add api.php

2024-04-16 15:34:11 +08:00 · 2024-04-16 15:34:11 +08:00 · 51c147aed2
--- a/README.md
+++ b/README.md
@ -36,7 +36,8 @@
 - reg.php - 如果用户没有实名信息，要求其登记实名信息
 - verify.php - 如果用户有实名信息，并且想要更新实名信息，要求其验证既有实名信息
 - update.php - 对于想要更新实名信息的用户，要求其提供新的实名信息
- smsVerify.php - 短信验证码的发送和验证
+- api.php - 短信验证码的发送
+- smsVerify.php - 短信验证码的验证
 - confirm.php - 将已完成验证的用户信息写入数据库（或更新实名信息）

 ## 授权
--- a/api.php
+++ b/api.php
@ -0,0 +1,194 @@
+<?php
+error_reporting(1);
+ini_set('display_errors', 1);
+
+session_start();
+
+require_once __DIR__ . \DIRECTORY_SEPARATOR . 'loadRequires.php';
+require_once __DIR__ . \DIRECTORY_SEPARATOR . 'template.php';
+
+use AlibabaCloud\SDK\Dysmsapi\V20170525\Dysmsapi;
+use AlibabaCloud\Tea\Exception\TeaError;
+use AlibabaCloud\Tea\Utils\Utils;
+
+use Darabonba\OpenApi\Models\Config;
+use AlibabaCloud\SDK\Dysmsapi\V20170525\Models\SendSmsRequest;
+use AlibabaCloud\Tea\Utils\Utils\RuntimeOptions;
+
+class AliyunSms
+{
+	/**
+	 * 使用AK&SK初始化账号Client
+	 * @param string $accessKeyId
+	 * @param string $accessKeySecret
+	 * @return Dysmsapi Client
+	 */
+	public static function createClient($accessKeyId, $accessKeySecret)
+	{
+		$config = new Config([
+			// 必填，您的 AccessKey ID
+			"accessKeyId" => $accessKeyId,
+			// 必填，您的 AccessKey Secret
+			"accessKeySecret" => $accessKeySecret
+		]);
+		// 访问的域名
+		$config->endpoint = "dysmsapi.aliyuncs.com";
+		return new Dysmsapi($config);
+	}
+	/**
+	 * @param string $phoneNumber
+	 * @param int $valCode
+	 * @return void
+	 */
+	public static function sendValCode($phoneNumber, $valCode, $accessKey, $secretKey, $signName, $templateCode)
+	{
+		$valCodeStr = "{\"code\":\"" . $valCode . "\"}";
+		$client = self::createClient($accessKey, $secretKey);
+		$sendSmsRequest = new SendSmsRequest(["signName" => $signName, "templateCode" => $templateCode, "phoneNumbers" => $phoneNumber, "templateParam" => $valCodeStr]);
+		$runtime = new RuntimeOptions([]);
+		try {
+			// 复制代码运行请自行打印 API 的返回值
+			$client->sendSmsWithOptions($sendSmsRequest, $runtime);
+		} catch (Exception $error) {
+			if (!($error instanceof TeaError)) {
+				$error = new TeaError([], $error->getMessage(), $error->getCode(), $error);
+			}
+			// 如有需要，请打印 error
+			echo Utils::assertAsString($error->message);
+		}
+	}
+}
+
+if (!isset($_POST['act'])) {
+	echo "本页面只应被验证码页面调用。";
+	exit(1);
+}
+
+if (!isset($_SESSION['qwUserId'])) {
+	echo "2"; // 拒绝发送
+	exit(1);
+}
+
+$act = $_POST['act'];
+
+## Blacklist
+include_once __DIR__ . \DIRECTORY_SEPARATOR . 'blacklist-pn.php';
+if (!isset($blacklist_pn)) {
+	$blacklist_pn = array();
+}
+
+switch ($act) {
+	case 'UserLoginCode':
