function _group_auto_cancel()
{
/* 自动取消团购的天数 */
$interval = GROUP_CANCEL_INTERVAL * 3600 * 24;
$groupbuy_mod =& m('groupbuy');
$groups = $groupbuy_mod->findAll(array('conditions' => "gb.state = '" . GROUP_END . "' AND gb.end_time > 0 AND gb.end_time + {$interval} < '" . gmtime() . "'", 'join' => 'belong_store', 'include' => array('be_join')));
// 短信通知
$ms =& ms();
$userpriv_mod =& m('userpriv');
foreach ($groups as $group) {
// 管理员
$admin_id = $userpriv_mod->get_admin_id();
$to_id = array_keys($admin_id);
$group_ids[] = $group['group_id'];
// 参与团购的用户
if (!empty($group['member'])) {
foreach ($group['member'] as $join_user) {
$to_id[] = $join_user['user_id'];
}
$to_id = array_unique($to_id);
}
$content = get_msg('tobuyer_group_auto_cancel_notify', array('cancel_days' => GROUP_CANCEL_INTERVAL, 'url' => SITE_URL . '/' . url("app=groupbuy&id=" . $group['group_id'])));
$ms->pm->send(MSG_SYSTEM, $to_id, '', $content);
}
// 取消团购活动
empty($group_ids) || $groupbuy_mod->edit($group_ids, array('state' => GROUP_CANCELED));
}
public function authenticate($password)
{
$auth = DB::execute("SELECT userID FROM users WHERE userID='" . ms($this->userID) . "' AND password='******'");
if (count($auth) > 0) {
$_SESSION['userID'] = $this->userID;
}
}
function login()
{
if ($this->visitor->has_login) {
$this->show_warning('has_login');
return;
}
if (!IS_POST) {
if (Conf::get('captcha_status.backend')) {
$this->assign('captcha', 1);
}
$this->display('login.html');
} else {
if (Conf::get('captcha_status.backend') && base64_decode($_SESSION['captcha']) != strtolower($_POST['captcha'])) {
$this->show_warning('captcha_faild');
return;
}
$user_name = trim($_POST['user_name']);
$password = $_POST['password'];
$ms =& ms();
$user_id = $ms->user->auth($user_name, $password);
if (!$user_id) {
/* 未通过验证,提示错误信息 */
$this->show_warning($ms->user->get_error());
return;
}
/* 通过验证,执行登陆操作 */
if (!$this->_do_login($user_id)) {
return;
}
$this->show_message('login_successed', 'go_to_admin', 'index.php');
}
}
function fac($n)
{
$x = 1;
for ($i = $n; $i > 1; $i--) {
$x = ms((string) $x, $i);
}
echo $x;
}
/**
* delete an inhabitant
*
* @depends test_save_updates_to_inhabitant
*/
public function test_inhabitant_delete()
{
// get an inhabitantID to test with
$inhabitant = ms('inhabitant', 'name', 'bob_has_a_new_name');
$params = array('inhabitantID' => $inhabitant->getID());
dispatch_controller('inhabitant/delete_inhabitant', $params);
// assert we got the correct URI
$this->assertViewURI('json/success');
}
function MemberApp()
{
parent::__construct();
$this->ms =& ms();
//连接用户中心
//$this->_feed_enabled = $this->ms->feed->feed_enabled();
//$this->assign('feed_enabled', $this->_feed_enabled);
$this->model_member =& m('member');
}
public function getWineAction()
{
$wid = $_POST['wineID'];
$sql = 'Select * from `product` where `id`=' . ms($wid);
$wine = DB::execute($sql);
$res = new ResultObj(true, $wine, '');
echo $res->toJson();
exit;
}
/**
* 系统设置
*
* @author Hyber
* @return void
*/
function base_setting()
{
$model_setting =& af('settings');
$setting = $model_setting->getAll();
//载入系统设置数据
$ms =& ms();
$feed_enabled = $ms->feed->feed_enabled();
if ($feed_enabled) {
$_feed_list = array('store_created' => Lang::get('feed_store_created.name'), 'order_created' => Lang::get('feed_order_created.name'), 'goods_collected' => Lang::get('feed_goods_collected.name'), 'store_collected' => Lang::get('feed_store_collected.name'), 'goods_evaluated' => Lang::get('feed_goods_evaluated.name'), 'groupbuy_joined' => Lang::get('feed_groupbuy_joined.name'), 'goods_created' => Lang::get('feed_goods_created.name'), 'groupbuy_created' => Lang::get('feed_groupbuy_created.name'));
