DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
275 Commits
3 Branches
110MB
Tree: 66f402eac8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '66f402eac8'
${ noResults }
DedeV6/src/member/buy_action.php

192 lines
6.5KB
Raw Blame History 

  1. <?php

  2. 

  3. /**

  4.  * @version        $Id: buy_action.php 1 8:38 2010年7月9日Z tianya $

  5.  * @package        DedeBIZ.Member

  6.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  7.  * @license        https://www.dedebiz.com/license

  8.  * @link           https://www.dedebiz.com

  9.  */

  10. require_once(dirname(__FILE__) . "/config.php");

  11. CheckRank(0, 0);

  12. $menutype = 'mydede';

  13. $menutype_son = 'op';

  14. require_once DEDEINC . '/dedetemplate.class.php';

  15. 

  16. $product = isset($product) ? trim(HtmlReplace($product, 1)) : '';

  17. $mid = $cfg_ml->M_ID;

  18. $ptype = '';

  19. $pname = '';

  20. $price = '';

  21. $mtime = time();

  22. 

  23. if (isset($pd_encode) && isset($pd_verify) && md5("payment" . $pd_encode . $cfg_cookie_encode) == $pd_verify) {

  24.     $result = json_decode(mchStrCode($pd_encode, 'DECODE'));

  25. 

  26.     $product = preg_replace("#[^0-9a-z]#i", "", $result->product);

  27.     $pid = preg_replace("#[^0-9a-z]#i", "", $result->pid);

  28. 

  29.     $row  = $dsql->GetOne("SELECT * FROM `#@__member_operation` WHERE mid='$mid' AND sta=0 AND product='$product'");

  30.     if (!isset($row['buyid'])) {

  31.         ShowMsg("请不要重复提交表单!", 'javascript:;');

  32.         exit();

  33.     }

  34.     if (!isset($paytype)) {

  35.         ShowMsg("请选择支付方式!", 'javascript:;');

  36.         exit();

  37.     }

  38.     $buyid = $row['buyid'];

  39. } else {

  40.     $buyid = 'M' . $mid . 'T' . $mtime . 'RN' . mt_rand(100, 999);

  41.     //删除用户旧的未付款的同类记录

  42.     if (!empty($product)) {

  43.         $dsql->ExecuteNoneQuery("DELETE FROM `#@__member_operation` WHERE mid='$mid' AND sta=0 AND product='$product'");

  44.     }

  45. }

  46. 

  47. if (empty($product)) {

  48.     ShowMsg("请选择一个产品!", 'javascript:;');

  49.     exit();

  50. }

  51. 

  52. $pid = isset($pid) && is_numeric($pid) ? $pid : 0;

  53. if ($product == 'member') {

  54.     $ptype = "会员升级";

  55.     $row = $dsql->GetOne("SELECT * FROM `#@__member_type` WHERE aid='{$pid}'");

  56.     if (!is_array($row)) {

  57.         ShowMsg("无法识别你的订单!", 'javascript:;');

  58.         exit();

  59.     }

  60.     $pname = $row['pname'];

  61.     $price = $row['money'];

  62. } else if ($product == 'card') {

  63.     $ptype = "点卡购买";

  64.     $row = $dsql->GetOne("SELECT * From `#@__moneycard_type` WHERE tid='{$pid}'");

  65.     if (!is_array($row)) {

  66.         ShowMsg("无法识别你的订单!", 'javascript:;');

  67.         exit();

  68.     }

  69.     $pname = $row['pname'];

  70.     $price = $row['money'];

  71. }

  72. 

  73. if (!isset($paytype)) {

  74.     $inquery = "INSERT INTO `#@__member_operation`(`buyid` , `pname` , `product` , `money` , `mtime` , `pid` , `mid` , `sta` ,`oldinfo`)

  75.    VALUES ('$buyid', '$pname', '$product' , '$price' , '$mtime' , '$pid' , '$mid' , '0' , '$ptype');

  76.     ";

  77.     $isok = $dsql->ExecuteNoneQuery($inquery);

  78.     if (!$isok) {

  79.         echo "数据库出错,请重新尝试!" . $dsql->GetError();

  80.         exit();

  81.     }

  82. 

  83.     if ($price == '') {

  84.         echo "无法识别你的订单!";

  85.         exit();

  86.     }

  87. 

  88.     //获取支付接口列表

  89.     $payment_list = array();

  90.     $dsql->SetQuery("SELECT * FROM `#@__payment` WHERE enabled='1' ORDER BY rank ASC");

  91.     $dsql->Execute();

  92.     $i = 0;

  93.     while ($row = $dsql->GetArray()) {

  94.         $payment_list[] = $row;

  95.         $i++;

  96.     }

  97.     unset($row);

  98. 

