}
break;
case 'type':
$id = sqlReplace(trim($_GET['id']));
$id = checkData($id, "ID", 0);
$sql = "select * from qiyu_comment where comment_id=" . $id;
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if (!$row) {
alertInfo('您要审核的数据不存在', '', 1);
} else {
$sql2 = "update qiyu_comment set comment_type='1' where comment_id=" . $id;
if (mysql_query($sql2)) {
alertInfo('审核成功', '', 1);
} else {
alertInfo('审核失败,原因SQL出现异常', '', 1);
}
}
break;
case "savetime":
$i = trim($_POST['i']);
for ($x = 1; $x <= $i; $x++) {
$id = $_POST['id' . $x];
$id = checkData($id, 'ID', 0);
$time = $_POST['time' . $x];
$sql = "update " . WIIDBPRE . "_comment set comment_addtime='" . $time . "' where comment_id=" . $id;
mysql_query($sql);
}
alertInfo('保存成功!', "", 1);
break;
}
$print = sqlReplace(trim($_POST['yunprint']));
$num = sqlReplace(trim($_POST['yunprintnum']));
$sql = "update qiyu_site set site_yunprint='" . $print . "',site_yunprintnum='" . $num . "'";
if (mysql_query($sql)) {
alertInfo('操作成功', '', 1);
} else {
alertInfo('出错', '', 1);
}
break;
case "other":
$onlinechat = sqlReplace(trim($_POST['onlinechat']));
$iscartfoodtag = sqlReplace(trim($_POST['iscartfoodtag']));
$cartfoodtag = sqlReplace(trim($_POST['cartfoodtag']));
$stat = sqlReplace(trim($_POST['stat']));
$sql = "update qiyu_site set site_onlinechat='" . $onlinechat . "',site_stat='" . $stat . "',site_iscartfoodtag='" . $iscartfoodtag . "',site_cartfoodtag='" . $cartfoodtag . "'";
if (mysql_query($sql)) {
alertInfo('操作成功', '', 1);
} else {
alertInfo('出错', '', 1);
}
break;
case "print":
$print = sqlReplace(trim($_POST['yunprint']));
$sql = "update qiyu_site set site_yunprint='" . $print . "'";
if (mysql_query($sql)) {
alertInfo('操作成功', '', 1);
} else {
alertInfo('出错', '', 1);
}
break;
}
<?php
require_once "usercheck.php";
$shopID = sqlReplace(trim($_GET['shopID']));
$sql = "select * from qiyu_shop where shop_id=" . $shopID . " and shop_status='1'";
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if (!$rows) {
alertInfo("错误", "index.php", 0);
}
if (!empty($QIYU_ID_USER)) {
$sqlStr = "select * from qiyu_user where user_id=" . $QIYU_ID_USER;
$result = mysql_query($sqlStr);
$row = mysql_fetch_assoc($result);
if ($row) {
$user_phone = $row['user_phone'];
}
} else {
$user_phone = $_SESSION['user_phone'];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="style.css" type="text/css"/>
<script src="js/jquery-1.3.1.js" type="text/javascript"></script>
<title> 验证手机号 - <?php
echo $SHOP_NAME;
?>
- <?php
$o = new AppException();
//require_once('user_sendsms_page.php');
if (!(empty($site_wiiyunsalt) || empty($site_wiiyunaccount) || $site_sms != '1')) {
// 检测微云码与账号是否正确
$result = $o->checkWiiyunSalt($site_wiiyunsalt, $site_wiiyunaccount);
$r_status = $result[0]->status;
if ($r_status != 'no') {
$userID2 = $result[0]->id2;
//用户ID2
$sms = $o->getSMS($userID2);
$s_status = $sms[0]->status;
$smsCount = $sms[0]->count_m;
}
}
if (empty($userID2)) {
alertInfo('短信未配置,请配置', "site_sms.php", 0);
}
$tags = sqlReplace(trim($_POST['receiver']));
//收件人
$tags = str_replace(';', ';', $tags);
$tags = str_replace('#', '', $tags);
$tags = str_replace('$', '', $tags);
//$total=sqlReplace(trim($_GET['total']));//此次发送的数量
