商家分离，另一套登录系统

application/api/controller/company/User.php

@@ -0,0 +1,270 @@
+<?php
+
+namespace app\api\controller\company;
+
+use app\common\controller\Apic;
+use app\common\library\Sms;
+use fast\Random;
+use GuzzleHttp\Client;
+use think\Config;
+use think\Exception;
+use think\Validate;
+
+use think\Db;
+
+/**
+ * 会员接口
+ */
+class User extends Apic
+{
+    protected $noNeedLogin = ['accountlogin','resetpwd','getUserOpenid'];
+    protected $noNeedRight = '*';
+
+
+    //员工手机+密码登录
+    public function accountlogin(){
+        $mobile   = $this->request->post('mobile');
+        $password = $this->request->post('password');
+        $openid = $this->request->post('openid','');
+        if (!$mobile || !$password || !$openid) {
+            $this->error(__('Invalid parameters'));
+        }
+        $ret = $this->auth->login($mobile, $password, $openid);
+        if ($ret) {
+            $data = $this->auth->getUserinfo();
+            $this->success(__('Logged in successful'), $data);
+        } else {
+            $this->error($this->auth->getError());
+        }
+    }
+
+
+    /**
+     * 退出登录
+     * @ApiMethod (POST)
+     */
+    public function logout()
+    {
+        if (!$this->request->isPost()) {
+            $this->error(__('Invalid parameters'));
+        }
+        $this->auth->logout();
+        $this->success(__('Logout successful'));
+    }
+
+
+    //用户详细资料
+    public function getUserinfo($type = 1){
+        $info = $this->auth->getUserinfo();
+        if($type == 'return'){
+            return $info;
+        }
+        $this->success(__('success'),$info);
+    }
+
+    /**
+     * 重置密码
+     *
+     * @ApiMethod (POST)
+     * @param string $mobile      手机号
+     * @param string $captcha     验证码
+     * @param string $newpassword 新密码
+     */
+    public function resetpwd()
+    {
+        $mobile      = $this->request->post('mobile');
+        $captcha     = $this->request->post('captcha');
+        $newpassword = $this->request->post("newpassword");
+        if (!$mobile || !$captcha || !$newpassword) {
+            $this->error(__('Invalid parameters'));
+        }
+        //验证Token
+        if (!Validate::make()->check(['newpassword' => $newpassword], ['newpassword' => 'require|regex:\S{6,30}'])) {
+            $this->error(__('Password must be 6 to 30 characters'));
+        }
+        if (!Validate::regex($mobile, "^1\d{10}$")) {
+            $this->error(__('Mobile is incorrect'));
+        }
+        $user = \app\common\model\CompanyStaff::getByMobile($mobile);
+        if (!$user) {
+            $this->error(__('User not found'));
+        }
+        $ret = Sms::check($mobile, $captcha, 'resetpwd');
+        if (!$ret) {
+            $this->error(__('Captcha is incorrect'));
+        }
+        Sms::flush($mobile, 'resetpwd');
+
+        //模拟一次登录
+        $this->auth->direct($user->id);
+        $ret = $this->auth->resetpwd($newpassword, '', true);
+        if ($ret) {
+            $this->success(__('Reset password successful'));
+        } else {
+            $this->error($this->auth->getError());
+        }
+    }
+
+
+    /**
+     * 修改会员个人信息
+     *
+     * @ApiMethod (POST)
+     * @param string $avatar   头像地址
+     * @param string $username 用户名
+     * @param string $nickname 昵称
+     * @param string $bio      个人简介
+     */
+    public function profile()
+    {
+        //验证
+        if($this->auth->type != 1){
+            $this->error('只有门店老板才能设置');
+        }
+        $field = [
+            'mobile',
+            'image',
+            'is_open',
+            'open_hours',
+        ];
+
+        $data = request_post_hub($field);
+        $data['updatetime'] = time();
+
+        $update_rs = Db::name('company')->where('id',$this->auth->company_id)->update($data);
+
+        $this->success('资料更新完成');
+    }
+
+    /**
+     * 设置店铺地址
+     */
+    public function setaddress()
+    {
+        //验证
+        if($this->auth->type != 1){
+            $this->error('只有门店老板才能设置');
+        }
+        $field = [
+            'province_name',
+            'city_name',
+            'area_name',
+            'province_id',
+            'city_id',
+            'area_id',
+            'address',
+        ];
+
+        $data = request_post_hub($field);
+
+        $data['full_address'] = $data['province_name'].$data['city_name'].$data['area_name'].$data['address'];
+        $data['updatetime'] = time();
+
+        $update_rs = Db::name('company')->where('id',$this->auth->company_id)->update($data);
+
+        $this->success('资料更新完成');
+    }
+
+    /**
+     * 小程序码
+     * @return void
+     */
+    public function getMiniCode()
+    {
+        try {
+            $companyId = $this->auth->company_id;
+            $companyWhere['id'] = $companyId;
+            $companyWhere['status'] = 1;
+            $company = Db::name('company')->where($companyWhere)->find();
+            if (empty($company)) {
+                throw new Exception('未找到门店信息');
+            }
+            $httpStr = $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'];
+            if (empty($company['mini_code'])) {
+                $client = new Client();
