public static function check_money($id,$money) {
$where=array();
$where['id']=$id;
$orders=orders::getInstance()->getrow($where);
$archive=archive::getInstance()->getrow($orders['aid']);
$where=array();
$where['pay_code']=$_GET['code'];
$pay=pay::getInstance()->getrows($where);
$logisticsid = substr($_GET['subject'],15,1);
$where=array();
$where['id'] = $logisticsid;
$logistics=logistics::getInstance()->getrows($where);
if($logistics[0]['cashondelivery']) {
$logistics[0]['price'] = 0.00;
}else {
if($logistics[0]['insure']) {
$logistics[0]['price'] = $logistics[0]['price'] +($archive['attr2'] * $orders['pnums'])*($logistics[0]['insureproportion']/100);
}
}
$pay[0]['pay_fee'] = $pay[0]['pay_fee']/100;
$total = $archive['attr2'] * $orders['pnums'] +$logistics[0]['price'] +($archive['attr2'] * $orders['pnums'] * $pay[0]['pay_fee']);
$amount = $total;
if($money == $amount) {
return true;
}else {
return false;
}
}
function respond() {
require_once ("tenpay/PayResponseHandler.class.php");
$resHandler = new PayResponseHandler();
$sp_billno = $resHandler->getParameter("sp_billno");
if(preg_match('/(select|union|and|\'|"|\))/i',$sp_billno)){
exit('非法参数');
}
preg_match_all("/-(.*)-(.*)-(.*)/isu",$sp_billno,$oidout);
$paytype = $where['pay_code'] = $oidout[3][0];
include_once ROOT.'/lib/plugins/pay/'.$paytype.'.php';
$pay = pay::getInstance()->getrows($where);
$payconfig = unserialize($pay[0]['pay_config']);
$resHandler->setKey($payconfig[1]['value']);
$where = array();
$where['oid']=$sp_billno;
$orders=orders::getInstance()->getrow($where);
if($resHandler->isTenpaySign()) {
$transaction_id = $resHandler->getParameter("transaction_id");
$total_fee = $resHandler->getParameter("total_fee");
$pay_result = $resHandler->getParameter("pay_result");
if("0" == $pay_result) {
if (!pay::check_money($orders['id'],$total_fee/100)) {
echo "<br/>" . "金额不符" . "<br/>";
return false;
}
pay::changeorders($orders['id'],$_GET);
$show = config::get('site_url');
$resHandler->doShow($show);
} else {
echo "<br/>" . "支付失败" . "<br/>";
return false;
}
} else {
echo "<br/>" . "认证签名失败" . "<br/>";
return false;
}
}
function orders_action() {
$this->view->aid = trim(front::get('aid'));
if (front::post('submit')) {
$this->orders = new orders();
$row = $this->orders->getrow("","adddate DESC");
//var_dump(time());
if($row['adddate'] && time() - $row['adddate'] <= intval(config::get('order_time'))){
alerterror('操作频繁,请稍后再试');
return;
}
if (front::$post['telphone'] == '') {
alerterror('联系电话为必填!');
return;
}
front::$post['mid'] = $this->view->user['userid'] ? $this->view->user['userid'] : 0;
front::$post['adddate'] = time();
front::$post['ip'] = front::ip();
if (isset(front::$post['aid'])) {
$aidarr = front::$post['aid'];
unset(front::$post['aid']);
foreach ($aidarr as $val) {
front::$post['aid'].=$val . ',';
front::$post['pnums'].=front::$post['thisnum'][$val] . ',';
}
} else {
front::$post['aid'] = $this->view->aid;
}
if (!isset(front::$post['logisticsid']))
front::$post['logisticsid'] = 0;
front::$post['oid'] = date('YmdHis') . '-' . front::$post['logisticsid'] . '-' . front::$post['mid'] . '-' . front::$post['payname'];
$insert = $this->orders->rec_insert(front::$post);
if ($insert < 1) {
front::flash($this->tname . lang('添加失败!'));
} else {
if (config::get('sms_on') && config::get('sms_order_on')) {
sendMsg(front::$post['telphone'], config::get('sms_order'));
}
if (config::get('sms_on') && config::get('sms_order_admin_on') && $mobile = config::get('site_mobile')) {
sendMsg($mobile, '网站在' . date('Y-m-d H:i:s') . '有新订单了');
//echo 11;
}
$user = $this->view->user;
if(config::get('email_order_send_cust') && $user['e_mail']){
$title = "您在".config::get('sitename')."的订单".front::get('oid')."已提交";
$this->sendmail($user['e_mail'], $title, $title);
}
