/** * TODO description **/ public function checkLogin() { $OBJ =& get_instance(); // if logging out if (isset($_POST['logout'])) { $this->logout(); } $cookie_expires = time() + $this->cookie_expires; // if logging in if (isset($_POST['submitLogin'])) { sleep(3); // obscure prevention of absuse $clean['userid'] = getPOST('uid', null, 'password', 12); $clean['password'] = md5(getPOST('pwd', null, 'password', 12)); $this->prefs = $OBJ->db->selectArray('user', $clean, Db::FETCH_RECORD); if ($this->prefs) { // create a new user hash upon login $temp['user_hash'] = md5(time() . $clean['password'] . 'secret'); $OBJ->db->updateArray('user', $temp, "ID = {$this->prefs['ID']}"); setcookie('ndxz_hash', $temp['user_hash'], $cookie_expires, '/'); setcookie('ndxz_access', $clean['password'], $cookie_expires, '/'); $this->settings(); return; } else { show_login('login err'); } } // return access if (isset($_COOKIE['ndxz_access']) && isset($_COOKIE['ndxz_hash'])) { $clean['user_hash'] = getCOOKIE($_COOKIE['ndxz_hash'], null, 'password', 32); $clean['password'] = getCOOKIE($_COOKIE['ndxz_access'], null, 'password', 32); $this->prefs = $OBJ->db->selectArray('user', $clean, Db::FETCH_RECORD); if ($this->prefs) { // we'll update each time so no more weird logouts setcookie('ndxz_hash', $clean['user_hash'], $cookie_expires, '/'); setcookie('ndxz_access', $clean['password'], $cookie_expires, '/'); $this->settings(); return; } } show_login(); }
<?php include 'library/init.inc.php'; $operation = 'shake'; $opera = check_action($operation, getPOST('opera')); if ('shake' == $opera) { $response = array('error' => 1, 'msg' => ''); $progress = intval(getPOST('progress')); $cycle = intval(getPOST('cycle')); if ($progress <= 0) { $progress = 1; } if ($cycle <= 0) { $response['msg'] = '参数错误'; } if ($response['msg'] == '') { $get_cycle_status = 'select `status` from ' . $db->table('cycle') . ' where `id`=' . $cycle; $status = $db->fetchOne($get_cycle_status); $get_shake = 'select `id`,`total`,`progress`,`goal` from ' . $db->table('shake') . ' where `account`=\'' . $_SESSION['account'] . '\''; $shake = $db->fetchRow($get_shake); if ($shake && $status == 1) { $goal = false; if ($shake['total'] < 100) { if ($shake['total'] + $progress >= 100) { $progress = 100 - $shake['total']; $goal = true; } $shake_data = array('total' => $shake['total'] + $progress, 'progress' => $shake['progress'] + $progress, 'cycle' => $cycle); if ($goal) { $shake_data['end_time'] = microtime(); }
<?php /** * Created by PhpStorm. * User: apple * Date: 15/9/7 * Time: 上午11:22 */ include 'library/init.inc.php'; $operation = 'edit'; $opera = check_action($operation, getPOST('opera')); if ('edit' == $opera) { $response = array('error' => 1, 'msg' => ''); $password = getPOST('password'); $ref = getPOST('ref'); if ($password == '') { $response['msg'] = '请填写新密码'; } if (!isset($_SESSION['token']) || $_SESSION['token'] != 'verify message code success.') { $response['msg'] = '请先通过身份验证'; } if ($response['msg'] == '') { $password = md5($password . PASSWORD_END); $data = array('password' => $password); if ($db->autoUpdate('member', $data, '`account`=\'' . $_SESSION['account'] . '\'')) { $response['msg'] = '修改密码成功'; $response['error'] = 0; if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'login.php') === false) { $response['referer'] = $_SERVER['HTTP_REFERER']; } else { $response['referer'] = 'index.php';