+                $tk = getAccessToken();
+                $miniCodeConfig = config('param.mini_code');
+                $miniCodeConfig['scene'] = 'shopId='.$companyId;
+                $res2 = $client->request('POST', 'https://api.weixin.qq.com/wxa/getwxacodeunlimit?access_token='.$tk, [
+                    'json' => $miniCodeConfig,
+                ]);
+                $fileName = md5($companyId);
+                $fileUrl = '/uploads/company/'.$fileName.'.png';
+                $code = $res2->getBody()->getContents();
+                file_put_contents(ROOT_PATH.'/public'.$fileUrl,$code);
+                $companyData['mini_code'] = $fileUrl;
+                $companyRes = Db::name('company')->where($companyWhere)->update($companyData);
+                if (!$companyRes) {
+                    throw new Exception('更新门店信息失败');
+                }
+                $miniCode = $httpStr.$fileUrl.'?v='.time();
+            } else {
+                $miniCode = $httpStr.$company['mini_code'].'?v='.time();
+            }
+            $result = [
+                'mini_code' => $miniCode,
+                'company_name' => $this->auth->company->name,
+                'company_image' => one_domain_image($this->auth->company->image),
+            ];
+            $this->success('获取成功',$result);
+        } catch (Exception $e) {
+            $this->error($e->getMessage());
+        }
+    }
+
+    /**
+     * 获取用户openid
+     */
+    public function getUserOpenid() {
+        // code值
+        $code = $this->request->param('code');
+        if (!$code) {
+            $this->error(__('Invalid parameters'));
+        }
+
+        $config = config('company_wxMiniProgram');
+        $getopenid = 'https://api.weixin.qq.com/sns/jscode2session?appid='.$config['appid'].'&secret='.$config['secret'].'&js_code='.$code.'&grant_type=authorization_code';
+        $openidInfo = $this->getJson($getopenid);
+        if(!isset($openidInfo['openid'])) {
+            $this->error('用户openid获取失败',$openidInfo);
+        }
+        //  获取的结果存入数据库
+        /*$find = Db::name('company_sessionkey')->where(['openid'=>$openidInfo['openid']])->find();
+        if($find) {
+            $update = [];
+            $update['sessionkey'] = $openidInfo['session_key'];
+            $update['createtime'] = time();
+            $res = Db::name('company_sessionkey')->where(['openid'=>$openidInfo['openid']])->update($update);
+        } else {
+            $insert = [];
+            $insert['sessionkey'] = $openidInfo['session_key'];
+            $insert['openid'] = $openidInfo['openid'];
+            $insert['unionid'] = isset($openidInfo['unionid']) ? $openidInfo['unionid'] : '';
+            $insert['createtime'] = time();
+            $res = Db::name('company_sessionkey')->insertGetId($insert);
+        }*/
+
+        if(!empty($openidInfo)) {
+            $this->success('获取成功',$openidInfo);
+        } else {
+            $this->error('获取失败');
+        }
+
+    }
+
+    /**
+     * json 请求
+     * @param $url
+     * @return mixed
+     */
+    private function getJson($url){
+        $ch = curl_init();
+        curl_setopt($ch, CURLOPT_URL, $url);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+        $output = curl_exec($ch);
+        curl_close($ch);
+        return json_decode($output, true);
+    }
+}

application/common/controller/Apic.php

@@ -0,0 +1,394 @@
+<?php
+
+namespace app\common\controller;
+
+use app\common\library\Authcompany as Auth;
+use think\Config;
+use think\exception\HttpResponseException;
+use think\exception\ValidateException;
+use think\Hook;
+use think\Lang;
+use think\Loader;
+use think\Request;
+use think\Response;
+use think\Route;
+use think\Validate;
+
+/**
+ * API控制器基类
+ */
+class Apic
+{
+
+    /**
+     * @var Request Request 实例
+     */
+    protected $request;
+
+    /**
+     * @var bool 验证失败是否抛出异常
+     */
+    protected $failException = false;
+
+    /**
+     * @var bool 是否批量验证
+     */
+    protected $batchValidate = false;
+
+    /**
+     * @var array 前置操作方法列表
+     */
+    protected $beforeActionList = [];
+
+    /**
+     * 无需登录的方法,同时也就不需要鉴权了
+     * @var array
+     */
+    protected $noNeedLogin = [];
+
+    /**
+     * 无需鉴权的方法,但需要登录
+     * @var array
+     */
+    protected $noNeedRight = [];
+
+    /**
+     * 权限Auth
+     * @var Auth
+     */
+    protected $auth = null;
+
+    /**
+     * 默认响应输出类型,支持json/xml
+     * @var string
+     */
+    protected $responseType = 'json';
+
+    public $page = 1;
+    public $listrow = 10;
+
+    /**
+     * 构造方法
+     * @access public
+     * @param Request $request Request 对象
+     */
+    public function __construct(Request $request = null)
+    {
+        $this->request = is_null($request) ? Request::instance() : $request;
+        $this->page = input('page',1);
+        $this->listrow= input('listrow',10);
+
+        // 控制器初始化
+        $this->_initialize();
+        //日志
+        $this->request_log();
+
+        // 前置操作方法
+        if ($this->beforeActionList) {
+            foreach ($this->beforeActionList as $method => $options) {
+                is_numeric($method) ?
