function in_list()
{
parent::start_pagetemplate();
include_once admin_ROOT . 'public/class_pagebotton.php';
$lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG;
$page = $this->fun->accept('page', 'G');
$page = isset($page) ? intval($page) : 1;
$pagesylte = 1;
$pagemax = intval($this->CON['bbs_max_list']);
$did = intval($this->fun->accept('did', 'G'));
if (empty($did)) {
$this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']);
}
$readinfo = $this->get_documentview($did);
if (!$readinfo['isclass'] || !$readinfo['ismess']) {
exit("Information parameter error!");
} elseif ($readinfo['purview'] > 0) {
parent::member_purview($readinfo['purview'], null, true);
}
$readinfo['link'] = $this->get_link('doc', $readinfo, admin_LNG);
$this->pagetemplate->assign('read', $readinfo);
$db_table = db_prefix . 'document_message';
$db_where = " WHERE isclass=1 AND did={$did}";
$countnum = $this->db_numrows($db_table, $db_where);
if ($countnum > 0) {
$numpage = ceil($countnum / $pagemax);
} else {
$numpage = 1;
}
$sql = "SELECT * FROM {$db_table} {$db_where} LIMIT 0,{$pagemax}";
$this->htmlpage = new PageBotton($sql, $pagemax, $page, $countnum, $numpage, $pagesylte, $this->CON['file_fileex'], 5, $this->lng['pagebotton'], $this->lng['gopageurl'], $this->CON['is_rewrite']);
$sql = $this->htmlpage->PageSQL('dmid', 'down');
$rs = $this->db->query($sql);
while ($rsList = $this->db->fetch_assoc($rs)) {
$array[] = $rsList;
}
$this->pagetemplate->assign('pagetext', $this->htmlpage->PageStat($this->lng['pagetext']));
$this->pagetemplate->assign('pagebotton', $this->htmlpage->PageList());
$this->pagetemplate->assign('pagenu', $this->htmlpage->Bottonstyle(false));
$this->pagetemplate->assign('pagese', $this->htmlpage->pageSelect());
$this->pagetemplate->assign('pagevt', $this->htmlpage->Prevbotton());
$typeview = $this->get_type($readinfo['tid']);
$current = !$typeview['upid'] ? $typeview['tid'] : $typeview['topid'];
$this->pagetemplate->assign('array', $array);
$this->pagetemplate->assign('path', 'article');
$this->pagetemplate->assign('current', $current);
$this->pagetemplate->assign('did', $did);
$link = $this->get_link('messlist', $read, $lng);
$messform = $this->get_link('messform', $read, $lng);
$ec_member_username = $this->member_cookieview('username');
if ($ec_member_username) {
$reMem = $this->get_member($ec_member_username);
$this->pagetemplate->assign('member', $reMem);
}
$this->pagetemplate->assign('seccodelink', $this->get_link('seccode'));
$this->pagetemplate->assign('bbs_isseccode', $this->CON['bbs_isseccode']);
$this->pagetemplate->assign('link', $link);
$this->pagetemplate->assign('messform', $messform);
$templatesDIR = $this->get_templatesdir('forum');
$templatefilename = $lng . '/' . $templatesDIR . '/message_list';
unset($array, $typeread, $readinfo, $LANPACK, $this->lng);
$this->pagetemplate->display($templatefilename, 'message_list', false, '', admin_LNG);
}
function in_del()
{
parent::member_purview(0, $this->mlink['enquirylist']);
$lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG;
$eid = $this->fun->accept('eid', 'G');
if (empty($eid)) {
$this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']);
}
$db_table = db_prefix . 'enquiry';
$db_where = 'isclass=0 and eid=' . $eid;
$db_set = "isclass=2";
$this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where);
$this->callmessage($this->lng['enquiry_edit_del'], $this->mlink['enquirylist'], $this->lng['gobackurlbotton']);
}
function in_enquirysave()
{
parent::start_pagetemplate();
$linkURL = $_SERVER['HTTP_REFERER'];
if (!$this->fun->is_token()) {
$this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackbotton']);
}
$lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG;
if ($this->CON['is_enquiry_memclass']) {
parent::member_purview(0, $this->get_link('enquiry', array(), admin_LNG));
}
$cartid = $this->fun->eccode($this->fun->accept('ecisp_enquiry_list', 'C'), 'DECODE', db_pscode);
$cartid = stripslashes(htmlspecialchars_decode($cartid));
$uncartid = !empty($cartid) ? unserialize($cartid) : 0;
$userid = intval($this->fun->accept('userid', 'P'));
$userid = !empty($userid) ? $userid : 0;
$linkman = trim($this->fun->accept('linkman', 'P', true, true));
$linkman = $this->fun->substr($linkman, 20);
$email = $this->fun->accept('email', 'P', true, true);
$sex = $this->fun->accept('sex', 'P');
$sex = empty($sex) ? 0 : intval($sex);
$country = intval($this->fun->accept('cityone', 'P'));
$country = empty($country) ? 0 : $country;
$province = intval($this->fun->accept('citytwo', 'P'));
$province = empty($province) ? 0 : $province;
$city = intval($this->fun->accept('citythree', 'P'));
$city = empty($city) ? 0 : $city;
$district = intval($this->fun->accept('district', 'P'));
$district = empty($district) ? 0 : $district;
$address = trim($this->fun->accept('address', 'P', true, true));
$address = $this->fun->substr($address, 120);
$zipcode = trim($this->fun->accept('zipcode', 'P', true, true));
$zipcode = $this->fun->substr($zipcode, 10);
$tel = trim($this->fun->accept('tel', 'P', true, true));
$tel = $this->fun->substr($tel, 20);
$mobile = trim($this->fun->accept('mobile', 'P', true, true));
$mobile = $this->fun->substr($mobile, 15);
$fax = trim($this->fun->accept('fax', 'P', true, true));
$fax = $this->fun->substr($fax, 15);
$content = trim($this->fun->accept('content', 'P', true, true));
$content = $this->fun->substr($content, 500);
$amount = $this->fun->accept('amount', 'P');
$ptitle = $this->fun->accept('ptitle', 'P');
$tsn = $this->fun->accept('tsn', 'P');
$did = $this->fun->accept('did', 'P');
if (empty($did) || empty($amount) || empty($ptitle)) {
$enquirylink = $this->get_link('enquiry', array(), admin_LNG);
$this->callmessage($this->lng['enquiry_input_err'], $enquirylink, $this->lng['enquiry_into_listbotton']);
}
if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) {
$this->callmessage($this->lng['email_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackbotton']);
}
$enquirysn = date('YmdHis') . rand(100, 9999);
$db_table = db_prefix . 'enquiry';
$db_table2 = db_prefix . 'enquiry_info';
$addtime = time();
$db_field = 'enquirysn,userid,linkman,sex,country,province,city,district,address,zipcode,tel,fax,mobile,email,content,isclass,addtime,edittime';
