function login($loginname, $passwd0) { global $config; $ret = array(); $ret['code'] = 1; if ($loginname == '' || $passwd0 == '') { $ret['code'] = -1; $ret['msg'] = '登入失败 : 账号/密码缺误 !!'; } $query = "SELECT * FROM `saja_user`.`saja_enterprise` \r\n\t\t\tWHERE \r\n\t\t\tprefixid = 'saja' \r\n\t\t\tAND loginname = '" . $loginname . "' \r\n\t\t\tAND switch = 'Y' \r\n\t\t\t"; error_log($query); $model = new mysql($config["db"][0]); $model->connect(); $table = $model->getQueryRecord($query); if (empty($table['table']['record'])) { $ret['code'] = -2; $ret['msg'] = '登入失败 : 账号不存在!!'; } $record = $table['table']['record'][0]; $str = new convertString(); $passwd = $str->strEncode($passwd0, $config['encode_key']); // error_log("[loginto login] user : "******"-".$record['passwd']); if ($record['passwd'] == $passwd) { $ret['code'] = 1; $ret['msg'] = $record; } else { $ret['code'] = -3; $ret['msg'] = '登入失败 : 密码错误!!'; } return $ret; }
?> <?php //額外的檢測 // Add By Thomas 150917 for data consistency check require_once "../convertString.ini.php"; require_once "../config.php"; if (floatval($_POST['WIDtotal_fee']) < 0) { echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Pay Amount Error !!");history.back();</script></body></html>'; exit; } if (empty($_POST['chkStr'])) { echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Empty Security Data !!");history.back();</script></body></html>'; exit; } $cs = new convertString(); $chkStr = $cs->strDecode($_POST['chkStr'], $config["encode_key"], $config["encode_type"]); error_log("[lib/alipay/alipayapi] chkStr : " . $chkStr); $chkArr = explode("|", $chkStr); if (is_array($chkArr)) { $ordernum = $chkArr[0]; $amount = $chkArr[1]; error_log("[lib/alipay/alipayapi] pay data : " . $out_trade_no . "|" . $total_fee); if (floatval($amount) != floatval($total_fee)) { echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Total Fee Check Error !!");history.back();</script></body></html>'; exit; } if ($ordernum != $out_trade_no) { echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Trade No. Check Failed !!");history.back();</script></body></html>'; exit; }
$io = new intputOutput(); // Check Variable Start if (empty($io->input['post']["name"])) { jsAlertMsg('登錄帳號錯誤!!'); } if (empty($io->input['post']["passwd"])) { jsAlertMsg('登錄密碼錯誤!!'); } // Check Variable End require_once "saja/mysql.ini.php"; $model = new mysql($config["db"][0]); $model->connect(); $db_user = $config["db"][0]["dbname"]; //print_R($db_user);exit; require_once "saja/convertString.ini.php"; $str = new convertString(); ############################################################################################################################################## // Table Start $query = "SELECT * FROM `{$db_user}`.`{$config['default_prefix']}enterprise` \r\nWHERE \r\n\tprefixid = '" . $config['default_prefix_id'] . "' \r\n\tAND loginname = '" . $io->input['post']["name"] . "' \r\n\tAND switch = 'Y' \r\n"; $table = $model->getQueryRecord($query); if (empty($table['table']['record'])) { jsAlertMsg('登錄帳號不存在!!'); die; } $enterprise = $table['table']['record'][0]; $passwd = $str->strEncode($io->input['post']['passwd'], $config['encode_key']); if ($enterprise['passwd'] !== $passwd) { jsAlertMsg('登錄密碼錯誤!!'); } // Table End ##############################################################################################################################################
