接码

auth.php

@@ -2,17 +2,34 @@
 session_start();
 require_once __DIR__ . '/db/config.php';
 
+header('Content-Type: application/json');
+
 $action = $_GET['action'] ?? '';
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    try {
         $pdo = db();
         if ($action === 'register') {
-        $username = trim($_POST['username']);
+            $username = trim($_POST['username'] ?? '');
-        $password = $_POST['password'];
+            $password = $_POST['password'] ?? '';
-        $confirm_password = $_POST['confirm_password'];
+            $confirm_password = $_POST['confirm_password'] ?? '';
+
+            if (empty($username) || empty($password)) {
+                echo json_encode(['code' => 1, 'msg' => '用户名和密码不能为空']);
+                exit;
+            }
 
             if ($password !== $confirm_password) {
-            die("Passwords do not match.");
+                echo json_encode(['code' => 1, 'msg' => '两次输入的密码不一致']);
+                exit;
+            }
+
+            // Check if user exists
+            $stmt = $pdo->prepare("SELECT id FROM users WHERE username = ?");
+            $stmt->execute([$username]);
+            if ($stmt->fetch()) {
+                echo json_encode(['code' => 1, 'msg' => '用户名已存在']);
+                exit;
             }
 
             $hash = password_hash($password, PASSWORD_DEFAULT);
@@ -22,17 +39,25 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             $count = $stmt->fetchColumn();
             $role = ($count == 0) ? 'admin' : 'user';
 
-        try {
             $stmt = $pdo->prepare("INSERT INTO users (username, password_hash, role) VALUES (?, ?, ?)");
             $stmt->execute([$username, $hash, $role]);
-            header('Location: index.php?registered=1');
+            
+            // Auto login after registration
+            $userId = $pdo->lastInsertId();
+            $_SESSION['user_id'] = $userId;
+            $_SESSION['username'] = $username;
+            $_SESSION['role'] = $role;
+
+            echo json_encode(['code' => 0, 'msg' => '注册成功']);
             exit;
-        } catch (PDOException $e) {
-            die("Registration failed: " . $e->getMessage());
-        }
         } elseif ($action === 'login') {
-        $username = trim($_POST['username']);
+            $username = trim($_POST['username'] ?? '');
-        $password = $_POST['password'];
+            $password = $_POST['password'] ?? '';
+
+            if (empty($username) || empty($password)) {
+                echo json_encode(['code' => 1, 'msg' => '用户名和密码不能为空']);
+                exit;
+            }
 
             $stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
             $stmt->execute([$username]);
@@ -42,12 +67,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                 $_SESSION['user_id'] = $user['id'];
                 $_SESSION['username'] = $user['username'];
                 $_SESSION['role'] = $user['role'];
-            header('Location: dashboard.php');
+                echo json_encode(['code' => 0, 'msg' => '登录成功']);
                 exit;
             } else {
-            die("Invalid credentials.");
+                echo json_encode(['code' => 1, 'msg' => '用户名或密码错误']);
+                exit;
             }
         }
+    } catch (Exception $e) {
+        echo json_encode(['code' => 1, 'msg' => '服务器错误: ' . $e->getMessage()]);
+        exit;
+    }
 }
 
 if ($action === 'logout') {
@@ -55,3 +85,5 @@ if ($action === 'logout') {
     header('Location: index.php');
     exit;
 }
+
+echo json_encode(['code' => 1, 'msg' => '无效的请求']);

db/schema.sql

@@ -27,6 +27,7 @@ CREATE TABLE IF NOT EXISTS sms_orders (
     cost DECIMAL(10, 2),
     sms_content TEXT,
     status ENUM('pending', 'received', 'canceled', 'expired') DEFAULT 'pending',
+    expire_at TIMESTAMP NULL,
     created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
     FOREIGN KEY (user_id) REFERENCES users(id)
 );