public function execute()
{
$api = Lib::api('admin', array('response' => 'return', 'format' => 'php'));
$type = Req::get('type');
if (!is_callable(array($api, $type))) {
return Lib::redirect('error');
}
$result = $api->{$type}();
$options = array('view' => 'admin');
$ref = Req::post('ref');
if (!$result['state']) {
if (!empty($ref)) {
$options['ref'] = $ref;
}
} else {
$segments = explode('/', base64_decode(urldecode($ref)));
$base = array_shift($segments);
$type = array_shift($segments);
$subtype = array_shift($segments);
if (!empty($type)) {
$options['type'] = $type;
}
if (!empty($subtype)) {
$options['subtype'] = $subtype;
}
}
Lib::redirect('admin', $options);
}
public function saveAssignees()
{
$keys = array('project', 'setting');
if (!Req::haspost($keys)) {
return $this->fail('Insufficient data.');
}
$identifier = Lib::cookie(Lib::hash(Config::$userkey));
$user = Lib::table('user');
$isLoggedIn = !empty($identifier) && $user->load(array('identifier' => $identifier));
if (!$isLoggedIn || $user->role != USER_ROLE_ADMIN) {
return $this->fail('You are not authorized.');
}
$project = Req::post('project');
$setting = json_decode(Req::post('setting'));
$projectTable = Lib::table('project');
if ($project !== 'all' && $project !== '-1' && !$projectTable->load(array('name' => $project))) {
return $this->fail('No such project.');
}
if ($project !== 'all') {
$projectAssignee = Lib::table('project_assignee');
$projectAssignee->load(array('user_id' => $setting->id, 'project_id' => $projectTable->id));
if ($setting->value) {
$projectAssignee->store();
} else {
$projectAssignee->delete();
}
}
return $this->success();
}
public function notice_store_out()
{
$id = Req::post("id");
$order_no = Req::post("orderNo");
$express_id = Req::post("expressId");
$tracking_no = Req::post("trackingNo");
echo "OK";
}
public function saveProjectTitle()
{
$keys = array('project-title', 'project-name');
$post = Req::post($keys);
if (empty($post['project-name'])) {
Lib::redirect('page', array('view' => 'embed'));
}
if (empty($post['project-title'])) {
Lib::redirect('page', array('view' => 'embed', 'project' => $post['project-name']));
}
$projectTable = Lib::table('project');
$projectTable->load(array('name' => $post['project-name']));
$projectTable->title = $post['project-title'];
$projectTable->store();
Lib::redirect('page', array('view' => 'embed', 'project' => $post['project-name']));
}
public function pac_message_receiver()
{
$content = Req::post("content");
if (!isset($content)) {
$this->returnXML("false", "S09", "返回报文为空");
}
$signature = Req::post("data_digest");
if (!isset($signature)) {
$this->returnXML("false", "S09", "返回报文为空");
}
Tiny::log("异步审批结果回执信息【content:" . $content . "】data_digest【" . $signature . "】");
// 测试密钥
$aeskey = base64_decode($this->jkf['aes_key']);
//AES解密,采用ECB模式
$aes = new Crypt_AES(CRYPT_MODE_ECB);
//设置AES密钥
$aes->setKey($aeskey);
//解密AES密文
$plaintext = $aes->decrypt(base64_decode($content));
//测试rsa公钥
$publickey = $this->jkf['public_key'];
$rsa = new Crypt_RSA();
//设置RSA签名模式 CRYPT_RSA_SIGNATURE_PSS or CRYPT_RSA_SIGNATURE_PKCS1
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
//使用RSA公钥验证签名
$rsa->loadKey(base64_decode($publickey));
//签名通过
if ($rsa->verify($plaintext, base64_decode($signature))) {
$contentXML = simplexml_load_string($plaintext);
$businessType = (string) $contentXML->head->businessType;
$model = new GatewayModel();
if ($businessType == "RESULT") {
$model->insertResult($contentXML, "1");
} else {
if ($businessType == "PRODUCT_RECORD") {
$model->insertExamineResult($contentXML);
}
}
$this->returnXML();