<?php ini_set("display_errors", 1); require_once "saja/convertString.ini.php"; $string = new convertString(); if (empty($_GET['user'])) { $str = "name=tester&passwd=10qpw93nd7"; $encrypted = $string->encryptAES128("D44F8682DA386", $str); //header("location:/site/mobile/login/user="******"/site/mobile/login/user={$encrypted}"; } else { $str = $_GET['user']; echo $string->decryptAES128("D44F8682DA386", $str); } //echo urlencode($encrypted);
include_once "./config.php"; include_once "./dbconnect.php"; include_once "./convertString.ini.php"; /* $ip=''; if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $temp_ip = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']); $ip = $temp_ip[0]; } else { $ip = $_SERVER['REMOTE_ADDR']; } error_log("[ibon_process.php] Request from : ".$ip); */ $str = new convertString(); //給 XML 函式處理 $XMLData = $_REQUEST['XMLData']; error_log("[ibon_process] Request XML :" . $XMLData); $encode = mb_detect_encoding($XMLData); error_log("[ibon_process.php] encode : " . $encode); $o_XMLData = stripslashes($XMLData); error_log("[ibon_process] o_XMLData :" . $o_XMLData); // $x_XMLData = iconv($encode, "big5", $o_XMLData); //給 MySQL 儲存專用 $x_XMLData = str_replace("<?xml version='1.0' encoding='Big5'?>", "", $o_XMLData); preg_match("/<STATUS_DESC>(.+)<\\/STATUS_DESC>/", $x_XMLData, $matches); $x_XMLData = str_replace($matches[0], "<STATUS_DESC></STATUS_DESC>", $x_XMLData); preg_match_all("/<DATA_2>(.+)<\\/DATA_2>/", $x_XMLData, $matches); $x_XMLData = str_replace($matches[0], "<DATA_2></DATA_2>", $x_XMLData); /* $pos1=strpos($x_XMLData,"<STATUS_DESC>");
public function twcreditcard_pay() { global $tpl, $config, $deposit; set_status($this->controller); login_required(); $pay_info = array(); $pay_info['web'] = $config['creditcard']['merchantnumber']; $pay_info['MN'] = floatval($_POST['amount']); $pay_info['Td'] = $_POST['ordernumber']; $pay_info['sna'] = urlencode($_SESSION['user']['profile']['nickname']); $pay_info['sdt'] = $_SESSION['user']['name']; $pay_info['email'] = $_SESSION['user']['email']; $pay_info['note1'] = "{userid:" . $_SESSION['auth_id'] . "}"; $pay_info['note2'] = ""; $pay_info['OrderInfo'] = urlencode("OrderId:" . $pay_info['Td'] . ",Name:" . $_SESSION['user']['profile']['nickname'] . ",Userid:" . $_SESSION['auth_id'] . ",Amount:" . $pay_info['MN'] . ",Spts:" . $_POST['spoint']); $pay_info['Card_Type'] = $config['creditcard']['Card_Type']; $chkvalue_ori = $pay_info['web'] . $config['creditcard']['code'] . $pay_info['MN']; $pay_info['ChkValue'] = strtoupper(sha1($chkvalue_ori)); error_log("Ori ChkValue :" . $chkvalue_ori); error_log("ChkValue :" . $pay_info['ChkValue']); // Add By Thomas 150917 for Data Consistency Check if (floatval($_POST['amount']) < 0) { die('<script>alert("Pay Amount Error !");history.back();</script>'); exit; } if (empty($_POST['chkStr'])) { die('<script>alert("Empty Security Data !!");history.back();</script>'); exit; } $cs = new convertString(); $chkStr = $cs->strDecode($_POST['chkStr'], $config["encode_key"], $config["encode_type"]); error_log("[c/deposit/twcreditcard_pay] chkStr : " . $chkStr); $chkArr = explode("|", $chkStr); if (is_array($chkArr)) { $chk_orderid = $chkArr[0]; $chk_amount = $chkArr[1]; error_log("[c/deposit/twcreditcard_pay] pay data : " . $_POST['ordernumber'] . "|" . $_POST['amount']); if (floatval($chk_amount) != floatval($_POST['amount'])) { die('<script>alert("Total