401, 'msg' => 'Unauthorized']); exit; } switch ($action) { case 'get_balance': $stmt = $pdo->prepare("SELECT balance FROM users WHERE id = ?"); $stmt->execute([$_SESSION['user_id']]); $balance = $stmt->fetchColumn(); echo json_encode(['code' => 0, 'balance' => number_format($balance, 2)]); break; case 'get_countries': echo json_encode($api->getCountries()); break; case 'get_services': $country = $_GET['country'] ?? ''; $service = $_GET['service'] ?? ''; $res = $api->getServices($country, $service); echo json_encode($res); break; case 'get_number': $service_id = $_GET['service_id'] ?? ''; $country_name = $_GET['country_name'] ?? '未知国家'; $service_name = $_GET['service_name'] ?? '未知项目'; $price = (float)($_GET['price'] ?? 1.0); if (!$service_id) { echo json_encode(['code' => 400, 'msg' => 'Service ID is required']); break; } $stmt = $pdo->prepare("SELECT balance FROM users WHERE id = ?"); $stmt->execute([$_SESSION['user_id']]); $balance = $stmt->fetchColumn(); if ($balance < $price) { echo json_encode(['code' => 400, 'msg' => '余额不足，请先充值']); break; } $res = $api->getNumber($service_id); if ($res['code'] == 0) { $pdo->beginTransaction(); try { $stmt = $pdo->prepare("UPDATE users SET balance = balance - ? WHERE id = ?"); $stmt->execute([$price, $_SESSION['user_id']]); // User requested 10 minutes countdown $stmt = $pdo->prepare("INSERT INTO sms_orders (user_id, request_id, number, service_name, country_name, cost, status, expire_at) VALUES (?, ?, ?, ?, ?, ?, 'pending', DATE_ADD(NOW(), INTERVAL 10 MINUTE))"); $stmt->execute([$_SESSION['user_id'], $res['request_id'], $res['number'], $service_name, $country_name, $price]); $pdo->commit(); echo json_encode($res); } catch (Exception $e) { $pdo->rollBack(); echo json_encode(['code' => 500, 'msg' => 'Database error: ' . $e->getMessage()]); } } else { echo json_encode($res); } break; case 'check_sms': $request_id = $_GET['request_id'] ?? ''; if (!$request_id) { echo json_encode(['code' => 400, 'msg' => 'Request ID is required']); break; } $res = $api->getSms($request_id); if ($res['code'] == 0 && $res['msg'] == 'success') { $stmt = $pdo->prepare("UPDATE sms_orders SET sms_content = ?, status = 'received' WHERE request_id = ?"); $stmt->execute([$res['sms_code'], $request_id]); } echo json_encode($res); break; case 'release_number': $request_id = $_GET['request_id'] ?? ''; // Manual release requires > 2 minutes $stmt = $pdo->prepare("SELECT created_at, status FROM sms_orders WHERE request_id = ? AND user_id = ?"); $stmt->execute([$request_id, $_SESSION['user_id']]); $order = $stmt->fetch(); if (!$order) { echo json_encode(['code' => 404, 'msg' => 'Order not found']); break; } if ($order['status'] !== 'pending') { echo json_encode(['code' => 400, 'msg' => 'Invalid order status']); break; } $createdAt = strtotime($order['created_at']); if (time() - $createdAt < 120) { echo json_encode(['code' => 400, 'msg' => '获取号码不足2分钟，暂时无法手动释放。请稍候或等待系统自动释放。']); break; } $res = $api->setStatus($request_id, 'reject'); if ($res['code'] == 0) { $stmt = $pdo->prepare("UPDATE sms_orders SET status = 'canceled' WHERE request_id = ?"); $stmt->execute([$request_id]); } echo json_encode($res); break; case 'get_active_orders': // Auto-expire orders $stmt = $pdo->prepare("UPDATE sms_orders SET status = 'expired' WHERE status = 'pending' AND expire_at < NOW()"); $stmt->execute(); $stmt = $pdo->prepare("SELECT * FROM sms_orders WHERE user_id = ? AND status = 'pending' ORDER BY created_at DESC"); $stmt->execute([$_SESSION['user_id']]); echo json_encode(['code' => 0, 'data' => $stmt->fetchAll()]); break; case 'create_recharge': $amount = (float)($_POST['amount'] ?? 0); if ($amount < 10) { echo json_encode(['code' => 400, 'msg' => '最低充值金额为 10 USDT']); break; } // Add random decimal to help identify payment (e.g. 10.42) // If it already has decimals, we might want to keep it or refine it. // The user said "any recharge add decimal". $base = floor($amount); $random_decimal = rand(1, 99) / 100; $final_amount = $base + $random_decimal; $stmt = $pdo->prepare("INSERT INTO recharges (user_id, amount, txid, status) VALUES (?, ?, 'Auto-Detect', 'pending')"); $stmt->execute([$_SESSION['user_id'], $final_amount]); echo json_encode(['code' => 0, 'recharge_id' => $pdo->lastInsertId(), 'amount' => $final_amount]); break; case 'check_recharge_status': $recharge_id = $_GET['recharge_id'] ?? ''; if (!$recharge_id) { echo json_encode(['code' => 400, 'msg' => 'Recharge ID is required']); break; } $stmt = $pdo->prepare("SELECT * FROM recharges WHERE id = ? AND user_id = ?"); $stmt->execute([$recharge_id, $_SESSION['user_id']]); $recharge = $stmt->fetch(); if (!$recharge) { echo json_encode(['code' => 404, 'msg' => 'Order not found']); break; } if ($recharge['status'] === 'completed') { echo json_encode(['code' => 0, 'status' => 'completed']); break; } // SIMULATION: In a real app, this would query a blockchain API for the address. // For testing, we'll auto-complete after 15 seconds. $createdAt = strtotime($recharge['created_at']); if (time() - $createdAt > 15) { $pdo->beginTransaction(); try { $stmt = $pdo->prepare("UPDATE recharges SET status = 'completed' WHERE id = ?"); $stmt->execute([$recharge_id]); $stmt = $pdo->prepare("UPDATE users SET balance = balance + ? WHERE id = ?"); $stmt->execute([$recharge['amount'], $_SESSION['user_id']]); $pdo->commit(); echo json_encode(['code' => 0, 'status' => 'completed']); } catch (Exception $e) { $pdo->rollBack(); echo json_encode(['code' => 500, 'msg' => 'Database error']); } } else { echo json_encode(['code' => 0, 'status' => 'pending']); } break; default: echo json_encode(['code' => 404, 'msg' => 'Action not found']); break; }