Edit D:\xinhaisoft\crisis_new\api\controllers\member.js
// ??? const util = require('../utils') const db = require('../data') const Token = require('../token') const EnDeNum = require('../utils/encrypt-decrypt-number') const dayjs = require('dayjs') const cache = new (require('node-cache'))() let [sql, rs] = ['', null] /** * ????????ookie???????????D?????????????? * API??????????? */ const MemberCookie = (id, password) => { // ???MD5?????? const r = password.split('').filter(item => !isNaN(item)) // 5?????? + md5?????????7???+ 5?????? + 10??????*2 + 5?????? = 32?? const s = util.RndNum(5) + r.slice(0, 7).join('') + util.RndNum(5) + dayjs().unix() * 2 + util.RndNum(5) return id + '.' + password + '.' + s } exports.MemberCookie = MemberCookie /** * ??? * post: /login */ exports.Login = async ctx => { const body = ctx.request.body let u = db.escape(body.u) // ????? let s = body.s // ???ID let times = cache.get(s + '-' + u + '-times') || 0 if (cache.get(s + '-' + u)) { throw { code: 11, message: '??????????????????' } } else if (times > 10) { cache.set(s + '-' + u + '-times', times++, 60 * 30) throw { code: 12, message: '??????????????30????????' } } else { cache.set(s + '-' + u, 1, 30) let p = body.p // ???MD5 let r = typeof body.r === 'string' ? body.r.toUpperCase() : 'STUDENT' // ????????????admin let c = body.c // ???????? let v = body.v let openid = db.escape(body.openid) // ??? if (util.isInteger(s)) { if (openid) { // ????????? openid ??? sql = `select top 1 id,state,password from v_member with (nolock) where member_type_top=${s} and weixin_openid='${openid}'` if (r === 'ADMIN') { sql += ' and (isschooladmin=1 or isconsultant=1)' } else { sql += ' and isstudent=1' } } else if (/^\d{6}$/.test(c)) { // ????????????????? if (!util.isMobile(u)) { throw { code: 4, message: '??????(' + u + ')????????' } } else if (/\d{6,}/.test(v)) { if (EnDeNum.decrypt(v) !== c) { throw { code: 6, message: '?????(' + c + ')?????' } } else { sql = `select top 1 id,state,password from v_member with (nolock) where member_type_top=${s} and mobile='${u}'` if (r === 'ADMIN') { sql += ' and (isschooladmin=1 or isconsultant=1)' } else { sql += ' and isstudent=1' } } } else { sql = `select top 1 id,state,password from v_member with (nolock) where member_type_top=${s} and mobile='${u}'` if (r === 'ADMIN') { sql += ' and (isschooladmin=1 or isconsultant=1)' } else { sql += ' and isstudent=1' } } } // ????????????????????????Email??D???????????? else if (!util.isMD5(p)) { throw { code: 7, message: '???MD5????????' } } else { sql = `select top 1 id,state,password from v_member with (nolock) where member_type_top=${s}` if (util.isEmail(u)) { sql += ` and email='${u}'` } else if (/^\d+$/.test(u)) { if (u.length <= 8) { sql += ` and (id=${u} or number='${u}')` } else { sql += ` and number='${u}'` } } else if (r === 'ADMIN') { sql += ` and (username='${u}' or number='${u}') and (isschooladmin=1 or isconsultant=1)` } else { sql += ` and number='${u}' and isstudent=1` } } } else if (openid) { // ?????????? openid ??? sql = `select top 1 id,state,password from member with (nolock) where weixin_openid='${openid}'` } else if (/^\d{4,6}$/.test(c)) { // ?????????????????????????4??????????????????????? // ??????????????????????????????????????????????ookie?? if (!util.isMobile(u)) { throw { code: 4, message: '??????