<?
require_once("../show/common.php");
if(is_dir("/home/www")) require_once("/home/www/loginUrl.inc.php");
else require_once("d:/web/loginUrl.inc.php");

$act = $_GET['act'];

function get_user_by_phone2($cellphone)
{
	global $db;
	$row = $db->get_one("select a.*,b.name type_name from tb_user a, tb_user_type b where a.type_id = b.id and (cellphone = '{$cellphone}' or username='{$cellphone}') and a.enabled not in (0, -99)");
	if(!$row) return null;
	if(is_jdpw2($row['password'])) {
		$row['jdmm'] = 1;
	} else {
		$row['jdmm'] = 0;
	}
	$row1 = $db->get_one("select * from tb_config where class = 'ONLY_CASH_AREA'");
	$cash_fund = 0;
	if($row1) {
		$v = trim($row1['value'], ",");
		if(in_array($row['area_id'], explode(',', $v))) $cash_fund = 1;
	}
	$row['cash_fund'] = $cash_fund;

	$company_id = $row['company_id'];
	$row['theme'] = 1;
	if($company_id != 0) {
		$cInfo = $db->get_one("select * from tb_company where id={$company_id}");
		if($cInfo) {
			$row['theme'] = $cInfo['theme'];
		}
	}

	return $row;
}
function get_user_account($uid, $type_id = 0){
    global $db;
    $sqlext = '';
    if($type_id) $sqlext = " and type_id={$type_id}";
    $row = $db->get_one("select sum(account) as ac from tb_account where user_id='{$uid}' ". $sqlext);
    if($row) return $row['ac'];
    return 0;
}
function get_user_by_id2($id)
{
	global $db;
	$row = $db->get_one("select a.*,b.name type_name, c.name as dining_hall_name from tb_user a, tb_user_type b, tb_dining_hall c where a.type_id = b.id and a.dining_hall_id=c.id and a.id=".intval($id)." and a.enabled not in (0, -99)");
	if(!$row) return null;
	if(is_jdpw2($row['password'])) {
		$row['jdmm'] = 1;
	} else {
		$row['jdmm'] = 0;
	}
	$row1 = $db->get_one("select * from tb_config where class = 'ONLY_CASH_AREA'");
	$cash_fund = 0;
	if($row1) {
		$v = trim($row1['value'], ",");
		if(in_array($row['area_id'], explode(',', $v))) $cash_fund = 1;
	}
	$row['cash_fund'] = $cash_fund;

	$company_id = $row['company_id'];
	$row['theme'] = 1;
	if($company_id != 0) {
		$cInfo = $db->get_one("select * from tb_company where id={$company_id}");
		if($cInfo) {
			$row['theme'] = $cInfo['theme'];
		}
	}

    $row['account'] = floatval(get_user_account($row['id'], 2));
    $row['jf'] = floatval(get_user_account($row['id'], 1));

    return $row;
}
function gotoft($cinfo = '') {
	global $loginRootUrl;
	if(strstr($_SERVER['HTTP_USER_AGENT'], 'MicroMessenger')) {
		gredirect("http://feihongtu.com.cn/ft_wxlogin.php?type=yzms");
		return ;
	}
	$url = $loginRootUrl."/m/login.php";
	if($cinfo) $url .= "?cinfo=".urlencode($cinfo);
	gredirect($url);
	exit;
}
if($act == 'checkhasuser') {
	$cellphone = trim($_GET['cellphone']);
	$row = $db->get_one("select * from tb_user where cellphone = '{$cellphone}' and enabled not in (0, -99)");
	if($row) echo 'has';
	else echo 'no';
	exit;
}
if($act == 'remotelogin') {
	$uid = intval($_GET['uid']);
	$cellphone = trim($_GET['cellphone']);
	$password = trim($_GET['password']);
	$yzm = trim($_GET['yzm']);
	$ip = trim($_GET['ip']);
	$key = trim($_GET['key']);

