/**
* 供外部支付验证使用 IMPORTANT
* GET参数如下:
* @param string from 来源标识
* @param string data 加密数据字符串,data解密后包含如下字段:
* string ukey 用户标识,必须(准考证号)
* string pass 密码,若有该字段,表示转账
* string auth 密码代替验证,若有该字段,表示转账,是array('ukey' => '', 'amount' => '')的加密值
* int amount 转账金额,不可为0,若有该字段,则表示转账
* 返回的为json格式的array数据:
* string error 若有该参数,则表明有错误信息
* string data 该参数表示返回的加密信息字符串,这里返回的是用户信息,解密后为array类型包含如下字段:
* string ukey 用户标识
* int account 当前余额
*/
public function paytrans()
{
$resp = new AjaxResponse();
while (true) {
$from = $_GET['from'];
$lv_cfg = C('loginverify');
if (!$lv_cfg) {
$resp->alert('非法访问来源0');
break;
}
if (!isset($lv_cfg[$from])) {
$resp->alert('非法访问来源1');
break;
}
$hashcode = $lv_cfg[$from]['hashcode'];
$enc_data = $_GET['data'];
$param0 = Func::decrypt($enc_data, $hashcode);
//header('Content-Type:application/json;charset=UTF-8');
if ($param0 === false) {
$resp->alert('非法访问');
break;
}
if (!isset($param0['ukey'])) {
$resp->alert('非法访问参数');
break;
}
$uinfo = StudentModel::get_student_by_exam_ticket($param0['ukey'], 'uid,exam_ticket,password,account');
if (empty($uinfo)) {
$resp->alert('非法用户');
break;
}
if ((isset($param0['pass']) || isset($param0['auth'])) && isset($param0['amount'])) {
if (!Validate::isInt($param0['amount']) || $param0['amount'] == 0) {
$resp->alert('转账金额不能为0');
break;
}
if (isset($param0['pass']) && my_md5($param0['pass']) == $uinfo['password'] || isset($param0['auth']) && Func::encrypt(array('ukey' => $param0['ukey'], 'amount' => $param0['amount']), $hashcode) == $param0['auth']) {
if (bcadd($uinfo['account'], $param0['amount'], 0) < 0) {
$resp->alert('用户余额不足');
break;
}
// 这里开始交易
$tr_no = TransactionRecordModel::genTransactionRecordTrNo();
$db = Fn::db();
$db->beginTransaction();
$rec = array('tr_no' => $tr_no, 'tr_type' => 4, 'tr_uid' => $uinfo['uid'], 'tr_pid' => NULL, 'tr_money' => bcadd($uinfo['account'], $param0['amount'], 0), 'tr_cash' => NULL, 'tr_trade_amount' => $param0['amount'], 'tr_adminid' => 1, 'tr_flag' => 2, 'tr_createtime' => time());
$rec['tr_finishtime'] = $rec['tr_createtime'];
if ($param0['amount'] > 0) {
$rec['tr_comment'] = "从{$lv_cfg[$from]['name']}转入{$param0['amount']}择明通宝";
} else {
$v = 0 - $param0['amount'];
$rec['tr_comment'] = "转出{$v}择明通宝到{$lv_cfg[$from]['name']}";
}
try {
$db->insert('t_transaction_record', $rec);
$db->update('rd_student', array('account' => $rec['tr_money']), 'uid = ' . $uinfo['uid']);
$db->commit();
} catch (Exception $e) {
$db->rollBack();
$resp->alert('转账失败');
break;
}
$uinfo['account'] = $rec['tr_money'];
$resp->exdata = array('ukey' => $uinfo['exam_ticket'], 'account' => $uinfo['account']);
} else {
$resp->alert('用户验证未通过');
}
break;
}
// 只显示余额
$resp->exdata = array('ukey' => $uinfo['exam_ticket'], 'account' => $uinfo['account']);
break;
}
$json_data = array();
if ($resp->exdata) {
$json_data['data'] = Func::encrypt($resp->exdata, $hashcode);
} else {
$resp_data = json_decode($resp->__toString(), true);
$json_data['error'] = $resp_data[0][1];
}
$json_str = json_encode($json_data);
header('Content-Type:application/json;charset=UTF-8');
echo "{$json_str}";
exit;
}
