ryx/c5_labsci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c5_labsci/web/ambap/login.php
2026-01-26 17:45:00 +08:00

567 lines
19 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
namespace web\ambap;
class login {
public static function json_uperr() {
global $db;
$post = new \ciy\post();
$errs = $post->get('err');
$meid = $post->getint('meid');
if (is_array($errs)) {
foreach ($errs as $err) {
savelog($db, $meid, $err['type'], $err['msg'], false, $err['t']);
}
}
return succjson();
}
// 登录接口 - 去掉权限限制 + 匹配前端MD5加密逻辑
public static function json_login_mobile() {
global $db;
global $_token;
$post = new \ciy\post();
$model = $post->get('model');
$appcid = $post->get('appcid');
$user = $post->get('user');
if (empty($user))
return errjson('请填写用户名');
$csql = new \ciy\sql('lab_user');
$csql->where('mobile', $user);
$rsuser = $db->getone($csql);
if ($rsuser === false)
return errjson($db->error);
if (!is_array($rsuser)) {
savelog($db, 0, 'LOGINERR', '用户[' . $user . ']不存在,在尝试登录');
return errjson('用户名不存在');
}
// 去掉状态权限限制 - 所有用户均可登录
// 注释掉原有的stpstatus校验逻辑
// if (!in_array($rsuser['stpstatus'], [10, 30, 50])) {
// savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']被禁用,在尝试登录');
// return errjson('您的账户已经被禁用.');
// }
// 密码错误次数限制(可选保留,如需关闭可注释)
if ($rsuser['trytime'] > 10) {
if (tostamp() - $rsuser['logintimes'] < 600) {
savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']登录连续失败');
return errjson('连续输入密码错误10分钟后再来登录.');
}
}
$authtime = $post->getint('auth');
$authSec = $authtime / 1000;
// 时间戳校验(兼容毫秒级)
if (abs($authSec - tostamp()) > 300)
return errjson('您的本地时间与服务器时间相差超过5分钟请调整本机时间。<br/>服务器时间: ' . date('Y-m-d H:i:s') . '<br/>您本机时间: ' . date('Y-m-d H:i:s', (int)$authSec));
// 密码校验:匹配前端加密逻辑 md5(数据库存储的MD5密码 + auth时间戳)
$checkPass = md5($rsuser['password'] . $authtime);
if ($post->get('pass') != $checkPass) {
$updata = array();
$updata['trytime'] = array('trytime+1');
$updata['logintimes'] = tostamp();
$csql = new \ciy\sql('lab_user');
$csql->where('id', $rsuser['id']);
$db->update($csql, $updata);
savelog($db, $rsuser['id'], 'LOGINERR', '用户[' . $user . ']登录密码错误');
return errjson('用户名或密码错误.');
}
// 登录成功 - 更新用户状态
$sid = randstr(10);
$exp = tostamp() + $_token['swapsec'];
$id = $rsuser['id'];
$updata = array();
$updata['logintimes'] = tostamp();
$updata['trytime'] = 0;
$updata['sid'] = $sid;
$updata['exptimes'] = $exp;
$updata['ip'] = getip();
$csql = new \ciy\sql('lab_user');
$csql->where('id', $id);
if ($db->update($csql, $updata) === false)
return errjson('user数据库更新失败:' . $db->error);
self::savelug($db, 1, $rsuser['id'], $model);
$ret = self::getsync($rsuser, $sid);
// 调试用户逻辑
$csql = new \ciy\sql('zc_debug_user');
$csql->where('targettype', 21);
$csql->where('isuse', 1);
$csql->where('user', $id);
if (is_array($db->getone($csql))) {
$csql = new \ciy\sql('zc_debug_user');
$csql->where('targettype', 21);
$csql->column('user,name');
$ret['dbgs'] = $db->get($csql);
}
return $ret;
}
// 注册接口 - 去掉权限限制 + 密码存储为MD5
public static function json_reg_mobile() {
global $db;
global $_token;
$post = new \ciy\post();
$model = $post->get('model');
$appcid = $post->get('appcid');
$user = $post->get('user');
$pass = $post->get('pass');
if (empty($user))
return errjson('请填写手机号');
if (empty($pass))
return errjson('请填写密码');
$csql = new \ciy\sql('lab_user');
$csql->where('mobile', $user);
$rsuser = $db->getone($csql);
if ($rsuser === false)
return errjson($db->error);
if (is_array($rsuser))
return errjson('该手机号已被注册');
$sid = randstr(10);
$exp = tostamp() + $_token['swapsec'];
