Membersecurity.php 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524
  1. <?php
  2. namespace app\home\controller;
  3. use think\facade\View;
  4. use think\facade\Lang;
  5. /**
  6. * ============================================================================
  7. * DSMall多用户商城
  8. * ============================================================================
  9. * 版权所有 2014-2028 长沙德尚网络科技有限公司,并保留所有权利。
  10. * 网站地址: http://www.csdeshang.com
  11. * ----------------------------------------------------------------------------
  12. * 这不是一个自由软件!您只能在不用于商业目的的前提下对程序代码进行修改和使用 .
  13. * 不允许对程序代码以任何形式任何目的的再发布。
  14. * ============================================================================
  15. * 控制器
  16. */
  17. class Membersecurity extends BaseMember {
  18. public function initialize() {
  19. parent::initialize();
  20. Lang::load(base_path() . 'home/lang/' . config('lang.default_lang') . '/memberpoints.lang.php');
  21. }
  22. public function index() {
  23. $member_info = $this->member_info;
  24. $member_info['security_level'] = model('member')->getMemberSecurityLevel($member_info);
  25. View::assign('member_info', $member_info);
  26. /* 设置买家当前菜单 */
  27. $this->setMemberCurMenu('member_security');
  28. /* 设置买家当前栏目 */
  29. $this->setMemberCurItem('index');
  30. return View::fetch($this->template_dir . 'index');
  31. }
  32. /**
  33. * 绑定邮箱 - 发送邮件
  34. */
  35. public function send_bind_email() {
  36. $email = input('param.email');
  37. $membersecurity_validate = ds_validate('membersecurity');
  38. if (!$membersecurity_validate->scene('send_bind_email')->check(array('email' => $email))) {
  39. ds_json_encode(10001, $membersecurity_validate->getError());
  40. }
  41. $member_model = model('member');
  42. $condition = array();
  43. $condition[]=array('member_email','=',$email);
  44. $condition[] = array('member_id','<>', session('member_id'));
  45. $member_info = $member_model->getMemberInfo($condition, 'member_id');
  46. if ($member_info) {
  47. ds_json_encode(10001, lang('mailbox_has_been_used'));
  48. }
  49. //验证发送频率
  50. $verify_code_model = model('verify_code');
  51. $result = $verify_code_model->isVerifyCodeFrequant(5, 1);
  52. if (!$result['code']) {
  53. ds_json_encode(10001, $result['msg']);
  54. }
  55. $verify_code = $verify_code_model->genVerifyCode(5, 1);
  56. if (!$verify_code) {
  57. ds_json_encode(10001, lang('system_error'));
  58. }
  59. $uid = base64_encode(ds_encrypt(session('member_id') . ' ' . $email));
  60. $verify_url = HOME_SITE_URL . '/Login/bind_email.html?uid=' . $uid . '&hash=' . md5($verify_code);
  61. $mailtemplates_model = model('mailtemplates');
  62. $tpl_info = $mailtemplates_model->getTplInfo(array('mailmt_code' => 'bind_email'));
  63. $param = array();
  64. $param['site_name'] = config('ds_config.site_name');
  65. $param['user_name'] = session('member_name');
  66. $param['verify_url'] = $verify_url;
  67. $subject = ds_replace_text($tpl_info['mailmt_title'], $param);
  68. $message = ds_replace_text($tpl_info['mailmt_content'], $param);
  69. $message = htmlspecialchars_decode($message);
  70. $ob_email = new \sendmsg\Email();
  71. $result = $ob_email->send_sys_email($email, $subject, $message);
  72. if ($result) {
  73. $ip = request()->ip();
  74. $flag = $verify_code_model->addVerifyCode(array(
  75. 'verify_code_type' => 5,
  76. 'verify_code' => $verify_code,
  77. 'verify_code_user_type' => 1,
  78. 'verify_code_user_id' => session('member_id'),
  79. 'verify_code_user_name' => session('member_name'),
  80. 'verify_code_add_time' => TIMESTAMP,
  81. 'verify_code_ip' => $ip,
  82. ));
  83. if (!$flag) {
  84. ds_json_encode(10001, lang('system_error'));
  85. }
  86. $data = array();
  87. $data['member_email'] = $email;
  88. $data['member_emailbind'] = 0;
  89. $member_model->editMember(array('member_id' => session('member_id')), $data,session('member_id'));
  90. ds_json_encode(10000, lang('verify_mail_been_sent_mailbox'));
  91. } else {
  92. ds_json_encode(10001, lang('system_error'));