}
if (!IS_POST) {
$time_zone = $model_setting->_get_time_zone();
$this->assign('time_zone', $time_zone);
$this->assign('setting', $setting);
if ($feed_enabled) {
$this->assign('default_feed_config', Conf::get('default_feed_config'));
$this->assign('feed_items', $_feed_list);
}
$this->assign('feed_enabled', $feed_enabled);
$this->display('setting.base_setting.html');
} else {
$images = array('default_goods_image', 'default_store_logo', 'default_user_portrait');
$image_urls = $this->_upload_images($images);
foreach ($images as $image) {
isset($image_urls[$image]) && ($data[$image] = $image_urls[$image]);
}
// $data['auto_allow'] = $_POST['auto_allow'];
$data['time_zone'] = $_POST['time_zone'];
$data['time_format_simple'] = $_POST['time_format_simple'];
$data['time_format_complete'] = $_POST['time_format_complete'];
$data['price_format'] = $_POST['price_format'];
$data['statistics_code'] = $_POST['statistics_code'];
// $data['url_rewrite'] = $_POST['url_rewrite'];
// $data['max_addr'] = $_POST['max_addr'];
// $data['max_file'] = $_POST['max_file'];
// $data['cache_life'] = $_POST['cache_life'];
// $data['thumb_quality'] = $_POST['thumb_quality'];
// $data['allow_guest_buy'] = $_POST['allow_guest_buy'];
// $data['allow_comment'] = $_POST['allow_comment'];
// $data['disaplay_sales_volume'] = $_POST['disaplay_sales_volume'];
$data['sitemap_enabled'] = $_POST['sitemap_enabled'] == '1';
$data['sitemap_frequency'] = $_POST['sitemap_frequency'] > 0 ? intval($_POST['sitemap_frequency']) : 1;
$data['rewrite_enabled'] = $_POST['rewrite_enabled'] == '1';
$data['guest_comment'] = $_POST['guest_comment'] == '1';
if ($feed_enabled) {
$_default_feed_list = array();
foreach ($_feed_list as $key => $_v) {
$_default_feed_list[$key] = 0;
}
$data['default_feed_config'] = array_merge($_default_feed_list, (array) $_POST['default_feed_config']);
}
$model_setting->setAll($data);
$this->show_message('edit_base_setting_successed');
}
}
public static function createRule($userID, $ruleName, $type = 3)
{
$rule = new Rule($userID);
$entryID = $type;
if ($type == 3) {
$max_res = DB::execute("SELECT MAX(entryID) AS max FROM rules WHERE userID='" . ms($userID) . "'");
if (count($max_res) > 0 && $max_res["max"] > 3) {
$entryID = $max_res["max"] + 1;
}
}
$rule->setEntryID($entryID);
$rule->setRuleName($ruleName);
return $rule;
}
function merge_sort($array_to_sort = '')
{
if (count($array_to_sort) == 1) {
return $array_to_sort;
} else {
$sp = count($array_to_sort) / 2;
$sp = floor($sp);
$left = array_slice($array_to_sort, 0, $sp);
$right = array_slice($array_to_sort, $sp);
$left = ms($left);
$right = ms($right);
$result = merge($left, $right);
return $result;
}
}
function index()
{
if (!IS_POST) {
$this->display('index.html');
} else {
$seller_name = empty($_POST['seller']) ? '' : trim($_POST['seller']);
$buyer_name = empty($_POST['buyer']) ? '' : trim($_POST['buyer']);
if (!$seller_name || !$buyer_name) {
$this->show_message('请填写卖家用户名和买家用户名');
return;
}
/* 检查用户名 */
$ms =& ms();
if (!$ms->user->check_username($seller_name)) {
$error_msg = array('user_exists' => '卖家用户名已存在,请您换一个', 'invalid_user_name' => '卖家用户名不符合要求,请您换一个', 'blocked_user_name' => '卖家用户名不符合要求,请您换一个', 'unknow_error' => '卖家用户名不符合要求,请您换一个');
$error = $ms->user->get_error();
$this->show_message($error_msg[$error[0]['msg']]);
return;
}
if (!$ms->user->check_username($buyer_name)) {
