function in_list() { parent::start_pagetemplate(); include_once admin_ROOT . 'public/class_pagebotton.php'; $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG; $page = $this->fun->accept('page', 'G'); $page = isset($page) ? intval($page) : 1; $pagesylte = 1; $pagemax = intval($this->CON['bbs_max_list']); $did = intval($this->fun->accept('did', 'G')); if (empty($did)) { $this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']); } $readinfo = $this->get_documentview($did); if (!$readinfo['isclass'] || !$readinfo['ismess']) { exit("Information parameter error!"); } elseif ($readinfo['purview'] > 0) { parent::member_purview($readinfo['purview'], null, true); } $readinfo['link'] = $this->get_link('doc', $readinfo, admin_LNG); $this->pagetemplate->assign('read', $readinfo); $db_table = db_prefix . 'document_message'; $db_where = " WHERE isclass=1 AND did={$did}"; $countnum = $this->db_numrows($db_table, $db_where); if ($countnum > 0) { $numpage = ceil($countnum / $pagemax); } else { $numpage = 1; } $sql = "SELECT * FROM {$db_table} {$db_where} LIMIT 0,{$pagemax}"; $this->htmlpage = new PageBotton($sql, $pagemax, $page, $countnum, $numpage, $pagesylte, $this->CON['file_fileex'], 5, $this->lng['pagebotton'], $this->lng['gopageurl'], $this->CON['is_rewrite']); $sql = $this->htmlpage->PageSQL('dmid', 'down'); $rs = $this->db->query($sql); while ($rsList = $this->db->fetch_assoc($rs)) { $array[] = $rsList; } $this->pagetemplate->assign('pagetext', $this->htmlpage->PageStat($this->lng['pagetext'])); $this->pagetemplate->assign('pagebotton', $this->htmlpage->PageList()); $this->pagetemplate->assign('pagenu', $this->htmlpage->Bottonstyle(false)); $this->pagetemplate->assign('pagese', $this->htmlpage->pageSelect()); $this->pagetemplate->assign('pagevt', $this->htmlpage->Prevbotton()); $typeview = $this->get_type($readinfo['tid']); $current = !$typeview['upid'] ? $typeview['tid'] : $typeview['topid']; $this->pagetemplate->assign('array', $array); $this->pagetemplate->assign('path', 'article'); $this->pagetemplate->assign('current', $current); $this->pagetemplate->assign('did', $did); $link = $this->get_link('messlist', $read, $lng); $messform = $this->get_link('messform', $read, $lng); $ec_member_username = $this->member_cookieview('username'); if ($ec_member_username) { $reMem = $this->get_member($ec_member_username); $this->pagetemplate->assign('member', $reMem); } $this->pagetemplate->assign('seccodelink', $this->get_link('seccode')); $this->pagetemplate->assign('bbs_isseccode', $this->CON['bbs_isseccode']); $this->pagetemplate->assign('link', $link); $this->pagetemplate->assign('messform', $messform); $templatesDIR = $this->get_templatesdir('forum'); $templatefilename = $lng . '/' . $templatesDIR . '/message_list'; unset($array, $typeread, $readinfo, $LANPACK, $this->lng); $this->pagetemplate->display($templatefilename, 'message_list', false, '', admin_LNG); }
function in_del() { parent::member_purview(0, $this->mlink['enquirylist']); $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG; $eid = $this->fun->accept('eid', 'G'); if (empty($eid)) { $this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']); } $db_table = db_prefix . 'enquiry'; $db_where = 'isclass=0 and eid=' . $eid; $db_set = "isclass=2"; $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where); $this->callmessage($this->lng['enquiry_edit_del'], $this->mlink['enquirylist'], $this->lng['gobackurlbotton']); }
function in_enquirysave() { parent::start_pagetemplate(); $linkURL = $_SERVER['HTTP_REFERER']; if (!$this->fun->is_token()) { $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackbotton']); } $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG; if ($this->CON['is_enquiry_memclass']) { parent::member_purview(0, $this->get_link('enquiry', array(), admin_LNG)); } $cartid = $this->fun->eccode($this->fun->accept('ecisp_enquiry_list', 'C'), 'DECODE', db_pscode); $cartid = stripslashes(htmlspecialchars_decode($cartid)); $uncartid = !empty($cartid) ? unserialize($cartid) : 0; $userid = intval($this->fun->accept('userid', 'P')); $userid = !empty($userid) ? $userid : 0; $linkman = trim($this->fun->accept('linkman', 'P', true, true)); $linkman = $this->fun->substr($linkman, 20); $email = $this->fun->accept('email', 'P', true, true); $sex = $this->fun->accept('sex', 'P'); $sex = empty($sex) ? 0 : intval($sex); $country = intval($this->fun->accept('cityone', 'P')); $country = empty($country) ? 0 : $country; $province = intval($this->fun->accept('citytwo', 'P')); $province = empty($province) ? 0 : $province; $city = intval($this->fun->accept('citythree', 'P')); $city = empty($city) ? 0 : $city; $district = intval($this->fun->accept('district', 'P')); $district = empty($district) ? 0 : $district; $address = trim($this->fun->accept('address', 'P', true, true)); $address = $this->fun->substr($address, 120); $zipcode = trim($this->fun->accept('zipcode', 'P', true, true)); $zipcode = $this->fun->substr($zipcode, 10); $tel = trim($this->fun->accept('tel', 'P', true, true)); $tel = $this->fun->substr($tel, 20); $mobile = trim($this->fun->accept('mobile', 'P', true, true)); $mobile = $this->fun->substr($mobile, 15); $fax = trim($this->fun->accept('fax', 'P', true, true)); $fax = $this->fun->substr($fax, 15); $content = trim($this->fun->accept('content', 'P', true, true)); $content = $this->fun->substr($content, 500); $amount = $this->fun->accept('amount', 'P'); $ptitle = $this->fun->accept('ptitle', 'P'); $tsn = $this->fun->accept('tsn', 'P'); $did = $this->fun->accept('did', 'P'); if (empty($did) || empty($amount) || empty($ptitle)) { $enquirylink = $this->get_link('enquiry', array(), admin_LNG); $this->callmessage($this->lng['enquiry_input_err'], $enquirylink, $this->lng['enquiry_into_listbotton']); } if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) { $this->callmessage($this->lng['email_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackbotton']); } $enquirysn = date('YmdHis') . rand(100, 9999); $db_table = db_prefix . 'enquiry'; $db_table2 = db_prefix . 