diff --git a/wms/cont/submit.php b/wms/cont/submit.php
index f82179ea..ed2766af 100644
--- a/wms/cont/submit.php
+++ b/wms/cont/submit.php
@@ -3,8 +3,9 @@
require_once './wf_common.php';
require_once './model/ConMaintanceExamineApplyModel.php';
require_once './model/ConMaintanceExamineClearModel.php';
-//print_r($_POST);exit;
$request = $_SERVER['REQUEST_METHOD'] == "GET" ? $_GET : $_POST;
+// print_r($request);
+// exit;
$tosign = ($request["btn_save"] == "tosign") ? 1 : 0; // 1:提交
if ($request["form_src"] == "apply_form" && $tosign && (!isset($request["register_code"]) || empty($request["register_code"][0]) || !isset($request["next_users"]) || empty($request["next_users"]))) {
diff --git a/wms/header.php b/wms/header.php
index ab13b19e..d45a9305 100644
--- a/wms/header.php
+++ b/wms/header.php
@@ -1,16 +1,11 @@
displayPage();
-header("Expires: Mon, 26 Jul 1990 05:00:00 GMT");
-header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
-header("Cache-Control: no-store, no-cache, must-revalidate");
-header("Cache-Control: post-check=0, pre-check=0", false);
-header("Pragma: no-cache");
function CreateToken($user_id, $user_name)
{
@@ -38,15 +33,15 @@ if (isset($_REQUEST["function_name"])) {
/**
* 連線T8 MSSQL
*/
-// try {
-// $conn = new PDO("sqlsrv:Server=10.10.145.2;Database=T8MASADA", "masada", "@m222222");
-// if ($conn) {
-// $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-// }
-// } catch (PDOException $e) {
-// //echo "fail";
-// //echo $e->getMessage();
-// }
+try {
+ $conn = new PDO("sqlsrv:Server=erp.masada.com.tw;Database=T8MASADA", "masada", "ztPmPP!HRoV6SL3E");
+ if ($conn) {
+ $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+ }
+} catch (PDOException $e) {
+ //echo "fail";
+ //echo $e->getMessage();
+}
@@ -59,22 +54,37 @@ if (isset($_REQUEST["function_name"])) {
* $login_dt 登入時間
* $user_auth 使用權限:1,2,3
*****************************/
-$token = $_REQUEST["token"];
+$token = isset($_REQUEST["token"]) ? $_REQUEST["token"] : "";
if (count(explode(".", $token)) > 1) {
$token_link = "token=" . $_REQUEST["token"];
list($user_id, $enc_user_name, $login_dt) = explode(".", $token);
$user_name = urldecode(base64_decode($enc_user_name));
} else {
- $user_id = !empty($_GET["employee_no"]) ? $_GET["employee_no"] : $user_id;
- $login_dt = !empty($_GET["timestamp"]) ? substr($_GET["timestamp"], 0, 10) : $login_dt;
- $login_dt = date('Y-m-d H:i:s', $login_dt);
- $user_name = accountid2name()[$user_id];
- $token = CreateToken($user_id, $user_name);
- $token_link = "token=" . $token;
+ $referrer = isset($_GET['referer']) ? $_GET['referer'] : "";
+ date_default_timezone_set('Asia/Taipei');
+ $currentTimestamp = time();
+ $hashReferer = "";
+ for ($i = -3; $i <= 3; $i++) {
+ $modifiedTimestamp = strtotime("$i seconds", $currentTimestamp);
+ $formattedTime = date("Y-m-d H:i:s", $modifiedTimestamp);
+ $hashReferer .= md5("https://bpm.masada.com.twMasada@2023" . $formattedTime);
+ }
+ if (strpos($hashReferer, $referrer)) {
+ $user_id = !empty($_GET["employee_no"]) ? $_GET["employee_no"] : $user_id;
+ $login_dt = !empty($_GET["timestamp"]) ? substr($_GET["timestamp"], 0, 10) : $login_dt;
+ $login_dt = date('Y-m-d H:i:s', $login_dt);
+ // 藍凌超連結過來 token 設置永久
+ $login_dt = (date("Y") + 100) . "-12-31 23:59:59";
+ $user_name = accountid2name()[$user_id];
+ $token = CreateToken($user_id, $user_name);
+ $token_link = "token=" . $token;
+ } else {
+ echo "非法訪問!";
+ echo "";
+ }
}
-
include 'IncludeCommon.php';
$includecommon = new IncludeCommon();
$accounttype = getAccounttype($link, $user_id);
diff --git a/wms/sign/list.php b/wms/sign/list.php
index 61180f00..9304204f 100644
--- a/wms/sign/list.php
+++ b/wms/sign/list.php
@@ -39,7 +39,7 @@ if ($result == false) {
}
$res_get = mysqli_fetch_all(mysqli_query($link, $sql_get), MYSQLI_ASSOC);
// echo '';
-// print_r($res_get);
+// print_r($sql_get);
// echo '
';
// exit;
@@ -165,7 +165,7 @@ $flow_name_opt = (array_unique($flow_name_opt, SORT_REGULAR));
|
|
|
- |
+ |