/// <summary> /// 查询销量 /// </summary> /// <param name="BgTime">开始时间</param> /// <param name="EndTime">结束时间</param> /// <param name="ShopID">店铺ID</param> public static ReturnTableClass SelectXiaoLiang(DateTime BgTime, DateTime EndTime, int ShopID) { ReturnTableClass err = new ReturnTableClass(); if (StaticInfo.hasNoZhuRu("ShopID")) { try { err.result = DBConnection.OrderInfo.SelectXiaoLiang(Convert.ToInt32(BgTime.ToString("yyyyMMdd00")), Convert.ToInt32(EndTime.ToString("yyyyMMdd24")), ShopID); if (err.result != null) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("SelectXiaoLiang", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
/// <summary> /// 查询所有单品类别 /// </summary> /// <param name="ID">ID</param> public static ReturnClass SelectTotalCategory() { ReturnClass err = new ReturnClass(); if (StaticInfo.hasNoZhuRu("aa")) { try { err.result = DBConnection.SystemConfig.SelectTotalCategory(); if (err.result != null) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("SelectTotalCategory", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
/// <summary> /// Order_删除订单 /// </summary> /// <param name="OrderID">订单ID</param> public static ReturnClass DeleteOrder(string OrderID) { ReturnClass err = new ReturnClass(); if (StaticInfo.hasNoZhuRu(OrderID)) { try { err.result = DBConnection.OrderData.DeleteOrderData(OrderID); if (Convert.ToInt32(err.result) > 0) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("DeleteOrder", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
/// <summary> /// Order_查询单条订单详情 /// </summary> /// <param name="OrderID">订单ID</param> public static ReturnClass SelectOrderInfo(string OrderID) { ReturnClass err = new ReturnClass(); if (StaticInfo.hasNoZhuRu(OrderID)) { try { err.result = DBConnection.OrderInfo.SelectOrder(OrderID); if (err.result != null) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("SelectOrderInfo", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
/// <summary> /// 添加系统设置 /// </summary> /// <param name="Value">账号</param> /// <param name="Name">姓名</param> /// <param name="ConfigID">系统设置ID</param> /// <param name="ConfigName">系统设置名称</param> public static ReturnClass AddSystemConfig(string Value, string Name, int ConfigID, string ConfigName) { ReturnClass err = new ReturnClass(); if (StaticInfo.hasNoZhuRu(Value) && StaticInfo.hasNoZhuRu(ConfigName)) { try { err.result = DBConnection.SystemConfig.InsertSystemConfig(Value, Name, ConfigID, ConfigName); if (Convert.ToInt32(err.result) > 0) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("AddSystemConfig", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
/// <summary> /// 修改餐品信息 /// </summary> /// <param name="ID">餐品ID</param> /// <param name="FoodName">菜名</param> /// <param name="Category">种类</param> /// <param name="pic">图片地址</param> /// <param name="ShopID">商店ID</param> /// <param name="MenuID">菜单ID</param> /// <param name="Des">描述</param> /// <param name="Price">单价</param> /// <param name="AdminID">添加人ID</param> /// <param name="IsShow">是否显示</param> public static ReturnClass UpDateFood(int ID, string FoodName, int Category, string pic, int ShopID, int MenuID, string Des, string Price, string AdminID, int IsShow) { ReturnClass err = new ReturnClass(); if (StaticInfo.hasNoZhuRu(FoodName) && StaticInfo.hasNoZhuRu(pic) && StaticInfo.hasNoZhuRu(Des) && StaticInfo.hasNoZhuRu(Price) && StaticInfo.hasNoZhuRu(AdminID)) { try { err.result = DBConnection.FoodInfo.UpdateFoodInfo(ID, FoodName, Category, pic, ShopID, MenuID, Des, Price, AdminID, IsShow); if (Convert.ToInt32(err.result) > 0) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("UpdateFood", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
/// <summary> /// 修改管理员密码 /// </summary> /// <param name="Phone">电话号码</param> /// <param name="OldPsd">旧密码</param> /// <param name="NewPsd">新密码</param> public static ReturnClass RestPwd(string Phone, string OldPwd, string NewPwd) { ReturnClass err = new ReturnClass(); if (StaticInfo.hasNoZhuRu(Phone) && StaticInfo.hasNoZhuRu(OldPwd) && StaticInfo.hasNoZhuRu(NewPwd)) { try { err.result = DBConnection.YuanGongInfo.RestPwd(Phone, OldPwd, NewPwd); if (Convert.ToInt32(err.result) > 0) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("RestYuanGongPwd", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