$db->rollback(); } } echo json_encode($response); exit; } if ('add' == $opera) { $response = array('error' => 1, 'msg' => '', 'errmsg' => array()); $rule = trim(getPOST('rule')); $response_content = trim(getPOST('response_content')); $name = trim(getPOST('name')); $order_view = intval(getPOST('order_view')); $enabled = intval(getPOST('enabled')); $match_mode = intval(getPOST('match_mode')); $msgType = trim(getPOST('msgType')); $content_id = intval(getPOST('content_id')); if ($rule == '') { $response['errmsg']['rule'] = '-请填写关键词'; } else { $rule = $db->escape($rule); } if ($msgType == '') { $response['errmsg']['msgType'] = '-请选择回复类型'; } else { if (!array_key_exists($msgType, $msgType_array)) { $response['errmsg']['msgType'] = '-请选择回复类型'; } else { $msgType = $db->escape($msgType); if ($msgType == 'news') { if ($content_id <= 0) { $response['errmsg']['content_id'] = '-请选择资讯';
* User: apple * Date: 15/9/15 * Time: 下午8:21 */ include 'library/init.inc.php'; $id = intval(getGET('id')); $template = 'category.phtml'; $product_list = array(); $flag = false; $operation = 'sort'; $opera = check_action($operation, getPOST('opera')); //产品排序 if ('sort' == $opera) { $response = array('error' => 1, 'msg' => ''); $filter = getPOST('filter'); $mode = getPOST('mode'); $now = time(); $get_product_list = 'select `id`,`name`,if(`promote_end`>' . $now . ',`promote_price`,`price`) as `price`,`img` from ' . $db->table('product') . ' where `status`=4 '; $response['filter'] = $filter; //分组使用筛选条件 //关键词 if (isset($filter['id']) && $filter['id'] > 0) { $id = intval($filter['id']); $get_category_path = 'select `path` from ' . $db->table('category') . ' where `id`=' . $id; $path = $db->fetchOne($get_category_path); $get_category_ids = 'select `id` from ' . $db->table('category') . ' where `path` like \'' . $path . '%\' and `id` not in (' . $path . '0)'; $category_ids = $db->fetchAll($get_category_ids); $category_ids_tmp = array(); $category_ids_str = ''; if ($category_ids) { foreach ($category_ids as $key => $val) {
<?php /** * Created by PhpStorm. * User: apple * Date: 15/8/24 * Time: 下午3:32 */ include 'library/init.inc.php'; $log->record_array($_POST); $response = array('error' => 1, 'msg' => ''); $access_token = get_access_token($config['appid'], $config['appsecret']); $openid = getPOST('openid'); $openid = $db->escape($openid); if ($access_token) { if ($ticket = get_qrcode($openid, $access_token)) { $response['url'] = 'http://wechat.wzcy188.com/facm/api/recommend.php?ticket=' . urlencode($openid); $response['error'] = 0; } else { $response['msg'] = '服务器繁忙,请稍后再次获取'; } } else { $response['msg'] = '获取access_token失败'; } echo json_encode($response); exit;
} if ('add' == $opera) { $response = array('error' => 1, 'msg' => '', 'errmsg' => array()); if (!check_purview('pur_ad_add', $_SESSION['purview'])) { $response['msg'] = '没有操作权限'; echo json_encode($response); exit; } $url = getPOST('url'); $img = getPOST('img'); $alt = getPOST('alt'); $forever = getPOST('forever'); $ad_pos_id = intval(getPOST('ad_pos_id')); $order_view = intval(getPOST('order_view')); $begin_time = getPOST('begin_time'); $end_time = getPOST('end_time'); if ($alt == '') { $response['errmsg']['alt'] = '-请填写替换文字'; } else { $alt = $db->escape($alt); } if ($ad_pos_id <= 0) { $response['errmsg']['ad_pos_id'] = '-请选择广告位置'; } if ($order_view < 0) { $response['errmsg']['order_view'] = '-请输入广告排序'; } if ($forever == 0) { if ($begin_time == '' || $end_time == '') { $response['errmsg']['time'] = '-请选择有效时间'; } else {
