From 3526c9ce834ce2b91f94a2ae3090cc466b4900d1 Mon Sep 17 00:00:00 2001
From: lyt <lyt@hainatravel.com>
Date: Sat, 28 Apr 2018 17:59:01 +0800
Subject: [PATCH] =?UTF-8?q?trippest=20=E5=9B=BE=E5=85=B0=E6=9C=B5=E8=AE=A2?=
 =?UTF-8?q?=E5=8D=95=E7=8A=B6=E6=80=81=E4=B8=8A=E6=8A=A5,=20=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81=E8=BA=AB=E4=BB=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controllers/TulanduoApi.php                 | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/webht/third_party/trippestOrderSync/controllers/TulanduoApi.php b/webht/third_party/trippestOrderSync/controllers/TulanduoApi.php
index 96220ea5..560b3bc4 100644
--- a/webht/third_party/trippestOrderSync/controllers/TulanduoApi.php
+++ b/webht/third_party/trippestOrderSync/controllers/TulanduoApi.php
@@ -33,6 +33,10 @@ class TulanduoApi extends CI_Controller
         )
     );
 
+    // userId key
+    // 1343 2e47c3721e3ff6e816fe6b928d7acc7d
+    // 29188 95c3b0d958a79a1216e651df182b3cb4
+    // 30548 9db75a2dc17156eb122364295804b7a2
 
     // test
     // public $list_url     = "http://dj.ltsoftware.net:9901/action/api/searchRouteOrder/";
@@ -535,8 +539,12 @@ log_message('error','in GCI ' . json_decode($resp)->responseData->orderId);
         $ret['status'] = -1;
         $ret['errMsg'] = "未知错误";
         $input = $this->input->post();
-        // todo 验证userID
         $vendorID = $input['userId'];
+        $validate = $this->calc_key($vendorID, $input['key']);
+        if ($validate !== TRUE) {
+            $ret['errMsg'] = "身份验证失败.";
+            return $this->output->set_content_type('application/json')->set_output(json_encode($ret));
+        }
         // $vendorID = 29188;//29188 1343; // test
         $vas_info = $this->Orders_model->get_vendorarrangestate_byVendor($input['orderId'], $vendorID);
         if (empty($vas_info) && ! empty($input['agcOrderNo'])) {
@@ -675,4 +683,11 @@ log_message('error','in GCI ' . json_decode($resp)->responseData->orderId);
         );
     }
 
+    public function calc_key($userId, $key)
+    {
+        $default = "b825e39422a54875a95752fc7ed6f5d2";
+        $ret = md5(hash("sha256", $userId.$default));
+        return $ret===$key;
+    }
+
 }