get('err'); $meid = $post->getint('meid'); if (is_array($errs)) { foreach ($errs as $err) { savelog($db, $meid, $err['type'], $err['msg'], false, $err['t']); } } return succjson(); } // 登录接口 - 去掉权限限制 + 匹配前端MD5加密逻辑 public static function json_login_mobile() { global $db; global $_token; $post = new \ciy\post(); $model = $post->get('model'); $appcid = $post->get('appcid'); $user = $post->get('user'); if (empty($user)) return errjson('请填写用户名'); $csql = new \ciy\sql('lab_user'); $csql->where('mobile', $user); $rsuser = $db->getone($csql); if ($rsuser === false) return errjson($db->error); if (!is_array($rsuser)) { savelog($db, 0, 'LOGINERR', '用户[' . $user . ']不存在，在尝试登录'); return errjson('用户名不存在'); } // 去掉状态权限限制 - 所有用户均可登录 // 注释掉原有的stpstatus校验逻辑 // if (!in_array($rsuser['stpstatus'], [10, 30, 50])) { // savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']被禁用，在尝试登录'); // return errjson('您的账户已经被禁用.'); // } // 密码错误次数限制（可选保留，如需关闭可注释） if ($rsuser['trytime'] > 10) { if (tostamp() - $rsuser['logintimes'] < 600) { savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']登录连续失败'); return errjson('连续输入密码错误，10分钟后再来登录.'); } } $authtime = $post->getint('auth'); $authSec = $authtime / 1000; // 时间戳校验（兼容毫秒级） if (abs($authSec - tostamp()) > 300) return errjson('您的本地时间与服务器时间相差超过5分钟，请调整本机时间。
服务器时间: ' . date('Y-m-d H:i:s') . '
您本机时间: ' . date('Y-m-d H:i:s', (int)$authSec)); // 密码校验：匹配前端加密逻辑 md5(数据库存储的MD5密码 + auth时间戳) $checkPass = md5($rsuser['password'] . $authtime); if ($post->get('pass') != $checkPass) { $updata = array(); $updata['trytime'] = array('trytime+1'); $updata['logintimes'] = tostamp(); $csql = new \ciy\sql('lab_user'); $csql->where('id', $rsuser['id']); $db->update($csql, $updata); savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']登录密码错误'); return errjson('用户名或密码错误.'); } // 登录成功 - 更新用户状态 $sid = randstr(10); $exp = tostamp() + $_token['swapsec']; $id = $rsuser['id']; $updata = array(); $updata['logintimes'] = tostamp(); $updata['trytime'] = 0; $updata['sid'] = $sid; $updata['exptimes'] = $exp; $updata['ip'] = getip(); $csql = new \ciy\sql('lab_user'); $csql->where('id', $id); if ($db->update($csql, $updata) === false) return errjson('user数据库更新失败:' . $db->error); self::savelug($db, 1, $rsuser['id'], $model); $ret = self::getsync($rsuser, $sid); // 调试用户逻辑 $csql = new \ciy\sql('zc_debug_user'); $csql->where('targettype', 21); $csql->where('isuse', 1); $csql->where('user', $id); if (is_array($db->getone($csql))) { $csql = new \ciy\sql('zc_debug_user'); $csql->where('targettype', 21); $csql->column('user,name'); $ret['dbgs'] = $db->get($csql); } return $ret; } // 注册接口 - 去掉权限限制 + 密码存储为MD5 public static function json_reg_mobile() { global $db; global $_token; $post = new \ciy\post(); $model = $post->get('model'); $appcid = $post->get('appcid'); $user = $post->get('user'); $pass = $post->get('pass'); if (empty($user)) return errjson('请填写手机号'); if (empty($pass)) return errjson('请填写密码'); $csql = new \ciy\sql('lab_user'); $csql->where('mobile', $user); $rsuser = $db->getone($csql); if ($rsuser === false) return errjson($db->error); if (is_array($rsuser)) return errjson('该手机号已被注册'); $sid = randstr(10); $exp = tostamp() + $_token['swapsec']; $rsuser = array(); $rsuser['stpstatus'] = 30; // 任意状态均可登录（已去掉限制） $rsuser['userlevel'] = 10; $rsuser['name'] = ':' . substr($user, -4); $rsuser['mobile'] = $user; $rsuser['password'] = $pass; // 存储前端传递的MD5密码 $rsuser['trytime'] = 