1 year ago · 717273a7a1
--- a/src/admin/member_do.php
+++ b/src/admin/member_do.php
@@ -144,6 +144,12 @@ function __EditUser()
 ----------------*/
 else if ($dopost == 'edituser') {
    CheckPurview('member_Edit');
    $send_max = isset($send_max)? intval($send_max) : 0;
    $user_money = isset($user_money)? intval($user_money) : 0;
    $money = isset($money)? intval($money) : 0;
    $scores = isset($scores)? intval($scores) : 0;
    $rank = isset($rank)? intval($rank) : 0;
    $id = isset($id)? intval($id) : 0;
    if (!isset($_POST['id'])) exit('dedebiz');
    $pwdsql = empty($pwd) ? '' : ",pwd='".md5($pwd)."'";
    if (function_exists('password_hash')) {
@@ -155,7 +161,7 @@ else if ($dopost == 'edituser') {
        ShowMsg("不支持直接把前台会员转为管理的操作", "-1");
        exit();
    }
    $query = "UPDATE `#@__member` SET send_max='$send_max',email='$email',uname='$uname',sex='$sex',matt='$matt',money='$money',scores='$scores',`rank`='$rank',spacesta='$spacesta',uptime='$uptime',exptime='$exptime'$pwdsql WHERE mid='$id' AND matt<>10 ";
    $query = "UPDATE `#@__member` SET send_max='$send_max',email='$email',uname='$uname',sex='$sex',matt='$matt',user_money='$user_money',money='$money',scores='$scores',`rank`='$rank',spacesta='$spacesta',uptime='$uptime',exptime='$exptime'$pwdsql WHERE mid='$id' AND matt<>10 ";
    $rs = $dsql->ExecuteNoneQuery2($query);
    if ($rs == 0) {
        $query = "UPDATE `#@__member` SET email='$email',uname='$uname',sex='$sex',money='$money',scores='$scores',`rank`='$rank',spacesta='$spacesta',uptime='$uptime',exptime='$exptime'$pwdsql WHERE mid='$id' ";
--- a/src/admin/member_main.php
+++ b/src/admin/member_main.php
@@ -82,7 +82,7 @@ function GetMemberName($rank, $mt)
 function GetMAtt($m)
 {
    if ($m < 1) return '';
    else if ($m == 10) return " <span class='btn btn-outline-success btn-sm'>管理员</span>";
    else return " <span class='btn btn-outline-success btn-sm'>推荐</span>";
    else if ($m == 10) return " <span class='btn btn-outline-success btn-sm'>管</span>";
    else return " <span class='btn btn-outline-success btn-sm'>荐</span>";
 }
 ?>
--- a/src/admin/templets/member_main.htm
+++ b/src/admin/templets/member_main.htm
@@ -63,11 +63,11 @@
 				<tr bgcolor="#e9ecef" align="center">
 					<td width="6%">选择</td>
 					<td width="6%">mid</td>
 					<td width="12%">用户</td>
 					<td width="8%">用户</td>
 					<td width="8%">名称</td>
 					<td width="8%">邮箱</td>
 					<td width="6%">会员等级</td>
 					<td width="12%">会员属性</td>
 					<td width="14%">会员属性</td>
 					<td width="14%">地址时间</td>
 					<td width="6%">发布限制</td>
 					<td>操作</td>
@@ -93,9 +93,10 @@
 					<td><a href="member_main.php?rank={dede:field.rank/}">{dede:field.rank function="GetMemberName(@me,'限制会员')"/}</a></td>
 					<td>
 						<span class="mr-1">{dede:field.mtype/}用户</span>
 						<span class="mr-1">金币{dede:field.money/}</span>
 						<span class="mr-1">{dede:field.mtype/}用户</span><br/>
 						<span class="mr-1">金币{dede:field.money/}</span> 
 						<span>积分{dede:field.scores/}</span>
 						<span>余额{dede:field.user_money/}</span>
 					</td>
 					<td>
 						<span class="mr-1">{dede:field.loginip/}</span>
--- a/src/admin/templets/member_view.htm
