From 7a15979874bae836d34f1ced7f35b88f45d284d3 Mon Sep 17 00:00:00 2001
From: vegoo <vegooxin@gmail.com>
Date: Mon, 20 Apr 2026 00:15:37 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E7=A7=BB=E5=8A=A8?=
 =?UTF-8?q?=E7=AB=AF=E7=99=BB=E5=BD=95500=E9=94=99=E8=AF=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1. loginIn() 改用 ci_admin 表验证（原查 ci_staff 表 passWord 字段不存在）
2. login() cookie自动登录同步修复
3. good() 页面增加登录态验证
4. login.php 表单 action 修正为 mobile/loginIn
5. login.js 修复 JSON 解析问题（responseType=json 在原生XHR无效）
6. 登录成功返回完整URL跳转地址
---
 application/controllers/mobile.php |  33 ++--
 application/views/mobile/login.php |   2 +-
 statics/mobile/login/js/login.js   | 289 ++++++++++++++---------------
 3 files changed, 152 insertions(+), 172 deletions(-)

diff --git a/application/controllers/mobile.php b/application/controllers/mobile.php
index 5548c09..d7bd7e5 100755
--- a/application/controllers/mobile.php
+++ b/application/controllers/mobile.php
@@ -10,15 +10,9 @@ class Mobile extends CI_Controller {
 	    $user = get_cookie('user');
 	    $pwd = get_cookie('pwd');//die($user.$pwd);
 	    if(!empty($user) && !empty($pwd)){
-	        $list = $this->getUser($user,$pwd);
-	        if(count($list)>0){
-	            $data = reset($list);
-	            $this->input->set_cookie('user',$data['number'],3600000);
-	            $this->input->set_cookie('pwd',$data['passWord'],3600000);
-	            $this->input->set_cookie('userName',$data['name'],3600000);
-	            $this->input->set_cookie('deptId',$data['deptId'],3600000);
-	            $this->input->set_cookie('deptName',$data['deptName'],3600000);
-	            $this->input->set_cookie('score',$data['score'],3600000);
+	        // 2026-04-20 fix: 改用 ci_admin 表验证
+	        $data = $this->mysql_model->get_rows('admin','(username="'.$user.'") or (mobile="'.$user.'") ');
+	        if(count($data)>0 && $data['status']==1 && $data['userpwd'] == md5($pwd)){
 	            redirect('mobile/good','refresh');
 	        }
 	    }
@@ -28,17 +22,15 @@ class Mobile extends CI_Controller {
 	public function loginIn(){
 	    $user = str_enhtml($this->input->get_post('user',TRUE));
 	    $pwd = str_enhtml($this->input->get_post('pwd',TRUE));
-	    $list = $this->getUser($user,$pwd);
-	    if(count($list)>0){
-	        $data = reset($list);
-	        $this->input->set_cookie('user',$data['number'],3600000);
-	        $this->input->set_cookie('pwd',$data['passWord'],3600000);
+	    // 2026-04-20 fix: 改用 ci_admin 表登录（原 getUser() 查 ci_staff 表 passWord 字段不存在）
+	    $data = $this->mysql_model->get_rows('admin','(username="'.$user.'") or (mobile="'.$user.'") ');
+	    if(count($data)>0 && $data['status']==1 && $data['userpwd'] == md5($pwd)){
+	        $this->input->set_cookie('user',$user,3600000);
+	        $this->input->set_cookie('pwd',$pwd,3600000);
+	        $this->input->set_cookie('uid',$data['uid'],3600000);
 	        $this->input->set_cookie('userName',$data['name'],3600000);
-	        $this->input->set_cookie('deptId',$data['deptId'],3600000);
-	        $this->input->set_cookie('deptName',$data['deptName'],3600000);
-	        $this->input->set_cookie('score',$data['score'],3600000);
 	        $rtn['code'] = '200';
-	        $rtn['msg'] = 'good';
+	        $rtn['msg'] = base_url().'index.php/mobile/good';