  93. }
  94. }
  95. public function auth() {
  96. $member_model = model('member');
  97. $type = input('param.type');
  98. if (!request()->isPost()) {
  99. if (!in_array($type, array('modify_pwd', 'modify_mobile', 'modify_email', 'modify_paypwd', 'pd_cash'))) {
  100. $this->redirect('Membersecurity/index');
  101. }
  102. //继承父类的member_info
  103. $member_info = $this->member_info;
  104. if (!$member_info) {
  105. $member_info = $member_model->getMemberInfo(array('member_id' => session('member_id')), 'member_email,member_emailbind,member_mobile,member_mobilebind');
  106. }
  107. //第一次绑定邮箱,不用发验证码,直接进下一步
  108. //第一次绑定手机,不用发验证码,直接进下一步
  109. if (($type == 'modify_email' && $member_info['member_emailbind'] == '0') || ($type == 'modify_mobile' && $member_info['member_mobilebind'] == '0')) {
  110. session('auth_' . $type, TIMESTAMP);
  111. /* 设置买家当前菜单 */
  112. $this->setMemberCurMenu('member_security');
  113. /* 设置买家当前栏目 */
  114. $this->setMemberCurItem($type);
  115. echo View::fetch($this->template_dir . $type);
  116. exit;
  117. }
  118. //修改密码、设置支付密码时,必须绑定邮箱或手机
  119. if (in_array($type, array('modify_pwd', 'modify_paypwd')) && $member_info['member_emailbind'] == '0' && $member_info['member_mobilebind'] == '0') {
  120. $this->error(lang('please_bind_email_phone_first'), 'membersecurity/index');
  121. }
  122. View::assign('member_info', $member_info);
  123. /* 设置买家当前菜单 */
  124. $this->setMemberCurMenu('member_security');
  125. /* 设置买家当前栏目 */
  126. $this->setMemberCurItem($type);
  127. return View::fetch($this->template_dir . 'auth');
  128. } else {
  129. if (!in_array($type, array('modify_pwd', 'modify_mobile', 'modify_email', 'modify_paypwd', 'pd_cash'))) {
  130. $this->redirect((string)url('Membersecurity/index'));
  131. }
  132. $verify_code = input('post.auth_code');
  133. $validate_data = array(
  134. 'verify_code' => $verify_code,
  135. );
  136. $verify_code_validate = ds_validate('verify_code');
  137. if (!$verify_code_validate->scene('verify_code_search')->check($validate_data)) {
  138. $this->error($verify_code_validate->getError());
  139. }
  140. $verify_code_model = model('verify_code');
  141. if (!$verify_code_model->getVerifyCodeInfo(array(array('verify_code_type' ,'=', 6), array('verify_code_user_type' ,'=', 1), array('verify_code_user_id' ,'=', session('member_id')), array('verify_code' ,'=', $verify_code), array('verify_code_add_time','>', TIMESTAMP - VERIFY_CODE_INVALIDE_MINUTE * 60)))) {
  142. $this->error(lang('validation_fails'));
  143. }
  144. //当类型为提现 获取用户绑定的银行卡账户列表
  145. if($type == 'pd_cash'){
  146. $memberbank_list = model('memberbank')->getMemberbankList(array('member_id'=> session('member_id')));
  147. $member_wxinfo= unserialize($this->member_info['member_wxinfo']);
  148. if(!empty($member_wxinfo) && is_array($member_wxinfo) && isset($member_wxinfo['member_wxopenid']) && $member_wxinfo['member_wxopenid']){
  149. if(empty($memberbank_list)){
  150. $memberbank_list=array();
  151. }
  152. $memberbank_list[]=array('memberbank_id'=>-1,'memberbank_type'=>'weixin','memberbank_no'=>$member_wxinfo['nickname'],'member_wxinfo'=>$member_wxinfo);
  153. }
  154. View::assign('memberbank_list',$memberbank_list);
  155. }
  156. session('auth_' . $type, TIMESTAMP);
  157. /* 设置买家当前菜单 */
  158. $this->setMemberCurMenu('member_security');
  159. /* 设置买家当前栏目 */
  160. $this->setMemberCurItem($type);
  161. return View::fetch($this->template_dir . $type);
  162. }
  163. }
  164. /**
  165. * 统一发送身份验证码
  166. */
  167. public function send_auth_code() {
  168. $type = input('param.type');
  169. if (!in_array($type, array('email', 'mobile')))
  170. exit();
  171. $member_model = model('member');
  172. $member_info = $member_model->getMemberInfoByID(session('member_id'));
  173. //验证发送频率
  174. $verify_code_model = model('verify_code');
  175. $result = $verify_code_model->isVerifyCodeFrequant(6, 1);
  176. if (!$result['code']) {
  177. exit(json_encode(array('state' => 'false', 'msg' => $result['msg'])));
  178. }