} else {
$this->returnXML("false", "S02", "非法的数字签名");
}
}
public function create()
{
$keys = array('username', 'password');
if (!Req::haspost($keys)) {
return $this->fail();
}
$referral = Req::post('referral');
if (empty($referral) && Lib::model('admin')->hasAdmins()) {
return $this->fail();
}
$post = Req::post($keys);
extract($post);
$admin = Lib::table('admin');
$admin->username = $username;
$admin->setPassword($password);
if (!$admin->store()) {
return $this->fail();
}
$admin->login();
return $this->success();
}
public function update()
{
if (!Req::haspost(['id', 'name'])) {
return $this->fail('Insufficient data.');
}
$identifier = Lib::cookie(Lib::hash(Config::$userkey));
$user = Lib::table('user');
$isLoggedIn = !empty($identifier) && $user->load(['identifier' => $identifier]);
if (!$isLoggedIn || $user->role != USER_ROLE_ADMIN) {
return $this->fail('You are not authorized.');
}
$id = Req::post('id');
$name = Req::post('name');
$table = Lib::table('category');
if (!$table->load($id)) {
return $this->false('Invalid data.');
}
$table->name = $name;
$table->store();
return $this->success();
}
/**
* 绑定用户Action
*/
public function oauth_bind_act()
{
$userinfo = Session::get('oauth_user_info');
if ($userinfo) {
$email = Filter::sql(Req::args('email'));
$passWord = Req::post('password');
$rePassWord = Req::post('repassword');
if (!Validator::email($email)) {
$info = array('field' => 'email', 'msg' => '邮箱不能为空!');
} elseif (strlen($passWord) < 6) {
$info = array('field' => 'password', 'msg' => '密码长度必需大于6位!');
} else {
$model = $this->model->table("user as us");
$obj = $model->join("left join customer as cu on us.id = cu.user_id")->fields("us.*,cu.group_id,cu.login_time")->where("us.email='{$email}'")->find();
if ($obj) {
if ($obj['password'] == CHash::md5($passWord, $obj['validcode'])) {
$test = $this->model->table('oauth_user')->where("oauth_type='{$userinfo['oauth_type']}' and open_id='{$userinfo['open_id']}'")->data(array('user_id' => $obj['id']))->update();
$this->safebox->set('user', $obj, 1800);
$this->redirect("/ucenter/index");
} else {
$info = array('field' => 'password', 'msg' => '密码与用户名是不匹配的,无法绑定!');
}
} else {
if ($passWord == $rePassWord) {
$model = $this->model->table("user");
$validcode = CHash::random(8);
$last_id = $model->data(array('email' => $email, 'name' => $userinfo['open_name'], 'password' => CHash::md5($passWord, $validcode), 'validcode' => $validcode))->insert();
$time = date('Y-m-d H:i:s');
$model->table("customer")->data(array('user_id' => $last_id, 'reg_time' => $time, 'login_time' => $time))->insert();
//记录登录信息
$obj = $model->table("user as us")->join("left join customer as cu on us.id = cu.user_id")->fields("us.*,cu.group_id,cu.login_time")->where("us.email='{$email}'")->find();
$this->safebox->set('user', $obj, 1800);
$this->model->table('oauth_user')->where("oauth_type='{$userinfo['oauth_type']}' and open_id='{$userinfo['open_id']}'")->data(array('user_id' => $last_id))->update();
$this->redirect("/ucenter/index");
} else {
$info = array('field' => 'repassword', 'msg' => '两次密码输入不一致!');
}
}
}
$this->assign("invalid", $info);
$this->redirect("/simple/oauth_bind", false, Req::args());
} else {
$this->redirect("/index/index");
}
}
public function saveSettings()
{
$keys = array('project', 'setting');
if (!Req::haspost($keys)) {
return $this->fail('Insufficient data.');
}
$identifier = Lib::cookie(Lib::hash(Config::$userkey));
$user = Lib::table('user');
$isLoggedIn = !empty($identifier) && $user->load(array('identifier' => $identifier));
if (!$isLoggedIn) {
return $this->fail('You are not authorized.');
