diff --git a/api.php b/api.php new file mode 100644 index 0000000..3d912af --- /dev/null +++ b/api.php @@ -0,0 +1,997 @@ + '登录', 1 => '注册', 2 => '找回密码']; + +$act = input('act'); +$do = input('do'); + +switch ($act) { + case 'reg': + $fromMicroClient = 'microClient' == $do; + + $type = intval(input('type')); + $account = input('account'); + $password = input('password'); + $serverId = 0; + $email = ''; + $agent_id = 0; + + if (!in_array($type, [0, 1, 2])) + returnJson(['code' => 1, 'msg' => '参数错误!请刷新页面重试~'], $fromMicroClient); + + if (!$account) + returnJson(['code' => 1, 'msg' => '请输入' . $_CONFIG['account_name'] . $_CONFIG['account_name_suffix']], $fromMicroClient); + if (6 > strlen($account) && !in_array($account, array_unique(explode(',', trim($_CONFIG['admin_account'])))) || 16 < strlen($account)) + returnJson(['code' => 1, 'msg' => $_CONFIG['account_name'] . $_CONFIG['account_name_suffix'] . '长度为6-16个字符'], $fromMicroClient); + + if (!$password) + returnJson(['code' => 1, 'msg' => '请输入' . $_CONFIG['account_name'] . $_CONFIG['password_name_suffix']], $fromMicroClient); + if (6 > strlen($password) || 16 < strlen($password)) + returnJson(['code' => 1, 'msg' => $_CONFIG['account_name'] . $_CONFIG['password_name_suffix'] . '长度为6-16个字符'], $fromMicroClient); + + $ip = get_ip(); + + // 检查IP是否被封 + if ($_CONFIG['deny_ip']) { + $deny_ip = array_unique(explode(',', trim($_CONFIG['deny_ip']))); + if (!empty($deny_ip) && in_array($ip, $deny_ip)) { + returnJson(['code' => 1, 'msg' => '当前未开放访问!'], $fromMicroClient); // 当前IP已禁用 + } + } + + $md5Pwd = md5($password . PASSWORD_KEY); + $time = time(); + + // 做一下从微端登录/注册的兼容 start -------------------------------------------------- + if ($fromMicroClient) { + // 关闭验证码 + $_CONFIG['code_open'] = 0; + // 连接数据库 + $mySQLi = new mysqli($_CONFIG_DB['db_host'], $_CONFIG_DB['db_user'], $_CONFIG_DB['db_password'], $_CONFIG_DB['db_name'], $_CONFIG_DB['db_port']); + if ($mySQLi->connect_errno) + returnJson(['code' => 1, 'msg' => $mySQLi->connect_error], $fromMicroClient); + $mySQLi->set_charset($_CONFIG_DB['db_charset']); + // 先查询账号是否存在 + $stmt = $mySQLi->prepare('select password from player where username=?'); + $stmt->bind_param('s', $account); + $stmt->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_array(); + $result->free_result(); + $stmt->close(); + // 如果帐号存在但密码错误表示登录模式 + if (!empty($row)) { + if ($md5Pwd != $row['password']) { + returnJson(['code' => 1, 'msg' => $_CONFIG['account_name'] . $_CONFIG['account_name_suffix'] . '或' . $_CONFIG['password_name_suffix'] . '不正确!'], $fromMicroClient); + } + $type = 0; + } else { // 否则表示注册模式 + $type = 1; + $_CONFIG['reg_code_open'] = 0; + } + } + // 做一下从微端登录/注册的兼容 end -------------------------------------------------- + + // 提前检查条件 + switch ($type) { + case 1: // 注册 + // 是否开放注册 + if (!$_CONFIG['reg_open']) { + returnJson(['code' => 1, 'msg' => '内部测试中,未开放注册,如需体验请联系客服。'], $fromMicroClient); + } + // 检查保留帐号 + if ($_CONFIG['retain_account']) { + $retain_account = array_unique(explode(',', trim($_CONFIG['retain_account']))); + if (!empty($retain_account) && in_array($account, $retain_account)) { + returnJson(['code' => 1, 'msg' => '抱歉!此' . $_CONFIG['account_name'] . $_CONFIG['account_name_suffix'] . '已被占用,请更换。'], $fromMicroClient); + } + } + + $password2 = input('password2'); + $serverId = intval(input('serverId')); + $email = input('email'); + if ($_CONFIG['code_open'] && $_CONFIG['reg_code_open']) { + $code = input('code'); + } + + if (!$fromMicroClient) { + if (!$password2) + returnJson(['code' => 1, 'msg' => '请再次输入' . $_CONFIG['account_name'] . $_CONFIG['password_name_suffix']], $fromMicroClient); + if (6 > strlen($password2) || 16 < strlen($password2)) + returnJson(['code' => 1, 'msg' => $_CONFIG['account_name'] . $_CONFIG['password_name_suffix'] . '长度为6-16个字符'], $fromMicroClient); + if ($password2 != $password) + returnJson(['code' => 1, 'msg' => '两次输入的' . $_CONFIG['account_name'] . $_CONFIG['password_name_suffix'] . '不一致!'], $fromMicroClient); + } + if (!$serverId) + returnJson(['code' => 1, 'msg' => '请选择区服!'], $fromMicroClient); + if ($_CONFIG['code_open']) { + if ($_CONFIG['reg_code_open'] && !$email) + returnJson(['code' => 1, 'msg' => '请输入邮箱地址!'], $fromMicroClient); + if ($email && !filter_var($email, FILTER_VALIDATE_EMAIL)) + returnJson(['code' => 1, 'msg' => '邮箱地址格式错误!'], $fromMicroClient); + + if ($_CONFIG['reg_code_open']) { + if (!$code) + returnJson(['code' => 1, 'msg' => '请输入邮箱验证码!'], $fromMicroClient); + if (strlen($code) != $_CONFIG['code_length']) + returnJson(['code' => 1, 'msg' => '验证码长度为6位数字!'], $fromMicroClient); + } + } + + $agent_id = intval(input('agent_id')); + break; + case 0: // 登录 + // 是否开放登录 + if (!