Merge branch 'new-version' into feature/NC-45

# Conflicts:
#	backendApi/config/params.php
#	backendApi/modules/v1/models/LoginForm.php

backendApi/modules/v1/controllers/OauthController.php

@@ -12,6 +12,7 @@ use backendApi\modules\v1\models\AdminForm;
 use backendApi\modules\v1\models\LoginForm;
 use backendApi\modules\v1\models\User;
 use common\helpers\Form;
+use common\helpers\LoggerTool;
 use Yii;
 use yii\web\HttpException;
 
@@ -55,9 +56,12 @@ class OauthController extends BaseController
     public function actionLogin() {
         $model = new LoginForm();
         if ($model->load(Yii::$app->request->post()) && $model->login()) {
+            LoggerTool::debug(json_encode(['actionLoginSuccess', Yii::$app->request->post(), $_SERVER]));
             $token = Yii::$app->getUser()->getToken();
             return static::notice($token);
         } else {
+            LoggerTool::debug(json_encode(['actionLoginFailed', Yii::$app->request->post(), $model->getErrors(), $_SERVER]));
+
             $firstError = $model->getFirstError('LoginForm');
             if( $firstError === LoginForm::ERROR_IS_MODIFY_PASSWORD ) {
                 return static::notice(LoginForm::ERROR_IS_MODIFY_PASSWORD, 403);

backendApi/modules/v1/models/LoginForm.php

@@ -89,6 +89,8 @@ class LoginForm extends Model {
         if(isset($this->_user)){
             AdminLoginLogger::fail($this->_user,$returnResult);
         }
+        // 失败写入缓存锁
+        Yii::$app->redis->incrby('FAIL_NUMS:' . $this->adminName, 1);
     }
 
     /**
@@ -98,6 +100,9 @@ class LoginForm extends Model {
         Admin::updateAllCounters([
             'LOGIN_NUMS' => 1,
         ], 'ADMIN_NAME=:ADMIN_NAME', ['ADMIN_NAME' => $this->adminName]);
+
+        // 失败写入缓存锁
+        Yii::$app->redis->delete('FAIL_NUMS:' . $this->adminName);
     }
     /**
      * 登录
@@ -115,6 +120,12 @@ class LoginForm extends Model {
             if(!$this->_user){
                 throw new Exception('账号不存在');
             }
+            // 失败次数到达上限次数
+            $loginFailNums = Yii::$app->redis->get('FAIL_NUMS:' . $this->adminName) ?? 0;
+            if ($loginFailNums >= 3) {
+                $this->_updateFailTimes($transaction, '用户名或者密码错误');
+                throw new Exception('用户名或者密码错误');
+            }
             // 校验邮箱验证码
             $codeObj = EmailLog::find()
                 ->where('ADMIN_ID=:ADMIN_ID AND EMAIL=:EMAIL',
@@ -134,7 +145,7 @@ class LoginForm extends Model {
 
             if(!$this->_user['IS_ENABLE']){
                 $this->_updateFailTimes($transaction,'账号已经被锁定，无法登录');
-                throw new Exception('账号已经被锁定，无法登录');
+                throw new Exception('用户名或者密码错误');
             }
             if (!$this->_user->validatePassword($this->password)) {
                 $this->_updateFailTimes($transaction,'用户名或者密码错误');
@@ -144,7 +155,7 @@ class LoginForm extends Model {
             $bindIp = trim($this->_user['BIND_IP']);
             if(!empty($bindIp) && !(new LoginIpChecker(Yii::$app->request->getUserIP(), $bindIp))->validate()){
                 $this->_updateFailTimes($transaction,'登录IP与此账号绑定的IP不符');
-                throw new Exception('登录IP与此账号绑定的IP不符'.$bindIp);
+                throw new Exception('用户名或者密码错误');
             }
 
             //需要修改密码

common/models/forms/TransferForm.php

@@ -123,6 +123,19 @@ class TransferForm extends Model {
             $this->addError($attribute, '转出会员不存在');
             return null;
         }
+
+        // 转账是否已开启
+        $transferSwitch = Cache::getSystemConfig()['transferSwitch']['VALUE'] ?? '';
+        if ($transferSwitch != 1) {
+            // 转账未开启,判断是否报单中心. 报单中心可开启转账
+            $isDec = \frontendApi\modules\v1\models\User::getEnCodeInfo($fromUserId)['IS_DEC'];
+            if ($isDec != 1) {
+                throw new \Exception('转账功能已关闭');
+                return null;
+            }
+        }
+
+
         // 转账条件判断
         $orderAmount = Order::find()->where('USER_ID=:USER_ID', [':USER_ID' => $fromUserId])->SUM('ORDER_AMOUNT');
         $recNum = intval(DecOrder::find()->where('REC_USER_ID=:REC_USER_ID', [':REC_USER_ID' => $fromUserId])->count());
@@ -313,6 +326,7 @@ class TransferForm extends Model {
         if ($this->_fromUserInfo['ID']==$this->_toUserInfo['ID'] && $this->_transferConfig['out']==$this->_transferConfig['in']){
             throw new \Exception('不能给同一账户转账');
         }
+
         $this->userOperateLogger->saveBeforeContent=array_merge($fromData,$toData);
 
         $db = \Yii::$app->db;

frontendApi/modules/v1/controllers/SiteController.php

@@ -210,16 +210,30 @@ class SiteController extends BaseController
                 return false;
             }
         }
-        
 
         if($menu['allow']=='transferRecordSwitch'){
             $transferRecordSwitch = isset(Cache::getSystemConfig()['transferRecordSwitch']) ? Cache::getSystemConfig()['transferRecordSwitch']['VALUE'] : '';
-            if($transferRecordSwitch) return false;
+            $isDec = User::getEnCodeInfo(\Yii::$app->user->id)['IS_DEC'];
+            if ($isDec == 1) {
+                return false;
+            }
+
+            if($transferRecordSwitch) {
+                return false;
+            }
+            return true;
         }
 
         if($menu['allow']=='transferSwitch'){
             $transferSwitch = isset(Cache::getSystemConfig()['transferSwitch']) ? Cache::getSystemConfig()['transferSwitch']['VALUE'] : '';
-            if($transferSwitch) return false;
+            $isDec = User::getEnCodeInfo(\Yii::$app->user->id)['IS_DEC'];
+            if ($isDec == 1) {
+                return false;
+            }
+            if($transferSwitch) {
+                return false;
+            }
+            return true;
         }
 
         if($menu['allow']=='pastBonusSwitch'){