DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
429 Commits
3 Branches
110MB
Tree: fe2e25b31e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fe2e25b31e'
${ noResults }
DedeV6/src/plus/carbuyaction.php

312 lines
11KB
Raw Blame History 

  1. <?php

  2. 

  3. /**

  4.  *

  5.  * 购物车过程

  6.  *

  7.  * @version        $Id: carbuyaction.php$

  8.  * @package        DedeBIZ.Site

  9.  * @copyright      Copyright (c) 2022, DedeBIZ.COM

  10.  * @license        https://www.dedebiz.com/license

  11.  * @link           https://www.dedebiz.com

  12.  */

  13. require_once(dirname(__FILE__)."/../include/common.inc.php");

  14. define('_PLUS_TPL_', DEDEROOT.'/templets/plus');

  15. require_once DEDEINC.'/dedetemplate.class.php';

  16. require_once DEDEINC.'/shopcar.class.php';

  17. require_once DEDEINC.'/memberlogin.class.php';

  18. 

  19. if ($cfg_mb_open == 'N') {

  20.     ShowMsg("系统关闭了会员功能,因此您无法访问此页面", "javascript:;");

  21.     exit();

  22. }

  23. $rs = array();

  24. 

  25. $cfg_ml = new MemberLogin();

  26. 

  27. if (!isset($dopost) || empty($dopost)) {

  28.     $payment = 'none';

  29.     $cart    = new MemberShops();

  30. 

  31.     //获得购物车内商品,返回数组

  32.     $Items = $cart->getItems();

  33.     if (empty($Items)) {

  34.         ShowMsg("您的购物车中没有商品", "-1");

  35.         exit();

  36.     }

  37. 

  38.     $OrdersId = preg_replace("#[^0-9a-z_\-]#i", "", $cart->OrdersId);        //本次记录的订单号

  39.     $CartCount     = $cart->cartCount();    //商品总数

  40.     $priceCount    = $cart->priceCount(); //该订单总价格

  41. 

  42.     /*

  43.     function PostOrdersForm();                //填写订单信息

  44.     */

  45. 

  46.     if (!isset($do) || empty($do)) {

  47.         $shops_deliveryarr = array();

  48.         $dsql->SetQuery("SELECT pid,dname,price,des FROM `#@__shops_delivery` ORDER BY orders ASC");

  49.         $dsql->Execute();

  50.         while ($row = $dsql->GetArray()) {

  51.             $shops_deliveryarr[] = $row;

  52.         }

  53. 

  54.         //获取支付接口列表

  55.         $shops_paymentarr = array();

  56.         $dsql->SetQuery("SELECT * FROM `#@__payment` WHERE enabled='1' ORDER BY `rank` ASC");

  57.         $dsql->Execute();

  58.         $i = 0;

  59.         while ($row = $dsql->GetArray()) {

  60.             $row['disabled'] = ($row['id'] == 5) && ($cfg_ml->M_Money < $priceCount) ? ' disabled="disabled"' : '';

  61.             $shops_paymentarr[] = $row;

  62.             $i++;

  63.         }

  64.         unset($row);

  65. 

  66.         $dtp = new DedeTemplate();

  67. 

  68.         $carts = array(

  69.             'orders_id' => $cart->OrdersId,

  70.             'cart_count' => $cart->cartCount(),

  71.             'price_count' => $cart->priceCount()

  72.         );

  73.         $dtp->Assign('carts', $carts);

  74.         $dtp->LoadTemplate(_PLUS_TPL_.'/carbuyaction.htm');

  75.         $dtp->Display();

  76.         exit();

  77.     } else if ($do == 'clickout') {

  78.         $svali = GetCkVdValue();

  79.         if ((strtolower($vdcode) != $svali || $svali == "") && $payment == 'none') {

  80.             ShowMsg("验证码错误", "-1");

  81.             exit();

  82.         }

  83.         if (empty($address)) {

  84.             ShowMsg("请填写收货地址", "-1");

  85.             exit();

