From a5648261e75c978ebe94273de436a7dafa0d9f0d Mon Sep 17 00:00:00 2001 From: pengda <10266652509@qq.com> Date: Fri, 6 Sep 2024 11:58:07 +0800 Subject: [PATCH] =?UTF-8?q?=E7=99=BB=E5=BD=95=E9=AA=8C=E8=AF=81=E5=B0=81?= =?UTF-8?q?=E8=A3=85=20=E4=BF=9D=E5=AD=98=E5=8C=BB=E6=A1=88=E9=87=8D?= =?UTF-8?q?=E5=A4=8D=E6=8F=90=E4=BA=A4=E9=AA=8C=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config/define.php | 5 ++ control/index.php | 159 +++++++++++++++++++++++------------------------------- model/mBase.php | 2 +- 3 files changed, 73 insertions(+), 93 deletions(-) diff --git a/config/define.php b/config/define.php index bb4174c..d48019e 100644 --- a/config/define.php +++ b/config/define.php @@ -42,6 +42,11 @@ define('USER_CASE_PDF_PATH', DATACENTER_ROOT.'/tcm_pdf/%d/'); define('USER_CASE_PDF_URL', TCM_DOMAIN.'/case_pdf/%d/%s.pdf'); + define('CODE_LOGIN_PARAM_ERROR', 40001); define('CODE_LOGIN_EXIPRE', 40002); + define('CODE_LOGIN_USER_NOT_EXIST', 40003); + + //请求限制 + define('_QR_REQUEST_LIMIT', '_rq_request_limit_%s'); diff --git a/control/index.php b/control/index.php index 804d8a1..e967614 100644 --- a/control/index.php +++ b/control/index.php @@ -7,6 +7,23 @@ include_once(dirname(dirname(__FILE__)) . "/library/publicBase.php"); class index extends publicBase { + + private function _check_login() { + $uid = $this->post('uid'); + $token = $this->post('token'); + if (empty($uid) || empty($token)) $this->ajax_json(false, '参数错误', array('code' => CODE_LOGIN_PARAM_ERROR)); + + $m_user = new mUser(); + $is_login = $m_user->validateToken($uid, $token); + if (!$is_login) $this->ajax_json(false, '未登录或登录已经失效', array('code' => CODE_LOGIN_EXIPRE)); + + $obj = new mUser(); + $uinfo = $obj->getUserByUid($uid); + if (empty($uinfo)) $this->ajax_json(false, '用户不存在', array('code' => CODE_LOGIN_USER_NOT_EXIST)); + + return $uinfo; + } + public function home() { $id = $this->get('id'); @@ -47,6 +64,8 @@ class index extends publicBase { } public function ajax_search() { + $uinfo = $this->_check_login(); + $content = trim($this->post('content')); $content = empty($content) ? '' : $content; @@ -54,7 +73,7 @@ class index extends publicBase { $page_size = $this->post('page_size') ? $this->post('page_size') : 20; $m_case = new mCase(); - $data = $m_case->getCaseByName($content, $page_num, $page_size); + $data = $m_case->getCaseByName($uinfo['uid'], $content, $page_num, $page_size); $total = $m_case->getCaseByNameTotal($content); $rdata = array( 'total' => $total, @@ -69,7 +88,7 @@ class index extends publicBase { public function ajax_case_detail() { $id = $this->get('id') + 0; - if (empty($id)) $this->ajax_json(false, '非法请求'); + if (empty($id)) $this->ajax_json(false, '参数错误'); $m_case = new mCase(); $data = $m_case->getCaseInfo($id); @@ -79,14 +98,10 @@ class index extends publicBase { } public function ajax_save_user_case() { - $uid = $this->post('uid'); - $token = $this->post('token'); - $case_id = $this->post('case_id') + 0; - if (empty($uid) || empty($token) || empty($case_id)) $this->ajax_json(false, '非法请求'); + $uinfo = $this->_check_login(); - $m_user = new mUser(); - $is_login = $m_user->validateToken($uid, $token); - if (!