function loginOverride($coreUserInfo)
{
global $gasDatabaseName;
if ($coreUserInfo["ErrorCode"] == 0) {
$tableName = "Employee";
$uid = $coreUserInfo["Result"]["Uid"];
connectDB($gasDatabaseName);
$sql = "select * from {$tableName} where Uid = '{$uid}'";
$data = getData($sql);
// 该用户是否已经注册
if (empty($data)) {
printResultByMessage("用戶未註冊", 1001);
}
$data = $data[0];
// 该gasman是否通过瓦斯行的审核
if ($data["Verify"] === "0") {
printResultByMessage("請通知瓦斯行進行審核", 1002);
}
$info = array();
foreach ($data as $key => $value) {
$info["{$key}"] = $value;
}
foreach ($coreUserInfo["Result"] as $key => $value) {
$info["{$key}"] = $value;
}
$_SESSION["Info"] = $info;
echo json_encode($coreUserInfo);
die;
}
}
function loginOverride($coreUserInfo)
{
$uid = $coreUserInfo["Result"]["Uid"];
$backEndUid = getSingleData("select Uid from BackEndUser where Uid = {$uid}");
if ($backEndUid) {
printResultByMessage("", 0);
} else {
session_destroy();
printResultByMessage("用戶名或密碼錯誤", 100);
}
}
function send_sms($phoneNumber, $message)
{
global $smsUserName, $smsPassword;
$target = "http://106.ihuyi.cn/webservice/sms.php?method=Submit";
$userName = $smsUserName;
$passWord = $smsPassword;
$post_data = "account={$userName}&password={$passWord}&mobile={$phoneNumber}&content=" . rawurlencode($message);
$gets = xml_to_array(send_server($post_data, $target));
$ret = "";
if ($gets['SubmitResult']['code'] == 2) {
return true;
} else {
printResultByMessage($gets['SubmitResult']['msg'], 109);
}
}
function signupOverride($coreUserInfo)
{
global $gasDatabaseName, $CoreUserTableName;
$insert = array();
$uid = $coreUserInfo["Result"]["Uid"];
$insert["CustomerType"] = post("CustomerType");
$insertAddress = array();
$insertAddress["Uid"] = $uid;
$insertAddress["Username"] = "";
$insertAddress["PhoneNumber"] = post("PhoneNumber");
$insertAddress["City"] = post("RegionFirstLevel");
$insertAddress["Area"] = post("RegionSecondLevel");
$insertAddress["DetailAddress"] = post("DetailAddress");
$insertAddress["Floor"] = 0;
$insertAddress["Elevator"] = 0;
$insertAddress["IsDefault"] = 1;
$_POST = null;
connectDB($gasDatabaseName);
// insertData("Customer", $insert);
updateData($CoreUserTableName, "Uid = {$uid}", $insert);
insertData("CustomerAddress", $insertAddress);
printResultByMessage("", 0, $coreUserInfo["Result"]);
}
$insert["IsDefault"] = $isDefault;
$_POST = NULL;
insertData("CustomerAddress", $insert);
}
if ($actionType == "edit") {
$addressId = post("CustomerAddressId");
if ($isDefault == "1") {
query("UPDATE CustomerAddress SET IsDefault=0 WHERE Uid = {$uid}");
}
query("UPDATE `CustomerAddress` SET UserName='******', PhoneNumber='{$phoneNumber}', City='{$regionFirstLevel}', Area='{$regionSecondLevel}', DetailAddress='{$detailAddress}', Floor={$floor}, Elevator={$elevator}, IsDefault={$isDefault} WHERE CustomerAddressId={$addressId}");
}
if ($actionType == "delete") {
$addressId = post("CustomerAddressId");
query("DELETE FROM `CustomerAddress` WHERE CustomerAddressId={$addressId}");
}
printResultByMessage("", 0);
} else {
if ($action == "EditName") {
$username = post("Username");
connectDB($gasDatabaseName);
query("UPDATE Customer SET CustomerName='{$username}' WHERE Uid='{$uid}'");
printResultByMessage("", 0);
} else {
if ($action == "EditGender") {
$usergender = post("UserGender");
connectDB($gasDatabaseName);
query("UPDATE Customer SET CustomerGender='{$usergender}' WHERE Uid='{$uid}'");
printResultByMessage("", 0);
}
}
}
<?php
connectDB("{$gasDatabaseName}");