  86.         }

  87.         if (empty($postname)) {

  88.             ShowMsg("请填写收货人姓名", "-1");

  89.             exit();

  90.         }

  91.         $paytype    = isset($paytype) && is_numeric($paytype) ? $paytype : 0;

  92.         $pid        = isset($pid) && is_numeric($pid) ? $pid : 0;

  93.         if ($paytype < 1) {

  94.             ShowMsg("请选择支付方式", "-1");

  95.             exit();

  96.         }

  97.         if ($pid < 1) {

  98.             ShowMsg("请选择配送方式", "-1");

  99.             exit();

  100.         }

  101.         $address     = cn_substrR(trim(RemoveXSS($address)), 200);

  102.         $des             = cn_substrR(RemoveXSS($des), 100);

  103.         $postname = cn_substrR(trim(RemoveXSS($postname)), 15);

  104.         $tel            = preg_replace("#[^-0-9,\/\| ]#", "", $tel);

  105.         $zip            = preg_replace("#[^0-9]#", "", $zip);

  106.         $email        = cn_substrR(RemoveXSS($email), 255);

  107.         if (empty($tel)) {

  108.             ShowMsg("请填写正确的收货人联系电话", "-1");

  109.             exit();

  110.         }

  111.         if ($zip < 1 || $zip > 999999) {

  112.             ShowMsg("请填写正确的收货人邮政编码", "-1");

  113.             exit();

  114.         }

  115. 

  116.         //确认用户登录信息

  117.         if ($cfg_ml->IsLogin()) {

  118.             $userid = $cfg_ml->M_ID;

  119.         } else {

  120.             $username = trim($username);

  121.             $password = trim($password);

  122. 

  123.             if (empty($username) || $password) {

  124.                 ShowMsg("请选登录", "-1", 0, 2000);

  125.                 exit();

  126.             }

  127. 

  128.             $rs = $cfg_ml->CheckUser($username, $password);

  129.             if ($rs == 0) {

  130.                 ShowMsg("用户名不存在", "-1", 0, 2000);

  131.                 exit();

  132.             } else if ($rs == -1) {

  133.                 ShowMsg("密码错误", "-1", 0, 2000);

  134.                 exit();

  135.             }

  136.             $userid = $cfg_ml->M_ID;

  137.         }

  138. 

  139.         //取得配送手续费

  140.         $rs = $dsql->GetOne("SELECT `price` FROM #@__shops_delivery WHERE pid='$pid' LIMIT 0,1");

  141.         $dprice = $rs['price'] > 0 ? $rs['price'] : 0;

  142.         unset($rs);

  143.         //

  144.         //取得支付方式手续费

  145.         $row = $dsql->GetOne("SELECT `fee` FROM #@__payment WHERE id='$paytype' LIMIT 0,1");

  146.         $fprice = $row['fee'] > 0 ? $row['fee'] : 0;

  147.         unset($row);

  148.         //

  149.         $ip = GetIP();

  150.         $stime = time();

  151.         //最后总计费用

  152.         $lastpriceCount = sprintf("%01.2f", $priceCount + $dprice + $fprice);

  153. 

  154.         $rows = $dsql->GetOne("SELECT `oid` FROM #@__shops_orders WHERE oid='$OrdersId' LIMIT 0,1");

  155.         if (empty($rows['oid'])) {

  156.             $sql = "INSERT INTO `#@__shops_orders` (`oid`,`userid`,`cartcount`,`price`,`state`,`ip`,`stime`,`pid`,`paytype`,`dprice`,`priceCount`)

  157.             VALUES ('$OrdersId','$userid','$CartCount','$priceCount','0','$ip','$stime','$pid','$paytype','$dprice','$lastpriceCount');";

  158. 

