public function check()
{
if (!is_login()) {
$this->error("您还没有登陆", U("User/login"));
}
/***接受代码 */
$code = I('post.couponid');
$code = safe_replace($code);
//过滤
$fcoupon = M("fcoupon");
$id = $fcoupon->where("code='{$code}' ")->getfield("id");
/***获取优惠券id,优惠券存在 */
if (isset($id)) {
$member = D("member");
$uid = $member->uid();
$coupon = M("UserCoupon");
/***用户优惠券存在 */
if ($coupon->where("uid='{$uid}'and couponid='{$id}' and status='1'")->select()) {
$data["info"] = "该优惠券可以使用";
$data["msg"] = "yes";
$data["status"] = "1";
$this->ajaxreturn($data);
} else {
$data["info"] = "该优惠券已使用或未领取";
$data["msg"] = "no";
$data["status"] = "1";
$this->ajaxreturn($data);
}
} else {
$data["info"] = "查询不到该优惠券";
$data["msg"] = "out of date";
$data["status"] = "1";
$this->ajaxreturn($data);
}
}
function keyword ($field, $value) {
//获取post过来的关键字,关键字用空格或者‘,’分割的
$data = array();
$data = split('[ ,]', $value);
//加载关键字的数据模型
$keyword_db = pc_base::load_model('keyword_model');
$keyword_data_db = pc_base::load_model('keyword_data_model');
pc_base::load_sys_func('iconv');
if (is_array($data) && !empty($data)) {
$siteid = get_siteid();
foreach ($data as $v) {
$v = defined('IN_ADMIN') ? $v : safe_replace(addslashes($v));
$v = str_replace(array('//','#','.'),' ',$v);
if (!$r = $keyword_db->get_one(array('keyword'=>$v, 'siteid'=>$siteid))) {
$letters = gbk_to_pinyin($v);
$letter = strtolower(implode('', $letters));
$tagid = $keyword_db->insert(array('keyword'=>$v, 'siteid'=>$siteid, 'pinyin'=>$letter, 'videonum'=>1), true);
} else {
$keyword_db->update(array('videonum'=>'+=1'), array('id'=>$r['id']));
$tagid = $r['id'];
}
$contentid = $this->id.'-'.$this->modelid;
if (!$keyword_data_db->get_one(array('tagid'=>$tagid, 'siteid'=>$siteid, 'contentid'=>$contentid))) {
$keyword_data_db->insert(array('tagid'=>$tagid, 'siteid'=>$siteid, 'contentid'=>$contentid));
}
unset($contentid, $tagid, $letters);
}
}
return $value;
}
/**
* 按照模型搜索
*/
public function lists()
{
$tag = safe_replace(addslashes($_GET['tag']));
$keyword_data_db = pc_base::load_model('keyword_data_model');
//获取标签id
$r = $this->keyword_db->get_one(array('keyword' => $tag, 'siteid' => $this->siteid), 'id');
if (!$r['id']) {
showmessage('不存在此关键字!');
}
$tagid = intval($r['id']);
$page = max($_GET['page'], 1);
$pagesize = 20;
$where = '`tagid`=\'' . $tagid . '\' AND `siteid`=' . $this->siteid;
$infos = $keyword_data_db->listinfo($where, '`id` DESC', $page, $pagesize);
$pages = $keyword_data_db->pages;
$total = $keyword_data_db->number;
if (is_array($infos)) {
$datas = array();
foreach ($infos as $info) {
list($contentid, $modelid) = explode('-', $info['contentid']);
$this->db->set_model($modelid);
$res = $this->db->get_one(array('id' => $contentid), 'title, description, url, inputtime, style');
$res['title'] = str_replace($tag, '<font color="#f00">' . $tag . '</font>', $res['title']);
$res['description'] = str_replace($tag, '<font color="#f00">' . $tag . '</font>', $res['description']);
$datas[] = $res;
}
}
$SEO = seo($siteid, '', $tag);
include template('content', 'tag_list');
}
public function __construct()
{
$this->commentid = isset($_GET['commentid']) && trim(urldecode($_GET['commentid'])) ? trim(urldecode($_GET['commentid'])) : $this->_show_msg(L('illegal_parameters'));
$this->commentid = safe_replace($this->commentid);
$this->format = isset($_GET['format']) ? $_GET['format'] : '';
list($this->applications, $this->contentid) = decode_commentid($this->commentid);
}
public static function get_cookie($var, $default = '')
{
$var = CS_Cookie_Prefix . $var;
$value = isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'D', $var . CS_Encryption_Key) : $default;
