function login() { $post = $this->post; if (count($post)) { $phone = $post['phone']; $pass = $post['pass']; if (!validate('phone', $phone)) { $this->redirect(_HOST . "login"); } if (!validate('pass', $pass)) { $this->redirect(_HOST . "login"); } $result = $this->load('employee')->login($phone, secret($pass)); if ($result) { $per = $result['permissions']; if (!empty($per)) { $result['permissions'] = array_map("strtolower", unserialize($per)); } $this->session['user'] = $result; $this->redirect('index'); } else { $this->redirect("login"); } } else { return $this->view(V_PATH . "login.html", array("css" => CSS, 'host' => _HOST)); } }
/** * save token to db */ public static function initWxTokenToDB() { global $db; $url = wxTokenUrl() . "&appid=" . appid() . "&secret=" . secret(); // 请求微信token //LogUtil::logs("initWxTokenToDB tokenurl====>".$url, getLogFile('/business.log')); $arr = RequestUtil::httpGet($url); $newToken = $arr['access_token']; //LogUtil::logs("initWxTokenToDB newToken====>".$newToken, getLogFile('/business.log')); // 请求微信ticket $newTicket = self::initTicket($newToken); $updatetime = DateUtil::getCurrentTime(); // 加锁文件 if (file_exists($lockfile)) { //LogUtil::logs("initWxTokenToDB ====> file in writing, only can read\r\n", getLogFile('/business.log')); exit; } // save or update; $db->exec("INSERT INTO wx_token(id, token, updatetime, ticket) \r\n\t\tvalues(1, '{$newToken}','{$updatetime}','{$newTicket}') \r\n\t\tON DUPLICATE KEY UPDATE token='{$newToken}', updatetime='{$updatetime}', ticket='{$newTicket}'"); // 关闭锁文件 fclose($lockTemp); // 删除锁文件 unlink($lockfile); return $newToken; }
function put() { $guest_id = isset($this->session['guest']) ? $this->session['guest'] : 0; if (!empty($guest_id)) { $post = $this->post; $old_pass = $post["old_pass"]; $new_pass = $post["new_pass"]; if (strlen($old_pass) < 6 || strlen($new_pass) < 6) { return json_encode(array("error_code" => 11)); } $old_pass = secret($old_pass); $new_pass = secret($new_pass); $result = $this->load("guest")->updatePass(array("guest_id" => $guest_id, "old_pass" => $old_pass, "new_pass" => $new_pass)); if ($result) { return json_encode(array("error_code" => 0)); } else { //修改密码失败 return json_encode(array("error_code" => 12)); } } else { return json_encode(array("error_code" => 1)); } }
function get() { $session_sms = isset($this->session['sms']) ? $this->session['sms'] : 0; if (!empty($session_sms)) { $sms = $this->post["sms"]; if ($this->session['sms'] == $sms) { $phone = $this->session['phone']; $new_pass = randomPass(6); $s_pass = secret($new_pass); $ret = $this->load("guest")->updatePassByPhone($phone, $s_pass); if ($ret) { $result = send_sms_code($phone, "新密码:" . $new_pass . ",请妥善保存"); return json_encode(array("error_code" => 0)); } else { //update fail return json_encode(array("error_code" => 13)); } } else { return json_encode(array("error_code" => 7)); } } else { return json_encode(array("error_code" => 6)); } }
