diff --git a/config/define.php b/config/define.php index 0075789..70c30cc 100644 --- a/config/define.php +++ b/config/define.php @@ -49,13 +49,11 @@ //请求限制 define('_QR_REQUEST_LIMIT', '_rq_request_limit_%s'); - //后台账号密码缓存 - define('_QR_ADMIN_USER_INFO', '_rq_admin_user_info'); - define('ADMIN_PASSWORD_GET_EMAIL', '2115531468@qq.com'); - - $GLOBALS['admin_list'] = array( - '2115531468@qq.com', - '1464135724@qq.com' + $GLOBALS['super_admin_action'] = array( + 'user_list', + 'user_add', + 'ajax_save_user', + 'ajax_update_user', ); $GLOBALS['num_list'] = array( diff --git a/control/admin.php b/control/admin.php new file mode 100644 index 0000000..47983c5 --- /dev/null +++ b/control/admin.php @@ -0,0 +1,169 @@ +get('name')); + $password = trim($this->get('password')); + + if (!empty($name) && !empty($password)) { + $m_admin_user = new mAdminUser(); + $res = $m_admin_user->checkAdminLogin($name, $password); + if (!$res) $this->show_message($m_admin_user->getError(), '/admin/login'); + + header('Location: /admin/formula_list'); + } + } + + public function user_list() { + $m_admin_user = new mAdminUser(); + $list = $m_admin_user->getUserList(); + + $this->view['list'] = $list; + } + + public function user_add() {} + + public function ajax_save_user() { + $this->_check_login(true); + + $name = trim($this->post('name')); + $password = md5('123456'); + + $m_admin_user = new mAdminUser(); + $id = $m_admin_user->createUser(array('username' => $name, 'password' => $password)); + if (!$id) $this->ajax_json(false, '添加失败'); + + $this->ajax_json(true, '添加成功'); + } + + public function ajax_update_user() { + $id = $this->post('id') + 0; + $data = array( + 'status' => $this->post('status') + 0 + ); + + $m_admin_user = new mAdminUser(); + $id = $m_admin_user->updateUser($id, $data); + if (!$id) $this->ajax_json(false, '操作失败'); + + $this->ajax_json(true, '操作成功'); + } + + public function save_pass() { + $username = trim($this->get('username')); + + $m_admin_user = new mAdminUser(); + $user = $m_admin_user->getAdminUserByName($username); + if (!$user) $this->show_message("没有此用户", '/admin/formula_list'); + + $this->view['id'] = $user['id']; + } + + public function ajax_save_pass() { + $id = $this->post('id') + 0; + $password = trim($this->post('password')); + if (!$id || !$password) $this->ajax_json(false, '参数错误'); + + $uinfo = $this->get_uinfo(); + if ($uinfo['id'] != $id) $this->ajax_json(false, '用户不存在'); + + $m_admin_user = new mAdminUser(); + $user = $m_admin_user->getAdminUserById($id); + if (!$user) $this->ajax_json(false, '用户不存在'); + + $data = array( + 'password' => md5($password) + ); + $id = $m_admin_user->updateUser($id, $data); + if (!$id) $this->ajax_json(false, '操作失败'); + + $this->ajax_json(true, '操作成功'); + } + + public function formula_list() { + $is_all = $this->get('is_all') + 0; + $status = $this->get('status') + 0; + $name = trim($this->get('name')); + + $condition = array(); + $url = "/admin/formula_list/is_all/{$is_all}/status/{$status}"; + if ($name) { + $condition['name'] = $name; + $url .= "/name/{$name}"; + } + if (!