'enquiry_info'; $addtime = time(); $db_field = 'enquirysn,userid,linkman,sex,country,province,city,district,address,zipcode,tel,fax,mobile,email,content,isclass,addtime,edittime'; $db_values = "'{$enquirysn}',{$userid},'{$linkman}',{$sex},{$country},{$province},{$city},{$district},'{$address}','{$zipcode}','{$tel}','{$fax}','{$mobile}','{$email}','{$content}',0,{$addtime},0"; $this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')'); $insert_id = $this->db->insert_id(); $db_values = ''; $arraycount = count($did) - 1; foreach ($did as $key => $value) { $value = intval($value); $amount[$key] = intval($amount[$key]); if ($key == $arraycount) { $db_values .= "({$insert_id},{$value},'{$tsn[$key]}','{$ptitle[$key]}',{$amount[$key]},'')"; } else { $db_values .= "({$insert_id},{$value},'{$tsn[$key]}','{$ptitle[$key]}',{$amount[$key]},''),"; } } $db_field = 'eid,did,tsn,title,amount,comment'; $this->db->query('INSERT INTO ' . $db_table2 . ' (' . $db_field . ') VALUES ' . $db_values); if ($this->CON['is_email'] == 1) { $this->enquirymailsend('enquirywarn', $insert_id, $this->CON['admine_mail']); $this->enquirymailsend('enquiryre', $insert_id, $email); } if ($this->CON['is_moblie']) { $OrderArray = array('enquirysn' => $enquirysn); $mobile = $this->CON['moblie_number']; $this->membersmssend($OrderArray, $mobile, 'enqueryto'); } $this->fun->setcookie('ecisp_enquiry_list', null); $enquirylink = $this->get_link('enquiry', array(), admin_LNG); $this->callmessage($this->lng['enquiry_ok'], $enquirylink, $this->lng['enquiry_into_listbotton']); }
function in_del() { parent::member_purview(0, $this->mlink['orderlist']); $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG; $userid = $this->ec_member_username_id; if (empty($userid)) { $this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']); } $oid = intval($this->fun->accept('oid', 'R')); if (empty($oid)) { $this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']); } $db_table = db_prefix . 'order'; $db_where = 'ordertype=1 and oid=' . $oid . ' AND userid=' . $userid; $db_set = "ordertype=6"; $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where); if ($this->CON['is_email']) { $db_where = 'oid=' . $oid . ' AND userid=' . $userid; $read = $this->db->fetch_first('SELECT * FROM ' . $db_table . ' WHERE ' . $db_where); $this->ordermailsend('orderce', $oid, $read['email']); } if ($this->CON['is_moblie']) { $rsMember = $this->get_member('', $userid); if ($rsMember['ismoblie'] && !empty($rsMember['mobile'])) { if (!is_array($read)) { $db_where = 'oid=' . $oid . ' AND userid=' . $userid; $read = $this->db->fetch_first('SELECT * FROM ' . $db_table . ' WHERE ' . $db_where); } $read['username'] = $rsMember['username']; $read['mobile'] = $rsMember['mobile']; $this->membersmssend($read, $read['mobile'], 'orderdel'); } } $this->callmessage($this->lng['order_edit_del'], $this->mlink['orderlist'], $this->lng['gobackurlbotton']); }
function in_list() { parent::start_pagetemplate(); include_once admin_ROOT . 'public/class_pagebotton.php'; $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG; $page = $this->fun->accept('page', 'G'); $page = isset($page) ? intval($page) : 1; $sid = intval($this->fun->accept('sid', 'G')); $subread = $this->get_subjectlist_purview($sid); if (!$subread['isclass']) { exit("Information parameter error!"); } elseif ($subread['purview'] > 0) { parent::member_purview($subread['purview'], null, true); } if (!empty($subread['keywords'])) { $this->lng['keyword'] = $subread['keywords']; } if (!empty($subread['description'])) { $this->lng['description'] = $subread['description']; } $this->pagetemplate->assign('lngpack', $this->lng); $mid = $subread['mid']; $modelview = $this->get_modelview($mid); $modelname = $modelview['modelname']; $pagemax = $modelview['pagemax']; $pagemax = empty($subread['pagemax']) ? empty($pagemax) ? 20 : $pagemax : $subread['pagemax']; $pagesylte = $modelview['pagesylte']; $styleid = $subread['styleid']; $subread['link'] = $this->get_link('subtype', $subread, admin_LNG); $this->pagetemplate->assign('sub', $subread); $templatesDIR = $this->get_templatesdir('article'); $list_templatefilename = $lng . '/' . $templatesDIR . '/' . $subread['template']; $index_templatefilename = $lng . '/' . $templatesDIR . '/' . $subread['indextemplates']; if ($styleid == 1) { unset($subread, $modelview, $LANPACK, $this->lng); $this->pagetemplate->display($index_templatefilename, $dirname . '_index', false, $filename, admin_LNG); } elseif ($styleid == 2) { $db_table = db_prefix . 'document'; $db_where = ' WHERE isclass=1 AND mid=' . $mid . ' AND sid=' . $sid; $countnum = $this->db_numrows($db_table, $db_where); if ($countnum > 0) { $numpage = ceil($countnum / $pagemax); } else { $numpage = 1; } $db_table = db_prefix . 'document'; $sql = "SELECT * FROM {$db_table} {$db_where} LIMIT 0,{$pagemax}"; $this->htmlpage = new PageBotton($sql, $pagemax, $page, $countnum, $numpage, $pagesylte, $this->CON['file_fileex'], 5, $this->lng['pagebotton'], $this->lng['gopageurl'], $this->CON['is_rewrite']); $sql = $this->htmlpage->PageSQL('pid,did', 'down'); $rs = $this->db->query($sql); while ($rsList = $this->db->fetch_assoc($rs)) { $attarray = array(); $attarray = $this->get_document_attr($rsList['did']); $typeread = $this->get_type($rsList['tid']); $rsList['typename'] = $typeread['typename']; $rsList['typelink'] = $this->get_link('type', $typeread, admin_LNG); $rsList['link'] = $this->get_link('doc', $rsList, admin_LNG); $rsList['buylink'] = $this->get_link('buylink', $rsList, admin_LNG); $rsList['enqlink'] = $this->get_link('enqlink', $rsList, admin_LNG); $rsList['ctitle'] = empty($rsList['color']) ? $rsList['title'] : "<font color='" . $rsList['color'] . "'>" . $rsList['title'] . "</font>"; $array[] = is_array($attarray) ? array_merge($attarray, $rsList) : $rsList; } $this->pagetemplate->assign('pagetext', $this->htmlpage->PageStat($this->lng['pagetext'])); $this->pagetemplate->assign('pagebotton', $this->htmlpage->PageList()); $this->pagetemplate->assign('pagenu', $this->htmlpage->Bottonstyle(false)); $this->pagetemplate->assign('pagese', $this->htmlpage->pageSelect()); $this->pagetemplate->assign('pagevt', $this->htmlpage->Prevbotton()); $this->pagetemplate->assign('array', $array); $this->pagetemplate->assign('path', 'special'); unset($array, $typeread, $modelview, $LANPACK, $this->lng); $this->pagetemplate->display($list_templatefilename, $dirname . '_list', false, $filename, admin_LNG); } }