+		if (!isset($_POST['pn']) || !isset($_POST['idd'])) {
+			echo 5; // 缺失参数
+			exit(1);
+		}
+		$pn = $_POST['pn'] ?? '';
+		$idd = $_POST['idd'] ?? '';
+		$update = $_POST['update'] ?? '0';
+		$updateTag = $_SESSION['updateTag'] ?? 0;
+		if (isset($_SESSION['expireTime'])) {
+			if ($update === '1' && $updateTag === 0) {
+				$_SESSION['expireTime'] = time() - 2 * $rnrsSmsExpireTimeout;
+				$_SESSION['updateTag'] = 1;
+			}
+			$originalTime = $_SESSION['expireTime'] - $rnrsSmsExpireTimeout;
+			if (time() - $originalTime < 61) {
+				echo "4"; // 发送过于频繁，拒绝发送
+				exit(1);
+			}
+		}
+		if (in_array($idd . $pn, $blacklist_pn)) {
+			echo "10"; // 拒绝发送
+		} else {
+			if (preg_match("/^(13[0-9]|14[01456879]|15[0-35-9]|16[2567]|17[0-8]|18[0-9]|19[0-35-9])\d{8}$/", $pn) && $idd === '86') {
+				$code = sprintf("%06d", mt_rand(000000, 999999));
+				$_SESSION['verificationCode'] = $code;
+				$_SESSION['expireTime'] = time() + $rnrsSmsExpireTimeout;
+				$_SESSION['qwPhoneNumberIdd'] = $idd;
+				$_SESSION['qwPhoneNumber'] = $pn;
+				AliyunSms::sendValCode($pn, $code, $rnrsAliyunAccessKey, $rnrsAliyunSecretKey, $rnrsAliyunSignName, $rnrsAliyunSmsTemplate);
+				echo "1"; // 发送成功
+			} else if (isset($rnrsAliyunIddSignName) && isset($rnrsAliyunIddSmsTemplate)) {
+				if (preg_match("/^(40[46]\d{5}|409[3-9]\d{4}|42[02-9]\d{5}|43[3-9]\d{5}|44[0-9]\d{5}|45[1-9]\d{5}|4[67][0-9]\d{5}|481\d{5}|482[1-9]\d{4}|48[69]\d{5}|492[3-9]\d{4}|495[2-9]\d{4}|498\d{5}|5[1-79]\d{6}|6[0-9]\d{6}|7[0-3]\d{6}|8[1-9]\d{6}|90[1-9]\d{5}|91[02-9]\d{5}|9[2-8][0-9]\d{5})$/", $pn) && $idd === '852') {
+					$code = sprintf("%06d", mt_rand(000000, 999999));
+					$_SESSION['verificationCode'] = $code;
+					$_SESSION['expireTime'] = time() + $rnrsSmsExpireTimeout;
+					$_SESSION['qwPhoneNumberIdd'] = $idd;
+					$_SESSION['qwPhoneNumber'] = $pn;
+					AliyunSms::sendValCode('+' . $idd . $pn, $code, $rnrsAliyunAccessKey, $rnrsAliyunSecretKey, $rnrsAliyunIddSignName, $rnrsAliyunIddSmsTemplate);
+					echo "1"; // 发送成功
+				} else if (preg_match("/^(6\d{7})$/", $pn) && $idd === '853') {
+					$code = sprintf("%06d", mt_rand(000000, 999999));
+					$_SESSION['verificationCode'] = $code;
+					$_SESSION['expireTime'] = time() + $rnrsSmsExpireTimeout;
+					$_SESSION['qwPhoneNumberIdd'] = $idd;
+					$_SESSION['qwPhoneNumber'] = $pn;
+					AliyunSms::sendValCode('+' . $idd . $pn, $code, $rnrsAliyunAccessKey, $rnrsAliyunSecretKey, $rnrsAliyunIddSignName, $rnrsAliyunIddSmsTemplate);
+					echo "1"; // 发送成功
+				} else {
+					echo "2"; // 拒绝发送
+					exit(1);
+				}
+			} else {
+				echo "2"; // 拒绝发送
+				exit(1);