/// <summary> /// 修改员工信息 /// </summary> /// <param name="YuanGongID">员工ID</param> /// <param name="Password">密码</param> /// <param name="Name">姓名</param> /// <param name="YuanGongType">工种</param> /// <param name="WorkGroup">工作组</param> /// <param name="Phone">电话</param> /// <param name="CategoryID">厨师用的类别</param> public static ReturnClass UpDateYuanGong(string YuanGongID, string Password, string Name, int ShopID, int YuanGongType, int WorkGroup, string Phone, int CategoryID) { ReturnClass err = new ReturnClass(); if (StaticInfo.hasNoZhuRu(YuanGongID) && StaticInfo.hasNoZhuRu(Name) && StaticInfo.hasNoZhuRu(Password) && StaticInfo.hasNoZhuRu(Phone)) { try { err.result = DBConnection.YuanGongInfo.UpdateYuanGongInfo(YuanGongID, Password, Name, ShopID, YuanGongType, WorkGroup, Phone, CategoryID); if (Convert.ToInt32(err.result) > 0) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("UpdateYuanGong", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
/// <summary> /// 添加管理员 /// </summary> /// <param name="AdminID">账号</param> /// <param name="Name">姓名</param> /// <param name="AdminType">管理员类型</param> /// <param name="Password">密码</param> /// <param name="Phone">电话</param> public static ReturnClass AddAdmin(string AdminID, string Name, int AdminType, string Password, string Phone) { ReturnClass err = new ReturnClass(); if (StaticInfo.hasNoZhuRu(AdminID) && StaticInfo.hasNoZhuRu(Name) && StaticInfo.hasNoZhuRu(Password) && StaticInfo.hasNoZhuRu(Phone)) { try { err.result = DBConnection.AdminInfo.InsertAdminInfo(AdminID, Name, AdminType, Password, Phone); if (Convert.ToInt32(err.result) > 0) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("AddAdmin", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
/// <summary> /// 创建MD5签名 字典按ASCII码升序排序后 拼接成url params格式进行MD5加密 /// </summary> /// <param name="dic">要签名参数字典</param> /// <returns>md5加密后的字符串</returns> public static string CreateSign(Dictionary <string, string> dic) { var stringA = ""; var resultDic = from obj in dic orderby obj.Key select obj; foreach (var keyValue in resultDic) { if (string.IsNullOrEmpty(keyValue.Value.Trim())) { continue; } stringA += keyValue.Key.Trim() + "=" + keyValue.Value.Replace("\r\n", "").Replace(" ", "").Replace("\\", "").Trim() + "&"; } var stringSignTemp = stringA + "key=" + key; var sign = StaticInfo.MD5Encrypt32(stringSignTemp).ToUpper(); return(sign); }
/// <summary> /// 查询送餐员绩效 /// </summary> /// <param name="intOrderTime">0上月 1本月</param> /// <param name="ShopID">店铺ID</param> public static ReturnTableClass SelectSongCanRen(int intOrderTime, int ShopID) { ReturnTableClass err = new ReturnTableClass(); int bgTime = 0; //开始时间 int endTime = 0; //结束时间 if (intOrderTime == 0) { bgTime = Convert.ToInt32(DateTime.Now.AddMonths(-1).ToString("yyyyMM0000")); endTime = Convert.ToInt32(DateTime.Now.ToString("yyyyMM0000")); } else if (intOrderTime == 1) { bgTime = Convert.ToInt32(DateTime.Now.ToString("yyyyMM0000")); endTime = Convert.ToInt32(DateTime.Now.AddMonths(1).ToString("yyyyMM0000")); } if (StaticInfo.hasNoZhuRu("ShopID")) { try { err.result = DBConnection.OrderData.SelectSongCanRen(bgTime, endTime, ShopID); if (err.result != null) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("SelectSongCanRen", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
//验证签名算法 参数字符串+secret+时间戳 MD5加密 /// <summary> /// /// </summary> /// <param name="appId"></param> /// <param name="sign"></param> /// <param name="timeStamp"></param> /// <param name="pInput"></param> /// <returns></returns> // public static bool CheckSign(string key,string pInput) // { // bool result = false; // try // { // //在请求正文添加timespan(时间戳),nonce(随机数),sign(签名参数) // //"{'appId':'1','phone':'13969800321','pwd':'123456','timespan':'201802932828','nonce':'288','sign':'noce288phone13969800321pwd123456timespan201802932828'}" sign用MD5加密 // //入参形式应该为 // //{'Phone':'13969800321','Pwd':'123456',TimeStamp':'20180419029388','DesCode':'abc','Sign':'Phone13969800321Pwd123456TimeStamp20180419029388'} // //sign MD5加密 DesCode为RSA公钥加密 // //入参先用DES解密 // RSACryption rsaInput = new RSACryption(); // DESEncrypt.Key = rsaInput.RSADecrypt(privateKey, key);//运用私钥解密传来的公钥加密过的DES秘钥 // string inputStr = DESEncrypt.DesDecrypt(pInput); // //将入参转为JSON对象 // JObject jobj = JObject.Parse(inputStr); // //然后遍历Json对象所有Key Value // string strParam = ""; // List<string> listParam = new List<string>(); // string sign = ""; // foreach (var j in jobj) // { // if (j.Key == "sign") // { // sign = j.Value.ToString(); // continue; // } // string strKeyValue = j.Key + j.Value; // listParam.Add(strKeyValue); // } // listParam.OrderBy(item => item); // foreach(string str in listParam) // { // strParam += str; // } // //完成排序组合,然后MD5加密 // //然后MD5加密 // string md5ParamStr = MD5Encrypt32(strParam); // if(sign.Trim()==md5ParamStr.Trim()) // { // result = true; // } // else // { // result = false; // } // } // catch(Exception ex) // { // result = false; // } // return result; // } // //PEM格式密钥转XML // /// <summary> // /// RSA私钥格式转换,java->.net // /// </summary> // /// <param name="privateKey">java生成的RSA私钥</param> // /// <returns></returns> // public static string RSAPrivateKeyJava2DotNet(this string privateKey) // { // RsaPrivateCrtKeyParameters privateKeyParam = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(privateKey)); // return string.Format("<RSAKeyValue><Modulus>{0}</Modulus><Exponent>{1}</Exponent><P>{2}</P><Q>{3}</Q><DP>{4}</DP><DQ>{5}</DQ><InverseQ>{6}</InverseQ><D>{7}</D></RSAKeyValue>", // Convert.ToBase64String(privateKeyParam.Modulus.ToByteArrayUnsigned()), // Convert.ToBase64String(privateKeyParam.PublicExponent.ToByteArrayUnsigned()), // Convert.ToBase64String(privateKeyParam.P.ToByteArrayUnsigned()), // Convert.ToBase64String(privateKeyParam.Q.ToByteArrayUnsigned()), // Convert.ToBase64String(privateKeyParam.DP.ToByteArrayUnsigned()), // Convert.ToBase64String(privateKeyParam.DQ.ToByteArrayUnsigned()), // Convert.ToBase64String(privateKeyParam.QInv.ToByteArrayUnsigned()), // Convert.ToBase64String(privateKeyParam.Exponent.ToByteArrayUnsigned())); // } // public static string RSAPublicKeyJava2DotNet(this string publicKey) // { // RsaKeyParameters publicKeyParam = (RsaKeyParameters)PublicKeyFactory.CreateKey(Convert.FromBase64String(publicKey)); // return string.Format("<RSAKeyValue><Modulus>{0}</Modulus><Exponent>{1}</Exponent></RSAKeyValue>", // Convert.ToBase64String(publicKeyParam.Modulus.ToByteArrayUnsigned()), // Convert.ToBase64String(publicKeyParam.Exponent.ToByteArrayUnsigned())); // } // /// <summary> // /// // /// </summary> // /// <param name="parames"></param> // /// <returns></returns> // public static Tuple<string,string> GetQueryString(Dictionary<string,string> parames) // { // StringBuilder query = new StringBuilder("");//签名字符串 // StringBuilder queryStr = new StringBuilder("");//url参数 // try // { // //将字典按Key首字母排序 // IDictionary<string, string> sortedParams = new SortedDictionary<string, string>(parames); // IEnumerator<KeyValuePair<string, string>> dem = sortedParams.GetEnumerator(); // //将所有签名字符串按照KeyValue形式串起来 // if (parames == null || parames.Count < 1) // { // return new Tuple<string, string>("",""); // } // while (dem.MoveNext()) // { // string key = dem.Current.Key; // string value = dem.Current.Value; // if (string.IsNullOrEmpty(key)&&key!="sign") // { // query.Append(key).Append(value); // queryStr.Append("&").Append(key).Append("=").Append(value); // } // } // } // catch (Exception) // { // return new Tuple<string, string>("", ""); // } // return new Tuple<string, string>(query.ToString(), queryStr.ToString().Substring(1, queryStr.Length - 1)); // } #region Post方式提交请求 /// <summary> /// Post方式提交请求 /// </summary> /// <param name="Url">地址</param> /// <param name="postDataStr">form中的参数字符串</param> /// <returns></returns> public static string CreatePostHttpResponse(string url, string postStr, int tradeChannel) { try { StaticInfo.Log("url:" + url.ToString()); StaticInfo.Log("postData:" + postStr.ToString()); // 编辑并Encoding提交的数据 byte[] data = new UTF8Encoding().GetBytes(postStr); //Encoding.UTF8.GetBytes(postStr);// new UTF8Encoding().GetBytes(postDataStr);// // 发送请求 System.Net.HttpWebRequest request = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(url); request.Method = "POST"; request.Timeout = 5000; if (tradeChannel == 2) { request.ContentType = "application/json;charset=utf-8"; } else { request.ContentType = "application/xml;charset=utf-8"; } request.ContentLength = data.Length; using (var stream = request.GetRequestStream()) { stream.Write(data, 0, data.Length); } // 获得回复 var response = (HttpWebResponse)request.GetResponse(); var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd(); StaticInfo.Log("responseData:" + responseString.ToString()); return(responseString); } catch (Exception ex) { Console.WriteLine(ex.ToString()); StaticInfo.Log("httppost请求发生异常:" + ex.ToString()); return(""); } }