function in_quit() { if ($this->CON['mem_isucenter']) { include_once admin_ROOT . 'public/uc_client/client.php'; } parent::member_purview(); $this->fun->setcookie('ecisp_member_username', false); $this->fun->setcookie('ecisp_member_info', false); if ($this->CON['mem_isucenter']) { uc_user_synlogout(); } unset($this->ec_member_username, $this->ec_member_username_id, $this->condition, $this->ec_member_alias, $this->ec_member_integral, $this->ec_member_mcid, $this->ec_member_email, $this->ec_member_lastip); header('location:' . $this->mlink['login']); }
function in_del() { parent::member_purview(0, $this->mlink['orderlist']); $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG; $oid = $this->fun->accept('oid', 'G'); if (empty($oid)) { $this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']); } $db_table = db_prefix . 'order'; $db_where = 'ordertype=1 and oid=' . $oid; $db_set = "ordertype=6"; $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where); if ($this->CON['is_email'] == 1) { $db_where = 'oid=' . $oid; $read = $this->db->fetch_first('SELECT * FROM ' . $db_table . ' WHERE ' . $db_where); $this->ordermailsend('orderce', $oid, $read['email']); } $this->callmessage($this->lng['order_edit_del'], $this->mlink['orderlist'], $this->lng['gobackurlbotton']); }
function in_save() { $linkURL = $_SERVER['HTTP_REFERER']; if (!$this->fun->is_token() && !$this->CON['is_html']) { $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackbotton']); } parent::start_pagetemplate(); $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG; if ($this->CON['bbs_isseccode'] && !admin_WAP) { $seccode = $this->fun->accept('seccode', 'P'); include_once admin_ROOT . 'public/class_seccode.php'; list($new_seccode, $expiration) = explode("\t", $this->fun->eccode($_COOKIE['ecisp_home_seccode'], 'DECODE')); $code = new seccode(); $code->seccodeconvert($new_seccode); if ($new_seccode != strtoupper($seccode)) { $this->callmessage($this->lng['seescodeerr'], $linkURL, $this->lng['gobackbotton']); } } $did = intval($this->fun->accept('did', 'P')); $did = empty($did) ? 0 : $did; if (empty($did)) { $this->callmessage($this->lng['db_err'], $linkURL, $this->lng['gobackbotton']); } $readinfo = $this->get_documentview($did); if (!$readinfo) { $this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']); } if (!$readinfo['isclass'] || !$readinfo['ismess']) { $this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']); } elseif ($readinfo['purview'] > 0) { parent::member_purview($readinfo['purview'], null, true); } $db_table = db_prefix . "document_message"; $userid = intval($this->fun->accept('userid', 'P')); $userid = empty($userid) ? 0 : $userid; $name = $this->fun->accept('name', 'P', true, true); $name = $this->fun->substr($name, 20); $content = $this->fun->accept('content', 'P'); $content = empty($content) ? '' : $this->fun->Text2Html($content, false); if (empty($name) || empty($content)) { $this->callmessage($this->lng['forum_input_err'], $linkURL, $this->lng['gobackbotton']); } $email = $this->fun->accept('email', 'P'); if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) { $this->callmessage($this->lng['email_err'], $linkURL, $this->lng['gobackbotton']); } $isclass = $this->CON['bbs_isclass'] ? 0 : 1; if (!$this->CON['is_anonymous']) { parent::member_purview(1); } $ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']); $addtime = time(); if (!empty($this->ec_member_username_id)) { $rsMember = $this->get_member(null, $this->ec_member_username_id); $lockusername = explode(',', $this->CON['bbs_username']); if (in_array($this->ec_member_username, $lockusername)) { $this->callmessage($this->lng['forum_mem_username'], $_SERVER['HTTP_REFERER'], $this->lng['gobackbotton']); } } if (!empty($this->CON['bbs_filter'])) { if ($this->fun->screening_key($content, $this->CON['bbs_filter'])) { $this->callmessage($this->lng['forum_input_filter'], $linkURL, $this->lng['gobackbotton']); } } $usersessionid = md5($ipadd + $did . 'input'); $inputseesion = $this->fun->accept($usersessionid, 'C'); if (empty($inputseesion) && $this->CON['bbs_inputtime']) { $this->fun->setcookie($usersessionid, $addtime, $this->CON['bbs_inputtime']); } elseif ($this->CON['bbs_inputtime']) { $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackurlbotton']); } $db_field = 'did,userid,adminid,ipadd,lng,name,email,content,recontent,isreply,isclass,addtime,retime,support,oppose'; $db_values = "{$did},{$userid},0,'{$ipadd}','{$lng}','{$name}','{$email}','{$content}','',0,{$isclass},{$addtime},0,0,0"; $this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')'); $insert_id = $this->db->insert_id(); $this->fun->setcookie('ecisp_home_seccode', null); if ($this->CON['bbs_ismail']) { $this->bbsmailsend('bbsrequest', $insert_id); } $this->callmessage($this->lng['forum_input_ok'], $linkURL, $this->lng['gobackurlbotton']); }
function in_save() { $linkURL = $_SERVER['HTTP_REFERER']; if (!$this->fun->is_token()) { $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackbotton']); } parent::start_pagetemplate(); $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG; $inputclass = $this->fun->accept('inputclass', 'P'); $btid = intval($this->fun->accept('btid', 'P')); if (empty($btid)) { $this->callmessage($this->lng['db_err'], $linkURL, $this->lng['gobackurlbotton']); } $db_table = db_prefix . "bbs"; $title = trim($this->fun->accept('title', 'P', true, true)); $title = $this->fun->substr($title, 80); $username = $this->fun->accept('username', 'P', true, true); $username = $this->fun->substr($username, 20); $email = trim($this->fun->accept('email', 'P', true, true)); $content = $this->fun->accept('content', 'P'); $content = empty($content) ? '' : $this->fun->Text2Html($content, false); $userid = intval($this->fun->accept('userid', 'P')); if (empty($title)) { $this->callmessage($this->lng['forum_title_err'], $linkURL, $this->lng['gobackbotton']); } if (empty($content) || empty($username)) { $this->callmessage($this->lng['forum_input_err'], $linkURL, $this->lng['gobackbotton']); } if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) { $this->callmessage($this->lng['email_err'], $linkURL, $this->lng['gobackbotton']); } $typeread = $this->get_bbstype_view($btid); if (!