Example #1
0
 function ajax()
 {
     $model = M('Order');
     $id = intval($_POST['id']);
     $order = $model->find($id);
     if ($order['userid'] != $this->_userid) {
         die(json_encode(array('msg' => L('do_empty'))));
     }
     $_POST = get_safe_replace($_POST);
     if ($_GET['do'] == 'saveaddress') {
         $r = $model->save($_POST);
         die(json_encode(array('id' => 1)));
     } elseif ($_GET['do'] == 'order_status') {
         $_POST['status'] = 3;
         $_POST['confirm_time'] = time();
         $r = $model->save($_POST);
         die(json_encode(array('id' => 1)));
     } elseif ($_GET['do'] == 'pay_status') {
         $_POST['pay_status'] = 3;
         $r = $model->save($_POST);
         die(json_encode(array('id' => 1)));
     } elseif ($_GET['do'] == 'shipping_status') {
         $_POST['shipping_status'] = $_POST['num'];
         unset($_POST['num']);
         $_POST['accept_time'] = $_POST['shipping_status'] == 2 ? time() : '';
         $r = $model->save($_POST);
         die(json_encode(array('id' => 1)));
     }
 }
Example #2
0
 function _initialize()
 {
     parent::_initialize();
     import('@.EXT.Online');
     new Online();
     $this->dao = M('Cart');
     $this->sessionid = get_safe_replace(cookie('onlineid'));
     $_POST = get_safe_replace($_POST);
 }
Example #3
0
 public function _empty()
 {
     //空操作 空模块
     if (MODULE_NAME != 'Urlrule') {
         $Mod = F('Mod');
         if (!$Mod[MODULE_NAME]) {
             throw_exception('404');
         }
     }
     $a = ACTION_NAME;
     $id = intval($_REQUEST['id']);
     $catid = intval($_REQUEST['catid']);
     $moduleid = intval($_REQUEST['moduleid']);
     if (MODULE_NAME == 'Urlrule') {
         if (APP_LANG) {
             $l = get_safe_replace($_REQUEST['l']);
             $lang = $l ? '_' . $l : '_' . C('DEFAULT_LANG');
         }
         $catdir = get_safe_replace($_REQUEST['catdir']);
         if ($catdir) {
             $Cat = F('Cat' . $lang);
             $catid = $catid ? $catid : $Cat[$catdir];
             unset($Cat);
         }
         if ($_REQUEST['module']) {
             $m = get_safe_replace($_REQUEST['module']);
         } elseif ($moduleid) {
             $Module = F('Module');
             $m = $Module[$moduleid]['module'];
             unset($Module);
         } elseif ($catid) {
             $Category = F('Category' . $lang);
             $m = $Category[$catid]['module'];
             unset($Category);
         } else {
             throw_exception('404');
         }
         if ($a == 'index') {
             $id = $catid;
         }
     } else {
         if (empty($id)) {
             $Cat = F('Cat' . $lang);
             $id = $Cat[$id];
             unset($Cat);
         }
         $m = MODULE_NAME;
     }
     import('@.Action.Base');
     $bae = new BaseAction();
     if (!method_exists($bae, $a)) {
         throw_exception('404');
     }
     $bae->{$a}($id, $m);
 }
 public function downloadxls()
 {
     $where = 1;
     $name = "全部订单:" . time();
     if ($_REQUEST["time1"] || $_REQUEST["time2"]) {
         $time1 = get_safe_replace($_REQUEST["time1"]);
         $time2 = get_safe_replace($_REQUEST["time2"]);
         /*strtotime($time2)-($day*86400);*/
         if ($time1 == $time2) {
             $time1 = strtotime($time1) - 86400;
         } else {
             $time1 = strtotime($time1);
         }
         /*相同日期则选择一天*/
         $where .= " and add_time > '" . $time1 . "' and add_time < '" . strtotime($time2) . "'";
         $name = "时间段" . toDate($time1, "Y/m/d") . "-" . toDate(strtotime($time2), "Y/m/d");
     }
     $order = M(MODULE_NAME)->where($where)->getfield('id,sn,add_time,consignee,mobile,order_amount,province,city,area,address');
     //
     $data = array();
     foreach ($order as $key => $vv) {
         $oid .= $key == 0 ? $vv['id'] : ',' . $vv['id'];
     }
     if (empty($oid)) {
         $this->success('数据为空!');
         exit;
     }
     $od['order_id'] = array('in', $oid);
     $order_data = M("order_data")->where($od)->select();
     $area = M('area')->getfield('id,name');
     foreach ($order_data as $key => $v) {
         $data[$key][1] = $order[$v['order_id']]['sn'] . "号";
         $data[$key][2] = toDate($order[$v['order_id']]["add_time"], "Y/m/d H:i:s");
         $data[$key][3] = $v['product_name'];
         $data[$key][4] = $v['type_name'];
         $data[$key][5] = $order[$v['order_id']]["pay_status"] == 2 ? '已支付' : '未支付';
         $data[$key][6] = $order[$v['order_id']]["order_amount"] . "元";
         $data[$key][7] = $order[$v['order_id']]["consignee"];
         $data[$key][8] = $order[$v['order_id']]["mobile"];
         $data[$key][9] = $area[$order[$v['order_id']]["province"]];
         $data[$key][10] = $area[$order[$v['order_id']]["city"]];
         $data[$key][11] = $area[$order[$v['order_id']]["area"]];
         $data[$key][12] = $order[$v['order_id']]["address"];
     }
     $title = array(1 => "订单编号", 2 => "订单时间", 3 => "订购产品", 4 => "订购类型", 5 => "支付状态", 6 => "订单价格", 7 => "姓名", 8 => "手机", 9 => "省份", 10 => "城市", 11 => "区域", 12 => "地址");
     $this->exportexcel($data, $title, $name);
