/**
*获取用户名 + 密码 + 客户端发送过来的随机值 产生的MD5值,返回给客户端,客户端用此验证是否登陆成功
**/
protected function create()
{
$input = $this->post;
$str = print_r($input, true);
Log::record($str, true);
Log::save();
$ret = $input['username'] && $input['pwd'] && $input['code'];
if ($ret) {
$ret = LoginLgModel::checkLogin($input['username'], $input['pwd'], $input['code']);
}
if ($ret) {
$this->success('登陆成功!' . $str, $ret);
} else {
$this->returnMsg(200, '用户名或密码错误' . $str);
}
}
/**
*$pwd明文,code为商家公众号code
**/
public static function checkLogin($username, $pwd, $code)
{
$wxuser = M('wxuser')->field('token,uid,company,code')->where(array('code' => $code))->find();
$ret = $wxuser && true;
if ($ret) {
$user = M('manage_user')->where(array('user_name' => $username, 'status' => 1, 'token' => $wxuser['token']))->find();
$pwd = md5(md5($pwd . $user['lz_salt']));
$ret = $user && $pwd === $user['password'];
}
//获取预定的id及信息,获取商城id及信息,获取餐馆id及信息
if ($ret) {
$token = $user['token'];
session_destroy();
session_start();
$user['diningsub'] = $user['diningsub'] === false ? 0 : $user['diningsub'];
$user['hotelsub'] = $user['hotelsub'] === false ? 0 : $user['hotelsub'];
$_SESSION['manage_user_name'] = $user['user_name'];
$_SESSION['manage_merchant'] = $wxuser['company'];
$_SESSION['manage_company_token'] = $user['token'];
$_SESSION['manage_company_code'] = $wxuser['code'];
$_SESSION['manage_dine_branch'] = $user['diningsub'];
$_SESSION['manage_hotel_branch'] = $user['hotelsub'];
$av_actions = LoginLgModel::getAvAction($wxuser['uid'], $user['action_list']);
$_SESSION['manage_act_list'] = implode(',', $av_actions);
$prebook = LoginLgModel::getPreBook($token);
$eshop = LoginLgModel::getEShop($token);
$_SESSION['manage_prebook_branch'] = $prebook['id'];
$_SESSION['manage_eshop_branch'] = $eshop['id'];
unset($user['action_list']);
unset($user['password']);
$result = array('company' => $wxuser, 'user' => $user, 'booking' => $prebook, 'eshop' => $eshop, 'hotel' => LoginLgModel::getAvHotel($user['hotelsub'], $token), 'rest' => LoginLgModel::getAvRest($user['diningsub'], $token), 'actions' => $av_actions);
return $result;
} else {
return false;
}
}
protected function check_action($action, $id)
{
$ret = $id && LoginLgModel::checkAction($action);
return $ret;
}
protected function checkAuth($action)
{
$ret = $this->checkLogin();
if (!$ret) {
$this->needLogin();
}
$ret = LoginLgModel::checkAction($action);
if ($ret) {
return $ret;
}
$this->returnMsg(3, '您没有权限执行此操作!');
}