$rsuser = array();
$rsuser['stpstatus'] = 30; // 任意状态均可登录(已去掉限制)
$rsuser['userlevel'] = 10;
$rsuser['name'] = ':' . substr($user, -4);
$rsuser['mobile'] = $user;
$rsuser['password'] = $pass; // 存储前端传递的MD5密码
$rsuser['trytime'] = 0;
$rsuser['logintimes'] = tostamp();
$rsuser['addtimes'] = tostamp();
$rsuser['sid'] = $sid;
$rsuser['exptimes'] = $exp;
$rsuser['ip'] = getip();
$rsuser['laborgid'] = 0;
$rsuser['usertitle'] = 0;
$rsuser['sn'] = '';
$rsuser['sex'] = 0;
$rsuser['totalpnt'] = 0;
$rsuser['dvotecnt'] = 0;
$rsuser['email'] = '';
$csql = new \ciy\sql('lab_user');
if ($db->insert($csql, $rsuser) === false)
return errjson('注册用户失败:' . $db->error);
$id = $db->insert_id();
$rsuser['id'] = $id;
if (!empty($appcid)) {
$updata = array();
$updata['id'] = $id;
$updata['appcid'] = $appcid;
$csql = new \ciy\sql('ap_usr_ext');
if ($db->insert($csql, $updata) === false)
return errjson('更新appcid失败:' . $db->error);
}
self::savelug($db, 1, $rsuser['id'], '手机注册:' . $model);
return self::getsync($rsuser, $sid);
}
// 微信自动登录
public static function json_wx_autouser() {
global $db;
global $_token;
$post = new \ciy\post();
$code = $post->get('code');
$upid = $post->getint('upid');
$weixinapi = new \web\api\weixin(1);
$wxret = $weixinapi->call('https://api.weixin.qq.com/sns/jscode2session?grant_type=authorization_code&appid={appid}&secret={appsecret}&js_code=' . $code);
if (is_string($wxret))
return errjson($wxret);
$openid = $wxret['openid'];
$sskey = $wxret['session_key'];
$csql = new \ciy\sql('ap_user');
$csql->where('wxminaid', $openid);
$rsuser = $db->getone($csql);
$userid = 0;
$sid = randstr(10);
$exp = tostamp() + $_token['swapsec'];
if (is_array($rsuser)) {
$userid = $rsuser['id'];
if ($rsuser['upid'] == 0 && $upid > 0 && $upid != $userid)
$rsuser['upid'] = $upid;
if (isset($wxret['unionid']))
$rsuser['wxunionid'] = $wxret['unionid'];
$rsuser['wxminakey'] = $sskey;
$rsuser['wxminaid'] = $openid;
$rsuser['trytime'] = 0;
$rsuser['logintimes'] = time();
$rsuser['sid'] = $sid;
$rsuser['exptimes'] = $exp;
$rsuser['ip'] = getip();
$csql = new \ciy\sql('ap_user');
$csql->where('id', $userid);
if ($db->update($csql, $rsuser) === false)
return errjson('wx更新失败:' . $db->error);
} else {
$newpnt = 1000;
$rsuser = array();
$rsuser['upid'] = $upid;
if (isset($wxret['unionid']))
$rsuser['wxunionid'] = $wxret['unionid'];
$rsuser['icon'] = '';
$rsuser['certs'] = '';
$rsuser['name'] = '';
$rsuser['mobile'] = '';
$rsuser['stpstatus'] = 10;
$rsuser['userlevel'] = 10;
$rsuser['myinvmoney'] = 0;
$rsuser['mycashmoney'] = 0;
$rsuser['mybondmoney'] = 0;
$rsuser['mypnt'] = $newpnt;
$rsuser['logintimes'] = time();
$rsuser['wxminakey'] = $sskey;
$rsuser['wxminaid'] = $openid;
$rsuser['addtimes'] = time();
$rsuser['sid'] = $sid;
$rsuser['exptimes'] = $exp;
$rsuser['accounttimes'] = tostamp() + 86400 * 3;
$rsuser['ip'] = getip();
$csql = new \ciy\sql('ap_user');
if ($db->insert($csql, $rsuser) === false)
return errjson('wx新增失败:' . $db->error);
$rsuser['id'] = $db->insert_id();
if ($newpnt > 0) {
$updata = array();
$updata['pnt'] = 1000;
$updata['vuser'] = $rsuser['id'];
$updata['name'] = '注册奖励';
$updata['addtimes'] = time();
$csql = new \ciy\sql('ap_pnt_record');
if ($db->insert($csql, $updata) === false)
return errjson('reward新增失败:' . $db->error);
}
}
return self::getsync($rsuser, $sid);
}
// 忘记密码
public static function json_forgetpass() {
global $db;
global $_token;
$post = new \ciy\post();
$model = $post->get('model');
$mobile = $post->get('user');
$pass = $post->get('pass');