if ($action == "DeliverGas") {
$orderId = post("OrderId");
$sql = "update GasOrder set OrderDelivery = 2 where OrderId = {$orderId}";
query($sql);
printResultByMessage("", 0);
} else {
if ($action == "GetGasData") {
$gcno = post("GCNO");
$sql = "select * from GasData where GCNO = '{$gcno}'";
$data = getData($sql);
if (count($data) > 0) {
printResultByMessage("", 0, $data[0]);
} else {
printResultByMessage("No GCNO ID", 1001);
}
}
}
$sqlDeliveryTypeBase1 = "SELECT DeliveryType,SUM(Fifty),SUM(Twenty),SUM(Sixteen),SUM(Ten),SUM(Four) FROM GasOrder WHERE DeliveryType = '預約'";
$timeFilter = "";
if ($month == 0) {
$timeFilter = " AND year(OrderTime) = '{$year}'";
} else {
$timeFilter = " AND year(OrderTime) = '{$year}' AND month(OrderTime) = '{$month}'";
}
$sqlDeliveryType = getData($sqlDeliveryTypeBase . $timeFilter);
$sqlDeliveryType1 = getData($sqlDeliveryTypeBase1 . $timeFilter);
foreach ($sqlDeliveryType as $key => $value) {
$total = $value["SUM(Fifty)"] + $value["SUM(Twenty)"] + $value["SUM(Sixteen)"] + $value["SUM(Ten)"] + $value["SUM(Four)"];
}
foreach ($sqlDeliveryType1 as $key => $value) {
$total1 = $value["SUM(Fifty)"] + $value["SUM(Twenty)"] + $value["SUM(Sixteen)"] + $value["SUM(Ten)"] + $value["SUM(Four)"];
}
printResultByMessage("", 0, $total . "______" . $total1);
}
}
}
}
}
}
}
}
include_once 'validatelogin.php';
unset($_POST["Action"]);
unset($_POST["Signature"]);
//以下内容需要登录
include_once 'validatelogin.php';
include_once 'tablelistaction.php';
if ($action == "Logout") {
function coreUserAction($vCodeCorrect = true)
{
global $CoreUserPasswordSecret, $CoreUserPasswordColumn;
checkRequireField(array("Action"));
$action = post("Action");
if ($action == "SignUp") {
if ($vCodeCorrect === false) {
printResultByMessage(getLanguageString("VCodeError"), 105);
}
$userName = post("UserName");
$email = post("Email");
$phoneNumber = post("PhoneNumber");
$password = post("Password");
$emailOrPhoneNumber = post("EmailOrPhoneNumber");
if ($emailOrPhoneNumber) {
if (is_numeric($emailOrPhoneNumber)) {
$phoneNumber = $emailOrPhoneNumber;
}
if (filter_var($emailOrPhoneNumber, FILTER_VALIDATE_EMAIL)) {
$email = $emailOrPhoneNumber;
}
}
$errorMessage = signUp($userName, $email, $phoneNumber, $password);
if ($errorMessage) {
if (function_exists("signupErrorOverride")) {
signupErrorOverride($errorMessage);
} else {
printResultByMessage($errorMessage, 104);
}
} else {
if (function_exists("signupOverride")) {
signupOverride(getCoreUserInfo());
} else {
printCoreUserInfo();
}
}
} else {
if ($action == "Login") {
if ($vCodeCorrect === false) {
printResultByMessage(getLanguageString("VCodeError"), 105);
}
$usernameEmailPhoneNumber = post("UserNameOrEmailOrPhoneNumber");
$password = post("Password");
if (checkLogin($usernameEmailPhoneNumber, $password)) {
if (function_exists("loginOverride")) {
loginOverride(getCoreUserInfo());
} else {
printCoreUserInfo();
}
} else {
if (function_exists("loginFailOverride")) {
loginFailOverride(getLanguageString("LoginFail"));
} else {
printResultByMessage(getLanguageString("LoginFail"), 103);
}
}
} else {
if ($action == "ChangePassword") {
if (!session("Uid")) {
printResultByMessage(getLanguageString("ChangePasswordFail"), 107);
}
$oldPassword = md5(post("OldPassword") . $CoreUserPasswordSecret);
$newPassword = md5(post("NewPassword") . $CoreUserPasswordSecret);
$errorMessage = changePassword(session("Uid"), $oldPassword, $newPassword);
if ($errorMessage) {
printResultByMessage($errorMessage, 107);
