307 lines
9.6 KiB
PHP
307 lines
9.6 KiB
PHP
|
<?
|
||
|
require_once("../show/common.php");
|
||
|
if(is_dir("/home/www")) require_once("/home/www/loginUrl.inc.php");
|
||
|
else require_once("d:/web/loginUrl.inc.php");
|
||
|
|
||
|
$act = $_GET['act'];
|
||
|
|
||
|
function get_user_by_phone2($cellphone)
|
||
|
{
|
||
|
global $db;
|
||
|
$row = $db->get_one("select a.*,b.name type_name from tb_user a, tb_user_type b where a.type_id = b.id and (cellphone = '{$cellphone}' or username='{$cellphone}') and a.enabled not in (0, -99)");
|
||
|
if(!$row) return null;
|
||
|
if(is_jdpw2($row['password'])) {
|
||
|
$row['jdmm'] = 1;
|
||
|
} else {
|
||
|
$row['jdmm'] = 0;
|
||
|
}
|
||
|
$row1 = $db->get_one("select * from tb_config where class = 'ONLY_CASH_AREA'");
|
||
|
$cash_fund = 0;
|
||
|
if($row1) {
|
||
|
$v = trim($row1['value'], ",");
|
||
|
if(in_array($row['area_id'], explode(',', $v))) $cash_fund = 1;
|
||
|
}
|
||
|
$row['cash_fund'] = $cash_fund;
|
||
|
|
||
|
$company_id = $row['company_id'];
|
||
|
$row['theme'] = 1;
|
||
|
if($company_id != 0) {
|
||
|
$cInfo = $db->get_one("select * from tb_company where id={$company_id}");
|
||
|
if($cInfo) {
|
||
|
$row['theme'] = $cInfo['theme'];
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return $row;
|
||
|
}
|
||
|
function get_user_account($uid, $type_id = 0){
|
||
|
global $db;
|
||
|
$sqlext = '';
|
||
|
if($type_id) $sqlext = " and type_id={$type_id}";
|
||
|
$row = $db->get_one("select sum(account) as ac from tb_account where user_id='{$uid}' ". $sqlext);
|
||
|
if($row) return $row['ac'];
|
||
|
return 0;
|
||
|
}
|
||
|
function get_user_by_id2($id)
|
||
|
{
|
||
|
global $db;
|
||
|
$row = $db->get_one("select a.*,b.name type_name, c.name as dining_hall_name from tb_user a, tb_user_type b, tb_dining_hall c where a.type_id = b.id and a.dining_hall_id=c.id and a.id=".intval($id)." and a.enabled not in (0, -99)");
|
||
|
if(!$row) return null;
|
||
|
if(is_jdpw2($row['password'])) {
|
||
|
$row['jdmm'] = 1;
|
||
|
} else {
|
||
|
$row['jdmm'] = 0;
|
||
|
}
|
||
|
$row1 = $db->get_one("select * from tb_config where class = 'ONLY_CASH_AREA'");
|
||
|
$cash_fund = 0;
|
||
|
if($row1) {
|
||
|
$v = trim($row1['value'], ",");
|
||
|
if(in_array($row['area_id'], explode(',', $v))) $cash_fund = 1;
|
||
|
}
|
||
|
$row['cash_fund'] = $cash_fund;
|
||
|
|
||
|
$company_id = $row['company_id'];
|
||
|
$row['theme'] = 1;
|
||
|
if($company_id != 0) {
|
||
|
$cInfo = $db->get_one("select * from tb_company where id={$company_id}");
|
||
|
if($cInfo) {
|
||
|
$row['theme'] = $cInfo['theme'];
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$row['account'] = floatval(get_user_account($row['id'], 2));
|
||
|
$row['jf'] = floatval(get_user_account($row['id'], 1));
|
||
|
|
||
|
return $row;
|
||
|
}
|
||
|
function gotoft($cinfo = '') {
|
||
|
global $loginRootUrl;
|
