DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1171 Commits
3 Branches
110MB
Tree: 9f73daf479
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9f73daf479'
${ noResults }
DedeV6/src/user/buy_action.php

171 lines
6.3KB
Raw Blame History 

  1. <?php

  2. /**

  3.  * @version        $Id: buy_action.php 1 8:38 2010年7月9日Z tianya $

  4.  * @package        DedeBIZ.User

  5.  * @copyright      Copyright (c) 2022, DedeBIZ.COM

  6.  * @license        https://www.dedebiz.com/license

  7.  * @link           https://www.dedebiz.com

  8.  */

  9. require_once(dirname(__FILE__)."/config.php");

  10. CheckRank(0, 0);

  11. $menutype = 'mydede';

  12. $menutype_son = 'op';

  13. require_once DEDEINC.'/dedetemplate.class.php';

  14. $product = isset($product) ? trim(HtmlReplace($product, 1)) : '';

  15. $mid = $cfg_ml->M_ID;

  16. $ptype = '';

  17. $pname = '';

  18. $price = '';

  19. $mtime = time();

  20. if (isset($pd_encode) && isset($pd_verify) && md5("payment".$pd_encode.$cfg_cookie_encode) == $pd_verify) {

  21.     $result = json_decode(mchStrCode($pd_encode, 'DECODE'));

  22.     $product = preg_replace("#[^0-9a-z]#i", "", $result->product);

  23.     $pid = preg_replace("#[^0-9a-z]#i", "", $result->pid);

  24.     $row  = $dsql->GetOne("SELECT * FROM `#@__member_operation` WHERE mid='$mid' AND sta=0 AND product='$product'");

  25.     if (!isset($row['buyid'])) {

  26.         ShowMsg("请不要重复提交表单", 'javascript:;');

  27.         exit();

  28.     }

  29.     if (!isset($paytype)) {

  30.         ShowMsg("请选择支付方式", 'javascript:;');

  31.         exit();

  32.     }

  33.     $buyid = $row['buyid'];

  34. } else {

  35.     $buyid = 'M'.$mid.'T'.$mtime.'RN'.mt_rand(100, 999);

  36.     //删除用户旧的未付款的同类记录

  37.     if (!empty($product)) {

  38.         $dsql->ExecuteNoneQuery("DELETE FROM `#@__member_operation` WHERE mid='$mid' AND sta=0 AND product='$product'");

  39.     }

  40. }

  41. if (empty($product)) {

  42.     ShowMsg("请选择一个产品", 'javascript:;');

  43.     exit();

  44. }

  45. $pid = isset($pid) && is_numeric($pid) ? $pid : 0;

  46. if ($product == 'member') {

  47.     $ptype = "会员升级";

  48.     $row = $dsql->GetOne("SELECT * FROM `#@__member_type` WHERE aid='{$pid}'");

  49.     if (!is_array($row)) {

  50.         ShowMsg("无法识别您的订单", 'javascript:;');

  51.         exit();

  52.     }

  53.     $pname = $row['pname'];

  54.     $price = $row['money'];

  55. } else if ($product == 'card') {

  56.     $ptype = "点卡购买";

  57.     $row = $dsql->GetOne("SELECT * From `#@__moneycard_type` WHERE tid='{$pid}'");

  58.     if (!is_array($row)) {

  59.         ShowMsg("无法识别您的订单", 'javascript:;');

  60.         exit();

  61.     }

  62.     $pname = $row['pname'];

  63.     $price = $row['money'];

  64. }

  65. if (!isset($paytype)) {

  66.     $inquery = "INSERT INTO `#@__member_operation` (`buyid`,`pname`,`product`,`money`,`mtime`,`pid`,`mid`,`sta`,`oldinfo`) VALUES ('$buyid','$pname','$product','$price','$mtime','$pid','$mid','0','$ptype');";

  67.     $isok = $dsql->ExecuteNoneQuery($inquery);

  68.     if (!$isok) {

  69.         echo "数据库出错,请重新尝试".$dsql->GetError();

  70.         exit();

  71.     }

  72.     if ($price == '') {

  73.         echo "无法识别您的订单";

  74.         exit();

  75.     }

  76.     //获取支付接口列表

  77.     $payment_list = array();

  78.     $dsql->SetQuery("SELECT * FROM `#@__payment` WHERE enabled='1' ORDER BY `rank` ASC");

  79.     $dsql->Execute();

  80.     $i = 0;