$db_values = "'{$enquirysn}',{$userid},'{$linkman}',{$sex},{$country},{$province},{$city},{$district},'{$address}','{$zipcode}','{$tel}','{$fax}','{$mobile}','{$email}','{$content}',0,{$addtime},0";
$this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')');
$insert_id = $this->db->insert_id();
$db_values = '';
$arraycount = count($did) - 1;
foreach ($did as $key => $value) {
$value = intval($value);
$amount[$key] = intval($amount[$key]);
if ($key == $arraycount) {
$db_values .= "({$insert_id},{$value},'{$tsn[$key]}','{$ptitle[$key]}',{$amount[$key]},'')";
} else {
$db_values .= "({$insert_id},{$value},'{$tsn[$key]}','{$ptitle[$key]}',{$amount[$key]},''),";
}
}
$db_field = 'eid,did,tsn,title,amount,comment';
$this->db->query('INSERT INTO ' . $db_table2 . ' (' . $db_field . ') VALUES ' . $db_values);
if ($this->CON['is_email'] == 1) {
$this->enquirymailsend('enquirywarn', $insert_id, $this->CON['admine_mail']);
$this->enquirymailsend('enquiryre', $insert_id, $email);
}
if ($this->CON['is_moblie']) {
$OrderArray = array('enquirysn' => $enquirysn);
$mobile = $this->CON['moblie_number'];
$this->membersmssend($OrderArray, $mobile, 'enqueryto');
}
$this->fun->setcookie('ecisp_enquiry_list', null);
$enquirylink = $this->get_link('enquiry', array(), admin_LNG);
$this->callmessage($this->lng['enquiry_ok'], $enquirylink, $this->lng['enquiry_into_listbotton']);
}
function in_del()
{
parent::member_purview(0, $this->mlink['orderlist']);
$lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG;
$userid = $this->ec_member_username_id;
if (empty($userid)) {
$this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']);
}
$oid = intval($this->fun->accept('oid', 'R'));
if (empty($oid)) {
$this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']);
}
$db_table = db_prefix . 'order';
$db_where = 'ordertype=1 and oid=' . $oid . ' AND userid=' . $userid;
$db_set = "ordertype=6";
$this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where);
if ($this->CON['is_email']) {
$db_where = 'oid=' . $oid . ' AND userid=' . $userid;
$read = $this->db->fetch_first('SELECT * FROM ' . $db_table . ' WHERE ' . $db_where);
$this->ordermailsend('orderce', $oid, $read['email']);
}
if ($this->CON['is_moblie']) {
$rsMember = $this->get_member('', $userid);
if ($rsMember['ismoblie'] && !empty($rsMember['mobile'])) {
if (!is_array($read)) {
$db_where = 'oid=' . $oid . ' AND userid=' . $userid;
$read = $this->db->fetch_first('SELECT * FROM ' . $db_table . ' WHERE ' . $db_where);
}
$read['username'] = $rsMember['username'];
$read['mobile'] = $rsMember['mobile'];
$this->membersmssend($read, $read['mobile'], 'orderdel');
}
}
$this->callmessage($this->lng['order_edit_del'], $this->mlink['orderlist'], $this->lng['gobackurlbotton']);
}
function in_list()
{
parent::start_pagetemplate();
include_once admin_ROOT . 'public/class_pagebotton.php';
$lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG;
$page = $this->fun->accept('page', 'G');
$page = isset($page) ? intval($page) : 1;
$sid = intval($this->fun->accept('sid', 'G'));
$subread = $this->get_subjectlist_purview($sid);
if (!$subread['isclass']) {
exit("Information parameter error!");
} elseif ($subread['purview'] > 0) {
parent::member_purview($subread['purview'], null, true);
}
if (!empty($subread['keywords'])) {
$this->lng['keyword'] = $subread['keywords'];
}
if (!empty($subread['description'])) {
$this->lng['description'] = $subread['description'];
}
$this->pagetemplate->assign('lngpack', $this->lng);
$mid = $subread['mid'];
$modelview = $this->get_modelview($mid);
$modelname = $modelview['modelname'];
$pagemax = $modelview['pagemax'];
$pagemax = empty($subread['pagemax']) ? empty($pagemax) ? 20 : $pagemax : $subread['pagemax'];
$pagesylte = $modelview['pagesylte'];
$styleid = $subread['styleid'];
$subread['link'] = $this->get_link('subtype', $subread, admin_LNG);
$this->pagetemplate->assign('sub', $subread);
$templatesDIR = $this->get_templatesdir('article');
$list_templatefilename = $lng . '/' . $templatesDIR . '/' . $subread['template'];
$index_templatefilename = $lng . '/' . $templatesDIR . '/' . $subread['indextemplates'];
if ($styleid == 1) {
unset($subread, $modelview, $LANPACK, $this->lng);
$this->pagetemplate->display($index_templatefilename, $dirname . '_index', false, $filename, admin_LNG);
} elseif ($styleid == 2) {
$db_table = db_prefix . 'document';
$db_where = ' WHERE isclass=1 AND mid=' . $mid . ' AND sid=' . $sid;
$countnum = $this->db_numrows($db_table, $db_where);
if ($countnum > 0) {
$numpage = ceil($countnum / $pagemax);
} else {
$numpage = 1;
}
$db_table = db_prefix . 'document';
$sql = "SELECT * FROM {$db_table} {$db_where} LIMIT 0,{$pagemax}";
$this->htmlpage = new PageBotton($sql, $pagemax, $page, $countnum, $numpage, $pagesylte, $this->CON['file_fileex'], 5, $this->lng['pagebotton'], $this->lng['gopageurl'], $this->CON['is_rewrite']);
$sql = $this->htmlpage->PageSQL('pid,did', 'down');
$rs = $this->db->query($sql);
while ($rsList = $this->db->fetch_assoc($rs)) {
$attarray = array();
$attarray = $this->get_document_attr($rsList['did']);
$typeread = $this->get_type($rsList['tid']);
$rsList['typename'] = $typeread['typename'];
$rsList['typelink'] = $this->get_link('type', $typeread, admin_LNG);
$rsList['link'] = $this->get_link('doc', $rsList, admin_LNG);
$rsList['buylink'] = $this->get_link('buylink', $rsList, admin_LNG);
$rsList['enqlink'] = $this->get_link('enqlink', $rsList, admin_LNG);
$rsList['ctitle'] = empty($rsList['color']) ? $rsList['title'] : "<font color='" . $rsList['color'] . "'>" . $rsList['title'] . "</font>";
$array[] = is_array($attarray) ? array_merge($attarray, $rsList) : $rsList;
}
$this->pagetemplate->assign('pagetext', $this->htmlpage->PageStat($this->lng['pagetext']));
$this->pagetemplate->assign('pagebotton', $this->htmlpage->PageList());
$this->pagetemplate->assign('pagenu', $this->htmlpage->Bottonstyle(false));
$this->pagetemplate->assign('pagese', $this->htmlpage->pageSelect());
$this->pagetemplate->assign('pagevt', $this->htmlpage->Prevbotton());
$this->pagetemplate->assign('array', $array);
$this->pagetemplate->assign('path', 'special');
unset($array, $typeread, $modelview, $LANPACK, $this->lng);
