DedeV6/public/plus/carbuyaction.php

<?php
/**
 *
 * 购物车过程
 *
 * @version        $Id: carbuyaction.php$
 * @package        DedeBIZ.Site
 * @copyright      Copyright (c) 2022, DedeBIZ.COM
 * @license        https://www.dedebiz.com/license
 * @link           https://www.dedebiz.com
 */
require_once(dirname(__FILE__)."/../../system/common.inc.php");
define('_PLUS_TPL_', DEDEROOT.'/templets/plus');
require_once DEDEINC.'/dedetemplate.class.php';
require_once DEDEINC.'/shopcar.class.php';
require_once DEDEINC.'/memberlogin.class.php';

if ($cfg_mb_open == 'N') {
    ShowMsg("系统关闭了会员功能，因此您无法访问此页面", "javascript:;");
    exit();
}
$rs = array();

$cfg_ml = new MemberLogin();

if (!isset($dopost) || empty($dopost)) {
    $payment = 'none';
    $cart    = new MemberShops();

    //获得购物车内商品,返回数组
    $Items = $cart->getItems();
    if (empty($Items)) {
        ShowMsg("您的购物车中没有商品", "-1");
        exit();
    }

    $OrdersId = preg_replace("#[^0-9a-z_\-]#i", "", $cart->OrdersId);        //本次记录的订单号
    $CartCount     = $cart->cartCount();    //商品总数
    $priceCount    = $cart->priceCount(); //该订单总价格

    /*
    function PostOrdersForm();                //填写订单信息
    */

    if (!isset($do) || empty($do)) {
        $shops_deliveryarr = array();
        $dsql->SetQuery("SELECT pid,dname,price,des FROM #@__shops_delivery ORDER BY orders ASC");
        $dsql->Execute();
        while ($row = $dsql->GetArray()) {
            $shops_deliveryarr[] = $row;
        }

        //获取支付接口列表
        $shops_paymentarr = array();
        $dsql->SetQuery("SELECT * FROM #@__payment WHERE enabled='1' ORDER BY rank ASC");
        $dsql->Execute();
        $i = 0;
        while ($row = $dsql->GetArray()) {
            $row['disabled'] = ($row['id'] == 5) && ($cfg_ml->M_Money < $priceCount) ? ' disabled="disabled"' : '';
            $shops_paymentarr[] = $row;
            $i++;
        }
        unset($row);

        $dtp = new DedeTemplate();

        $carts = array(
            'orders_id' => $cart->OrdersId,
            'cart_count' => $cart->cartCount(),
            'price_count' => $cart->priceCount()
        );
        $dtp->Assign('carts', $carts);
        $dtp->LoadTemplate(_PLUS_TPL_.'/carbuyaction.htm');
        $dtp->Display();
        exit();
    } else if ($do == 'clickout') {
        $svali = GetCkVdValue();
        if ((strtolower($vdcode) != $svali || $svali == "") && $payment == 'none') {
            ShowMsg("验证码错误", "-1");
            exit();
        }
        if (empty($address)) {
            ShowMsg("请填写收货地址", "-1");
            exit();
        }
        if (empty($postname)) {
            ShowMsg("请填写收货人姓名", "-1");
            exit();
        }
        $paytype    = isset($paytype) && is_numeric($paytype) ? $paytype : 0;
        $pid        = isset($pid) && is_numeric($pid) ? $pid : 0;
        if ($paytype < 1) {
            ShowMsg("请选择支付方式", "-1");
            exit();
        }
        if ($pid < 1) {
            ShowMsg("请选择配送方式", "-1");
            exit();
        }
        $address     = cn_substrR(trim(RemoveXSS($address)), 200);
        $des             = cn_substrR(RemoveXSS($des), 100);
        $postname = cn_substrR(trim(RemoveXSS($postname)), 15);
        $tel            = preg_replace("#[^-0-9,\/\| ]#", "", $tel);
        $zip            = preg_replace("#[^0-9]#", "", $zip);
        $email        = cn_substrR(RemoveXSS($email), 255);
        if (empty($tel)) {
            ShowMsg("请填写正确的收货人联系电话", "-1");
            exit();
        }
        if ($zip < 1 || $zip > 999999) {
            ShowMsg("请填写正确的收货人邮政编码", "-1");
            exit();
        }

