dao251108

2025-11-08 21:44:59 +08:00 · 2025-11-08 21:44:59 +08:00 · 5d6bdcb1e3
parent 02fd685a67
commit 5d6bdcb1e3
4 changed files with 118 additions and 53 deletions
--- a/fapp/贡献代码.bat
+++ b/fapp/贡献代码.bat
@ -3,6 +3,8 @@ xcopy ciydao\pages\demo ciyon_ap\pages\demo /s /y /v
 xcopy ciydao\pages\main ciyon_ap\pages\main /s /y /v
 xcopy ciydao\pages\pub ciyon_ap\pages\pub /s /y /v
 xcopy ciydao\util ciyon_ap\util /s /y /v
+xcopy ciydao\index.html ciyon_ap\index.html /s /y /v
 xcopy ciydao\main.js ciyon_ap\main.js /s /y /v
 xcopy ciydao\vite.config.js ciyon_ap\vite.config.js /s /y /v
+xcopy ..\web\ambdao ..\web\ambap /s /y /v
 pause
--- a/web/ambap/common.php
+++ b/web/ambap/common.php
@ -16,9 +16,12 @@
 * get/set config       从SaaS配置表中读写配置项
 * get/set/del memvar   从SaaS内存表中读写变量
 */
-$tokenfield = "ciyap";
-$tokensalt = "ast34h$3"; //做数据加解密时的加密因子，每个项目都不要相同。
-$logpath = PATH_ROOT . 'log/';
+$_token = array();
+$_token['type'] = 'localstorage'; //cookie(更安全) 、 localstorage(兼容性好)   微信小程序不支持cookie
+$_token['swapsec'] = 3600; //更换JWT时间
+$_token['expsec'] = 86400; //过期退出时间
+$_token['field'] = 'ciyap';
+$_token['salt'] = 'ast34h$3'; //做数据加解密时的加密因子，每个项目都不要相同。

 function verifyfast() {
    $rsuser = verifyuser();
@ -28,13 +31,14 @@ function verifyfast() {
 }
 function verifyuser() {
    global $db;
-    global $tokensalt;
-    global $tokenfield;
-    if (isset($_SERVER['HTTP_' . strtoupper($tokenfield)]))
-        $ciyauth = $_SERVER['HTTP_' . strtoupper($tokenfield)];
+    global $_token;
+    if (isset($_COOKIE[$_token['field']]))
+        $ciyauth = $_COOKIE[$_token['field']];
+    else if (isset($_SERVER['HTTP_CIYAUTH']))
+        $ciyauth = $_SERVER['HTTP_CIYAUTH'];
    else
-        $ciyauth = get('_' . $tokenfield);
-    $auth = json_decode(encrypt($ciyauth, 'D', $tokensalt), true);
+        $ciyauth = get('_ciyauth');
+    $auth = json_decode(encrypt($ciyauth, 'D', $_token['salt']), true);
    if ($auth == null)
        return null;
    $csql = new \ciy\sql('ap_user'); //弃用redis集群
@ -46,16 +50,25 @@ function verifyuser() {
        return null;
    if ($userrow['stpstatus'] != 10)
        return null;
+    if ($userrow['exptimes'] < time() - $_token['expsec'])
+        return null;
    if ($userrow['exptimes'] > time())
        return $userrow;
-    $exp = time() + 86400;
+    $exp = time() + $_token['swapsec'];
    $sid = randstr(10);
    $auth['_s'] = $sid;
    if ($db->execute('update ap_user set exptimes=?,sid=? where id=?', array($exp, $sid, $auth['id'])) === false)
        return null;
    $authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR);
-    $enauth = encrypt($authstr, 'E', $tokensalt);
-    header($tokenfield . ': ' . $enauth);
+    $enauth = encrypt($authstr, 'E', $_token['salt']);
+    if ($_token['type'] == 'cookie') {
+        $headercookie = 'Set-Cookie: ' . $_token['field'] . '=' . $enauth . '; expires=' . gmdate('D, d-M-Y H:i:s T', $exp + $_token['swapsec'] + $_token['expsec']) . '; path=/; SameSite=None; Secure; httponly';
+        header($headercookie);
+    } else {
+        //header($_token['field'] . ': ' . $enauth);
+        $_token['__ciyauth'] = $enauth;
+    }
+    //header($_token['field'] . ': ' . $enauth);
    return $userrow;
 }
 //true无权限，false有权限
@ -101,7 +114,7 @@ function savelog($db, $userid, $types, $msg, $isrequest = false, $time = 0) {
    $updata['readuser'] = 0;
    $updata['addtimes'] = $time == 0 ? tostamp() : $time;
    $updata['ip'] = getip();
-    $csql = new \ciy\sql('zc_log');
+    $csql = new \ciy\sql('ap_log');
    $db->insert($csql, $updata);
    return false;
 }