  179. $verify_code = $verify_code_model->genVerifyCode(6, 1);
  180. if (!$verify_code) {
  181. exit(json_encode(array('state' => 'false', 'msg' => lang('system_error'))));
  182. }
  183. $mailtemplates_model = model('mailtemplates');
  184. $tpl_info = $mailtemplates_model->getTplInfo(array('mailmt_code' => 'authenticate'));
  185. $param = array();
  186. $param['code'] = $verify_code;
  187. $ten_param=array($verify_code);
  188. $subject = ds_replace_text($tpl_info['mailmt_title'], $param);
  189. $message = ds_replace_text($tpl_info['mailmt_content'], $param);
  190. if ($type == 'email') {
  191. $email = new \sendmsg\Email();
  192. $result['state'] = $email->send_sys_email($member_info["member_email"], $subject, $message);
  193. } elseif ($type == 'mobile') {
  194. $smslog_param=array(
  195. 'ali_template_code'=>$tpl_info['ali_template_code'],
  196. 'ali_template_param'=>$param,
  197. 'ten_template_code'=>$tpl_info['ten_template_code'],
  198. 'ten_template_param'=>$ten_param,
  199. 'message'=>$message,
  200. );
  201. $result = model('smslog')->sendSms($member_info["member_mobile"], $smslog_param,5,$verify_code);
  202. }
  203. if ($result['state']) {
  204. $ip = request()->ip();
  205. $flag = $verify_code_model->addVerifyCode(array(
  206. 'verify_code_type' => 6,
  207. 'verify_code' => $verify_code,
  208. 'verify_code_user_type' => 1,
  209. 'verify_code_user_id' => session('member_id'),
  210. 'verify_code_user_name' => session('member_name'),
  211. 'verify_code_add_time' => TIMESTAMP,
  212. 'verify_code_ip' => $ip,
  213. ));
  214. if (!$flag) {
  215. exit(json_encode(array('state' => 'false', 'msg' => lang('system_error'))));
  216. }
  217. exit(json_encode(array('state' => 'true', 'msg' => lang('verification_code_has_been_sent'))));
  218. } else {
  219. exit(json_encode(array('state' => 'false', 'msg' => isset($result['message']) ? $result['message'] : lang('verification_code_sending_failed'))));
  220. }
  221. }
  222. /**
  223. * 修改密码
  224. */
  225. public function modify_pwd() {
  226. $member_model = model('member');
  227. //身份验证后,需要在30分钟内完成修改密码操作
  228. if (TIMESTAMP - session('auth_modify_pwd') > 1800) {
  229. ds_json_encode(10001, lang('operation_timed_out'));
  230. }
  231. if (!request()->isPost()) {
  232. exit();
  233. }
  234. $data = array(
  235. 'password' => input('post.password'),
  236. 'confirm_password' => input('post.confirm_password'),
  237. );
  238. $membersecurity_validate = ds_validate('membersecurity');
  239. if (!$membersecurity_validate->scene('modify_pwd')->check($data)) {
  240. ds_json_encode(10001, $membersecurity_validate->getError());
  241. }
  242. if ($data['password'] != $data['confirm_password']) {
  243. ds_json_encode(10001, lang('two_password_inconsistencies'));
  244. }
  245. //判断当前的密码是否和原密码相同
  246. $member_info = $member_model->getMemberInfo(array('member_id' => session('member_id')));
  247. if ($member_info['member_password'] == md5($data['password'])) {
  248. ds_json_encode(10001, lang('new_password_same'));
  249. }
  250. $update = $member_model->editMember(array('member_id' => session('member_id')), array('member_password' => md5($data['password'])),session('member_id'));
  251. $message = $update ? lang('password_modify_successfully') : 'operation_timed_out';
  252. session('auth_modify_pwd', NULL);
  253. if ($update) {
  254. ds_json_encode(10000, $message);
  255. } else {
  256. ds_json_encode(10001, $message);
  257. }
  258. }
  259. /**
  260. * 设置支付密码
  261. */
  262. public function modify_paypwd() {
  263. $member_model = model('member');
  264. //身份验证后,需要在30分钟内完成修改密码操作
  265. if (TIMESTAMP - session('auth_modify_paypwd') > 1800) {
  266. $this->error(lang('operation_timed_out'), (string)url('Membersecurity/auth', ['type' => 'modify_paypwd']));
  267. }
  268. if (!request()->isPost())
  269. exit();
  270. $data = array(
  271. 'password' => input('post.password'),
  272. 'confirm_password' => input('post.confirm_password'),
  273. );
  274. $membersecurity_validate = ds_validate('membersecurity');
