<?php
/**
* getstatus.php 动态获取订单状态
*/
header("Content-type: text/html; charset=utf-8");
include "include/dbconn.php";
//require_once("usercheck.php");
$orderid = sqlReplace(trim($_GET['id']));
$orderkey = sqlReplace(trim($_GET['key']));
$url = empty($_GET['url']) ? '' : sqlReplace(trim($_GET['url']));
$sql = "select * from " . WIIDBPRE . "_order where order_id=" . $orderid;
$rs = mysql_query($sql);
$row = mysql_fetch_assoc($rs);
//检查是否可以催餐
$isHurry_30 = false;
$isHurry_45 = false;
$isHurry_60 = false;
$sql = "select * from " . WIIDBPRE . "_orderchange where orderchange_type='1' and orderchange_hurry='0' and orderchange_order='" . $row['order_id2'] . "'";
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
$isHurry_30 = true;
}
$sql = "select * from " . WIIDBPRE . "_orderchange where orderchange_type='1' and orderchange_hurry='1' and orderchange_order='" . $row['order_id2'] . "'";
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
$isHurry_45 = true;
}
$sql = "select * from " . WIIDBPRE . "_orderchange where orderchange_type='1' and orderchange_hurry='2' and orderchange_order='" . $row['order_id2'] . "'";
$row = mysql_fetch_assoc($result);
if (!$row) {
alertInfo('您要删除的订单不存在', 'userorder.php?key=' . $key . $url, 0);
} else {
$sql2 = "delete from qiyu_order where order_id=" . $v;
if (!mysql_query($sql2)) {
alertInfo('删除失败!原因:SQL删除失败。', "", 1);
}
}
}
alertInfo('删除成功', 'userorder.php?key=' . $key . $url, 0);
break;
case 'xxfinish':
//批量完成
$idlist = $_POST['idlist'];
$key = sqlReplace(trim($_GET['key']));
if (!$idlist) {
alertInfo('请选择', 'userorder.php?key=' . $key . $url, 0);
}
foreach ($idlist as $k => $v) {
$sql3 = "select * from qiyu_order where order_id ='" . $v . "' and order_status='1'";
$rs3 = mysql_query($sql3);
$row3 = mysql_fetch_assoc($rs3);
if (!$row3) {
alertInfo('订单不存在', 'userorder.php?key=' . $key . $url, 0);
} else {
$order = $row3['order_id2'];
$sql2 = "update qiyu_order set order_status='4' where order_id='" . $v . "' and order_status='1'";
if (mysql_query($sql2)) {
//添加订单记录
$orderContent = "<span class='greenbg'><span><span>订单已完成</span></span></span>";
<?php
require_once "usercheck.php";
$shopID = sqlReplace(trim($_GET['shopID']));
$sql = "select * from qiyu_shop where shop_id=" . $shopID . " and shop_status='1'";
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if (!$rows) {
alertInfo("错误", "index.php", 0);
}
if (!empty($QIYU_ID_USER)) {
$sqlStr = "select * from qiyu_user where user_id=" . $QIYU_ID_USER;
$result = mysql_query($sqlStr);
$row = mysql_fetch_assoc($result);
if ($row) {
$user_phone = $row['user_phone'];
}
} else {
$user_phone = $_SESSION['user_phone'];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="style.css" type="text/css"/>
<script src="js/jquery-1.3.1.js" type="text/javascript"></script>
<title> 验证手机号 - <?php
echo $SHOP_NAME;
?>
- <?php
/**
* userlogin_do.php 登录操作
*/
require 'include/dbconn.php';
$user_account = sqlReplace(trim($_POST['z_phone']));
$loginUrl = $_SESSION['login_url'];
$pw = sqlReplace(trim($_POST['pw']));
$cookie = empty($_POST['cookie']) ? "" : sqlReplace($_POST['cookie']);
$re_name = empty($_POST['re_name']) ? "" : sqlReplace($_POST['re_name']);
$sinaUid = empty($_SESSION['sinaUid']) ? '' : sqlReplace($_SESSION['sinaUid']);
$sinaNick = empty($_SESSION['sinaNick']) ? '' : sqlReplace($_SESSION['sinaNick']);
$p = empty($_GET['p']) ? '' : sqlReplace(trim($_GET['p']));
