Beispiel #1
0
        /// <summary>
        /// 修改管理员密码
        /// </summary>
        /// <param name="Phone">电话号码</param>
        /// <param name="OldPsd">旧密码</param>
        /// <param name="NewPsd">新密码</param>
        public static ReturnClass RestPwd(string Phone, string OldPwd, string NewPwd)
        {
            ReturnClass err = new ReturnClass();

            if (StaticInfo.hasNoZhuRu(Phone) && StaticInfo.hasNoZhuRu(OldPwd) && StaticInfo.hasNoZhuRu(NewPwd))
            {
                try
                {
                    err.result = DBConnection.YuanGongInfo.RestPwd(Phone, OldPwd, NewPwd);
                    if (Convert.ToInt32(err.result) > 0)
                    {
                        err.Code = ErrorCode.SUSCCED;
                    }
                    else
                    {
                        err.Code = ErrorCode.FAIL;
                    }
                }
                catch (Exception ex)
                {
                    DBConnection.LogHelper.insertLogError("RestYuanGongPwd", ex.ToString(), DateTime.Now);
                }
            }
            else
            {
                err.result = 0;
                err.Code   = ErrorCode.ERR_ZHURU;
                err.Msg    = "sql注入!";
            }
            return(err);
        }
Beispiel #2
0
        /// <summary>
        /// 登录用手机号加密码
        /// </summary>
        /// <param name="Phone">电话号码</param>
        /// <param name="pwd">密码</param>
        /// <returns></returns>
        public static ReturnClass Login(string Phone, string pwd)
        {
            ReturnClass err = new ReturnClass();

            if (hasNoZhuRu(Phone) && hasNoZhuRu(pwd))
            {
                try
                {
                    err.result = DBConnection.YuanGongInfo.SelectYuanGongInfoLogin(Phone, pwd);
                    if (err.result != null)
                    {
                        err.Code = ErrorCode.SUSCCED;
                    }
                    else
                    {
                        err.Code = ErrorCode.FAIL;
                        err.Msg  = "手机号和密码不存在或者不匹配!";
                    }
                }
                catch (Exception ex)
                {
                    DBConnection.LogHelper.insertLogError("SelectYuanGongInfoLogin", ex.ToString(), DateTime.Now);
                }
            }
            else
            {
                err.result = 0;
                err.Code   = ErrorCode.ERR_ZHURU;
                err.Msg    = "sql注入!";
            }
            return(err);
        }
        /// <summary>
        /// 添加管理员
        /// </summary>
        /// <param name="AdminID">账号</param>
        /// <param name="Name">姓名</param>
        /// <param name="AdminType">管理员类型</param>
        /// <param name="Password">密码</param>
        /// <param name="Phone">电话</param>
        public static ReturnClass AddAdmin(string AdminID, string Name, int AdminType, string Password, string Phone)
        {
            ReturnClass err = new ReturnClass();

            if (StaticInfo.hasNoZhuRu(AdminID) && StaticInfo.hasNoZhuRu(Name) && StaticInfo.hasNoZhuRu(Password) && StaticInfo.hasNoZhuRu(Phone))
            {
                try
                {
                    err.result = DBConnection.AdminInfo.InsertAdminInfo(AdminID, Name, AdminType, Password, Phone);
                    if (Convert.ToInt32(err.result) > 0)
                    {
                        err.Code = ErrorCode.SUSCCED;
                    }
                    else
                    {
                        err.Code = ErrorCode.FAIL;
                    }
                }
                catch (Exception ex)
                {
                    DBConnection.LogHelper.insertLogError("AddAdmin", ex.ToString(), DateTime.Now);
                }
            }
            else
            {
                err.result = 0;
                err.Code   = ErrorCode.ERR_ZHURU;
                err.Msg    = "sql注入!";
            }
            return(err);
        }
Beispiel #4
0
        /// <summary>
        /// Order_删除订单
        /// </summary>
        /// <param name="OrderID">订单ID</param>
        public static ReturnClass DeleteOrder(string OrderID)
        {
            ReturnClass err = new ReturnClass();

            if (StaticInfo.hasNoZhuRu(OrderID))
            {
                try
                {
                    err.result = DBConnection.OrderData.DeleteOrderData(OrderID);
                    if (Convert.ToInt32(err.result) > 0)
                    {
                        err.Code = ErrorCode.SUSCCED;
                    }
                    else
                    {
                        err.Code = ErrorCode.FAIL;
                    }
                }
                catch (Exception ex)
                {
                    DBConnection.LogHelper.insertLogError("DeleteOrder", ex.ToString(), DateTime.Now);
                }
            }
            else
            {
                err.result = 0;
                err.Code   = ErrorCode.ERR_ZHURU;
                err.Msg    = "sql注入!";
            }
            return(err);
        }
Beispiel #5
0
        /// <summary>
        /// Order_查询单条订单详情
        /// </summary>
        /// <param name="OrderID">订单ID</param>
        public static ReturnClass SelectOrderInfo(string OrderID)
        {
            ReturnClass err = new ReturnClass();

