function login($loginname, $passwd0)
{
global $config;
$ret = array();
$ret['code'] = 1;
if ($loginname == '' || $passwd0 == '') {
$ret['code'] = -1;
$ret['msg'] = '登入失败 : 账号/密码缺误 !!';
}
$query = "SELECT * FROM `saja_user`.`saja_enterprise` \r\n\t\t\tWHERE \r\n\t\t\tprefixid = 'saja' \r\n\t\t\tAND loginname = '" . $loginname . "' \r\n\t\t\tAND switch = 'Y' \r\n\t\t\t";
error_log($query);
$model = new mysql($config["db"][0]);
$model->connect();
$table = $model->getQueryRecord($query);
if (empty($table['table']['record'])) {
$ret['code'] = -2;
$ret['msg'] = '登入失败 : 账号不存在!!';
}
$record = $table['table']['record'][0];
$str = new convertString();
$passwd = $str->strEncode($passwd0, $config['encode_key']);
// error_log("[loginto login] user : "******"-".$record['passwd']);
if ($record['passwd'] == $passwd) {
$ret['code'] = 1;
$ret['msg'] = $record;
} else {
$ret['code'] = -3;
$ret['msg'] = '登入失败 : 密码错误!!';
}
return $ret;
}
?>
<?php
//額外的檢測
// Add By Thomas 150917 for data consistency check
require_once "../convertString.ini.php";
require_once "../config.php";
if (floatval($_POST['WIDtotal_fee']) < 0) {
echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Pay Amount Error !!");history.back();</script></body></html>';
exit;
}
if (empty($_POST['chkStr'])) {
echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Empty Security Data !!");history.back();</script></body></html>';
exit;
}
$cs = new convertString();
$chkStr = $cs->strDecode($_POST['chkStr'], $config["encode_key"], $config["encode_type"]);
error_log("[lib/alipay/alipayapi] chkStr : " . $chkStr);
$chkArr = explode("|", $chkStr);
if (is_array($chkArr)) {
$ordernum = $chkArr[0];
$amount = $chkArr[1];
error_log("[lib/alipay/alipayapi] pay data : " . $out_trade_no . "|" . $total_fee);
if (floatval($amount) != floatval($total_fee)) {
echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Total Fee Check Error !!");history.back();</script></body></html>';
exit;
}
if ($ordernum != $out_trade_no) {
echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Trade No. Check Failed !!");history.back();</script></body></html>';
exit;
}
$io = new intputOutput();
// Check Variable Start
if (empty($io->input['post']["name"])) {
jsAlertMsg('登錄帳號錯誤!!');
}
if (empty($io->input['post']["passwd"])) {
jsAlertMsg('登錄密碼錯誤!!');
}
// Check Variable End
require_once "saja/mysql.ini.php";
$model = new mysql($config["db"][0]);
$model->connect();
$db_user = $config["db"][0]["dbname"];
//print_R($db_user);exit;
require_once "saja/convertString.ini.php";
$str = new convertString();
##############################################################################################################################################
// Table Start
$query = "SELECT * FROM `{$db_user}`.`{$config['default_prefix']}enterprise` \r\nWHERE \r\n\tprefixid = '" . $config['default_prefix_id'] . "' \r\n\tAND loginname = '" . $io->input['post']["name"] . "' \r\n\tAND switch = 'Y' \r\n";
$table = $model->getQueryRecord($query);
if (empty($table['table']['record'])) {
jsAlertMsg('登錄帳號不存在!!');
die;
}
$enterprise = $table['table']['record'][0];
$passwd = $str->strEncode($io->input['post']['passwd'], $config['encode_key']);
if ($enterprise['passwd'] !== $passwd) {
jsAlertMsg('登錄密碼錯誤!!');
}
// Table End
##############################################################################################################################################