$is_all) { + $condition['uid'] = 0; + } + if ($status == 0) { + $condition['is_delete'] = array(0, 2); + } elseif ($status == 1) { + $condition['is_delete'] = 2; + } elseif ($status == 2) { + $condition['is_delete'] = 0; + } + + $mformula = new mFormula(); + $total = $mformula->getFormulaTotal($condition); + + // 分页 + $page = new Page(); + $page->setTotalnum($total); + $page->setUrl($url . '/page/'); + $curpage = $this->get('page') > 0 ? $this->get('page') : 1; + $page->setPage($curpage); + + $this->view['page_list'] = $page->getPageList(); + $this->view['curpage'] = $curpage; + + if ($curpage > 1) $this->view['prev_page'] = $page->url . ($curpage - 1); //上一页连接 + if ($curpage < $page->totalpage) $this->view['post_page'] = $page->url . ($curpage + 1); //下一页连接 + + //只取出当前页显示 + $list = $mformula->getFormulaList($condition, $curpage, $page->pagesize); + + $this->view['list'] = $list; + } + + public function formula_add() { + $id = $this->get('id'); + if ($id) { + $mformula = new mFormula(); + $data = $mformula->getFormulaInfo($id, 0); + + $this->view['data'] = $data; + } + } + + public function ajax_save_formula() { + $id = $this->post('id') + 0; + $name = trim($this->post('name')); + $source = trim($this->post('source')); + $method = trim($this->post('method')); + $herbs = $this->post('herbs'); + + $mformula = new mFormula(); + $id = $mformula->saveFormula(0, $id, $name, $source, $method, $herbs); + if (!$id) $this->ajax_json(false, $mformula->getError()); + + $this->ajax_json(true, '请求成功', array('id' => $id)); + } + + public function ajax_delete_formula() { + $id = $this->post('id') + 0; + $is_delete = $this->post('is_delete') + 0; + + $mformula = new mFormula(); + $id = $mformula->deleteFormula(0, $id, $is_delete); + if (!$id) $this->ajax_json(false, $mformula->getError()); + + $this->ajax_json(true, '请求成功'); + } +} diff --git a/control/index.php b/control/index.php index feeea9a..709d72f 100644 --- a/control/index.php +++ b/control/index.php @@ -26,87 +26,7 @@ class index extends publicBase { } public function home() { - exit; - } - - public function login() { - $name = trim($this->get('name')); - $password = trim($this->get('password')); - - $m_user = new mUser(); - $m_user->createAdminPassWord(); - - if (!empty($name) && !empty($password)) { - $res = $m_user->checkAdminLogin($name, $password); - if (!$res) $this->show_message($m_user->getError(), '/index/login'); - - header('Location: /index/formula_list'); - } - } - - public function formula_list() { - if ($_COOKIE['uid'] !== 0 && empty($_COOKIE['token'])) header('Location: /index/login'); - - $this->view['uid'] = $_COOKIE['uid']; - $this->view['token'] = $_COOKIE['token']; - - $status = $this->get('status') + 0; - $is_all = $this->get('is_all') + 0; - $name = trim($this->get('name')); - - $condition = array(); - $url = "/index/formula_list/is_all/{$is_all}"; - if ($name) { - $condition['name'] = $name; - $url .= "/name/{$name}"; - } - if (!$is_all) { - $condition['uid'] = 0; - } - - if ($status == 0) { - $condition['is_delete'] = array(0, 2); - } elseif ($status == 1) { - $condition['is_delete'] = 2; - } elseif ($status == 2) { - $condition['is_delete'] = 0; - } - - $mformula = new mFormula(); - $total = $mformula->getFormulaTotal($condition); - - // 分页 - $page = new Page(); - $page->setTotalnum($total); - $page->setUrl($url . '/page/'); - $curpage = $this->get('page') > 0 ? $this->get('page') : 1; - $page->setPage($curpage); - - $this->view['page_list'] = $page->getPageList(); - $this->view['curpage'] = $curpage; - - if ($curpage > 1) $this->view['prev_page'] = $page->url . ($curpage - 1); //上一页连接 - if ($curpage < $page->totalpage) $this->view['post_page'] = $page->url . ($curpage + 1); //下一页连接 - - //只取出当前页显示 - $list = $mformula->getFormulaList($condition, $curpage, $page->pagesize); - - $this->view['list'] = $list; - } - - public function formula_add() { - if ($_COOKIE['uid'] !