$emailstr = sqlReplace(trim($_POST['receiver']));
//收件人
$emailstr = str_replace(';', ';', $emailstr);
$content = sqlReplace(trim($_POST['fbContent']));
//短信内容
checkData($emailstr, '收件人', 1);
checkData($content, '短信内容', 1);
//对收件人$emailstr进行处理
function checkEmail($email, $name)
{
if (empty($email)) {
alertInfo($name . '不能为空', '', 1);
} else {
if (!eregi("^[a-zA-Z0-9]([a-zA-Z0-9]*[-_.]?[a-zA-Z0-9]+)+@([a-zA-Z0-9]+\\.)+[a-zA-Z]{2,}\$", $email)) {
alertInfo($name . '输入格式不正确', '', 1);
}
}
}
checkData($address, '详细地址', 1);
checkData($pw, '密码', 1);
$ip = $_SERVER['REMOTE_ADDR'];
$logincount = 1;
$vercode = getRndCode(6);
$vercodePhone = getRndCode_r(6);
$content = "验证码是" . $vercodePhone;
$_SESSION['Phone'] = $phone;
$pw = md5(md5($pw . $vercode));
//检查手机的存在
$sqlStr = "select user_id from qiyu_user where user_phone='" . $phone . "'";
$rs = mysql_query($sqlStr);
$row = mysql_fetch_assoc($rs);
if ($row) {
alertInfo("手机号已注册", "", 1);
}
$sql = "insert into qiyu_user(user_account,user_password,user_logintime,user_loginip,user_logincount,user_mail,user_phone,user_time,user_name,user_salt,user_status,user_vcode,user_sinauid,user_sinanick,user_regtype) values('" . $phone . "','" . $pw . "',now(),'" . $ip . "','" . $logincount . "','','" . $phone . "',now(),'" . $name . "','" . $vercode . "','0','" . $vercodePhone . "','" . $sinaUid . "','" . $sinaNick . "','0')";
if (mysql_query($sql)) {
$id = mysql_insert_id();
$address_sql = "insert into qiyu_useraddr(useraddr_user,useraddr_phone,useraddr_address,useraddr_name) values (" . $id . ",'" . $phone . "','" . $address . "','" . $name . "')";
mysql_query($address_sql);
//发送验证码
//sendCode($phone,$content);
//Header("Location: uservali.php");
$_SESSION['qiyu_uid'] = $id;
$_SESSION['reginfo1'] = '';
$_SESSION['reginfo2'] = '';
Header("Location: userregfinish.php?p=" . $p . "&shopID=" . $shopID . "&shopSpot=" . $shopSpot . "&spotID=" . $spot . "&circleID=" . $circle . "&shopCircle=" . $shopCircle);
} else {
alertInfo("注册失败", "", 1);
}
<?php
/**
* userintro.php
*/
require_once "usercheck2.php";
$id = sqlReplace(trim($_GET['id']));
$tel = empty($_GET['tel']) ? '' : sqlReplace(trim($_GET['tel']));
$page = empty($_GET['page']) ? '' : sqlReplace(trim($_GET['page']));
$id = checkData($id, "ID", 0);
$sql = "select * from " . WIIDBPRE . "_user where user_id=" . $id;
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if (!$row) {
alertInfo('该用户已经不存在', '', 1);
} else {
$account = $row['user_account'];
$name = $row['user_name'];
$mail = $row['user_mail'];
$type = $row['user_type'];
$logintime = $row['user_logintime'];
$loginip = $row['user_loginip'];
$logincount = $row['user_logincount'];
$phone = $row['user_phone'];
$time = $row['user_time'];
$score = $row['user_score'];
$experience = $row['user_experience'];
}
//原版
//$url="&start=".$start."&end=".$end."&name=".$name."&phone=".$phone."&order=".$order."&uid=".$id;
$url = "&name=" . $name . "&phone=" . $phone . "&uid=" . $id;
$shopID = sqlReplace($_GET['shopID']);
$phone = sqlReplace($_POST['phone']);
$code = sqlReplace($_POST['code']);
$sql = "select * from qiyu_user where user_phone='" . $phone . "'";
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
