public function check() { if (!is_login()) { $this->error("您还没有登陆", U("User/login")); } /***接受代码 */ $code = I('post.couponid'); $code = safe_replace($code); //过滤 $fcoupon = M("fcoupon"); $id = $fcoupon->where("code='{$code}' ")->getfield("id"); /***获取优惠券id,优惠券存在 */ if (isset($id)) { $member = D("member"); $uid = $member->uid(); $coupon = M("UserCoupon"); /***用户优惠券存在 */ if ($coupon->where("uid='{$uid}'and couponid='{$id}' and status='1'")->select()) { $data["info"] = "该优惠券可以使用"; $data["msg"] = "yes"; $data["status"] = "1"; $this->ajaxreturn($data); } else { $data["info"] = "该优惠券已使用或未领取"; $data["msg"] = "no"; $data["status"] = "1"; $this->ajaxreturn($data); } } else { $data["info"] = "查询不到该优惠券"; $data["msg"] = "out of date"; $data["status"] = "1"; $this->ajaxreturn($data); } }
function keyword ($field, $value) { //获取post过来的关键字,关键字用空格或者‘,’分割的 $data = array(); $data = split('[ ,]', $value); //加载关键字的数据模型 $keyword_db = pc_base::load_model('keyword_model'); $keyword_data_db = pc_base::load_model('keyword_data_model'); pc_base::load_sys_func('iconv'); if (is_array($data) && !empty($data)) { $siteid = get_siteid(); foreach ($data as $v) { $v = defined('IN_ADMIN') ? $v : safe_replace(addslashes($v)); $v = str_replace(array('//','#','.'),' ',$v); if (!$r = $keyword_db->get_one(array('keyword'=>$v, 'siteid'=>$siteid))) { $letters = gbk_to_pinyin($v); $letter = strtolower(implode('', $letters)); $tagid = $keyword_db->insert(array('keyword'=>$v, 'siteid'=>$siteid, 'pinyin'=>$letter, 'videonum'=>1), true); } else { $keyword_db->update(array('videonum'=>'+=1'), array('id'=>$r['id'])); $tagid = $r['id']; } $contentid = $this->id.'-'.$this->modelid; if (!$keyword_data_db->get_one(array('tagid'=>$tagid, 'siteid'=>$siteid, 'contentid'=>$contentid))) { $keyword_data_db->insert(array('tagid'=>$tagid, 'siteid'=>$siteid, 'contentid'=>$contentid)); } unset($contentid, $tagid, $letters); } } return $value; }
/** * 按照模型搜索 */ public function lists() { $tag = safe_replace(addslashes($_GET['tag'])); $keyword_data_db = pc_base::load_model('keyword_data_model'); //获取标签id $r = $this->keyword_db->get_one(array('keyword' => $tag, 'siteid' => $this->siteid), 'id'); if (!$r['id']) { showmessage('不存在此关键字!'); } $tagid = intval($r['id']); $page = max($_GET['page'], 1); $pagesize = 20; $where = '`tagid`=\'' . $tagid . '\' AND `siteid`=' . $this->siteid; $infos = $keyword_data_db->listinfo($where, '`id` DESC', $page, $pagesize); $pages = $keyword_data_db->pages; $total = $keyword_data_db->number; if (is_array($infos)) { $datas = array(); foreach ($infos as $info) { list($contentid, $modelid) = explode('-', $info['contentid']); $this->db->set_model($modelid); $res = $this->db->get_one(array('id' => $contentid), 'title, description, url, inputtime, style'); $res['title'] = str_replace($tag, '<font color="#f00">' . $tag . '</font>', $res['title']); $res['description'] = str_replace($tag, '<font color="#f00">' . $tag . '</font>', $res['description']); $datas[] = $res; } } $SEO = seo($siteid, '', $tag); include template('content', 'tag_list'); }
public function __construct() { $this->commentid = isset($_GET['commentid']) && trim(urldecode($_GET['commentid'])) ? trim(urldecode($_GET['commentid'])) : $this->_show_msg(L('illegal_parameters')); $this->commentid = safe_replace($this->commentid); $this->format = isset($_GET['format']) ? $_GET['format'] : ''; list($this->applications, $this->contentid) = decode_commentid($this->commentid); }
public static function get_cookie($var, $default = '') { $var = CS_Cookie_Prefix . $var; $value = isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'D', $var . CS_Encryption_Key) : $default; $value = safe_replace($value); return $value; }