$act = $act == '' ? 'view' : $act; $opera = check_action($operation, getPOST('opera')); //=========================================================================== if ($opera == 'send') { $get_reward_list = 'select `account`,`reward`,`remark`,`type`,`id` from ' . $db->table('reward') . ' where `status`=1'; $reward_list = $db->fetchAll($get_reward_list); foreach ($reward_list as $reward) { if (member_account_change($reward['account'], 0, $reward['reward'], -1 * $reward['reward'], 0, 0, 0, $_SESSION['admin_account'], 4, $reward['remark'])) { $reward_status = array('status' => 2, 'solve_time' => time()); $db->autoUpdate('reward', $reward_status, '`id`=' . $reward['id']); } } show_system_message('奖金发放完毕'); } if ($opera == 'export') { $reward_id = getPOST('order_id'); $account = getGET('account'); $status = intval(getGET('status')); $type = intval(getGET('type')); $begin_time = getGET('begin_time'); $end_time = getGET('end_time'); $sql = 'select * from ' . $db->table('reward'); $where = ' where 1'; if ($reward_id != '') { $reward_id = substr($reward_id, 0, strlen($reward_id) - 1); $reward_id = $db->escape($reward_id); $where .= ' and `id` in (' . $reward_id . ')'; } else { if ($account != '') { $account = $db->escape($account); $where .= ' and `account`=\'' . $account . '\'';
<?php include_once 'functions.inc'; ## Form if (isset($_POST['submit'])) { # Get request properties $form['firstname'] = getPost('firstname'); $form['lastname'] = getPOST('lastname'); $form['email'] = getPOST('email'); $form['password'] = getPOST('password'); $form['confirmPassword'] = getPOST('confPassword'); $form['subject'] = getPOST('subject'); $form['message'] = getPOST('message'); $form['captchaValue'] = getPOST('captchaValue'); $form['captchaId'] = getPOST('captchaId'); // Add datetime date_default_timezone_set('Europe/Berlin'); $form['date'] = date("F j, Y, g:i a"); // Check for empty fields foreach ($form as $key => $value) { if (!$value) { $errorMsg .= 'The field "' . $key . '" may not be empty.<br>'; } } if (!validateEmail($form['email'])) { $errorMsg .= "Please check your email address entered.<br>"; } if (!validatePassword($form['password'], $form['confirmPassword'])) { $errorMsg .= "Passwords does not match.<br>"; } if (!validateCaptcha($form['captchaValue'], $form['captchaId'])) {
exit; } $business_account = trim(getPOST('account')); if ('' == $business_account) { show_system_message('参数错误', array()); exit; } $business_account = $db->escape($business_account); $get_business = 'select * from ' . $db->table('business'); $get_business .= ' where business_account = \'' . $business_account . '\' and status = 1 limit 1'; $business = $db->fetchRow($get_business); if (empty($business)) { show_system_message('商户不存在', array()); exit; } $reason = trim(getPOST('reason')); if ('' == $reason) { $reason = '您的认证信息审核不通过,请重新提交'; } else { $reason = $db->escape($reason); } $db->begin(); $transaction = true; $update_business = 'update ' . $db->table('auth') . ' set status = 2'; $update_business .= ' where business_account = \'' . $business_account . '\' limit 1'; if (!$db->update($update_business)) { $transaction = false; } //已系统消息形式返回驳回理由,返回到 $data = array('title' => '信息认证', 'content' => $reason, 'account' => $business['account'], 'business_account' => $business['business_account'], 'add_time' => time(), 'status' => 0); if (!$db->autoInsert('message', array($data))) {
* @email wrh4285@163.com * @date 2015-8-19 * @version 1.0.0 */ include 'library/init.inc.php'; $template = 'index/'; $action = 'login|forget|logout'; $operation = 'login|forget'; $act = check_action($action, getGET('act')); $act = $act == '' ? 'login' : $act; $opera = check_action($operation, getPOST('opera')); $error = array(); //登陆 if ('login' == $opera) { $account = trim(getPOST('account')); $password = trim(getPOST('password')); if ('' == $account) { $error['account'] = '账号不能为空'; } else { $account = $db->escape(htmlspecialchars($account)); } if ('' == $password) { $error['password'] = '******'; } else { $password = md5($password . PASSWORD_END); } if (preg_match('#@#', $account)) { $checkAccount = 'select `password`,`role_id`,`business_account` from ' . $db->table('admin') . ' where `account`=\'' . $account . '\' limit 1'; $admin = $db->fetchRow($checkAccount); if ($admin) { if ($password == $admin['password']) {
