/**
* TODO description
**/
public function checkLogin()
{
$OBJ =& get_instance();
// if logging out
if (isset($_POST['logout'])) {
$this->logout();
}
$cookie_expires = time() + $this->cookie_expires;
// if logging in
if (isset($_POST['submitLogin'])) {
sleep(3);
// obscure prevention of absuse
$clean['userid'] = getPOST('uid', null, 'password', 12);
$clean['password'] = md5(getPOST('pwd', null, 'password', 12));
$this->prefs = $OBJ->db->selectArray('user', $clean, Db::FETCH_RECORD);
if ($this->prefs) {
// create a new user hash upon login
$temp['user_hash'] = md5(time() . $clean['password'] . 'secret');
$OBJ->db->updateArray('user', $temp, "ID = {$this->prefs['ID']}");
setcookie('ndxz_hash', $temp['user_hash'], $cookie_expires, '/');
setcookie('ndxz_access', $clean['password'], $cookie_expires, '/');
$this->settings();
return;
} else {
show_login('login err');
}
}
// return access
if (isset($_COOKIE['ndxz_access']) && isset($_COOKIE['ndxz_hash'])) {
$clean['user_hash'] = getCOOKIE($_COOKIE['ndxz_hash'], null, 'password', 32);
$clean['password'] = getCOOKIE($_COOKIE['ndxz_access'], null, 'password', 32);
$this->prefs = $OBJ->db->selectArray('user', $clean, Db::FETCH_RECORD);
if ($this->prefs) {
// we'll update each time so no more weird logouts
setcookie('ndxz_hash', $clean['user_hash'], $cookie_expires, '/');
setcookie('ndxz_access', $clean['password'], $cookie_expires, '/');
$this->settings();
return;
}
}
show_login();
}
<?php
include 'library/init.inc.php';
$operation = 'shake';
$opera = check_action($operation, getPOST('opera'));
if ('shake' == $opera) {
$response = array('error' => 1, 'msg' => '');
$progress = intval(getPOST('progress'));
$cycle = intval(getPOST('cycle'));
if ($progress <= 0) {
$progress = 1;
}
if ($cycle <= 0) {
$response['msg'] = '参数错误';
}
if ($response['msg'] == '') {
$get_cycle_status = 'select `status` from ' . $db->table('cycle') . ' where `id`=' . $cycle;
$status = $db->fetchOne($get_cycle_status);
$get_shake = 'select `id`,`total`,`progress`,`goal` from ' . $db->table('shake') . ' where `account`=\'' . $_SESSION['account'] . '\'';
$shake = $db->fetchRow($get_shake);
if ($shake && $status == 1) {
$goal = false;
if ($shake['total'] < 100) {
if ($shake['total'] + $progress >= 100) {
$progress = 100 - $shake['total'];
$goal = true;
}
$shake_data = array('total' => $shake['total'] + $progress, 'progress' => $shake['progress'] + $progress, 'cycle' => $cycle);
if ($goal) {
$shake_data['end_time'] = microtime();
}
<?php
/**
* Created by PhpStorm.
