<?php
ob_clean();
header('Content-Type: application/json; charset=utf-8');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET,POST');
header('Access-Control-Allow-Headers: Content-Type');

$act = $_GET['act'] ?? '';
$userFile = 'users.json';

// 默认用户
$defaultUsers = [
    [
        "uid" => 1,
        "username" => "admin",
        "password" => "admin123",
        "apps" => "a.com,b.com,c.com,2000.app.tc"
    ]
];

// 不存在则创建用户文件
if (!file_exists($userFile)) {
    file_put_contents($userFile, json_encode($defaultUsers, JSON_PRETTY_PRINT));
}

$users = json_decode(file_get_contents($userFile), true) ?: [];

// 登录
if ($act === 'login') {
    $user = $_POST['username'] ?? '';
    $pwd  = $_POST['password'] ?? '';
    foreach ($users as $u) {
        if ($u['username'] === $user && $u['password'] === $pwd) {
            $token = md5($u['uid'] . 'oa2025');
            echo json_encode([
                'code' => 1,
                'token' => $token,
                'username' => $u['username'],
                'apps' => $u['apps']
            ]);
            exit;
        }
    }
    echo json_encode(['code' => 0, 'msg' => '账号或密码错误']);
    exit;
}

// 验证token
if ($act === 'check') {
    $token = $_GET['token'] ?? '';
    foreach ($users as $u) {
        if (md5($u['uid'] . 'oa2025') === $token) {
            echo json_encode([
                'code' => 1,
                'username' => $u['username'],
                'apps' => $u['apps']
            ]);
            exit;
        }
    }
    echo json_encode(['code' => 0]);
    exit;
}

echo json_encode(['code' => 0, 'msg' => '非法请求']);
?>