 	    }else{
 	        $rtn['code'] = '-1';
 	        $rtn['msg'] = '账号或密码错误';
@@ -66,6 +58,11 @@ class Mobile extends CI_Controller {
 	    if(empty($user)||empty($pwd)){
 	        $this->load->view('mobile/login',NULL);return;
 	    }
+	    // 2026-04-20 fix: 改用 ci_admin 表验证
+	    $data = $this->mysql_model->get_rows('admin','(username="'.$user.'") or (mobile="'.$user.'") ');
+	    if(count($data)==0 || $data['status']!=1 || $data['userpwd'] != md5($pwd)){
+	        $this->load->view('mobile/login',NULL);return;
+	    }
 	    $this->load->view('mobile/good',NULL);
 	}
 	
diff --git a/application/views/mobile/login.php b/application/views/mobile/login.php
index baa3e14..04e61dd 100755
--- a/application/views/mobile/login.php
+++ b/application/views/mobile/login.php
@@ -17,7 +17,7 @@
 <div class="login-title"><p>ERP进销存V8标准版</p>
 <i></i>
 </div>
-<form method="post" action="<?php echo base_url()?>index.php/mobile/good">
+<form method="post" action="<?php echo base_url()?>index.php/mobile/loginIn">
 <div class="login-bar">
 <ul>
 <li><img src="<?php echo base_url()?>statics/mobile/login/images/login_user.png"><input type="text" class="text" placeholder="请输入用户名" /></li>
diff --git a/statics/mobile/login/js/login.js b/statics/mobile/login/js/login.js
index 4936147..5892e4c 100755
--- a/statics/mobile/login/js/login.js
+++ b/statics/mobile/login/js/login.js
@@ -1,153 +1,136 @@
-window.onload=function(){
-    var aInput=document.getElementsByTagName('input');
-    var oUser=aInput[0];
-    var oPwd=aInput[1]
-    var aI=document.getElementsByTagName('i')[0];
-    var sub = document.getElementById("submit");
-    sub.onclick = function(){
-    	if(oUser.value==""){
-            aI.innerHTML='账号不可为空';
-            return false;
-        }
-    	if(oPwd.value==""){
-            aI.innerHTML='密码不可为空';
-            return false;
-        }
-    	/*Ajax.post("loginIn",
-    			"user=1&pwd=2",
-    			function(rtn){
-    				alert(rtn);
-    			}
-    			);*/
-    	ajax({ 
-    		  type:"POST", 
-    		  url:"loginIn", 
-    		  dataType:"json", 
-    		  data:{user:oUser.value,pwd:oPwd.value}, 
-    		  beforeSend:function(){ 
-    		    //some js code 
-    		  }, 
-    		  success:function(rtn){ 
-    			  if(rtn.code !=200)
-    				  aI.innerHTML= rtn.msg;
-    			  else
-    				  location.href = rtn.msg;
-    		  }, 
-    		  error:function(){ 
-    		    console.log("error") 
-    		  } 
-    		})
-
-    	return false;
-    }
-    
-    
-    
-    //用户名检测
-    
-    oUser.onfocus=function(){
-        aI.innerHTML='';
-        oUser.removeAttribute("placeholder");
-    }
-    
-    oUser.onkeyup=function(){
-        
-    }
-    
-    oUser.onblur=function(){
-    	if(oUser.value==""){
-    		oUser.setAttribute("placeholder","账号不可为空");
-    	}
-       /* var tel = /1[3|4|5|7|8][0-9]\d{8}$/;
-        if(!tel.test(this.value)){
-            aI.innerHTML='手机号不正确';
-        }else if(this.value==""){
-            aI.innerHTML='手机号不可为空';
-        }*/
-    }
-    
-    //密码检测
-    
-    oPwd.onfocus=function(){
-        oPwd.removeAttribute("placeholder");
-    }
-    oPwd.onblur=function(){
-    	if(oPwd.value==""){
-    		oPwd.setAttribute("placeholder","请输入确认密码");
-    	}
-    }
-    
-    
-}