$value = safe_replace($value);
return $value;
}
public function __construct()
{
$this->contentid = isset($_GET['contentid']) && trim(urldecode($_GET['contentid'])) ? trim(urldecode($_GET['contentid'])) : $this->_show_msg(L('illegal_parameters'));
$this->contentid = safe_replace($this->contentid);
$this->db = Loader::model('digg_model');
$this->db_log = Loader::model('digg_log_model');
}
public function reg()
{
if (isset($_POST['submit-1'])) {
$username = safe_replace($_POST['username']);
if ($username != $_POST['username'] || empty($username)) {
_message("用户名格式错误!");
}
if (_strlen($username) > 15) {
_message("用户名长度为2-15个字符,1个汉字等于2个字符!");
}
$password1 = $_POST['password'];
$password2 = $_POST['pwdconfirm'];
if (empty($password2) || $password1 != $password2) {
_message("2次密码不一致!");
}
if (!_checkemail($_POST['email'])) {
_message("邮箱格式错误!");
}
$pmid = isset($_POST['mid']) ? intval($_POST['mid']) : 0;
$password = md5($password2);
$addtime = time();
$ip = _get_ip();
$this->db->Query("INSERT INTO `@#_admin` (`mid`, `username`, `userpass`, `useremail`, `addtime`, `logintime`, `loginip`) VALUES ('{$pmid}', '{$username}', '{$password}', '{$_POST['email']}','{$addtime}','0','{$ip}')");
if ($this->db->affected_rows()) {
$path = WEB_PATH . '/' . ROUTE_M . '/user/lists';
_message("添加管理员成功!", $path);
} else {
_message("添加管理员失败!");
}
}
include $this->tpl(ROUTE_M, 'user.reg');
}
public function index()
{
if (IS_POST) {
//页面上通过表单选择在线支付类型,支付宝为alipay 财付通为tenpay
/* 支付设置 */
$payment = array('tenpay' => array('key' => C('TENPAYKEY'), 'partner' => C('TENPAYPARTNER')), 'alipay' => array('email' => C('ALIPAYEMAIL'), 'key' => C('ALIPAYKEY'), 'partner' => C('ALIPAYPARTNER')), 'palpay' => array('business' => C('PALPAYPARTNER')), 'yeepay' => array('key' => C('YEEPAYPARTNER'), 'partner' => C('YEEPAYKEY')), 'kuaiqian' => array('key' => C('KUAIQIANPARTNER'), 'partner' => C('KUAIQIANKEY')), 'unionpay' => array('key' => C('UNIONPARTNER'), 'partner' => C('UNIONKEY')));
$paytype = safe_replace(I('post.paytype'));
$pay = new \Think\Pay($paytype, $payment[$paytype]);
if (!empty($_POST['orderid'])) {
$order_no = safe_replace(I('post.orderid'));
$info = M("order")->where("tag='{$order_no}'")->find();
$money = $info['total_money'];
$body = C('SITENAME') . "订单支付";
//商品描述
$title = C('SITENAME') . "订单支付";
//设置商品名称
}
$vo = new \Think\Pay\PayVo();
$vo->setBody($body)->setFee($money)->setOrderNo($order_no)->setTitle($title)->setCallback("Home/Pay/success")->setUrl(U("Home/Pay/over"))->setParam(array('order_id' => $order_no));
echo $pay->buildRequestForm($vo);
} else {
$this->meta_title = '支付订单';
//在此之前goods1的业务订单已经生成,状态为等待支付
$id = safe_replace(I("get.orderid"));
$order = D("order");
$this->assign('codeid', $id);
$total = $order->where("orderid='{$id}'")->getField('total_money');
$this->assign('goodprice', $total);
$this->display();
}
}
public function search()
{
$title = safe_replace($_GET['title']);
if (CHARSET == 'gbk') {
$title = iconv('utf-8', 'gbk', $title);
}
$where = '`status`=21';
if ($title) {
$where .= ' AND `title` LIKE \'%' . $title . '%\'';
}
$userupload = intval($_GET['userupload']);
if ($userupload) {
$where .= ' AND `userupload`=1';
}
$page = $_GET['page'];
$pagesize = 6;
$infos = $this->db->listinfo($where, 'videoid DESC', $page, $pagesize);
$number = $this->db->number;
$pages = $this->pages($number, $page, $pagesize, 4, 'get_videoes');
if (is_array($infos) && !empty($infos)) {
$html = '';
foreach ($infos as $info) {
$html .= '<li><div class="w9"><a href="javascript:void(0);" onclick="a_click(this);" title="' . $info['title'] . '" data-vid="' . $info['vid'] . '" ><span></span><img src="' . $info['picpath'] . '" width="90" height="51" /></a><p>' . str_cut($info['title'], 18) . '</p></div></li>';