        //确认用户登录信息
        if ($cfg_ml->IsLogin()) {
            $userid = $cfg_ml->M_ID;
        } else {
            $username = trim($username);
            $password = trim($password);

            if (empty($username) || $password) {
                ShowMsg("请选登录", "-1", 0, 2000);
                exit();
            }

            $rs = $cfg_ml->CheckUser($username, $password);
            if ($rs == 0) {
                ShowMsg("用户名不存在", "-1", 0, 2000);
                exit();
            } else if ($rs == -1) {
                ShowMsg("密码错误", "-1", 0, 2000);
                exit();
            }
            $userid = $cfg_ml->M_ID;
        }

        //取得配送手续费
        $rs = $dsql->GetOne("SELECT `price` FROM #@__shops_delivery WHERE pid='$pid' LIMIT 0,1");
        $dprice = $rs['price'] > 0 ? $rs['price'] : 0;
        unset($rs);
        //
        //取得支付方式手续费
        $row = $dsql->GetOne("SELECT `fee` FROM #@__payment WHERE id='$paytype' LIMIT 0,1");
        $fprice = $row['fee'] > 0 ? $row['fee'] : 0;
        unset($row);
        //
        $ip = GetIP();
        $stime = time();
        //最后总计费用
        $lastpriceCount = sprintf("%01.2f", $priceCount + $dprice + $fprice);

        $rows = $dsql->GetOne("SELECT `oid` FROM #@__shops_orders WHERE oid='$OrdersId' LIMIT 0,1");
        if (empty($rows['oid'])) {
            $sql = "INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`)
            VALUES ('$OrdersId','$userid','$CartCount','$priceCount','0','$ip','$stime','$pid','$paytype','$dprice','$lastpriceCount');";

            //更新订单
            if ($dsql->ExecuteNoneQuery($sql)) {
                foreach ($Items as $key => $val) {
                    $val['price'] = str_replace(",", "", $val['price']);
                    $dsql->ExecuteNoneQuery("INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`)
                    VALUES ('$val[id]','$OrdersId','$userid','$val[title]','$val[price]','$val[buynum]');");
                }
                $sql = "INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`)
                 VALUES ('$userid','$OrdersId','$postname','$address','$zip','$tel','$email','$des');
                ";
                $dsql->ExecuteNoneQuery($sql);
            } else {
                ShowMsg("更新订单时出现错误".$dsql->GetError(), "-1");
                exit();
            }
        } else {
            $sql = "UPDATE `#@__shops_orders`
            SET `cartcount`='$CartCount',`price`='$priceCount',`ip`='$ip',`stime`='$stime',pid='$pid',paytype='$paytype',dprice='$dprice',priceCount='$lastpriceCount'
            WHERE oid='$OrdersId' AND userid='$userid' ;";
            if ($dsql->ExecuteNoneQuery($sql)) {
                $sql = "UPDATE `#@__shops_userinfo`
                SET `consignee`='$postname',`address`='$address',`zip`='$zip',`tel`='$tel',`email`='$email',`des`='$des'
                WHERE oid='$OrdersId';";
                $dsql->ExecuteNoneQuery($sql);
            } else {
                echo $dsql->GetError();
                exit;
            }
            unset($sql);
        }
        //最后结算价格 = 最后统计价格
        $priceCount = sprintf("%01.2f", $lastpriceCount);
        //更新用户商品统计    
        $countOrders = $dsql->GetOne("SELECT SUM(cartcount) AS nums FROM #@__shops_orders WHERE userid='".$cfg_ml->M_ID."'");
        $dsql->ExecuteNoneQuery("UPDATE #@__member_tj SET `shop`='".$countOrders['nums']."' WHERE mid='".$cfg_ml->M_ID."'");