 }
Example #5
0
 function _initialize()
 {
     parent::_initialize();
     if (!$this->_userid) {
         $this->assign('jumpUrl', U('User/Login/index'));
         $this->error(L('nologin'));
         exit;
     }
     $this->dao = M('User');
     $this->assign('bcid', 0);
     $user = $this->dao->find($this->_userid);
     $this->assign('vo', $user);
     unset($_POST['status']);
     unset($_POST['groupid']);
     unset($_POST['amount']);
     unset($_POST['point']);
     $_GET = get_safe_replace($_GET);
 }
 public function downloadxls()
 {
     $where = 1;
     $name = "全部订单:" . time();
     if ($_REQUEST["time1"] || $_REQUEST["time2"]) {
         $time1 = get_safe_replace($_REQUEST["time1"]);
         $time2 = get_safe_replace($_REQUEST["time2"]);
         /*strtotime($time2)-($day*86400);*/
         if ($time1 == $time2) {
             $time1 = strtotime($time1) - 86400;
         } else {
             $time1 = strtotime($time1);
         }
         /*相同日期则选择一天*/
         $where .= " and createtime > '" . $time1 . "' and createtime < '" . strtotime($time2) . "'";
         $name = "预约试驾" . toDate($time1, "Y/m/d") . "-" . toDate(strtotime($time2), "Y/m/d");
     }
     $area = M('area')->getfield('id,name');
     $bill = M(MODULE_NAME)->where($where)->select();
     foreach ($bill as $key => $vo) {
         $pro = M("product")->where('id=' . $vo['car_name'])->cache(true)->find();
         $data[$key][1] = $vo['id'];
         $data[$key][2] = $pro['title'];
         $data[$key][3] = toDate($vo['datetime'], "Y/m/d");
         $data[$key][4] = $vo['username'];
         $data[$key][5] = $vo['sex'] == 1 ? "先生" : '女士';
         if ($vo['sex'] == 0) {
             $data[$key][5] = '未知';
         }
         $data[$key][6] = '手机' . $vo['mobile'];
         $data[$key][7] = $area[$vo['province']];
         $data[$key][8] = $area[$vo['city']];
         $data[$key][9] = $area[$vo['area']];
         $shopname = M("shop")->where('shopcode=\'' . $vo['shop_name'] . '\'')->getfield('sname');
         if (!$shopname) {
             $shopname = "客户未选择";
         }
         $data[$key][10] = $shopname;
     }
     $title = array(1 => "预约号", 2 => "预约车型", 3 => "预约时间", 4 => "预约人", 5 => "性别", 6 => "电话", 7 => "省份", 8 => "城市", 9 => "区域", 10 => "经销商");
     $order = A('Admin/Order');
     $order->exportexcel($data, $title, $name);
 }
Example #7
0
 public function order()
 {
     $uid = intval($_REQUEST['uid']);
     $this->assign('uid', $uid);
     $mid = intval($_REQUEST['id']);
     $mx = get_safe_replace($_REQUEST['mx']);
     if ($mid > 0 && strlen($mx) > 0) {
         $pro = M($mx)->where("id=" . $mid)->find();
     }
     if ($this->Config["wap"] && is_mobile()) {
         /*开启手机访问*/
         $tmp = THEME_PATH . "wap/Index_order.html";
     }
     $this->assign('mx', $mx);
     $this->assign('mid', $mid);
     $this->assign('order', $pro);
     print_r($user);
     $this->display($tmp);
 }
Example #8
0
 public function respond()
 {
     $pay_code = !empty($_REQUEST['code']) ? get_safe_replace($_REQUEST['code']) : '';
     $pay_code = ucfirst($pay_code);
     $Payment = M('Payment')->getByPayCode($pay_code);
     if (empty($Payment)) {
         $this->error(L('PAY CODE EROOR!'));
     }
     $aliapy_config = unserialize($Payment['pay_config']);
     import("@.Pay." . $pay_code);
     $pay = new $pay_code($aliapy_config);
     $r = $pay->respond();
     $this->assign('jumpUrl', URL('User-Order/index'));
     if ($r) {
         $this->error(L('PAY_OK'));
     } else {
         $this->error(L('PAY_FAIL'));
     }
 }
Example #9
0
 public function respond()
 {
     if (!empty($_POST)) {
         foreach ($_POST as $key => $data) {
             $_GET[$key] = $data;
         }
     }
     $seller_email = rawurldecode($_GET['seller_email']);
     //$order_sn = str_replace($_GET['subject'], '', $_GET['out_trade_no']);
     $order_sn = trim($_GET['out_trade_no']);
     $record = intval($_GET['record']);
     $total_fee = get_safe_replace($_GET['total_fee']);
     /* 检查数字签名是否正确 */
     ksort($_GET);
     reset($_GET);
     $sign = '';
     foreach ($_GET as $key => $val) {
         if ($key != 'sign' && $key != 'sign_type' && $key != 'code' && $key != 'g' && $key != 'm' && $key != 'a' && $key != 'record') {
             $sign .= "{$key}={$val}&";
         }
     }
     $sign = substr($sign, 0, -1) . $this->config['alipay_key'];
     //$sign = substr($sign, 0, -1) . ALIPAY_AUTH;
     if (md5($sign) != $_GET['sign']) {
         return false;
     }
     if ($_GET['trade_status'] == 'WAIT_SELLER_SEND_GOODS' || $_GET['trade_status'] == 'WAIT_BUYER_CONFIRM_GOODS' || $_GET['trade_status'] == 'WAIT_BUYER_PAY') {
         /* 改变订单状态 进行中*/
         return order_pay_status($order_sn, '1', $total_fee, $record);
     } elseif ($_GET['trade_status'] == 'TRADE_FINISHED') {
         /* 改变订单状态 */
         return order_pay_status($order_sn, '2', $total_fee, $record);
     } elseif ($_GET['trade_status'] == 'TRADE_SUCCESS') {
         /* 改变订单状态 即时交易成功*/
         return order_pay_status($order_sn, '2', $total_fee, $record);
     } else {
         return false;