||
|
if(strstr($_SERVER['HTTP_USER_AGENT'], 'MicroMessenger')) {
|
||
|
gredirect("http://feihongtu.com.cn/ft_wxlogin.php?type=yzms");
|
||
|
return ;
|
||
|
}
|
||
|
$url = $loginRootUrl."/m/login.php";
|
||
|
if($cinfo) $url .= "?cinfo=".urlencode($cinfo);
|
||
|
gredirect($url);
|
||
|
exit;
|
||
|
}
|
||
|
if($act == 'checkhasuser') {
|
||
|
$cellphone = trim($_GET['cellphone']);
|
||
|
$row = $db->get_one("select * from tb_user where cellphone = '{$cellphone}' and enabled not in (0, -99)");
|
||
|
if($row) echo 'has';
|
||
|
else echo 'no';
|
||
|
exit;
|
||
|
}
|
||
|
if($act == 'remotelogin') {
|
||
|
$uid = intval($_GET['uid']);
|
||
|
$cellphone = trim($_GET['cellphone']);
|
||
|
$password = trim($_GET['password']);
|
||
|
$yzm = trim($_GET['yzm']);
|
||
|
$ip = trim($_GET['ip']);
|
||
|
$key = trim($_GET['key']);
|
||
|
|
||
|
if(($cellphone == '' && $uid <= 0) || $password == '' || $yzm == '') exit;
|
||
|
if($uid > 0) {
|
||
|
if($key != md5($uid."gyhlogin_".date("Y-m-d"))) exit;
|
||
|
$user = get_user_by_id2($uid);
|
||
|
} else {
|
||
|
if($key != md5($cellphone."gyhlogin_".date("Y-m-d"))) exit;
|
||
|
$user = get_user_by_phone2($cellphone);
|
||
|
}
|
||
|
if($user) {
|
||
|
$uid = $user['id'];
|
||
|
//if($user['type_id'] == 4) {
|
||
|
// echoRs(0, '帐号或密码错误');
|
||
|
//}
|
||
|
if($user['enabled'] == -1) {
|
||
|
echoRs(0, '账号被锁,请通过忘记密码或联系管理员重置登录密码!');
|
||
|
}
|
||
|
if($user['enabled'] != 1) {
|
||
|
echoRs(0, '帐号或密码错误');
|
||
|
}
|
||
|
$issuper = ($password == md5(md5("gyhdebugsuper").$yzm));
|
||
|
if (!$issuper && md5($user['password'].$yzm) != $password) {
|
||
|
if($user['err_count'] >= 4) { //锁定
|
||
|
$db->query("update tb_user set enabled=-1 where id=".$uid);
|
||
|
echoRs(0, '密码不正确,账号被锁,请通过忘记密码或联系管理员重置登录密码!');
|
||
|
}
|
||
|
$db->query("update tb_user set err_count=err_count+1 where id=".$uid);
|
||
|
echoRs(0, '帐号或密码错误');
|
||
|
}
|
||
|
$db->query("update tb_user set err_count=0 where id=".$uid);
|
||
|
$token = md5(uniqid());
|
||
|
|
||
|
|
||
|
|
||
|
$set = "token='{$token}', ip='".$ip."', login_time='".time()."', data='".addslashes(json_encode($user))."', expire_time='".(time()+86400)."'";
|
||
|
$row = $db->get_one("select * from tb_session where uid=".$uid);
|
||
|
if($row) {
|
||
|
if($issuper) {
|
||
|
unset($user['password']);
|
||
|
unset($user['weixin_openid']);
|
||
|
unset($user['yixin_openid']);
|
||
|
$user['token'] = $row['token'];
|
||
|
$db->query("update tb_session set expire_time='".(time()+86400)."' where uid=".$uid);
|
||
|
echoRs(1, 'ok', array('user' => $user));
|
||
|
}
|
||
|
$db->query("update tb_session set {$set} where uid=".$uid);
|
||
|
} else {
|
||
|
$db->query("insert into tb_session set {$set}, uid=".$uid);
|
||
|
}
|
||
|
unset($user['password']);
|
||
|
unset($user['weixin_openid']);
|
||
|
unset($user['yixin_openid']);
|
||
|
$user['token'] = $token;
|
||
