首页 发现 帮助
登录
Apq
/
maccms10
镜像自地址 https://github.com/magicblack/maccms10.git
1
0
派生 0
文件 工单管理 0 Wiki
分支: master
分支列表 标签列表
maccms10
/
application
/
api
/
controller
/
User.php

User.php 33 KB
永久链接 文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923 
  1. <?php
    2. 

  2. 

  3. namespace app\api\controller;
    4. 

  4. 

  5. use think\Db;
    6. 

  6. use think\Request;
    7. 

  7. use think\Url;
    8. 

  8. 

  9. class User extends Base
    10. 

  10. {
    11. 

  11.     use PublicApi;
    12. 

  12.     public function __construct()
    13. 

  13.     {
    14. 

  14.         parent::__construct();
    15. 

  15.         $this->check_config();
    16. 

  16. 

  17.     }
    18. 

  18. 

  19.     public function index()
    20. 

  20.     {
    21. 

  21. 

  22.     }
    23. 

  23. 

  24.     /**
    25. 

  25.      * 获取当前登录用户的邀请码及邀请信息
    26. 

  26.      * 需要用户已登录(通过Cookie)
    27. 

  27.      *
    28. 

  28.      * @param Request $request
    29. 

  29.      * @return \think\response\Json
    30. 

  30.      */
    31. 

  31.     public function get_my_invite(Request $request)
    32. 

  32.     {
    33. 

  33.         $check = model('User')->checkLogin();
    34. 

  34.         if ($check['code'] > 1) {
    35. 

  35.             return json([
    36. 

  36.                 'code' => 1401,
    37. 

  37.                 'msg'  => lang('api/please_login_first'),
    38. 

  38.             ]);
    39. 

  39.         }
    40. 

  40. 

  41.         $user_id = intval($check['info']['user_id']);
    42. 

  42. 

  43.         $user = Db::name('User')
    44. 

  44.             ->field('user_id,user_name,user_nick_name,user_invite_code,user_invite_count,user_reg_time')
    45. 

  45.             ->where('user_id', $user_id)
    46. 

  46.             ->find();
    47. 

  47. 

  48.         if (!$user) {
    49. 

  49.             return json([
    50. 

  50.                 'code' => 1002,
    51. 

  51.                 'msg'  => lang('api/user_not_found'),
    52. 

  52.             ]);
    53. 

  53.         }
    54. 

  54. 

  55.         return json([
    56. 

  56.             'code' => 1,
    57. 

  57.             'msg'  => lang('obtain_ok'),
    58. 

  58.             'info' => $user,
    59. 

  59.         ]);
    60. 

  60.     }
    61. 

  61. 

  62.     /**
    63. 

  63.      * 获取当前登录用户的邀请下线列表(含二级下线)
    64. 

  64.      * - 必须已登录;数据以会话用户为准
    65. 

  65.      * - 可选传入 user_id,须与会话用户一致(用于与 URL ?uid= 对齐)
    66. 

  66.      *
    67. 

  67.      * @param Request $request
    68. 

  68.      * @return \think\response\Json
    69. 

  69.      */
    70. 

  70.     public function get_invite_list(Request $request)
    71. 

  71.     {
    72. 

  72.         $param = $request->param();
    73. 

  73. 

  74.         $validate = validate($request->controller());
    75. 

  75.         if (!$validate->scene($request->action())->check($param)) {
    76. 

  76.             return json([
    77. 

  77.                 'code' => 1001,
    78. 

  78.                 'msg'  => lang('api/param_validate', [$validate->getError()]),
    79. 

  79.             ]);
    80. 

  80.         }
    81. 

  81. 

  82.         $check = model('User')->checkLogin();
    83. 

  83.         if ($check['code'] > 1) {
    84. 

  84.             return json([
    85. 

  85.                 'code' => 1401,
    86. 

  86.                 'msg'  => lang('api/please_login_first'),
    87. 

  87.             ]);
    88. 

  88.         }
    89. 

  89.         $user_id = intval($check['info']['user_id']);
    90. 

  90.         if (!empty($param['user_id']) && intval($param['user_id']) !== $user_id) {
    91. 

  91.             return json([
    92. 

  92.                 'code' => 1001,
    93. 

  93.                 'msg'  => lang('api/param_uid_mismatch'),
    94. 

  94.             ]);
    95. 

  95.         }
    96. 

  96. 

  97.         $page  = isset($param['page'])  ? max(1, intval($param['page']))          : 1;
    98. 

  98.         $limit = isset($param['limit']) ? min(100, max(1, intval($param['limit']))) : 20;
    99. 

  99. 

  100.         $user = Db::name('User')
    101. 

  101.             ->field('user_id,user_name,user_nick_name,user_invite_code,user_invite_count,user_reg_time')
    102. 

  102.             ->where('user_id', $user_id)
    103. 

  103.             ->find();
    104. 

  104. 

  105.         if (!$user) {
    106. 

  106.             return json([
    107. 

  107.                 'code' => 1002,
    108. 

  108.                 'msg'  => lang('api/user_not_found'),
    109. 

  109.             ]);
    110. 

  110.         }
    111. 

  111. 

  112.         $total = Db::name('User')->where('user_pid', $user_id)->count();
    113. 

  113. 

  114.         $invitees_raw = Db::name('User')
    115. 

  115.             ->field('user_id,user_name,user_nick_name,user_invite_code,user_invite_count,user_reg_time,user_pid')
    116. 

  116.             ->where('user_pid', $user_id)
    117. 

  117.             ->order('user_reg_time desc')
    118. 

  118.             ->page($page)
    119. 

  119.             ->limit($limit)
    120. 

  120.             ->select();
    121. 

  121. 

  122.         $invitees = is_array($invitees_raw) ? $invitees_raw : (is_object($invitees_raw) ? $invitees_raw->toArray() : []);
    123. 

  123. 

  124.         if (!empty($invitees)) {
    125. 

  125.             $level1_ids = array_column($invitees, 'user_id');
    126. 

  126. 

  127.             $sub_list_raw = Db::name('User')
    128. 

  128.                 ->field('user_id,user_name,user_nick_name,user_invite_code,user_invite_count,user_reg_time,user_pid')
    129. 

  129.                 ->where('user_pid', 'in', $level1_ids)
    130. 

  130.                 ->order('user_reg_time desc')
    131. 

  131.                 ->select();
    132. 

  132. 

