if ($rt['sright']['rmbprice'] <= 0) {
Showmsg('undefined_action');
}
//* include_once pwCache::getPath(D_P.'data/bbscache/ol_config.php');
pwCache::getData(D_P . 'data/bbscache/ol_config.php');
if (!$ol_onlinepay) {
Showmsg($ol_whycolse);
}
$grouptitle = $rt['grouptitle'];
$order_no = '1' . str_pad($winduid, 10, "0", STR_PAD_LEFT) . get_date($timestamp, 'YmdHis') . num_rand(5);
$db->update("INSERT INTO pw_clientorder SET " . S::sqlSingle(array('order_no' => $order_no, 'type' => 3, 'uid' => $winduid, 'paycredit' => $gid, 'price' => $rt['sright']['rmbprice'], 'number' => $days, 'date' => $timestamp, 'state' => 0, 'extra_1' => $options)));
if (!$ol_payto) {
Showmsg('olpay_alipayerror');
}
require_once R_P . 'require/onlinepay.php';
$olpay = new OnlinePay($ol_payto);
ObHeader($olpay->alipayurl($order_no, round($rt['sright']['rmbprice'] * $days, 2), 3));
}
if (md5($pwpwd) != $mb['password']) {
Showmsg('password_error');
}
if ($rt['sright']['sellprice'] <= 0) {
Showmsg('undefined_action');
}
$needcur = $days * $rt['sright']['sellprice'];
$cur = $credit->get($winduid, $rt['sright']['selltype']);
if ($cur === false) {
Showmsg('numerics_checkfailed');
}
if ($cur < $needcur) {
Showmsg('noenough_currency');
if ($method == 1) {
if (!$ol_paypal || !$ol_paypalcode) {
Showmsg('olpay_paypalerror');
}
$url = "https://www.paypal.com/cgi-bin/webscr?";
$para = array('cmd' => '_xclick', 'invoice' => $order_no, 'business' => $ol_paypal, 'item_name' => getLangInfo('olpay', "olpay_0_title", array('order_no' => $order_no)), 'item_number' => 'phpw*', 'amount' => $number, 'no_shipping' => 0, 'no_note' => 1, 'currency_code' => 'CNY', 'bn' => 'phpwind', 'charset' => $db_charset);
foreach ($para as $key => $value) {
$url .= $key . "=" . urlencode($value) . "&";
}
ObHeader($url);
} elseif ($method == 2) {
if (!$ol_payto) {
Showmsg('olpay_alipayerror');
}
require_once R_P . 'require/onlinepay.php';
$olpay = new OnlinePay($ol_payto);
ObHeader($olpay->alipayurl($order_no, $number, 0));
} elseif ($method == 3) {
//fix by noizy
if (!$ol_99bill || !$ol_99billcode) {
Showmsg('olpay_pay99error');
}
strlen($ol_99bill) == 11 && ($ol_99bill .= '01');
//require_once(R_P.'require/header.php');
!$db_rmbrate && ($db_rmbrate = 10);
$para = array('inputCharset' => $db_charset == 'gbk' ? 2 : 1, 'pageUrl' => "{$db_bbsurl}/pay99bill.php", 'version' => 'v2.0', 'language' => 1, 'signType' => 1, 'merchantAcctId' => $ol_99bill, 'payerName' => $windid, 'orderId' => $order_no, 'orderAmount' => $number * 100, 'orderTime' => get_date($timestamp, 'YmdHis'), 'productName' => getLangInfo('other', 'userpay_content'), 'productNum' => $number * $db_rmbrate, 'payType' => '00', 'redoFlag' => 1);
$signMsg = $inputMsg = '';
foreach ($para as $key => $value) {
$value = trim($value);
if (strlen($value) > 0) {
$signMsg .= "{$key}={$value}&";
Showmsg('undefined_action');
}
//* include_once pwCache::getPath(D_P.'data/bbscache/ol_config.php');
pwCache::getData(D_P . 'data/bbscache/ol_config.php');
if (!$ol_onlinepay) {
procUnLock('tool_buy', $winduid);
Showmsg($ol_whycolse);
}
$order_no = '1' . str_pad($winduid, 10, "0", STR_PAD_LEFT) . get_date($timestamp, 'YmdHis') . num_rand(5);