Fee Check Error !!");history.back();</script>'); exit; } if ($chk_orderid != $_POST['ordernumber']) { die('<script>alert("Trade No. Check Failed !!");history.back();</script>'); exit; } } else { die('<script>alert("Security Data Parse Error !!");history.back();</script>'); exit; } $get_deposit_history = $deposit->get_deposit_history($pay_info['Td']); if (!empty($get_deposit_history[0]['dhid'])) { $arr_cond = array(); $arr_cond['dhid'] = $pay_info['Td']; $arr_data = array(); $arr_data['out_trade_no'] = $pay_info['Td']; $arr_data['userid'] = $_SESSION['auth_id']; $arr_data['amount'] = intval($pay_info['MN']); $arr_data['timepaid'] = date('YmdHis'); $arr_data['phone'] = $pay_info['sdt']; $arr_data['paymenttype'] = $config['creditcard']['paymenttype']; $arr_date['ChkValue'] = $pay_info['ChkValue']; $arr_update['data'] = json_encode($arr_data); $arr_update['modifierid'] = $_SESSION['auth_id']; $arr_update['modifiername'] = $_SESSION['user']['profile']['nickname']; $arr_update['modifiertype'] = 'User'; $deposit->update_deposit_history($arr_cond, $arr_update); $submit = '<body onload="document.form1.submit();" >'; $submit .= '<form name="form1" action="' . $config['creditcard']['url_payment'] . '" method="POST">'; $submit .= '<input type="hidden" name="web" value="' . $config['creditcard']['merchantnumber'] . '" />'; $submit .= '<input type="hidden" name="MN" value="' . intval($pay_info['MN']) . '" />'; // $submit.='<input type="hidden" name="MN" value="1" />'; $submit .= '<input type="hidden" name="OrderInfo" value="' . $pay_info['OrderInfo'] . '" />'; $submit .= '<input type="hidden" name="Td" value="' . $pay_info['Td'] . '" />'; $submit .= '<input type="hidden" name="sna" value="' . $pay_info['sna'] . '" />'; $submit .= '<input type="hidden" name="sdt" value="' . $pay_info['sdt'] . '" />'; $submit .= '<input type="hidden" name="email" value="' . $pay_info['email'] . '" />'; $submit .= '<input type="hidden" name="note1" value="' . $pay_info['note1'] . '" />'; $submit .= '<input type="hidden" name="note2" value="' . $pay_info['note2'] . '" />'; $submit .= '<input type="hidden" name="Card_Type" value="' . $pay_info['Card_Type'] . '" />'; $submit .= '<input type="hidden" name="ChkValue" value="' . $pay_info['ChkValue'] . '" />'; $submit .= '</form>'; $submit .= '</body>'; error_log($submit); echo $submit; } else { echo '<script>alert("充值程序異常!");window.location = "/site/deposit/"</script>'; } exit; }
function userCommitTx() { global $db, $config, $tpl, $mall; //設定 Action 相關參數 login_required(); set_status($this->controller); date_default_timezone_set('Asia/Shanghai'); $expw = $_POST['expw']; $userid = $_POST['userid']; $evrid = $_POST['evrid']; $bonus_noexpw = $_POST['bonus_noexpw']; $bonus_total = $_POST['bonus_total']; $arrCond = array(); try { //帳號檢核 if ($userid != $_SESSION['auth_id']) { $retArr['retCode'] = '-105'; $retArr['retMsg'] = urlencode('會員資料錯誤 !!'); $this->replyAndExit($retArr); } else { error_log("[mall.userConfirmTx] userid : " . $userid . " Check OK !!"); } // 免密 兑换密码檢核 if ($bonus_total > $bonus_noexpw) { $cs = new convertString(); $exchangepasswd = $cs->strEncode($expw, $config['encode_key']); $query = "SELECT * \n\t\t\t\t\t\t\t\tFROM `{$config['db'][0]['dbname']}`.