<?php
ini_set("display_errors", 1);
require_once "saja/convertString.ini.php";
$string = new convertString();
if (empty($_GET['user'])) {
$str = "name=tester&passwd=10qpw93nd7";
$encrypted = $string->encryptAES128("D44F8682DA386", $str);
//header("location:/site/mobile/login/user="******"/site/mobile/login/user={$encrypted}";
} else {
$str = $_GET['user'];
echo $string->decryptAES128("D44F8682DA386", $str);
}
//echo urlencode($encrypted);
include_once "./config.php";
include_once "./dbconnect.php";
include_once "./convertString.ini.php";
/*
$ip='';
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$temp_ip = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']);
$ip = $temp_ip[0];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
error_log("[ibon_process.php] Request from : ".$ip);
*/
$str = new convertString();
//給 XML 函式處理
$XMLData = $_REQUEST['XMLData'];
error_log("[ibon_process] Request XML :" . $XMLData);
$encode = mb_detect_encoding($XMLData);
error_log("[ibon_process.php] encode : " . $encode);
$o_XMLData = stripslashes($XMLData);
error_log("[ibon_process] o_XMLData :" . $o_XMLData);
// $x_XMLData = iconv($encode, "big5", $o_XMLData); //給 MySQL 儲存專用
$x_XMLData = str_replace("<?xml version='1.0' encoding='Big5'?>", "", $o_XMLData);
preg_match("/<STATUS_DESC>(.+)<\\/STATUS_DESC>/", $x_XMLData, $matches);
$x_XMLData = str_replace($matches[0], "<STATUS_DESC></STATUS_DESC>", $x_XMLData);
preg_match_all("/<DATA_2>(.+)<\\/DATA_2>/", $x_XMLData, $matches);
$x_XMLData = str_replace($matches[0], "<DATA_2></DATA_2>", $x_XMLData);
/*
$pos1=strpos($x_XMLData,"<STATUS_DESC>");
public function twcreditcard_pay()
{
global $tpl, $config, $deposit;
set_status($this->controller);
login_required();
$pay_info = array();
$pay_info['web'] = $config['creditcard']['merchantnumber'];
$pay_info['MN'] = floatval($_POST['amount']);
$pay_info['Td'] = $_POST['ordernumber'];
$pay_info['sna'] = urlencode($_SESSION['user']['profile']['nickname']);
$pay_info['sdt'] = $_SESSION['user']['name'];
$pay_info['email'] = $_SESSION['user']['email'];
$pay_info['note1'] = "{userid:" . $_SESSION['auth_id'] . "}";
$pay_info['note2'] = "";
$pay_info['OrderInfo'] = urlencode("OrderId:" . $pay_info['Td'] . ",Name:" . $_SESSION['user']['profile']['nickname'] . ",Userid:" . $_SESSION['auth_id'] . ",Amount:" . $pay_info['MN'] . ",Spts:" . $_POST['spoint']);
$pay_info['Card_Type'] = $config['creditcard']['Card_Type'];
$chkvalue_ori = $pay_info['web'] . $config['creditcard']['code'] . $pay_info['MN'];
$pay_info['ChkValue'] = strtoupper(sha1($chkvalue_ori));
error_log("Ori ChkValue :" . $chkvalue_ori);
error_log("ChkValue :" . $pay_info['ChkValue']);
// Add By Thomas 150917 for Data Consistency Check
if (floatval($_POST['amount']) < 0) {
die('<script>alert("Pay Amount Error !");history.back();</script>');
exit;
}
if (empty($_POST['chkStr'])) {
die('<script>alert("Empty Security Data !!");history.back();</script>');
exit;
}
$cs = new convertString();
$chkStr = $cs->strDecode($_POST['chkStr'], $config["encode_key"], $config["encode_type"]);
error_log("[c/deposit/twcreditcard_pay] chkStr : " . $chkStr);
$chkArr = explode("|", $chkStr);
if (is_array($chkArr)) {
$chk_orderid = $chkArr[0];
$chk_amount = $chkArr[1];
error_log("[c/deposit/twcreditcard_pay] pay data : " . $_POST['ordernumber'] . "|" . $_POST['amount']);
if (floatval($chk_amount) != floatval($_POST['amount'])) {