* User: apple
* Date: 15/9/7
* Time: 上午11:22
*/
include 'library/init.inc.php';
$operation = 'edit';
$opera = check_action($operation, getPOST('opera'));
if ('edit' == $opera) {
$response = array('error' => 1, 'msg' => '');
$password = getPOST('password');
$ref = getPOST('ref');
if ($password == '') {
$response['msg'] = '请填写新密码';
}
if (!isset($_SESSION['token']) || $_SESSION['token'] != 'verify message code success.') {
$response['msg'] = '请先通过身份验证';
}
if ($response['msg'] == '') {
$password = md5($password . PASSWORD_END);
$data = array('password' => $password);
if ($db->autoUpdate('member', $data, '`account`=\'' . $_SESSION['account'] . '\'')) {
$response['msg'] = '修改密码成功';
$response['error'] = 0;
if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'login.php') === false) {
$response['referer'] = $_SERVER['HTTP_REFERER'];
} else {
$response['referer'] = 'index.php';
$db->rollback();
}
}
echo json_encode($response);
exit;
}
if ('add' == $opera) {
$response = array('error' => 1, 'msg' => '', 'errmsg' => array());
$rule = trim(getPOST('rule'));
$response_content = trim(getPOST('response_content'));
$name = trim(getPOST('name'));
$order_view = intval(getPOST('order_view'));
$enabled = intval(getPOST('enabled'));
$match_mode = intval(getPOST('match_mode'));
$msgType = trim(getPOST('msgType'));
$content_id = intval(getPOST('content_id'));
if ($rule == '') {
$response['errmsg']['rule'] = '-请填写关键词';
} else {
$rule = $db->escape($rule);
}
if ($msgType == '') {
$response['errmsg']['msgType'] = '-请选择回复类型';
} else {
if (!array_key_exists($msgType, $msgType_array)) {
$response['errmsg']['msgType'] = '-请选择回复类型';
} else {
$msgType = $db->escape($msgType);
if ($msgType == 'news') {
if ($content_id <= 0) {
$response['errmsg']['content_id'] = '-请选择资讯';
* User: apple
* Date: 15/9/15
* Time: 下午8:21
*/
include 'library/init.inc.php';
$id = intval(getGET('id'));
$template = 'category.phtml';
$product_list = array();
$flag = false;
$operation = 'sort';
$opera = check_action($operation, getPOST('opera'));
//产品排序
if ('sort' == $opera) {
$response = array('error' => 1, 'msg' => '');
$filter = getPOST('filter');
$mode = getPOST('mode');
$now = time();
$get_product_list = 'select `id`,`name`,if(`promote_end`>' . $now . ',`promote_price`,`price`) as `price`,`img` from ' . $db->table('product') . ' where `status`=4 ';
$response['filter'] = $filter;
//分组使用筛选条件
//关键词
if (isset($filter['id']) && $filter['id'] > 0) {
$id = intval($filter['id']);
$get_category_path = 'select `path` from ' . $db->table('category') . ' where `id`=' . $id;
$path = $db->fetchOne($get_category_path);
$get_category_ids = 'select `id` from ' . $db->table('category') . ' where `path` like \'' . $path . '%\' and `id` not in (' . $path . '0)';
$category_ids = $db->fetchAll($get_category_ids);
$category_ids_tmp = array();
$category_ids_str = '';
if ($category_ids) {
foreach ($category_ids as $key => $val) {
<?php
/**
* Created by PhpStorm.
* User: apple
* Date: 15/8/24
* Time: 下午3:32
*/
include 'library/init.inc.php';
$log->record_array($_POST);
$response = array('error' => 1, 'msg' => '');
$access_token = get_access_token($config['appid'], $config['appsecret']);
$openid = getPOST('openid');
$openid = $db->escape($openid);
if ($access_token) {
if ($ticket = get_qrcode($openid, $access_token)) {
$response['url'] = 'http://wechat.wzcy188.com/facm/api/recommend.php?ticket=' . urlencode($openid);
$response['error'] = 0;
} else {
$response['msg'] = '服务器繁忙,请稍后再次获取';
}
} else {
$response['msg'] = '获取access_token失败';
}
echo json_encode($response);
exit;
}
if ('add' == $opera) {
$response = array('error' => 1, 'msg' => '', 'errmsg' => array());
if (!check_purview('pur_ad_add', $_SESSION['purview'])) {
$response['msg'] = '没有操作权限';
echo json_encode($response);
exit;
}
$url = getPOST('url');
$img = getPOST('img');