$code = $post->get('captcha');
$codeid = $post->getint('capsms_id');
if (empty($code))
return errjson('请填写验证码');
if (empty($mobile))
return errjson('请填写手机号');
if (empty($pass))
return errjson('请填写密码');
$csql = new \ciy\sql('lab_user');
$csql->where('mobile', $mobile);
$rsuser = $db->getone($csql);
if (!is_array($rsuser))
return errjson('该手机号未注册');
$csql = new \ciy\sql('ap_usr_capcode');
$csql->where('id', $codeid);
$caprow = $db->getone($csql);
if (!is_array($caprow))
return errjson('未发送验证码');
if ($caprow['exptimes'] < time())
return errjson('验证码已过期');
$errmsg = '';
if ($caprow['account'] != $mobile)
$errmsg = '验证码与手机号不匹配';
if ($caprow['code'] != $code)
$errmsg = '验证码错误';
if (!empty($errmsg)) {
$updata = array();
$updata['exptimes'] = array('exptimes-180');
$csql = new \ciy\sql('ap_usr_capcode');
$csql->where('id', $codeid);
if ($db->update($csql, $updata) === false)
return errjson('减扣失败:' . $db->error);
return errjson($errmsg);
}
$sid = randstr(10);
$exp = tostamp() + $_token['swapsec'];
$updata = array();
$updata['trytime'] = 0;
$updata['password'] = $pass; // 存储MD5密码
$updata['logintimes'] = tostamp();
$updata['trytime'] = 0;
$updata['sid'] = $sid;
$updata['exptimes'] = $exp;
$updata['ip'] = getip();
$csql = new \ciy\sql('lab_user');
$csql->where('id', $caprow['vuser']);
if ($db->update($csql, $updata) === false)
return errjson('密码更新失败:' . $db->error);
self::savelug($db, 1, $rsuser['id'], '密码找回成功:' . $model);
return self::getsync($rsuser, $sid);
}
// 发送短信验证码
public static function json_sendsms() {
global $db;
$post = new \ciy\post();
$mobile = $post->get('account');
$length = $post->getint('length');
if ($length < 3 || $length > 8)
return errjson('验证码长度必须在3-8位之间');
$csql = new \ciy\sql('lab_user');
$csql->where('mobile', $mobile);
$rsuser = $db->getone($csql);
if (!is_array($rsuser))
return errjson('该手机号未注册');
$csql = new \ciy\sql('ap_usr_capcode');
$csql->where('account', $mobile);
$csql->where('addtimes>', tostamp() - 60);
$cnt = $db->get1($csql);
if ($cnt > 0)
return errjson('验证码发送频繁请1分钟后再尝试');
$code = rand(pow(10, $length - 1), pow(10, $length) - 1);
$updata = array();
$updata['vuser'] = $rsuser['id'];
$updata['account'] = $mobile;
$updata['code'] = $code;
$updata['addtimes'] = tostamp();
$updata['exptimes'] = tostamp() + 600;
$csql = new \ciy\sql('ap_usr_capcode');
if ($db->insert($csql, $updata) === false)
return errjson('更新失败:' . $db->error);
$id = $db->insert_id();
$data = array();
$data['txt'] = $code;
$param = array(
"mobile" => $mobile,
"style" => "1",
"data" => $data,
"sendnow" => true,
);
$retapi = ciy_api('sms', $param);
if ($retapi !== true)
return errjson($retapi);
$ret['id'] = $id;
return succjson($ret);
}
// 重新获取存储信息
public static function json_restorage() {
global $db;
$rsuser = verifyfast();
return self::getsync($rsuser);
}
// 生成登录返回数据
static function getsync($userrow, $sid = '') {
global $db;
global $_token;
$ret = array();
if (!empty($sid)) {
$auth = array();
$auth['id'] = $userrow['id'];
$auth["_s"] = $sid;
$authstr = json_encode($auth, JSON_PARTIAL_OUTPUT_ON_ERROR);
$enauth = encrypt($authstr, 'E', $_token['salt']);
if ($_token['type'] == 'cookie') {
$headercookie = 'Set-Cookie: ' . $_token['field'] . '=' . $enauth . '; expires=' . gmdate('D, d-M-Y H:i:s T', time() + $_token['swapsec'] + $_token['expsec']) . '; path=/; SameSite=None; Secure; httponly';
header($headercookie);
} else {
$ret['_ciyauth'] = $enauth;
}
}
$ret['storage'] = array();
$csql = new \ciy\sql('zc_admin');
$csql->column('id,name');
$ret['storage']['adminuser'] = $db->get($csql);
