LiuZhengYu/KunWeb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dao251108

This commit is contained in:
众产-王坤 2025-11-08 21:44:59 +08:00
parent 02fd685a67
commit 5d6bdcb1e3
4 changed files with 118 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fapp/贡献代码.bat
View File

@ -3,6 +3,8 @@ xcopy ciydao\pages\demo ciyon_ap\pages\demo /s /y /v
xcopy ciydao\pages\main ciyon_ap\pages\main /s /y /v xcopy ciydao\pages\main ciyon_ap\pages\main /s /y /v
xcopy ciydao\pages\pub ciyon_ap\pages\pub /s /y /v xcopy ciydao\pages\pub ciyon_ap\pages\pub /s /y /v
xcopy ciydao\util ciyon_ap\util /s /y /v xcopy ciydao\util ciyon_ap\util /s /y /v
xcopy ciydao\index.html ciyon_ap\index.html /s /y /v
xcopy ciydao\main.js ciyon_ap\main.js /s /y /v xcopy ciydao\main.js ciyon_ap\main.js /s /y /v
xcopy ciydao\vite.config.js ciyon_ap\vite.config.js /s /y /v xcopy ciydao\vite.config.js ciyon_ap\vite.config.js /s /y /v
xcopy ..\web\ambdao ..\web\ambap /s /y /v
pause pause

47
web/ambap/common.php
View File

@ -16,9 +16,12 @@
* get/set config 从SaaS配置表中读写配置项 * get/set config 从SaaS配置表中读写配置项
* get/set/del memvar 从SaaS内存表中读写变量 * get/set/del memvar 从SaaS内存表中读写变量
*/ */
$tokenfield = "ciyap"; $_token = array();
$tokensalt = "ast34h$3"; //做数据加解密时的加密因子,每个项目都不要相同。 $_token['type'] = 'localstorage'; //cookie(更安全) 、 localstorage(兼容性好) 微信小程序不支持cookie
$logpath = PATH_ROOT . 'log/'; $_token['swapsec'] = 3600; //更换JWT时间
$_token['expsec'] = 86400; //过期退出时间
$_token['field'] = 'ciyap';
$_token['salt'] = 'ast34h$3'; //做数据加解密时的加密因子,每个项目都不要相同。
function verifyfast() { function verifyfast() {
$rsuser = verifyuser(); $rsuser = verifyuser();
@ -28,13 +31,14 @@ function verifyfast() {
} }
function verifyuser() { function verifyuser() {
global $db; global $db;
global $tokensalt; global $_token;
global $tokenfield; if (isset($_COOKIE[$_token['field']]))
if (isset($_SERVER['HTTP_' . strtoupper($tokenfield)])) $ciyauth = $_COOKIE[$_token['field']];
$ciyauth = $_SERVER['HTTP_' . strtoupper($tokenfield)]; else if (isset($_SERVER['HTTP_CIYAUTH']))
$ciyauth = $_SERVER['HTTP_CIYAUTH'];
else else
$ciyauth = get('_' . $tokenfield); $ciyauth = get('_ciyauth');
$auth = json_decode(encrypt($ciyauth, 'D', $tokensalt), true); $auth = json_decode(encrypt($ciyauth, 'D', $_token['salt']), true);
if ($auth == null) if ($auth == null)
return null; return null;
$csql = new \ciy\sql('ap_user'); //弃用redis集群 $csql = new \ciy\sql('ap_user'); //弃用redis集群
@ -46,16 +50,25 @@ function verifyuser() {
return null; return null;
if ($userrow['stpstatus'] != 10) if ($userrow['stpstatus'] != 10)
return null; return null;
if ($userrow['exptimes'] < time() - $_token['expsec'])
return null;
if ($userrow['exptimes'] > time()) if ($userrow['exptimes'] > time())
return $userrow; return $userrow;
$exp = time() + 86400; $exp = time() + $_token['swapsec'];
$sid = randstr(10); $sid = randstr(10);
$auth['_s'] = $sid; $auth['_s'] = $sid;
if ($db->execute('update ap_user set exptimes=?,sid=? where id=?', array($exp, $sid, $auth['id'])) === false) if ($db->execute('update ap_user set exptimes=?,sid=? where id=?', array($exp, $sid, $auth['id'])) === false)
return null; return null;
$authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR); $authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR);
$enauth = encrypt($authstr, 'E', $tokensalt); $enauth = encrypt($authstr, 'E', $_token['salt']);
header($tokenfield . ': ' . $enauth); if ($_token['type'] == 'cookie') {