+                    $this->beforeAction($options) :
+                    $this->beforeAction($method, $options);
+            }
+        }
+    }
+
+    /**
+     * 初始化操作
+     * @access protected
+     */
+    protected function _initialize()
+    {
+        //跨域请求检测
+        check_cors_request();
+
+        // 检测IP是否允许
+        check_ip_allowed();
+
+        //移除HTML标签
+        $this->request->filter('trim,strip_tags,htmlspecialchars');
+
+        $this->auth = Auth::instance();
+
+        $modulename = $this->request->module();
+        $controllername = Loader::parseName($this->request->controller());
+        $actionname = strtolower($this->request->action());
+
+        // token
+        $token = $this->request->server('HTTP_TOKEN', $this->request->request('token', \think\Cookie::get('token')));
+
+        $path = str_replace('.', '/', $controllername) . '/' . $actionname;
+        // 设置当前请求的URI
+        $this->auth->setRequestUri($path);
+        // 检测是否需要验证登录
+        if (!$this->auth->match($this->noNeedLogin)) {
+            //初始化
+            $this->auth->init($token);
+            //检测是否登录
+            if (!$this->auth->isLogin()) {
+                $this->error(__('Please login first'), null, 401);
+            }
+            // 判断是否需要验证权限
+            if (!$this->auth->match($this->noNeedRight)) {
+                // 判断控制器和方法判断是否有对应权限
+                if (!$this->auth->check($path)) {
+                    $this->error(__('You have no permission'), null, 403);
+                }
+            }
+        } else {
+            // 如果有传递token才验证是否登录状态
+            if ($token) {
+                $this->auth->init($token);
+            }
+        }
+
+        $upload = \app\common\model\Config::upload();
+
+        // 上传信息配置后
+        Hook::listen("upload_config_init", $upload);
+
+        Config::set('upload', array_merge(Config::get('upload'), $upload));
+
+        // 加载当前控制器语言包
+        $this->loadlang($controllername);
+    }
+
+    /**
+     * 加载语言文件
+     * @param string $name
+     */
+    protected function loadlang($name)
+    {
+        $name = Loader::parseName($name);
+        $name = preg_match("/^([a-zA-Z0-9_\.\/]+)\$/i", $name) ? $name : 'index';
+        $lang = $this->request->langset();
+        $lang = preg_match("/^([a-zA-Z\-_]{2,10})\$/i", $lang) ? $lang : 'zh-cn';
+        Lang::load(APP_PATH . $this->request->module() . '/lang/' . $lang . '/' . str_replace('.', '/', $name) . '.php');
+    }
+
+    /**
+     * 操作成功返回的数据
+     * @param string $msg    提示信息
+     * @param mixed  $data   要返回的数据
+     * @param int    $code   错误码，默认为1
+     * @param string $type   输出类型
+     * @param array  $header 发送的 Header 信息
+     */
+    protected function success($msg = '', $data = null, $code = 1, $type = null, array $header = [])
+    {
+        if($msg == 1){
+            $msg = 'success';
+        }
+        if(empty($msg)){
+            $msg = '操作成功';
+        }
+        $this->result($msg, $data, $code, $type, $header);
+    }
+    //find查询出来的结果如果为空数组，强制转换object
+    protected function success_find($msg = '', $data = null, $code = 1, $type = null, array $header = [])
+    {
+        if(empty($msg)){
+            $msg = '操作成功';
+        }
+        if(is_null($data) || $data === []){
+            $data = (object)[];
+        }
+        $this->result($msg, $data, $code, $type, $header);
+    }
+
+    /**
+     * 操作失败返回的数据
+     * @param string $msg    提示信息
+     * @param mixed  $data   要返回的数据
+     * @param int    $code   错误码，默认为0
+     * @param string $type   输出类型
+     * @param array  $header 发送的 Header 信息
+     */
+    protected function error($msg = '', $data = null, $code = 0, $type = null, array $header = [])
+    {
+        if(empty($msg)){
+            $msg = __('Invalid parameters');
+        }
+        $this->result($msg, $data, $code, $type, $header);
+    }
+
+    /**
+     * 返回封装后的 API 数据到客户端
+     * @access protected
+     * @param mixed  $msg    提示信息
+     * @param mixed  $data   要返回的数据
+     * @param int    $code   错误码，默认为0
+     * @param string $type   输出类型，支持json/xml/jsonp
+     * @param array  $header 发送的 Header 信息
+     * @return void
+     * @throws HttpResponseException
+     */
+    protected function result($msg, $data = null, $code = 0, $type = null, array $header = [])
+    {
+        $result = [
+            'code' => $code,
+            'msg'  => $msg,
+            'time' => Request::instance()->server('REQUEST_TIME'),
+            'data' => $data,
+        ];
+
+        //日志
+        $this->request_log_update($result);
+
+        // 如果未设置类型则自动判断
+        $type = $type ? $type : ($this->request->param(config('var_jsonp_handler')) ? 'jsonp' : $this->responseType);
+
+        if (isset($header['statuscode'])) {
+            $code = $header['statuscode'];
+            unset($header['statuscode']);
+        } else {
+            //未设置状态码,根据code值判断
+            $code = $code >= 1000 || $code < 200 ? 200 : $code;
+        }
+        $response = Response::create($result, $type, $code)->header($header);
+        throw new HttpResponseException($response);
+    }
+
+    /**
+     * 前置操作
+     * @access protected
+     * @param string $method  前置操作方法名
+     * @param array  $options 调用参数 ['only'=>[...]] 或者 ['except'=>[...]]
