From d8e27a94a3ab9cb4f254d8f19849b3f090907546 Mon Sep 17 00:00:00 2001 From: pengda <10266652509@qq.com> Date: Thu, 10 Oct 2024 16:40:09 +0800 Subject: [PATCH] =?UTF-8?q?=E5=90=8E=E5=8F=B0=E7=94=A8=E6=88=B7=E5=88=97?= =?UTF-8?q?=E8=A1=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config/define.php | 12 +- control/admin.php | 169 +++++++++++++++++++++++++ control/index.php | 82 +----------- data/dAdminUser.php | 23 ++++ index.php | 25 ++++ model/mAdminUser.php | 105 ++++++++++++++++ model/mUser.php | 40 ------ view/templates/admin/formula_add.html | 203 ++++++++++++++++++++++++++++++ view/templates/admin/formula_list.html | 180 ++++++++++++++++++++++++++ view/templates/admin/login.html | 85 +++++++++++++ view/templates/admin/save_pass.html | 118 ++++++++++++++++++ view/templates/admin/user_add.html | 114 +++++++++++++++++ view/templates/admin/user_list.html | 110 ++++++++++++++++ view/templates/index/formula_add.html | 209 ------------------------------- view/templates/index/formula_list.html | 222 --------------------------------- view/templates/index/login.html | 85 ------------- 16 files changed, 1138 insertions(+), 644 deletions(-) create mode 100644 control/admin.php create mode 100644 data/dAdminUser.php create mode 100644 model/mAdminUser.php create mode 100644 view/templates/admin/formula_add.html create mode 100644 view/templates/admin/formula_list.html create mode 100644 view/templates/admin/login.html create mode 100644 view/templates/admin/save_pass.html create mode 100644 view/templates/admin/user_add.html create mode 100644 view/templates/admin/user_list.html delete mode 100644 view/templates/index/formula_add.html delete mode 100644 view/templates/index/formula_list.html delete mode 100644 view/templates/index/login.html diff --git a/config/define.php b/config/define.php index 0075789..70c30cc 100644 --- a/config/define.php +++ b/config/define.php @@ -49,13 +49,11 @@ //请求限制 define('_QR_REQUEST_LIMIT', '_rq_request_limit_%s'); - //后台账号密码缓存 - define('_QR_ADMIN_USER_INFO', '_rq_admin_user_info'); - define('ADMIN_PASSWORD_GET_EMAIL', '2115531468@qq.com'); - - $GLOBALS['admin_list'] = array( - '2115531468@qq.com', - '1464135724@qq.com' + $GLOBALS['super_admin_action'] = array( + 'user_list', + 'user_add', + 'ajax_save_user', + 'ajax_update_user', ); $GLOBALS['num_list'] = array( diff --git a/control/admin.php b/control/admin.php new file mode 100644 index 0000000..47983c5 --- /dev/null +++ b/control/admin.php @@ -0,0 +1,169 @@ +get('name')); + $password = trim($this->get('password')); + + if (!empty($name) && !empty($password)) { + $m_admin_user = new mAdminUser(); + $res = $m_admin_user->checkAdminLogin($name, $password); + if (!$res) $this->show_message($m_admin_user->getError(), '/admin/login'); + + header('Location: /admin/formula_list'); + } + } + + public function user_list() { + $m_admin_user = new mAdminUser(); + $list = $m_admin_user->getUserList(); + + $this->view['list'] = $list; + } + + public function user_add() {} + + public function ajax_save_user() { + $this->_check_login(true); + + $name = trim($this->post('name')); + $password = md5('123456'); + + $m_admin_user = new mAdminUser(); + $id = $m_admin_user->createUser(array('username' => $name, 'password' => $password)); + if (!$id) $this->ajax_json(false, '添加失败'); + + $this->ajax_json(true, '添加成功'); + } + + public function ajax_update_user() { + $id = $this->post('id') + 0; + $data = array( + 'status' => $this->post('status') + 0 + ); + + $m_admin_user = new mAdminUser(); + $id = $m_admin_user->updateUser($id, $data); + if (!$id) $this->ajax_json(false, '操作失败'); + + $this->ajax_json(true, '操作成功'); + } + + public function save_pass() { + $username = trim($this->get('username')); + + $m_admin_user = new mAdminUser(); + $user = $m_admin_user->getAdminUserByName($username); + if (!