$headercookie = 'Set-Cookie: ' . $_token['field'] . '=' . $enauth . '; expires=' . gmdate('D, d-M-Y H:i:s T', $exp + $_token['swapsec'] + $_token['expsec']) . '; path=/; SameSite=None; Secure; httponly';
header($headercookie);
} else {
//header($_token['field'] . ': ' . $enauth);
$_token['__ciyauth'] = $enauth;
}
//header($_token['field'] . ': ' . $enauth);
return $userrow; return $userrow;
} }
//true无权限false有权限 //true无权限false有权限
@ -101,7 +114,7 @@ function savelog($db, $userid, $types, $msg, $isrequest = false, $time = 0) {
$updata['readuser'] = 0; $updata['readuser'] = 0;
$updata['addtimes'] = $time == 0 ? tostamp() : $time; $updata['addtimes'] = $time == 0 ? tostamp() : $time;
$updata['ip'] = getip(); $updata['ip'] = getip();
$csql = new \ciy\sql('zc_log'); $csql = new \ciy\sql('ap_log');
$db->insert($csql, $updata); $db->insert($csql, $updata);
return false; return false;
} }
@ -112,10 +125,10 @@ function gettoken($db, $id) {
$csql = new \ciy\sql('zc_token'); $csql = new \ciy\sql('zc_token');
$csql->where('id', $id); $csql->where('id', $id);
$tokenrow = $db->getone($csql); $tokenrow = $db->getone($csql);
if(!is_array($tokenrow)) if (!is_array($tokenrow))
return array(); return array();
$cfgtoken = str_replace('{PATH_ROOT}', PATH_ROOT, $tokenrow['cfgtoken']); $cfgtoken = str_replace('{PATH_ROOT}', PATH_ROOT, $tokenrow['cfgtoken']);
$cfg = getstrparam($cfgtoken , "\n"); $cfg = getstrparam($cfgtoken, "\n");
$cfg['accesstoken'] = $tokenrow['accesstoken']; $cfg['accesstoken'] = $tokenrow['accesstoken'];
$cfg['exptimes'] = $tokenrow['exptimes']; $cfg['exptimes'] = $tokenrow['exptimes'];
return $cfg; return $cfg;
@ -191,7 +204,7 @@ function setmemvar($db, $types, $value) {
if ($ind === false) { if ($ind === false) {
$updata['params'] = 1; $updata['params'] = 1;
} else { } else {
$updata['params'] = toint(substr($value[0], $ind + 1)); $updata['params'] = (int)substr($value[0], $ind + 1);
} }
} }
if ($db->insert($csql, $updata) === false) if ($db->insert($csql, $updata) === false)
@ -206,7 +219,7 @@ function delmemvar($db, $types) {
} }
function ciy_api($enter, $param) { function ciy_api($enter, $param) {
$cfg = webini('ciyapi'); $cfg = webini('ciyapi');
if(is_string($cfg)) if (is_string($cfg))
return errjson($cfg); return errjson($cfg);
$time = time(); $time = time();
$payload = json_encode($param); $payload = json_encode($param);

83
web/ambap/login.php
View File

@ -17,8 +17,9 @@ class login {
} }
public static function json_login_mobile() { public static function json_login_mobile() {
global $db; global $db;
global $tokensalt; global $_token;
$post = new \ciy\post(); $post = new \ciy\post();
$model = $post->get('model');
$user = $post->get('user'); $user = $post->get('user');
if (empty($user)) if (empty($user))
return errjson('请填写用户名'); return errjson('请填写用户名');
@ -45,7 +46,7 @@ class login {
if (abs($authtime / 1000 - tostamp()) > 300) if (abs($authtime / 1000 - tostamp()) > 300)
return errjson('您的本地时间与服务器时间相差超过5分钟请调整本机时间。<br/>服务器时间: ' . date('Y-m-d H:i:s') . '<br/>您本机时间: ' . date('Y-m-d H:i:s', $authtime / 1000)); return errjson('您的本地时间与服务器时间相差超过5分钟请调整本机时间。<br/>服务器时间: ' . date('Y-m-d H:i:s') . '<br/>您本机时间: ' . date('Y-m-d H:i:s', $authtime / 1000));
// if($user == '1') // if($user == '1')
// clog(md5('1' . $tokensalt)); //开发生成默认密码 // clog(md5('1' . $_token['salt'])); //开发生成默认密码
if ($post->get('pass') != md5($rsuser['password'] . $authtime)) { if ($post->get('pass') != md5($rsuser['password'] . $authtime)) {
