k_online_backend/service/login.class.php

<?php

if (!defined('IN_ONLINE')) {
    exit('Access Denied');
}

/**
 * Description of login
 *
 * @author Administrator
 */
class login {

    private static $_login;

    public static function getInstance() {
        if (!self::$_login) {
            $c = __CLASS__;
            self::$_login = new $c;
        }
        return self::$_login;
    }

    private function getLoginSql($uname) {
        return "select user_login,(select active from public.employee ee where ee.employee_id=u.employee_id) as employee_id_active, can_visit_vgm,can_add_booking, can_add_tk_status,truck_driver,po_booking,o_final_delivery_u,ipad_view_po,can_view_doc,can_upload_doc,can_add_catalog,can_add_po,packing_list_company,is_only_vgm,contact_id_user,is_demo, ra_password as password,employee_id, contact_id, user_type, last_pwd_change, EXTRACT(DAY from (now() - last_pwd_change)) as last_pwd_change_date, email, user_webtype_id, active, is_online, station, allow_login_remote, can_see_amslog,can_view_eccn, can_see_isflog, can_see_isflog_withaddress, 
        customer_search_type, customer_destination, can_add_ams, can_add_isf, air_station, air_sales, ocean_station, ocean_sales,ocean_following_sales,ocean_following_sales_or,air_following_sales,air_following_sales_or, trucking_station, ocean_dest_op, can_see_password, can_add_opsales_code, ocean_station_or, ocean_agent_or, ocean_sales_or, ocean_dest_op_or, air_station_or, air_sales_or, trucking_station_or, 
        can_add_user, can_add_employee, can_add_contact, company_name, ams_email, isf_email, customer_discharge, online_active, is_super, ocean_agent,active, can_send_email, view_file_format as docdownload, container_status, consolidated_cbsa_code, can_add_aci, 
        air_customers, air_customer_search_type,trucking_customers,trucking_customer_search_type, upload_document, view_file_format, event_type, belong_schemas, main_schemas, error_login_count, EXTRACT(EPOCH FROM (now()-COALESCE(error_login_time, now()))) as second, po_status, view_air_file_format, 
        special_customer_event, can_edi_vgm, isf_aci_ams_station,login_version,is_kerry_shipment,can_visit_delivery,currency_group from public.ra_online_user u where lower(user_login) = '" . strtolower($uname) . "'";
    }

    public function do_login() {
        $login_error_times = common::excuteOneSql("select ra_value from ra_online_config where ra_name='Login_Error_Times'");
        $lock_user_seconds = common::excuteOneSql("select ra_value from ra_online_config where ra_name='Lock_User_Seconds'");
        if (!empty($uname) || !empty($password)) {

            
        } else {
            $uname = common::check_input($_POST['uname']);
            $verifcation_code = common::check_input($_POST['verifcation_code']);
            //首先校验验证码
            if (strtolower($_SESSION['captcha']) != strtolower($verifcation_code)) {    
                $data = array(
                    'msg' => 'verifcation_error',
                    'data' => ''
                );
                common::echo_json_encode(400, $data);
                exit();
            }

            $sql = $this->getLoginSql($uname);
            $rs = common::excuteObjectSql($sql);
            if (empty($rs['belong_schemas'])) {
                $rs['belong_schemas'] = "public";
            }
            if (empty($rs['main_schemas'])) {
                $rs['main_schemas'] = "public";
            }

            if (!empty($rs)) {
                //验证employee是否active
                if (!empty($rs["employee_id"]) && $rs["employee_id_active"] != "t") {
                    if (strtolower(Soure) =='topocean'){
                        if (strtolower($rs['user_type']) == "employee" && utils::endWith($rs['email'], "cn")) {
                            $data = "<a href='mailto:lilyyang@topocean.com.cn'>lilyyang@topocean.com.cn</a>";
                        }else{
                            $data = "<a href='mailto:winnie@topocean.com'>winnie@topocean.com</a>";
                        }
                    }
                    if (strtolower(Soure) =='apex'){
                        $data = "<a href='mailto:maria.wang@apexshipping.com.cn'>maria.wang@apexshipping.com.cn</a>";
                    }
                    
                    $data = array(
                        'msg' => 'no_active',
                        'login_version' => $rs["login_version"],
                        'data' => $data
                    );
                    common::echo_json_encode(500, $data);
                    $this->failedLogin($uname, 'Employee not active');
                    exit();
                }

                //处理登录状态
                $userInfo = common::check_input($_COOKIE['userInfo']);

                $noCheckPwd = false;

                if (!empty($userInfo)) {
                    $userInfoSplit = explode("_", $userInfo);
                    if ($uname == $userInfoSplit[0]) {
                        if ($userInfoSplit[1] == md5($rs['password'])) {
                            $noCheckPwd = true;
                        }
                    }
                }
            
                if ($rs['error_login_count'] > $login_error_times && $rs['second'] < $lock_user_seconds) {
                        $data = array(
                            'msg' => 'error_times',
                            'login_version' => $rs["login_version"],
                            'data' => ceil(($lock_user_seconds - $rs['second']) / 60)
                        );
                        common::echo_json_encode(400, $data);
                        
                        $this->failedLogin($uname, 'Failed login too times');
                        exit();
                }
                if ($rs['is_online'] != 't') {
                    if (strtolower($rs['user_type']) != "employee") {
                        $data =array(
                            'msg' => 'no_online',
                            'login_version' => $rs["login_version"],
                            'data' => ''
                        );
                        common::echo_json_encode(500, $data);
                        $this->failedLogin($uname, 'Online is not active');
                        exit();
                    }
                }

