public function _initialize()
{
if (isset($_GET['code']) && hy_check($_GET['code'], 'un') == '#@_error') {
hy_404();
}
$this->registerPlugin("function", "func", array('appController', 'tpl_model'));
}
public function checkcode()
{
$result = array('error' => 1, 'content' => '抱歉,本数据库没有此记录');
$code1 = hy_check(strtoupper($_POST['code1']), 'u');
$code2 = hy_check(strtoupper($_POST['code2']), 'u');
$code3 = hy_check(strtoupper($_POST['code3']), 'u');
$code4 = hy_check(strtoupper($_POST['code4']), 'u');
if ($code1 == '#@_error' || $code2 == '#@_error' || $code3 == '#@_error' || $code4 == '#@_error') {
print_r(json_encode($result));
exit;
}
$code = $code1 . $code2 . $code3 . $code4;
$res = Model('index')->db_count(array('table' => 'security_code', 'code' => $code));
if ($res == 1) {
$result['error'] = 0;
$result['content'] = '该防伪码有效';
}
print_r(json_encode($result));
exit;
}
public function _initialize()
{
if (isset($_GET['code']) && hy_check($_GET['code'], 'un') == '#@_error') {
hy_404();
}
/*开启手机功能*/
//$cfg=Model('app')->get_cfg();
$is_wap = C('wap_support');
//需要在controller取消注释Model()->getCfg()
if ($is_wap == 1) {
$ua = strtolower($_SERVER['HTTP_USER_AGENT']);
$uachar = "/(nokia|sony|ericsson|mot|samsung|sgh|lg|philips|panasonic|alcatel|lenovo|cldc|midp|mobile)/i";
if (($ua == '' || preg_match($uachar, $ua)) && !strpos(strtolower($_SERVER['REQUEST_URI']), 'wap')) {
$Loaction = '?g=mobile&a=index&m=index';
if (!empty($Loaction)) {
header("Location: {$Loaction}\n");
}
}
}
$this->registerPlugin("function", "func", array('appController', 'tpl_model'));
}
public function submit()
{
$result = array('error' => 1, 'content' => '');
$info['name'] = isset($_POST['name']) ? hy_check($_POST['name'], 'ur') : '';
$info['email'] = isset($_POST['email']) ? hy_check($_POST['email'], 'e') : '';
$info['phone'] = isset($_POST['phone']) ? hy_check($_POST['phone'], 'n') : '';
$info['content'] = isset($_POST['content']) ? hy_substr($_POST['content'], '255') : '';
$info['ip'] = hy_getIP();
$info['created'] = $_SERVER['REQUEST_TIME'];
if ($info['name'] == '#@_error') {
$result['content'] = '名字格式错误';
print_r(json_encode($result));
exit;
}
if ($info['email'] == '#@_error') {
$result['content'] = '邮件格式错误';
print_r(json_encode($result));
exit;
}
if ($info['phone'] == '#@_error') {
$result['content'] = '电话格式错误';
print_r(json_encode($result));
exit;
}
$check = Model('forms')->check_ip(array('ip' => $info['ip'], 'table' => 'forms_log_1'));
if (!$check) {
$result['content'] = '你提交得太频繁了';
print_r(json_encode($result));
exit;
}
$res = Model('forms')->insert($info, 'forms_log_1');
if ($res) {
$result['error'] = 0;
$result['content'] = '添加成功';
} else {
$result['content'] = '系统繁忙';
}
print_r(json_encode($result));
exit;
}
public function update_store()
{
$res = array('error' => 1, 'content' => '');
$info['area_id'] = yf_empty(intval($_POST['area_id']), "系统错误");
$info['kind_id'] = yf_empty(intval($_POST['kind_id']), "请选择店铺分类");
$info['store_name'] = yf_empty($_POST['store_name'], "请输入店铺名称");
$info['store_code'] = yf_empty($_POST['store_code'], "请输入标识建筑");
$info['store_member'] = yf_empty($_POST['store_member'], "请输入店铺负责人");
$info['store_phone'] = yf_empty($_POST['store_phone'], "请输入联系电话");