//从订单页来的标示
$shopID = empty($_GET['shopID']) ? '0' : sqlReplace(trim($_GET['shopID']));
$shopSpot = empty($_GET['shopSpot']) ? '0' : sqlReplace(trim($_GET['shopSpot']));
$shopCircle = empty($_GET['shopCircle']) ? '0' : sqlReplace(trim($_GET['shopCircle']));
checkData($user_account, '手机号', 1);
checkData($pw, '密码', 1);
$sqlStr = "select * from " . WIIDBPRE . "_user where user_account='" . $user_account . "'";
$result = mysql_query($sqlStr) or die("查询失败,请检查SQL语句。");
$row = mysql_fetch_assoc($result);
if ($row) {
$ip = $_SERVER['REMOTE_ADDR'];
$pwd = md5(md5($pw . $row['user_salt']));
$sql = "select * from qiyu_user where user_account='" . $user_account . "' and user_password='******'";
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
$sql2 = "update qiyu_user set user_experience=user_experience+" . expUserLogin . " where user_account='" . $user_account . "' and user_password='******'";
mysql_query($sql2);
date_default_timezone_set('PRC');
<?php
/**
* demand.php 提交需求
*/
require 'include/dbconn.php';
$content = sqlReplace(trim($_GET['content']));
checkData($content, '内容', 1);
$ip = $_SERVER['REMOTE_ADDR'];
$sql = "insert into " . WIIDBPRE . "_demand(demand_content,demand_addtime,demand_ip) values('" . $content . "',now(),'" . $ip . "')";
$rs = mysql_query($sql);
if (!$rs) {
//alertInfo('此收藏已不存在',"usercenter.php?tab=4",0);
echo '未知原因,提交失败';
} else {
echo '感谢您的关注,我们会尽快开发您周边的餐厅';
}
<?php
/**
* userintro.php
*/
require_once "usercheck2.php";
$id = sqlReplace(trim($_GET['id']));
$tel = empty($_GET['tel']) ? '' : sqlReplace(trim($_GET['tel']));
$page = empty($_GET['page']) ? '' : sqlReplace(trim($_GET['page']));
$id = checkData($id, "ID", 0);
$sql = "select * from " . WIIDBPRE . "_user where user_id=" . $id;
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if (!$row) {
alertInfo('该用户已经不存在', '', 1);
} else {
$account = $row['user_account'];
$name = $row['user_name'];
$mail = $row['user_mail'];
$type = $row['user_type'];
$logintime = $row['user_logintime'];
$loginip = $row['user_loginip'];
$logincount = $row['user_logincount'];
$phone = $row['user_phone'];
$time = $row['user_time'];
$score = $row['user_score'];
$experience = $row['user_experience'];
}
//原版
//$url="&start=".$start."&end=".$end."&name=".$name."&phone=".$phone."&order=".$order."&uid=".$id;
$url = "&name=" . $name . "&phone=" . $phone . "&uid=" . $id;
<?php
/**
* 管理员登录
*
* @version v0.01
* @create time 2011-5-16
* @update time
* @author jiangting
* @copyright Copyright (c) 微普科技 WiiPu Tech Inc. (http://www.wiipu.com)
*/
require_once '../conn/conn2.php';
require_once 'inc_function.php';
$name = sqlReplace(trim($_POST['name']));
$passwd = sqlReplace(trim($_POST['pwd']));
//$code=trim($_POST['code']);
$sql = "select * from admin_manage where name='" . $name . "' and passwd='" . md5($passwd) . "' and role=3";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
if ($row) {
$_SESSION['name'] = $name;
$_SESSION['role'] = $row['role'];
$sql = "update admin_manage set last_ip=now_ip,now_ip='{$_SERVER[REMOTE_ADDR]}',time=now_time,now_time=NOW(),log_num=log_num+1 where id={$row['id']};";
mysql_query($sql) or die("{$row['id']}");
if ($row['role'] == 1) {
$_SESSION["role_area"] = "超级管理员";
} else {
if ($row["role"] == 3) {
$sql = "select name from mall where id={$row['mall_id']}";
$result = mysql_query($sql) or die("未知原因查询失败");
