oauth2/access_token?' . http_build_query($param);
$content = file_get_contents($url);
$token = json_decode($content, true);
$sql = "SELECT * FROM " . $ecs->table('admin_user') . "WHERE wxid = '" . $token['openid'] . "'";
$user_info = $db->getRow($sql);
if (empty($user_info)) {
return false;
} else {
//login
set_admin_session($user_info['user_id'], $user_info['user_name'], $user_info['action_list'], $user_info['last_login']);
$_SESSION['openid'] = $token['openid'];
$_SESSION['shop_list'] = !empty($user_info['shop_list']) ? explode(',', $user_info['shop_list']) : array();
// 更新最后登录时间和IP
$db->query("UPDATE " . $ecs->table('admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['admin_id']}'");
// set cookie
$time = gmtime() + 3600 * 24 * 365;
setcookie('ECSCP[admin_id]', $user_info['user_id'], $time);
setcookie('ECSCP[admin_pass]', md5($user_info['password'] . $_CFG['hash_code']), $time);
}
return $user_info;
}
}
function admin_signin($username, $password)
{
$sql = "SELECT user_id, user_name, password, last_login, action_list, last_login, last_ip" . " FROM " . $GLOBALS['ecs']->table('admin_user') . " WHERE user_name = '{$username}' AND password = '******'" . " AND manager_id in ('0','4','40','99')";
$row = $GLOBALS['db']->getRow($sql);
$arr = array();
if ($row) {
//登陆成功
set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['last_login']);
if ($row['action_list'] == 'all' && empty($row['last_login'])) {
//打开向导
}
// 更新最后登录时间和IP
$GLOBALS['db']->query("UPDATE " . $GLOBALS['ecs']->table('admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['admin_id']}'");
//保存登陆信息
if (isset($_POST['remember'])) {
$time = gmtime() + 3600 * 24 * 365;
setcookie('ECSCP[admin_id]', $row['user_id'], $time);
setcookie('ECSCP[admin_pass]', md5($row['password'] . $_CFG['hash_code']), $time);
}
//返回结果
$arr['login_status'] = true;
$arr['user_id'] = $row['user_id'];
$arr['user_name'] = $row['user_name'];
$arr['password'] = $row['password'];
$arr['last_login'] = local_date($GLOBALS['_CFG']['time_format'], $row['last_login']);
$arr['last_ip'] = $row['last_ip'];
$arr['action_list'] = $row['action_list'];
} else {
//登陆失败
$arr['login_status'] = false;
$arr['user_id'] = 0;
$arr['user_name'] = 'guest';
$arr['password'] = '';
$arr['last_login'] = '******';
$arr['last_ip'] = '0.0.0.0';
$arr['action_list'] = '';
}
return $arr;
}
$sql = "SELECT user_id, user_name, password, last_login,rank_id,action_list, last_login,suppliers_id,rank_id_goods,ec_salt" . " FROM " . $ecs->table('admin_user') . " WHERE user_name = '" . $_POST['username'] . "' AND password = '******'password']) . $ec_salt) . "'";
} else {
/* 检查密码是否正确 */
$sql = "SELECT user_id, user_name, password, last_login,rank_id,rank_id_goods,action_list, last_login,suppliers_id,ec_salt" . " FROM " . $ecs->table('admin_user') . " WHERE user_name = '" . $_POST['username'] . "' AND password = '******'password']) . "'";
}
$row = $db->getRow($sql);
if ($row) {
// 检查是否为供货商的管理员 所属供货商是否有效
if (!empty($row['suppliers_id'])) {
$supplier_is_check = suppliers_list_info(' is_check = 1 AND suppliers_id = ' . $row['suppliers_id']);
if (empty($supplier_is_check)) {
sys_msg($_LANG['login_disable'], 1);
}
}
// 登录成功
set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['last_login'], $row['rank_id'], $row['rank_id_goods']);
$_SESSION['suppliers_id'] = $row['suppliers_id'];
if (empty($row['ec_salt'])) {
$ec_salt = rand(1, 9999);
$new_possword = md5(md5($_POST['password']) . $ec_salt);
$db->query("UPDATE " . $ecs->table('admin_user') . " SET ec_salt='" . $ec_salt . "', password='******'" . " WHERE user_id='{$_SESSION['admin_id']}'");
}
if ($row['action_list'] == 'all' && empty($row['last_login'])) {
$_SESSION['shop_guide'] = true;
}
// 更新最后登录时间和IP
$db->query("UPDATE " . $ecs->table('admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['admin_id']}'");
if (isset($_POST['remember'])) {
$time = gmtime() + 3600 * 24 * 365;
setcookie('ECSCP[admin_id]', $row['user_id'], $time);
setcookie('ECSCP[admin_pass]', md5($row['password'] . $_CFG['hash_code']), $time);
}
$_POST['username'] = isset($_POST['username']) ? trim($_POST['username']) : '';
$_POST['password'] = isset($_POST['password']) ? trim($_POST['password']) : '';
$sql = "SELECT * FROM " . $ecs->table('admin_user') . "WHERE user_name = '" . $_POST['username'] . "'";
$admin_user = $db->getRow($sql);
$is_suc = isset($admin_user['ec_salt']) ? $admin_user['password'] == md5(md5($_POST['password']) . $admin_user['ec_salt']) : $admin_user['password'] == md5($_POST['password']);
if ($is_suc) {
// 检查是否为供货商的管理员 所属供货商是否有效
if (!empty($row['suppliers_id'])) {
$supplier_is_check = suppliers_list_info(' is_check = 1 AND suppliers_id = ' . $admin_user['suppliers_id']);
if (empty($supplier_is_check)) {
show_api_message('您输入的帐号暂时不可用。', '管理员登录', $php_self . '?act=login', 'error');
}
}
// 登录成功
set_admin_session($admin_user['user_id'], $admin_user['user_name'], $admin_user['action_list'], $admin_user['last_login']);
$_SESSION['suppliers_id'] = $admin_user['suppliers_id'];
// 更新最后登录时间和IP
$db->query("UPDATE " . $ecs->table('admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['admin_id']}'");
show_api_message('登录成功', '开始配置接口参数', $php_self . '?act=config', 'info');
} else {
show_api_message('登录失败', '重新登录', $php_self . '?act=login', 'error');
}
break;
} elseif ($act == 'config') {
if (!check_privilege()) {
show_api_message('登录后才能配置接口参数', '管理员登录', $php_self . '?act=login', 'error');
}
if (isset($_POST['submit'])) {
if (empty($_POST['qq_appid']) || empty($_POST['qq_appkey'])) {
show_api_message('参数不能为空', '重新配置', $php_self . '?act=config', 'error');