die('<script>alert("Total Fee Check Error !!");history.back();</script>');
exit;
}
if ($chk_orderid != $_POST['ordernumber']) {
die('<script>alert("Trade No. Check Failed !!");history.back();</script>');
exit;
}
} else {
die('<script>alert("Security Data Parse Error !!");history.back();</script>');
exit;
}
$get_deposit_history = $deposit->get_deposit_history($pay_info['Td']);
if (!empty($get_deposit_history[0]['dhid'])) {
$arr_cond = array();
$arr_cond['dhid'] = $pay_info['Td'];
$arr_data = array();
$arr_data['out_trade_no'] = $pay_info['Td'];
$arr_data['userid'] = $_SESSION['auth_id'];
$arr_data['amount'] = intval($pay_info['MN']);
$arr_data['timepaid'] = date('YmdHis');
$arr_data['phone'] = $pay_info['sdt'];
$arr_data['paymenttype'] = $config['creditcard']['paymenttype'];
$arr_date['ChkValue'] = $pay_info['ChkValue'];
$arr_update['data'] = json_encode($arr_data);
$arr_update['modifierid'] = $_SESSION['auth_id'];
$arr_update['modifiername'] = $_SESSION['user']['profile']['nickname'];
$arr_update['modifiertype'] = 'User';
$deposit->update_deposit_history($arr_cond, $arr_update);
$submit = '<body onload="document.form1.submit();" >';
$submit .= '<form name="form1" action="' . $config['creditcard']['url_payment'] . '" method="POST">';
$submit .= '<input type="hidden" name="web" value="' . $config['creditcard']['merchantnumber'] . '" />';
$submit .= '<input type="hidden" name="MN" value="' . intval($pay_info['MN']) . '" />';
// $submit.='<input type="hidden" name="MN" value="1" />';
$submit .= '<input type="hidden" name="OrderInfo" value="' . $pay_info['OrderInfo'] . '" />';
$submit .= '<input type="hidden" name="Td" value="' . $pay_info['Td'] . '" />';
$submit .= '<input type="hidden" name="sna" value="' . $pay_info['sna'] . '" />';
$submit .= '<input type="hidden" name="sdt" value="' . $pay_info['sdt'] . '" />';
$submit .= '<input type="hidden" name="email" value="' . $pay_info['email'] . '" />';
$submit .= '<input type="hidden" name="note1" value="' . $pay_info['note1'] . '" />';
$submit .= '<input type="hidden" name="note2" value="' . $pay_info['note2'] . '" />';
$submit .= '<input type="hidden" name="Card_Type" value="' . $pay_info['Card_Type'] . '" />';
$submit .= '<input type="hidden" name="ChkValue" value="' . $pay_info['ChkValue'] . '" />';
$submit .= '</form>';
$submit .= '</body>';
error_log($submit);
echo $submit;
} else {
echo '<script>alert("充值程序異常!");window.location = "/site/deposit/"</script>';
}
exit;
}
function userCommitTx()
{
global $db, $config, $tpl, $mall;
//設定 Action 相關參數
login_required();
set_status($this->controller);
date_default_timezone_set('Asia/Shanghai');
$expw = $_POST['expw'];
$userid = $_POST['userid'];
$evrid = $_POST['evrid'];
$bonus_noexpw = $_POST['bonus_noexpw'];
$bonus_total = $_POST['bonus_total'];
$arrCond = array();
try {
//帳號檢核
if ($userid != $_SESSION['auth_id']) {
$retArr['retCode'] = '-105';
$retArr['retMsg'] = urlencode('會員資料錯誤 !!');
$this->replyAndExit($retArr);
} else {
error_log("[mall.userConfirmTx] userid : " . $userid . " Check OK !!");
}
// 免密 兑换密码檢核
if ($bonus_total > $bonus_noexpw) {
$cs = new convertString();
$exchangepasswd = $cs->strEncode($expw, $config['encode_key']);
$query = "SELECT * \n\t\t\t\t\t\t\t\tFROM `{$config['db'][0]['dbname']}`.`{$config['default_prefix']}user` \n\t\t\t\t\t\t\t\tWHERE prefixid = '{$config['default_prefix_id']}' \n\t\t\t\t\t\t\t\t AND userid = '{$userid}' \n\t\t\t\t\t\t\t\t AND exchangepasswd = '{$exchangepasswd}' \n\t\t\t\t\t\t\t\t AND switch = 'Y' \n\t\t\t\t\t\t\t\t LIMIT 1\n\t\t\t\t\t\t\t\t";
