实时下线接口完善（增加请求安全校验）

Docs/实时下线接口说明.txt

+
+媒资实时下线接口
+
+ 请求:
+    GET http://api.hotel.wasu.tv/api/center/media_offline?spid=1&mid=33431345
+
+ 输入:
+    spid :  合作方标识(我们提供,每个合作方标识不一样)
+    mid :   媒资标识代码(经纬cms中的媒资id)
+
+ 输出:
+
+    样例  :   {"code":0,"msg":"ok"}
+    code :  0-成功,1001-传入的媒资参数有问题,1002,2001-下线失败
+    msg  :  结果说明
\ No newline at end of file

Docs/实时下线接口说明1.txt

+
+媒资实时下线接口
+
+ 请求:
+    GET http://api.hotel.wasu.tv/api/center/media_offline?spid=1&mid=33431345&sw_time=1523345555&sw_sign=xxxxx
+
+ 输入:
+    spid :  合作方标识(我们提供,每个合作方标识不一样)
+    mid :   媒资标识代码(经纬cms中的媒资id)
+    sw_time :   请求时间戳
+    sw_sign :   请求签名 md5(spid&mid&sw_time&key)
+                如:
+                    md5(1&33431345&1523345555&key)
+                    key : 我们提供(每个spid对应不同的key)
+
+ 输出:
+
+    样例  :   {"code":0,"msg":"ok"}
+    code :  0-成功
+            101-请求过期
+            102-签名验证失败
+            1001-传入的媒资参数有问题
+            1002-sp info err
+            2001-下线失败
+    msg  :  结果说明
\ No newline at end of file

SooonerHotel/App/Lib/Action/Api/CenterAction.class.php

@@ -9,6 +9,21 @@
  */
 class CenterAction extends Action
 {
+    function valid($sw_time,$sw_sign,$my_sign)
+    {
+        $result["code"]=0;
+        $ts = time() - $sw_time;
+        if ($ts<=-600||$ts>=600){
+            $result["code"]=101;
+            $result["msg"]="timeout!";
+        }else{
+            if ($sw_sign!=$my_sign){
+                $result["code"]=102;
+                $result["msg"]="sign err!";
+            }
+        }
+        return $result;
+    }
     /**
      * 系统配置接口
      */
@@ -55,44 +70,63 @@ class CenterAction extends Action
      *  spid :  合作方标识(我们提供,每个合作方标识不一样)
      *  mid :   媒资标识代码(经纬cms中的媒资id)
      *  sw_time :   请求时间戳
-     *  sw_sign :   请求签名 md5(uri+key) 如:
-     *              uri :/api/center/media_offline?spid=1&mid=33431345&sw_time=1523345555
-     *              key : 我们提供(每个spid对应不同的key)
+     *  sw_sign :   请求签名 md5(spid&mid&sw_time&key)
      * 返回说明:
      *  {"code":0,"msg":"ok"}
-     *  code : 0-成功,1001-传入的媒资参数有问题,2001-下线失败
+     *  code : 0-成功,101,1001-传入的媒资参数有问题,2001-下线失败
      */
     public function media_offline(){
         $spid = $_GET["spid"];
-        $mcode = $_GET["mid"];
-        $status = 1;
-
-        $model = D("Media");
-        $where["code"]=$mcode;
-        $where["sp_id"]=$spid;
-        $tmp  = $model->field("id")->where($where)->find();
-        $id= $tmp["id"];
-        if($id) {
-            //下线云端片库
-            $data["id"]=$id;
-            $data["status"]=$status;
-            $data["updatetime"]=date('Y-m-d H:i:s');
-            $r =$model->save($data);
-
-            //下线酒店片库
-            $tb = "sh_hotel_media_map_$spid";
-            $sql = "update $tb set status=$status,updatetime='".$data["updatetime"]."' where media_id=$id";
-            $r = M("")->execute($sql);
-            if ($r){
-                $result["code"]=0;
-                $result["msg"]="ok";
-            }else{
-                $result["code"]=2001;
-                $result["msg"]="offline failture!";
+        $mid = $_GET["mid"];
+        $sw_time = $_GET["sw_time"];
+        $sw_sign =$_GET["sw_sign"];
+
+        $status = 2;
+
+        $modelSP=D("Conf");
+        $whereSP["sp_id"]=$spid;
+        $whereSP["type_code"]="api_key";
+        $spConf=$modelSP->field("v")->where($whereSP)->find();
+        $key = $spConf["v"];
+
+        if ($key) {
+            $pre_sign = "$spid&$mid&$sw_time&$key";
+//            echo "pre:".$pre_sign;
+            $my_sign = md5($pre_sign);
+            $result = $this->valid($sw_time,$sw_sign,$my_sign);
+            if ($result["code"]==0) {//valid ok
+                $model = D("Media");
+                $where["code"] = $mid;
+                $where["sp_id"] = $spid;
+                $tmp = $model->field("id")->where($where)->find();
+                $id = $tmp["id"];
+                if ($id) {
+
+                    //下线云端片库
+                    $data["id"] = $id;
+                    $data["status"] = $status;
+                    $data["updatetime"] = date('Y-m-d H:i:s');
+                    $r = $model->save($data);
+
+                    //下线酒店片库
+                    $tb = "sh_hotel_media_map_$spid";
+                    $sql = "update $tb set status=$status,updatetime='" . $data["updatetime"] . "' where media_id=$id";
+                    $r = M("")->execute($sql);
+                    if ($r) {
+                        $result["code"] = 0;
+                        $result["msg"] = "ok";
+                    } else {
+                        $result["code"] = 2001;
+                        $result["msg"] = "offline failture!";
+                    }
+                } else {
+                    $result["code"] = 1001;
+                    $result["msg"] = "media info unexpect!";
+                }
             }
         }else{
-            $result["code"]=1001;
-            $result["msg"]="media info unexpect!";
+            $result["code"]=1002;
+            $result["msg"]="sp info unexpect";
         }
 
         echo json_encode($result);
@@ -268,7 +302,7 @@ class CenterAction extends Action
             . ",mw.year,mw.type,mw.score,mw.region,mw.actor,mw.director"
             . ",hm.code hotelId,hm.status,hm.status_inject statusInject"
             . " FROM (SELECT hm.media_id,h.code,hm.status,hm.status_inject FROM sh_hotel_media_map_$spid hm,sh_hotel h"
-            . " WHERE hm.updatetime BETWEEN '$start' AND '$end' AND h.id=hm.hotel_id ORDER BY hm.updatetime,hm.media_id ASC LIMIT $limit_from,$page_size) hm"
+            . " WHERE hm.hotel_id=3 AND hm.updatetime BETWEEN '$start' AND '$end' AND h.id=hm.hotel_id ORDER BY hm.updatetime,hm.media_id ASC LIMIT $limit_from,$page_size) hm"
             . " JOIN sh_media_wasu mw ON mw.id=hm.media_id";
 
 //        echo $sql;exit;