} if ('edit' == $opera) { $response = array('error' => 1, 'msg' => '', 'errmsg' => array()); if (!check_purview('pur_ad_edit', $_SESSION['business_purview'])) { $response['msg'] = '没有操作权限'; echo json_encode($response); exit; } $url = getPOST('url'); $img = getPOST('img'); $alt = getPOST('alt'); $forever = getPOST('forever'); $order_view = intval(getPOST('order_view')); $begin_time = getPOST('begin_time'); $end_time = getPOST('end_time'); $id = intval(getPOST('eid')); if ($id <= 0) { $response['msg'] = '参数错误'; } $get_ad = 'select * from ' . $db->table('ad') . ' where `id`=' . $id . ' and business_account = \'' . $_SESSION['business_account'] . '\' limit 1'; $ad = $db->fetchRow($get_ad); if (empty($ad)) { show_system_message('广告不存在'); exit; } if ($alt == '') { $response['errmsg']['alt'] = '-请填写替换文字'; } else { $alt = $db->escape($alt); } if ($order_view < 0) {
show_system_message('修改个人信息成功', $links); exit; } else { show_system_message('系统繁忙,请稍后重试', array()); exit; } } //修改密码 if ('passwd' == $opera) { if (!check_purview('pur_passwd_edit', $_SESSION['purview'])) { show_system_message('权限不足', array()); exit; } $old_password = trim(getPOST('old-password')); $new_password = trim(getPOST('new-password')); $confirm_password = trim(getPOST('confirm-password')); if ('' == $old_password) { show_system_message('原密码不能为空', array()); exit; } else { $old_password = md5($old_password . PASSWORD_END); } if ('' == $new_password) { show_system_message('新密码不能为空', array()); exit; } if ($confirm_password != $new_password) { show_system_message('两次输入的密码不一致', array()); exit; } $get_admin = 'select `password` from ' . $db->table('admin') . ' where account = \'' . $_SESSION['account'] . '\' limit 1';
$opera = check_action($operation, getPOST('opera')); if ('apply' == $opera) { $response = array('error' => 1, 'msg' => ''); $shop_name = getPOST('shop_name'); $license = $_FILES['license']; $identity = $_FILES['identity']; $industry = intval(getPOST('industry')); $category = intval(getPOST('category')); $province = intval(getPOST('province')); $city = intval(getPOST('city')); $district = intval(getPOST('district')); $group = intval(getPOST('group')); $address = getPOST('address'); $contact = getPOST('contact'); $mobile = getPOST('mobile'); $email = getPOST('email'); $name = ''; if ($shop_name == '') { $response['msg'] .= '-请填写网店名称<br/>'; } else { $shop_name = $db->escape($shop_name); } if ($industry <= 0) { $response['msg'] .= '-请选择主营行业<br/>'; } if ($category <= 0) { $response['msg'] .= '-请选择主营分类<br/>'; } if ($province <= 0 || $city <= 0 || $district <= 0 || $group <= 0) { $response['msg'] .= '-请选择所在地区<br/>'; }
} $row += 2; } //输出 $filename = date('YmdHis') . '订单列表'; header('Content-Type: application/vnd.ms-excel'); header('Content-Disposition: attachment;filename="' . $filename . '.xls"'); header('Cache-Control: max-age=0'); $objWriter = PHPExcel_IOFactory::createWriter($excel, 'Excel5'); $objWriter->save('php://output'); exit; } if ($opera == 'edit') { $order_sn = getPOST('eorder_sn'); $delivery_sn = getPOST('delivery_sn'); $delivery_company = getPOST('delivery_company'); if ($order_sn == '') { show_system_message('参数错误'); } else { $order_sn = $db->escape($order_sn); } if ($delivery_company == '') { show_system_message('请填写物流公司'); } else { $delivery_company = $db->escape($delivery_company); } if ($delivery_sn == '') { show_system_message('请填写物流单号'); } else { $delivery_sn = $db->escape($delivery_sn); }