public function __construct() { $this->contentid = isset($_GET['contentid']) && trim(urldecode($_GET['contentid'])) ? trim(urldecode($_GET['contentid'])) : $this->_show_msg(L('illegal_parameters')); $this->contentid = safe_replace($this->contentid); $this->db = Loader::model('digg_model'); $this->db_log = Loader::model('digg_log_model'); }
public function reg() { if (isset($_POST['submit-1'])) { $username = safe_replace($_POST['username']); if ($username != $_POST['username'] || empty($username)) { _message("用户名格式错误!"); } if (_strlen($username) > 15) { _message("用户名长度为2-15个字符,1个汉字等于2个字符!"); } $password1 = $_POST['password']; $password2 = $_POST['pwdconfirm']; if (empty($password2) || $password1 != $password2) { _message("2次密码不一致!"); } if (!_checkemail($_POST['email'])) { _message("邮箱格式错误!"); } $pmid = isset($_POST['mid']) ? intval($_POST['mid']) : 0; $password = md5($password2); $addtime = time(); $ip = _get_ip(); $this->db->Query("INSERT INTO `@#_admin` (`mid`, `username`, `userpass`, `useremail`, `addtime`, `logintime`, `loginip`) VALUES ('{$pmid}', '{$username}', '{$password}', '{$_POST['email']}','{$addtime}','0','{$ip}')"); if ($this->db->affected_rows()) { $path = WEB_PATH . '/' . ROUTE_M . '/user/lists'; _message("添加管理员成功!", $path); } else { _message("添加管理员失败!"); } } include $this->tpl(ROUTE_M, 'user.reg'); }
public function index() { if (IS_POST) { //页面上通过表单选择在线支付类型,支付宝为alipay 财付通为tenpay /* 支付设置 */ $payment = array('tenpay' => array('key' => C('TENPAYKEY'), 'partner' => C('TENPAYPARTNER')), 'alipay' => array('email' => C('ALIPAYEMAIL'), 'key' => C('ALIPAYKEY'), 'partner' => C('ALIPAYPARTNER')), 'palpay' => array('business' => C('PALPAYPARTNER')), 'yeepay' => array('key' => C('YEEPAYPARTNER'), 'partner' => C('YEEPAYKEY')), 'kuaiqian' => array('key' => C('KUAIQIANPARTNER'), 'partner' => C('KUAIQIANKEY')), 'unionpay' => array('key' => C('UNIONPARTNER'), 'partner' => C('UNIONKEY'))); $paytype = safe_replace(I('post.paytype')); $pay = new \Think\Pay($paytype, $payment[$paytype]); if (!empty($_POST['orderid'])) { $order_no = safe_replace(I('post.orderid')); $info = M("order")->where("tag='{$order_no}'")->find(); $money = $info['total_money']; $body = C('SITENAME') . "订单支付"; //商品描述 $title = C('SITENAME') . "订单支付"; //设置商品名称 } $vo = new \Think\Pay\PayVo(); $vo->setBody($body)->setFee($money)->setOrderNo($order_no)->setTitle($title)->setCallback("Home/Pay/success")->setUrl(U("Home/Pay/over"))->setParam(array('order_id' => $order_no)); echo $pay->buildRequestForm($vo); } else { $this->meta_title = '支付订单'; //在此之前goods1的业务订单已经生成,状态为等待支付 $id = safe_replace(I("get.orderid")); $order = D("order"); $this->assign('codeid', $id); $total = $order->where("orderid='{$id}'")->getField('total_money'); $this->assign('goodprice', $total); $this->display(); } }
public function search() { $title = safe_replace($_GET['title']); if (CHARSET == 'gbk') { $title = iconv('utf-8', 'gbk', $title); } $where = '`status`=21'; if ($title) { $where .= ' AND `title` LIKE \'%' . $title . '%\''; } $userupload = intval($_GET['userupload']); if ($userupload) { $where .= ' AND `userupload`=1'; } $page = $_GET['page']; $pagesize = 6; $infos = $this->db->listinfo($where, 'videoid DESC', $page, $pagesize); $number = $this->db->number; $pages = $this->pages($number, $page, $pagesize, 4, 'get_videoes'); if (is_array($infos) && !empty($infos)) { $html = ''; foreach ($infos as $info) { $html .= '<li><div class="w9"><a href="javascript:void(0);" onclick="a_click(this);" title="' . $info['title'] . '" data-vid="' . $info['vid'] . '" ><span></span><img src="' . $info['picpath'] . '" width="90" height="51" /></a><p>' . str_cut($info['title'], 18) . '</p></div></li>'; } } $data['pages'] = $pages; $data['html'] = $html; if (CHARSET == 'gbk') { $data = array_iconv($data, 'gbk', 'utf-8'); } exit(json_encode($data)); }