$user) $this->show_message("没有此用户", '/admin/formula_list'); + + $this->view['id'] = $user['id']; + } + + public function ajax_save_pass() { + $id = $this->post('id') + 0; + $password = trim($this->post('password')); + if (!$id || !$password) $this->ajax_json(false, '参数错误'); + + $uinfo = $this->get_uinfo(); + if ($uinfo['id'] != $id) $this->ajax_json(false, '用户不存在'); + + $m_admin_user = new mAdminUser(); + $user = $m_admin_user->getAdminUserById($id); + if (!$user) $this->ajax_json(false, '用户不存在'); + + $data = array( + 'password' => md5($password) + ); + $id = $m_admin_user->updateUser($id, $data); + if (!$id) $this->ajax_json(false, '操作失败'); + + $this->ajax_json(true, '操作成功'); + } + + public function formula_list() { + $is_all = $this->get('is_all') + 0; + $status = $this->get('status') + 0; + $name = trim($this->get('name')); + + $condition = array(); + $url = "/admin/formula_list/is_all/{$is_all}/status/{$status}"; + if ($name) { + $condition['name'] = $name; + $url .= "/name/{$name}"; + } + if (!$is_all) { + $condition['uid'] = 0; + } + if ($status == 0) { + $condition['is_delete'] = array(0, 2); + } elseif ($status == 1) { + $condition['is_delete'] = 2; + } elseif ($status == 2) { + $condition['is_delete'] = 0; + } + + $mformula = new mFormula(); + $total = $mformula->getFormulaTotal($condition); + + // 分页 + $page = new Page(); + $page->setTotalnum($total); + $page->setUrl($url . '/page/'); + $curpage = $this->get('page') > 0 ? $this->get('page') : 1; + $page->setPage($curpage); + + $this->view['page_list'] = $page->getPageList(); + $this->view['curpage'] = $curpage; + + if ($curpage > 1) $this->view['prev_page'] = $page->url . ($curpage - 1); //上一页连接 + if ($curpage < $page->totalpage) $this->view['post_page'] = $page->url . ($curpage + 1); //下一页连接 + + //只取出当前页显示 + $list = $mformula->getFormulaList($condition, $curpage, $page->pagesize); + + $this->view['list'] = $list; + } + + public function formula_add() { + $id = $this->get('id'); + if ($id) { + $mformula = new mFormula(); + $data = $mformula->getFormulaInfo($id, 0); + + $this->view['data'] = $data; + } + } + + public function ajax_save_formula() { + $id = $this->post('id') + 0; + $name = trim($this->post('name')); + $source = trim($this->post('source')); + $method = trim($this->post('method')); + $herbs = $this->post('herbs'); + + $mformula = new mFormula(); + $id = $mformula->saveFormula(0, $id, $name, $source, $method, $herbs); + if (!$id) $this->ajax_json(false, $mformula->getError()); + + $this->ajax_json(true, '请求成功', array('id' => $id)); + } + + public function ajax_delete_formula() { + $id = $this->post('id') + 0; + $is_delete = $this->post('is_delete') + 0; + + $mformula = new mFormula(); + $id = $mformula->deleteFormula(0, $id, $is_delete); + if (!$id) $this->ajax_json(false, $mformula->getError()); + + $this->ajax_json(true, '请求成功'); + } +} diff --git a/control/index.php b/control/index.php index feeea9a..709d72f 100644 --- a/control/index.php +++ b/control/index.php @@ -26,87 +26,7 @@ class index extends publicBase { } public function home() { - exit; - } - - public function login() { - $name = trim($this->get('name')); - $password = trim($this->get('password')); - - $m_user = new mUser(); - $m_user->createAdminPassWord(); - - if (!empty($name) && !empty($password)) { - $res = $m_user->checkAdminLogin($name, $password); - if (!$res) $this->show_message($m_user->getError(), '/index/login'); - - header('Location: /index/formula_list'); - } - } - - public function formula_list() { - if ($_COOKIE['uid'] !