getStaffByCidOnBuilding($this->params['cid']); echo json_encode($stafflist); exit; } /** * 员工列表 */ public function StaffList() { Doo::loadModel('staff'); $staff = new staff(); $staffList = $staff->find(array('select' => 'sid,username,nature,cid,departmentID,category,qq,phone,telephone', 'where' => 'sid!=1 and nature!=4', 'asArray' => TRUE)); Doo::loadModel('department'); $department = new department(); foreach($staffList as $k => $v) { $staffList[$k]['departmentName'] = $v['departmentID'] != 0 ? $department->getDepartmentByDid($v['departmentID'])['departmentName'] : ''; } echo json_encode($staffList,true); exit; } /** * 计量支付后台登录 */ public function auth() { if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['app']) && isset($_POST['time']) && isset($_POST['token'])) { // 先判断token和time的加密是是否一致,防止被其它接口调用 $token = $this->getSignature($this->authToken.$_POST['time'], $this->authToken); if ($_POST['app'] == $this->authApp && $_POST['token'] == $token) { Doo::loadModel('staff'); $staff = new staff(); $staffInfo = $staff->getStaffByName($_POST['username']); if (!empty($staffInfo) && $staffInfo['passwork'] == md5($_POST['password'])) { echo json_encode(array('err' => 0, 'data' => array( 'username' => $staffInfo['username'], 'office' => $staffInfo['cid'], 'category' => $staffInfo['category'], 'email' => $staffInfo['email'], 'telephone' => $staffInfo['telephone'], 'qq' => $staffInfo['qq'], 'fixedphone' => $staffInfo['phone'], 'position' => $staffInfo['position'] ) )); exit; } } } echo json_encode(array('err' => '参数有误')); exit; } // HMAC-SHA1+base64 加密方法 function getSignature($str, $key) { $signature = ""; if (function_exists('hash_hmac')) { $signature = base64_encode(hash_hmac("sha1", $str, $key, true)); } else { $blocksize = 64; $hashfunc = 'sha1'; if (strlen($key) > $blocksize) { $key = pack('H*', $hashfunc($key)); } $key = str_pad($key, $blocksize, chr(0x00)); $ipad = str_repeat(chr(0x36), $blocksize); $opad = str_repeat(chr(0x5c), $blocksize); $hmac = pack( 'H*', $hashfunc( ($key ^ $opad) . pack( 'H*', $hashfunc( ($key ^ $ipad) . $str ) ) ) ); $signature = base64_encode($hmac); } return $signature; } } ?>