$msg,'url'=>$server_name); $arr = json_encode($arr); $arr = base64_encode($arr); header('location: '.B2B_API_URL.'?act=loginFail&msg='.$arr); exit; } } public function signErrorReturn($params) { if ($params['visitor_role'] == 'taobao') { header("location: http://fuwu.taobao.com/service/my_service.htm"); exit; } else { return false; } } public function realLogin($params, $type) { // 如果是分销王登录 if($params['login_from']=='b2b') { $account_id = $this->check_name($params['visitor_nick'],$params['visitor_pwd']); if (!$account_id) { $this->b2b_login_error('帐号或密码错误'); return false; } }else{ $account_id = $this->check_name($params['visitor_nick']); //用户不存在则新建 //if (!$account_id) { // $account_id = $this->insert_user($params, $type); //} } if ($account_id) { kernel::single('base_session')->start(); $_SESSION['account'][$type] = $account_id; $_SESSION['login_time'] = time(); $_SESSION['needChangePassword'] = null; $_SESSION['login_trust'] = true; if ($params['visitor_role'] == 'taobao') { app::get('omestart')->setConf('tb_session', $params['top_session']); app::get('omestart')->setConf('tb_nick', $params['visitor_nick']); app::get('omestart')->setConf('tb_uid', $params['visitor_id']); } $users = app::get('desktop')->model('users'); $aUser = $users->dump($account_id, '*'); $sdf['lastlogin'] = $_SESSION['login_time'] ? $_SESSION['login_time'] : time(); $sdf['logincount'] = $aUser['logincount'] + 1; $users->update($sdf, array('user_id' => $account_id)); return true; } return false; } /** * 检查_name * @param mixed $login_name login_name * @param mixed $login_password login_password * @return mixed 返回验证结果 */ public function check_name($login_name=null,$login_password=null) { $account = app::get('pam')->model('account'); if($login_password!='') { $row = $account->getList('account_id', array('login_name' => $login_name,'login_password' => $login_password)); }else{ $row = $account->getList('account_id', array('login_name' => $login_name)); } if ($row) return $row[0]['account_id']; else return false; } /** * insert_user * @param mixed $params 参数 * @param mixed $type type * @return mixed 返回值 */ public function insert_user($params, $type) { if (!$params) return false; //[huishang]用户不存在时,使用传过来的登录密码 if($params['login_from']=='huishang'){ $login_password = $params['visitor_pwd']; }else{ $login_password = md5(DB_PASSWORD); } $account = array( 'pam_account' => array( 'login_name' => $params['visitor_nick'], 'login_password' => $login_password, 'account_type' => $type, 'createtime' => time(), ), 'name' => $params['visitor_nick'], 'super' => 1, 'status' => 1 ); if (app::get('desktop')->model('users')->save($account)) { return $account['pam_account']['account_id']; } else { return false; } } /** * login * @param mixed $params 参数 * @return mixed 返回值 */ public function login($params=null) { if (!$params) return false; // SaaS 功能已禁用，密钥已删除 // SAAS 登录功能不再可用 if (isset($params['saas_params']) || isset($params['saas_sign']) || isset($params['saas_ts'])) { $this->b2b_login_error('SAAS 登录功能已禁用'); return false; } // 以下代码已禁用（原 SAAS 登录逻辑） // 由于密钥已删除，SAAS 相关功能无法使用 /* $sign = strtoupper(md5(SASS_APP_KEY . $params['saas_params'] . $params['saas_ts'] . SAAS_SECRE_KEY)); // begin分销王登录 if($params['login_from']=='b2b') { $sign = strtoupper(md5(B2B_APP_KEY . $params['saas_params'] . $params['saas_ts'] . B2B_SECRE_KEY)); }elseif($params['login_from']=='huishang'){ //汇尚免登 $sign = strtoupper(md5(HUISHANG_APP_KEY . $params['saas_params'] . $params['saas_ts'] . HUISHANG_SECRE_KEY)); } // end $saasParams = base64_decode($params['saas_params']); $saasParams = @explode('&', $saasParams); foreach ((array) $saasParams as $param) { if (strpos($param, '=') === false) { $key = $param; $value = ''; } else { $pos = strpos($param, '='); $key = substr($param, 0, $pos); $value = substr($param, $pos + 1, strlen($param) - $pos); } $sParams[$key] = $value; } if ($sign != $params['saas_sign']) { //检验不通过 $this->b2b_login_error('签名错误'); return $this->signErrorReturn($sParams); } else { // begin 如果是分销王登录，必须输入帐号和密码 if($params['login_from']=='b2b') { if (trim($sParams['visitor_nick'])=='' || trim($sParams['visitor_pwd'])=='') { $this->b2b_login_error('帐号和密码不能为空'); return $this->signErrorReturn($sParams); } $sParams['login_from']='b2b'; } elseif($params['login_from']=='huishang') { //[huishang]免登必须输入用户名(密码不会验证有效性,当用户不存在时,会保存密码) if (trim($sParams['visitor_nick'])=='' || trim($sParams['visitor_pwd'])=='') { $this->b2b_login_error('免登帐号和密码不能为空'); //die('Error：免登帐号和密码不能为空!'); return $this->signErrorReturn($sParams); } $sParams['login_from'] = 'huishang'; } // end if (is_array($saasParams) && !empty($saasParams)) { if (abs(time() - $params['saas_ts']) > 86400) { //检查时间，已经过了有效期 $this->b2b_login_error('登录超时'); return $this->signErrorReturn($sParams); } else { if (trim($sParams['server_name']) != trim($_SERVER['SERVER_NAME'])) { $this->b2b_login_error('网址不匹配'); return $this->signErrorReturn($sParams); } else { return $this->realLogin($sParams, $params['type']); } } } else { if (trim($sParams['server_name']) != trim($_SERVER['SERVER_NAME'])) { return $this->signErrorReturn($sParams); } else { $sParams['visitor_nick'] = 'admin'; return $this->realLogin($sParams, $params['type']); } } } */ } }