public function post($f3)
{
global $smarty;
// 首先做参数合法性验证
$validator = new Validator($f3->get('POST'));
$input = array();
$input['user_name'] = $validator->required('用户名不能为空')->validate('user_name');
$input['password'] = $validator->required('密码不能为空')->validate('password');
$p_captcha = $validator->required('验证码不能为空')->validate('captcha');
if (!$this->validate($validator)) {
goto out_fail;
}
// 检查验证码是否有效
$captchaController = new \Controller\Image\Captcha();
if (!$captchaController->validateCaptcha($p_captcha)) {
$this->addFlashMessage("验证码错误");
goto out_fail;
}
$adminService = new AdminUserService();
// 验证用户登陆
$admin = $adminService->doAuthAdmin($input['user_name'], $input['user_name'], $input['password']);
if (!$admin) {
$this->addFlashMessage("登陆失败,用户名、密码错误");
goto out_fail;
}
// 记录用户的登陆信息
$adminUserInfo = $admin->toArray();
unset($adminUserInfo['password']);
// 不要记录密码
// 取得用户的角色权限
$adminUserInfo['role_action_list'] = '';
if ($adminUserInfo['role_id'] > 0) {
$metaRoleService = new MetaRoleService();
$role = $metaRoleService->loadRoleById($adminUserInfo['role_id']);
if (!$role->isEmpty()) {
// 赋值角色权限
$adminUserInfo['role_action_list'] = $role['meta_data'];
}
}
AuthHelper::saveAuthUser($adminUserInfo);
try {
// 记录用户登录日志
AdminLog::logAdminOperate('user.login', '用户登录', 'IP:' . $f3->get('IP'));
} catch (\Exception $e) {
// do nothing
}
$this->addFlashMessage("登陆成功");
// 跳转到用户之前看的页面,如果之前没有看过的页面那就回到首页
RouteHelper::jumpBack($this, '/', true);
return;
// 这里正常返回
out_fail:
// 失败从这里入口
$smarty->display('user_login.tpl', 'User|Login|post');
}
/**
* 判断当前用户是否有某个权限
*
* @param string $needPrivilege
*
* @return bool
*/
protected function hasPrivilege($needPrivilege)
{
$authAdminUser = AuthHelper::getAuthUser();
if (empty($authAdminUser)) {
goto out_fail;
}
// 检查权限
if (!AdminUserService::verifyPrivilege($needPrivilege, $authAdminUser['action_list'] . ',' . $authAdminUser['role_action_list'])) {
goto out_fail;
}
return true;
out_fail:
return false;
}
/**
* 判断用户是否有某种权限
*
* @param $params
* @param $content
* @param Smarty_Internal_Template $template
* @param $repeat
*/
function smarty_helper_block_verify_privilege($params, $content, Smarty_Internal_Template $template, &$repeat)
{
if ($repeat) {
return '';
}
if (array_key_exists('privilege', $params) && !empty($params['privilege'])) {
$authAdminUser = AuthHelper::getAuthUser();
if (empty($authAdminUser)) {
return '';
}
// 检查权限
if (!AdminUserService::verifyPrivilege($params['privilege'], $authAdminUser['action_list'] . ',' . $authAdminUser['role_action_list'])) {
return '';
}
return $content;
// 成功从这里返回
}
}
public function post($f3)
{
// 权限检查
$this->requirePrivilege('manage_goods_edit_edit_post');
global $smarty;
$isCreateGoods = false;
// 是否是创建新商品
// 参数验证
$validator = new Validator($f3->get('GET'));
$goods_id = $validator->digits()->filter('ValidatorIntValue')->validate('goods_id');
if (!$this->validate($validator)) {
goto out_fail_list_goods;
}
unset($validator);
// 用户提交的商品信息做验证
$goods = $f3->get('POST[goods]');
if (empty($goods)) {
goto out_fail_validate;
}
$validator = new Validator($goods);