            if (StaticInfo.hasNoZhuRu(OrderID))
            {
                try
                {
                    err.result = DBConnection.OrderInfo.SelectOrder(OrderID);
                    if (err.result != null)
                    {
                        err.Code = ErrorCode.SUSCCED;
                    }
                    else
                    {
                        err.Code = ErrorCode.FAIL;
                    }
                }
                catch (Exception ex)
                {
                    DBConnection.LogHelper.insertLogError("SelectOrderInfo", ex.ToString(), DateTime.Now);
                }
            }
            else
            {
                err.result = 0;
                err.Code   = ErrorCode.ERR_ZHURU;
                err.Msg    = "sql注入!";
            }
            return(err);
        }
        /// <summary>
        /// 查询所有单品类别
        /// </summary>
        /// <param name="ID">ID</param>
        public static ReturnClass SelectTotalCategory()
        {
            ReturnClass err = new ReturnClass();

            if (StaticInfo.hasNoZhuRu("aa"))
            {
                try
                {
                    err.result = DBConnection.SystemConfig.SelectTotalCategory();
                    if (err.result != null)
                    {
                        err.Code = ErrorCode.SUSCCED;
                    }
                    else
                    {
                        err.Code = ErrorCode.FAIL;
                    }
                }
                catch (Exception ex)
                {
                    DBConnection.LogHelper.insertLogError("SelectTotalCategory", ex.ToString(), DateTime.Now);
                }
            }
            else
            {
                err.result = 0;
                err.Code   = ErrorCode.ERR_ZHURU;
                err.Msg    = "sql注入!";
            }
            return(err);
        }
Beispiel #7
0
        /// <summary>
        /// 修改员工信息
        /// </summary>
        /// <param name="YuanGongID">员工ID</param>
        /// <param name="Password">密码</param>
        /// <param name="Name">姓名</param>
        /// <param name="YuanGongType">工种</param>
        /// <param name="WorkGroup">工作组</param>
        /// <param name="Phone">电话</param>
        /// <param name="CategoryID">厨师用的类别</param>
        public static ReturnClass UpDateYuanGong(string YuanGongID, string Password, string Name, int ShopID, int YuanGongType, int WorkGroup, string Phone, int CategoryID)
        {
            ReturnClass err = new ReturnClass();

            if (StaticInfo.hasNoZhuRu(YuanGongID) && StaticInfo.hasNoZhuRu(Name) && StaticInfo.hasNoZhuRu(Password) && StaticInfo.hasNoZhuRu(Phone))
            {
                try
                {
                    err.result = DBConnection.YuanGongInfo.UpdateYuanGongInfo(YuanGongID, Password, Name, ShopID, YuanGongType, WorkGroup, Phone, CategoryID);
                    if (Convert.ToInt32(err.result) > 0)
                    {
                        err.Code = ErrorCode.SUSCCED;
                    }
                    else
                    {
                        err.Code = ErrorCode.FAIL;
                    }
                }
                catch (Exception ex)
                {
                    DBConnection.LogHelper.insertLogError("UpdateYuanGong", ex.ToString(), DateTime.Now);
                }
            }
            else
            {
                err.result = 0;
                err.Code   = ErrorCode.ERR_ZHURU;
                err.Msg    = "sql注入!";
            }
            return(err);
        }
        /// <summary>
        /// 添加系统设置
        /// </summary>
        /// <param name="Value">账号</param>
        /// <param name="Name">姓名</param>
        /// <param name="ConfigID">系统设置ID</param>
        /// <param name="ConfigName">系统设置名称</param>
        public static ReturnClass AddSystemConfig(string Value, string Name, int ConfigID, string ConfigName)
        {
            ReturnClass err = new ReturnClass();

            if (StaticInfo.hasNoZhuRu(Value) && StaticInfo.hasNoZhuRu(ConfigName))
            {
                try
                {
                    err.result = DBConnection.SystemConfig.InsertSystemConfig(Value, Name, ConfigID, ConfigName);
                    if (Convert.ToInt32(err.result) > 0)
                    {
                        err.Code = ErrorCode.SUSCCED;
                    }
                    else
                    {
                        err.Code = ErrorCode.FAIL;
                    }
                }
                catch (Exception ex)
                {
                    DBConnection.LogHelper.insertLogError("AddSystemConfig", ex.ToString(), DateTime.Now);
                }
            }
            else
            {
                err.result = 0;
                err.Code   = ErrorCode.ERR_ZHURU;
                err.Msg    = "sql注入!";
            }
            return(err);
        }
Beispiel #9
0
        /// <summary>
        /// 修改餐品信息
        /// </summary>
        /// <param name="ID">餐品ID</param>
        /// <param name="FoodName">菜名</param>
        /// <param name="Category">种类</param>
        /// <param name="pic">图片地址</param>
        /// <param name="ShopID">商店ID</param>
        /// <param name="MenuID">菜单ID</param>
        /// <param name="Des">描述</param>
        /// <param name="Price">单价</param>
        /// <param name="AdminID">添加人ID</param>
        /// <param name="IsShow">是否显示</param>
        public static ReturnClass UpDateFood(int ID, string FoodName, int Category, string pic, int ShopID, int MenuID, string Des, string Price, string AdminID, int IsShow)
        {
            ReturnClass err = new ReturnClass();