if ($code == $rows['user_vcode']) {
$sqlStr = "update qiyu_user set user_vcode='',user_status='1' where user_phone='" . $phone . "'";
mysql_query($sqlStr);
Header("Location: userorder.php?shopID=" . $shopID);
} else {
alertInfo("验证码错误", "", 1);
}
} else {
alertInfo("手机号不存在", "", 1);
}
break;
case "checkCodeTime":
$sendTime = $_SESSION['sms_sendTime'];
$time = date('Y-m-d H:i:s');
if (!empty($sendTime)) {
if (round((strtotime($time) - strtotime($sendTime)) / 60) > 20) {
$_SESSION['sms_sendTime'] = '';
$_SESSION['sms_code'] = '';
echo '<label> </label><img src="images/button/getcode.gif" alt="获取" onclick="sendcode()" />';
} else {
echo '<label> </label><img src="images/button/getcode_r.gif" alt="" style="cursor:auto;"/>';
}
} else {
echo '<label> </label><img src="images/button/getcode.gif" alt="获取" onclick="sendcode()" />';
$QIYU_ID_USER = "";
}
} else {
$QIYU_ID_USER = "";
}
}
if (!empty($shopID)) {
if (empty($QIYU_ID_USER)) {
Header("Location: userquickreg.php?shopID=" . $shopID);
} else {
if (empty($QIYU_ID_USER)) {
alertInfo("请先登录或注册", "userlogin.php", 0);
}
}
}
//$sqlStr="select * from qiyu_user where user_id=".$QIYU_ID_USER." and user_status='1'";
$sqlStr = "select * from qiyu_user where user_id=" . $QIYU_ID_USER . "";
$result = mysql_query($sqlStr);
$row = mysql_fetch_assoc($result);
if ($row) {
$USER_SCORE = $row['user_score'];
$USER_PHONE = $row['user_phone'];
$USER_SALT = $row['user_salt'];
} else {
setcookie("QIYUUSER", "", time() - 1);
setcookie("QIYUVERD", "", time() - 1);
session_unset();
session_destroy();
alertInfo("出错", "", 1);
//Header("Location: index.php");
}
/**
* userpw2.php
*/
require_once "usercheck.php";
$phone = sqlReplace($_POST['phone']);
if ($phone == '') {
alertInfo("非法操作", "", 1);
}
if ($site_sms == '1') {
$code = sqlReplace($_POST['code']);
$s_code = $_SESSION['sms_code'];
if ($code == '') {
alertInfo("非法操作", "", 1);
}
if ($s_code != $code) {
alertInfo("验证码不匹配", "userpw.php", 0);
}
$_SESSION['sms_code'] = '';
$_SESSION['sms_sendTime'] = '';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="style.css" type="text/css"/>
<link rel="icon" href="<?php
echo $imgstr2;
?>
" type="image/x-icon" />
<link rel="shortcut icon" href="<?php
$act = empty($_GET['act']) ? '' : sqlReplace(trim($_GET['act']));
$telstr = '';
if ($act == 'yes') {
if ($site_sms == '2') {
alertInfo('短信功能未开启,请配置', "site_sms.php", 0);
}
if (empty($_POST["idlist"])) {
alertInfo('请选择群发项!', "", 1);
}
$listall = $_POST["idlist"];
foreach ($listall as $listid) {
$sqlStr = "select * from qiyu_user where user_id in({$listid})";
$result = mysql_query($sqlStr);
$row = mysql_fetch_array($result);
if (!$row) {
alertInfo('数据不存在', '', 1);
} else {
if (!empty($row['user_phone'])) {
$telstr .= $row['user_phone'] . ';';
}
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> 群发短信 </title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="author" content="Jiangting@WiiPu -- http://www.wiipu.com" />
<link rel="stylesheet" href="style2.css" type="text/css"/>
$sql = "select * from qiyu_user where user_phone='" . $_SESSION['Phone'] . "'";
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
if ($code != $rows['user_vcode']) {
$str = "手机验证失败!";
} else {