$alt = getPOST('alt');
$forever = getPOST('forever');
$ad_pos_id = intval(getPOST('ad_pos_id'));
$order_view = intval(getPOST('order_view'));
$begin_time = getPOST('begin_time');
$end_time = getPOST('end_time');
if ($alt == '') {
$response['errmsg']['alt'] = '-请填写替换文字';
} else {
$alt = $db->escape($alt);
}
if ($ad_pos_id <= 0) {
$response['errmsg']['ad_pos_id'] = '-请选择广告位置';
}
if ($order_view < 0) {
$response['errmsg']['order_view'] = '-请输入广告排序';
}
if ($forever == 0) {
if ($begin_time == '' || $end_time == '') {
$response['errmsg']['time'] = '-请选择有效时间';
} else {
$act = $act == '' ? 'view' : $act;
$opera = check_action($operation, getPOST('opera'));
//===========================================================================
if ($opera == 'send') {
$get_reward_list = 'select `account`,`reward`,`remark`,`type`,`id` from ' . $db->table('reward') . ' where `status`=1';
$reward_list = $db->fetchAll($get_reward_list);
foreach ($reward_list as $reward) {
if (member_account_change($reward['account'], 0, $reward['reward'], -1 * $reward['reward'], 0, 0, 0, $_SESSION['admin_account'], 4, $reward['remark'])) {
$reward_status = array('status' => 2, 'solve_time' => time());
$db->autoUpdate('reward', $reward_status, '`id`=' . $reward['id']);
}
}
show_system_message('奖金发放完毕');
}
if ($opera == 'export') {
$reward_id = getPOST('order_id');
$account = getGET('account');
$status = intval(getGET('status'));
$type = intval(getGET('type'));
$begin_time = getGET('begin_time');
$end_time = getGET('end_time');
$sql = 'select * from ' . $db->table('reward');
$where = ' where 1';
if ($reward_id != '') {
$reward_id = substr($reward_id, 0, strlen($reward_id) - 1);
$reward_id = $db->escape($reward_id);
$where .= ' and `id` in (' . $reward_id . ')';
} else {
if ($account != '') {
$account = $db->escape($account);
$where .= ' and `account`=\'' . $account . '\'';
<?php
include_once 'functions.inc';
## Form
if (isset($_POST['submit'])) {
# Get request properties
$form['firstname'] = getPost('firstname');
$form['lastname'] = getPOST('lastname');
$form['email'] = getPOST('email');
$form['password'] = getPOST('password');
$form['confirmPassword'] = getPOST('confPassword');
$form['subject'] = getPOST('subject');
$form['message'] = getPOST('message');
$form['captchaValue'] = getPOST('captchaValue');
$form['captchaId'] = getPOST('captchaId');
// Add datetime
date_default_timezone_set('Europe/Berlin');
$form['date'] = date("F j, Y, g:i a");
// Check for empty fields
foreach ($form as $key => $value) {
if (!$value) {
$errorMsg .= 'The field "' . $key . '" may not be empty.<br>';
}
}
if (!validateEmail($form['email'])) {
$errorMsg .= "Please check your email address entered.<br>";
}
if (!validatePassword($form['password'], $form['confirmPassword'])) {
$errorMsg .= "Passwords does not match.<br>";
}
if (!validateCaptcha($form['captchaValue'], $form['captchaId'])) {
exit;
}
$business_account = trim(getPOST('account'));
if ('' == $business_account) {
show_system_message('参数错误', array());
exit;
}
$business_account = $db->escape($business_account);
$get_business = 'select * from ' . $db->table('business');
$get_business .= ' where business_account = \'' . $business_account . '\' and status = 1 limit 1';
$business = $db->fetchRow($get_business);
if (empty($business)) {
show_system_message('商户不存在', array());
exit;
}
$reason = trim(getPOST('reason'));
if ('' == $reason) {
$reason = '您的认证信息审核不通过,请重新提交';
} else {
$reason = $db->escape($reason);
}
$db->begin();
$transaction = true;
$update_business = 'update ' . $db->table('auth') . ' set status = 2';
$update_business .= ' where business_account = \'' . $business_account . '\' limit 1';
if (!$db->update($update_business)) {
$transaction = false;
}
//已系统消息形式返回驳回理由,返回到
$data = array('title' => '信息认证', 'content' => $reason, 'account' => $business['account'], 'business_account' => $business['business_account'], 'add_time' => time(), 'status' => 0);