  133.             $sub_list = is_array($sub_list_raw) ? $sub_list_raw : (is_object($sub_list_raw) ? $sub_list_raw->toArray() : []);
    134. 

  134. 

  135.             $sub_map = [];
    136. 

  136.             foreach ($sub_list as $sub) {
    137. 

  137.                 $sub_map[$sub['user_pid']][] = $sub;
    138. 

  138.             }
    139. 

  139. 

  140.             foreach ($invitees as &$invitee) {
    141. 

  141.                 $invitee['sub_invitees']       = isset($sub_map[$invitee['user_id']]) ? $sub_map[$invitee['user_id']] : [];
    142. 

  142.                 $invitee['sub_invitees_count'] = count($invitee['sub_invitees']);
    143. 

  143.             }
    144. 

  144.             unset($invitee);
    145. 

  145.         }
    146. 

  146. 

  147.         return json([
    148. 

  148.             'code' => 1,
    149. 

  149.             'msg'  => lang('obtain_ok'),
    150. 

  150.             'info' => [
    151. 

  151.                 'user'  => $user,
    152. 

  152.                 'page'  => $page,
    153. 

  153.                 'limit' => $limit,
    154. 

  154.                 'total' => intval($total),
    155. 

  155.                 'list'  => $invitees ?: [],
    156. 

  156.             ],
    157. 

  157.         ]);
    158. 

  158.     }
    159. 

  159. 

  160.     /**
    161. 

  161.      *  获取用户列表
    162. 

  162.      *
    163. 

  163.      * @param Request $request
    164. 

  164.      * @return \think\response\Json
    165. 

  165.      */
    166. 

  166.     public function get_list(Request $request)
    167. 

  167.     {
    168. 

  168.         // 参数校验
    169. 

  169.         $param = $request->param();
    170. 

  170.         $validate = validate($request->controller());
    171. 

  171.         if (!$validate->scene($request->action())->check($param)) {
    172. 

  172.             return json([
    173. 

  173.                 'code' => 1001,
    174. 

  174.                 'msg'  => lang('api/param_validate', [$validate->getError()]),
    175. 

  175.             ]);
    176. 

  176.         }
    177. 

  177. 

  178.         $offset = isset($param['offset']) ? (int)$param['offset'] : 0;
    179. 

  179.         $limit = isset($param['limit']) ? (int)$param['limit'] : 20;
    180. 

  180. 

  181.         // 查询条件组装
    182. 

  182.         $where = [];
    183. 

  183. 

  184.         if (isset($param['id'])) {
    185. 

  185.             $where['user_id'] = (int)$param['id'];
    186. 

  186.         }
    187. 

  187. 

  188.         if (isset($param['group_id'])) {
    189. 

  189.             $where['group_id'] = (int)$param['group_id'];
    190. 

  190.         }
    191. 

  191. 

  192.         if (isset($param['time_end']) && isset($param['time_start'])) {
    193. 

  193.             $where['user_reg_time'] = ['between', [(int)$param['time_start'], (int)$param['time_end']]];
    194. 

  194.         }elseif (isset($param['time_end'])) {
    195. 

  195.             $where['user_reg_time'] = ['<=', (int)$param['time_end']];
    196. 

  196.         }elseif (isset($param['time_start'])) {
    197. 

  197.             $where['user_reg_time'] = ['>=', (int)$param['time_start']];
    198. 

  198.         }
    199. 

  199. 

  200.         if (isset($param['phone']) && strlen($param['phone']) > 0) {
    201. 

  201.             $where['user_phone'] = ['like', '%' . $this->format_sql_string($param['phone']) . '%'];
    202. 

  202.         }
    203. 

  203. 

  204.         if (isset($param['qq']) && strlen($param['qq']) > 0) {
    205. 

  205.             $where['user_qq'] = ['like', '%' . $this->format_sql_string($param['qq']) . '%'];
    206. 

  206.         }
    207. 

  207. 

  208.         if (isset($param['email']) && strlen($param['email']) > 0) {
    209. 

  209.             $where['user_email'] = ['like', '%' . $this->format_sql_string($param['email']) . '%'];
    210. 

  210.         }
    211. 

  211. 

  212.         if (isset($param['nickname']) && strlen($param['nickname']) > 0) {
    213. 

  213.             $where['user_nick_name'] = ['like', '%' . $this->format_sql_string($param['nickname']) . '%'];
    214. 

  214.         }
    215. 

  215. 

  216.         if (isset($param['name']) && strlen($param['name']) > 0) {
    217. 

  217.             $where['user_name'] = ['like', '%' . $this->format_sql_string($param['name']) . '%'];
    218. 

  218.         }
    219. 

  219. 

  220.         // 数据获取
    221. 

  221.         $total = model('User')->getCountByCond($where);
    222. 

  222.         $list = [];
    223. 

  223.         if ($total > 0) {
    224. 

  224.             // 排序
    225. 

  225.             $order = "user_reg_time DESC";
    226. 

  226.             $field = 'user_id,user_name,user_nick_name,user_phone,user_reg_time';
    227. 

  227.             if (strlen($param['orderby']) > 0) {
    228. 

  228.                 $order = 'user_' . $param['orderby'] . " DESC";
    229. 

  229.             }
    230. 

  230.             $list = model('User')->getListByCond($offset, $limit, $where, $order, $field, []);
    231. 

  231.         }
    232. 

  232.         // 返回
    233. 

  233.         return json([
    234. 

  234.             'code' => 1,
    235. 

  235.             'msg'  => lang('obtain_ok'),
    236. 

  236.             'info' => [
    237. 

  237.                 'offset' => $offset,
    238. 

  238.                 'limit'  => $limit,
    239. 

  239.                 'total'  => $total,
    240. 

  240.                 'rows'   => $list,
    241. 

  241.             ],
    242. 

  242.         ]);
    243. 

  243.     }
    244. 

  244. 

  245.     /**
    246. 

  246.      * 用户详细信息
    247. 

  247.      *
    248. 

  248.      * @param Request $request
    249. 

  249.      * @return \think\response\Json
    250. 

  250.      * @throws \think\db\exception\DataNotFoundException
    251. 

  251.      * @throws \think\db\exception\ModelNotFoundException
    252. 

  252.      * @throws \think\exception\DbException
    253. 

  253.      */
    254. 

  254.     public function get_detail(Request $request)
    255. 