$sqlStr = "update qiyu_user set user_status='1',user_vcode='' where user_phone='" . $_SESSION['Phone'] . "'";
if (mysql_query($sqlStr)) {
$str = "恭喜您!您的手机18801296063已验证成功。";
} else {
$str = "手机验证失败!";
}
}
} else {
alertInfo("手机号不存在", "userreg.php", 0);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="5;url=index.php"/>
<link rel="stylesheet" href="style.css" type="text/css"/>
<script src="js/jquery-1.3.1.js" type="text/javascript"></script>
<script src="js/tab.js" type="text/javascript"></script>
<script src="js/slide.js" type="text/javascript"></script>
<script src="js/scale.js" type="text/javascript"></script>
<script src="js/addbg.js" type="text/javascript"></script>
<script src="js/userreg.js" type="text/javascript"></script>
<title> 用户注册 - <?php
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if (!$row) {
$sta = getOrderKey($id);
alertInfo('非法操作', "userorder.php?key={$sta}", 0);
} else {
$order = $row['order_id2'];
$sql2 = "update qiyu_order set order_status='4' where order_id=" . $id . " and order_status=1";
if (mysql_query($sql2)) {
//添加订单记录
$orderContent = "<span class='greenbg'><span><span>订单已完成</span></span></span>";
$orderContent .= "亲,享受美味的时候,别忘了继续光顾" . $SHOP_NAME . "哦,我们将更好的为您服务。";
addOrderType($order, HTMLEncode($orderContent));
alertInfo('订单完成!', '', 1);
} else {
alertInfo('设置完成失败,原因SQL出现异常', 'userorder.php?key=1', 0);
}
}
}
$sql = "select * from qiyu_order inner join qiyu_useraddr on useraddr_id=order_useraddr and order_id=" . $id;
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
$userName = $rows['useraddr_name'];
$userPhone = $rows['useraddr_phone'];
$userAddress = $rows['useraddr_address'];
$spotID = $rows['useraddr_spot'];
$totalAll = $rows['order_totalprice'];
$total = $rows['order_price'];
$deliverfee_r = $rows['order_deliverprice'];
$order = $rows['order_id2'];
//echo $content;
} else {
alertInfo('Add Failed', '', 1);
//echo $content;
//echo add_system_log($content);
}
//alertInfo('修改成功!','list.php',0);
} else {
alertInfo('Modify Failed', '', 1);
}
break;
case 'del':
//得到sortlist传递的值,并检测
$id = sqlReplace(trim($_GET['id']));
if ($id == "") {
alertInfo('Illegal Operation', 'list.php', 0);
}
$sql_del = "delete from articles where aid = {$id}";
if (mysql_query($sql_del)) {
$content = "Deleted an article,No. is:" . $title;
if (add_system_log($content) == 1) {
alertInfo('Deleted success', 'list.php', 0);
//echo $content;
} else {
alertInfo('Delete failed', '', 1);
//echo $content;
//echo add_system_log($content);
}
}
break;
}
checkData($pwd, '密码', 1);
$code = sqlReplace(trim($_POST["imgcode"]));
//验证码
if (empty($code)) {
alertInfo('验证码不能为空', "", 1);
}
if ($code != $_SESSION['imgcode']) {
alertInfo('验证码不正确,请检查!', "", 1);
}
$sql = "select * from qiyu_shop where shop_account='" . $account . "'";
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
$salt = $rows['shop_salt'];
$pw = md5(md5($pwd) . $salt);
$sqlStr = "select * from qiyu_shop where shop_account='" . $account . "' and shop_password='******'";
$rs_r = mysql_query($sqlStr);
$row = mysql_fetch_assoc($rs_r);
if ($row) {
setcookie("QIYUSHOP", $rows['shop_account'], time() + 60 * 60 * 24 * 7);
setcookie("QIYUSHOPVERD", md5($pw . $salt), time() + 60 * 60 * 24 * 7);
