//queryUsers.php?self=admin&selfPwd=admin
//{"status":true,"data":[{"test3","3","admin"},{"test","2","admin"}]}
header("Content-Type: text/html; charset=UTF-8");
$self = getParam("self");
$selfPwd = getParam("selfPwd");
if (empty($self) || empty($selfPwd)) {
echo makeJsonRs(false, "查询用户,参数不正确");
closeConn($db);
exit;
}
$sql = "select type from UsersTb where id='" . $self . "' and pwd='" . $selfPwd . "';";
$rs = query($db, $sql);
if (count($rs) == 0) {
echo makeJsonRs(false, "查询用户失败,账户不存在");
closeConn($db);
exit;
} else {
if (!Tools::canQueryUser($rs[0][0])) {
echo makeJsonRs(false, "查询用户失败,权限不足");
closeConn($db);
exit;
}
}
$sql = "select id,type,creator from UsersTb where id!='" . $self . "' and type>" . $rs[0][0];
$rs = query($db, $sql);
$rs = json_encode($rs);
$rs = gzcompress($rs, 9);
$rs = base64_encode($rs);
echo makeJsonRs(true, $rs);
closeConn($db);
exit;
}
$sql = "select type from UsersTb where id='" . $self . "' and pwd='" . $selfPwd . "';";
$rs = query($db, $sql);
if (count($rs) == 0) {
echo makeJsonRs(false, "重置密码失败,当前账户不存在");
closeConn($db);
exit;
}
$sql = "select type from UsersTb where id='" . $uid . "';";
$rs1 = query($db, $sql);
if (count($rs1) == 0) {
echo makeJsonRs(false, "重置密码失败,用户不存在");
closeConn($db);
exit;
} else {
if ($rs1[0][0] <= $rs[0][0] || !Tools::canModifyPwd($rs[0][0])) {
echo makeJsonRs(false, "重置密码失败,权限不足");
closeConn($db);
exit;
}
}
$sql = "update UsersTb set pwd='21218cca77804d2ba1922c33e0151105' where id='{$uid}'";
$rs = execute($db, $sql);
if ($rs == 1) {
echo makeJsonRs(true, "重置密码成功");
} else {
echo makeJsonRs(false, "重置密码失败");
}
closeConn($db);
header("Content-Type: text/html; charset=UTF-8");
$self = getParam("self");
$selfPwd = getParam("selfPwd");
$id = getParam("id");
$name = getParam("name");
if (empty($self) || empty($selfPwd) || empty($name) || empty($id)) {
echo makeJsonRs(false, "添加快递失败,参数不正确");
closeConn($db);
exit;
}
$sql = "select type from UsersTb where id='" . $self . "' and pwd='" . $selfPwd . "';";
$rs = query($db, $sql);
if (count($rs) == 0) {
echo makeJsonRs(false, "添加快递失败,用户不存在");
closeConn($db);
exit;
} else {
if (!Tools::canAddCourier($rs[0][0])) {
echo makeJsonRs(false, "添加快递失败,权限不足");
closeConn($db);
exit;
}
}
$sql = "update SendCompany set name='{$name}' where id={$id}";
$rs = execute($db, $sql);
if ($rs == 1) {
echo makeJsonRs(true, "修改快递成功");
} else {
echo makeJsonRs(false, "修改快递失败");
}
closeConn($db);
//deleteCommodity.php?self=admin&selfPwd=admin&delId=2
header("Content-Type: text/html; charset=UTF-8");
$self = getParam("self");
$selfPwd = getParam("selfPwd");
$delId = getParam("delId");
if (empty($self) || empty($selfPwd) || empty($delId)) {
echo makeJsonRs(false, "删除商品失败,参数不正确");
closeConn($db);
exit;
}
$sql = "select type from UsersTb where id='" . $self . "' and pwd='" . $selfPwd . "';";
$rs = query($db, $sql);
if (count($rs) == 0) {
echo makeJsonRs(false, "删除商品失败,当前账户不存在");
closeConn($db);
exit;
} else {
if (!Tools::canDeleteCommodity($rs[0][0])) {
echo makeJsonRs(false, "删除商品失败,权限不足");
closeConn($db);
exit;
}
}
$sql = "delete from Commodity where id={$delId}";
$rs = execute($db, $sql);
if ($rs == 1) {
echo makeJsonRs(true, "删除商品成功");
} else {
echo makeJsonRs(false, "删除商品失败,商品不存在");
}
closeConn($db);
if (empty($self) || empty($selfPwd) || empty($name)) {