}
}
$data['pages'] = $pages;
$data['html'] = $html;
if (CHARSET == 'gbk') {
$data = array_iconv($data, 'gbk', 'utf-8');
}
exit(json_encode($data));
}
public function tag()
{
$search = $this->segment_array();
array_shift($search);
array_shift($search);
array_shift($search);
$search = implode('/', $search);
if (!$search) {
_message("输入搜索关键字");
}
$search = urldecode($search);
$search = safe_replace($search);
if (!_is_utf8($search)) {
$search = iconv("GBK", "UTF-8", $search);
}
$mysql_model = System::load_sys_class('model');
$search = str_ireplace("union", '', $search);
$search = str_ireplace("select", '', $search);
$search = str_ireplace("delete", '', $search);
$search = str_ireplace("update", '', $search);
$search = str_ireplace("/**/", '', $search);
$title = $search . ' - ' . _cfg('web_name');
$shoplist = $mysql_model->GetList("select title,thumb,id,sid,zongrenshu,canyurenshu,shenyurenshu,money from `@#_shoplist` WHERE shenyurenshu !=0 and `title` LIKE '%" . $search . "%' order by shenyurenshu desc");
$list = count($shoplist);
include templates("search", "search");
}
public function album_list()
{
$search = array();
if (isset($_GET['search'])) {
if ($_GET['start_time'] && !is_numeric($_GET['start_time'])) {
$search['_string'] = "uploadtime >= " . strtotime($_GET['start_time']);
}
if ($_GET['end_time'] && !is_numeric($_GET['end_time'])) {
if (isset($search['_string'])) {
$search['_string'] .= " and uploadtime <= " . strtotime($_GET['end_time']);
} else {
$search['uploadtime'] = array('lt', strtotime($_GET['end_time']));
}
}
if ($_GET['filename']) {
$search['name'] = array('like', "%" . safe_replace($_GET['filename']) . "%");
}
}
if (isset($_GET['CKEditor'])) {
$data = $this->db->attachment_list($search, "id desc", '32');
$this->assign('attachs', $data['data']);
$this->assign('pages', $data['pages']);
$this->display("album_for_ckeditor");
} else {
$data = $this->db->attachment_list($search);
$this->assign('attachs', $data['data']);
$this->assign('pages', $data['pages']);
$this->assign('params', explode(',', $_GET['args']));
$this->display();
}
}
public function add()
{
if (isset($_POST['dosubmit'])) {
$_POST['link']['addtime'] = SYS_TIME;
$_POST['link']['siteid'] = $this->get_siteid();
if (empty($_POST['link']['name'])) {
showmessage(L('sitename_noempty'), HTTP_REFERER);
} else {
$_POST['link']['name'] = safe_replace($_POST['link']['name']);
}
if ($_POST['link']['logo']) {
$_POST['link']['logo'] = safe_replace($_POST['link']['logo']);
}
$data = new_addslashes($_POST['link']);
$linkid = $this->db->insert($data, true);
if (!$linkid) {
return FALSE;
}
$siteid = $this->get_siteid();
//更新附件状态
if (pc_base::load_config('system', 'attachment_stat') & $_POST['link']['logo']) {
$this->attachment_db = pc_base::load_model('attachment_model');
$this->attachment_db->api_update($_POST['link']['logo'], 'link-' . $linkid, 1);
}
showmessage(L('operation_success'), HTTP_REFERER, '', 'add');
} else {
$show_validator = $show_scroll = $show_header = true;
pc_base::load_sys_class('form', '', 0);
$siteid = $this->get_siteid();
$types = $this->db2->get_types($siteid);
//print_r($types);exit;
include $this->admin_tpl('link_add');
}
}
public function lottery_shop_json()
{
if (!isset($_GET['gid'])) {
echo json_encode(array("error" => '1'));
return;
exit;
}
$gid = trim($_GET['gid']);
$times = (int) System::load_sys_config('system', 'goods_end_time');
if (!$times) {
$times = 1;
}
$db = System::load_sys_class('model');
$gid = safe_replace($gid);
$gid = str_ireplace("select", "", $gid);
$gid = str_ireplace("union", "", $gid);