$this->pagetemplate->display($list_templatefilename, $dirname . '_list', false, $filename, admin_LNG);
}
}
function in_quit()
{
if ($this->CON['mem_isucenter']) {
include_once admin_ROOT . 'public/uc_client/client.php';
}
parent::member_purview();
$this->fun->setcookie('ecisp_member_username', false);
$this->fun->setcookie('ecisp_member_info', false);
if ($this->CON['mem_isucenter']) {
uc_user_synlogout();
}
unset($this->ec_member_username, $this->ec_member_username_id, $this->condition, $this->ec_member_alias, $this->ec_member_integral, $this->ec_member_mcid, $this->ec_member_email, $this->ec_member_lastip);
header('location:' . $this->mlink['login']);
}
function in_del()
{
parent::member_purview(0, $this->mlink['orderlist']);
$lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG;
$oid = $this->fun->accept('oid', 'G');
if (empty($oid)) {
$this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']);
}
$db_table = db_prefix . 'order';
$db_where = 'ordertype=1 and oid=' . $oid;
$db_set = "ordertype=6";
$this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where);
if ($this->CON['is_email'] == 1) {
$db_where = 'oid=' . $oid;
$read = $this->db->fetch_first('SELECT * FROM ' . $db_table . ' WHERE ' . $db_where);
$this->ordermailsend('orderce', $oid, $read['email']);
}
$this->callmessage($this->lng['order_edit_del'], $this->mlink['orderlist'], $this->lng['gobackurlbotton']);
}
function in_save()
{
$linkURL = $_SERVER['HTTP_REFERER'];
if (!$this->fun->is_token() && !$this->CON['is_html']) {
$this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackbotton']);
}
parent::start_pagetemplate();
$lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG;
if ($this->CON['bbs_isseccode'] && !admin_WAP) {
$seccode = $this->fun->accept('seccode', 'P');
include_once admin_ROOT . 'public/class_seccode.php';
list($new_seccode, $expiration) = explode("\t", $this->fun->eccode($_COOKIE['ecisp_home_seccode'], 'DECODE'));
$code = new seccode();
$code->seccodeconvert($new_seccode);
if ($new_seccode != strtoupper($seccode)) {
$this->callmessage($this->lng['seescodeerr'], $linkURL, $this->lng['gobackbotton']);
}
}
$did = intval($this->fun->accept('did', 'P'));
$did = empty($did) ? 0 : $did;
if (empty($did)) {
$this->callmessage($this->lng['db_err'], $linkURL, $this->lng['gobackbotton']);
}
$readinfo = $this->get_documentview($did);
if (!$readinfo) {
$this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']);
}
if (!$readinfo['isclass'] || !$readinfo['ismess']) {
$this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']);
} elseif ($readinfo['purview'] > 0) {
parent::member_purview($readinfo['purview'], null, true);
}
$db_table = db_prefix . "document_message";
$userid = intval($this->fun->accept('userid', 'P'));
$userid = empty($userid) ? 0 : $userid;
$name = $this->fun->accept('name', 'P', true, true);
$name = $this->fun->substr($name, 20);
$content = $this->fun->accept('content', 'P');
$content = empty($content) ? '' : $this->fun->Text2Html($content, false);
if (empty($name) || empty($content)) {
$this->callmessage($this->lng['forum_input_err'], $linkURL, $this->lng['gobackbotton']);
}
$email = $this->fun->accept('email', 'P');
if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) {
$this->callmessage($this->lng['email_err'], $linkURL, $this->lng['gobackbotton']);
}
$isclass = $this->CON['bbs_isclass'] ? 0 : 1;
if (!$this->CON['is_anonymous']) {
parent::member_purview(1);
}
$ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']);
$addtime = time();
if (!empty($this->ec_member_username_id)) {
$rsMember = $this->get_member(null, $this->ec_member_username_id);
$lockusername = explode(',', $this->CON['bbs_username']);
if (in_array($this->ec_member_username, $lockusername)) {
$this->callmessage($this->lng['forum_mem_username'], $_SERVER['HTTP_REFERER'], $this->lng['gobackbotton']);
}
}
if (!empty($this->CON['bbs_filter'])) {
if ($this->fun->screening_key($content, $this->CON['bbs_filter'])) {
$this->callmessage($this->lng['forum_input_filter'], $linkURL, $this->lng['gobackbotton']);
}
}
$usersessionid = md5($ipadd + $did . 'input');
$inputseesion = $this->fun->accept($usersessionid, 'C');
if (empty($inputseesion) && $this->CON['bbs_inputtime']) {
$this->fun->setcookie($usersessionid, $addtime, $this->CON['bbs_inputtime']);
} elseif ($this->CON['bbs_inputtime']) {
$this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackurlbotton']);
}
$db_field = 'did,userid,adminid,ipadd,lng,name,email,content,recontent,isreply,isclass,addtime,retime,support,oppose';
$db_values = "{$did},{$userid},0,'{$ipadd}','{$lng}','{$name}','{$email}','{$content}','',0,{$isclass},{$addtime},0,0,0";
$this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')');
$insert_id = $this->db->insert_id();
$this->fun->setcookie('ecisp_home_seccode', null);
if ($this->CON['bbs_ismail']) {
$this->bbsmailsend('bbsrequest', $insert_id);
}
$this->callmessage($this->lng['forum_input_ok'], $linkURL, $this->lng['gobackurlbotton']);
}
function in_save()
{
$linkURL = $_SERVER['HTTP_REFERER'];
if (!$this->fun->is_token()) {
$this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackbotton']);
}
parent::start_pagetemplate();
$lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG;
$inputclass = $this->fun->accept('inputclass', 'P');
$btid = intval($this->fun->accept('btid', 'P'));
if (empty($btid)) {
$this->callmessage($this->lng['db_err'], $linkURL, $this->lng['gobackurlbotton']);
}
$db_table = db_prefix . "bbs";
$title = trim($this->fun->accept('title', 'P', true, true));
$title = $this->fun->substr($title, 80);
$username = $this->fun->accept('username', 'P', true, true);
$username = $this->fun->substr($username, 20);
$email = trim($this->fun->accept('email', 'P', true, true));
$content = $this->fun->accept('content', 'P');
$content = empty($content) ? '' : $this->fun->Text2Html($content, false);
$userid = intval($this->fun->accept('userid', 'P'));
if (empty($title)) {
$this->callmessage($this->lng['forum_title_err'], $linkURL, $this->lng['gobackbotton']);
}
if (empty($content) || empty($username)) {
$this->callmessage($this->lng['forum_input_err'], $linkURL, $this->lng['gobackbotton']);
}
if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) {
$this->callmessage($this->lng['email_err'], $linkURL, $this->lng['gobackbotton']);