                //if ($rs['decrypt_password'] != $_POST['psw']) {
				if ($noCheckPwd) {

				}else{
                    if ($rs['password'] != $_POST['psw']) {    
                        common::excuteUpdateSql("update public.ra_online_user set error_login_count=error_login_count+1, error_login_time=now() where lower(user_login) = '" . strtolower($uname) . "'");
                        $data = array(
                            'msg' => 'password_error',
                            'login_version' => $rs["login_version"],
                            'data' => ''
                        );
                        common::echo_json_encode(400, $data);
                        $this->failedLogin($uname, 'Password is wrong');
                        exit();
                    }
				}
                   
                if ($rs['online_active'] != 't') {
                    $data = array(
                        'msg' => 'no_active',
                        'login_version' => $rs["login_version"],
                        'data' => ''
                    );
                    common::echo_json_encode(500, $data);
                    $this->failedLogin($uname, 'Online is not active');
                    exit();
                }
                //check password length
                $tar = utils::checkPassword($rs['password']);
                if (!empty($tar)) {
                    $data = array(
                        'msg' => $tar,
                        'login_version' => $rs["login_version"],
                        'data' => ''
                    );
                    common::echo_json_encode(500, $data);
                    exit();
                }
                if (empty($rs['last_pwd_change'])) {
                    $data = array(
                        'msg' => 'first_login',
                        'login_version' => $rs["login_version"],
                        'data' => ''
                    );
                    common::echo_json_encode(500, $data);
                    exit();
                }
                

                //get more infor by employee_id or contact_id
                $sql = '';
                $diffdate = $rs['last_pwd_change_date'];
                $user_type = $rs['user_type'];
                //if user is customer, check company
                if (strtolower($user_type) == 'customer') {
                    $company = $rs['company_name'];
                } else {
                    if (!empty($rs['station']))
                        $company = $rs['station'];
                }
                if (strtolower($uname) == 'ra.admin') {
                    $company = 'Admin';
                }
                // get system config
                $sql = "SELECT lower(ra_name) as ra_name, ra_value from ra_online_config where lower(ra_name) in ('employee_session_timeout', 'customer_session_timeout', 'password_change_alert', 'employee_password_change_cycle', 'customer_password_change_cycle')";
                $rs1s = common::excuteListSql($sql);
                foreach ($rs1s as $rs1) {
                    if ($rs1['ra_name'] == 'employee_session_timeout')
                        $EMPLOYEE_SESSION_TIMEOUT = $rs1['ra_value'];
                    if ($rs1['ra_name'] == 'customer_session_timeout')
                        $CUSTOMER_SESSION_TIMEOUT = $rs1['ra_value'];
                    if ($rs1['ra_name'] == 'password_change_alert')
                        $PASSWORD_CHANGE_ALERT = $rs1['ra_value'];
                    if ($rs1['ra_name'] == 'employee_password_change_cycle')
                        $EMPLOYEE_PASSWORD_CHANGE_CYCLE = $rs1['ra_value'];
                    if ($rs1['ra_name'] == 'customer_password_change_cycle')
                        $CUSTOMER_PASSWORD_CHANGE_CYCLE = $rs1['ra_value'];
                }
                $sql="select item_value from config where item='passwordChangePeriod'";
                $pcp = common::excuteObjectSql($sql);
                $passwordChangePeriod = json_decode($pcp["item_value"],true);

                if (strtolower($rs['user_type']) == 'employee') {
                    $PASSWORD_CHANGE_CYCLE = $EMPLOYEE_PASSWORD_CHANGE_CYCLE;
                    $SESSION_TIMEOUT = $EMPLOYEE_SESSION_TIMEOUT;

                    //如果有新配置，则采用新配置
                    if (!empty($pcp)) {
                        $PASSWORD_CHANGE_CYCLE = $passwordChangePeriod["Employee"]["days"];
                        $PASSWORD_CHANGE_ALERT = $passwordChangePeriod["Employee"]["advanceDays"];
                    }

                } else {
                    $PASSWORD_CHANGE_CYCLE = $CUSTOMER_PASSWORD_CHANGE_CYCLE;
                    $SESSION_TIMEOUT = $CUSTOMER_SESSION_TIMEOUT;
                    
                    //如果有新配置，则采用新配置
                    if (!empty($pcp)) {
                        $PASSWORD_CHANGE_CYCLE = $passwordChangePeriod["Customer"]["days"];
                        $PASSWORD_CHANGE_ALERT = $passwordChangePeriod["Customer"]["advanceDays"];
                    }
                }

                $loginName = $rs['user_login'];
                $email = $rs['email'];
                //Timeout
                if ($diffdate > $PASSWORD_CHANGE_CYCLE) {
                    if(empty($email)){
                        $data = array(
                            'status' => '0',
                            'msg' => 'login user email is empty',
                            'login_version' => $rs["login_version"],
                            'data' => ''
                        );
                        common::echo_json_encode(500, $data);
                        exit();
                    }else{
                        //$this -> passwordExpires($loginName,$email);
                    }
                }

                if ($diffdate == $PASSWORD_CHANGE_CYCLE) {// Due today
                    $login_tmp = array(
                        'msg' => 'today',
                        'uname' => $uname,
                        'login_version' => $rs["login_version"],
                        'data' => ''
                    );
                } elseif ($diffdate >= ($PASSWORD_CHANGE_CYCLE - $PASSWORD_CHANGE_ALERT)) {// Password expires soon, JS Tips
                    $login_tmp = array(
                        'msg' => 'last',
                        'uname' => $uname,
                        'login_version' => $rs["login_version"],
                        'data' => $PASSWORD_CHANGE_CYCLE - $diffdate,
                        'is_only_vgm' => $rs["is_only_vgm"]
                    );
                }

                //insert into log table
                $ip = common::ip();
                $sql = "insert into public.ra_online_user_login_log (user_name,manufacturer,from_app,ip,date_time, session_id) values ('" . common::check_input($uname) . "', '" . common::check_input($company) . "','Online','$ip',now(), '" . session_id() . "')";
                if (common::excuteUpdateSql($sql)) {
                    common::excuteUpdateSql("update public.ra_online_user set Last_Login_Time = now(), error_login_count=0, error_login_time=null where lower(user_login) = '" . strtolower($uname) . "'");
                    if (isset($login_tmp)) {
                        common::echo_json_encode(200, $login_tmp);
                    } else {
                        $data = array(
                            'msg' => 'success',
                            'uname' => $uname,
                            'login_version' => $rs["login_version"],
                            'data' => '',
                            'is_only_vgm' => $rs["is_only_vgm"]
                        );
                        common::echo_json_encode(200, $data);
                    }