$_CONFIG['login_open'] && !in_array($account, array_unique(explode(',', trim($_CONFIG['admin_account']))))) { + returnJson(['code' => 1, 'msg' => '内部测试中,未开放登录,如需体验请联系客服。'], $fromMicroClient); + } + break; + case 2: // 找回密码 + if (!$_CONFIG['code_open']) { + returnJson(['code' => 1, 'msg' => '验证码系统尚未开启!']); + } + + $password2 = input('password2'); + $email = input('email'); + $code = input('code'); + + if (!$password2) + returnJson(['code' => 1, 'msg' => '请输入' . $_CONFIG['account_name'] . $_CONFIG['password_name_suffix']]); + if (6 > strlen($password2) || 16 < strlen($password2)) + returnJson(['code' => 1, 'msg' => $_CONFIG['account_name'] . $_CONFIG['password_name_suffix'] . '长度为6-16个字符']); + if ($password2 != $password) + returnJson(['code' => 1, 'msg' => '两次输入的' . $_CONFIG['account_name'] . $_CONFIG['password_name_suffix'] . '不一致!']); + + if (!$email) + returnJson(['code' => 1, 'msg' => '请输入邮箱地址!']); + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) + returnJson(['code' => 1, 'msg' => '邮箱地址格式错误!']); + + if (!$code) + returnJson(['code' => 1, 'msg' => '请输入邮箱验证码!']); + if (strlen($code) != $_CONFIG['code_length']) + returnJson(['code' => 1, 'msg' => '验证码长度为6位数字!']); + break; + } + + if (!isset($mySQLi)) { + $mySQLi = new mysqli($_CONFIG_DB['db_host'], $_CONFIG_DB['db_user'], $_CONFIG_DB['db_password'], $_CONFIG_DB['db_name'], $_CONFIG_DB['db_port']); + if ($mySQLi->connect_errno) + returnJson(['code' => 1, 'msg' => $mySQLi->connect_error], $fromMicroClient); + $mySQLi->set_charset($_CONFIG_DB['db_charset']); + } + + // 限制每日注册数量上限 + if (1 == $type && $_CONFIG['day_max_reg']) { + $stmt2 = $mySQLi->prepare("SELECT id FROM player WHERE reg_ip = ? AND FROM_UNIXTIME(reg_time, '%Y-%m-%d') = CURDATE()"); + $stmt2->bind_param('s', $ip); + $stmt2->execute(); + $result2 = $stmt2->get_result(); + $row2 = $result2->fetch_array(); + $regNum = $result2->num_rows; + $result2->free_result(); + $stmt2->close(); + if ($regNum >= $_CONFIG['day_max_reg']) { + $mySQLi->close(); + returnJson(['code' => 10, 'msg' => '您今日注册量已达上限,请明日再试~'], $fromMicroClient); + } + } + + if (2 != $type) { + $field = ['id']; + if (0 == $type) { + $field[] = 'password'; + } + $stmt = $mySQLi->prepare('select ' . implode(', ', $field) . ' from player where username=?'); + $stmt->bind_param('s', $account); + $stmt->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_array(); + $result->free_result(); + $stmt->close(); + } + + // 创建账号 + if (1 == $type) { + if (!empty($row)) { + $mySQLi->close(); + returnJson(['code' => 1, 'msg' => '此' . $_CONFIG['account_name'] . $_CONFIG['account_name_suffix'] . '已被其他勇士占用!请更换。'], $fromMicroClient); + } + + // test + //returnJson(['code' => 1, 'msg' => 'test register: '.$email], $fromMicroClient); + + if ($email) { + // 检查邮箱地址是否被占用 + $stmt = $mySQLi->prepare('select id from player where email=?'); + $stmt->bind_param('s', $email); + $stmt->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_array(); + $result->free_result(); + $stmt->close(); + if (!empty($row)) { + $mySQLi->close(); + returnJson(['code' => 1, 'msg' => '此邮箱地址已被其他勇士占用!请更换。', $fromMicroClient]); + } + + // 获取验证码记录 + if ($_CONFIG['code_open'] && $_CONFIG['reg_code_open']) { + $stmt = $mySQLi->prepare('select id, code from verify where account=? and email=? and type=?'); + $stmt->bind_param('ssi', $account, $email, $type); + $stmt->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_array(); + $result->free_result(); + $stmt->close(); + if (empty($row) || $code != $row['code']) { + $mySQLi->close(); + returnJson(['code' => 1, 'msg' => '验证码无效!'], $fromMicroClient); + } + } + } + + $device = isMobile() ? 1 : 0; + $os = getOS(); + $browse = getBrowse(); + + //echo $account.', '.$md5Pwd.', '.$email.', '.$device.', '.getOS().', '.getBrowse().', '.$time.', '.$ip;exit; + + $stmt1 = $mySQLi->prepare('insert into `player` (username, password, server_id, email, agent_id, device, os, browse, reg_time, reg_ip) values(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'); + $stmt1->bind_param('ssisiissis', $account, $md5Pwd, $serverId, $email, $agent_id, $device, $os, $browse, $time, $ip); + $stmt1->execute(); + $rowNum = $stmt1->affected_rows; + $stmt1->close(); + if (0 < $rowNum) { + // 删除验证码 + if ($_CONFIG['code_open'] && $_CONFIG['reg_code_open']) { + $stmt = $mySQLi->prepare('DELETE FROM verify WHERE id = ? and type=?'); + $stmt->bind_param('ii', $row['id'], $type); + $stmt->execute(); + $stmt->close(); + } + + // 代理人 + if (0 < $agent_id) { + // 检查代理人是否存在 + $stmt = $mySQLi->prepare('select id from `agent` where id = ?'); + $stmt->bind_param('i', $agent_id); + $stmt->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_array(); + $result->free_result(); + $stmt->close(); + // 如果代理人存在 + if (!empty($row)) { + // 更新代理人邀请统计 + $stmt = $mySQLi->prepare('UPDATE `agent` SET invite_count = invite_count + 1 WHERE id = ?'); + $stmt->bind_param('i', $agent_id); + $stmt->execute(); + $stmt->close(); + } + } + + $mySQLi->close(); + + setcookie('account', $account, $_CONFIG['session_time']); + setcookie('password', $password, $_CONFIG['session_time']); + setcookie('token', $md5Pwd, $_CONFIG['session_time']); + $_SESSION['account'] = $account; + $_SESSION['password'] = $password; + $_SESSION['token'] = $md5Pwd; + + $msgLast = '