  255.     {
    256. 

  256.         // 参数校验
    257. 

  257.         $param = $request->param();
    258. 

  258.         $validate = validate($request->controller());
    259. 

  259.         if (!$validate->scene($request->action())->check($param)) {
    260. 

  260.             return json([
    261. 

  261.                 'code' => 1001,
    262. 

  262.                 'msg'  => lang('api/param_validate', [$validate->getError()]),
    263. 

  263.             ]);
    264. 

  264.         }
    265. 

  265. 

  266.         $result = Db::table('mac_user')->where(['user_id' => $param['id']])->find();
    267. 

  267. 

  268.         // 返回
    269. 

  269.         return json([
    270. 

  270.             'code' => 1,
    271. 

  271.             'msg'  => lang('obtain_ok'),
    272. 

  272.             'info' => $result
    273. 

  273.         ]);
    274. 

  274. 

  275.     }
    276. 

  276. 

  277.     /**
    278. 

  278.      * 登录/注册一体化
    279. 

  279.      * POST api.php/user/login_or_register
    280. 

  280.      * 参数: user_name, user_pwd, [invite_code]
    281. 

  281.      *
    282. 

  282.      * - 帐号存在 → 校验密码 → 登录
    283. 

  283.      * - 帐号不存在 → 自动创建帐号 → 登录
    284. 

  284.      * - 返回 action 字段标识本次操作是 "login" 还是 "register"
    285. 

  285.      */
    286. 

  286.     public function login_or_register(Request $request)
    287. 

  287.     {
    288. 

  288.         // IP 速率限制:防止暴力破解
    289. 

  289.         $rlCheck = $this->_checkLoginRateLimit();
    290. 

  290.         if ($rlCheck !== true) {
    291. 

  291.             return $rlCheck;
    292. 

  292.         }
    293. 

  293. 

  294.         $param = $request->param();
    295. 

  295.         if (empty($param['user_name']) || empty($param['user_pwd'])) {
    296. 

  296.             return json(['code' => 1001, 'msg' => lang('api/user_name_pwd_empty')]);
    297. 

  297.         }
    298. 

  298. 

  299.         $res = model('User')->loginOrRegister($param);
    300. 

  300. 

  301.         if ($res['code'] > 1) {
    302. 

  302.             return json($res);
    303. 

  303.         }
    304. 

  304. 

  305.         $info = $res['info'];
    306. 

  306.         return json([
    307. 

  307.             'code'   => 1,
    308. 

  308.             'msg'    => $res['msg'],
    309. 

  309.             'action' => $res['action'],  // "login" 或 "register"
    310. 

  310.             'info'   => [
    311. 

  311.                 'user_id'        => $info['user_id'],
    312. 

  312.                 'user_name'      => $info['user_name'],
    313. 

  313.                 'user_nick_name' => $info['user_nick_name'],
    314. 

  314.                 'user_email'     => $info['user_email'],
    315. 

  315.                 'user_phone'     => $info['user_phone'],
    316. 

  316.                 'group_id'       => $info['group_id'],
    317. 

  317.                 'user_points'    => $info['user_points'],
    318. 

  318.                 'user_exp'       => $info['user_exp'],
    319. 

  319.                 'user_reg_time'  => $info['user_reg_time'],
    320. 

  320.                 'user_portrait'  => mac_get_user_portrait($info['user_id']),
    321. 

  321.                 'user_invite_code' => $info['user_invite_code'],
    322. 

  322.             ],
    323. 

  323.         ]);
    324. 

  324.     }
    325. 

  325. 

  326.     /**
    327. 

  327.      * 用户登录
    328. 

  328.      * api.php/user/login (POST)
    329. 

  329.      * 参数: user_name, user_pwd, [type=name|email|phone]
    330. 

  330.      */
    331. 

  331.     public function login(Request $request)
    332. 

  332.     {
    333. 

  333.         // IP 速率限制:防止暴力破解
    334. 

  334.         $rlCheck = $this->_checkLoginRateLimit();
    335. 

  335.         if ($rlCheck !== true) {
    336. 

  336.             return $rlCheck;
    337. 

  337.         }
    338. 

  338. 

  339.         $param = $request->param();
    340. 

  340.         if (empty($param['user_name']) || empty($param['user_pwd'])) {
    341. 

  341.             return json(['code' => 1001, 'msg' => lang('api/user_name_pwd_empty')]);
    342. 

  342.         }
    343. 

  343.         $res = model('User')->login(['user_name' => $param['user_name'], 'user_pwd' => $param['user_pwd']]);
    344. 

  344.         if ($res['code'] > 1) return json($res);
    345. 

  345.         $info = $res['info'];
    346. 

  346.         return json(['code' => 1, 'msg' => lang('model/user/login_ok'), 'info' => [
    347. 

  347.             'user_id'       => $info['user_id'],
    348. 

  348.             'user_name'     => $info['user_name'],
    349. 

  349.             'user_nick_name'=> $info['user_nick_name'],
    350. 

  350.             'user_email'    => $info['user_email'],
    351. 

  351.             'user_phone'    => $info['user_phone'],
    352. 

  352.             'group_id'      => $info['group_id'],
    353. 

  353.             'user_points'   => $info['user_points'],
    354. 

  354.             'user_exp'      => $info['user_exp'],
    355. 

  355.             'user_reg_time' => $info['user_reg_time'],
    356. 

  356.             'user_portrait' => mac_get_user_portrait($info['user_id']),
    357. 

  357.         ]]);
    358. 

  358.     }
    359. 

  359. 

  360.     /**
    361. 

  361.      * 用户注册
    362. 

  362.      * api.php/user/register (POST)
    363. 

  363.      * 参数: user_name, user_pwd, [user_email, user_phone, invite_code]
    364. 

  364.      */
    365. 

  365.     public function register(Request $request)
    366. 

  366.     {
    367. 

  367.         $param = $request->param();
    368. 

  368.         if (empty($param['user_name']) || empty($param['user_pwd'])) {
    369. 

  369.             return json(['code' => 1001, 'msg' => lang('api/user_name_pwd_empty')]);
    370. 

  370.         }
    371. 

  371.         $res = model('User')->register($param);
    372. 

  372.         return json($res);
    373. 

  373.     }
    374. 

  374. 

  375.     /**
    376. 

  376.      * 用户登出
    377. 

  377.      * api.php/user/logout
    378. 