$updata = array(); $updata = array();
$updata['trytime'] = array('trytime+1'); $updata['trytime'] = array('trytime+1');
@ -53,11 +54,11 @@ class login {
$csql = new \ciy\sql('ap_user'); $csql = new \ciy\sql('ap_user');
$csql->where('id', $rsuser['id']); $csql->where('id', $rsuser['id']);
$db->update($csql, $updata); $db->update($csql, $updata);
savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']登录密码错误' . md5('1' . $tokensalt)); savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']登录密码错误' . md5('1' . $_token['salt']));
return errjson('用户名或密码错误.'); return errjson('用户名或密码错误.');
} }
$sid = randstr(10); $sid = randstr(10);
$exp = tostamp() + 86400; //默认三天过期,每天换秘钥 $exp = tostamp() + $_token['swapsec'];
$id = $rsuser['id']; $id = $rsuser['id'];
$updata = array(); $updata = array();
$updata['logintimes'] = tostamp(); $updata['logintimes'] = tostamp();
@ -69,14 +70,14 @@ class login {
$csql->where('id', $id); $csql->where('id', $id);
if ($db->update($csql, $updata) === false) if ($db->update($csql, $updata) === false)
return errjson('user数据库更新失败:' . $db->error); return errjson('user数据库更新失败:' . $db->error);
savelog($db, $rsuser['id'], 'LOGIN', '登录成功'); self::saveluser($db, 1, $rsuser['id'], $model);
return self::getsync($rsuser, $sid);
self::setonline($rsuser, $sid);
return self::getsync($rsuser);
} }
public static function json_reg_mobile() { public static function json_reg_mobile() {
global $db; global $db;
global $_token;
$post = new \ciy\post(); $post = new \ciy\post();
$model = $post->get('model');
$upid = $post->getint('upid'); $upid = $post->getint('upid');
$user = $post->get('user'); $user = $post->get('user');
$pass = $post->get('pass'); $pass = $post->get('pass');
@ -93,7 +94,7 @@ class login {
return errjson('该手机号已被注册'); return errjson('该手机号已被注册');
$sid = randstr(10); $sid = randstr(10);
$exp = tostamp() + 86400; //默认三天过期,每天换秘钥 $exp = tostamp() + $_token['swapsec']; //默认三天过期,每天换秘钥
$rsuser = array(); $rsuser = array();
$rsuser['upid'] = $upid; $rsuser['upid'] = $upid;
$rsuser['stpstatus'] = 10; $rsuser['stpstatus'] = 10;
@ -123,12 +124,12 @@ class login {
if ($upid > 0) { if ($upid > 0) {
//上级用户统计 //上级用户统计
} }
savelog($db, $rsuser['id'], 'LOGIN', '手机注册成功'); self::saveluser($db, 1, $rsuser['id'], '手机注册:' . $model);
self::setonline($rsuser, $sid); return self::getsync($rsuser, $sid);
return self::getsync($rsuser);
} }
public static function json_wx_autouser() { public static function json_wx_autouser() {
global $db; global $db;
global $_token;
$post = new \ciy\post(); $post = new \ciy\post();
$code = $post->get('code'); $code = $post->get('code');
$upid = $post->getint('upid'); $upid = $post->getint('upid');
@ -145,7 +146,7 @@ class login {
$rsuser = $db->getone($csql); $rsuser = $db->getone($csql);
$userid = 0; $userid = 0;
$sid = randstr(10); $sid = randstr(10);
$exp = tostamp() + 86400; //默认三天过期,每天换秘钥 $exp = tostamp() + $_token['swapsec']; //默认三天过期,每天换秘钥
if (is_array($rsuser)) { if (is_array($rsuser)) {
$userid = $rsuser['id']; $userid = $rsuser['id'];
if ($rsuser['upid'] == 0 && $upid > 0 && $upid != $userid) if ($rsuser['upid'] == 0 && $upid > 0 && $upid != $userid)
@ -210,12 +211,13 @@ class login {
// return errjson('上线统计失败:' . $db->error); // return errjson('上线统计失败:' . $db->error);
} }
} }
self::setonline($rsuser, $sid); return self::getsync($rsuser, $sid);
return self::getsync($rsuser);
} }
public static function json_forgetpass() { public static function json_forgetpass() {
global $db; global $db;