$error_msg = array('user_exists' => '买家用户名已存在,请您换一个', 'invalid_user_name' => '买家用户名不符合要求,请您换一个', 'blocked_user_name' => '买家用户名不符合要求,请您换一个', 'unknow_error' => '买家用户名不符合要求,请您换一个');
$error = $ms->user->get_error();
$this->show_message($error_msg[$error[0]['msg']]);
return;
}
/* 注册用户 */
$this->_seller_id = $ms->user->register($seller_name, '123456', '*****@*****.**', array('real_name' => '超级卖家'));
$this->_buyer_id = $ms->user->register($buyer_name, '123456', '*****@*****.**', array('real_name' => '超级买家'));
/* 复制文件 */
copy_files(APP_ROOT . '/data', ROOT_PATH . '/data');
/* 运行sql */
$mod =& m('privilege');
$sqls = get_sql(APP_ROOT . '/initdata.sql');
foreach ($sqls as $sql) {
$sql = str_replace('{seller_id}', $this->_seller_id, $sql);
$sql = str_replace('{buyer_id}', $this->_buyer_id, $sql);
$mod->db->query($sql);
}
/* 清除缓存 */
$cache_server =& cache_server();
$cache_server->clear();
/* 锁定文件 */
touch(LOCK_FILE);
/* 运行成功 */
$this->show_message('恭喜!测试数据安装成功!');
}
}
/**
* 编辑消息模板
*
* @author Hyber
* @return void
*/
function msg()
{
$code = isset($_GET['code']) ? trim($_GET['code']) : '';
if (!$code) {
$this->show_warning('no_such_noticetemplate');
}
if (!IS_POST) {
$ms =& ms();
$msgtemplate = $this->_m->getOne($code);
$this->assign('msgtemplate', $msgtemplate);
$this->display('noticetemplate.msg.html');
} else {
$this->_m->_filename = $this->_m->_msg_user_file;
$this->_m->setAll(stripslashes_deep(array($code => $_POST['msgtemplate'])));
$this->show_message('update_noticetemplate_successed', 'back_list', 'index.php?app=mailtemplate' . '&type=' . $this->_type, 'edit_again', 'index.php?app=mailtemplate&act=msg&code=' . $code . '&type=' . $this->_type);
}
}
function delete()
{
$ques_id = empty($_GET['id']) ? 0 : trim($_GET['id']);
$ids = explode(',', $ques_id);
$conditions = "1 = 1 AND ques_id " . db_create_in($ids);
$ms =& ms();
foreach ($ids as $key => $val) {
$title = Lang::get('drop_goodsqa_notice');
$store = $this->goodsqa_mod->get(array('conditions' => 'ques_id =' . $val, 'join' => 'belongs_to_goods', 'fields' => 'goods_qa.store_id,goods_name,question_content'));
$content = sprintf(Lang::get('admin_drop_your_goodsqa'), LANG::get('goods'), addslashes($store['goods_name']), Lang::get('content_is'), addslashes($store['question_content']));
$ms->pm->send(MSG_SYSTEM, $store['store_id'], $title, $content);
}
if (!($res = $this->goodsqa_mod->drop($conditions))) {
$this->show_warning('drop_failed');
return;
} else {
$this->show_warning('drop_successful', 'to_qa_list', 'index.php?app=goodsqa');
return;
}
}
public function loginAction()
{
$login_name = $_POST['username'];
$password = $_POST['password'];
if (trim($login_name)) {
$sql = "select * from user where `username` = '" . ms($login_name) . "'";
$user = DB::execute($sql);
if ($user['id']) {
$login_user = new User($user);
if ($login_user->authenticate($password)) {
header('Location:index.php');
} else {
header('Location:login.php');
}
//$this->indexAction();
} else {
$_SESSION['msg'] = "未知用户";
header('Location:login.php');
}
}
}
function _message_to_user($users, $coupon)
{
$ms =& ms();
foreach ($users as $key => $val) {
$content = get_msg('touser_send_coupon', array('price' => $coupon['coupon_value'], 'start_time' => local_date('Y-m-d', $coupon['start_time']), 'end_time' => local_date("Y-m-d", $coupon['end_time']), 'coupon_sn' => $val['coupon']['coupon_sn'], 'min_amount' => $coupon['min_amount'], 'url' => SITE_URL . '/' . url('app=store&id=' . $coupon['store_id']), 'store_name' => $coupon['store_name']));