if (!$db->autoInsert('message', array($data))) {
* @email wrh4285@163.com
* @date 2015-8-19
* @version 1.0.0
*/
include 'library/init.inc.php';
$template = 'index/';
$action = 'login|forget|logout';
$operation = 'login|forget';
$act = check_action($action, getGET('act'));
$act = $act == '' ? 'login' : $act;
$opera = check_action($operation, getPOST('opera'));
$error = array();
//登陆
if ('login' == $opera) {
$account = trim(getPOST('account'));
$password = trim(getPOST('password'));
if ('' == $account) {
$error['account'] = '账号不能为空';
} else {
$account = $db->escape(htmlspecialchars($account));
}
if ('' == $password) {
$error['password'] = '******';
} else {
$password = md5($password . PASSWORD_END);
}
if (preg_match('#@#', $account)) {
$checkAccount = 'select `password`,`role_id`,`business_account` from ' . $db->table('admin') . ' where `account`=\'' . $account . '\' limit 1';
$admin = $db->fetchRow($checkAccount);
if ($admin) {
if ($password == $admin['password']) {
}
if ('edit' == $opera) {
$response = array('error' => 1, 'msg' => '', 'errmsg' => array());
if (!check_purview('pur_ad_edit', $_SESSION['business_purview'])) {
$response['msg'] = '没有操作权限';
echo json_encode($response);
exit;
}
$url = getPOST('url');
$img = getPOST('img');
$alt = getPOST('alt');
$forever = getPOST('forever');
$order_view = intval(getPOST('order_view'));
$begin_time = getPOST('begin_time');
$end_time = getPOST('end_time');
$id = intval(getPOST('eid'));
if ($id <= 0) {
$response['msg'] = '参数错误';
}
$get_ad = 'select * from ' . $db->table('ad') . ' where `id`=' . $id . ' and business_account = \'' . $_SESSION['business_account'] . '\' limit 1';
$ad = $db->fetchRow($get_ad);
if (empty($ad)) {
show_system_message('广告不存在');
exit;
}
if ($alt == '') {
$response['errmsg']['alt'] = '-请填写替换文字';
} else {
$alt = $db->escape($alt);
}
if ($order_view < 0) {
show_system_message('修改个人信息成功', $links);
exit;
} else {
show_system_message('系统繁忙,请稍后重试', array());
exit;
}
}
//修改密码
if ('passwd' == $opera) {
if (!check_purview('pur_passwd_edit', $_SESSION['purview'])) {
show_system_message('权限不足', array());
exit;
}
$old_password = trim(getPOST('old-password'));
$new_password = trim(getPOST('new-password'));
$confirm_password = trim(getPOST('confirm-password'));
if ('' == $old_password) {
show_system_message('原密码不能为空', array());
exit;
} else {
$old_password = md5($old_password . PASSWORD_END);
}
if ('' == $new_password) {
show_system_message('新密码不能为空', array());
exit;
}
if ($confirm_password != $new_password) {
show_system_message('两次输入的密码不一致', array());
exit;
}
$get_admin = 'select `password` from ' . $db->table('admin') . ' where account = \'' . $_SESSION['account'] . '\' limit 1';
$opera = check_action($operation, getPOST('opera'));
if ('apply' == $opera) {
$response = array('error' => 1, 'msg' => '');
$shop_name = getPOST('shop_name');
$license = $_FILES['license'];
$identity = $_FILES['identity'];
$industry = intval(getPOST('industry'));
$category = intval(getPOST('category'));
$province = intval(getPOST('province'));
$city = intval(getPOST('city'));
$district = intval(getPOST('district'));
$group = intval(getPOST('group'));
$address = getPOST('address');
$contact = getPOST('contact');
$mobile = getPOST('mobile');
$email = getPOST('email');
$name = '';
if ($shop_name == '') {
$response['msg'] .= '-请填写网店名称<br/>';
} else {
$shop_name = $db->escape($shop_name);
}
if ($industry <= 0) {
$response['msg'] .= '-请选择主营行业<br/>';
}
if ($category <= 0) {
$response['msg'] .= '-请选择主营分类<br/>';
}
if ($province <= 0 || $city <= 0 || $district <= 0 || $group <= 0) {
$response['msg'] .= '-请选择所在地区<br/>';
}
}
$row += 2;
}
//输出
$filename = date('YmdHis') . '订单列表';
header('Content-Type: application/vnd.ms-excel');