$db->update("INSERT INTO pw_clientorder SET " . S::sqlSingle(array('order_no' => $order_no, 'type' => 1, 'uid' => $winduid, 'paycredit' => $id, 'price' => $toolinfo['rmb'], 'number' => $nums, 'date' => $timestamp, 'state' => 0)));
if (!$ol_payto) {
procUnLock('tool_buy', $winduid);
Showmsg('olpay_alipayerror');
}
require_once R_P . 'require/onlinepay.php';
$olpay = new OnlinePay($ol_payto);
procUnLock('tool_buy', $winduid);
ObHeader($olpay->alipayurl($order_no, $toolinfo['rmb'] * $nums, 1));
}
if ($toolinfo['price'] < 0) {
procUnLock('tool_buy', $winduid);
Showmsg('undefined_action');
}
$price = $toolinfo['price'] * $nums;
!$toolinfo['creditype'] && ($toolinfo['creditype'] = 'currency');
if ($credit->get($winduid, $toolinfo['creditype']) < $price) {
$creditname = $credit->cType[$toolinfo['creditype']];
if (array_key_exists($toolinfo['creditype'], $db_creditpay)) {
procUnLock('tool_buy', $winduid);
Showmsg('unenough_currency');
} else {
$db->update("UPDATE pw_trade SET salenum=salenum+" . $order['quantity'] . " WHERE tid=" . S::sqlEscape($order['tid']));
//$db->update("UPDATE pw_trade SET salenum=salenum+1 WHERE tid=".S::sqlEscape($order['tid']));
refreshto("apps.php?q=article&a=goods", 'operate_success');
} elseif ($action == 'pcalipay') {
S::gp(array('tid', 'pcmid', 'pcid'), GP, 2);
$pcvaluetable = GetPcatetable($pcid);
$order = $db->get_one("SELECT pv.price,pv.deposit,pm.username,pm.nums,pm.phone,pm.mobile,pm.address,pm.ifpay,pm.totalcash,t.author,t.authorid,t.subject FROM pw_pcmember pm LEFT JOIN {$pcvaluetable} pv ON pm.tid=pv.tid LEFT JOIN pw_threads t ON pv.tid=t.tid WHERE pm.tid=" . S::sqlEscape($tid) . " AND pm.pcmid=" . S::sqlEscape($pcmid) . " AND pm.uid=" . S::sqlEscape($winduid));
$order['zip'] = '100000';
$order['tradeinfo'] = $db->get_value("SELECT tradeinfo FROM pw_memberinfo WHERE uid=" . S::sqlEscape($order['authorid']));
if (empty($order)) {
Showmsg('data_error');
}
if (!is_array($trade = unserialize($order['tradeinfo']))) {
$trade = array();
}
if ($order['ifpay'] > 0) {
Showmsg('pcalipay_haspay');
}
if (empty($trade['alipay'])) {
Showmsg('onlinepay_alipay');
}
//* include_once pwCache::getPath(D_P.'data/bbscache/ol_config.php');
pwCache::getData(D_P . 'data/bbscache/ol_config.php');
require_once R_P . 'require/onlinepay.php';
$olpay = new OnlinePay($trade['alipay']);
$price = !ceil($order['deposit']) ? $order['price'] : $order['deposit'];
$price = number_format($price, 2, '.', '');
$order_no = $pcmid . '_' . str_pad($winduid, 10, "0", STR_PAD_LEFT) . get_date($timestamp, 'YmdHis') . num_rand(5);
$param = array('notify_url' => "{$db_bbsurl}/alipay.php?action=pcalipay", 'return_url' => "{$db_bbsurl}/alipay.php?action=pcalipay", 'subject' => $order['subject'], 'out_trade_no' => $order_no, 'price' => $price, 'quantity' => $order['nums'], 'payment_type' => 1, 'logistics_type' => 'EXPRESS', 'logistics_fee' => '0.00', 'logistics_payment' => 'SELLER_PAY', 'receive_name' => $order['username'], 'receive_address' => $order['address'], 'receive_zip' => $order['zip'], 'receive_phone' => $order['mobile']);
