function addslashes_deep($value, $htmlspecialchars = false)
{
if (empty($value)) {
return $value;
} else {
if (is_array($value)) {
foreach ($value as $key => $v) {
unset($value[$key]);
if ($htmlspecialchars == true) {
$key = addslashes(htmlspecialchars($key));
} else {
$key = addslashes($key);
}
if (is_array($v)) {
$value[$key] = addslashes_deep($v);
} else {
if ($htmlspecialchars == true) {
$value[$key] = addslashes(htmlspecialchars($v));
} else {
$value[$key] = addslashes($v);
}
}
}
} else {
if ($htmlspecialchars == true) {
$value = addslashes(htmlspecialchars($value));
} else {
$value = addslashes($value);
}
}
return $value;
}
}
private function _initialize()
{
//初始化设置
@ini_set('memory_limit', '64M');
@ini_set('session.cache_expire', 180);
@ini_set('session.use_cookies', 1);
@ini_set('session.auto_start', 0);
@ini_set('display_errors', 1);
@ini_set("arg_separator.output", "&");
@ini_set('include_path', '.;' . BASE_PATH);
//加载系统常量和函数库
require BASE_PATH . 'base/constant.php';
require BASE_PATH . 'base/function.php';
//对用户传入的变量进行转义操作
if (!get_magic_quotes_gpc()) {
if (!empty($_GET)) {
$_GET = addslashes_deep($_GET);
}
if (!empty($_POST)) {
$_POST = addslashes_deep($_POST);
}
$_COOKIE = addslashes_deep($_COOKIE);
$_REQUEST = addslashes_deep($_REQUEST);
}
//创建 ECSHOP 对象
self::$ecs = new EcsEcshop(C('DB_NAME'), C('DB_PREFIX'));
//初始化数据库类
self::$db = new EcsMysql(C('DB_HOST'), C('DB_USER'), C('DB_PWD'), C('DB_NAME'));
//创建错误处理对象
self::$err = new EcsError('message.dwt');
//载入系统参数
C('CFG', model('Base')->load_config());
}
function addslashes_deep(&$var)
{
if (is_array($var)) {
foreach ($var as $k => &$v) {
addslashes_deep($v);
}
} else {
$var = addslashes($var);
}
}
function addslashes_deep($var)
{
if (is_array($var)) {
foreach ($var as $k => $v) {
$var[$k] = addslashes_deep($v);
}
return $var;
} else {
return addslashes($var);
}
}
/**
* 将对象成员变量或者数组的特殊字符进行转义
*
* @access public
* @param mix $obj 对象或者数组
* @author Xuan Yan
*
* @return mix 对象或者数组
*/
function addslashes_deep_obj($obj)
{
if (is_object($obj) == true) {
foreach ($obj as $key => $val) {
$obj->{$key} = addslashes_deep($val);
}
} else {
$obj = addslashes_deep($obj);
}
return $obj;
}
/**
* Show OcsLink of an item
*
* @param $item CommonDBTM object
*
* @return nothing
**/
static function showForItem(CommonDBTM $item)
{
global $DB, $LANG;
if (in_array($item->getType(), array('Computer'))) {
$items_id = $item->getField('id');
$query = "SELECT `glpi_ocslinks`.`tag` AS tag\n FROM `glpi_ocslinks`\n WHERE `glpi_ocslinks`.`computers_id` = '{$items_id}' " . getEntitiesRestrictRequest("AND", "glpi_ocslinks");
$result = $DB->query($query);
if ($DB->numrows($result) > 0) {
$data = $DB->fetch_assoc($result);
$data = clean_cross_side_scripting_deep(addslashes_deep($data));
echo "<div class='center'>";
echo "<table class='tab_cadre_fixe'>";
echo "<tr><th>" . $LANG['ocsng'][0] . "</th>";
echo "<tr class='tab_bg_2'>";
echo "<td class='center'>" . $LANG['ocsconfig'][39] . " : " . $data['tag'] . "</td></tr>";
}
}
}
/**
* 转换数据为HTML代码
* @param array $data
*/
private static function arr_to_html($data)
{
if (is_array($data)) {
$str = 'array(';
foreach ($data as $key => $val) {
if (is_array($val)) {
$str .= "'{$key}'=>" . self::arr_to_html($val) . ",";
} else {
if (strpos($val, '$') === 0) {
$str .= "'{$key}'=>{$val},";
} else {
$str .= "'{$key}'=>'" . addslashes_deep($val) . "',";
}
}
}
return $str . ')';
}
return false;
}
function startup($config = array())
{
/* 加载初始化文件 */
require ROOT_PATH . '/eccore/controller/app.base.php';
//基础控制器类
require ROOT_PATH . '/eccore/model/model.base.php';
//模型基础类
if (!empty($config['external_libs'])) {
foreach ($config['external_libs'] as $lib) {
require $lib;
}
}
/* 数据过滤 */
if (!get_magic_quotes_gpc()) {
$_GET = addslashes_deep($_GET);
$_POST = addslashes_deep($_POST);
$_COOKIE = addslashes_deep($_COOKIE);
}
/* 请求转发 */
$default_app = $config['default_app'] ? $config['default_app'] : 'default';
$default_act = $config['default_act'] ? $config['default_act'] : 'index';
$app = isset($_REQUEST['app']) ? trim($_REQUEST['app']) : $default_app;
$act = isset($_REQUEST['act']) ? trim($_REQUEST['act']) : $default_act;
$app_file = $config['app_root'] . "/{$app}.app.php";
if (!is_file($app_file)) {
exit('Missing controller');
}
require $app_file;
define('APP', $app);
define('ACT', $act);
$app_class_name = ucfirst($app) . 'App';
/* 实例化控制器 */
$app = new $app_class_name();
c($app);
$app->do_action($act);
//转发至对应的Action
$app->destruct();
}
/**
* 检查cookie
*
* @access public
* @param
*
* @return void
*/
function check_cookie()
{
if (empty($_COOKIE['bbuserid']) || empty($_COOKIE['bbpassword'])) {
return '';
}
$user_id = intval($_COOKIE['bbuserid']);
$bbpassword = addslashes_deep($_COOKIE['bbpassword']);
$row = $this->db->getRow("SELECT " . $this->field_name . " AS user_name, " . $this->field_pass . " As password " . " FROM " . $this->table($this->user_table) . " WHERE " . $this->field_id . "='{$user_id}'");
if (empty($row)) {
return '';
}
if ($bbpassword != md5($row['password'] . $this->cookie_salt)) {
return '';
}
if ($this->charset != 'UTF8') {
$row['user_name'] = ecs_iconv($this->charset, 'UTF8', $row['user_name']);
}
return $row['user_name'];
}
error_reporting(0);
}
if (isset($config['TIME_LIMIT'])) {
set_time_limit($config['TIME_LIMIT']);
}
if (isset($config['TIMEZONE'])) {
date_default_timezone_set($config['TIMEZONE']);
}
define('PHP_NAME', substr(strrchr($_SERVER['SCRIPT_NAME'], '/'), 1));
define('PHP_PATH', str_replace(PHP_NAME, '', $_SERVER['SCRIPT_NAME']));
define('CORE_PATH', str_replace('\\', '/', dirname(__FILE__)));
require CORE_PATH . '/core.php';
if (!get_magic_quotes_gpc()) {
!empty($_GET) && ($_GET = addslashes_deep($_GET));
!empty($_POST) && ($_POST = addslashes_deep($_POST));
