YUSHENG/yusheng-php
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
acfda2f04414d82a6d270a3a3abf892a81c3c0a7
yusheng-php/application/api/controller/Login.php
赵钊 acfda2f044 验证码登录加绕过
2025-11-26 11:01:10 +08:00

382 lines
12 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
namespace app\api\controller;
use app\common\controller\NumberAuth;
use app\api\controller\Sms;
use http\Client;
use think\Controller;
use think\Loader;
use Firebase\JWT\JWT;
use think\Log;
class Login extends Controller
{
public function _initialize()
{
//允许跨域
header('Access-Control-Allow-Origin: *');
}
/**
* 账号密码登录接口。
*
* @ string $user_login 用户名或手机号
* @ string $password 密码
* @ int $system 登录系统类型(如 iOS, Android
* @ json 返回登录结果信息
*/
public function user_login()
{
$user_name = input('user_login', '');
$password = input('password', '');
$system = input('system','');
if(empty($system)){
$system = request()->header('system');
}
$login_device = input('deviceId','');
if(empty($login_device)){
$login_device = request()->header('deviceId');
}
$reslut = model('Login')->user_login($user_name, $password, $system,$login_device);
return V($reslut['code'], $reslut['msg'], $reslut['data']);
}
/**
* 验证码登录接口。
*
* @param string $user_login 手机号
* @param int $system 登录系统类型
* @param string $sms_code 短信验证码
* @ json 返回登录结果信息
*/
public function phone_code(){
$system = input('system','');
if(empty($system)){
$system = request()->header('system');
}
$login_device = input('deviceId','');
if(empty($login_device)){
$login_device = request()->header('deviceId');
}
$user_name = input('user_login');
$sms_code = input('sms_code', ''); //短信验证码
if($sms_code != '999999'){
// $sms = new Sms;
// $ret = $sms->check($user_name, $sms_code);//$event = default-默认登录1-更换手机号2绑定手机号3-忘记密码4-设置密码5-账号注销6-提现
$ret = model('sms')->verification_code('default',$user_name, $sms_code);
if ($ret['code'] == 0) {
return V($ret['code'], $ret['msg'], null);
}
}
$reslut = model('Login')->phone_verification_code_log($user_name, $system,$login_device);
return V($reslut['code'], $reslut['msg'], $reslut['data']);
}
/**
*
* @param string $login_token
* @param string $last_login_device 最后一次登录设备标识
* @param int $system 登录系统类型
* @ json 返回一键登录结果
*/
public function one_click_login()
{
$loginToken = input('login_token', '');
$system = input('system','');
if(empty($system)){
$system = request()->header('system');
}
$login_device = input('deviceId','');
if(empty($login_device)){
$login_device = request()->header('deviceId');
}
if (empty($loginToken)) {
return V(0, '验证码错误' );
}
// 1. 通过Token获取手机号
$mobile = NumberAuth::getMobileByToken($loginToken);
if (!$mobile) {
return V(0, '登录失败, 请更换登录方式!' );
}
if(ctype_digit($mobile)){
$reslut = model('Login')->phone_verification_code_log($mobile,$system,$login_device);
return V($reslut['code'], $reslut['msg'], $reslut['data']);
}else{
return V(0, '登录失败' );
}
}
//多账号选号登录
public function multi_account_login()
{
$user_name = input('user_login');
$system = input('system','');
$login_device = input('deviceId','');
if(empty($login_device)){
$login_device = request()->header('deviceId');
}
if(empty($system)){
$system = request()->header('system');
}
$reslut = model('Login')->multi_account_login($user_name, $system,$login_device);
return V($reslut['code'], $reslut['msg'], $reslut['data']);
}
/**
* 微信登录
*/
public function wechatLogin()
{
$code = input('code');
$system = input('system','');
if(empty($system)){
$system = request()->header('system');
}
$login_device = input('deviceId','');
if(empty($login_device)){
$login_device = request()->header('deviceId');
}
if (empty($code)) {
return V(0, 'code不能为空' );
}
$config = get_system_config();
$appid = $config['wx_app_id'];
$app_secret = $config['wx_app_secret'];
$url = "https://api.weixin.qq.com/sns/oauth2/access_token?appid={$appid}&secret={$app_secret}&code={$code}&grant_type=authorization_code";
$result = myCurl($url);
$data = json_decode($result, true);
if (isset($data['errcode'])) {
return V(0, $data['errmsg']);
}
// 获取用户信息
$userInfo = $this->getWechatUserInfo($data['access_token'], $data['openid']);
// 处理用户登录/注册逻辑
$reslut = model('Login')->wechat_ali_Login('wx',$userInfo,$system,$login_device);
if ($reslut['code'] == 1) {
return V(1, $reslut['msg'], $reslut['data'] );
}
return V(0, '登录失败' );
}
/**
* 获取微信用户信息
*/
private function getWechatUserInfo($accessToken, $openid)
{
$url = "https://api.weixin.qq.com/sns/userinfo?access_token={$accessToken}&openid={$openid}";
$result = myCurl($url);
return json_decode($result, true);
}
//给支付宝登录拼接参数
public function AlipayUserInfo()
{
$configs = get_system_config();
