paip.提升安全性----用户资金账户模块平账功能

paip.提升安全性----用户资金账户模块平账功能

作者Attilax ， 1466519819@qq.com
当网站有资金账户的时候，就需要加强安全性，加一个平账的功能,
以及进行余额防篡改..

平账的公司算法主要如下:
用户银行卡支付总额=充值+直接对外支付+手续费
余额=银行卡支付-手续费-本站支付-直接对外支付
balance=bankpay-ssf-localpay-bankjwejeo
bankpay=charge+bankjwejeo+ssf

-------------建立接口
 public interface Ipinjeo
{

 

    void save(string uname, string op, decimal money, string type);
 

    bool check(string p, Maticsoft.pinjeo pinjeo);
}
 

主要流程如下:（伪码）
--------------save()---------------------
rec=GetModelLastOne();
  if (p == null)
        {
            p = new Maticsoft.pinjeo();
            p.bankjwechw = 0;

            p.balance = accRAM.getBalance(uid);
            p.bankpay = p.balance + p.balance * (decimal)0.01;
            p.ssf = p.balance * (decimal)0.01;
            p.localpay = 0;
            p.charge = p.balance;

        }
  decimal ssf = money * (decimal)0.01;
        Maticsoft.pinjeo po = new Maticsoft.pinjeo();
        po.conn = new SqlHelper().ConnStr;
        po.op = "acc module admin";
        po.uname = uname;
        po.modid = "dsukateo acc";
        po.time = DateTime.Now;
        po.ssf = p.ssf + ssf;
        po.charge = p.charge + money;
        po.balance = p.balance + money;
        po.bankpay = p.bankpay + money + ssf;
        po.bankjwechw = p.bankjwechw;
        po.localpay = p.localpay;
        po.uid = uid.ToString();
        po.eventx = "";
        po.sign = AESHelper.AESEncrypt(po.balance.ToString());
        po.money = money;
        po.Add();

----------check()---------------
    public bool check(string uname, Maticsoft.pinjeo pinjeo)
    {
        string sign = AESHelper.AESEncrypt(pinjeo.balance.ToString());
        if (sign.Equals(pinjeo.sign))
            return true;

log();