$mall = mysql_fetch_array($result);
$_SESSION["role_area"] = $mall["name"];
<?php
/**
* area_ajax.php
*/
require '../include/dbconn.php';
$str = '';
$act = $_POST['act'];
if ($act == "circle") {
$area_id = sqlReplace(trim($_POST['area_id']));
checkData($area_id, "ÇøÓòID", 0);
$sql = "select ac.areacircle_circle,c.circle_name from " . WIIDBPRE . "_areacircle ac," . WIIDBPRE . "_circle c where ac.areacircle_circle=c.circle_id and areacircle_area=" . $area_id;
$rs = mysql_query($sql);
while ($rows = mysql_fetch_assoc($rs)) {
$str .= "<option value='" . $rows['areacircle_circle'] . "'>" . $rows['circle_name'] . "</option>";
}
}
if ($act == "spot") {
$circle_id = sqlReplace(trim($_POST['circle_id']));
$sql = "select spot_id,spot_name from " . WIIDBPRE . "_spot where spot_circle=" . $circle_id;
$rs = mysql_query($sql);
while ($rows = mysql_fetch_assoc($rs)) {
$str .= "<option value='" . $rows['spot_id'] . "'>" . $rows['spot_name'] . "</option>";
}
}
echo $str;
}
if (!(empty($site_wiiyunsalt) || empty($site_wiiyunaccount) || $site_sms != '1')) {
// 检测微云码与账号是否正确
$result = $o->checkWiiyunSalt($site_wiiyunsalt, $site_wiiyunaccount);
$r_status = $result[0]->status;
if ($r_status !== 'no') {
$userID2 = $result[0]->id2;
//用户ID2
$sms = $o->getSMS($userID2);
$s_status = $sms[0]->status;
}
}
$userID2 = $result[0]->id2;
$sms = $o->getSMS($userID2);
$s_status = $sms[0]->status;
$act = empty($_GET['act']) ? '' : sqlReplace(trim($_GET['act']));
$telstr = '';
if ($act == 'yes') {
if ($site_sms == '2') {
alertInfo('短信功能未开启,请配置', "site_sms.php", 0);
}
if (empty($_POST["idlist"])) {
alertInfo('请选择群发项!', "", 1);
}
$listall = $_POST["idlist"];
foreach ($listall as $listid) {
$sqlStr = "select * from qiyu_user where user_id in({$listid})";
$result = mysql_query($sqlStr);
$row = mysql_fetch_array($result);
if (!$row) {
alertInfo('数据不存在', '', 1);
$str .= "\t\t<p class='cart_intro'><textarea id=\"cart_desc\" class='cart_input'></textarea></p>";
$str .= "\t\t<p class='submit_cart'><img src=\"images/button/addCart1.jpg\" onmouseout=\"checkbg1()\" onmouseover=\"checkbg2()\" mousedown='checkbg3()' id=\"addCartF\" alt=\"\" style='cursor:pointer;' onClick=\"addCart_t_new(" . $shopID . "," . $foodID . "," . $spotID . "," . $circleID . ",'" . $time1 . "','" . $time2 . "')\"/><span><a href='javascript:void();' onClick=\"closeFlow()\">回到餐厅界面</a></span></p>";
$str .= "\t</div>";
echo $str;
break;
case "getTags":
//模板2的餐品口味选择
$shopID = sqlReplace(trim($_POST['shopID']));
$where = '';
$foodID = sqlReplace(trim($_POST['foodID']));
$spotID = sqlReplace(trim($_POST['spotID']));
$circleID = sqlReplace(trim($_POST['circleID']));
$time1 = sqlReplace(trim($_POST['time1']));
$time2 = sqlReplace(trim($_POST['time2']));
$name = sqlReplace(trim($_POST['name']));
$price = sqlReplace(trim($_POST['price']));
$str = "<div id=\"container\">";
$str .= "\t<div id='newCartBox'>";
$str .= "\t\t<div id='c_table'>";
$str .= "\t\t\t<table border='0' width='455'>";
$str .= "\t\t\t\t<tr>";
$str .= "\t\t\t\t\t<td class='menu first td' width='195'>菜名</td>";
$str .= "\t\t\t\t\t<td class='menu' >价格</td>";
$str .= "\t\t\t\t</tr>";
$str .= "\t\t\t\t<tr>";
$str .= "\t\t\t\t\t<td class='main first td'>" . $name . "</td>";
$str .= "\t\t\t\t\t<td class='main'>" . $price . "</td>";
$str .= "\t\t\t\t</tr>";
$str .= "\t\t\t</table>";
$str .= "\t\t</div>";
$str .= "<div id=\"cart_needs\"><span class='span span_need'>口味需求:</span>";