$info['store_tel'] = yf_empty($_POST['store_tel'], "请输入固定电话");
$info['store_long'] = yf_empty($_POST['store_long'], 113.270793, true);
$info['store_lat'] = yf_empty($_POST['store_lat'], 23.135308, true);
if (hy_check($info['store_phone'], 'm') == '#@_error') {
$res['content'] = "输入的联系电话格式不正确";
$this->showMsg($res);
}
if (hy_check($info['store_tel'], 't') == '#@_error') {
$res['content'] = "输入的固定电话格式不正确";
$this->showMsg($res);
}
$info['store_address'] = yf_empty($_POST['store_address'], "请输入店铺地址");
$info['store_thumb'] = yf_empty($_POST['store_thumb'], '', true);
$info['store_des'] = yf_empty($_POST['store_des'], '');
$store_id = yf_empty(intval($_POST['store_id']), 'System Error');
$old_kind = Model('kind')->get_store_info($store_id);
$id = Model('kind')->update_store($info, $store_id);
if ($id) {
if ($old_kind['kind_id'] != $info['kind_id']) {
Model('kind')->update_kind_count($info['kind_id'], 1);
Model('kind')->update_kind_count($old_kind['kind_id'], 0);
}
$res = array('error' => 0, 'content' => '修改成功');
} else {
$res['content'] = "修改失败";
}
$this->showMsg($res);
}
public function submit()
{
$result = array('error' => 1, 'content' => '');
$info['name'] = isset($_POST['name']) ? hy_check($_POST['name'], 'ur') : '';
$info['email'] = isset($_POST['email']) ? hy_check($_POST['email'], 'e') : '';
$info['phone'] = isset($_POST['phone']) ? hy_check($_POST['phone'], 'n') : '';
$info['content'] = isset($_POST['content']) ? hy_substr($_POST['content'], '255') : '';
$info['ip'] = hy_getIP();
$info['created'] = $_SERVER['REQUEST_TIME'];
$this->assign_global();
if ($_POST['name'] == '' || $_POST['email'] == '' || $_POST['phone'] == '' || $_POST['content'] == '') {
$result['content'] = '请填写完整';
print_r(json_encode($result));
exit;
}
if ($info['name'] == '#@_error') {
$result['content'] = '名字格式错误';
print_r(json_encode($result));
exit;
}
if ($info['email'] == '#@_error') {
$result['content'] = '邮件格式错误';
print_r(json_encode($result));
exit;
}
if ($info['phone'] == '#@_error') {
$result['content'] = '电话格式错误';
print_r(json_encode($result));
exit;
}
$check = Model('forms')->check_ip(array('ip' => $info['ip'], 'table' => 'forms_log_1'));
if (!$check) {
$result['content'] = '你提交得太频繁了';
print_r(json_encode($result));
exit;
}
$res = Model('forms')->insert($info, 'forms_log_1');
$mail = new PHPMailer();
$mail->IsSMTP();
// Set mailer to use SMTP
$mail->Host = C('smtp');
// Specify main and backup server
$mail->SMTPAuth = true;
// Enable SMTP authentication
$mail->Username = C('smtp_username');
// SMTP username
$mail->Password = C('smtp_password');
// SMTP password
$mail->From = C('smtp_email');
//$mail->FromName = 'Vancca';
$mail->AddAddress('*****@*****.**', 'Josh Adams');
// Add a recipient
$mail->WordWrap = 50;
// Set word wrap to 50 characters
$mail->Subject = '留言';
$mail->Body = '<p>名称:' . $info['name'] . '</p><p>邮箱:' . $info['email'] . '</p><p>电话:' . $info['phone'] . '</p><p>留言:' . $info['content'] . '</p>';
$mail->AltBody = '<p>名称:' . $info['name'] . '</p><p>邮箱:' . $info['email'] . '</p><p>电话:' . $info['phone'] . '</p><p>留言:' . $info['content'] . '</p>';
$mail->Send();
if ($res) {
$result['error'] = 0;