'; + $msgLast .= $_CONFIG['account_name'] . $_CONFIG['account_name_suffix'] . ':' . $account; + $msgLast .= '
'; + $msgLast .= $_CONFIG['account_name'] . $_CONFIG['password_name_suffix'] . ':' . $password; + $msgLast .= '
'; + $msgLast .= '邮箱地址:' . $email; + + $msg = '恭喜勇士!获得玛法' . $_CONFIG['account_name'] . ',请牢记' . $_CONFIG['account_name'] . $_CONFIG['password_name_suffix'] . '!准备开启玛法之旅..' . (!$fromMicroClient ? $msgLast : ''); + $resData = [ + 'code' => 0, + 'msg' => $msg, + 'token' => $md5Pwd + ]; + if ($fromMicroClient) { + $resData['url'] = '/play?account=' . $account . '&token=' . $md5Pwd; + } + returnJson($resData, $fromMicroClient); + } else { + $mySQLi->close(); + returnJson(['code' => 1, 'msg' => $_CONFIG['account_name'] . '获取失败,请重试~'], $fromMicroClient); + } + } elseif (0 == $type) { // 登录 + $mySQLi->close(); + if (empty($row) || $md5Pwd !== $row['password']) { + returnJson(['code' => 1, 'msg' => '传送员无法匹配此' . $_CONFIG['account_name'] . ',请检查!'], $fromMicroClient); + } else { + setcookie('account', $account, $_CONFIG['session_time']); + setcookie('password', $password, $_CONFIG['session_time']); + setcookie('token', $md5Pwd, $_CONFIG['session_time']); + $_SESSION['account'] = $account; + $_SESSION['password'] = $password; + $_SESSION['token'] = $md5Pwd; + + $resData = ['code' => 0, 'msg' => '欢迎来到清渊传奇,正在传送…', 'token' => $md5Pwd]; + if ($fromMicroClient) { + $resData['url'] = '/play?account=' . $account . '&token=' . $md5Pwd; + } + returnJson($resData, $fromMicroClient); + } + } elseif (2 == $type) { // 重置密码 + if (!$_CONFIG['code_open']) { + $mySQLi->close(); + returnJson(['code' => 1, 'msg' => '验证码系统尚未开启!']); + } + + // 检查邮箱地址是否存在 + $stmt = $mySQLi->prepare('select email from player where username=? and email=?'); + $stmt->bind_param('ss', $account, $email); + $stmt->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_array(); + $result->free_result(); + $stmt->close(); + if (empty($row)) { + $mySQLi->close(); + returnJson(['code' => 1, 'msg' => '传送员无法匹配此' . $_CONFIG['account_name'] . ',请检查!']); + } + + // 检查验证码 + $stmt = $mySQLi->prepare('select id, code from verify where email=? and type=?'); + $stmt->bind_param('si', $email, $type); + $stmt->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_array(); + $result->free_result(); + $stmt->close(); + if (empty($row) || $code != $row['code']) { + $mySQLi->close(); + returnJson(['code' => 1, 'msg' => '验证码不正确!']); + } + + // 修改密码 + $stmt = $mySQLi->prepare('UPDATE `player` SET password = ? WHERE username=? and email=?'); + $stmt->bind_param('sss', $md5Pwd, $account, $email); + $stmt->execute(); + $stmt->close(); + + // 删除验证码 + $stmt = $mySQLi->prepare('DELETE FROM verify WHERE id = ? and type= ?'); + $stmt->bind_param('ii', $row['id'], $type); + $stmt->execute(); + $stmt->close(); + + $mySQLi->close(); + returnJson(['code' => 0, 'msg' => $_CONFIG['account_name'] . $_CONFIG['password_name_suffix'] . '修改成功!']); + } + break; + case 'getCode': // 发送验证码到邮箱 + if (!$_CONFIG['code_open']) { + returnJson(['code' => 1, 'msg' => '验证码系统尚未开启!']); + } + + $type = intval(input('type')); + $account = input('account'); + $email = input('email'); + + if (!in_array($type, [1, 2])) + returnJson(['code' => 1, 'msg' => '参数错误!请刷新页面重试~']); + + if (!$account) + returnJson(['code' => 1, 'msg' => '请输入' . $_CONFIG['account_name'] . $_CONFIG['account_name_suffix']]); + if (6 > strlen($account) && !in_array($account, array_unique(explode(',', trim($_CONFIG['admin_account'])))) || 16 < strlen($account)) + returnJson(['code' => 1, 'msg' => $_CONFIG['account_name'] . $_CONFIG['account_name_suffix'] . '长度为6-16个字符']); + + if (!$email) + returnJson(['code' => 1, 'msg' => '请输入邮箱地址!']); + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) + returnJson(['code' => 1, 'msg' => '邮箱地址格式错误!']); + + $ip = get_ip(); + + // 检查IP是否被封 + if ($_CONFIG['deny_ip']) { + $deny_ip = array_unique(explode(',', trim($_CONFIG['deny_ip']))); + if (!empty($deny_ip) && in_array($ip, $deny_ip)) { + returnJson(['code' => 1, 'msg' => '当前未开放访问!']); // 当前IP已禁用 + } + } + + if (1 == $type) { + // 是否开放注册 + if (!$_CONFIG['reg_open']) { + returnJson(['code' => 1, 'msg' => '内部测试中,未开放注册,如需体验请联系客服。']); + } + // 检查保留帐号 + if ($_CONFIG['retain_account']) { + $retain_account = array_unique(explode(',', trim($_CONFIG['retain_account']))); + if (!empty($retain_account) && in_array($account, $retain_account)) { + returnJson(['code' => 1, 'msg' => '抱歉!