/** * 消费券管理 * @author 王仁欢 * @email wrh4285@163.com * @date 2015-10-16 * @version 1.0.0 */ include 'library/init.inc.php'; back_base_init(); $template = 'virtual_order/'; assign('subTitle', '消费券管理'); $action = 'view'; $operation = ''; $act = check_action($action, getGET('act')); $act = $act == '' ? 'view' : $act; $opera = check_action($operation, getPOST('opera')); $status_str = array(0 => '有效', 1 => '已使用', 2 => '已过期', 3 => '失效'); //=========================================================================== //=========================================================================== if ('view' == $act) { if (!check_purview('pur_virtual_order_view', $_SESSION['purview'])) { show_system_message('权限不足', array()); exit; } $status = intval(getGET('status')); if ($status == 0) { assign('status', 0); assign('order_status', ''); $and_where = ''; } else { switch ($status) {
$action = 'view|consume'; $operation = 'consume'; $act = check_action($action, getGET('act')); $act = $act == '' ? 'view' : $act; $opera = check_action($operation, getPOST('opera')); $status_str = array(0 => '有效', 1 => '已使用', 2 => '已过期', 3 => '失效'); //=========================================================================== if ('consume' == $opera) { $response = array('error' => 1, 'msg' => '', 'errmsg' => array()); if (!check_purview('pur_virtual_order_edit', $_SESSION['business_purview'])) { $response['msg'] = '权限不足'; echo json_encode($response); exit; } $mobile = trim(getPOST('mobile')); $code = trim(getPOST('code')); if ('' == $mobile || 11 != strlen($mobile)) { $response['msg'] = '参数错误'; $response['errmsg']['mobile'] = '-请输入手机号码'; } if ('' == $code) { $response['msg'] = '参数错误'; $response['errmsg']['code'] = '-请输入消费码'; } if (0 != count($response['errmsg'])) { echo json_encode($response); exit; } $mobile = $db->escape($mobile); $code = $db->escape($code); $get_content = 'select * from ' . $db->table('order_content');
$get_city_name = 'select `city_name` from ' . $db->table('city') . ' where `id`=' . $order['city']; $get_district_name = 'select `district_name` from ' . $db->table('district') . ' where `id`=' . $order['district']; $get_group_name = 'select `group_name` from ' . $db->table('group') . ' where `id`=' . $order['group']; $order['province_name'] = $db->fetchOne($get_province_name); $order['city_name'] = $db->fetchOne($get_city_name); $order['district_name'] = $db->fetchOne($get_district_name); $order['group_name'] = $db->fetchOne($get_group_name); assign('order', $order); $template = 'order-detail.phtml'; $_SESSION['order_sn'] = $order_sn; } if ('paging' == $opera) { $response = array('error' => 1, 'msg' => ''); if (!check_cross_domain() && isset($_SESSION['account'])) { $page = intval(getPOST('page')); $status = intval(getPOST('status')); $where = ' o.account = \'' . $_SESSION['account'] . '\''; if ($status > 0 && $status < 8) { $where .= ' and o.`status`=' . $status; } if ($status > 0 && $status >= 8 && $status < 12) { $where .= ' and o.`status`>=' . $status . ' and o.`status` < 12'; } if ($status == 12) { $where .= ' and o.`status`=' . $status; } $get_total = 'select count(id) from ' . $db->table('order') . ' as o where ' . $where; $total = $db->fetchOne($get_total); $total_page = ceil($total / $page_count); $page = $page > $total_page ? $total_page : $page; $page = $page < 1 ? 1 : $page;