header('Content-Disposition: attachment;filename="' . $filename . '.xls"');
header('Cache-Control: max-age=0');
$objWriter = PHPExcel_IOFactory::createWriter($excel, 'Excel5');
$objWriter->save('php://output');
exit;
}
if ($opera == 'edit') {
$order_sn = getPOST('eorder_sn');
$delivery_sn = getPOST('delivery_sn');
$delivery_company = getPOST('delivery_company');
if ($order_sn == '') {
show_system_message('参数错误');
} else {
$order_sn = $db->escape($order_sn);
}
if ($delivery_company == '') {
show_system_message('请填写物流公司');
} else {
$delivery_company = $db->escape($delivery_company);
}
if ($delivery_sn == '') {
show_system_message('请填写物流单号');
} else {
$delivery_sn = $db->escape($delivery_sn);
}
/**
* 消费券管理
* @author 王仁欢
* @email wrh4285@163.com
* @date 2015-10-16
* @version 1.0.0
*/
include 'library/init.inc.php';
back_base_init();
$template = 'virtual_order/';
assign('subTitle', '消费券管理');
$action = 'view';
$operation = '';
$act = check_action($action, getGET('act'));
$act = $act == '' ? 'view' : $act;
$opera = check_action($operation, getPOST('opera'));
$status_str = array(0 => '有效', 1 => '已使用', 2 => '已过期', 3 => '失效');
//===========================================================================
//===========================================================================
if ('view' == $act) {
if (!check_purview('pur_virtual_order_view', $_SESSION['purview'])) {
show_system_message('权限不足', array());
exit;
}
$status = intval(getGET('status'));
if ($status == 0) {
assign('status', 0);
assign('order_status', '');
$and_where = '';
} else {
switch ($status) {
$action = 'view|consume';
$operation = 'consume';
$act = check_action($action, getGET('act'));
$act = $act == '' ? 'view' : $act;
$opera = check_action($operation, getPOST('opera'));
$status_str = array(0 => '有效', 1 => '已使用', 2 => '已过期', 3 => '失效');
//===========================================================================
if ('consume' == $opera) {
$response = array('error' => 1, 'msg' => '', 'errmsg' => array());
if (!check_purview('pur_virtual_order_edit', $_SESSION['business_purview'])) {
$response['msg'] = '权限不足';
echo json_encode($response);
exit;
}
$mobile = trim(getPOST('mobile'));
$code = trim(getPOST('code'));
if ('' == $mobile || 11 != strlen($mobile)) {
$response['msg'] = '参数错误';
$response['errmsg']['mobile'] = '-请输入手机号码';
}
if ('' == $code) {
$response['msg'] = '参数错误';
$response['errmsg']['code'] = '-请输入消费码';
}
if (0 != count($response['errmsg'])) {
echo json_encode($response);
exit;
}
$mobile = $db->escape($mobile);
$code = $db->escape($code);
$get_content = 'select * from ' . $db->table('order_content');
$get_city_name = 'select `city_name` from ' . $db->table('city') . ' where `id`=' . $order['city'];
$get_district_name = 'select `district_name` from ' . $db->table('district') . ' where `id`=' . $order['district'];
$get_group_name = 'select `group_name` from ' . $db->table('group') . ' where `id`=' . $order['group'];
$order['province_name'] = $db->fetchOne($get_province_name);
$order['city_name'] = $db->fetchOne($get_city_name);
$order['district_name'] = $db->fetchOne($get_district_name);
$order['group_name'] = $db->fetchOne($get_group_name);
assign('order', $order);
$template = 'order-detail.phtml';
$_SESSION['order_sn'] = $order_sn;
}
if ('paging' == $opera) {
$response = array('error' => 1, 'msg' => '');
if (!check_cross_domain() && isset($_SESSION['account'])) {
$page = intval(getPOST('page'));
$status = intval(getPOST('status'));
$where = ' o.account = \'' . $_SESSION['account'] . '\'';
if ($status > 0 && $status < 8) {
$where .= ' and o.`status`=' . $status;
}
if ($status > 0 && $status >= 8 && $status < 12) {
$where .= ' and o.`status`>=' . $status . ' and o.`status` < 12';
}
if ($status == 12) {
$where .= ' and o.`status`=' . $status;
}
$get_total = 'select count(id) from ' . $db->table('order') . ' as o where ' . $where;