!empty($_COOKIE) && ($_COOKIE = addslashes_deep($_COOKIE));
}
if (isset($_REQUEST['session_id'])) {
session_id(trim($_REQUEST['session_id']));
}
session_start();
$router = array();
if (file_exists(APP_PATH . 'router.php')) {
$router = (include APP_PATH . 'router.php');
}
$_uri = router($router);
define('MODULE', $_uri['module']);
define('ACTION', $_uri['action']);
require CORE_PATH . '/db.php';
$db = new db();
if (isset($config['DB_DRIVER'])) {
function action_act_edit_surplus()
{
$user = $GLOBALS['user'];
$_CFG = $GLOBALS['_CFG'];
$_LANG = $GLOBALS['_LANG'];
$smarty = $GLOBALS['smarty'];
$db = $GLOBALS['db'];
$ecs = $GLOBALS['ecs'];
$user_id = $_SESSION['user_id'];
/* 检查是否登录 */
if ($_SESSION['user_id'] <= 0) {
ecs_header("Location: ./\n");
exit;
}
/* 检查订单号 */
$order_id = intval($_POST['order_id']);
if ($order_id <= 0) {
ecs_header("Location: ./\n");
exit;
}
/* 检查余额 */
$surplus = floatval($_POST['surplus']);
if ($surplus <= 0) {
$err->add($_LANG['error_surplus_invalid']);
$err->show($_LANG['order_detail'], 'user.php?act=order_detail&order_id=' . $order_id);
}
include_once ROOT_PATH . 'includes/lib_order.php';
/* 取得订单 */
$order = order_info($order_id);
if (empty($order)) {
ecs_header("Location: ./\n");
exit;
}
/* 检查订单用户跟当前用户是否一致 */
if ($_SESSION['user_id'] != $order['user_id']) {
ecs_header("Location: ./\n");
exit;
}
/* 检查订单是否未付款,检查应付款金额是否大于0 */
if ($order['pay_status'] != PS_UNPAYED || $order['order_amount'] <= 0) {
$err->add($_LANG['error_order_is_paid']);
$err->show($_LANG['order_detail'], 'user.php?act=order_detail&order_id=' . $order_id);
}
/* 计算应付款金额(减去支付费用) */
$order['order_amount'] -= $order['pay_fee'];
/* 余额是否超过了应付款金额,改为应付款金额 */
if ($surplus > $order['order_amount']) {
$surplus = $order['order_amount'];
}
/* 取得用户信息 */
$user = user_info($_SESSION['user_id']);
/* 用户帐户余额是否足够 */
if ($surplus > $user['user_money'] + $user['credit_line']) {
$err->add($_LANG['error_surplus_not_enough']);
$err->show($_LANG['order_detail'], 'user.php?act=order_detail&order_id=' . $order_id);
}
/* 修改订单,重新计算支付费用 */
$order['surplus'] += $surplus;
$order['order_amount'] -= $surplus;
if ($order['order_amount'] > 0) {
$cod_fee = 0;
if ($order['shipping_id'] > 0) {
$regions = array($order['country'], $order['province'], $order['city'], $order['district']);
$shipping = shipping_area_info($order['shipping_id'], $regions);
if ($shipping['support_cod'] == '1') {
$cod_fee = $shipping['pay_fee'];
}
}
$pay_fee = 0;
if ($order['pay_id'] > 0) {
$pay_fee = pay_fee($order['pay_id'], $order['order_amount'], $cod_fee);
}
$order['pay_fee'] = $pay_fee;
$order['order_amount'] += $pay_fee;
}
/* 如果全部支付,设为已确认、已付款 */
if ($order['order_amount'] == 0) {
if ($order['order_status'] == OS_UNCONFIRMED) {
$order['order_status'] = OS_CONFIRMED;
$order['confirm_time'] = gmtime();
}
$order['pay_status'] = PS_PAYED;
$order['pay_time'] = gmtime();
}
$order = addslashes_deep($order);
update_order($order_id, $order);
/* 更新用户余额 */
$change_desc = sprintf($_LANG['pay_order_by_surplus'], $order['order_sn']);
log_account_change($user['user_id'], -1 * $surplus, 0, 0, 0, $change_desc);
/* 跳转 */
ecs_header('Location: user.php?act=order_detail&order_id=' . $order_id . "\n");
exit;
}
/**
* Transfer network links
*
* @param $itemtype original type of transfered item
* @param $ID original ID of the item
* @param $newID new ID of the item
* @param $ocs_computer if computer type OCS ID of the item if available
**/
function transferNetworkLink($itemtype, $ID, $newID, $ocs_computer = false)
{
global $DB;
$np = new NetworkPort();
$nn = new NetworkPort_NetworkPort();
$query = "SELECT *\n FROM `glpi_networkports`\n WHERE `items_id` = '{$ID}'\n AND `itemtype` = '{$itemtype}'";
if ($result = $DB->query($query)) {
if ($DB->numrows($result) != 0) {
switch ($this->options['keep_networklink']) {
// Delete netport
case 0:
// Not a copy -> delete
if ($ID == $newID) {
while ($data = $DB->fetch_array($result)) {
$np->delete(array('id' => $data['id']));
}
// Only case of ocs link update is needed (if netports are keep nothing to do)
if ($ocs_computer) {
$query = "UPDATE `glpi_ocslinks`\n SET `import_ip` = NULL\n WHERE `computers_id` = '{$ID}'";
$DB->query($query);
}
}
// Copy -> do nothing
break;
// Disconnect
// Disconnect
case 1:
// Not a copy -> disconnect
if ($ID == $newID) {
while ($data = $DB->fetch_array($result)) {
if ($nn->getFromDBForNetworkPort($data['id'])) {
$nn->delete($data);
}
if ($data['netpoints_id']) {
$netpointID = $this->transferDropdownNetpoint($data['netpoints_id']);
$input['id'] = $data['id'];
$input['netpoints_id'] = $netpointID;
$np->update($input);
}
}
} else {
// Copy -> copy netports
while ($data = $DB->fetch_array($result)) {
$data = addslashes_deep($data);
unset($data['id']);
$data['items_id'] = $newID;
$data['netpoints_id'] = $this->transferDropdownNetpoint($data['netpoints_id']);
unset($np->fields);
$np->add($data);
}
}
break;
// Keep network links
// Keep network links
default:
// Copy -> Copy netpoints (do not keep links)
if ($ID != $newID) {
while ($data = $DB->fetch_array($result)) {
unset($data['id']);
$data['items_id'] = $newID;
$data['netpoints_id'] = $this->transferDropdownNetpoint($data['netpoints_id']);
unset($np->fields);
$np->add($data);
}
} else {
while ($data = $DB->fetch_array($result)) {
// Not a copy -> only update netpoint
if ($data['netpoints_id']) {
$netpointID = $this->transferDropdownNetpoint($data['netpoints_id']);
$input['id'] = $data['id'];
$input['netpoints_id'] = $netpointID;
$np->update($input);
}
}
}
}
}
}
}
require ROOT_PATH . 'includes/cls_error.php';
require ROOT_PATH . 'includes/lib_time.php';
require ROOT_PATH . 'includes/lib_base.php';
require ROOT_PATH . 'includes/lib_common.php';
require ROOT_PATH . ADMIN_PATH . '/includes/lib_main.php';