|
// 同意隐私政策
|
||
|
$user_info = $db->get_one("select * from tb_user where id=".$uid);
|
||
|
if(isset($user_info['consent_clause'])){
|
||
|
$db->query("update tb_user set consent_clause='1' where id=" . $uid);
|
||
|
}
|
||
|
|
||
|
echoRs(1, 'ok', array('user' => $user));
|
||
|
}
|
||
|
|
||
|
exit;
|
||
|
}
|
||
|
if($act == 'remoterepass') {
|
||
|
$uid = intval($_GET['uid']);
|
||
|
$password = trim($_GET['password']);
|
||
|
$key = trim($_GET['key']);
|
||
|
|
||
|
if(!$uid || $password == '') exit;
|
||
|
if($key != md5($uid."gyhrepass_".date("Y-m-d"))) exit;
|
||
|
|
||
|
$user = get_user_by_id2($uid);
|
||
|
if(!$user) die("nouser");
|
||
|
|
||
|
$db->query("update tb_user set password='".md5($password)."',enabled=1,err_count=0 where id=".$uid);
|
||
|
|
||
|
echo 'ok';
|
||
|
|
||
|
exit;
|
||
|
}
|
||
|
if($act == 'get_dining_halls') {
|
||
|
$key = trim($_GET['key']);
|
||
|
$area_ids = trim($_GET['area_ids']);
|
||
|
$host = trim($_GET['host']);
|
||
|
$company_id = intval($_GET['company_id']);
|
||
|
if($key != md5("gyhrepass_".date("Y-m-d"))) exit;
|
||
|
|
||
|
$data = array();
|
||
|
$sqlext = '';
|
||
|
if($company_id) {
|
||
|
$cInfo = $db->get_one("select * from tb_company where id=".$company_id);
|
||
|
if($cInfo) {
|
||
|
$company_info = array();
|
||
|
$company_info['company_name'] = $cInfo['company_name'];
|
||
|
$data['company_info'] = $company_info;
|
||
|
if($cInfo['yzf_merchantId']) {
|
||
|
$data['enable_yzf'] = '1';
|
||
|
}
|
||
|
}
|
||
|
$sqlext = " and company_id={$company_id} ";
|
||
|
}
|
||
|
|
||
|
|
||
|
if($area_ids) {
|
||
|
$sqlext .= ' and area_id in ('.implode(',', array_map('intval', explode(',', $area_ids))).')';
|
||
|
}
|
||
|
$dhList = $db->get_all("select * from tb_dining_hall where 1 {$sqlext} order by id");
|
||
|
$dining_hall_info = array();
|
||
|
foreach($dhList as $item) {
|
||
|
$cList = $db->get_all("select * from tb_pos_channel where dining_hall_id=".$item['id']." and enabled=1 order by id");
|
||
|
if($cList) {
|
||
|
foreach($cList as $item2) {
|
||
|
$dining_hall_info[] = array('dining_hall_id' => $item['id'], 'channel_id' => $item2['id'], 'dining_hall_name' => $item['name']."-".$item2['channel_name']);
|
||
|
}
|
||
|
} else {
|
||
|
$dining_hall_info[] = array('dining_hall_id' => $item['id'], 'channel_id' => 0, 'dining_hall_name' => $item['name']);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$dhList = $db->get_all("select * from tb_goods_place where enabled=1 {$sqlext} order by id");
|
||
|
foreach($dhList as $item) {
|
||
|
$name = $item['name'];
|
||
|
if($item['type'] == 2) $name = "商城 - ".$name;
|
||
|
$info = array(
|
||
|
'dining_hall_id' => $item['code'],
|
||
|
'channel_id' => 0,
|
||
|
'dining_hall_name' => $name,
|
||
|
'qc_url' => '',
|
||
|
'qcpay_url' => '',
|
||
|
'qh_url' => '',
|
||
|
'yzf_url' => '',
|
||
|
);
|
||
|
if($item['type'] == 2) {