$table = $db->getQueryRecord($query);
if (empty($table['table']['record'][0]['exchangepasswd'])) {
//'兑换密码错误'
$retArr['retCode'] = '-112';
$retArr['retMsg'] = urlencode('兑换密码错误!!');
$this->replyAndExit($retArr);
} else {
error_log("[mall.userConfirmTx] exchange pwd : " . $expw . " Check OK !!");
}
}
$arrCond['evrid'] = $evrid;
$record = $mall->getQrcodeTxRecord($arrCond);
$retArr = array();
//確認資料存在
$retArr['evrid'] = $evrid;
if (!$record) {
$retArr['retCode'] = '-100';
$retArr['retMsg'] = urlencode('交易紀錄不存在!!');
$this->replyAndExit($retArr);
} else {
error_log("[mall.userConfirmTx] evrid : " . $evrid . " Check OK !!");
}
//確認交易狀態資料
if ($record['tx_status'] != 3) {
$retArr['retCode'] = '-111';
$retArr['retMsg'] = urlencode('交易資料狀態錯誤!!');
$this->replyAndExit($retArr);
} else {
error_log("[mall.userConfirmTx] tx_status : " . $tx_status . " Check OK !!");
}
$arrCond['userid'] = $userid;
$arrCond['tx_status'] = '3';
// 確認紅利點數
$require_bonus = $record['total_bonus'];
$curr_bonus = $mall->bonus_check($userid);
error_log("[mall.userConfirmTx] curr bonus : " . $curr_bonus . ", required bonus :" . $require_bonus);
if ($curr_bonus < $require_bonus) {
$retArr['retCode'] = '-104';
$retArr['retMsg'] = urlencode('會員紅利點數不足!!');
$this->replyAndExit($retArr);
} else {
error_log("[mall.userConfirmTx] curr bonus check OK !!");
}
//OK
//產生會員紅利點數支付紀錄
$query = "insert into `{$config['db'][1]['dbname']}`.`{$config['default_prefix']}bonus` set \n\t\t\t\t\t\t `prefixid` = '{$config['default_prefix_id']}', \n\t\t\t\t\t\t `userid` = '{$userid}', \n\t\t\t\t\t\t `countryid` = '{$config['country']}', \n\t\t\t\t\t\t `behav` = 'user_qrcode_tx', \n\t\t\t\t\t\t `amount` = '-{$require_bonus}', \n\t\t\t\t\t\t `seq` = '0', \n\t\t\t\t\t\t `switch` = 'Y', \n\t\t\t\t\t\t `insertt` = now()";
error_log("[mall.userConfirmTx] pay bonus : " . $query);
$db->query($query);
$bonusid = $db->_con->insert_id;
//產生商家紅利點數收取記錄
$insert = "insert into `{$config['db'][1]['dbname']}`.`{$config['default_prefix']}bonus_store` set \n\t\t\t\t\t\t `prefixid` = '{$config['default_prefix_id']}', \n\t\t\t\t\t\t `bonusid` = '{$bonusid}',\n\t\t\t\t\t\t `enterpriseid`='" . $record['vendorid'] . "',\n\t\t\t\t\t\t `esid`=(select esid from saja_user.saja_enterprise where enterpriseid='" . $record['vendorid'] . "' ),\n\t\t\t\t\t\t `countryid` = (select countryid from saja_user.saja_enterprise_profile where enterpriseid='" . $record['vendorid'] . "' ), \n\t\t\t\t\t\t `behav` = 'user_qrcode_tx', \n\t\t\t\t\t\t `amount` = '{$require_bonus}', \n\t\t\t\t\t\t `seq` = '0', \n\t\t\t\t\t\t `switch` = 'Y', \n\t\t\t\t\t\t `insertt` = now()";
error_log("[mall.userConfirmTx] earn bonus : " . $insert);
$db->query($insert);
//修改交易紀錄
$arrUpd = array();
$tx_status = '4';
$arrUpd['bonusid'] = $bonusid;
$arrUpd['tx_status'] = $tx_status;
$arrUpd['commit_time'] = date('YmdHis');
$retCode = $mall->updQrcodeTxRecord($arrUpd, $arrCond);
$retArr = array();
if ($retCode) {
// $ws=new Client($config['wss_url']);
// $ws->send('NTFY|'.$arrCond['evrid'].'|'.$arrUpd['tx_status']);
$retArr['retCode'] = '1';
$retArr['retMsg'] = urlencode('交易完成,使用红利:' . $require_bonus . '点');
}
} catch (Exception $e) {
$retArr['retCode'] = $e->getCode();
$retArr['retMSg'] = $e->getMessage();
}
$this->replyAndExit($retArr);
}