require ROOT_PATH . ADMIN_PATH . '/includes/cls_exchange.php';
/* 对用户传入的变量进行转义操作。*/
if (!get_magic_quotes_gpc()) {
if (!empty($_GET)) {
$_GET = addslashes_deep($_GET);
}
if (!empty($_POST)) {
$_POST = addslashes_deep($_POST);
}
$_COOKIE = addslashes_deep($_COOKIE);
$_REQUEST = addslashes_deep($_REQUEST);
}
/* 对路径进行安全处理 */
if (strpos(PHP_SELF, '.php/') !== false) {
ecs_header("Location:" . substr(PHP_SELF, 0, strpos(PHP_SELF, '.php/') + 4) . "\n");
exit;
}
/* 创建 ECSHOP 对象 */
$ecs = new ECS($db_name, $prefix);
define('DATA_DIR', $ecs->data_dir());
define('IMAGE_DIR', $ecs->image_dir());
/* 初始化数据库类 */
require ROOT_PATH . 'includes/cls_mysql.php';
$db = new cls_mysql($db_host, $db_user, $db_pass, $db_name);
$db_host = $db_user = $db_pass = $db_name = NULL;
/* 创建错误处理对象 */
// 关联文章
$sql = "DELETE FROM " . $ecs->table('goods_article') . " WHERE goods_id = 0 AND admin_id = '{$_SESSION['admin_id']}'";
$db->query($sql);
$sql = "SELECT 0 AS goods_id, article_id, '{$_SESSION['admin_id']}' AS admin_id " . "FROM " . $ecs->table('goods_article') . " WHERE goods_id = '{$_REQUEST['goods_id']}' ";
$res = $db->query($sql);
while ($row = $db->fetchRow($res)) {
$db->autoExecute($ecs->table('goods_article'), $row, 'INSERT');
}
// 图片不变
// 商品属性
$sql = "DELETE FROM " . $ecs->table('goods_attr') . " WHERE goods_id = 0";
$db->query($sql);
$sql = "SELECT 0 AS goods_id, attr_id, attr_value, attr_price " . "FROM " . $ecs->table('goods_attr') . " WHERE goods_id = '{$_REQUEST['goods_id']}' ";
$res = $db->query($sql);
while ($row = $db->fetchRow($res)) {
$db->autoExecute($ecs->table('goods_attr'), addslashes_deep($row), 'INSERT');
}
}
// 扩展分类
$other_cat_list = array();
$sql = "SELECT cat_id FROM " . $ecs->table('goods_cat') . " WHERE goods_id = '{$_REQUEST['goods_id']}'";
$goods['other_cat'] = $db->getCol($sql);
foreach ($goods['other_cat'] as $cat_id) {
$other_cat_list[$cat_id] = cat_list(0, $cat_id);
}
$smarty->assign('other_cat_list', $other_cat_list);
$link_goods_list = get_linked_goods($goods['goods_id']);
// 关联商品
$group_goods_list = get_group_goods($goods['goods_id']);
// 配件
$goods_article_list = get_goods_articles($goods['goods_id']);
$db->autoExecute($ecs->table('users'), $other, 'UPDATE', "user_name = '{$username}'");
/* 记录管理员操作 */
admin_log($username, 'edit', 'users');
/* 提示信息 */
$links[0]['text'] = $_LANG['goto_list'];
$links[0]['href'] = 'users.php?act=list&' . list_link_postfix();
$links[1]['text'] = $_LANG['go_back'];
$links[1]['href'] = 'javascript:history.back()';
sys_msg($_LANG['update_success'], 0, $links);
} elseif ($_REQUEST['act'] == 'batch_remove') {
/* 检查权限 */
admin_priv('users_drop');
if (isset($_POST['checkboxes'])) {
$sql = "SELECT user_name FROM " . $ecs->table('users') . " WHERE user_id " . db_create_in($_POST['checkboxes']);
$col = $db->getCol($sql);
$usernames = implode(',', addslashes_deep($col));
$count = count($col);
/* 通过插件来删除用户 */
$users =& init_users();
$users->remove_user($col);
admin_log($usernames, 'batch_remove', 'users');
$lnk[] = array('text' => $_LANG['go_back'], 'href' => 'users.php?act=list');
sys_msg(sprintf($_LANG['batch_remove_success'], $count), 0, $lnk);
} else {
$lnk[] = array('text' => $_LANG['go_back'], 'href' => 'users.php?act=list');
sys_msg($_LANG['no_select_user'], 0, $lnk);
}
} elseif ($_REQUEST['act'] == 'edit_username') {
/* 检查权限 */
check_authz_json('users_manage');
$username = empty($_REQUEST['val']) ? '' : json_str_iconv(trim($_REQUEST['val']));
/**
* 检查cookie
*
* @access public
* @param
*
* @return void
*/
function check_cookie()
{
if (isset($_COOKIE[$this->cookie_prefix . 'auth'])) {
$arr = addslashes_deep(explode("\t", $this->authcode($_COOKIE[$this->cookie_prefix . 'auth'], 'DECODE')));
if (count($arr) != 3) {
return false;
} else {
list($discuz_pw, $discuz_secques, $discuz_uid) = $arr;
}
$sql = "SELECT " . $this->field_name . " AS user_name" . " FROM " . $this->table($this->user_table) . " WHERE " . $this->field_id . " = '{$discuz_uid}' AND " . $this->field_pass . " = '{$discuz_pw}'";
$username = $this->db->getOne($sql);
if ($username && $this->charset != 'UTF8') {
$username = ecs_iconv($this->charset, 'UTF8', $username);
}
return $username;
} else {
return '';
}
}
/**
* 检查cookie
*
* @access public
* @param
*
* @return void
*/
function check_cookie()
{
if (empty($_COOKIE[$this->cookie_prefix . 'userid']) || empty($_COOKIE[$this->cookie_prefix . 'password'])) {
return '';
}
$user_id = intval($_COOKIE[$this->cookie_prefix . 'userid']);
$true_password = addslashes_deep($_COOKIE[$this->cookie_prefix . 'password']);
$sql = "SELECT " . $this->field_name . " AS user_name " . " FROM " . $this->table($this->user_table) . " WHERE " . $this->field_id . "='{$user_id}' AND truepassword='******'";
$username = $this->db->getOne($sql);
if (empty($username)) {
return '';
}
if ($this->charset != 'UTF8') {
$username = ecs_iconv($this->charset, 'UTF8', $username);
}
return $username;
}
require ROOT_PATH . 'data/config.php';
require ROOT_PATH . 'includes/lib_common.php';
require ROOT_PATH . 'includes/cls_mysql.php';
/* 兼容ECShopV2.5.1版本载入库文件 */
if (!function_exists('addslashes_deep')) {
require ROOT_PATH . 'includes/lib_base.php';
}
require CLIENT_PATH . 'includes/lib_api.php';
// API库文件
require CLIENT_PATH . 'includes/lib_struct.php';
// 结构库文件
// json类文件
require ROOT_PATH . 'includes/cls_json.php';
/* 对用户传入的变量进行转义操作。*/
if (!get_magic_quotes_gpc()) {
$_COOKIE = addslashes_deep($_COOKIE);
}
/* 兼容ECShopV2.5.1版本 */
if (!defined('EC_CHARSET')) {
define('EC_CHARSET', 'utf-8');
}
/* 初始化JSON对象 */
$json = new JSON();
/* 分析JSON数据 */
parse_json($json, $_POST['Json']);
/* 初始化包含文件 */
require ROOT_PATH . 'includes/inc_constant.php';
require ROOT_PATH . 'includes/cls_ecshop.php';
require ROOT_PATH . 'includes/lib_time.php';
require ROOT_PATH . 'includes/lib_main.php';