<?php
/**
* food.php
*/
require_once "usercheck2.php";
$type = sqlReplace($_GET['type']);
if ($type == '1') {
$title = '营业执照';
} else {
if ($type == '2') {
$title = '卫生许可证';
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="../style.css" type="text/css"/>
<script src="../js/jquery-1.3.1.js" type="text/javascript"></script>
<script src="../js/tree.js" type="text/javascript"></script>
<script type="text/javascript" src="js/upload.js"></script>
<script type="text/javascript">
<!--
function ajaxFileUpload()
{
$.ajaxFileUpload
(
{
url:'shop_cartpicup1.php',
$worksheet->write($i, 9, $getvalue);
$i += 1;
}
$worksheet->write($i, 0, '总计');
$worksheet->write($i, 1, '');
$worksheet->write($i, 2, '');
$worksheet->write($i, 3, '');
$worksheet->write($i, 4, '');
$worksheet->write($i, 5, $orderDeliverTotal);
$worksheet->write($i, 6, $orderALLTotal1);
$worksheet->write($i, 7, $orderMoneyTotal1);
$worksheet->write($i, 8, $spendvalueTotal1);
$worksheet->write($i, 9, $getvalueTotal1);
$workbook->close();
$str = "S";
break;
case "sendcode":
$phone = sqlReplace(trim($_POST['phone']));
$vercodePhone = getRndCode_r(6);
$content = "验证码是" . $vercodePhone;
$sql = "update qiyu_shop set shop_code='" . $vercodePhone . "' where shop_id=" . $QIYU_ID_SHOP;
if (mysql_query($sql)) {
//发送验证码
sendCode($phone, $content);
$str = "S";
} else {
$str = "E";
}
break;
}
echo $str;
for ($x = 1; $x <= $i; $x++) {
$id = $_POST['id' . $x];
$order = $_POST['order' . $x];
$sql = "update " . WIIDBPRE . "_food set food_order=" . $order . " where food_id=" . $id;
if (!mysql_query($sql)) {
alertInfo('未知原因保存失败! ', "foodspecial_list.php", 0);
}
}
alertInfo('保存排序成功!', "", 1);
break;
case "card1":
$upfile1 = sqlReplace(trim($_POST['upfile']));
checkData($upfile1, '营业执照', 1);
$sql = "update qiyu_shop set shop_certpic='" . $upfile1 . "',shop_certtime=now() where shop_id=" . $QIYU_ID_SHOP;
if (mysql_query($sql)) {
alertInfo("提交成功", "shopcard.php", 0);
} else {
alertInfo("提交失败", "", 1);
}
break;
case "card2":
$upfile2 = sqlReplace(trim($_POST['upfile']));
checkData($upfile2, '卫生许可证', 1);
$sql = "update qiyu_shop set shop_licensepic='" . $upfile2 . "',shop_licensetime=now() where shop_id=" . $QIYU_ID_SHOP;
if (mysql_query($sql)) {
alertInfo("提交成功", "shopcard.php", 0);
} else {
alertInfo("提交失败", "", 1);
}
break;
}
<?php
/**
* shoporder.php
*/
require_once "usercheck2.php";
$key = sqlReplace(trim($_GET['key']));
$keyword = empty($_GET['keyword']) ? '' : sqlReplace(trim($_GET['keyword']));
$start = empty($_GET['start']) ? '' : sqlReplace(trim($_GET['start']));
$end = empty($_GET['end']) ? '' : sqlReplace(trim($_GET['end']));
$url = "?key=" . $key . "&keyword=" . $keyword . "&start=" . $start . "&end=" . $end;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="../style.css" type="text/css"/>
<script src="../js/jquery-1.3.1.js" type="text/javascript"></script>
<script src="../js/tree.js" type="text/javascript"></script>
<title>订单管理 - 外卖点餐系统</title>
</head>
<body>
<script type="text/javascript">
<!--
function updateOrder(orderID){
var content="<tr id='update'"+orderID+" class='addtr'><td colspan='8' class='border_left border_bottom border_right order1' style='padding:10px;'><textarea name=\"content\" style=\"width:350px;height:100px;\" id='orderIntro'></textarea> <p><a href='javascript:void();' onClick=\"addOrderIntro("+orderID+")\"><img src=\"../images/button/update.jpg\" /></a></p></td></tr>";