/// <summary> /// 修改系统设置 /// </summary> /// <param name="ID">编号</param> /// <param name="Value">内容</param> public static ReturnClass UpdateSystemConfig(string ID, string Value) { ReturnClass err = new ReturnClass(); string[] strID = ID.Split(','); int countSussed = 0; if (StaticInfo.hasNoZhuRu(Value)) { try { foreach (string sid in strID) { if (sid != "") { countSussed += DBConnection.SystemConfig.UpdateSystemConfig(Convert.ToInt32(sid), Value); } } err.result = countSussed; if (Convert.ToInt32(err.result) > 0) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("AddSystemConfig", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
/// <summary> /// Order_修改状态 /// </summary> /// <param name="OrderID">订单ID</param> /// <param name="State">状态</param> public static ReturnClass UpDateOrderState(string OrderID, int State) { ReturnClass err = new ReturnClass(); string[] strOrderID = OrderID.Split(','); int CountRows = 0; if (StaticInfo.hasNoZhuRu(OrderID)) { try { foreach (string oid in strOrderID) { CountRows += DBConnection.OrderData.UpdateOrderState(oid, State); } err.result = CountRows; if (Convert.ToInt32(err.result) > 0) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("UpdateOrderState", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
/// <summary> /// Order_送餐员查看自己要送的订单 /// </summary> /// <param name="intTime">哪个时间段的订餐 0:全天 1:早餐 2:午餐 3:晚餐</param> /// <param name="State">订单的状态 0:未结束 1:已结束</param> /// <param name="ShopID">店铺ID</param> /// <param name="OrderTime">要查询的订单送餐时间</param> /// where OrderTime = 2016082418 and y.YuanGongID = 2 and d.ShopID = 1 and d.State = 0 public static ReturnClass SelectTotalOrderDataSongCan(int intTime, int State, int ShopID, DateTime OrderTime, int YuanGongID) { ReturnClass err = new ReturnClass(); string sqlWhere = "where 1=1 and d.ShopID=" + Convert.ToString(ShopID) + " ";//where OrderTime = 2016082418 and y.YuanGongID = 2 and d.ShopID = 1 and d.State = 0 int thisTime = Convert.ToInt32(OrderTime.ToString("yyyyMMdd00")); if (StaticInfo.hasNoZhuRu("aa")) { try { if (intTime == 0) { int Btime = Convert.ToInt32(OrderTime.ToString("yyyyMMdd00")); //开始的时间 2016082500 int Etime = Convert.ToInt32(OrderTime.AddDays(1).ToString("yyyyMMdd00")); //结束的时间 2016082600 sqlWhere += " and d.OrderTime between " + Btime + " and " + Etime + " "; } else if (intTime == 1) //早餐 { thisTime = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(1).Rows[0]["Value"]); //早晨6:00 sqlWhere += " and d.OrderTime =" + Convert.ToString(thisTime) + " "; } else if (intTime == 2) //午餐 { thisTime = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(2).Rows[0]["Value"]); //中午12:00 sqlWhere += " and d.OrderTime =" + Convert.ToString(thisTime) + " "; } else if (intTime == 3) //晚餐 { thisTime = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(3).Rows[0]["Value"]); //下午18:00 sqlWhere += " and d.OrderTime =" + Convert.ToString(thisTime) + " "; } if (State != -1) { sqlWhere += " and d.State=" + Convert.ToString(State) + " "; } if (YuanGongID != -1) { sqlWhere += " and d.YuanGongID=" + Convert.ToString(YuanGongID) + " "; } err.result = DBConnection.OrderData.SelectTotalOrderDataSongCan(sqlWhere); if (err.result != null) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("SelectTotalOrderInfoChuShi", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