$gid = str_ireplace("'", "", $gid);
$gid = str_ireplace("%27", "", $gid);
$gid = trim($gid, ',');
if (!$gid) {
$info = $db->GetOne("select qishu,xsjx_time,id,zongrenshu,thumb,title,q_uid,q_user,q_user_code,q_end_time from `@#_shoplist` where `q_showtime` = 'Y' order by `q_end_time` ASC");
} else {
$infos = $db->GetList("select qishu,xsjx_time,id,zongrenshu,thumb,title,q_uid,q_user,q_user_code,q_end_time from `@#_shoplist` where `q_showtime` = 'Y' order by `q_end_time` ASC limit 0,4");
$gid = @explode('_', $gid);
$info = false;
foreach ($infos as $infov) {
if (!in_array($infov['id'], $gid)) {
$info = $infov;
break;
}
}
}
if (!$info) {
echo json_encode(array("error" => '1'));
return;
exit;
}
if ($info['xsjx_time']) {
$info['q_end_time'] = $info['q_end_time'] + $times;
}
System::load_sys_fun("user");
$user = unserialize($info['q_user']);
$user = get_user_name($info['q_uid'], "username");
$uid = $info['q_uid'];
$upload = G_UPLOAD_PATH;
$q_time = substr($info['q_end_time'], 0, 10);
if ($q_time <= time()) {
$db->Query("update `@#_shoplist` SET `q_showtime` = 'N' where `id` = '{$info['id']}' and `q_showtime` = 'Y' and `q_uid` is not null");
echo json_encode(array("error" => '-1'));
return;
exit;
}
$user_shop_number = $db->GetOne("select sum(gonumber) as gonumber from `@#_member_go_record` where `uid`= '{$uid}' and `shopid` = '{$info['id']}' and `shopqishu` = '{$info['qishu']}'");
$user_shop_number = $user_shop_number['gonumber'];
$times = $q_time - time();
echo json_encode(array("error" => "0", "user_shop_number" => "{$user_shop_number}", "user" => "{$user}", "zongrenshu" => $info['zongrenshu'], "q_user_code" => $info['q_user_code'], "qishu" => $info['qishu'], "upload" => $upload, "thumb" => $info['thumb'], "id" => $info['id'], "uid" => "{$uid}", "title" => $info['title'], "user" => $user, "times" => $times));
exit;
}
/**
* 后台用户登录
* @author 麦当苗儿 <*****@*****.**>
*/
public function login($username = null, $password = null, $verify = null)
{
if (IS_POST) {
/* 检测验证码 TODO: */
// if(!check_verify($verify)){
// $this->error('验证码输入错误!');
// }
$username = safe_replace($username);
//过滤
/* 调用UC登录接口登录 */
$User = new UserApi();
$uid = $User->login($username, $password);
if (0 < $uid) {
//UC登录成功
/* 登录用户 */
$Member = D('Member');
if ($Member->login($uid)) {
//登录用户
//TODO:跳转到登录前页面
$this->success('登录成功!', U('Admin/Index/index'));
} else {
$this->error($Member->getError());
}
} else {
//登录失败
switch ($uid) {
case -1:
$error = '用户不存在或被禁用!';
break;
//系统级别禁用
//系统级别禁用
case -2:
$error = '密码错误!';
break;
default:
$error = '未知错误!';
break;
// 0-接口参数错误(调试阶段使用)
}
$this->error($error);
}
} else {
if (is_login()) {
$this->redirect('Index/index');
} else {
/* 读取数据库中的配置 */
$config = S('DB_CONFIG_DATA');
if (!$config) {
$config = D('Config')->lists();
S('DB_CONFIG_DATA', $config);
}
C($config);
//添加配置
$this->display();
}
}
}
private function callback($msg, $url = '', $state = 0)
{
if ($this->model['setting']['member']['callback'] && function_exists($this->model['setting']['member']['callback'])) {
eval($this->model['setting']['member']['callback'] . '("' . safe_replace($msg) . '", "' . safe_replace($url) . '", ' . $state . ');');
} else {
$this->msg($msg, $url, 1);
}
exit;
}
function __construct() {
pc_base::load_app_func('global');
pc_base::load_sys_class('format', '', 0);
$this->commentid = isset($_GET['commentid']) && trim(urldecode($_GET['commentid'])) ? trim(urldecode($_GET['commentid'])) : $this->_show_msg(L('illegal_parameters'));
$this->commentid = safe_replace($this->commentid);
$this->format = isset($_GET['format']) ? $_GET['format'] : '';
list($this->modules, $this->contentid, $this->siteid) = decode_commentid($this->commentid);
