DedeBIZ
/
DedeV6
Segui 2
Vota 0
Forka 0
Codice Pull Requests 0 Rilasci 29 Attività
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
463 Commit
3 Rami (Branch)
284MB
Albero (Tree): 263f7a8e79
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da '263f7a8e79'
${ noResults }
DedeV6/public/user/buy_action.php

191 lines
6.4KB
Originale Blame Cronologia 

  1. <?php

  2. /**

  3.  * @version        $Id: buy_action.php 1 8:38 2010年7月9日Z tianya $

  4.  * @package        DedeBIZ.User

  5.  * @copyright      Copyright (c) 2022, DedeBIZ.COM

  6.  * @license        https://www.dedebiz.com/license

  7.  * @link           https://www.dedebiz.com

  8.  */

  9. require_once(dirname(__FILE__)."/config.php");

  10. CheckRank(0, 0);

  11. $menutype = 'mydede';

  12. $menutype_son = 'op';

  13. require_once DEDEINC.'/dedetemplate.class.php';

  14. 

  15. $product = isset($product) ? trim(HtmlReplace($product, 1)) : '';

  16. $mid = $cfg_ml->M_ID;

  17. $ptype = '';

  18. $pname = '';

  19. $price = '';

  20. $mtime = time();

  21. 

  22. if (isset($pd_encode) && isset($pd_verify) && md5("payment".$pd_encode.$cfg_cookie_encode) == $pd_verify) {

  23.     $result = json_decode(mchStrCode($pd_encode, 'DECODE'));

  24. 

  25.     $product = preg_replace("#[^0-9a-z]#i", "", $result->product);

  26.     $pid = preg_replace("#[^0-9a-z]#i", "", $result->pid);

  27. 

  28.     $row  = $dsql->GetOne("SELECT * FROM `#@__member_operation` WHERE mid='$mid' AND sta=0 AND product='$product'");

  29.     if (!isset($row['buyid'])) {

  30.         ShowMsg("请不要重复提交表单!", 'javascript:;');

  31.         exit();

  32.     }

  33.     if (!isset($paytype)) {

  34.         ShowMsg("请选择支付方式!", 'javascript:;');

  35.         exit();

  36.     }

  37.     $buyid = $row['buyid'];

  38. } else {

  39.     $buyid = 'M'.$mid.'T'.$mtime.'RN'.mt_rand(100, 999);

  40.     //删除用户旧的未付款的同类记录

  41.     if (!empty($product)) {

  42.         $dsql->ExecuteNoneQuery("DELETE FROM `#@__member_operation` WHERE mid='$mid' AND sta=0 AND product='$product'");

  43.     }

  44. }

  45. 

  46. if (empty($product)) {

  47.     ShowMsg("请选择一个产品!", 'javascript:;');

  48.     exit();

  49. }

  50. 

  51. $pid = isset($pid) && is_numeric($pid) ? $pid : 0;

  52. if ($product == 'member') {

  53.     $ptype = "会员升级";

  54.     $row = $dsql->GetOne("SELECT * FROM `#@__member_type` WHERE aid='{$pid}'");

  55.     if (!is_array($row)) {

  56.         ShowMsg("无法识别您的订单", 'javascript:;');

  57.         exit();

  58.     }

  59.     $pname = $row['pname'];

  60.     $price = $row['money'];

  61. } else if ($product == 'card') {

  62.     $ptype = "点卡购买";

  63.     $row = $dsql->GetOne("SELECT * From `#@__moneycard_type` WHERE tid='{$pid}'");

  64.     if (!is_array($row)) {

  65.         ShowMsg("无法识别您的订单", 'javascript:;');

  66.         exit();

  67.     }

  68.     $pname = $row['pname'];

  69.     $price = $row['money'];

  70. }

  71. 

  72. if (!isset($paytype)) {

  73.     $inquery = "INSERT INTO `#@__member_operation`(`buyid` , `pname` , `product` , `money` , `mtime` , `pid` , `mid` , `sta` ,`oldinfo`)

  74.    VALUES ('$buyid', '$pname', '$product' , '$price' , '$mtime' , '$pid' , '$mid' , '0' , '$ptype');

  75.     ";

  76.     $isok = $dsql->ExecuteNoneQuery($inquery);

  77.     if (!$isok) {

  78.         echo "数据库出错,请重新尝试".$dsql->GetError();

  79.         exit();

  80.     }

  81. 

  82.     if ($price == '') {

  83.         echo "无法识别您的订单";

  84.         exit();

  85.     }

  86. 