echo makeJsonRs(false, "添加快递失败,参数不正确");
closeConn($db);
exit;
}
$sql = "select type from UsersTb where id='" . $self . "' and pwd='" . $selfPwd . "';";
$rs = query($db, $sql);
if (count($rs) == 0) {
echo makeJsonRs(false, "添加快递失败,用户不存在");
closeConn($db);
exit;
} else {
if (!Tools::canAddCourier($rs[0][0])) {
echo makeJsonRs(false, "添加快递失败,权限不足");
closeConn($db);
exit;
}
}
$sql = "insert into SendCompany(name) values('{$name}')";
$rs = execute($db, $sql);
if ($rs == 1) {
$sql = "select * from SendCompany where id=(select max(id) from SendCompany)";
$rs = query($db, $sql);
$rs = json_encode($rs);
$rs = gzcompress($rs, 9);
$rs = base64_encode($rs);
echo makeJsonRs(true, $rs);
} else {
echo makeJsonRs(false, "添加快递失败");
}
closeConn($db);
closeConn($db);
exit;
}
$sql = "select type from UsersTb where id='" . $self . "' and pwd='" . $selfPwd . "';";
$rs = query($db, $sql);
if (count($rs) == 0) {
echo makeJsonRs(false, "添加新用户失败,权限不足");
closeConn($db);
exit;
} else {
if ($rs[0][0] >= $newType || !Tools::canAddUser($rs[0][0])) {
echo makeJsonRs(false, "添加新用户失败,权限不足");
closeConn($db);
exit;
}
}
$sql = "select count(*) from UsersTb where id='" . $newId . "';";
$rs = query($db, $sql);
if ($rs[0][0] >= 1) {
echo makeJsonRs(false, "添加新用户失败,用户名已存在");
closeConn($db);
exit;
}
$sql = "insert into UsersTb (id, pwd, type, creator) values ('" . $newId . "', '" . $newPwd . "', " . $newType . ", '" . $self . "');";
$rs = execute($db, $sql);
if ($rs == 1) {
echo makeJsonRs(true, "添加新用户成功");
} else {
echo makeJsonRs(false, "添加新用户失败");
}
closeConn($db);
<?php
//?uid=admin&pwd=admin
header("Content-Type: text/html; charset=UTF-8");
$uid = getParam("uid");
$pwd = getParam("pwd");
if (empty($uid) || empty($pwd)) {
echo makeJsonRs(false, "参数不正确,登录失败");
closeConn($db);
exit;
}
$sql = "select type from UsersTb where id='" . $uid . "' and pwd='" . $pwd . "';";
$rs = query($db, $sql);
if (count($rs) == 0) {
echo makeJsonRs(false, "登录失败,用户名或密码不正确");
} else {
echo makeJsonRs(true, $rs[0][0]);
}
closeConn($db);
header("Content-Type: text/html; charset=UTF-8");
$self = getParam("self");
$selfPwd = getParam("selfPwd");
$id = getParam("delId");
if (empty($self) || empty($selfPwd) || empty($id)) {
echo makeJsonRs(false, "删除快递失败,参数不正确");
closeConn($db);
exit;
}
$sql = "select type from UsersTb where id='" . $self . "' and pwd='" . $selfPwd . "';";
$rs = query($db, $sql);
if (count($rs) == 0) {
echo makeJsonRs(false, "删除快递失败,用户不存在");
closeConn($db);
exit;
} else {
if (!Tools::canDelCourier($rs[0][0])) {
echo makeJsonRs(false, "删除快递失败,权限不足");
closeConn($db);
exit;
}
}
$sql = "delete from SendCompany where id={$id}";
$rs = execute($db, $sql);
if ($rs == 1) {
echo makeJsonRs(true, "删除快递成功");
} else {
echo makeJsonRs(false, "删除快递失败");
}
closeConn($db);
<?php
//?uid=admin&oldPwd=admin&newPwd=fff
header("Content-Type: text/html; charset=UTF-8");
$uid = getParam("uid");
$oldPwd = getParam("oldPwd");
$newPwd = getParam("newPwd");
if (empty($uid) || empty($oldPwd) || empty($newPwd)) {
echo makeJsonRs(false, "参数不正确");
closeConn($db);
exit;
}
$sql = "update UsersTb set pwd='" . $newPwd . "' where id='" . $uid . "' and pwd='" . $oldPwd . "'";
$rs = execute($db, $sql);
if ($rs == 1) {
echo makeJsonRs(true, "修改密码成功");
} else {
echo makeJsonRs(false, "修改密码失败,可能是旧密码不正确");
}
closeConn($db);
}
if (empty($madeTime)) {