@ -191,7 +204,7 @@ function setmemvar($db, $types, $value) {
            if ($ind === false) {
                $updata['params'] = 1;
            } else {
-                $updata['params'] = toint(substr($value[0], $ind + 1));
+                $updata['params'] = (int)substr($value[0], $ind + 1);
            }
        }
        if ($db->insert($csql, $updata) === false)
--- a/web/ambap/login.php
+++ b/web/ambap/login.php
@ -17,8 +17,9 @@ class login {
    }
    public static function json_login_mobile() {
        global $db;
-        global $tokensalt;
+        global $_token;
        $post = new \ciy\post();
+        $model = $post->get('model');
        $user = $post->get('user');
        if (empty($user))
            return errjson('请填写用户名');
@ -45,7 +46,7 @@ class login {
        if (abs($authtime / 1000 - tostamp()) > 300)
            return errjson('您的本地时间与服务器时间相差超过5分钟，请调整本机时间。<br/>服务器时间: ' . date('Y-m-d H:i:s') . '<br/>您本机时间: ' . date('Y-m-d H:i:s', $authtime / 1000));
        // if($user == '1')
-        //     clog(md5('1' . $tokensalt)); //开发生成默认密码
+        //     clog(md5('1' . $_token['salt'])); //开发生成默认密码
        if ($post->get('pass') != md5($rsuser['password'] . $authtime)) {
            $updata = array();
            $updata['trytime'] = array('trytime+1');
@ -53,11 +54,11 @@ class login {
            $csql = new \ciy\sql('ap_user');
            $csql->where('id', $rsuser['id']);
            $db->update($csql, $updata);
-            savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']登录密码错误' . md5('1' . $tokensalt));
+            savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']登录密码错误' . md5('1' . $_token['salt']));
            return errjson('用户名或密码错误.');
        }
        $sid = randstr(10);
-        $exp = tostamp() + 86400; //默认三天过期，每天换秘钥
+        $exp = tostamp() + $_token['swapsec'];
        $id = $rsuser['id'];
        $updata = array();
        $updata['logintimes'] = tostamp();
@ -69,14 +70,14 @@ class login {
        $csql->where('id', $id);
        if ($db->update($csql, $updata) === false)
            return errjson('user数据库更新失败:' . $db->error);
-        savelog($db, $rsuser['id'], 'LOGIN', '登录成功');
-
-        self::setonline($rsuser, $sid);
-        return self::getsync($rsuser);
+        self::saveluser($db, 1, $rsuser['id'], $model);
+        return self::getsync($rsuser, $sid);
    }
    public static function json_reg_mobile() {
        global $db;
+        global $_token;
        $post = new \ciy\post();
+        $model = $post->get('model');
        $upid = $post->getint('upid');
        $user = $post->get('user');
        $pass = $post->get('pass');
@ -93,7 +94,7 @@ class login {
            return errjson('该手机号已被注册');

        $sid = randstr(10);
-        $exp = tostamp() + 86400; //默认三天过期，每天换秘钥
+        $exp = tostamp() + $_token['swapsec']; //默认三天过期，每天换秘钥
        $rsuser = array();
        $rsuser['upid'] = $upid;
        $rsuser['stpstatus'] = 10;
@ -123,12 +124,12 @@ class login {
        if ($upid > 0) {
            //上级用户统计
        }
-        savelog($db, $rsuser['id'], 'LOGIN', '手机注册成功');
-        self::setonline($rsuser, $sid);
-        return self::getsync($rsuser);
+        self::saveluser($db, 1, $rsuser['id'], '手机注册:' . $model);
+        return self::getsync($rsuser, $sid);
    }
    public static function json_wx_autouser() {
        global $db;
+        global $_token;
        $post = new \ciy\post();
        $code = $post->get('code');
        $upid = $post->getint('upid');
@ -145,7 +146,7 @@ class login {
        $rsuser = $db->getone($csql);
        $userid = 0;
