public function search($pk)
{
$map['status'] = 1;
if ($val = act_decrypt(I('pk'))) {
$map['id'] = $val;
}
if ($val = I('query')) {
$map['_string'] = "(hy.name LIKE '%{$val}%' OR hy.user_no='{$val}')";
}
if ($val = I('cls')) {
$map['student.class_id'] = $val;
}
$map = count($map) > 1 ? $map : 'false';
$lists = $this->where($map)->reflect(array('student|id|user_id|class_id,building,room,bank_card,parent_phone', 'class|student.class_id|id|name class_name'))->select('hy');
if (1 === count($lists)) {
$user = $lists[0];
$user['id'] = act_encrypt($user['id']);
$user['name'] = $user['name'];
$user['phone'] = val_decrypt($user['phone']);
$user['class_id'] = act_encrypt($classId = $user['class_id']);
$user['roles'] = $this->callback_rolesRead($user['roles']);
$lists = null;
} else {
foreach ($lists as $k => &$v) {
$v['id'] = act_encrypt($v['id']);
}
}
if ($user['building'] && $user['room']) {
$user['dorm'] = $user['building'] . ' - ' . $user['room'];
$roomMates = $this->reflect(array('student|id|user_id|building,room'))->where(array('student.building' => $user['building'], 'id' => array('neq', act_decrypt($user['id'])), 'student.room' => $user['room']))->select('hy');
$roomMates = md_arr_2_asc_arr($roomMates, 'name', 'phone');
$user['roomMates'] = '';
foreach ($roomMates as $k => $v) {
$user['roomMates'] .= $k;
$user['roomMates'] .= $v ? '(' . $v . ')<br>' : '';
}
}
$classMonitorId = D('StudentCadre')->getCadreUid($classId, '班长');
$classSecretaryId = D('StudentCadre')->getCadreUid($classId, '团支书');
$userM['monitor'] = $this->where(array('id' => $classMonitorId))->find() ?: array();
$userS['secretary'] = $this->where(array('id' => $classSecretaryId))->find() ?: array();
$user['class_id'] = act_decrypt($user['class_id']);
$userI['instructor'] = $this->reflect(array('instructor|id|teacher_id|class_id'))->where(array('instructor.class_id' => $user['class_id']))->select(array('hy' => true));
$ms = array_merge($userM, $userS, $userI);
foreach ($ms as $k => $v) {
if ($k != 'instructor') {
$user[$k] = $v['name'] . '(' . $v['phone'] . ')';
} else {
foreach ($v as $k1 => $v1) {
$user[$k] .= $v1['name'] . '(' . $v1['phone'] . ')<br/>';
}
}
}
$arr['userInfo'] = array('name' => '姓名', 'user_no' => '学号', 'sex' => '性别', 'roles' => '角色', 'class_name' => '班级', 'monitor' => '班长', 'secretary' => '团支书', 'instructor' => '辅导员', 'college' => '学院', 'phone' => '电话', 'email' => '邮箱', 'dorm' => '寝室', 'roomMates' => '室友', 'nation' => '民族', 'native' => '籍贯', 'qq' => 'QQ', 'parent_phone' => '家长电话', 'id_card' => '身份证号', 'bank_phone' => '银行卡号', 'roles' => '职务');
$arr['lists'] = $lists;
$arr['user'] = $user;
$arr['arrInfo'] = array('class_name', 'user_no', 'nation', 'roles', 'native');
return $arr;
}
/**
* AJAX入口
*/
public function ajax()
{
$logStep .= "登录验证";
$json = array('status' => false, 'info' => '', 'data' => '');
$u = aes_decrypt_base(I('u'), session('LOGIN_KEY'));
$this->model = new HyAccountModel();
switch (I('get.q')) {
// 登录验证
case 'login':
if (!($user = $this->model->login($u))) {
$json['info'] = '账号不存在或已禁用!' . $u;
break;
}
$key = substr($user['password'], 5, 32);
$true = aes_decrypt_base(I('p'), $key);
if ($user['password'] != $true) {
$json['info'] = '输入的密码有误!';
$logStep .= " >> <span class='text-warning'>密码错误</span>";
break;
}
// 单点登录限制
if (C('SINGLE_POINT_ONLINE') && $user['session_id'] && $user['session_id'] != session_id()) {
$lastTime = M(ltrim(C('SESSION_TABLE'), C('DB_PREFIX')))->getFieldBySession_id($user['session_id'], 'session_expire');
if ($lastTime && TIME - $lastTime < C('SESSION_OPTIONS.expire')) {
$json['info'] = '用户已经在线!如非正常退出,请稍后再试!';
break;
}
}
$logStep .= " >> <span class='text-success'>成功</span>";
$json['info'] = '用户身份验证成功,玩命加载中...';
$json['data'] = rand(10000000, 99999999);
// 缓存身份认证信息
session('USER_AGENT', $_SERVER['HTTP_USER_AGENT']);
session('HOMYIT_BASE_AUTH_COUNTER', $json['data']);
session('HOMYIT_BASE_AUTH_SEED', substr(sha1($user['password'] . '#' . $json['data']), 7, 32));
// 更新登录记录
$data['id'] = $user['id'];
$data['login_last_time'] = time();
$data['login_times'] = ++$user['login_times'];