                    $online_user = $rs;
                    $online_user['user_login'] = $uname;
                    $online_user['company'] = $company;
                    $online_user['password'] = "";
                    if (!_isAdmin()) {
                        if ($rs["is_only_vgm"] == "t") {//VGM用户写死
                            $sql = "select array_to_string(ARRAY(select url_action from public.ra_online_permission where url_action in ('ocean_order','password','vgm') and menu_id in ('ship','profile') order by order_by asc), ',')";
                            $rrrs = common::excuteOneSql($sql);
                        } else {
                            $sql = "select array_to_string(ARRAY(select p.url_action from public.ra_online_user_permission up left join public.ra_online_user u on up.user_name = u.user_login left join public.ra_online_permission p on up.p_id = p.id where lower(u.user_login) = '" . common::check_input(strtolower($uname)) . "'), ',')";
                            $rrrs = common::excuteOneSql($sql);
                            if (strtolower($rs['user_type']) == "employee" && empty($rrrs)) {
                                $sql = "select array_to_string(ARRAY(select url_action from public.ra_online_permission where is_customer = true order by order_by asc), ',')";
                                $rrrs = common::excuteOneSql($sql);
                            }
                        }
                        $online_user['permission'] = $rrrs;
                    }

                    if (!empty($online_user['docdownload']))
                        $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from ra_online_file_format where lower(serial_no) " . common::getInNotInSql($online_user['docdownload']) . " and active = true group by display_name order by min(id)";
                    else {
                        $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from ra_online_file_format where active = true";
                        if (strtolower($online_user['user_type']) == "customer")
                            $sql .= " and client_display = true";
                        $sql .= " group by display_name order by min(id)";
                    }
                    $online_user['view_doc_type'] = common::excuteListSql($sql);

                    if (!empty($online_user['view_air_file_format']))
                        $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from air_file_format where lower(serial_no) " . common::getInNotInSql($online_user['view_air_file_format']) . " and active = true group by display_name order by min(id)";
                    else {
                        $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from air_file_format where active = true";
                        if (strtolower($online_user['user_type']) == "customer")
                            $sql .= " and client_display = true";
                        $sql .= " group by display_name order by min(id)";
                    }
                    $online_user['view_air_doc_type'] = common::excuteListSql($sql);
                    //补充aci and ams CustomerLogin station - public 
                    $ocean_station_temp = $online_user['ocean_station'];
                    $online_user['session_ocean_station'] = $this->getOriginOrAgent($ocean_station_temp);
                    
                    $ocean_agent_temp = $online_user['ocean_agent'];
                    $online_user['session_ocean_agent'] = $this->getOriginOrAgent($ocean_agent_temp);
                    

                    $_SESSION['ONLINE_USER'] = $online_user;
                    $_SESSION['LAST_OPERATE_TIME'] = time();
                    $_SESSION['SESSION_TIMEOUT'] = $SESSION_TIMEOUT;
                    

                    //判断是否记录密码  add
                    if ($_POST['rememberpwd'] === 'true') {
                        if (!$noCheckPwd) {
                            $user_info = $uname . "_" . md5($rs['password']);

                            setcookie('userInfo', $user_info, time() + 30 * 24 * 3600, "/");
                        }
                    } else {
                        setcookie('userInfo', '', time() - 1, "/");
                    }

                    if ($rs['is_super'] == "t") {
                        $schemas_list = common::excuteListSql("select * from schemas_list");
                    } else {
                        $schemas_list = common::excuteListSql("select * from schemas_list where schemas_name=any(regexp_split_to_array('" . $rs['belong_schemas'] . "'::text, ';'::text))");
                    }
                    ///if (count($schemas_list) > 1) {
                    foreach ($schemas_list as $sk => $sv) {
                        if ($sv['schemas_name'] == "public") {
                            continue;
                        }
                        $ttdd = common::excuteObjectSql("select contact_id_user, employee_id, contact_id, user_type, email, user_webtype_id, active, is_online, station, allow_login_remote, can_see_amslog,can_view_eccn, can_see_isflog, can_see_isflog_withaddress, 
                        customer_search_type, customer_destination, can_add_ams, can_add_isf, air_station, air_sales, ocean_station, ocean_sales,ocean_following_sales,ocean_following_sales_or,air_following_sales,air_following_sales_or, trucking_station, ocean_dest_op, can_see_password, can_add_opsales_code, ocean_station_or, ocean_agent_or, ocean_sales_or, ocean_dest_op_or, air_station_or, air_sales_or, trucking_station_or, 
                        can_add_user, can_add_employee, can_add_contact, company_name, ams_email, isf_email, customer_discharge, online_active, is_super, ocean_agent,active, can_send_email, view_file_format as docdownload, container_status, consolidated_cbsa_code, can_add_aci,
                        air_customers, air_customer_search_type,trucking_customers,trucking_customer_search_type, upload_document, view_file_format, event_type, po_status, view_air_file_format, special_customer_event, can_edi_vgm, isf_aci_ams_station, is_kerry_shipment from " . $sv['schemas_name'] . ".ra_online_user where lower(user_login) = '" . strtolower($uname) . "'");
                        if (empty($ttdd)) {
                            unset($schemas_list[$sk]);
                            continue;
                        }

                        if (!empty($ttdd['docdownload'])) {
                            $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from " . $sv['schemas_name'] . ".ra_online_file_format where lower(serial_no) " . common::getInNotInSql($ttdd['docdownload']) . " and active = true group by display_name order by min(id)";
                        } else {
                            $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from " . $sv['schemas_name'] . ".ra_online_file_format where active = true";
                            if (strtolower($ttdd['user_type']) == "customer")
                                $sql .= " and client_display = true";
                            $sql .= " group by display_name order by min(id)";
                        }
                        $ttdd['view_doc_type'] = common::excuteListSql($sql);