     }
 }
Example #10
0
 public function downloadxls()
 {
     $where = 1;
     $name = "全部订单:" . time();
     if ($_REQUEST["time1"] || $_REQUEST["time2"]) {
         $time1 = get_safe_replace($_REQUEST["time1"]);
         $time2 = get_safe_replace($_REQUEST["time2"]);
         /*strtotime($time2)-($day*86400);*/
         if ($time1 == $time2) {
             $time1 = strtotime($time1) - 86400;
         } else {
             $time1 = strtotime($time1);
         }
         /*相同日期则选择一天*/
         $where .= " and createtime > '" . $time1 . "' and createtime < '" . strtotime($time2) . "'";
         $name = "时间段" . toDate($time1, "Y/m/d") . "-" . toDate(strtotime($time2), "Y/m/d");
     }
     $order = M(MODULE_NAME)->where($where)->getfield('id,username,realname,createtime,username,username,username,username');
     //
     $title = array(1 => "订单编号", 2 => "订单时间", 3 => "订购产品", 4 => "订购类型", 5 => "支付状态", 6 => "订单价格", 7 => "姓名", 8 => "手机", 9 => "省份", 10 => "城市", 11 => "区域", 12 => "地址");
     $order = A('Order');
     $order->exportexcel($data, $title, $name);
 }
Example #11
0
 function sendmail()
 {
     $verifyCode = trim($_POST['verifyCode']);
     $username = get_safe_replace($_POST['username']);
     $email = get_safe_replace($_POST['email']);
     if (empty($username) || empty($email)) {
         $this->error(L('empty_username_empty_password'));
     } elseif (md5($verifyCode) != $_SESSION['verify']) {
         $this->error(L('error_verify'));
     }
     $user = M('User');
     //判断邮箱是用户是否正确
     $data = $user->where("username='******' and email='{$email}'")->find();
     if ($data) {
         $yourphp_auth = authcode($data['id'] . "-" . $data['username'] . "-" . $data['email'], 'ENCODE', $this->sysConfig['ADMIN_ACCESS'], 3600 * 24 * 3);
         //3天有效期
         $username = $data['username'];
         $url = 'http://' . $_SERVER['HTTP_HOST'] . U('User/Login/repassword?code=' . $yourphp_auth);
         $message = str_replace(array('{username}', '{url}', '{sitename}'), array($username, $url, $this->Config['site_name']), $this->member_config['member_getpwdemaitpl']);
         $r = sendmail($email, L('USER_FORGOT_PASSWORD') . '-' . $this->Config['site_name'], $message, $this->Config);
         if ($r) {
             $returndata['username'] = $data['username'];
             $returndata['email'] = $data['email'];
             $this->ajaxReturn($returndata, L('USER_EMAIL_ERROR'), 1);
         } else {
             $this->ajaxReturn(0, L('SENDMAIL_ERROR'), 0);
         }
     } else {
         $this->ajaxReturn(0, L('USER_EMAIL_ERROR'), 0);
     }
     //$this->ajaxReturn(1,L('login_ok'),1);
 }
Example #12
0
 public function editup()
 {
     $_REQUEST = get_safe_replace($_REQUEST);
     $menuname = $_REQUEST["menuname"];
     $key = $_REQUEST["key"];
     $url = $_REQUEST["url"];
     $type = $_REQUEST["type"];
     $fatherid = intval($_REQUEST["fatherid"]);
     if (empty($menuname)) {
         $info = "菜单名字不可为空!";
         $this->ajaxreturn($data, $info, 0);
     }
     if ($type == "view") {
         $map["url"] = $url;
         if (empty($url)) {
             $info = "连接不可为空!";
             $this->ajaxreturn($data, $info, 0);
         }
     } else {
         $map["key"] = $key;
         if (empty($key)) {
             $info = "关键词不可为空!";
             $this->ajaxreturn($data, $info, 0);
         }
     }
     $map["menuname"] = $menuname;
     $map["type"] = $type;
     $r = M("wxmenu")->where("id=" . $fatherid)->save($map);
     if ($r) {
         $info = "修改成功";
         $this->ajaxreturn($data, $info, 1);
     } else {
         $info = "{$menuname}:{$key}:{$url}:{$type}";
         $this->ajaxreturn($data, $info, 0);
     }
 }
Example #13
0
function get_safe_replace($array)
{
    if (!is_array($array)) {
        return safe_replace(strip_tags($array));
    }
    foreach ($array as $k => $val) {
        $array[$k] = get_safe_replace($val);
    }
    return $array;
}
 public function verify()
 {
     header('Content-type: image/jpeg');
     $type = isset($_GET['type']) ? get_safe_replace($_GET['type']) : 'jpeg';
     import("@.EXT.Image");
     Image::buildImageVerify(4, 1, $type);
 }
 public function downloadxls()
 {
     // $list=$this->_list(MODULE_NAME);
     $where = 1;
     $name = "全部订单:" . time();
     if (intval($_REQUEST["uid"])) {
         $where .= " and userid=" . intval($_REQUEST["uid"]);
         $name = "用户" . intval($_REQUEST["uid"]);
     }
     if (intval($_REQUEST["mid"])) {
         $where .= " and mid=" . intval($_REQUEST["mid"]);
     }
     if ($_REQUEST["mx"]) {
         $where .= " and mx='" . get_safe_replace($_REQUEST["mx"]) . "'";
         $name = get_safe_replace($_REQUEST["mx"]) . intval($_REQUEST["uid"]);
     }
     if ($_REQUEST["mb"]) {
         $where .= " and mobile='" . get_safe_replace($_REQUEST["mb"]) . "'";
         $name = "手机" . get_safe_replace($_REQUEST["mb"]);
     }
     $udata = M(MODULE_NAME)->where($where)->select();
     $data = array();
     foreach ($udata as $key => $v) {
         $data[$key][1] = $key;
         $data[$key][2] = $v["username"];
         $data[$key][3] = $v["mobile"];