-var Ajax={
-	    get: function(url, fn) {
-	        var obj = new XMLHttpRequest();  // XMLHttpRequest对象用于在后台与服务器交换数据          
-	        obj.open('GET', url, true);
-	        obj.onreadystatechange = function() {
-	            if (obj.readyState == 4 && obj.status == 200 || obj.status == 304) { // readyState == 4说明请求已完成
-	                fn.call(this, obj.responseText);  //从服务器获得数据
-	            }
-	        };
-	        obj.send();
-	    },
-	    post: function (url, data, fn) {         // datat应为'a=a1&b=b1'这种字符串格式，在jq里如果data为对象会自动将对象转成这种字符串格式
-	        var obj = new XMLHttpRequest();
-	        obj.open("POST", url, true);
-	        obj.setRequestHeader("Content-type", "application/x-www-form-urlencoded");  // 添加http头，发送信息至服务器时内容编码类型
-	        obj.onreadystatechange = function() {
-	            if (obj.readyState == 4 && (obj.status == 200 || obj.status == 304)) {  // 304未修改
-	                fn.call(this, obj.responseText);
-	            }
-	        };
-	        obj.send(data);
-	    }
-	}
-function ajax(){ 
-	  var ajaxData = { 
-	    type:arguments[0].type || "GET", 
-	    url:arguments[0].url || "", 
-	    async:arguments[0].async || "true", 
-	    data:arguments[0].data || null, 
-	    dataType:arguments[0].dataType || "text", 
-	    contentType:arguments[0].contentType || "application/x-www-form-urlencoded", 
-	    beforeSend:arguments[0].beforeSend || function(){}, 
-	    success:arguments[0].success || function(){}, 
-	    error:arguments[0].error || function(){} 
-	  } 
-	  ajaxData.beforeSend() 
-	  var xhr = createxmlHttpRequest();  
-	  xhr.responseType=ajaxData.dataType; 
-	  xhr.open(ajaxData.type,ajaxData.url,ajaxData.async);  
-	  xhr.setRequestHeader("Content-Type",ajaxData.contentType);  
-	  xhr.send(convertData(ajaxData.data));  
-	  xhr.onreadystatechange = function() {  
-	    if (xhr.readyState == 4) {  
-	      if(xhr.status == 200){ 
-	        ajaxData.success(xhr.response) 
-	      }else{ 
-	        ajaxData.error() 
-	      }  
-	    } 
-	  }  
-	} 
-	  
-	function createxmlHttpRequest() {  
-	  if (window.ActiveXObject) {  
-	    return new ActiveXObject("Microsoft.XMLHTTP");  
-	  } else if (window.XMLHttpRequest) {  
-	    return new XMLHttpRequest();  
-	  }  
-	} 
-	  
-	function convertData(data){ 
-	  if( typeof data === 'object' ){ 
-	    var convertResult = "" ;  
-	    for(var c in data){  
-	      convertResult+= c + "=" + data[c] + "&";  
-	    }  
-	    convertResult=convertResult.substring(0,convertResult.length-1) 
-	    return convertResult; 
-	  }else{ 
-	    return data; 
-	  } 
-	}
+window.onload=function(){
+    var aInput=document.getElementsByTagName('input');
+    var oUser=aInput[0];
+    var oPwd=aInput[1]
+    var aI=document.getElementsByTagName('i')[0];
+    var sub = document.getElementById("submit");
+    sub.onclick = function(){
+    	if(oUser.value==""){
+            aI.innerHTML='账号不可为空';
+            return false;
+        }
+    	if(oPwd.value==""){
+            aI.innerHTML='密码不可为空';
+            return false;
+        }
+    	ajax({ 
+    		  type:"POST", 
+    		  url:"loginIn", 
+    		  dataType:"json", 
+    		  data:{user:oUser.value,pwd:oPwd.value}, 
+    		  beforeSend:function(){ 
+    		    //some js code 
+    		  }, 
+    		  success:function(rtn){ 