/// <summary> /// Order_厨师查看自己的订单详情 /// </summary> /// /// <param name="intTime">哪个时间段的订餐 0:全天 1:早餐 2:午餐 3:晚餐</param> /// <param name="State">订单的状态 0:未结束 1:已结束</param> /// <param name="ShopID">店铺ID</param> /// <param name="OrderTime">查询的日期</param> /// <param name="Category">种类 1:肉类2:蔬菜类3:面食</param> public static ReturnClass SelectTotalOrderInfoChuShi(int intTime, int State, int ShopID, DateTime OrderTime, int Category) { ////看一下当前时间应该是查看什么时间段的订餐 OrderTime = DateTime.Now; //int intOrderTime =Convert.ToInt32(DateTime.Now.ToString("yyyyMMddHH")); //if(intOrderTime<Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd06")))//当日早餐 //{ // intTime = 1; //} //else if(intOrderTime > Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd06"))&& intOrderTime < Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd12")))//当日午餐 //{ // intTime = 2; //} //else if (intOrderTime > Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd12")) && intOrderTime < Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd18")))//当日晚餐 //{ // intTime = 3; //} //else if(intOrderTime > Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd18"))&& intOrderTime > Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd24")))//明天早餐 //{ // OrderTime.AddDays(1); // intTime = 1; //} ReturnClass err = new ReturnClass(); string sqlWhere = "where 1=1 and f.ShopID=" + Convert.ToString(ShopID) + " ";//where i.OrderTime =2016082418 and c.ID=1 and f.ShopID=1 and d.State=0 int thisTime = Convert.ToInt32(OrderTime.ToString("yyyyMMdd00")); if (StaticInfo.hasNoZhuRu("aa")) { try { if (intTime == 0) { int Btime = Convert.ToInt32(OrderTime.ToString("yyyyMMdd00")); //开始的时间 2016082500 int Etime = Convert.ToInt32(OrderTime.AddDays(1).ToString("yyyyMMdd00")); //结束的时间 2016082600 sqlWhere += " and i.OrderTime between " + Btime + " and " + Etime + " "; } else if (intTime == 1) //早餐 { thisTime = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(1).Rows[0]["Value"]); //早晨6:00 sqlWhere += " and i.OrderTime =" + Convert.ToString(thisTime) + " "; } else if (intTime == 2) //午餐 { thisTime = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(2).Rows[0]["Value"]); //中午12:00 sqlWhere += " and i.OrderTime =" + Convert.ToString(thisTime) + " "; } else if (intTime == 3) //晚餐 { thisTime = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(3).Rows[0]["Value"]); //下午18:00 sqlWhere += " and i.OrderTime =" + Convert.ToString(thisTime) + " "; } if (State != -1) { sqlWhere += " and d.State=" + Convert.ToString(State) + " "; } if (Category != -1) { sqlWhere += " and c.ID=" + Convert.ToString(Category) + " "; } err.result = DBConnection.OrderInfo.SelectTotalOrderInfoChuShi(sqlWhere); if (err.result != null) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("SelectTotalOrderInfoChuShi", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
/// <summary> /// Order_查询当日所有订单分页 /// </summary> /// <param name="intPageIndex">第几页</param> /// <param name="eachPageNum">每页显示几条</param> /// <param name="intTime">哪个时间段的订餐 0:全天 1:早餐 2:午餐 3:晚餐</param> /// <param name="State">订单的状态 0:未结束 1:已结束</param> /// <param name="ShopID">店铺ID</param> public static ReturnTableClass SelectOrderByPageIndex(int intPageIndex, int eachPageNum, int intTime, int State, DateTime OrderTime, int ShopID, string Name) { ReturnTableClass err = new ReturnTableClass(); DataTable dtRow = null; string sqlWhere = "where 1=1 and d.ShopID=" + Convert.ToString(ShopID) + " "; int thisTime = Convert.ToInt32(OrderTime.ToString("yyyyMMdd00")); if (StaticInfo.hasNoZhuRu("aa")) { try { if (intTime == 0) { int Btime = Convert.ToInt32(OrderTime.ToString("yyyyMMdd00")); //开始的时间 2016082500 int Etime = Convert.ToInt32(OrderTime.AddDays(1).ToString("yyyyMMdd00")); //结束的时间 2016082600 sqlWhere += " and d.OrderTime between " + Btime + " and " + Etime + " "; } else if (intTime == 1) //早餐 { thisTime = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(1).Rows[0]["Value"]); //早晨6:00 sqlWhere += " and d.OrderTime =" + Convert.ToString(thisTime) + " "; } else if (intTime == 2) //午餐 { thisTime = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(2).Rows[0]["Value"]); //中午12:00 sqlWhere += " and d.OrderTime =" + Convert.ToString(thisTime) + " "; } else if (intTime == 3) //晚餐 { thisTime = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(3).Rows[0]["Value"]); //下午18:00 sqlWhere += " and d.OrderTime =" + Convert.ToString(thisTime) + " "; } if (State != -1) { sqlWhere += " and d.State=" + Convert.ToString(State) + " "; } if (Name != "-1") { sqlWhere += " and d.Name like '%" + Name + "%'"; } err.result = DBConnection.OrderData.SelectTotalOrderDataByPageIndex(intPageIndex, eachPageNum, sqlWhere, out dtRow); err.RowCount = dtRow; if (err.result != null) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("SelectOrderInfo", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