global $_token;
$post = new \ciy\post(); $post = new \ciy\post();
$model = $post->get('model');
$mobile = $post->get('user'); $mobile = $post->get('user');
$pass = $post->get('pass'); $pass = $post->get('pass');
$code = $post->get('capsms'); $code = $post->get('capsms');
@ -254,7 +256,7 @@ class login {
return errjson($errmsg); return errjson($errmsg);
} }
$sid = randstr(10); $sid = randstr(10);
$exp = tostamp() + 86400; //默认三天过期,每天换秘钥 $exp = tostamp() + $_token['swapsec']; //默认三天过期,每天换秘钥
$updata = array(); $updata = array();
$updata['trytime'] = 0; $updata['trytime'] = 0;
$updata['password'] = $pass; $updata['password'] = $pass;
@ -267,10 +269,8 @@ class login {
$csql->where('id', $caprow['vuser']); $csql->where('id', $caprow['vuser']);
if ($db->update($csql, $updata) === false) if ($db->update($csql, $updata) === false)
return errjson('密码更新失败:' . $db->error); return errjson('密码更新失败:' . $db->error);
savelog($db, $rsuser['id'], 'LOGIN', '密码找回成功'); self::saveluser($db, 1, $rsuser['id'], '密码找回成功:' . $model);
return self::getsync($rsuser, $sid);
self::setonline($rsuser, $sid);
return self::getsync($rsuser);
return succjson(); return succjson();
} }
public static function json_sendsms() { public static function json_sendsms() {
@ -323,19 +323,24 @@ class login {
$rsuser = verifyfast(); $rsuser = verifyfast();
return self::getsync($rsuser); return self::getsync($rsuser);
} }
static function setonline($userrow, $sid) { static function getsync($userrow, $sid = '') {
global $tokensalt;
global $tokenfield;
$auth = array();
$auth['id'] = $userrow['id'];
$auth["_s"] = $sid;
$authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR);
$enauth = encrypt($authstr, 'E', $tokensalt);
header($tokenfield . ': ' . $enauth);
}
static function getsync($userrow) {
global $db; global $db;
global $_token;
$ret = array(); $ret = array();
if (!empty($sid)) {
$auth = array();
$auth['id'] = $userrow['id'];
$auth["_s"] = $sid;
$authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR);
$enauth = encrypt($authstr, 'E', $_token['salt']);
if ($_token['type'] == 'cookie') {
$headercookie = 'Set-Cookie: ' . $_token['field'] . '=' . $enauth . '; expires=' . gmdate('D, d-M-Y H:i:s T', time() + $_token['swapsec'] + $_token['expsec']) . '; path=/; SameSite=None; Secure; httponly';
header($headercookie); //Cookie方式安全性好
} else {
$ret['_ciyauth'] = $enauth; //Localstorage方式兼容性更好
//header($_token['field'] . ': ' . $enauth); //有坑
}
}
$ret['storage'] = array(); $ret['storage'] = array();
$csql = new \ciy\sql('zc_admin'); $csql = new \ciy\sql('zc_admin');
$csql->column('id,name'); $csql->column('id,name');
@ -370,6 +375,7 @@ class login {
$ret['me']['email'] = $extrow['email']; $ret['me']['email'] = $extrow['email'];
$ret['me']['wxno'] = $extrow['wxno']; $ret['me']['wxno'] = $extrow['wxno'];
$ret['me']['idid'] = $extrow['idid']; $ret['me']['idid'] = $extrow['idid'];
$ret['me']['cciy'] = $extrow['cciy'];
$ret['me']['cashtype'] = $extrow['cashtype']; $ret['me']['cashtype'] = $extrow['cashtype'];
$ret['me']['bankno'] = $extrow['bankno']; $ret['me']['bankno'] = $extrow['bankno'];
$ret['me']['bankname'] = $extrow['bankname']; $ret['me']['bankname'] = $extrow['bankname'];
@ -382,7 +388,9 @@ class login {
public static function json_logout() { public static function json_logout() {
global $db; global $db;
$rsuser = verifyuser(); $rsuser = verifyuser();
savelog($db, $rsuser['id'], 'LOGIN', '退出登录'); if (is_array($rsuser)) {