$('.addtr').remove();
$(content).insertAfter('#table'+orderID);
}
function addOrderIntro(id){
<?php
/**
* shopreg_do.php
*/
require_once "../include/dbconn.php";
$act = sqlReplace(trim($_GET['act']));
switch ($act) {
case "login":
$account = sqlReplace(trim($_POST['account']));
$pwd = sqlReplace(trim($_POST['pw']));
checkData($account, '用户名', 1);
checkData($pwd, '密码', 1);
$code = sqlReplace(trim($_POST["imgcode"]));
//验证码
if (empty($code)) {
alertInfo('验证码不能为空', "", 1);
}
if ($code != $_SESSION['imgcode']) {
alertInfo('验证码不正确,请检查!', "", 1);
}
$sql = "select * from qiyu_shop where shop_account='" . $account . "'";
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
$salt = $rows['shop_salt'];
$pw = md5(md5($pwd) . $salt);
$sqlStr = "select * from qiyu_shop where shop_account='" . $account . "' and shop_password='******'";
$rs_r = mysql_query($sqlStr);
$row = mysql_fetch_assoc($rs_r);
if ($row) {
<?php /** * food.php */ require_once "usercheck2.php"; $tel = empty($_GET['tel']) ? '' : sqlReplace(trim($_GET['tel'])); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" href="../style.css" type="text/css"/> <script src="../js/jquery-1.3.1.js" type="text/javascript"></script> <script src="../js/tree.js" type="text/javascript"></script> <script type="text/javascript" src="js/upload.js"></script> <title>消费排行分析 - 外卖点餐系统</title> </head> <body> <div id="container"> <?php require_once 'header.php'; ?> <div id="main"> <div class="main_content"> <div class="main_top"></div> <div class="main_center main_center_r"> <div id="shopLeft"> <?php require_once 'left.inc.php'; ?>
<?php
/**
* usercheck2.php
*/
require '../include/dbconn.php';
require 'inc.function.php';
if (!empty($_SESSION['qiyu_shopID'])) {
$QIYU_ID_SHOP = $_SESSION['qiyu_shopID'];
} else {
if (!empty($_COOKIE['QIYUSHOP'])) {
$temp_user = sqlReplace($_COOKIE['QIYUSHOP']);
$temp_pwd = sqlReplace($_COOKIE['QIYUSHOPVERD']);
$sqlStr = "select shop_id,shop_password,shop_salt from qiyu_shop where shop_account='" . $temp_user . "'";
$result = mysql_query($sqlStr);
$row = mysql_fetch_assoc($result);
if ($row) {
if ($temp_pwd == md5($row['shop_password'] . $row['shop_salt'])) {
$_SESSION['qiyu_shopID'] = $row['shop_id'];
$QIYU_ID_SHOP = $row['shop_id'];
} else {
$QIYU_ID_SHOP = "";
}
} else {
$QIYU_ID_SHOP = "";
}
} else {
$QIYU_ID_SHOP = "";
}
}
if (empty($QIYU_ID_SHOP)) {
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
$vercode = getRndCode(6);
$pw = md5(md5($pw . $vercode));
$sqlStr = "update qiyu_user set user_password='******',user_salt='" . $vercode . "' where user_phone='" . $phone . "'";
mysql_query($sqlStr);
alertInfo("修改成功,请登录", "userlogin.php", 0);
} else {
alertInfo("手机号不存在", "userpw.php", 0);
}
break;
case "vali":
$shopID = sqlReplace($_GET['shopID']);
$phone = sqlReplace($_POST['phone']);
$code = sqlReplace($_POST['code']);
$sql = "select * from qiyu_user where user_phone='" . $phone . "'";
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
if ($code == $rows['user_vcode']) {
$sqlStr = "update qiyu_user set user_vcode='',user_status='1' where user_phone='" . $phone . "'";
mysql_query($sqlStr);
Header("Location: userorder.php?shopID=" . $shopID);
} else {
alertInfo("验证码错误", "", 1);
}
} else {
alertInfo("手机号不存在", "", 1);
}
break;
$smsCount = $sms[0]->count_m;
}
}
if (empty($userID2)) {