此' . $_CONFIG['account_name'] . $_CONFIG['account_name_suffix'] . '已被占用,请更换。']); + } + } + } + + $mySQLi = new mysqli($_CONFIG_DB['db_host'], $_CONFIG_DB['db_user'], $_CONFIG_DB['db_password'], $_CONFIG_DB['db_name'], $_CONFIG_DB['db_port']); + if ($mySQLi->connect_errno) + returnJson(['code' => 1, 'msg' => $mySQLi->connect_error]); + $mySQLi->set_charset($_CONFIG_DB['db_charset']); + + if (1 == $type) { + // 限制每日注册数量上限 + if ($_CONFIG['day_max_reg']) { + $stmt2 = $mySQLi->prepare("SELECT id FROM player WHERE reg_ip = ? AND FROM_UNIXTIME(reg_time, '%Y-%m-%d') = CURDATE()"); + $stmt2->bind_param('s', $ip); + $stmt2->execute(); + $result2 = $stmt2->get_result(); + $row2 = $result2->fetch_array(); + $regNum = $result2->num_rows; + $result2->free_result(); + $stmt2->close(); + if ($regNum >= $_CONFIG['day_max_reg']) { + $mySQLi->close(); + returnJson(['code' => 10, 'msg' => '您今日注册量已达上限,请明日再试~']); + } + } + } + + if (1 == $type) { // 注册时 + // 检查帐号是否被占用 + $stmt = $mySQLi->prepare('select id from player where username=?'); + $stmt->bind_param('s', $account); + $stmt->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_array(); + $result->free_result(); + $stmt->close(); + if (!empty($row)) { + $mySQLi->close(); + returnJson(['code' => 1, 'msg' => '此' . $_CONFIG['account_name'] . $_CONFIG['account_name_suffix'] . '已被其他勇士占用!请更换。']); + } + // 检查邮箱地址是否被占用 + $stmt = $mySQLi->prepare('select id from player where email=?'); + $stmt->bind_param('s', $email); + $stmt->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_array(); + $result->free_result(); + $stmt->close(); + if (!empty($row)) { + $mySQLi->close(); + returnJson(['code' => 1, 'msg' => '此邮箱地址已被其他勇士占用!请更换。']); + } + } else if (2 == $type) { // 找回密码时:检查帐号和邮箱地址是否存在 + $stmt = $mySQLi->prepare('select id from player where username=? and email=?'); + $stmt->bind_param('ss', $account, $email); + $stmt->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_array(); + $result->free_result(); + $stmt->close(); + if (empty($row)) { + $mySQLi->close(); + returnJson(['code' => 1, 'msg' => '传送员无法匹配此' . $_CONFIG['account_name'] . ',请检查!']); + } + } + + // 获取验证码记录 + $stmt = $mySQLi->prepare('select id, time from verify where account=? and email=? and type=?'); + $stmt->bind_param('ssi', $account, $email, $type); + $stmt->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_array(); + $result->free_result(); + $stmt->close(); + + $sendInterval = $_CONFIG['code_send_interval']; + $nowTime = time(); + $leftTime = ($sendInterval - ($nowTime - $row['time'])); + + // 检查发送时间间隔 + if (!empty($row) && $nowTime - $row['time'] < $sendInterval) { + $mySQLi->close(); + returnJson([ + 'code' => 1, + 'msg' => '操作频繁!请' . $leftTime . '秒后发送~', + 'time' => $leftTime + ]); + } + + $code = getRandomString($_CONFIG['code_length'], $_CONFIG['code_data_type']); + + if ('email' == $_CONFIG['code_type']) { + // 邮件主题 + $subject = '【' . $_CONFIG['game_name'] . '】' . $typeNames[$type]; + // 邮件正文 + $message = '
'; + $message .= '
'; + $message .= $subject . '

'; + $message .= '您的' . $_CONFIG['account_name'] . $_CONFIG['account_name_suffix'] . ':' . $account . '
'; + $message .= '您的验证码:' . $code . '

'; + $message .= '用于' . $typeNames[$type] . '验证,5分钟内使用有效。

'; + $message .= '' . $_CONFIG['game_name'] . ' ' . $_CONFIG['game_description'] . '
'; + $message .= '' . $_CONFIG['web_url'] . '

'; + $message .= '如有疑问请联系客服QQ:' . $_CONFIG['kf_qq'] . ' / 客服微信:' . $_CONFIG['kf_wx']; + $message .= '
'; + $message .= '
'; + + require_once 'php/PHPMailer/PHPMailer.php'; + require_once 'php/PHPMailer/SMTP.php'; + + $mail = new PHPMailer(); + // 是否启用smtp的debug进行调试 开发环境建议开启 生产环境注释掉即可 默认关闭debug调试模式 + $mail->SMTPDebug = 0; + // 使用smtp鉴权方式发送邮件 + $mail->isSMTP(); + // smtp需要鉴权 这个必须是true + $mail->SMTPAuth = true; + $mail->Host = $_CONFIG['mail_host']; + // 设置使用ssl加密方式登录鉴权 + $mail->SMTPSecure = 'ssl'; + $mail->Port = $_CONFIG['mail_port']; + $mail->CharSet = $_CONFIG['mail_charset']; + $mail->FromName = $_CONFIG['game_name']; + $mail->Username = $_CONFIG['mail_from']; + $mail->Password = $_CONFIG['mail_password']; + $mail->From = $_CONFIG['mail_from']; + $mail->isHTML(true); + // 设置收件人邮箱地址 + $mail->addAddress($email); + // 添加多个收件人 则多次调用方法即可 + //$mail->addAddress('317743968@qq.com'); + $mail->Subject = $subject; + $mail->Body = $message; + //$mail->addAttachment('./example.pdf'); + $status = $mail->send(); + } elseif ('mobile' == $_CONFIG['code_type']) { + $status = 0; + } + + // 检查发送时间间隔 + if (!$status) { + $mySQLi->close(); + returnJson([ + 'code' => 1, + 'msg' => '验证码发送失败!请重试~', + 'time' => $leftTime + ]); + } + + // 插入验证记录 + if (empty($row)) { + $stmt1 = $mySQLi->prepare('insert into `verify` (account, type, email, code, time, ip) values(?, ?, ?, ?, ?, ?)'); + $stmt1->bind_param('sisiis', $account, $type, $email, $code, $nowTime, $ip); + $stmt1->execute(); + $rowNum = $stmt1->affected_rows; + $stmt1->close(); + if (!