require ROOT_PATH . 'includes/lib_insert.php';
<?php
define('IN_ECS', true);
require dirname(__FILE__) . '/includes/init.php';
if ($_REQUEST['act'] == 'bar_code') {
$res = array('req_msg' => true, 'timeout' => 2000);
$goods_id = intval($_REQUEST['id']);
$bar_code = addslashes_deep($_REQUEST['value']);
$sql_update = 'UPDATE ' . $GLOBALS['ecs']->table('goods') . " SET bar_code='{$bar_code}' WHERE goods_id={$goods_id}";
if ($GLOBALS['db']->query($sql_update)) {
$res['id'] = $goods_id;
$res['code'] = 1;
$res['message'] = '条形码已经保存成功!';
$res['bar_code'] = $bar_code;
} else {
$res['code'] = 2;
$res['id'] = $goods_id;
$res['message'] = '条形码保存失败,请稍后再试!';
}
die($json->encode($res));
}
/**
* 从csv文件导入
*
* @param string $filename 文件名
* @param bool $header 是否有标题行,如果有标题行,从第二行开始读数据
* @param string $from_charset 源编码
* @param string $to_charset 目标编码
* @param string $delimiter 分隔符
* @return array
*/
function import_from_csv($filename, $header = true, $from_charset = '', $to_charset = '', $delimiter = ',')
{
if ($from_charset && $to_charset && $from_charset != $to_charset) {
$need_convert = true;
import('iconv.lib');
$iconv = new Chinese(ROOT_PATH . '/');
} else {
$need_convert = false;
}
$data = array();
$handle = fopen($filename, "r");
while (($row = fgetcsv($handle, 100000, $delimiter)) !== FALSE) {
if ($need_convert) {
foreach ($row as $key => $col) {
$row[$key] = $iconv->Convert($from_charset, $to_charset, $col);
}
}
$data[] = $row;
}
fclose($handle);
if ($header && $data) {
array_shift($data);
}
return addslashes_deep($data);
}
/**
* 检查cookie
*
* @access public
* @param
*
* @return void
*/
function check_cookie()
{
if (empty($_COOKIE[$this->cookie_prefix . '_data']) || empty($_COOKIE[$this->cookie_prefix . '_sid'])) {
return '';
}
/* 序列化cookie,取得用户信息 */
$cookie_data = addslashes_deep(@unserialize(stripslashes_deep($_COOKIE[$this->cookie_prefix . '_data'])));
$cookie_session_id = addslashes_deep(trim($_COOKIE[$this->cookie_prefix . '_sid']));
if (empty($cookie_data['userid']) || empty($cookie_data['autologinid'])) {
return '';
}
$sql = "SELECT " . $this->field_name . " FROM " . $this->table('sessions') . " AS s " . " LEFT JOIN " . $this->table($this->user_table) . " AS u ON s.session_user_id = u.user_id" . " WHERE session_id = '{$cookie_session_id}' AND session_user_id = '{$cookie_data['userid']}'";
$username = $this->db->getOne($sql);
if (empty($username)) {
return '';
} else {
if ($this->charset != 'UTF8') {
$username = ecs_iconv($this->charset, 'UTF8', $username);
}
return $username;
}
}
/**
* 顾客购买力分级列表
*/
function user_buy_list()
{
$request = addslashes_deep($_REQUEST);
// 默认查询条件
$filter['amount'] = empty($_REQUEST['amount']) ? 500 : floatval($_REQUEST['amount']);
// 自定义查询条件
$filter['user_name'] = empty($request['user_name']) ? '' : trim($request['user_name']);
$filter['sex'] = empty($request['sex']) ? '' : intval($request['sex']);
$filter['mobile_phone'] = empty($request['mobile_phone']) ? '' : $request['mobile_phone'];
$filter['home_phone'] = empty($request['home_phone']) ? '' : $request['home_phone'];
$filter['admin_id'] = empty($request['admin_id']) ? '' : intval($request['admin_id']);
$filter['eff_id'] = empty($request['eff_id']) ? '' : intval($request['eff_id']);
$filter['type_id'] = empty($request['type_id']) ? '' : intval($request['type_id']);
$filter['from_where'] = empty($request['from_where']) ? '' : intval($request['from_where']);
// 查询条件链
foreach ($filter as $key => $val) {
if (!empty($val)) {
if ($key == 'type') {
$condition .= "&{$key}=" . urlencode($val);
continue;
}
$condition .= "&{$key}={$val}";
}
}
$filter['page_size'] = empty($request['page_size']) ? 20 : intval($request['page_size']);
$filter['page'] = empty($request['page']) ? 1 : intval($request['page']);
$ex_where = '';
// 查询条件
// 顾客姓名
if ($filter['user_name']) {
$ex_where .= " AND u.user_name LIKE '%{$filter['user_name']}%' ";
}
// 性别
if ($filter['sex']) {
$ex_where .= " AND u.sex={$filter['sex']} ";
}
// 手机号码
if ($filter['mobile_phone']) {
$ex_where .= " AND u.mobile_phone={$filter['mobile_phone']} ";
}
// 固话
if ($filter['home_phone']) {
$ex_where .= " AND u.home_phone={$filter['home_phone']} ";
}
// QQ
if ($filter['qq']) {
$ex_where .= " AND u.qq={$filter['qq']} ";
}
// 旺旺
if ($filter['aliww']) {
$ex_where .= " AND u.aliww='{$filter['aliww']}' ";
}
// 客服
if (admin_priv('user_buy_list', '', false) && $filter['admin_id']) {
$ex_where .= " AND u.admin_id={$filter['admin_id']} ";
} elseif (!admin_priv('all', '', false)) {
$ex_where .= " AND u.admin_id={$_SESSION['admin_id']} ";
}
// 功效
if ($filter['eff_id']) {
$ex_where .= " AND u.eff_id={$filter['eff_id']} ";
}
// 来源
if ($filter['from_where']) {
$ex_where .= " AND u.from_where={$filter['from_where']} ";
}
// 累计消费金额
switch ($filter['amount']) {
case 500:
$ex_where .= " AND p.final_amount<500 ";
break;
case 1000:
$ex_where .= " AND p.final_amount<1000 AND p.final_amount>=500";
break;
case 1500:
$ex_where .= " AND p.final_amount<1500 AND p.final_amount>=1000";
break;
case 5000:
$ex_where .= " AND p.final_amount<5000 AND p.final_amount>=1500";
break;
case 5001:
$ex_where .= " AND p.final_amount>5000 ";
break;
}
$sql_select = 'SELECT COUNT(*) FROM ' . $GLOBALS['ecs']->table('users') . ' u LEFT JOIN ' . $GLOBALS['ecs']->table('purchasing_power') . " p ON u.user_id=p.user_id WHERE 1 {$ex_where} ";
$record_count = $GLOBALS['db']->getOne($sql_select);
$page = break_pages($record_count, $filter['page_size'], $filter['page']);
$sql_select = 'SELECT u.user_id,u.user_name,u.sex,u.add_time,u.service_time,u.admin_name,u.remarks FROM ' . $GLOBALS['ecs']->table('users') . ' u LEFT JOIN ' . $GLOBALS['ecs']->table('purchasing_power') . " p ON p.user_id=u.user_id WHERE 1 {$ex_where} LIMIT " . ($filter['page'] - 1) * $filter['page_size'] . ', ' . $filter['page_size'];