$csql = new \ciy\sql('zc_cata');
$csql->order('csort');
$ret['storage']['cata'] = $db->get($csql);
$csql = new \ciy\sql('ap_pnt_track');
$ret['pnttrack'] = $db->get($csql);
$ret['me'] = array();
$ret['me']['addtimes'] = $userrow['addtimes'];
$ret['me']['id'] = $userrow['id'];
$ret['me']['eid'] = enid($userrow['id']);
$ret['me']['mobile'] = $userrow['mobile'];
$ret['me']['name'] = $userrow['name'];
$ret['me']['dvotecnt'] = $userrow['dvotecnt'];
$ret['me']['needpass'] = empty($userrow['password']);
$ret['me']['cciy'] = '';
return succjson($ret);
}
// 退出登录
public static function json_logout() {
global $db;
$rsuser = verifyuser();
if (is_array($rsuser)) {
self::savelug($db, 2, $rsuser['id']);
}
return succjson();
}
// 调试切换用户
public static function json_debug_chguser() {
global $db;
global $_token;
$post = new \ciy\post();
$usercode = $post->getint('code');
$csql = new \ciy\sql('ap_user');
$csql->where('id', $usercode);
$rsuser = $db->getone($csql);
if (!is_array($rsuser))
return errjson('用户不存在');
$sid = randstr(10);
$exp = tostamp() + $_token['swapsec'];
$id = $rsuser['id'];
$updata = array();
$updata['sid'] = $sid;
$updata['exptimes'] = $exp;
$csql = new \ciy\sql('ap_user');
$csql->where('id', $id);
if ($db->update($csql, $updata) === false)
return errjson('user数据库更新失败:' . $db->error);
return self::getsync($rsuser, $sid);
}
// 调试操作用户
public static function json_debug_opuser() {
global $db;
$post = new \ciy\post();
$code = $post->getint('text');
$btn = $post->get('btn');
$csql = new \ciy\sql('ap_user');
$csql->where('id', $code);
$rsuser = $db->getone($csql);
if (!is_array($rsuser))
return errjson('用户不存在');
if ($btn == 'del') {
$csql = new \ciy\sql('zc_debug_user');
$csql->where('targettype', 21);
$csql->where('user', $code);
if ($db->delete($csql) === false)
return errjson('dbg删除失败:' . $db->error);
return succjson();
}
$csql = new \ciy\sql('zc_debug_user');
$csql->where('targettype', 21);
$csql->where('user', $code);
if (is_array($db->getone($csql)))
return errjson('已存在');
$updata = array();
$updata['targettype'] = 21;
$updata['isuse'] = 2;
$updata['name'] = $rsuser['name'];
$updata['user'] = $code;
$updata['pass'] = '';
$csql = new \ciy\sql('zc_debug_user');
if ($db->insert($csql, $updata) === false)
return errjson('debug_user新增失败:' . $db->error);
$ret['data'] = array('user' => $code, 'name' => $rsuser['name']);
return succjson($ret);
}
// 获取APP版本
public static function json_getappver() {
global $dbn;
$post = new \ciy\post();
$cplat = $post->get('plat');
$vercode = $post->getint('vercode');
$ver = (int)getconfig($dbn, 'ver' . $cplat . 'code');
$ret = array();
if ($ver > $vercode) {
$urlb = getconfig($dbn, 'ver' . $cplat . 'url');
$url = $urlb . $ver . '.wgt';
$ver = (int)($ver / 10000);
if ($ver > (int)($vercode / 10000)) {
$url = $urlb . $ver . '.apk';
}
$ret['url'] = $url;
}
return succjson($ret);
}
// 调试用户列表
public static function json_debug_list() {
global $db;
$csql = new \ciy\sql('zc_debug_user');
$csql->where('targettype', 21);
$csql->where('isuse', 1);
$csql->column('user,name,pass');
$list = $db->get($csql);
return succjson(['list' => $list]);
}
// 保存登录日志
private static function savelug($db, $isinout, $userid, $model = '') {
$updata = array();
$updata['isinout'] = $isinout;
$updata['loguser'] = $userid;
$updata['addtimes'] = tostamp();
$updata['ip'] = getip();
$updata['model'] = dbstr($model, 250);
$csql = new \ciy\sql('ap_lug');
$db->insert($csql, $updata);
return false;
}
}
Reference in New Issue View Git Blame Copy Permalink