/** * login for both nurse and admin */ function login() { $user_type = $_REQUEST['user_type']; $username = $_REQUEST['username']; $password = $_REQUEST['password']; if ($user_type == 'admin') { include '../models/model_admin.php'; $admin = new admin(); $row = $admin->login($username, $password); if (!$row) { echo '{"result":0,"message": "Your details as an admin are wrong."}'; return; } set_admin_session($row); echo '{"result":1,"message": "' . $_SESSION['admin_fn'] . ' is logged in"}'; return; } elseif ($user_type == 'nurse') { include '../models/model_nurse.php'; $nurse = new nurse(); $row = $nurse->login($username, $password); if (!$row) { echo '{"result":0,"message": "Your details as a nurse are wrong."}'; return; } set_nurse_session($row); echo '{"result":1,"message": "' . $_SESSION['nurse_name'] . ' is logged in"}'; return; } }
$row = $db->GetRow($sql); if (!$row) { // 没有找到这个记录 setcookie($_COOKIE['ECSCP']['admin_id'], '', 1); setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1); if (!empty($_REQUEST['is_ajax'])) { make_json_error($_LANG['priv_error']); } else { ecs_header("Location: privilege.php?act=login\n"); } exit; } else { // 检查密码是否正确 if (md5($row['password'] . $_CFG['hash_code']) == $_COOKIE['ECSCP']['admin_pass']) { !isset($row['last_time']) && ($row['last_time'] = ''); set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['last_time']); // 更新最后登录时间和IP $db->query('UPDATE ' . $ecs->table('admin_user') . " SET last_login = '******', last_ip = '" . real_ip() . "'" . " WHERE user_id = '" . $_SESSION['admin_id'] . "'"); } else { setcookie($_COOKIE['ECSCP']['admin_id'], '', 1); setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1); if (!empty($_REQUEST['is_ajax'])) { make_json_error($_LANG['priv_error']); } else { ecs_header("Location: privilege.php?act=login\n"); } exit; } } } else { if (!empty($_REQUEST['is_ajax'])) {
/** * 用户登录函数 * 验证登录,设置COOKIE * * @param array $post */ function API_UserLogin($post) { $post['username'] = isset($post['UserId']) ? trim($post['UserId']) : ''; $post['password'] = isset($post['Password']) ? strtolower(trim($post['Password'])) : ''; /* 检查密码是否正确 */ $sql = "SELECT user_id, user_name, password, action_list, last_login" . " FROM " . $GLOBALS['ecs']->table('admin_user') . " WHERE user_name = '" . $post['username'] . "'"; $row = $GLOBALS['db']->getRow($sql); if ($row) { if ($row['password'] != $post['password']) { client_show_message(103); } require_once ROOT_PATH . ADMIN_PATH . '/includes/lib_main.php'; // 登录成功 set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['last_login']); // 更新最后登录时间和IP $GLOBALS['db']->query("UPDATE " . $GLOBALS['ecs']->table('admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['admin_id']}'"); client_show_message(100, true, VERSION, 0, true, EC_CHARSET); } else { client_show_message(103); } }
$row = $db->GetRow($sql); if (!$row) { // 没有找到这个记录 setcookie($_COOKIE['ECSCP']['admin_id'], '', 1); setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1); if (!empty($_REQUEST['is_ajax'])) { make_json_error($_LANG['priv_error']); } else { ecs_header("Location: privilege.php?act=login\n"); } exit; } else { // 检查密码是否正确 if (md5($row['password'] . $_CFG['hash_code']) == $_COOKIE['ECSCP']['admin_pass']) { !isset($row['last_time']) && ($row['last_time'] = ''); set_admin_session($row['user_id'], $row['user_name'], $row['role_id'], $row['group_id'], $row['ext'], $row['action_list'], $row['last_time']); // 更新最后登录时间和IP $db->query('UPDATE ' . $ecs->table('admin_user') . " SET last_login = '******', last_ip = '" . real_ip() . "'" . " WHERE user_id = '" . $_SESSION['admin_id'] . "'"); } else { setcookie($_COOKIE['ECSCP']['admin_id'], '', 1); setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1); if (!empty($_REQUEST['is_ajax'])) { make_json_error($_LANG['priv_error']); } else { ecs_header("Location: privilege.php?act=login\n"); } exit; } } } else { if (!empty($_REQUEST['is_ajax'])) {