$user_list = $GLOBALS['db']->getAll($sql_select);
foreach ($user_list as &$val) {
$val['add_time'] = date('Y-m-d', $val['add_time']);
$val['service_time'] = date('Y-m-d', $val['service_time']);
}
$arr = array('user_list' => $user_list, 'filter' => $filter, 'page_count' => $page['page_count'], 'record_count' => $record_count, 'page_size' => $filter['page_size'], 'page' => $filter['page'], 'page_set' => $page['page_set'], 'condition' => $condition, 'start' => $page['start'], 'end' => $page['end']);
return $arr;
}
/**
* 检查cookie
*
* @access public
* @param
*
* @return void
*/
function check_cookie()
{
$cookie_name = substr(md5($this->db_sitehash), 0, 5) . '_winduser';
if (!isset($_COOKIE[$cookie_name])) {
return '';
}
$arr = addslashes_deep(explode("\t", $this->code_string($_COOKIE[$cookie_name], 'DECODE')));
if (count($arr) != 3) {
return false;
}
list($user_id, $salt_probe) = $arr;
$sql = "SELECT " . $this->field_id . " AS user_id, " . $this->field_name . " As user_name, " . $this->field_pass . " AS password " . " FROM " . $this->table($this->user_table) . " WHERE " . $this->field_id . " = '{$user_id}'";
$row = $this->db->getRow($sql);
if (!$row) {
return '';
}
$salt = md5($_SERVER["HTTP_USER_AGENT"] . $row['password'] . $this->db_hash);
if ($salt != $salt_probe) {
return '';
}
return $row['user_name'];
}
function index($cid = 0, $page = 0, $rs = array())
{
$rt = $this->Cache->read(3600);
if (is_null($rt)) {
if (empty($_GET['encode'])) {
if (isset($_GET['keyword']) && !empty($_GET['keyword']) && !in_array($_GET['keyword'], array('is_promote', 'is_best', 'is_new', 'is_hot', 'is_qianggou'))) {
$string = array_merge($_GET, $_POST);
$string['search_encode_time'] = time();
$string = str_replace('+', '%2b', base64_encode(serialize($string)));
header("Location: " . get_url('商品中心', $cid, ROOT_URL . "costume.php", 'goodscate', array($this->__module)) . "?encode={$string}\n");
exit;
}
} else {
$string = base64_decode(trim($_GET['encode']));
if ($string !== false) {
$string = unserialize($string);
} else {
$string = array();
}
$_GET = $_REQUEST = array_merge($_REQUEST, addslashes_deep($string));
}
$cid = isset($_GET['cid']) && intval($_GET['cid']) > 0 ? intval($_GET['cid']) : 439;
$bid = isset($_GET['bid']) && intval($_GET['bid']) > 0 ? intval($_GET['bid']) : 0;
$price = isset($_GET['price']) ? $_GET['price'] : "";
$keyword = isset($_GET['keyword']) ? trim($_GET['keyword']) : "";
$list = 40;
//每页显示
if (!(preg_match('/^.*$/u', $keyword) > 0)) {
$keyword = Import::gz_iconv()->ec_iconv('GB2312', 'UTF8', $keyword);
}
$page = isset($_GET['page']) && intval($_GET['page']) > 0 ? intval($_GET['page']) : 1;
//当前分类的基本信息
if ($cid > 0) {
$sql = "SELECT * FROM `{$this->App->prefix()}goods_cate` WHERE cat_id='{$cid}' LIMIT 1";
$rt['cateinfo'] = $this->App->findrow($sql);
if (empty($rt['cateinfo'])) {
$this->action('common', 'show404tpl');
}
} else {
$rt['cateinfo'] = array('keywords' => '商品中心');
}
//start 当前位置
$rt['hear'] = array();
$perend_id = 0;
//$hear[] = '<a href="'.SITE_URL.'">首页</a>';
if ($cid > 0) {
$hear[] = '<a class="allcate" href="' . get_url('全部分类', 0, SITE_URL . "costume.php", 'goodscate', array('costume', 'index')) . '">全部分类</a>';
$rts_ = $this->get_goods_parent_cats($cid);
//父类ID
$rts = Import::basic()->array_sort($rts_, 'cat_id');
//根据cat_id排序
if (!empty($rts)) {
$perend_id = $rts[count($rts) - 1]['cat_id'];
foreach ($rts as $rows) {
$hear[] = '<a href="' . get_url($rows['cat_name'], $rows['cat_id'], "costume.php?cid=" . $rows["cat_id"], 'goodscate', array('costume', 'index', $rows['cat_id'])) . '">' . $rows['cat_name'] . '</a>';
}
}
unset($rts, $rts_);
} elseif (!empty($keyword)) {
$perend_id = -1;
$hear[] = '<a class="allcate" href="' . SITE_URL . 'costume.php">全部分类</a>';
switch ($keyword) {
case 'is_hot':
// $hear[] = '<a href="'.SITE_URL.'hotproduct/">热销商品</a>'; look注释
$hear[] = '热销商品';
break;
case 'is_new':
// $hear[] = '<a href="'.SITE_URL.'newproduct/">新品推荐</a>';
$hear[] = '新品推荐';
break;
case 'is_best':
// $hear[] = '<a href="'.SITE_URL.'bestproduct/">精品推荐</a>';
$hear[] = '精品推荐';
break;
case 'is_promote':
// $hear[] = '<a href="'.SITE_URL.'promote/">促销商品</a>';
$hear[] = '促销商品';
break;
case 'is_qianggou':
// $hear[] = '<a href="'.SITE_URL.'promote/">限时抢购</a>';
$hear[] = '限时抢购';
break;
default:
$hear[] = '<a href="javascript:;">商品搜索</a>';
$hear[] = '<a href="' . SITE_URL . 'costume.php?keyword=' . $keyword . '">' . $keyword . '</a>';
break;
}
} elseif (!empty($price)) {
$perend_id = -1;
$hear[] = '<a class="allcate" href="' . get_url('全部分类', 0, SITE_URL . "costume.php", 'goodscate', array('catalog', 'index')) . '">全部分类</a>';
$hear[] = '<a href="javascript:;">价格商品</a>';
} else {
$perend_id = -1;
$hear[] = '<a class="allcate" href="' . get_url('全部分类', 0, SITE_URL . "costume.php", 'goodscate', array('catalog', 'index')) . '">全部分类</a>';
}
if (!empty($hear)) {
$rt['hear'] = implode(' > ', $hear);
} else {
$rt['hear'] = "";
}
unset($hear);
//end 当前位置
//商品分类列表
$rt['menu_show'] = array();
if ($cid > 0) {
$rt['menu_show'] = $this->get_goods_cate_tree($cid);
if (empty($rt['menu_show'])) {
$c = $this->App->findvar("SELECT parent_id FROM `{$this->App->prefix()}goods_cate` WHERE cat_id='{$cid}'");
$rt['menu_show'] = $this->get_goods_cate_tree($c);
}
}
$rt['brandlist'] = $this->action('brand', 'get_brand_list');
//子分类CID
$sub_cids = $this->get_goods_sub_cat_ids($cid);
//$rt['promote_goods'] = $this->recommend_goods(4,'is_promote',array('cid'=>$sub_cids,'perend_id'=>$perend_id,'keyword'=>$keyword));
//$rt['qianggou_goods'] = $this->recommend_goods(28,'is_qianggou',array('cid'=>$sub_cids,'perend_id'=>$perend_id,'keyword'=>$keyword));
//热卖前10个商品
//$rt['top10'] = $this->top10($sub_cids,4);
//商品分类属性