alertInfo('短信未配置,请配置', "site_sms.php", 0);
}
$tags = sqlReplace(trim($_POST['receiver']));
//收件人
$tags = str_replace(';', ';', $tags);
$tags = str_replace('#', '', $tags);
$tags = str_replace('$', '', $tags);
//$total=sqlReplace(trim($_GET['total']));//此次发送的数量
$emailstr = sqlReplace(trim($_POST['receiver']));
//收件人
$emailstr = str_replace(';', ';', $emailstr);
$content = sqlReplace(trim($_POST['fbContent']));
//短信内容
checkData($emailstr, '收件人', 1);
checkData($content, '短信内容', 1);
//对收件人$emailstr进行处理
$alltel = '';
$tgs = '';
if ($emailstr) {
$emailarr = explode(';', $emailstr);
$i = 0;
$j = 0;
$total = 0;
foreach ($emailarr as $t) {
if ($t) {
$email = '';
$tg = '';
<?php
/**
* userorderintro.php 订单详情页
*/
require_once "usercheck2.php";
$id = sqlReplace(trim($_GET['id']));
$key = empty($_GET['key']) ? 'new' : sqlReplace(trim($_GET['key']));
$POSITION_HEADER = "用户中心";
$sql = "select * from qiyu_shop,qiyu_order where (order_shop=shop_id2 or order_shopid=shop_id) and order_id=" . $id;
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
$shopName = $rows['shop_name'];
$orderAddtime = $rows['order_addtime'];
$orderStatus = $rows['order_status'];
$order = $rows['order_id2'];
$orderPriceAll = $rows['order_totalprice'];
$orderTotal = $rows['order_price'];
$deliverFee = $rows['order_deliverprice'];
$orderInfor = $rows['order_infor'];
$orderText = $rows['order_text'];
$spot = $rows['order_spot'];
$circle = $rows['order_circle'];
$orderType = $rows['order_type'];
$orderTime1 = $rows['order_time1'];
$orderTime2 = substr($rows['order_time2'], 0, 5);
} else {
alertInfo('非法操作', 'index.php', 0);
}
?>
break;
case 'update':
//得到sortlist传递的值,并检测
$id = sqlReplace(trim($_POST['id']));
$title = sqlReplace(trim($_POST['title']));
$content = sqlReplace(trim($_POST['content']));
if ($id == "") {
alertInfo('Illegal operation', 'list.php', 0);
}
$sql_update = "update articles set title='{$title}',content = '{$content}' where aid = " . $id;
if (mysql_query($sql_update)) {
alertInfo('The article added successful', 'list.php', 0);
//echo $content;
//alertInfo('修改成功!','list.php',0);
} else {
alertInfo('Modify failure!', '', 1);
}
break;
case 'del':
//得到sortlist传递的值,并检测
$id = sqlReplace(trim($_GET['id']));
if ($id == "") {
alertInfo('Illegal operation', 'list.php', 0);
}
$sql_del = "delete from articles where aid = {$id}";
if (mysql_query($sql_del)) {
alertInfo('Deleted successful', 'list.php', 0);
//echo $content;
}
break;
}
if (!$row) {
alertInfo('您要删除的数据不存在', '', 1);
} else {
$sql2 = "delete from qiyu_about where about_id=" . $id;
if (mysql_query($sql2)) {
alertInfo('删除成功', 'about.php', 0);
} else {
alertInfo('删除失败,原因SQL出现异常', '', 1);
}
}
break;
case "edit":
$id = sqlReplace(trim($_GET['id']));
$id = checkData($id, "ID", 0);
$title = sqlReplace(trim($_POST['title']));
$type = sqlReplace(trim($_POST['about_type']));
if ($type == '1') {
$c = $_POST['about_content'];
} else {
$c = $_POST['about_href'];
}
$content = $c;
$content = str_replace("'", "'", $content);
$content = str_replace("<br />", "</p><p>", $content);
//检验数据的合法性
checkData($title, '标题', 1);
$sql = "select * from " . WIIDBPRE . "_about where about_id=" . $id;
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if (!$row) {
alertInfo('非法操作', 'about_list.php', 0);
$print = sqlReplace(trim($_POST['yunprint']));
$num = sqlReplace(trim($_POST['yunprintnum']));