$goodsInfo = array();
//表单数据验证、过滤
$goodsInfo['goods_name'] = $validator->required('商品名不能为空')->validate('goods_name');
$goodsInfo['goods_name_short'] = $validator->required('商品短标题不能为空')->validate('goods_name_short');
$goodsInfo['keywords'] = $validator->validate('keywords');
$goodsInfo['seo_title'] = $validator->validate('seo_title');
$goodsInfo['seo_keyword'] = $validator->validate('seo_keyword');
$goodsInfo['seo_description'] = $validator->validate('seo_description');
$goodsInfo['goods_sn'] = $validator->validate('goods_sn');
$goodsInfo['warehouse'] = $validator->validate('warehouse');
$goodsInfo['shelf'] = $validator->validate('shelf');
$goodsInfo['cat_id'] = $validator->required('商品分类不能为空')->filter('ValidatorIntValue')->validate('cat_id');
// 记录管理员
$authAdminUser = AuthHelper::getAuthUser();
$goodsInfo['admin_user_id'] = $validator->filter('ValidatorIntValue')->validate('admin_user_id');
// 如果没有选择管理员,就用当前管理员
if (empty($goodsInfo['admin_user_id'])) {
$goodsInfo['admin_user_id'] = $authAdminUser['user_id'];
$goodsInfo['admin_user_name'] = $authAdminUser['user_name'];
} else {
$adminUserService = new AdminUserService();
$adminUser = $adminUserService->loadAdminById($goodsInfo['admin_user_id']);
if ($adminUser->isEmpty()) {
$this->addFlashMessage('管理员[' . $goodsInfo['admin_user_id'] . ']不存在');
goto out_fail_validate;
}
$goodsInfo['admin_user_name'] = $adminUser['user_name'];
unset($adminUser);
unset($adminUserService);
}
$goodsInfo['brand_id'] = $validator->filter('ValidatorIntValue')->validate('brand_id');
$goodsInfo['suppliers_id'] = $validator->required('供货商不能为空')->filter('ValidatorIntValue')->validate('suppliers_id');
$goodsInfo['is_alone_sale'] = $validator->filter('ValidatorIntValue')->validate('is_alone_sale');
$goodsInfo['is_best'] = $validator->filter('ValidatorIntValue')->validate('is_best');
$goodsInfo['is_new'] = $validator->filter('ValidatorIntValue')->validate('is_new');
$goodsInfo['is_hot'] = $validator->filter('ValidatorIntValue')->validate('is_hot');
$goodsInfo['is_on_sale'] = $validator->filter('ValidatorIntValue')->validate('is_on_sale');
$goodsInfo['market_price'] = Money::toStorage($validator->validate('market_price'));
$goodsInfo['shop_price'] = Money::toStorage($validator->validate('shop_price'));
$goodsInfo['shipping_fee'] = Money::toStorage($validator->validate('shipping_fee'));
$goodsInfo['shipping_free_number'] = $validator->validate('shipping_free_number');
$goodsInfo['goods_number'] = abs($validator->filter('ValidatorIntValue')->validate('goods_number'));
$goodsInfo['virtual_buy_number'] = $validator->filter('ValidatorIntValue')->validate('virtual_buy_number');
$goodsInfo['suppliers_price'] = Money::toStorage($validator->validate('suppliers_price'));
$goodsInfo['suppliers_shipping_fee'] = Money::toStorage($validator->validate('suppliers_shipping_fee'));
$goodsInfo['sort_order'] = $validator->validate('sort_order');
$goodsInfo['warn_number'] = $validator->filter('ValidatorIntValue')->validate('warn_number');
$goodsInfo['goods_brief'] = @$goods['goods_brief'];