$sql = "SELECT distinct tb1.attr_value,tb1.attr_id,tb2.attr_name,tb2.attr_keys FROM `{$this->App->prefix()}goods_attr` AS tb1";
$sql .= " LEFT JOIN `{$this->App->prefix()}attribute` AS tb2 ON tb1.attr_id = tb2.attr_id LEFT JOIN `{$this->App->prefix()}goods` AS g ON g.goods_id=tb1.goods_id WHERE g.cat_id IN(" . implode(',', $sub_cids) . ")";
$attr = $this->App->find($sql);
$rt['attr'] = array();
if (!empty($attr)) {
foreach ($attr as $row) {
$rt['attr'][$row['attr_id']][] = $row;
}
unset($attr);
}
//排序
//定义能够排序的字段
$order = array('sort_order', 'cat_id', 'goods_id', 'click_count', 'brand_id', 'shop_price', 'market_price', 'promote_price', 'is_on_sale', 'is_best', 'is_new', 'is_hot', 'is_promote', 'sale_count', 'add_time', 'last_update');
$orderby = "";
if (isset($_GET['desc'])) {
if (in_array($_GET['desc'], $order)) {
$orderby = ' ORDER BY g.' . $_GET['desc'] . ' DESC';
}
$order_type = trim($_GET['desc']);
$sort_type = 'DESC';
} else {
if (isset($_GET['asc'])) {
if (in_array($_GET['asc'], $order)) {
$orderby = ' ORDER BY g.' . $_GET['asc'] . ' ASC';
}
$order_type = trim($_GET['asc']);
$sort_type = 'ASC';
} else {
$orderby = ' ORDER BY g.sort_order ASC , g.goods_id DESC ';
$order_type = 'sort_order';
$sort_type = 'ASC';
}
}
//分页
if (empty($page)) {
$page = 1;
}
$rt['thiscid'] = $cid;
$rt['thisbid'] = $bid;
$rt['price'] = $price;
$rt['page'] = $page;
$rt['sort'] = $sort_type;
$rt['order'] = $order_type;
$rt['limit'] = $list;
//条件
$comd = array('cid' => $cid, 'bid' => $bid, 'price' => $price, 'keyword' => $keyword, array());
//需要的话继续增加
$list = intval($list) > 0 ? intval($list) : 10;
//每页显示多少个
$start = ($page - 1) * $list;
$tt = $this->App->__get_goods_count_category($comd);
//获取商品的数量
$rt['goods_count'] = $tt;
$rt['categoodspage'] = Import::basic()->ajax_page($tt, $list, $page, 'get_categoods_page_list', array($cid, $bid, $price, $order_type, $sort_type, $list, $attr));
$rt['categoodslist'] = $this->App->__get_categoods_list_category($comd, $orderby, $start, $list);
//商品列表
if (!isset($_COOKIE['DISPLAY_TYPE']) || empty($_COOKIE['DISPLAY_TYPE']) || !in_array($_COOKIE['DISPLAY_TYPE'], array('list', 'text'))) {
$rt['display'] = 'text';
} else {
$rt['display'] = $_COOKIE['DISPLAY_TYPE'];
}
if (!empty($rt['cateinfo']['cat_name'])) {
$rt['infoname'] = $pcat_name . $rt['cateinfo']['cat_name'];
} elseif (!empty($rt['brandinfo']['brand_name'])) {
$rt['infoname'] = $rt['brandinfo']['brand_name'];
} elseif (!empty($keyword)) {
switch ($keyword) {
case 'is_hot':
$rt['infoname'] = "热销商品专区";
$rt['cateinfo']['cat_title'] = "流行热销商品-热销排行榜";
break;
case 'is_new':
$rt['infoname'] = "新品推荐";
$rt['cateinfo']['cat_title'] = "新品促销专区";
break;
case 'is_best':
$rt['infoname'] = "精品推荐";
$rt['cateinfo']['cat_title'] = "精选商品-%100满意";
break;
case 'is_promote':
$rt['infoname'] = "促销商品专区";
$rt['cateinfo']['cat_title'] = "促销商品,机会不容错过,最低一折起";
break;
default:
$rt['infoname'] = "商品搜索";
$rt['cateinfo']['cat_title'] = "商品查找-商品搜索";
break;
}
} elseif (!empty($price)) {
$rt['infoname'] = $price . '价格商品';
} else {
$rt['cateinfo']['cat_title'] = "商品分类列表";
$rt['infoname'] = '最新供应';
}
//商品评论
//$rt['allcommentlist'] = $this->action('product','get_comment_list',0,0,6);
//相关品牌
//$rt['relatebrand'] = $this->get_relate_cate_brand($sub_cids);
$this->Cache->write($rt);
}
//设置页面meta cat_title
$title = !empty($rt['cateinfo']['cat_title']) ? htmlspecialchars($rt['cateinfo']['cat_title']) : htmlspecialchars($rt['cateinfo']['cat_name']);
$this->title($title . ' - ' . $GLOBALS['LANG']['site_name']);
$this->meta("title", $title);
$this->meta("keywords", htmlspecialchars($rt['cateinfo']['keywords']));
$this->meta("description", htmlspecialchars($rt['cateinfo']['cat_desc']));
$this->set('rt', $rt);
$this->template('goods_category');
}
/**
* 合并订单
* @param string $from_order_sn 从订单号
* @param string $to_order_sn 主订单号
* @return 成功返回true,失败返回错误信息
*/
function merge_order($from_order_sn, $to_order_sn)
{
/* 订单号不能为空 */
if (trim($from_order_sn) == '' || trim($to_order_sn) == '') {
return $GLOBALS['_LANG']['order_sn_not_null'];
}
/* 订单号不能相同 */
if ($from_order_sn == $to_order_sn) {
return $GLOBALS['_LANG']['two_order_sn_same'];
}
/* 取得订单信息 */
$from_order = order_info(0, $from_order_sn);
$to_order = order_info(0, $to_order_sn);
/* 检查订单是否存在 */
if (!$from_order) {
return sprintf($GLOBALS['_LANG']['order_not_exist'], $from_order_sn);
} elseif (!$to_order) {
return sprintf($GLOBALS['_LANG']['order_not_exist'], $to_order_sn);
}
/* 检查合并的订单是否为普通订单,非普通订单不允许合并 */
if ($from_order['extension_code'] != '' || $to_order['extension_code'] != 0) {
return $GLOBALS['_LANG']['merge_invalid_order'];
}
/* 检查订单状态是否是已确认或未确认、未付款、未发货 */
if ($from_order['order_status'] != OS_UNCONFIRMED && $from_order['order_status'] != OS_CONFIRMED) {
return sprintf($GLOBALS['_LANG']['os_not_unconfirmed_or_confirmed'], $from_order_sn);
} elseif ($from_order['pay_status'] != PS_UNPAYED) {
return sprintf($GLOBALS['_LANG']['ps_not_unpayed'], $from_order_sn);
} elseif ($from_order['shipping_status'] != SS_UNSHIPPED) {
return sprintf($GLOBALS['_LANG']['ss_not_unshipped'], $from_order_sn);
}
if ($to_order['order_status'] != OS_UNCONFIRMED && $to_order['order_status'] != OS_CONFIRMED) {
return sprintf($GLOBALS['_LANG']['os_not_unconfirmed_or_confirmed'], $to_order_sn);
} elseif ($to_order['pay_status'] != PS_UNPAYED) {
return sprintf($GLOBALS['_LANG']['ps_not_unpayed'], $to_order_sn);
} elseif ($to_order['shipping_status'] != SS_UNSHIPPED) {
return sprintf($GLOBALS['_LANG']['ss_not_unshipped'], $to_order_sn);
}
/* 检查订单用户是否相同 */
if ($from_order['user_id'] != $to_order['user_id']) {
return $GLOBALS['_LANG']['order_user_not_same'];
}
/* 合并订单 */
$order = $to_order;
$order['order_id'] = '';
$order['add_time'] = gmtime();
// 合并商品总额
$order['goods_amount'] += $from_order['goods_amount'];