                        if (!empty($ttdd['view_air_file_format'])) {
                            $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from " . $sv['schemas_name'] . ".air_file_format where lower(serial_no) " . common::getInNotInSql($ttdd['view_air_file_format']) . " and active = true group by display_name order by min(id)";
                        } else {
                            $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from " . $sv['schemas_name'] . ".air_file_format where active = true";
                            if (strtolower($ttdd['user_type']) == "customer")
                                $sql .= " and client_display = true";
                            $sql .= " group by display_name order by min(id)";
                        }
                        $ttdd['view_air_doc_type'] = common::excuteListSql($sql);
                        
                         //补充aci and ams CustomerLogin station - other like sfs
                        $ocean_station_temp = $ttdd['ocean_station'];
                        $ttdd['session_ocean_station'] = $this->getOriginOrAgent($ocean_station_temp);

                        $ocean_agent_temp = $ttdd['ocean_agent'];
                        $ttdd['session_ocean_agent'] = $this->getOriginOrAgent($ocean_agent_temp);

                        $_SESSION[$sv['schemas_name'] . '_ONLINE_USER'] = $ttdd;
                    }
                    //}
                    $_SESSION['schemas_list'] = $schemas_list;
                    //不再返回登录页面，直接跳转
                    if (isset($_GET['up'])) {
                        if($_GET['v'] == 'new'){
                           header("Location: main_new_version.php?action=main");
                        }else{
                           header("Location: main.php?action=main");
                        }
                    }
                    exit();
                } else {
                    $data = array(
                        'msg' => 'database_error',
                        'login_version' => $rs["login_version"],
                        'data' => ''
                    );
                    common::echo_json_encode(500, $data);
                    exit();
                }
            } else {
                $data = array(
                    'msg' => 'no_exist',
                    'login_version' => $rs["login_version"],
                    'data' => ''
                );
                common::echo_json_encode(500, $data);
                exit();
            }
        }
    }

    public function check_uname(){
        $uname = common::check_input($_POST['uname']);
        $sql = $this->getLoginSql($uname);
        $rs = common::excuteObjectSql($sql);
        if (!empty($rs)) {
            //只是验证用户是否存在，是否激活
            //验证employee是否active
            if (!empty($rs["employee_id"]) && $rs["employee_id_active"] != "t") {
                if (strtolower(Soure) =='topocean'){
                    if (strtolower($rs['user_type']) == "employee" && utils::endWith($rs['email'], "cn")) {
                        $data = "<a href='mailto:lilyyang@topocean.com.cn'>lilyyang@topocean.com.cn</a>";
                    }else{
                        $data = "<a href='mailto:winnie@topocean.com'>winnie@topocean.com</a>";
                    }
                }
                if (strtolower(Soure) =='apex'){
                    $data = "<a href='mailto:maria.wang@apexshipping.com.cn'>maria.wang@apexshipping.com.cn</a>";
                }
                $data = array(
                    'msg' => 'no_active',
                );
                common::echo_json_encode(200, $data);
                exit();
            }
            
            if ($rs['is_online'] != 't') {
                if (strtolower($rs['user_type']) != "employee") {
                    $data =array(
                        'msg' => 'no_online',
                    );
                    common::echo_json_encode(200, $data);
                    exit();
                }
            }
            if ($rs['online_active'] != 't') {
                $data = array(
                    'msg' => 'no_active',
                );
                common::echo_json_encode(200, $data);
                exit();
            }
            //验证成功
            $data = array(
                'msg' => 'success',
            );
            common::echo_json_encode(200, $data);
            exit();
        } else {
            $data = array(
                'msg' => 'no_exist',
            );
            common::echo_json_encode(200, $data);
            exit();
        }

    }

    public function verifcation_code(){
        // 生成一个4位随机数作为验证码
        //$random_num = mt_rand(1000, 9999);
        $random_num = $this->generateCaptcha(6);
        $_SESSION['captcha'] = $random_num;
        
        // 创建一个宽度为80像素、高度为30像素的图片
        $width = 130;
        $height = 40;
        $image = imagecreate($width, $height);
        
        // 设置颜色
        $white = imagecolorallocate($image, 255, 255, 255); // 白色作为背景
        $black = imagecolorallocate($image, 0, 0, 0); // 黑色作为文字
        
        // 填充背景
        imagefilledrectangle($image, 0, 0, $width, $height, $white);
        
        // 在图片上绘制四个字符
        $font_size = 18;
        $x = 14;
        $y = 12;
        for ($i = 0; $i < 6; $i++) {
            $char = substr($random_num, $i, 1);
            imagestring($image, $font_size, $x, $y, $char, $black);
            $x += $font_size+1;
        }
        
        // 返回Base64编码
        ob_start();
        imagepng($image);
        $image_data = ob_get_clean();
        // 释放内存
        imagedestroy($image);
        $data = array("imagePngBase64" =>base64_encode($image_data));
        common::echo_json_encode(200, $data);
        exit();
    }

    //邮件密码原文
    public function forgot_password() {
        $login = common::check_input($_POST['login']);
        $email = common::check_input($_POST['email']);
        $verifcation_code = common::check_input($_POST['verifcation_code']);
        //首先校验验证码
        if ($_SESSION['captcha'] != $verifcation_code) {    
            $data = array(
                'msg' => 'verifcation_error',
                'data' => ''
            );
            common::echo_json_encode(500, $data);
            exit();
        }
        $msg = "";
        if (!empty($email) || !empty($login)) {
            $sql_p = "select User_Login, ra_password as password from public.ra_online_user where lower(user_login) = '" . strtolower($login) . "' and lower(email) = '" . strtolower($email) . "'";
            $rs = common::excuteObjectSql($sql_p);
            if (!empty($rs)) {
                $r = utils::sendEmailByPassword($login, $rs['password'], $email);
                if ($r == 'success') {
                    $msg = "success";
                } else {
                    $msg = $r;
                }
            } else {
                $msg = "Can not find this user with give login id and email, please confirm!";
            }
        } else {
            $msg = "Login Name or Email Required !";
        }