$result['content'] = '添加成功';
} else {
$result['content'] = '系统繁忙';
}
print_r(json_encode($result));
exit;
}
/**
* 添加商品
*/
public function new_goods()
{
$this->admin_priv('add_goods', 2);
$result = array('error' => 1, 'content' => '');
$en_name = isset($_POST['en_name']) ? $_POST['en_name'] : '';
$info['goods_name'] = isset($_POST['goods_name']) ? CH_SC . $_POST['goods_name'] . DIG_EC . EN_SC . $en_name . DIG_EC : '';
$en_brief = isset($_POST['en_brief']) ? $_POST['en_brief'] : '';
$info['goods_brief'] = isset($_POST['goods_brief']) ? CH_SC . $_POST['goods_brief'] . DIG_EC . EN_SC . $en_brief . DIG_EC : '';
$en_desc = isset($_POST['en_desc']) ? $_POST['en_desc'] : '';
$info['goods_desc'] = isset($_POST['goods_desc']) ? CH_SC . $_POST['goods_desc'] . DIG_EC . EN_SC . $en_desc . DIG_EC : '';
$info['market_price'] = hy_check($_POST['market_price'], 'f');
$info['shop_price'] = hy_check($_POST['shop_price'], 'f');
$info['goods_num'] = hy_check($_POST['goods_num'], 'n');
$info['goods_sn'] = empty($_POST['goods_sn']) ? '' : $_POST['goods_sn'];
$info['goods_type'] = intval($_POST['goods_type']);
$info['recommend_type'] = intval($_POST['recommend_type']);
$info['goods_status'] = intval($_POST['status']);
$info['goods_thumb'] = $_POST['goods_thumb'];
$info['page_title'] = $_POST['page_title'];
$info['keywords'] = $_POST['keywords'];
$info['abstract'] = $_POST['abstract'];
$info['weixin_chain'] = $_POST['weixin_chain'];
$info['external_chain'] = $_POST['external_chain'];
$info['brand_id'] = intval($_POST['brand_id']);
$info['cat_id'] = intval($_POST['cat_id']);
$info['createtime'] = $_SERVER['REQUEST_TIME'];
$photo = is_array($_POST['photo']) ? $_POST['photo'] : array($_POST['photo']);
$link = is_array($_POST['link_goods']) ? $_POST['link_goods'] : array($_POST['link_goods']);
$attr_pid = is_array($_POST['attr_pid']) ? $_POST['attr_pid'] : array($_POST['attr_pid']);
$attr_val = is_array($_POST['attr_name']) ? $_POST['attr_name'] : array($_POST['attr_name']);
$attr_img = is_array($_POST['attr_img']) ? $_POST['attr_img'] : array($_POST['attr_img']);
$goods = Model('goods');
foreach ($_POST as $k => $v) {
if (preg_match('/^(val_spec_)/', $k)) {
$spec[$k] = $v;
} elseif (preg_match('/^spec_/', $k)) {
$specname[$k] = $v;
}
}
$spec = $this->format_spec($specname, $spec);
$goods_id = $goods->insert($info, 'goods');
if ($goods_id) {
if ($spec[0] != '') {
//插入规格
foreach ($spec as $k => $v) {
$spec[$k]['goods_id'] = $goods_id;
}
$goods->insert($spec, 'goods_spec_extend');
}
//插入相册
if ($photo[0] != '') {
$photo_arr = array();
foreach ($photo as $k => $v) {
$photo_arr[$k]['goods_id'] = $goods_id;
$photo_arr[$k]['original_pic'] = $v;
}
$goods->insert($photo_arr, 'goods_gallery');
}
//保存属性
if ($attr_pid[0] != '') {
$attr_info = array();
foreach ($attr_pid as $k => $v) {
$attr_info[$k]['goods_id'] = $goods_id;
$attr_info[$k]['attr_value'] = $attr_val[$k];
$attr_info[$k]['goods_img'] = $attr_img[$k];
$attr_info[$k]['attr_id'] = $attr_pid[$k];
}
$goods->insert($attr_info, 'goods_attr_extend');
}
//关联商品
if ($link[0] != '') {
$link_goods = array();
foreach ($link as $k => $v) {
$link_goods[$k]['goods_id'] = $goods_id;
$link_goods[$k]['link_goods'] = $v;
}