define('SITEID', $this->siteid);
}
/**
* 更新优惠券信息
* @return boolean 更新状态
* @author 麦当苗儿 <*****@*****.**>
*/
public function update()
{
$data = $this->create();
if (!$data) {
//数据对象创建错误
return false;
}
/* 添加或更新数据 */
if (empty($data['id'])) {
$res = $this->add();
} else {
$res = $this->save();
}
$id = safe_replace($_POST["id"]);
$orderid = M('order')->where("id='{$id}'")->getField("orderid");
$status = I('status');
/* 根据状态判断操作 */
if ($status) {
switch ($status) {
case '1':
M('order')->where("orderid='{$orderid}'")->setField('status', '1');
break;
case '2':
M('order')->where("id='{$id}'")->setField('status', '2');
//根据订单id获取购物清单
$list = M("shoplist")->where("orderid='{$id}'")->select();
foreach ($list as $k => $val) {
//获取购物清单数据表产品id,字段id
$byid = $val["id"];
$goodid = $val["goodid"];
//销量加1 库存减1
$sales = M('document')->where("id='{$goodid}'")->setInc('sale');
$stock = M('document')->where("id='{$goodid}'")->setDec('stock');
$data['status'] = 2;
M("shoplist")->where("id='{$byid}'")->save($data);
}
break;
case '3':
M('order')->where("id='{$id}'")->setField('status', '3');
//根据订单id获取购物清单,设置商品状态为已完成.,status=3
$del = M("shoplist")->where("orderid='{$id}'")->select();
foreach ($del as $k => $val) {
//获取购物清单数据表产品id,字段id
$byid = $val["id"];
$data['iscomment'] = 1;
$data['status'] = 3;
$shop = M("shoplist");
$shop->where("id='{$byid}'")->save($data);
}
break;
}
}
return $res;
}
public function show()
{
$sid = safe_replace($_REQUEST['sid']);
$map['shopcode'] = $sid;
$shop = M("shop")->where($map)->find();
$this->assign("shop", $shop);
if ($this->Config["wap"] && is_mobile()) {
$tmp = THEME_PATH . "wap/" . MODULE_NAME . "_test.html";
}
$this->display($tmp);
}
/**
*
* add 添加视频方法,将视频入库到视频库中
* @param array $data 视频信息数据
*/
public function add($data = array())
{
if (is_array($data) && !empty($data)) {
$data['status'] = 1;
$data['userid'] = defined('IN_ADMIN') ? 0 : intval(param::get_cookie('_userid'));
$data['vid'] = safe_replace($data['vid']);
$vid = $this->db->insert($data, true);
return $vid ? $vid : false;
} else {
return false;
}
}
public function listinfo()
{
$r = $max_table = '';
$max_table = isset($_GET['max_table']) ? intval($_GET['max_table']) : 0;
if (!$max_table) {
$r = $this->comment_db->max('tableid');
if (!$r['tableid']) {
showmessage(L('no_comment'));
}
$max_table = $r['tableid'];
}
$page = isset($_GET['page']) && intval($_GET['page']) ? intval($_GET['page']) : 1;
$tableid = isset($_GET['tableid']) ? intval($_GET['tableid']) : $max_table;
if ($tableid > $max_table) {
$tableid = $max_table;
}
$where = array();
if (isset($_GET['search'])) {
$t = $comment_id = '';
$keywords = safe_replace($_GET['keyword']);
$searchtype = intval($_GET['searchtype']);
switch ($searchtype) {
case '0':
$data = $this->comment_db->where(array('title' => array('like', "%{$keywords}%"), 'tableid' => $tableid))->select();
if (!empty($data)) {
foreach ($data as $d) {
$comment_id .= $t . '\'' . $d['commentid'] . '\'';
$t = ',';
}
$where['commentid'] = array('in', $comment_id);
}
break;
case '1':
$keywords = intval($keywords);
$data = $this->comment_db->where(array('commentid' => array('like', "content_%-{$keywords}-%")))->select();
$data = $this->comment_db->fetch_array();
foreach ($data as $d) {
$comment_id .= $t . '\'' . $d['commentid'] . '\'';
$t = ',';
}
$where['commentid'] = array('in', $comment_id);
break;
case '2':
$where['username'] = $keywords;
break;
}
}
$data = array();
$this->comment_data_db->table_name($tableid);
$data = $this->comment_data_db->where($where)->order('id DESC')->listinfo($page, 10);
$pages = $this->comment_data_db->pages;
include $this->view('comment_listinfo');
}
/**