  87.     //获取支付接口列表

  88.     $payment_list = array();

  89.     $dsql->SetQuery("SELECT * FROM `#@__payment` WHERE enabled='1' ORDER BY rank ASC");

  90.     $dsql->Execute();

  91.     $i = 0;

  92.     while ($row = $dsql->GetArray()) {

  93.         $payment_list[] = $row;

  94.         $i++;

  95.     }

  96.     unset($row);

  97. 

  98.     $pr_encode = array();

  99.     foreach ($_REQUEST as $key => $val) {

  100.         if (!in_array($key, array('product', 'pid'))) {

  101.             continue;

  102.         }

  103.         $val = preg_replace("#[^0-9a-z]#i", "", $val);

  104.         $pr_encode[$key] = $val;

  105.     }

  106. 

  107.     $pr_encode = str_replace('=', '', mchStrCode(json_encode($pr_encode)));

  108. 

  109.     $pr_verify = md5("payment".$pr_encode.$cfg_cookie_encode);

  110. 

  111.     $tpl = new DedeTemplate();

  112.     $tpl->LoadTemplate(DEDEMEMBER.'/templets/buy_action_payment.htm');

  113.     $tpl->Display();

  114. } else {

  115. 

  116.     $rs = $dsql->GetOne("SELECT * FROM `#@__payment` WHERE id='$paytype' ");

  117. 

  118.     $rs['code'] = preg_replace("#[^0-9a-z]#i", "", $rs['code']);

  119.     if (!file_exists(DEDEINC.'/payment/'.$rs['code'].'.php')) {

  120.         ShowMsg("未发现支付接口文件,请到后台配置", 'javascript:;');

  121.         exit();

  122.     }

  123. 

  124.     require_once DEDEINC.'/payment/'.$rs['code'].'.php';

  125.     $pay = new $rs['code'];

  126.     $payment = "";

  127.     if ($rs['code'] == "cod" || $rs['code'] == "bank") {

  128.         $order = $buyid;

  129.         $payment = "member";

  130.     } else {

  131.         $order = array(

  132.             'out_trade_no' => $buyid,

  133.             'price' => sprintf("%01.2f", $price)

  134.         );

  135.         require_once DEDEDATA.'/payment/'.$rs['code'].'.php';

  136.     }

  137.     $button = $pay->GetCode($order, $payment);

  138.     $dtp = new DedeTemplate();

  139.     $carts = array(

  140.         'orders_id' => $buyid,

  141.         'cart_count' => '1',

  142.         'price_count' => sprintf("%01.2f", $price)

  143.     );

  144.     $row = $dsql->GetOne("SELECT pname,money FROM `#@__member_operation` WHERE buyid='{$buyid}'");

  145.     $dtp->SetVar('pay_name', $row['pname']);

  146.     $dtp->SetVar('price', $row['money']);

  147.     $dtp->SetVar('pay_way', $rs['name']);

  148.     $dtp->SetVar('description', $rs['description']);

  149.     $dtp->SetVar('button', $button);

  150.     $dtp->Assign('carts', $carts);

  151.     $dtp->LoadTemplate(DEDEMEMBER.'/templets/shops_action_payment.htm');

  152.     $dtp->Display();

  153.     exit();

  154. }

  155. 

  156. /**

  157.  *  加密函数

  158.  *

  159.  * @access    public

  160.  * @param     string  $string  字符串

  161.  * @param     string  $operation  操作

  162.  * @return    string

  163.  */

  164. function mchStrCode($string, $operation = 'ENCODE')

  165. {

  166.     $key_length = 4;

  167.     $expiry = 0;

  168.     $key = md5($GLOBALS['cfg_cookie_encode']);

  169.     $fixedkey = md5($key);

  170.     $egiskeys = md5(substr($fixedkey, 16, 16));

  171.     $runtokey = $key_length ? ($operation == 'ENCODE' ? substr(md5(microtime(true)), -$key_length) : substr($string, 0, $key_length)) : '';

  172.     $keys = md5(substr($runtokey, 0, 16).substr($fixedkey, 0, 16).substr($runtokey, 16).substr($fixedkey, 16));

  173.     $string = $operation == 'ENCODE' ? sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$egiskeys), 0, 16).$string : base64_decode(substr($string, $key_length));

  174. 

  175.     $i = 0;

  176.     $result = '';

  177.     $string_length = strlen($string);

  178.     for ($i = 0; $i < $string_length; $i++) {

  179.         $result .= chr(ord($string[$i]) ^ ord($keys[$i % 32]));

  180.     }

  181.     if ($operation == 'ENCODE') {

  182.         return $runtokey.str_replace('=', '', base64_encode($result));

  183.     } else {

  184.         if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$egiskeys), 0, 16)) {

  185.             return substr($result, 26);

  186.         } else {

  187.             return '';

  188.         }

  189.     }

  190. }