  378.      */
    379. 

  379.     public function logout(Request $request)
    380. 

  380.     {
    381. 

  381.         cookie('user_id', null);
    382. 

  382.         cookie('user_name', null);
    383. 

  383.         cookie('user_pwd', null);
    384. 

  384.         cookie('user_token', null);
    385. 

  385.         session(null);
    386. 

  386.         return json(['code' => 1, 'msg' => lang('api/logged_out')]);
    387. 

  387.     }
    388. 

  388. 

  389.     /**
    390. 

  390.      * 获取当前登录用户信息
    391. 

  391.      * api.php/user/get_info
    392. 

  392.      */
    393. 

  393.     public function get_info(Request $request)
    394. 

  394.     {
    395. 

  395.         $check = model('User')->checkLogin();
    396. 

  396.         if ($check['code'] > 1) return json(['code' => 1401, 'msg' => lang('api/please_login_first')]);
    397. 

  397.         $uid = intval($check['info']['user_id']);
    398. 

  398.         $info = Db::name('User')
    399. 

  399.             ->field('user_id,user_name,user_nick_name,user_email,user_phone,user_qq,group_id,user_points,user_exp,user_integral,user_invite_code,user_invite_count,user_reg_time,user_status')
    400. 

  400.             ->where('user_id', $uid)->find();
    401. 

  401.         if (!$info) return json(['code' => 1002, 'msg' => lang('api/user_not_found')]);
    402. 

  402.         $info['user_portrait'] = mac_get_user_portrait($uid);
    403. 

  403.         return json(['code' => 1, 'msg' => lang('obtain_ok'), 'info' => $info]);
    404. 

  404.     }
    405. 

  405. 

  406.     /**
    407. 

  407.      * 更新用户资料
    408. 

  408.      * api.php/user/update_info (POST)
    409. 

  409.      * 参数: [user_nick_name, user_email, user_phone, user_qq, user_old_pwd, user_new_pwd]
    410. 

  410.      */
    411. 

  411.     public function update_info(Request $request)
    412. 

  412.     {
    413. 

  413.         $check = model('User')->checkLogin();
    414. 

  414.         if ($check['code'] > 1) return json(['code' => 1401, 'msg' => lang('api/please_login_first')]);
    415. 

  415.         $uid = intval($check['info']['user_id']);
    416. 

  416.         $param = $request->param();
    417. 

  417.         $update = [];
    418. 

  418.         if (!empty($param['user_nick_name'])) $update['user_nick_name'] = mac_filter_xss(trim($param['user_nick_name']));
    419. 

  419.         if (!empty($param['user_email'])) $update['user_email'] = mac_filter_xss(trim($param['user_email']));
    420. 

  420.         if (!empty($param['user_phone'])) $update['user_phone'] = mac_filter_xss(trim($param['user_phone']));
    421. 

  421.         if (!empty($param['user_qq'])) $update['user_qq'] = mac_filter_xss(trim($param['user_qq']));
    422. 

  422.         // 修改密码(使用单重 md5,与 model 层 User::saveData / login / register 保持一致)
    423. 

  423.         if (!empty($param['user_new_pwd']) && !empty($param['user_old_pwd'])) {
    424. 

  424.             $userInfo = Db::name('User')->field('user_pwd')->where('user_id', $uid)->find();
    425. 

  425.             if (md5($param['user_old_pwd']) !== $userInfo['user_pwd']) {
    426. 

  426.                 return json(['code' => 1012, 'msg' => lang('model/user/old_pass_err')]);
    427. 

  427.             }
    428. 

  428.             $update['user_pwd'] = md5($param['user_new_pwd']);
    429. 

  429.         }
    430. 

  430.         if (empty($update)) return json(['code' => 1001, 'msg' => lang('api/no_update_needed')]);
    431. 

  431.         Db::name('User')->where('user_id', $uid)->update($update);
    432. 

  432.         return json(['code' => 1, 'msg' => lang('update_ok')]);
    433. 

  433.     }
    434. 

  434. 

  435.     /**
    436. 

  436.      * 获取用户行为日志(收藏/历史/想看/播放/下载)
    437. 

  437.      * api.php/user/get_ulog?type=2&page=1&limit=20
    438. 

  438.      * type: 1=浏览 2=收藏 3=想看 4=播放 5=下载
    439. 

  439.      */
    440. 

  440.     public function get_ulog(Request $request)
    441. 

  441.     {
    442. 

  442.         $check = model('User')->checkLogin();
    443. 

  443.         if ($check['code'] > 1) return json(['code' => 1401, 'msg' => lang('api/please_login_first')]);
    444. 

  444.         $uid = intval($check['info']['user_id']);
    445. 

  445.         $param = $request->param();
    446. 

  446.         $page = max(1, intval($param['page'] ?? 1));
    447. 

  447.         $limit = max(1, min(100, intval($param['limit'] ?? 20)));
    448. 

  448.         $where = ['user_id' => $uid];
    449. 

  449.         if (!empty($param['type'])) $where['ulog_type'] = intval($param['type']);
    450. 

  450.         if (!empty($param['mid'])) $where['ulog_mid'] = intval($param['mid']);
    451. 

  451.         $order = 'ulog_time desc';
    452. 

  452.         $res = model('Ulog')->listData($where, $order, $page, $limit);
    453. 

  453.         return json(['code' => 1, 'msg' => lang('obtain_ok'), 'info' => $res]);
    454. 

  454.     }
    455. 

  455. 

  456.     /**
    457. 

  457.      * 添加/更新用户行为日志(收藏/播放记录等)
    458. 

  458.      * api.php/user/add_ulog (POST)
    459. 

  459.      * 参数: mid, rid, type, [sid=0, nid=0]
    460. 

  460.      */
    461. 

  461.     public function add_ulog(Request $request)
    462. 

  462.     {
    463. 

  463.         $check = model('User')->checkLogin();
    464. 

  464.         if ($check['code'] > 1) return json(['code' => 1401, 'msg' => lang('api/please_login_first')]);
    465. 

  465.         $uid = intval($check['info']['user_id']);
    466. 

  466.         $param = $request->param();
    467. 

  467.         $data = [
    468. 

  468.             'ulog_mid'  => intval($param['mid'] ?? 0),
    469. 

  469.             'ulog_rid'  => intval($param['rid'] ?? 0),
    470. 

  470.             'ulog_type' => intval($param['type'] ?? 0),
    471. 

