1 year ago · bc244c450d
--- a/src/admin/api.php
+++ b/src/admin/api.php
@@ -9,8 +9,8 @@
 * @link           https://www.dedebiz.com
 */
 define('AJAXLOGIN', TRUE);
 define('IS_DEDEAPI', TRUE);
 define('DEDEADMIN', str_replace("\\", '/', dirname(__FILE__)));
 $cfg_NotPrintHead = 'Y';
 require_once(DEDEADMIN.'/../system/common.inc.php');
 require_once(DEDEINC.'/userlogin.class.php');
 AjaxHead();
--- a/src/admin/templets/index_body.htm
+++ b/src/admin/templets/index_body.htm
@@ -206,8 +206,7 @@
 			$("#btnStep" + step).show();
 		}
 		function update() {
 			$.get("api.php?action=update", function (data) {
 				let rs = JSON.parse(data);
 			$.get("api.php?action=update", function (rs) {
 				if (rs.code === 0) {
 					$("#_updateMsg").html(rs.msg);
 					if (rs.data.finish === false) {
@@ -224,9 +223,8 @@
 			})
 		}
 		function hasNewVersion() {
 			$.get("api.php?action=has_new_version", function (data) {
 			$.get("api.php?action=has_new_version", function (rs) {
 				try {
 					let rs = JSON.parse(data);
 					if (rs.code === 0) {
 						if (rs.result.HasNew === true) {
 							hasNewVer = true;
@@ -254,8 +252,7 @@
 				let alertMsg = dedeAlter("正在备份差异文件", 'info', true);
 				$("#_msgInfo").html(alertMsg);
 				$("#_msgInfo").show();
 				$.get("api.php?action=update_backup", function (data) {
 					let rs = JSON.parse(data);
 				$.get("api.php?action=update_backup", function (rs) {
 					if (rs.code === 0) {
 						alertMsg = dedeAlter(`成功备份差异文件，目录：${rs.data.backupdir}`, 'success');
 						$("#_msgInfo").html(alertMsg);
@@ -272,8 +269,7 @@
 				$('#mdlUpdate').modal('show');
 				showStepArea(currentStep);
 				currentStep++;
 				$.get("api.php?action=get_changed_files", function (data) {
 					let rs = JSON.parse(data);
 				$.get("api.php?action=get_changed_files", function (rs) {
 					if (rs.code === 0) {
 						let fstr = '<ul class="list-group list-group-flush">';
 						let i = 1;
@@ -299,8 +295,7 @@
 				$("#_msgInfo").html('');
 				$("#_msgInfo").hide();
 				showStepArea(currentStep);
 				$.get("api.php?action=get_update_versions", function (data) {
 					let rs = JSON.parse(data);
 				$.get("api.php?action=get_update_versions", function (rs) {
 					if (rs.code === 0) {
 						let fstr = '<ul class="list-group list-group-flush">';
 						let i = 1;
--- a/src/apps/statistics.php
+++ b/src/apps/statistics.php
@@ -8,6 +8,7 @@
 * @license        https://www.dedebiz.com/license
 * @link           https://www.dedebiz.com
 */
 define('IS_DEDEAPI', TRUE);
 require_once(dirname(__FILE__)."/../system/common.inc.php");
 require_once(DEDEINC."/libraries/statistics.class.php");
 if (empty($dopost)) $dopost = '';
--- a/src/static/web/js/login.js
+++ b/src/static/web/js/login.js
@@ -2,8 +2,7 @@ $(document).ready(function () {
    $("#iptUserid").focusout(function () {
        let userid = $(this).val();
        if (userid !== '') {
            $.get("api.php?action=is_need_check_code&userid=" + userid, function (data) {
                let rs = JSON.parse(data);
            $.get("api.php?action=is_need_check_code&userid=" + userid, function (rs) {
                if (rs.code === 0) {
                    if (rs.data.isNeed) {
                        $("#vdimgck").show();
--- a/src/system/common.inc.php
+++ b/src/system/common.inc.php
@@ -10,7 +10,7 @@
 define('DEDEBIZ_SAFE_MODE', FALSE);
 //生产环境使用`production`，如果采用`dev`模式，会有一些php的报错信息提示，用于开发调试
 if (!defined('DEDE_ENVIRONMENT')) {
    define('DEDE_ENVIRONMENT', 'production');
    define('DEDE_ENVIRONMENT', 'dev');
 }
 if (!defined('DEBUG_LEVEL')) {
    if (DEDE_ENVIRONMENT == 'production') {
@@ -228,7 +228,7 @@ if (isset($GLOBALS['TotalResult'])) {
 if (!isset($cfg_NotPrintHead)) {
    if (PHP_SAPI != 'cli') {
        if (defined('IS_DEDEAPI')) {
            header("Content-Type:text/json;");
            header("Content-Type:text/json; charset={$cfg_soft_lang}");
        } else {
            header("Content-Type:text/html; charset={$cfg_soft_lang}");
        }
--- a/src/theme/dedebiz/foot.htm
+++ b/src/theme/dedebiz/foot.htm
@@ -13,8 +13,7 @@
 <script>
    //校验是否登录
    function CheckLogin() {
        $.get("{dede:global.cfg_cmsurl/}/user/api.php?format=json",function(data) {
            let result = JSON.parse(data);
        $.get("{dede:global.cfg_cmsurl/}/user/api.php?format=json",function(result) {
            if (result.code === 200) {
                $("#_login").html(`<a href="{dede:global.cfg_cmsurl/}/user"class="user-admin mr-3"><img src="${result.data.facepic}" alt="${result.data.username}" title="${result.data.username}">${result.data.username}</a><a href="/user/pm.php" class="btn btn-primary btn-sm rounded-circle"><i class="fa fa-bell"></i></a><a href="{dede:global.cfg_cmsurl/}/user/index_do.php?fmdo=login&dopost=exit" class="btn btn-success btn-sm rounded-circle"><i class="fa fa-sign-out"></i></a>`);
                $("#iptUsername").val(result.data.username);
--- a/src/theme/dedebiz/widget_article_feedback.htm
+++ b/src/theme/dedebiz/widget_article_feedback.htm
@@ -104,8 +104,7 @@
 				<button type="button" class="btn btn-success btnSend ml-2" onClick='SendReplyFeedback(${fid})'>评论</button>
 			</div>
 		</div>`;
        $.get("{dede:global.cfg_cmsurl/}/user/api.php?format=json", function(data) {
            let result = JSON.parse(data);
        $.get("{dede:global.cfg_cmsurl/}/user/api.php?format=json", function(result) {
            if (result.code !== 200) {
 				$(`._feedback_reply`).html("");
 				ShowAlert(`._feedback_reply[for="${fid}"]`, 
--- a/src/user/api.php
+++ b/src/user/api.php
@@ -7,7 +7,7 @@
 * @link           https://www.dedebiz.com
 */
 define('AJAXLOGIN', TRUE);
 $cfg_NotPrintHead = 'Y';
 define('IS_DEDEAPI', TRUE);
 require_once(dirname(__FILE__)."/config.php");
 AjaxHead();
 $action = isset($action)? $action : '';
--- a/src/user/buy_action.php
+++ b/src/user/buy_action.php
@@ -17,8 +17,11 @@ $ptype = '';
 $pname = '';
 $price = '';
 $mtime = time();