$msg_id = $ms->pm->send(MSG_SYSTEM, $val['user_id'], '', $content);
}
}
/**
* 短消息过滤
*
* @return string
*/
function short_msg_filter($string)
{
$ms =& ms();
return $ms->pm->msg_filter($string);
}
function login()
{
if ($this->visitor->has_login) {
$this->show_warning('has_login');
return;
}
if (!IS_POST) {
if (!empty($_GET['ret_url'])) {
$ret_url = trim($_GET['ret_url']);
} else {
if (isset($_SERVER['HTTP_REFERER'])) {
$ret_url = $_SERVER['HTTP_REFERER'];
} else {
$ret_url = SITE_URL . '/index.php';
}
}
if (Conf::get('captcha_status.login')) {
$this->assign('captcha', 1);
}
$this->import_resource(array('script' => 'jquery.plugins/jquery.validate.js'));
$this->assign('ret_url', rawurlencode($ret_url));
$this->_curlocal(LANG::get('user_login'));
$this->assign('page_title', Lang::get('user_login') . ' - ' . Conf::get('site_title'));
$this->display('login.html');
/* 同步退出外部系统 */
if (!empty($_GET['synlogout'])) {
$ms =& ms();
echo $synlogout = $ms->user->synlogout();
}
} else {
if (Conf::get('captcha_status.login') && base64_decode($_SESSION['captcha']) != strtolower($_POST['captcha'])) {
$this->show_warning('captcha_failed');
return;
}
$user_name = trim($_POST['user_name']);
$password = $_POST['password'];
$ms =& ms();
$user_id = $ms->user->auth($user_name, $password);
if (!$user_id) {
/* 未通过验证,提示错误信息 */
$this->show_warning($ms->user->get_error());
return;
} else {
/* 通过验证,执行登陆操作 */
$this->_do_login($user_id);
/* 同步登陆外部系统 */
$synlogin = $ms->user->synlogin($user_id);
}
$this->show_message(Lang::get('login_successed') . $synlogin, 'back_before_login', rawurldecode($_POST['ret_url']), 'enter_member_center', 'index.php?app=member');
}
}
function set_phonepass()
{
$phone_mob = isset($_POST['phone_mob']) ? trim($_POST['phone_mob']) : 0;
$member =& m("member");
$info = $member->get("phone_mob=" . $phone_mob);
if ($phone_mob) {
$_SESSION['id'] = $info['user_id'];
$this->json_result();
} elseif ($_POST['id']) {
$id = isset($_POST['id']) ? trim($_POST['id']) : 0;
if (empty($_POST['new_password']) || empty($_POST['confirm_password'])) {
$this->show_warning("unsettled_required");
return;
}
if (trim($_POST['new_password']) != trim($_POST['confirm_password'])) {
$this->show_warning("password_not_equal");
return;
}
$password = trim($_POST['new_password']);
$passlen = strlen($password);
if ($passlen < 6 || $passlen > 14) {
$this->show_warning('password_length_error');
return;
}
$old_password = trim($_POST['new_password']);
$ms =& ms();
//连接用户系统
$ms->user->edit($id, $old_password, array('password' => $password), true);
//强制修改
if ($ms->user->has_error()) {
$this->show_warning($ms->user->get_error());
return;
}
header("location:/member");
//$this->show_message("密码修改成功","/index.php");
} else {
$this->assign("id", $_SESSION['id']);
$this->display("member.phone.set_password.html");
}
}
/**
* 显示设置密码及处理提交的新密码信息
*
*/
function set_password()
{
if (!IS_POST) {
if (!isset($_GET['id']) || !isset($_GET['activation']) || empty($_GET['activation'])) {
$this->show_warning("request_error", 'back_index', 'index.php');
return;
}
$id = intval(trim($_GET['id']));
$activation = trim($_GET['activation']);
$res = $this->_password_mod->get_info($id);
if (md5($activation) != $res['activation']) {
$this->show_warning("invalid_link", 'back_index', 'index.php');
return;
}
$this->assign('id', $id);
$this->assign('activation', $activation);
$this->import_resource('jquery.plugins/jquery.validate.js');
$this->display("set_password.html");
} else {
if (!isset($_POST['id']) || !isset($_POST['activation']) || empty($_POST['activation'])) {
