修復價審業務mi Bug

1 year ago · fa3fb17bb7
5 changed files with 59 additions and 8 deletions
--- a/wms/contract/contract-new-apply.php
+++ b/wms/contract/contract-new-apply.php
@ -25,6 +25,7 @@ if(empty($contract_new_apply)){
    $stmt->bindParam(':id',$id);
    $stmt->execute();
    $contract = $stmt->fetch(PDO::FETCH_ASSOC);
    print_r($contract);
    $accounttype = "M";
    $sql_str = "SELECT * FROM account WHERE accounttype = :accounttype";
    $stmt = $conn->prepare($sql_str);
@ -44,6 +45,7 @@ if(empty($contract_new_apply)){
    $stmt->bindParam(':mid', $mid);
    $stmt->execute();
    $pays = $stmt->fetchAll(PDO::FETCH_ASSOC);
    print_r($pays);
    $price_a = 0;
    $price_b = 0;
    foreach($pays as $pay){
--- a/wms/fun_global.php
+++ b/wms/fun_global.php
@ -146,7 +146,7 @@ function check_user_permission($user_id, $token) {
    global $link;
    // 不檢查清單
-    $ignore_url_arr = ['/wms/index.php', '/wms/notice-index.php', '/wms/notice-edit.php', '/wms/change-password.php', '/wms/wipwhole-change-contractdate.php', '/wms/wipwhole-change-planning-customer-name.php','/wms/test.php'];
+    $ignore_url_arr = ['/wms/index.php', '/wms/notice-index.php', '/wms/notice-edit.php', '/wms/change-password.php', '/wms/wipwhole-change-contractdate.php', '/wms/wipwhole-change-planning-customer-name.php','/wms/test.php', '/wms/mkt/pricereview_mi-api.php'];
    if (in_array($_SERVER["SCRIPT_NAME"], $ignore_url_arr)) return;
    $do = "";
@ -169,6 +169,8 @@ function check_user_permission($user_id, $token) {
    mysqli_free_result($res);
    if (!$do) {
        echo "無權限操作，請洽管理員。";
        exit;
        echo "<script>alert('無權限操作，請洽管理員。');if (history.length==1) location.href='/wms/index.php?token=".$token."'; else history.go(-1);</script>";
    } else return $do;
 }
@ -563,3 +565,10 @@ function sign_status($arr) {
    }
    return $ret;
 }
 function getAccounttype($link,$user_id){
    $sql = "SELECT * FROM account where accountid = '$user_id'"; 
    $data = mysqli_query($link, $sql); 
    $row = mysqli_fetch_array($data, MYSQLI_ASSOC);
    return $row['accounttype'];
 }
--- a/wms/header.php
+++ b/wms/header.php
@ -7,6 +7,18 @@
 // $maintenancePage = new MaintenancePage($maintenancePeriod);
 // $maintenancePage->displayPage();
 function CreateToken($user_id, $user_name) {
  date_default_timezone_set("Asia/Taipei");
  $start_time = date("Y-m-d H:i:s");
  $end_time = date('Y-m-d H:i:s',strtotime('+24 hour')); #设定24小时
  $info = $user_id . '.' . base64_encode(urlencode($user_name)) . '.' . $start_time . '.' . $end_time; //设置token过期时间为一天
  $encryption_code = "MASADA!^***";
  //根据以上信息信息生成签名（密钥为 SIGNATURE 自定义全局常量)
  $signature = hash_hmac('md5', $info, $encryption_code);
  //最后将这两部分拼接起来，得到最终的Token字符串
  return $token = $info . '.' . $signature;
 }
 require_once dirname(__FILE__) . "/../mkt/database.php";
 include "fun_global.php";
@ -21,7 +33,7 @@ if (isset($_REQUEST["function_name"])) {
 * 連線T8 MSSQL
 */
 try {
-  $conn = new PDO("sqlsrv:Server=60.244.87.101;Database=T8MASADA", "masada", "@m222222");
+  $conn = new PDO("sqlsrv:Server=10.10.145.2;Database=T8MASADA", "masada", "@m222222");
  if ($conn) {
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  }
@ -42,10 +54,38 @@ try {
 * $user_auth   使用權限:1,2,3
 *****************************/
 $token = $_REQUEST["token"];
 $token_link = "token=" . $_REQUEST["token"];
 list($user_id, $enc_user_name, $login_dt) = explode(".", $token);
 $user_name = urldecode(base64_decode($enc_user_name));
 if (count(explode(".", $token)) > 1) {
  $token_link = "token=" . $_REQUEST["token"];
  list($user_id, $enc_user_name, $login_dt) = explode(".", $token);
  $user_name = urldecode(base64_decode($enc_user_name));
 } else {
  $user_id = !empty($_GET["employee_no"]) ? $_GET["employee_no"] : $user_id;
  $login_dt = !empty($_GET["timestamp"]) ? substr($_GET["timestamp"], 0, 10) : $login_dt;
  $login_dt = date('Y-m-d H:i:s', $login_dt);
  $user_name = accountid2name()[$user_id];
  $token = CreateToken($user_id,$user_name);
  $token_link = "token=" . $token;
 }
 include 'IncludeCommon.php';
 $includecommon = new IncludeCommon();
 $accounttype = getAccounttype($link, $user_id);
 $login_json = null;
 if (strlen($accounttype) != 0) {
  $jsonres['menu'] = $includecommon->menu_v3($user_id, $accounttype);
  $login_json =  json_encode($jsonres, JSON_UNESCAPED_UNICODE);
 }
 ?>
 <script>
  res = eval("(" + JSON.stringify(<?php echo $login_json; ?>) + ")");
  window.localStorage.setItem("menu_<?php echo $user_id; ?>", res.menu);
 </script>
 <?php
 // echo $token;
 // exit;
 // uesr可操作權限
 $user_auth = check_user_permission($user_id, $token);
@ -145,7 +185,7 @@ $user_auth = check_user_permission($user_id, $token);
    @media screen and (max-width: 992px) {
      #member_content_phone {
-        display:inline-grid !important;
+        display: inline-grid !important;
      }
    }
  </style>
--- a/wms/mkt/pricereview-record-check.php
+++ b/wms/mkt/pricereview-record-check.php
@ -132,6 +132,6 @@ if (isset($_POST['status'])) {
    }
    mysqli_close($link);
    echo "<script type ='text/JavaScript'>";
-    echo "location.href='pricereview-index.php?function_name=pricereview&".$token_link."';";
+    echo "location.href='pricereview-check.php?id=".$id."&function_name=pricereview&".$token_link."';";
    echo "</script>";
 }
--- a/wms/mkt/specsurvey-edit.zip
+++ b/wms/mkt/specsurvey-edit.zip