*/ include 'library/init.inc.php'; if (!isset($_SESSION['account'])) { echo json_decode(array('error' => 1, 'message' => '请先登陆')); exit; } if (check_cross_domain()) { echo json_decode(array('error' => 1, 'message' => '请从本站提交数据')); exit; } $operation = 'get_children'; $opera = check_action($operation, getPOST('opera')); if ('get_children' == $opera) { $account = trim(getPOST('account')); if ('' == $account) { $current = trim(getPOST('current')); if ('' == $current) { echo json_encode(array('error' => 1, 'message' => '参数错误')); exit; } else { $current = $db->escape($current); $get_member = 'select id, account, parent_id, nickname as parentId from ' . $db->table('member'); $get_member .= ' where account = \'' . $current . '\' limit 1'; $member = $db->fetchRow($get_member); if ($member) { $member['name'] = $member['account'] . '-' . $member['nickname']; $member['isParent'] = true; echo json_encode(array('error' => 0, 'message' => '成功', 'data' => $member)); exit; } else { echo json_encode(array('error' => 1, 'message' => '会员不存在'));
if ($total_amount >= $user_info['balance']) { $total_amount -= $user_info['balance']; } else { $total_amount = 0; } } $response['error'] = 0; $response['total_amount'] = $total_amount; } else { $response['msg'] = '404:参数错误'; } echo json_encode($response); exit; } if ('checkout' == $opera) { $cart = getPOST('cart'); $response = array('error' => 1, 'msg' => ''); if (!check_cross_domain()) { //过滤要购买的产品 $buy_number = 0; $cart_data = array(); foreach ($cart as $c) { if ($c['number'] > 0 && $c['checked']) { $buy_number += intval($c['number']); } $log->record_array($c); $cart_data[] = array('id' => intval($c['c_id']), 'number' => intval($c['number']), 'checked' => $c['checked'] == 'true' ? 1 : 0); } if ($buy_number == 0) { $response['msg'] = '请选择要购买的产品'; } else {
/** * Created by PhpStorm. * User: apple * Date: 15/9/7 * Time: 上午11:22 */ include 'library/init.inc.php'; $operation = 'edit'; $opera = check_action($operation, getPOST('opera')); if ('edit' == $opera) { $response = array('error' => 1, 'msg' => ''); $email = getPOST('email'); $sex = getPOST('sex'); $mobile = getPOST('mobile'); $identity = trim(getPOST('identity')); if (!is_mobile($mobile)) { $response['msg'] .= '-手机号码格式不正确<br/>'; } else { $mobile = $db->escape($mobile); //检查号码是否已被使用 $check_mobile = 'select `account` from ' . $db->table('member') . ' where `mobile`=\'' . $mobile . '\' and `account`<>\'' . $_SESSION['account'] . '\''; if ($db->fetchOne($check_mobile)) { $response['msg'] = '-该号码已被其他用户使用<br/>'; } } // if($email == '') // { // $response['msg'] .= '-请填写邮箱地址<br/>'; // } else { // if(filter_var($email, FILTER_VALIDATE_EMAIL))
exit; } $id = getPOST('id'); $id = intval($id); if (0 >= $id) { show_system_message('参数错误', array()); exit; } $get_section = 'select * from `' . DB_PREFIX . 'forum` where `id`=' . $id . ' limit 1'; $section = $db->fetchRow($get_section); if (empty($section)) { show_system_message('帖子不存在', array()); exit; } $status = intval(getPOST('status')); $integral = floatval(getPOST('integral')); if ($integral <= 0) { $integral = 0; } $data = array('status' => $status, 'integral' => $integral); $where = 'id = ' . $id; $order = ''; $limit = '1'; $db->begin(); $transaction = true; if (!$db->autoUpdate('forum', $data, $where, $order, $limit)) { $transaction = false; } else { if ($status == 1 && $integral > 0) { $get_account = 'select `account` from ' . $db->table('forum') . ' where `id`=' . $id; $account = $db->fetchOne($get_account);