$app_id = $configs['alipay_app_id'];
$pid = $configs['alipay_pid'];
$data = [
'app_id' => $app_id,
'pid' => $pid,
'sign_type' => 'RSA2',
'apiname'=>'com.alipay.account.auth',
'method'=>'alipay.open.auth.sdk.code.get',
'app_name'=>'mc',
'biz_type'=>'openservice',
'product_id'=>'APP_FAST_LOGIN',
'scope'=>'kuaijie',
'target_id'=>generateRandom(12),
'auth_type'=>'AUTHACCOUNT',
];
$dd = $this->getCheckSignContent($data);
$sign = $this->aliPaySign($dd, $configs['alipay_private_key']);
//把签名放在最后
$dd = $dd . '&sign=' . urlencode($sign);
return V(1, '获取成功', $dd );
}
//生成签名前数据排序后拼接
/**
* 获取支付宝签名
* @param $params
* @param $rsaPrivateKey
* @return string
*/
function getCheckSignContent($params)
{
ksort($params);
$stringToBeSigned = '';
foreach ($params as $k => $v) {
if ($v && substr($v, 0, 1) != '@') {
$stringToBeSigned .= "$k=$v&";
}
}
$stringToBeSigned = rtrim($stringToBeSigned, '&');
return $stringToBeSigned;
}
/**
* 支付宝登录
* 支付宝开放平台创建应用 获取应用私钥 和应用公钥 然后修改AliPay.php文件里面login方法的配置值
*/
public function aliLogin()
{
$authCode = input('auth_code');
$system = input('system','');
if(empty($system)){
$system = request()->header('system');
}
$login_device = input('deviceId','');
if(empty($login_device)){
$login_device = request()->header('deviceId');
}
if (empty($authCode)) {
return V(0, 'auth_code不能为空' );
}
//引用支付宝sdk
Loader::import('AliPayV2.AliPay', EXTEND_PATH, '.php');
$ali = new \AliPay();
// 使用auth_code获取access_token
$userInfo = $ali->login($authCode);
if ($userInfo['code'] != 1) {
return V($userInfo['code'], $userInfo['msg'],$userInfo['data']);
}
//对象转数组
$userinfo = json_decode(json_encode($userInfo['data']), true);
// 处理用户登录/注册逻辑
$reslut = model('Login')->wechat_ali_Login('ali',$userinfo,$system,$login_device);
if ($reslut['code'] == 1) {
return V($reslut['code'], $reslut['msg'], $reslut['data']);
}
return V(0, '登录失败' );
}
/**
* 生成支付宝签名
*/
private function aliPaySign($stringToBeSigned, $privateKey)
{
$res = "-----BEGIN RSA PRIVATE KEY-----\n" .
wordwrap($privateKey, 64, "\n", true) .
"\n-----END RSA PRIVATE KEY-----";
openssl_sign($stringToBeSigned, $sign, $res, OPENSSL_ALGO_SHA256);
return base64_encode($sign);
}
/*
* ios 登录
*/
public function iosLogin()
{
$system = input('system','');
if(empty($system)){
$system = request()->header('system');
}
$login_device = input('deviceId','');
if(empty($login_device)){
$login_device = request()->header('deviceId');
}
$identityToken = input('ios_token');
$appleId = input('apple_id');
// $isValid = $this->verifyIdentityToken($identityToken);
//
// if (!$isValid) {
// return V(0, '无效的token' );
// }
// $decodedToken = JWT::decode( $identityToken, new \Firebase\JWT\Key(config('jwt_secret_key'), 'HS256'));
// $userIdentity = (array) $decodedToken;
//
// $appleId = $userIdentity['sub'];
// Log::record("ios登录信息".json_encode($userIdentity),"info");
// 处理用户登录/注册逻辑
$reslut = model('Login')->wechat_ali_Login('ios',$appleId,$system,$login_device);
if ($reslut['code'] == 1) {
return V($reslut['code'], $reslut['msg'], $reslut['data']);
}
return V(0, '登录失败' );
}
// private function verifyIdentityToken($identityToken)
// {
// $client = new Client();
//
// try {
// $response = $client->request('POST', 'https://appleid.apple.com/auth/keys');
//
// if ( $response->getStatusCode() == 200) {
// $publicKeys = json_decode( $response->getBody(), true)['keys'];
//
// foreach ( $publicKeys as $key) {
// $pem = $this->convertPublicKeyToPEM( $key);
// $decodedToken = JWT::decode( $identityToken, new \Firebase\JWT\Key( $pem, 'RS256'));
//
// if ( $decodedToken) {
// return true;
// }
// }
// }
// } catch (\Exception $e) {
// echo 'Error verifying token: ' . $e->getMessage();
// }
//
// return false;
// }
//退出登录
public function logout()
{
$token = input('token');
$reslut = model('Login')->logout($token);
return V($reslut['code'], $reslut['msg'], $reslut['data']);
}
//注销
public function cancel()
{
$token = input('token');
$reslut = model('Login')->cancel($token);
return V(0, '注销请联系客服', null);
return V($reslut['code'], $reslut['msg'], $reslut['data']);
}
//忘记密码
public function forgot_password()
{
$user_name = input('mobile');
$password = input('new_password');
$sms_code = input('sms_code', ''); //短信验证码
//default-默认登录1-更换手机号2绑定手机号3-忘记密码4-设置密码5-账号注销6-提现
$reslut = model('sms')->verification_code(3,$user_name, $sms_code);
if ($reslut['code'] == 0) {
return V($reslut['code'], $reslut['msg'], $reslut['data']);
}
$reslut = model('Login')->forgot_password($user_name, $password);
return V($reslut['code'], $reslut['msg'], $reslut['data']);
}
}
Reference in New Issue View Git Blame Copy Permalink