jzhj2024server/Gameserver/App/service_call/pay/charge_info.php

<?php

/**
 * 公开一个查询订单的方法.
 * 思考: 此接口直接接受请求, 无防御和限流措施, 安全性很低.
 * 待改进: 给接口增加token/签名或者是直接api限流,降低被恶意攻击的风险.
 */

namespace loyalsoft;

include __DIR__ . '/../../main.php';                                            # 导入基础库
HttpUtil::PostOnly();
$args = JsonUtil::decode(HttpUtil::getQueryString());
//$args = JsonUtil::decode('{"uid":"0BB6B1D602621423EBA082F17A57712F","sign":"e46791968db39da23800faf884fcb325"}');

if (isset($args->uid) && isset($args->sign)) {
    $uid = $args->uid;
    $sign = md5($uid . PROJECTNAME);                                            # 简单的签名机制,保证请求来自真正的客户端,防范批量采集

    if ($args->sign == $sign) {
        $arr = daoInst()
                ->select(" cpOrderId , product_name , amount , from_unixtime(order_ts) as order_ts")
                ->from("tpl_order_tab")
                ->where("uid")->eq($uid)
                ->andWhere("status")->eq(1)
                ->fetchAll();
        exit(JsonUtil::encode(array("array" => $arr)));
    }
}
exit(400);       // 其他情况直接崩掉