//获取用户信息 $get_member_info = 'select `account`,`reward`,`reward_await`,`integral`,`integral_await`,`balance`,`level_id`,`level_expired`,' . '`add_time`,`name`,`wx_openid`,`recommend_path`,`status` from ' . $db->table('member') . ' where `account`=\'' . $_SESSION['account'] . '\''; $member_info = $db->fetchRow($get_member_info); assign('member_info', $member_info); $level_fee = array(2 => floatval($config['join_fee_2']), 3 => floatval($config['join_fee_3']), 4 => floatval($config['join_fee_4'])); $operation = 'submit_order'; $opera = check_action($operation, getPOST('opera')); if ('submit_order' == $opera) { $response = array('error' => 1, 'msg' => ''); $use_balance = getPOST('use_balance') == "true" ? 1 : 0; $use_reward = getPOST('use_reward') == "true" ? 1 : 0; $level_id = intval(getPOST('level_id')); $payment_id = intval(getPOST('payment_id')); $name = trim(getPOST('name')); $mobile = trim(getPOST('mobile')); $recommend = trim(getPOST('recommend')); $recommend_info = null; if ($level_id <= 1 || $level_id > 4) { $response['msg'] .= '-请选择会员等级<br/>'; } if (empty($name)) { $response['msg'] .= '-请填写真实姓名<br/>'; } else { $name = $db->escape($name); } if (!is_mobile($mobile)) { $response['msg'] .= '-请填写手机号码<br/>'; } else { $mobile = $db->escape($mobile); $check_mobile = 'select `mobile` from ' . $db->table('member') . ' where `mobile`=\'' . $mobile . '\''; $flag = $db->fetchOne($check_mobile);
$id = intval(getPOST('id')); if (0 >= $id) { show_system_message('参数错误', array()); exit; } $getNav = 'select * from `' . DB_PREFIX . 'nav` where `id` = \'' . $id . '\' limit 1'; $nav = $db->fetchRow($getNav); if (empty($nav)) { show_system_message('导航不存在', array()); exit; } $name = trim(getPOST('menuName')); $parent_id = trim(getPOST('parentId')); $url = trim(getPOST('menuUrl')); $order_view = trim(getPOST('menuSort')); $position = trim(getPOST('position')); $error = ''; if ('' == $name) { $error .= '-导航栏名称不能为空' . "\n"; } else { $name = $db->escape(htmlspecialchars($name)); } if (0 > $parent_id) { $error .= '-父级导航栏参数错误' . "\n"; } else { $parent_id = intval($parent_id); } if ('' == $url) { $error .= '-URL不能为空' . "\n"; } else { $url = $db->escape(htmlspecialchars($url));
$data = array('email' => $email, 'mobile' => $mobile, 'name' => $name, 'sex' => $sex); if ($db->autoUpdate('platform_admin', $data, 'account = \'' . $_SESSION['account'] . '\'')) { $response['error'] = 0; $response['msg'] = '修改资料成功'; $_SESSION['name'] = $name; } else { $response['msg'] = '系统繁忙,请稍后重试'; } echo json_encode($response); exit; } if ('password' == $opera) { $response = array('error' => 1, 'msg' => '', 'errmsg' => array()); $password = trim(getPOST('password')); $new_password = trim(getPOST('new_password')); $confirm = trim(getPOST('confirm')); if ('' == $password) { $response['errmsg']['password'] = '******'; } if ('' == $new_password) { $response['errmsg']['new_password'] = '******'; } elseif (strlen($new_password) < 6 || strlen($new_password) > 16) { $response['errmsg']['new_password'] = '******'; } if ($new_password != $confirm) { $response['errmsg']['confirm'] = '两次输入密码不一致'; } if (count($response['errmsg'])) { echo json_encode($response); exit; }
$account = trim(getPOST('account')); if ('' == $account) { show_system_message('参数错误', array()); exit; } $account = $db->escape($account); $get_member = 'select * from ' . $db->table('member') . ' where account = \'' . $account . '\' limit 1'; $member = $db->fetchRow($get_member); if (empty($member)) { show_system_message('会员不存在', array()); exit; } $mobile = trim(getPOST('mobile')); $reward = floatval(getPOST('reward')); $integral = floatval(getPOST('integral')); $level_id = intval(getPOST('level_id')); if ('' == $mobile) { show_system_message('手机不能为空', array()); exit; } if (strlen($mobile) != 11) { show_system_message('手机格式不正确', array()); exit; } $mobile = $db->escape($mobile); $reward = $reward < 0 ? 0 : $reward; $integral = $integral < 0 ? 0 : $integral; if (in_array($level_id, array(0, 1, 2))) { $level_id = 0; } $data = array('mobile' => $mobile, 'reward' => $reward, 'integral' => $integral, 'level_id' => $level_id);