$total = $db->fetchOne($get_total);
$total_page = ceil($total / $page_count);
$page = $page > $total_page ? $total_page : $page;
$page = $page < 1 ? 1 : $page;
*/
include 'library/init.inc.php';
if (!isset($_SESSION['account'])) {
echo json_decode(array('error' => 1, 'message' => '请先登陆'));
exit;
}
if (check_cross_domain()) {
echo json_decode(array('error' => 1, 'message' => '请从本站提交数据'));
exit;
}
$operation = 'get_children';
$opera = check_action($operation, getPOST('opera'));
if ('get_children' == $opera) {
$account = trim(getPOST('account'));
if ('' == $account) {
$current = trim(getPOST('current'));
if ('' == $current) {
echo json_encode(array('error' => 1, 'message' => '参数错误'));
exit;
} else {
$current = $db->escape($current);
$get_member = 'select id, account, parent_id, nickname as parentId from ' . $db->table('member');
$get_member .= ' where account = \'' . $current . '\' limit 1';
$member = $db->fetchRow($get_member);
if ($member) {
$member['name'] = $member['account'] . '-' . $member['nickname'];
$member['isParent'] = true;
echo json_encode(array('error' => 0, 'message' => '成功', 'data' => $member));
exit;
} else {
echo json_encode(array('error' => 1, 'message' => '会员不存在'));
if ($total_amount >= $user_info['balance']) {
$total_amount -= $user_info['balance'];
} else {
$total_amount = 0;
}
}
$response['error'] = 0;
$response['total_amount'] = $total_amount;
} else {
$response['msg'] = '404:参数错误';
}
echo json_encode($response);
exit;
}
if ('checkout' == $opera) {
$cart = getPOST('cart');
$response = array('error' => 1, 'msg' => '');
if (!check_cross_domain()) {
//过滤要购买的产品
$buy_number = 0;
$cart_data = array();
foreach ($cart as $c) {
if ($c['number'] > 0 && $c['checked']) {
$buy_number += intval($c['number']);
}
$log->record_array($c);
$cart_data[] = array('id' => intval($c['c_id']), 'number' => intval($c['number']), 'checked' => $c['checked'] == 'true' ? 1 : 0);
}
if ($buy_number == 0) {
$response['msg'] = '请选择要购买的产品';
} else {
/**
* Created by PhpStorm.
* User: apple
* Date: 15/9/7
* Time: 上午11:22
*/
include 'library/init.inc.php';
$operation = 'edit';
$opera = check_action($operation, getPOST('opera'));
if ('edit' == $opera) {
$response = array('error' => 1, 'msg' => '');
$email = getPOST('email');
$sex = getPOST('sex');
$mobile = getPOST('mobile');
$identity = trim(getPOST('identity'));
if (!is_mobile($mobile)) {
$response['msg'] .= '-手机号码格式不正确<br/>';
} else {
$mobile = $db->escape($mobile);
//检查号码是否已被使用
$check_mobile = 'select `account` from ' . $db->table('member') . ' where `mobile`=\'' . $mobile . '\' and `account`<>\'' . $_SESSION['account'] . '\'';
if ($db->fetchOne($check_mobile)) {
$response['msg'] = '-该号码已被其他用户使用<br/>';
}
}
// if($email == '')
// {
// $response['msg'] .= '-请填写邮箱地址<br/>';
// } else {
// if(filter_var($email, FILTER_VALIDATE_EMAIL))
exit;
}
$id = getPOST('id');
$id = intval($id);
if (0 >= $id) {
show_system_message('参数错误', array());
exit;
}
$get_section = 'select * from `' . DB_PREFIX . 'forum` where `id`=' . $id . ' limit 1';
$section = $db->fetchRow($get_section);
if (empty($section)) {
show_system_message('帖子不存在', array());
exit;
}
$status = intval(getPOST('status'));
$integral = floatval(getPOST('integral'));
if ($integral <= 0) {
$integral = 0;
}
$data = array('status' => $status, 'integral' => $integral);
$where = 'id = ' . $id;
$order = '';
$limit = '1';
$db->begin();
$transaction = true;
if (!$db->autoUpdate('forum', $data, $where, $order, $limit)) {
$transaction = false;
} else {
if ($status == 1 && $integral > 0) {
$get_account = 'select `account` from ' . $db->table('forum') . ' where `id`=' . $id;
$account = $db->fetchOne($get_account);
//获取用户信息