0; $rsuser['logintimes'] = tostamp(); $rsuser['addtimes'] = tostamp(); $rsuser['sid'] = $sid; $rsuser['exptimes'] = $exp; $rsuser['ip'] = getip(); $rsuser['laborgid'] = 0; $rsuser['usertitle'] = 0; $rsuser['sn'] = ''; $rsuser['sex'] = 0; $rsuser['totalpnt'] = 0; $rsuser['dvotecnt'] = 0; $rsuser['email'] = ''; $csql = new \ciy\sql('lab_user'); if ($db->insert($csql, $rsuser) === false) return errjson('注册用户失败:' . $db->error); $id = $db->insert_id(); $rsuser['id'] = $id; if (!empty($appcid)) { $updata = array(); $updata['id'] = $id; $updata['appcid'] = $appcid; $csql = new \ciy\sql('ap_usr_ext'); if ($db->insert($csql, $updata) === false) return errjson('更新appcid失败:' . $db->error); } self::savelug($db, 1, $rsuser['id'], '手机注册:' . $model); return self::getsync($rsuser, $sid); } // 微信自动登录 public static function json_wx_autouser() { global $db; global $_token; $post = new \ciy\post(); $code = $post->get('code'); $upid = $post->getint('upid'); $weixinapi = new \web\api\weixin(1); $wxret = $weixinapi->call('https://api.weixin.qq.com/sns/jscode2session?grant_type=authorization_code&appid={appid}&secret={appsecret}&js_code=' . $code); if (is_string($wxret)) return errjson($wxret); $openid = $wxret['openid']; $sskey = $wxret['session_key']; $csql = new \ciy\sql('ap_user'); $csql->where('wxminaid', $openid); $rsuser = $db->getone($csql); $userid = 0; $sid = randstr(10); $exp = tostamp() + $_token['swapsec']; if (is_array($rsuser)) { $userid = $rsuser['id']; if ($rsuser['upid'] == 0 && $upid > 0 && $upid != $userid) $rsuser['upid'] = $upid; if (isset($wxret['unionid'])) $rsuser['wxunionid'] = $wxret['unionid']; $rsuser['wxminakey'] = $sskey; $rsuser['wxminaid'] = $openid; $rsuser['trytime'] = 0; $rsuser['logintimes'] = time(); $rsuser['sid'] = $sid; $rsuser['exptimes'] = $exp; $rsuser['ip'] = getip(); $csql = new \ciy\sql('ap_user'); $csql->where('id', $userid); if ($db->update($csql, $rsuser) === false) return errjson('wx更新失败:' . $db->error); } else { $newpnt = 1000; $rsuser = array(); $rsuser['upid'] = $upid; if (isset($wxret['unionid'])) $rsuser['wxunionid'] = $wxret['unionid']; $rsuser['icon'] = ''; $rsuser['certs'] = ''; $rsuser['name'] = ''; $rsuser['mobile'] = ''; $rsuser['stpstatus'] = 10; $rsuser['userlevel'] = 10; $rsuser['myinvmoney'] = 0; $rsuser['mycashmoney'] = 0; $rsuser['mybondmoney'] = 0; $rsuser['mypnt'] = $newpnt; $rsuser['logintimes'] = time(); $rsuser['wxminakey'] = $sskey; $rsuser['wxminaid'] = $openid; $rsuser['addtimes'] = time(); $rsuser['sid'] = $sid; $rsuser['exptimes'] = $exp; $rsuser['accounttimes'] = tostamp() + 86400 * 3; $rsuser['ip'] = getip(); $csql = new \ciy\sql('ap_user'); if ($db->insert($csql, $rsuser) === false) return errjson('wx新增失败:' . $db->error); $rsuser['id'] = $db->insert_id(); if ($newpnt > 0) { $updata = array(); $updata['pnt'] = 1000; $updata['vuser'] = $rsuser['id']; $updata['name'] = '注册奖励'; $updata['addtimes'] = time(); $csql = new \ciy\sql('ap_pnt_record'); if ($db->insert($csql, $updata) === false) return errjson('reward新增失败:' . $db->error); } } return self::getsync($rsuser, $sid); } // 忘记密码 public static function json_forgetpass() { global $db; global $_token; $post = new \ciy\post(); $model = $post->get('model'); $mobile = $post->get('user'); $pass = $post->get('pass'); $code = $post->get('captcha'); $codeid = $post->getint('capsms_id'); if (empty($code)) return errjson('请填写验证码'); if (empty($mobile)) return