            if (StaticInfo.hasNoZhuRu(FoodName) && StaticInfo.hasNoZhuRu(pic) && StaticInfo.hasNoZhuRu(Des) && StaticInfo.hasNoZhuRu(Price) && StaticInfo.hasNoZhuRu(AdminID))
            {
                try
                {
                    err.result = DBConnection.FoodInfo.UpdateFoodInfo(ID, FoodName, Category, pic, ShopID, MenuID, Des, Price, AdminID, IsShow);
                    if (Convert.ToInt32(err.result) > 0)
                    {
                        err.Code = ErrorCode.SUSCCED;
                    }
                    else
                    {
                        err.Code = ErrorCode.FAIL;
                    }
                }
                catch (Exception ex)
                {
                    DBConnection.LogHelper.insertLogError("UpdateFood", ex.ToString(), DateTime.Now);
                }
            }
            else
            {
                err.result = 0;
                err.Code   = ErrorCode.ERR_ZHURU;
                err.Msg    = "sql注入!";
            }
            return(err);
        }
        /// <summary>
        /// 修改系统设置
        /// </summary>
        /// <param name="ID">编号</param>
        /// <param name="Value">内容</param>
        public static ReturnClass UpdateSystemConfig(string ID, string Value)
        {
            ReturnClass err = new ReturnClass();

            string[] strID       = ID.Split(',');
            int      countSussed = 0;

            if (StaticInfo.hasNoZhuRu(Value))
            {
                try
                {
                    foreach (string sid in strID)
                    {
                        if (sid != "")
                        {
                            countSussed += DBConnection.SystemConfig.UpdateSystemConfig(Convert.ToInt32(sid), Value);
                        }
                    }
                    err.result = countSussed;
                    if (Convert.ToInt32(err.result) > 0)
                    {
                        err.Code = ErrorCode.SUSCCED;
                    }
                    else
                    {
                        err.Code = ErrorCode.FAIL;
                    }
                }
                catch (Exception ex)
                {
                    DBConnection.LogHelper.insertLogError("AddSystemConfig", ex.ToString(), DateTime.Now);
                }
            }
            else
            {
                err.result = 0;
                err.Code   = ErrorCode.ERR_ZHURU;
                err.Msg    = "sql注入!";
            }
            return(err);
        }
Beispiel #11
0
        /// <summary>
        /// 删除餐品
        /// </summary>
        /// <param name="ID">餐品ID</param>
        public static ReturnClass DeleteFood(int ID)
        {
            ReturnClass err = new ReturnClass();

            try
            {
                err.result = DBConnection.FoodInfo.DeleteFoodInfo(ID);
                if (Convert.ToInt32(err.result) > 0)
                {
                    err.Code = ErrorCode.SUSCCED;
                }
                else
                {
                    err.Code = ErrorCode.FAIL;
                }
            }
            catch (Exception ex)
            {
                DBConnection.LogHelper.insertLogError("DeleteFood", ex.ToString(), DateTime.Now);
            }
            return(err);
        }
Beispiel #12
0
        /// <summary>
        /// 查询餐品总数
        /// </summary>
        public static ReturnClass SelectFoodDataNum()
        {
            ReturnClass err = new ReturnClass();

            try
            {
                err.result = DBConnection.FoodInfo.SelectTotalFoodInfoDataNum();
                if (err.result != null)
                {
                    err.Code = ErrorCode.SUSCCED;
                }
                else
                {
                    err.Code = ErrorCode.FAIL;
                }
            }
            catch (Exception ex)
            {
                DBConnection.LogHelper.insertLogError("SelectFoodDataNum", ex.ToString(), DateTime.Now);
            }
            return(err);
        }
Beispiel #13
0
        /// <summary>
        /// Order_修改状态
        /// </summary>
        /// <param name="OrderID">订单ID</param>
        /// <param name="State">状态</param>
        public static ReturnClass UpDateOrderState(string OrderID, int State)
        {
            ReturnClass err = new ReturnClass();

            string[] strOrderID = OrderID.Split(',');
            int      CountRows  = 0;

            if (StaticInfo.hasNoZhuRu(OrderID))
            {
                try
                {
                    foreach (string oid in strOrderID)
                    {
                        CountRows += DBConnection.OrderData.UpdateOrderState(oid, State);
                    }
                    err.result = CountRows;
                    if (Convert.ToInt32(err.result) > 0)
                    {
                        err.Code = ErrorCode.SUSCCED;
                    }
                    else
                    {
                        err.Code = ErrorCode.FAIL;
                    }
                }
                catch (Exception ex)
                {
                    DBConnection.LogHelper.insertLogError("UpdateOrderState", ex.ToString(), DateTime.Now);
                }
            }
            else
            {
                err.result = 0;
                err.Code   = ErrorCode.ERR_ZHURU;
                err.Msg    = "sql注入!";
            }
            return(err);
        }
Beispiel #14
0
        /// <summary>
        /// 创建一个Token
        /// </summary>
        /// <param name="jsonStr"></param>
        /// <returns></returns>
        public static ReturnClass CreatToken(string jsonStr)
        {
            ReturnClass rc = new ReturnClass();

            try
            {
                JObject jObj = new JObject();
                jObj = JObject.Parse(jsonStr);
                if (string.IsNullOrEmpty(jObj["UserName"].ToString()) || string.IsNullOrEmpty(jObj["Password"].ToString()))
                {
                    rc.Msg  = "参数为空";
                    rc.Code = Code.ERR_Sign;
                    rc.Data = "";
                    return(rc);
                }
                string userName = jObj["UserName"].ToString();                          //用户名
                string password = StaticInfo.MD5Encrypt32(jObj["Password"].ToString()); //密码