$get_member_info = 'select `account`,`reward`,`reward_await`,`integral`,`integral_await`,`balance`,`level_id`,`level_expired`,' . '`add_time`,`name`,`wx_openid`,`recommend_path`,`status` from ' . $db->table('member') . ' where `account`=\'' . $_SESSION['account'] . '\'';
$member_info = $db->fetchRow($get_member_info);
assign('member_info', $member_info);
$level_fee = array(2 => floatval($config['join_fee_2']), 3 => floatval($config['join_fee_3']), 4 => floatval($config['join_fee_4']));
$operation = 'submit_order';
$opera = check_action($operation, getPOST('opera'));
if ('submit_order' == $opera) {
$response = array('error' => 1, 'msg' => '');
$use_balance = getPOST('use_balance') == "true" ? 1 : 0;
$use_reward = getPOST('use_reward') == "true" ? 1 : 0;
$level_id = intval(getPOST('level_id'));
$payment_id = intval(getPOST('payment_id'));
$name = trim(getPOST('name'));
$mobile = trim(getPOST('mobile'));
$recommend = trim(getPOST('recommend'));
$recommend_info = null;
if ($level_id <= 1 || $level_id > 4) {
$response['msg'] .= '-请选择会员等级<br/>';
}
if (empty($name)) {
$response['msg'] .= '-请填写真实姓名<br/>';
} else {
$name = $db->escape($name);
}
if (!is_mobile($mobile)) {
$response['msg'] .= '-请填写手机号码<br/>';
} else {
$mobile = $db->escape($mobile);
$check_mobile = 'select `mobile` from ' . $db->table('member') . ' where `mobile`=\'' . $mobile . '\'';
$flag = $db->fetchOne($check_mobile);
$id = intval(getPOST('id'));
if (0 >= $id) {
show_system_message('参数错误', array());
exit;
}
$getNav = 'select * from `' . DB_PREFIX . 'nav` where `id` = \'' . $id . '\' limit 1';
$nav = $db->fetchRow($getNav);
if (empty($nav)) {
show_system_message('导航不存在', array());
exit;
}
$name = trim(getPOST('menuName'));
$parent_id = trim(getPOST('parentId'));
$url = trim(getPOST('menuUrl'));
$order_view = trim(getPOST('menuSort'));
$position = trim(getPOST('position'));
$error = '';
if ('' == $name) {
$error .= '-导航栏名称不能为空' . "\n";
} else {
$name = $db->escape(htmlspecialchars($name));
}
if (0 > $parent_id) {
$error .= '-父级导航栏参数错误' . "\n";
} else {
$parent_id = intval($parent_id);
}
if ('' == $url) {
$error .= '-URL不能为空' . "\n";
} else {
$url = $db->escape(htmlspecialchars($url));
$data = array('email' => $email, 'mobile' => $mobile, 'name' => $name, 'sex' => $sex);
if ($db->autoUpdate('platform_admin', $data, 'account = \'' . $_SESSION['account'] . '\'')) {
$response['error'] = 0;
$response['msg'] = '修改资料成功';
$_SESSION['name'] = $name;
} else {
$response['msg'] = '系统繁忙,请稍后重试';
}
echo json_encode($response);
exit;
}
if ('password' == $opera) {
$response = array('error' => 1, 'msg' => '', 'errmsg' => array());
$password = trim(getPOST('password'));
$new_password = trim(getPOST('new_password'));
$confirm = trim(getPOST('confirm'));
if ('' == $password) {
$response['errmsg']['password'] = '******';
}
if ('' == $new_password) {
$response['errmsg']['new_password'] = '******';
} elseif (strlen($new_password) < 6 || strlen($new_password) > 16) {
$response['errmsg']['new_password'] = '******';
}
if ($new_password != $confirm) {
$response['errmsg']['confirm'] = '两次输入密码不一致';
}
if (count($response['errmsg'])) {
echo json_encode($response);
exit;
}
$account = trim(getPOST('account'));
if ('' == $account) {
show_system_message('参数错误', array());
exit;
}
$account = $db->escape($account);
$get_member = 'select * from ' . $db->table('member') . ' where account = \'' . $account . '\' limit 1';
$member = $db->fetchRow($get_member);
if (empty($member)) {
show_system_message('会员不存在', array());
exit;
}
$mobile = trim(getPOST('mobile'));
$reward = floatval(getPOST('reward'));
$integral = floatval(getPOST('integral'));
$level_id = intval(getPOST('level_id'));
if ('' == $mobile) {
show_system_message('手机不能为空', array());
exit;
}
if (strlen($mobile) != 11) {
show_system_message('手机格式不正确', array());
exit;
}
$mobile = $db->escape($mobile);
$reward = $reward < 0 ? 0 : $reward;
$integral = $integral < 0 ? 0 : $integral;
if (in_array($level_id, array(0, 1, 2))) {