  471.             'ulog_sid'  => intval($param['sid'] ?? 0),
    472. 

  472.             'ulog_nid'  => intval($param['nid'] ?? 0),
    473. 

  473.             'user_id'   => $uid,
    474. 

  474.         ];
    475. 

  475.         if ($data['ulog_mid'] < 1 || $data['ulog_rid'] < 1 || $data['ulog_type'] < 1) {
    476. 

  476.             return json(['code' => 1001, 'msg' => lang('param_err')]);
    477. 

  477.         }
    478. 

  478.         // 已存在则更新时间
    479. 

  479.         $existing = model('Ulog')->infoData($data);
    480. 

  480.         if ($existing['code'] == 1) {
    481. 

  481.             model('Ulog')->where($data)->update(['ulog_time' => time()]);
    482. 

  482.             return json(['code' => 1, 'msg' => lang('update_ok')]);
    483. 

  483.         }
    484. 

  484.         $data['ulog_points'] = 0;
    485. 

  485.         $res = model('Ulog')->saveData($data);
    486. 

  486.         return json($res);
    487. 

  487.     }
    488. 

  488. 

  489.     /**
    490. 

  490.      * 删除用户行为日志(取消收藏/删除历史等)
    491. 

  491.      * api.php/user/del_ulog (POST)
    492. 

  492.      * 参数: ids=1,2,3 或 ulog_id=1
    493. 

  493.      */
    494. 

  494.     public function del_ulog(Request $request)
    495. 

  495.     {
    496. 

  496.         $check = model('User')->checkLogin();
    497. 

  497.         if ($check['code'] > 1) return json(['code' => 1401, 'msg' => lang('api/please_login_first')]);
    498. 

  498.         $uid = intval($check['info']['user_id']);
    499. 

  499.         $param = $request->param();
    500. 

  500.         // 清空某类日志:all=1 且 type=1..5(与 index user/ulog_del 一致)
    501. 

  501.         if (!empty($param['all']) && (string)$param['all'] === '1') {
    502. 

  502.             $type = isset($param['type']) ? (string)$param['type'] : '';
    503. 

  503.             if (!in_array($type, ['1', '2', '3', '4', '5'], true)) {
    504. 

  504.                 return json(['code' => 1001, 'msg' => lang('api/param_type_required')]);
    505. 

  505.             }
    506. 

  506.             $where = ['user_id' => $uid, 'ulog_type' => intval($type)];
    507. 

  507.             $return = model('Ulog')->delData($where);
    508. 

  508.             return json($return);
    509. 

  509.         }
    510. 

  510.         $ids = [];
    511. 

  511.         if (!empty($param['ids'])) {
    512. 

  512.             $ids = array_filter(array_map('intval', explode(',', $param['ids'])));
    513. 

  513.         } elseif (!empty($param['ulog_id'])) {
    514. 

  514.             $ids = [intval($param['ulog_id'])];
    515. 

  515.         }
    516. 

  516.         if (empty($ids)) {
    517. 

  517.             return json(['code' => 1001, 'msg' => lang('api/param_ids_required')]);
    518. 

  518.         }
    519. 

  519.         Db::name('ulog')->where(['user_id' => $uid, 'ulog_id' => ['in', $ids]])->delete();
    520. 

  520.         return json(['code' => 1, 'msg' => lang('del_ok')]);
    521. 

  521.     }
    522. 

  522. 

  523.     /**
    524. 

  524.      * 获取积分日志
    525. 

  525.      * api.php/user/get_plog?page=1&limit=20&filter=income|expense(可选,与 index user/plog 一致)
    526. 

  526.      */
    527. 

  527.     public function get_plog(Request $request)
    528. 

  528.     {
    529. 

  529.         $check = model('User')->checkLogin();
    530. 

  530.         if ($check['code'] > 1) return json(['code' => 1401, 'msg' => lang('api/please_login_first')]);
    531. 

  531.         $uid = intval($check['info']['user_id']);
    532. 

  532.         $param = $request->param();
    533. 

  533.         $page = max(1, intval($param['page'] ?? 1));
    534. 

  534.         $limit = max(1, min(100, intval($param['limit'] ?? 20)));
    535. 

  535.         $where = ['user_id' => $uid];
    536. 

  536.         $filter = isset($param['filter']) ? trim($param['filter']) : '';
    537. 

  537.         if ($filter === 'income') {
    538. 

  538.             $where['plog_type'] = ['in', [1, 2, 3, 4, 5, 6, 10, 11]];
    539. 

  539.         } elseif ($filter === 'expense') {
    540. 

  540.             $where['plog_type'] = ['in', [7, 8, 9]];
    541. 

  541.         }
    542. 

  542.         $order = 'plog_id desc';
    543. 

  543.         $res = model('Plog')->listData($where, $order, $page, $limit);
    544. 

  544.         $list = isset($res['list']) ? $res['list'] : [];
    545. 

  545.         $out = [];
    546. 

  546.         foreach ($list as $row) {
    547. 

  547.             $r = is_array($row) ? $row : (method_exists($row, 'toArray') ? $row->toArray() : []);
    548. 

  548.             $pt = isset($r['plog_type']) ? intval($r['plog_type']) : 0;
    549. 

  549.             $r['plog_type_text'] = ($pt >= 1 && $pt <= 11) ? mac_get_plog_type_text($pt) : '';
    550. 

  550.             $r['order_status'] = isset($r['order_status']) ? intval($r['order_status']) : 0;
    551. 

  551.             $out[] = $r;
    552. 

  552.         }
    553. 

  553.         $list = $out;
    554. 

  554.         $res['list'] = $list;
    555. 

  555.         return json(['code' => 1, 'msg' => lang('obtain_ok'), 'info' => [
    556. 

  556.             'page' => $res['page'],
    557. 

  557.             'limit' => $res['limit'],
    558. 

  558.             'total' => intval($res['total']),
    559. 

  559.             'pagecount' => intval($res['pagecount']),
    560. 

  560.             'list' => $list,
    561. 

  561.             'rows' => $list,
    562. 

  562.         ]]);
    563. 

  563.     }
    564. 

  564. 

  565.     /**
    566. 

  566.      * 删除积分日志
    567. 

  567.      * api.php/user/del_plog (POST) 参数同 index user/plog_del:ids、all=1 清空
    568. 

  568.      */
    569. 