  99.     $pr_encode = array();

  100.     foreach ($_REQUEST as $key => $val) {

  101.         if (!in_array($key, array('product', 'pid'))) {

  102.             continue;

  103.         }

  104.         $val = preg_replace("#[^0-9a-z]#i", "", $val);

  105.         $pr_encode[$key] = $val;

  106.     }

  107. 

  108.     $pr_encode = str_replace('=', '', mchStrCode(json_encode($pr_encode)));

  109. 

  110.     $pr_verify = md5("payment" . $pr_encode . $cfg_cookie_encode);

  111. 

  112.     $tpl = new DedeTemplate();

  113.     $tpl->LoadTemplate(DEDEMEMBER . '/templets/buy_action_payment.htm');

  114.     $tpl->Display();

  115. } else {

  116. 

  117.     $rs = $dsql->GetOne("SELECT * FROM `#@__payment` WHERE id='$paytype' ");

  118. 

  119.     $rs['code'] = preg_replace("#[^0-9a-z]#i", "", $rs['code']);

  120.     if (!file_exists(DEDEINC . '/payment/' . $rs['code'] . '.php')) {

  121.         ShowMsg("未发现支付接口文件,请到后台配置!", 'javascript:;');

  122.         exit();

  123.     }

  124. 

  125.     require_once DEDEINC . '/payment/' . $rs['code'] . '.php';

  126.     $pay = new $rs['code'];

  127.     $payment = "";

  128.     if ($rs['code'] == "cod" || $rs['code'] == "bank") {

  129.         $order = $buyid;

  130.         $payment = "member";

  131.     } else {

  132.         $order = array(

  133.             'out_trade_no' => $buyid,

  134.             'price' => sprintf("%01.2f", $price)

  135.         );

  136.         require_once DEDEDATA . '/payment/' . $rs['code'] . '.php';

  137.     }

  138.     $button = $pay->GetCode($order, $payment);

  139.     $dtp = new DedeTemplate();

  140.     $carts = array(

  141.         'orders_id' => $buyid,

  142.         'cart_count' => '1',

  143.         'price_count' => sprintf("%01.2f", $price)

  144.     );

  145.     $row = $dsql->GetOne("SELECT pname,money FROM `#@__member_operation` WHERE buyid='{$buyid}'");

  146.     $dtp->SetVar('pay_name', $row['pname']);

  147.     $dtp->SetVar('price', $row['money']);

  148.     $dtp->SetVar('pay_way', $rs['name']);

  149.     $dtp->SetVar('description', $rs['description']);

  150.     $dtp->SetVar('button', $button);

  151.     $dtp->Assign('carts', $carts);

  152.     $dtp->LoadTemplate(DEDEMEMBER . '/templets/shops_action_payment.htm');

  153.     $dtp->Display();

  154.     exit();

  155. }

  156. 

  157. /**

  158.  *  加密函数

  159.  *

  160.  * @access    public

  161.  * @param     string  $string  字符串

  162.  * @param     string  $operation  操作

  163.  * @return    string

  164.  */

  165. function mchStrCode($string, $operation = 'ENCODE')

  166. {

  167.     $key_length = 4;

  168.     $expiry = 0;

  169.     $key = md5($GLOBALS['cfg_cookie_encode']);

  170.     $fixedkey = md5($key);

  171.     $egiskeys = md5(substr($fixedkey, 16, 16));

  172.     $runtokey = $key_length ? ($operation == 'ENCODE' ? substr(md5(microtime(true)), -$key_length) : substr($string, 0, $key_length)) : '';

  173.     $keys = md5(substr($runtokey, 0, 16) . substr($fixedkey, 0, 16) . substr($runtokey, 16) . substr($fixedkey, 16));

  174.     $string = $operation == 'ENCODE' ? sprintf('%010d', $expiry ? $expiry + time() : 0) . substr(md5($string . $egiskeys), 0, 16) . $string : base64_decode(substr($string, $key_length));

  175. 

  176.     $i = 0;

  177.     $result = '';

  178.     $string_length = strlen($string);

  179.     for ($i = 0; $i < $string_length; $i++) {

  180.         $result .= chr(ord($string[$i]) ^ ord($keys[$i % 32]));

  181.     }

  182.     if ($operation == 'ENCODE') {

  183.         return $runtokey . str_replace('=', '', base64_encode($result));

  184.     } else {

  185.         if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26) . $egiskeys), 0, 16)) {

  186.             return substr($result, 26);

  187.         } else {

  188.             return '';

  189.         }

  190.     }

  191. }