}
$typeread = $this->get_bbstype_view($btid);
if (!$typeread) {
$this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']);
}
$qq = $this->fun->accept('qq', 'P', true, true);
$qq = $this->fun->substr($qq, 10);
$msn = $this->fun->accept('msn', 'P', true, true);
$address = $this->fun->accept('address', 'P', true, true);
$address = $this->fun->substr($address, 150);
$tel = $this->fun->accept('tel', 'P', true, true);
$tel = $this->fun->substr($tel, 15);
$mobile = $this->fun->accept('mobile', 'P', true, true);
$mobile = $this->fun->substr($mobile, 15);
if ($typeread['isseccode']) {
$seccode = $this->fun->accept('seccode', 'P');
include_once admin_ROOT . 'public/class_seccode.php';
list($new_seccode, $expiration) = explode("\t", $this->fun->eccode($_COOKIE['ecisp_home_seccode'], 'DECODE'));
$code = new seccode();
$code->seccodeconvert($new_seccode);
if ($new_seccode != strtoupper($seccode)) {
$this->callmessage($this->lng['seescodeerr'], $linkURL, $this->lng['gobackbotton']);
}
}
if (!$typeread['isclass']) {
exit("Information parameter error!");
} elseif ($typeread['purview'] > 0) {
parent::member_purview($purview);
}
$isclass = $typeread['isaddclass'] ? 0 : 1;
if ($typeread['purview'] > 0) {
parent::member_purview($typeread['purview']);
}
if (!empty($this->ec_member_username_id)) {
$rsMember = $this->get_member(null, $this->ec_member_username_id);
$lockusername = explode(',', $this->CON['bbs_username']);
if (in_array($this->ec_member_username, $lockusername)) {
$this->callmessage($this->lng['forum_mem_username'], $_SERVER['HTTP_REFERER'], $this->lng['gobackbotton']);
}
}
if (!empty($this->CON['bbs_filter'])) {
if ($this->fun->screening_key($content, $this->CON['bbs_filter']) || $this->fun->screening_key($title, $this->CON['bbs_filter'])) {
$this->callmessage($this->lng['forum_input_filter'], $linkURL, $this->lng['gobackbotton']);
}
}
$ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']);
$addtime = time();
$usersessionid = md5($ipadd + $btid . 'input');
$inputseesion = $this->fun->accept($usersessionid, 'C');
if (empty($inputseesion) && $typeread['inputtime']) {
$this->fun->setcookie($usersessionid, $addtime, $typeread['inputtime']);
} elseif ($typeread['inputtime']) {
$this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackurlbotton']);
}
if ($inputclass == 'add') {
$db_field = 'btid,upbid,adminid,userid,lng,title,content,username,email,qq,msn,address,tel,mobile,replynum,click,addtime,retime,isclass,istop,ipadd';
$db_values = "{$btid},0,0,{$userid},'{$lng}','{$title}','{$content}','{$username}','{$email}','{$qq}','{$msn}','{$address}','{$tel}','{$mobile}',0,0,{$addtime},0,{$isclass},0,'{$ipadd}'";
$this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')');
$insert_id = $this->db->insert_id();
$this->fun->setcookie('ecisp_home_seccode', null);
if ($typeread['ispage'] == 2) {
$linkURL = $this->get_link('forum', $typeread, admin_LNG);
}
if ($typeread['ismail'] && $this->CON['is_email']) {
$mailcode = $typeread['mailcode'] ? $typeread['mailcode'] : 'forumnew';
$putmail = $typeread['putmail'] ? $typeread['putmail'] : $this->CON['admine_mail'];
$this->forumsendmail($mailcode, $insert_id, $putmail);
}
if ($typeread['issms'] && $this->CON['is_moblie']) {
$messageArray = array('title' => $title);
$mobile = $this->CON['moblie_number'];
if ($typeread['smscode']) {
$this->membersmssend($messageArray, $mobile, $typeread['smscode']);
}
}
$this->callmessage($this->lng['forum_input_ok'], $linkURL, $this->lng['gobackurlbotton']);
}
if ($inputclass == 'reinput') {
$upbid = intval($this->fun->accept('bid', 'P'));
$reemail = $this->fun->accept('reemail', 'P');
$db_where = "bid={$upbid} AND isclass=1";
$db_set = "replynum=replynum+1,retime={$addtime}";
$this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where);
$db_field = 'btid,upbid,adminid,userid,lng,title,content,username,email,qq,msn,address,tel,mobile,replynum,click,addtime,retime,isclass,istop,ipadd';
$db_values = "{$btid},{$upbid},0,{$userid},'{$lng}','{$title}','{$content}','{$username}','{$email}','{$qq}','{$msn}','{$address}','{$tel}','{$mobile}',0,0,{$addtime},0,{$isclass},0,'{$ipadd}'";
$this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')');
$this->fun->setcookie('ecisp_home_seccode', null);
if ($typeread['ismail'] && $this->CON['is_email']) {
if (preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $reemail)) {
$this->forumsendmail('forumre', $upbid, $reemail);
}
}
$this->callmessage($this->lng['forum_input_ok'], $linkURL, $this->lng['gobackurlbotton']);
}
}
function in_save()
{
parent::start_pagetemplate();
parent::member_purview();
$lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG;
$inputclass = $this->fun->accept('inputclass', 'R');
$upurl = $this->fun->accept('upurl', 'R');
$userid = intval($this->fun->accept('userid', 'P'));
$username = $this->fun->accept('username', 'P');
if (empty($userid) || empty($username)) {
$linkURL = $this->mlink['center'];
$this->callmessage($this->lng['member_edit_ok'], $linkURL, $this->lng['gobackurlbotton']);
}
$email = trim($this->fun->accept('email', 'P'));
$question = trim($this->fun->accept('question', 'P', true, true));
$answer = trim($this->fun->accept('answer', 'P', true, true));
$alias = trim($this->fun->accept('alias', 'P', true, true));
$sex = $this->fun->accept('sex', 'P');
$sex = empty($sex) ? 0 : $sex;
$tel = trim($this->fun->accept('tel', 'P', true, true));
$mobile = trim($this->fun->accept('mobile', 'P', true, true));
$birthday = $this->fun->accept('birthday', 'P');
$birthday = empty($birthday) ? 0 : $this->fun->formatdate($birthday, 4);
$country = intval($this->fun->accept('cityone', 'P'));
$country = empty($country) ? 0 : $country;
$province = intval($this->fun->accept('citytwo', 'P'));
$province = empty($province) ? 0 : $province;
$city = intval($this->fun->accept('citythree', 'P'));
$city = empty($city) ? 0 : $city;
$district = intval($this->fun->accept('district', 'P'));
$district = empty($district) ? 0 : $district;
$address = trim($this->fun->accept('address', 'P', true, true));
$zipcode = trim($this->fun->accept('zipcode', 'P', true, true));
$zipcode = empty($zipcode) ? 0 : $zipcode;
$msn = trim($this->fun->accept('msn', 'P', true, true));