$level_id = 0;
}
$data = array('mobile' => $mobile, 'reward' => $reward, 'integral' => $integral, 'level_id' => $level_id);
$sheet->setCellValue('H' . $row, '');
}
$row++;
}
//输出
$filename = date('YmdHis') . '充值申请列表';
header('Content-Type: application/vnd.ms-excel');
header('Content-Disposition: attachment;filename="' . $filename . '.xls"');
header('Cache-Control: max-age=0');
$objWriter = PHPExcel_IOFactory::createWriter($excel, 'Excel5');
$objWriter->save('php://output');
exit;
}
if ($opera == 'edit') {
$recharge_sn = getPOST('erecharge_sn');
$remark = getPOST('remark');
if ($recharge_sn == '') {
show_system_message('参数错误');
} else {
$recharge_sn = $db->escape($recharge_sn);
}
if ($remark == '') {
show_system_message('请填写备注信息');
} else {
$remark = $db->escape($remark);
}
if (update_recharge($recharge_sn, 3, $_SESSION['account'], '线下充值:' . $remark)) {
show_system_message('充值记录已处理', array(array('link' => 'recharge.php', 'alt' => '充值列表')));
} else {
show_system_message('系统繁忙');
}
$response['error'] = 0;
$response['msg'] = '修改银行卡成功';
} else {
$response['msg'] = '001:系统繁忙,请稍后再试';
}
}
echo json_encode($response);
exit;
}
if ('add' == $opera) {
$response = array('error' => 1, 'msg' => '');
$bank = getPOST('bank');
$bank_account = getPOST('bank_account');
$bank_card = getPOST('bank_card');
$password = getPOST('password');
$mobile = getPOST('mobile');
if ($bank == '') {
$response['msg'] .= '-请填写开户银行<br/>';
} else {
$bank = $db->escape($bank);
}
if ($bank_account == '') {
$response['msg'] .= '-请填写开户人姓名<br/>';
} else {
$bank_account = $db->escape($bank_account);
}
if ($bank_card == '') {
$response['msg'] .= '-请填写银行卡号<br/>';
} else {
$bank_card = $db->escape($bank_card);
}
$section_id = trim(getPOST('section_id'));
$keywords = trim(getPOST('keywords'));
$description = trim(getPOST('description'));
$content = trim(getPOST('content'));
$wap_content = trim(getPOST('wap-content'));
$publishTime = trim(getPOST('publishTime'));
$isAutoPublish = trim(getPOST('isAutoPublish'));
$original_url = trim(getPOST('original-url'));
$order_view = trim(getPOST('order-view'));
$template = trim(getPOST('template'));
$add_time = '';
if ($template == '') {
$template = 'article.phtml';
}
$thumb = '';
$original = trim(getPOST('img'));
if ('' != $original) {
$original = $db->escape(htmlspecialchars($original));
if (file_exists('../' . $original)) {
$thumb = str_replace('image', 'thumb', $original);
} else {
$thumb = '';
}
}
if ('' == $title) {
$response['msg'] .= '-标题不能为空<br />';
} else {
$title = $db->escape(htmlspecialchars($title));
}
if ('' == $author) {
$author = $_SESSION['name'];
array_push($section_id_array, $section['id']);
}
}
$section_id_str = '(' . implode(',', $section_id_array) . ')';
$get_article_list = 'select * from ' . $db->table('content') . ' where `section_id` in ' . $section_id_str;
$get_article_list .= ' and `status` <> 0 order by `order_view` asc, `last_modify` desc';
$page_count = 20;
assign('page_count', $page_count);
$article_list = $db->fetchAll($get_article_list);
$total = count($article_list);
$total_page = ceil($total / $page_count);
assign('total_page', $total_page);
if ('paging' == $opera) {
$response = array('error' => 1, 'msg' => '');
if (!check_cross_domain() && isset($_SESSION['account'])) {
$page = intval(getPOST('page'));
$page = $page > $total_page ? $total_page : $page;
$page = $page < 1 ? 1 : $page;
$offset = $page_count * ($page - 1);
$get_article_list .= ' limit ' . $offset . ',' . $page_count;
$article_list = $db->fetchAll($get_article_list);
assign('article_list', $article_list);
assign('page', $page);
$response['content'] = $smarty->fetch('promotion-item.phtml');
$response['sql'] = $get_article_list;
$response['error'] = 0;
} else {
if (empty($_SESSION['account'])) {
$response['msg'] = '请先登录';
$response['error'] = 2;
} else {