+			}
+		}
+		break;
+
+	case 'UserVerifyCode':
+		if (!isset($_POST['uid'])) {
+			echo 5; // 缺失参数
+			exit(1);
+		}
+		if (isset($_SESSION['expireTime'])) {
+			$originalTime = $_SESSION['expireTime'] - $rnrsSmsExpireTimeout;
+			if (time() - $originalTime < 61) {
+				echo "4"; // 发送过于频繁，拒绝发送
+				exit(1);
+			}
+		}
+		$uid = $_POST['uid'] ?? '';
+		$dsn = "$rnrsDatabaseType:host=$rnrsDatabaseServer;dbname=$rnrsDatabaseName";
+		try {
+			$dbconn = new PDO($dsn, $rnrsDatabaseUser, $rnrsDatabasePass);
+		} catch (PDOException $e) {
+			echo "打开数据库错误：" . $e->getMessage();
+		}
+		$dbconn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+		try {
+			$sql = "SELECT * FROM `rnrs_users` WHERE `rnrsu_userid` = $uid;";
+			$result = $dbconn->query($sql);
+			$rowall = $result->fetchAll();
+			foreach ($rowall as $row) {
+				$idd = rtrim($row['rnrsu_mobile_idd']);
+				$pn = rtrim($row['rnrsu_mobile']);
+			}
+		} catch (PDOException $e) {
+			$dbconn = null;
+			echo "获取实名信息时错误：" . $e->getMessage();
+		}
+		$dbconn = null;
+		$code = sprintf("%06d", mt_rand(000000, 999999));
+		$_SESSION['verificationCode'] = $code;
+		$_SESSION['expireTime'] = time() + $rnrsSmsExpireTimeout;
+		if (in_array($_POST['idd'] . $_POST['pn'], $blacklist_pn)) {
+			echo "10"; // 拒绝发送
+		} else if ($idd === '86') {
+			AliyunSms::sendValCode($pn, $code, $rnrsAliyunAccessKey, $rnrsAliyunSecretKey, $rnrsAliyunSignName, $rnrsAliyunSmsTemplate);
+		} else {
+			if (isset($rnrsAliyunIddSignName) && isset($rnrsAliyunIddSmsTemplate)) {
+				AliyunSms::sendValCode('+' . $idd . $pn, $code, $rnrsAliyunAccessKey, $rnrsAliyunSecretKey, $rnrsAliyunIddSignName, $rnrsAliyunIddSmsTemplate);
+			} else {
+				echo "2"; // 拒绝发送
+			}
+		}
+		echo "1"; // 发送成功
+		break;
+
+	default:
+		alertAndBack('非法请求！'); // 未定义请求
+		exit(1);
+		break;
+}
--- a/js.php
+++ b/js.php
@ -15,7 +15,7 @@ function regJS()
 		} else {
 			buttonAcquire.attr("disabled", "true");
 			$.post(
-				"./smsVerify.php",
+				"./api.php",
 				{ act: "UserLoginCode", idd: idd, pn: pn },
 				function (data) {
 					if (data === "1") {
@ -63,7 +63,7 @@ function updateJS()
 		} else {
 			buttonAcquire.attr("disabled", "true");
 			$.post(
-				"./smsVerify.php",
+				"./api.php",
 				{ act: "UserLoginCode", idd: idd, pn: pn, update: "1" },
 				function (data) {
 					if (data === "1") {
@ -109,7 +109,7 @@ function verifyJS()
 		buttonAcquire.attr("disabled", "true");
 		var uid = $("input[name=userid]").val();
 		$.post(
-			"./smsVerify.php",
+			"./api.php",
 			{ act: "UserVerifyCode", uid: uid },
 			function (data) {
 				if (data === "1") {