//不需要过滤 html
$goodsInfo['goods_notice'] = @$goods['goods_notice'];
//不需要过滤 html
$goodsInfo['goods_after_service'] = @$goods['goods_after_service'];
//不需要过滤 html
$goodsInfo['seller_note'] = $validator->validate('seller_note');
$goodsInfo['system_tag_list'] = Utils::makeTagString(@$goods['system_tag_list']);
// 生成系统的 tag string
$goodsInfo['update_time'] = Time::gmTime();
// 商品的更新时间
$goodsInfo['goods_desc'] = @$goods['goods_desc'];
//不需要过滤 html
if (!$this->validate($validator)) {
goto out_fail_validate;
}
// 某些时候,我们不允许编辑直接粘贴别人网站的图片上来,所以我们需要过滤图片的域名
$goodsDescAllowImageDomainArray = $f3->get('sysConfig[goods_desc_allow_image_domain_array]');
if ($goodsDescAllowImageDomainArray && is_array($goodsDescAllowImageDomainArray) && !empty($goodsDescAllowImageDomainArray)) {
$patternMatch = array();
preg_match_all('/<img(.*?)src="(.*?)"(.*?)\\/?>/', $goodsInfo['goods_desc'], $patternMatch, PREG_SET_ORDER);
// 检查每一个图片
foreach ($patternMatch as $matchItem) {
$imageUrl = $matchItem[2];
$urlInfo = parse_url($imageUrl);
if (!in_array(@$urlInfo['host'], $goodsDescAllowImageDomainArray)) {
$this->addFlashMessage('商品详情非法图片 ' . $imageUrl);
goto out_fail_validate;
}
}
}
// 写入到数据库
unset($goods);
$goodsBasicService = new GoodsBasicService();
$goods = $goodsBasicService->loadGoodsById($goods_id);
// 判断是否是新建商品
$isCreateGoods = $goods->isEmpty();
if ($isCreateGoods) {
// 权限检查
$this->requirePrivilege('manage_goods_create');
$goodsInfo['add_time'] = Time::gmTime();
}
$post_goods_sn = $validator->validate('goods_sn');
if ($isCreateGoods && !Utils::isBlank($post_goods_sn)) {
$goodsInfo['goods_sn'] = $post_goods_sn;
}
$goods->copyFrom($goodsInfo);
$goods->save();
// 新商品需要自动生成 goods_sn
if ($isCreateGoods && Utils::isBlank($post_goods_sn)) {
$goods->goods_sn = $f3->get('sysConfig[goods_sn_prefix]') . $goods['goods_id'];
$goods->save();
}
// 取得供货商信息
$supplierName = '';
if (!empty($goods['suppliers_id'])) {
$supplierUserService = new SupplierUserService();
$supplierInfo = $supplierUserService->loadSupplierById($goods['suppliers_id']);
if (!$supplierInfo->isEmpty()) {
$supplierName = $supplierInfo['suppliers_name'];
}
}
// 记录商品编辑日志
$goodsLogContent = '商品编辑:[' . $goods['admin_user_id'] . ']' . $goods['admin_user_name'] . "\n" . '上架状态:' . ($goods['is_on_sale'] > 0 ? '已上架' : '未上架') . "\n" . '销售价:' . Money::toSmartyDisplay($goods['shop_price']) . ' 供货价:' . Money::toSmartyDisplay($goods['suppliers_price']) . "\n" . '快递费:' . Money::toSmartyDisplay($goods['shipping_fee']) . ' 供货快递费:' . Money::toSmartyDisplay($goods['suppliers_shipping_fee']) . "\n" . ($goods['shipping_free_number'] > 0 ? '' . $goods['shipping_free_number'] . "件免邮\n" : '') . '商品排序:' . $goods['sort_order'] . "\n" . '系统Tag:' . $goods['system_tag_list'] . "\n" . '供货商:[' . $goods['suppliers_id'] . ']' . $supplierName;
$goodsLogService = new GoodsLogService();
$goodsLogService->addGoodsLog($goods['goods_id'], $authAdminUser['user_id'], $authAdminUser['user_name'], $isCreateGoods ? '新建商品' : static::$goodsLogDesc, $goodsLogContent);
// 成功,显示商品详情
$this->addFlashMessage('商品信息保存成功');
//清除缓存,确保商品显示正确