`{$config['default_prefix']}user` \n\t\t\t\t\t\t\t\tWHERE prefixid = '{$config['default_prefix_id']}' \n\t\t\t\t\t\t\t\t AND userid = '{$userid}' \n\t\t\t\t\t\t\t\t AND exchangepasswd = '{$exchangepasswd}' \n\t\t\t\t\t\t\t\t AND switch = 'Y' \n\t\t\t\t\t\t\t\t LIMIT 1\n\t\t\t\t\t\t\t\t"; $table = $db->getQueryRecord($query); if (empty($table['table']['record'][0]['exchangepasswd'])) { //'兑换密码错误' $retArr['retCode'] = '-112'; $retArr['retMsg'] = urlencode('兑换密码错误!!'); $this->replyAndExit($retArr); } else { error_log("[mall.userConfirmTx] exchange pwd : " . $expw . " Check OK !!"); } } $arrCond['evrid'] = $evrid; $record = $mall->getQrcodeTxRecord($arrCond); $retArr = array(); //確認資料存在 $retArr['evrid'] = $evrid; if (!$record) { $retArr['retCode'] = '-100'; $retArr['retMsg'] = urlencode('交易紀錄不存在!!'); $this->replyAndExit($retArr); } else { error_log("[mall.userConfirmTx] evrid : " . $evrid . " Check OK !!"); } //確認交易狀態資料 if ($record['tx_status'] != 3) { $retArr['retCode'] = '-111'; $retArr['retMsg'] = urlencode('交易資料狀態錯誤!!'); $this->replyAndExit($retArr); } else { error_log("[mall.userConfirmTx] tx_status : " . $tx_status . " Check OK !!"); } $arrCond['userid'] = $userid; $arrCond['tx_status'] = '3'; // 確認紅利點數 $require_bonus = $record['total_bonus']; $curr_bonus = $mall->bonus_check($userid); error_log("[mall.userConfirmTx] curr bonus : " . $curr_bonus . ", required bonus :" . $require_bonus); if ($curr_bonus < $require_bonus) { $retArr['retCode'] = '-104'; $retArr['retMsg'] = urlencode('會員紅利點數不足!!'); $this->replyAndExit($retArr); } else { error_log("[mall.userConfirmTx] curr bonus check OK !!"); } //OK //產生會員紅利點數支付紀錄 $query = "insert into `{$config['db'][1]['dbname']}`.`{$config['default_prefix']}bonus` set \n\t\t\t\t\t\t `prefixid` = '{$config['default_prefix_id']}', \n\t\t\t\t\t\t `userid` = '{$userid}', \n\t\t\t\t\t\t `countryid` = '{$config['country']}', \n\t\t\t\t\t\t `behav` = 'user_qrcode_tx', \n\t\t\t\t\t\t `amount` = '-{$require_bonus}', \n\t\t\t\t\t\t `seq` = '0', \n\t\t\t\t\t\t `switch` = 'Y', \n\t\t\t\t\t\t `insertt` = now()"; error_log("[mall.userConfirmTx] pay bonus : " . $query); $db->query($query); $bonusid = $db->_con->insert_id; //產生商家紅利點數收取記錄 $insert = "insert into `{$config['db'][1]['dbname']}`.`{$config['default_prefix']}bonus_store` set \n\t\t\t\t\t\t `prefixid` = '{$config['default_prefix_id']}', \n\t\t\t\t\t\t `bonusid` = '{$bonusid}',\n\t\t\t\t\t\t `enterpriseid`='" . $record['vendorid'] . "',\n\t\t\t\t\t\t `esid`=(select esid from saja_user.saja_enterprise where enterpriseid='" . $record['vendorid'] . "' ),\n\t\t\t\t\t\t `countryid` = (select countryid from saja_user.saja_enterprise_profile where enterpriseid='" . $record['vendorid'] . "' ), \n\t\t\t\t\t\t `behav` = 'user_qrcode_tx', \n\t\t\t\t\t\t `amount` = '{$require_bonus}', \n\t\t\t\t\t\t `seq` = '0', \n\t\t\t\t\t\t `switch` = 'Y', \n\t\t\t\t\t\t `insertt` = now()"; error_log("[mall.userConfirmTx] earn bonus : " . $insert); $db->query($insert); //修改交易紀錄 $arrUpd = array(); $tx_status = '4'; $arrUpd['bonusid'] = $bonusid; $arrUpd['tx_status'] = $tx_status; $arrUpd['commit_time'] = date('YmdHis'); $retCode = $mall->updQrcodeTxRecord($arrUpd, $arrCond); $retArr = array(); if ($retCode) { // $ws=new Client($config['wss_url']); // $ws->send('NTFY|'.$arrCond['evrid'].'|'.$arrUpd['tx_status']); $retArr['retCode'] = '1'; $retArr['retMsg'] = urlencode('交易完成,使用红利:' . $require_bonus . '点'); } } catch (Exception $e) { $retArr['retCode'] = $e->getCode(); $retArr['retMSg'] = $e->getMessage(); } $this->replyAndExit($retArr); }