$rowNum) { + $mySQLi->close(); + returnJson(['code' => 1, 'msg' => '验证码发送失败!请重试~']); + } + } else { + $stmt1 = $mySQLi->prepare('UPDATE `verify` SET code=?, time=? WHERE id=? and type=?'); + $stmt1->bind_param('siii', $code, $nowTime, $row['id'], $type); + $stmt1->execute(); + $stmt1->close(); + $mySQLi->close(); + } + + returnJson(['code' => 0, 'msg' => '验证码已经发送到您的邮箱:' . $email . ',请查收!', 'time' => $sendInterval]); + break; + case 'check': // 验证帐号 + switch ($do) { + case 'verify': + $account = input('account'); + $token = input('token'); + + if (!$account || 6 > strlen($account) && !in_array($account, array_unique(explode(',', trim($_CONFIG['admin_account'])))) || 16 < strlen($account) || !$token || 32 != strlen($token)) + returnJson(['code' => 1, 'msg' => 'account or password error']); + + // 是否开放登录 + if (!$_CONFIG['login_open'] && !in_array($account, array_unique(explode(',', trim($_CONFIG['admin_account']))))) + returnJson(['code' => 1, 'msg' => '内部测试中,未开放登录,如需体验请联系客服。']); + + // 检查IP是否被封 + if ($_CONFIG['deny_ip']) { + $ip = get_ip(); + $deny_ip = array_unique(explode(',', trim($_CONFIG['deny_ip']))); + if (!empty($deny_ip) && in_array($ip, $deny_ip)) { + returnJson(['code' => 1, 'msg' => '当前未开放访问!']); // 当前IP已禁用 + } + } + + $mySQLi = new mysqli($_CONFIG_DB['db_host'], $_CONFIG_DB['db_user'], $_CONFIG_DB['db_password'], $_CONFIG_DB['db_name'], $_CONFIG_DB['db_port']); + if ($mySQLi->connect_errno) + returnJson(['code' => 1, 'msg' => $mySQLi->connect_error]); + + $mySQLi->set_charset($_CONFIG_DB['db_charset']); + + $stmt = $mySQLi->prepare('select id from player where username=? and password=?'); + $stmt->bind_param('ss', $account, $token); + $stmt->execute(); + + $result = $stmt->get_result(); + $row = $result->fetch_array(); + + $result->free_result(); + $stmt->close(); + $mySQLi->close(); + + if (!$row) + returnJson(['code' => 1, 'msg' => 'account no exist']); + + // 验证成功 + returnJson(['code' => 0]); + break; + default: + echo 'success'; + } + break; + case 'enter_game': + if (!isPost()) + returnJson(['code' => 1, 'msg' => 'request error']); + + $srvId = intval(input('srvId')); + $account = input('account'); + $token = input('token'); + + if (!$srvId || !$account || !$token || 32 != strlen($token)) + returnJson(['code' => 1, 'msg' => 'param error']); + + // 是否开放登录 + if (!$_CONFIG['login_open'] && !in_array($account, array_unique(explode(',', trim($_CONFIG['admin_account']))))) { + returnJson(['code' => 1, 'msg' => '内部测试中,未开放登录,如需体验请联系客服。']); + } + + $time = time(); + $ip = get_ip(); + + // 检查IP是否被封 + if ($_CONFIG['deny_ip']) { + $deny_ip = array_unique(explode(',', trim($_CONFIG['deny_ip']))); + if (!empty($deny_ip) && in_array($ip, $deny_ip)) { + returnJson(['code' => 1, 'msg' => '当前未开放访问!']); // 当前IP已禁用 + } + } + + $mySQLi = new mysqli($_CONFIG_DB['db_host'], $_CONFIG_DB['db_user'], $_CONFIG_DB['db_password'], $_CONFIG_DB['db_name'], $_CONFIG_DB['db_port']); + if ($mySQLi->connect_errno) + returnJson(['code' => 1, 'msg' => $mySQLi->connect_error]); + $mySQLi->set_charset($_CONFIG_DB['db_charset']); + + // 检查帐号是否存在 + $stmt = $mySQLi->prepare('select id from player where username=? and password=?'); + $stmt->bind_param('ss', $account, $token); + $stmt->execute(); + + $result = $stmt->get_result(); + $row = $result->fetch_array(); + + $result->free_result(); + $stmt->close(); + + if (empty($row)) { + $mySQLi->close(); + returnJson(['code' => 1, 'msg' => 'account no exist']); + } + + // 更新登录时间和登录IP + $stmt = $mySQLi->prepare('UPDATE `player` SET login_time = ?, login_ip = ? WHERE username=?'); + $stmt->bind_param('iss', $time, $ip, $account); + $stmt->execute(); + + $stmt->close(); + $mySQLi->close(); + + // TODO: login server history + + returnJson(['code' => 0]); + break; + case 'game': // 游戏接口 + switch ($do) { + case 'withdraw': // 提现 + if (!isPost()) + returnJson(['code' => 1, 'msg' => 'request error']); + if (!in_array($_CONFIG['withdraw']['type'], array_keys($_CONFIG['currency_list']))) + returnJson(['code' => 1, 'msg' => 'currency error']); + + $serverId = intval(substr(input('server_id'), 1)); + $account = input('account'); + $token = input('token'); + $roleId = intval(input('role_id')); + $roleName = input('role_name'); + $payType = intval(input('pay_type')); + $payAccount = input('pay_account'); + $amount = intval(input('amount')); + + /* 检查参数 ---------------------------------------------------------------------------------------------------- */ + + if (!$serverId || !$account || !$roleId || !$roleName || !$payAccount || !$amount) + returnJson(['code' => 1, 'msg' => '参数错误!']); + if (26 < strlen($account)) + returnJson(['code' => 1, 'msg' => '参数错误!']); + if (!