}
$project = Req::post('project');
$setting = json_decode(Req::post('setting'));
$projectTable = Lib::table('project');
if ($project !== 'all' && $project !== '-1' && !$projectTable->load(array('name' => $project))) {
return $this->fail('No such project.');
}
if ($project !== 'all') {
$userSettings = Lib::table('user_settings');
if ($project === '-1') {
$projectTable->id = '-1';
}
if (!$userSettings->load(array('user_id' => $user->id, 'project_id' => $projectTable->id))) {
$userSettings->load(array('user_id' => $user->id, 'project_id' => 0));
$userSettings->isNew = true;
$userSettings->id = 0;
$userSettings->project_id = $projectTable->id;
}
$data = $userSettings->getData();
$data[$setting->name] = $setting->value;
$userSettings->data = $data;
$userSettings->store();
} else {
$settings = Lib::model('user_settings')->getSettings(array('user_id' => $user->id));
$userSettings = Lib::table('user_settings');
$userSettings->load(array('user_id' => $user->id, 'project_id' => 0));
$data = $userSettings->getData();
$data[$setting->name] = $setting->value;
$userSettings->data = $data;
$userSettings->store();
foreach ($settings as $row) {
$data = $row->getData();
$data[$setting->name] = $setting->value;
$row->data = $data;
$row->store();
}
}
return $this->success();
}
public function doc_invoice_save()
{
Req::post("admin", $this->manager['name']);
Req::post("create_time", date('Y-m-d H:i:s'));
Req::post("invoice_no", date('YmdHis') . rand(100, 999));
$order_id = Filter::int(Req::args("order_id"));
$express_no = Filter::str(Req::args("express_no"));
$express_company_id = Filter::int(Req::args('express_company_id'));
$mobile = Filter::str(Req::args('mobile'));
$model = new Model("doc_invoice");
$delivery_status = Req::args("delivery_status");
if ($delivery_status == 3) {
$model->where("order_id={$order_id}")->insert();
} else {
$obj = $model->where("order_id={$order_id}")->find();
if ($obj) {
$model->where("order_id={$order_id}")->update();
} else {
$model->where("order_id={$order_id}")->insert();
}
}
//同步发货信息
$order_info = $model->table("order")->where("id={$order_id}")->find();
if ($order_info) {
$payment_id = $order_info['payment'];
$payment = new Payment($payment_id);
$payment_plugin = $payment->getPaymentPlugin();
$express_company = $model->table('express_company')->where('id=' . $express_company_id)->find();
if ($express_company) {
$express = $express_company['name'];
} else {
$express = $express_company_id;
}
if ($order_info['trading_info'] != '') {
//处理同步发货
$delivery = $payment_plugin->afterAsync();
if ($delivery != null && method_exists($delivery, "send")) {
$delivery->send($order_info['trading_info'], $express, 'express_no');
}
}
//SKM-SMS 发送短信功能
$sms_inst = new Sms();
$orderNo = $order_info['order_no'];
$text = "【全品电台】感谢您使用全品电台。您的订单 " . $orderNo . " 已经发货,快递单号为" . $express_no . ",快递公司为" . $express . "。";
//$mobile = $order_info['mobile']; //去掉, 取 订单中心-发货 页面中填写的mobile
if ($mobile != "") {
$sms_inst->sendSms($text, $mobile);
}
/* S 二次开发 */
//发送邮件
$user_id = $order_info['user_id'];
$user = $model->table('user')->where('id=' . $user_id)->find();
$email_message_model = new Model('email_message');
$email_message = $email_message_model->where('`trigger`=3 and status=1')->find();
if (isset($user['email']) && $user['email'] != '' && $email_message) {
$order_url = Url::fullUrlFormat("/ucenter/order_detail/id/{$order_info['id']}");
$body = str_replace(array('{$order_no}', '{$user_name}', '{$current_time}', '{$express_name}', '{$express_no}', '{$order_url}'), array($order_info['order_no'], $user['name'], date('Y-m-d H:i:s'), $express, $express_no, $order_url), $email_message['content']);