                //去数据库查询是否有合法
                MySqlParameter[] sp = new MySqlParameter[2];
                sp[0] = new MySqlParameter("@account", userName);
                sp[1] = new MySqlParameter("@password", password);
                var sqlselect1 = string.Format("select * from ws_system_admin where account=@account and pwd=@password");
                //DataRow result=MySqlHelper.GetDataSet(MySqlHelper.Conn,CommandType.Text,sqlselect1,sp).Tables[0].Rows[0];
                //DataTable dtneed=MySqlHelper.GetDataSet(MySqlHelper.Conn,CommandType.Text,sqlselect1,sp).Tables[0];
                DataTable dataTable = MySqlHelper.GetDataSet(MySqlHelper.Conn, CommandType.Text, sqlselect1, sp).Tables[0];
                if (dataTable.Rows.Count < 1)
                {
                    rc.Msg  = "用户名或密码错误";
                    rc.Code = Code.ERR_Sign;
                    rc.Data = "";
                    return(rc);
                }
                DataRow result = dataTable.Rows[0]; //MySqlHelper.GetDataSet(MySqlHelper.Conn,CommandType.Text,sqlselect1,sp).Tables[0].Rows[0];  //SqlHelper.ExecuteDataRow( System.Data.CommandType.Text, "select * from [Base_Users] where UserName='******' and Password='******'");

                if (result == null)                 //说明不存在
                {
                    rc.Msg  = "用户不存在";
                    rc.Code = Code.ERR_Sign;
                    rc.Data = "";
                    return(rc);
                }

                // //只要是一登陆先清除token
                // MemoryCachingHelper._cache.Remove(result["UserID"].ToString());
                //  //先判断下缓存中是否存在  这个地方必须拿token去获取

                // if(MemoryCachingHelper.Exists(result["UserID"].ToString()))
                // {
                //     rc.Msg = "成功!";
                //     rc.Code = Code.SUCCED;
                //     rc.Data = (Token)MemoryCachingHelper.Get(result["UserID"].ToString());
                // }
                // else//不存在才会去生成Token

                //登陆时先删除
                var redisTokenFlag = result["id"].ToString() + result["account"].ToString();
                if (RedisStaticHelper.Exists(redisTokenFlag))
                {
                    //先删除
                    var jwtTokenStr = RedisStaticHelper.Get(redisTokenFlag);
                    RedisStaticHelper.Del(jwtTokenStr);
                    RedisStaticHelper.Del(redisTokenFlag);
                }
                {
                    //生成JWT

                    //生成token
                    Token tk = new Token();
                    tk.userName = result["account"].ToString();
                    tk.userID   = result["id"].ToString();
                    tk.sub      = "Client";
                    //距离上次登录的毫秒数
                    tk.Timestamp = Convert.ToString(DateTimeToStamp(DateTime.Now)); //DateTime.Now.ToString("yyyyMMddHHmmss");
                    //token生成规则 用户名 密码 时间戳 MD5加密
                    //tk.AccessToken = MD5Encrypt32(EmpID, password, tk.Timestamp);
                    //存一下token

                    DateTime UTC    = DateTime.UtcNow;
                    Claim[]  claims = new Claim[]
                    {
                        new Claim(JwtRegisteredClaimNames.Sub, tk.sub),                                    //Subject,
                        new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),                 //JWT ID,JWT的唯一标识
                        new Claim(JwtRegisteredClaimNames.Iat, UTC.ToString(), ClaimValueTypes.Integer64), //Issued At,JWT颁发的时间,采用标准unix时间,用于验证过期
                    };

                    JwtSecurityToken jwt = new JwtSecurityToken(
                        issuer: "TianTao",                                                                                                            //jwt签发者,非必须
                        audience: tk.userName,                                                                                                        //jwt的接收该方,非必须
                        claims: claims,                                                                                                               //声明集合
                        expires: UTC.AddHours(12),                                                                                                    //指定token的生命周期,unix时间戳格式,非必须
                        signingCredentials: new Microsoft.IdentityModel.Tokens
                        .SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes("RayPI's Secret Key")), SecurityAlgorithms.HmacSha256)); //使用私钥进行签名加密

                    var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);                                                                   //生成最后的JWT字符串
                    tk.AccessToken = encodedJwt;
                    // int count = SqlHelper.ExecuteNonQuery(System.Data.CommandType.Text, "update [Emp] set Token='" + tk.AccessToken + "' where EmpID='" + EmpID + "' and Pwd='" + password + "'");
                    // if (count < 1)
                    // {
                    //     rc.Msg = "失败,重试";
                    //     rc.Code = Code.SystemError;
                    //     rc.Data = "";
                    //     return rc;
                    // }
                    rc.Msg  = "成功!";
                    rc.Code = Code.SUCCED;
                    rc.Data = tk;
                    //将token 存入缓存
                    //MemoryCachingHelper.addMemoryCache(tk.AccessToken,tk,new TimeSpan(0,10,0),new TimeSpan(0,10,0));
                    RedisStaticHelper.Set(tk.AccessToken, tk.ToJson());
                    RedisStaticHelper.Set(tk.userID + tk.userName, tk.AccessToken);
                }
                return(rc);
            }
            catch (Exception ex)
            {
                StaticInfo.Log(ex.ToString());
                rc.Msg  = "违反了中央八项纪律";
                rc.Code = Code.SystemError;
                rc.Data = "";
                return(rc);
            }
        }
Beispiel #15
0
        /// <summary>
        /// Order_厨师查看自己的订单详情
        /// </summary>
        /// <param name="ShopID">店铺ID</param>