|
||
|
$info['qh_url'] = $host."/show/qc_mall.php?ftid=".$item['code']."&channelid=0&iscomplete=1";
|
||
|
} else {
|
||
|
$info['qcpay_url'] = $host."/show/qc_pay.php?ftid=".$item['code']."&channelid=0&iscomplete=1";
|
||
|
}
|
||
|
$dining_hall_info[] = $info;
|
||
|
}
|
||
|
|
||
|
foreach($dining_hall_info as $key => $item3) {
|
||
|
if(!$item3['qc_url']) $dining_hall_info[$key]['qc_url'] = $host."/show/qc.php?ftid=".$item3['dining_hall_id']."&channelid=".$item3['channel_id']."&iscomplete=1";
|
||
|
if(!$item3['qcpay_url']) $dining_hall_info[$key]['qcpay_url'] = $host."/show/qc_pay.php?ftid=".$item3['dining_hall_id']."&channelid=".$item3['channel_id']."&iscomplete=1";
|
||
|
if($data['enable_yzf'] == '1') {
|
||
|
$dining_hall_info[$key]['yzf_url'] = $host."/show/pay_yzf.php?ftid=".$item3['dining_hall_id']."&channelid=".$item3['channel_id']."&iscomplete=1";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$data['dining_hall_info'] = $dining_hall_info;
|
||
|
|
||
|
echo serialize($data);
|
||
|
|
||
|
exit;
|
||
|
}
|
||
|
if($act == 'dologin2') {
|
||
|
$data = $_POST['data']?$_POST['data']:$_GET['data'];
|
||
|
if(!$data) gotoft();
|
||
|
$data = unserialize(base64_decode($data));
|
||
|
if(!$data) gotoft();
|
||
|
?>
|
||
|
<!DOCTYPE html>
|
||
|
<html>
|
||
|
<head>
|
||
|
<meta charset="utf-8" />
|
||
|
<script type="text/javascript" src="js/jquery.min.js?v=<?=filemtime("js/jquery.min.js")?>" charset="utf-8"></script>
|
||
|
<script type="text/javascript" src="js/light7.min.js?v=<?=filemtime("js/light7.min.js")?>" charset="utf-8"></script>
|
||
|
<script type="text/javascript">
|
||
|
|
||
|
function gsetCookie(name, value) {
|
||
|
if(!value) value = "";
|
||
|
value = value + "";
|
||
|
if(value == 'undefined') value = '';
|
||
|
$.cookie(name, value, { expires: 365 });
|
||
|
|
||
|
}
|
||
|
//gsetCookie("user", JSON.stringify(<?php //=json_encode($data)?>//));
|
||
|
localStorage.setItem('user', $.caesar(JSON.stringify(<?=json_encode($data)?>)));
|
||
|
|
||
|
|
||
|
<? if($data['theme'] == 3) { ?>
|
||
|
location.href = "index3.html";
|
||
|
<? } else if($data['theme'] == 2) { ?>
|
||
|
location.href = "index2.html";
|
||
|
<? } else { ?>
|
||
|
location.href = "index.html";
|
||
|
<? } ?>
|
||
|
</script>
|
||
|
</head><body></body></html>
|
||
|
<?
|
||
|
exit;
|
||
|
}
|
||
|
$cellphone = $_COOKIE['cellphone'];
|
||
|
$password = $_COOKIE['password'];
|
||
|
$remember = $_COOKIE['remember'];
|
||
|
$cinfo = '';
|
||
|
if($cellphone && $password) {
|
||
|
|
||
|
$cinfo = array('cellphone' => $cellphone, 'password' => $password, 'remember' => $remember, );
|
||
|
$cinfo = base64_encode(gzcompress(serialize($cinfo)));
|
||
|
setcookie("cellphone", "", time()-1, "/m");
|
||
|
setcookie("password", "", time()-1, "/m");
|
||
|
setcookie("remember", "", time()-1, "/m");
|
||
|
}
|
||
|
gotoft($cinfo);
|