DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
173 Commits
3 Branches
85MB
Tree: ccf613be97
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ccf613be97'
${ noResults }
DedeV6/src/member/buy_action.php

193 lines
6.6KB
Raw Blame History 

  1. <?php

  2. 

  3. /**

  4.  * @version        $Id: buy_action.php 1 8:38 2010年7月9日Z tianya $

  5.  * @package        DedeCMS.Member

  6.  * @copyright      Copyright (c) 2007 - 2018, DesDev, Inc.

  7.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  8.  * @license        https://www.dedebiz.com/license/v6

  9.  * @link           https://www.dedebiz.com

  10.  */

  11. require_once(dirname(__FILE__) . "/config.php");

  12. CheckRank(0, 0);

  13. $menutype = 'mydede';

  14. $menutype_son = 'op';

  15. require_once DEDEINC . '/dedetemplate.class.php';

  16. 

  17. $product = isset($product) ? trim(HtmlReplace($product, 1)) : '';

  18. $mid = $cfg_ml->M_ID;

  19. $ptype = '';

  20. $pname = '';

  21. $price = '';

  22. $mtime = time();

  23. 

  24. if (isset($pd_encode) && isset($pd_verify) && md5("payment" . $pd_encode . $cfg_cookie_encode) == $pd_verify) {

  25.     $result = json_decode(mchStrCode($pd_encode, 'DECODE'));

  26. 

  27.     $product = preg_replace("#[^0-9a-z]#i", "", $result->product);

  28.     $pid = preg_replace("#[^0-9a-z]#i", "", $result->pid);

  29. 

  30.     $row  = $dsql->GetOne("SELECT * FROM `#@__member_operation` WHERE mid='$mid' AND sta=0 AND product='$product'");

  31.     if (!isset($row['buyid'])) {

  32.         ShowMsg("请不要重复提交表单!", 'javascript:;');

  33.         exit();

  34.     }

  35.     if (!isset($paytype)) {

  36.         ShowMsg("请选择支付方式!", 'javascript:;');

  37.         exit();

  38.     }

  39.     $buyid = $row['buyid'];

  40. } else {

  41.     $buyid = 'M' . $mid . 'T' . $mtime . 'RN' . mt_rand(100, 999);

  42.     //删除用户旧的未付款的同类记录

  43.     if (!empty($product)) {

  44.         $dsql->ExecuteNoneQuery("DELETE FROM `#@__member_operation` WHERE mid='$mid' AND sta=0 AND product='$product'");

  45.     }

  46. }

  47. 

  48. if (empty($product)) {

  49.     ShowMsg("请选择一个产品!", 'javascript:;');

  50.     exit();

  51. }

  52. 

  53. $pid = isset($pid) && is_numeric($pid) ? $pid : 0;

  54. if ($product == 'member') {

  55.     $ptype = "会员升级";

  56.     $row = $dsql->GetOne("SELECT * FROM `#@__member_type` WHERE aid='{$pid}'");

  57.     if (!is_array($row)) {

  58.         ShowMsg("无法识别你的订单!", 'javascript:;');

  59.         exit();

  60.     }

  61.     $pname = $row['pname'];

  62.     $price = $row['money'];

  63. } else if ($product == 'card') {

  64.     $ptype = "点卡购买";

  65.     $row = $dsql->GetOne("SELECT * From `#@__moneycard_type` WHERE tid='{$pid}'");

  66.     if (!is_array($row)) {

  67.         ShowMsg("无法识别你的订单!", 'javascript:;');

  68.         exit();

  69.     }

  70.     $pname = $row['pname'];

  71.     $price = $row['money'];

  72. }

  73. 

  74. if (!isset($paytype)) {

  75.     $inquery = "INSERT INTO `#@__member_operation`(`buyid` , `pname` , `product` , `money` , `mtime` , `pid` , `mid` , `sta` ,`oldinfo`)

  76.    VALUES ('$buyid', '$pname', '$product' , '$price' , '$mtime' , '$pid' , '$mid' , '0' , '$ptype');

  77.     ";

  78.     $isok = $dsql->ExecuteNoneQuery($inquery);

  79.     if (!$isok) {

  80.         echo "数据库出错,请重新尝试!" . $dsql->GetError();

  81.         exit();

  82.     }

  83. 

  84.     if ($price == '') {

  85.         echo "无法识别你的订单!";

  86.         exit();

  87.     }

  88. 

  89.     //获取支付接口列表

  90.     $payment_list = array();

  91.     $dsql->SetQuery("SELECT * FROM `#@__payment` WHERE enabled='1' ORDER BY rank ASC");

  92.     $dsql->Execute();

  93.     $i = 0;

  94.     while ($row = $dsql->GetArray()) {

  95.         $payment_list[] = $row;

  96.         $i++;

  97.     }

  98.     unset($row);

  99. 