         $data[$key][4] = str_cut($v["title"], 20, "");
         $data[$key][5] = $v["mcount"];
         $data[$key][6] = $v["amount"];
         $data[$key][7] = $v["godate"];
         $data[$key][8] = toDate($v["add_time"], "Y/m/d H:i:s");
     }
     $title = array(1 => "订单编号", 2 => "姓名", 3 => "手机", 4 => "线路", 5 => "数量", 6 => "总价格", 7 => "出发时间", 8 => "添加时间");
     $this->exportexcel($data, $title, $name);
 }
Example #16
0
 public function downloadxls()
 {
     // $list=$this->_list(MODULE_NAME);
     $where = 1;
     $name = "全部订单:" . time();
     if (intval($_REQUEST["uid"])) {
         $where['userid'] = intval($_REQUEST["uid"]);
         $name = "用户" . intval($_REQUEST["uid"]);
     }
     if ($_REQUEST["username"]) {
         $where['username'] = $_REQUEST["username"];
         $name = "用户-" . $_REQUEST["username"];
     }
     if (intval($_REQUEST["mid"])) {
         $where["mid"] = intval($_REQUEST["mid"]);
     }
     if ($_REQUEST["mx"]) {
         $where["mx"] = get_safe_replace($_REQUEST["mx"]);
         $name = get_safe_replace($_REQUEST["mx"]) . intval($_REQUEST["uid"]);
     }
     if ($_REQUEST["mb"]) {
         $where["mobile"] = get_safe_replace($_REQUEST["mb"]);
         $name = "手机" . get_safe_replace($_REQUEST["mb"]);
     }
     if ($_REQUEST["time1"] || $_REQUEST["time2"]) {
         $time1 = get_safe_replace($_REQUEST["time1"]);
         $time2 = get_safe_replace($_REQUEST["time2"]);
         /*strtotime($time2)-($day*86400);*/
         if ($time1 == $time2) {
             $time1 = strtotime($time1) - 86400;
         } else {
             $time1 = strtotime($time1);
         }
         /*相同日期则选择一天*/
         $where["createtime"] = array('between', array($time1, strtotime($time2)));
         $name = "时间段" . $time1;
     }
     $udata = M(MODULE_NAME)->where($where)->select();
     $data = array();
     foreach ($udata as $key => $v) {
         $data[$key][1] = $key;
         $data[$key][2] = $v["username"];
         $data[$key][3] = $v["creditno"];
         $data[$key][4] = $v["mobile"];
         $data[$key][5] = str_cut($v["title"], 20, "");
         $data[$key][6] = $v["mcount"];
         $data[$key][7] = $v["amount"];
         $data[$key][8] = $v["godate"];
         $data[$key][9] = toDate($v["add_time"], "Y/m/d H:i:s");
     }
     $title = array(1 => "订单编号", 2 => "姓名", 3 => "身份证", 4 => "手机", 5 => "线路", 6 => "数量", 7 => "总价格", 8 => "出发时间", 9 => "添加时间");
     $this->exportexcel($data, $title, $name);
 }
Example #17
0
 public function doreg()
 {
     $username = get_safe_replace($_POST['username']);
     $password = get_safe_replace($_POST['password']);
     $mobile = get_safe_replace($_POST['mobile']);
     $verifyCode = $_POST['verifyCode'];
     if (empty($username) || empty($password) || empty($mobile)) {
         $this->error(L('empty_username_empty_password_empty_email'));
     }
     if ($this->member_config['member_login_verify'] && md5($verifyCode) != $_SESSION['verify']) {
         $this->error(L('error_verify'));
     }
     $status = $this->member_config['member_registecheck'] ? 0 : 1;
     if ($this->member_config['member_emailcheck']) {
         $status = 1;
         $groupid = 5;
     }
     $groupid = $groupid ? $groupid : 3;
     /*-------------------------打入论坛----------------------------*/
     import('@.ORG.Uc');
     $uc = new Uc();
     $bbsuid = $uc->user_regeist($username, $password, $mobile . "@qq.com");
     $uc->bbsid_login($bbsuid);
     /*-----------------------------------------------------------*/
     $data = array();
     $data['username'] = $username;
     $data['fatherid'] = intval($_SESSION["uid"]);
     $data['mobile'] = $mobile;
     $data['groupid'] = $groupid;
     $data['login_count'] = 1;
     $data['createtime'] = time();
     $data['updatetime'] = time();
     $data['last_logintime'] = time();
     $data['reg_ip'] = get_client_ip();
     $data['status'] = $status;
     $data['bbs'] = $bbsuid;
     $authInfo['password'] = $data['password'] = sysmd5($password);
     if ($r = $this->dao->create($data)) {
         if (false !== $this->dao->add()) {
             $authInfo['id'] = $uid = $this->dao->getLastInsID();
             $authInfo['groupid'] = $ru['role_id'] = $data['groupid'];
             $ru['user_id'] = $uid;
             $roleuser = M('RoleUser');
             $roleuser->add($ru);
             session_start();
             $_SESSION["userid"] = $uid;
             if ($data['fatherid']) {
                 /*推广id*/
                 $sm["userid"] = $data['fatherid'];
                 $sm["share_ip"] = get_client_ip();
                 $sm["share_time"] = time();
                 $sm["mx"] = MODULE_NAME;
                 $sm["ma"] = ACTION_NAME;
                 $sm["mid"] = $uid;
                 $sm["type"] = 3;
                 //0点击,1,购买,3,注册
                 M("sharehistory")->add($sm);
             }
             /*				if($this->member_config['member_emailcheck']){
             					$yourphp_auth = authcode($uid."-".$username."-".$mobile, 'ENCODE',$this->sysConfig['ADMIN_ACCESS'],3600*24*3);//3天有效期