== 0 && empty($_COOKIE['token'])) header('Location: /index/login'); - - $this->view['uid'] = $_COOKIE['uid']; - $this->view['token'] = $_COOKIE['token']; - - $status = $this->get('status') + 0; - $is_all = $this->get('is_all') + 0; - $name = trim($this->get('name')); - - $condition = array(); - $url = "/index/formula_list/is_all/{$is_all}"; - if ($name) { - $condition['name'] = $name; - $url .= "/name/{$name}"; - } - if (!$is_all) { - $condition['uid'] = 0; - } - - if ($status == 0) { - $condition['is_delete'] = array(0, 2); - } elseif ($status == 1) { - $condition['is_delete'] = 2; - } elseif ($status == 2) { - $condition['is_delete'] = 0; - } - - $mformula = new mFormula(); - $total = $mformula->getFormulaTotal($condition); - - // 分页 - $page = new Page(); - $page->setTotalnum($total); - $page->setUrl($url . '/page/'); - $curpage = $this->get('page') > 0 ? $this->get('page') : 1; - $page->setPage($curpage); - - $this->view['page_list'] = $page->getPageList(); - $this->view['curpage'] = $curpage; - - if ($curpage > 1) $this->view['prev_page'] = $page->url . ($curpage - 1); //上一页连接 - if ($curpage < $page->totalpage) $this->view['post_page'] = $page->url . ($curpage + 1); //下一页连接 - - //只取出当前页显示 - $list = $mformula->getFormulaList($condition, $curpage, $page->pagesize); - - $this->view['list'] = $list; - } - - public function formula_add() { - if ($_COOKIE['uid'] !== 0 && empty($_COOKIE['token'])) header('Location: /index/login'); - - $this->view['uid'] = $_COOKIE['uid']; - $this->view['token'] = $_COOKIE['token']; - - $id = $this->get('id'); - if ($id) { - $mformula = new mFormula(); - $data = $mformula->getFormulaInfo($id, 0); - - $this->view['data'] = $data; - } + $this->ajax_json(false, 'hello world'); } public function ajax_save_formula() { diff --git a/data/dAdminUser.php b/data/dAdminUser.php new file mode 100644 index 0000000..d6d6295 --- /dev/null +++ b/data/dAdminUser.php @@ -0,0 +1,23 @@ + array( + 'id', + 'username', + 'password', + 'status', + 'is_super', + 'create_time', + ), + ); + + protected $primary_keys = array( + 'tcm_admin_user' => 'id', + ); +} + diff --git a/index.php b/index.php index 3fe7b6c..6787a76 100644 --- a/index.php +++ b/index.php @@ -53,6 +53,13 @@ $_GET[$new_para[0]] = $new_para[1]; } } + + if($this->control_name == 'admin' && $this->control_func !== 'login') { + $is_super = false; + if(in_array($this->control_func, $GLOBALS['super_admin_action'])) $is_super = true; + + $this->_check_login($is_super); + } } private function action() { @@ -108,6 +115,24 @@ $display->execute(); } + private function _check_login($is_super = false) { + if ($_COOKIE['uid'] !== 0 && empty($_COOKIE['token'])) header('Location: /admin/login'); + + $m_admin_user = new mAdminUser(); + $is_login = $m_admin_user->validateToken($_COOKIE['uid'], $_COOKIE['token']); + if (!$is_login) $this->ajax_json(false, '未登录或登录已经失效', array('code' => CODE_LOGIN_EXIPRE)); + + $uinfo = $m_admin_user->getAdminUserById($_COOKIE['uid']); + if (empty($uinfo)) $this->ajax_json(false, '用户不存在', array('code' => CODE_LOGIN_USER_NOT_EXIST)); + + if ($uinfo['status'] != 0) $this->ajax_json(false, '用户已被禁用'); + + if ($is_super && $uinfo['is_super'] != 1) $this->ajax_json(false, '你没有该权限'); + + $this->para['_uinfo'] = $uinfo; + + return true; + } } new run(); diff --git a/model/mAdminUser.php b/model/mAdminUser.php new file mode 100644 index 0000000..5ff3e1e --- /dev/null +++ b/model/mAdminUser.php @@ -0,0 +1,105 @@ +obj = new dAdminUser(); + $this->tbl = 'tcm_admin_user'; + } + + public function getAdminUserByName($name) { + return $this->obj->select($this->tbl, array('sql' => '`username`=?', 'vals' => array($name))); + } + + public function getAdminUserById($id) { + return $this->obj->select($this->tbl, array('sql' => '`id`=?', 'vals' => array($id))); + } + + public function getUserList() { + return $this->obj->selectAll($this->tbl); + } + + public function createUser($info) { + return $this->obj->insert($this->tbl, $info); + } + + public function updateUser($id, $info) { + return $this->obj->update($this->tbl, $info, array('sql' => '`id`=?', 'vals' => array($id))); + } + + public function checkAdminLogin($name, $password) { + if (empty($name) || empty($password)) { + $this->setError('参数错误'); + return false; + } + + $admin_user = $this->getAdminUserByName($name); + if (empty($admin_user)) { + $this->setError('用户不存在'); + return false; + } + + if ($admin_user['password'] !