  81.     while ($row = $dsql->GetArray()) {

  82.         $payment_list[] = $row;

  83.         $i++;

  84.     }

  85.     unset($row);

  86.     $pr_encode = array();

  87.     foreach ($_REQUEST as $key => $val) {

  88.         if (!in_array($key, array('product', 'pid'))) {

  89.             continue;

  90.         }

  91.         $val = preg_replace("#[^0-9a-z]#i", "", $val);

  92.         $pr_encode[$key] = $val;

  93.     }

  94.     $pr_encode = str_replace('=', '', mchStrCode(json_encode($pr_encode)));

  95.     $pr_verify = md5("payment".$pr_encode.$cfg_cookie_encode);

  96.     $tpl = new DedeTemplate();

  97.     $tpl->LoadTemplate(DEDEMEMBER.'/templets/buy_action_payment.htm');

  98.     $tpl->Display();

  99. } else {

  100.     $rs = $dsql->GetOne("SELECT * FROM `#@__payment` WHERE id='$paytype' ");

  101.     $rs['code'] = preg_replace("#[^0-9a-z]#i", "", $rs['code']);

  102.     if (!file_exists(DEDEINC.'/payment/'.$rs['code'].'.php')) {

  103.         ShowMsg("未发现支付接口文件,请到后台配置", 'javascript:;');

  104.         exit();

  105.     }

  106.     require_once DEDEINC.'/payment/'.$rs['code'].'.php';

  107.     $pay = new $rs['code'];

  108.     $payment = "";

  109.     if ($rs['code'] == "cod" || $rs['code'] == "bank") {

  110.         $order = $buyid;

  111.         $payment = "member";

  112.     } else {

  113.         $order = array(

  114.             'out_trade_no' => $buyid,

  115.             'price' => sprintf("%01.2f", $price)

  116.         );

  117.         require_once DEDEDATA.'/payment/'.$rs['code'].'.php';

  118.     }

  119.     $button = $pay->GetCode($order, $payment);

  120.     $dtp = new DedeTemplate();

  121.     $carts = array(

  122.         'orders_id' => $buyid,

  123.         'cart_count' => '1',

  124.         'price_count' => sprintf("%01.2f", $price)

  125.     );

  126.     $row = $dsql->GetOne("SELECT pname,money FROM `#@__member_operation` WHERE buyid='{$buyid}'");

  127.     $dtp->SetVar('pay_name', $row['pname']);

  128.     $dtp->SetVar('price', $row['money']);

  129.     $dtp->SetVar('pay_way', $rs['name']);

  130.     $dtp->SetVar('description', $rs['description']);

  131.     $dtp->SetVar('button', $button);

  132.     $dtp->Assign('carts', $carts);

  133.     $dtp->LoadTemplate(DEDEMEMBER.'/templets/shops_action_payment.htm');

  134.     $dtp->Display();

  135.     exit();

  136. }

  137. /**

  138.  *  加密函数

  139.  *

  140.  * @access    public

  141.  * @param     string  $string  字符串

  142.  * @param     string  $operation  操作

  143.  * @return    string

  144.  */

  145. function mchStrCode($string, $operation = 'ENCODE')

  146. {

  147.     $key_length = 4;

  148.     $expiry = 0;

  149.     $key = md5($GLOBALS['cfg_cookie_encode']);

  150.     $fixedkey = md5($key);

  151.     $egiskeys = md5(substr($fixedkey, 16, 16));

  152.     $runtokey = $key_length ? ($operation == 'ENCODE' ? substr(md5(microtime(true)), -$key_length) : substr($string, 0, $key_length)) : '';

  153.     $keys = md5(substr($runtokey, 0, 16).substr($fixedkey, 0, 16).substr($runtokey, 16).substr($fixedkey, 16));

  154.     $string = $operation == 'ENCODE' ? sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$egiskeys), 0, 16).$string : base64_decode(substr($string, $key_length));

  155.     $i = 0;

  156.     $result = '';

  157.     $string_length = strlen($string);

  158.     for ($i = 0; $i < $string_length; $i++) {

  159.         $result .= chr(ord($string[$i]) ^ ord($keys[$i % 32]));

  160.     }

  161.     if ($operation == 'ENCODE') {

  162.         return $runtokey.str_replace('=', '', base64_encode($result));

  163.     } else {

  164.         if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$egiskeys), 0, 16)) {

  165.             return substr($result, 26);

  166.         } else {

  167.             return '';

  168.         }

  169.     }

  170. }

  171. ?>