public function tag() { $search = $this->segment_array(); array_shift($search); array_shift($search); array_shift($search); $search = implode('/', $search); if (!$search) { _message("输入搜索关键字"); } $search = urldecode($search); $search = safe_replace($search); if (!_is_utf8($search)) { $search = iconv("GBK", "UTF-8", $search); } $mysql_model = System::load_sys_class('model'); $search = str_ireplace("union", '', $search); $search = str_ireplace("select", '', $search); $search = str_ireplace("delete", '', $search); $search = str_ireplace("update", '', $search); $search = str_ireplace("/**/", '', $search); $title = $search . ' - ' . _cfg('web_name'); $shoplist = $mysql_model->GetList("select title,thumb,id,sid,zongrenshu,canyurenshu,shenyurenshu,money from `@#_shoplist` WHERE shenyurenshu !=0 and `title` LIKE '%" . $search . "%' order by shenyurenshu desc"); $list = count($shoplist); include templates("search", "search"); }
public function album_list() { $search = array(); if (isset($_GET['search'])) { if ($_GET['start_time'] && !is_numeric($_GET['start_time'])) { $search['_string'] = "uploadtime >= " . strtotime($_GET['start_time']); } if ($_GET['end_time'] && !is_numeric($_GET['end_time'])) { if (isset($search['_string'])) { $search['_string'] .= " and uploadtime <= " . strtotime($_GET['end_time']); } else { $search['uploadtime'] = array('lt', strtotime($_GET['end_time'])); } } if ($_GET['filename']) { $search['name'] = array('like', "%" . safe_replace($_GET['filename']) . "%"); } } if (isset($_GET['CKEditor'])) { $data = $this->db->attachment_list($search, "id desc", '32'); $this->assign('attachs', $data['data']); $this->assign('pages', $data['pages']); $this->display("album_for_ckeditor"); } else { $data = $this->db->attachment_list($search); $this->assign('attachs', $data['data']); $this->assign('pages', $data['pages']); $this->assign('params', explode(',', $_GET['args'])); $this->display(); } }
public function add() { if (isset($_POST['dosubmit'])) { $_POST['link']['addtime'] = SYS_TIME; $_POST['link']['siteid'] = $this->get_siteid(); if (empty($_POST['link']['name'])) { showmessage(L('sitename_noempty'), HTTP_REFERER); } else { $_POST['link']['name'] = safe_replace($_POST['link']['name']); } if ($_POST['link']['logo']) { $_POST['link']['logo'] = safe_replace($_POST['link']['logo']); } $data = new_addslashes($_POST['link']); $linkid = $this->db->insert($data, true); if (!$linkid) { return FALSE; } $siteid = $this->get_siteid(); //更新附件状态 if (pc_base::load_config('system', 'attachment_stat') & $_POST['link']['logo']) { $this->attachment_db = pc_base::load_model('attachment_model'); $this->attachment_db->api_update($_POST['link']['logo'], 'link-' . $linkid, 1); } showmessage(L('operation_success'), HTTP_REFERER, '', 'add'); } else { $show_validator = $show_scroll = $show_header = true; pc_base::load_sys_class('form', '', 0); $siteid = $this->get_siteid(); $types = $this->db2->get_types($siteid); //print_r($types);exit; include $this->admin_tpl('link_add'); } }