        public static ReturnClass SelectTotalOrderDataFenCan(int ShopID)
        {
            ////看一下当前时间应该是查看什么时间段的订餐
            DateTime OrderTime    = DateTime.Now;
            int      intTime      = 0;
            int      intOrderTime = Convert.ToInt32(DateTime.Now.ToString("yyyyMMddHH"));

            if (intOrderTime <= Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd06")))//当日早餐
            {
                intTime = 1;
            }
            else if (intOrderTime >= Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd06")) && intOrderTime < Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd12")))//当日午餐
            {
                intTime = 2;
            }
            else if (intOrderTime >= Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd12")) && intOrderTime < Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd18")))//当日晚餐
            {
                intTime = 3;
            }
            else if (intOrderTime >= Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd18")) && intOrderTime > Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd24")))//明天早餐
            {
                OrderTime.AddDays(1);
                intTime = 1;
            }
            ReturnClass err      = new ReturnClass();
            int         thisTime = Convert.ToInt32(OrderTime.ToString("yyyyMMdd00"));

            if (StaticInfo.hasNoZhuRu("aa"))
            {
                try
                {
                    if (intTime == 0)
                    {
                        int Btime = Convert.ToInt32(OrderTime.ToString("yyyyMMdd00"));                                           //开始的时间 2016082500
                        int Etime = Convert.ToInt32(OrderTime.AddDays(1).ToString("yyyyMMdd00"));                                //结束的时间 2016082600
                    }
                    else if (intTime == 1)                                                                                       //早餐
                    {
                        thisTime = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(1).Rows[0]["Value"]); //早晨6:00
                    }
                    else if (intTime == 2)                                                                                       //午餐
                    {
                        thisTime = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(2).Rows[0]["Value"]); //中午12:00
                    }
                    else if (intTime == 3)                                                                                       //晚餐
                    {
                        thisTime = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(3).Rows[0]["Value"]); //下午18:00
                    }
                    DataTable dt1 = DBConnection.OrderInfo.SelectTotalFenCanNum(thisTime, ShopID);
                    DataTable dt2 = DBConnection.OrderInfo.SelectTotalFenCanNumBySongCanYuan(thisTime, ShopID);

                    dt1.Columns.Add("NumByYuanGong");

                    foreach (DataRow dr in dt1.Rows)
                    {
                        string s = "";
                        foreach (DataRow drr in dt2.Rows)
                        {
                            if (dr["FoodID"].ToString() == drr["FoodID"].ToString())
                            {
                                if (drr["YuanGongName"].ToString() != "")
                                {
                                    s += drr["YuanGongName"].ToString() + ":" + drr["totalNum"].ToString() + "份 ";
                                }
                                else
                                {
                                    s += "未知人" + ":" + drr["totalNum"].ToString() + "份 ";
                                }
                            }
                        }
                        dr["NumByYuanGong"] = s;
                    }

                    err.result = dt1;
                    if (err.result != null)
                    {
                        err.Code = ErrorCode.SUSCCED;
                    }
                    else
                    {
                        err.Code = ErrorCode.FAIL;
                    }
                }
                catch (Exception ex)
                {
                    DBConnection.LogHelper.insertLogError("SelectTotalOrderInfoChuShi", ex.ToString(), DateTime.Now);
                }
            }
            else
            {
                err.result = 0;
                err.Code   = ErrorCode.ERR_ZHURU;
                err.Msg    = "sql注入!";
            }
            return(err);
        }
Beispiel #16
0
        /// <summary>
        /// Order_送餐员查看自己要送的订单
        /// </summary>
        /// <param name="intTime">哪个时间段的订餐 0:全天 1:早餐 2:午餐 3:晚餐</param>
        /// <param name="State">订单的状态 0:未结束 1:已结束</param>
        /// <param name="ShopID">店铺ID</param>
        /// <param name="OrderTime">要查询的订单送餐时间</param>
        /// where OrderTime = 2016082418 and y.YuanGongID = 2 and d.ShopID = 1 and d.State = 0
        public static ReturnClass SelectTotalOrderDataSongCan(int intTime, int State, int ShopID, DateTime OrderTime, int YuanGongID)
        {
            ReturnClass err      = new ReturnClass();
            string      sqlWhere = "where 1=1 and d.ShopID=" + Convert.ToString(ShopID) + " ";//where OrderTime = 2016082418 and y.YuanGongID = 2 and d.ShopID = 1 and d.State = 0
            int         thisTime = Convert.ToInt32(OrderTime.ToString("yyyyMMdd00"));