$token || 32 != strlen($token)) + returnJson(['code' => 1, 'msg' => '参数错误!']); + if (24 < strlen($roleName)) + returnJson(['code' => 1, 'msg' => '参数错误!']); + if (!in_array($payType, [0, 1])) + returnJson(['code' => 1, 'msg' => '收款账户类型不正确!']); + if (30 < strlen($payAccount)) + returnJson(['code' => 1, 'msg' => '收款账户格式不正确!']); + + // 检查是否开启提现功能 + //if($_CONFIG['withdraw']['sid'] != $serverId) returnJson(['code' => 1, 'msg' => '尚未开启提现功能!']); + // 检查最低提现数量 + if ($_CONFIG['withdraw']['ratio'] > $amount) + returnJson(['code' => 1, 'msg' => '最低提现数量为' . $_CONFIG['withdraw']['ratio']]); + // 限制一次提现人民币最低20元 + $maxNum = $_CONFIG['withdraw']['ratio'] * 20; + if ($maxNum > $amount) + returnJson(['code' => 1, 'msg' => '单次提现数量不能低于' . $maxNum]); + + $time = time(); + $accountId = 0; + $currencyName = $_CONFIG['currency_list'][$_CONFIG['withdraw']['type']]; + $currencyField = $_CONFIG['currency_field'][$_CONFIG['withdraw']['type']]; + + /* 连接帐号数据库 ---------------------------------------------------------------------------------------------------- */ + + $mySQLi = new mysqli($_CONFIG_DB['db_host'], $_CONFIG_DB['db_user'], $_CONFIG_DB['db_password'], $_CONFIG_DB['db_name'], $_CONFIG_DB['db_port']); + if ($mySQLi->connect_errno) + returnJson(['code' => 1, 'msg' => $mySQLi->connect_error]); + $mySQLi->set_charset($_CONFIG_DB['db_charset']); + + /* 检查帐号是否存在 ---------------------------------------------------------------------------------------------------- */ + + $stmt = $mySQLi->prepare('select id from player where username=? and password=?'); + $stmt->bind_param('ss', $account, $token); + $stmt->execute(); + + $result = $stmt->get_result(); + $row = $result->fetch_array(MYSQLI_ASSOC); + + $result->free_result(); + $stmt->close(); + + if (empty($row)) { + $mySQLi->close(); + returnJson(['code' => 1, 'msg' => '账号不存在!']); + } + + /* 限制提现时间间隔 ---------------------------------------------------------------------------------------------------- */ + + $withdrawMinTime = 30; + $stmt = $mySQLi->prepare('select time from withdraw where server_id = ? and role_id = ? order by id desc limit 1'); + $stmt->bind_param('ii', $serverId, $roleId); + $stmt->execute(); + + $result = $stmt->get_result(); + $row = $result->fetch_array(MYSQLI_ASSOC); + + $result->free_result(); + $stmt->close(); + + // test + //$mySQLi->close(); + //print_r($row);exit; + + if (!empty($row) && $time - $row['time'] < $withdrawMinTime) { + $mySQLi->close(); + $msg = '请等待 ' . ($time - $row['time']) . ' 秒后再试~'; + returnJson(['code' => 1, 'msg' => $msg]); + } + + /* 连接区服数据库 ---------------------------------------------------------------------------------------------------- */ + + $dbActor = new mysqli($_CONFIG_DB['db_host'], $_CONFIG_DB['db_user'], $_CONFIG_DB['db_password'], 'mir_actor_s' . $serverId, $mir_actor_s1_port); + if ($dbActor->connect_errno) + exit($dbActor->connect_error); + $dbActor->set_charset($_CONFIG_DB['db_charset']); + + /* 检查提现货币数量是否足够 ---------------------------------------------------------------------------------------------------- */ + + $stmt = $dbActor->prepare("select $currencyField from actors where actorid=?"); + $stmt->bind_param('i', $roleId); + $stmt->execute(); + + $result = $stmt->get_result(); + $row = $result->fetch_array(MYSQLI_ASSOC); + + $result->free_result(); + $stmt->close(); + + if (empty($row)) { + $mySQLi->close(); + $dbActor->close(); + returnJson(['code' => 1, 'msg' => '找不到角色!']); + } + if ($row[$currencyField] < $amount) { + $mySQLi->close(); + $dbActor->close(); + returnJson(['code' => 1, 'msg' => "您帐户的" . $currencyName . "不足!\n\n查询可能有延迟,\n请稍候再试~"]); + } + + /* 插入提现记录 ---------------------------------------------------------------------------------------------------- */ + + $money = floor($amount / $_CONFIG['withdraw']['ratio']); + $stmt = $mySQLi->prepare('insert into `withdraw` (account, account_id, server_id, role_id, pay_type, pay_account, amount, money, time) values(?, ?, ?, ?, ?, ?, ?, ?, ?)'); + if (!$stmt) { + $mySQLi->close(); + $dbActor->close(); + returnJson(['code' => 1, 'msg' => $mySQLi->errno . '-' . $mySQLi->error]); + } + $stmt->bind_param('siiiisiii', $account, $accountId, $serverId, $roleId, $payType, $payAccount, $amount, $money, $time); + $stmt->execute(); + $wid = $stmt->insert_id; + $stmt->close(); + + if (empty($wid)) { + writeLog('提现扣除失败:' . $amount . $currencyName . '=' . $money . '元, s' . $serverId . ' ' . $roleName . ',插入失败'); + $mySQLi->close(); + $dbActor->close(); + returnJson(['code' => 1, 'msg' => '提现记录插入失败!']); + } + + /* 扣除提现货币 ---------------------------------------------------------------------------------------------------- */ + + $cmdUrl = get_http_type() . $_CONFIG['host'] . ':111/?'; + $operid = 10030; + $command = $roleName . '|' . $_CONFIG['withdraw']['type'] . '|' . $amount; + $post_data = ['operid' => $operid, 'server_num' => $serverId, 'user' => $account, 'spid' => $_CONFIG['spid'], 'command' => $command]; + $url = $cmdUrl . http_build_query($post_data); + $result = curl($url, $post_data); + //echo $url; + //print_r($result);exit; + $arr = $result ? explode(',', $result) : []; + $code = !empty($arr) && 1 == $arr[0] ? 