die(JSON::encode($return_data)); } $user_id = $_SESSION['user_id']; $method = $_SERVER['REQUEST_METHOD']; $resource = isset($_REQUEST['api_data']) ? trim($_REQUEST['api_data']) : 'hot'; /* 根据不同的API_RESOURCE来做不同的处理 */ switch ($resource) { case 'hot': include_once 'includes/controller/goods/lib_controller_list.php'; api_return($resource, li_st()); break; case 'view': include_once 'includes/controller/goods/lib_controller_view.php'; api_return($resource, view()); break; case 'idcard': include_once 'includes/controller/goods/lib_controller_new.php'; api_return($resource, idcard()); break; case 'secret': include_once 'includes/controller/goods/lib_controller_secret.php'; api_return($resource, secret()); break; case 'order': include_once 'includes/controller/goods/lib_controller_order.php'; api_return($resource, order()); break; default: # code... break; }
function secret_apart($x, $y) { return secret($x) + secret($y); }
// developing on Windows (unlike production server) $root = dirname($_SERVER['DOCUMENT_ROOT']); $caller = $_SERVER['REMOTE_ADDR']; $dbs = (array) json_decode(utf8_encode(file_get_contents("{$root}/.databases"))); if (!($cryptKey = @$dbs['_offsiteKeys']->{$caller})) { die('access denied, caller ' . $caller); } // unique password for each caller (unknown to them) offlog(17, $args = $_POST); $id = @$args['id']; $data = @$args['data']; if (empty($id) and is_null($data)) { die('server error (no data)'); } try { exit((string) secret($dbs, $cryptKey, $id, $data)); } catch (PDOException $ex) { die('server error (query)'); } function secret($dbs, $cryptKey, $id, $data = NULL) { global $db; $maxLen = strlen('9223372036854775807') - 1; // keep it shorter than biggest usable unsigned "big int" in MySQL $table = 'offsite'; extract((array) $dbs[$db_name = key($dbs)], EXTR_PREFIX_ALL, 'db'); $db = new PDO("{$db_driver}:host={$db_host};port={$db_port};dbname={$db_name}", $db_user, $db_pass); if (!isset($data)) { return offlog(35, $result = lookup('data', $table, $id)) == '' ? '' : base64_encode(ezdecrypt($result, $cryptKey)); } // retrieval is easy
/** * Testing for setup * @global array $profile */ function test_mode() { global $profile, $p, $g; if ($profile['allow_test'] != true) { error_403(); } @ini_set('max_execution_time', 180); $test_expire = time() + 120; $test_ss_enc = 'W7hvmld2yEYdDb0fHfSkKhQX+PM='; $test_ss = base64_decode($test_ss_enc); $test_token = "alpha:bravo\ncharlie:delta\necho:foxtrot"; $test_server_private = '11263846781670293092494395517924811173145217135753406847875706165886322533899689335716152496005807017390233667003995430954419468996805220211293016296351031812246187748601293733816011832462964410766956326501185504714561648498549481477143603650090931135412673422192550825523386522507656442905243832471167330268'; $test_client_public = base64_decode('AL63zqI5a5p8HdXZF5hFu8p+P9GOb816HcHuvNOhqrgkKdA3fO4XEzmldlb37nv3+xqMBgWj6gxT7vfuFerEZLBvuWyVvR7IOGZmx0BAByoq3fxYd3Fpe2Coxngs015vK37otmH8e83YyyGo5Qua/NAf13yz1PVuJ5Ctk7E+YdVc'); $res = array(); // bcmath $res['bcmath'] = extension_loaded('bcmath') ? 'pass' : 'warn - not loaded'; // gmp if ($profile['allow_gmp']) { $res['gmp'] = extension_loaded('gmp') ? 'pass' : 'warn - not loaded'; } else { $res['gmp'] = 'pass - n/a'; } // get_temp_dir $res['logfile'] = is_writable($profile['logfile']) ? 'pass' : "warn - log is not writable"; // session & new_assoc user_session(); list($test_assoc, $test_new_ss) = new_assoc($test_expire); $res['session'] = $test_assoc != session_id() ? 