== 0 && empty($_COOKIE['token'])) header('Location: /index/login'); - - $this->view['uid'] = $_COOKIE['uid']; - $this->view['token'] = $_COOKIE['token']; - - $id = $this->get('id'); - if ($id) { - $mformula = new mFormula(); - $data = $mformula->getFormulaInfo($id, 0); - - $this->view['data'] = $data; - } + $this->ajax_json(false, 'hello world'); } public function ajax_save_formula() { diff --git a/data/dAdminUser.php b/data/dAdminUser.php new file mode 100644 index 0000000..d6d6295 --- /dev/null +++ b/data/dAdminUser.php @@ -0,0 +1,23 @@ + array( + 'id', + 'username', + 'password', + 'status', + 'is_super', + 'create_time', + ), + ); + + protected $primary_keys = array( + 'tcm_admin_user' => 'id', + ); +} + diff --git a/index.php b/index.php index 3fe7b6c..6787a76 100644 --- a/index.php +++ b/index.php @@ -53,6 +53,13 @@ $_GET[$new_para[0]] = $new_para[1]; } } + + if($this->control_name == 'admin' && $this->control_func !== 'login') { + $is_super = false; + if(in_array($this->control_func, $GLOBALS['super_admin_action'])) $is_super = true; + + $this->_check_login($is_super); + } } private function action() { @@ -108,6 +115,24 @@ $display->execute(); } + private function _check_login($is_super = false) { + if ($_COOKIE['uid'] !== 0 && empty($_COOKIE['token'])) header('Location: /admin/login'); + + $m_admin_user = new mAdminUser(); + $is_login = $m_admin_user->validateToken($_COOKIE['uid'], $_COOKIE['token']); + if (!$is_login) $this->ajax_json(false, '未登录或登录已经失效', array('code' => CODE_LOGIN_EXIPRE)); + + $uinfo = $m_admin_user->getAdminUserById($_COOKIE['uid']); + if (empty($uinfo)) $this->ajax_json(false, '用户不存在', array('code' => CODE_LOGIN_USER_NOT_EXIST)); + + if ($uinfo['status'] != 0) $this->ajax_json(false, '用户已被禁用'); + + if ($is_super && $uinfo['is_super'] != 1) $this->ajax_json(false, '你没有该权限'); + + $this->para['_uinfo'] = $uinfo; + + return true; + } } new run(); diff --git a/model/mAdminUser.php b/model/mAdminUser.php new file mode 100644 index 0000000..5ff3e1e --- /dev/null +++ b/model/mAdminUser.php @@ -0,0 +1,105 @@ +obj = new dAdminUser(); + $this->tbl = 'tcm_admin_user'; + } + + public function getAdminUserByName($name) { + return $this->obj->select($this->tbl, array('sql' => '`username`=?', 'vals' => array($name))); + } + + public function getAdminUserById($id) { + return $this->obj->select($this->tbl, array('sql' => '`id`=?', 'vals' => array($id))); + } + + public function getUserList() { + return $this->obj->selectAll($this->tbl); + } + + public function createUser($info) { + return $this->obj->insert($this->tbl, $info); + } + + public function updateUser($id, $info) { + return $this->obj->update($this->tbl, $info, array('sql' => '`id`=?', 'vals' => array($id))); + } + + public function checkAdminLogin($name, $password) { + if (empty($name) || empty($password)) { + $this->setError('参数错误'); + return false; + } + + $admin_user = $this->getAdminUserByName($name); + if (empty($admin_user)) { + $this->setError('用户不存在'); + return false; + } + + if ($admin_user['password'] !== md5($password)) { + $this->setError('密码不正确'); + return false; + } + + if ($admin_user['status'] != 0) { + $this->setError('用户已禁用'); + return false; + } + + //设置登录状态 + setcookie("uid", $admin_user['id'], time() + 3600 * 24, '/'); + setcookie("token", $this->getToken($admin_user['id']), time() + 3600 * 24, '/'); + return true; + } + + public function getUserByOpenid($openid) { + return $this->obj->select($this->tbl, array('sql' => '`openid`=?', 'vals' => array($openid))); + } + + function createUniqueID($openid) { + $uuid = uniqid($openid, true); + $hash = hash('sha256', $uuid); + $decimal = base_convert(substr($hash, 0, 16), 16, 10); + return substr($decimal, 0, 10); + } + + public function getUserByIdentifier($identifier) { + return $this->obj->select($this->tbl, array('sql' => '`identifier`=?', 