self::saveluser($db, 2, $rsuser['id']);
}
return succjson(); return succjson();
} }
public static function json_debug() { public static function json_debug() {
@ -393,4 +401,15 @@ class login {
$ret['list'] = $db->get($csql); $ret['list'] = $db->get($csql);
return succjson($ret); return succjson($ret);
} }
private static function saveluser($db, $isinout, $userid, $model = '') {
$updata = array();
$updata['isinout'] = $isinout;
$updata['loguser'] = $userid;
$updata['addtimes'] = tostamp();
$updata['ip'] = getip();
$updata['model'] = dbstr($model, 250);
$csql = new \ciy\sql('ap_luser');
$db->insert($csql, $updata);
return false;
}
} }

39
web/ambap/me.php
View File

@ -3,6 +3,15 @@
namespace web\ambap; namespace web\ambap;
class me { class me {
public static function json_signpath() {
$rsuser = verifyfast();
$post = new \ciy\post();
$path = $post->get('path');//'/pages/main/index';
$ret['sign'] = hash_hmac('sha256', $path, $rsuser['wxminakey'], false);
$ret['path'] = $path;
return succjson($ret);
}
public static function json_invoicetitle_get() { public static function json_invoicetitle_get() {
global $db; global $db;
$rsuser = verifyfast(); $rsuser = verifyfast();
@ -58,7 +67,6 @@ class me {
$db->commit(); $db->commit();
} catch (\Exception $ex) { } catch (\Exception $ex) {
$db->rollback(); $db->rollback();
savelogfile('err_db', $ex->getMessage());
return errjson($ex->getMessage()); return errjson($ex->getMessage());
} }
$ret['data'] = $updata; $ret['data'] = $updata;
@ -129,7 +137,6 @@ class me {
$db->commit(); $db->commit();
} catch (\Exception $ex) { } catch (\Exception $ex) {
$db->rollback(); $db->rollback();
savelogfile('err_db', $ex->getMessage());
return errjson($ex->getMessage()); return errjson($ex->getMessage());
} }
$ret['data'] = $updata; $ret['data'] = $updata;
@ -511,7 +518,6 @@ class me {
$db->commit(); $db->commit();
} catch (\Exception $ex) { } catch (\Exception $ex) {
$db->rollback(); $db->rollback();
savelogfile('err_db', $ex->getMessage());
return errjson($ex->getMessage()); return errjson($ex->getMessage());
} }
return succjson(); return succjson();
@ -557,7 +563,6 @@ class me {
$db->commit(); $db->commit();
} catch (\Exception $ex) { } catch (\Exception $ex) {
$db->rollback(); $db->rollback();
savelogfile('err_db', $ex->getMessage());
return errjson($ex->getMessage()); return errjson($ex->getMessage());
} }
return succjson(); return succjson();
@ -733,6 +738,32 @@ class me {
$ret['recommend'] = 2; $ret['recommend'] = 2;
return succjson($ret); return succjson($ret);
} }
public static function json_me_bank_info_change() {
global $db;
$rsuser = verifyfast();
$post = new \ciy\post();
$bankno = $post->get('bankno');
$bankname = $post->get('bankname');
$bankaccount = $post->get('bankaccount');
$bankcode = $post->get('bankcode');
$updata = array();
$updata['bankno'] = $bankno;
$updata['bankname'] = $bankname;
$updata['bankaccount'] = $bankaccount;
$updata['bankcode'] = $bankcode;
$csql = new \ciy\sql('ap_usr_ext');
$csql->where('id', $rsuser['id']);
$extrow = $db->getone($csql);
if (is_array($extrow)) {
if ($db->update($csql, $updata) === false)
return errjson('ext更新失败:' . $db->error);
} else {
$updata['id'] = $rsuser['id'];
if ($db->insert($csql, $updata) === false)
return errjson('ext新增失败:' . $db->error);
}
return succjson();
}
public static function json_userinfo_change() { public static function json_userinfo_change() {
global $db; global $db;
$rsuser = verifyfast(); $rsuser = verifyfast();