$madeTime = 0;
}
$now = time() * 1000;
if (empty($commonditySBN)) {
$commonditySBN = "";
}
execute($db, "BEGIN");
$sql = "insert into Store(SBN, name, num, madeTime, operator, storeTime, retailPrice)\r\n\tvalues('{$commonditySBN}', '{$commondityName}', {$num}, {$madeTime}, '{$self}', {$now}, {$realRetailPrice})";
$rs = execute($db, $sql);
if ($rs == 1) {
$sql = "insert into PurchaseLog(logTime, commonditySBN, commondityName, num, realRetailPrice, madeTime, operator) \r\n\t\tvalues({$now}, '{$commonditySBN}', '{$commondityName}', {$num}, {$realRetailPrice}, {$madeTime}, '{$self}')";
$rs = execute($db, $sql);
if ($rs == 1) {
execute($db, "COMMIT");
$sql = "select * from Store where id=(select max(id) from Store)";
$rs = query($db, $sql);
$rs = json_encode($rs);
$rs = gzcompress($rs, 9);
$rs = base64_encode($rs);
echo makeJsonRs(true, $rs);
} else {
execute($db, "ROLLBACK");
echo makeJsonRs(false, "入库失败,无法生成日志");
}
} else {
execute($db, "ROLLBACK");
echo makeJsonRs(false, "入库失败,请重试");
}
closeConn($db);
}
$rs = execute($db, $sql);
if ($rs == 0) {
echo makeJsonRs(false, "出库失败, 更新 " . $param[2] . " 时发生错误, 请重试");
execute($db, "ROLLBACK");
closeConn($db);
exit;
}
}
$now = time() * 1000;
$SBN = implode(",", $SBNArr);
$name = implode(",", $nameArr);
$sql = "insert into SoldLog(soldTime, clientName, SBN, name, num, totalWeight, soldAddress, senderCompany, sendId, sendPrice, clientPay, profit) \r\n\tvalues({$now}, '{$clientName}', '{$SBN}', '{$name}', '{$num}', '{$totalWeight}', '{$soldAddress}', '{$senderCompany}', '{$sendId}', {$sendPrice}, {$clientPay}, {$profit})";
$rs = execute($db, $sql);
if ($rs = 0) {
echo makeJsonRs(false, "出库失败, 产生日志时发生错误, 请重试");
execute($db, "ROLLBACK");
closeConn($db);
exit;
}
execute($db, "COMMIT");
echo makeJsonRs(true, "出库成功");
closeConn($db);
function getParamFrom($id, $rs)
{
for ($i = 0; $i < count($rs); $i++) {
if ((int) $rs[$i][0] == (int) $id) {
return $rs[$i];
}
}
}
if (!Tools::canModifyCommodity($rs[0][0])) {
echo makeJsonRs(false, "修改商品失败,权限不足");
closeConn($db);
exit;
}
}
$sql = "update Commodity set ";
if (!empty($name)) {
$sql .= "name='{$name}',";
}
if (!empty($description)) {
$sql .= "description='{$description}',";
}
if (!empty($weight)) {
$sql .= "weight={$weight},";
}
if (!empty($SBNId)) {
$sql .= "SBNId='{$SBNId}',";
}
if (!empty($type)) {
$sql .= "type='{$type}',";
}
$sql = substr($sql, 0, strlen($sql) - 1);
$sql .= " where id={$modifyId}";
$rs = execute($db, $sql);
if ($rs == 1) {
echo makeJsonRs(true, "修改商品成功");
} else {
echo makeJsonRs(false, "修改商品失败");
}
closeConn($db);
closeConn($db);
exit;
}
$sql = "select type from UsersTb where id='" . $self . "' and pwd='" . $selfPwd . "';";
$rs = query($db, $sql);
if (count($rs) == 0) {
echo makeJsonRs(false, "删除用户失败,当前账户不存在");
closeConn($db);
exit;
}
$sql = "select type from UsersTb where id='" . $delId . "';";
$rs1 = query($db, $sql);
if (count($rs1) == 0) {
echo makeJsonRs(false, "删除用户失败,用户不存在");
closeConn($db);
exit;
} else {
if ($rs1[0][0] <= $rs[0][0] || !Tools::canDeleteUser($rs[0][0])) {
echo makeJsonRs(false, "删除用户失败,权限不足");
closeConn($db);
exit;
}
}
$sql = "delete from UsersTb where id='" . $delId . "'";
$rs = execute($db, $sql);
if ($rs == 1) {
echo makeJsonRs(true, "删除用户成功");
} else {
echo makeJsonRs(false, "删除用户失败");
}
closeConn($db);