== md5($password)) { + $this->setError('密码不正确'); + return false; + } + + if ($admin_user['status'] != 0) { + $this->setError('用户已禁用'); + return false; + } + + //设置登录状态 + setcookie("uid", $admin_user['id'], time() + 3600 * 24, '/'); + setcookie("token", $this->getToken($admin_user['id']), time() + 3600 * 24, '/'); + return true; + } + + public function getUserByOpenid($openid) { + return $this->obj->select($this->tbl, array('sql' => '`openid`=?', 'vals' => array($openid))); + } + + function createUniqueID($openid) { + $uuid = uniqid($openid, true); + $hash = hash('sha256', $uuid); + $decimal = base_convert(substr($hash, 0, 16), 16, 10); + return substr($decimal, 0, 10); + } + + public function getUserByIdentifier($identifier) { + return $this->obj->select($this->tbl, array('sql' => '`identifier`=?', 'vals' => array($identifier))); + } + + public function getUserByUid($uid) { + return $this->obj->select($this->tbl, array('sql' => '`uid`=?', 'vals' => array($uid))); + } + + public function getToken($uid) { + $secretKey = JWT_KEY; + $timestamp = time(); + $data = $uid . '|' . $timestamp; + $token = hash_hmac('sha256', $data, $secretKey); + return base64_encode($data . '|' . $token); + } + + public function validateToken($uid, $token) { + $secretKey = JWT_KEY; + $decodedToken = base64_decode($token); + list($valid_uid, $timestamp, $tokenHash) = explode('|', $decodedToken); + + $data = $uid . '|' . $timestamp; + $validToken = hash_hmac('sha256', $data, $secretKey); + + if (hash_equals($validToken, $tokenHash) && time() - $timestamp < 7200) { + return true; + } + return false; + } +} \ No newline at end of file diff --git a/model/mUser.php b/model/mUser.php index c410e6e..3996da1 100644 --- a/model/mUser.php +++ b/model/mUser.php @@ -14,46 +14,6 @@ class mUser extends mBase { $this->tbl = 'tcm_user'; } - public function checkAdminLogin($name, $password) { - if (empty($name) || empty($password)) { - $this->setError('参数错误'); - return false; - } - - $robj = $this->initRedis(); - $user_info = $robj->get(_QR_ADMIN_USER_INFO); - $user_info = json_decode($user_info, true); - - if ($user_info['name'] !== $name || $user_info['password'] !== $password) { - $this->setError('账户或密码不正确'); - return false; - } - - //设置登录状态 - setcookie("uid", 0, time() + 7200, '/'); - setcookie("token", $this->getToken(0), time() + 7200, '/'); - return true; - } - - public function createAdminPassword() { - $robj = $this->initRedis(); - $user_info = $robj->get(_QR_ADMIN_USER_INFO); - if (empty($user_info)) { - $email = $GLOBALS['admin_list']; - $pass = bin2hex(openssl_random_pseudo_bytes(8)); - $robj->setex(_QR_ADMIN_USER_INFO, 12 * 60 * 60, json_encode(array('name' => 'admin', 'password' => $pass))); - - $content = "后台地址:" . TCM_DOMAIN . "/index/login
"; - $content .= "用户名:admin" . "
"; - $content .= "密码:" . $pass; - - $this->sendMail($email, '医案录入后台', $content); - - return true; - } - return false; - } - public function getUserInfo($code) { $openid = $this->getOpenid($code); if (!$openid) { diff --git a/view/templates/admin/formula_add.html b/view/templates/admin/formula_add.html new file mode 100644 index 0000000..6baacb0 --- /dev/null +++ b/view/templates/admin/formula_add.html @@ -0,0 +1,203 @@ + + + + + + + + + 添加药方 + + + + + +
+
+
+
+
+
+ 添加药方 +
 