  275. if (!$membersecurity_validate->scene('modify_paypwd')->check($data)) {
  276. ds_json_encode(10001, $membersecurity_validate->getError());
  277. }
  278. if ($data['password'] != $data['confirm_password']) {
  279. ds_json_encode(10001, lang('two_password_inconsistencies'));
  280. }
  281. $update = $member_model->editMember(array('member_id' => session('member_id')), array('member_paypwd' => md5($data['password'])),session('member_id'));
  282. $message = $update ? lang('password_set_successfully') : lang('password_setting_failed');
  283. session('auth_modify_paypwd', NULL);
  284. if ($update) {
  285. ds_json_encode(10000, $message);
  286. } else {
  287. ds_json_encode(10001, $message);
  288. }
  289. }
  290. /**
  291. * 绑定手机
  292. */
  293. public function modify_mobile() {
  294. $member_model = model('member');
  295. $member_model->getMemberInfoByID(session('member_id'));
  296. if (request()->isPost()) {
  297. $data = array(
  298. 'mobile' => input('post.mobile'),
  299. 'vcode' => input('post.vcode'),
  300. );
  301. $membersecurity_validate = ds_validate('membersecurity');
  302. if (!$membersecurity_validate->scene('modify_mobile')->check($data)) {
  303. ds_json_encode(10001, $membersecurity_validate->getError());
  304. }
  305. $verify_code = input('post.vcode');
  306. $validate_data = array(
  307. 'verify_code' => $verify_code,
  308. );
  309. $verify_code_validate = ds_validate('verify_code');
  310. if (!$verify_code_validate->scene('verify_code_search')->check($validate_data)) {
  311. ds_json_encode(10001, $verify_code_validate->getError());
  312. }
  313. $verify_code_model = model('verify_code');
  314. if (!$verify_code_model->getVerifyCodeInfo(array(array('verify_code_type' ,'=', 4), array('verify_code_user_type' ,'=', 1), array('verify_code_user_id' ,'=', session('member_id')), array('verify_code' ,'=', $verify_code), array('verify_code_add_time','>', TIMESTAMP - VERIFY_CODE_INVALIDE_MINUTE * 60)))) {
  315. ds_json_encode(10001, lang('mobile_verification_code_error'));
  316. }
  317. $member_model->editMember(array('member_id' => session('member_id')), array('member_mobilebind' => 1),session('member_id'));
  318. ds_json_encode(10000, lang('phone_number_bound_successfully'));
  319. }
  320. }
  321. /**
  322. * 修改手机号 - 发送验证码
  323. */
  324. public function send_modify_mobile() {
  325. $mobile = input('param.mobile');
  326. $membersecurity_validate = ds_validate('membersecurity');
  327. if (!$membersecurity_validate->scene('send_modify_mobile')->check(array('mobile' => $mobile))) {
  328. exit(json_encode(array('state' => 'false', 'msg' => $membersecurity_validate->getError())));
  329. }
  330. $member_model = model('member');
  331. $condition = array();
  332. $condition[]=array('member_mobile','=',$mobile);
  333. $condition[] = array('member_id','<>', session('member_id'));
  334. $member_info = $member_model->getMemberInfo($condition, 'member_id');
  335. if ($member_info) {
  336. exit(json_encode(array('state' => 'false', 'msg' => lang('please_change_another_phone_number'))));
  337. }
  338. //验证发送频率
  339. $verify_code_model = model('verify_code');
  340. $result = $verify_code_model->isVerifyCodeFrequant(4, 1);
  341. if (!$result['code']) {
  342. exit(json_encode(array('state' => 'false', 'msg' => $result['msg'])));
  343. }
  344. $verify_code = $verify_code_model->genVerifyCode(4, 1);
  345. if (!$verify_code) {
  346. exit(json_encode(array('state' => 'false', 'msg' => lang('system_error'))));
  347. }
  348. $mailtemplates_model = model('mailtemplates');
  349. $tpl_info = $mailtemplates_model->getTplInfo(array('mailmt_code' => 'modify_mobile'));
  350. $param = array();
  351. $param['code'] = $verify_code;
  352. $ten_param=array($verify_code);
  353. $message = ds_replace_text($tpl_info['mailmt_content'], $param);
  354. $smslog_param=array(
  355. 'ali_template_code'=>$tpl_info['ali_template_code'],
  356. 'ali_template_param'=>$param,
  357. 'ten_template_code'=>$tpl_info['ten_template_code'],
