<?php
//額外的檢測
// Add By Thomas 150917 for data consistency check
require_once "../convertString.ini.php";
require_once "../config.php";
if (floatval($_POST['WIDtotal_fee']) < 0) {
echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Pay Amount Error !!");history.back();</script></body></html>';
exit;
}
if (empty($_POST['chkStr'])) {
echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Empty Security Data !!");history.back();</script></body></html>';
exit;
}
$cs = new convertString();
$chkStr = $cs->strDecode($_POST['chkStr'], $config["encode_key"], $config["encode_type"]);
error_log("[lib/alipay/alipayapi] chkStr : " . $chkStr);
$chkArr = explode("|", $chkStr);
if (is_array($chkArr)) {
$ordernum = $chkArr[0];
$amount = $chkArr[1];
error_log("[lib/alipay/alipayapi] pay data : " . $out_trade_no . "|" . $total_fee);
if (floatval($amount) != floatval($total_fee)) {
echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Total Fee Check Error !!");history.back();</script></body></html>';
exit;
}
if ($ordernum != $out_trade_no) {
echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Trade No. Check Failed !!");history.back();</script></body></html>';
exit;
}
} else {
public function twcreditcard_pay()
{
global $tpl, $config, $deposit;
set_status($this->controller);
login_required();
$pay_info = array();
$pay_info['web'] = $config['creditcard']['merchantnumber'];
$pay_info['MN'] = floatval($_POST['amount']);
$pay_info['Td'] = $_POST['ordernumber'];
$pay_info['sna'] = urlencode($_SESSION['user']['profile']['nickname']);
$pay_info['sdt'] = $_SESSION['user']['name'];
$pay_info['email'] = $_SESSION['user']['email'];
$pay_info['note1'] = "{userid:" . $_SESSION['auth_id'] . "}";
$pay_info['note2'] = "";
$pay_info['OrderInfo'] = urlencode("OrderId:" . $pay_info['Td'] . ",Name:" . $_SESSION['user']['profile']['nickname'] . ",Userid:" . $_SESSION['auth_id'] . ",Amount:" . $pay_info['MN'] . ",Spts:" . $_POST['spoint']);
$pay_info['Card_Type'] = $config['creditcard']['Card_Type'];
$chkvalue_ori = $pay_info['web'] . $config['creditcard']['code'] . $pay_info['MN'];
$pay_info['ChkValue'] = strtoupper(sha1($chkvalue_ori));
error_log("Ori ChkValue :" . $chkvalue_ori);
error_log("ChkValue :" . $pay_info['ChkValue']);
// Add By Thomas 150917 for Data Consistency Check
if (floatval($_POST['amount']) < 0) {
die('<script>alert("Pay Amount Error !");history.back();</script>');
exit;
}
if (empty($_POST['chkStr'])) {
die('<script>alert("Empty Security Data !!");history.back();</script>');
exit;
}
$cs = new convertString();
$chkStr = $cs->strDecode($_POST['chkStr'], $config["encode_key"], $config["encode_type"]);
error_log("[c/deposit/twcreditcard_pay] chkStr : " . $chkStr);
$chkArr = explode("|", $chkStr);
if (is_array($chkArr)) {
$chk_orderid = $chkArr[0];
$chk_amount = $chkArr[1];
error_log("[c/deposit/twcreditcard_pay] pay data : " . $_POST['ordernumber'] . "|" . $_POST['amount']);
if (floatval($chk_amount) != floatval($_POST['amount'])) {
die('<script>alert("Total Fee Check Error !!");history.back();</script>');
exit;
}
if ($chk_orderid != $_POST['ordernumber']) {
die('<script>alert("Trade No. Check Failed !!");history.back();</script>');
exit;
}
} else {
die('<script>alert("Security Data Parse Error !!");history.back();</script>');
exit;
}
$get_deposit_history = $deposit->get_deposit_history($pay_info['Td']);
if (!empty($get_deposit_history[0]['dhid'])) {
$arr_cond = array();
$arr_cond['dhid'] = $pay_info['Td'];
$arr_data = array();
$arr_data['out_trade_no'] = $pay_info['Td'];
$arr_data['userid'] = $_SESSION['auth_id'];
$arr_data['amount'] = intval($pay_info['MN']);
$arr_data['timepaid'] = date('YmdHis');
$arr_data['phone'] = $pay_info['sdt'];
$arr_data['paymenttype'] = $config['creditcard']['paymenttype'];
$arr_date['ChkValue'] = $pay_info['ChkValue'];
$arr_update['data'] = json_encode($arr_data);
$arr_update['modifierid'] = $_SESSION['auth_id'];
$arr_update['modifiername'] = $_SESSION['user']['profile']['nickname'];
$arr_update['modifiertype'] = 'User';
$deposit->update_deposit_history($arr_cond, $arr_update);
$submit = '<body onload="document.form1.submit();" >';
$submit .= '<form name="form1" action="' . $config['creditcard']['url_payment'] . '" method="POST">';
$submit .= '<input type="hidden" name="web" value="' . $config['creditcard']['merchantnumber'] . '" />';
$submit .= '<input type="hidden" name="MN" value="' . intval($pay_info['MN']) . '" />';
// $submit.='<input type="hidden" name="MN" value="1" />';
$submit .= '<input type="hidden" name="OrderInfo" value="' . $pay_info['OrderInfo'] . '" />';
$submit .= '<input type="hidden" name="Td" value="' . $pay_info['Td'] . '" />';
$submit .= '<input type="hidden" name="sna" value="' . $pay_info['sna'] . '" />';
$submit .= '<input type="hidden" name="sdt" value="' . $pay_info['sdt'] . '" />';
$submit .= '<input type="hidden" name="email" value="' . $pay_info['email'] . '" />';
$submit .= '<input type="hidden" name="note1" value="' . $pay_info['note1'] . '" />';
$submit .= '<input type="hidden" name="note2" value="' . $pay_info['note2'] . '" />';
$submit .= '<input type="hidden" name="Card_Type" value="' . $pay_info['Card_Type'] . '" />';
$submit .= '<input type="hidden" name="ChkValue" value="' . $pay_info['ChkValue'] . '" />';
$submit .= '</form>';
$submit .= '</body>';
error_log($submit);
echo $submit;
} else {
echo '<script>alert("充值程序異常!");window.location = "/site/deposit/"</script>';
}
exit;
}