            if (StaticInfo.hasNoZhuRu("aa"))
            {
                try
                {
                    if (intTime == 0)
                    {
                        int Btime = Convert.ToInt32(OrderTime.ToString("yyyyMMdd00"));            //开始的时间 2016082500
                        int Etime = Convert.ToInt32(OrderTime.AddDays(1).ToString("yyyyMMdd00")); //结束的时间 2016082600
                        sqlWhere += " and d.OrderTime between " + Btime + " and " + Etime + " ";
                    }
                    else if (intTime == 1)                                                                                        //早餐
                    {
                        thisTime  = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(1).Rows[0]["Value"]); //早晨6:00
                        sqlWhere += " and d.OrderTime =" + Convert.ToString(thisTime) + " ";
                    }
                    else if (intTime == 2)                                                                                        //午餐
                    {
                        thisTime  = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(2).Rows[0]["Value"]); //中午12:00
                        sqlWhere += " and d.OrderTime =" + Convert.ToString(thisTime) + " ";
                    }
                    else if (intTime == 3)                                                                                        //晚餐
                    {
                        thisTime  = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(3).Rows[0]["Value"]); //下午18:00
                        sqlWhere += " and d.OrderTime =" + Convert.ToString(thisTime) + " ";
                    }
                    if (State != -1)
                    {
                        sqlWhere += " and d.State=" + Convert.ToString(State) + " ";
                    }
                    if (YuanGongID != -1)
                    {
                        sqlWhere += " and d.YuanGongID=" + Convert.ToString(YuanGongID) + " ";
                    }
                    err.result = DBConnection.OrderData.SelectTotalOrderDataSongCan(sqlWhere);
                    if (err.result != null)
                    {
                        err.Code = ErrorCode.SUSCCED;
                    }
                    else
                    {
                        err.Code = ErrorCode.FAIL;
                    }
                }
                catch (Exception ex)
                {
                    DBConnection.LogHelper.insertLogError("SelectTotalOrderInfoChuShi", ex.ToString(), DateTime.Now);
                }
            }
            else
            {
                err.result = 0;
                err.Code   = ErrorCode.ERR_ZHURU;
                err.Msg    = "sql注入!";
            }
            return(err);
        }
Beispiel #17
0
        /// <summary>
        /// Order_厨师查看自己的订单详情
        /// </summary>
        /// /// <param name="intTime">哪个时间段的订餐 0:全天 1:早餐 2:午餐 3:晚餐</param>
        /// <param name="State">订单的状态 0:未结束 1:已结束</param>
        /// <param name="ShopID">店铺ID</param>
        /// <param name="OrderTime">查询的日期</param>
        /// <param name="Category">种类 1:肉类2:蔬菜类3:面食</param>
        public static ReturnClass SelectTotalOrderInfoChuShi(int intTime, int State, int ShopID, DateTime OrderTime, int Category)
        {
            ////看一下当前时间应该是查看什么时间段的订餐
            OrderTime = DateTime.Now;
            //int intOrderTime =Convert.ToInt32(DateTime.Now.ToString("yyyyMMddHH"));
            //if(intOrderTime<Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd06")))//当日早餐
            //{
            //    intTime = 1;
            //}
            //else if(intOrderTime > Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd06"))&& intOrderTime < Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd12")))//当日午餐
            //{
            //    intTime = 2;
            //}
            //else if (intOrderTime > Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd12")) && intOrderTime < Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd18")))//当日晚餐
            //{
            //    intTime = 3;
            //}
            //else if(intOrderTime > Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd18"))&& intOrderTime > Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd24")))//明天早餐
            //{
            //    OrderTime.AddDays(1);
            //    intTime = 1;
            //}
            ReturnClass err      = new ReturnClass();
            string      sqlWhere = "where 1=1 and f.ShopID=" + Convert.ToString(ShopID) + " ";//where i.OrderTime =2016082418 and c.ID=1 and f.ShopID=1 and d.State=0
            int         thisTime = Convert.ToInt32(OrderTime.ToString("yyyyMMdd00"));