} else {
printResultByMessage("", 0);
}
//click find password
} else {
if ($action == "ForgetPassword") {
forgetPassword();
} else {
if ($action == "ResetPassword") {
if (!session("ResetPasswordUid")) {
printResultByMessage(getLanguageString("ChangePasswordFail"), 106);
}
if (strlen(post("NewPassword")) < 5) {
printResultByMessage(getLanguageString("PasswordTooShort"), 106);
}
$newPassword = md5(post("NewPassword") . $CoreUserPasswordSecret);
$coreUserLink = connetCoreUserDB();
mysqli_query($coreUserLink, "update User set {$CoreUserPasswordColumn}='{$newPassword}' where Uid=" . session("ResetPasswordUid"));
mysqli_query($coreUserLink, "delete from ForgetPassword where Uid = " . session("ResetPasswordUid"));
if (mysql_error()) {
printResultByMessage($errorMessage, 106);
} else {
printResultByMessage("", 0);
}
}
}
}
}
}
}
connectDB($gasDatabaseName);
$couponId = post("CouponId");
if (!empty($couponId)) {
$sql = "update Coupon set IsUse = 1 where CouponId = '{$couponId}'";
query($sql);
}
$merchantOrderNo = time();
$_POST["MerchantOrderNo"] = $merchantOrderNo;
$_POST["Uid"] = session("Uid");
$_POST["UserName"] = session("Info")["CustomerName"];
$_POST["PhoneNumber"] = session("Info")["PhoneNumber"];
$_POST["CustomerId"] = session("Info")["Uid"];
$_POST["OrderTime"] = date("Y-m-d H:i:s");
insertData("GasOrder");
$result["MerchantOrderNo"] = $merchantOrderNo;
$result["OrderAmount"] = post("OrderAmount");
printResultByMessage("", 0, $result);
} else {
if ($action == "AffirmReceiveGas") {
connectDB($gasDatabaseName);
$orderId = post("OrderId");
$orderCompleteTime = date("Y-m-d H:i:s");
$sql = "update GasOrder set OrderComplete = 1, OrderCompleteTime = '{$orderCompleteTime}' where OrderId = '{$orderId}'";
query($sql, $error);
if (empty($error)) {
printResultByMessage("", 0);
} else {
printResultByMessage("Fail", 1001);
}
}
}
if ($action == "CheckPhoneNumberRegister") {
$phoneNumber = post("PhoneNumber");
$tableName = "Customer";
$sql = "select Uid from {$tableName} where PhoneNumber = '{$phoneNumber}'";
connectDB($gasDatabaseName);
$data = getData($sql);
if (empty($data)) {
printResultByMessage("", 0);
} else {
printResultByMessage("該手機號碼已經被註冊.", 101);
}
} else {
if ($action == "SendCheckCode") {
$phoneNumber = post("PhoneNumber");
$lastSendTime = session("SMSCodeTime");
// 超过十分钟之后在让重新发送
if (empty($lastSendTime) || time() - (int) $lastSendTime > 60) {
$resetCode = rand(100000, 999999);
$smsMessage = str_replace("{Vcode}", $resetCode, $smsMessage);
$ret = send_sms($phoneNumber, $smsMessage);
if ($ret) {
$_SESSION["PhoneNumber"] = $phoneNumber;
$_SESSION["CheckCode"] = $resetCode;
$_SESSION["SMSCodeTime"] = time();
}
printResultByMessage("", 0);
} else {
printResultByMessage("距離上次發送時間不足1分鐘,1分鐘之後在嘗試!", 101);
}
}
}
<?php
ini_set("display_errors", "on");
$action = post("Action");
if ('GetPosition' == $action) {
connectDB("practise");
$sql = "SELECT * FROM position";
$res = getData($sql);
if (count($res) > 0) {
printResultByMessage(0, "success", $res);
} else {
printResultByMessage(1, "failed");
}
}
if ('submitInfo' == $action) {
$content = $_POST['content'];
$title = $_POST['title'];
connectDB("practise");
if ($content == "" || $title == "") {
echo "111";
} else {
$sql = "INSERT INTO word (`title`,`content`) values ('{$title}','{$content}')";
$res = mysqli_query($link, $sql);
if (!$res) {
$a = array();
$a["ErrorCode"] = 1;
$a["Msg"] = "失败";
echo json_encode($a);
} else {
$a = array();
$a["ErrorCode"] = 0;
