<?php
	
	namespace frontend\controllers;
	
	use Yii;
	use yii\web\IdentityInterface;
	use common\models\User;
	use common\models\LoginForm;

//use yii\helpers\Url;

//use dataModel;	//必须添加这一句，以便引入dataModel外部类库
	
	class OssController extends \yii\web\Controller
	{
		public $enableCsrfValidation = FALSE;//取消对POST数据的csrf令牌验证
		
		public function actionIndex()
		{
			global $_GPC;
			global $_HI;
			global $_FM;
			$_HI['action'] = 'index';
		}
		
		/**
		 * Login.
		 *
		 * @return mixed
		 */
		public function actionLogin()
		{
			global $_GPC;
			global $_HI;
			global $_FM;
			
			$request = Yii::$app->request;
			$get = $request->get();
			$post = $request->post();
			
			if (isset($_GET['api']) && $_GET['api']) {
				//API接口请求，模拟登陆
				
				//查询用户信息（根据username）
				$connection = yii::$app->db;
				$sql = "SELECT * FROM c_user WHERE username = :username";
				$params[':username'] = urldecode($_GET['LoginForm']['username']);
				$_user = fmFunc_pdo_yii_fetch($connection, $sql, $params);
				if (!$_user) {
					$errorCode = 45300001;    //未找到用户
					$result = array();
					$result['errorcode'] = $errorCode;
					$result['msg'] = Yii::t('errorcode', $errorCode);
					$result = json_encode($result);
					die ($result);
				}
				
				//如果cert证书文件文件存在，则判断；域名、IP不合规时，不允许访问
				$username = $_GET['LoginForm']['username'];
				$cert = fmFunc_cert_exist($username);
				$viaDomain = fmFunc_server_via_domain();
				$viaIP = fmFunc_server_via_ip();
				$_FM['viaDomain'] = $viaDomain;
				$_FM['viaIp'] = $viaIP;
				$isAvailable = $cert ? fmFunc_cert_beforeLogin($cert, $viaIP, $viaDomain) : TRUE;
				if (!$isAvailable) {
					$errorCode = 45300101;    //非法访问1(来路IP或域名不在白名单中)
					$result = array();
					$result['errorcode'] = $errorCode;
					$result['msg'] = Yii::t('errorcode', $errorCode);
					$result = json_encode($result);
					die ($result);
				}
				
				//安全校验，登陆密码、授权码auth_key
				$auth_key = $_user['auth_key'];
				$hash = $_user['password_hash'];
				$password = urldecode($_GET['LoginForm']['password']);
				
				$isPwdRight = Yii::$app->getSecurity()->validatePassword($password, $hash);
				if (!$isPwdRight) {
					$errorCode = 45300002;    //密码错误
					$result = array();
					$result['errorcode'] = $errorCode;
					$result['msg'] = Yii::t('errorcode', $errorCode);
					$result = json_encode($result);
					die ($result);
				}
				
				if ($_user['status'] < 10) {
					$errorCode = 45300003;    //账号被冻结
					$result = array();
					$result['errorcode'] = $errorCode;
					$result['msg'] = Yii::t('errorcode', $errorCode);
					$result = json_encode($result);
					die ($result);
				}
				
				//校验结束
				// 使用指定用户名获取用户身份实例
				$identity = User::findOne(['username' => $_GET['LoginForm']['username']]);
				
				// 登录用户，有效期30d
				$duration = 3600 * 24 * 30;
				$_login = Yii::$app->user->login($identity, $duration);
				if ($_login) {
					//将用户信息写入全局变量
					$_FM['user']['name'] = $identity->username;
					$_FM['user']['uid'] = $identity->id;
					$result = 0;
					$result = json_encode($result);
					
					//执行登陆后的证书创建/更新等工作
					fmFunc_cert_afterLogin();
					
					//将token以data结果返回到客户侧
					$result = array();
					$result['errorcode'] = 0;
					$result['data'] = $_FM['token'];
					$result = json_encode($result);
					echo $result;    //输出结果到前端视图渲染一次，否则客户侧的模拟登陆无法取cookie
					return;    //返回，否则会继续执行最下面的未知报错
				} else {
					$errorCode = 45300004;    //登陆失败
					$result = array();
					$result['errorcode'] = $errorCode;
					$result['msg'] = Yii::t('errorcode', $errorCode);
					$result = json_encode($result);
					die ($result);
				}
			}
			
			$result = array();
			$errorCode = 4530009999;    //未知错误
			$result['errorcode'] = $errorCode;
			$result['msg'] = Yii::t('errorcode', $errorCode);
			$result = json_encode($result);
			die ($result);
			
		}
		
	}