<?php

/**
 * 建筑接口控制器
 *
 * @author EllisRan
 */

class BuildingApiController extends DooController {

	public $staff;

	public $authApp = 'scConstruct';

	public $authToken = 'sc@ConS!tru@ct*88';

	function __construct() {

	}

	public function categoryStaff() {
		Doo::loadModel('staff');
		$staff = new staff();
		$stafflist = $staff->getStaffByCidOnBuilding($this->params['cid']);
		echo json_encode($stafflist);
		exit;
	}

	/**
	 * 员工列表
	 */
	public function StaffList() {
		Doo::loadModel('staff');
		$staff = new staff();
		$staffList = $staff->find(array('select' => 'sid,username,nature,cid,departmentID,category,qq,phone,telephone', 'where' => 'sid!=1 and nature!=4', 'asArray' => TRUE));
		Doo::loadModel('department');

		$department = new department();

		foreach($staffList as $k => $v) {
			$staffList[$k]['departmentName'] = $v['departmentID'] != 0 ? $department->getDepartmentByDid($v['departmentID'])['departmentName'] : '';
		}
		echo json_encode($staffList,true);
		exit;
	}

	/**
	 * 计量支付后台登录
	 */
	public function auth() {
		if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['app']) && isset($_POST['time']) && isset($_POST['token'])) {
			// 先判断token和time的加密是是否一致,防止被其它接口调用
			$token = $this->getSignature($this->authToken.$_POST['time'], $this->authToken);
			if ($_POST['app'] == $this->authApp && $_POST['token'] == $token) {
				Doo::loadModel('staff');
				$staff = new staff();

				$staffInfo = $staff->getStaffByName($_POST['username']);
				if (!empty($staffInfo) && $staffInfo['passwork'] == md5($_POST['password'])) {
					echo json_encode(array('err' => 0, 'data' => array(
						'username' => $staffInfo['username'],
						'office' => $staffInfo['cid'],
						'category' => $staffInfo['category'],
						'email' => $staffInfo['email'],
						'telephone' => $staffInfo['telephone'],
						'qq' => $staffInfo['qq'],
						'fixedphone' => $staffInfo['phone'],
						'position' => $staffInfo['position']
					)
					));
					exit;
				}
			}
		}
		echo json_encode(array('err' => '参数有误'));
		exit;
	}

	// HMAC-SHA1+base64 加密方法
	function getSignature($str, $key) {
		$signature = "";
		if (function_exists('hash_hmac')) {
			$signature = base64_encode(hash_hmac("sha1", $str, $key, true));
		} else {
			$blocksize = 64;
			$hashfunc = 'sha1';
			if (strlen($key) > $blocksize) {
				$key = pack('H*', $hashfunc($key));
			}
			$key = str_pad($key, $blocksize, chr(0x00));
			$ipad = str_repeat(chr(0x36), $blocksize);
			$opad = str_repeat(chr(0x5c), $blocksize);
			$hmac = pack(
				'H*', $hashfunc(
					($key ^ $opad) . pack(
						'H*', $hashfunc(
							($key ^ $ipad) . $str
						)
					)
				)
			);
			$signature = base64_encode($hmac);
		}
		return $signature;
	}
}

?>