'vals' => array($identifier))); + } + + public function getUserByUid($uid) { + return $this->obj->select($this->tbl, array('sql' => '`uid`=?', 'vals' => array($uid))); + } + + public function getToken($uid) { + $secretKey = JWT_KEY; + $timestamp = time(); + $data = $uid . '|' . $timestamp; + $token = hash_hmac('sha256', $data, $secretKey); + return base64_encode($data . '|' . $token); + } + + public function validateToken($uid, $token) { + $secretKey = JWT_KEY; + $decodedToken = base64_decode($token); + list($valid_uid, $timestamp, $tokenHash) = explode('|', $decodedToken); + + $data = $uid . '|' . $timestamp; + $validToken = hash_hmac('sha256', $data, $secretKey); + + if (hash_equals($validToken, $tokenHash) && time() - $timestamp < 7200) { + return true; + } + return false; + } +} \ No newline at end of file diff --git a/model/mUser.php b/model/mUser.php index c410e6e..3996da1 100644 --- a/model/mUser.php +++ b/model/mUser.php @@ -14,46 +14,6 @@ class mUser extends mBase { $this->tbl = 'tcm_user'; } - public function checkAdminLogin($name, $password) { - if (empty($name) || empty($password)) { - $this->setError('参数错误'); - return false; - } - - $robj = $this->initRedis(); - $user_info = $robj->get(_QR_ADMIN_USER_INFO); - $user_info = json_decode($user_info, true); - - if ($user_info['name'] !== $name || $user_info['password'] !== $password) { - $this->setError('账户或密码不正确'); - return false; - } - - //设置登录状态 - setcookie("uid", 0, time() + 7200, '/'); - setcookie("token", $this->getToken(0), time() + 7200, '/'); - return true; - } - - public function createAdminPassword() { - $robj = $this->initRedis(); - $user_info = $robj->get(_QR_ADMIN_USER_INFO); - if (empty($user_info)) { - $email = $GLOBALS['admin_list']; - $pass = bin2hex(openssl_random_pseudo_bytes(8)); - $robj->setex(_QR_ADMIN_USER_INFO, 12 * 60 * 60, json_encode(array('name' => 'admin', 'password' => $pass))); - - $content = "后台地址:" . TCM_DOMAIN . "/index/login
"; - $content .= "用户名:admin" . "
"; - $content .= "密码:" . $pass; - - $this->sendMail($email, '医案录入后台', $content); - - return true; - } - return false; - } - public function getUserInfo($code) { $openid = $this->getOpenid($code); if (!$openid) { diff --git a/view/templates/index/formula_add.html b/view/templates/admin/formula_add.html similarity index 95% rename from view/templates/index/formula_add.html rename to view/templates/admin/formula_add.html index 24be6ec..6baacb0 100644 --- a/view/templates/index/formula_add.html +++ b/view/templates/admin/formula_add.html @@ -105,10 +105,9 @@ - - + - + {literal} @@ -142,13 +141,8 @@ const form = document.getElementById('prescription-form'); const formData = new FormData(form); - const uid = {/literal}{$uid}{literal}; - const token = {/literal}'{$token}'{literal}; - const data = { id: formData.get('id'), - uid: uid, - token: token, name: formData.get('name'), source: formData.get('source'), method: formData.get('method'), @@ -171,18 +165,18 @@ data.herbs = JSON.stringify(herbs); $.ajax({ - url: '/ajax_save_formula', // 替换为你的服务器端处理文件 + url: '/admin/ajax_save_formula', // 替换为你的服务器端处理文件 type: 'POST', data: data, dataType: 'json', success: function (response) { alert(response.info); if (response.status == true) { - window.location.href = "/index/formula_list" + window.location.href = "/admin/formula_list" } if(response.data.code == 40002){ - window.location.href = "/index/login"; + window.location.href = "/admin/login"; } }, error: function (xhr, status, error) { diff --git a/view/templates/index/formula_list.html b/view/templates/admin/formula_list.html similarity index 80% rename