$typeread) { $this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']); } $qq = $this->fun->accept('qq', 'P', true, true); $qq = $this->fun->substr($qq, 10); $msn = $this->fun->accept('msn', 'P', true, true); $address = $this->fun->accept('address', 'P', true, true); $address = $this->fun->substr($address, 150); $tel = $this->fun->accept('tel', 'P', true, true); $tel = $this->fun->substr($tel, 15); $mobile = $this->fun->accept('mobile', 'P', true, true); $mobile = $this->fun->substr($mobile, 15); if ($typeread['isseccode']) { $seccode = $this->fun->accept('seccode', 'P'); include_once admin_ROOT . 'public/class_seccode.php'; list($new_seccode, $expiration) = explode("\t", $this->fun->eccode($_COOKIE['ecisp_home_seccode'], 'DECODE')); $code = new seccode(); $code->seccodeconvert($new_seccode); if ($new_seccode != strtoupper($seccode)) { $this->callmessage($this->lng['seescodeerr'], $linkURL, $this->lng['gobackbotton']); } } if (!$typeread['isclass']) { exit("Information parameter error!"); } elseif ($typeread['purview'] > 0) { parent::member_purview($purview); } $isclass = $typeread['isaddclass'] ? 0 : 1; if ($typeread['purview'] > 0) { parent::member_purview($typeread['purview']); } if (!empty($this->ec_member_username_id)) { $rsMember = $this->get_member(null, $this->ec_member_username_id); $lockusername = explode(',', $this->CON['bbs_username']); if (in_array($this->ec_member_username, $lockusername)) { $this->callmessage($this->lng['forum_mem_username'], $_SERVER['HTTP_REFERER'], $this->lng['gobackbotton']); } } if (!empty($this->CON['bbs_filter'])) { if ($this->fun->screening_key($content, $this->CON['bbs_filter']) || $this->fun->screening_key($title, $this->CON['bbs_filter'])) { $this->callmessage($this->lng['forum_input_filter'], $linkURL, $this->lng['gobackbotton']); } } $ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']); $addtime = time(); $usersessionid = md5($ipadd + $btid . 'input'); $inputseesion = $this->fun->accept($usersessionid, 'C'); if (empty($inputseesion) && $typeread['inputtime']) { $this->fun->setcookie($usersessionid, $addtime, $typeread['inputtime']); } elseif ($typeread['inputtime']) { $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackurlbotton']); } if ($inputclass == 'add') { $db_field = 'btid,upbid,adminid,userid,lng,title,content,username,email,qq,msn,address,tel,mobile,replynum,click,addtime,retime,isclass,istop,ipadd'; $db_values = "{$btid},0,0,{$userid},'{$lng}','{$title}','{$content}','{$username}','{$email}','{$qq}','{$msn}','{$address}','{$tel}','{$mobile}',0,0,{$addtime},0,{$isclass},0,'{$ipadd}'"; $this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')'); $insert_id = $this->db->insert_id(); $this->fun->setcookie('ecisp_home_seccode', null); if ($typeread['ispage'] == 2) { $linkURL = $this->get_link('forum', $typeread, admin_LNG); } if ($typeread['ismail'] && $this->CON['is_email']) { $mailcode = $typeread['mailcode'] ? $typeread['mailcode'] : 'forumnew'; $putmail = $typeread['putmail'] ? $typeread['putmail'] : $this->CON['admine_mail']; $this->forumsendmail($mailcode, $insert_id, $putmail); } if ($typeread['issms'] && $this->CON['is_moblie']) { $messageArray = array('title' => $title); $mobile = $this->CON['moblie_number']; if ($typeread['smscode']) { $this->membersmssend($messageArray, $mobile, $typeread['smscode']); } } $this->callmessage($this->lng['forum_input_ok'], $linkURL, $this->lng['gobackurlbotton']); } if ($inputclass == 'reinput') { $upbid = intval($this->fun->accept('bid', 'P')); $reemail = $this->fun->accept('reemail', 'P'); $db_where = "bid={$upbid} AND isclass=1"; $db_set = "replynum=replynum+1,retime={$addtime}"; $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where); $db_field = 'btid,upbid,adminid,userid,lng,title,content,username,email,qq,msn,address,tel,mobile,replynum,click,addtime,retime,isclass,istop,ipadd'; $db_values = "{$btid},{$upbid},0,{$userid},'{$lng}','{$title}','{$content}','{$username}','{$email}','{$qq}','{$msn}','{$address}','{$tel}','{$mobile}',0,0,{$addtime},0,{$isclass},0,'{$ipadd}'"; $this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')'); $this->fun->setcookie('ecisp_home_seccode', null); if ($typeread['ismail'] && $this->CON['is_email']) { if (preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $reemail)) { $this->forumsendmail('forumre', $upbid, $reemail); } } $this->callmessage($this->lng['forum_input_ok'], $linkURL, $this->lng['gobackurlbotton']); } }
function in_save() { parent::start_pagetemplate(); parent::member_purview(); $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG; $inputclass = $this->fun->accept('inputclass', 'R'); $upurl = $this->fun->accept('upurl', 'R'); $userid = intval($this->fun->accept('userid', 'P')); $username = $this->fun->accept('username', 'P'); if (empty($userid) || empty($username)) { $linkURL = $this->mlink['center']; $this->callmessage($this->lng['member_edit_ok'], $linkURL, $this->lng['gobackurlbotton']); } $email = trim($this->fun->accept('email', 'P')); $question = trim($this->fun->accept('question', 'P', true, true)); $answer = trim($this->fun->accept('answer', 'P', true, true)); $alias = trim($this->fun->accept('alias', 'P', true, true)); $sex = $this->fun->accept('sex', 'P'); $sex = empty($sex) ? 0 : $sex; $tel = trim($this->fun->accept('tel', 'P', true, true)); $mobile = trim($this->fun->accept('mobile', 'P', true, true)); $birthday = $this->fun->accept('birthday', 'P'); $birthday = empty($birthday) ? 0 : $this->fun->formatdate($birthday, 4); $country = intval($this->fun->accept('cityone', 'P')); $country = empty($country) ? 0 : $country; $province = intval($this->fun->accept('citytwo', 'P')); $province = empty($province) ? 0 : $province; $city = intval($this->fun->accept('citythree', 'P')); $city = empty($city) ? 0 : $city; $district = intval($this->fun->accept('district', 'P')); $district = empty($district) ? 0 : $district; $address = trim($this->fun->accept('address', 'P', true, true)); $zipcode = trim($this->fun->accept('zipcode', 'P', true, true)); $zipcode = empty($zipcode) ? 0 : $zipcode; $msn = trim($this->fun->accept('msn', 'P', true, true)); $qq = $this->fun->accept('qq', 'P'); $qq = empty($qq) ? 