        $sid = randstr(10);
-        $exp = tostamp() + 86400; //默认三天过期，每天换秘钥
+        $exp = tostamp() + $_token['swapsec']; //默认三天过期，每天换秘钥
        if (is_array($rsuser)) {
            $userid = $rsuser['id'];
            if ($rsuser['upid'] == 0 && $upid > 0 && $upid != $userid)
@ -210,12 +211,13 @@ class login {
                //     return errjson('上线统计失败:' . $db->error);
            }
        }
-        self::setonline($rsuser, $sid);
-        return self::getsync($rsuser);
+        return self::getsync($rsuser, $sid);
    }
    public static function json_forgetpass() {
        global $db;
+        global $_token;
        $post = new \ciy\post();
+        $model = $post->get('model');
        $mobile = $post->get('user');
        $pass = $post->get('pass');
        $code = $post->get('capsms');
@ -254,7 +256,7 @@ class login {
            return errjson($errmsg);
        }
        $sid = randstr(10);
-        $exp = tostamp() + 86400; //默认三天过期，每天换秘钥
+        $exp = tostamp() + $_token['swapsec']; //默认三天过期，每天换秘钥
        $updata = array();
        $updata['trytime'] = 0;
        $updata['password'] = $pass;
@ -267,10 +269,8 @@ class login {
        $csql->where('id', $caprow['vuser']);
        if ($db->update($csql, $updata) === false)
            return errjson('密码更新失败:' . $db->error);
-        savelog($db, $rsuser['id'], 'LOGIN', '密码找回成功');
-
-        self::setonline($rsuser, $sid);
-        return self::getsync($rsuser);
+        self::saveluser($db, 1, $rsuser['id'], '密码找回成功:' . $model);
+        return self::getsync($rsuser, $sid);
        return succjson();
    }
    public static function json_sendsms() {
@ -323,19 +323,24 @@ class login {
        $rsuser = verifyfast();
        return self::getsync($rsuser);
    }
-    static function setonline($userrow, $sid) {
-        global $tokensalt;
-        global $tokenfield;
+    static function getsync($userrow, $sid = '') {
+        global $db;
+        global $_token;
+        $ret = array();
+        if (!empty($sid)) {
            $auth = array();
            $auth['id'] = $userrow['id'];
            $auth["_s"] = $sid;
            $authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR);
-        $enauth = encrypt($authstr, 'E', $tokensalt);
-        header($tokenfield . ': ' . $enauth);
+            $enauth = encrypt($authstr, 'E', $_token['salt']);
+            if ($_token['type'] == 'cookie') {
+                $headercookie = 'Set-Cookie: ' . $_token['field'] . '=' . $enauth . '; expires=' . gmdate('D, d-M-Y H:i:s T', time() + $_token['swapsec'] + $_token['expsec']) . '; path=/; SameSite=None; Secure; httponly';
+                header($headercookie);  //Cookie方式，安全性好
+            } else {
+                $ret['_ciyauth'] = $enauth; //Localstorage方式，兼容性更好
+                //header($_token['field'] . ': ' . $enauth);  //有坑
+            }
        }
-    static function getsync($userrow) {
-        global $db;
-        $ret = array();
        $ret['storage'] = array();
        $csql = new \ciy\sql('zc_admin');
        $csql->column('id,name');
@ -370,6 +375,7 @@ class login {
            $ret['me']['email'] = $extrow['email'];
            $ret['me']['wxno'] = $extrow['wxno'];
            $ret['me']['idid'] = $extrow['idid'];
+            $ret['me']['cciy'] = $extrow['cciy'];
            $ret['me']['cashtype'] = $extrow['cashtype'];
            $ret['me']['bankno'] = $extrow['bankno'];
            $ret['me']['bankname'] = $extrow['bankname'];
@ -382,7 +388,9 @@ class login {
    public static function json_logout() {
        global $db;