+
+ +
+
+
+ +
+
+
+
+
+
+
+ + +
 
+ +
+ + +
+ +
 
+ +
+ + +
+ +
 
+ +
+ + + +
+ +
 
+ +
+ + +
+ +
+ {foreach from=$data.formula key=key item=item} +
+ +
+ + + + + + + +
+
+ {/foreach} + +
+ +
 
+ +
+ + + +
+ +
 
+
+
+
+
+
+ +
+ +
+ +
+
+ +
+
+ +{literal} + + +{/literal} + + + \ No newline at end of file diff --git a/view/templates/admin/formula_list.html b/view/templates/admin/formula_list.html new file mode 100644 index 0000000..e7a07d4 --- /dev/null +++ b/view/templates/admin/formula_list.html @@ -0,0 +1,180 @@ + + + + + + + + + 药方列表 + + + + + +
+
+
+
+
+
+ + + + + + +
+  全部药方:  + + +  审核状态:  + + +  药方名称:  + + + +
+
+
+ +
+
+ +
+
+ +
+
+ {if count($page_list) > 1} +
+ + {if isset($prev_page)} + 上一页 + {/if} + + {foreach from=$page_list key=key item=item} + {if $key+1 eq $curpage}{/if}{$item.page}{if $key+1 eq $curpage}{/if} + {/foreach} + + {if isset($post_page)} + 下一页 + {/if} + +
+ {/if} + + + + + + + + + + + + + + {foreach from=$list key=key item=item} + + + + + + + + + + + {/foreach} + +
ID录方者uid药方名称药方来源使用次数药方详情操作
{$item.id}{if $item.uid eq 0}-{else}{$item.uid}{/if}{$item.name}{$item.source}{$item.use_num} + {foreach from=$item.formula item=value} + {$value.name} {$value.num_str} + {/foreach} + + {if $item.is_delete == 2} + 审核通过 + {/if} + {if $item.uid == 0} + 编辑 + 删除 + {/if} +
+
+ +
+ +
+ +
+ +{literal} + +{/literal} + + + diff --git a/view/templates/admin/login.html b/view/templates/admin/login.html new file mode 100644 index 0000000..50235e7 --- /dev/null +++ b/view/templates/admin/login.html @@ -0,0 +1,85 @@ + + + + + + + + + 登录 + + + + + +
+
+
+

登录

+ + +
 
+ +
+ + +
+ +
 
+ +
+ + +
+ +
 
+ +
+ +
+ +
+
+ +
+ +{literal} + + +{/literal} + + + diff --git a/view/templates/admin/save_pass.html b/view/templates/admin/save_pass.html new file mode 100644 index 0000000..3da3fa4 --- /dev/null +++ b/view/templates/admin/save_pass.html @@ -0,0 +1,118 @@ + + + + + + + + + 修改密码 + + + + + +
+
+
+
+
+
+ 修改密码 +
 