0 : $qq; $db_table = db_prefix . 'member'; $db_table2 = db_prefix . 'member_value'; $date = time(); $linkURL = $_SERVER['HTTP_REFERER']; if ($inputclass == 'editinfo') { $mvid = intval($this->fun->accept('mvid', 'P')); $modelatt = $this->get_memberatt_array($lng); if (is_array($modelatt)) { $modelarray = array(); foreach ($modelatt as $key => $value) { if ($value['inputtype'] == 'htmltext') { $value['accept'] = 'html'; } elseif ($value['inputtype'] == 'checkbox') { $value['accept'] = 'checkbox'; } elseif ($value['inputtype'] == 'string' || $value['inputtype'] == 'img' || $value['inputtype'] == 'addon' || $value['inputtype'] == 'video' || $value['inputtype'] == 'select' || $value['inputtype'] == 'radio' || $value['inputtype'] == 'selectinput') { $value['accept'] = 'text'; } elseif ($value['inputtype'] == 'editor' || $value['inputtype'] == 'text') { $value['accept'] = 'editor'; } elseif ($value['inputtype'] == 'int' || $value['inputtype'] == 'float' || $value['inputtype'] == 'decimal') { $value['accept'] = 'int'; } elseif ($value['inputtype'] == 'datetime') { $value['accept'] = 'data'; } $modelarray[] = $value; } $userinstall = null; $userinstalldb = null; foreach ($modelarray as $key => $value) { $userinstall .= $value['attrname'] . ','; if ($value['accept'] == 'int') { $valuestr = $this->fun->accept($value['attrname'], 'P'); $valuestr = empty($valuestr) ? 0 : $valuestr; $userinstalldb .= "{$valuestr},"; $userupdatedb .= $value['attrname'] . "={$valuestr},"; } elseif ($value['accept'] == 'html') { $valuestr = $this->fun->accept($value['attrname'], 'P'); $valuestr = empty($valuestr) ? '' : $this->fun->Text2Html($valuestr); $userinstalldb .= "'{$valuestr}',"; $userupdatedb .= $value['attrname'] . "='{$valuestr}',"; } elseif ($value['accept'] == 'editor' || $value['accept'] == 'text') { $valuestr = $this->fun->accept($value['attrname'], 'P'); $userinstalldb .= "'{$valuestr}',"; $userupdatedb .= $value['attrname'] . "='{$valuestr}',"; } elseif ($value['accept'] == 'data') { $valuestr = $this->fun->accept($value['attrname'], 'P'); $valuestr = empty($valuestr) ? 0 : strtotime($valuestr); $userinstalldb .= "{$valuestr},"; $userupdatedb .= $value['attrname'] . "={$valuestr},"; } elseif ($value['accept'] == 'checkbox') { $valuestr = $this->fun->accept($value['attrname'], 'P'); $valuestr = is_array($valuestr) ? implode(',', $valuestr) : ''; $userinstalldb .= "'{$valuestr}',"; $userupdatedb .= $value['attrname'] . "='{$valuestr}',"; } } } $db_where = 'userid=' . $userid; $db_set = "sex={$sex},birthday={$birthday},country={$country},province={$province},city={$city},district={$district},alias='{$alias}',\n\t\t\taddress='{$address}',zipcode={$zipcode},tel='{$tel}',mobile='{$mobile}',qq={$qq},msn='{$msn}'"; $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where); if ($userinstalldb) { if ($mvid) { $db_where = 'userid=' . $userid . ' AND mvid=' . $mvid; $db_values = substr($userupdatedb, 0, strlen($userupdatedb) - 1); $this->db->query('UPDATE ' . $db_table2 . ' SET ' . $db_values . ' WHERE ' . $db_where); } else { $db_field = $userinstall . 'userid'; $db_values = $userinstalldb . $userid; $this->db->query('INSERT INTO ' . $db_table2 . ' (' . $db_field . ') VALUES (' . $db_values . ')'); } } $linkURL = $this->mlink['center']; $this->callmessage($this->lng['member_edit_ok'], $linkURL, $this->lng['gobackurlbotton']); } if ($inputclass == 'editpassword') { if ($this->CON['mem_isucenter']) { include_once admin_ROOT . 'public/uc_client/client.php'; } $oldpassword = md5($this->fun->accept('oldpassword', 'P')); $password = md5($this->fun->accept('password', 'P')); $password_uc = $this->fun->accept('password', 'P'); $oldpassword_uc = $this->fun->accept('oldpassword', 'P'); $db_where = "userid= {$userid} AND username='******' AND password='******'"; $db_sql = "SELECT * FROM {$db_table} WHERE {$db_where}"; $rsMember = $this->db->fetch_first($db_sql); if (!$rsMember) { $linkURL = $this->mlink['memedit_password']; $this->callmessage($this->lng['password_input_err'], $linkURL, $this->lng['gobackbotton']); } else { $db_set = "password='******'"; $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where); if ($this->CON['mem_isucenter']) { $data = uc_get_user($username); if ($data) { list($uid2, $username2, $email2) = $data; uc_user_edit($username, $oldpassword_uc, $password_uc, $email2); } } $linkURL = $this->mlink['quit']; $this->callmessage($this->lng['password_ok'], $linkURL, $this->lng['out_botton']); } } if ($inputclass == 'editmail') { if ($this->CON['mem_isucenter']) { include_once admin_ROOT . 'public/uc_client/client.php'; } $linkURL = $this->mlink['memedit_email']; if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) { $this->callmessage($this->lng['email_err'], $linkURL, $this->lng['gobackbotton']); } $password = md5($this->fun->accept('password', 'P')); $password_uc = $this->fun->accept('password', 'P'); $db_where = "userid= {$userid} AND username='******' AND password='******'"; $db_sql = "SELECT * FROM {$db_table} WHERE {$db_where}"; $rsMember = $this->db->fetch_first($db_sql); if (!$rsMember) { $this->callmessage($this->lng['password_input_err'], $linkURL, $this->lng['gobackbotton']); } else { $db_set = "email='{$email}'"; $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where); if ($this->CON['mem_isucenter']) { $data = uc_get_user($username); if ($data) { list($uid2, $username2, $email2) = $data; uc_user_edit($username, $password_uc, $password_uc, $email); } } $linkURL = $this->mlink['center']; $this->callmessage($this->lng['email_edit_ok'], $linkURL, $this->lng['gobackurlbotton']); } } }
