pengda
/
chinese_medicine_assistant
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

登录验证封装 

保存医案重复提交验证
pull/1/head
pengda 1 year ago
parent
43f6211f38
commit
a5648261e7
3 changed files with 73 additions and 93 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      config/define.php
  2. 159
      control/index.php
  3. 2
      model/mBase.php

5
config/define.php
View File

@ -42,6 +42,11 @@
define('USER_CASE_PDF_PATH', DATACENTER_ROOT.'/tcm_pdf/%d/'); define('USER_CASE_PDF_PATH', DATACENTER_ROOT.'/tcm_pdf/%d/');
define('USER_CASE_PDF_URL', TCM_DOMAIN.'/case_pdf/%d/%s.pdf'); define('USER_CASE_PDF_URL', TCM_DOMAIN.'/case_pdf/%d/%s.pdf');
define('CODE_LOGIN_PARAM_ERROR', 40001);
define('CODE_LOGIN_EXIPRE', 40002); define('CODE_LOGIN_EXIPRE', 40002);
define('CODE_LOGIN_USER_NOT_EXIST', 40003);
//请求限制
define('_QR_REQUEST_LIMIT', '_rq_request_limit_%s');

159
control/index.php
View File

@ -7,6 +7,23 @@
include_once(dirname(dirname(__FILE__)) . "/library/publicBase.php"); include_once(dirname(dirname(__FILE__)) . "/library/publicBase.php");
class index extends publicBase { class index extends publicBase {
private function _check_login() {
$uid = $this->post('uid');
$token = $this->post('token');
if (empty($uid) || empty($token)) $this->ajax_json(false, '参数错误', array('code' => CODE_LOGIN_PARAM_ERROR));
$m_user = new mUser();
$is_login = $m_user->validateToken($uid, $token);
if (!$is_login) $this->ajax_json(false, '未登录或登录已经失效', array('code' => CODE_LOGIN_EXIPRE));
$obj = new mUser();
$uinfo = $obj->getUserByUid($uid);
if (empty($uinfo)) $this->ajax_json(false, '用户不存在', array('code' => CODE_LOGIN_USER_NOT_EXIST));
return $uinfo;
}
public function home() { public function home() {
$id = $this->get('id'); $id = $this->get('id');
@ -47,6 +64,8 @@ class index extends publicBase {
} }
public function ajax_search() { public function ajax_search() {
$uinfo = $this->_check_login();
$content = trim($this->post('content')); $content = trim($this->post('content'));
$content = empty($content) ? '' : $content; $content = empty($content) ? '' : $content;
@ -54,7 +73,7 @@ class index extends publicBase {
$page_size = $this->post('page_size') ? $this->post('page_size') : 20; $page_size = $this->post('page_size') ? $this->post('page_size') : 20;
$m_case = new mCase(); $m_case = new mCase();
$data = $m_case->getCaseByName($content, $page_num, $page_size); $data = $m_case->getCaseByName($uinfo['uid'], $content, $page_num, $page_size);
$total = $m_case->getCaseByNameTotal($content); $total = $m_case->getCaseByNameTotal($content);
$rdata = array( $rdata = array(
'total' => $total, 'total' => $total,
@ -69,7 +88,7 @@ class index extends publicBase {
public function ajax_case_detail() { public function ajax_case_detail() {
$id = $this->get('id') + 0; $id = $this->get('id') + 0;
if (empty($id)) $this->ajax_json(false, '非法请求'); if (empty($id)) $this->ajax_json(false, '参数错误');
$m_case = new mCase(); $m_case = new mCase();
$data = $m_case->getCaseInfo($id); $data = $m_case->getCaseInfo($id);
@ -79,14 +98,10 @@ class index extends publicBase {
} }
public function ajax_save_user_case() { public function ajax_save_user_case() {
$uid = $this->post('uid'); $uinfo = $this->_check_login();
$token = $this->post('token');
$case_id = $this->post('case_id') + 0;
if (empty($uid) || empty($token) || empty($case_id)) $this->ajax_json(false, '非法请求');
$m_user = new mUser(); $case_id = $this->post('case_id') + 0;
$is_login = $m_user->validateToken($uid, $token); if (empty($case_id)) $this->ajax_json(false, '参数错误');
if (!$is_login) $this->ajax_json(false, '请登录后操作');
$data = array( $data = array(
'name' => trim($this->post('name')), 'name' => trim($this->post('name')),
@ -101,21 +116,23 @@ class index extends publicBase {
); );
$m_user_case = new mUserCase(); $m_user_case = new mUserCase();
$id = $m_user_case->createUserCase($uid, $case_id, $data);
//生成唯一id 防止重复请求