  569.     public function del_plog(Request $request)
    570. 

  570.     {
    571. 

  571.         $check = model('User')->checkLogin();
    572. 

  572.         if ($check['code'] > 1) return json(['code' => 1401, 'msg' => lang('api/please_login_first')]);
    573. 

  573.         $uid = intval($check['info']['user_id']);
    574. 

  574.         $param = $request->post();
    575. 

  575.         $idsRaw = isset($param['ids']) ? htmlspecialchars(urldecode(trim($param['ids']))) : '';
    576. 

  576.         $all = isset($param['all']) ? $param['all'] : '';
    577. 

  577.         if (empty($idsRaw) && empty($all)) {
    578. 

  578.             return json(['code' => 1001, 'msg' => lang('param_err')]);
    579. 

  579.         }
    580. 

  580.         $where = ['user_id' => $uid];
    581. 

  581.         if ((string)$all !== '1') {
    582. 

  582.             $arr = [];
    583. 

  583.             foreach (explode(',', $idsRaw) as $v) {
    584. 

  584.                 $v = abs(intval($v));
    585. 

  585.                 if ($v > 0) {
    586. 

  586.                     $arr[$v] = $v;
    587. 

  587.                 }
    588. 

  588.             }
    589. 

  589.             if (empty($arr)) {
    590. 

  590.                 return json(['code' => 1001, 'msg' => lang('param_err')]);
    591. 

  591.             }
    592. 

  592.             $where['plog_id'] = ['in', array_values($arr)];
    593. 

  593.         }
    594. 

  594.         $return = model('Plog')->delData($where);
    595. 

  595.         return json($return);
    596. 

  596.     }
    597. 

  597. 

  598.     /**
    599. 

  599.      * 当前用户充值订单列表(与 index user/orders 数据源一致)
    600. 

  600.      * api.php/user/get_orders?page=1&limit=20
    601. 

  601.      */
    602. 

  602.     public function get_orders(Request $request)
    603. 

  603.     {
    604. 

  604.         $check = model('User')->checkLogin();
    605. 

  605.         if ($check['code'] > 1) return json(['code' => 1401, 'msg' => lang('api/please_login_first')]);
    606. 

  606.         $uid = intval($check['info']['user_id']);
    607. 

  607.         $param = $request->param();
    608. 

  608.         $page = max(1, intval($param['page'] ?? 1));
    609. 

  609.         $limit = max(1, min(100, intval($param['limit'] ?? 20)));
    610. 

  610.         $where = ['o.user_id' => $uid];
    611. 

  611.         $order = 'o.order_id desc';
    612. 

  612.         $res = model('Order')->listData($where, $order, $page, $limit);
    613. 

  613.         return json(['code' => 1, 'msg' => lang('obtain_ok'), 'info' => $res]);
    614. 

  614.     }
    615. 

  615. 

  616.     /**
    617. 

  617.      * 找回密码 - 发送验证码
    618. 

  618.      * api.php/user/find_password (POST)
    619. 

  619.      * 参数: user_email 或 user_phone
    620. 

  620.      */
    621. 

  621.     public function find_password(Request $request)
    622. 

  622.     {
    623. 

  623.         $param = $request->param();
    624. 

  624.         if (empty($param['user_email']) && empty($param['user_phone'])) {
    625. 

  625.             return json(['code' => 1001, 'msg' => lang('api/findpass_need_contact')]);
    626. 

  626.         }
    627. 

  627.         $res = model('User')->reg_msg($param);
    628. 

  628.         return json($res);
    629. 

  629.     }
    630. 

  630. 

  631.     /**
    632. 

  632.      * 批量检查用户收藏状态
    633. 

  633.      * 对应首页 Banner 区的收藏按钮,判断用户是否已收藏某些影片
    634. 

  634.      *
    635. 

  635.      * @param Request $request
    636. 

  636.      * @return \think\response\Json
    637. 

  637.      *
    638. 

  638.      * 参数说明:
    639. 

  639.      *   vod_ids  - 必须,影片ID列表,多个用逗号分隔,如 "1,2,3"
    640. 

  640.      *   mid      - 可选,模型ID,默认1(视频),2=文章,3=专题,8=明星
    641. 

  641.      *   ulog_type - 可选,日志类型,默认2(收藏)
    642. 

  642.      */
    643. 

  643.     public function get_favorites_status(Request $request)
    644. 

  644.     {
    645. 

  645.         // 需要用户登录
    646. 

  646.         $check = model('User')->checkLogin();
    647. 

  647.         if ($check['code'] > 1) {
    648. 

  648.             return json([
    649. 

  649.                 'code' => 1401,
    650. 

  650.                 'msg'  => lang('api/please_login_first'),
    651. 

  651.             ]);
    652. 

  652.         }
    653. 

  653. 

  654.         $user_id = intval($check['info']['user_id']);
    655. 

  655.         $param = $request->param();
    656. 

  656. 

  657.         if (empty($param['vod_ids'])) {
    658. 

  658.             return json(['code' => 1001, 'msg' => lang('api/param_vod_ids_required')]);
    659. 

  659.         }
    660. 

  660. 

  661.         $vodIds = array_map('intval', explode(',', $param['vod_ids']));
    662. 

  662.         $mid = isset($param['mid']) ? (int)$param['mid'] : 1;
    663. 

  663.         $ulogType = isset($param['ulog_type']) ? (int)$param['ulog_type'] : 2;
    664. 

  664. 

  665.         // 查询该用户对应 mid 和 type 的收藏记录
    666. 

  666.         $where = [
    667. 

  667.             'user_id'   => $user_id,
    668. 

  668.             'ulog_mid'  => $mid,
    669. 

  669.             'ulog_type' => $ulogType,
    670. 

  670.             'ulog_rid'  => ['in', $vodIds],
    671. 

  671.         ];
    672. 

  672. 

  673.         $favorites = Db::name('ulog')
    674. 

  674.             ->field('ulog_id,ulog_rid')
    675. 

  675.             ->where($where)
    676. 

  676.             ->select();
    677. 

  677. 

  678.         // 构建 rid => ulog_id 的映射
    679. 

  679.         $favMap = [];
    680. 

  680.         foreach ($favorites as $fav) {
    681. 

  681.             $favMap[$fav['ulog_rid']] = $fav['ulog_id'];
    682. 

  682.         }
    683. 

  683. 

  684.         // 返回每个 vod_id 的收藏状态
    685. 