        $data = array(
            'msg' => $msg,
        );
        common::echo_json_encode(200, $data);
        exit();
    }

    public function generateCaptcha($length = 6) {
        $captcha = '';
        for ($i = 0; $i < $length; $i++) {
            // 随机选择字母或数字
            $char = mt_rand(0, 1) ? rand(0, 9) : chr(rand(ord('A'), ord('Z')));
            $captcha .= strval($char);
        }
        return $captcha;
    }

    public function do_login_auto() {
        $uname = common::check_input($_GET['u']);
        $password = common::check_input($_GET['p']);
        $login_error_times = common::excuteOneSql("select ra_value from ra_online_config where ra_name='Login_Error_Times'");
        $lock_user_seconds = common::excuteOneSql("select ra_value from ra_online_config where ra_name='Lock_User_Seconds'");
        if (!empty($uname) || !empty($password)) {
           
        } else {
            $uname = common::check_input($_POST['uname']);
            $sql = $this->getLoginSql($uname);
            $rs = common::excuteObjectSql($sql);
            if (empty($rs['belong_schemas'])) {
                $rs['belong_schemas'] = "public";
            }
            if (empty($rs['main_schemas'])) {
                $rs['main_schemas'] = "public";
            }

            if (!empty($rs)) {
                //验证employee是否active
                if (!empty($rs["employee_id"]) && $rs["employee_id_active"] != "t") {
                    if (strtolower(Soure) =='topocean'){
                        if (strtolower($rs['user_type']) == "employee" && utils::endWith($rs['email'], "cn")) {
                            $data = "<a href='mailto:lilyyang@topocean.com.cn'>lilyyang@topocean.com.cn</a>";
                        }else{
                            $data = "<a href='mailto:winnie@topocean.com'>winnie@topocean.com</a>";
                        }
                    }
                    if (strtolower(Soure) =='apex'){
                        $data = "<a href='mailto:maria.wang@apexshipping.com.cn'>maria.wang@apexshipping.com.cn</a>";
                    }
                    
                    $data = array(
                        'msg' => 'no_active',
                        'login_version' => $rs["login_version"],
                        'data' => $data
                    );
                    common::echo_json_encode(500, $data);
                    $this->failedLogin($uname, 'Employee not active');
                    exit();
                }

                //add  处理登录状态
                $userInfo = common::check_input($_COOKIE['userInfo']);

                $noCheckPwd = false;

                if (!empty($userInfo)) {
                    $userInfoSplit = explode("_", $userInfo);
                    if ($uname == $userInfoSplit[0]) {
                        if ($userInfoSplit[1] == md5($rs['password'])) {
                            $noCheckPwd = true;
                        }
                    }
                }
                
                //if (!$noCheckPwd) {
                    if ($rs['error_login_count'] > $login_error_times && $rs['second'] < $lock_user_seconds) {
                        $data = array(
                            'msg' => 'error_times',
                            'login_version' => $rs["login_version"],
                            'data' => ceil(($lock_user_seconds - $rs['second']) / 60)
                        );
                        common::echo_json_encode(500, $data);
                        
                        $this->failedLogin($uname, 'Failed login too times');
                        exit();
                    }
                    if ($rs['is_online'] != 't') {
                        if (strtolower($rs['user_type']) != "employee") {
                            $data =array(
                                'msg' => 'no_online',
                                'login_version' => $rs["login_version"],
                                'data' => ''
                            );
                            common::echo_json_encode(500, $data);
                            $this->failedLogin($uname, 'Online is not active');
                            exit();
                        }
                    }

                    //if ($rs['decrypt_password'] != $_POST['psw']) {
					if ($noCheckPwd) {
					}else{
                    if ($rs['password'] != $_POST['psw']) {    
                        common::excuteUpdateSql("update public.ra_online_user set error_login_count=error_login_count+1, error_login_time=now() where lower(user_login) = '" . strtolower($uname) . "'");
                        $data = array(
                            'msg' => 'password_error',
                            'login_version' => $rs["login_version"],
                            'data' => ''
                        );
                        common::echo_json_encode(500, $data);
                        $this->failedLogin($uname, 'Password is wrong');
                        exit();
                    }
					}
                   
                    if ($rs['online_active'] != 't') {
                        $data = array(
                            'msg' => 'no_active',
                            'login_version' => $rs["login_version"],
                            'data' => ''
                        );
                        common::echo_json_encode(500, $data);
                        $this->failedLogin($uname, 'Online is not active');
                        exit();
                    }
                    //check password length
                    $tar = utils::checkPassword($rs['password']);
                    if (!empty($tar)) {
                        $data = array(
                            'msg' => $tar,
                            'login_version' => $rs["login_version"],
                            'data' => ''
                        );
                        common::echo_json_encode(500, $data);
                        exit();
                    }
                    if (empty($rs['last_pwd_change'])) {
                        $data = array(
                            'msg' => 'first_login',
                            'login_version' => $rs["login_version"],
                            'data' => ''
                        );
                        common::echo_json_encode(500, $data);
                        exit();
                    }
                //}