$sql = "update qiyu_site set site_yunprint='" . $print . "',site_yunprintnum='" . $num . "'";
if (mysql_query($sql)) {
alertInfo('操作成功', '', 1);
} else {
alertInfo('出错', '', 1);
}
break;
case "other":
$onlinechat = sqlReplace(trim($_POST['onlinechat']));
$iscartfoodtag = sqlReplace(trim($_POST['iscartfoodtag']));
$cartfoodtag = sqlReplace(trim($_POST['cartfoodtag']));
$stat = sqlReplace(trim($_POST['stat']));
$sql = "update qiyu_site set site_onlinechat='" . $onlinechat . "',site_stat='" . $stat . "',site_iscartfoodtag='" . $iscartfoodtag . "',site_cartfoodtag='" . $cartfoodtag . "'";
if (mysql_query($sql)) {
alertInfo('操作成功', '', 1);
} else {
alertInfo('出错', '', 1);
}
break;
case "print":
$print = sqlReplace(trim($_POST['yunprint']));
$sql = "update qiyu_site set site_yunprint='" . $print . "'";
if (mysql_query($sql)) {
alertInfo('操作成功', '', 1);
} else {
alertInfo('出错', '', 1);
}
break;
}
<?php
/**
* shopadd.php
*/
require_once "usercheck2.php";
$act = $_GET['act'];
switch ($act) {
case "index":
$title = sqlReplace($_POST['title']);
$keywords = HTMLEncode($_POST['keywords']);
$description = HTMLEncode($_POST['description']);
$sql = "update " . WIIDBPRE . "_seo set seo_title='" . $title . "', seo_keywords='" . $keywords . "',seo_description='" . $description . "' where seo_type=1";
if (!mysql_query($sql)) {
alertInfo('未知原因保存失败! ', "", 1);
} else {
alertInfo('保存成功!', "seo.php", 0);
}
break;
}
<?php
ob_start();
set_time_limit(0);
//时间限制解除
require_once '../inc_function.php';
require_once '../../conn/config.php';
$home_path = HOME_PATH;
$url = "/waimai/android/download/";
//app上传路径
$type = sqlReplace(trim($_GET['type']));
$info = '';
$fileElementName = 'file';
//检查上传文件是否有问题
if (!empty($_FILES[$fileElementName]['error'])) {
switch ($_FILES[$fileElementName]['error']) {
case '1':
$info = 'E|Upload file size is more than the limit system.';
break;
case '3':
$info = 'E|Upload file error process.';
break;
case '4':
$info = 'E|No file selected';
break;
case '6':
$info = 'E|System error: there is no temporary folder.';
break;
case '7':
$info = 'E|System error: error writing file.';
break;
default:
<?php
/**
* usercheck.php
*/
require 'include/dbconn.php';
$QIYU_USER_ACCOUNT = '';
if (!empty($_SESSION['qiyu_uid'])) {
$QIYU_ID_USER = $_SESSION['qiyu_uid'];
} else {
if (!empty($_COOKIE['QIYUUSER'])) {
$temp_user = sqlReplace($_COOKIE['QIYUUSER']);
$temp_pwd = empty($_COOKIE['QIYUVERD']) ? '' : sqlReplace($_COOKIE['QIYUVERD']);
$sqlStr = "select user_id,user_password from qiyu_user where user_account='" . $temp_user . "'";
$result = mysql_query($sqlStr);
$row = mysql_fetch_assoc($result);
if ($row) {
if (!empty($temp_pwd)) {
if ($temp_pwd == $row['user_password']) {
$_SESSION['qiyu_uid'] = $row['user_id'];
$QIYU_ID_USER = $row['user_id'];
} else {
$QIYU_ID_USER = "";
}
} else {
$QIYU_USER_ACCOUNT = $temp_user;
$QIYU_ID_USER = "";
}
} else {
$QIYU_ID_USER = "";
}
<td width="85" class='center'>订单总额</td>
<td width="85" class='center'>现金支付</td>
<td width="85" class='center'>饭点支付</td>
<td width="85" class='center'>订单返点</td>
</tr>
<?php
$where1 = '';
$orderDeliverTotal = empty($_GET['DeliverTotal']) ? 0 : sqlReplace(trim($_GET['DeliverTotal']));
//送餐费
$orderALLTotal1 = empty($_GET['ALLTotal1']) ? 0 : sqlReplace(trim($_GET['ALLTotal1']));
//订单总额
$orderMoneyTotal1 = empty($_GET['MoneyTotal1']) ? 0 : sqlReplace(trim($_GET['MoneyTotal1']));
//现金