$_SESSION['qiyu_shopID'] = $rows['shop_id'];
Header("Location: admin.php");
} else {
alertInfo("密码错误", "", 1);
}
} else {
alertInfo("用户名不存在", "", 1);
}
break;
}
/**
* shoptop.php
*/
require_once "usercheck2.php";
$id = sqlReplace(trim($_GET['id']));
$sql = "select * from qiyu_food where food_id=" . $id . " and food_shop=" . $QIYU_ID_SHOP;
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
$name = $rows['food_name'];
$price2 = $rows['food_price'];
$price1 = $rows['food_oldprice'];
$pic = $rows['food_pic'];
} else {
alertInfo("非法", "", 1);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="../style.css" type="text/css"/>
<script src="../js/jquery-1.3.1.js" type="text/javascript"></script>
<script src="../js/tree.js" type="text/javascript"></script>
<script type="text/javascript" src="js/shoptop.js"></script>
<script type="text/javascript" src="js/upload.js"></script>
<title>推荐模块 - 外卖点餐系统</title>
</head>
<body>
<div id="container">
$rows = mysql_fetch_assoc($rs);
if (!$rows) {
alertInfo('shopID有误', '', 1);
} else {
$sql = "insert into " . WIIDBPRE . "_shoppics(shoppics_shop,shoppics_url) values (" . $shopid1 . ",'" . $shoppics . "')";
$result = mysql_query($sql);
if ($result) {
alertInfo('添加店面图片成功', "", 1);
} else {
alertInfo('未知原因错误,请重试', "", 1);
}
}
break;
case 'del':
$id = sqlReplace(trim($_GET['id']));
checkData($id, "ID", 0);
$sql = "select * from " . WIIDBPRE . "_shoppics where shoppics_id=" . $id;
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if (!$row) {
alertInfo('您要删除的数据不存在', '', 1);
} else {
$sql2 = "delete from " . WIIDBPRE . "_shoppics where shoppics_id=" . $id;
if (mysql_query($sql2)) {
alertInfo('删除成功', '', 1);
} else {
alertInfo('未知原因删除失败,请重试', '', 1);
}
}
break;
}
$act = sqlReplace(trim($_GET['act']));
switch ($act) {
case "add":
$url = empty($_SESSION['user_url']) ? '' : $_SESSION['user_url'];
if (empty($url)) {
$url = "index.php";
}
$shopID = sqlReplace(trim($_GET['id']));
$foodID = sqlReplace(trim($_GET['foodID']));
$lableID = empty($_GET['lableID']) ? 0 : sqlReplace(trim($_GET['lableID']));
$ftID = empty($_GET['ftID']) ? 0 : sqlReplace(trim($_GET['ftID']));
//菜的大类id
$sql1 = "select shop_id from qiyu_shop inner join qiyu_shopspot on shopspot_shop=shop_id";
$sql1 .= " inner join qiyu_delivertime on delivertime_shop=shop_id and time(now())>=delivertime_starttime and time(now())<=delivertime_endtime";
$sql1 .= " and shop_id=" . $shopID . " and shop_status='1'";
$rs = mysql_query($sql1);
$row = mysql_fetch_assoc($rs);
if (!$row) {
alertInfo('现在不能点餐', '', 1);
}
addcart($foodID, $shopID);
Header("Location: " . $url . " ");
break;
case "del":
$id = sqlReplace(trim($_GET['id']));
$shopID = sqlReplace(trim($_GET['shopID']));
delcart($id, $shopID);
//删除购物车
alertInfo('删除成功', '', 1);
break;
}
if ($temp_pwd == md5($row['shop_password'] . $row['shop_salt'])) {
$_SESSION['qiyu_shopID'] = $row['shop_id'];
$QIYU_ID_SHOP = $row['shop_id'];
} else {
$QIYU_ID_SHOP = "";
}
} else {
$QIYU_ID_SHOP = "";
}
} else {
$QIYU_ID_SHOP = "";
}
}
if (empty($QIYU_ID_SHOP)) {
alertInfo("请先登录或注册", "index.php", 0);
}
$sqlStr = "select * from qiyu_shop where shop_id=" . $QIYU_ID_SHOP . "";
$result = mysql_query($sqlStr);