public function lottery_shop_json() { if (!isset($_GET['gid'])) { echo json_encode(array("error" => '1')); return; exit; } $gid = trim($_GET['gid']); $times = (int) System::load_sys_config('system', 'goods_end_time'); if (!$times) { $times = 1; } $db = System::load_sys_class('model'); $gid = safe_replace($gid); $gid = str_ireplace("select", "", $gid); $gid = str_ireplace("union", "", $gid); $gid = str_ireplace("'", "", $gid); $gid = str_ireplace("%27", "", $gid); $gid = trim($gid, ','); if (!$gid) { $info = $db->GetOne("select qishu,xsjx_time,id,zongrenshu,thumb,title,q_uid,q_user,q_user_code,q_end_time from `@#_shoplist` where `q_showtime` = 'Y' order by `q_end_time` ASC"); } else { $infos = $db->GetList("select qishu,xsjx_time,id,zongrenshu,thumb,title,q_uid,q_user,q_user_code,q_end_time from `@#_shoplist` where `q_showtime` = 'Y' order by `q_end_time` ASC limit 0,4"); $gid = @explode('_', $gid); $info = false; foreach ($infos as $infov) { if (!in_array($infov['id'], $gid)) { $info = $infov; break; } } } if (!$info) { echo json_encode(array("error" => '1')); return; exit; } if ($info['xsjx_time']) { $info['q_end_time'] = $info['q_end_time'] + $times; } System::load_sys_fun("user"); $user = unserialize($info['q_user']); $user = get_user_name($info['q_uid'], "username"); $uid = $info['q_uid']; $upload = G_UPLOAD_PATH; $q_time = substr($info['q_end_time'], 0, 10); if ($q_time <= time()) { $db->Query("update `@#_shoplist` SET `q_showtime` = 'N' where `id` = '{$info['id']}' and `q_showtime` = 'Y' and `q_uid` is not null"); echo json_encode(array("error" => '-1')); return; exit; } $user_shop_number = $db->GetOne("select sum(gonumber) as gonumber from `@#_member_go_record` where `uid`= '{$uid}' and `shopid` = '{$info['id']}' and `shopqishu` = '{$info['qishu']}'"); $user_shop_number = $user_shop_number['gonumber']; $times = $q_time - time(); echo json_encode(array("error" => "0", "user_shop_number" => "{$user_shop_number}", "user" => "{$user}", "zongrenshu" => $info['zongrenshu'], "q_user_code" => $info['q_user_code'], "qishu" => $info['qishu'], "upload" => $upload, "thumb" => $info['thumb'], "id" => $info['id'], "uid" => "{$uid}", "title" => $info['title'], "user" => $user, "times" => $times)); exit; }
/** * 后台用户登录 * @author 麦当苗儿 <*****@*****.**> */ public function login($username = null, $password = null, $verify = null) { if (IS_POST) { /* 检测验证码 TODO: */ // if(!check_verify($verify)){ // $this->error('验证码输入错误!'); // } $username = safe_replace($username); //过滤 /* 调用UC登录接口登录 */ $User = new UserApi(); $uid = $User->login($username, $password); if (0 < $uid) { //UC登录成功 /* 登录用户 */ $Member = D('Member'); if ($Member->login($uid)) { //登录用户 //TODO:跳转到登录前页面 $this->success('登录成功!', U('Admin/Index/index')); } else { $this->error($Member->getError()); } } else { //登录失败 switch ($uid) { case -1: $error = '用户不存在或被禁用!'; break; //系统级别禁用 //系统级别禁用 case -2: $error = '密码错误!'; break; default: $error = '未知错误!'; break; // 0-接口参数错误(调试阶段使用) } $this->error($error); } } else { if (is_login()) { $this->redirect('Index/index'); } else { /* 读取数据库中的配置 */ $config = S('DB_CONFIG_DATA'); if (!$config) { $config = D('Config')->lists(); S('DB_CONFIG_DATA', $config); } C($config); //添加配置 $this->display(); } } }
private function callback($msg, $url = '', $state = 0) { if ($this->model['setting']['member']['callback'] && function_exists($this->model['setting']['member']['callback'])) { eval($this->model['setting']['member']['callback'] . '("' . safe_replace($msg) . '", "' . safe_replace($url) . '", ' . $state . ');'); } else { $this->msg($msg, $url, 1); } exit; }
function __construct() { pc_base::load_app_func('global'); pc_base::load_sys_class('format', '', 0); $this->commentid = isset($_GET['commentid']) && trim(urldecode($_GET['commentid'])) ? trim(urldecode($_GET['commentid'])) : $this->_show_msg(L('illegal_parameters')); $this->commentid = safe_replace($this->commentid); $this->format = isset($_GET['format']) ? $_GET['format'] : ''; list($this->modules, $this->contentid, $this->siteid) = decode_commentid($this->commentid); define('SITEID', $this->siteid); }