ClearHelper::clearGoodsCacheById($goods->goods_id);
RouteHelper::reRoute($this, RouteHelper::makeUrl('/Goods/Edit/Edit', array('goods_id' => $goods->goods_id), true));
return;
// 参数验证失败
out_fail_validate:
if (!$goods_id) {
// 新建商品验证失败
RouteHelper::reRoute($this, '/Goods/Create');
return;
}
$smarty->assign('goods', $goodsInfo);
$smarty->display('goods_edit_edit.tpl');
return;
out_fail_list_goods:
RouteHelper::reRoute($this, '/Goods/Search');
}
/**
* 管理员权限管理
*
* @param $f3
*/
public function Privilege($f3)
{
// 权限检查
$this->requirePrivilege('manage_account_admin_privilege_get');
global $smarty;
// 参数验证
$validator = new Validator($f3->get('GET'));
$user_id = $validator->required()->digits()->min(1)->validate('user_id');
if (!$this->validate($validator)) {
goto out_fail;
}
// 查询管理员信息
$adminUserService = new AdminUserService();
$adminUser = $adminUserService->loadAdminById($user_id);
if ($adminUser->isEmpty()) {
// 不存在的管理员
$this->addFlashMessage('管理员不存在');
goto out_fail;
} else {
if (AdminUserService::verifyPrivilege(AdminUserService::privilegeAll, $adminUser['action_list'])) {
// 拥有最高权限的管理员只有他自己能编辑自己
$authAdminUser = AuthHelper::getAuthUser();
if ($authAdminUser['user_id'] != $adminUser['user_id']) {
$this->addFlashMessage('超级管理员只有他自己能操作自己的信息');
RouteHelper::reRoute($this, '/Account/Admin/ListUser');
}
}
}
if (!Request::isRequestPost()) {
// 没有 post ,只是普通的显示
goto out_display;
}
// 权限检查
$this->requirePrivilege('manage_account_admin_privilege_post');
$action_list_str = '';
$actionCodeArray = $f3->get('POST[action_code]');
if (empty($actionCodeArray)) {
// 清空了所有权限
$action_list_str = '';
goto update_privilege;
}
if (in_array(AdminUserService::privilegeAll, $actionCodeArray)) {
// 权限检查,只有自身拥有 privilegeAll 权限的人才能给别人授权 privilegeAll
$this->requirePrivilege(AdminUserService::privilegeAll);
// 用户有所有的权限
$action_list_str = AdminUserService::privilegeAll;
goto update_privilege;
}
// 生成权限字符串
$action_list_str = implode(',', $actionCodeArray);
update_privilege:
$adminUser->role_id = $f3->get('POST[role_id]');
$adminUser->action_list = $action_list_str;
$adminUser->save();
$this->addFlashMessage('管理员权限保存成功');
out_display:
$smarty->assign($adminUser->toArray());
// 取得权限显示列表
$metaPrivilegeService = new MetaPrivilegeService();
$smarty->assign('privilegeArray', $metaPrivilegeService->fetchPrivilegeArray());
$smarty->display('account_admin_privilege.tpl');
return;
// 正常从这里返回
out_fail:
// 失败,返回管理员列表
RouteHelper::reRoute($this, RouteHelper::makeUrl('/Account/Admin/ListUser', array('user_id' => $user_id), true));
}
public function post($f3)
{
global $smarty;
// 首先做参数合法性验证
$validator = new Validator($f3->get('POST'));
$input = array();
$input['user_real_name'] = $validator->required('管理员名称不能为空')->validate('user_real_name');
$input['oldpassword'] = $validator->validate('oldpassword');
$input['password'] = $validator->validate('password');
$input['user_desc'] = $validator->validate('user_desc');
// 用户打算修改密码
if (!Utils::isBlank($input['password'])) {
$validator->required('必须提供旧密码才能修改密码')->validate('oldpassword');
if ($f3->get('sysConfig[is_demo]')) {