$goods->insert($link_goods, 'link_goods');
}
$result['error'] = 0;
$result['content'] = Lang('SUCCESS_ADD');
} else {
$result['content'] = Lang('INVALID_OPERATION');
}
$this->showMsg($result);
}
/**
* 登录操作
*/
public function act_login()
{
$username = isset($_POST['username']) ? hy_check($_POST['username'], 'un', 15) : '';
$password = isset($_POST['password']) ? hy_check($_POST['password'], '', 20) : '';
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : '';
$check_vali = $this->validator($captcha);
if (!$check_vali || $captcha == '') {
$this->showMsg('验证码错误', 'index.php?g=admin&m=index&a=login');
}
if ($username == '#@_error' || $password == '#@_error') {
Error::log('[后台登录错误]' . $_POST['username'] . '--' . hy_getIP(), ADMIN_LOG);
$this->showMsg(Lang('账号或者密码错误'), '/qq_admin.php');
}
if (Model('index')->check_user($username, $password)) {
header("Location:index.php?g=admin&m=index&a=index");
} else {
Error::log('[后台登录错误]' . $_POST['username'] . '--' . hy_getIP(), ADMIN_LOG);
$this->showMsg(Lang('账号或者密码错误'), 'index.php?g=admin&m=index&a=login');
}
}
/**
* 更新管理员编辑信息
*/
public function update_admin()
{
$res = array('error' => 1, 'content' => '');
$id = yf_empty($_POST['id'], 0, true);
$info['username'] = yf_empty(trim($_POST['username']), "用户名不能为空");
$info['qq'] = yf_empty(intval($_POST['qq']), "QQ不能为空");
$info['email'] = yf_empty($_POST['email'], "邮箱不能为空");
$info['group_id'] = yf_empty(intval($_POST['group_id']), "请选择管理组");
$info['password'] = yf_empty(trim($_POST['new_password']), "", true);
$confirm_password = yf_empty(trim($_POST['confirm_password']), "", true);
if (!empty($info['password']) && !empty($confirm_password)) {
if ($confirm_password != $info['password']) {
$res['content'] = Lang('twice_pwd_not_match');
$this->showMsg($res);
}
if (strlen($info['password']) < 6) {
$res['content'] = Lang('PWD_TOO_SHORT');
$this->showMsg($res);
}
$info['password'] = md5($info['password']);
} else {
unset($info['password']);
}
if (hy_check($info['email'], "e") == '#@_error') {
$res['content'] = Lang('EMAIL_FORMAT_ERROR');
$this->showMsg($res);
}
if (Model('admin')->checkInfo($info['username'], $info['email'], $id)) {
$info['modified'] = yf_time();
if (Model('admin')->updateInfo($info, $id)) {
$res = array('error' => 0, 'content' => Lang('SUCCESS_EDIT'));
} else {
$res['content'] = Lang('INVALID_OPERATION');
}
} else {
$res['content'] = "用户名或者邮箱已被使用";
}
$this->showMsg($res);
}
public function act_login()
{
$result = array('error' => 1, 'content' => '', 'url' => '');
if (isset($_SESSION['account']) && isset($_SESSION['pwd'])) {
$username = isset($_POST[$_SESSION['account']]) ? hy_check($_POST[$_SESSION['account']], 'n', 15) : '';
$password = isset($_POST[$_SESSION['pwd']]) ? hy_check($_POST[$_SESSION['pwd']], '', 30) : '';
if ($username == '#@_error' || $password == '#@_error') {
$result['content'] = Lang('LOGIN_ERR');
} else {
if (Model('user')->check_user($username, $password)) {
$result['error'] = 0;
$result['content'] = Lang('WELCOME_BACK');
if (REWRITE == 1) {
$result['url'] = '/user/index.html';
} else {
$result['url'] = '/index.php?g=home&m=user&a=index';
}
} else {
$result['content'] = Lang('LOGIN_ERR');
}
}
die(json_encode($result));