                //get more infor by employee_id or contact_id
                $sql = '';
                $diffdate = $rs['last_pwd_change_date'];
                $user_type = $rs['user_type'];
                //if user is customer, check company
                if (strtolower($user_type) == 'customer') {
                    $company = $rs['company_name'];
                } else {
                    if (!empty($rs['station']))
                        $company = $rs['station'];
                }
                if (strtolower($uname) == 'ra.admin') {
                    $company = 'Admin';
                }
                // get system config
                $sql = "SELECT lower(ra_name) as ra_name, ra_value from ra_online_config where lower(ra_name) in ('employee_session_timeout', 'customer_session_timeout', 'password_change_alert', 'employee_password_change_cycle', 'customer_password_change_cycle')";
                $rs1s = common::excuteListSql($sql);
                foreach ($rs1s as $rs1) {
                    if ($rs1['ra_name'] == 'employee_session_timeout')
                        $EMPLOYEE_SESSION_TIMEOUT = $rs1['ra_value'];
                    if ($rs1['ra_name'] == 'customer_session_timeout')
                        $CUSTOMER_SESSION_TIMEOUT = $rs1['ra_value'];
                    if ($rs1['ra_name'] == 'password_change_alert')
                        $PASSWORD_CHANGE_ALERT = $rs1['ra_value'];
                    if ($rs1['ra_name'] == 'employee_password_change_cycle')
                        $EMPLOYEE_PASSWORD_CHANGE_CYCLE = $rs1['ra_value'];
                    if ($rs1['ra_name'] == 'customer_password_change_cycle')
                        $CUSTOMER_PASSWORD_CHANGE_CYCLE = $rs1['ra_value'];
                }
                $sql="select item_value from config where item='passwordChangePeriod'";
                $pcp = common::excuteObjectSql($sql);
                $passwordChangePeriod = json_decode($pcp["item_value"],true);

                if (strtolower($rs['user_type']) == 'employee') {
                    $PASSWORD_CHANGE_CYCLE = $EMPLOYEE_PASSWORD_CHANGE_CYCLE;
                    $SESSION_TIMEOUT = $EMPLOYEE_SESSION_TIMEOUT;

                    //如果有新配置，则采用新配置
                    if (!empty($pcp)) {
                        $PASSWORD_CHANGE_CYCLE = $passwordChangePeriod["Employee"]["days"];
                        $PASSWORD_CHANGE_ALERT = $passwordChangePeriod["Employee"]["advanceDays"];
                    }

                } else {
                    $PASSWORD_CHANGE_CYCLE = $CUSTOMER_PASSWORD_CHANGE_CYCLE;
                    $SESSION_TIMEOUT = $CUSTOMER_SESSION_TIMEOUT;
                    
                    //如果有新配置，则采用新配置
                    if (!empty($pcp)) {
                        $PASSWORD_CHANGE_CYCLE = $passwordChangePeriod["Customer"]["days"];
                        $PASSWORD_CHANGE_ALERT = $passwordChangePeriod["Customer"]["advanceDays"];
                    }
                }

                /* if ($diffdate > $PASSWORD_CHANGE_CYCLE) {// Timeout 
                    echo json_encode(array(
                        'msg' => 'password_require_change',
                        'login_version' => $rs["login_version"],
                        'data' => ''
                    ));
                    $this->failedLogin($uname, 'Required password change');
                    exit();
                }*/

                $loginName = $rs['user_login'];
                $email = $rs['email'];
                if ($diffdate > $PASSWORD_CHANGE_CYCLE) {// Timeout
                    if(empty($email)){
                        $data = array(
                            'status' => '0',
                            'msg' => 'login user email is empty',
                            'login_version' => $rs["login_version"],
                            'data' => ''
                        );
                        common::echo_json_encode(500, $data);
                        exit();
                    }else{
                        //$this -> passwordExpires($loginName,$email);
                    }
                }

                if ($diffdate == $PASSWORD_CHANGE_CYCLE) {// Due today
                    $login_tmp = array(
                        'msg' => 'today',
                        'login_version' => $rs["login_version"],
                        'data' => ''
                    );
                } elseif ($diffdate >= ($PASSWORD_CHANGE_CYCLE - $PASSWORD_CHANGE_ALERT)) {// Password expires soon, JS Tips
                    $login_tmp = array(
                        'msg' => 'last',
                        'login_version' => $rs["login_version"],
                        'data' => $PASSWORD_CHANGE_CYCLE - $diffdate,
                        'is_only_vgm' => $rs["is_only_vgm"]
                    );
                }

                //insert into log table
                $ip = common::ip();
                $sql = "insert into public.ra_online_user_login_log (user_name,manufacturer,from_app,ip,date_time, session_id) values ('" . common::check_input($uname) . "', '" . common::check_input($company) . "','Online','$ip',now(), '" . session_id() . "')";
                if (common::excuteUpdateSql($sql)) {
                    common::excuteUpdateSql("update public.ra_online_user set Last_Login_Time = now(), error_login_count=0, error_login_time=null where lower(user_login) = '" . strtolower($uname) . "'");
                    //自动登录。为了方便调用,先注销掉
                    if (isset($login_tmp)) {
                        //common::echo_json_encode(500, $login_tmp);
                    } else {
                        $data = array(
                            'msg' => 'success',
                            'login_version' => $rs["login_version"],
                            'data' => '',
                            'is_only_vgm' => $rs["is_only_vgm"]
                        );
                        //common::echo_json_encode("200", $data);
                    }

                    $online_user = $rs;
                    $online_user['user_login'] = $uname;
                    $online_user['company'] = $company;
                    $online_user['password'] = "";
                    if (!_isAdmin()) {
                        if ($rs["is_only_vgm"] == "t") {//VGM用户写死
                            $sql = "select array_to_string(ARRAY(select url_action from public.ra_online_permission where url_action in ('ocean_order','password','vgm') and menu_id in ('ship','profile') order by order_by asc), ',')";
                            $rrrs = common::excuteOneSql($sql);
                        } else {
                            $sql = "select array_to_string(ARRAY(select p.url_action from public.ra_online_user_permission up left join public.ra_online_user u on up.user_name = u.user_login left join public.ra_online_permission p on up.p_id = p.id where lower(u.user_login) = '" . common::check_input(strtolower($uname)) . "'), ',')";
                            $rrrs = common::excuteOneSql($sql);
                            if (strtolower($rs['user_type']) == "employee" && empty($rrrs)) {
                                $sql = "select array_to_string(ARRAY(select url_action from public.ra_online_permission where is_customer = true order by order_by asc), ',')";
                                $rrrs = common::excuteOneSql($sql);
                            }
                        }
                        $online_user['permission'] = $rrrs;
                    }