$this->show_warning("request_error", 'back_index', 'index.php');
return;
}
$id = intval(trim($_POST['id']));
$activation = trim($_POST['activation']);
$res = $this->_password_mod->get_info($id);
if (md5($activation) != $res['activation']) {
$this->show_warning("invalid_link", 'back_index', 'index.php');
return;
}
if (empty($_POST['new_password']) || empty($_POST['confirm_password'])) {
$this->show_warning("unsettled_required");
return;
}
if (trim($_POST['new_password']) != trim($_POST['confirm_password'])) {
$this->show_warning("password_not_equal");
return;
}
$password = trim($_POST['new_password']);
$passlen = strlen($password);
if ($passlen < 6 || $passlen > 20) {
$this->show_warning('password_length_error');
return;
}
$id = intval($_GET['id']);
$word = $this->_rand();
$md5word = md5($word);
$old_password = trim($_POST['new_password']);
$ms =& ms();
//连接用户系统
$ms->user->edit($id, $old_password, array('password' => $password), true);
//强制修改
if ($ms->user->has_error()) {
$this->show_warning($ms->user->get_error());
return;
}
$ret = $this->_password_mod->edit($id, array('activation' => $md5word));
$this->show_message("edit_success", 'login_in', 'index.php?app=member&act=login', 'back_index', 'index.php');
return;
}
}
function add()
{
$id = isset($_GET['id']) && $_GET['id'] != '' ? intval($_GET['id']) : '';
if (empty($_POST['priv'])) {
if ($id != '') {
$condition = ' AND user_id = ' . $id;
$admin = $this->_user_mod->get(array('conditions' => '1=1' . $condition, 'fields' => 'user_name,real_name'));
//查询是否是管理员
if (!$admin) {
$this->show_warning('choose_admin');
return;
}
//查询是否已是管理员
if (!$this->_admin_mod->check_admin($id)) {
$this->show_warning('already_admin');
return;
}
$this->assign('admin', $admin);
include APP_ROOT . '/includes/priv.inc.php';
$this->assign('priv', $menu_data);
$this->display('admin.form.html');
} else {
if (!IS_POST) {
$this->display('admin.test.html');
} else {
$user_name = isset($_POST['user_name']) && $_POST['user_name'] != '' ? $_POST['user_name'] : '';
/* 连接用户系统 */
$ms =& ms();
$info = $ms->user->get($user_name, true);
if (empty($info)) {
$this->show_message('add_member', 'go_back', 'index.php?app=admin&act=add', 'to_add_member', 'index.php?app=user&act=add');
return;
} else {
$id = $info['user_id'];
header("Location: index.php?app=admin&act=add&id=" . $id . " ");
}
}
}
} else {
//获取权限并处理
$privs = isset($_POST['priv']) && $_POST['priv'] != 'priv' ? $_POST['priv'] : '';
$priv = 'default|all,';
if ($privs == '') {
$this->show_warning('add_priv');
return;
} else {
$priv .= implode(',', $privs);
}
//判断是否已是管理员
if (!$this->_admin_mod->check_admin($id)) {
$this->show_warning('already_admin');
return;
}
$data = array('user_id' => $id, 'store_id' => '0', 'privs' => $priv);
if ($this->_admin_mod->add($data) === false) {
$this->show_warning($this->_admin_mod->get_error());
return;
} else {
$this->show_message('add_admin_ok', 'admin_list', 'index.php?app=admin', 'user_list', 'index.php?app=user');
}
}
}
<?php
#Проверяем существование хеша в $_GET массиве
if (!empty($_GET['code'])) {
#Придаем данным параметра 'code' строковое значение
$_GET['code'] = strval($_GET['code']);
#Экранируем массив $_GET перед пробросом запроса в бд
$_GET = ms($_GET);
#Делаем запрос на существование данного хеша в бд
$res = q("\n SELECT *\n FROM `users`\n WHERE `hash` = '" . $_GET['code'] . "'\n ");
#Если запись имеется в бд и соответствует параметру гет - прокидываем запрос на активацию аккаунта и очищение хеша из бд.