  685.         $result = [];
    686. 

  686.         foreach ($vodIds as $id) {
    687. 

  687.             $result[] = [
    688. 

  688.                 'rid'      => $id,
    689. 

  689.                 'is_fav'   => isset($favMap[$id]) ? 1 : 0,
    690. 

  690.                 'ulog_id'  => isset($favMap[$id]) ? $favMap[$id] : 0,
    691. 

  691.             ];
    692. 

  692.         }
    693. 

  693. 

  694.         return json([
    695. 

  695.             'code' => 1,
    696. 

  696.             'msg'  => lang('obtain_ok'),
    697. 

  697.             'info' => [
    698. 

  698.                 'total' => count($result),
    699. 

  699.                 'rows'  => $result,
    700. 

  700.             ],
    701. 

  701.         ]);
    702. 

  702.     }
    703. 

  703. 

  704.     /**
    705. 

  705.      * 获取分销推广下线列表
    706. 

  706.      * GET api.php/user/get_reward_list?level=1&page=1&limit=20
    707. 

  707.      *
    708. 

  708.      * @param  level  int  可选,下线层级:1=一级(默认), 2=二级, 3=三级
    709. 

  709.      * @param  page   int  可选,页码,默认1
    710. 

  710.      * @param  limit  int  可选,每页条数,默认20,最大100
    711. 

  711.      * @return JSON   {code:1, msg:'获取成功', info:{page, pagecount, limit, total, list:[...]}}
    712. 

  712.      */
    713. 

  713.     public function get_reward_list(Request $request)
    714. 

  714.     {
    715. 

  715.         $check = model('User')->checkLogin();
    716. 

  716.         if ($check['code'] > 1) {
    717. 

  717.             return json(['code' => 1401, 'msg' => lang('api/please_login_first')]);
    718. 

  718.         }
    719. 

  719.         $uid = intval($check['info']['user_id']);
    720. 

  720. 

  721.         $param = $request->param();
    722. 

  722.         $page  = max(1, intval($param['page'] ?? 1));
    723. 

  723.         $limit = max(1, min(100, intval($param['limit'] ?? 20)));
    724. 

  724.         $level = intval($param['level'] ?? 1);
    725. 

  725. 

  726.         $where = [];
    727. 

  727.         if ($level == 2) {
    728. 

  728.             $where['user_pid_2'] = ['eq', $uid];
    729. 

  729.         } elseif ($level == 3) {
    730. 

  730.             $where['user_pid_3'] = ['eq', $uid];
    731. 

  731.         } else {
    732. 

  732.             $where['user_pid'] = ['eq', $uid];
    733. 

  733.         }
    734. 

  734. 

  735.         $order = 'user_id desc';
    736. 

  736.         $res   = model('User')->listData($where, $order, $page, $limit);
    737. 

  737. 

  738.         return json([
    739. 

  739.             'code' => 1,
    740. 

  740.             'msg'  => lang('obtain_ok'),
    741. 

  741.             'info' => $res,
    742. 

  742.         ]);
    743. 

  743.     }
    744. 

  744. 

  745.     /**
    746. 

  746.      * 充值/升级合并页:升级区数据 JSON(会员信息 + 可购套餐)
    747. 

  747.      * GET api.php/user/ajax_upgrade_data
    748. 

  748.      */
    749. 

  749.     public function ajax_upgrade_data(Request $request)
    750. 

  750.     {
    751. 

  751.         if ($request->isPost()) {
    752. 

  752.             return json(['code' => 1001, 'msg' => lang('param_err')]);
    753. 

  753.         }
    754. 

  754. 

  755.         $group_list = model('Group')->getCache();
    756. 

  756.         $scale = max(1, intval($GLOBALS['config']['pay']['scale']));
    757. 

  757.         $groups = [];
    758. 

  758.         foreach ($group_list as $vo) {
    759. 

  759.             if (!is_array($vo)) {
    760. 

  760.                 continue;
    761. 

  761.             }
    762. 

  762.             if (intval($vo['group_id']) <= 2 || intval($vo['group_status']) !== 1) {
    763. 

  763.                 continue;
    764. 

  764.             }
    765. 

  765.             $gid = intval($vo['group_id']);
    766. 

  766.             $pd = intval($vo['group_points_day']);
    767. 

  767.             $pw = intval($vo['group_points_week']);
    768. 

  768.             $pm = intval($vo['group_points_month']);
    769. 

  769.             $py = intval($vo['group_points_year']);
    770. 

  770.             $groups[] = [
    771. 

  771.                 'group_id' => $gid,
    772. 

  772.                 'group_name' => (string)$vo['group_name'],
    773. 

  773.                 'group_points_day' => $pd,
    774. 

  774.                 'group_points_week' => $pw,
    775. 

  775.                 'group_points_month' => $pm,
    776. 

  776.                 'group_points_year' => $py,
    777. 

  777.                 'price_day' => round($pd / $scale, 2),
    778. 

  778.                 'price_week' => round($pw / $scale, 2),
    779. 

  779.                 'price_month' => round($pm / $scale, 2),
    780. 

  780.                 'price_year' => round($py / $scale, 2),
    781. 

  781.             ];
    782. 

  782.         }
    783. 

  783. 

  784.         $u = $GLOBALS['user'];
    785. 

  785.         $uid = intval($u['user_id'] ?? 0);
    786. 

  786.         $gidUser = intval($u['group_id'] ?? 1);
    787. 

  787. 

  788.         if ($uid < 1) {
    789. 

  789.             $expireMode = 'guest';
    790. 

  790.             $expireDate = null;
    791. 

  791.             $memberMode = 'guest';
    792. 

  792.             $memberName = null;
    793. 

  793.         } else {
    794. 

  794.             if ($gidUser < 3) {
    795. 

  795.                 $expireMode = 'permanent';
    796. 

  796.                 $expireDate = null;
    797. 

  797.             } else {
    798. 

  798.                 $expireMode = 'date';
    799. 

  799.                 $expireDate = (string)mac_day($u['user_end_time'] ?? '');
    800. 

  800.             }
    801. 

  801.             $memberMode = 'member';
    802. 

  802.             $glName = (string)(($u['group']['group_name'] ?? '') ?: ($group_list[$gidUser]['group_name'] ?? ''));
    803. 

  803.             $memberName = $glName;
    804. 

  804.         }
    805. 