$SHOP_INFOS = mysql_fetch_assoc($result);
if ($SHOP_INFOS) {
$SHOP_ACCOUNT = $SHOP_INFOS['shop_account'];
//$SHOP_NAME=$SHOP_INFOS['shop_name'];
$SHOP_ID2 = $SHOP_INFOS['shop_id2'];
$SHOP_CERTPIC = $SHOP_INFOS['shop_certpic'];
$SHOP_LICENSEPIC = $SHOP_INFOS['shop_licensepic'];
$SHOP_CERTTIME = $SHOP_INFOS['shop_certtime'];
$SHOP_LICENSETIME = $SHOP_INFOS['shop_licensetime'];
$SHOP_PHONE = $SHOP_INFOS['shop_phone'];
} else {
alertInfo("非法", "index.php", 0);
}
//echo $content;
} else {
alertInfo('文章添加失败', '', 1);
//echo $content;
//echo add_system_log($content);
}
//alertInfo('修改成功!','list.php',0);
} else {
alertInfo('修改失败!', '', 1);
}
break;
case 'del':
//得到sortlist传递的值,并检测
$id = sqlReplace(trim($_GET['id']));
if ($id == "") {
alertInfo('非法操作', 'list.php', 0);
}
$sql_del = "delete from articles where aid = {$id}";
if (mysql_query($sql_del)) {
$content = "删除了一篇文章,文章编号" . $title;
if (add_system_log($content) == 1) {
alertInfo('删除成功', 'list.php', 0);
//echo $content;
} else {
alertInfo('文章删除失败', '', 1);
//echo $content;
//echo add_system_log($content);
}
}
break;
}
$shopSpot = empty($_GET['shopSpot']) ? '0' : sqlReplace(trim($_GET['shopSpot']));
$shopCircle = empty($_GET['shopCircle']) ? '0' : sqlReplace(trim($_GET['shopCircle']));
$savesession = $phone . ',' . $agree;
//存session
$_SESSION['reginfo1'] = $savesession;
checkData($phone, '手机号', 1);
checkData($pw, '密码', 1);
checkData($repw, '确认密码', 1);
if ($pw != $repw) {
alertInfo("两次输入的密码不同", "userreg.php", 0);
}
/*
if ($vCode!=$code){
alertInfo("验证码错误","",1);
} */
if ($vCode != $_SESSION["imgcode"]) {
alertInfo("验证码错误", "", 1);
}
if (empty($agree) && $site_isshowprotocol == '1') {
alertInfo("请选择同意协议", "", 1);
}
//检查手机的存在
$sqlStr = "select user_id from qiyu_user where user_phone='" . $phone . "'";
$rs = mysql_query($sqlStr);
$row = mysql_fetch_assoc($rs);
if ($row) {
alertInfo("手机号已注册", "", 1);
}
$_SESSION['phone'] = $phone;
$_SESSION['pw'] = $pw;
Header("Location: userregnew2.php?p=" . $p . "&shopID=" . $shopID . "&shopSpot=" . $shopSpot . "&shopCircle=" . $shopCircle);
$content = str_replace("'", "'", $content);
$content = str_replace("<br />", "</p><p>", $content);
//检验数据的合法性
checkData($title, '标题', 1);
$sql = "select * from " . WIIDBPRE . "_about where about_id=" . $id;
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if (!$row) {
alertInfo('非法操作', 'about_list.php', 0);
} else {
$sql2 = "update " . WIIDBPRE . "_about set about_title='" . $title . "',about_type='" . $type . "',about_content='" . $content . "' where about_id=" . $id;
if (mysql_query($sql2)) {
alertInfo('修改成功', 'about.php', 0);
} else {
alertInfo('修改失败,原因SQL出现异常', 'about.php', 0);
}
}
break;
case "save":
$i = trim($_POST['i']);
for ($x = 1; $x <= $i; $x++) {
$id = $_POST['id' . $x];
$id = checkData($id, 'ID', 0);
$order = $_POST['order' . $x];
$order = checkData($order, 'ID', 0);
$sql = "update " . WIIDBPRE . "_about set about_order=" . $order . " where about_id=" . $id . "";
mysql_query($sql);
}
alertInfo('保存成功!', "about.php", 0);
break;
}
break;
case 'update':
//得到sortlist传递的值,并检测
$id = sqlReplace(trim($_POST['id']));
$title = sqlReplace(trim($_POST['title']));
$content = sqlReplace(trim($_POST['content']));
if ($id == "") {