 if (isset($pd_encode) && isset($pd_verify) && md5("payment".$pd_encode.$cfg_cookie_encode) == $pd_verify) {
    
    $result = json_decode(mchStrCode($pd_encode, 'DECODE'));
   
    $product = preg_replace("#[^0-9a-z]#i", "", $result->product);
    $pid = preg_replace("#[^0-9a-z]#i", "", $result->pid);
    $row  = $dsql->GetOne("SELECT * FROM `#@__member_operation` WHERE mid='$mid' AND sta=0 AND product='$product'");
@@ -62,6 +65,7 @@ if ($product == 'member') {
    $pname = $row['pname'];
    $price = $row['money'];
 }

 if (!isset($paytype)) {
    $inquery = "INSERT INTO `#@__member_operation` (`buyid`,`pname`,`product`,`money`,`mtime`,`pid`,`mid`,`sta`,`oldinfo`) VALUES ('$buyid','$pname','$product','$price','$mtime','$pid','$mid','0','$ptype');";
    $isok = $dsql->ExecuteNoneQuery($inquery);
@@ -75,14 +79,13 @@ if (!isset($paytype)) {
    }
    //获取支付接口设置
    $payment_list = array();
    $dsql->SetQuery("SELECT * FROM `#@__payment` WHERE enabled='1' ORDER BY `rank` ASC");
    $dsql->SetQuery("SELECT * FROM `#@__sys_payment` WHERE `status`=1 ORDER BY sortrank ASC");
    $dsql->Execute();
    $i = 0;
    while ($row = $dsql->GetArray()) {
        $payment_list[] = $row;
        $i++;
    }
    unset($row);
    $pr_encode = array();
    foreach ($_REQUEST as $key => $val) {
        if (!in_array($key, array('product', 'pid'))) {
@@ -96,6 +99,8 @@ if (!isset($paytype)) {
    $tpl = new DedeTemplate();
    $tpl->LoadTemplate(DEDEMEMBER.'/templets/buy_action_payment.htm');
    $tpl->Display();
 } else {
    //TODO进行支付处理
 }
 /**
 *  加密函数
--- a/src/user/templets/buy_action_payment.htm
+++ b/src/user/templets/buy_action_payment.htm
@@ -51,21 +51,14 @@
 									<tr>
 										<td align="right"><span class="td1">支付方式：</span></td>
 										<td>
 											<table cellpadding="0" cellspacing="0" class="table table-borderless">
 												{dede:array.payment_list}
 												<tr>
 													<td width="10%" align="right">
 														{dede:if value.code=="cod" || value.code=="bank"}
 														<input type="radio" name="paytype" value="{dede:value.id/}" disabled="disabled" />
 														{else}
 														<input type="radio" name="paytype" value="{dede:value.id/}" />{/dede:if}
 													</td>
 													<td width="20%">{dede:value.name/}</td>
 													<td width="60%">{dede:value.description/}</td>
 													<td width="10%" align="center"><span class="fc-f60">{dede:value.fee/}元</span></td>
 												</tr>
 												{/dede:array}
 											</table>
 											{dede:array.payment_list}
 											<div class="form-check mb-2">
 												<input class="form-check-input" id="iptPayment{dede:value.id/}" type="radio" name="paytype" value="{dede:value.id/}">
 												<label class="form-check-label" for="iptPayment{dede:value.id/}">
 													{dede:value.name/}
 												</label>
 											</div>
 											{/dede:array}
 										</td>
 									</tr>
 									<tr>