DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1249 Commits
3 Branches
110MB
Tree: 1b64e18aad
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1b64e18aad'
${ noResults }
DedeV6/src/user/buy_action.php

134 lines
4.9KB
Raw Blame History 

  1. <?php

  2. /**

  3.  * @version        $id:buy_action.php 8:38 2010年7月9日 tianya $

  4.  * @package        DedeBIZ.User

  5.  * @copyright      Copyright (c) 2022 DedeBIZ.COM

  6.  * @license        https://www.dedebiz.com/license

  7.  * @link           https://www.dedebiz.com

  8.  */

  9. require_once(dirname(__FILE__)."/config.php");

  10. CheckRank(0, 0);

  11. $menutype = 'mydede';

  12. $menutype_son = 'op';

  13. require_once DEDEINC.'/dedetemplate.class.php';

  14. $product = isset($product) ? trim(HtmlReplace($product, 1)) : '';

  15. $mid = $cfg_ml->M_ID;

  16. $ptype = '';

  17. $pname = '';

  18. $price = '';

  19. $mtime = time();

  20. if (isset($pd_encode) && isset($pd_verify) && md5("payment".$pd_encode.$cfg_cookie_encode) == $pd_verify) {

  21.     $result = json_decode(mchStrCode($pd_encode, 'DECODE'));

  22.     $product = preg_replace("#[^0-9a-z]#i", "", $result->product);

  23.     $pid = preg_replace("#[^0-9a-z]#i", "", $result->pid);

  24.     $row  = $dsql->GetOne("SELECT * FROM `#@__member_operation` WHERE mid='$mid' AND sta=0 AND product='$product'");

  25.     if (!isset($row['buyid'])) {

  26.         ShowMsg("请不要重复提交表单", 'javascript:;');

  27.         exit();

  28.     }

  29.     if (!isset($paytype)) {

  30.         ShowMsg("请选择支付方式", 'javascript:;');

  31.         exit();

  32.     }

  33.     $buyid = $row['buyid'];

  34. } else {

  35.     $buyid = 'M'.$mid.'T'.$mtime.'RN'.mt_rand(100, 999);

  36.     //删除用户旧的未付款的同类记录

  37.     if (!empty($product)) {

  38.         $dsql->ExecuteNoneQuery("DELETE FROM `#@__member_operation` WHERE mid='$mid' AND sta=0 AND product='$product'");

  39.     }

  40. }

  41. if (empty($product)) {

  42.     ShowMsg("请选择一个产品", 'javascript:;');

  43.     exit();

  44. }

  45. $pid = isset($pid) && is_numeric($pid) ? $pid : 0;

  46. if ($product == 'member') {

  47.     $ptype = "会员升级";

  48.     $row = $dsql->GetOne("SELECT * FROM `#@__member_type` WHERE aid='{$pid}'");

  49.     if (!is_array($row)) {

  50.         ShowMsg("无法识别您的订单", 'javascript:;');

  51.         exit();

  52.     }

  53.     $pname = $row['pname'];

  54.     $price = $row['money'];

  55. } else if ($product == 'card') {

  56.     $ptype = "点卡购买";

  57.     $row = $dsql->GetOne("SELECT * FROM `#@__moneycard_type` WHERE tid='{$pid}'");

  58.     if (!is_array($row)) {

  59.         ShowMsg("无法识别您的订单", 'javascript:;');

  60.         exit();

  61.     }

  62.     $pname = $row['pname'];

  63.     $price = $row['money'];

  64. }

  65. if (!isset($paytype)) {

  66.     $inquery = "INSERT INTO `#@__member_operation` (`buyid`,`pname`,`product`,`money`,`mtime`,`pid`,`mid`,`sta`,`oldinfo`) VALUES ('$buyid','$pname','$product','$price','$mtime','$pid','$mid','0','$ptype');";

  67.     $isok = $dsql->ExecuteNoneQuery($inquery);

  68.     if (!$isok) {

  69.         echo "数据库出错,请重新尝试".$dsql->GetError();

  70.         exit();

  71.     }

  72.     if ($price == '') {

  73.         echo "无法识别您的订单";

  74.         exit();

  75.     }

  76.     //获取支付接口列表

  77.     $payment_list = array();

  78.     $dsql->SetQuery("SELECT * FROM `#@__payment` WHERE enabled='1' ORDER BY `rank` ASC");

  79.     $dsql->Execute();

  80.     $i = 0;

  81.     while ($row = $dsql->GetArray()) {

  82.         $payment_list[] = $row;

  83.         $i++;

  84.     }

  85.     unset($row);

  86.     $pr_encode = array();

  87.     foreach ($_REQUEST as $key => $val) {

  88.         if (!in_array($key, array('product', 'pid'))) {

  89.             continue;

  90.         }

  91.         $val = preg_replace("#[^0-9a-z]#i", "", $val);

  92.         $pr_encode[$key] = $val;

  93.     }

  94.     $pr_encode = str_replace('=', '', mchStrCode(json_encode($pr_encode)));

  95.     $pr_verify = md5("payment".$pr_encode.$cfg_cookie_encode);

  96.     $tpl = new DedeTemplate();

  97.     $tpl->LoadTemplate(DEDEMEMBER.'/templets/buy_action_payment.htm');

  98.     $tpl->Display();

  99. }

  100. /**

  101.  *  加密函数

  102.  *

  103.  * @access    public

  104.  * @param     string  $string  字符串

  105.  * @param     string  $operation  操作

  106.  * @return    string

  107.  */

  108. function mchStrCode($string, $operation = 'ENCODE')

  109. {

  110.     $key_length = 4;

  111.     $expiry = 0;

  112.     $key = md5($GLOBALS['cfg_cookie_encode']);

  113.     $fixedkey = md5($key);

  114.     $egiskeys = md5(substr($fixedkey, 16, 16));

  115.     $runtokey = $key_length ? ($operation == 'ENCODE' ? substr(md5(microtime(true)), -$key_length) : substr($string, 0, $key_length)) : '';

  116.     $keys = md5(substr($runtokey, 0, 16).substr($fixedkey, 0, 16).substr($runtokey, 16).substr($fixedkey, 16));

  117.     $string = $operation == 'ENCODE' ? sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$egiskeys), 0, 16).$string : base64_decode(substr($string, $key_length));

  118.     $i = 0;

  119.     $result = '';

  120.     $string_length = strlen($string);

  121.     for ($i = 0; $i < $string_length; $i++) {

  122.         $result .= chr(ord($string[$i]) ^ ord($keys[$i % 32]));

  123.     }

  124.     if ($operation == 'ENCODE') {

  125.         return $runtokey.str_replace('=', '', base64_encode($result));

  126.     } else {

  127.         if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$egiskeys), 0, 16)) {

  128.             return substr($result, 26);

  129.         } else {

  130.             return '';

  131.         }

  132.     }

  133. }

  134. ?>