diff --git a/API对接文档.md b/API对接文档.md index 4811fa8..23902d9 100644 --- a/API对接文档.md +++ b/API对接文档.md @@ -136,7 +136,6 @@ signature = md5(agent_id + secret + time) | 参数名 | 必填 | 类型 | 说明 | | --- | --- | --- | --- | | username | 是 | string | 玩家唯一账号(平台侧用户名) | -| password | 否 | string | 默认 `123456` | | time | 否 | int/string | 默认当前时间戳 | | lang | 否 | string | `zh` / `en`,默认 `zh` | diff --git a/server/app/api/controller/v1/GameController.php b/server/app/api/controller/v1/GameController.php index fe23f7c..bc328d0 100644 --- a/server/app/api/controller/v1/GameController.php +++ b/server/app/api/controller/v1/GameController.php @@ -92,15 +92,11 @@ class GameController extends BaseController public function getGameUrl(Request $request): Response { $username = trim((string) ($request->post('username', ''))); - $password = trim((string) ($request->post('password', '123456'))); $time = trim((string) ($request->post('time', ''))); if ($username === '') { return $this->fail('username is required', ReturnCode::PARAMS_ERROR); } - if ($password === '') { - $password = '123456'; - } if ($time === '') { $time = (string) time(); } @@ -114,7 +110,8 @@ class GameController extends BaseController try { $logic = new UserLogic(); - $result = $logic->loginByUsername($username, $password, $lang, 0.0, $time, $adminId, $adminIdsInTopDept, $deptId); + // 平台 v1 已通过 api-key + auth-token 双重校验,此处不再做 password 校验 + $result = $logic->loginByUsername($username, '', $lang, 0.0, $time, $adminId, $adminIdsInTopDept, $deptId, true); } catch (\plugin\saiadmin\exception\ApiException $e) { return $this->fail($e->getMessage(), ReturnCode::PARAMS_ERROR); } diff --git a/server/app/api/logic/UserLogic.php b/server/app/api/logic/UserLogic.php index 955a476..70da8e1 100644 --- a/server/app/api/logic/UserLogic.php +++ b/server/app/api/logic/UserLogic.php @@ -124,7 +124,7 @@ class UserLogic * @param int|null $adminId 创建新用户时关联的后台管理员ID(sa_system_user.id),可选 * @param int[]|null $adminIdsInTopDept 当前管理员顶级部门下的所有管理员ID,用于按部门范围查找玩家;为空时退化为仅按 username 查找 */ - public function loginByUsername(string $username, string $password, string $lang, float $coin, string $time, ?int $adminId = null, ?array $adminIdsInTopDept = null, ?int $deptId = null): array + public function loginByUsername(string $username, string $password, string $lang, float $coin, string $time, ?int $adminId = null, ?array $adminIdsInTopDept = null, ?int $deptId = null, bool $skipPasswordValidation = false): array { $username = trim($username); if ($username === '') { @@ -143,9 +143,11 @@ class UserLogic if ((int) ($player->status ?? 1) === 0) { throw new ApiException('Account is disabled and cannot log in'); } - $hashed = $this->hashPassword($password); - if ($player->password !== $hashed) { - throw new ApiException('Wrong password'); + if (!$skipPasswordValidation) { + $hashed = $this->hashPassword($password); + if ($player->password !== $hashed) { + throw new ApiException('Wrong password'); + } } $currentCoin = (float) $player->coin; $player->coin = $currentCoin + $coin; diff --git a/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS.md b/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS.md index 387dbd7..95814a1 100644 --- a/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS.md +++ b/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS.md @@ -337,7 +337,6 @@ auth-token: {authtoken} - `auth-token: {authtoken}` - Body 参数: - `username`(必填):玩家账号(不存在会自动创建) - - `password`(可选):默认 `123456` - `time`(可选):不传则服务端取当前时间戳 - `lang`(可选):`zh`/`en`,默认 `zh` diff --git a/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS_EN.md b/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS_EN.md index 49b054e..6fd8afc 100644 --- a/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS_EN.md +++ b/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS_EN.md @@ -337,7 +337,6 @@ Success example (`lang=en`): - `auth-token: {authtoken}` - Body parameters: - `username` (required): Player username (auto-created if not exists) - - `password` (optional): default `123456` - `time` (optional): if omitted, server uses current timestamp - `lang` (optional): `zh`/`en`, default `zh`