            if (StaticInfo.hasNoZhuRu("aa"))
            {
                try
                {
                    if (intTime == 0)
                    {
                        int Btime = Convert.ToInt32(OrderTime.ToString("yyyyMMdd00"));            //开始的时间 2016082500
                        int Etime = Convert.ToInt32(OrderTime.AddDays(1).ToString("yyyyMMdd00")); //结束的时间 2016082600
                        sqlWhere += " and i.OrderTime between " + Btime + " and " + Etime + " ";
                    }
                    else if (intTime == 1)                                                                                        //早餐
                    {
                        thisTime  = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(1).Rows[0]["Value"]); //早晨6:00
                        sqlWhere += " and i.OrderTime =" + Convert.ToString(thisTime) + " ";
                    }
                    else if (intTime == 2)                                                                                        //午餐
                    {
                        thisTime  = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(2).Rows[0]["Value"]); //中午12:00
                        sqlWhere += " and i.OrderTime =" + Convert.ToString(thisTime) + " ";
                    }
                    else if (intTime == 3)                                                                                        //晚餐
                    {
                        thisTime  = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(3).Rows[0]["Value"]); //下午18:00
                        sqlWhere += " and i.OrderTime =" + Convert.ToString(thisTime) + " ";
                    }
                    if (State != -1)
                    {
                        sqlWhere += " and d.State=" + Convert.ToString(State) + " ";
                    }
                    if (Category != -1)
                    {
                        sqlWhere += " and c.ID=" + Convert.ToString(Category) + " ";
                    }
                    err.result = DBConnection.OrderInfo.SelectTotalOrderInfoChuShi(sqlWhere);
                    if (err.result != null)
                    {
                        err.Code = ErrorCode.SUSCCED;
                    }
                    else
                    {
                        err.Code = ErrorCode.FAIL;
                    }
                }
                catch (Exception ex)
                {
                    DBConnection.LogHelper.insertLogError("SelectTotalOrderInfoChuShi", ex.ToString(), DateTime.Now);
                }
            }
            else
            {
                err.result = 0;
                err.Code   = ErrorCode.ERR_ZHURU;
                err.Msg    = "sql注入!";
            }
            return(err);
        }
Beispiel #18
0
        /// <summary>
        /// Order插入数据
        /// </summary>
        /// <param name="Name">姓名</param>
        /// <param name="Phone">电话</param>
        /// <param name="Address">地址</param>
        /// <param name="ShopID">商店ID</param>
        /// <param name="List">订单详情</param>
        /// <param name="OrderTime">预定时间</param>
        /// <param name="OrderDate">预定日期</param>
        ///
        /// 插入orderData 表->插入单品到orderInfo表->计算价格->返回清单给顾客->付款
        /// list foodID num Price OrderTime  例如:1,红烧肉,2,30|3,尖椒炒鸡蛋,1,18
        /// Address格式为 楼号层数,床号  例如:108,0812床  1号楼8楼,0812床号
        public static ReturnClass AddOrder(string Name, string Phone, string Address, int ShopID, string List, string OrderTime, string OrderDate)
        {
            int    YuanGongID = 0;                                                                        //员工ID
            int    LouHao     = Convert.ToInt32(Address.Split(',')[0]);                                   //楼号
            string ChuangHao  = Address.Split(',')[1];                                                    //床号

            if (DBConnection.SystemConfig.SelectValueByConfigIDAndValue(1002, LouHao.ToString()) != null) //说明有值
            {
                //查询相应的送餐员ID
                YuanGongID = Convert.ToInt32(DBConnection.SystemConfig.SelectValueByConfigIDAndValue(1002, LouHao.ToString()));
            }
            if (DBConnection.SystemConfig.SelectConfigNameByConfigIDAndName(1002, LouHao.ToString()) != null)//说明有值
            {
                //如果有这座楼,重新组建Address用中文的形式,理论上应该为   例: 门诊楼8楼,0828床
                Address = DBConnection.SystemConfig.SelectConfigNameByConfigIDAndName(1002, LouHao.ToString()) + "," + ChuangHao;
            }
            else//没有这层
            {
            }
            //处理一下订餐的日期和时间  日期处理成yyyyMMddHH00的int型,时间处理成yyyyMMdd(06|12|18)分别代表早餐 午餐 晚餐,方便比较大小
            string[]    date         = OrderDate.Split('-');
            int         intOrderDate = Convert.ToInt32(date[0] + date[1] + date[2] + "00");  //当前订餐日期
            int         intOrderTime = intOrderDate + Convert.ToInt32(OrderTime);            //当前订餐时间 格式2016090806 2016090812 2016090818
            int         intTimeNow   = Convert.ToInt32(DateTime.Now.ToString("yyyyMMddHH")); //当前时间,为了判断订餐时间是否合法
            ReturnClass err          = new ReturnClass();

            //判断订餐是否合法
            if (intTimeNow > intOrderTime - 2)//说明超出了此次就餐时间
            {
                err.result = -2;
                err.Code   = ErrorCode.FAIL;
                err.Msg    = "订单添加失败了!原因是当前时间超过了预定时间!";
                return(err);
            }
            if (StaticInfo.hasNoZhuRu(Name) && StaticInfo.hasNoZhuRu(Phone) && StaticInfo.hasNoZhuRu(Address) && StaticInfo.hasNoZhuRu(List)) //判断是否sql注入
            {
                string OrderID = StaticInfo.CreatOrderID();                                                                                   //生成订单号
                //拆分字符串 获取详细订单
                string[] OrderInfoArray = List.Split('|');
                int      CountRow       = 0;     //成功插入的条数
                string   ListDetail     = "";    //方便打印存储一下订单详情内容
                decimal  TotalPrice     = 0.00M; //订单的总价格
                //初始化一个表格 为了订单详情生成 逻辑为如果有一点数据不合法,那么这个datatable就=null,数据库不做任何处理
                #region 初始化datatalbe
                DataTable  dtList = new DataTable("dtList");
                DataColumn dtc    = new DataColumn("FoodID", typeof(string));
                dtList.Columns.Add(dtc);
                dtc = new DataColumn("FoodName", typeof(string));
                dtList.Columns.Add(dtc);
                dtc = new DataColumn("Num", typeof(string));
                dtList.Columns.Add(dtc);
                dtc = new DataColumn("Price", typeof(string));
                dtList.Columns.Add(dtc);
                #endregion
                try
                {
                    if (OrderInfoArray != null)
                    {
                        foreach (string strOrderData in OrderInfoArray)
                        {
                            if (strOrderData == null || strOrderData == "")
                            {
                                continue;
                            }
                            else
                            {
                                string[]  OrderData = strOrderData.Split(',');                                            //订单详情通过','拆分成数组便于取值
                                int       FoodID    = Convert.ToInt32(OrderData[0]);                                      //商品ID
                                string    FoodName  = Convert.ToString(OrderData[1]);                                     //商品名称
                                int       Num       = Convert.ToInt32(OrderData[2]);                                      //商品数量
                                decimal   Price     = Convert.ToDecimal(OrderData[3]);                                    //单条商品的总价
                                DataTable dtNeed    = DBConnection.FoodInfo.SelectFoodInfo(FoodID);
                                if (dtNeed != null && Num > 0 && Price > 0.00M)                                           //说明这是合法的数据,只能为正数
                                {
                                    FoodName = Convert.ToString(dtNeed.Rows[0]["FoodName"]);                              //商品名称
                                    DataRow dr = dtList.NewRow();
                                    dr["FoodID"]   = Convert.ToString(FoodID);                                            //ID
                                    dr["FoodName"] = Convert.ToString(FoodName);                                          //名称
                                    dr["Num"]      = Convert.ToString(Num);                                               //数量
                                    dr["Price"]    = Convert.ToDecimal(Num) * Convert.ToDecimal(dtNeed.Rows[0]["Price"]); //总价
                                    dtList.Rows.Add(dr);
                                }
                                else
                                {
                                    dtList = null;
                                    break;
                                }
                            }
                        }