        $rs = $dsql->GetOne("SELECT * FROM `#@__payment` WHERE id='$paytype' ");

        require_once DEDEINC.'/payment/'.$rs['code'].'.php';
        $pay = new $rs['code'];
        if ($rs['code'] == "cod" || $rs['code'] == "bank") {
            $order = $OrdersId;
        } else {
            $order = array(
                'out_trade_no' => $cart->OrdersId,
                'price' => $priceCount
            );
            require_once DEDEDATA.'/payment/'.$rs['code'].'.php';
        }
        $button = $pay->GetCode($order, $payment);
        $dtp = new DedeTemplate();
        $carts = array(
            'orders_id' => $cart->OrdersId,
            'cart_count' => $cart->CartCount(),
            'price_count' => $priceCount
        );
        $row = $dsql->GetOne("SELECT dname,price FROM #@__shops_delivery WHERE pid='{$pid}'");
        $dtp->SetVar('pay_name', $row['dname']);
        $dtp->SetVar('price', $row['price']);
        $dtp->SetVar('pay_way', $rs['name']);
        $dtp->SetVar('description', $rs['description']);
        $dtp->SetVar('button', $button);
        $dtp->Assign('carts', $carts);
        $dtp->LoadTemplate(_PLUS_TPL_.'/shops_action_payment.htm');
        $dtp->Display();
        exit();
    }
} else if ($dopost == 'memclickout') {
    $svali = GetCkVdValue();
    $rs = array();
    if (preg_match("/S-P[0-9]+RN[0-9]/", $oid)) {
        $oid = trim($oid);
    } else {
        ShowMsg("您的订单号不存在", "/user/shops_orders.php", 0, 2000);
        exit();
    }

    //确认用户登录信息
    if ($cfg_ml->IsLogin()) {
        $userid = $cfg_ml->M_ID;
    } else {
        $username = trim($username);
        $password = trim($password);

        if (empty($username) || $password) {
            ShowMsg("请选登录", "-1", 0, 2000);
            exit();
        }

        $rs = $cfg_ml->CheckUser($username, $password);
        if ($rs == 0) {
            ShowMsg("用户名不存在", "-1", 0, 2000);
            exit();
        } else if ($rs == -1) {
            ShowMsg("密码错误", "-1", 0, 2000);
            exit();
        }
        $userid = $cfg_ml->M_ID;
    }

    $row = $dsql->GetOne("SELECT * FROM `#@__shops_orders` WHERE oid='$oid' ");
    if (is_array($row)) {
        $OrdersId = $oid;
        $CartCount = $row['cartcount'];
        $priceCount = $row['priceCount'];
        $pid = $row['pid'];
        $rs = $dsql->GetOne("SELECT * FROM `#@__payment` WHERE id='{$row['paytype']}' ");
    }
    $rs['code'] = isset($rs['code']) ? preg_replace("#[^0-9a-z_\-]+#i", "", $rs['code']) : "";
    if (empty($rs['code']) or !file_exists(DEDEINC.'/payment/'.$rs['code'].'.php')) {
        exit("Error:payment is not exsits!");
    }

    require_once DEDEINC.'/payment/'.$rs['code'].'.php';
    $pay = new $rs['code'];
    $payment = "";
    if ($rs['code'] == "cod" || $rs['code'] == "bank") $order = $OrdersId;
    else {
        $order = array(
            'out_trade_no' => $OrdersId,
            'price' => $priceCount
        );
        require_once DEDEDATA.'/payment/'.$rs['code'].'.php';
    }
    $button = $pay->GetCode($order, $payment);
    $dtp = new DedeTemplate();
    $carts = array(
        'orders_id' => $OrdersId,
        'cart_count' => $CartCount,
        'price_count' => $priceCount
    );
    $row = $dsql->GetOne("SELECT dname,price FROM #@__shops_delivery WHERE pid='{$pid}'");
    $dtp->SetVar('pay_name', $row['dname']);
    $dtp->SetVar('price', $row['price']);
    $dtp->SetVar('pay_way', $rs['name']);
    $dtp->SetVar('description', $rs['description']);
    $dtp->SetVar('button', $button);
    $dtp->Assign('carts', $carts);
    $dtp->LoadTemplate(_PLUS_TPL_.'/shops_action_payment.htm');
    $dtp->Display();
    exit();
} else if ($dopost == 'return') {
    $write_list = array('alipay', 'bank', 'cod', 'yeepay');
    if (in_array($code, $write_list)) {
        require_once DEDEINC.'/payment/'.$code.'.php';
        $pay = new $code;
        $msg = $pay->respond();
        ShowMsg($msg, "javascript:;", 0, 3000);
        exit();
    } else {
        exit('Error:File Type Can\'t Recognized!');
    }
}