if (!$row) { // 没有找到这个记录 setcookie($_COOKIE['ECSCP']['admin_id'], '', 1); setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1); if (!empty($_REQUEST['is_ajax'])) { make_json_error($_LANG['priv_error']); } else { // die("HTTP_REFERER2"); ecs_header("Location: ../login.php\n"); } exit; } else { // 检查密码是否正确 if (md5($row['password'] . $_CFG['hash_code']) == $_COOKIE['ECSCP']['admin_pass']) { !isset($row['last_time']) && ($row['last_time'] = ''); set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['role_id'], $row['status_id'], $row['school_code'], $row['class_code']); // 更新最后登录时间和IP $db->query('UPDATE hteacher.ht_admin_user ' . " SET last_login = '******', last_ip = '" . real_ip() . "'" . " WHERE user_id = '" . $_SESSION['admin_id'] . "'"); } else { setcookie($_COOKIE['ECSCP']['admin_id'], '', 1); setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1); if (!empty($_REQUEST['is_ajax'])) { make_json_error($_LANG['priv_error']); } else { // die("HTTP_REFERER3"); ecs_header("Location: ../login.php\n"); } exit; } } } else {
if (!$row) { // 没有找到这个记录 setcookie($_COOKIE['ECSCP']['admin_id'], '', 1); setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1); if (!empty($_REQUEST['is_ajax'])) { make_json_error($_LANG['priv_error']); } else { // die("login1"); ecs_header("Location: ../login.php\n"); } exit; } else { // 检查密码是否正确 if (md5($row['password'] . $_CFG['hash_code']) == $_COOKIE['ECSCP']['admin_pass']) { !isset($row['last_time']) && ($row['last_time'] = ''); set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['last_time'], $row['role_id'], $row['school_code']); // 更新最后登录时间和IP $db->query('UPDATE ' . $ecs->table('admin_user') . " SET last_login = '******', last_ip = '" . real_ip() . "'" . " WHERE user_id = '" . $_SESSION['admin_id'] . "'"); } else { setcookie($_COOKIE['ECSCP']['admin_id'], '', 1); setcookie($_COOKIE['ECSCP']['admin_pass'], '', 1); if (!empty($_REQUEST['is_ajax'])) { make_json_error($_LANG['priv_error']); } else { // die("login2"); ecs_header("Location: ../login.php\n"); } exit; } } } else {
function weixin_oauth($callback) { global $ecs, $db, $_CFG; $rs = $db->getRow("SELECT * FROM `wxch_config` WHERE `id` = 1"); $param['appid'] = $rs['appid']; $oauth = intval($_REQUEST['oauth']); if ($oauth == 0) { $param['redirect_uri'] = $callback . (strpos($callback, '?') > 0 ? '&' : '?') . 'oauth=1'; $param['response_type'] = 'code'; $param['scope'] = 'snsapi_base'; //'snsapi_userinfo'; $url = 'https://open.weixin.qq.com/connect/oauth2/authorize?' . http_build_query($param) . '#wechat_redirect'; ecs_header("Location: {$url}\n"); exit; } elseif ($oauth == 1) { $param['secret'] = $rs['appsecret']; $param['code'] = $_REQUEST['code']; $param['grant_type'] = 'authorization_code'; $url = 'https://api.weixin.qq.com/sns/oauth2/access_token?' . http_build_query($param); $content = file_get_contents($url); $token = json_decode($content, true); $sql = "SELECT * FROM " . $ecs->table('admin_user') . "WHERE wxid = '" . $token['openid'] . "'"; $user_info = $db->getRow($sql); if (empty($user_info)) { return false; } else { //login set_admin_session($user_info['user_id'], $user_info['user_name'], $user_info['action_list'], $user_info['last_login']); $_SESSION['openid'] = $token['openid']; $_SESSION['shop_list'] = !empty($user_info['shop_list']) ? explode(',', $user_info['shop_list']) : array(); // 更新最后登录时间和IP $db->query("UPDATE " . $ecs->table('admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['admin_id']}'"); // set cookie $time = gmtime() + 3600 * 24 * 365; setcookie('ECSCP[admin_id]', $user_info['user_id'], $time); setcookie('ECSCP[admin_pass]', md5($user_info['password'] . $_CFG['hash_code']), $time); } return $user_info; } }