$data['session_id'] = session_id();
$this->model->save($data);
// 用户信息缓存
session('userId', $user['id']);
session('userName', $user['name']);
session('avatarFile', avatar_file($user['avatar_file']));
// 登录成功后置方法
$this->model->onLoginPass($user);
// 角色信息缓存
$roleIdArr = array_unique(explode(',', trim($user['roles'], ',')));
session('roleIdArr', $roleIdArr);
$this->roleCache($roleIdArr[0]);
$json['status'] = true;
break;
// 忘记密码 - 发送验证码
// 忘记密码 - 发送验证码
case 'forgetSendVerify':
$email = trim(I('e'));
$user = $this->model->where(array('user_no' => $u, 'status' => 1))->find();
if (!$user) {
$json['info'] = '账号不存在或已禁用!';
break;
}
if (sha1(val_decrypt($user['email'])) != $email) {
$logStep .= " >> <span class='text-warning'>忘记密码重置 - 邮箱验证失败!</span>";
$json['info'] = '您输入的邮箱地址与系统中保存的不一致,如有异议可联系辅导员!';
break;
}
if (!preg_match('/^\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*$/', $user['email'])) {
$logStep .= " >> <span class='text-warning'>忘记密码重置 - 系统中的邮箱不合法!</span>";
$json['info'] = '邮箱地址不合法!';
break;
}
if (!($verify = $this->model->forgetPwdSendVerify($user['email']))) {
$json['info'] = '邮件发送失败,请稍后重试!';
break;
}
session($user['user_no'] . '_forgetVerify', $verify);
$json['status'] = true;
$json['info'] = '邮件发送成功,请查收发送的验证码,并填入下框';
break;
// 忘记密码 - 重置密码
// 忘记密码 - 重置密码
case 'forgetRestPwd':
$user = $this->model->where(array('user_no' => $u, 'status' => 1))->find();
if (!$user) {
$logStep .= " >> <span class='text-danger'>疑似攻击,已成功拦截!</span>";
$json['info'] = '请勿非法操作!';
break;
}
$verify = trim(I('v'));
if (!$verify || $verify != session($user['user_no'] . '_forgetVerify')) {
session($user['user_no'] . '_forgetVerify', null);
$logStep .= " >> <span class='text-warning'>忘记密码重置 - 邮箱验证码无效!</span>";
$json['info'] = '您输入的验证码不正确,请重试!';
break;
}
$this->model->where(array('id' => $user['id']))->save(array('password' => D('HyAccount')->pwdEncrypt(trim(I('p')), true)));
$json['status'] = true;
$json['info'] = '密码重置成功,请重新登录!';
break;
}
// 登录日志
if ($user['id']) {
$log = array('user_id' => $user['id'], 'controller' => CONTROLLER_NAME, 'action' => ACTION_NAME, 'post' => json_encode(I('post.')), 'description' => ' >> ' . $logStep, 'ip' => get_client_ip(), 'create_time' => time());
M('frame_log')->add($log);
}
$this->ajaxReturn($json);
}
public function detail($pk)
{
$associate = array('user|user_id|id|user_no,name,sex,phone,roles,email,login_last_time,login_times,avatar_file');
$arr = $this->associate($associate)->where(array('user.id' => $pk))->find();
return array('table' => array('base' => array('title' => '基础信息', 'icon' => 'fa-list-alt', 'style' => 'green', 'value' => array('姓名:' => val_decrypt($arr['name']), '性别:' => $arr['sex'], '电话:' => val_decrypt($arr['phone']), '邮箱:' => $arr['email'])), 'teacher' => array('title' => '教工信息', 'icon' => 'fa-book', 'style' => 'purple', 'value' => array('教工号:' => $arr['user_no'], '职务:' => $arr['job'], '备注:' => $arr['remark'])), 'user' => array('title' => '账号信息', 'icon' => 'fa-user', 'style' => 'yellow', 'value' => array('头像:' => HomkaiServiceModel::getAvatarTpl($arr['avatar_file']), '上次登录:' => to_time($arr['login_last_time']), '累计登录:' => ($arr['login_times'] ?: 0) . '次'))));
}
protected function detail($pk)
{
$arr = $this->where(array('id' => $pk))->find('hy');
return array('table' => array('table1' => array('title' => '日志记录', 'icon' => 'fa-file-text', 'style' => 'green', 'cols' => '3,9', 'value' => array('时间:' => to_time($arr['create_time'], 2), 'IP :' => $arr['ip'], '描述:' => $arr['description'])), 'table2' => array('title' => '用户信息', 'icon' => 'fa-user', 'style' => 'blue', 'value' => array('姓名:' => $arr['name'], '性别 :' => $arr['sex'], '手机号:' => val_decrypt($arr['phone']), '上次登录:' => to_time($arr['login_last_time'], 2))), 'table3' => array('title' => '操作参数', 'icon' => 'fa-tachometer', 'style' => 'yellow', 'cols' => '3,9', 'value' => array('控制器:' => $arr['controller'], '操作:' => $arr['action'], 'URL:' => "<span data-text=\"{$arr['url']}\">" . substr($arr['url'], 0, 38) . "...</span>", 'POST参数:' => "<span data-text=\"{$arr['post']}\">" . substr($arr['post'], 0, 38) . "...</span>"))));
}