function in_save() { $linkURL = $_SERVER['HTTP_REFERER']; if (!$this->fun->is_token()) { $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackbotton']); } parent::start_pagetemplate(); parent::member_purview(0, $this->mlink['orderlist']); $userid = $this->ec_member_username_id; if (empty($userid)) { $this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']); } $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG; $bid = intval($this->fun->accept('bid', 'P')); if (empty($bid)) { $this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']); } $db_table = db_prefix . "bbs"; $title = trim($this->fun->accept('title', 'P', true, true)); $title = $this->fun->substr($title, 80); $username = $this->fun->accept('username', 'P', true, true); $username = $this->fun->substr($username, 20); $email = trim($this->fun->accept('email', 'P', true, true)); $content = $this->fun->accept('content', 'P'); $content = empty($content) ? '' : $this->fun->Text2Html($content, false); if (empty($title)) { $this->callmessage($this->lng['forum_title_err'], $linkURL, $this->lng['gobackbotton']); } if (empty($content) || empty($username)) { $this->callmessage($this->lng['forum_input_err'], $linkURL, $this->lng['gobackbotton']); } if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) { $this->callmessage($this->lng['email_err'], $linkURL, $this->lng['gobackbotton']); } $qq = $this->fun->accept('qq', 'P', true, true); $qq = $this->fun->substr($qq, 10); $msn = $this->fun->accept('msn', 'P', true, true); $address = $this->fun->accept('address', 'P', true, true); $address = $this->fun->substr($address, 150); $tel = $this->fun->accept('tel', 'P', true, true); $tel = $this->fun->substr($tel, 15); $mobile = $this->fun->accept('mobile', 'P', true, true); $mobile = $this->fun->substr($mobile, 15); $ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']); $addtime = time(); if (!empty($this->CON['bbs_filter'])) { if ($this->fun->screening_key($content, $this->CON['bbs_filter']) || $this->fun->screening_key($title, $this->CON['bbs_filter'])) { $this->callmessage($this->lng['forum_input_filter'], $linkURL, $this->lng['gobackbotton']); } } $db_where = 'bid=' . $bid . ' AND userid=' . $userid; $db_set = "title='{$title}',content='{$content}',username='******',email='{$email}',qq='{$qq}',msn='{$msn}',address='{$address}',tel='{$tel}',mobile='{$mobile}'"; $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where); $this->callmessage($this->lng['forummain_edit_ok'], $this->mlink['forumlist'], $this->lng['gobackurlbotton']); }
function in_read() { $this->start_pagetemplate(); $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG; $did = intval($this->fun->accept('did', 'G')); if (empty($did)) { $this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']); } $page = intval($this->fun->accept('page', 'G')); $page = empty($page) ? 1 : $page; $db_table = db_prefix . 'document'; $readinfo = $this->get_document($did); if (!$readinfo['isclass']) { exit("Information parameter error!"); } $db_where = "isclass=1 AND did={$did}"; $db_set = "click=click+1"; $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where); if ($readinfo['islink']) { $urladd = $readinfo['link']; header("location:{$urladd}"); exit; } if (!empty($readinfo['tags'])) { $tagArray = explode(',', $readinfo['tags']); $tagArray = array_unique($tagArray); $newTagArray = array(); foreach ($tagArray as $key => $value) { $newTagArray[$key]['title'] = $value; $view = $this->get_tag_view(null, $value, null, true); $newTagArray[$key]['link'] = $view['islink'] == 1 ? $view['linkurl'] : $this->get_link('taglink', array('key' => $value), admin_LNG); } } $readinfo['content'] = html_entity_decode($readinfo['content']); $exCotnet = explode('<!-- pagebreak -->', $readinfo['content']); $filepage = count($exCotnet); $pageArray = array(); if ($filepage > 1) { $nkey = $page + 1; $pkey = $page > 1 ? $page - 1 : 1; $readinfo['nlink'] = $nkey <= $filepage ? $this->get_link('doc', $readinfo, admin_LNG, $nkey) : null; $readinfo['plink'] = $page > 1 ? $this->get_link('doc', $readinfo, admin_LNG, $pkey) : null; for ($index = 0; $index < $filepage; $index++) { $num = $index + 1; $pageArray[$index]['num'] = $num; $pageArray[$index]['n'] = $num == $page ? 1 : 0; $pageArray[$index]['link'] = $this->get_link('doc', $readinfo, admin_LNG, $num); } $outkey = $page - 1; $readinfo['content'] = $exCotnet[$outkey]; } $this->pagetemplate->assign('page', $pageArray); if (!empty($readinfo['keywords'])) { $this->lng['keyword'] = $readinfo['keywords']; } if (!empty($readinfo['description'])) { $this->lng['description'] = $readinfo['description']; } $this->pagetemplate->assign('lngpack', $this->lng); $readinfo['buylink'] = $this->get_link('buylink', $readinfo, admin_LNG); $readinfo['enqlink'] = $this->get_link('enqlink', $readinfo, admin_LNG); $typeview = $this->get_type($readinfo['tid']); if (!$typeview['isclass']) { exit("Information parameter error!"); } elseif ($typeview['purview'] > 0) { parent::member_purview($typeread['purview'], null, true); } elseif ($readinfo['purview'] > 0) { parent::member_purview($readinfo['purview'], null, true); } $typeview['typelink'] = $this->get_link('type', $typeview, admin_LNG); $read_templates = $readinfo['istemplates'] && !empty($readinfo['template']) ? $readinfo['template'] : $typeview['readtemplate']; $dirname = $typeview['dirname']; if (!empty($readinfo['linkdid'])) { $readinfo['linkdid'] = str_replace(',', '/', $readinfo['linkdid']); } $albumarray = $this->get_album_array($did); $templatesDIR = $this->get_templatesdir('article'); $templatefilename = $lng . '/' . $templatesDIR . '/' . $read_templates; $current = !$typeview['upid'] ? $typeview['tid'] : $typeview['topid']; $this->pagetemplate->assign('path', 'article'); $this->pagetemplate->assign('current', $current); $this->pagetemplate->assign('tag', $newTagArray); $this->pagetemplate->assign('type', $typeview); $this->pagetemplate->assign('read', $readinfo); $this->pagetemplate->assign('photo', $albumarray['list']); unset($typeview, $readinfo, $albumarray, $LANPACK, $this->lng); $this->pagetemplate->display($templatefilename, $dirname . '_read', false, $filename, admin_LNG); }