$qq = $this->fun->accept('qq', 'P');
$qq = empty($qq) ? 0 : $qq;
$db_table = db_prefix . 'member';
$db_table2 = db_prefix . 'member_value';
$date = time();
$linkURL = $_SERVER['HTTP_REFERER'];
if ($inputclass == 'editinfo') {
$mvid = intval($this->fun->accept('mvid', 'P'));
$modelatt = $this->get_memberatt_array($lng);
if (is_array($modelatt)) {
$modelarray = array();
foreach ($modelatt as $key => $value) {
if ($value['inputtype'] == 'htmltext') {
$value['accept'] = 'html';
} elseif ($value['inputtype'] == 'checkbox') {
$value['accept'] = 'checkbox';
} elseif ($value['inputtype'] == 'string' || $value['inputtype'] == 'img' || $value['inputtype'] == 'addon' || $value['inputtype'] == 'video' || $value['inputtype'] == 'select' || $value['inputtype'] == 'radio' || $value['inputtype'] == 'selectinput') {
$value['accept'] = 'text';
} elseif ($value['inputtype'] == 'editor' || $value['inputtype'] == 'text') {
$value['accept'] = 'editor';
} elseif ($value['inputtype'] == 'int' || $value['inputtype'] == 'float' || $value['inputtype'] == 'decimal') {
$value['accept'] = 'int';
} elseif ($value['inputtype'] == 'datetime') {
$value['accept'] = 'data';
}
$modelarray[] = $value;
}
$userinstall = null;
$userinstalldb = null;
foreach ($modelarray as $key => $value) {
$userinstall .= $value['attrname'] . ',';
if ($value['accept'] == 'int') {
$valuestr = $this->fun->accept($value['attrname'], 'P');
$valuestr = empty($valuestr) ? 0 : $valuestr;
$userinstalldb .= "{$valuestr},";
$userupdatedb .= $value['attrname'] . "={$valuestr},";
} elseif ($value['accept'] == 'html') {
$valuestr = $this->fun->accept($value['attrname'], 'P');
$valuestr = empty($valuestr) ? '' : $this->fun->Text2Html($valuestr);
$userinstalldb .= "'{$valuestr}',";
$userupdatedb .= $value['attrname'] . "='{$valuestr}',";
} elseif ($value['accept'] == 'editor' || $value['accept'] == 'text') {
$valuestr = $this->fun->accept($value['attrname'], 'P');
$userinstalldb .= "'{$valuestr}',";
$userupdatedb .= $value['attrname'] . "='{$valuestr}',";
} elseif ($value['accept'] == 'data') {
$valuestr = $this->fun->accept($value['attrname'], 'P');
$valuestr = empty($valuestr) ? 0 : strtotime($valuestr);
$userinstalldb .= "{$valuestr},";
$userupdatedb .= $value['attrname'] . "={$valuestr},";
} elseif ($value['accept'] == 'checkbox') {
$valuestr = $this->fun->accept($value['attrname'], 'P');
$valuestr = is_array($valuestr) ? implode(',', $valuestr) : '';
$userinstalldb .= "'{$valuestr}',";
$userupdatedb .= $value['attrname'] . "='{$valuestr}',";
}
}
}
$db_where = 'userid=' . $userid;
$db_set = "sex={$sex},birthday={$birthday},country={$country},province={$province},city={$city},district={$district},alias='{$alias}',\n\t\t\taddress='{$address}',zipcode={$zipcode},tel='{$tel}',mobile='{$mobile}',qq={$qq},msn='{$msn}'";
$this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where);
if ($userinstalldb) {
if ($mvid) {
$db_where = 'userid=' . $userid . ' AND mvid=' . $mvid;
$db_values = substr($userupdatedb, 0, strlen($userupdatedb) - 1);
$this->db->query('UPDATE ' . $db_table2 . ' SET ' . $db_values . ' WHERE ' . $db_where);
} else {
$db_field = $userinstall . 'userid';
$db_values = $userinstalldb . $userid;
$this->db->query('INSERT INTO ' . $db_table2 . ' (' . $db_field . ') VALUES (' . $db_values . ')');
}
}
$linkURL = $this->mlink['center'];
$this->callmessage($this->lng['member_edit_ok'], $linkURL, $this->lng['gobackurlbotton']);
}
if ($inputclass == 'editpassword') {
if ($this->CON['mem_isucenter']) {
include_once admin_ROOT . 'public/uc_client/client.php';
}
$oldpassword = md5($this->fun->accept('oldpassword', 'P'));
$password = md5($this->fun->accept('password', 'P'));
$password_uc = $this->fun->accept('password', 'P');
$oldpassword_uc = $this->fun->accept('oldpassword', 'P');
$db_where = "userid= {$userid} AND username='******' AND password='******'";
$db_sql = "SELECT * FROM {$db_table} WHERE {$db_where}";
$rsMember = $this->db->fetch_first($db_sql);
if (!$rsMember) {
$linkURL = $this->mlink['memedit_password'];
$this->callmessage($this->lng['password_input_err'], $linkURL, $this->lng['gobackbotton']);
} else {
$db_set = "password='******'";
$this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where);
if ($this->CON['mem_isucenter']) {
$data = uc_get_user($username);
if ($data) {
list($uid2, $username2, $email2) = $data;
uc_user_edit($username, $oldpassword_uc, $password_uc, $email2);
}
}
$linkURL = $this->mlink['quit'];
$this->callmessage($this->lng['password_ok'], $linkURL, $this->lng['out_botton']);
}
}
if ($inputclass == 'editmail') {
if ($this->CON['mem_isucenter']) {
include_once admin_ROOT . 'public/uc_client/client.php';
}
$linkURL = $this->mlink['memedit_email'];
if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) {
$this->callmessage($this->lng['email_err'], $linkURL, $this->lng['gobackbotton']);
}
$password = md5($this->fun->accept('password', 'P'));
$password_uc = $this->fun->accept('password', 'P');
$db_where = "userid= {$userid} AND username='******' AND password='******'";
$db_sql = "SELECT * FROM {$db_table} WHERE {$db_where}";
$rsMember = $this->db->fetch_first($db_sql);
if (!$rsMember) {
$this->callmessage($this->lng['password_input_err'], $linkURL, $this->lng['gobackbotton']);
} else {
$db_set = "email='{$email}'";
$this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where);
if ($this->CON['mem_isucenter']) {
$data = uc_get_user($username);
if ($data) {
list($uid2, $username2, $email2) = $data;
uc_user_edit($username, $password_uc, $password_uc, $email);
}
}
$linkURL = $this->mlink['center'];
$this->callmessage($this->lng['email_edit_ok'], $linkURL, $this->lng['gobackurlbotton']);
}
}
}
function in_save()
{
$linkURL = $_SERVER['HTTP_REFERER'];
if (!$this->fun->is_token()) {
$this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackbotton']);
}
parent::start_pagetemplate();
parent::member_purview(0, $this->mlink['orderlist']);
$userid = $this->ec_member_username_id;
if (empty($userid)) {
$this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']);
}
$lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG;
$bid = intval($this->fun->accept('bid', 'P'));
if (empty($bid)) {
$this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']);
}
