Пример #1
0
<?php 
//額外的檢測
// Add By Thomas 150917 for data consistency check
require_once "../convertString.ini.php";
require_once "../config.php";
if (floatval($_POST['WIDtotal_fee']) < 0) {
    echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Pay Amount Error !!");history.back();</script></body></html>';
    exit;
}
if (empty($_POST['chkStr'])) {
    echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Empty Security Data !!");history.back();</script></body></html>';
    exit;
}
$cs = new convertString();
$chkStr = $cs->strDecode($_POST['chkStr'], $config["encode_key"], $config["encode_type"]);
error_log("[lib/alipay/alipayapi] chkStr : " . $chkStr);
$chkArr = explode("|", $chkStr);
if (is_array($chkArr)) {
    $ordernum = $chkArr[0];
    $amount = $chkArr[1];
    error_log("[lib/alipay/alipayapi] pay data : " . $out_trade_no . "|" . $total_fee);
    if (floatval($amount) != floatval($total_fee)) {
        echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Total Fee Check Error !!");history.back();</script></body></html>';
        exit;
    }
    if ($ordernum != $out_trade_no) {
        echo '<!DOCTYPE><html><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><body><script>alert("Trade No. Check Failed !!");history.back();</script></body></html>';
        exit;
    }
} else {
Пример #2
0
 public function twcreditcard_pay()
 {
     global $tpl, $config, $deposit;
     set_status($this->controller);
     login_required();
     $pay_info = array();
     $pay_info['web'] = $config['creditcard']['merchantnumber'];
     $pay_info['MN'] = floatval($_POST['amount']);
     $pay_info['Td'] = $_POST['ordernumber'];
     $pay_info['sna'] = urlencode($_SESSION['user']['profile']['nickname']);
     $pay_info['sdt'] = $_SESSION['user']['name'];
     $pay_info['email'] = $_SESSION['user']['email'];
     $pay_info['note1'] = "{userid:" . $_SESSION['auth_id'] . "}";
     $pay_info['note2'] = "";
     $pay_info['OrderInfo'] = urlencode("OrderId:" . $pay_info['Td'] . ",Name:" . $_SESSION['user']['profile']['nickname'] . ",Userid:" . $_SESSION['auth_id'] . ",Amount:" . $pay_info['MN'] . ",Spts:" . $_POST['spoint']);
     $pay_info['Card_Type'] = $config['creditcard']['Card_Type'];
     $chkvalue_ori = $pay_info['web'] . $config['creditcard']['code'] . $pay_info['MN'];
     $pay_info['ChkValue'] = strtoupper(sha1($chkvalue_ori));
     error_log("Ori ChkValue :" . $chkvalue_ori);
     error_log("ChkValue :" . $pay_info['ChkValue']);
     // Add By Thomas 150917 for Data Consistency Check
     if (floatval($_POST['amount']) < 0) {
         die('<script>alert("Pay Amount Error !");history.back();</script>');
         exit;
     }
     if (empty($_POST['chkStr'])) {
         die('<script>alert("Empty Security Data !!");history.back();</script>');
         exit;
     }
     $cs = new convertString();
     $chkStr = $cs->strDecode($_POST['chkStr'], $config["encode_key"], $config["encode_type"]);
     error_log("[c/deposit/twcreditcard_pay] chkStr : " . $chkStr);
     $chkArr = explode("|", $chkStr);
     if (is_array($chkArr)) {
         $chk_orderid = $chkArr[0];
         $chk_amount = $chkArr[1];
         error_log("[c/deposit/twcreditcard_pay] pay data : " . $_POST['ordernumber'] . "|" . $_POST['amount']);
         if (floatval($chk_amount) != floatval($_POST['amount'])) {
             die('<script>alert("Total Fee Check Error !!");history.back();</script>');
             exit;
         }
         if ($chk_orderid != $_POST['ordernumber']) {
             die('<script>alert("Trade No. Check Failed !!");history.back();</script>');
             exit;
         }
     } else {
         die('<script>alert("Security Data Parse Error !!");history.back();</script>');
         exit;
     }
     $get_deposit_history = $deposit->get_deposit_history($pay_info['Td']);
     if (!empty($get_deposit_history[0]['dhid'])) {
         $arr_cond = array();
         $arr_cond['dhid'] = $pay_info['Td'];
         $arr_data = array();
         $arr_data['out_trade_no'] = $pay_info['Td'];
         $arr_data['userid'] = $_SESSION['auth_id'];
         $arr_data['amount'] = intval($pay_info['MN']);
         $arr_data['timepaid'] = date('YmdHis');
         $arr_data['phone'] = $pay_info['sdt'];
         $arr_data['paymenttype'] = $config['creditcard']['paymenttype'];
         $arr_date['ChkValue'] = $pay_info['ChkValue'];
         $arr_update['data'] = json_encode($arr_data);
         $arr_update['modifierid'] = $_SESSION['auth_id'];
         $arr_update['modifiername'] = $_SESSION['user']['profile']['nickname'];
         $arr_update['modifiertype'] = 'User';
         $deposit->update_deposit_history($arr_cond, $arr_update);
         $submit = '<body onload="document.form1.submit();" >';
         $submit .= '<form name="form1" action="' . $config['creditcard']['url_payment'] . '" method="POST">';
         $submit .= '<input type="hidden" name="web" value="' . $config['creditcard']['merchantnumber'] . '" />';
         $submit .= '<input type="hidden" name="MN" value="' . intval($pay_info['MN']) . '" />';
         // $submit.='<input type="hidden" name="MN" value="1" />';
         $submit .= '<input type="hidden" name="OrderInfo" value="' . $pay_info['OrderInfo'] . '" />';
         $submit .= '<input type="hidden" name="Td" value="' . $pay_info['Td'] . '" />';
         $submit .= '<input type="hidden" name="sna" value="' . $pay_info['sna'] . '" />';
         $submit .= '<input type="hidden" name="sdt" value="' . $pay_info['sdt'] . '" />';
         $submit .= '<input type="hidden" name="email" value="' . $pay_info['email'] . '" />';
         $submit .= '<input type="hidden" name="note1" value="' . $pay_info['note1'] . '" />';
         $submit .= '<input type="hidden" name="note2" value="' . $pay_info['note2'] . '" />';
         $submit .= '<input type="hidden" name="Card_Type" value="' . $pay_info['Card_Type'] . '" />';
         $submit .= '<input type="hidden" name="ChkValue" value="' . $pay_info['ChkValue'] . '" />';
         $submit .= '</form>';
         $submit .= '</body>';
         error_log($submit);
         echo $submit;
     } else {
         echo '<script>alert("充值程序異常!");window.location = "/site/deposit/"</script>';
     }
     exit;
 }