+     * @return void
+     */
+    protected function beforeAction($method, $options = [])
+    {
+        if (isset($options['only'])) {
+            if (is_string($options['only'])) {
+                $options['only'] = explode(',', $options['only']);
+            }
+
+            if (!in_array($this->request->action(), $options['only'])) {
+                return;
+            }
+        } elseif (isset($options['except'])) {
+            if (is_string($options['except'])) {
+                $options['except'] = explode(',', $options['except']);
+            }
+
+            if (in_array($this->request->action(), $options['except'])) {
+                return;
+            }
+        }
+
+        call_user_func([$this, $method]);
+    }
+
+    /**
+     * 设置验证失败后是否抛出异常
+     * @access protected
+     * @param bool $fail 是否抛出异常
+     * @return $this
+     */
+    protected function validateFailException($fail = true)
+    {
+        $this->failException = $fail;
+
+        return $this;
+    }
+
+    /**
+     * 验证数据
+     * @access protected
+     * @param array        $data     数据
+     * @param string|array $validate 验证器名或者验证规则数组
+     * @param array        $message  提示信息
+     * @param bool         $batch    是否批量验证
+     * @param mixed        $callback 回调方法（闭包）
+     * @return array|string|true
+     * @throws ValidateException
+     */
+    protected function validate($data, $validate, $message = [], $batch = false, $callback = null)
+    {
+        if (is_array($validate)) {
+            $v = Loader::validate();
+            $v->rule($validate);
+        } else {
+            // 支持场景
+            if (strpos($validate, '.')) {
+                list($validate, $scene) = explode('.', $validate);
+            }
+
+            $v = Loader::validate($validate);
+
+            !empty($scene) && $v->scene($scene);
+        }
+
+        // 批量验证
+        if ($batch || $this->batchValidate) {
+            $v->batch(true);
+        }
+        // 设置错误信息
+        if (is_array($message)) {
+            $v->message($message);
+        }
+        // 使用回调验证
+        if ($callback && is_callable($callback)) {
+            call_user_func_array($callback, [$v, &$data]);
+        }
+
+        if (!$v->check($data)) {
+            if ($this->failException) {
+                throw new ValidateException($v->getError());
+            }
+
+            return $v->getError();
+        }
+
+        return true;
+    }
+
+    /**
+     * 刷新Token
+     */
+    protected function token()
+    {
+        $token = $this->request->param('__token__');
+
+        //验证Token
+        if (!Validate::make()->check(['__token__' => $token], ['__token__' => 'require|token'])) {
+            $this->error(__('Token verification error'), ['__token__' => $this->request->token()]);
+        }
+
+        //刷新Token
+        $this->request->token();
+    }
+
+    /*
+     * api 请求日志
+     * */
+    protected function request_log(){
+        //api_request_log
+        $modulename     = $this->request->module();
+        $controllername = $this->request->controller();
+        $actionname     = $this->request->action();
+
+        $data = [
+            'uid'   => $this->auth->id,
+            'api'   => $modulename.'/'.$controllername.'/'.$actionname,
+            'params' => json_encode($this->request->request()),
+            'addtime'  => time(),
+            'adddatetime'  => date('Y-m-d H:i:s'),
+            'ip'   => request()->ip(),
+        ];
+        $request_id = db('api_request_log')->insertGetId($data);
+        defined('API_REQUEST_ID') or define('API_REQUEST_ID', $request_id);
+
+    }
+
+    protected function request_log_update($log_result){
+        if(defined('API_REQUEST_ID')) { //记录app正常返回结果
+            if(strlen(json_encode($log_result['data'])) > 10000) {
+                $log_result['data'] = '数据太多，不记录';
+            }
+            db('api_request_log')->where('id',API_REQUEST_ID)->update(['result'=>json_encode($log_result)]);
+        }
+    }
+
+
+}

application/common/library/Authcompany.php

@@ -0,0 +1,546 @@
+<?php
+
+namespace app\common\library;
+
+use app\common\model\CompanyStaff;
+use app\common\model\Company;
+use app\common\model\UserRule;
+use fast\Random;
+use think\Config;
+use think\Db;
+use think\Exception;
+use think\Hook;
+use think\Request;
+use think\Validate;
+
+class Authcompany
+{
+    protected static $instance = null;
+    protected $_error = '';
+    protected $_logined = false;
+    protected $_user = null;
+    protected $_token = '';
+    //Token默认有效时长
+    protected $keeptime = 2592000;
+    protected $requestUri = '';
+    protected $rules = [];
+    //默认配置
+    protected $config = [];
+    protected $options = [];
+    //protected $allowFields = ['id', 'name', 'logo','image','contacts', 'mobile','province_name','city_name','area_name','province_id','city_id','area_id','address','full_address','longitude','latitude','aptitude_images','open_hours','staff'];
+    protected $allowFields = ['id','company_id','type','truename','mobile','company'];
+
+
+    public function __construct($options = [])
+    {
+        if ($config = Config::get('company')) {
+            $this->config = array_merge($this->config, $config);
+        }
+        $this->options = array_merge($this->config, $options);
+    }
+
+    /**
+     *
+     * @param array $options 参数
+     * @return Auth
+     */
+    public static function instance($options = [])
+    {
+        if (is_null(self::$instance)) {
+            self::$instance = new static($options);
+        }
+
+        return self::$instance;
+    }