$request_id = md5($uinfo['uid'].$case_id.$data['name'].$data['patient_name']);
$request_times = $m_user_case->requestLimit(sprintf(_QR_REQUEST_LIMIT, $request_id),1,60);
if(!$request_times) $this->ajax_json(false, $m_user_case->getError());
$id = $m_user_case->createUserCase($uinfo['uid'], $case_id, $data);
if (!$id) $this->ajax_json(false, $m_user_case->getError()); if (!$id) $this->ajax_json(false, $m_user_case->getError());
$this->ajax_json(true, '保存成功', array('id' => $id)); $this->ajax_json(true, '保存成功', array('id' => $id));
} }
public function ajax_update_user_case() { public function ajax_update_user_case() {
$uid = $this->post('uid'); $uinfo = $this->_check_login();
$token = $this->post('token');
$id = $this->post('id') + 0;
if (empty($uid) || empty($token) || empty($id)) $this->ajax_json(false, '非法请求');
$m_user = new mUser(); $id = $this->post('id') + 0;
$is_login = $m_user->validateToken($uid, $token); if (empty($id)) $this->ajax_json(false, '参数错误');
if (!$is_login) $this->ajax_json(false, '请登录后操作');
$data = array( $data = array(
'name' => trim($this->post('name')), 'name' => trim($this->post('name')),
@ -123,28 +140,22 @@ class index extends publicBase {
); );
$m_user_case = new mUserCase(); $m_user_case = new mUserCase();
$res = $m_user_case->updateUserCase($uid, $id, $data); $res = $m_user_case->updateUserCase($uinfo['uid'], $id, $data);
if (!$res) $this->ajax_json(false, $m_user_case->getError()); if (!$res) $this->ajax_json(false, $m_user_case->getError());
$this->ajax_json(true, '保存成功', array('id' => $id)); $this->ajax_json(true, '保存成功', array('id' => $id));
} }
public function ajax_user_case_list() { public function ajax_user_case_list() {
$uid = $this->post('uid'); $uinfo = $this->_check_login();
$token = $this->post('token');
if (empty($uid) || empty($token)) $this->ajax_json(false, '非法请求');
$m_user = new mUser();
$is_login = $m_user->validateToken($uid, $token);
if (!$is_login) $this->ajax_json(false, '请登录后操作');
$page_num = $this->post('page_num') ? $this->post('page_num') : 1; $page_num = $this->post('page_num') ? $this->post('page_num') : 1;
$page_size = $this->post('page_size') ? $this->post('page_size') : 100; $page_size = $this->post('page_size') ? $this->post('page_size') : 100;
$m_user_case = new mUserCase(); $m_user_case = new mUserCase();
$data = $m_user_case->getUserCaseList($uid, $page_num, $page_size); $data = $m_user_case->getUserCaseList($uinfo['uid'], $page_num, $page_size);
if (!$data) $this->ajax_json(false, $m_user_case->getError()); if (!$data) $this->ajax_json(false, $m_user_case->getError());
$total = $m_user_case->getUserCaseListCount($uid); $total = $m_user_case->getUserCaseListCount($uinfo['uid']);
$rdata = array( $rdata = array(
'total' => $total, 'total' => $total,
@ -159,17 +170,13 @@ class index extends publicBase {
} }
public function ajax_user_case_detail() { public function ajax_user_case_detail() {
$uid = $this->post('uid'); $uinfo = $this->_check_login();
$token = $this->post('token');
$id = $this->post('id') + 0;
if (empty($uid) || empty($token) || empty($id)) $this->ajax_json(false, '非法请求');
$m_user = new mUser(); $id = $this->post('id') + 0;
$is_login = $m_user->validateToken($uid, $token); if (empty($id)) $this->ajax_json(false, '参数错误');
if (!$is_login) $this->ajax_json(false, '请登录后操作');
$m_user_case = new mUserCase(); $m_user_case = new mUserCase();
$data = $m_user_case->getUserCaseInfo($uid, $id); $data = $m_user_case->getUserCaseInfo($uinfo['uid'], $id);
if (!$data) $this->ajax_json(false, $m_user_case->getError()); if (!$data) $this->ajax_json(false, $m_user_case->getError());
$this->ajax_json(true, '获取成功', $data); $this->ajax_json(true, '获取成功', $data);
@ -196,7 +203,7 @@ class index extends publicBase {
public function ajax_login() { public function ajax_login() {
$code = $this->post('code'); $code = $this->post('code');
if (!$code) $this->ajax_json(false, '非法请求'); if (!$code) $this->ajax_json(false, '参数错误');