$is_login) $this->ajax_json(false, '请登录后操作'); + $case_id = $this->post('case_id') + 0; + if (empty($case_id)) $this->ajax_json(false, '参数错误'); $data = array( 'name' => trim($this->post('name')), @@ -101,21 +116,23 @@ class index extends publicBase { ); $m_user_case = new mUserCase(); - $id = $m_user_case->createUserCase($uid, $case_id, $data); + + //生成唯一id 防止重复请求 + $request_id = md5($uinfo['uid'].$case_id.$data['name'].$data['patient_name']); + $request_times = $m_user_case->requestLimit(sprintf(_QR_REQUEST_LIMIT, $request_id),1,60); + if(!$request_times) $this->ajax_json(false, $m_user_case->getError()); + + $id = $m_user_case->createUserCase($uinfo['uid'], $case_id, $data); if (!$id) $this->ajax_json(false, $m_user_case->getError()); $this->ajax_json(true, '保存成功', array('id' => $id)); } public function ajax_update_user_case() { - $uid = $this->post('uid'); - $token = $this->post('token'); - $id = $this->post('id') + 0; - if (empty($uid) || empty($token) || empty($id)) $this->ajax_json(false, '非法请求'); + $uinfo = $this->_check_login(); - $m_user = new mUser(); - $is_login = $m_user->validateToken($uid, $token); - if (!$is_login) $this->ajax_json(false, '请登录后操作'); + $id = $this->post('id') + 0; + if (empty($id)) $this->ajax_json(false, '参数错误'); $data = array( 'name' => trim($this->post('name')), @@ -123,28 +140,22 @@ class index extends publicBase { ); $m_user_case = new mUserCase(); - $res = $m_user_case->updateUserCase($uid, $id, $data); + $res = $m_user_case->updateUserCase($uinfo['uid'], $id, $data); if (!$res) $this->ajax_json(false, $m_user_case->getError()); $this->ajax_json(true, '保存成功', array('id' => $id)); } public function ajax_user_case_list() { - $uid = $this->post('uid'); - $token = $this->post('token'); - if (empty($uid) || empty($token)) $this->ajax_json(false, '非法请求'); - - $m_user = new mUser(); - $is_login = $m_user->validateToken($uid, $token); - if (!$is_login) $this->ajax_json(false, '请登录后操作'); + $uinfo = $this->_check_login(); $page_num = $this->post('page_num') ? $this->post('page_num') : 1; $page_size = $this->post('page_size') ? $this->post('page_size') : 100; $m_user_case = new mUserCase(); - $data = $m_user_case->getUserCaseList($uid, $page_num, $page_size); + $data = $m_user_case->getUserCaseList($uinfo['uid'], $page_num, $page_size); if (!$data) $this->ajax_json(false, $m_user_case->getError()); - $total = $m_user_case->getUserCaseListCount($uid); + $total = $m_user_case->getUserCaseListCount($uinfo['uid']); $rdata = array( 'total' => $total, @@ -159,17 +170,13 @@ class index extends publicBase { } public function ajax_user_case_detail() { - $uid = $this->post('uid'); - $token = $this->post('token'); - $id = $this->post('id') + 0; - if (empty($uid) || empty($token) || empty($id)) $this->ajax_json(false, '非法请求'); + $uinfo = $this->_check_login(); - $m_user = new mUser(); - $is_login = $m_user->validateToken($uid, $token); - if (!$is_login) $this->ajax_json(false, '请登录后操作'); + $id = $this->post('id') + 0; + if (empty($id)) $this->ajax_json(false, '参数错误'); $m_user_case = new mUserCase(); - $data = $m_user_case->getUserCaseInfo($uid, $id); + $data = $m_user_case->getUserCaseInfo($uinfo['uid'], $id); if (!