errjson('请填写手机号'); if (empty($pass)) return errjson('请填写密码'); $csql = new \ciy\sql('lab_user'); $csql->where('mobile', $mobile); $rsuser = $db->getone($csql); if (!is_array($rsuser)) return errjson('该手机号未注册'); $csql = new \ciy\sql('ap_usr_capcode'); $csql->where('id', $codeid); $caprow = $db->getone($csql); if (!is_array($caprow)) return errjson('未发送验证码'); if ($caprow['exptimes'] < time()) return errjson('验证码已过期'); $errmsg = ''; if ($caprow['account'] != $mobile) $errmsg = '验证码与手机号不匹配'; if ($caprow['code'] != $code) $errmsg = '验证码错误'; if (!empty($errmsg)) { $updata = array(); $updata['exptimes'] = array('exptimes-180'); $csql = new \ciy\sql('ap_usr_capcode'); $csql->where('id', $codeid); if ($db->update($csql, $updata) === false) return errjson('减扣失败:' . $db->error); return errjson($errmsg); } $sid = randstr(10); $exp = tostamp() + $_token['swapsec']; $updata = array(); $updata['trytime'] = 0; $updata['password'] = $pass; // 存储MD5密码 $updata['logintimes'] = tostamp(); $updata['trytime'] = 0; $updata['sid'] = $sid; $updata['exptimes'] = $exp; $updata['ip'] = getip(); $csql = new \ciy\sql('lab_user'); $csql->where('id', $caprow['vuser']); if ($db->update($csql, $updata) === false) return errjson('密码更新失败:' . $db->error); self::savelug($db, 1, $rsuser['id'], '密码找回成功:' . $model); return self::getsync($rsuser, $sid); } // 发送短信验证码 public static function json_sendsms() { global $db; $post = new \ciy\post(); $mobile = $post->get('account'); $length = $post->getint('length'); if ($length < 3 || $length > 8) return errjson('验证码长度必须在3-8位之间'); $csql = new \ciy\sql('lab_user'); $csql->where('mobile', $mobile); $rsuser = $db->getone($csql); if (!is_array($rsuser)) return errjson('该手机号未注册'); $csql = new \ciy\sql('ap_usr_capcode'); $csql->where('account', $mobile); $csql->where('addtimes>', tostamp() - 60); $cnt = $db->get1($csql); if ($cnt > 0) return errjson('验证码发送频繁，请1分钟后再尝试'); $code = rand(pow(10, $length - 1), pow(10, $length) - 1); $updata = array(); $updata['vuser'] = $rsuser['id']; $updata['account'] = $mobile; $updata['code'] = $code; $updata['addtimes'] = tostamp(); $updata['exptimes'] = tostamp() + 600; $csql = new \ciy\sql('ap_usr_capcode'); if ($db->insert($csql, $updata) === false) return errjson('更新失败:' . $db->error); $id = $db->insert_id(); $data = array(); $data['txt'] = $code; $param = array( "mobile" => $mobile, "style" => "1", "data" => $data, "sendnow" => true, ); $retapi = ciy_api('sms', $param); if ($retapi !== true) return errjson($retapi); $ret['id'] = $id; return succjson($ret); } // 重新获取存储信息 public static function json_restorage() { global $db; $rsuser = verifyfast(); return self::getsync($rsuser); } // 生成登录返回数据 static function getsync($userrow, $sid = '') { global $db; global $_token; $ret = array(); if (!empty($sid)) { $auth = array(); $auth['id'] = $userrow['id']; $auth["_s"] = $sid; $authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR); $enauth = encrypt($authstr, 'E', $_token['salt']); if ($_token['type'] == 'cookie') { $headercookie = 'Set-Cookie: ' . $_token['field'] . '=' . $enauth . '; expires=' . gmdate('D, d-M-Y H:i:s T', time() + $_token['swapsec'] + $_token['expsec']) . '; path=/; SameSite=None; Secure; httponly'; header($headercookie); } else { $ret['_ciyauth'] = $enauth; } } $ret['storage'] = array(); $csql = new \ciy\sql('zc_admin'); $csql->column('id,name'); $ret['storage']['adminuser'] = $db->get($csql); $csql = new \ciy\sql('zc_cata'); $csql->order('csort'); $ret['storage']['cata'] = $db->get($csql); $csql = new \ciy\sql('ap_pnt_track'); $ret['pnttrack'] = $db->get($csql); $ret['me'] = array(); $ret['me']['addtimes'] = $userrow['addtimes']; $ret['me']['id'] = $userrow['id']; $ret['me']['eid'] = enid($userrow['id']); $ret['me']['mobile'] = $userrow['mobile']; $ret['me']['name'] = $userrow['name']; $ret['me']['dvotecnt'] = $userrow['dvotecnt']; $ret['me']['needpass'] = empty($userrow['password']); $ret['me']['cciy'] = ''; return succjson($ret); } // 退出登录 public static function json_logout() { global $db; $rsuser = verifyuser(); if (is_array($rsuser)) { self::savelug($db, 2, $rsuser['id']); } return succjson(); } // 调试切换用户 public static function json_debug_chguser() { global $db; global $_token; $post = new \ciy\post(); $usercode = $post->getint('code'); $csql = new \ciy\sql('ap_user'); $csql->where('id', $usercode); $rsuser = $db->getone($csql); if (!is_array($rsuser)) return errjson('用户不存在'); $sid = randstr(10); $exp = tostamp() + $_token['swapsec']; $id = $rsuser['id']; $updata = array(); $updata['sid'] = $sid; $updata['exptimes'] = $exp; $csql = new \ciy\sql('ap_user'); $csql->where('id', $id); if ($db->update($csql, $updata) === false) return errjson('user数据库更新失败:' . $db->error); return self::getsync($rsuser, $sid); } // 调试操作用户 public static function json_debug_opuser() { global $db; $post = new \ciy\post(); $code = $post->getint('text'); $btn = $post->get('btn'); $csql = new \ciy\sql('ap_user'); $csql->where('id', $code); $rsuser = $db->getone($csql); if (!is_array($rsuser)) return errjson('用户不存在'); if ($btn == 'del') { $csql = new \ciy\sql('zc_debug_user'); $csql->where('targettype', 21); $csql->where('user', $code); if ($db->delete($csql) === false) return errjson('dbg删除失败:' . $db->error); return succjson(); } $csql = new \ciy\sql('zc_debug_user'); $csql->where('targettype', 21); $csql->where('user', $code); if (is_array($db->getone($csql))) return errjson('已存在'); $updata = array(); $updata['targettype'] = 21; $updata['isuse'] = 2; $updata['name'] = $rsuser['name']; $updata['user'] = $code; $updata['pass'] = ''; $csql = new \ciy\sql('zc_debug_user'); if ($db->insert($csql, $updata) === false) return errjson('debug_user新增失败:' . $db->error); $ret['data'] = array('user' => $code, 'name' => $rsuser['name']); return succjson($ret); } // 获取APP版本 public static function json_getappver() { global $dbn; $post = new \ciy\post(); $cplat = $post->get('plat'); $vercode = $post->getint('vercode'); $ver = (int)getconfig($dbn, 'ver' . $cplat . 'code'); $ret = array(); if ($ver > $vercode) { $urlb = getconfig($dbn, 'ver' . $cplat . 'url'); $url = $urlb . $ver . '.wgt'; $ver = (int)($ver / 10000); if ($ver > (int)($vercode / 10000)) { $url = $urlb . $ver . '.apk'; } $ret['url'] = $url; } return succjson($ret); } // 调试用户列表 public static function json_debug_list() { global $db; $csql = new \ciy\sql('zc_debug_user'); $csql->where('targettype', 21); $csql->where('isuse', 1); $csql->column('user,name,pass'); $list = $db->get($csql); return succjson(['list' => $list]); } // 保存登录日志 private static function savelug($db, $isinout, $userid, $model = '') { $updata = array(); $updata['isinout'] = $isinout; $updata['loguser'] = $userid; $updata['addtimes'] = tostamp(); $updata['ip'] = getip(); $updata['model'] = dbstr($model, 250); $csql = new \ciy\sql('ap_lug'); $db->insert($csql, $updata); return false; } }