$this->addFlashMessage('演示系统不允许修改密码');
goto out;
}
}
// 提供的旧密码,但是新密码为空
if (!Utils::isBlank($input['oldpassword'])) {
$validator->required('新密码不能为空')->validate('password');
}
if (!$this->validate($validator)) {
goto out;
}
$authAdminUser = AuthHelper::getAuthUser();
$adminUserService = new AdminUserService();
// 验证用户登陆
$adminUser = $adminUserService->loadAdminById($authAdminUser['user_id']);
if ($adminUser->isEmpty()) {
$this->addFlashMessage("非法登陆用户");
RouteHelper::reRoute($this, '/User/Logout', false);
}
// 用户打算修改密码,但是旧密码不对
if (!empty($input['password']) && !$adminUserService->verifyPassword($authAdminUser['user_id'], $input['oldpassword'])) {
$this->addFlashMessage('旧密码不对');
goto out;
}
// 更新数据
unset($input['oldpassword']);
$adminUserService->updateAdmin($adminUser, $input);
// 记录用户的登陆信息
$adminUserInfo = $adminUser->toArray();
unset($adminUserInfo['password']);
// 不要记录密码
// 取得用户的角色权限
$adminUserInfo['role_action_list'] = '';
if ($adminUserInfo['role_id'] > 0) {
$metaRoleService = new MetaRoleService();
$role = $metaRoleService->loadRoleById($adminUserInfo['role_id']);
if (!$role->isEmpty()) {
// 赋值角色权限
$adminUserInfo['role_action_list'] = $role['meta_data'];
}
}
AuthHelper::saveAuthUser($adminUserInfo);
$this->addFlashMessage("修改资料成功");
$smarty->assign($adminUserInfo);
out:
// 从这里出去
$smarty->display('my_profile.tpl');
}
public function post($f3)
{
// 首先做参数合法性验证
$validator = new Validator($f3->get('GET'));
$order_id = $validator->required('订单ID非法')->digits('订单ID非法')->min(1, true, '订单ID非法')->validate('order_id');
if (!$this->validate($validator)) {
goto out_fail;
}
$validator = new Validator($f3->get('POST'));
$payGatewayType = $validator->required('必须选择一种支付方式')->validate('pay_gateway_type');
$surplus = Money::toStorage($validator->float('余额格式错误')->min(0, true, '余额格式错误')->validate('surplus'));
$bonusSn = $validator->validate('bonus_sn');
// 客服信息
$orderInfoKefuInfo = array();
$orderInfoKefuInfo['kefu_user_id'] = abs(intval($validator->digits()->validate('kefu_user_id')));
$orderInfoKefuInfo['kefu_user_rate'] = abs(intval($validator->digits()->validate('kefu_user_rate')));
$orderInfoKefuInfo['kefu_user_comment'] = $validator->validate('kefu_user_comment');
if (!$this->validate($validator)) {
goto out_fail;
}
// 取得用户信息
$userInfo = AuthHelper::getAuthUser();
$userBasicService = new UserBasicService();
$userInfo = $userBasicService->loadUserById($userInfo['user_id']);
// 支付某一个特定的订单需要把订单加载到临时购物车里面
$orderBasicService = new OrderBasicService();
// 检查权限
$orderInfo = $orderBasicService->loadOrderInfoById($order_id);
if ($orderInfo->isEmpty() || $userInfo['user_id'] != $orderInfo['user_id'] || OrderBasicService::OS_UNCONFIRMED != $orderInfo['order_status']) {
$this->addFlashMessage('订单ID非法');
goto out_fail;
}
// 更新客服信息
if ($orderInfoKefuInfo['kefu_user_id'] > 0) {
$adminUserService = new AdminUserService();
$adminUser = $adminUserService->loadAdminById($orderInfoKefuInfo['kefu_user_id']);
if (!$adminUser->isEmpty()) {
$orderInfoKefuInfo['kefu_user_name'] = $adminUser['user_name'];
} else {