$sheet->setCellValue('H' . $row, ''); } $row++; } //输出 $filename = date('YmdHis') . '充值申请列表'; header('Content-Type: application/vnd.ms-excel'); header('Content-Disposition: attachment;filename="' . $filename . '.xls"'); header('Cache-Control: max-age=0'); $objWriter = PHPExcel_IOFactory::createWriter($excel, 'Excel5'); $objWriter->save('php://output'); exit; } if ($opera == 'edit') { $recharge_sn = getPOST('erecharge_sn'); $remark = getPOST('remark'); if ($recharge_sn == '') { show_system_message('参数错误'); } else { $recharge_sn = $db->escape($recharge_sn); } if ($remark == '') { show_system_message('请填写备注信息'); } else { $remark = $db->escape($remark); } if (update_recharge($recharge_sn, 3, $_SESSION['account'], '线下充值:' . $remark)) { show_system_message('充值记录已处理', array(array('link' => 'recharge.php', 'alt' => '充值列表'))); } else { show_system_message('系统繁忙'); }
$response['error'] = 0; $response['msg'] = '修改银行卡成功'; } else { $response['msg'] = '001:系统繁忙,请稍后再试'; } } echo json_encode($response); exit; } if ('add' == $opera) { $response = array('error' => 1, 'msg' => ''); $bank = getPOST('bank'); $bank_account = getPOST('bank_account'); $bank_card = getPOST('bank_card'); $password = getPOST('password'); $mobile = getPOST('mobile'); if ($bank == '') { $response['msg'] .= '-请填写开户银行<br/>'; } else { $bank = $db->escape($bank); } if ($bank_account == '') { $response['msg'] .= '-请填写开户人姓名<br/>'; } else { $bank_account = $db->escape($bank_account); } if ($bank_card == '') { $response['msg'] .= '-请填写银行卡号<br/>'; } else { $bank_card = $db->escape($bank_card); }
$section_id = trim(getPOST('section_id')); $keywords = trim(getPOST('keywords')); $description = trim(getPOST('description')); $content = trim(getPOST('content')); $wap_content = trim(getPOST('wap-content')); $publishTime = trim(getPOST('publishTime')); $isAutoPublish = trim(getPOST('isAutoPublish')); $original_url = trim(getPOST('original-url')); $order_view = trim(getPOST('order-view')); $template = trim(getPOST('template')); $add_time = ''; if ($template == '') { $template = 'article.phtml'; } $thumb = ''; $original = trim(getPOST('img')); if ('' != $original) { $original = $db->escape(htmlspecialchars($original)); if (file_exists('../' . $original)) { $thumb = str_replace('image', 'thumb', $original); } else { $thumb = ''; } } if ('' == $title) { $response['msg'] .= '-标题不能为空<br />'; } else { $title = $db->escape(htmlspecialchars($title)); } if ('' == $author) { $author = $_SESSION['name'];
array_push($section_id_array, $section['id']); } } $section_id_str = '(' . implode(',', $section_id_array) . ')'; $get_article_list = 'select * from ' . $db->table('content') . ' where `section_id` in ' . $section_id_str; $get_article_list .= ' and `status` <> 0 order by `order_view` asc, `last_modify` desc'; $page_count = 20; assign('page_count', $page_count); $article_list = $db->fetchAll($get_article_list); $total = count($article_list); $total_page = ceil($total / $page_count); assign('total_page', $total_page); if ('paging' == $opera) { $response = array('error' => 1, 'msg' => ''); if (!check_cross_domain() && isset($_SESSION['account'])) { $page = intval(getPOST('page')); $page = $page > $total_page ? $total_page : $page; $page = $page < 1 ? 1 : $page; $offset = $page_count * ($page - 1); $get_article_list .= ' limit ' . $offset . ',' . $page_count; $article_list = $db->fetchAll($get_article_list); assign('article_list', $article_list); assign('page', $page); $response['content'] = $smarty->fetch('promotion-item.phtml'); $response['sql'] = $get_article_list; $response['error'] = 0; } else { if (empty($_SESSION['account'])) { $response['msg'] = '请先登录'; $response['error'] = 2; } else {