  100.     $pr_encode = array();

  101.     foreach ($_REQUEST as $key => $val) {

  102.         if (!in_array($key, array('product', 'pid'))) {

  103.             continue;

  104.         }

  105.         $val = preg_replace("#[^0-9a-z]#i", "", $val);

  106.         $pr_encode[$key] = $val;

  107.     }

  108. 

  109.     $pr_encode = str_replace('=', '', mchStrCode(json_encode($pr_encode)));

  110. 

  111.     $pr_verify = md5("payment" . $pr_encode . $cfg_cookie_encode);

  112. 

  113.     $tpl = new DedeTemplate();

  114.     $tpl->LoadTemplate(DEDEMEMBER . '/templets/buy_action_payment.htm');

  115.     $tpl->Display();

  116. } else {

  117. 

  118.     $rs = $dsql->GetOne("SELECT * FROM `#@__payment` WHERE id='$paytype' ");

  119. 

  120.     $rs['code'] = preg_replace("#[^0-9a-z]#i", "", $rs['code']);

  121.     if (!file_exists(DEDEINC . '/payment/' . $rs['code'] . '.php')) {

  122.         ShowMsg("未发现支付接口文件,请到后台配置!", 'javascript:;');

  123.         exit();

  124.     }

  125. 

  126.     require_once DEDEINC . '/payment/' . $rs['code'] . '.php';

  127.     $pay = new $rs['code'];

  128.     $payment = "";

  129.     if ($rs['code'] == "cod" || $rs['code'] == "bank") {

  130.         $order = $buyid;

  131.         $payment = "member";

  132.     } else {

  133.         $order = array(

  134.             'out_trade_no' => $buyid,

  135.             'price' => sprintf("%01.2f", $price)

  136.         );

  137.         require_once DEDEDATA . '/payment/' . $rs['code'] . '.php';

  138.     }

  139.     $button = $pay->GetCode($order, $payment);

  140.     $dtp = new DedeTemplate();

  141.     $carts = array(

  142.         'orders_id' => $buyid,

  143.         'cart_count' => '1',

  144.         'price_count' => sprintf("%01.2f", $price)

  145.     );

  146.     $row = $dsql->GetOne("SELECT pname,money FROM `#@__member_operation` WHERE buyid='{$buyid}'");

  147.     $dtp->SetVar('pay_name', $row['pname']);

  148.     $dtp->SetVar('price', $row['money']);

  149.     $dtp->SetVar('pay_way', $rs['name']);

  150.     $dtp->SetVar('description', $rs['description']);

  151.     $dtp->SetVar('button', $button);

  152.     $dtp->Assign('carts', $carts);

  153.     $dtp->LoadTemplate(DEDEMEMBER . '/templets/shops_action_payment.htm');

  154.     $dtp->Display();

  155.     exit();

  156. }

  157. 

  158. /**

  159.  *  加密函数

  160.  *

  161.  * @access    public

  162.  * @param     string  $string  字符串

  163.  * @param     string  $operation  操作

  164.  * @return    string

  165.  */

  166. function mchStrCode($string, $operation = 'ENCODE')

  167. {

  168.     $key_length = 4;

  169.     $expiry = 0;

  170.     $key = md5($GLOBALS['cfg_cookie_encode']);

  171.     $fixedkey = md5($key);

  172.     $egiskeys = md5(substr($fixedkey, 16, 16));

  173.     $runtokey = $key_length ? ($operation == 'ENCODE' ? substr(md5(microtime(true)), -$key_length) : substr($string, 0, $key_length)) : '';

  174.     $keys = md5(substr($runtokey, 0, 16) . substr($fixedkey, 0, 16) . substr($runtokey, 16) . substr($fixedkey, 16));

  175.     $string = $operation == 'ENCODE' ? sprintf('%010d', $expiry ? $expiry + time() : 0) . substr(md5($string . $egiskeys), 0, 16) . $string : base64_decode(substr($string, $key_length));

  176. 

  177.     $i = 0;

  178.     $result = '';

  179.     $string_length = strlen($string);

  180.     for ($i = 0; $i < $string_length; $i++) {

  181.         $result .= chr(ord($string[$i]) ^ ord($keys[$i % 32]));

  182.     }

  183.     if ($operation == 'ENCODE') {

  184.         return $runtokey . str_replace('=', '', base64_encode($result));

  185.     } else {

  186.         if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26) . $egiskeys), 0, 16)) {

  187.             return substr($result, 26);

  188.         } else {

  189.             return '';

  190.         }

  191.     }

  192. }