'pass' : 'fail'; // secret @session_unregister('shared_secret'); list($check, $check2) = secret($test_assoc); $res['secret'] = $check == $test_new_ss ? 'pass' : 'fail'; // expire $res['expire'] = $check2 <= $test_expire ? 'pass' : 'fail'; // base64 $res['base64'] = base64_encode($test_ss) == $test_ss_enc ? 'pass' : 'fail'; // hmac $test_sig = base64_decode('/VXgHvZAOdoz/OTa5+XJXzSGhjs='); $check = hmac($test_ss, $test_token); $res['hmac'] = $check == $test_sig ? 'pass' : sprintf("fail - '%s'", base64_encode($check)); if ($profile['use_bigmath']) { // bigmath powmod $test_server_public = '102773334773637418574009974502372885384288396853657336911033649141556441102566075470916498748591002884433213640712303846640842555822818660704173387461364443541327856226098159843042567251113889701110175072389560896826887426539315893475252988846151505416694218615764823146765717947374855806613410142231092856731'; $check = bmpowmod($g, $test_server_private, $p); $res['bmpowmod-1'] = $check == $test_server_public ? 'pass' : sprintf("fail - '%s'", $check); // long $test_client_long = '133926731803116519408547886573524294471756220428015419404483437186057383311250738749035616354107518232016420809434801736658109316293127101479053449990587221774635063166689561125137927607200322073086097478667514042144489248048756916881344442393090205172004842481037581607299263456852036730858519133859409417564'; $res['long'] = long($test_client_public) == $test_client_long ? 'pass' : 'fail'; // bigmath powmod 2 $test_client_share = '19333275433742428703546496981182797556056709274486796259858099992516081822015362253491867310832140733686713353304595602619444380387600756677924791671971324290032515367930532292542300647858206600215875069588627551090223949962823532134061941805446571307168890255137575975911397744471376862555181588554632928402'; $check = bmpowmod($test_client_long, $test_server_private, $p); $res['bmpowmod-2'] = $check == $test_client_share ? 'pass' : sprintf("fail - '%s'", $check); // bin $test_client_mac_s1 = base64_decode('G4gQQkYM6QmAzhKbVKSBahFesPL0nL3F2MREVwEtnVRRYI0ifl9zmPklwTcvURt3QTiGBd+9Dn3ESLk5qka6IO5xnILcIoBT8nnGVPiOZvTygfuzKp4tQ2mXuIATJoa7oXRGmBWtlSdFapH5Zt6NJj4B83XF/jzZiRwdYuK4HJI='); $check = bin($test_client_share); $res['bin'] = $check == $test_client_mac_s1 ? 'pass' : sprintf("fail - '%s'", base64_encode($check)); } else { $res['bigmath'] = 'fail - big math functions are not available.'; } // sha1_20 $test_client_mac_s1 = base64_decode('G4gQQkYM6QmAzhKbVKSBahFesPL0nL3F2MREVwEtnVRRYI0ifl9zmPklwTcvURt3QTiGBd+9Dn3ESLk5qka6IO5xnILcIoBT8nnGVPiOZvTygfuzKp4tQ2mXuIATJoa7oXRGmBWtlSdFapH5Zt6NJj4B83XF/jzZiRwdYuK4HJI='); $test_client_mac_s2 = base64_decode('0Mb2t9d/HvAZyuhbARJPYdx3+v4='); $check = sha1_20($test_client_mac_s1); $res['sha1_20'] = $check == $test_client_mac_s2 ? 'pass' : sprintf("fail - '%s'", base64_encode($check)); // x_or $test_client_mac_s3 = base64_decode('i36ZLYAJ1rYEx1VEHObrS8hgAg0='); $check = x_or($test_client_mac_s2, $test_ss); $res['x_or'] = $check == $test_client_mac_s3 ? 'pass' : sprintf("fail - '%s'", base64_encode($check)); $out = "<table border=1 cellpadding=4>\n"; foreach ($res as $test => $stat) { $code = substr($stat, 0, 4); $color = $code == 'pass' ? '#9f9' : ($code == 'warn' ? '#ff9' : '#f99'); $out .= sprintf("<tr><th>%s</th><td style='background:%s'>%s</td></tr>\n", $test, $color, $stat); } $out .= "</table>"; wrap_html($out); }
