code

libs/config.ini.php

@@ -21,6 +21,16 @@ if ($_SESSION['USAI_USER']['is_demo'] == "t") {
     }
     $_DB['port'] = '5433';
     $_DB['type'] = 'postgres';
+    // $_DB['host'] = '172.31.2.157';
+    // $_DB['username'] = 'ksroot';
+    // $_DB['password'] = 'czZ7!HGSGMRPwWbypC9w';
+    // if (!empty($_GET['_schemas'])) {
+    //     $_DB['dbname'] = 'online';
+    // } else {
+    //     $_DB['dbname'] = 'online';
+    // }
+    // $_DB['port'] = '5432';
+    // $_DB['type'] = 'postgres';
 }
 $db_url = "host=" . $_DB['host'] . " port=" . $_DB['port'] . " dbname=" . $_DB['dbname'] . " user=" . $_DB['username'] . " password=" . $_DB['password'];
 $db = NewADOConnection($_DB['type']);

libs/map_config.ini.php

@@ -26,16 +26,26 @@ if ($_SESSION['ONLINE_USER']['is_demo'] == "t") {
     // $_CBP_DB['port'] = '5434';
     // $_CBP_DB['type'] = 'postgres';
 
-    // $_CBP_DB['host'] = '192.168.0.177';
-    // $_CBP_DB['username'] = 'root';
-    // $_CBP_DB['password'] = '123456';
+    $_CBP_DB['host'] = '192.168.0.177';
+    $_CBP_DB['username'] = 'root';
+    $_CBP_DB['password'] = '123456';
+    if (!empty($_GET['_schemas'])) {
+        $_CBP_DB['dbname'] = 'redant_online_new2';
+    } else {
+        $_CBP_DB['dbname'] = 'redant_online_new2';
+    }
+    $_CBP_DB['port'] = '5433';
+    $_CBP_DB['type'] = 'postgres';
+    // $_DB['host'] = '172.31.2.157';
+    // $_DB['username'] = 'ksroot';
+    // $_DB['password'] = 'czZ7!HGSGMRPwWbypC9w';
     // if (!empty($_GET['_schemas'])) {
-    //     $_CBP_DB['dbname'] = 'redant_online_new2';
+    //     $_DB['dbname'] = 'online';
     // } else {
-    //     $_CBP_DB['dbname'] = 'redant_online_new2';
+    //     $_DB['dbname'] = 'online';
     // }
-    // $_CBP_DB['port'] = '5433';
-    // $_CBP_DB['type'] = 'postgres';
+    // $_DB['port'] = '5432';
+    // $_DB['type'] = 'postgres';
 }
 
 $mapdb_url = "host=" . $_CBP_DB['host'] . " port=" . $_CBP_DB['port'] . " dbname=" . $_CBP_DB['dbname'] . " user=" . $_CBP_DB['username'] . " password=" . $_CBP_DB['password'];

service/destination_delivery.class.php

@@ -1147,10 +1147,6 @@ class destination_delivery {
             $sqlWhere .= " and eta >= now() - INTERVAL '6 months' and eta <= now() + INTERVAL '6 months'";
 
             $sqlDeliveryWhere = " 1=1"; 
-            if(_isApexLogin()){
-                //$sqlDeliveryWhere .=  " and '".strtolower("CATHY.LEE@APEXSHIPPING.COM")."' =  ANY(regexp_split_to_array(LOWER(kd.kln_pic), ','))";
-                $sqlDeliveryWhere .= " and '".strtolower(_getLoginEmployeeEamil())."' =  ANY(regexp_split_to_array(LOWER(kd.kln_pic), ','))";
-            }      
             //$sqlWhere_befrom_filterTag = $sqlWhere;
             $sql = "select delivery_date::date as delivery_date,
                         sum(case when status ='Pending Approval' then 1 else 0 end) as pending_approval_rc,

service/login.class.php

@@ -43,7 +43,7 @@ class login {
             if(!(isset($_POST['token']))){
                 $is_verify = common::check_input($_POST['verifcation_code']);
                 //首先校用户登录
-                $AES_encrypted = $this->AES_encrypted($is_verify);
+                $AES_encrypted = utils::AES_encrypted($is_verify);
                 $secret_key = common::excuteOneSql("select secret_key from customer_service_secret_key 
                         where secret_key = '$is_verify' 
                         and create_time >= current_date - INTERVAL '3 months' limit 1");
@@ -144,7 +144,7 @@ class login {
                     //如是是token登录，则不用验证密码
                     if(isset($_POST['token']) && !empty($_POST['token'])){
                         $is_verify = $_POST['token'];
-                        $AES_encrypted = $this->AES_encrypted($is_verify);
+                        $AES_encrypted = utils::AES_encrypted($is_verify);
                         $secret_key = common::excuteOneSql("select secret_key from customer_service_secret_key 
                             where secret_key = '$is_verify' 
                             and create_time >= current_date - INTERVAL '3 months' limit 1");
@@ -616,7 +616,7 @@ class login {
         $email = common::check_input($_POST['email']);
         $is_verify = common::check_input($_POST['verifcation_code']);
         //首先校用户验证
-        $AES_encrypted = $this->AES_encrypted($is_verify);
+        $AES_encrypted = utils::AES_encrypted($is_verify);
         $secret_key = common::excuteOneSql("select secret_key from customer_service_secret_key 
                     where secret_key = '$is_verify' 
                     and create_time >= current_date - INTERVAL '3 months' limit 1");
@@ -634,12 +634,15 @@ class login {
 