$m_user = new mUser(); $m_user = new mUser();
$user = $m_user->getUserInfo($code); $user = $m_user->getUserInfo($code);
@ -212,15 +219,9 @@ class index extends publicBase {
} }
public function ajax_get_user() { public function ajax_get_user() {
$uid = $this->post('uid'); $uinfo = $this->_check_login();
$token = $this->post('token');
if (empty($uid) || empty($token)) $this->ajax_json(false, '未登录或登录已经失效', array('code' => CODE_LOGIN_EXIPRE));
$obj = new mUser();
$uinfo = $obj->getUserByUid($uid);
if (empty($uinfo)) $this->ajax_json(false, '未登录或登录已经失效', array('code' => CODE_LOGIN_EXIPRE));
$this->ajax_json(true, '', $uinfo); $this->ajax_json(true, '获取成功', $uinfo);
} }
public function ajax_contact_us() { public function ajax_contact_us() {
@ -228,20 +229,14 @@ class index extends publicBase {
} }
public function export_user_case_list() { public function export_user_case_list() {
$uid = $this->post('uid'); $uinfo = $this->_check_login();
$token = $this->post('token');
if (empty($uid) || empty($token)) $this->ajax_json(false, '非法请求');
$m_user = new mUser();
$is_login = $m_user->validateToken($uid, $token);
if (!$is_login) $this->ajax_json(false, '请登录后操作');
$page_num = $this->post('page_num') ? $this->post('page_num') : 1; $page_num = $this->post('page_num') ? $this->post('page_num') : 1;
$page_size = $this->post('page_size') ? $this->post('page_size') : 100; $page_size = $this->post('page_size') ? $this->post('page_size') : 100;
$data = array( $data = array(
"uid" => $uid, "uid" => $this->post('uid'),
"token" => $token, "token" => $this->post('token'),
"page_num" => $page_num, "page_num" => $page_num,
"page_size" => $page_size, "page_size" => $page_size,
); );
@ -251,10 +246,10 @@ class index extends publicBase {
$res = json_decode($return, 1); $res = json_decode($return, 1);
if (isset($res['info'])) $this->ajax_json(false, $res['info']); if (isset($res['info'])) $this->ajax_json(false, $res['info']);
$pdf_name = md5($uid . $page_num . $page_size); $pdf_name = md5($uinfo['uid'] . $page_num . $page_size);
$pdf_url = $m_user_case->createPdf($uid, $pdf_name, $return); $pdf_url = $m_user_case->createPdf($uinfo['uid'], $pdf_name, $return);
$total = $m_user_case->getUserCaseListCount($uid); $total = $m_user_case->getUserCaseListCount($uinfo['uid']);
$rdata = array( $rdata = array(
'total' => $total, 'total' => $total,
'per_page' => $page_size, 'per_page' => $page_size,
@ -267,18 +262,14 @@ class index extends publicBase {
} }
public function export_user_case() { public function export_user_case() {
$uid = $this->post('uid'); $uinfo = $this->_check_login();
$token = $this->post('token');
$id = $this->post('id') + 0;
if (empty($uid) || empty($token) || empty($id)) $this->ajax_json(false, '非法请求');
$m_user = new mUser(); $id = $this->post('id') + 0;
$is_login = $m_user->validateToken($uid, $token); if (empty($id)) $this->ajax_json(false, '参数错误');
if (!$is_login) $this->ajax_json(false, '请登录后操作');
$data = array( $data = array(
"uid" => $uid, "uid" => $this->post('uid'),
"token" => $token, "token" => $this->post('token'),
"id" => $id, "id" => $id,
); );
$m_user_case = new mUserCase(); $m_user_case = new mUserCase();
@ -287,26 +278,20 @@ class index extends publicBase {
$res = json_decode($return, 1); $res = json_decode($return, 1);
if (isset($res['info'])) $this->ajax_json(false, $res['info']); if (isset($res['info'])) $this->ajax_json(false, $res['info']);
$pdf_name = md5($uid . $id); $pdf_name = md5($uinfo['uid'] . $id);
$pdf_url = $m_user_case->createPdf($uid, $pdf_name, $return); $pdf_url = $m_user_case->createPdf($uinfo['uid'], $pdf_name, $return);
$this->ajax_json(true, '获取成功', array('pdf_url' => $pdf_url)); $this->ajax_json(true, '获取成功', array('pdf_url' => $pdf_url));
} }
public function user_case_list() { public function user_case_list() {
$uid = $this->post('uid'); $uinfo = $this->_check_login();
