DedeV6/public/member/buy_action.php

<?php
/**
 * @version        $Id: buy_action.php 1 8:38 2010年7月9日Z tianya $
 * @package        DedeBIZ.Member
 * @copyright      Copyright (c) 2022, DedeBIZ.COM
 * @license        https://www.dedebiz.com/license
 * @link           https://www.dedebiz.com
 */
require_once(dirname(__FILE__)."/config.php");
CheckRank(0, 0);
$menutype = 'mydede';
$menutype_son = 'op';
require_once DEDEINC.'/dedetemplate.class.php';

$product = isset($product) ? trim(HtmlReplace($product, 1)) : '';
$mid = $cfg_ml->M_ID;
$ptype = '';
$pname = '';
$price = '';
$mtime = time();

if (isset($pd_encode) && isset($pd_verify) && md5("payment".$pd_encode.$cfg_cookie_encode) == $pd_verify) {
    $result = json_decode(mchStrCode($pd_encode, 'DECODE'));

    $product = preg_replace("#[^0-9a-z]#i", "", $result->product);
    $pid = preg_replace("#[^0-9a-z]#i", "", $result->pid);

    $row  = $dsql->GetOne("SELECT * FROM `#@__member_operation` WHERE mid='$mid' AND sta=0 AND product='$product'");
    if (!isset($row['buyid'])) {
        ShowMsg("请不要重复提交表单!", 'javascript:;');
        exit();
    }
    if (!isset($paytype)) {
        ShowMsg("请选择支付方式!", 'javascript:;');
        exit();
    }
    $buyid = $row['buyid'];
} else {
    $buyid = 'M'.$mid.'T'.$mtime.'RN'.mt_rand(100, 999);
    //删除用户旧的未付款的同类记录
    if (!empty($product)) {
        $dsql->ExecuteNoneQuery("DELETE FROM `#@__member_operation` WHERE mid='$mid' AND sta=0 AND product='$product'");
    }
}

if (empty($product)) {
    ShowMsg("请选择一个产品!", 'javascript:;');
    exit();
}

$pid = isset($pid) && is_numeric($pid) ? $pid : 0;
if ($product == 'member') {
    $ptype = "会员升级";
    $row = $dsql->GetOne("SELECT * FROM `#@__member_type` WHERE aid='{$pid}'");
    if (!is_array($row)) {
        ShowMsg("无法识别您的订单", 'javascript:;');
        exit();
    }
    $pname = $row['pname'];
    $price = $row['money'];
} else if ($product == 'card') {
    $ptype = "点卡购买";
    $row = $dsql->GetOne("SELECT * From `#@__moneycard_type` WHERE tid='{$pid}'");
    if (!is_array($row)) {
        ShowMsg("无法识别您的订单", 'javascript:;');
        exit();
    }
    $pname = $row['pname'];
    $price = $row['money'];
}

if (!isset($paytype)) {
    $inquery = "INSERT INTO `#@__member_operation`(`buyid` , `pname` , `product` , `money` , `mtime` , `pid` , `mid` , `sta` ,`oldinfo`)
   VALUES ('$buyid', '$pname', '$product' , '$price' , '$mtime' , '$pid' , '$mid' , '0' , '$ptype');
    ";
    $isok = $dsql->ExecuteNoneQuery($inquery);
    if (!$isok) {
        echo "数据库出错，请重新尝试".$dsql->GetError();
        exit();
    }

    if ($price == '') {
        echo "无法识别您的订单";
        exit();
    }

    //获取支付接口列表
    $payment_list = array();
    $dsql->SetQuery("SELECT * FROM `#@__payment` WHERE enabled='1' ORDER BY rank ASC");
    $dsql->Execute();
    $i = 0;
    while ($row = $dsql->GetArray()) {
        $payment_list[] = $row;
        $i++;
    }
    unset($row);

    $pr_encode = array();
    foreach ($_REQUEST as $key => $val) {
        if (!in_array($key, array('product', 'pid'))) {
            continue;
        }
        $val = preg_replace("#[^0-9a-z]#i", "", $val);
        $pr_encode[$key] = $val;
    }

    $pr_encode = str_replace('=', '', mchStrCode(json_encode($pr_encode)));

    $pr_verify = md5("payment".$pr_encode.$cfg_cookie_encode);

    $tpl = new DedeTemplate();
    $tpl->LoadTemplate(DEDEMEMBER.'/templets/buy_action_payment.htm');
    $tpl->Display();
} else {

    $rs = $dsql->GetOne("SELECT * FROM `#@__payment` WHERE id='$paytype' ");

    $rs['code'] = preg_replace("#[^0-9a-z]#i", "", $rs['code']);
    if (!file_exists(DEDEINC.'/payment/'.$rs['code'].'.php')) {
        ShowMsg("未发现支付接口文件，请到后台配置", 'javascript:;');
        exit();
    }

    require_once DEDEINC.'/payment/'.$rs['code'].'.php';
    $pay = new $rs['code'];
    $payment = "";
    if ($rs['code'] == "cod" || $rs['code'] == "bank") {
        $order = $buyid;
        $payment = "member";
    } else {
        $order = array(
            'out_trade_no' => $buyid,
            'price' => sprintf("%01.2f", $price)
        );
        require_once DEDEDATA.'/payment/'.$rs['code'].'.php';
    }
    $button = $pay->GetCode($order, $payment);
    $dtp = new DedeTemplate();
    $carts = array(
        'orders_id' => $buyid,
        'cart_count' => '1',
        'price_count' => sprintf("%01.2f", $price)
    );
    $row = $dsql->GetOne("SELECT pname,money FROM `#@__member_operation` WHERE buyid='{$buyid}'");
    $dtp->SetVar('pay_name', $row['pname']);
    $dtp->SetVar('price', $row['money']);
    $dtp->SetVar('pay_way', $rs['name']);
    $dtp->SetVar('description', $rs['description']);
    $dtp->SetVar('button', $button);
    $dtp->Assign('carts', $carts);
    $dtp->LoadTemplate(DEDEMEMBER.'/templets/shops_action_payment.htm');
    $dtp->Display();
    exit();
}

/**
 *  加密函数
 *
 * @access    public
 * @param     string  $string  字符串
 * @param     string  $operation  操作
 * @return    string
 */
function mchStrCode($string, $operation = 'ENCODE')
{
    $key_length = 4;
    $expiry = 0;
    $key = md5($GLOBALS['cfg_cookie_encode']);
    $fixedkey = md5($key);
    $egiskeys = md5(substr($fixedkey, 16, 16));
    $runtokey = $key_length ? ($operation == 'ENCODE' ? substr(md5(microtime(true)), -$key_length) : substr($string, 0, $key_length)) : '';
    $keys = md5(substr($runtokey, 0, 16).substr($fixedkey, 0, 16).substr($runtokey, 16).substr($fixedkey, 16));
    $string = $operation == 'ENCODE' ? sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$egiskeys), 0, 16).$string : base64_decode(substr($string, $key_length));

    $i = 0;
    $result = '';
    $string_length = strlen($string);
    for ($i = 0; $i < $string_length; $i++) {
        $result .= chr(ord($string[$i]) ^ ord($keys[$i % 32]));
    }
    if ($operation == 'ENCODE') {
        return $runtokey.str_replace('=', '', base64_encode($result));
    } else {
        if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$egiskeys), 0, 16)) {
            return substr($result, 26);
        } else {
            return '';
        }
    }
}