  805. 

  806.         return json([
    807. 

  807.             'code' => 1,
    808. 

  808.             'msg' => 'ok',
    809. 

  809.             'data' => [
    810. 

  810.                 'is_login' => $uid > 0,
    811. 

  811.                 'user_points' => intval($u['user_points'] ?? 0),
    812. 

  812.                 'user_group_id' => $gidUser,
    813. 

  813.                 'expire_mode' => $expireMode,
    814. 

  814.                 'expire_date' => $expireDate,
    815. 

  815.                 'member_mode' => $memberMode,
    816. 

  816.                 'member_name' => $memberName,
    817. 

  817.                 'groups' => $groups,
    818. 

  818.             ],
    819. 

  819.         ]);
    820. 

  820.     }
    821. 

  821. 

  822.     /**
    823. 

  823.      * 会员现金升级:创建 UPG 订单
    824. 

  824.      * POST api.php/user/upgrade_order_create  参数 group_id, long
    825. 

  825.      */
    826. 

  826.     public function upgrade_order_create(Request $request)
    827. 

  827.     {
    828. 

  828.         if (!$request->isPost()) {
    829. 

  829.             return json(['code' => 1001, 'msg' => lang('param_err')]);
    830. 

  830.         }
    831. 

  831.         if ($GLOBALS['user']['user_id'] < 1) {
    832. 

  832.             return json(['code' => 1002, 'msg' => lang('index/not_login')]);
    833. 

  833.         }
    834. 

  834. 

  835.         $param = $request->param();
    836. 

  836.         $group_id = intval($param['group_id'] ?? 0);
    837. 

  837.         $long = trim((string)($param['long'] ?? ''));
    838. 

  838.         $points_long = ['day' => 86400, 'week' => 86400 * 7, 'month' => 86400 * 30, 'year' => 86400 * 365];
    839. 

  839.         if (!array_key_exists($long, $points_long) || $group_id < 3) {
    840. 

  840.             return json(['code' => 1003, 'msg' => lang('param_err')]);
    841. 

  841.         }
    842. 

  842. 

  843.         $group_list = model('Group')->getCache();
    844. 

  844.         if (!isset($group_list[$group_id])) {
    845. 

  845.             return json(['code' => 1004, 'msg' => lang('model/user/group_not_found')]);
    846. 

  846.         }
    847. 

  847.         $group_info = $group_list[$group_id];
    848. 

  848.         if (empty($group_info) || intval($group_info['group_status']) !== 1) {
    849. 

  849.             return json(['code' => 1004, 'msg' => lang('model/user/group_not_found')]);
    850. 

  850.         }
    851. 

  851. 

  852.         $point = intval($group_info['group_points_' . $long]);
    853. 

  853.         if ($point < 1) {
    854. 

  854.             return json(['code' => 1005, 'msg' => lang('api/plan_not_available')]);
    855. 

  855.         }
    856. 

  856.         $scale = max(1, intval($GLOBALS['config']['pay']['scale']));
    857. 

  857.         $price = round($point / $scale, 2);
    858. 

  858. 

  859.         $remarks = [
    860. 

  860.             'biz' => 'member_upgrade',
    861. 

  861.             'group_id' => $group_id,
    862. 

  862.             'group_name' => $group_info['group_name'],
    863. 

  863.             'long' => $long,
    864. 

  864.             'upgrade_points' => $point,
    865. 

  865.         ];
    866. 

  866. 

  867.         $data = [];
    868. 

  868.         $data['user_id'] = intval($GLOBALS['user']['user_id']);
    869. 

  869.         $data['order_code'] = 'UPG' . mac_get_uniqid_code();
    870. 

  870.         $data['order_price'] = $price;
    871. 

  871.         $data['order_points'] = $point;
    872. 

  872.         $data['order_remarks'] = json_encode($remarks, JSON_UNESCAPED_UNICODE);
    873. 

  873. 

  874.         $res = model('Order')->saveData($data);
    875. 

  875.         if ($res['code'] > 1) {
    876. 

  876.             return json($res);
    877. 

  877.         }
    878. 

  878. 

  879.         $this_order = model('Order')->infoData(['order_code' => $data['order_code'], 'user_id' => $data['user_id']]);
    880. 

  880.         if ($this_order['code'] > 1) {
    881. 

  881.             return json($this_order);
    882. 

  882.         }
    883. 

  883. 

  884.         $pay_url = Url::build('index/user/pay', ['order_code' => $data['order_code']]);
    885. 

  885. 

  886.         return json([
    887. 

  887.             'code' => 1,
    888. 

  888.             'msg' => lang('save_ok'),
    889. 

  889.             'data' => [
    890. 

  890.                 'order_id' => intval($this_order['info']['order_id']),
    891. 

  891.                 'order_code' => $data['order_code'],
    892. 

  892.                 'order_price' => $price,
    893. 

  893.                 'order_points' => $point,
    894. 

  894.                 'pay_url' => $pay_url,
    895. 

  895.             ],
    896. 

  896.         ]);
    897. 

  897.     }
    898. 

  898. 

  899.     /**
    900. 

  900.      * 登录接口 IP 速率限制:每个 IP 每 60 秒最多 10 次登录尝试
    901. 

  901.      * 使用 cache() 实现,与 UEditor AI 限流方案一致
    902. 

  902.      *
    903. 

  903.      * @return true|\think\response\Json  通过返回 true,被限制返回 JSON 响应
    904. 

  904.      */
    905. 

  905.     private function _checkLoginRateLimit()
    906. 

  906.     {
    907. 

  907.         $ip = mac_get_ip_long();
    908. 

  908.         $key = 'api_login_rl_' . $ip;
    909. 

  909.         $limit = 10;   // 每窗口最大尝试次数
    910. 

  910.         $window = 60;  // 窗口时间(秒)
    911. 

  911. 

  912.         $count = (int) cache($key);
    913. 

  913.         if ($count >= $limit) {
    914. 

  914.             return json(['code' => 1020, 'msg' => lang('api/login_rate_limited', [(string) $window])]);
    915. 

  915.         }
    916. 

  916.         if ($count === 0) {
    917. 

  917.             cache($key, 1, $window);
    918. 

  918.         } else {
    919. 

  919.             cache($key, $count + 1, $window);
    920. 

  920.         }
    921. 

  921.         return true;
    922. 

  922.     }
    923. 

  923. }
    924.