ObHeader($olpay->alipay2url($param));
}
break;
}
}
if ($e_check == 1) {
Showmsg('请输入正确的电子邮箱地址!');
}
}
if (!preg_match('/^[a-z0-9\\-_\\.]{2,}@([a-z\\-0-9]+\\.)+[a-z]{2,3}$/i', $email)) {
Showmsg('电子邮箱地址格式有误,请重新填写!');
}
$db->update("INSERT INTO pw_clientorder SET " . S::sqlSingle(array('order_no' => $order_no, 'type' => 4, 'uid' => 0, 'price' => $inv_price, 'payemail' => $email, 'number' => $invnum, 'date' => $timestamp, 'state' => 0)));
if (!$ol_payto) {
Showmsg('olpay_alipayerror');
}
require_once R_P . 'require/onlinepay.php';
$olpay = new OnlinePay($ol_payto);
ObHeader($olpay->alipayurl($order_no, $invnum * $inv_price, 4, $db_registerfile));
}
} elseif (GetGP('action', 'P') == 'auth') {
/*实名认证获取验证码*/
InitGP('mobile');
$authService = L::loadClass('Authentication', 'user');
if ($_POST['step'] == '1') {
$status = $authService->getverify('register', $mobile, ip2long($onlineip), false, 'register');
echo $status;
} elseif ($_POST['step'] == '2') {
InitGP('authverify');
$status = $authService->checkverify($mobile, ip2long($onlineip), $authverify);
echo $status ? 0 : 5;
}
ajax_footer();
if ($buymethod) {
if ($forumset['sellprice'][$date]['rprice'] <= 0) {
Showmsg('undefined_action');
}
//* include_once pwCache::getPath(D_P.'data/bbscache/ol_config.php');
pwCache::getData(D_P . 'data/bbscache/ol_config.php');
if (!$ol_onlinepay) {
Showmsg($ol_whycolse);
}
$order_no = '1' . str_pad($winduid, 10, "0", STR_PAD_LEFT) . get_date($timestamp, 'YmdHis') . num_rand(5);
$db->update("INSERT INTO pw_clientorder SET " . S::sqlSingle(array('order_no' => $order_no, 'type' => 2, 'uid' => $winduid, 'paycredit' => $fid, 'price' => $forumset['sellprice'][$date]['rprice'], 'number' => 1, 'date' => $timestamp, 'state' => 0, 'extra_1' => $date)));
if (!$ol_payto) {
Showmsg('olpay_alipayerror');
}
require_once R_P . 'require/onlinepay.php';
$olpay = new OnlinePay($ol_payto);
ObHeader($olpay->alipayurl($order_no, $forumset['sellprice'][$date]['rprice'], 2));
}
if ($forumset['sellprice'][$date]['cprice'] <= 0) {
Showmsg('undefined_action');
}
if ($credit->get($winduid, $f['forumsell']) < $forumset['sellprice'][$date]['cprice']) {
$creditname = pwCreditNames($f['forumsell']);
Showmsg('forumsell_price');
}
$credit->addLog('main_forumsell', array($f['forumsell'] => -$forumset['sellprice'][$date]['cprice']), array('uid' => $winduid, 'username' => $windid, 'ip' => $onlineip, 'fname' => $forum[$fid]['name'], 'days' => $date));
$credit->set($winduid, $f['forumsell'], -$forumset['sellprice'][$date]['cprice']);
$overdate = $timestamp + $date * 86400;
$db->update("INSERT INTO pw_forumsell SET " . S::sqlSingle(array('fid' => $fid, 'uid' => $winduid, 'buydate' => $timestamp, 'overdate' => $overdate, 'credit' => $f['forumsell'], 'cost' => $forumset['sellprice'][$date]['cprice']), false));
refreshto("thread.php?fid={$fid}", 'operate_success');
}
$kmdService->updatePayLog($updatePayLog, $payLog['id']);
$tmpMessageContent = array('username' => $windid, 'fid' => $fid, 'forumname' => $forumInfo->name, 'money' => $payLog['money']);
if ($db_kmd_reviewperson) {
$kmdReviewPerson = explode(',', $db_kmd_reviewperson);