function save() { $post = $this->post; $guest_id = (int) $post["guest_id"]; $employee_id = (int) $post['employee_id']; $should_fee = (double) $post['should_fee']; $have_fee = (double) $post['have_fee']; $process_group_id = (int) $post['process_group_id']; if ($process_group_id == 0) { return '请指定工商类型'; } if ($guest_id == 0) { return '请指定用户'; } if ($should_fee <= 0) { return '应付款必须大于0'; } if ($have_fee < 0) { return '已付款不能为负数'; } if ($employee_id == 0) { return '请指定负责会计'; } //查询此用户是否已经开通了指定类型的业务 $result = $this->load('business')->findByProcessGroupid($process_group_id, $guest_id); if ($result) { return '不能重复开通此业务'; } //查询当前的登录员工是否负责此用户 $result = $this->load('guest')->findByEmployee($this->session['user']['employee_id'], $guest_id); if ($result) { return $this->load('business')->add(array('guest_id' => $guest_id, 'process_group_id' => $process_group_id, 'employee_id' => $employee_id, 'should_fee' => $should_fee, 'have_fee' => $have_fee)); //给用户设定密码 初始密码为000000 $password = secret("000000"); $this->load("guest")->setPass($guest_id, $password); } else { return '只能负责此用户员工才能操作'; } }
<?php require_once '../../weixin/RequestUtil.php'; require_once '../../weixin/DateUtil.php'; require_once '../../weixin/globleconfig.php'; require_once '../../weixin/LogUtil.php'; require_once '../configs/smarty.inc.php'; // http://www.jb51.net/article/48019.htm if (isset($_GET["code"])) { $code = $_GET["code"]; $secret = secret(); $appid = appid(); $oauthurl = wxOauth(); $url = $oauthurl . "?appid=" . $appid . "&secret=" . $secret . "&code=" . $code . "&grant_type=authorization_code"; //LogUtil::logs($url, getLogFile("/business.log")); $returnJson = RequestUtil::httpGet($url); // {"access_token":"OezXcEiiBSKSxW0eoylIeG_LpV4TpnX-BxNbAVVAasaRyPm55zyI9CKaVNciQOEw8iu_pEDXCiBKbbSJbzzqarhyfecqXoplnmCl7HsBiWFARy1Ob3MealEkubEDs8KHeRbAr5Awrvr7RR3i5t24GA","expires_in":7200,"refresh_token":"OezXcEiiBSKSxW0eoylIeG_LpV4TpnX-BxNbAVVAasaRyPm55zyI9CKaVNciQOEwUHOmtG9PkoiFUefqTDaX00sVqxhfoyE-jbYDCIjldLBnZvj1QP0gGev-Tw2BWQWTdIOnZ9EQDB0Oi0w2ZlT0lA","openid":"osp6swrNZiWtEuTy-Gj1cBVA1l38","scope":"snsapi_base"} $openid = $returnJson["openid"]; if (!empty($returnJson["openid"])) { $smarty->assign('openid', $openid); $smarty->display('chatingroom/chating.html'); } }
public function save() { $post = $this->post; $name = isset($post['name']) ? $post['name'] : null; $phone = isset($post['phone']) ? $post['phone'] : null; $sex = (int) $post['sex']; $department_id = (int) $post['department_id']; $roles_id = (int) $post['roles_id']; if (!validate('name', $name)) { return '姓名不符合要求'; } if (!validate('phone', $phone)) { return '电话不符合要求'; } $lastid = $this->load('employee')->add(array('name' => $name, 'pass' => secret('000000'), 'phone' => $phone, 'sex' => $sex, 'roles_id' => $roles_id, 'create_time' => timenow(), 'department_id' => $department_id)); if ($lastid) { return $this->load('employee')->findById($lastid); } else { return 0; //insert fail } }