/** * 更新优惠券信息 * @return boolean 更新状态 * @author 麦当苗儿 <*****@*****.**> */ public function update() { $data = $this->create(); if (!$data) { //数据对象创建错误 return false; } /* 添加或更新数据 */ if (empty($data['id'])) { $res = $this->add(); } else { $res = $this->save(); } $id = safe_replace($_POST["id"]); $orderid = M('order')->where("id='{$id}'")->getField("orderid"); $status = I('status'); /* 根据状态判断操作 */ if ($status) { switch ($status) { case '1': M('order')->where("orderid='{$orderid}'")->setField('status', '1'); break; case '2': M('order')->where("id='{$id}'")->setField('status', '2'); //根据订单id获取购物清单 $list = M("shoplist")->where("orderid='{$id}'")->select(); foreach ($list as $k => $val) { //获取购物清单数据表产品id,字段id $byid = $val["id"]; $goodid = $val["goodid"]; //销量加1 库存减1 $sales = M('document')->where("id='{$goodid}'")->setInc('sale'); $stock = M('document')->where("id='{$goodid}'")->setDec('stock'); $data['status'] = 2; M("shoplist")->where("id='{$byid}'")->save($data); } break; case '3': M('order')->where("id='{$id}'")->setField('status', '3'); //根据订单id获取购物清单,设置商品状态为已完成.,status=3 $del = M("shoplist")->where("orderid='{$id}'")->select(); foreach ($del as $k => $val) { //获取购物清单数据表产品id,字段id $byid = $val["id"]; $data['iscomment'] = 1; $data['status'] = 3; $shop = M("shoplist"); $shop->where("id='{$byid}'")->save($data); } break; } } return $res; }
public function show() { $sid = safe_replace($_REQUEST['sid']); $map['shopcode'] = $sid; $shop = M("shop")->where($map)->find(); $this->assign("shop", $shop); if ($this->Config["wap"] && is_mobile()) { $tmp = THEME_PATH . "wap/" . MODULE_NAME . "_test.html"; } $this->display($tmp); }
/** * * add 添加视频方法,将视频入库到视频库中 * @param array $data 视频信息数据 */ public function add($data = array()) { if (is_array($data) && !empty($data)) { $data['status'] = 1; $data['userid'] = defined('IN_ADMIN') ? 0 : intval(param::get_cookie('_userid')); $data['vid'] = safe_replace($data['vid']); $vid = $this->db->insert($data, true); return $vid ? $vid : false; } else { return false; } }
public function listinfo() { $r = $max_table = ''; $max_table = isset($_GET['max_table']) ? intval($_GET['max_table']) : 0; if (!$max_table) { $r = $this->comment_db->max('tableid'); if (!$r['tableid']) { showmessage(L('no_comment')); } $max_table = $r['tableid']; } $page = isset($_GET['page']) && intval($_GET['page']) ? intval($_GET['page']) : 1; $tableid = isset($_GET['tableid']) ? intval($_GET['tableid']) : $max_table; if ($tableid > $max_table) { $tableid = $max_table; } $where = array(); if (isset($_GET['search'])) { $t = $comment_id = ''; $keywords = safe_replace($_GET['keyword']); $searchtype = intval($_GET['searchtype']); switch ($searchtype) { case '0': $data = $this->comment_db->where(array('title' => array('like', "%{$keywords}%"), 'tableid' => $tableid))->select(); if (!empty($data)) { foreach ($data as $d) { $comment_id .= $t . '\'' . $d['commentid'] . '\''; $t = ','; } $where['commentid'] = array('in', $comment_id); } break; case '1': $keywords = intval($keywords); $data = $this->comment_db->where(array('commentid' => array('like', "content_%-{$keywords}-%")))->select(); $data = $this->comment_db->fetch_array(); foreach ($data as $d) { $comment_id .= $t . '\'' . $d['commentid'] . '\''; $t = ','; } $where['commentid'] = array('in', $comment_id); break; case '2': $where['username'] = $keywords; break; } } $data = array(); $this->comment_data_db->table_name($tableid); $data = $this->comment_data_db->where($where)->order('id DESC')->listinfo($page, 10); $pages = $this->comment_data_db->pages; include $this->view('comment_listinfo'); }