/// <summary> /// 创建一个Token /// </summary> /// <param name="jsonStr"></param> /// <returns></returns> public static ReturnClass CreatToken(string jsonStr) { ReturnClass rc = new ReturnClass(); try { JObject jObj = new JObject(); jObj = JObject.Parse(jsonStr); if (string.IsNullOrEmpty(jObj["UserName"].ToString()) || string.IsNullOrEmpty(jObj["Password"].ToString())) { rc.Msg = "参数为空"; rc.Code = Code.ERR_Sign; rc.Data = ""; return(rc); } string userName = jObj["UserName"].ToString(); //用户名 string password = StaticInfo.MD5Encrypt32(jObj["Password"].ToString()); //密码 //去数据库查询是否有合法 MySqlParameter[] sp = new MySqlParameter[2]; sp[0] = new MySqlParameter("@account", userName); sp[1] = new MySqlParameter("@password", password); var sqlselect1 = string.Format("select * from ws_system_admin where account=@account and pwd=@password"); //DataRow result=MySqlHelper.GetDataSet(MySqlHelper.Conn,CommandType.Text,sqlselect1,sp).Tables[0].Rows[0]; //DataTable dtneed=MySqlHelper.GetDataSet(MySqlHelper.Conn,CommandType.Text,sqlselect1,sp).Tables[0]; DataTable dataTable = MySqlHelper.GetDataSet(MySqlHelper.Conn, CommandType.Text, sqlselect1, sp).Tables[0]; if (dataTable.Rows.Count < 1) { rc.Msg = "用户名或密码错误"; rc.Code = Code.ERR_Sign; rc.Data = ""; return(rc); } DataRow result = dataTable.Rows[0]; //MySqlHelper.GetDataSet(MySqlHelper.Conn,CommandType.Text,sqlselect1,sp).Tables[0].Rows[0]; //SqlHelper.ExecuteDataRow( System.Data.CommandType.Text, "select * from [Base_Users] where UserName='******' and Password='******'"); if (result == null) //说明不存在 { rc.Msg = "用户不存在"; rc.Code = Code.ERR_Sign; rc.Data = ""; return(rc); } // //只要是一登陆先清除token // MemoryCachingHelper._cache.Remove(result["UserID"].ToString()); // //先判断下缓存中是否存在 这个地方必须拿token去获取 // if(MemoryCachingHelper.Exists(result["UserID"].ToString())) // { // rc.Msg = "成功!"; // rc.Code = Code.SUCCED; // rc.Data = (Token)MemoryCachingHelper.Get(result["UserID"].ToString()); // } // else//不存在才会去生成Token //登陆时先删除 var redisTokenFlag = result["id"].ToString() + result["account"].ToString(); if (RedisStaticHelper.Exists(redisTokenFlag)) { //先删除 var jwtTokenStr = RedisStaticHelper.Get(redisTokenFlag); RedisStaticHelper.Del(jwtTokenStr); RedisStaticHelper.Del(redisTokenFlag); } { //生成JWT //生成token Token tk = new Token(); tk.userName = result["account"].ToString(); tk.userID = result["id"].ToString(); tk.sub = "Client"; //距离上次登录的毫秒数 tk.Timestamp = Convert.ToString(DateTimeToStamp(DateTime.Now)); //DateTime.Now.ToString("yyyyMMddHHmmss"); //token生成规则 用户名 密码 时间戳 MD5加密 //tk.AccessToken = MD5Encrypt32(EmpID, password, tk.Timestamp); //存一下token DateTime UTC = DateTime.UtcNow; Claim[] claims = new Claim[] { new Claim(JwtRegisteredClaimNames.Sub, tk.sub), //Subject, new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), //JWT ID,JWT的唯一标识 new Claim(JwtRegisteredClaimNames.Iat, UTC.ToString(), ClaimValueTypes.Integer64), //Issued At,JWT颁发的时间,采用标准unix时间,用于验证过期 }; JwtSecurityToken jwt = new JwtSecurityToken( issuer: "TianTao", //jwt签发者,非必须 audience: tk.userName, //jwt的接收该方,非必须 claims: claims, //声明集合 expires: UTC.AddHours(12), //指定token的生命周期,unix时间戳格式,非必须 signingCredentials: new Microsoft.IdentityModel.Tokens .SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes("RayPI's Secret Key")), SecurityAlgorithms.HmacSha256)); //使用私钥进行签名加密 var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); //生成最后的JWT字符串 tk.AccessToken = encodedJwt; // int count = SqlHelper.ExecuteNonQuery(System.Data.CommandType.Text, "update [Emp] set Token='" + tk.AccessToken + "' where EmpID='" + EmpID + "' and Pwd='" + password + "'"); // if (count < 1) // { // rc.Msg = "失败,重试"; // rc.Code = Code.SystemError; // rc.Data = ""; // return rc; // } rc.Msg = "成功!"; rc.Code = Code.SUCCED; rc.Data = tk; //将token 存入缓存 //MemoryCachingHelper.addMemoryCache(tk.AccessToken,tk,new TimeSpan(0,10,0),new TimeSpan(0,10,0)); RedisStaticHelper.Set(tk.AccessToken, tk.ToJson()); RedisStaticHelper.Set(tk.userID + tk.userName, tk.AccessToken); } return(rc); } catch (Exception ex) { StaticInfo.Log(ex.ToString()); rc.Msg = "违反了中央八项纪律"; rc.Code = Code.SystemError; rc.Data = ""; return(rc); } }