+
+ +
+
+
+ +
+
+
+
+
+
+
+ + +
 
+ +
+ + +
+ +
 
+ +
+ + + +
+ +
 
+
+
+
+
+
+ +
+ +
+ +
+
+ +
+
+ +{literal} + + +{/literal} + + + \ No newline at end of file diff --git a/view/templates/admin/user_add.html b/view/templates/admin/user_add.html new file mode 100644 index 0000000..02f613b --- /dev/null +++ b/view/templates/admin/user_add.html @@ -0,0 +1,114 @@ + + + + + + + + + 添加用户 + + + + + +
+
+
+
+
+
+ 添加用户 +
 
+
+ +
+
+
+ +
+
+
+
+
+
+
+ + +
 
+ +
+ + +
+ +
 
+ +
+ + + +
+ +
 
+
+
+
+
+
+ +
+ +
+ +
+
+ +
+
+ +{literal} + + +{/literal} + + + \ No newline at end of file diff --git a/view/templates/admin/user_list.html b/view/templates/admin/user_list.html new file mode 100644 index 0000000..2b6a56a --- /dev/null +++ b/view/templates/admin/user_list.html @@ -0,0 +1,110 @@ + + + + + + + + + 管理员列表 + + + + + +
+
+
+
+
+
+ +
+
+ +
+
+ + + + + + + + + + {foreach from=$list key=key item=item} + + + + + + {/foreach} + +
ID管理员操作
{$item.id}{$item.username} + {if $item.is_super == 0} + {if $item.status == 0} + 禁用 + {else} + 启用 + {/if} + {/if} +
+
+ +
+
+ +
+ +
+ +{literal} + +{/literal} + + + diff --git a/view/templates/index/formula_add.html b/view/templates/index/formula_add.html deleted file mode 100644 index 24be6ec..0000000 --- a/view/templates/index/formula_add.html +++ /dev/null @@ -1,209 +0,0 @@ - - - - - - - - - 添加药方 - - - - - -
-
-
-
-
-
- 添加药方 -
 
-
- -
-
-
- -
-
-
-
-
-
-
- - -
 
- -
- - -
- -
 
- -
- - -
- -
 
- -
- - - -
- -
 
- -
- - -
- -
- {foreach from=$data.formula key=key item=item} -
- -
- - - - - - - -
-
- {/foreach} - -
- -
 
- -
- - - -
- -
 
-
-
-
-
-
- -
- -
- -
-
- - -
- - -{literal} - - -{/literal} - - - \ No newline at end of file diff --git a/view/templates/index/formula_list.html b/view/templates/index/formula_list.html deleted file mode 100644 index 0bdf801..0000000 --- a/view/templates/index/formula_list.html +++ /dev/null @@ -1,222 +0,0 @@ - - - - - - - - - 药方列表 - - - - - -
-
-
-
-
-
- - - - - - -
-  全部药方:  - - -  审核状态:  - - -  药方名称:  - - - -
-
-
- -
-
- -
-
- -
-
- {if count($page_list) > 1} -
- - {if isset($prev_page)} - 上一页 - {/if} - - {foreach from=$page_list key=key item=item} - {if $key+1 eq $curpage}{/if}{$item.page}{if $key+1 eq $curpage}{/if} - {/foreach} - - {if isset($post_page)} - 下一页 - {/if} - -
- {/if} - - - - - - - - - - - - - - {foreach from=$list key=key item=item} - - - - - - - - - - - {/foreach} - -
ID录方者uid药方名称药方来源使用次数药方详情操作
{$item.id}{if $item.uid eq 0}-{else}{$item.uid}{/if}{$item.name}{$item.source}{$item.use_num} - {foreach from=$item.formula item=value} - {$value.name} {$value.num_str} - {/foreach} - - {if $item.is_delete == 2} - 审核通过 - {/if} - {if $item.uid == 0} - 编辑 - 删除 - {/if} -
-
- -
- -
- -
- -{literal} - -{/literal} - - - diff --git a/view/templates/index/login.html b/view/templates/index/login.html deleted file mode 100644 index 07be775..0000000 --- a/view/templates/index/login.html +++ /dev/null @@ -1,85 +0,0 @@ - - - - - - - - - 登录 - - - - - -
-
-
-

登录

- - -
 
- -
- - -
- -
 
- -
- - -
- -
 
- -
- -
- -
-
- -
- -{literal} - - -{/literal} - - -