$orderInfoKefuInfo['kefu_user_id'] = 0;
$orderInfoKefuInfo['kefu_user_name'] = null;
}
unset($adminUser);
unset($adminUserService);
} else {
$orderInfoKefuInfo['kefu_user_id'] = 0;
$orderInfoKefuInfo['kefu_user_name'] = null;
}
$orderInfo->copyFrom($orderInfoKefuInfo);
$orderInfo->save();
$cartBasicService = new CartBasicService();
// 加载订单到购物车里
if (!$cartBasicService->loadFromOrderInfo($order_id)) {
$this->addFlashMessage('订单加载失败');
goto out_fail;
}
$cartContext =& $cartBasicService->getCartContextRef();
if ($cartContext->isEmpty()) {
$this->addFlashMessage('订单为空,不能支付');
goto out_fail;
}
// 做第一次购物车计算,需要计算原始订单的金额,后面红包使用的时候有最低订单金额限制
$cartBasicService->calcOrderPrice();
if (!empty($surplus) || !empty($bonusSn)) {
if (null != $surplus && $surplus > 0 && $surplus <= $userInfo['user_money']) {
// 设置余额支付金额,余额不能超过用户已经有的钱
$cartContext->setValue('surplus', $surplus);
}
// 设置红包支付
if (!empty($bonusSn)) {
$bonusService = new Bonus();
//检查红包是否可以使用
$bonus = $bonusService->fetchUsableBonusBySn($userInfo['user_id'], $cartContext->getValue('order_amount'), $bonusSn);
if (empty($bonus)) {
$this->addFlashMessage('红包' . $bonusSn . '不能使用');
goto out_fail;
}
// 设置红包的使用
$cartContext->setValue('bonus_id', $bonus['bonus_id']);
$cartContext->setValue('bonus', $bonus['type_money']);
}
}
// 做第二次购物车计算,需要计算使用了余额或者红包
$cartBasicService->calcOrderPayment();
// 更新订单信息
$orderInfo = $cartBasicService->saveOrder($userInfo['user_id'], '买家:' . $userInfo['user_name']);
if (!$orderInfo || $orderInfo->isEmpty()) {
//订单创建失败,报错
$this->addFlashMessage('更新订单信息失败,请联系客服');
goto out_my_order_detail;
}
// 如果购物车里面有错误消息,我们需要显示它
if ($cartContext->hasError()) {
$this->addFlashMessageArray($cartContext->getAndClearErrorMessageArray());
goto out_my_order_cart;
}
// 如果订单金额为 0 ,使用 credit 支付网关
if ($orderInfo['order_amount'] <= 0) {
$payGatewayType = 'credit';
}
$order_id = $orderInfo['order_id'];
// 解析参数,我们允许写成 tenpay_cmbchina 代表财付通、招商银行
$payGatewayParamArray = explode('_', $payGatewayType);
// 获取支付网关
$payGateway = PaymentGatewayHelper::getPaymentGateway($payGatewayParamArray[0]);
// 根据参数做初始化
if (!$payGateway->init($payGatewayParamArray)) {
$this->addFlashMessage('支付网关' . $payGatewayType . '初始化失败');
goto out_my_order_detail;
}
$payRequestUrl = $payGateway->getRequestUrl($order_id, RouteHelper::makeUrl('/Payment/PaymentReturn/' . $payGateway->getGatewayType(), null, false, true), RouteHelper::makeUrl('/Payment/PaymentNotify/' . $payGateway->getGatewayType(), null, false, true));
//notifyUrl
if (empty($payRequestUrl)) {
$this->addFlashMessage('系统错误:无法生成支付链接');
goto out_my_order_detail;
}
// 记录支付日志
printLog('[orderId:' . $order_id . ']' . $payRequestUrl, 'PAYMENT', Base::INFO);
// 跳转支付
RouteHelper::reRoute($this, $payRequestUrl);
return;
out_my_order_cart:
//失败从这里退出
RouteHelper::reRoute($this, RouteHelper::makeUrl('/My/Order/Cart', array('order_id' => $order_id), true));
return;
out_my_order_detail:
//失败从这里退出
RouteHelper::reRoute($this, RouteHelper::makeUrl('/My/Order/Detail', array('order_id' => $order_id), true));
return;
out_fail:
//失败从这里退出
RouteHelper::reRoute($this, '/My/Order');
}