From 58fe50a7b7e497577ef09e1eb4bcb8a30242b5d9 Mon Sep 17 00:00:00 2001
From: XiaoLFeng <gm@x-lf.cn>
Date: Sat, 10 Sep 2022 17:21:49 +0800
Subject: [PATCH] =?UTF-8?q?=E7=99=BB=E9=99=86=E7=BB=84=E4=BB=B6=E4=BF=AE?=
 =?UTF-8?q?=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 plugins/login.php | 63 +++++++++++++++++++++++++++++++++--------------
 1 file changed, 44 insertions(+), 19 deletions(-)

diff --git a/plugins/login.php b/plugins/login.php
index b341672..401b96f 100644
--- a/plugins/login.php
+++ b/plugins/login.php
@@ -14,33 +14,58 @@ $studentID = $_POST['studentID'];
 $password = $_POST['password'];
 $callback = htmlspecialchars($_GET['callback']);
 
+// 注册函数
+    // 发送POST
+    function http_post_json($url, $jsonStr) {
+        $ch = curl_init();
+        curl_setopt($ch, CURLOPT_POST, 1);
+        curl_setopt($ch, CURLOPT_URL, $url);
+        curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonStr);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+        curl_setopt($ch, CURLOPT_HTTPHEADER, array(
+                'Content-Type: application/json; charset=utf-8',
+                'Content-Length: ' . strlen($jsonStr)
+            )
+        );
+        $response = curl_exec($ch);
+        curl_close($ch);
+        return $response;
+    }
+
 // 函数构建
 // 检查数据是否为空
 if (!empty($studentID) and !empty($password)) {
-    // 检查用户
-    if ($result_person = mysqli_query($conn,"SELECT * FROM ".$setting['SQL_DATA']['info']." WHERE studentID='$studentID'")) {
-        $result_person_object = mysqli_fetch_object($result_person);
-        if ($password == $result_person_object->password) {
-            $keyID = $result_person_object->studentID;
-            setcookie( 'studentID' , $keyID , time()+2678400 , '/' , '');
-            if (empty($callback)) {
-                $callbacks = '/';
-            } else {
-                $callbacks = $callback;
-            }
-            header('location:'.$callbacks);
+    // 发送用户信息
+    $url = $setting['API']['Domain']."/auth/login.php?key=".$setting['Key']; //请求地址
+    $arr = array(
+        'studentID'=>$studentID,
+        'password'=>$password,
+    ); //请求参数(数组)
+    $jsonStr = json_encode($arr); //转换为json格式
+    $result = http_post_json($url, $jsonStr);
+    $result = json_decode($result,true);
+
+    // 返回结果
+    if ($result['output'] == "SUCCESS") {
+        // 赋予COOKIE
+        setcookie( 'studentID' , $studentID , time()+2678400 , '/' , '');
+        // 返回
+        if (empty($callback)) {
+            header('location: /index.php');
         } else {
-            echo <<<EOF
-                <script language="javascript">
-                    alert( "密码错误" )
-                    window.history.go(-1);
-                </script>
-                EOF;
+            header('location: '.$callback);
         }
+    } elseif ($result['output'] == "PASSWORD_DENY") {
+        echo <<<EOF
+            <script language="javascript">
+                alert( "密码错误" )
+                window.history.go(-1);
+            </script>
+            EOF;
     } else {
         echo <<<EOF
             <script language="javascript">
-                alert( "数据库查询失败" )
+                alert( "未知错误" )
                 window.history.go(-1);
             </script>
             EOF;