/// <summary> /// Order_厨师查看自己的订单详情 /// </summary> /// <param name="ShopID">店铺ID</param> public static ReturnClass SelectTotalOrderDataFenCan(int ShopID) { ////看一下当前时间应该是查看什么时间段的订餐 DateTime OrderTime = DateTime.Now; int intTime = 0; int intOrderTime = Convert.ToInt32(DateTime.Now.ToString("yyyyMMddHH")); if (intOrderTime <= Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd06")))//当日早餐 { intTime = 1; } else if (intOrderTime >= Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd06")) && intOrderTime < Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd12")))//当日午餐 { intTime = 2; } else if (intOrderTime >= Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd12")) && intOrderTime < Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd18")))//当日晚餐 { intTime = 3; } else if (intOrderTime >= Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd18")) && intOrderTime > Convert.ToInt32(DateTime.Now.ToString("yyyyMMdd24")))//明天早餐 { OrderTime.AddDays(1); intTime = 1; } ReturnClass err = new ReturnClass(); int thisTime = Convert.ToInt32(OrderTime.ToString("yyyyMMdd00")); if (StaticInfo.hasNoZhuRu("aa")) { try { if (intTime == 0) { int Btime = Convert.ToInt32(OrderTime.ToString("yyyyMMdd00")); //开始的时间 2016082500 int Etime = Convert.ToInt32(OrderTime.AddDays(1).ToString("yyyyMMdd00")); //结束的时间 2016082600 } else if (intTime == 1) //早餐 { thisTime = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(1).Rows[0]["Value"]); //早晨6:00 } else if (intTime == 2) //午餐 { thisTime = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(2).Rows[0]["Value"]); //中午12:00 } else if (intTime == 3) //晚餐 { thisTime = thisTime + Convert.ToInt32(DBConnection.SystemConfig.SelectSystemConfig(3).Rows[0]["Value"]); //下午18:00 } DataTable dt1 = DBConnection.OrderInfo.SelectTotalFenCanNum(thisTime, ShopID); DataTable dt2 = DBConnection.OrderInfo.SelectTotalFenCanNumBySongCanYuan(thisTime, ShopID); dt1.Columns.Add("NumByYuanGong"); foreach (DataRow dr in dt1.Rows) { string s = ""; foreach (DataRow drr in dt2.Rows) { if (dr["FoodID"].ToString() == drr["FoodID"].ToString()) { if (drr["YuanGongName"].ToString() != "") { s += drr["YuanGongName"].ToString() + ":" + drr["totalNum"].ToString() + "份 "; } else { s += "未知人" + ":" + drr["totalNum"].ToString() + "份 "; } } } dr["NumByYuanGong"] = s; } err.result = dt1; if (err.result != null) { err.Code = ErrorCode.SUSCCED; } else { err.Code = ErrorCode.FAIL; } } catch (Exception ex) { DBConnection.LogHelper.insertLogError("SelectTotalOrderInfoChuShi", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }
/// <summary> /// Order插入数据 /// </summary> /// <param name="Name">姓名</param> /// <param name="Phone">电话</param> /// <param name="Address">地址</param> /// <param name="ShopID">商店ID</param> /// <param name="List">订单详情</param> /// <param name="OrderTime">预定时间</param> /// <param name="OrderDate">预定日期</param> /// /// 插入orderData 表->插入单品到orderInfo表->计算价格->返回清单给顾客->付款 /// list foodID num Price OrderTime 例如:1,红烧肉,2,30|3,尖椒炒鸡蛋,1,18 /// Address格式为 楼号层数,床号 例如:108,0812床 1号楼8楼,0812床号 public static ReturnClass AddOrder(string Name, string Phone, string Address, int ShopID, string List, string OrderTime, string OrderDate) { int YuanGongID = 0; //员工ID int LouHao = Convert.ToInt32(Address.Split(',')[0]); //楼号 string ChuangHao = Address.Split(',')[1]; //床号 if (DBConnection.SystemConfig.SelectValueByConfigIDAndValue(1002, LouHao.ToString()) != null) //说明有值 { //查询相应的送餐员ID YuanGongID = Convert.ToInt32(DBConnection.SystemConfig.SelectValueByConfigIDAndValue(1002, LouHao.ToString())); } if (DBConnection.SystemConfig.SelectConfigNameByConfigIDAndName(1002, LouHao.ToString()) != null)//说明有值 { //如果有这座楼,重新组建Address用中文的形式,理论上应该为 例: 门诊楼8楼,0828床 Address = DBConnection.SystemConfig.SelectConfigNameByConfigIDAndName(1002, LouHao.ToString()) + "," + ChuangHao; } else//没有这层 { } //处理一下订餐的日期和时间 日期处理成yyyyMMddHH00的int型,时间处理成yyyyMMdd(06|12|18)分别代表早餐 午餐 晚餐,方便比较大小 string[] date = OrderDate.Split('-'); int intOrderDate = Convert.ToInt32(date[0] + date[1] + date[2] + "00"); //当前订餐日期 int intOrderTime = intOrderDate + Convert.ToInt32(OrderTime); //当前订餐时间 格式2016090806 2016090812 2016090818 int intTimeNow = Convert.ToInt32(DateTime.Now.ToString("yyyyMMddHH")); //当前时间,为了判断订餐时间是否合法 ReturnClass err = new ReturnClass(); //判断订餐是否合法 if (intTimeNow > intOrderTime - 2)//说明超出了此次就餐时间 { err.result = -2; err.Code = ErrorCode.FAIL; err.Msg = "订单添加失败了!