$db_table = db_prefix . "bbs";
$title = trim($this->fun->accept('title', 'P', true, true));
$title = $this->fun->substr($title, 80);
$username = $this->fun->accept('username', 'P', true, true);
$username = $this->fun->substr($username, 20);
$email = trim($this->fun->accept('email', 'P', true, true));
$content = $this->fun->accept('content', 'P');
$content = empty($content) ? '' : $this->fun->Text2Html($content, false);
if (empty($title)) {
$this->callmessage($this->lng['forum_title_err'], $linkURL, $this->lng['gobackbotton']);
}
if (empty($content) || empty($username)) {
$this->callmessage($this->lng['forum_input_err'], $linkURL, $this->lng['gobackbotton']);
}
if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) {
$this->callmessage($this->lng['email_err'], $linkURL, $this->lng['gobackbotton']);
}
$qq = $this->fun->accept('qq', 'P', true, true);
$qq = $this->fun->substr($qq, 10);
$msn = $this->fun->accept('msn', 'P', true, true);
$address = $this->fun->accept('address', 'P', true, true);
$address = $this->fun->substr($address, 150);
$tel = $this->fun->accept('tel', 'P', true, true);
$tel = $this->fun->substr($tel, 15);
$mobile = $this->fun->accept('mobile', 'P', true, true);
$mobile = $this->fun->substr($mobile, 15);
$ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']);
$addtime = time();
if (!empty($this->CON['bbs_filter'])) {
if ($this->fun->screening_key($content, $this->CON['bbs_filter']) || $this->fun->screening_key($title, $this->CON['bbs_filter'])) {
$this->callmessage($this->lng['forum_input_filter'], $linkURL, $this->lng['gobackbotton']);
}
}
$db_where = 'bid=' . $bid . ' AND userid=' . $userid;
$db_set = "title='{$title}',content='{$content}',username='******',email='{$email}',qq='{$qq}',msn='{$msn}',address='{$address}',tel='{$tel}',mobile='{$mobile}'";
$this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where);
$this->callmessage($this->lng['forummain_edit_ok'], $this->mlink['forumlist'], $this->lng['gobackurlbotton']);
}
function in_read()
{
$this->start_pagetemplate();
$lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG;
$did = intval($this->fun->accept('did', 'G'));
if (empty($did)) {
$this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']);
}
$page = intval($this->fun->accept('page', 'G'));
$page = empty($page) ? 1 : $page;
$db_table = db_prefix . 'document';
$readinfo = $this->get_document($did);
if (!$readinfo['isclass']) {
exit("Information parameter error!");
}
$db_where = "isclass=1 AND did={$did}";
$db_set = "click=click+1";
$this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where);
if ($readinfo['islink']) {
$urladd = $readinfo['link'];
header("location:{$urladd}");
exit;
}
if (!empty($readinfo['tags'])) {
$tagArray = explode(',', $readinfo['tags']);
$tagArray = array_unique($tagArray);
$newTagArray = array();
foreach ($tagArray as $key => $value) {
$newTagArray[$key]['title'] = $value;
$view = $this->get_tag_view(null, $value, null, true);
$newTagArray[$key]['link'] = $view['islink'] == 1 ? $view['linkurl'] : $this->get_link('taglink', array('key' => $value), admin_LNG);
}
}
$readinfo['content'] = html_entity_decode($readinfo['content']);
$exCotnet = explode('<!-- pagebreak -->', $readinfo['content']);
$filepage = count($exCotnet);
$pageArray = array();
if ($filepage > 1) {
$nkey = $page + 1;
$pkey = $page > 1 ? $page - 1 : 1;
$readinfo['nlink'] = $nkey <= $filepage ? $this->get_link('doc', $readinfo, admin_LNG, $nkey) : null;
$readinfo['plink'] = $page > 1 ? $this->get_link('doc', $readinfo, admin_LNG, $pkey) : null;
for ($index = 0; $index < $filepage; $index++) {
$num = $index + 1;
$pageArray[$index]['num'] = $num;
$pageArray[$index]['n'] = $num == $page ? 1 : 0;
$pageArray[$index]['link'] = $this->get_link('doc', $readinfo, admin_LNG, $num);
}
$outkey = $page - 1;
$readinfo['content'] = $exCotnet[$outkey];
}
$this->pagetemplate->assign('page', $pageArray);
if (!empty($readinfo['keywords'])) {
$this->lng['keyword'] = $readinfo['keywords'];
}
if (!empty($readinfo['description'])) {
$this->lng['description'] = $readinfo['description'];
}
$this->pagetemplate->assign('lngpack', $this->lng);
$readinfo['buylink'] = $this->get_link('buylink', $readinfo, admin_LNG);
$readinfo['enqlink'] = $this->get_link('enqlink', $readinfo, admin_LNG);
$typeview = $this->get_type($readinfo['tid']);
if (!$typeview['isclass']) {
exit("Information parameter error!");
} elseif ($typeview['purview'] > 0) {
parent::member_purview($typeread['purview'], null, true);
} elseif ($readinfo['purview'] > 0) {
parent::member_purview($readinfo['purview'], null, true);
}
$typeview['typelink'] = $this->get_link('type', $typeview, admin_LNG);
$read_templates = $readinfo['istemplates'] && !empty($readinfo['template']) ? $readinfo['template'] : $typeview['readtemplate'];
$dirname = $typeview['dirname'];
if (!empty($readinfo['linkdid'])) {
$readinfo['linkdid'] = str_replace(',', '/', $readinfo['linkdid']);
}
$albumarray = $this->get_album_array($did);
$templatesDIR = $this->get_templatesdir('article');
$templatefilename = $lng . '/' . $templatesDIR . '/' . $read_templates;
$current = !$typeview['upid'] ? $typeview['tid'] : $typeview['topid'];
$this->pagetemplate->assign('path', 'article');
$this->pagetemplate->assign('current', $current);
$this->pagetemplate->assign('tag', $newTagArray);
$this->pagetemplate->assign('type', $typeview);
$this->pagetemplate->assign('read', $readinfo);
$this->pagetemplate->assign('photo', $albumarray['list']);
unset($typeview, $readinfo, $albumarray, $LANPACK, $this->lng);
$this->pagetemplate->display($templatefilename, $dirname . '_read', false, $filename, admin_LNG);
}
function in_ordersave()
{
parent::start_pagetemplate();
$linkURL = $_SERVER['HTTP_REFERER'];
if (!$this->fun->is_token()) {
$this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackbotton']);
}
if ($this->CON['order_ismember']) {
parent::member_purview(0, $this->mlink['orderpay']);
}
$lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG;
$cartid = $this->fun->eccode($this->fun->accept('ecisp_order_list', 'C'), 'DECODE', db_pscode);
$cartid = stripslashes(htmlspecialchars_decode($cartid));
$uncartid = !empty($cartid) ? unserialize($cartid) : 0;
$ordersncode = $this->fun->accept('ecisp_order_sncode', 'C');