if (mysqli_num_rows($res)) {
q("\n UPDATE `users`\n SET\n `active` = 1,\n `hash` = ''\n WHERE `hash` = '" . $_GET['code'] . "'\n\n ");
$info = '<strong>Вы подтвердили свою почту. Поздравляю. Можете перейти на главную страницу и авторизоваться</strong> <a href="' . Core::$DOMAIN . '" title="Главная"> тыц</a>';
} else {
#Если такого хеша нету - редирект на авторизацию
header("Location:index.php?module=cab&page=auth");
exit;
}
} else {
#Если нету $_GET['code'] - редирект на регистрацию
header("Location:index.php?module=cab&page=reg");
exit;
}
function _get_new_message()
{
$ms =& ms();
return $ms->pm->check_new($this->visitor->get('user_id'));
}
<?php
if (isset($_POST['add'], $_POST['title'], $_POST['description'], $_POST['content'], $_POST['price'])) {
//Обрезаем пробелы
$_POST = trimAll($_POST);
#Подключаем файл с проверкой полей
include_once 'validate.php';
//Дергаем функцию для проверки на ошибки и присваиваем массив $res
$res = err($_POST);
//Если нету ошибок - заносим инфо в бд
if (!count($res)) {
$edit = q("\n INSERT INTO `product`\n SET\n `id_category` = " . (int) $_POST['item'] . " ,\n `status` = " . (int) $_POST['status'] . ",\n `title` = '" . ms($_POST['title']) . "',\n `description` = '" . ms($_POST['description']) . "',\n `content` = '" . ms($_POST['content']) . "',\n `price` = " . (int) $_POST['price'] . ",\n `date` = NOW() ");
$_SESSION['add'] = 'ok';
header("Location:/index.php?module=product");
exit;
}
}
function _get_related_objects($tags)
{
if (empty($tags)) {
return array();
}
$tag = $tags[array_rand($tags)];
$ms =& ms();
return $ms->tag_get($tag);
}
<?php
$sql = "select s.id, s.name, s.contact, s.email, s.dateofbirth, \n\t\tcase s.gender when 0 then 'Male' else 'Female' end as Gender,\n\t\ts.address, ct.name as City, cn.name as Country, s.cv\n\tfrom student as s, city as ct, country as cn where \n\ts.cityId = ct.Id and ct.countryId = cn.Id and s.id = " . ms($_REQUEST['id']);
$r = mysql_query($sql);
while ($s = mysql_fetch_array($r)) {
print '<div class="imagedetails">';
if (isset($_REQUEST['img'])) {
print '<img src="StudentImages/' . base64_decode(ms($_REQUEST['img'])) . '"/>';
} else {
singleImage($s[0]);
}
print '<div class="allimagecontainer"><div class="allimages">';
images($s[0]);
print '</div></div>';
print '</div>';
print '<div class="details">';
print '<div class="singledetails">';
print '<span>Name: <span><b>' . $s['name'] . '</b></span></span><br>';
print '<span>Contact: <span>' . $s['contact'] . '</span></span><br>';
print '<span>E-mail: <span>' . $s['email'] . '</span></span><br>';
print '<span>Date of Birth: <span>' . $s['dateofbirth'] . '</span></span><br>';
print '<span>Gender: <span>' . $s['Gender'] . '</span></span><br>';
print '<span>Address: <span>' . $s['address'] . '</span></span><br>';
print '<span>City: <span>' . $s['City'] . '</span></span><br>';
print '<span>Country: <span>' . $s['Country'] . '</span></span><br>';
print '<span>Course: </span>';
$sql3 = "select c.name from coursevsstudent cs, course c \n\twhere cs.courseId = c.Id and cs.studentid = " . $s[0];
$r3 = mysql_query($sql3);
while ($s3 = mysql_fetch_row($r3)) {
print $s3[0] . ", ";
}
function _list_friend()
{
$friends = array();
$ms =& ms();
$friends = $ms->friend->get_list($this->visitor->get('user_id'), '0, 10000');
return $friends;
}
<?php
if (isset($_POST['login'], $_POST['password'], $_POST['do'])) {
#Обрезаем пробелы
$_POST = trimAll($_POST);
#Подключаем файл с проверкой полей
include_once 'validate.php';
//Дергаем функцию для проверки на ошибки и присваиваем массив $err
$err = err($_POST);
if (!count($err)) {
#Экранируем пост перед запросом в бд
$_POST = ms($_POST);
#Делаем запрос на проверку логина и пароля в бд
$res = q("\n SELECT *\n FROM `users`\n WHERE `login` = '" . $_POST['login'] . "'\n AND `password` = '" . myHash($_POST['password']) . "'\n LIMIT 1\n ");
# Если запись существует добавляем в сессию данные полученные из бд
if (mysqli_num_rows($res)) {
#Создаем массив для проверок на работоспособность аккаунта