0 : 1; + if (1 == $code) { + writeLog('提现扣除失败:' . $amount . $currencyName . '=' . $money . '元, s' . $serverId . ' ' . $roleName); + $mySQLi->close(); + $dbActor->close(); + returnJson(['code' => 1, 'msg' => '提现请求失败!请稍候再试~', 'result' => $result]); + } + + writeLog('提现成功:' . $amount . $currencyName . '=' . $money . '元, s' . $serverId . ' ' . $roleName); + + /* 更新提现状态 ---------------------------------------------------------------------------------------------------- */ + + $withdrawStatus = 1; // 货币扣除成功,可以打钱 + $stmt = $mySQLi->prepare('UPDATE `withdraw` SET status = ? WHERE id = ?'); + $stmt->bind_param('si', $withdrawStatus, $wid); + $stmt->execute(); + + $stmt->close(); + $mySQLi->close(); + $dbActor->close(); + + returnJson(['code' => 0, 'msg' => "成功提现:$amount$currencyName\n收益人民币:{$money}元\n\n请留意您的收款账户余额。"]); + break; + default: + // + } + returnJson(['code' => 0]); + break; + case 'report': // 上报信息 + switch ($do) { + case 'game_profile': + // + break; + case 'chat': // 上报聊天 + if (!isPost()) + returnJson(['code' => 1, 'msg' => 'request error']); + + $serverId = intval(substr(input('server_id'), 1)); + $account = input('account'); + $token = input('token'); + $roleId = intval(input('role_id')); + $channelId = intval(input('channel_id')); + $content = input('content'); + $cross = 1 == input('cross') ? 1 : 0; + + if (!$serverId || !$account || !$roleId || !$content) + returnJson(['code' => 1, 'msg' => 'param error']); + if (26 < strlen($account)) + returnJson(['code' => 1, 'msg' => 'param error']); + if (!$token || 32 != strlen($token)) + returnJson(['code' => 1, 'msg' => 'param error']); + if (10 < $channelId) + returnJson(['code' => 1, 'msg' => 'param error']); + if (255 < strlen($content)) + returnJson(['code' => 1, 'msg' => 'param error']); + + // 检查帐号是否存在 + $mySQLi = new mysqli($_CONFIG_DB['db_host'], $_CONFIG_DB['db_user'], $_CONFIG_DB['db_password'], $_CONFIG_DB['db_name'], $_CONFIG_DB['db_port']); + if ($mySQLi->connect_errno) + returnJson(['code' => 1, 'msg' => $mySQLi->connect_error]); + $mySQLi->set_charset($_CONFIG_DB['db_charset']); + + $stmt = $mySQLi->prepare('select id from player where username=? and password=?'); + $stmt->bind_param('ss', $account, $token); + $stmt->execute(); + + $result = $stmt->get_result(); + $row = $result->fetch_array(); + + $result->free_result(); + $stmt->close(); + + if (empty($row)) { + $mySQLi->close(); + returnJson(['code' => 1, 'msg' => 'account no exist']); + } + + $time = time(); + $accountId = 0; + + // 插入聊天记录 + $stmt = $mySQLi->prepare('insert into `chat` (account, account_id, server_id, role_id, channel_id, content, is_cross, time) values(?, ?, ?, ?, ?, ?, ?, ?)'); + if (!$stmt) { + $mySQLi->close(); + returnJson(['code' => 1, 'msg' => $mySQLi->errno . '-' . $mySQLi->error]); + } + $stmt->bind_param('siiisssi', $account, $accountId, $serverId, $roleId, $channelId, $content, $cross, $time); + $stmt->execute(); + + $stmt->close(); + $mySQLi->close(); + break; + default: + // + } + returnJson(['code' => 0]); + break; + case 'misc': + switch ($do) { + case 'agree': + exit($_CONFIG['agree']); + break; + } + case 'bind': + $stmt1 = $mySQLi->prepare('insert into `player_connect_threeparty` (player_id, type, connect_id) values(?, `linuxdo`, ?)'); + $stmt1->bind_param('ssisiissis', input('account'), input('connect_id')); + $stmt1->execute(); + $stmt1->close(); + $stmt2 = $mySQLi->prepare('select password from player where username=?'); + $stmt2->bind_param('s', input('account')); + $stmt2->execute(); + $result = $stmt2->get_result(); + $data = $result->fetch_array(); + $result->free_result(); + $stmt2->close(); + exit(json_encode($data)); + case 'link': + $stmt = $mySQLi->prepare('select player_id from player_connect_threeparty where type=`linuxdo` and connect_id=?'); + $stmt->bind_param('s', input('connect_id')); + $stmt->execute(); + $result = $stmt->get_result(); + $row = $result->fetch_array(); + $stmt->close(); + + if (!empty($row)) { + $getPlayer = $mySQLi->prepare('select username,password from player where id=? limit 1'); + $getPlayer->bind_param('ass', $row['player_id']); + $getPlayer->execute(); + $res = $getPlayer->get_result(); + $account = $res->fetch_array(); + exit(json_encode(['code' => 0, 'data' => $res])); + } else { + exit(json_encode(['code' => '1'])); + } + default: + echo 'success'; +} \ No newline at end of file diff --git a/linuxdo.php b/linuxdo.php index 2ea500a..48d6c30 