from view/templates/index/formula_list.html rename to view/templates/admin/formula_list.html index 0bdf801..e7a07d4 100644 --- a/view/templates/index/formula_list.html +++ b/view/templates/admin/formula_list.html @@ -104,11 +104,11 @@ {if $item.is_delete == 2} - 审核通过 + 审核通过 {/if} {if $item.uid == 0} - 编辑 - 删除 + 编辑 + 删除 {/if} @@ -130,7 +130,7 @@ var is_all = $('#is_all').val(); var name = $.trim($('#name').val()); - var url = '/index/formula_list'; + var url = '/admin/formula_list'; if(is_all > 0) url += '/is_all/' + is_all; if(status > 0) url += '/status/' + status; @@ -139,26 +139,21 @@ location.href = url; } function to_add(){ - location.href = '/index/formula_add'; + location.href = '/admin/formula_add'; } - function to_delete(id) { + function to_delete(id,status) { if (!confirm("确定要删除吗?")) { console.log("用户选择了确认"); return false; } - const uid = {/literal}{$uid}{literal}; - const token = {/literal}'{$token}'{literal}; - const data = { id: id, - is_delete: 1, - uid: uid, - token: token, + is_delete: status, }; $.ajax({ - url: '/ajax_delete_formula', // 替换为你的服务器端处理文件 + url: '/admin/ajax_delete_formula', // 替换为你的服务器端处理文件 type: 'POST', data: data, dataType: 'json', @@ -169,44 +164,7 @@ } if(response.data.code == 40002){ - window.location.href = "/index/login"; - } - }, - error: function (xhr, status, error) { - console.error('错误:', response); - alert('提交失败,请重试。'); - } - }); - } - function to_status(id) { - if (!confirm("确定要操作吗?")) { - console.log("用户选择了确认"); - return false; - } - - const uid = {/literal}{$uid}{literal}; - const token = {/literal}'{$token}'{literal}; - - const data = { - id: id, - is_delete: 0, - uid: uid, - token: token, - }; - - $.ajax({ - url: '/ajax_delete_formula', // 替换为你的服务器端处理文件 - type: 'POST', - data: data, - dataType: 'json', - success: function (response) { - if (response.status == true) { - window.location.reload(); - return true; - } - alert(response.info); - if(response.data.code == 40002){ - window.location.href = "/index/login"; + window.location.href = "/admin/login"; } }, error: function (xhr, status, error) { diff --git a/view/templates/index/login.html b/view/templates/admin/login.html similarity index 97% rename from view/templates/index/login.html rename to view/templates/admin/login.html index 07be775..50235e7 100644 --- a/view/templates/index/login.html +++ b/view/templates/admin/login.html @@ -57,7 +57,7 @@ const name = formData.get('name'); const password = formData.get('password'); - location.href = "/index/login/name/" + name + "/password/" + password; + location.href = "/admin/login/name/" + name + "/password/" + password; } +{/literal} + + + \ No newline at end of file diff --git a/view/templates/admin/user_add.html b/view/templates/admin/user_add.html new file mode 100644 index 0000000..02f613b --- /dev/null +++ b/view/templates/admin/user_add.html @@ -0,0 +1,114 @@ + + + + + + + + + 添加用户 + + + + + +
+
+
+
+
+
+ 添加用户 +
 
+
+ +
+
+
+ +
+
+
+
+
+
+
+ + +
 
+ +
+ + +
+ +
 
+ +
+ + + +
+ +
 
+
+
+
+
+
+ +
+ +
+ +
+
+ +
+
+ +{literal} + + +{/literal} + + + \ No newline at end of file diff --git a/view/templates/admin/user_list.html b/view/templates/admin/user_list.html new file mode 100644 index 0000000..2b6a56a --- /dev/null +++ b/view/templates/admin/user_list.html @@ -0,0 +1,110 @@ + + + + + + + + + 管理员列表 + + + + + +
+
+
+
+
+
+ +
+
+ +
+
+ + + + + + + + + + {foreach from=$list key=key item=item} + + + + + + {/foreach} + +
ID管理员操作
{$item.id}{$item.username} + {if $item.is_super == 0} + {if $item.status == 0} + 禁用 + {else} + 启用 + {/if} + {/if} +
+
+ +
+
+ +
+ +
+ +{literal} + +{/literal} + + +