(' + u + ')????????' } } else { sql = `select top 1 id,state,password from member with (nolock) where mobile='${u}'` } } else if (!util.isMD5(p)) { // ????????????? throw { code: 7, message: '???MD5????????' } } else { sql = 'select top 1 id,state,password from member with (nolock) where' if (util.isMobile(u)) { sql += ` mobile='${u}'` } else if (util.isEmail(u)) { sql += ` email='${u}'` } else if (util.isInteger(u)) { sql += ` id=${u}` } else { sql += ` username='${u}'` } } // ??????? if (sql) { rs = await db.select(sql) if (rs === null) { cache.set(s + '-' + u + '-times', times++) throw { code: 1, message: '??????????????' } } else if (util.isMD5(p) && p !== rs.password) { cache.set(s + '-' + u + '-times', times++) throw { code: 10, message: '??????????????' } } else if (rs.state !== 5) { cache.set(s + '-' + u + '-times', times++) throw { code: 2, message: '??????????????' } } else if ('e10adc3949ba59abbe56e057f20f883e,c33367701511b4f6020ec61ded352059'.includes(rs.password)) { const id = rs.id const data = EnDeNum.encrypt(id) cache.set(s + '-' + u + '-times', times++) ctx.body = { code: 9, message: '??????????????', data } } else { const fields = 'id,number,realname,sex,birthday,age,password,mobile,email,qq,type,balance,face,bind_consultant_id,zx_times,[right],isSchoolAdmin,isconsultant,weixin_openid,member_type_path,member_type_top,address,[group]' const id = rs.id const password = rs.password db.execute(`update member set lasttime=getdate(),lastip='${util.GuestIP(ctx)}',logtimes=logtimes+1 where id=${id}`) sql = 'select top 1 ' + fields + ' from v_member with (nolock) where id=' + id rs = await db.select(sql) if (rs) { const data = Object.assign(rs, { token: Token.Sign({ id }), cookie: MemberCookie(id, password), key: EnDeNum.encrypt(id) }) cache.del(s + '-' + u + '-times') ctx.body = { code: 0, data } } else { cache.set(s + '-' + u + '-times', times++) throw { code: 1, message: '??????????????' } } } } else { throw { code: 8, message: '??????' } } } } /** * ????????d=0????????????id=??????????????? * get??/member/:id */ exports.GetInfo = async ctx => { const id = ctx.params.id === '0' ? Token.Decode(ctx).id : EnDeNum.decrypt(ctx.params.id) if (id) { const fields = 'id,number,realname,sex,birthday,age,password,mobile,email,qq,type,balance,face,bind_consultant_id,zx_times,[right],isschooladmin,isconsultant,weixin_openid,member_type_path,member_type_top,address' sql = 'select top 1 ' + fields + ' from v_member with (nolock) where id=' + id rs = await db.select(sql) if (rs) { const data = { token: Token.Sign({ id: rs.id }), cookie: MemberCookie(rs.id, rs.password), key: EnDeNum.encrypt(rs.id) } Object.assign(data, rs) ctx.body = { code: 0, data } } else { throw { code: 1, message: '????????' } } } else { throw { code: -2 } } } /** * ????????d??0??????ID?? * put: /member/:id/birthday */ exports.Birthday = async ctx => { let u = ctx.params.id let b = ctx.request.body.b let id = null if (!util.isDate(b)) { throw { code: 2, message: '???????????' } } // ?????ember??0?????????????????D?????ue??? else if (u === '0') { id = Token.Decode(ctx).id } // ????????????ID else if (/^\d+$/.test(u)) { id = EnDeNum.decrypt(u) } // ??????? if (id) { sql = `update member set birthday='${b}' where id=${id}` db.execute(sql) ctx.body = { code: 0 } } else { ctx.body = { code: 1, message: '???