修復價審業務mi Bug

1 year ago · fa3fb17bb7
5 changed files with 59 additions and 8 deletions
--- a/wms/contract/contract-new-apply.php
+++ b/wms/contract/contract-new-apply.php
@ -25,6 +25,7 @@ if(empty($contract_new_apply)){
    $stmt->bindParam(':id',$id);
    $stmt->execute();
    $contract = $stmt->fetch(PDO::FETCH_ASSOC);
+    print_r($contract);
    $accounttype = "M";
    $sql_str = "SELECT * FROM account WHERE accounttype = :accounttype";
    $stmt = $conn->prepare($sql_str);
@ -44,6 +45,7 @@ if(empty($contract_new_apply)){
    $stmt->bindParam(':mid', $mid);
    $stmt->execute();
    $pays = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    print_r($pays);
    $price_a = 0;
    $price_b = 0;
    foreach($pays as $pay){
--- a/wms/fun_global.php
+++ b/wms/fun_global.php
@ -146,7 +146,7 @@ function check_user_permission($user_id, $token) {
    global $link;

    // 不檢查清單
-    $ignore_url_arr = ['/wms/index.php', '/wms/notice-index.php', '/wms/notice-edit.php', '/wms/change-password.php', '/wms/wipwhole-change-contractdate.php', '/wms/wipwhole-change-planning-customer-name.php','/wms/test.php'];
+    $ignore_url_arr = ['/wms/index.php', '/wms/notice-index.php', '/wms/notice-edit.php', '/wms/change-password.php', '/wms/wipwhole-change-contractdate.php', '/wms/wipwhole-change-planning-customer-name.php','/wms/test.php', '/wms/mkt/pricereview_mi-api.php'];
    if (in_array($_SERVER["SCRIPT_NAME"], $ignore_url_arr)) return;

    $do = "";
@ -169,6 +169,8 @@ function check_user_permission($user_id, $token) {
    mysqli_free_result($res);

    if (!$do) {
+        echo "無權限操作，請洽管理員。";
+        exit;
        echo "<script>alert('無權限操作，請洽管理員。');if (history.length==1) location.href='/wms/index.php?token=".$token."'; else history.go(-1);</script>";
    } else return $do;
 }
@ -562,4 +564,11 @@ function sign_status($arr) {
        $ret["sign_nt"] = "";
    }
    return $ret;
+}
+
+function getAccounttype($link,$user_id){
+    $sql = "SELECT * FROM account where accountid = '$user_id'"; 
+    $data = mysqli_query($link, $sql); 
+    $row = mysqli_fetch_array($data, MYSQLI_ASSOC);
+    return $row['accounttype'];
 }
--- a/wms/header.php
+++ b/wms/header.php
@ -7,6 +7,18 @@
 // $maintenancePage = new MaintenancePage($maintenancePeriod);
 // $maintenancePage->displayPage();

+function CreateToken($user_id, $user_name) {
+  date_default_timezone_set("Asia/Taipei");
+  $start_time = date("Y-m-d H:i:s");
+  $end_time = date('Y-m-d H:i:s',strtotime('+24 hour')); #设定24小时
+  $info = $user_id . '.' . base64_encode(urlencode($user_name)) . '.' . $start_time . '.' . $end_time; //设置token过期时间为一天
+  $encryption_code = "MASADA!^***";
+  //根据以上信息信息生成签名（密钥为 SIGNATURE 自定义全局常量)
+  $signature = hash_hmac('md5', $info, $encryption_code);
+  //最后将这两部分拼接起来，得到最终的Token字符串
+  return $token = $info . '.' . $signature;
+}
+

 require_once dirname(__FILE__) . "/../mkt/database.php";
 include "fun_global.php";
@ -21,9 +33,9 @@ if (isset($_REQUEST["function_name"])) {
 * 連線T8 MSSQL
 */
 try {
-  $conn = new PDO("sqlsrv:Server=60.244.87.101;Database=T8MASADA", "masada", "@m222222");
+  $conn = new PDO("sqlsrv:Server=10.10.145.2;Database=T8MASADA", "masada", "@m222222");
  if ($conn) {
-      $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  }
 } catch (PDOException $e) {
  //echo "fail";
@ -42,10 +54,38 @@ try {
 * $user_auth   使用權限:1,2,3
 *****************************/
 $token = $_REQUEST["token"];
-$token_link = "token=" . $_REQUEST["token"];
-list($user_id, $enc_user_name, $login_dt) = explode(".", $token);
-$user_name = urldecode(base64_decode($enc_user_name));

+if (count(explode(".", $token)) > 1) {
+  $token_link = "token=" . $_REQUEST["token"];
+  list($user_id, $enc_user_name, $login_dt) = explode(".", $token);
+  $user_name = urldecode(base64_decode($enc_user_name));
+} else {
+  $user_id = !empty($_GET["employee_no"]) ? $_GET["employee_no"] : $user_id;
+  $login_dt = !empty($_GET["timestamp"]) ? substr($_GET["timestamp"], 0, 10) : $login_dt;
+  $login_dt = date('Y-m-d H:i:s', $login_dt);
+  $user_name = accountid2name()[$user_id];
+  $token = CreateToken($user_id,$user_name);
+  $token_link = "token=" . $token;
+}
+
+
+include 'IncludeCommon.php';
+$includecommon = new IncludeCommon();
+$accounttype = getAccounttype($link, $user_id);
+$login_json = null;
+if (strlen($accounttype) != 0) {
+  $jsonres['menu'] = $includecommon->menu_v3($user_id, $accounttype);
+  $login_json =  json_encode($jsonres, JSON_UNESCAPED_UNICODE);
+}
+?>
+<script>
+  res = eval("(" + JSON.stringify(<?php echo $login_json; ?>) + ")");
+  window.localStorage.setItem("menu_<?php echo $user_id; ?>", res.menu);
+</script>
+<?php
+
+// echo $token;
+// exit;
 // uesr可操作權限
 $user_auth = check_user_permission($user_id, $token);

@ -145,7 +185,7 @@ $user_auth = check_user_permission($user_id, $token);

    @media screen and (max-width: 992px) {
      #member_content_phone {
-        display:inline-grid !important;
+        display: inline-grid !important;
      }
    }
  </style>
--- a/wms/mkt/pricereview-record-check.php
+++ b/wms/mkt/pricereview-record-check.php
@ -132,6 +132,6 @@ if (isset($_POST['status'])) {
    }
    mysqli_close($link);
    echo "<script type ='text/JavaScript'>";
-    echo "location.href='pricereview-index.php?function_name=pricereview&".$token_link."';";
+    echo "location.href='pricereview-check.php?id=".$id."&function_name=pricereview&".$token_link."';";
    echo "</script>";
 }
--- a/wms/mkt/specsurvey-edit.zip
+++ b/wms/mkt/specsurvey-edit.zip