原因是当前时间超过了预定时间!"; return(err); } if (StaticInfo.hasNoZhuRu(Name) && StaticInfo.hasNoZhuRu(Phone) && StaticInfo.hasNoZhuRu(Address) && StaticInfo.hasNoZhuRu(List)) //判断是否sql注入 { string OrderID = StaticInfo.CreatOrderID(); //生成订单号 //拆分字符串 获取详细订单 string[] OrderInfoArray = List.Split('|'); int CountRow = 0; //成功插入的条数 string ListDetail = ""; //方便打印存储一下订单详情内容 decimal TotalPrice = 0.00M; //订单的总价格 //初始化一个表格 为了订单详情生成 逻辑为如果有一点数据不合法,那么这个datatable就=null,数据库不做任何处理 #region 初始化datatalbe DataTable dtList = new DataTable("dtList"); DataColumn dtc = new DataColumn("FoodID", typeof(string)); dtList.Columns.Add(dtc); dtc = new DataColumn("FoodName", typeof(string)); dtList.Columns.Add(dtc); dtc = new DataColumn("Num", typeof(string)); dtList.Columns.Add(dtc); dtc = new DataColumn("Price", typeof(string)); dtList.Columns.Add(dtc); #endregion try { if (OrderInfoArray != null) { foreach (string strOrderData in OrderInfoArray) { if (strOrderData == null || strOrderData == "") { continue; } else { string[] OrderData = strOrderData.Split(','); //订单详情通过','拆分成数组便于取值 int FoodID = Convert.ToInt32(OrderData[0]); //商品ID string FoodName = Convert.ToString(OrderData[1]); //商品名称 int Num = Convert.ToInt32(OrderData[2]); //商品数量 decimal Price = Convert.ToDecimal(OrderData[3]); //单条商品的总价 DataTable dtNeed = DBConnection.FoodInfo.SelectFoodInfo(FoodID); if (dtNeed != null && Num > 0 && Price > 0.00M) //说明这是合法的数据,只能为正数 { FoodName = Convert.ToString(dtNeed.Rows[0]["FoodName"]); //商品名称 DataRow dr = dtList.NewRow(); dr["FoodID"] = Convert.ToString(FoodID); //ID dr["FoodName"] = Convert.ToString(FoodName); //名称 dr["Num"] = Convert.ToString(Num); //数量 dr["Price"] = Convert.ToDecimal(Num) * Convert.ToDecimal(dtNeed.Rows[0]["Price"]); //总价 dtList.Rows.Add(dr); } else { dtList = null; break; } } } if (dtList != null) { foreach (DataRow drr in dtList.Rows) { ListDetail += "品名:" + Convert.ToString(drr["FoodName"]) + " 数量:" + Convert.ToString(drr["Num"]) + " 价格:" + Convert.ToString(drr["Price"]) + "|"; //方便打印存储一下订单详情内容 TotalPrice += Convert.ToDecimal(drr["Price"]); //计算总价格 //CountRow += 1;// 成功插入的条数+1 } // if (DBConnection.OrderInfo.InsertOrderInfo(OrderID, dtList, intOrderTime, Convert.ToString(TotalPrice), DateTime.Now, Name, Phone , Address, 0, YuanGongID, 0, 0, "", 1, ListDetail) > 0) { //说明订单生成成功了 err.result = 1; err.Code = ErrorCode.SUSCCED; err.Msg = "订单生成成功!"; } else//说明失败了 { err.result = 0; err.Code = ErrorCode.FAIL; err.Msg = "订单添加失败了!"; } } //if(dtList!=null) //{ // foreach (DataRow drr in dtList.Rows) // { // if (DBConnection.OrderInfo.InsertOrderInfo(OrderID,Convert.ToInt32(drr["FoodID"]),Convert.ToInt32(drr["Num"]),Convert.ToDecimal(drr["Price"]), OrderTime) > 0) //说明插入成功了 // { // ListDetail += "品名:" +Convert.ToString(drr["FoodName"]) + " 数量:" + Convert.ToString(drr["Num"]) + " 价格:" + Convert.ToString(drr["Price"]) + "|";//方便打印存储一下订单详情内容 // TotalPrice +=Convert.ToDecimal(drr["Price"]);//计算总价格 // CountRow += 1;// 成功插入的条数+1 // } // } //} else { err.Code = ErrorCode.FAIL; err.result = 0; err.Msg = "添加订单的数量或者价格参数不合法!"; return(err); } } else//说明订单中并没有商品详情 { err.result = 0; err.Code = ErrorCode.FAIL; err.Msg = "请选择餐品加入订单,再提交订单!"; return(err); } //要查询今天当班的送餐员(待定也可能由管理员指定) //if (CountRow == OrderInfoArray.Length)//这说明全部插入成功了 //{ // //添加一条新记录到OrderInfo表 // if (DBConnection.OrderData.InsertOrderData(OrderID, Convert.ToString(TotalPrice), DateTime.Now, Name, Phone, Address, 0, 0, 0, 0, "", 1, ListDetail, OrderTime) > 0) // { // //说明订单生成成功了 // err.result = 1; // err.Code = ErrorCode.SUSCCED; // err.Msg = "订单生成成功!"; // } // else//说明失败了 // { // err.result = 0; // err.Code = ErrorCode.FAIL; // err.Msg = "订单添加失败了!"; // } //} } catch (Exception ex) { DBConnection.LogHelper.insertLogError("AddOrder", ex.ToString(), DateTime.Now); } } else { err.result = 0; err.Code = ErrorCode.ERR_ZHURU; err.Msg = "sql注入!"; } return(err); }