if(config::get('email_order_send_admin') && config::get('email')){
$title = '网站在' . date('Y-m-d H:i:s') . '有新订单了';
$this->sendmail(config::get('email'), $title, $title);
}
if (front::$post['payname'] && front::$post['payname'] != 'nopay') {
echo '<script type="text/javascript">alert("' . lang('orderssuccess') . ' ' . lang('现在转入支付页面') . '");window.location.href="' . url('archive/payorders/oid/' . front::$post['oid'], true) . '";</script>';
}
echo '<script type="text/javascript">alert("' . lang('orderssuccess') . '");window.location.href="' . url('archive/orders/oid/' . front::$post['oid'], true) . '";</script>';
}
} elseif (front::get('oid')) {
preg_match_all("/-(.*)-(.*)-(.*)/isu", front::get('oid'), $oidout);
$this->view->paytype = $oidout[3][0];
if($oidout[2][0] != $this->view->user['userid']){
alertinfo('查看订单失败', url::create('index/index'));
}
$where = array();
$where['oid'] = front::get('oid');
$this->view->orders = orders::getInstance()->getrow($where);
$this->view->statusnum = $data['status'] = $this->view->orders['status'];
switch ($data['status']) {
case 1:
$data['status'] = lang('完成');
break;
case 2:
$data['status'] = lang('处理中');
break;
case 3:
$data['status'] = lang('已发货');
break;
case 4:
$data['status'] = lang('客户已付款,待审核');
break;
case 5:
$data['status'] = lang('已核实客户支付');
break;
default:
$data['status'] = lang('新订单');
break;
}
$this->view->orders['status'] = $data['status'];
if ($this->view->paytype) {
$this->view->gotopaygateway = '<a href="' . url('archive/payorders/oid/' . front::get('oid'), true) . '">进入支付页面</a>';
}
//var_dump($this->view->user);var_dump($_SESSION);exit();
$this->out('message/orderssuccess.html');
} elseif (front::get('aid')) {
$this->view->archive = archive::getInstance()->getrow(front::get('aid'));
$this->view->categorys = category::getpositionlink2($this->view->archive['catid']);
$this->view->paylist = pay::getInstance()->getrows('', 50);
$this->view->logisticslist = logistics::getInstance()->getrows('', 50);
$prices = getPrices($this->view->archive['attr2']);
$this->view->archive['attr2'] = $prices['price'];
if (!is_array($this->view->archive))
$this->out('message/error.html');
if ($this->view->archive['checked'] < 1)
exit(lang('未审核!'));
if (!rank::arcget(front::get('aid'), $this->view->usergroupid)) {
$this->out('message/error.html');
}
} else {
$oreders_c = cookie::get('ce_orders_cookie');
if(preg_match('/union/i', $oreders_c)){
alerterror("非法字符");
}
$oreders_c = stripslashes(htmlspecialchars_decode($oreders_c));
$aid = !empty($oreders_c) ? unserialize($oreders_c) : 0;
if ($aid) {
foreach ($aid as $key => $val) {
$archive = archive::getInstance()->getrow(intval($val['aid']));
$val['title'] = $archive['title'];
$prices = getPrices($archive['attr2']);
$val['attr2'] = $prices['price'];
$aid[$key] = $val;
}
$this->view->orderaidlist = $aid;
$this->view->paylist = pay::getInstance()->getrows('', 50);
$this->view->logisticslist = logistics::getInstance()->getrows('', 50);
} else {
if (isset(front::$get['oid'])) {
//echo '<script type="text/javascript">alert("' . lang('请输入订单编号!') . '");';
if ($_SERVER['HTTP_REFERER']) {
front::refresh($_SERVER['HTTP_REFERER']);
//echo 'window.location.href="' . $_SERVER['HTTP_REFERER'] . '";';
} else {
front::refresh(url('index'));
//echo 'window.location.href="' . url('index') . '";';
}
//echo '</script>';
exit;
}
echo '<script type="text/javascript">alert("' . lang('购物车暂无商品!') . '");';
if ($_SERVER['HTTP_REFERER']) {
//front::refresh($_SERVER['HTTP_REFERER']);
echo 'window.location.href="' . $_SERVER['HTTP_REFERER'] . '";';
} else {
//front::refresh(url('index'));
echo 'window.location.href="' . url('index') . '";';
}
echo '</script>';
}
}
}
<?php
//
// AdRevenue Ad Management System
// index.php
//
// (C) 2008 W3matter LLC
// This is commercial software!