+
+    /**
+     * 生成不重复的随机数字字母组合
+     */
+    function getUinqueNo($length = 8, $nos = [])
+    {
+        $newid = Random::build("alnum", $length);
+        if (in_array($newid, $nos)) {
+            $newid = $this->getUinqueNo($length, $nos);
+        }
+        return $newid;
+    }
+
+    /**
+     * 获取User模型
+     * @return User
+     */
+    public function getUser()
+    {
+        return $this->_user;
+    }
+
+    /**
+     * 兼容调用user模型的属性
+     *
+     * @param string $name
+     * @return mixed
+     */
+    public function __get($name)
+    {
+        return $this->_user ? $this->_user->$name : null;
+    }
+
+    /**
+     * 兼容调用user模型的属性
+     */
+    public function __isset($name)
+    {
+        return isset($this->_user) ? isset($this->_user->$name) : false;
+    }
+
+    /**
+     * 根据Token初始化
+     *
+     * @param string $token Token
+     * @return boolean
+     */
+    public function init($token)
+    {
+        if ($this->_logined) {
+            return true;
+        }
+        if ($this->_error) {
+            return false;
+        }
+        $data = Tokencompany::get($token);
+        if (!$data) {
+            return false;
+        }
+        $user_id = intval($data['user_id']);
+        if ($user_id > 0) {
+            $user = CompanyStaff::get($user_id);
+            if (!$user) {
+                $this->setError('Account not exist');
+                return false;
+            }
+            if ($user->status != 1) {
+                $this->setError('Account is locked');
+                return false;
+            }
+
+            if(!$user->company_id){
+                $this->setError('Account not exist');
+                return false;
+            }
+            $companyinfo = Company::get($user->company_id);
+            if(!$companyinfo){
+                $this->setError('Account not exist');
+                return false;
+            }
+
+            $user->company = $companyinfo;
+
+            $this->_user = $user;
+            $this->_logined = true;
+            $this->_token = $token;
+
+            //初始化成功的事件
+            Hook::listen("company_init_successed", $this->_user);
+
+            return true;
+        } else {
+            $this->setError('You are not logged in');
+            return false;
+        }
+    }
+
+
+    /**
+     * 用户登录
+     *
+     * @param string $account  账号,用户名、邮箱、手机号
+     * @param string $password 密码
+     * @return boolean
+     */
+    public function login($account, $password, $openid)
+    {
+        $field = 'mobile';
+        $user = CompanyStaff::get([$field => $account]);
+        if (!$user) {
+            $this->setError('Account is incorrect');
+            return false;
+        }
+
+        if ($user->status != 1) {
+            $this->setError('Account is locked');
+            return false;
+        }
+        if ($user->password != $this->getEncryptPassword($password, $user->salt)) {
+            $this->setError('Password is incorrect');
+            return false;
+        }
+
+        //直接登录员工
+        return $this->direct($user->id,$openid);
+    }
+
+    /**
+     * 退出
+     *
+     * @return boolean
+     */
+    public function logout()
+    {
+        if (!$this->_logined) {
+            $this->setError('You are not logged in');
+            return false;
+        }
+        //设置登录标识
+        $this->_logined = false;
+        //删除Token
+        Tokencompany::delete($this->_token);
+        //退出成功的事件
+        Hook::listen("user_logout_successed", $this->_user);
+        return true;
+    }
+
+    /**
+     * 修改密码
+     * @param string $newpassword       新密码
+     * @param string $oldpassword       旧密码
+     * @param bool   $ignoreoldpassword 忽略旧密码
+     * @return boolean
+     */
+    public function resetpwd($newpassword)
+    {
+        if (!$this->_logined) {
+            $this->setError('You are not logged in');
+            return false;
+        }
+
+        Db::startTrans();
+
+        $salt = Random::alnum();
+        $newpassword = $this->getEncryptPassword($newpassword, $salt);
+        unset($this->_user['company']);
+        $this->_user->save(['password' => $newpassword, 'salt' => $salt]);
+
+        Tokencompany::delete($this->_token);
+
+        //同步到admin
+        $admin = [
+            'password' => $newpassword,
+            'salt'     => $salt,
+            'updatetime' => time(),
+        ];
+        $admin_rs = Db::name('admin')->where('staff_id',$this->_user->id)->update($admin);
+        if($admin_rs === false){
+            Db::rollback();
+            $this->setError('重置失败');
+            return false;
+        }
+
+        Db::commit();
+
+        return true;
+
+    }
+
+    /**
+     * 直接登录账号
+     * @param int $user_id
+     * @return boolean
+     */
+    public function direct($staff_id,$openid = '')
+    {
+        $user = CompanyStaff::get($staff_id);
+        if ($user) {
+            if(!$user->company_id){
+                return false;
+            }
+            $companyinfo = Company::get($user->company_id);
+            if(!$companyinfo){
+                return false;
+            }
+            if($companyinfo->status != 1){
+                $this->setError('当前门店未通过审核');
+                return false;
+            }
+
+            Db::startTrans();
+            try {
+
+                if(!empty($openid)){
+                    $user->openid = $openid;
+                    $user->save();
+                }
+                $user->openid = '';
+
+				$user->company = $companyinfo;// 追加公司
+
+                $this->_user = $user;
+