alertInfo('Illegal operation', 'list.php', 0);
}
$sql_update = "update articles set title='{$title}',content = '{$content}' where aid = " . $id;
if (mysql_query($sql_update)) {
alertInfo('The article added successful', 'list.php', 0);
//echo $content;
//alertInfo('修改成功!','list.php',0);
} else {
alertInfo('Modify failure!', '', 1);
}
break;
case 'del':
//得到sortlist传递的值,并检测
$id = sqlReplace(trim($_GET['id']));
if ($id == "") {
alertInfo('Illegal operation', 'list.php', 0);
}
$sql_del = "delete from articles where aid = {$id}";
if (mysql_query($sql_del)) {
alertInfo('Deleted successful', 'list.php', 0);
//echo $content;
}
break;
}
<?php
/**
* shopadd.php
*/
require_once "usercheck2.php";
$act = $_GET['act'];
switch ($act) {
case "index":
$title = sqlReplace($_POST['title']);
$keywords = HTMLEncode($_POST['keywords']);
$description = HTMLEncode($_POST['description']);
$sql = "update " . WIIDBPRE . "_seo set seo_title='" . $title . "', seo_keywords='" . $keywords . "',seo_description='" . $description . "' where seo_type=1";
if (!mysql_query($sql)) {
alertInfo('未知原因保存失败! ', "", 1);
} else {
alertInfo('保存成功!', "seo.php", 0);
}
break;
}
setcookie("QIYUCHECK", 'no', time() + 60 * 60 * 24 * 7);
}
if ($re_name == "yes") {
//记住帐号
setcookie("QIYUCHECK", 'yes', time() + 60 * 60 * 24 * 7);
setcookie("QIYUUSER", $rows['user_account'], time() + 60 * 60 * 24 * 7);
}
//记录Session
$_SESSION['qiyu_uid'] = $rows['user_id'];
//alertInfo("登录成功","index.php",0);
$geturl = getDefaultAddress($rows['user_id']);
$cName = getCircleByID($geturl['circle']);
if (!empty($p)) {
Header("Location: userorder.php?shopID=" . $shopID . "&shopSpot=" . $shopSpot . "&circleID=" . $shopCircle);
} else {
if ($cName == '大望路') {
Header("Location: spot.php?spotID=" . $geturl['spot'] . "&circleID=" . $geturl['circle']);
} else {
if (empty($loginUrl)) {
Header("Location: index.php");
} else {
Header("Location: " . $loginUrl);
}
}
}
} else {
alertInfo("您输入的密码不正确", "userlogin.php?shopID=" . $shopID . "&shopSpot=" . $shopSpot . "&circleID=" . $shopCircle, 0);
}
} else {
alertInfo("手机号不存在", "userlogin.php?shopID=" . $shopID . "&shopSpot=" . $shopSpot . "&circleID=" . $shopCircle, 0);
}
<?php
require_once "usercheck2.php";
$pw = sqlReplace(trim($_POST['pw']));
$newpw = sqlReplace(trim($_POST['newpw']));
$repw = sqlReplace(trim($_POST['repw']));
checkData($pw, '原密码', 1);
checkData($newpw, '新密码', 1);
if ($newpw != $repw) {
alertInfo("两次密码不一致", "", 1);
}
$check_sql = "select user_password,user_salt from " . WIIDBPRE . "_user where user_id=" . $QIYU_ID_USER;
$check_rs = mysql_query($check_sql);
$check_row = mysql_fetch_assoc($check_rs);
if (!$check_row) {
alertInfo('非法用户', '', 1);
} else {
$oldpw = md5(md5($pw . $check_row['user_salt']));
if ($oldpw != $check_row['user_password']) {
alertInfo('原密码输入不正确', '', 1);
} else {
$upd_sql = "update " . WIIDBPRE . "_user set user_password='******'user_salt'])) . "' where user_id=" . $QIYU_ID_USER;
if (mysql_query($upd_sql)) {
alertInfo('修改成功', 'usercenter.php', 0);
} else {
alertInfo('修改失败', '', 1);
}
}
}
} else {
$sql2 = "update qiyu_order set order_status='1' where order_id=" . $v . " and order_type='1' and order_status='0'";