                        if (dtList != null)
                        {
                            foreach (DataRow drr in dtList.Rows)
                            {
                                ListDetail += "品名:" + Convert.ToString(drr["FoodName"]) + "  数量:" + Convert.ToString(drr["Num"]) + "  价格:" + Convert.ToString(drr["Price"]) + "|"; //方便打印存储一下订单详情内容
                                TotalPrice += Convert.ToDecimal(drr["Price"]);                                                                                                     //计算总价格
                                                                                                                                                                                   //CountRow += 1;// 成功插入的条数+1
                            }
                            //
                            if (DBConnection.OrderInfo.InsertOrderInfo(OrderID, dtList, intOrderTime, Convert.ToString(TotalPrice), DateTime.Now, Name, Phone
                                                                       , Address, 0, YuanGongID, 0, 0, "", 1, ListDetail) > 0)
                            {
                                //说明订单生成成功了
                                err.result = 1;
                                err.Code   = ErrorCode.SUSCCED;
                                err.Msg    = "订单生成成功!";
                            }
                            else//说明失败了
                            {
                                err.result = 0;
                                err.Code   = ErrorCode.FAIL;
                                err.Msg    = "订单添加失败了!";
                            }
                        }



                        //if(dtList!=null)
                        //{
                        //    foreach (DataRow drr in dtList.Rows)
                        //    {
                        //        if (DBConnection.OrderInfo.InsertOrderInfo(OrderID,Convert.ToInt32(drr["FoodID"]),Convert.ToInt32(drr["Num"]),Convert.ToDecimal(drr["Price"]), OrderTime) > 0) //说明插入成功了
                        //        {
                        //            ListDetail += "品名:" +Convert.ToString(drr["FoodName"]) + "  数量:" + Convert.ToString(drr["Num"]) + "  价格:" + Convert.ToString(drr["Price"]) + "|";//方便打印存储一下订单详情内容
                        //            TotalPrice +=Convert.ToDecimal(drr["Price"]);//计算总价格
                        //            CountRow += 1;// 成功插入的条数+1
                        //        }
                        //    }
                        //}
                        else
                        {
                            err.Code   = ErrorCode.FAIL;
                            err.result = 0;
                            err.Msg    = "添加订单的数量或者价格参数不合法!";
                            return(err);
                        }
                    }
                    else//说明订单中并没有商品详情
                    {
                        err.result = 0;
                        err.Code   = ErrorCode.FAIL;
                        err.Msg    = "请选择餐品加入订单,再提交订单!";
                        return(err);
                    }
                    //要查询今天当班的送餐员(待定也可能由管理员指定)


                    //if (CountRow == OrderInfoArray.Length)//这说明全部插入成功了
                    //{
                    //    //添加一条新记录到OrderInfo表
                    //    if (DBConnection.OrderData.InsertOrderData(OrderID, Convert.ToString(TotalPrice), DateTime.Now, Name, Phone, Address, 0, 0, 0, 0, "", 1, ListDetail, OrderTime) > 0)
                    //    {
                    //        //说明订单生成成功了
                    //        err.result = 1;
                    //        err.Code = ErrorCode.SUSCCED;
                    //        err.Msg = "订单生成成功!";
                    //    }
                    //    else//说明失败了
                    //    {
                    //        err.result = 0;
                    //        err.Code = ErrorCode.FAIL;
                    //        err.Msg = "订单添加失败了!";
                    //    }
                    //}
                }
                catch (Exception ex)
                {
                    DBConnection.LogHelper.insertLogError("AddOrder", ex.ToString(), DateTime.Now);
                }
            }
            else
            {
                err.result = 0;
                err.Code   = ErrorCode.ERR_ZHURU;
                err.Msg    = "sql注入!";
            }
            return(err);
        }