         $msg = "";
         if (!empty($email) || !empty($login)) {
-            $sql_p = "select User_Login, ra_password as password from public.ra_online_user where md5(lower(user_login)) = ? and md5(lower(email)) = ?";
+            $sql_p = "select User_Login, ra_password as password,user_type,
+                    to_char(now(), 'Mon-DD-YYYY') as current_date,to_char(now(), 'Mon-DD-YYYY HH:mm:ss') as current_time
+                from public.ra_online_user where md5(lower(user_login)) = ? and md5(lower(email)) = ?";
             //$rs = common::excuteObjectSql($sql_p);
             $rs = common::excuteObjectPrepareSql($sql_p,[md5(strtolower($login)),md5(strtolower($email))]);
 
             if (!empty($rs)) {
                 $r = utils::sendEmailByPassword($login, $rs['password'], $email);
+                //$r = utils::sendEmailByResetPassword($rs, $email);
                 if ($r == 'success') {
                     $msg = "success";
                 } else {
@@ -1266,7 +1269,7 @@ class login {
             $db->Execute("INSERT INTO public.tracking_login_record(ip, visit_count,visit_time,type)VALUES ('$ip', '1', now(),'".common::check_input($_POST['type'])."');") or ( (!$db->ErrorMsg()) or error_log($db->ErrorMsg(), 0));
         }else{
             if ($ipInfo['visit_count'] > $Tracking_Search_Count){
-                $AES_encrypted = $this->AES_encrypted($is_verify);
+                $AES_encrypted = utils::AES_encrypted($is_verify);
                 $secret_key = common::excuteOneSql("select secret_key from customer_service_secret_key 
                     where secret_key = '$is_verify' 
                     and create_time >= current_date - INTERVAL '3 months' limit 1");
@@ -1539,16 +1542,75 @@ class login {
             FROM $_schemas.contacts c WHERE o.final_desination::text = c.contact_id::text) fd ON true";
         return $sql;
     }
-    
-    private function AES_encrypted($encrypted_string,$isbase64_encode = true){
-        $key = 'fT5!R1k$7Mv@4Q9X'; // 16 bytes key
-        $iv = '1234567890123456'; // 16 bytes IV
-        if($isbase64_encode){
-            $decrypted = openssl_decrypt(base64_decode($encrypted_string), 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
-        }else{
-            $decrypted = openssl_decrypt($encrypted_string, 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
+
+    /**
+     * 邮件链接 重置密码或者激活密码
+    */
+    private function resetAndActivateInit(){
+        $verifcation_code = $_REQUEST['verifcation_code'];
+        $AES_encrypted = utils::AES_encrypted($verifcation_code);
+
+        $secret_key = common::excuteOneSql("select secret_key from customer_service_secret_key 
+                        where secret_key = '$verifcation_code' 
+                        and create_time >= current_date - INTERVAL '7 days' limit 1");
+
+        if(!empty($AES_encrypted) && !empty($secret_key)){
+            //验证成功且数据库里有该code，进行密码的重置和修改逻辑
+            $data = array(
+                'msg' => "success",
+                'data' => ''
+            );
+            common::echo_json_encode(200, $data);
+            exit();
+        } else {
+            $data = array(
+                'msg' => 'verifcation_Invalid',
+                'data' => ''
+            );
+            common::echo_json_encode(500, $data);
+            exit();
+        }
+    }
+
+    private function resetAndActivateUpdate(){
+        $verifcation_code = $_REQUEST['verifcation_code'];
+        $AES_encrypted = utils::AES_encrypted($verifcation_code);
+
+        $secret_key = common::excuteOneSql("select secret_key from customer_service_secret_key 
+                        where secret_key = '$verifcation_code' 
+                        and create_time >= current_date - INTERVAL '7 days' limit 1");
+
+        if(!empty($AES_encrypted) && !empty($secret_key)){
+            //使用后，移除之前数据库里安全密
+            common::excuteUpdateSql("delete from customer_service_secret_key where secret_key = '$verifcation_code'");
+            //提交的时候再次验证通过，进行修改密码
+            $loginName = $AES_encrypted;
+            $password = $_REQUEST['password'];
+
+            $msg = $this->updateExpirePassword($loginName, $password);
+            if($msg == "success"){
+                $data = array(
+                    'msg' => "success",
+                    'data' => ''
+                );
+                common::echo_json_encode(200, $data);
+                exit();
+            } else {
+                $data = array(
+                    'msg' => $msg,
+                    'data' => ''
+                );
+                common::echo_json_encode(500, $data);
+                exit();
+            }
+        } else {
+            $data = array(
+                'msg' => 'verifcation_Invalid',
+                'data' => ''
+            );
         }
-        return $decrypted;
+        common::echo_json_encode(500, $data);
+        exit();
     }
 }
 