                    if (!empty($online_user['docdownload']))
                        $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from ra_online_file_format where lower(serial_no) " . common::getInNotInSql($online_user['docdownload']) . " and active = true group by display_name order by min(id)";
                    else {
                        $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from ra_online_file_format where active = true";
                        if (strtolower($online_user['user_type']) == "customer")
                            $sql .= " and client_display = true";
                        $sql .= " group by display_name order by min(id)";
                    }
                    $online_user['view_doc_type'] = common::excuteListSql($sql);

                    if (!empty($online_user['view_air_file_format']))
                        $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from air_file_format where lower(serial_no) " . common::getInNotInSql($online_user['view_air_file_format']) . " and active = true group by display_name order by min(id)";
                    else {
                        $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from air_file_format where active = true";
                        if (strtolower($online_user['user_type']) == "customer")
                            $sql .= " and client_display = true";
                        $sql .= " group by display_name order by min(id)";
                    }
                    $online_user['view_air_doc_type'] = common::excuteListSql($sql);
                    //补充aci and ams CustomerLogin station - public 
                    $ocean_station_temp = $online_user['ocean_station'];
                    $online_user['session_ocean_station'] = $this->getOriginOrAgent($ocean_station_temp);
                    
                    $ocean_agent_temp = $online_user['ocean_agent'];
                    $online_user['session_ocean_agent'] = $this->getOriginOrAgent($ocean_agent_temp);
                    

                    $_SESSION['ONLINE_USER'] = $online_user;
                    $_SESSION['LAST_OPERATE_TIME'] = time();
                    $_SESSION['SESSION_TIMEOUT'] = $SESSION_TIMEOUT;
                    

                    //判断是否记录密码  add
                    if ($_POST['rememberpwd'] === 'true') {
                        if (!$noCheckPwd) {
                            $user_info = $uname . "_" . md5($rs['password']);

                            setcookie('userInfo', $user_info, time() + 30 * 24 * 3600, "/");
                        }
                    } else {
                        setcookie('userInfo', '', time() - 1, "/");
                    }

                    if ($rs['is_super'] == "t") {
                        $schemas_list = common::excuteListSql("select * from schemas_list");
                    } else {
                        $schemas_list = common::excuteListSql("select * from schemas_list where schemas_name=any(regexp_split_to_array('" . $rs['belong_schemas'] . "'::text, ';'::text))");
                    }
                    ///if (count($schemas_list) > 1) {
                    foreach ($schemas_list as $sk => $sv) {
                        if ($sv['schemas_name'] == "public") {
                            continue;
                        }
                        $ttdd = common::excuteObjectSql("select contact_id_user, employee_id, contact_id, user_type, email, user_webtype_id, active, is_online, station, allow_login_remote, can_see_amslog,can_view_eccn, can_see_isflog, can_see_isflog_withaddress, 
        customer_search_type, customer_destination, can_add_ams, can_add_isf, air_station, air_sales, ocean_station, ocean_sales,ocean_following_sales,ocean_following_sales_or,air_following_sales,air_following_sales_or, trucking_station, ocean_dest_op, can_see_password, can_add_opsales_code, ocean_station_or, ocean_agent_or, ocean_sales_or, ocean_dest_op_or, air_station_or, air_sales_or, trucking_station_or, 
        can_add_user, can_add_employee, can_add_contact, company_name, ams_email, isf_email, customer_discharge, online_active, is_super, ocean_agent,active, can_send_email, view_file_format as docdownload, container_status, consolidated_cbsa_code, can_add_aci,
        air_customers, air_customer_search_type,trucking_customers,trucking_customer_search_type, upload_document, view_file_format, event_type, po_status, view_air_file_format, special_customer_event, can_edi_vgm, isf_aci_ams_station, is_kerry_shipment from " . $sv['schemas_name'] . ".ra_online_user where lower(user_login) = '" . strtolower($uname) . "'");
                        if (empty($ttdd)) {
                            unset($schemas_list[$sk]);
                            continue;
                        }

                        if (!empty($ttdd['docdownload'])) {
                            $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from " . $sv['schemas_name'] . ".ra_online_file_format where lower(serial_no) " . common::getInNotInSql($ttdd['docdownload']) . " and active = true group by display_name order by min(id)";
                        } else {
                            $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from " . $sv['schemas_name'] . ".ra_online_file_format where active = true";
                            if (strtolower($ttdd['user_type']) == "customer")
                                $sql .= " and client_display = true";
                            $sql .= " group by display_name order by min(id)";
                        }
                        $ttdd['view_doc_type'] = common::excuteListSql($sql);

                        if (!empty($ttdd['view_air_file_format'])) {
                            $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from " . $sv['schemas_name'] . ".air_file_format where lower(serial_no) " . common::getInNotInSql($ttdd['view_air_file_format']) . " and active = true group by display_name order by min(id)";
                        } else {
                            $sql = "select string_agg(serial_no, ';') as serial_no, string_agg(m_h, ';') as m_h, display_name from " . $sv['schemas_name'] . ".air_file_format where active = true";
                            if (strtolower($ttdd['user_type']) == "customer")
                                $sql .= " and client_display = true";
                            $sql .= " group by display_name order by min(id)";
                        }
                        $ttdd['view_air_doc_type'] = common::excuteListSql($sql);
                        
                         //补充aci and ams CustomerLogin station - other like sfs
                        $ocean_station_temp = $ttdd['ocean_station'];
                        $ttdd['session_ocean_station'] = $this->getOriginOrAgent($ocean_station_temp);

                        $ocean_agent_temp = $ttdd['ocean_agent'];
                        $ttdd['session_ocean_agent'] = $this->getOriginOrAgent($ocean_agent_temp);