+++ b/src/admin/templets/member_view.htm
@@ -89,6 +89,7 @@
 					<td class="admin-td">
 						<input type="text" name="money" id="money" class="admin-input-xs" value="<?php echo $row['money'];?>">
 						积分：<input type="text" name="scores" id="scores" class="admin-input-xs" value="<?php echo $row['scores'];?>">
 						余额：<input type="text" name="user_money" id="user_money" class="admin-input-xs" value="<?php echo $row['user_money'];?>">
 					</td>
 				</tr>
 				<tr>
--- a/src/install/update.txt
+++ b/src/install/update.txt
@@ -124,4 +124,5 @@ INSERT INTO `#@__sys_payment`(`id`, `code`, `name`, `short_name`, `sortrank`, `c
 INSERT INTO `#@__sys_payment`(`id`, `code`, `name`, `short_name`, `sortrank`, `config`, `status`) VALUES (2, 'Alipay', '支付宝支付', '支付宝', 1, '{"APPID":"","PrivateKey":"","AppCertPublicKey":"AlipayAppCertPublicKey","CertPublicKey":"AlipayCertPublicKey","RootCert":"AlipayRootCert","SignType":"RSA2"}', 0);
 INSERT INTO `#@__sys_payment`(`id`, `code`, `name`, `short_name`, `sortrank`, `config`, `status`) VALUES (3, 'Bank', '银行转账', '转账', 2, '{"AccountName":"","AccountNO":"","Name":""}', 0);
 INSERT INTO `#@__sys_payment`(`id`, `code`, `name`, `short_name`, `sortrank`, `config`, `status`) VALUES (4, 'Balance', '余额支付', '余额', 3, '[]', 0);
 INSERT INTO `#@__sys_payment`(`id`, `code`, `name`, `short_name`, `sortrank`, `config`, `status`) VALUES (5, 'Cod', '货到付款', '货到付款', 4, '[]', 0);
 INSERT INTO `#@__sys_payment`(`id`, `code`, `name`, `short_name`, `sortrank`, `config`, `status`) VALUES (5, 'Cod', '货到付款', '货到付款', 4, '[]', 0);
 ALTER TABLE `#@__member` ADD COLUMN `user_money` decimal(10, 2) UNSIGNED NULL DEFAULT 0.00 AFTER `send_max`;
--- a/src/system/common.func.php
+++ b/src/system/common.func.php
@@ -323,7 +323,7 @@ $arrs2 = array();
 */
 function ShowMsg($msg, $gourl, $onlymsg = 0, $limittime = 0)
 {
    if (strtolower($GLOBALS['format'])==='json') {
    if (isset($GLOBALS['format']) && strtolower($GLOBALS['format'])==='json') {
        echo json_encode(array(
            "code"=>0,
            "msg"=>$msg,
--- a/src/system/memberlogin.class.php
+++ b/src/system/memberlogin.class.php
@@ -99,6 +99,7 @@ class MemberLogin
    var $M_LoginID;
    var $M_MbType;
    var $M_Money;
    var $M_UserMoney;
    var $M_Scores;
    var $M_UserName;
    var $M_Rank;
@@ -153,6 +154,7 @@ class MemberLogin
                $this->M_LoginID = $this->fields['userid'];
                $this->M_MbType = $this->fields['mtype'];
                $this->M_Money = $this->fields['money'];
                $this->M_UserMoney = $this->fields['user_money'];
                $this->M_UserName = FormatUsername($this->fields['uname']);
                $this->M_Scores = $this->fields['scores'];
                $this->M_Face = $this->fields['face'];
@@ -296,6 +298,7 @@ class MemberLogin
        $this->M_Rank = 0;
        $this->M_Face = "";
        $this->M_Money = 0;
        $this->M_UserMoney = 0;
        $this->M_UserName = "";
        $this->M_LoginTime = 0;
        $this->M_MbType = '';
@@ -542,7 +545,7 @@ class MemberLogin
                elseif ($this->M_Rank > 10) $sta .= "<span class='text-danger'>会员已到期</span>";
            }
        }