  159.             //更新订单

  160.             if ($dsql->ExecuteNoneQuery($sql)) {

  161.                 foreach ($Items as $key => $val) {

  162.                     $val['price'] = str_replace(",", "", $val['price']);

  163.                     $dsql->ExecuteNoneQuery("INSERT INTO `#@__shops_products` (`aid`,`oid`,`userid`,`title`,`price`,`buynum`)

  164.                     VALUES ('$val[id]','$OrdersId','$userid','$val[title]','$val[price]','$val[buynum]');");

  165.                 }

  166.                 $sql = "INSERT INTO `#@__shops_userinfo` (`userid`,`oid`,`consignee`,`address`,`zip`,`tel`,`email`,`des`)

  167.                  VALUES ('$userid','$OrdersId','$postname','$address','$zip','$tel','$email','$des');

  168.                 ";

  169.                 $dsql->ExecuteNoneQuery($sql);

  170.             } else {

  171.                 ShowMsg("更新订单时出现错误".$dsql->GetError(), "-1");

  172.                 exit();

  173.             }

  174.         } else {

  175.             $sql = "UPDATE `#@__shops_orders`

  176.             SET `cartcount`='$CartCount',`price`='$priceCount',`ip`='$ip',`stime`='$stime',pid='$pid',paytype='$paytype',dprice='$dprice',priceCount='$lastpriceCount'

  177.             WHERE oid='$OrdersId' AND userid='$userid' ;";

  178.             if ($dsql->ExecuteNoneQuery($sql)) {

  179.                 $sql = "UPDATE `#@__shops_userinfo`

  180.                 SET `consignee`='$postname',`address`='$address',`zip`='$zip',`tel`='$tel',`email`='$email',`des`='$des'

  181.                 WHERE oid='$OrdersId';";

  182.                 $dsql->ExecuteNoneQuery($sql);

  183.             } else {

  184.                 echo $dsql->GetError();

  185.                 exit;

  186.             }

  187.             unset($sql);

  188.         }

  189.         //最后结算价格 = 最后统计价格

  190.         $priceCount = sprintf("%01.2f", $lastpriceCount);

  191.         //更新用户商品统计    

  192.         $countOrders = $dsql->GetOne("SELECT SUM(cartcount) AS nums FROM #@__shops_orders WHERE userid='".$cfg_ml->M_ID."'");

  193.         $dsql->ExecuteNoneQuery("UPDATE #@__member_tj SET `shop`='".$countOrders['nums']."' WHERE mid='".$cfg_ml->M_ID."'");

  194. 

  195.         $rs = $dsql->GetOne("SELECT * FROM `#@__payment` WHERE id='$paytype' ");

  196. 

  197.         require_once DEDEINC.'/payment/'.$rs['code'].'.php';

  198.         $pay = new $rs['code'];

  199.         if ($rs['code'] == "cod" || $rs['code'] == "bank") {

  200.             $order = $OrdersId;

  201.         } else {

  202.             $order = array(

  203.                 'out_trade_no' => $cart->OrdersId,

  204.                 'price' => $priceCount

  205.             );

  206.             require_once DEDEDATA.'/payment/'.$rs['code'].'.php';

  207.         }

  208.         $button = $pay->GetCode($order, $payment);

  209.         $dtp = new DedeTemplate();

  210.         $carts = array(

  211.             'orders_id' => $cart->OrdersId,

  212.             'cart_count' => $cart->CartCount(),

  213.             'price_count' => $priceCount

  214.         );

  215.         $row = $dsql->GetOne("SELECT dname,price FROM #@__shops_delivery WHERE pid='{$pid}'");

  216.         $dtp->SetVar('pay_name', $row['dname']);

  217.         $dtp->SetVar('price', $row['price']);

  218.         $dtp->SetVar('pay_way', $rs['name']);

  219.         $dtp->SetVar('description', $rs['description']);

  220.         $dtp->SetVar('button', $button);

  221.         $dtp->Assign('carts', $carts);

  222.         $dtp->LoadTemplate(_PLUS_TPL_.'/shops_action_payment.htm');

  223.         $dtp->Display();

  224.         exit();

  225.     }

  226. } else if ($dopost == 'memclickout') {

  227.     $svali = GetCkVdValue();

  228.     $rs = array();

  229.     if (preg_match("/S-P[0-9]+RN[0-9]/", $oid)) {

  230.         $oid = trim($oid);

  231.     } else {

  232.         ShowMsg("您的订单号不存在", "/member/shops_orders.php", 0, 2000);

  233.         exit();

  234.     }

  235. 