} else {
exit;
}
}
public function help_set()
{
$res = array('error' => 1, 'content' => '', 'url' => '');
$info['username'] = yf_empty($_POST['username'], "请输入自己的姓名");
$info['mobile'] = yf_empty($_POST['mobile'], "请输入自己的手机");
if (hy_check($info['mobile'], 'm') == '#@_error') {
$res['content'] = "输入的手机格式不正确";
$this->showMsg($res);
}
$info['title'] = yf_empty($_POST['title'], "请输入标题");
$info['message'] = yf_empty($_POST['message'], "请输入评价内容");
$info['rank'] = yf_empty(intval($_POST['rank']), 0, true);
if ($info['rank'] == 0) {
$res['content'] = "请给ta打分";
$this->showMsg($res);
}
$info['address'] = yf_empty($_POST['address'], '', true);
$info['from_id'] = yf_empty(intval($_POST['from_id']), "系统繁忙");
$info['to_id'] = yf_empty(intval($_POST['to_id']), "系统繁忙");
$info['created'] = yf_time();
$id = Model('attend')->insert_comment($info);
if ($id) {
$res['error'] = 0;
$res['content'] = "提交成功";
$res['url'] = "index.php?g=mobile&m=index&a=index";
} else {
$res['content'] = "系统繁忙";
}
$this->showMsg($res);
}
/**
* 添加字段信息
*/
public function new_field()
{
$this->admin_priv('add_word');
$result = array('error' => 1, 'content' => '');
$info['data'] = yf_empty($_POST['data'], '数据库字段不能为空');
$info['type'] = yf_empty($_POST['type'], 0, true);
$en_name = yf_empty($_POST['en_name'], '', true);
$name = yf_empty($_POST['name'], '注释名称不能为空');
$info['name'] = isset($_POST['name']) ? CH_SC . $name . DIG_EC . EN_SC . $en_name . DIG_EC : '';
$en_tips = yf_empty($_POST['en_tips'], '', true);
$info['tips'] = isset($_POST['tips']) ? CH_SC . $_POST['tips'] . DIG_EC . EN_SC . $en_tips . DIG_EC : '';
$en_default = yf_empty($_POST['en_default'], '', true);
$info['default_val'] = isset($_POST['default']) ? CH_SC . $_POST['default'] . DIG_EC . EN_SC . $en_default . DIG_EC : '';
$en_field = is_array($_POST['en_field']) ? implode('::', $_POST['en_field']) : $_POST['en_field'];
$info['field'] = is_array($_POST['field']) ? CH_SC . implode('::', $_POST['field']) . DIG_EC . EN_SC . $en_field . DIG_EC : CH_SC . $_POST['field'] . DIG_EC . EN_SC . $en_field . DIG_EC;
$info['pattern'] = yf_empty($_POST['pattern'], 0, true);
if (hy_check($info['data'], 'un') == '#@_error') {
$result['content'] = '数据库字段不合规范';
$this->showMsg($result);
}
$id = Model('forms')->check_same_data($info['data']);
if ($id > 0) {
$result['content'] = "该数据库字段已存在,请换一个";
$this->showMsg($result);
}
$res = Model('forms')->insert($info, 'fields');
if ($res) {
$result['error'] = 0;
$result['content'] = Lang('SUCCESS_ADD');
} else {
$result['content'] = Lang('INVALID_OPERATION');
}
$this->showMsg($result);
}
/**
* 更新菜单栏目信息
*/
public function update_menu()
{
$this->admin_priv('editmenu');
$id = yf_empty(intval($_POST['id']), '', true);
$info['parent_id'] = yf_empty(intval($_POST['parent_id']), 0, true);
$info['name'] = yf_empty($_POST['name'], Lang('title_empty'));
$en_name = yf_empty($_POST['en_name'], "", true);
$info['name'] = CH_SC . $info['name'] . DIG_EC . EN_SC . $en_name . DIG_EC;
$info['is_show'] = yf_empty(intval($_POST['is_show']), 0, true);
$info['nav_pos'] = is_array($_POST['nav_pos']) ? implode(',', $_POST['nav_pos']) : $_POST['nav_pos'];
$info['code'] = yf_empty(trim(strtolower($_POST['code'])), "栏目别名不能为空");