100644 --- a/linuxdo.php +++ b/linuxdo.php @@ -1,95 +1,10 @@ connect_errno) - exit($mySQLi->connect_error); -$mySQLi->set_charset($_CONFIG_DB['db_charset']); - -switch ($act) { - case 'bind': - $stmt1 = $mySQLi->prepare('insert into `player_connect_threeparty` (player_id, type, connect_id) values(?, `linuxdo`, ?)'); - $stmt1->bind_param('ssisiissis', input('account'), input('connect_id')); - $stmt1->execute(); - $stmt1->close(); - $stmt2 = $mySQLi->prepare('select password from player where username=?'); - $stmt2->bind_param('s', input('account')); - $stmt2->execute(); - $result = $stmt2->get_result(); - $data = $result->fetch_array(); - $result->free_result(); - $stmt2->close(); - exit(json_encode($data)); - default: - $code = $_GET['code']; - - $key = base64_encode($_LINUXDO_CONNECT['client_id'] . ':' . $_LINUXDO_CONNECT['client_secret']); - - $header = [ - 'Authorization: Basic ' . $key - ]; - - $post = http_build_query([ - 'grant_type' => 'authorization_code', - 'code' => $code, - 'redirect_uri' => '' - ]); - - $getTokenRes = get_curl('https://connect.linux.do/oauth2/token', $post, 0, 0, $header); - - $getTokenArr = json_decode($getTokenRes, true); - - if (isset($getTokenArr['access_token'])) { - $access_token = $getTokenArr['access_token']; - - $header = [ - 'Authorization: Bearer ' . $access_token - ]; - - $getUserRes = get_curl('https://connect.linux.do/api/user', 0, 0, 0, $header); - - $getUserArr = json_decode($getUserRes, true); - $userInfo = []; - - if (isset($getUserArr['id'])) { - // 保存每个用户数据项到 session 中 - $userInfo['user_id'] = $getUserArr['id']; - $userInfo['user_sub'] = $getUserArr['sub']; - $userInfo['user_username'] = $getUserArr['username']; - $userInfo['user_login'] = $getUserArr['login']; - $userInfo['user_name'] = $getUserArr['name']; - $userInfo['user_email'] = $getUserArr['email']; - $userInfo['user_avatar_template'] = $getUserArr['avatar_template']; - $userInfo['user_avatar_url'] = $getUserArr['avatar_url']; - $userInfo['user_active'] = $getUserArr['active']; - $userInfo['user_trust_level'] = $getUserArr['trust_level']; - $userInfo['user_silenced'] = $getUserArr['silenced']; - $userInfo['user_external_ids'] = $getUserArr['external_ids'] ?? 'null'; - $userInfo['user_api_key'] = $getUserArr['api_key']; - } - - // 判断是否已经关联 - $stmt = $mySQLi->prepare('select player_id from player_connect_threeparty where type=`linuxdo` and connect_id=?'); - $stmt->bind_param('s', $userInfo['user_username']); - $stmt->execute(); - $result = $stmt->get_result(); - $row = $result->fetch_array(); - if (!empty($row)) { - $getPlayer = $mySQLi->prepare('select username,password from player where id=?'); - $getPlayer->bind_param('s', $row['player_id']); - $getPlayer->execute(); - $res = $getPlayer->get_result(); - $account = $res->fetch_array(); - exit(""); - } - //echo json_encode($getUserArr); - } else { - echo json_encode($getTokenArr); - } - break; -} +// LINUXDO三方登录 +$_LINUXDO_CONNECT = [ + 'client_id' => 'tfKevot5lSwB5A5gcqPQMMhaXDLjib0P', + 'client_secret' => '95KWP8sbRIUu5df7gBo5fIztz6ISmvfa' +]; // cURL 函数 function get_curl($url, $post = 0, $referer = 0, $cookie = 0, $header = 0, $ua = 0, $nobaody = 0, $addheader = 0) @@ -135,6 +50,46 @@ function get_curl($url, $post = 0, $referer = 0, $cookie = 0, $header = 0, $ua = curl_close($ch); return $ret; } + +$code = $_GET['code']; + +$key = base64_encode($_LINUXDO_CONNECT['client_id'] . ':' . $_LINUXDO_CONNECT['client_secret']); + +$header = [ + 'Authorization: Basic ' . $key +]; + +$post = http_build_query([ + 'grant_type' => 'authorization_code', + 'code' => $code, + 'redirect_uri' => '' +]); + +$getTokenRes = get_curl('https://connect.linux.do/oauth2/token', $post, 0, 0, $header); + +$getTokenArr = json_decode($getTokenRes, true); + +if (isset($getTokenArr['access_token'])) { + $access_token = $getTokenArr['access_token']; + + $header = [ + 'Authorization: Bearer ' . $access_token + ]; + + $getUserRes = get_curl('https://connect.linux.do/api/user', 0, 0, 0, $header); + + $getUserArr = json_decode($getUserRes, true); + + $checkLink = get_curl("/api?act=check&connect_id=" . $getUserArr['username']); + + $getCheckLink = json_decode($checkLink, true); +} else { + $err = json_encode($getTokenArr); +} + + + + ?> @@ -180,9 +135,10 @@ function get_curl($url, $post = 0, $referer = 0, $cookie = 0, $header = 0, $ua = } else { showTips(res.msg, 6, 'error'); return - }) - }) - } + } + }) + } + function registerDirect() { const linuxdo_account = document.getElementById("linuxdo").value; processLogin({ type: "1", account: linuxdo_account, password: "1", password2: "1" }, linuxdo_account) @@ -198,10 +154,12 @@ function get_curl($url, $post = 0, $referer = 0, $cookie = 0, $header = 0, $ua = - + + + 授权发生异常: +
- 当前尚未有你的游戏账号,请选择
Linuxdo账号绑定
如果已有账号,请输入账号和密码