$mail = new Mail();
$mail->send_email($user['email'], $email_message['title'], $body);
}
/* E 二次开发 */
}
$model->table("order")->where("id={$order_id}")->data(array('delivery_status' => 1, 'send_time' => date('Y-m-d H:i:s')))->update();
echo "<script>parent.send_dialog_close();</script>";
}
public function company_save()
{
$id = Req::args("id");
$company_name = Req::post("company_name");
$email = Req::args("email");
$tel = Req::args("tel");
$fax = Req::post("fax");
$addr = Req::post("addr");
$model = new Model();
// id存在,编辑initSql
if ($id) {
$companyData = $model->table("company")->where("company_id={$id}")->find();
if ($companyData) {
if ($company_name !== null) {
$time = date('Y-m-d H:i:s');
$model->table("company")->data(array('company_name' => $company_name, 'email' => $email, 'tel' => $tel, 'fax' => $fax, 'addr' => $addr, 'update_date' => $time))->where("company_id={$id}")->update();
Log::op($this->manager['id'], "修改会员", "管理员[" . $this->manager['name'] . "]:修改了商户 " . $companyData['company_name'] . " 的信息");
}
}
// id不存在,添加
} else {
$company = $model->table("company")->where("company_name = '{$company_name}'")->find();
if ($company) {
$this->msg = array("error", "商户名已经存在!");
$this->redirect("company_edit", false);
exit;
} else {
$time = date('Y-m-d H:i:s');
$model->table("company")->data(array('company_name' => $company_name, 'email' => $email, 'tel' => $tel, 'fax' => $fax, 'addr' => $addr, 'create_date' => $time, 'update_date' => $time))->insert();
Log::op($this->manager['id'], "添加会员", "管理员[" . $this->manager['name'] . "]:添加了商户 " . $company_name . " 的信息");
}
}
$this->redirect("company_list");
}
public function sync()
{
if (!Req::haspost('reports', 'ids')) {
return $this->fail('Insufficient data.');
}
$identifier = Lib::cookie(Lib::hash(Config::$userkey));
$user = Lib::table('user');
$isLoggedIn = !empty($identifier) && $user->load(array('identifier' => $identifier));
if (!$isLoggedIn) {
return $this->fail('You are not authorized.');
}
$reports = json_decode(Req::post('reports'));
$ids = Req::post('ids');
$updated = array();
$commentModel = Lib::model('comment');
$comments = $commentModel->getComments(array('report_id' => $ids));
$commentsByReportId = array();
foreach ($comments as $comment) {
$commentsByReportId[$comment->report_id][$comment->id] = $comment;
}
foreach ($reports as $id => $report) {
$newTotalComments = empty($commentsByReportId[$id]) ? 0 : count($commentsByReportId[$id]);
if ($report->totalComments == $newTotalComments) {
continue;
}
$updated[$id] = array('totalComments' => $newTotalComments, 'comments' => array());
if (!$report->commentsLoaded) {
continue;
}
$view = Lib::view('embed');
foreach ($commentsByReportId[$id] as $commentid => $newComment) {
if (in_array($commentid, $report->comments)) {
$updated[$id]['comments'][$commentid] = false;
continue;
}
$updated[$id]['comments'][$commentid] = $view->loadTemplate('comment-item', array('comment' => $comment, 'user' => $user));
}
}
return $this->success($updated);
}
public function password_save()
{
if (!Tiny::app()->checkToken()) {
$this->redirect("password_change");
}
$oldpassword = Req::post('oldpassword');
$password = Req::post('password');
$repassword = Req::post('repassword');
$obj = $this->model->table("user")->where("id=" . $this->user['id'])->find();
if ($password && $password == $repassword) {
if ($obj['password'] == CHash::md5($oldpassword, $obj['validcode'])) {
$validcode = CHash::random(8);
$data = array('password' => CHash::md5($password, $validcode), 'validcode' => $validcode);