+    			  if(rtn.code != '200' && rtn.code != 200)
+    				  aI.innerHTML= rtn.msg;
+    			  else
+    				  location.href = rtn.msg;
+    		  }, 
+    		  error:function(){ 
+    		    console.log("error") 
+    		  } 
+    		})
+
+    	return false;
+    }
+    
+    oUser.onfocus=function(){
+        aI.innerHTML='';
+        oUser.removeAttribute("placeholder");
+    }
+    
+    oUser.onkeyup=function(){}
+    
+    oUser.onblur=function(){
+    	if(oUser.value==""){
+    		oUser.setAttribute("placeholder","账号不可为空");
+    	}
+    }
+    
+    oPwd.onfocus=function(){
+        oPwd.removeAttribute("placeholder");
+    }
+    oPwd.onblur=function(){
+    	if(oPwd.value==""){
+    		oPwd.setAttribute("placeholder","请输入确认密码");
+    	}
+    }
+}
+
+var Ajax={
+	    get: function(url, fn) {
+	        var obj = new XMLHttpRequest();
+	        obj.open('GET', url, true);
+	        obj.onreadystatechange = function() {
+	            if (obj.readyState == 4 && (obj.status == 200 || obj.status == 304)) {
+	                fn.call(this, obj.responseText);
+	            }
+	        };
+	        obj.send();
+	    },
+	    post: function (url, data, fn) {
+	        var obj = new XMLHttpRequest();
+	        obj.open("POST", url, true);
+	        obj.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+	        obj.onreadystatechange = function() {
+	            if (obj.readyState == 4 && (obj.status == 200 || obj.status == 304)) {
+	                fn.call(this, obj.responseText);
+	            }
+	        };
+	        obj.send(data);
+	    }
+}
+
+function ajax(){ 
+	  var ajaxData = { 
+	    type:arguments[0].type || "GET", 
+	    url:arguments[0].url || "", 
+	    async:arguments[0].async || "true", 
+	    data:arguments[0].data || null, 
+	    dataType:arguments[0].dataType || "text", 
+	    contentType:arguments[0].contentType || "application/x-www-form-urlencoded", 
+	    beforeSend:arguments[0].beforeSend || function(){}, 
+	    success:arguments[0].success || function(){}, 
+	    error:arguments[0].error || function(){} 
+	  } 
+	  ajaxData.beforeSend() 
+	  var xhr = createxmlHttpRequest();  
+	  xhr.open(ajaxData.type,ajaxData.url,ajaxData.async);  
+	  xhr.setRequestHeader("Content-Type",ajaxData.contentType);  
+	  xhr.send(convertData(ajaxData.data));  
+	  xhr.onreadystatechange = function() {  
+	    if (xhr.readyState == 4) {  
+	      if(xhr.status == 200){
+	        var response = xhr.responseText;
+	        if(ajaxData.dataType === "json" && response){
+	            try { response = JSON.parse(response); } catch(e){}
+	        }
+	        ajaxData.success(response);
+	      }else{ 
+	        ajaxData.error() 
+	      }  
+	    }  
+	  }  
+} 
+  
+function createxmlHttpRequest() {  
+	  if (window.ActiveXObject) {  
+	    return new ActiveXObject("Microsoft.XMLHTTP");  
+	  } else if (window.XMLHttpRequest) {  
+	    return new XMLHttpRequest();  
+	  }  
+} 
+  
+function convertData(data){ 
+	  if( typeof data === 'object' ){ 
+	    var convertResult = "" ;  
+	    for(var c in data){  
+	      convertResult+= c + "=" + data[c] + "&";  
+	    }  
+	    convertResult=convertResult.substring(0,convertResult.length-1) 
+	    return convertResult;  
+	  }else{ 
+	    return data;  
+	  } 
+}