$userid = intval($this->fun->accept('userid', 'P'));
$userid = empty($userid) ? 0 : $userid;
$consignee = trim($this->fun->accept('alias', 'P', true, true));
$consignee = $this->fun->substr($consignee, 12);
$email = $this->fun->accept('email', 'P', true, true);
$country = intval($this->fun->accept('cityone', 'P'));
$country = empty($country) ? 0 : $country;
$province = intval($this->fun->accept('citytwo', 'P'));
$province = empty($province) ? 0 : $province;
$city = intval($this->fun->accept('citythree', 'P'));
$city = empty($city) ? 0 : $city;
$district = intval($this->fun->accept('district', 'P'));
$district = empty($district) ? 0 : $district;
$address = trim($this->fun->accept('address', 'P', true, true));
$address = $this->fun->substr($address, 120);
$zipcode = trim($this->fun->accept('zipcode', 'P', true, true));
$zipcode = $this->fun->substr($zipcode, 10);
$tel = trim($this->fun->accept('tel', 'P', true, true));
$tel = $this->fun->substr($tel, 20);
$mobile = trim($this->fun->accept('mobile', 'P', true, true));
$mobile = $this->fun->substr($mobile, 15);
$sendtime = intval($this->fun->accept('sendtime', 'R'));
$content = trim($this->fun->accept('content', 'P', true, true));
$content = $this->fun->substr($content, 500);
$invpayee = trim($this->fun->accept('invpayee', 'P', true, true));
$invpayee = $this->fun->substr($invpayee, 60);
$invcontent = trim($this->fun->accept('invcontent', 'P', true, true));
$invcontent = $this->fun->substr($invcontent, 60);
$opid = intval($this->fun->accept('opid', 'P'));
$opid = empty($opid) ? 0 : $opid;
$osid = intval($this->fun->accept('osid', 'P'));
$osid = empty($osid) ? 0 : $osid;
$productmoney = floatval($this->fun->accept('productmoney', 'P'));
$discount_productmoney = floatval($this->fun->accept('discount_productmoney', 'P'));
$discountmoney = floatval($this->fun->accept('discountmoney', 'P'));
$cookiceprice = $this->fun->eccode(md5("{$productmoney}|{$discount_productmoney}"), 'ENCODE', db_pscode);
if ($uncartid && is_array($uncartid) && !empty($ordersncode) && $cookiceprice == $ordersncode) {
$ptitle = $this->fun->accept('ptitle', 'P');
$tsn = $this->fun->accept('tsn', 'P');
$bprice = $this->fun->accept('bprice', 'P');
$oprice = $this->fun->accept('oprice', 'P');
$did = $this->fun->accept('did', 'P');
$amount = $this->fun->accept('amount', 'P');
$countprice = $this->fun->accept('countprice', 'P');
if (empty($did) || empty($bprice) || empty($amount) || empty($countprice) || empty($opid) || empty($osid)) {
$buylink = $this->get_link('order', array(), admin_LNG);
$this->callmessage($this->lng['order_input_err'], $buylink, $this->lng['oder_buy_goback']);
}
if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) {
$this->callmessage($this->lng['email_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackbotton']);
}
$payprice = 0;
$shipprice = 0;
$payread = !empty($opid) ? $this->get_payplug_view($opid) : 0;
$shipprice = !empty($osid) ? $this->get_shipplug_view($osid, 'price') : 0;
$shipprice = floatval($shipprice);
if ($payread['payis'] > 0) {
$payread['payis'] = floatval($payread['payis']);
$payprice = $payread['payis'] / 100 * $discount_productmoney;
}
$orderamount = $discount_productmoney + $payprice + $shipprice;
$order_snfont = $this->CON['order_snfont'];
$ordersn = $order_snfont . date('YmdHis') . rand(100, 9999);
$db_table = db_prefix . 'order';
$db_table2 = db_prefix . 'order_info';
$addtime = time();
$db_field = 'ordersn,userid,ordertype,osid,opid,shippingsn,paysn,consignee,country,province,city,district,address,
zipcode,tel,mobile,email,sendtime,invpayee,invcontent,content,treatnote,paytime,shippingtime,productmoney,shippingmoney,
paymoney,orderamount,discount,integral,addtime';
$db_values = "'{$ordersn}',{$userid},1,{$osid},{$opid},'','','{$consignee}',{$country},{$province},{$city},{$district},'{$address}',\n\t\t\t\t'{$zipcode}','{$tel}','{$mobile}','{$email}','{$sendtime}','{$invpayee}','{$invcontent}','{$content}','',0,0,{$productmoney},{$shipprice},\n\t\t\t\t{$payprice},{$orderamount},{$discountmoney},0,{$addtime}";
$this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')');
$insert_id = $this->db->insert_id();
$db_values = '';
$arraycount = count($did) - 1;
foreach ($did as $key => $value) {
$value = intval($value);
$oprice[$key] = floatval($oprice[$key]);
$bprice[$key] = floatval($bprice[$key]);
$countprice[$key] = floatval($countprice[$key]);
$amount[$key] = intval($amount[$key]);
if ($key == $arraycount) {
$db_values .= "({$insert_id},{$value},'{$tsn[$key]}','{$ptitle[$key]}',{$oprice[$key]},{$bprice[$key]},{$countprice[$key]},{$amount[$key]},1)";
} else {
$db_values .= "({$insert_id},{$value},'{$tsn[$key]}','{$ptitle[$key]}',{$oprice[$key]},{$bprice[$key]},{$countprice[$key]},{$amount[$key]},1),";
}
}
$db_field = 'oid,did,tsn,title,oprice,bprice,countprice,amount,inventory';
$this->db->query('INSERT INTO ' . $db_table2 . ' (' . $db_field . ') VALUES ' . $db_values);
if ($this->CON['is_email']) {
$this->ordermailsend('orderen', $insert_id, $email);
$this->ordermailsend('orderwarn', $insert_id, $this->CON['admine_mail']);
}
if ($this->CON['is_moblie']) {
$OrderArray = array('ordersn' => $ordersn);
$mobile = $this->CON['moblie_number'];
$this->membersmssend($OrderArray, $mobile, 'orderto');
}
if (!empty($opid)) {
$rsOrder = array('ordersn' => $ordersn, 'orderamount' => $orderamount, 'oid' => $insert_id);
$paylist = $this->fun->formatarray($payread['pluglist']);
$plugcode = $payread['paycode'];
if (!empty($plugcode)) {
include_once admin_ROOT . 'public/plug/payment/' . $plugcode . '.php';
$payobj = new $plugcode();
$codesn = $this->fun->eccode($plugcode . $ordersn . $insert_id, 'ENCODE', db_pscode, FALSE);
$respondArray = array('code' => $plugcode, 'ordersn' => $ordersn, 'oid' => $insert_id, 'codesn' => $codesn);
$return_url = $this->get_link('paybackurl', $respondArray, admin_LNG);
$orderonline = $payobj->get_code($rsOrder, $paylist, $return_url, $return_url);
}
}
$order_integral = empty($this->CON['order_integral']) ? 1 : intval($this->CON['order_integral']);
$internum = $orderamount * $order_integral;
$this->pagetemplate->assign('internum', intval($internum));
$this->pagetemplate->assign('mlink', $this->mlink);
$this->pagetemplate->assign('orderonline', $orderonline);