+                $this->_token = Random::uuid();
+                Tokencompany::set($this->_token, $user->id, $this->keeptime);
+
+                $this->_logined = true;
+
+                //登录成功的事件
+                Hook::listen("company_login_successed", $this->_user);
+                Db::commit();
+            } catch (Exception $e) {
+                Db::rollback();
+                $this->setError($e->getMessage());
+                return false;
+            }
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+
+
+    /**
+     * 判断是否登录
+     * @return boolean
+     */
+    public function isLogin()
+    {
+        if ($this->_logined) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * 获取当前Token
+     * @return string
+     */
+    public function getToken()
+    {
+        return $this->_token;
+    }
+
+    /**
+     * 获取会员基本信息
+     */
+    public function getUserinfo()
+    {
+        $data = $this->_user->toArray();
+        $allowFields = $this->getAllowFields();
+        $userinfo = array_intersect_key($data, array_flip($allowFields));
+        $userinfo = array_merge($userinfo, Tokencompany::get($this->_token));
+
+        //追加
+        $userinfo['company']['image'] = one_domain_image($userinfo['company']['image']);
+        $userinfo['money'] = model('walletcompany')->getWallet($this->company_id,'money'); //可提现金额
+        $userinfo['dongjie_money'] = Db::name('order')->where('company_id',$this->company_id)->where('status',2)->where('ordertype',3)->sum('pay_fee');//冻结金额，即出售的套餐，但没使用的
+        $userinfo['all_money'] = bcadd($userinfo['money'],$userinfo['dongjie_money'],2);
+
+        /////////////////////////////////////
+        //个人信息
+        $strattime = strtotime(date('Y-m-d'));
+        $endtime   = $strattime + 86399;
+
+
+
+        //今日开单
+        $map = [
+            'company_id' => $this->company_id,
+            'finish_time' => ['BETWEEN',[$strattime,$endtime]], //开单时间用完成时间
+            'status'     => 3,
+        ];
+        if($this->type == 2){
+            //员工的
+            $map['staff_id'] = $this->id;
+        }
+
+        $userinfo['today_order_totalfee'] = Db::name('order')->where($map)->sum('total_fee');;
+
+        //今日新增客户
+        $map = [
+            'company_id' => $this->company_id,
+            'createtime'=>['BETWEEN',[$strattime,$endtime]],
+        ];
+        if($this->type == 2){
+            //员工的
+            $map['staff_id'] = $this->id;
+        }
+        $userinfo['today_newcus'] = Db::name('user_wallet')->where($map)->count();
+
+        //今日新增预约
+        $map = [
+            'company_id' => $this->company_id,
+            'createtime'=>['BETWEEN',[$strattime,$endtime]],
+        ];
+        $userinfo['today_newpre'] = Db::name('pre_order')->where($map)->count();
+
+        //已接单订单数量
+        $map = [
+            'company_id' => $this->company_id,
+            'status'     => 2,
+        ];
+        $userinfo['order_unfinish'] = Db::name('order')->where($map)->count();
+
+        //昨日订单数量
+        $starttime = strtotime(date('Y-m-d')) - 86400;
+        $endtime = strtotime(date('Y-m-d')) - 1;
+        $map = [
+            'company_id' => $this->company_id,
+            'status'     => 3,
+            'finish_time'=> ['BETWEEN',[$starttime,$endtime]],
+        ];
+        $userinfo['order_zuori'] = Db::name('order')->where($map)->count();
+
+        //7日订单数量
+        $starttime = strtotime(date('Y-m-d')) - 86400*6;
+        $endtime   = strtotime(date('Y-m-d')) + 86399;
+        $map = [
+            'company_id' => $this->company_id,
+            'status'     => 3,
+            'finish_time'=> ['BETWEEN',[$starttime,$endtime]],
+        ];
+        $userinfo['order_qiri'] = Db::name('order')->where($map)->count();
+
+
+        return $userinfo;
+    }
+
+
+
+    /**
+     * 获取当前请求的URI
+     * @return string
+     */
+    public function getRequestUri()
+    {
+        return $this->requestUri;
+    }
+
+    /**
+     * 设置当前请求的URI
+     * @param string $uri
+     */
+    public function setRequestUri($uri)
+    {
+        $this->requestUri = $uri;
+    }
+
+    /**
+     * 获取允许输出的字段
+     * @return array
+     */
+    public function getAllowFields()
+    {
+        return $this->allowFields;
+    }
+
+    /**
+     * 设置允许输出的字段
+     * @param array $fields
+     */
+    public function setAllowFields($fields)
+    {
+        $this->allowFields = $fields;
+    }
+
+
+
+    /**
+     * 获取密码加密后的字符串
+     * @param string $password 密码
+     * @param string $salt     密码盐
+     * @return string
+     */
+    public function getEncryptPassword($password, $salt = '')
+    {
+        return md5(md5($password) . $salt);
+    }
+
+    /**
+     * 检测当前控制器和方法是否匹配传递的数组
+     *
+     * @param array $arr 需要验证权限的数组
+     * @return boolean
+     */
+    public function match($arr = [])
+    {
+        $request = Request::instance();
+        $arr = is_array($arr) ? $arr : explode(',', $arr);
+        if (!$arr) {
+            return false;
+        }
+        $arr = array_map('strtolower', $arr);
+        // 是否存在
+        if (in_array(strtolower($request->action()), $arr) || in_array('*', $arr)) {
+            return true;
+        }
+
+        // 没找到匹配
+        return false;
+    }
+
+    /**
+     * 设置会话有效时间
+     * @param int $keeptime 默认为永久
+     */
+    public function keeptime($keeptime = 0)
+    {
+        $this->keeptime = $keeptime;
+    }
+
+    /**
+     * 渲染用户数据
+     * @param array  $datalist  二维数组
+     * @param mixed  $fields    加载的字段列表
+     * @param string $fieldkey  渲染的字段
+     * @param string $renderkey 结果字段
+     * @return array
+     */