* 将文章加入收藏夹
* @param int $cid 文章id
* @param int $userid 会员id
* @param string $title 文章标题
* @param $mix {-1:加入失败;$id:加入成功,返回收藏id}
*/
public function add_favorite($cid, $userid, $title)
{
$cid = intval($cid);
$userid = intval($userid);
$title = safe_replace($title);
$this->favorite_db = pc_base::load_model('favorite_model');
$id = $this->favorite_db->insert(array('title' => $title, 'userid' => $userid, 'cid' => $cid, 'adddate' => SYS_TIME), 1);
if ($id) {
return $id;
} else {
return -1;
}
}
public function __construct() {
parent::__construct();
$this->style = isset($_GET['style']) && trim($_GET['style']) ? str_replace(array('..\\', '../', './', '.\\', '/', '\\'), '', trim($_GET['style'])) : showmessage(L('illegal_operation'));
$this->dir = isset($_GET['dir']) && trim($_GET['dir']) ? trim(urldecode($_GET['dir'])) : showmessage(L('illegal_operation'));
$this->dir = safe_replace($this->dir);
$this->filename = isset($_GET['filename']) && trim($_GET['filename']) ? trim($_GET['filename']) : showmessage(L('illegal_operation'));
if (empty($this->style) || empty($this->dir) || empty($this->filename)) {
showmessage(L('illegal_operation'), HTTP_REFERER);
}
$this->filepath = PC_PATH.'templates'.DIRECTORY_SEPARATOR.$this->style.DIRECTORY_SEPARATOR.$this->dir.DIRECTORY_SEPARATOR.$this->filename;
$this->fileid = $this->style.'_'.$this->dir.'_'.$this->filename;
$this->db = pc_base::load_model('template_bak_model');
}
public function index()
{
if (!isset($_GET['moduleid'])) {
$this->error('模型参数缺失!');
}
$module = D('Model')->find($_GET['moduleid']);
if (empty($module)) {
$this->error('模型不存在!');
}
$this->db->setModel($module['id']);
$search = array();
if (isset($_GET['search'])) {
if ($_GET['start_time'] && !is_numeric($_GET['start_time'])) {
$search['inputtime'] = array('gt', strtotime($_GET['start_time']));
}
if ($_GET['end_time'] && !is_numeric($_GET['end_time'])) {
$search['inputtime'] = array('lt', strtotime($_GET['end_time']));
}
if ($_GET['keyword']) {
switch (intval($_GET['searchtype'])) {
case 0:
$search['title'] = array('like', "%" . safe_replace($_GET['keyword']) . "%");
break;
case 1:
$search['description'] = array('like', "%" . safe_replace($_GET['keyword']) . "%");
break;
case 2:
$search['username'] = safe_replace($_GET['keyword']);
case 3:
$search['id'] = intval($_GET['keyword']);
break;
default:
break;
}
}
}
$list_fields = $this->db->getListFields(array('name', 'field'));
$contentFields = array('id', 'updatetime');
foreach ($list_fields as $key => $field) {
$contentFields[] = $field['field'];
}
$data = $this->db->contentList($search, "listorder desc, id desc", 10, $contentFields);
$this->assign('module', $module);
$this->assign('contents', $data['data']);
$this->assign('list_fields', $list_fields);
$this->assign('pages', $data['page']);
$this->display();
}
function get($data)
{
$this->data = $data = trim_script($data);
$model_cache = getcache('member_model', 'commons');
$this->db->table_name = $this->db_pre . $model_cache[$this->modelid]['tablename'];
$info = array();
$debar_filed = array('catid', 'title', 'style', 'thumb', 'status', 'islink', 'description');
if (is_array($data)) {
foreach ($data as $field => $value) {
if ($data['islink'] == 1 && !in_array($field, $debar_filed)) {
continue;
}
$field = safe_replace($field);
$name = $this->fields[$field]['name'];
$minlength = $this->fields[$field]['minlength'];
$maxlength = $this->fields[$field]['maxlength'];
$pattern = $this->fields[$field]['pattern'];
$errortips = $this->fields[$field]['errortips'];
if (empty($errortips)) {
$errortips = "{$name} 不符合要求!";
}
$length = empty($value) ? 0 : strlen($value);
if ($minlength && $length < $minlength && !$isimport) {