$data) $this->ajax_json(false, $m_user_case->getError()); $this->ajax_json(true, '获取成功', $data); @@ -196,7 +203,7 @@ class index extends publicBase { public function ajax_login() { $code = $this->post('code'); - if (!$code) $this->ajax_json(false, '非法请求'); + if (!$code) $this->ajax_json(false, '参数错误'); $m_user = new mUser(); $user = $m_user->getUserInfo($code); @@ -212,15 +219,9 @@ class index extends publicBase { } public function ajax_get_user() { - $uid = $this->post('uid'); - $token = $this->post('token'); - if (empty($uid) || empty($token)) $this->ajax_json(false, '未登录或登录已经失效', array('code' => CODE_LOGIN_EXIPRE)); - - $obj = new mUser(); - $uinfo = $obj->getUserByUid($uid); - if (empty($uinfo)) $this->ajax_json(false, '未登录或登录已经失效', array('code' => CODE_LOGIN_EXIPRE)); + $uinfo = $this->_check_login(); - $this->ajax_json(true, '', $uinfo); + $this->ajax_json(true, '获取成功', $uinfo); } public function ajax_contact_us() { @@ -228,20 +229,14 @@ class index extends publicBase { } public function export_user_case_list() { - $uid = $this->post('uid'); - $token = $this->post('token'); - if (empty($uid) || empty($token)) $this->ajax_json(false, '非法请求'); - - $m_user = new mUser(); - $is_login = $m_user->validateToken($uid, $token); - if (!$is_login) $this->ajax_json(false, '请登录后操作'); + $uinfo = $this->_check_login(); $page_num = $this->post('page_num') ? $this->post('page_num') : 1; $page_size = $this->post('page_size') ? $this->post('page_size') : 100; $data = array( - "uid" => $uid, - "token" => $token, + "uid" => $this->post('uid'), + "token" => $this->post('token'), "page_num" => $page_num, "page_size" => $page_size, ); @@ -251,10 +246,10 @@ class index extends publicBase { $res = json_decode($return, 1); if (isset($res['info'])) $this->ajax_json(false, $res['info']); - $pdf_name = md5($uid . $page_num . $page_size); - $pdf_url = $m_user_case->createPdf($uid, $pdf_name, $return); + $pdf_name = md5($uinfo['uid'] . $page_num . $page_size); + $pdf_url = $m_user_case->createPdf($uinfo['uid'], $pdf_name, $return); - $total = $m_user_case->getUserCaseListCount($uid); + $total = $m_user_case->getUserCaseListCount($uinfo['uid']); $rdata = array( 'total' => $total, 'per_page' => $page_size, @@ -267,18 +262,14 @@ class index extends publicBase { } public function export_user_case() { - $uid = $this->post('uid'); - $token = $this->post('token'); - $id = $this->post('id') + 0; - if (empty($uid) || empty($token) || empty($id)) $this->ajax_json(false, '非法请求'); + $uinfo = $this->_check_login(); - $m_user = new mUser(); - $is_login = $m_user->validateToken($uid, $token); - if (!$is_login) $this->ajax_json(false, '请登录后操作'); + $id = $this->post('id') + 0; + if (empty($id)) $this->ajax_json(false, '参数错误'); $data = array( - "uid" => $uid, - "token" => $token, + "uid" => $this->post('uid'), + "token" => $this->post('token'), "id" => $id, ); $m_user_case = new mUserCase(); @@ -287,26 +278,20 @@ class index extends publicBase { $res = json_decode($return, 1); if (isset($res['info'])) $this->ajax_json(false, $res['info']); - $pdf_name = md5($uid . $id); - $pdf_url = $m_user_case->createPdf($uid, $pdf_name, $return); + $pdf_name = md5($uinfo['uid'] . $id); + $pdf_url = $m_user_case->createPdf($uinfo['uid'], $pdf_name, $return); $this->ajax_json(true, '获取成功', array('pdf_url' => $pdf_url)); } public function user_case_list() { - $uid = $this->post('uid'); - $token = $this->post('token'); - if (empty($uid) || empty($token)) $this->ajax_json(false, '非法请求'); - - $m_user = new mUser(); - $is_login = $m_user->validateToken($uid, $token); - if (!