$user = mysqli_fetch_assoc($res);
if ($user['active'] == 1) {
#Если аккаунт активирован - авторизуем пользователя
$_SESSION['user'] = $user;
#Если пользователь пожелал чтобы его запомнили, то обновляем данные в бд и создаем хеш для куков
if (!empty($_POST['auto'])) {
q("\n UPDATE `users`\n SET\n `agent` = '" . $_SERVER['HTTP_USER_AGENT'] . "',\n `hash` = '" . myHash($_POST['login'] . $_POST['password'] . $_SESSION['user']['registration_date']) . "'\n ");
#Добавляем куки
setcookie('id', $_SESSION['user']['id'], time() + 36000, '/');
setcookie('hash', myHash($_POST['login'] . $_POST['password'] . $_SESSION['user']['registration_date']), time() + 36000, '/');
}
} elseif ($user['active'] == 0) {
#Аккаунт не активен
$_SESSION['error'] = 'Вы не подтвердили свою почту. Проверьте свою почту и активируйте аккаунт</strong>';
/**
* 系统设置
*
* @author Hyber
* @return void
*/
function base_setting()
{
$model_setting =& af('settings');
$setting = $model_setting->getAll();
//载入系统设置数据
$ms =& ms();
$feed_enabled = $ms->feed->feed_enabled();
if ($feed_enabled) {
$_feed_list = array('store_created' => Lang::get('feed_store_created.name'), 'order_created' => Lang::get('feed_order_created.name'), 'goods_collected' => Lang::get('feed_goods_collected.name'), 'store_collected' => Lang::get('feed_store_collected.name'), 'goods_evaluated' => Lang::get('feed_goods_evaluated.name'), 'groupbuy_joined' => Lang::get('feed_groupbuy_joined.name'), 'goods_created' => Lang::get('feed_goods_created.name'), 'groupbuy_created' => Lang::get('feed_groupbuy_created.name'));
}
if (!IS_POST) {
$time_zone = $model_setting->_get_time_zone();
$this->assign('time_zone', $time_zone);
/* Config */
$config_file = ROOT_PATH . '/data/config.inc.php';
$config = (include $config_file);
$setting['session_type'] = $config['SESSION_TYPE'];
$setting['session_memcached'] = $config['SESSION_MEMCACHED'];
$setting['cache_server'] = $config['CACHE_SERVER'];
$setting['cache_memcached'] = $config['CACHE_MEMCACHED'];
$this->assign('setting', $setting);
if ($feed_enabled) {
$this->assign('default_feed_config', Conf::get('default_feed_config'));
$this->assign('feed_items', $_feed_list);
}
$this->assign('feed_enabled', $feed_enabled);
$this->display('setting.base_setting.html');
} else {
$images = array('default_goods_image', 'default_store_logo', 'default_user_portrait');
$image_urls = $this->_upload_images($images);
foreach ($images as $image) {
isset($image_urls[$image]) && ($data[$image] = $image_urls[$image]);
}
// $data['auto_allow'] = $_POST['auto_allow'];
$data['time_zone'] = $_POST['time_zone'];
$data['time_format_simple'] = $_POST['time_format_simple'];
$data['time_format_complete'] = $_POST['time_format_complete'];
$data['price_format'] = $_POST['price_format'];
$data['statistics_code'] = $_POST['statistics_code'];
// $data['url_rewrite'] = $_POST['url_rewrite'];
// $data['max_addr'] = $_POST['max_addr'];
// $data['max_file'] = $_POST['max_file'];
// $data['cache_life'] = $_POST['cache_life'];
// $data['thumb_quality'] = $_POST['thumb_quality'];
// $data['allow_guest_buy'] = $_POST['allow_guest_buy'];
// $data['allow_comment'] = $_POST['allow_comment'];
// $data['disaplay_sales_volume'] = $_POST['disaplay_sales_volume'];
$data['sitemap_enabled'] = $_POST['sitemap_enabled'] == '1';
$data['sitemap_frequency'] = $_POST['sitemap_frequency'] > 0 ? intval($_POST['sitemap_frequency']) : 1;
$data['rewrite_enabled'] = $_POST['rewrite_enabled'] == '1';
$data['guest_comment'] = $_POST['guest_comment'] == '1';
$data['enable_radar'] = $_POST['enable_radar'] == '1';
//goods_radar
if ($feed_enabled) {
$_default_feed_list = array();
foreach ($_feed_list as $key => $_v) {
$_default_feed_list[$key] = 0;
}
$data['default_feed_config'] = array_merge($_default_feed_list, (array) $_POST['default_feed_config']);
}
$model_setting->setAll($data);
/* config info */
/* 初始化 */
$session_type = $_POST['session_type'];
$session_memcached = trim($_POST['session_memcached']);
$cache_server = $_POST['cache_server'];