(' + u + ')?????' } } } /** * ???????????????id??0?? * get: /member/:id/totestlist */ exports.ScaleListByDistr = async ctx => { let uid = Token.Decode(ctx).id let retestday = 0 let lb = [] let rs = null let hide_lb_outofage = false if (!util.isInteger(uid)) { throw { code: -2 } } else { // ?????? let member = await db.select(`select top 1 type,grade,customgroup,member_type_path as path,member_type_top as school,age from v_member with (nolock) where id=${uid}`) if (member === null) { throw { code: 1, message: `ID ${uid} ????? } } else { if (!member.grade) { member.grade = 0 } if (!member.customgroup) { member.customgroup = 0 } // ?????????????????????????????????????????? if (member.school !== 0) { rs = await db.select(`select top 1 retestday,hide_lb_outofage from school where id=${member.school}`) retestday = rs.retestday || 0 hide_lb_outofage = rs.hide_lb_outofage } // ?????? sql = `select lb from test_batch where todate+1>=getdate() and ((type in (${member.path.substring(2)}) and (grade=0 or grade=${member.grade} or grade is null) and (customgroup=0 or customgroup=${member.customgroup} or customgroup is null)) or member=${uid})` rs = await db.select(sql) rs && rs.forEach(value => lb = lb.concat(value.lb.split(','))) // ?????? sql = `select lb from test with (nolock) where member=${uid} and valid=1` if (retestday > 0) { sql += ` and datetime>'${dayjs().subtract(retestday, 'day').format('YYYY-MM-DD HH:mm')}'` } rs = await db.select(sql) rs && rs.forEach(value => lb = lb.filter(element => element !== String(value.lb))) // ????????? if (lb.length === 0) { ctx.body = { code: 0, data: [] } } else { lb = lb.join() sql = `select id,picture,name_ch,name_fr,intro2 from lb where id in (${lb})` hide_lb_outofage && (sql += ' and age_min<=' + member.age + ' and age_max>=' + member.age) sql += ' order by sort' rs = await db.select(sql) ctx.body = { code: 0, data: rs || [] } } } } } /** * ???????????d??0???????? * post: /member/:id */ exports.ModifyInfo = async ctx => { const id = ctx.params.id === '0' ? Token.Decode(ctx).id : EnDeNum.decrypt(ctx.params.id) if (id) { const body = ctx.request.body sql = 'update member set lasttime=getdate()' body.number && (sql += `,number='${body.number}'`) body.realname && (sql += `,realname=N'${body.realname}'`) body.sex && '01'.includes(body.sex) && (sql += `,sex=${body.sex}`) util.isDate(body.birthday) && (sql += `,birthday='${body.birthday}'`) util.isInteger(body.type) && (sql += `,type=${body.type}`) util.isInteger(body.grade) && (sql += `,grade=${body.grade}`) util.isMobile(body.mobile) && (sql += `,mobile='${body.mobile}'`) util.isEmail(body.email) && (sql += `,email='${body.email}'`) // address???50????? body.address && (sql += `,address='${body.address}'`) util.isMD5(body.password) && (sql += `,[password]='${body.password}'`) body.intro && (sql += `,intro='${body.intro}'`) body.idcard_picture && (sql += `,idcard_picture='${body.idcard_picture}'`) sql += ` where id=${id}` db.execute(sql) ctx.body = { code: 0 } } else { throw { code: -2 } } } /** * ?????????ID??PI???????????????????? */ const NewID = async () => { rs = await db.scalar('select top 1 id from member order by id desc') return rs + 1 } exports.NewID = NewID /** * ???????????????????????ata=1??????data=0?? * get: /member/mobile/exist */ exports.MobileExist = async ctx => { const mobile = ctx.query.m if (!util.isMobile(mobile)) { ctx.body = { code: 1, message: '??????' + mobile + '????????' } } else { rs = await db.select(`select top 1 id from member with (nolock) where mobile='${mobile}'`) ctx.body = { code: 0, data: rs ? 