function in_ordersave() { parent::start_pagetemplate(); $linkURL = $_SERVER['HTTP_REFERER']; if (!$this->fun->is_token()) { $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackbotton']); } if ($this->CON['order_ismember']) { parent::member_purview(0, $this->mlink['orderpay']); } $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG; $cartid = $this->fun->eccode($this->fun->accept('ecisp_order_list', 'C'), 'DECODE', db_pscode); $cartid = stripslashes(htmlspecialchars_decode($cartid)); $uncartid = !empty($cartid) ? unserialize($cartid) : 0; $ordersncode = $this->fun->accept('ecisp_order_sncode', 'C'); $userid = intval($this->fun->accept('userid', 'P')); $userid = empty($userid) ? 0 : $userid; $consignee = trim($this->fun->accept('alias', 'P', true, true)); $consignee = $this->fun->substr($consignee, 12); $email = $this->fun->accept('email', 'P', true, true); $country = intval($this->fun->accept('cityone', 'P')); $country = empty($country) ? 0 : $country; $province = intval($this->fun->accept('citytwo', 'P')); $province = empty($province) ? 0 : $province; $city = intval($this->fun->accept('citythree', 'P')); $city = empty($city) ? 0 : $city; $district = intval($this->fun->accept('district', 'P')); $district = empty($district) ? 0 : $district; $address = trim($this->fun->accept('address', 'P', true, true)); $address = $this->fun->substr($address, 120); $zipcode = trim($this->fun->accept('zipcode', 'P', true, true)); $zipcode = $this->fun->substr($zipcode, 10); $tel = trim($this->fun->accept('tel', 'P', true, true)); $tel = $this->fun->substr($tel, 20); $mobile = trim($this->fun->accept('mobile', 'P', true, true)); $mobile = $this->fun->substr($mobile, 15); $sendtime = intval($this->fun->accept('sendtime', 'R')); $content = trim($this->fun->accept('content', 'P', true, true)); $content = $this->fun->substr($content, 500); $invpayee = trim($this->fun->accept('invpayee', 'P', true, true)); $invpayee = $this->fun->substr($invpayee, 60); $invcontent = trim($this->fun->accept('invcontent', 'P', true, true)); $invcontent = $this->fun->substr($invcontent, 60); $opid = intval($this->fun->accept('opid', 'P')); $opid = empty($opid) ? 0 : $opid; $osid = intval($this->fun->accept('osid', 'P')); $osid = empty($osid) ? 0 : $osid; $productmoney = floatval($this->fun->accept('productmoney', 'P')); $discount_productmoney = floatval($this->fun->accept('discount_productmoney', 'P')); $discountmoney = floatval($this->fun->accept('discountmoney', 'P')); $cookiceprice = $this->fun->eccode(md5("{$productmoney}|{$discount_productmoney}"), 'ENCODE', db_pscode); if ($uncartid && is_array($uncartid) && !empty($ordersncode) && $cookiceprice == $ordersncode) { $ptitle = $this->fun->accept('ptitle', 'P'); $tsn = $this->fun->accept('tsn', 'P'); $bprice = $this->fun->accept('bprice', 'P'); $oprice = $this->fun->accept('oprice', 'P'); $did = $this->fun->accept('did', 'P'); $amount = $this->fun->accept('amount', 'P'); $countprice = $this->fun->accept('countprice', 'P'); if (empty($did) || empty($bprice) || empty($amount) || empty($countprice) || empty($opid) || empty($osid)) { $buylink = $this->get_link('order', array(), admin_LNG); $this->callmessage($this->lng['order_input_err'], $buylink, $this->lng['oder_buy_goback']); } if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) { $this->callmessage($this->lng['email_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackbotton']); } $payprice = 0; $shipprice = 0; $payread = !empty($opid) ? $this->get_payplug_view($opid) : 0; $shipprice = !empty($osid) ? $this->get_shipplug_view($osid, 'price') : 0; $shipprice = floatval($shipprice); if ($payread['payis'] > 0) { $payread['payis'] = floatval($payread['payis']); $payprice = $payread['payis'] / 100 * $discount_productmoney; } $orderamount = $discount_productmoney + $payprice + $shipprice; $order_snfont = $this->CON['order_snfont']; $ordersn = $order_snfont . date('YmdHis') . rand(100, 9999); $db_table = db_prefix . 'order'; $db_table2 = db_prefix . 'order_info'; $addtime = time(); $db_field = 'ordersn,userid,ordertype,osid,opid,shippingsn,paysn,consignee,country,province,city,district,address, zipcode,tel,mobile,email,sendtime,invpayee,invcontent,content,treatnote,paytime,shippingtime,productmoney,shippingmoney, paymoney,orderamount,discount,integral,addtime'; $db_values = "'{$ordersn}',{$userid},1,{$osid},{$opid},'','','{$consignee}',{$country},{$province},{$city},{$district},'{$address}',\n\t\t\t\t'{$zipcode}','{$tel}','{$mobile}','{$email}','{$sendtime}','{$invpayee}','{$invcontent}','{$content}','',0,0,{$productmoney},{$shipprice},\n\t\t\t\t{$payprice},{$orderamount},{$discountmoney},0,{$addtime}"; $this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')'); $insert_id = $this->db->insert_id(); $db_values = ''; $arraycount = count($did) - 1; foreach ($did as $key => $value) { $value = intval($value); $oprice[$key] = floatval($oprice[$key]); $bprice[$key] = floatval($bprice[$key]); $countprice[$key] = floatval($countprice[$key]); $amount[$key] = intval($amount[$key]); if ($key == $arraycount) { $db_values .= "({$insert_id},{$value},'{$tsn[$key]}','{$ptitle[$key]}',{$oprice[$key]},{$bprice[$key]},{$countprice[$key]},{$amount[$key]},1)"; } else { $db_values .= "({$insert_id},{$value},'{$tsn[$key]}','{$ptitle[$key]}',{$oprice[$key]},{$bprice[$key]},{$countprice[$key]},{$amount[$key]},1),"; } } $db_field = 'oid,did,tsn,title,oprice,bprice,countprice,amount,inventory'; $this->db->query('INSERT INTO ' . $db_table2 . ' (' . $db_field . ') VALUES ' . $db_values); if ($this->CON['is_email']) { $this->ordermailsend('orderen', $insert_id, $email); $this->ordermailsend('orderwarn', $insert_id, $this->CON['admine_mail']); } if ($this->CON['is_moblie']) { $OrderArray = array('ordersn' => $ordersn); $mobile = $this->CON['moblie_number']; $this->membersmssend($OrderArray, $mobile, 'orderto'); } if (!empty($opid)) { $rsOrder = array('ordersn' => $ordersn, 'orderamount' => $orderamount, 'oid' => $insert_id); $paylist = $this->fun->formatarray($payread['pluglist']); $plugcode = $payread['paycode']; if (!empty($plugcode)) { include_once admin_ROOT . 'public/plug/payment/' . $plugcode . '.php'; $payobj = new $plugcode(); $codesn = $this->fun->eccode($plugcode . $ordersn . $insert_id, 'ENCODE', db_pscode, FALSE); $respondArray = array('code' => $plugcode, 'ordersn' => $ordersn, 'oid' => $insert_id, 'codesn' => $codesn); $return_url = $this->get_link('paybackurl', $respondArray, admin_LNG); $orderonline = $payobj->get_code($rsOrder, $paylist, $return_url, $return_url); } } $order_integral = empty($this->CON['order_integral']) ? 