$token = $this->post('token');
if (empty($uid) || empty($token)) $this->ajax_json(false, '非法请求');
$m_user = new mUser();
$is_login = $m_user->validateToken($uid, $token);
if (!$is_login) $this->ajax_json(false, '您还没有登录');
$page_num = $this->post('page_num') ? $this->post('page_num') : 1; $page_num = $this->post('page_num') ? $this->post('page_num') : 1;
$page_size = $this->post('page_size') ? $this->post('page_size') : 100; $page_size = $this->post('page_size') ? $this->post('page_size') : 100;
$m_user_case = new mUserCase(); $m_user_case = new mUserCase();
$data = $m_user_case->getUserCaseListPdfInfo($uid, $page_num, $page_size); $data = $m_user_case->getUserCaseListPdfInfo($uinfo['uid'], $page_num, $page_size);
if (!$data) $this->ajax_json(false, $m_user_case->getError()); if (!$data) $this->ajax_json(false, $m_user_case->getError());
$this->view['data'] = $data['user_case']; $this->view['data'] = $data['user_case'];
@ -314,17 +299,13 @@ class index extends publicBase {
} }
public function user_case() { public function user_case() {
$uid = $this->post('uid'); $uinfo = $this->_check_login();
$token = $this->post('token');
$id = $this->post('id') + 0;
if (empty($uid) || empty($token) || empty($id)) $this->ajax_json(false, '非法请求');
$m_user = new mUser(); $id = $this->post('id') + 0;
$is_login = $m_user->validateToken($uid, $token); if (empty($id)) $this->ajax_json(false, '参数错误');
if (!$is_login) $this->ajax_json(false, '您还没有登录');
$m_user_case = new mUserCase(); $m_user_case = new mUserCase();
$data = $m_user_case->getUserCasePdfInfo($uid, $id); $data = $m_user_case->getUserCasePdfInfo($uinfo['uid'], $id);
if (!$data) $this->ajax_json(false, $m_user_case->getError()); if (!$data) $this->ajax_json(false, $m_user_case->getError());
$this->view['data'] = $data['user_case']; $this->view['data'] = $data['user_case'];
@ -332,13 +313,7 @@ class index extends publicBase {
} }
public function ajax_mail() { public function ajax_mail() {
$uid = $this->post('uid'); $uinfo = $this->_check_login();
$token = $this->post('token');
if (empty($uid) || empty($token)) $this->ajax_json(false, '非法请求');
$mUser = new mUser();
$is_login = $mUser->validateToken($uid, $token);
if (!$is_login) $this->ajax_json(false, '请登录后操作');
$email = $this->post('email'); $email = $this->post('email');
if (empty($email)) $this->ajax_json(false, '邮箱地址不能为空'); if (empty($email)) $this->ajax_json(false, '邮箱地址不能为空');
@ -349,10 +324,10 @@ class index extends publicBase {
if (!filter_var($pdf_url, FILTER_VALIDATE_URL)) $this->ajax_json(false, 'pdf地址无效'); if (!filter_var($pdf_url, FILTER_VALIDATE_URL)) $this->ajax_json(false, 'pdf地址无效');
$directory_name = basename(dirname($pdf_url)); $directory_name = basename(dirname($pdf_url));
if ($directory_name != $uid) $this->ajax_json(false, '非法请求'); if ($directory_name != $uinfo['uid']) $this->ajax_json(false, '参数错误');
$mUserCase = new mUserCase(); $mUserCase = new mUserCase();
$res = $mUserCase->sendMail(array($email), date('Y年m月d日', time()) . '-医案导出', '', sprintf(USER_CASE_PDF_PATH, $uid) . basename($pdf_url)); $res = $mUserCase->sendMail(array($email), date('Y年m月d日', time()) . '-医案导出', '', sprintf(USER_CASE_PDF_PATH, $uinfo['uid']) . basename($pdf_url));
if (!$res) $this->ajax_json(true, '发送失败'); if (!$res) $this->ajax_json(true, '发送失败');
$this->ajax_json(true, '发送成功'); $this->ajax_json(true, '发送成功');

2
model/mBase.php
View File

@ -1156,7 +1156,7 @@ class mBase extends publicBase {
public function requestLimit($key, $limit_times=10, $time_interval=60) { public function requestLimit($key, $limit_times=10, $time_interval=60) {
$rdobj = $this->initRedis(); $rdobj = $this->initRedis();
$request_times = $rdobj->get($key); $request_times = $rdobj->get($key);
if($request_times > $limit_times){ if($request_times >= $limit_times){
$this->setError('请勿频繁操作'); $this->setError('请勿频繁操作');
return false; return false;
} }

Write Preview
Loading…
Cancel
Save