// Please read the license at:
// http://www.w3matter.com/license
//
// Include our main lib
include_once "libs/startup.php";
// Get section and action
$action = $_REQUEST[action];
// Go to the home page if we have no section
if (!$section) {
$section = "pay";
}
// Loadup the section
include_once "modules/pay.php";
$s = new pay();
$s->init();
$s->external();
exit;
}
if(!isset($logistics[0]['price'])) $logistics[0]['price']=0;
$where=array();
$where['oid']=$data['oid'];
$orders=orders::getInstance()->getrow($where);
$pnums = explode(',',$orders['pnums']);
$orders['pnums']=$pnums[$key];
$where=array();
$where['pay_code']=substr($data['oid'],19);
$pay=pay::getInstance()->getrows($where);
$pay_fee = $pay[0]['pay_fee'];
$pay[0]['pay_fee'] = $pay[0]['pay_fee']/100;
$total = $_archive['attr2'] * $orders['pnums'] + $logistics[0]['price'] + ($_archive['attr2'] * $orders['pnums'] * $pay[0]['pay_fee']);
$listtotal +=$total;
?>
<tr>
<td><a href="{url('archive/show/aid/'.$_archive[aid], false)}" target="_blank">{$_archive[title]}</a></td>
<td>{$_archive[attr2]}</td>
<td><strong>小计</strong>:[产品单价] * [订购数量] + [配送费用] + [支付手续费] = [总额]
<br />
{$_archive[attr2]} * {$orders[pnums]} + {$logistics[0]['price']} + ({$_archive[attr2]} * {$orders[pnums]} * {$pay[0][pay_fee]}) = {$total}</td>
</tr>
{/loop}
function respond() {
if (!empty($_POST)) {
foreach($_POST as $key =>$data) {
if(preg_match('/(=|<|>|\')/', $data)){
return false;
}
$_GET[$key] = $data;
}
}
$payment = pay::get_payment($_GET['code']);
$seller_email = rawurldecode($_GET['seller_email']);
$order_sn = str_replace($_GET['subject'],'',$_GET['out_trade_no']);
$order_sn = trim($order_sn);
if (!pay::check_money($order_sn,$_GET['total_fee'])) {
return false;
}
if($_GET['trade_status'] == "WAIT_SELLER_SEND_GOODS"||$_GET['trade_status'] == "TRADE_FINISHED" || $_GET['trade_status'] == "TRADE_SUCCESS") {
pay::changeorders($order_sn,$_GET);
return true;
}else {
return false;
}
}
function respond() {
$payment = get_payment('paypal');
$merchant_id = $payment['paypal_account'];
$req = 'cmd=_notify-validate';
foreach ($_POST as $key =>$value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: ".strlen($req) ."\r\n\r\n";
$fp = fsockopen ('www.paypal.com',80,$errno,$errstr,30);
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$order_sn = $_POST['invoice'];
$memo = !empty($_POST['memo']) ?$_POST['memo'] : '';
$action_note = $txn_id .'('.$GLOBALS['_LANG']['paypal_txn_id'] .')'.$memo;
if (!$fp) {
fclose($fp);
return false;
}
else {
fputs($fp,$header .$req);
while (!feof($fp)) {
$res = fgets($fp,1024);
if (strcmp($res,'VERIFIED') == 0) {
if ($payment_status != 'Completed'&&$payment_status != 'Pending') {
fclose($fp);
return false;
}
if ($receiver_email != $merchant_id) {
fclose($fp);
return false;
}
if (!pay::check_money($order_sn,$payment_amount)) {
fclose($fp);
return false;
}
if ($payment['paypal_currency'] != $payment_currency) {
fclose($fp);
return false;
}
pay::changeorders($order_sn,$action_note);
fclose($fp);
return true;
}
elseif (strcmp($res,'INVALID') == 0) {
fclose($fp);
return false;
}
}
}
}