$kmdReviewPerson = array_unique(array_merge($kmdReviewPerson, $manager));
sendKmdMessages($kmdReviewPerson, array('kmd_review_title', array('username' => $windid)), array('kmd_review_content', $tmpMessageContent));
}
sendKmdMessages(array($windid), array('kmd_review_user_title'), array('kmd_review_user_content', $tmpMessageContent));
$paytype != KMD_PAY_TYPE_ALIPAY && refreshto("{$basename}a=info", '您的支付信息已提交,请等待管理员确认支付!');
list($money, $payLogId) = array($payLog['money'], $payLog['id']);
}
$order_no = str_pad('0', 10, "0", STR_PAD_LEFT) . get_date($timestamp, 'YmdHis') . num_rand(5);
$email = $winddb ? $winddb['email'] : '';
$db->update("REPLACE INTO pw_clientorder SET " . S::sqlSingle(array('order_no' => $order_no, 'type' => 5, 'uid' => $winduid, 'price' => $money, 'payemail' => $email, 'number' => 1, 'date' => $timestamp, 'state' => 0, 'extra_1' => $payLogId)));
require_once R_P . 'require/onlinepay.php';
$olpay = new OnlinePay($ol_payto);
ObHeader($olpay->alipayurl($order_no, $money, 5, "{$basename}a=info"));
}
} elseif ($a == 'addthread') {
S::gp(array('originalaction', 'tpcurl'));
S::gp(array('kid', 'threadid', 'originaltid'), 'GP', 2);
$kid < 1 && kmdAjaxMessage('孔明灯不存在');
$kmdInfo = $kmdService->getKmdInfoByKid($kid);
!$kmdInfo && kmdAjaxMessage('孔明灯不存在');
$kmdInfo['uid'] != $winduid && kmdAjaxMessage('您无权操作别人的孔明灯');
$kmdInfo['endtime'] <= $timestamp && kmdAjaxMessage('该孔明灯已过期');
if (!$action || $action == 'changethread' && !$originaltid) {
$title = $content = $tid = '';
$getThreadUrl = $basename . 'a=getthread';
if ($action == 'changethread') {
$threadCacheService = Perf::gatherCache('pw_threads');
$num = $rt['number'];
$email = $rt['payemail'];
require_once PrintHack('index');
footer();
}
$db->Update("UPDATE pw_clientorder SET " . pwSqlSingle(array('order_no' => $order_no, 'number' => $invnum)) . ' WHERE id=' . pwEscape($rt['id']));
} else {
$db->update("INSERT INTO pw_clientorder SET " . pwSqlSingle(array('order_no' => $order_no, 'type' => 4, 'uid' => 0, 'price' => $inv_price, 'payemail' => $email, 'number' => $invnum, 'date' => $timestamp, 'state' => 0)));
}
switch ($method) {
case 2:
if (!$ol_payto) {
Showmsg('olpay_alipayerror');
}
require_once R_P . 'require/onlinepay.php';
$olpay = new OnlinePay($ol_payto);
ObHeader($olpay->alipayurl($order_no, $invnum * $inv_price, 4));
break;
case 4:
if (!$ol_tenpay || !$ol_tenpaycode) {
Showmsg('olpay_tenpayerror');
}
$strBillDate = get_date($timestamp, 'Ymd');
$strSpBillNo = substr($order_no, -10);
$strTransactionId = $ol_tenpay . $strBillDate . $strSpBillNo;
$db->update("UPDATE pw_clientorder SET order_no=" . pwEscape($strTransactionId) . "WHERE order_no=" . pwEscape($order_no));
$url = "http://pay.phpwind.net/pay/create_payurl.php?";
$para = array('cmdno' => '1', 'date' => $strBillDate, 'bargainor_id' => $ol_tenpay, 'transaction_id' => $strTransactionId, 'sp_billno' => $strSpBillNo, 'total_fee' => $invnum * $inv_price * 100, 'bank_type' => 0, 'fee_type' => 1, 'return_url' => "{$db_bbsurl}/hack.php?H_name=invite&action=tenpay", 'attach' => 'my_magic_string');
$arg = '';
foreach ($para as $key => $value) {
if ($value) {