        $sta .= " 积分<span class='text-primary'>{$this->M_Scores}</span>分，金币<span class='text-primary'>{$this->M_Money}</span>个";
        $sta .= " 积分<span class='text-primary'>{$this->M_Scores}</span>分，金币<span class='text-primary'>{$this->M_Money}</span>个，余额<span class='text-primary'>{$this->M_UserMoney}</span>元";
        return $sta;
    }
    //获取能够发布文档的栏目
--- a/src/user/buy_action.php
+++ b/src/user/buy_action.php
@@ -1,6 +1,6 @@
 <?php
 /**
 * @version        $id:buy_action.php 8:38 2010年7月9日 tianya $
 * @version        $id:buy_action.php 8:38 2023年02月13日 tianya $
 * @package        DedeBIZ.User
 * @copyright      Copyright (c) 2022 DedeBIZ.COM
 * @license        https://www.dedebiz.com/license
@@ -17,6 +17,7 @@ $ptype = '';
 $pname = '';
 $price = '';
 $mtime = time();
 $paytype = isset($paytype)? intval($paytype) : 0;
 if (isset($pd_encode) && isset($pd_verify) && md5("payment".$pd_encode.$cfg_cookie_encode) == $pd_verify) {
@@ -29,7 +30,7 @@ if (isset($pd_encode) && isset($pd_verify) && md5("payment".$pd_encode.$cfg_cook
        ShowMsg("请不要重复提交表单", 'javascript:;');
        exit();
    }
    if (!isset($paytype)) {
    if ($paytype === 0) {
        ShowMsg("请选择支付方式", 'javascript:;');
        exit();
    }
@@ -66,7 +67,7 @@ if ($product == 'member') {
    $price = $row['money'];
 }
 if (!isset($paytype)) {
 if ($paytype === 0) {
    $inquery = "INSERT INTO `#@__member_operation` (`buyid`,`pname`,`product`,`money`,`mtime`,`pid`,`mid`,`sta`,`oldinfo`) VALUES ('$buyid','$pname','$product','$price','$mtime','$pid','$mid','0','$ptype');";
    $isok = $dsql->ExecuteNoneQuery($inquery);
    if (!$isok) {
@@ -100,7 +101,26 @@ if (!isset($paytype)) {
    $tpl->LoadTemplate(DEDEMEMBER.'/templets/buy_action_payment.htm');
    $tpl->Display();
 } else {
    //TODO进行支付处理
    $moRow = $dsql->GetOne("SELECT * FROM `#@__member_operation` WHERE buyid='$buyid'");
    if ($moRow['sta'] == 2) {
        ShowMsg("已完成支付，无需重复付款", "javascript:;");
        exit;
    }
    if($paytype === 4) {
        if ($cfg_ml->M_UserMoney < $row['money']) {
            ShowMsg("余额不足，请确保当前账户有足够金币支付", "javascript:;");
            exit;
        }
        $query = "UPDATE `#@__member_operation` SET sta = '2' WHERE buyid = '$buyid'";
        $dsql->ExecuteNoneQuery($query);
        $query = "UPDATE `#@__member` SET money = money+{$row['num']} WHERE mid = '$mid'";
        $dsql->ExecuteNoneQuery($query);
        $query = "UPDATE `#@__member` SET user_money = user_money-{$row['money']} WHERE mid = '$mid'";
        $dsql->ExecuteNoneQuery($query);
        ShowMsg("成功使用余额付款", "javascript:;");
        exit;
    }
 }
 /**
 *  加密函数
--- a/src/user/templets/buy_action_payment.htm
+++ b/src/user/templets/buy_action_payment.htm
@@ -55,7 +55,7 @@
 											<div class="form-check mb-2">
 												<input class="form-check-input" id="iptPayment{dede:value.id/}" type="radio" name="paytype" value="{dede:value.id/}">
 												<label class="form-check-label" for="iptPayment{dede:value.id/}">
 													{dede:value.name/}
 													{dede:value.name/}<?php echo intval($value['id'])=== 4? '(余额：'.$cfg_ml->M_UserMoney.')' : '' ;?>
 												</label>
 											</div>
 											{/dede:array}