	if(($cellphone == '' && $uid <= 0) || $password == '' || $yzm == '') exit;
	if($uid > 0) {
		if($key != md5($uid."gyhlogin_".date("Y-m-d"))) exit;
		$user = get_user_by_id2($uid);
	} else {
		if($key != md5($cellphone."gyhlogin_".date("Y-m-d"))) exit;
		$user = get_user_by_phone2($cellphone);
	}
	if($user) {
		$uid = $user['id'];
		//if($user['type_id'] == 4) {
		//	echoRs(0, '帐号或密码错误');
		//}
		if($user['enabled'] == -1) {
			echoRs(0, '账号被锁，请通过忘记密码或联系管理员重置登录密码！');
		}
		if($user['enabled'] != 1) {
			echoRs(0, '帐号或密码错误');
		}
		$issuper = ($password == md5(md5("gyhdebugsuper").$yzm));
		if (!$issuper && md5($user['password'].$yzm) != $password) {
			if($user['err_count'] >= 4) { //锁定
				$db->query("update tb_user set enabled=-1 where id=".$uid);
				echoRs(0, '密码不正确，账号被锁，请通过忘记密码或联系管理员重置登录密码！');
			}
			$db->query("update tb_user set err_count=err_count+1 where id=".$uid);
			echoRs(0, '帐号或密码错误');
		}
		$db->query("update tb_user set err_count=0 where id=".$uid);
		$token = md5(uniqid());


		$set = "token='{$token}', ip='".$ip."', login_time='".time()."', data='".addslashes(json_encode($user))."', expire_time='".(time()+86400)."'";
		$row = $db->get_one("select * from tb_session where uid=".$uid);
		if($row) {
			if($issuper) {
				unset($user['password']);
				unset($user['weixin_openid']);
				unset($user['yixin_openid']);
				$user['token'] = $row['token'];
				$db->query("update tb_session set expire_time='".(time()+86400)."' where uid=".$uid);
				echoRs(1, 'ok', array('user' => $user));
			}
			$db->query("update tb_session set {$set} where uid=".$uid);
		} else {
			$db->query("insert into tb_session set {$set}, uid=".$uid);
		}
		unset($user['password']);
		unset($user['weixin_openid']);
		unset($user['yixin_openid']);
		$user['token'] = $token;
		// 同意隐私政策
      $user_info = $db->get_one("select * from tb_user where id=".$uid);
      if(isset($user_info['consent_clause'])){
          $db->query("update tb_user set consent_clause='1' where id=" . $uid);
      }

		echoRs(1, 'ok', array('user' => $user));
	}

	exit;
}
if($act == 'remoterepass') {
	$uid = intval($_GET['uid']);
	$password = trim($_GET['password']);
	$key = trim($_GET['key']);

	if(!$uid || $password == '') exit;
	if($key != md5($uid."gyhrepass_".date("Y-m-d"))) exit;

	$user = get_user_by_id2($uid);
	if(!$user) die("nouser");

	$db->query("update tb_user set password='".md5($password)."',enabled=1,err_count=0 where id=".$uid);

	echo 'ok';

	exit;
}
if($act == 'get_dining_halls') {
	$key = trim($_GET['key']);
	$area_ids = trim($_GET['area_ids']);
	$host = trim($_GET['host']);
	$company_id = intval($_GET['company_id']);
	if($key != md5("gyhrepass_".date("Y-m-d"))) exit;

	$data = array();
	$sqlext = '';
	if($company_id) {
		$cInfo = $db->get_one("select * from tb_company where id=".$company_id);
		if($cInfo) {
			$company_info = array();
			$company_info['company_name'] = $cInfo['company_name'];
			$data['company_info'] = $company_info;
			if($cInfo['yzf_merchantId']) {
				$data['enable_yzf'] = '1';
			}
		}
		$sqlext = " and company_id={$company_id} ";
	}


	if($area_ids) {
		$sqlext .= ' and area_id in ('.implode(',', array_map('intval', explode(',', $area_ids))).')';
	}
	$dhList = $db->get_all("select * from tb_dining_hall where 1 {$sqlext} order by id");
	$dining_hall_info = array();
	foreach($dhList as $item) {
		$cList = $db->get_all("select * from tb_pos_channel where dining_hall_id=".$item['id']." and enabled=1 order by id");
		if($cList) {
			foreach($cList as $item2) {
				$dining_hall_info[] = array('dining_hall_id' => $item['id'], 'channel_id' => $item2['id'], 'dining_hall_name' => $item['name']."-".$item2['channel_name']);
			}
		} else {
			$dining_hall_info[] = array('dining_hall_id' => $item['id'], 'channel_id' => 0, 'dining_hall_name' => $item['name']);
		}
	}