             					$url = 'http://'.$_SERVER['HTTP_HOST'].U('User/Login/regcheckemail?code='.$yourphp_auth);
             					$click = "<a href=\"$url\" target=\"_blank\">".L('CLICK_THIS')."</a>";
             					$message = str_replace(array('{click}','{url}','{sitename}'),array($click,$url,$this->Config['site_name']),$this->member_config['member_emailchecktpl']);
             					$r = sendmail($email,L('USER_REGISTER_CHECKEMAIL').'-'.$this->Config['site_name'],$message,$this->Config);
             					$this->assign('send_ok',1);
             					$this->assign('username',$username);
             					$this->assign('email',$email);
             					$this->display('Login:emailcheck');
             					exit;
             				}*/
             $yourphp_auth_key = sysmd5($this->sysConfig['ADMIN_ACCESS'] . $_SERVER['HTTP_USER_AGENT']);
             $yourphp_auth = authcode($authInfo['id'] . "-" . $authInfo['groupid'] . "-" . $authInfo['password'], 'ENCODE', $yourphp_auth_key);
             $authInfo['username'] = $data['username'];
             $authInfo['mobile'] = $data['mobile'];
             cookie('auth', $yourphp_auth, $cookietime);
             cookie('username', $authInfo['username'], $cookietime);
             cookie('groupid', $authInfo['groupid'], $cookietime);
             cookie('userid', $authInfo['id'], $cookietime);
             cookie('mobile', $authInfo['mobile'], $cookietime);
             $this->assign('jumpUrl', $this->forward);
             $this->success(L('reg_ok'));
         } else {
             $this->error(L('reg_error'));
         }
     } else {
         $this->error($this->dao->getError());
     }
 }
 public function status()
 {
     $name = MODULE_NAME;
     $model = D($name);
     $_GET = get_safe_replace($_GET);
     if ($model->save($_GET)) {
         savecache(MODULE_NAME);
         $this->success(L('do_ok'));
     } else {
         $this->error(L('do_error'));
     }
 }
Example #19
0
 public function msgadd()
 {
     //print_r($_REQUEST);
     //exit;
     $toid = intval($_REQUEST["toid"]);
     $time = intval($_REQUEST["time"]);
     $formid = intval($_REQUEST["formid"]);
     $toname = get_safe_replace($_REQUEST["toname"]);
     $body = get_safe_replace($_REQUEST["comment_text"]);
     $map["touser"] = $toid;
     $map["fromid"] = $formid;
     $map["body"] = $body;
     $map["createtime"] = $time;
     $map["status"] = 1;
     $map["sys"] = intval($_REQUEST["sys"]) != "" ? intval($_REQUEST["sys"]) : 0;
     $map["username"] = $toname;
     $map["formname"] = get_safe_replace($_REQUEST["formname"]) != "" ? get_safe_replace($_REQUEST["formname"]) : 0;
     $map["lang"] = 1;
     $resule = M("message")->add($map);
     if ($resule) {
         $this->success("留言成功!");
     } else {
         $this->success("留言失败!");
     }
     //$this->AjaxReturn($data,$info,$statu);
 }
Example #20
0
 /**
  * 录入
  *
  */
 public function insert()
 {
     switch ($_POST["typeid"]) {
         case 0:
             $type = "无选择";
             break;
         case 4:
             $type = " 反馈类别";
             break;
         case 5:
             $type = "信息咨询";
             break;
         case 6:
             $type = "请求实名认证";
             break;
         case 7:
             $type = "捐赠求助";
             break;
     }
     $data["name"] = $_POST["username"];
     $data["tel"] = $_POST["telephone"];
     $data["addr"] = $_POST["title"];
     //到站
     $data["msg"] .= " QQ(" . $_POST["email"] . ")";
     //qq
     $data["msg"] .= " 备注信息(" . $_POST["content"] . ")--【" . $type . "】";
     //$data["mail"]="*****@*****.**";//客户信息
     $data["msg"] .= " 用户提交的请求,请尽快处理!";
     $data["all"] = "【满天星捐赠】!";
     import("@.ORG.PostData");
     $send = new postdata();
     $back = $send->send_post("http://1.gzsrex.sinaapp.com/", $data);
     $data["mail"] = "*****@*****.**";
     //客户信息
     // $back=$send->send_post("http://1.gzsrex.sinaapp.com/",$data);
     if ($this->moduleid != 6 && !in_array($this->_groupid, explode(',', $this->categorys[$_POST['catid']]['postgroup']))) {
         $this->error(L('add_no_postgroup'));
     }
     $c = A('Admin/Content');
     $_POST['ip'] = get_client_ip();
     $userid = $this->_userid;
     $username = $this->_username ? $this->_username : get_safe_replace($_POST['username']);
     $c->insert($this->module[$this->moduleid]['name'], $this->fields, $userid, $username, $this->_groupid);
 }
Example #21
0
 public function doreg()
 {
     $username = get_safe_replace($_POST['username']);
     $password = get_safe_replace($_POST['password']);
     $email = get_safe_replace($_POST['email']);
     $verifyCode = $_POST['verifyCode'];
     if (empty($username) || empty($password) || empty($email)) {
         $this->error(L('empty_username_empty_password_empty_email'));
     }
     if ($this->member_config['member_login_verify'] && md5($verifyCode) != $_SESSION['verify']) {
         $this->error(L('error_verify'));
     }
     $status = $this->member_config['member_registecheck'] ? 0 : 1;
     if ($this->member_config['member_emailcheck']) {
         $status = 1;
         $groupid = 5;
     }
     $groupid = $groupid ? $groupid : 3;