utils/utils.class.php

@@ -349,6 +349,57 @@ class utils {
             return null;
     }
 
+    /**
+     * reset password link email   sendEmailByResetPassword
+    */
+    public static function sendEmailByResetPassword($data, $email) {
+        $sql = "select subject, ra_content as content from ra_online_email_tpl where lower(ra_type) = 'forgotpw'";
+        $rs = common::excuteObjectSql($sql);
+        if (!empty($rs)) {
+            $subject = $rs['subject'];
+            $content = $rs['content'];
+        }
+        if (!empty($subject) && !empty($content)) {
+        
+            $verifcation_code = utils::AES_128_CBC_Encrypt($data['User_Login']);
+            $link = SERVER_Vue_PAHT."login.php?action=login&operate=resetAndActivateInit&verifcation_code=".$verifcation_code;
+
+            if(strtolower($data['user_type']) == "employee"){
+                $sql = "SELECT lower(ra_name) as ra_name, ra_value from ra_online_config where lower(ra_name) in ('employee_password_change_cycle')";
+            } else {
+                $sql = "SELECT lower(ra_name) as ra_name, ra_value from ra_online_config where lower(ra_name) in ('customer_password_change_cycle')";
+            }
+            $PASSWORD_CHANGE_CYCLE = 0;
+            $rs1s = common::excuteListSql($sql);
+            foreach ($rs1s as $rs1) {
+                $PASSWORD_CHANGE_CYCLE = $rs1['ra_value'];
+            }
+            $expiry_date = common::excuteOneSql("select to_char((current_date + INTERVAL '".$PASSWORD_CHANGE_CYCLE." days'),'Mon-DD-YYYY');");
+
+            $tplData = array("username"=>$data['User_Login'],
+                "creation_date"=>$data['current_time'],
+                "expiry_date"=>$expiry_date,
+                "link" =>$link);
+
+            // 动态构建替换数组（格式：[key] => value）
+            $replacements = [];
+            foreach ($tplData as $key => $value) {
+                $replacements["{{$key}}"] = $value; 
+                $replacements["{{{$key}}}"] = $value; 
+            }
+            $content = strtr($content, $replacements);
+            $content = common::check_input($content);
+
+            common::excuteUpdateSql("INSERT INTO public.email_record_forgotpassword(type, title, from_email, to_email, content, insert_date, 
+            cc_email) VALUES ('forgot_password', '" . common::check_input($subject) . "', 'US.KApex.Online@kerryapex.com', '" .
+                    common::check_input($email) . "', '" . common::check_input($content) . "', now(), '');
+                    insert customer_service_secret_key(secret_key,create_time) value('".$verifcation_code."',now())");
+            return "success";
+            //return Mail::sendMail($email, $subject, $content);
+        } else
+            return null;
+    }
+
     public static function operation_log_records(){
         //排除opreation_log操作
         if( empty($_REQUEST["operate"])
@@ -1593,5 +1644,31 @@ class utils {
 
         return $data[$type];
     }
+
+    //AES 加密
+    public static function AES_128_CBC_Encrypt($data){
+        $key = 'fT5!R1k$7Mv@4Q9X'; // 密钥应该是16字节（128位），24字节（192位）或32字节（256位）
+        $method = 'AES-128-CBC';
+        $iv = '1234567890123456'; 
+        // 加密
+        $encrypted = openssl_encrypt($data, $method, $key, OPENSSL_RAW_DATA, $iv);
+        // 编码为可打印的字符串，如Base64
+        $encrypted = base64_encode($encrypted);
+        return $encrypted;
+    }
+    
+    /**
+     * 解密decrypt
+    */
+    public static function AES_encrypted($encrypted_string,$isbase64_encode = true){
+        $key = 'fT5!R1k$7Mv@4Q9X'; // 16 bytes key
+        $iv = '1234567890123456'; // 16 bytes IV
+        if($isbase64_encode){
+            $decrypted = openssl_decrypt(base64_decode($encrypted_string), 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
+        }else{
+            $decrypted = openssl_decrypt($encrypted_string, 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
+        }
+        return $decrypted;
+    }
 }
 ?>