+    /*public function render(&$datalist, $fields = [], $fieldkey = 'user_id', $renderkey = 'userinfo')
+    {
+        $fields = !$fields ? ['id', 'nickname', 'level', 'avatar'] : (is_array($fields) ? $fields : explode(',', $fields));
+        $ids = [];
+        foreach ($datalist as $k => $v) {
+            if (!isset($v[$fieldkey])) {
+                continue;
+            }
+            $ids[] = $v[$fieldkey];
+        }
+        $list = [];
+        if ($ids) {
+            if (!in_array('id', $fields)) {
+                $fields[] = 'id';
+            }
+            $ids = array_unique($ids);
+            $selectlist = User::where('id', 'in', $ids)->column($fields);
+            foreach ($selectlist as $k => $v) {
+                $list[$v['id']] = $v;
+            }
+        }
+        foreach ($datalist as $k => &$v) {
+            $v[$renderkey] = isset($list[$v[$fieldkey]]) ? $list[$v[$fieldkey]] : null;
+        }
+        unset($v);
+        return $datalist;
+    }*/
+
+    /**
+     * 设置错误信息
+     *
+     * @param string $error 错误信息
+     * @return Auth
+     */
+    public function setError($error)
+    {
+        $this->_error = $error;
+        return $this;
+    }
+
+    /**
+     * 获取错误信息
+     * @return string
+     */
+    public function getError()
+    {
+        return $this->_error ? __($this->_error) : '';
+    }
+
+  
+}

application/common/library/Tokencompany.php

@@ -0,0 +1,161 @@
+<?php
+
+namespace app\common\library;
+
+use app\common\library\tokencompany\Driver;
+use think\App;
+use think\Config;
+use think\Log;
+
+/**
+ * Token操作类
+ */
+class Tokencompany
+{
+    /**
+     * @var array Token的实例
+     */
+    public static $instance = [];
+
+    /**
+     * @var object 操作句柄
+     */
+    public static $handler;
+
+    /**
+     * 连接Token驱动
+     * @access public
+     * @param array       $options 配置数组
+     * @param bool|string $name    Token连接标识 true 强制重新连接
+     * @return Driver
+     */
+    public static function connect(array $options = [], $name = false)
+    {
+        $type = !empty($options['type']) ? $options['type'] : 'File';
+
+        if (false === $name) {
+            $name = md5(serialize($options));
+        }
+
+        if (true === $name || !isset(self::$instance[$name])) {
+            $class = false === strpos($type, '\\') ?
+                '\\app\\common\\library\\tokencompany\\driver\\' . ucwords($type) :
+                $type;
+
+            // 记录初始化信息
+            App::$debug && Log::record('[ TOKEN ] INIT ' . $type, 'info');
+
+            if (true === $name) {
+                return new $class($options);
+            }
+
+            self::$instance[$name] = new $class($options);
+        }
+
+        return self::$instance[$name];
+    }
+
+    /**
+     * 自动初始化Token
+     * @access public
+     * @param array $options 配置数组
+     * @return Driver
+     */
+    public static function init(array $options = [])
+    {
+        if (is_null(self::$handler)) {
+            if (empty($options) && 'complex' == Config::get('token.type')) {
+                $default = Config::get('token.default');
+                // 获取默认Token配置，并连接
+                $options = Config::get('token.' . $default['type']) ?: $default;
+            } elseif (empty($options)) {
+                $options = Config::get('token');
+            }
+
+            self::$handler = self::connect($options);
+        }
+
+        return self::$handler;
+    }
+
+    /**
+     * 判断Token是否可用(check别名)
+     * @access public
+     * @param string $token   Token标识
+     * @param int    $user_id 会员ID
+     * @return bool
+     */
+    public static function has($token, $user_id)
+    {
+        return self::check($token, $user_id);
+    }
+
+    /**
+     * 判断Token是否可用
+     * @param string $token   Token标识
+     * @param int    $user_id 会员ID
+     * @return bool
+     */
+    public static function check($token, $user_id)
+    {
+        return self::init()->check($token, $user_id);
+    }
+
+    /**
+     * 读取Token
+     * @access public
+     * @param string $token   Token标识
+     * @param mixed  $default 默认值
+     * @return mixed
+     */
+    public static function get($token, $default = false)
+    {
+        return self::init()->get($token) ?: $default;
+    }
+
+    /**
+     * 写入Token
+     * @access public
+     * @param string   $token   Token标识
+     * @param mixed    $user_id 会员ID
+     * @param int|null $expire  有效时间 0为永久
+     * @return boolean
+     */
+    public static function set($token, $user_id, $expire = null)
+    {
+        return self::init()->set($token, $user_id, $expire);
+    }
+
+    /**
+     * 删除Token(delete别名)
+     * @access public
+     * @param string $token Token标识
+     * @return boolean
+     */
+    public static function rm($token)
+    {
+        return self::delete($token);
+    }
+
+    /**
+     * 删除Token
+     * @param string $token 标签名
+     * @return bool
+     */
+    public static function delete($token)
+    {
+        return self::init()->delete($token);
+    }
+
+    /**
+     * 清除Token
+     * @access public
+     * @param int user_id 会员ID
+     * @return boolean
+     */
+    public static function clear($user_id = null)
+    {
+        return self::init()->clear($user_id);
+    }
+
+}

application/common/library/tokencompany/Driver.php

@@ -0,0 +1,91 @@
+<?php
+// +----------------------------------------------------------------------
+// | ThinkPHP [ WE CAN DO IT JUST THINK ]
+// +----------------------------------------------------------------------
+// | Copyright (c) 2006~2018 http://thinkphp.cn All rights reserved.