     $data = array();
     $data['username'] = $username;
     $data['email'] = $email;
     $data['groupid'] = $groupid;
     $data['login_count'] = 1;
     $data['createtime'] = time();
     $data['updatetime'] = time();
     $data['last_logintime'] = time();
     $data['reg_ip'] = get_client_ip();
     $data['status'] = $status;
     $authInfo['password'] = $data['password'] = sysmd5($password);
     if ($r = $this->dao->create($data)) {
         if (false !== $this->dao->add()) {
             $authInfo['id'] = $uid = $this->dao->getLastInsID();
             $authInfo['groupid'] = $ru['role_id'] = $data['groupid'];
             $ru['user_id'] = $uid;
             $roleuser = M('RoleUser');
             $roleuser->add($ru);
             if ($this->member_config['member_emailcheck']) {
                 $yourphp_auth = authcode($uid . "-" . $username . "-" . $email, 'ENCODE', $this->sysConfig['ADMIN_ACCESS'], 3600 * 24 * 3);
                 //3天有效期
                 $url = 'http://' . $_SERVER['HTTP_HOST'] . U('User/Login/regcheckemail?code=' . $yourphp_auth);
                 $click = "<a href=\"{$url}\" target=\"_blank\">" . L('CLICK_THIS') . "</a>";
                 $message = str_replace(array('{click}', '{url}', '{sitename}'), array($click, $url, $this->Config['site_name']), $this->member_config['member_emailchecktpl']);
                 $r = sendmail($email, L('USER_REGISTER_CHECKEMAIL') . '-' . $this->Config['site_name'], $message, $this->Config);
                 $this->assign('send_ok', 1);
                 $this->assign('username', $username);
                 $this->assign('email', $email);
                 $this->display('Login:emailcheck');
                 exit;
             }
             $yourphp_auth_key = sysmd5($this->sysConfig['ADMIN_ACCESS'] . $_SERVER['HTTP_USER_AGENT']);
             $yourphp_auth = authcode($authInfo['id'] . "-" . $authInfo['groupid'] . "-" . $authInfo['password'], 'ENCODE', $yourphp_auth_key);
             $authInfo['username'] = $data['username'];
             $authInfo['email'] = $data['email'];
             cookie('auth', $yourphp_auth, $cookietime);
             cookie('username', $authInfo['username'], $cookietime);
             cookie('groupid', $authInfo['groupid'], $cookietime);
             cookie('userid', $authInfo['id'], $cookietime);
             cookie('email', $authInfo['email'], $cookietime);
             $this->assign('jumpUrl', $this->forward);
             $this->success(L('reg_ok'));
         } else {
             $this->error(L('reg_error'));
         }
     } else {
         $this->error($this->dao->getError());
     }
 }
Example #22
0
 /**
  * 提交登录
  *
  */
 public function doLogin()
 {
     $dao = M('User');
     $ip = get_client_ip();
     if (empty($this->sysConfig['ADMIN_ACCESS'])) {
         $this->error(L('NO SYSTEM CONFIG FILE'));
     }
     $username = get_safe_replace(trim($_POST['username']));
     $password = get_safe_replace(trim($_POST['password']));
     $verifyCode = trim($_POST['verifyCode']);
     if (empty($username) || empty($password)) {
         $this->error(L('empty_username_empty_password'));
     } elseif ($_SESSION['verify'] && $this->sysConfig['ADMIN_VERIFY'] && md5($verifyCode) != $_SESSION['verify']) {
         $this->error(L('error_verify'));
     }
     $time = time();
     $logwhere = array();
     $logwhere['time'] = array('EGT', $time - 1800);
     $logwhere['ip'] = array('eq', $ip);
     $logwhere['error'] = 1;
     $lognum = M('Log')->where($logwhere)->count();
     if ($lognum >= 100) {
         $this->error(L('Login_error_count'));
     }
     $condition = array();
     $condition['username'] = array('eq', $username);
     import('@.ORG.RBAC');
     $authInfo = RBAC::authenticate($condition);
     //使用用户名、密码和状态的方式进行认证
     if (false === $authInfo) {
         $data = array();
         $data['username'] = $username;
         $data['ip'] = $ip;
         $data['time'] = $time;
         $data['note'] = L('empty_userid');
         $data['error'] = 1;
         M('Log')->add($data);
         $this->error(L('empty_userid'));
     } else {
         if ($authInfo['password'] != sysmd5($password)) {
             $data = array();
             $data['username'] = $username;
             $data['ip'] = $ip;
             $data['time'] = $time;
             $data['note'] = L('password_error') . ':' . $password;
             $data['error'] = 1;
             M('Log')->add($data);
             $this->error(L('password_error'));
         }
         $_SESSION['username'] = $authInfo['username'];
         $_SESSION['adminid'] = $_SESSION['userid'] = $authInfo['id'];
         $_SESSION['groupid'] = $authInfo['groupid'];
         $_SESSION['adminaccess'] = C('ADMIN_ACCESS');
         $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
         $_SESSION['email'] = $authInfo['email'];
         $_SESSION['lastLoginTime'] = $authInfo['last_logintime'];
         $_SESSION['login_count'] = $authInfo['login_count'] + 1;
         if ($authInfo['groupid'] == 1) {
             $_SESSION[C('ADMIN_AUTH_KEY')] = true;
         }
         //保存登录信息
         $data = array();