$getvalueTotal1 = empty($_GET['valueTotal1']) ? 0 : sqlReplace(trim($_GET['valueTotal1']));
//得到返点
$spendvalueTotal1 = empty($_GET['spendvalueTotal1']) ? 0 : sqlReplace(trim($_GET['spendvalueTotal1']));
//消费饭点
//$scoreTotal=empty($_GET['scoreTotal'])?0:sqlReplace(trim($_GET['scoreTotal']));
$pagesize = 20;
$startRow = 0;
if ($searchType1 == '1') {
if (!(empty($start1) || empty($end1))) {
$where1 .= " and date(order_addtime) >= '" . $start1 . "' and date(order_addtime) <= '" . $end1 . "'";
} elseif (!empty($start1) && empty($end1)) {
$where1 .= " and date(order_addtime) >= '" . $start1 . "'";
} elseif (empty($start1) && !empty($end1)) {
$where1 .= " and date(order_addtime) <= '" . $end1 . "'";
}
}
$sql = "select order_id from qiyu_order where order_shopid='" . $QIYU_ID_SHOP . "' " . $where1 . " and order_status='4'";
$rs = mysql_query($sql) or die("查询失败,请检查SQL语句。");
<?php
require_once "usercheck2.php";
$pw = sqlReplace(trim($_POST['pw']));
$newpw = sqlReplace(trim($_POST['newpw']));
$repw = sqlReplace(trim($_POST['repw']));
checkData($pw, '原密码', 1);
checkData($newpw, '新密码', 1);
if ($newpw != $repw) {
alertInfo("两次密码不一致", "", 1);
}
$check_sql = "select user_password,user_salt from " . WIIDBPRE . "_user where user_id=" . $QIYU_ID_USER;
$check_rs = mysql_query($check_sql);
$check_row = mysql_fetch_assoc($check_rs);
if (!$check_row) {
alertInfo('非法用户', '', 1);
} else {
$oldpw = md5(md5($pw . $check_row['user_salt']));
if ($oldpw != $check_row['user_password']) {
alertInfo('原密码输入不正确', '', 1);
} else {
$upd_sql = "update " . WIIDBPRE . "_user set user_password='******'user_salt'])) . "' where user_id=" . $QIYU_ID_USER;
if (mysql_query($upd_sql)) {
alertInfo('修改成功', 'usercenter.php', 0);
} else {
alertInfo('修改失败', '', 1);
}
}
}
* @informaition
*/
require_once "usercheck.php";
$_SESSION['login_url'] = getUrl();
$_SESSION['qiyu_orderType'] = '';
$shopID = $SHOPID;
$spotID = empty($_GET['spotID']) ? '0' : sqlReplace(trim($_GET['spotID']));
$circleID = empty($_GET['circleID']) ? '0' : sqlReplace(trim($_GET['circleID']));
$activeID = empty($lableID2) ? empty($ftID2) ? '' : $ftID2 : $lableID2;
$lableID = empty($_GET['lableID']) ? 0 : sqlReplace(trim($_GET['lableID']));
$ftID = empty($_GET['ftID']) ? 0 : sqlReplace(trim($_GET['ftID']));
$browse = empty($_GET['see']) ? '' : sqlReplace(trim($_GET['see']));
//商家在置顶管理浏览的标示
$isFirst = empty($_GET['first']) ? '' : sqlReplace(trim($_GET['first']));
//是否点击左边的分类的标示
$ftID = empty($_GET['ftID']) ? 0 : sqlReplace(trim($_GET['ftID']));
//菜的大类id
$isRMD = getShopRmd($browse, $shopID);
$deliverfee = '';
$sendfee = '';
$deliverfee_r = '';
$sendfee_r = '';
$cur_cart_array = empty($_COOKIE['qiyushop_cart']) ? '' : $_COOKIE['qiyushop_cart'];
$_SESSION['user_url'] = getUrl();
$sql = "select * from qiyu_shop where shop_id=" . $shopID . " and shop_status='1'";
$rs = mysql_query($sql);
$rows = mysql_fetch_assoc($rs);
if ($rows) {
$shop_name = $rows['shop_name'];
$shop_id2 = $rows['shop_id2'];
$tel = $rows['shop_tel'];
<?php
/**
* userorder.ajax.php 修改默认地址 修改电话 添加新地址
*/
require_once "usercheck.php";
$act = sqlReplace(trim($_GET['act']));
date_default_timezone_set('PRC');
switch ($act) {
case "checkOpen":
$day_str = date("Y-m-d");
$time_now = strtotime(date("H:i:s"));
$night = strtotime('16:00:00');
$morning = strtotime('09:00:00');
if ($time_now >= $night || $time_now < $morning) {
echo "N";
} else {
echo "S";
}
break;
}