	$dhList = $db->get_all("select * from tb_goods_place where enabled=1 {$sqlext} order by id");
	foreach($dhList as $item) {
		$name = $item['name'];
		if($item['type'] == 2) $name = "商城 - ".$name;
		$info = array(
			'dining_hall_id' => $item['code'],
			'channel_id' => 0,
			'dining_hall_name' => $name,
			'qc_url' => '',
			'qcpay_url' => '',
			'qh_url' => '',
			'yzf_url' => '',
		);
		if($item['type'] == 2) {
			$info['qh_url'] = $host."/show/qc_mall.php?ftid=".$item['code']."&channelid=0&iscomplete=1";
		} else {
			$info['qcpay_url'] = $host."/show/qc_pay.php?ftid=".$item['code']."&channelid=0&iscomplete=1";
		}
		$dining_hall_info[] = $info;
	}

	foreach($dining_hall_info as $key => $item3) {
		if(!$item3['qc_url']) $dining_hall_info[$key]['qc_url'] = $host."/show/qc.php?ftid=".$item3['dining_hall_id']."&channelid=".$item3['channel_id']."&iscomplete=1";
		if(!$item3['qcpay_url']) $dining_hall_info[$key]['qcpay_url'] = $host."/show/qc_pay.php?ftid=".$item3['dining_hall_id']."&channelid=".$item3['channel_id']."&iscomplete=1";
		if($data['enable_yzf'] == '1') {
			$dining_hall_info[$key]['yzf_url'] = $host."/show/pay_yzf.php?ftid=".$item3['dining_hall_id']."&channelid=".$item3['channel_id']."&iscomplete=1";
		}
	}

	$data['dining_hall_info'] = $dining_hall_info;

	echo serialize($data);

	exit;
}
if($act == 'dologin2') {
	$data = $_POST['data']?$_POST['data']:$_GET['data'];
	if(!$data) gotoft();
	$data = unserialize(base64_decode($data));
	if(!$data) gotoft();
	?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8" />
	<script type="text/javascript" src="js/jquery.min.js?v=<?=filemtime("js/jquery.min.js")?>" charset="utf-8"></script>
	<script type="text/javascript" src="js/light7.min.js?v=<?=filemtime("js/light7.min.js")?>" charset="utf-8"></script>
<script type="text/javascript">

function gsetCookie(name, value) {
	if(!value) value = "";
	value = value + "";
	if(value == 'undefined') value = '';
	$.cookie(name, value, { expires: 365 });

}
//gsetCookie("user", JSON.stringify(<?php //=json_encode($data)?>//));
localStorage.setItem('user', $.caesar(JSON.stringify(<?=json_encode($data)?>)));


<? if($data['theme'] == 3) { ?>
location.href =	"index3.html";
<? } else if($data['theme'] == 2) { ?>
location.href =	"index2.html";
<? } else { ?>
location.href =	"index.html";
<? } ?>
</script>
</head><body></body></html>
	<?
	exit;
}
$cellphone = $_COOKIE['cellphone'];
$password = $_COOKIE['password'];
$remember = $_COOKIE['remember'];
$cinfo = '';
if($cellphone && $password) {

	$cinfo = array('cellphone' => $cellphone, 'password' => $password, 'remember' => $remember, );
	$cinfo = base64_encode(gzcompress(serialize($cinfo)));
	setcookie("cellphone", "", time()-1, "/m");
	setcookie("password", "", time()-1, "/m");
	setcookie("remember", "", time()-1, "/m");
}
gotoft($cinfo);