$obj = $this->model->table("user")->where("id=" . $this->user['id'])->data($data)->update();
$this->redirect("password_change", false, array('msg' => array("success", "密码修改成功!")));
} else {
$this->redirect("password_change", false, array('msg' => array("fail", "原密码不正确!")));
}
} else {
$this->redirect("password_change", false, array('msg' => array("fail", "两次密码不一致!")));
}
}
public function assign()
{
$keys = array('id', 'assigneeid');
if (!Req::haspost($keys)) {
return $this->fail('Insufficient data.');
}
$identifier = Lib::cookie(Lib::hash(Config::$userkey));
$user = Lib::table('user');
$isLoggedIn = !empty($identifier) && $user->load(array('identifier' => $identifier));
if (!$isLoggedIn) {
return $this->fail('You are not authorized.');
}
$post = Req::post($keys);
$reportTable = Lib::table('report');
if (!$reportTable->load($post['id'])) {
return $this->fail('No such report.');
}
$reportTable->assignee_id = $post['assigneeid'];
$reportTable->store();
if (!empty($post['assigneeid']) && $post['assigneeid'] != $user->id) {
$projectTable = Lib::table('project');
$projectTable->load($reportTable->project_id);
$targetUser = Lib::table('user');
$targetUser->load($post['assigneeid']);
$targetUserSettings = $targetUser->getSettings($projectTable)->getData();
if ($targetUserSettings['assign']) {
$notificationData = ['to' => $targetUser->email, 'text' => $user->nick . ' assigned you a report ticket.', 'username' => 'Project Report Assignment', 'icon_emoji' => ':gift:', 'attachments' => [['fallback' => '<' . $reportTable->getLink() . '|Report ticket ID ' . $reportTable->id . '>.', 'color' => '#00bcd4', 'title' => $projectTable->name, 'title_link' => $reportTable->getLink(), 'text' => $reportTable->content]]];
Lib::load('helper/notification');
NotificationHelper::send($notificationData);
// $slackMessage = Lib::helper('slack')->newMessage();
// $slackMessage->to($post['assigneeid']);
// $slackMessage->message($user->nick . ' assigned you a report ticket.');
// $slackMessage->username = '******';
// $slackMessage->icon_emoji = ':gift:';
// $attachment = $slackMessage->newAttachment();
// $attachment->fallback = '<' . $reportTable->getLink() . '|Report ticket ID ' . $reportTable->id . '>.';
// $attachment->color = '#00bcd4';
// $attachment->title = $projectTable->name;
// $attachment->title_link = $reportTable->getLink();
// $attachment->text = $reportTable->content;
// $slackMessage->send();
}
}
return $this->success();
}
public function updatetoerp()
{
$sql = $this->sql;
$set = '';
$set2 = '';
if (!is_array($sql['data']) || count($sql['data']) < 1) {
$sql['data'] = Req::post();
}
$data = $sql['data'];
$fields = "";
$values = "";
if (is_array($data)) {
foreach ($data as $key => $val) {
if (is_array($data)) {
$key2 = 'upd_dt';
$date = date('Y-m-d H:i:s');
$set .= '`' . $key . '` = ' . $val;
$set2 .= '`' . $key2 . '` = "' . $date . '"';
}
}
}
$sqlStr = "update {$sql['table']} set {$set} ,{$set2} {$sql['where']}";
return $this->query($sqlStr);
}
public function pay_received()
{
$sign = Req::post('sign');
$args = Req::post();
unset($args['sign']);
$total_fee = Filter::float(Req::post('total_fee'));
$attach = Filter::int(Req::post('attach'));
$return['attach'] = $attach;
$return['total_fee'] = $total_fee;
$return['order_no'] = Filter::sql(Req::post('order_no'));
$return['return_url'] = Req::post('return_url');
if (stripos($return['order_no'], 'recharge_') !== false) {
$msg = array('type' => 'fail', 'msg' => '货到贷款方式,不能用于在线充值功能!');
$this->redirect('/index/msg', false, $msg);
exit;
}