/** * 将文章加入收藏夹 * @param int $cid 文章id * @param int $userid 会员id * @param string $title 文章标题 * @param $mix {-1:加入失败;$id:加入成功,返回收藏id} */ public function add_favorite($cid, $userid, $title) { $cid = intval($cid); $userid = intval($userid); $title = safe_replace($title); $this->favorite_db = pc_base::load_model('favorite_model'); $id = $this->favorite_db->insert(array('title' => $title, 'userid' => $userid, 'cid' => $cid, 'adddate' => SYS_TIME), 1); if ($id) { return $id; } else { return -1; } }
public function __construct() { parent::__construct(); $this->style = isset($_GET['style']) && trim($_GET['style']) ? str_replace(array('..\\', '../', './', '.\\', '/', '\\'), '', trim($_GET['style'])) : showmessage(L('illegal_operation')); $this->dir = isset($_GET['dir']) && trim($_GET['dir']) ? trim(urldecode($_GET['dir'])) : showmessage(L('illegal_operation')); $this->dir = safe_replace($this->dir); $this->filename = isset($_GET['filename']) && trim($_GET['filename']) ? trim($_GET['filename']) : showmessage(L('illegal_operation')); if (empty($this->style) || empty($this->dir) || empty($this->filename)) { showmessage(L('illegal_operation'), HTTP_REFERER); } $this->filepath = PC_PATH.'templates'.DIRECTORY_SEPARATOR.$this->style.DIRECTORY_SEPARATOR.$this->dir.DIRECTORY_SEPARATOR.$this->filename; $this->fileid = $this->style.'_'.$this->dir.'_'.$this->filename; $this->db = pc_base::load_model('template_bak_model'); }
public function index() { if (!isset($_GET['moduleid'])) { $this->error('模型参数缺失!'); } $module = D('Model')->find($_GET['moduleid']); if (empty($module)) { $this->error('模型不存在!'); } $this->db->setModel($module['id']); $search = array(); if (isset($_GET['search'])) { if ($_GET['start_time'] && !is_numeric($_GET['start_time'])) { $search['inputtime'] = array('gt', strtotime($_GET['start_time'])); } if ($_GET['end_time'] && !is_numeric($_GET['end_time'])) { $search['inputtime'] = array('lt', strtotime($_GET['end_time'])); } if ($_GET['keyword']) { switch (intval($_GET['searchtype'])) { case 0: $search['title'] = array('like', "%" . safe_replace($_GET['keyword']) . "%"); break; case 1: $search['description'] = array('like', "%" . safe_replace($_GET['keyword']) . "%"); break; case 2: $search['username'] = safe_replace($_GET['keyword']); case 3: $search['id'] = intval($_GET['keyword']); break; default: break; } } } $list_fields = $this->db->getListFields(array('name', 'field')); $contentFields = array('id', 'updatetime'); foreach ($list_fields as $key => $field) { $contentFields[] = $field['field']; } $data = $this->db->contentList($search, "listorder desc, id desc", 10, $contentFields); $this->assign('module', $module); $this->assign('contents', $data['data']); $this->assign('list_fields', $list_fields); $this->assign('pages', $data['page']); $this->display(); }
function get($data) { $this->data = $data = trim_script($data); $model_cache = getcache('member_model', 'commons'); $this->db->table_name = $this->db_pre . $model_cache[$this->modelid]['tablename']; $info = array(); $debar_filed = array('catid', 'title', 'style', 'thumb', 'status', 'islink', 'description'); if (is_array($data)) { foreach ($data as $field => $value) { if ($data['islink'] == 1 && !in_array($field, $debar_filed)) { continue; } $field = safe_replace($field); $name = $this->fields[$field]['name']; $minlength = $this->fields[$field]['minlength']; $maxlength = $this->fields[$field]['maxlength']; $pattern = $this->fields[$field]['pattern']; $errortips = $this->fields[$field]['errortips']; if (empty($errortips)) { $errortips = "{$name} 不符合要求!"; } $length = empty($value) ? 0 : strlen($value); if ($minlength && $length < $minlength && !