function admin_signin($username, $password) { $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login, last_ip" . " FROM " . $GLOBALS['ecs']->table('admin_user') . " WHERE user_name = '{$username}' AND password = '******'" . " AND manager_id in ('0','4','40','99')"; $row = $GLOBALS['db']->getRow($sql); $arr = array(); if ($row) { //登陆成功 set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['last_login']); if ($row['action_list'] == 'all' && empty($row['last_login'])) { //打开向导 } // 更新最后登录时间和IP $GLOBALS['db']->query("UPDATE " . $GLOBALS['ecs']->table('admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['admin_id']}'"); //保存登陆信息 if (isset($_POST['remember'])) { $time = gmtime() + 3600 * 24 * 365; setcookie('ECSCP[admin_id]', $row['user_id'], $time); setcookie('ECSCP[admin_pass]', md5($row['password'] . $_CFG['hash_code']), $time); } //返回结果 $arr['login_status'] = true; $arr['user_id'] = $row['user_id']; $arr['user_name'] = $row['user_name']; $arr['password'] = $row['password']; $arr['last_login'] = local_date($GLOBALS['_CFG']['time_format'], $row['last_login']); $arr['last_ip'] = $row['last_ip']; $arr['action_list'] = $row['action_list']; } else { //登陆失败 $arr['login_status'] = false; $arr['user_id'] = 0; $arr['user_name'] = 'guest'; $arr['password'] = ''; $arr['last_login'] = '******'; $arr['last_ip'] = '0.0.0.0'; $arr['action_list'] = ''; } return $arr; }
$sql = "SELECT user_id, user_name, password, last_login,rank_id,action_list, last_login,suppliers_id,rank_id_goods,ec_salt" . " FROM " . $ecs->table('admin_user') . " WHERE user_name = '" . $_POST['username'] . "' AND password = '******'password']) . $ec_salt) . "'"; } else { /* 检查密码是否正确 */ $sql = "SELECT user_id, user_name, password, last_login,rank_id,rank_id_goods,action_list, last_login,suppliers_id,ec_salt" . " FROM " . $ecs->table('admin_user') . " WHERE user_name = '" . $_POST['username'] . "' AND password = '******'password']) . "'"; } $row = $db->getRow($sql); if ($row) { // 检查是否为供货商的管理员 所属供货商是否有效 if (!empty($row['suppliers_id'])) { $supplier_is_check = suppliers_list_info(' is_check = 1 AND suppliers_id = ' . $row['suppliers_id']); if (empty($supplier_is_check)) { sys_msg($_LANG['login_disable'], 1); } } // 登录成功 set_admin_session($row['user_id'], $row['user_name'], $row['action_list'], $row['last_login'], $row['rank_id'], $row['rank_id_goods']); $_SESSION['suppliers_id'] = $row['suppliers_id']; if (empty($row['ec_salt'])) { $ec_salt = rand(1, 9999); $new_possword = md5(md5($_POST['password']) . $ec_salt); $db->query("UPDATE " . $ecs->table('admin_user') . " SET ec_salt='" . $ec_salt . "', password='******'" . " WHERE user_id='{$_SESSION['admin_id']}'"); } if ($row['action_list'] == 'all' && empty($row['last_login'])) { $_SESSION['shop_guide'] = true; } // 更新最后登录时间和IP $db->query("UPDATE " . $ecs->table('admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['admin_id']}'"); if (isset($_POST['remember'])) { $time = gmtime() + 3600 * 24 * 365; setcookie('ECSCP[admin_id]', $row['user_id'], $time); setcookie('ECSCP[admin_pass]', md5($row['password'] . $_CFG['hash_code']), $time);
} $_POST['username'] = isset($_POST['username']) ? trim($_POST['username']) : ''; $_POST['password'] = isset($_POST['password']) ? trim($_POST['password']) : ''; $sql = "SELECT * FROM " . $ecs->table('admin_user') . "WHERE user_name = '" . $_POST['username'] . "'"; $admin_user = $db->getRow($sql); $is_suc = isset($admin_user['ec_salt']) ? $admin_user['password'] == md5(md5($_POST['password']) . $admin_user['ec_salt']) : $admin_user['password'] == md5($_POST['password']); if ($is_suc) { // 检查是否为供货商的管理员 所属供货商是否有效 if (!empty($row['suppliers_id'])) { $supplier_is_check = suppliers_list_info(' is_check = 1 AND suppliers_id = ' . $admin_user['suppliers_id']); if (empty($supplier_is_check)) { show_api_message('您输入的帐号暂时不可用。', '管理员登录', $php_self . '?act=login', 'error'); } } // 登录成功 set_admin_session($admin_user['user_id'], $admin_user['user_name'], $admin_user['action_list'], $admin_user['last_login']); $_SESSION['suppliers_id'] = $admin_user['suppliers_id']; // 更新最后登录时间和IP $db->query("UPDATE " . $ecs->table('admin_user') . " SET last_login='******', last_ip='" . real_ip() . "'" . " WHERE user_id='{$_SESSION['admin_id']}'"); show_api_message('登录成功', '开始配置接口参数', $php_self . '?act=config', 'info'); } else { show_api_message('登录失败', '重新登录', $php_self . '?act=login', 'error'); } break; } elseif ($act == 'config') { if (!check_privilege()) { show_api_message('登录后才能配置接口参数', '管理员登录', $php_self . '?act=login', 'error'); } if (isset($_POST['submit'])) { if (empty($_POST['qq_appid']) || empty($_POST['qq_appkey'])) { show_api_message('参数不能为空', '重新配置', $php_self . '?act=config', 'error');