showmessage("{$name} 不得少于 {$minlength} 个字符!");
}
if (!array_key_exists($field, $this->fields)) {
showmessage('模型中不存在' . $field . '字段');
}
if ($maxlength && $length > $maxlength && !$isimport) {
showmessage("{$name} 不得超过 {$maxlength} 个字符!");
} else {
str_cut($value, $maxlength);
}
if ($pattern && $length && !preg_match($pattern, $value) && !$isimport) {
showmessage($errortips);
}
if ($this->fields[$field]['isunique'] && $this->db->get_one(array($field => $value), $field) && ROUTE_A != 'edit') {
showmessage("{$name} 的值不得重复!");
}
$func = $this->fields[$field]['formtype'];
if (method_exists($this, $func)) {
$value = $this->{$func}($field, $value);
}
$info[$field] = $value;
}
}
return $info;
}
function get_url()
{
if (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443') {
$sys_protocal = 'https://';
} else {
$sys_protocal = 'http://';
}
if ($_SERVER['PHP_SELF']) {
$php_self = safe_replace($_SERVER['PHP_SELF']);
} else {
$php_self = safe_replace($_SERVER['SCRIPT_NAME']);
}
$path_info = isset($_SERVER['PATH_INFO']) ? safe_replace($_SERVER['PATH_INFO']) : '';
$relate_url = isset($_SERVER['REQUEST_URI']) ? safe_replace($_SERVER['REQUEST_URI']) : $php_self . (isset($_SERVER['QUERY_STRING']) ? '?' . safe_replace($_SERVER['QUERY_STRING']) : $path_info);
return $sys_protocal . (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '') . $relate_url;
}
/**
* 按照模型搜索
*/
public function init()
{
if (!isset($_GET['catid'])) {
showmessage(L('missing_part_parameters'));
}
$catid = intval($_GET['catid']);
$siteids = getcache('category_content', 'commons');
$siteid = $siteids[$catid];
$this->categorys = getcache('category_content_' . $siteid, 'commons');
if (!isset($this->categorys[$catid])) {
showmessage(L('missing_part_parameters'));
}
if (isset($_GET['info']['catid']) && $_GET['info']['catid']) {
$catid = intval($_GET['info']['catid']);
} else {
$_GET['info']['catid'] = 0;
}
if (isset($_GET['tag']) && trim($_GET['tag']) != '') {
$tag = safe_replace(strip_tags($_GET['tag']));
} else {
showmessage(L('illegal_operation'));
}
$modelid = $this->categorys[$catid]['modelid'];
$modelid = intval($modelid);
if (!$modelid) {
showmessage(L('illegal_parameters'));
}
$CATEGORYS = $this->categorys;
$siteid = $this->categorys[$catid]['siteid'];
$siteurl = siteurl($siteid);
$this->db->set_model($modelid);
$page = $_GET['page'];
$datas = $infos = array();
$infos = $this->db->listinfo("`keywords` LIKE '%{$tag}%'", 'id DESC', $page, 20);
$total = $this->db->number;
if ($total > 0) {
$pages = $this->db->pages;
foreach ($infos as $_v) {
if (strpos($_v['url'], '://') === false) {
$_v['url'] = $siteurl . $_v['url'];
}
$datas[] = $_v;
}
}
$SEO = seo($siteid, $catid, $tag);
include template('content', 'tag');
}
/**
* 支付结果返回
*/
public function notify()
{
$apitype = I('get.apitype');
$apitype = safe_replace($apitype);
//过滤
/* 支付设置 */
$payment = array('tenpay' => array('key' => C('TENPAYKEY'), 'partner' => C('TENPAYPARTNER')), 'alipay' => array('email' => C('ALIPAYEMAIL'), 'key' => C('ALIPAYKEY'), 'partner' => C('ALIPAYPARTNER')), 'palpay' => array('business' => C('PALPAYPARTNER')), 'yeepay' => array('key' => C('YEEPAYPARTNER'), 'partner' => C('YEEPAYKEY')), 'kuaiqian' => array('key' => C('KUAIQIANPARTNER'), 'partner' => C('KUAIQIANKEY')), 'unionpay' => array('key' => C('UNIONPARTNER'), 'partner' => C('UNIONKEY')));
$pay = new \Think\Pay($apitype, $payment[$apitype]);
if (IS_POST && !empty($_POST)) {
$notify = $_POST;
} elseif (IS_GET && !empty($_GET)) {
$notify = $_GET;
unset($notify['method']);
unset($notify['apitype']);
} else {
exit('Access Denied-1');
}
//验证
if ($notify) {
//获取订单信息
if ($apitype == 'alipay') {