$isimport) { showmessage("{$name} 不得少于 {$minlength} 个字符!"); } if (!array_key_exists($field, $this->fields)) { showmessage('模型中不存在' . $field . '字段'); } if ($maxlength && $length > $maxlength && !$isimport) { showmessage("{$name} 不得超过 {$maxlength} 个字符!"); } else { str_cut($value, $maxlength); } if ($pattern && $length && !preg_match($pattern, $value) && !$isimport) { showmessage($errortips); } if ($this->fields[$field]['isunique'] && $this->db->get_one(array($field => $value), $field) && ROUTE_A != 'edit') { showmessage("{$name} 的值不得重复!"); } $func = $this->fields[$field]['formtype']; if (method_exists($this, $func)) { $value = $this->{$func}($field, $value); } $info[$field] = $value; } } return $info; }
function get_url() { if (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443') { $sys_protocal = 'https://'; } else { $sys_protocal = 'http://'; } if ($_SERVER['PHP_SELF']) { $php_self = safe_replace($_SERVER['PHP_SELF']); } else { $php_self = safe_replace($_SERVER['SCRIPT_NAME']); } $path_info = isset($_SERVER['PATH_INFO']) ? safe_replace($_SERVER['PATH_INFO']) : ''; $relate_url = isset($_SERVER['REQUEST_URI']) ? safe_replace($_SERVER['REQUEST_URI']) : $php_self . (isset($_SERVER['QUERY_STRING']) ? '?' . safe_replace($_SERVER['QUERY_STRING']) : $path_info); return $sys_protocal . (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '') . $relate_url; }
/** * 按照模型搜索 */ public function init() { if (!isset($_GET['catid'])) { showmessage(L('missing_part_parameters')); } $catid = intval($_GET['catid']); $siteids = getcache('category_content', 'commons'); $siteid = $siteids[$catid]; $this->categorys = getcache('category_content_' . $siteid, 'commons'); if (!isset($this->categorys[$catid])) { showmessage(L('missing_part_parameters')); } if (isset($_GET['info']['catid']) && $_GET['info']['catid']) { $catid = intval($_GET['info']['catid']); } else { $_GET['info']['catid'] = 0; } if (isset($_GET['tag']) && trim($_GET['tag']) != '') { $tag = safe_replace(strip_tags($_GET['tag'])); } else { showmessage(L('illegal_operation')); } $modelid = $this->categorys[$catid]['modelid']; $modelid = intval($modelid); if (!$modelid) { showmessage(L('illegal_parameters')); } $CATEGORYS = $this->categorys; $siteid = $this->categorys[$catid]['siteid']; $siteurl = siteurl($siteid); $this->db->set_model($modelid); $page = $_GET['page']; $datas = $infos = array(); $infos = $this->db->listinfo("`keywords` LIKE '%{$tag}%'", 'id DESC', $page, 20); $total = $this->db->number; if ($total > 0) { $pages = $this->db->pages; foreach ($infos as $_v) { if (strpos($_v['url'], '://') === false) { $_v['url'] = $siteurl . $_v['url']; } $datas[] = $_v; } } $SEO = seo($siteid, $catid, $tag); include template('content', 'tag'); }
/** * 支付结果返回 */ public function notify() { $apitype = I('get.apitype'); $apitype = safe_replace($apitype); //过滤 /* 支付设置 */ $payment = array('tenpay' => array('key' => C('TENPAYKEY'), 'partner' => C('TENPAYPARTNER')), 'alipay' => array('email' => C('ALIPAYEMAIL'), 'key' => C('ALIPAYKEY'), 'partner' => C('ALIPAYPARTNER')), 'palpay' => array('business' => C('PALPAYPARTNER')), 'yeepay' => array('key' => C('YEEPAYPARTNER'), 'partner' => C('YEEPAYKEY')), 'kuaiqian' => array('key' => C('KUAIQIANPARTNER'), 'partner' => C('KUAIQIANKEY')), 'unionpay' => array('key' => C('UNIONPARTNER'), 'partner' => C('UNIONKEY'))); $pay = new \Think\Pay($apitype, $payment[$apitype]); if (IS_POST && !empty($_POST)) { $notify = $_POST; } elseif (IS_GET && !empty($_GET)) { $notify = $_GET; unset($notify['method']); unset($notify['apitype']); } else { exit('Access Denied-1'); } //验证 if ($notify) { //获取订单信息 if ($apitype == 'alipay') { $info = $this->setInfo($notify); } else { $pay->verifyNotify($notify); $info = $pay->getInfo(); } if ($info['status']) { $payinfo = M("Pay")->field(true)->where(array('out_trade_no' => $info['out_trade_no']))->find(); if ($payinfo['status'] == 0 && $payinfo['callback']) { session("pay_verify", true); $check = R($payinfo['callback'], array('money' => $info['money'], 'param' => unserialize($payinfo['param']))); if ($check !