if (!mysql_query($sql2)) {
alertInfo('确定失败,原因SQL出现异常', 'subscribe.php?' . $url, 0);
}
}
}
alertInfo('确定成功', 'subscribe.php?' . $url, 0);
break;
case 'subdel':
//批量删除
$idlist = $_POST['idlist'];
if (!$idlist) {
alertInfo('请选择', 'subscribe.php?' . $url, 0);
}
foreach ($idlist as $k => $v) {
$sql = "select * from qiyu_order where order_type='1' and order_id=" . $v;
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if (!$row) {
alertInfo('您要删除的订单不存在', 'subscribe.php?' . $url, 0);
} else {
$sql2 = "delete from qiyu_order where order_type='1' and order_id=" . $v;
if (!mysql_query($sql2)) {
alertInfo('删除失败!原因:SQL删除失败。', "", 1);
}
}
}
alertInfo('删除成功', 'subscribe.php?' . $url, 0);
break;
}
}
switch ($act) {
case 'print':
$id = sqlReplace(trim($_GET['id']));
if (!empty($id)) {
$row = getuserinfo($id);
if (!$row) {
alertInfo('数据不存在', '', 1);
}
require_once 'PHPWord.php';
$PHPWord = new PHPWord();
//复制模板文件,变成下载文件
$now = time();
$y_url = '../userfiles/print.docx';
$x_url = '../userfiles/docx/' . $now . '.docx';
$document = $PHPWord->loadTemplate($y_url);
$document->setValue('name', $row['user_name']);
//姓名
$document->setValue('phone', $row['user_phone']);
//姓名
//文件内容替换完毕 保存 下载
$document->save($x_url);
//header("Content-Type: application/force-download");
//header("Content-Disposition: attachment; filename=".basename($x_url));
//readfile($x_url);
header("location:" . $x_url);
} else {
alertInfo('参数错误', '', 1);
}
break;
}
$sql = "select * from qiyu_shop where shop_id=" . $shopID . " and shop_status='1'";
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
$shop_name = $rows['shop_name'];
$shop_id2 = $rows['shop_id2'];
$tel = $rows['shop_tel'];
$intro = $rows['shop_intro'];
$headpic2 = $rows['shop_headpic2'];
$mainfood = $rows['shop_mainfood'];
$prefer = $rows['shop_prefer'];
$fact = $rows['shop_face'];
$away = $rows['shop_istakeaway'];
$shop_address = $rows['shop_address'];
} else {
alertInfo('非法操作', 'index.php', 0);
}
$dFee = getDeliveFee();
$deliverfee = $dFee['fee'];
$deliverfee_r = $deliverfee;
$sendfee = $dFee['minfee'];
$delivertime = $dFee['deliverTime'];
$sendfee_r = $sendfee;
$deliver_isfee = $dFee['isFee'];
if (empty($isFirst)) {
$sql_label = "select foodtype_id from qiyu_foodtype where foodtype_shop=" . $shopID . " order by foodtype_order asc,foodtype_id desc limit 1";
$rs_label = mysql_query($sql_label);
$row_label = mysql_fetch_assoc($rs_label);
if ($row_label) {
$ftID = $row_label['foodtype_id'];
}
break;
case 'update':
//得到sortlist传递的值,并检测
$id = sqlReplace(trim($_POST['id']));
$title = sqlReplace(trim($_POST['title']));
$content = sqlReplace(trim($_POST['content']));
if ($id == "") {
alertInfo('非法操作', 'list.php', 0);
}
$sql_update = "update articles set title='{$title}',content = '{$content}' where aid = " . $id;
if (mysql_query($sql_update)) {
alertInfo('文章添加成功', 'list.php', 0);
//echo $content;
//alertInfo('修改成功!','list.php',0);
} else {
alertInfo('修改失败!', '', 1);
}
break;
case 'del':
//得到sortlist传递的值,并检测
$id = sqlReplace(trim($_GET['id']));
if ($id == "") {
alertInfo('非法操作', 'list.php', 0);
}
$sql_del = "delete from articles where aid = {$id}";
if (mysql_query($sql_del)) {
alertInfo('删除成功', 'list.php', 0);
//echo $content;
}
break;
}