$is_login) $this->ajax_json(false, '您还没有登录'); + $uinfo = $this->_check_login(); $page_num = $this->post('page_num') ? $this->post('page_num') : 1; $page_size = $this->post('page_size') ? $this->post('page_size') : 100; $m_user_case = new mUserCase(); - $data = $m_user_case->getUserCaseListPdfInfo($uid, $page_num, $page_size); + $data = $m_user_case->getUserCaseListPdfInfo($uinfo['uid'], $page_num, $page_size); if (!$data) $this->ajax_json(false, $m_user_case->getError()); $this->view['data'] = $data['user_case']; @@ -314,17 +299,13 @@ class index extends publicBase { } public function user_case() { - $uid = $this->post('uid'); - $token = $this->post('token'); - $id = $this->post('id') + 0; - if (empty($uid) || empty($token) || empty($id)) $this->ajax_json(false, '非法请求'); + $uinfo = $this->_check_login(); - $m_user = new mUser(); - $is_login = $m_user->validateToken($uid, $token); - if (!$is_login) $this->ajax_json(false, '您还没有登录'); + $id = $this->post('id') + 0; + if (empty($id)) $this->ajax_json(false, '参数错误'); $m_user_case = new mUserCase(); - $data = $m_user_case->getUserCasePdfInfo($uid, $id); + $data = $m_user_case->getUserCasePdfInfo($uinfo['uid'], $id); if (!$data) $this->ajax_json(false, $m_user_case->getError()); $this->view['data'] = $data['user_case']; @@ -332,13 +313,7 @@ class index extends publicBase { } public function ajax_mail() { - $uid = $this->post('uid'); - $token = $this->post('token'); - if (empty($uid) || empty($token)) $this->ajax_json(false, '非法请求'); - - $mUser = new mUser(); - $is_login = $mUser->validateToken($uid, $token); - if (!$is_login) $this->ajax_json(false, '请登录后操作'); + $uinfo = $this->_check_login(); $email = $this->post('email'); if (empty($email)) $this->ajax_json(false, '邮箱地址不能为空'); @@ -349,10 +324,10 @@ class index extends publicBase { if (!filter_var($pdf_url, FILTER_VALIDATE_URL)) $this->ajax_json(false, 'pdf地址无效'); $directory_name = basename(dirname($pdf_url)); - if ($directory_name != $uid) $this->ajax_json(false, '非法请求'); + if ($directory_name != $uinfo['uid']) $this->ajax_json(false, '参数错误'); $mUserCase = new mUserCase(); - $res = $mUserCase->sendMail(array($email), date('Y年m月d日', time()) . '-医案导出', '', sprintf(USER_CASE_PDF_PATH, $uid) . basename($pdf_url)); + $res = $mUserCase->sendMail(array($email), date('Y年m月d日', time()) . '-医案导出', '', sprintf(USER_CASE_PDF_PATH, $uinfo['uid']) . basename($pdf_url)); if (!$res) $this->ajax_json(true, '发送失败'); $this->ajax_json(true, '发送成功'); diff --git a/model/mBase.php b/model/mBase.php index bf72a34..96909cb 100644 --- a/model/mBase.php +++ b/model/mBase.php @@ -1156,7 +1156,7 @@ class mBase extends publicBase { public function requestLimit($key, $limit_times=10, $time_interval=60) { $rdobj = $this->initRedis(); $request_times = $rdobj->get($key); - if($request_times > $limit_times){ + if($request_times >= $limit_times){ $this->setError('请勿频繁操作'); return false; }