gyfl
/
xyzshop


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
							<?php


class merchantControl
{
    private $mMchid;
    private $mAdminid;
    private $mUseKey;
    public function __construct()
    {
        $mchid = $_POST['mchid'];
        $mchinfo = Model('merchant')->getMerchantInfo(['mchid' => $mchid]);
        if(empty($mchinfo)) {
            throw new Exception("合作方ID：{$mchid}不存在");
        }
        else {
            $this->mAdminid = intval($mchinfo['admin_id']);
        }

        if ($mchinfo['merchant_state'] != 1) {
            throw new Exception("机构已被关闭。");
        }

        $ips = unserialize($mchinfo['ip_white_list']);

        if(!empty($ips)) {
            $addr = $_SERVER['REMOTE_ADDR'];
            Log::record("request ip:{$addr}",Log::DEBUG);

            if(!in_array($addr,$ips)) {
                throw new Exception("请求地址不在白名单中");
            }
        }

        $this->mUseKey = intval($mchinfo['use_key']);
        if($this->mUseKey && !$this->verify_md5($mchinfo['secure_key'])) {
            throw new UnSignException();
        }

        $this->mMchid = intval($mchid);
    }

    public function mchid() : int
    {
        return $this->mMchid;
    }
    public function adminid() : int {
        return $this->mAdminid;
    }

    private function pubKey($mchid)
    {
        static $pubs = [];

        if(array_key_exists($mchid,$pubs)) {
            return $pubs[$mchid];
        }
        else {
            $pub_key = BASE_DATA_PATH . "/api/merchant/key/{$mchid}_pub.pem";
            $key = file_get_contents($pub_key);
            $pub = openssl_get_publickey($key);
            $pubs[$mchid] = $pub;
            return $pub;
        }
    }

    private function verify_md5($key)
    {
        $input = $_GET;
        $sign = $input['sign'];

        $input['sign'] = null;
        $input['from'] = null;

        $body = $this->sign_body($input);

        if($this->mUseKey) {
            $body .= "&key={$key}";
        }

        return ($sign == md5($body));
    }

    private function verify_rsa($mchid)
    {
        $pub = $this->pubKey($mchid);
        if(empty($pub)) {
            return false;
        }
        $input = $_GET;
        $sign = $input['sign'];
        $input['sign'] = null;
        $input['from'] = null;

        $data = $this->sign_body($input);
        $res = openssl_verify($data,base64_decode($sign),$pub);
        Log::record("openssl_verify res={$res}",Log::DEBUG);

        return ($res == 1);
    }

    protected function check_empty($value)
    {
        if (!isset($value))
            return true;
        if ($value === null)
            return true;
        if (trim($value) === "")
            return true;

        return false;
    }

    private function sign_body($params)
    {
        ksort($params);

        $content = "";
        $i = 0;
        foreach ($params as $k => $v)
        {
            if (false === $this->check_empty($v) && "@" != substr($v, 0, 1))
            {
                if ($i == 0) {
                    $content .= "{$k}" . "=" . urlencode($v);
                } else {
                    $content .= "&" . "{$k}" . "=" . urlencode($v);
                }
                $i++;
            }
        }

        return $content;
    }

    public static function outsuccess($data)
    {
        joutput_data($data);
        return true;
    }
    public static function outerr($code, $msg = '')
    {
        joutput_error($code, $msg);
        return true;
    }
}