== false) { M("Pay")->where(array('out_trade_no' => $info['out_trade_no']))->setField(array('update_time' => time(), 'status' => 1)); } } if (I('get.method') == "return") { redirect($payinfo['url']); } else { $pay->notifySuccess(); } } else { $this->error("支付失败!"); } } else { E("Access Denied-2"); } }
/** * 订单管理 * author 烟消云散 <*****@*****.**> */ public function index() { /* 查询条件初始化 */ $status = $_GET['status']; if (isset($_GET['status'])) { switch ($status) { case '0': $map['status'] = $status; $meta_title = "待支付"; break; case '1': $map['status'] = $status; $meta_title = "在线支付"; break; case '2': $map['status'] = $status; $meta_title = "货到付款"; break; } } else { $map = ''; $meta_title = "财务管理"; } if (isset($_GET['out_trade_no'])) { $out_trade_no = I('out_trade_no'); $out_trade_no = safe_replace($out_trade_no); //过滤 $map['out_trade_no'] = array('like', '%' . $out_trade_no . '%'); } if (isset($_GET['time-start'])) { $map['update_time'][] = array('egt', strtotime(I('time-start'))); } if (isset($_GET['time-end'])) { $map['update_time'][] = array('elt', 24 * 60 * 60 + strtotime(I('time-end'))); } if (isset($_GET['nickname'])) { $map['uid'] = M('Member')->where(array('nickname' => I('nickname')))->getField('uid'); } $this->meta_title = $meta_title; $this->assign('status', $status); $list = $this->lists('pay', $map, 'id desc'); $this->assign('list', $list); // 记录当前列表页的cookie Cookie('__forward__', $_SERVER['REQUEST_URI']); $this->display(); }
/** * 按照模型搜索 */ public function init() { if (!isset($_GET['catid'])) { showmessage(L('missing_part_parameters')); } $catid = intval($_GET['catid']); $this->categorys = S('common/category_content'); if (!isset($this->categorys[$catid])) { showmessage(L('missing_part_parameters')); } if (isset($_GET['info']['catid']) && $_GET['info']['catid']) { $catid = intval($_GET['info']['catid']); } else { $_GET['info']['catid'] = 0; } if (isset($_GET['tag']) && trim($_GET['tag']) != '') { $tag = safe_replace(strip_tags($_GET['tag'])); } else { showmessage(L('illegal_operation')); } $modelid = $this->categorys[$catid]['modelid']; $modelid = intval($modelid); if (!$modelid) { showmessage(L('illegal_parameters')); } $CATEGORYS = $this->categorys; $this->db->set_model($modelid); $page = isset($_GET['page']) ? intval($_GET['page']) : 1; $datas = $infos = array(); $where = array(); $where['status'] = 99; $where['keywords'] = array('like', "%{$tag}%"); $infos = $this->db->where($where)->order('id DESC')->listinfo($page, 20); $total = $this->db->number; if ($total > 0) { $pages = $this->db->pages; foreach ($infos as $_v) { if (strpos($_v['url'], '://') === false) { $_v['url'] = SITE_URL . $_v['url']; } $datas[] = $_v; } } $SEO = seo($catid, $tag); include template('content', 'tag'); }
/** * 全局安全过滤函数 */ function global_inject_input($string, $inject_string, $replace = false) { if (!is_array($string)) { foreach ($inject_string as $value) { if (stripos(strtolower($string), $value) !== false) { header_status_404(); } } if ($replace) { return filter_var(safe_replace($string), FILTER_SANITIZE_STRING); } else { return $string; } } foreach ($string as $key => $val) { $string[$key] = global_inject_input($val, $inject_string, $replace); } return $string; }