$info = $this->setInfo($notify);
} else {
$pay->verifyNotify($notify);
$info = $pay->getInfo();
}
if ($info['status']) {
$payinfo = M("Pay")->field(true)->where(array('out_trade_no' => $info['out_trade_no']))->find();
if ($payinfo['status'] == 0 && $payinfo['callback']) {
session("pay_verify", true);
$check = R($payinfo['callback'], array('money' => $info['money'], 'param' => unserialize($payinfo['param'])));
if ($check !== false) {
M("Pay")->where(array('out_trade_no' => $info['out_trade_no']))->setField(array('update_time' => time(), 'status' => 1));
}
}
if (I('get.method') == "return") {
redirect($payinfo['url']);
} else {
$pay->notifySuccess();
}
} else {
$this->error("支付失败!");
}
} else {
E("Access Denied-2");
}
}
/**
* 订单管理
* author 烟消云散 <*****@*****.**>
*/
public function index()
{
/* 查询条件初始化 */
$status = $_GET['status'];
if (isset($_GET['status'])) {
switch ($status) {
case '0':
$map['status'] = $status;
$meta_title = "待支付";
break;
case '1':
$map['status'] = $status;
$meta_title = "在线支付";
break;
case '2':
$map['status'] = $status;
$meta_title = "货到付款";
break;
}
} else {
$map = '';
$meta_title = "财务管理";
}
if (isset($_GET['out_trade_no'])) {
$out_trade_no = I('out_trade_no');
$out_trade_no = safe_replace($out_trade_no);
//过滤
$map['out_trade_no'] = array('like', '%' . $out_trade_no . '%');
}
if (isset($_GET['time-start'])) {
$map['update_time'][] = array('egt', strtotime(I('time-start')));
}
if (isset($_GET['time-end'])) {
$map['update_time'][] = array('elt', 24 * 60 * 60 + strtotime(I('time-end')));
}
if (isset($_GET['nickname'])) {
$map['uid'] = M('Member')->where(array('nickname' => I('nickname')))->getField('uid');
}
$this->meta_title = $meta_title;
$this->assign('status', $status);
$list = $this->lists('pay', $map, 'id desc');
$this->assign('list', $list);
// 记录当前列表页的cookie
Cookie('__forward__', $_SERVER['REQUEST_URI']);
$this->display();
}
/**
* 按照模型搜索
*/
public function init()
{
if (!isset($_GET['catid'])) {
showmessage(L('missing_part_parameters'));
}
$catid = intval($_GET['catid']);
$this->categorys = S('common/category_content');
if (!isset($this->categorys[$catid])) {
showmessage(L('missing_part_parameters'));
}
if (isset($_GET['info']['catid']) && $_GET['info']['catid']) {
$catid = intval($_GET['info']['catid']);
} else {
$_GET['info']['catid'] = 0;
}
if (isset($_GET['tag']) && trim($_GET['tag']) != '') {
$tag = safe_replace(strip_tags($_GET['tag']));
} else {
showmessage(L('illegal_operation'));
}
$modelid = $this->categorys[$catid]['modelid'];
$modelid = intval($modelid);
if (!$modelid) {
showmessage(L('illegal_parameters'));
}
$CATEGORYS = $this->categorys;
$this->db->set_model($modelid);
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
$datas = $infos = array();
$where = array();
$where['status'] = 99;
$where['keywords'] = array('like', "%{$tag}%");
$infos = $this->db->where($where)->order('id DESC')->listinfo($page, 20);
$total = $this->db->number;
if ($total > 0) {
$pages = $this->db->pages;
foreach ($infos as $_v) {
if (strpos($_v['url'], '://') === false) {
$_v['url'] = SITE_URL . $_v['url'];
}
$datas[] = $_v;
}
}
$SEO = seo($catid, $tag);
include template('content', 'tag');
}
/**
* 全局安全过滤函数
*/
function global_inject_input($string, $inject_string, $replace = false)
{
if (!is_array($string)) {
foreach ($inject_string as $value) {
if (stripos(strtolower($string), $value) !== false) {
header_status_404();
}
}
if ($replace) {
return filter_var(safe_replace($string), FILTER_SANITIZE_STRING);
} else {
return $string;
}
}
foreach ($string as $key => $val) {
$string[$key] = global_inject_input($val, $inject_string, $replace);
}
return $string;
}