  358. 'ten_template_param'=>$ten_param,
  359. 'message'=>$message,
  360. );
  361. $result = model('smslog')->sendSms($mobile, $smslog_param,4,$verify_code);
  362. if (!$result['state']) {
  363. exit(json_encode(array('state' => 'false', 'msg' => $result['message'])));
  364. }
  365. $ip = request()->ip();
  366. $flag = $verify_code_model->addVerifyCode(array(
  367. 'verify_code_type' => 4,
  368. 'verify_code' => $verify_code,
  369. 'verify_code_user_type' => 1,
  370. 'verify_code_user_id' => session('member_id'),
  371. 'verify_code_user_name' => session('member_name'),
  372. 'verify_code_add_time' => TIMESTAMP,
  373. 'verify_code_ip' => $ip,
  374. ));
  375. if (!$flag) {
  376. exit(json_encode(array('state' => 'false', 'msg' => lang('system_error'))));
  377. }
  378. $update = $member_model->editMember(array('member_id' => session('member_id')), array('member_mobile' => $mobile),session('member_id'));
  379. if (!$update) {
  380. exit(json_encode(array('state' => 'false', 'msg' => lang('modified_phone_same_original_one'))));
  381. } else {
  382. exit(json_encode(array('state' => 'true', 'msg' => lang('send_success'))));
  383. }
  384. }
  385. /**
  386. * 用户中心右边,小导航
  387. *
  388. * @param string $menu_type 导航类型
  389. * @param string $menu_key 当前导航的menu_key
  390. * @return
  391. */
  392. protected function getMemberItemList() {
  393. $menu_name = request()->action();
  394. switch ($menu_name) {
  395. case 'index':
  396. $menu_array = array(
  397. array(
  398. 'name' => 'index', 'text' => lang('account_security'),
  399. 'url' => (string)url('Membersecurity/index')
  400. )
  401. );
  402. return $menu_array;
  403. break;
  404. case 'modify_pwd':
  405. $menu_array = array(
  406. array(
  407. 'name' => 'index', 'text' => lang('account_security'),
  408. 'url' => (string)url('Membersecurity/index')
  409. ), array(
  410. 'name' => 'modify_pwd', 'text' => lang('change_login_password'),
  411. 'url' => (string)url('Membersecurity/auth', ['type' => 'modify_pwd'])
  412. ),
  413. );
  414. return $menu_array;
  415. break;
  416. case 'modify_email':
  417. $menu_array = array(
  418. array(
  419. 'name' => 'index', 'text' => lang('account_security'),
  420. 'url' => (string)url('Membersecurity/index')
  421. ), array(
  422. 'name' => 'modify_email', 'text' => lang('email_address_verification'),
  423. 'url' => (string)url('Membersecurity/auth', ['type' => 'modify_email'])
  424. ),
  425. );
  426. return $menu_array;
  427. break;
  428. case 'modify_mobile':
  429. $menu_array = array(
  430. array(
  431. 'name' => 'index', 'text' => lang('account_security'),
  432. 'url' => (string)url('Membersecurity/index')
  433. ), array(
  434. 'name' => 'modify_mobile', 'text' => lang('phone_verification'),
  435. 'url' => (string)url('Membersecurity/auth', ['type' => 'modify_mobile'])
  436. ),
  437. );
  438. return $menu_array;
  439. break;
  440. case 'modify_paypwd':
  441. $menu_array = array(
  442. array(
  443. 'name' => 'index', 'text' => lang('account_security'),
  444. 'url' => (string)url('Membersecurity/index')
  445. ), array(
  446. 'name' => 'modify_paypwd', 'text' => lang('set_payment_password'),
  447. 'url' => (string)url('Membersecurity/auth', ['type' => 'modify_paypwd'])
  448. ),
  449. );
  450. return $menu_array;
  451. break;
  452. case 'auth':
  453. $menu_array = array(
  454. array(
  455. 'name' => 'loglist', 'text' => lang('account_balance'),
  456. 'url' => (string)url('Predeposit/pd_log_list')
  457. ), array(
  458. 'name' => 'recharge_list', 'text' => lang('top_up_detail'),
  459. 'url' => (string)url('Predeposit/index')
  460. ), array(
  461. 'name' => 'cashlist', 'text' => lang('balance_withdrawal'),
  462. 'url' => (string)url('Predeposit/pd_cash_list')
  463. ), array(
  464. 'name' => 'pd_cash', 'text' => lang('withdrawal_application'),
  465. 'url' => (string)url('Membersecurity/auth', ['type' => 'pd_cash'])
  466. ),
  467. );
  468. return $menu_array;
  469. break;
  470. }
  471. }
  472. }
  473. ?>