         $data['id'] = $authInfo['id'];
         $data['last_logintime'] = $time;
         $data['last_ip'] = get_client_ip();
         $data['login_count'] = array('exp', 'login_count+1');
         $dao->save($data);
         // 缓存访问权限
         RBAC::saveAccessList();
         $data = array();
         $data['username'] = $username;
         $data['ip'] = $ip;
         $data['time'] = $time;
         $data['note'] = L('login_ok');
         M('Log')->add($data);
         if ($_POST['ajax']) {
             $this->ajaxReturn($authInfo, L('login_ok'), 1);
         } else {
             $this->assign('jumpUrl', U('Index/index'));
             $this->success(L('login_ok'));
         }
     }
 }
Example #23
0
 public function api()
 {
     $mid = intval($_REQUEST['mid']);
     $mx = get_safe_replace($_REQUEST['mx']);
     $field = get_safe_replace($_REQUEST['field']);
     $js = get_safe_replace($_REQUEST['js']);
     if (empty($field)) {
         $field = "price";
     }
     if ($mid && $mx) {
         $price = M($mx)->where("id=" . $mid)->getField($field);
     } else {
         $price = "获取错误!";
     }
     if (!empty($js)) {
         echo "\$(\"#" . $field . "\").val(" . $price . ");\n";
     }
     $price = $this->rejs($price);
     echo "document.write(\"" . $price . "\");";
 }
Example #24
0
 public function shipping()
 {
     $do = get_safe_replace($_REQUEST['do']);
     $model = M('Shipping');
     $id = intval($_REQUEST['id']);
     if ($do == 'get') {
         $data = $model->find($id);
         if ($data) {
             echo json_encode($data);
         } else {
             echo json_encode(array('id' => 0));
         }
         exit;
     }
 }
Example #25
0
 /**
  * 录入
  *
  */
 public function insert()
 {
     $catid = intval($_POST['catid']);
     if (!in_array($this->_groupid, explode(',', $this->categorys[$catid]['postgroup']))) {
         $this->error(L('add_no_postgroup'));
     }
     $c = A('Admin/Content');
     $_POST['ip'] = ip();
     $userid = $this->_userid;
     $username = $this->_username ? $this->_username : get_safe_replace($_POST['username']);
     $c->insert($this->module[$this->moduleid]['name'], $this->fields, $userid, $username, $this->_groupid);
 }
Example #26
0
 public function shipping()
 {
     $url = get_safe_replace($_REQUEST['url']);
     $title = get_safe_replace($_REQUEST['title']);
     $oid = intval($_REQUEST['oid']);
     $map["url"] = $url;
     /*	$map["address"]=$title;
     		$map["add_time"]=time();
     		$map["userid"]=$this->_userid;
     		$map["oid"]=$oid;
     		$where["userid"]=$this->_userid;
     		$where["oid"]=$oid;
     		
             if(!M("order")->where($where)->find()){
     			if(M("order")->data($map)->add()){
     			$msg="收藏成功!";
     			$statu=1;
     			}else{
     			$msg="收藏失败!";
     			$statu=0;
     			}
     		}else{
     			$msg="你已经收藏了,请勿重复添加!";
     			$statu=1;
     		}*/
     $statu = 1;
     $msg = $oid;
     $this->AjaxReturn($map, $msg, $statu);
 }
Example #27
0
 public function index()
 {
     //搜索
     $_REQUEST['id'] = $catid = intval($_REQUEST['id']);
     $p = max(intval($_REQUEST[C('VAR_PAGE')]), 1);
     $_REQUEST['keyword'] = $keyword = get_safe_replace($_REQUEST['keyword']);
     $_REQUEST['moduleid'] = $moduleid = intval($_REQUEST['moduleid']);
     $this->assign($_REQUEST);
     $this->assign('bcid', 0);
     $where = " status=1 ";
     if ($moduleid) {
         $where = ' mid=' . $moduleid . ' AND ' . $where;
     }
     import('@.EXT.Form');
     $this->assign('Form', new Form());
     if (APP_LANG) {
         $lang = LANG_NAME;
         $langid = LANG_ID;
         $where .= " and lang= {$langid}";
         $this->assign('lang', $lang);
         $this->assign('langid', $langid);
     }
     if ($catid) {
         $cat = $this->categorys[$catid];
         $bcid = explode(",", $cat['arrparentid']);
         $bcid = $bcid[1];
         if ($bcid == '') {
             $bcid = intval($catid);
         }
         unset($cat['id']);
         $this->assign($cat);
         $cat['id'] = $catid;
         $this->assign('catid', $catid);
         $this->assign('bcid', $bcid);
         if ($cat['child']) {
             $where .= " and catid in(" . $cat['arrchildid'] . ")";
         } else {
             $where .= " and catid=" . $catid;
         }
     }
     $seo_title = $cat['title'] ? $cat['title'] : $cat['catname'];
     $this->assign('seo_title', $keyword . ' ' . $seo_title);
     $this->assign('seo_keywords', $keyword . $cat['keywords']);
     $this->assign('seo_description', $keyword . $cat['description']);
     if ($keyword || $moduleid) {
         if (strstr($keyword, 'or')) {
             $keydo = ' or ';
             $keyword_arr = explode('or', $keyword);
         } elseif (strstr($keyword, ' ')) {
             $keydo = ' AND ';
             $keyword_arr = explode(' ', $keyword);
         }
         if (count($keyword_arr) > 1) {
             foreach ($keyword_arr as $key => $keywordz) {
                 $keyword_arr[$key] = ' title like "%' . trim($keywordz) . '%" ';
             }
             $where .= ' AND (' . implode($keydo, $keyword_arr) . ')';