$info['is_extend_links'] = yf_empty(intval($_POST['is_extend_links']), 0, true);
$data = array('error' => 1, 'content' => '');
if ($info['parent_id'] == $id) {
$data['content'] = Lang('PARENT_ID_ERR');
$this->showMsg($data);
}
if (hy_check($info['code'], 'un') == '#@_error') {
$data['content'] = Lang('code_error');
$this->showMsg($data);
}
if ($info['is_extend_links'] == 1) {
$info['redirect_url'] = yf_empty($_POST['redirect_url'], "", true);
if (hy_check($info['redirect_url'], 'u') == '#@_error' && $info['redirect_url'] != 'http://') {
$data['content'] = Lang('url_error');
$this->showMsg($data);
}
$info['type'] = '';
$info['page_title'] = '';
$info['keywords'] = '';
$info['description'] = '';
} else {
$info['thumb'] = yf_empty($_POST['thumb'], '', true);
$info['type'] = yf_empty($_POST['type'], '', true);
$info['page_title'] = yf_empty($_POST['page_title'], '', true);
$info['keywords'] = yf_empty($_POST['keywords'], '', true);
$info['description'] = yf_empty($_POST['description'], '', true);
$info['redirect_url'] = '';
}
if (Model('menu')->check_code($info['code'], $id)) {
$result = Model('menu')->update_menu($info, $id);
if ($result) {
$data['error'] = 0;
$data['content'] = Lang('SUCCESS_EDIT');
} else {
$data['content'] = Lang('INVALID_OPERATION');
}
$this->showMsg($data);
} else {
$data['content'] = Lang('CODE_REPEATING');
$this->showMsg($data);
}
}
public function update_user()
{
$res = array('error' => 1, 'content' => '系统繁忙', 'url' => "index.php?g=mobile&m=index&a=index");
$data['area_id'] = yf_empty(intval($_POST['area_id']), 0, true);
$data['first'] = 1;
if ($data['area_id'] == 0) {
$data['first'] = 0;
}
$info['username'] = yf_empty($_POST['username'], "请输入姓名");
$info['mobile'] = yf_empty($_POST['mobile'], "请输入手机");
if (hy_check($info['mobile'], 'm') == '#@_error') {
$res['content'] = "输入的手机格式不正确";
$this->showMsg($res);
}
$id = Model('index')->update_info($data, $info, $_SESSION['wxid']);
if ($id) {
$res['error'] = 0;
$res['content'] = "修改成功";
}
$this->showMsg($res);
}
public function testemail()
{
$smtp = $_POST['smtp'];
$smtp_username = $_POST['smtp_username'];
$smtp_password = $_POST['smtp_password'];
$smtp_email = $_POST['smtp_email'];
$test_email = $_POST['test_email'];
$content = '<p>Hello,欢迎使用Qiaqia CMS</p>';
$result = array('error' => 1, 'content' => '发送失败');
if ($test_email == '' || hy_check($test_email, 'e') == '#@_error') {
$result['content'] = '测试地址格式不正确';
$this->showMsg($result);
}
$mail = new PHPMailer();
$mail->IsSMTP();
// Set mailer to use SMTP
$mail->Host = $smtp;
// Specify main and backup server
$mail->SMTPAuth = true;
// Enable SMTP authentication
$mail->Username = $smtp_username;
// SMTP username
$mail->Password = $smtp_password;
// SMTP password
$mail->From = $smtp_email;
$mail->FromName = '维赛网络科技有限公司';
$mail->AddAddress($test_email, 'Hungry');
// Add a recipient
//$mail->AddAddress('*****@*****.**', 'shawn'); // Add a recipient
$mail->WordWrap = 50;
// Set word wrap to 50 characters
$mail->Subject = 'Qiaqia CMS 测试邮件';
$mail->Body = $content;
$mail->AltBody = $content;
$res = $mail->Send();
if ($res) {
$result['error'] = 0;
$result['content'] = '发送成功';
}
$this->showMsg($result);
}