// 合并折扣
$order['discount'] += $from_order['discount'];
if ($order['shipping_id'] > 0) {
// 重新计算配送费用
$weight_price = order_weight_price($to_order['order_id']);
$from_weight_price = order_weight_price($from_order['order_id']);
$weight_price['weight'] += $from_weight_price['weight'];
$weight_price['amount'] += $from_weight_price['amount'];
$weight_price['number'] += $from_weight_price['number'];
$region_id_list = array($order['country'], $order['province'], $order['city'], $order['district']);
$shipping_area = shipping_area_info($order['shipping_id'], $region_id_list);
$order['shipping_fee'] = shipping_fee($shipping_area['shipping_code'], unserialize($shipping_area['configure']), $weight_price['weight'], $weight_price['amount'], $weight_price['number']);
// 如果保价了,重新计算保价费
if ($order['insure_fee'] > 0) {
$order['insure_fee'] = shipping_insure_fee($shipping_area['shipping_code'], $order['goods_amount'], $shipping_area['insure']);
}
}
// 重新计算包装费、贺卡费
if ($order['pack_id'] > 0) {
$pack = pack_info($order['pack_id']);
$order['pack_fee'] = $pack['free_money'] > $order['goods_amount'] ? $pack['pack_fee'] : 0;
}
if ($order['card_id'] > 0) {
$card = card_info($order['card_id']);
$order['card_fee'] = $card['free_money'] > $order['goods_amount'] ? $card['card_fee'] : 0;
}
// 红包不变,合并积分、余额、已付款金额
$order['integral'] += $from_order['integral'];
$order['integral_money'] = value_of_integral($order['integral']);
$order['surplus'] += $from_order['surplus'];
$order['money_paid'] += $from_order['money_paid'];
// 计算应付款金额(不包括支付费用)
$order['order_amount'] = $order['goods_amount'] - $order['discount'] + $order['shipping_fee'] + $order['insure_fee'] + $order['pack_fee'] + $order['card_fee'] - $order['bonus'] - $order['integral_money'] - $order['surplus'] - $order['money_paid'];
// 重新计算支付费
if ($order['pay_id'] > 0) {
// 货到付款手续费
$cod_fee = $shipping_area ? $shipping_area['pay_fee'] : 0;
$order['pay_fee'] = pay_fee($order['pay_id'], $order['order_amount'], $cod_fee);
// 应付款金额加上支付费
$order['order_amount'] += $order['pay_fee'];
}
/* 插入订单表 */
do {
$order['order_sn'] = get_order_sn();
if ($GLOBALS['db']->autoExecute($GLOBALS['ecs']->table('order_info'), addslashes_deep($order), 'INSERT')) {
break;
} else {
if ($GLOBALS['db']->errno() != 1062) {
die($GLOBALS['db']->errorMsg());
}
}
} while (true);
// 防止订单号重复
/* 订单号 */
$order_id = $GLOBALS['db']->insert_id();
/* 更新订单商品 */
$sql = 'UPDATE ' . $GLOBALS['ecs']->table('order_goods') . " SET order_id = '{$order_id}' " . "WHERE order_id " . db_create_in(array($from_order['order_id'], $to_order['order_id']));
$GLOBALS['db']->query($sql);
include_once ROOT_PATH . 'includes/lib_clips.php';
/* 插入支付日志 */
insert_pay_log($order_id, $order['order_amount'], PAY_ORDER);
/* 删除原订单 */
$sql = 'DELETE FROM ' . $GLOBALS['ecs']->table('order_info') . " WHERE order_id " . db_create_in(array($from_order['order_id'], $to_order['order_id']));
$GLOBALS['db']->query($sql);
/* 删除原订单支付日志 */
$sql = 'DELETE FROM ' . $GLOBALS['ecs']->table('pay_log') . " WHERE order_id " . db_create_in(array($from_order['order_id'], $to_order['order_id']));
$GLOBALS['db']->query($sql);
/* 返还 from_order 的红包,因为只使用 to_order 的红包 */
if ($from_order['bonus_id'] > 0) {
unuse_bonus($from_order['bonus_id']);
}
/* 返回成功 */
return true;
}
exit;
} elseif ($_REQUEST['act'] == 'upload') {
/* 检查权限 */
admin_priv('shop_authorized');
/* 接收上传文件 */
/* 取出证书内容 */
$license_arr = array();
if (isset($_FILES['license']['error']) && $_FILES['license']['error'] == 0 && preg_match('/CER$/i', $_FILES['license']['name'])) {
if (file_exists($_FILES['license']['tmp_name']) && is_readable($_FILES['license']['tmp_name'])) {
if ($license_f = fopen($_FILES['license']['tmp_name'], 'r')) {
$license_content = '';
while (!feof($license_f)) {
$license_content .= fgets($license_f, 4096);
}
$license_content = trim($license_content);
$license_content = addslashes_deep($license_content);
$license_arr = explode('|', $license_content);
}
}
}
/* 恢复证书 */
if (count($license_arr) != 2 || $license_arr[0] == '' || $license_arr[1] == '') {
$links[] = array('text' => $_LANG['back'], 'href' => 'license.php?act=list_edit');
sys_msg($_LANG['fail_license'], 1, $links);
} else {
include_once ROOT_PATH . 'includes/cls_transport.php';
include_once ROOT_PATH . 'includes/cls_json.php';
include_once ROOT_PATH . 'includes/lib_main.php';
include_once ROOT_PATH . 'includes/lib_license.php';
// 证书登录
$login_result = license_login();
/**
* 编辑使用余额支付的处理
*/
public function edit_surplus()
{
// 检查订单号
$order_id = intval($_POST['order_id']);
if ($order_id <= 0) {
ecs_header("Location: " . url('index/index') . "\n");
exit;
}
// 检查余额
$surplus = floatval($_POST['surplus']);
if ($surplus <= 0) {
ECTouch::err()->add(L('error_surplus_invalid'));
ECTouch::err()->show(L('order_detail'), url('order_detail', array('order_id' => $order_id)));
}
// 取得订单order_id
$order = model('Order')->order_info($order_id);
if (empty($order)) {
ecs_header("Location: " . url('index/index') . "\n");
exit;
}
// 检查订单用户跟当前用户是否一致
if ($_SESSION['user_id'] != $order['user_id']) {
ecs_header("Location: " . url('index/index') . "\n");
exit;
}
// 检查订单是否未付款,检查应付款金额是否大于0
if ($order['pay_status'] != PS_UNPAYED || $order['order_amount'] <= 0) {
ECTouch::err()->add(L('error_order_is_paid'));
ECTouch::err()->show(L('order_detail'), url('order_detail', array('order_id' => $order_id)));
}
// 计算应付款金额(减去支付费用)
$order['order_amount'] -= $order['pay_fee'];
// 余额是否超过了应付款金额,改为应付款金额
if ($surplus > $order['order_amount']) {
$surplus = $order['order_amount'];
}
// 取得用户信息
$user = model('Order')->user_info($_SESSION['user_id']);
// 用户帐户余额是否足够
if ($surplus > $user['user_money'] + $user['credit_line']) {
ECTouch::err()->add(L('error_surplus_not_enough'));
ECTouch::err()->show(L('order_detail'), url('order_detail', array('order_id' => $order_id)));