$cache_memcached = trim($_POST['cache_memcached']);
/* Config */
$config_file = ROOT_PATH . '/data/config.inc.php';
$config = (include $config_file);
$config['SESSION_TYPE'] = $session_type;
$config['SESSION_MEMCACHED'] = $session_memcached;
$config['CACHE_SERVER'] = $cache_server;
$config['CACHE_MEMCACHED'] = $cache_memcached;
$new_config = var_export($config, true);
/* 写入 */
file_put_contents($config_file, "<?php\r\n\r\nreturn {$new_config};\r\n\r\n?>");
$this->show_message('edit_base_setting_successed');
}
}
function getOne($key)
{
$ms =& ms();
$msgtemplate = Lang::get($key);
return $msgtemplate;
}
/**
* 填写收货人信息,选择配送,支付方式。
*
* @author Garbin
* @param none
* @return void
*/
function index()
{
if (!IS_POST) {
$goods_info = $this->_get_goods_info();
if ($goods_info === false) {
/* 购物车是空的 */
$this->show_warning('goods_empty');
return;
}
/* 根据商品类型获取对应订单类型 */
$goods_type =& gt($goods_info['type']);
$order_type =& ot($goods_type->get_order_type());
/* 显示订单表单 */
$form = $order_type->get_order_form($goods_info['store_id']);
if ($form === false) {
$this->show_warning($order_type->get_error());
return;
}
$this->_curlocal(LANG::get('create_order'));
$this->assign('page_title', Lang::get('confirm_order_info') . ' - ' . Conf::get('site_title'));
$this->assign('goods_info', $goods_info);
$this->assign($form['data']);
$this->display($form['template']);
} else {
/* 在此获取生成订单的两个基本要素:用户提交的数据(POST),商品信息(包含商品列表,商品总价,商品总数量,类型),所属店铺 */
$goods_info = $this->_get_goods_info();
if ($goods_info === false) {
/* 购物车是空的 */
$this->show_warning('goods_empty');
return;
}
/* 根据商品类型获取对应的订单类型 */
$goods_type =& gt($goods_info['type']);
$order_type =& ot($goods_type->get_order_type());
/* 将这些信息传递给订单类型处理类生成订单(你根据我提供的信息生成一张订单) */
$order_id = $order_type->submit_order(array('goods_info' => $goods_info, 'post' => $_POST));
if (!$order_id) {
$this->show_warning($order_type->get_error());
return;
}
/* 检查是否添加收货人地址 */
if (isset($_POST['save_address']) && intval(trim($_POST['save_address'])) == 1) {
$data = array('user_id' => $this->visitor->get('user_id'), 'consignee' => trim($_POST['consignee']), 'region_id' => $_POST['region_id'], 'region_name' => $_POST['region_name'], 'address' => trim($_POST['address']), 'zipcode' => trim($_POST['zipcode']), 'phone_tel' => trim($_POST['phone_tel']), 'phone_mob' => trim($_POST['phone_mob']));
$model_address =& m('address');
$model_address->add($data);
}
/* 下单完成后清理商品,如清空购物车,或将团购拍卖的状态转为已下单之类的 */
$this->_clear_goods();
/* 发送邮件 */
$model_order =& m('order');
/* 减去商品库存 */
$model_order->change_stock('-', $order_id);
/* 获取订单信息 */
$order_info = $model_order->get($order_id);
/* 发送事件 */
$feed = array('icon' => 'goods', 'user_id' => $this->visitor->get('user_id'), 'user_name' => addslashes($this->visitor->get('user_name')), 'title' => array('template' => Lang::get('feed_bought_goods_title'), 'data' => array('store' => '<a href="' . SITE_URL . '/index.php?app=store&id=' . $order_info['seller_id'] . '">' . $order_info['seller_name'] . '</a>')), 'body' => array('template' => Lang::get('feed_bought_goods_body')));
$ms =& ms();
$ms->feed->add($feed);
$buyer_address = $this->visitor->get('email');
$model_member =& m('member');
$member_info = $model_member->get($goods_info['store_id']);
$seller_address = $member_info['email'];
/* 发送给买家下单通知 */
$buyer_mail = get_mail('tobuyer_new_order_notify', array('order' => $order_info));
$this->_mailto($buyer_address, addslashes($buyer_mail['subject']), addslashes($buyer_mail['message']));
/* 发送给卖家新订单通知 */
$seller_mail = get_mail('toseller_new_order_notify', array('order' => $order_info));
$this->_mailto($seller_address, addslashes($seller_mail['subject']), addslashes($seller_mail['message']));
/* 更新下单次数 */
$model_goodsstatistics =& m('goodsstatistics');
$goods_ids = array();
foreach ($goods_info['items'] as $goods) {
$goods_ids[] = $goods['goods_id'];
}
$model_goodsstatistics->edit($goods_ids, 'orders=orders+1');
/* 到收银台付款 */
header('Location:index.php?app=cashier&order_id=' . $order_id);
}
}