$this->pagetemplate->assign('ordersn', $ordersn);
$this->pagetemplate->assign('orderamount', number_format($orderamount, 2));
$this->pagetemplate->assign('payprice', number_format($payprice, 2));
$this->pagetemplate->assign('shipprice', number_format($shipprice, 2));
$this->pagetemplate->assign('discount', number_format($discount_productmoney, 2));
$this->pagetemplate->assign('productmoney', number_format($productmoney, 2));
$this->pagetemplate->assign('discountmoney', number_format($discountmoney, 2));
$this->pagetemplate->assign('moneytype', $this->CON['order_moneytype']);
$this->pagetemplate->assign('order_ismember', $this->CON['order_ismember']);
$this->lng['sitename'] = $this->lng['ordertitle'] . '-' . $this->lng['sitename'];
$this->pagetemplate->assign('lngpack', $this->lng);
$this->fun->setcookie('ecisp_order_list', null);
$this->fun->setcookie('ecisp_order_productmoney', null);
$templatesDIR = $this->get_templatesdir('order');
$templatefilename = $lng . '/' . $templatesDIR . '/order_buy_center';
$this->pagetemplate->assign('out', 'buyok');
$this->pagetemplate->assign('path', 'order');
unset($this->mlink, $LANPACK, $this->lng);
$this->pagetemplate->display($templatefilename, 'order_ok', false, '', admin_LNG);
} else {
$buylink = $this->get_link('order', array(), admin_LNG);
$this->callmessage($this->lng['order_nolist'], $buylink, $this->lng['oder_buy_goback']);
}
}
function in_getvalidatecode()
{
parent::start_pagetemplate();
parent::member_purview();
$userid = intval($this->ec_member_username_id);
$username = $this->fun->accept('username', 'P');
$mobile = trim($this->fun->accept('mobile', 'P', true, true));
if (empty($userid) || empty($username) || empty($mobile)) {
exit('false');
}
if (!preg_match("/^[^!@~`\\'\"#\$\\%\\^&\\*\\(\\)\\+\\-\\{\\}\\[\\]\\|\\/\\?\\<\\>\\,\\.\\:\\;]{2,16}\$/i", $username)) {
exit('false');
}
if (!preg_match("/^1[0-9]{10}\$/i", $mobile)) {
exit('false');
}
$mobliesn = $this->fun->random(8, 1);
$date = time();
$db_table = db_prefix . 'member';
$db_where = "userid={$this->ec_member_username_id} AND username='******'";
$db_set = "mobliesn='{$mobliesn}',mobliesntime={$date}";
$this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where);
if ($this->CON['is_moblie']) {
$rsMember = $this->get_member('', $this->ec_member_username_id);
$rsMember['idcode'] = $mobliesn;
$this->membersmssend($rsMember, $mobile, 'mobliecode');
}
}
function in_payok()
{
parent::start_pagetemplate();
if ($this->CON['order_ismember']) {
parent::member_purview(0, $this->mlink['login']);
}
$lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG;
$linkURL = $_SERVER['HTTP_REFERER'];
$paycode = $this->fun->accept('code', 'G');
$ordersn = $this->fun->accept('ordersn', 'G');
$oid = intval($this->fun->accept('oid', 'G'));
$codesn = $this->fun->accept('codesn', 'G');
$integral = intval($this->CON['order_integral']);
$sncode = $this->fun->eccode($paycode . $ordersn . $oid, 'ENCODE', db_pscode, FALSE);
if ($sncode != $codesn) {
$linkURL = $this->mlink['center'];
$this->callmessage($this->lng['order_pay_no'], $linkURL, $this->lng['member_center_botton']);
}
if ($this->CON['order_ismember']) {
$userid = intval($this->ec_member_username_id);
if (empty($userid)) {
$linkURL = $this->mlink['center'];
$this->callmessage($this->lng['db_err'], $linkURL, $this->lng['member_center_botton']);
}
}
if (empty($oid)) {
$linkURL = $this->mlink['center'];
$this->callmessage($this->lng['db_err'], $linkURL, $this->lng['member_center_botton']);
}
if (!empty($paycode)) {
$db_table1 = db_prefix . 'order_pay';
$db_table2 = db_prefix . 'order';
$db_table3 = db_prefix . 'order_payreceipt';
$db_where = "paycode='{$paycode}'";
$rsList = $this->db->fetch_first('SELECT * FROM ' . $db_table1 . ' WHERE ' . $db_where);
if ($rsList) {
$config_list = unserialize($rsList['pluglist']);
foreach ($config_list as $config) {
$paymentvlue[$config['name']] = $config['value'];
}
include_once admin_ROOT . 'public/plug/payment/' . $paycode . '.php';
$payment = new $paycode();
$paymentType = $payment->respond($paymentvlue, $rsList);
$db_where = "oid={$oid} AND ordertype<>2";
$rsRead = $this->db->fetch_first('SELECT * FROM ' . $db_table2 . ' WHERE ' . $db_where);
if ($paymentType && $rsRead) {
$ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']);
$addtime = time();
if (!empty($integral)) {
$integral = intval($rsRead['orderamount'] / intval($integral));
} else {
$integral = 0;
}
$db_set = "ordertype=2,paysn='{$paymentType}',paytime='{$addtime}',integral={$integral}";
$this->db->query('UPDATE ' . $db_table2 . ' SET ' . $db_set . ' WHERE ' . $db_where);
$db_field = 'oid,opid,paysn,ordersn,orderamount,bankaccount,bankname,username,content,userid,isclass,paytime,addtime';
$db_values = "{$oid},{$rsRead['opid']},'{$rsRead['paysn']}','{$ordersn}',{$rsRead['orderamount']},'{$paymentvlue['paypal_account']}','{$paycode}','onlineuser','',{$rsRead['userid']},1,{$addtime},{$addtime}";
$this->db->query('INSERT INTO ' . $db_table3 . ' (' . $db_field . ') VALUES (' . $db_values . ')');
if ($rsRead['userid'] > 0) {
$this->set_member_integral($rsRead['userid'], $integral);
}
if ($this->CON['is_email']) {
$this->ordermailsend('orderpal', $oid, $rsRead['email']);
$this->ordermailsend('orderpayadmin', $oid, $this->CON['admine_mail']);
}
if ($this->CON['is_moblie']) {
$mobile = $this->CON['moblie_number'];
$this->membersmssend($rsRead, $mobile, 'orderpay');
}
$this->pagetemplate->assign('order', $rsRead);
$this->pagetemplate->assign('pay', $rsList);
$this->pagetemplate->assign('paysn', $paymentType);
$linkURL = $this->mlink['center'];
$readlink = $this->get_link('orderread', $rsRead, admin_LNG);
$this->callmessage($this->lng['order_pay_ok'], $linkURL, $this->lng['member_center_botton'], 1, $this->lng['order_read_botton'], 1, $readlink);
} else {
$linkURL = $this->mlink['center'];
$this->callmessage($this->lng['order_pay_no'], $linkURL, $this->lng['member_center_botton']);
}
} else {
$linkURL = $this->mlink['center'];
$this->callmessage($this->lng['order_pay_no'], $linkURL, $this->lng['member_center_botton']);
}
} else {
$linkURL = $this->mlink['center'];
$this->callmessage($this->lng['order_pay_no'], $linkURL, $this->lng['member_center_botton']);
}
}