if (floatval($return['total_fee']) <= 0 || $return['order_no'] == '' || $return['return_url'] == '') {
$msg = array('type' => 'fail', 'msg' => '支付参数不正确!');
$this->redirect('/index/msg', false, $msg);
} else {
$payment = new Payment($attach);
$paymentInfo = $payment->getPayment();
$pay_balance = new pay_balance();
$filter_param = $pay_balance->filterParam($args);
//对待签名参数数组排序
$para_sort = $pay_balance->argSort($filter_param);
$mysign = $pay_balance->buildSign($para_sort, $paymentInfo['partner_key']);
if ($mysign == $sign) {
$user_id = $this->user['id'];
$model = new Model("customer");
$customer = $model->where("user_id=" . $user_id)->find();
if ($customer) {
$order = $model->table("order")->where("order_no='" . $return['order_no'] . "' and user_id=" . $user_id)->find();
if ($order) {
if ($order['pay_status'] == 0) {
//$flag = $model->table("customer")->where("user_id=".$user_id)->data(array('balance'=>"`balance`-".$total_fee))->update();
$return['order_status'] = 'TINY_SECCESS';
//记录支付日志
//Log::balance((0-$total_fee),$user_id,'通过货到付款的方式进行商品购买,订单编号:'.$return['order_no']);
$filter_param = $pay_balance->filterParam($return);
$para_sort = $pay_balance->argSort($filter_param);
$sign = $pay_balance->buildSign($para_sort, $paymentInfo['partner_key']);
$prestr = $pay_balance->createLinkstring($para_sort);
$nextUrl = urldecode($return['return_url']);
$return_url = $nextUrl;
$return['sign'] = $sign;
$this->redirect("{$return_url}", true, $return);
exit;
} else {
$msg = array('type' => 'fail', 'msg' => '订单已经处理过,请查看订单信息!');
$this->redirect('/index/msg', false, $msg);
exit;
}
} else {
$msg = array('type' => 'fail', 'msg' => '订单不存在!');
$this->redirect('/index/msg', false, $msg);
exit;
}
} else {
$msg = array('type' => 'fail', 'msg' => '用户不存在!');
$this->redirect('/index/msg', false, $msg);
exit;
}
} else {
$msg = array('type' => 'fail', 'msg' => '签名错误!');
$this->redirect('/index/msg', false, $msg);
exit;
}
}
}
public function manager_password()
{
$id = Req::post("id");
$password = Req::post("password");
$repassword = Req::post("repassword");
$info = array('status' => 'fail', 'msg' => '密码修改失败');
if ($id && $password && $password == $repassword) {
$model = new Model("manager");
$validcode = CHash::random(8);
$key = md5($validcode);
$password = substr($key, 0, 16) . $password . substr($key, 16, 16);
$password = md5($password);
$flag = $model->where("id={$id}")->data(array('password' => $password, 'validcode' => $validcode))->update();
if ($flag) {
$info = array('status' => 'success');
}
$manager = $model->where("id={$id}")->find();
Log::op($this->manager['id'], '修改管理员密码', '修改管理员【' . $manager['name'] . '】的密码!');
}
echo JSON::encode($info);
}
public function reg_act()
{
$email = Filter::sql(Req::post('email'));
$passWord = Req::post('password');
$rePassWord = Req::post('repassword');
$this->safebox = Safebox::getInstance();
$code = $this->safebox->get($this->captchaKey);
$verifyCode = Req::args("verifyCode");
$info = array('field' => 'verifyCode', 'msg' => '验证码错误!');
if ($verifyCode == $code) {
if ($passWord == $rePassWord) {
$model = $this->model->table("user");
$obj = $model->where("email='{$email}'")->find();
if ($obj == null) {
$validcode = CHash::random(8);
$model->data(array('email' => $email, 'name' => $email, 'password' => CHash::md5($passWord, $validcode), 'validcode' => $validcode))->insert();
$this->redirect("index");
} else {
$info = array('field' => 'email', 'msg' => '此用户已经被注册!');
}
} else {
$info = array('field' => 'repassword', 'msg' => '两次密码输入不一致!');
}
}
$this->assign("invalid", $info);
$this->redirect("reg", false, Req::args());
}
