<?php

session_start(); // starts new or resumes existing session
session_regenerate_id(true); // regenerates SESSIONID to prevent hijacking
/**
 * 核心控制
 * @author cp
 */
Doo::loadClass('PasswordHash');

class BaseController extends DooController {

	public $data;
	public $userinfo;
	public $__ph;

	function __construct() {
		$this->__ph = new PasswordHash(8, FALSE);
		$this->data['rootUrl'] = Doo::conf()->APP_URL;
	}

	public function login() {
		$this->data['message'] = '';
		$this->data['_token_'] = $this->generateFormHash($this->create_randomstr());
		$this->render('login-fc', $this->data);
	}

	/**
	 * 进入后台
	 */
	function do_login() {

		if(!isset($_POST['name']) || empty($_POST['name'])){
			$this->data['message'] = '帐号不能为空';
			$this->data['_token_'] = $this->generateFormHash($this->create_randomstr());
			$this->render('login-fc',$this->data);die;
		}

		if(!isset($_POST['password']) || empty($_POST['password'])){
			$this->data['message'] = '密码不能为空';
			$this->data['_token_'] = $this->generateFormHash($this->create_randomstr());
			$this->render('login-fc',$this->data);die;
		}
		if (!$this->isValidFormHash($_POST['tokenform'])) {
			$this->data['message'] = '';
			$this->data['_token_'] = $this->generateFormHash($this->create_randomstr());
			$this->render('login-fc',$this->data);die;
		}

		$data ['name'] = $_POST['name'];

		$data ['password'] = $_POST['password'];

		$user = $this->checkLogin($data);

		if (!empty ( $user )) {

			$userinfo = $this->authcode ( $user ['username'], "tr" );

			setcookie ( "jlzf_main", $userinfo, time () + 3600 * 12, "/", COOKIE_WEB_SITE );

			return '/reportlist';
//			header ( 'Content-Type:text/html;charset=utf-8' );
//			@header ( "Location: " . COOKIE_WEB_SITE . "/m/userlist" );
		}else{
			$this->data['message'] = '账号或密码错误！';
			$this->render('login-fc',$this->data);die;
//			header ( 'Content-Type:text/html;charset=utf-8' );
//			@header ( "Location: " . COOKIE_WEB_SITE . "/m/login" );
		}
	}

	function checkLogin($data) {
		Doo::loadModel('fcuser');
		$users = new Fcuser();
        $userArray = $users->getRowByuser($data['name']);
        if (isset($userArray) && $userArray && $this->__ph->CheckPassword($data['password'], $userArray['password'])) {
            return $userArray;
        } else {
            return FALSE;
        }
    }

//    public function updatePassword(){
//        Doo::loadModel('fcuser');
//        $users = new Fcuser();
//        $userlist = $users->find(array('asArray' => TRUE));
//        foreach($userlist as $k => $v){
//            $users1 = new Fcuser();
//            $users1->id = $v['id'];
//            $users1->password = $this->__ph->HashPassword($v['password']);
//            $users1->update();
//        }
//        echo 'ok';
//        exit;
//    }
	
	/**
	 * FC系统登录
	 */
	function admin_init(){
	//是否已经登录纵横

		if (isset ( $_COOKIE ['jlzf_main'] )) {

			$userinfo=$this->authcode ($_COOKIE ['jlzf_main']);

			Doo::loadModel('fcuser');
        	$users = new fcuser();

			$this->userinfo=$users->getRowByuser($userinfo);

		}else{
			setcookie ( "jlzf_main", "", time () + 3600 * 12, "/", COOKIE_WEB_SITE );
			//无权限进入后台
			header ( 'Content-Type:text/html;charset=utf-8' );
			@header ( "Location: /login");
		}

		if (!empty ( $this->userinfo )) {
			//跳转前台登录
			$userinfo = $this->authcode ( $this->userinfo['username'], "tr" );
			//header ( 'Content-Type:text/html;charset=utf-8' );
			//@header ( "Location: /"  );
			setcookie ( "jlzf_main", $userinfo, time () + 3600 * 12, "/", COOKIE_WEB_SITE );
			return $this->userinfo;

		} else {
			setcookie ( "jlzf_main", "", time () + 3600 * 12, "/", COOKIE_WEB_SITE );
			//无权限进入后台
			header ( 'Content-Type:text/html;charset=utf-8' );
			@header ( "Location: /login");
		}
	}

	function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
		$ckey_length = 4;
		if (! $key) {
			$key = "ZHKT";
		}
		$key = md5 ( $key );
		$keya = md5 ( substr ( $key, 0, 16 ) );
		$keyb = md5 ( substr ( $key, 16, 16 ) );
		$keyc = $ckey_length ? ($operation == 'DECODE' ? substr ( $string, 0, $ckey_length ) : substr ( md5 ( microtime () ), - $ckey_length )) : '';

		$cryptkey = $keya . md5 ( $keya . $keyc );
		$key_length = strlen ( $cryptkey );

		$string = $operation == 'DECODE' ? base64_decode ( substr ( $string, $ckey_length ) ) : sprintf ( '%010d', $expiry ? $expiry + time () : 0 ) . substr ( md5 ( $string . $keyb ), 0, 16 ) . $string;
		$string_length = strlen ( $string );

		$result = '';
		$box = range ( 0, 255 );

		$rndkey = array ();
		for($i = 0; $i <= 255; $i ++) {
			$rndkey [$i] = ord ( $cryptkey [$i % $key_length] );
		}

		for($j = $i = 0; $i < 256; $i ++) {
			$j = ($j + $box [$i] + $rndkey [$i]) % 256;
			$tmp = $box [$i];
			$box [$i] = $box [$j];
			$box [$j] = $tmp;
		}

		for($a = $j = $i = 0; $i < $string_length; $i ++) {
			$a = ($a + 1) % 256;
			$j = ($j + $box [$a]) % 256;
			$tmp = $box [$a];
			$box [$a] = $box [$j];
			$box [$j] = $tmp;
			$result .= chr ( ord ( $string [$i] ) ^ ($box [($box [$a] + $box [$j]) % 256]) );
		}

		if ($operation == 'DECODE') {
			if ((substr ( $result, 0, 10 ) == 0 || substr ( $result, 0, 10 ) - time () > 0) && substr ( $result, 10, 16 ) == substr ( md5 ( substr ( $result, 26 ) . $keyb ), 0, 16 )) {
				return substr ( $result, 26 );
			} else {
				return '';
			}
		} else {
			return $keyc . str_replace ( '=', '', base64_encode ( $result ) );
		}
	}

	function generateFormHash($salt)
    {
        $hash = sha1(mt_rand(1, 1000000) . $salt);
        $_SESSION['csrf_hash'] = $hash;
        return $hash;
    }

    function isValidFormHash($hash)
    {
        return $_SESSION['csrf_hash'] === $hash;
    }

    /**
     * 生成随机字符串
     * @param string $lenth 长度
     * @return string 字符串
     */
    function create_randomstr($lenth = 6)
    {
        return $this->random($lenth, '123456789abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ');
    }
}
?>