        $rsuser = verifyuser();
-        savelog($db, $rsuser['id'], 'LOGIN', '退出登录');
+        if (is_array($rsuser)) {
+            self::saveluser($db, 2, $rsuser['id']);
+        }
        return succjson();
    }
    public static function json_debug() {
@ -393,4 +401,15 @@ class login {
        $ret['list'] = $db->get($csql);
        return succjson($ret);
    }
+    private static function saveluser($db, $isinout, $userid, $model = '') {
+        $updata = array();
+        $updata['isinout'] = $isinout;
+        $updata['loguser'] = $userid;
+        $updata['addtimes'] = tostamp();
+        $updata['ip'] = getip();
+        $updata['model'] = dbstr($model, 250);
+        $csql = new \ciy\sql('ap_luser');
+        $db->insert($csql, $updata);
+        return false;
+    }
 }
--- a/web/ambap/me.php
+++ b/web/ambap/me.php
@ -3,6 +3,15 @@
 namespace web\ambap;

 class me {
+    
+    public static function json_signpath() {
+        $rsuser = verifyfast();
+        $post = new \ciy\post();
+        $path = $post->get('path');//'/pages/main/index';
+        $ret['sign'] = hash_hmac('sha256', $path, $rsuser['wxminakey'], false);
+        $ret['path'] = $path;
+        return succjson($ret);
+    }
    public static function json_invoicetitle_get() {
        global $db;
        $rsuser = verifyfast();
@ -58,7 +67,6 @@ class me {
            $db->commit();
        } catch (\Exception $ex) {
            $db->rollback();
-            savelogfile('err_db', $ex->getMessage());
            return errjson($ex->getMessage());
        }
        $ret['data'] = $updata;
@ -129,7 +137,6 @@ class me {
            $db->commit();
        } catch (\Exception $ex) {
            $db->rollback();
-            savelogfile('err_db', $ex->getMessage());
            return errjson($ex->getMessage());
        }
        $ret['data'] = $updata;
@ -511,7 +518,6 @@ class me {
            $db->commit();
        } catch (\Exception $ex) {
            $db->rollback();
-            savelogfile('err_db', $ex->getMessage());
            return errjson($ex->getMessage());
        }
        return succjson();
@ -557,7 +563,6 @@ class me {
            $db->commit();
        } catch (\Exception $ex) {
            $db->rollback();
-            savelogfile('err_db', $ex->getMessage());
            return errjson($ex->getMessage());
        }
        return succjson();
@ -733,6 +738,32 @@ class me {
        $ret['recommend'] = 2;
        return succjson($ret);
    }
+    public static function json_me_bank_info_change() {
+        global $db;
+        $rsuser = verifyfast();
+        $post = new \ciy\post();
+        $bankno = $post->get('bankno');
+        $bankname = $post->get('bankname');
+        $bankaccount = $post->get('bankaccount');
+        $bankcode = $post->get('bankcode');
+        $updata = array();
+        $updata['bankno'] = $bankno;
+        $updata['bankname'] = $bankname;
+        $updata['bankaccount'] = $bankaccount;
+        $updata['bankcode'] = $bankcode;
+        $csql = new \ciy\sql('ap_usr_ext');
+        $csql->where('id', $rsuser['id']);
+        $extrow = $db->getone($csql);
+        if (is_array($extrow)) {
+            if ($db->update($csql, $updata) === false)
+                return errjson('ext更新失败:' . $db->error);
+        } else {
+            $updata['id'] = $rsuser['id'];
+            if ($db->insert($csql, $updata) === false)
+                return errjson('ext新增失败:' . $db->error);
+        }
+        return succjson();
+    }
    public static function json_userinfo_change() {
        global $db;
        $rsuser = verifyfast();