1 : intval($this->CON['order_integral']); $internum = $orderamount * $order_integral; $this->pagetemplate->assign('internum', intval($internum)); $this->pagetemplate->assign('mlink', $this->mlink); $this->pagetemplate->assign('orderonline', $orderonline); $this->pagetemplate->assign('ordersn', $ordersn); $this->pagetemplate->assign('orderamount', number_format($orderamount, 2)); $this->pagetemplate->assign('payprice', number_format($payprice, 2)); $this->pagetemplate->assign('shipprice', number_format($shipprice, 2)); $this->pagetemplate->assign('discount', number_format($discount_productmoney, 2)); $this->pagetemplate->assign('productmoney', number_format($productmoney, 2)); $this->pagetemplate->assign('discountmoney', number_format($discountmoney, 2)); $this->pagetemplate->assign('moneytype', $this->CON['order_moneytype']); $this->pagetemplate->assign('order_ismember', $this->CON['order_ismember']); $this->lng['sitename'] = $this->lng['ordertitle'] . '-' . $this->lng['sitename']; $this->pagetemplate->assign('lngpack', $this->lng); $this->fun->setcookie('ecisp_order_list', null); $this->fun->setcookie('ecisp_order_productmoney', null); $templatesDIR = $this->get_templatesdir('order'); $templatefilename = $lng . '/' . $templatesDIR . '/order_buy_center'; $this->pagetemplate->assign('out', 'buyok'); $this->pagetemplate->assign('path', 'order'); unset($this->mlink, $LANPACK, $this->lng); $this->pagetemplate->display($templatefilename, 'order_ok', false, '', admin_LNG); } else { $buylink = $this->get_link('order', array(), admin_LNG); $this->callmessage($this->lng['order_nolist'], $buylink, $this->lng['oder_buy_goback']); } }
function in_getvalidatecode() { parent::start_pagetemplate(); parent::member_purview(); $userid = intval($this->ec_member_username_id); $username = $this->fun->accept('username', 'P'); $mobile = trim($this->fun->accept('mobile', 'P', true, true)); if (empty($userid) || empty($username) || empty($mobile)) { exit('false'); } if (!preg_match("/^[^!@~`\\'\"#\$\\%\\^&\\*\\(\\)\\+\\-\\{\\}\\[\\]\\|\\/\\?\\<\\>\\,\\.\\:\\;]{2,16}\$/i", $username)) { exit('false'); } if (!preg_match("/^1[0-9]{10}\$/i", $mobile)) { exit('false'); } $mobliesn = $this->fun->random(8, 1); $date = time(); $db_table = db_prefix . 'member'; $db_where = "userid={$this->ec_member_username_id} AND username='******'"; $db_set = "mobliesn='{$mobliesn}',mobliesntime={$date}"; $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where); if ($this->CON['is_moblie']) { $rsMember = $this->get_member('', $this->ec_member_username_id); $rsMember['idcode'] = $mobliesn; $this->membersmssend($rsMember, $mobile, 'mobliecode'); } }
function in_payok() { parent::start_pagetemplate(); if ($this->CON['order_ismember']) { parent::member_purview(0, $this->mlink['login']); } $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG; $linkURL = $_SERVER['HTTP_REFERER']; $paycode = $this->fun->accept('code', 'G'); $ordersn = $this->fun->accept('ordersn', 'G'); $oid = intval($this->fun->accept('oid', 'G')); $codesn = $this->fun->accept('codesn', 'G'); $integral = intval($this->CON['order_integral']); $sncode = $this->fun->eccode($paycode . $ordersn . $oid, 'ENCODE', db_pscode, FALSE); if ($sncode != $codesn) { $linkURL = $this->mlink['center']; $this->callmessage($this->lng['order_pay_no'], $linkURL, $this->lng['member_center_botton']); } if ($this->CON['order_ismember']) { $userid = intval($this->ec_member_username_id); if (empty($userid)) { $linkURL = $this->mlink['center']; $this->callmessage($this->lng['db_err'], $linkURL, $this->lng['member_center_botton']); } } if (empty($oid)) { $linkURL = $this->mlink['center']; $this->callmessage($this->lng['db_err'], $linkURL, $this->lng['member_center_botton']); } if (!empty($paycode)) { $db_table1 = db_prefix . 'order_pay'; $db_table2 = db_prefix . 'order'; $db_table3 = db_prefix . 'order_payreceipt'; $db_where = "paycode='{$paycode}'"; $rsList = $this->db->fetch_first('SELECT * FROM ' . $db_table1 . ' WHERE ' . $db_where); if ($rsList) { $config_list = unserialize($rsList['pluglist']); foreach ($config_list as $config) { $paymentvlue[$config['name']] = $config['value']; } include_once admin_ROOT . 'public/plug/payment/' . $paycode . '.php'; $payment = new $paycode(); $paymentType = $payment->respond($paymentvlue, $rsList); $db_where = "oid={$oid} AND ordertype<>2"; $rsRead = $this->db->fetch_first('SELECT * FROM ' . $db_table2 . ' WHERE ' . $db_where); if ($paymentType && $rsRead) { $ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']); $addtime = time(); if (!empty($integral)) { $integral = intval($rsRead['orderamount'] / intval($integral)); } else { $integral = 0; } $db_set = "ordertype=2,paysn='{$paymentType}',paytime='{$addtime}',integral={$integral}"; $this->db->query('UPDATE ' . $db_table2 . ' SET ' . $db_set . ' WHERE ' . $db_where); $db_field = 'oid,opid,paysn,ordersn,orderamount,bankaccount,bankname,username,content,userid,isclass,paytime,addtime'; $db_values = "{$oid},{$rsRead['opid']},'{$rsRead['paysn']}','{$ordersn}',{$rsRead['orderamount']},'{$paymentvlue['paypal_account']}','{$paycode}','onlineuser','',{$rsRead['userid']},1,{$addtime},{$addtime}"; $this->db->query('INSERT INTO ' . $db_table3 . ' (' . $db_field . ') VALUES (' . $db_values . ')'); if ($rsRead['userid'] > 0) { $this->set_member_integral($rsRead['userid'], $integral); } if ($this->CON['is_email']) { $this->ordermailsend('orderpal', $oid, $rsRead['email']); $this->ordermailsend('orderpayadmin', $oid, $this->CON['admine_mail']); } if ($this->CON['is_moblie']) { $mobile = $this->CON['moblie_number']; $this->membersmssend($rsRead, $mobile, 'orderpay'); } $this->pagetemplate->assign('order', $rsRead); $this->pagetemplate->assign('pay', $rsList); $this->pagetemplate->assign('paysn', $paymentType); $linkURL = $this->mlink['center']; $readlink = $this->get_link('orderread', $rsRead, admin_LNG); $this->callmessage($this->lng['order_pay_ok'], $linkURL, $this->lng['member_center_botton'], 1, $this->lng['order_read_botton'], 1, $readlink); } else { $linkURL = $this->mlink['center']; $this->callmessage($this->lng['order_pay_no'], $linkURL, $this->lng['member_center_botton']); } } else { $linkURL = $this->mlink['center']; $this->callmessage($this->lng['order_pay_no'], $linkURL, $this->lng['member_center_botton']); } } else { $linkURL = $this->mlink['center']; $this->callmessage($this->lng['order_pay_no'], $linkURL, $this->lng['member_center_botton']); } }