paip.提升安全性----用户资金账户模块平账功能
作者Attilax , 1466519819@qq.com
当网站有资金账户的时候,就需要加强安全性,加一个平账的功能,
以及进行余额防篡改..
平账的公司算法主要如下:
用户银行卡支付总额=充值+直接对外支付+手续费
余额=银行卡支付-手续费-本站支付-直接对外支付
balance=bankpay-ssf-localpay-bankjwejeo
bankpay=charge+bankjwejeo+ssf
-------------建立接口
public interface Ipinjeo
{
void save(string uname, string op, decimal money, string type);
bool check(string p, Maticsoft.pinjeo pinjeo);
}
主要流程如下:(伪码)
--------------save()---------------------
rec=GetModelLastOne();
if (p == null)
{
p = new Maticsoft.pinjeo();
p.bankjwechw = 0;
p.balance = accRAM.getBalance(uid);
p.bankpay = p.balance + p.balance * (decimal)0.01;
p.ssf = p.balance * (decimal)0.01;
p.localpay = 0;
p.charge = p.balance;
}
decimal ssf = money * (decimal)0.01;
Maticsoft.pinjeo po = new Maticsoft.pinjeo();
po.conn = new SqlHelper().ConnStr;
po.op = "acc module admin";
po.uname = uname;
po.modid = "dsukateo acc";
po.time = DateTime.Now;
po.ssf = p.ssf + ssf;
po.charge = p.charge + money;
po.balance = p.balance + money;
po.bankpay = p.bankpay + money + ssf;
po.bankjwechw = p.bankjwechw;
po.localpay = p.localpay;
po.uid = uid.ToString();
po.eventx = "";
po.sign = AESHelper.AESEncrypt(po.balance.ToString());
po.money = money;
po.Add();
----------check()---------------
public bool check(string uname, Maticsoft.pinjeo pinjeo)
{
string sign = AESHelper.AESEncrypt(pinjeo.balance.ToString());
if (sign.Equals(pinjeo.sign))
return true;
log();