         } else {
             $where .= ' AND title like "%' . $keyword . '%" ';
         }
         $count = M('Content')->where($where)->count();
         $this->assign('count', $count);
         if ($count) {
             import("@.EXT.Page");
             $listRows = !empty($cat['pagesize']) ? $cat['pagesize'] : C('PAGE_LISTROWS');
             $page = new Page($count, $listRows);
             $pages = $page->show();
             $field = $this->module[$cat['moduleid']]['listfields'];
             $field = $field ? $field : 'id,catid,userid,url,username,title,title_style,keywords,description,thumb,createtime,hits';
             $list = M('Content')->field($field)->where($where)->order('id desc')->limit($page->firstRow . ',' . $page->listRows)->select();
             $this->assign('pages', $pages);
             $this->assign('list', $list);
         }
     }
     $this->display();
 }
Example #28
0
 public function index()
 {
     $slug = $tag ? $tag : get_safe_replace($_REQUEST['tag']);
     $module = get_safe_replace($_REQUEST['module']);
     $module = $module ? ucfirst($module) : '';
     if (C('URL_MODEL') == 0) {
         $moduleid = intval($_REQUEST['moduleid']);
         $module_name = $moduleid ? $this->module[$moduleid]['name'] : '';
         $module = $module ? $module : $module_name;
         $p = max(intval($_REQUEST[C('VAR_PAGE')]), 1);
     } elseif ($this->mod[ucfirst($slug)]) {
         $module = ucfirst($slug);
         unset($slug);
     }
     $prefix = C("DB_PREFIX");
     $Tags = M('Tags');
     $Tags_data = M('Tags_data');
     $where = APP_LANG ? " lang=" . LANG_ID : 1;
     if ($slug) {
         $module = $module ? $module : 'Article';
         $moduleid = $this->mod[$module];
         $data = $Tags->where($where . " and moduleid = {$moduleid} and slug='" . $slug . "'")->find();
         $this->assign('seo_title', $data['name']);
         $this->assign('seo_keywords', $data['name']);
         $this->assign('seo_description', $data['name']);
         if ($data) {
             $tagid = $data['id'];
             $this->assign('data', $data);
             $mtable = $prefix . strtolower($module);
             $count = $Tags_data->table($prefix . 'tags_data as a')->join($mtable . " as b on a.id=b.id ")->where("a.tagid=" . $tagid)->count();
             if ($count) {
                 import("@.ORG.Page");
                 $listRows = C('PAGE_LISTROWS');
                 //C('PAGE_LISTROWS')
                 $page = new Page($count, $listRows, $p);
                 $page->urlrule = TAGURL($data, 1);
                 $pages = $page->show();
                 $field = 'b.id,b.catid,b.userid,b.url,b.username,b.title,b.keywords,b.description,b.thumb,b.createtime';
                 $list = $Tags_data->field($field)->table($prefix . 'tags_data as a')->join($mtable . " as b on a.id=b.id")->where($where . " and a.tagid=" . $tagid)->order('b.listorder desc,b.id desc')->limit($page->firstRow . ',' . $page->listRows)->select();
                 $this->assign('pages', $pages);
                 $this->assign('list', $list);
             }
         }
     } else {
         $moduleid = $this->mod[$module];
         $where .= $moduleid ? ' and moduleid=' . $moduleid : '';
         $count = $Tags->where($where)->count();
         if ($count) {
             import("@.ORG.Page");
             $listRows = 50;
             $page = new Page($count, $listRows);
             $page->urlrule = TAGURL(array('moduleid' => $moduleid), 1);
             $pages = $page->show();
             $list = $Tags->where($where)->order('id desc')->limit($page->firstRow . ',' . $page->listRows)->select();
             foreach ($list as $key => $r) {
                 $list[$key]['module'] = $this->module[$r['moduleid']]['name'];
             }
             $this->assign('pages', $pages);
             $this->assign('list', $list);
         }
     }
     $this->assign('bcid', 0);
     //顶级栏目
     $template = $slug ? 'list' : 'index';
     $this->display("Tags:" . $template);
 }
Example #29
0
 public function line()
 {
     $keyword = get_safe_replace($_REQUEST['keyword']);
     $type = get_safe_replace($_REQUEST['type']);
     $module = get_safe_replace($_REQUEST['module']);
     if ($module == "") {
         $module = "product";
     }
     $this->dao = M($module);
     $count = $this->dao->where($where)->count();
     if ($count) {
         import("@.ORG.Page");
         $listRows = !empty($cat['pagesize']) ? $cat['pagesize'] : C('PAGE_LISTROWS');
         $page = new Page($count, $listRows);
         $_REQUEST['p'] = '{$page}';
         $page->urlrule = URL('Home-Search/line', $_REQUEST);
         $pages = $page->show();
         $where = 1;
         if ($type != "") {
             $where .= " and " . $type . "='" . $keyword . "'";
         }
         //echo $where;
         $list = $this->dao->where($where)->order('id desc')->limit($page->firstRow . ',' . $page->listRows)->select();
         $this->assign('pages', $pages);
         $this->assign('list', $list);
     }
     //print_r($list);
     $this->display("Search:index");
 }