}
// 修改订单,重新计算支付费用
$order['surplus'] += $surplus;
$order['order_amount'] -= $surplus;
if ($order['order_amount'] > 0) {
$cod_fee = 0;
if ($order['shipping_id'] > 0) {
$regions = array($order['country'], $order['province'], $order['city'], $order['district']);
$shipping = model('Shipping')->shipping_area_info($order['shipping_id'], $regions);
if ($shipping['support_cod'] == '1') {
$cod_fee = $shipping['pay_fee'];
}
}
$pay_fee = 0;
if ($order['pay_id'] > 0) {
$pay_fee = pay_fee($order['pay_id'], $order['order_amount'], $cod_fee);
}
$order['pay_fee'] = $pay_fee;
$order['order_amount'] += $pay_fee;
}
// 如果全部支付,设为已确认、已付款
if ($order['order_amount'] == 0) {
if ($order['order_status'] == OS_UNCONFIRMED) {
$order['order_status'] = OS_CONFIRMED;
$order['confirm_time'] = gmtime();
}
$order['pay_status'] = PS_PAYED;
$order['pay_time'] = gmtime();
}
$order = addslashes_deep($order);
model('Users')->update_order($order_id, $order);
// 更新用户余额
$change_desc = sprintf(L('pay_order_by_surplus'), $order['order_sn']);
model('ClipsBase')->log_account_change($user['user_id'], -1 * $surplus, 0, 0, 0, $change_desc);
// 销量
$this->update_touch_goods($order_id);
// 跳转
$url = url('order_detail', array('order_id' => $order_id));
ecs_header("Location: {$url}\n");
exit;
}
function _parse_tabao_prop($cid, $sale_attr, $sale_attr_alias, $goods_id)
{
$i = 0;
// 规格数量
$spec_kind = 0;
// 规格种类数
$spec_price_stock = array();
// 价格和库存
$sale_attr = preg_replace("/:[^:]*-[^:]*:/U", '::', $sale_attr);
// 屏蔽商家编码干扰
$sale_attr = explode(';', $sale_attr);
//dump($sale_attr);
$pvs = '';
// 淘宝销售属性编码
/* 分离库存价格与属性编码 */
foreach ($sale_attr as $k => $v) {
$pos_2 = strpos($v, '::');
if ($pos_2 > 0) {
$pos_1 = strpos($v, ':');
//dump($_pos);
//$price_stock = explode(':', substr($v, 0,))
$spec_price_stock[$i]['price'] = round(substr($v, 0, $pos_1), 2);
$spec_price_stock[$i]['stock'] = substr($v, $pos_1 + 1, $pos_2 - $pos_1 - 1);
$pvs .= substr($v, $pos_2 + 2) . ';';
$i++;
} else {
if ($v) {
$pvs .= $v . ';';
}
}
}
if (empty($spec_price_stock)) {
$spec_kind = 0;
} else {
$spec_kind = substr_count($pvs, ';') / count($spec_price_stock);
}
/* 根据编码解析销售属性 */
import('taobaoprop.lib');
$TaobaoProp = new TaobaoProp($cid, $pvs, '12009827', '8c02e9f524f66199e100e27fdfdb9bbd');
$prop = $TaobaoProp->get_prop();
if (!$prop || $TaobaoProp->has_error()) {
return array();
}
/* 编码转换 */
if (CHARSET == 'big5') {
$prop = ecm_iconv_deep('utf-8', 'gbk', $prop);
$prop = ecm_iconv_deep('gbk', 'big5', $prop);
} else {
$prop = ecm_iconv_deep('utf-8', CHARSET, $prop);
}
/* 销售属性别名 */
if ($sale_attr_alias) {
$sale_attr_alias = explode(';', $sale_attr_alias);
foreach ($sale_attr_alias as $_k => $_v) {
$pos_delimiter = strrpos($_v, ':');
$pv = substr($_v, 0, $pos_delimiter);
$alias_name = substr($_v, $pos_delimiter + 1);
$sale_attr_alias[$pv] = $alias_name;
unset($sale_attr_alias[$_k]);
}
foreach ($prop as $key => $value) {
$pv = $value['pid'] . ':' . $value['vid'];
if (isset($sale_attr_alias[$pv])) {
$prop[$key]['name_alias'] = $sale_attr_alias[$pv];
}
}
}
/* 组合成ECMall规格 */
$spec = array();
// 规格数据
foreach ($spec_price_stock as $_k => $_v) {
$spec['item'][$_k] = $_v;
$spec['item'][$_k]['goods_id'] = $goods_id;
if ($spec_kind == 2) {
$spec['item'][$_k]['spec_1'] = $prop[2 * $_k]['name_alias'];
$spec['item'][$_k]['spec_2'] = $prop[2 * $_k + 1]['name_alias'];
$spec['spec_name'] = array('spec_name_1' => $prop[0]['prop_name'], 'spec_name_2' => $prop[1]['prop_name']);
} else {
if ($spec_kind = 1) {
$spec['item'][$_k]['spec_1'] = $prop[$_k]['name_alias'];
$spec['spec_name'] = array('spec_name_1' => $prop[0]['prop_name']);
}
}
if ($_v['stock'] == 0) {
unset($spec['item'][$_k]);
}
}
$spec['spec_kind'] = $spec_kind;
return addslashes_deep($spec);
// 因经过转码,必须要重新转义
}
if ($order['pay_id'] > 0) {
$pay_fee = pay_fee($order['pay_id'], $order['order_amount'], $cod_fee);
}
$order['pay_fee'] = $pay_fee;
$order['order_amount'] += $pay_fee;
}
/* 如果全部支付,设为已确认、已付款 */
if ($order['order_amount'] == 0) {
if ($order['order_status'] == OS_UNCONFIRMED) {
$order['order_status'] = OS_CONFIRMED;
$order['confirm_time'] = gmtime();
}
$order['pay_status'] = PS_PAYED;
$order['pay_time'] = gmtime();
}
$order = addslashes_deep($order);
update_order($order_id, $order);
/* 更新用户余额 */
$change_desc = sprintf($_LANG['pay_order_by_surplus'], $order['order_sn']);
log_account_change($user['user_id'], -1 * $surplus, 0, 0, 0, $change_desc);
/* 跳转 */
ecs_header('Location: user.php?act=order_detail&order_id=' . $order_id . "\n");
exit;
} elseif ($action == 'act_edit_payment') {
/* 检查是否登录 */
if ($_SESSION['user_id'] <= 0) {
ecs_header("Location: ./\n");
exit;
}
/* 检查支付方式 */
$pay_id = intval($_POST['pay_id']);
if (!empty($string['search_encode_time'])) {
if (time() > $string['search_encode_time'] + 2) {
define('INGORE_VISIT_STATS', true);
}
} else {
define('INGORE_VISIT_STATS', true);
}
} else {
$string = array();
}
} else {
$string = array();
}
}
require dirname(__FILE__) . '/includes/init.php';
$_REQUEST = array_merge($_REQUEST, addslashes_deep($string));
$_REQUEST['act'] = !empty($_REQUEST['act']) ? trim($_REQUEST['act']) : '';
/*------------------------------------------------------ */
//-- 高级搜索
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'advanced_search') {
$goods_type = !empty($_REQUEST['goods_type']) ? intval($_REQUEST['goods_type']) : 0;
$attributes = get_seachable_attributes($goods_type);
$smarty->assign('goods_type_selected', $goods_type);
$smarty->assign('goods_type_list', $attributes['cate']);
$smarty->assign('goods_attributes', $attributes['attr']);
assign_template();
assign_dynamic('search');
$position = assign_ur_here(0, $_LANG['advanced_search']);
$smarty->assign('page_title', $position['title']);
// 页面标题