1 : 0 } } } /** * ?????????????????? * post: /regist */ exports.Regist = async ctx => { const body = ctx.request.body const username = body.u const code = body.c // ??1????????????????? const full = body.f // ??????????????????????????????consultant?? const role = body.r // ?????????????????6?? let password = body.p let type = body.t let uid = 0 if (!util.isInteger(type)) { type = 4 } sql = '' // ?????? if (util.isMobile(username)) { // ??????4????????????????????? if (/^\d{4}$/.test(code)) { rs = await db.select(`select top 1 id from member with (nolock) where mobile='${username}'`) if (rs) { throw { code: 1, message: '??????(' + username + ')?????' } } else { !util.isMD5(password) && (password = util.MD5(username.slice(-6))) uid = await NewID() sql = 'insert into member(id,[password],type,[group],realname,sex,birthday,mobile,[state],balance) values(' + uid + `,'${password}'` + ',' + type + ',1' + `,'${String(username).substring(7)}'` + ',1' + ',getdate()' + `,'${username}'` + ',5' + ',0' + ');' } } else if (!/^\d{6}$/.test(code)) { throw { code: 7, message: '??????????????' } } else { rs = await db.select(`select top 1 id from member with (nolock) where mobile='${username}'`) if (rs) { throw { code: 1, message: '??????(' + username + ')?????' } } else { !util.isMD5(password) && (password = util.MD5(username.slice(-6))) uid = await NewID() uid += Number(util.RndNum(1)) sql = 'insert into member(id,[password],type,[group],realname,sex,birthday,mobile,[state],balance) values(' + uid + `,'${password}'` + ',' + type + ',1' + `,'${String(username).substring(7)}'` + ',1' + ',dateadd(year,-18,getdate())' + `,'${username}'` + ',5' + ',0' + ');' } } } // ?????? else if (util.isEmail(username)) { rs = await db.select(`select top 1 id from member with (nolock) where email='${username}'`) if (rs) { throw { code: 2, message: 'Email(' + username + ')?????' } } else { uid = await NewID() sql = 'insert into member(id,[password],type,[group],realname,sex,birthday,email,[state],balance) values(' + uid + `,'${password}'` + ',' + type + ',1' + `,'${uid}'` + ',1' + ',getdate()' + `,'${username}'` + ',5' + ',0' + ');' } } else if (util.isInteger(username)) { throw { code: 3, message: '?????(' + username + ')?????????' } } else if (!/^\w+$/.test(username)) { throw { code: 4, message: '???????????????????????????????' } } // ???????? else { rs = await db.select(`select top 1 id from member with (nolock) where username='${username}'`) if (rs) { throw { code: 5, message: '?????(' + username + ')?????' } } else { uid = await NewID() sql = 'insert into member(id,[password],type,[group],realname,sex,birthday,username,[state],balance) values(' + uid + `,'${password}'` + ',' + type + ',1' + `,N'${username}'` + ',1' + ',getdate()' + `,'${username}'` + ',5' + ',0' + ');' } } // ?????? if (sql === '') { throw { code: -1 } } else { if (type === '52535') { sql += `insert into therapy_member(id,datetime) values(${uid},getdate());` } else if (role === 'consultant') { uid = await NewID() sql += 'insert into consultant(id,specialty,orientation,experience,training,status,datetime) values(' + uid + `,'${body.specialty}'` + `,'${body.orientation}'` + `,'${body.experience}'` + `,'${body.training}'` + ',0' + ',getdate()' + ');' } let data = { id: uid, token: Token.Sign({ id: uid }), cookie: MemberCookie(uid, password), key: EnDeNum.encrypt(uid) } if (full) { await db.execute(sql) rs = await db.select('select top 1 * from v_member with (nolock) where id=' + uid) data = Object.assign({}, rs, data) } else { db.execute(sql) } ctx.body = { code: 0, data } } }
Ms-Dos/Windows
Unix
Write backup
jsp File Browser version 1.2 by
www.vonloesch.de