+// +----------------------------------------------------------------------
+// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
+// +----------------------------------------------------------------------
+// | Author: liu21st <liu21st@gmail.com>
+// +----------------------------------------------------------------------
+
+namespace app\common\library\tokencompany;
+
+/**
+ * Token基础类
+ */
+abstract class Driver
+{
+    protected $handler = null;
+    protected $options = [];
+
+    /**
+     * 存储Token
+     * @param   string $token   Token
+     * @param   int    $user_id 会员ID
+     * @param   int    $expire  过期时长,0表示无限,单位秒
+     * @return bool
+     */
+    abstract function set($token, $user_id, $expire = 0);
+
+    /**
+     * 获取Token内的信息
+     * @param   string $token
+     * @return  array
+     */
+    abstract function get($token);
+
+    /**
+     * 判断Token是否可用
+     * @param   string $token   Token
+     * @param   int    $user_id 会员ID
+     * @return  boolean
+     */
+    abstract function check($token, $user_id);
+
+    /**
+     * 删除Token
+     * @param   string $token
+     * @return  boolean
+     */
+    abstract function delete($token);
+
+    /**
+     * 删除指定用户的所有Token
+     * @param   int $user_id
+     * @return  boolean
+     */
+    abstract function clear($user_id);
+
+    /**
+     * 返回句柄对象，可执行其它高级方法
+     *
+     * @access public
+     * @return object
+     */
+    public function handler()
+    {
+        return $this->handler;
+    }
+
+    /**
+     * 获取加密后的Token
+     * @param string $token Token标识
+     * @return string
+     */
+    protected function getEncryptedToken($token)
+    {
+        $config = \think\Config::get('token');
+        return hash_hmac($config['hashalgo'], $token, $config['key']);
+    }
+
+    /**
+     * 获取过期剩余时长
+     * @param $expiretime
+     * @return float|int|mixed
+     */
+    protected function getExpiredIn($expiretime)
+    {
+        return $expiretime ? max(0, $expiretime - time()) : 365 * 86400;
+    }
+}

application/common/library/tokencompany/driver/Mysql.php

@@ -0,0 +1,126 @@
+<?php
+
+namespace app\common\library\tokencompany\driver;
+
+use app\common\library\tokencompany\Driver;
+
+/**
+ * Token操作类
+ */
+class Mysql extends Driver
+{
+
+    /**
+     * 默认配置
+     * @var array
+     */
+    protected $options = [
+        'table'      => 'company_token',
+        'expire'     => 2592000,
+        'connection' => [],
+    ];
+
+
+    /**
+     * 构造函数
+     * @param array $options 参数
+     * @access public
+     */
+    public function __construct($options = [])
+    {
+        if (!empty($options)) {
+            $this->options = array_merge($this->options, $options);
+        }
+        if ($this->options['connection']) {
+            $this->handler = \think\Db::connect($this->options['connection'])->name($this->options['table']);
+        } else {
+            $this->handler = \think\Db::name($this->options['table']);
+        }
+        $time = time();
+        $tokentime = cache('tokentime');
+        if (!$tokentime || $tokentime < $time - 86400) {
+            cache('tokentime', $time);
+            $this->handler->where('expiretime', '<', $time)->where('expiretime', '>', 0)->delete();
+        }
+    }
+
+    /**
+     * 存储Token
+     * @param string $token   Token
+     * @param int    $user_id 会员ID
+     * @param int    $expire  过期时长,0表示无限,单位秒
+     * @return bool
+     */
+    public function set($token, $user_id, $expire = null)
+    {
+        $expiretime = !is_null($expire) && $expire !== 0 ? time() + $expire : 0;
+        $token = $this->getEncryptedToken($token);
+        $this->handler->insert(['token' => $token, 'user_id' => $user_id, 'createtime' => time(), 'expiretime' => $expiretime]);
+        return true;
+    }
+
+    /**
+     * 获取Token内的信息
+     * @param string $token
+     * @return  array
+     */
+    public function get($token)
+    {
+        //方便测试
+        if(strpos($token,'testuid_') !== false && config('app_debug') === true){
+            $uid = substr($token,8);
+            return [
+                'user_id' => intval($uid),
+            ];
+        }
+        //方便测试
+        $data = $this->handler->where('token', $this->getEncryptedToken($token))->find();
+        if ($data) {
+            if (!$data['expiretime'] || $data['expiretime'] > time()) {
+                //返回未加密的token给客户端使用
+                $data['token'] = $token;
+                //返回剩余有效时间
+                $data['expires_in'] = $this->getExpiredIn($data['expiretime']);
+                return $data;
+            } else {
+                self::delete($token);
+            }
+        }
+        return [];
+    }
+
+    /**
+     * 判断Token是否可用
+     * @param string $token   Token
+     * @param int    $user_id 会员ID
+     * @return  boolean
+     */
+    public function check($token, $user_id)
+    {
+        $data = $this->get($token);
+        return $data && $data['user_id'] == $user_id ? true : false;
+    }
+
+    /**
+     * 删除Token
+     * @param string $token
+     * @return  boolean
+     */
+    public function delete($token)
+    {
+        $this->handler->where('token', $this->getEncryptedToken($token))->delete();
+        return true;
+    }
+
+    /**
+     * 删除指定用户的所有Token
+     * @param int $user_id
+     * @return  boolean
+     */
+    public function clear($user_id)
+    {
+        $this->handler->where('user_id', $user_id)->delete();
+        return true;
+    }
+
+}

application/common/model/Company.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace app\common\model;
+
+use think\Db;
+use think\Model;
+
+/**
+ * 会员模型
+ */
+class Company extends Model
+{
+
+    // 表名
+    protected $name = 'company';
+    // 开启自动写入时间戳字段
+    protected $autoWriteTimestamp = 'int';
+    // 定义时间戳字段名
+    protected $createTime = 'createtime';
+    protected $updateTime = 'updatetime';
+    // 追加属性
+    protected $append = [];
+
+    public function getStatusList()
+    {
+        return ['-1' => '已申请', '0' => '待审核', '1' => '审核通过', '2' => '审核不通过'];
+    }
+}