/** * 供外部支付验证使用 IMPORTANT * GET参数如下: * @param string from 来源标识 * @param string data 加密数据字符串,data解密后包含如下字段: * string ukey 用户标识,必须(准考证号) * string pass 密码,若有该字段,表示转账 * string auth 密码代替验证,若有该字段,表示转账,是array('ukey' => '', 'amount' => '')的加密值 * int amount 转账金额,不可为0,若有该字段,则表示转账 * 返回的为json格式的array数据: * string error 若有该参数,则表明有错误信息 * string data 该参数表示返回的加密信息字符串,这里返回的是用户信息,解密后为array类型包含如下字段: * string ukey 用户标识 * int account 当前余额 */ public function paytrans() { $resp = new AjaxResponse(); while (true) { $from = $_GET['from']; $lv_cfg = C('loginverify'); if (!$lv_cfg) { $resp->alert('非法访问来源0'); break; } if (!isset($lv_cfg[$from])) { $resp->alert('非法访问来源1'); break; } $hashcode = $lv_cfg[$from]['hashcode']; $enc_data = $_GET['data']; $param0 = Func::decrypt($enc_data, $hashcode); //header('Content-Type:application/json;charset=UTF-8'); if ($param0 === false) { $resp->alert('非法访问'); break; } if (!isset($param0['ukey'])) { $resp->alert('非法访问参数'); break; } $uinfo = StudentModel::get_student_by_exam_ticket($param0['ukey'], 'uid,exam_ticket,password,account'); if (empty($uinfo)) { $resp->alert('非法用户'); break; } if ((isset($param0['pass']) || isset($param0['auth'])) && isset($param0['amount'])) { if (!Validate::isInt($param0['amount']) || $param0['amount'] == 0) { $resp->alert('转账金额不能为0'); break; } if (isset($param0['pass']) && my_md5($param0['pass']) == $uinfo['password'] || isset($param0['auth']) && Func::encrypt(array('ukey' => $param0['ukey'], 'amount' => $param0['amount']), $hashcode) == $param0['auth']) { if (bcadd($uinfo['account'], $param0['amount'], 0) < 0) { $resp->alert('用户余额不足'); break; } // 这里开始交易 $tr_no = TransactionRecordModel::genTransactionRecordTrNo(); $db = Fn::db(); $db->beginTransaction(); $rec = array('tr_no' => $tr_no, 'tr_type' => 4, 'tr_uid' => $uinfo['uid'], 'tr_pid' => NULL, 'tr_money' => bcadd($uinfo['account'], $param0['amount'], 0), 'tr_cash' => NULL, 'tr_trade_amount' => $param0['amount'], 'tr_adminid' => 1, 'tr_flag' => 2, 'tr_createtime' => time()); $rec['tr_finishtime'] = $rec['tr_createtime']; if ($param0['amount'] > 0) { $rec['tr_comment'] = "从{$lv_cfg[$from]['name']}转入{$param0['amount']}择明通宝"; } else { $v = 0 - $param0['amount']; $rec['tr_comment'] = "转出{$v}择明通宝到{$lv_cfg[$from]['name']}"; } try { $db->insert('t_transaction_record', $rec); $db->update('rd_student', array('account' => $rec['tr_money']), 'uid = ' . $uinfo['uid']); $db->commit(); } catch (Exception $e) { $db->rollBack(); $resp->alert('转账失败'); break; } $uinfo['account'] = $rec['tr_money']; $resp->exdata = array('ukey' => $uinfo['exam_ticket'], 'account' => $uinfo['account']); } else { $resp->alert('用户验证未通过'); } break; } // 只显示余额 $resp->exdata = array('ukey' => $uinfo['exam_ticket'], 'account' => $uinfo['account']); break; } $json_data = array(); if ($resp->exdata) { $json_data['data'] = Func::encrypt($resp->exdata, $hashcode); } else { $resp_data = json_decode($resp->__toString(), true); $json_data['error'] = $resp_data[0][1]; } $json_str = json_encode($json_data); header('Content-Type:application/json;charset=UTF-8'); echo "{$json_str}"; exit; }