                        $_SESSION[$sv['schemas_name'] . '_ONLINE_USER'] = $ttdd;
                    }
                    //}
                    $_SESSION['schemas_list'] = $schemas_list;
                    //不再返回登录页面，直接跳转
                    if (isset($_GET['up'])) {
                        if($_GET['v'] == 'new'){
                           header("Location: main_new_version.php?action=main");
                        }else{
                           header("Location: main.php?action=main");
                        }
                    }
                    //自动登录。为了方便调用,先注销掉
                    //exit();
                } else {
                    $data = array(
                        'msg' => 'database_error',
                        'login_version' => $rs["login_version"],
                        'data' => ''
                    );
                    common::echo_json_encode(500, $data);
                    exit();
                }
            } else {
                $data = array(
                    'msg' => 'no_exist',
                    'login_version' => $rs["login_version"],
                    'data' => ''
                );
                common::echo_json_encode(500, $data);
                exit();
            }
        }
    }

    private function failedLogin($uname, $company){
        $ip = common::ip();
        common::excuteUpdateSql("insert into public.ra_online_user_login_log (user_name,manufacturer,from_app,ip,date_time, session_id) values ('" . common::check_input($uname) . "', '" . common::check_input($company) . "','Online','$ip',now(), '" . session_id() . "')");
    }

    //重置密码
    public function passwordExpires($loginName,$email){
        $result = array(
            'msg' => "passwordExpires",
        );
        common::echo_json_encode(400, $result);
        exit();
    }

    //submit change form -- change expires password 
    public function update_pwd_expires(){
        $loginName = common::check_input($_POST['uname']);
        $old_password = common::check_input($_POST['old_password']);
        $password = common::check_input($_POST['password']);
        $verifcation_code = 

        //首先校验验证码
        $verifcation_code = common::check_input($_POST['verifcation_code']);
        if (strtolower($_SESSION['captcha']) != strtolower($verifcation_code)) {    
            $data = array(
                'msg' => 'verifcation_error',
                'data' => ''
            );
            common::echo_json_encode(400, $data);
            exit();
        }
        
        $sql = "select ra_password as password from ra_online_user where lower(user_login) = '" . strtolower($loginName) . "'";
        $rs = common::excuteObjectSql($sql);
        $str = '';
        if (!empty($rs)) {
            if ($rs['password'] != $old_password) {
                $str = "Old password is incorrect!";
            } 
        } else {
            $str = "Old password is incorrect!";
        }
        if(!empty($str)){
            $data = array(
                'msg' => $str,
                'data' => ''
            );
            common::echo_json_encode(400, $data);
            exit();
        }

        //验证通过，进行修改密码
        $msg = $this->updateExpirePassword($loginName, $password);
        if($msg == "success"){
            $data = array(
                'msg' => "success",
                'data' => ''
            );
            common::echo_json_encode(200, $data);
            exit();
        } else {
            $data = array(
                'msg' => $str,
                'data' => ''
            );
            common::echo_json_encode(400, $data);
            exit();
        }
    }

    //更新密码
    public function updateExpirePassword($login,$new_password) {
        $str = $this->checkPasswordRule($login, $new_password);

        //更新密码，擦除expire pwd痕迹
        if (empty($str)) {
            $sql = "UPDATE public.ra_online_user SET ra_password = '" . common::check_input($new_password) . "',password_new=redant_encode('".$new_password."'),
                 last_pwd_change = now(),password_expires_keycode = null,password_expires_time = null  
            WHERE lower(user_login) = '" . common::check_input(strtolower($login)) . "';";
            $rls = common::excuteUpdateSql($sql);
            if (!$rls) {
                $str = "Database Error, Try Later.";
            } else {
                $sql = "INSERT INTO public.ra_online_user_password_history (user_login, password, create_user, create_date) VALUES ('" . $login . "', " . common::check_input($new_password) . ", '" . $login . "', now());";
                common::excuteUpdateSql($sql);
                $str = "success";
            }
        }

        return $str;
    }

    //密码规则验证
    public function checkPasswordRule($login, $new_password){
        $sql="select item_value from config where item='passwordCheckRules'";
        $rs = common::excuteObjectSql($sql);

        $str =  "";
        if (!empty($rs)) {
            $passwordCheckRules = json_decode($rs["item_value"],true);
            //校验使用次数
            if (!empty($passwordCheckRules["pastPasswordCheckNum"])) {
                $sql = "select password from public.ra_online_user_password_history where lower(user_login)='".common::check_input(strtolower($login))."' order by id desc limit ".$passwordCheckRules["pastPasswordCheckNum"];
                $passwords = common::excuteListSql($sql);
                foreach ($passwords as $pwd) {
                    if ($pwd['password'] == $new_password) {
                        $str = "This password has been recently used";
                    }
                }
            }
            if(empty($str)){
                $str = utils::checkPassword($new_password,$passwordCheckRules,$login);
            }
        }else{
            $str = utils::checkPassword($new_password);
        }

        return $str;
    }

   
    public function getOriginOrAgent($ocean_station_temp){
        $session_ocean_station = "";
        if (strtolower($ocean_station_temp) == 'all'){
            $session_ocean_station = $ocean_station_temp;
        }
        if (!(strtolower($ocean_station_temp) == 'all' || empty($ocean_station_temp))){
            if (utils::checkExist($ocean_station_temp, ";")) {
                $ost = str_replace(";","','",strtolower($ocean_station_temp));
                $sql="select kerry_station_id,contact_id from ocean.contacts where  coalesce(kerry_station_id,'') <>''and lower(contact_id) in ('".$ost."')";
                $tar = common::excuteListSql($sql);
                foreach ($tar as $tk => $tv) {
                    $tar[$tv['contact_id']] = $tv['kerry_station_id'];
                }

                $_tt = explode(";", $ocean_station_temp);
                foreach ($_tt as $vv) {
                    if (!empty($vv)){
                        $session_ocean_station .= trim($vv).';';

                        if (!empty($tar[$vv])) {
                            $session_ocean_station .= $tar[trim($vv)].';';
                        }
                    }
               }

            } else {
                $session_ocean_station .= trim($ocean_station_temp).';';
                $temp_contacts = common::excuteObjectSql("select kerry_station_id from ocean.contacts where lower(contact_id)='".strtolower(common::check_input($ocean_station_temp))."'");
                if (!empty($temp_contacts['kerry_station_id'])){
                    $session_ocean_station .= $temp_contacts['kerry_station_id'].';';
                }
            }
        }
        return $session_ocean_station;
    }


}

?>