  236.     //确认用户登录信息

  237.     if ($cfg_ml->IsLogin()) {

  238.         $userid = $cfg_ml->M_ID;

  239.     } else {

  240.         $username = trim($username);

  241.         $password = trim($password);

  242. 

  243.         if (empty($username) || $password) {

  244.             ShowMsg("请选登录", "-1", 0, 2000);

  245.             exit();

  246.         }

  247. 

  248.         $rs = $cfg_ml->CheckUser($username, $password);

  249.         if ($rs == 0) {

  250.             ShowMsg("用户名不存在", "-1", 0, 2000);

  251.             exit();

  252.         } else if ($rs == -1) {

  253.             ShowMsg("密码错误", "-1", 0, 2000);

  254.             exit();

  255.         }

  256.         $userid = $cfg_ml->M_ID;

  257.     }

  258. 

  259.     $row = $dsql->GetOne("SELECT * FROM `#@__shops_orders` WHERE oid='$oid' ");

  260.     if (is_array($row)) {

  261.         $OrdersId = $oid;

  262.         $CartCount = $row['cartcount'];

  263.         $priceCount = $row['priceCount'];

  264.         $pid = $row['pid'];

  265.         $rs = $dsql->GetOne("SELECT * FROM `#@__payment` WHERE id='{$row['paytype']}' ");

  266.     }

  267.     $rs['code'] = isset($rs['code']) ? preg_replace("#[^0-9a-z_\-]+#i", "", $rs['code']) : "";

  268.     if (empty($rs['code']) or !file_exists(DEDEINC.'/payment/'.$rs['code'].'.php')) {

  269.         exit("Error:payment is not exsits!");

  270.     }

  271. 

  272.     require_once DEDEINC.'/payment/'.$rs['code'].'.php';

  273.     $pay = new $rs['code'];

  274.     $payment = "";

  275.     if ($rs['code'] == "cod" || $rs['code'] == "bank") $order = $OrdersId;

  276.     else {

  277.         $order = array(

  278.             'out_trade_no' => $OrdersId,

  279.             'price' => $priceCount

  280.         );

  281.         require_once DEDEDATA.'/payment/'.$rs['code'].'.php';

  282.     }

  283.     $button = $pay->GetCode($order, $payment);

  284.     $dtp = new DedeTemplate();

  285.     $carts = array(

  286.         'orders_id' => $OrdersId,

  287.         'cart_count' => $CartCount,

  288.         'price_count' => $priceCount

  289.     );

  290.     $row = $dsql->GetOne("SELECT dname,price FROM #@__shops_delivery WHERE pid='{$pid}'");

  291.     $dtp->SetVar('pay_name', $row['dname']);

  292.     $dtp->SetVar('price', $row['price']);

  293.     $dtp->SetVar('pay_way', $rs['name']);

  294.     $dtp->SetVar('description', $rs['description']);

  295.     $dtp->SetVar('button', $button);

  296.     $dtp->Assign('carts', $carts);

  297.     $dtp->LoadTemplate(_PLUS_TPL_.'/shops_action_payment.htm');

  298.     $dtp->Display();

  299.     exit();

  300. } else if ($dopost == 'return') {

  301.     $write_list = array('alipay', 'bank', 'cod', 'yeepay');

  302.     if (in_array($code, $write_list)) {

  303.         require_once DEDEINC.'/payment/'.$code.'.php';

  304.         $pay = new $code;

  305.         $msg = $pay->respond();

  306.         ShowMsg($msg, "javascript:;", 0, 3000);

  307.         exit();

  308.     } else {

  309.         exit('Error:File Type Can\'t Recognized!');

  310.     }

  311. }