public function get($f3)
{
AuthHelper::removeAuthUser();
$f3->clear('SESSION');
$this->addFlashMessage('成功退出登陆');
// 返回首页
RouteHelper::reRoute($this, '/', false);
}
public function beforeRoute($f3)
{
parent::beforeRoute($f3);
// 用户没有登陆,让用户去登陆
if (!AuthHelper::isAuthUser()) {
// 如果已经记录了一个回跳 URL ,则不要再覆盖这个记录了
RouteHelper::reRoute($this, '/User/Login', !RouteHelper::hasRememberUrl());
}
}
public function post($f3)
{
global $smarty;
// 首先做参数合法性验证
$validator = new Validator($f3->get('POST'));
$input = array();
$input['user_name'] = $validator->required('用户名不能为空')->minLength(2, '用户名最短为2个字符')->validate('user_name');
$input['password'] = $validator->required('密码不能为空')->minLength(6, '密码最短为6个非空字符')->validate('password');
$input['email'] = $validator->validate('email');
$input['mobile_phone'] = $validator->digits('手机号格式不对')->validate('mobile_phone');
$p_captcha = $validator->required('验证码不能为空')->validate('captcha');
// 手机输入,输入法经常无故添加空格,我们需要去除所有的空额,防止出错
$p_captcha = Utils::filterAlnumStr($p_captcha);
// 需要跳转回去的地址
$returnUrl = $validator->validate('returnUrl');
if (!$this->validate($validator)) {
goto out_fail;
}
// 检查验证码是否有效
$captchaController = new \Controller\Image\Captcha();
if (!$captchaController->validateCaptcha($p_captcha)) {
$this->addFlashMessage('验证码错误[' . $p_captcha . '][' . $captchaController->getCaptcha() . ']');
goto out_fail;
}
$userService = new UserService();
// 检查用户是否已经注册
$isUserExist = $userService->isUserExist($input['user_name'], $input['email']);
if ($isUserExist) {
$this->addFlashMessage($isUserExist . '已经存在');
goto out_fail;
}
// 注册用户
$user = $userService->registerUser($input);
if (!$user) {
$this->addFlashMessage('用户注册失败,请稍后刷新页面重试');
goto out_fail;
}
// 记录用户的登陆信息
$userInfo = $user->toArray();
unset($userInfo['password']);
// 不要记录密码
AuthHelper::saveAuthUser($userInfo, 'normal');
$this->addFlashMessage("注册成功");
if ($returnUrl) {
header('Location:' . $returnUrl);
return;
} else {
// 跳转到用户之前看的页面,如果之前没有看过的页面那就回到首页
RouteHelper::jumpBack($this, '/', true);
}
return;
// 这里正常返回
out_fail:
// 失败,从这里出口
$smarty->assign('captchaUrl', RouteHelper::makeUrl('/Image/Captcha', array('hash' => time())));
$smarty->display('user_register.tpl', 'User|Register|post');
}
public function get($f3)
{
AdminLog::logAdminOperate('user.logout', '用户退出', 'IP:' . $f3->get('IP'));
AuthHelper::removeAuthUser();
$f3->clear('SESSION');
$this->addFlashMessage('成功退出登陆');
// 刷新当前页面
RouteHelper::reRoute($this, '/', false);
}
public function post($f3)
{
global $smarty;
// 首先做参数合法性验证
$validator = new Validator($f3->get('POST'));
$input = array();
$input['user_name'] = $validator->required('用户名不能为空')->validate('user_name');
$input['password'] = $validator->required('密码不能为空')->validate('password');
$p_captcha = $validator->required('验证码不能为空')->validate('captcha');
if (!$this->validate($validator)) {
goto out_fail;
}
// 检查验证码是否有效
$captchaController = new \Controller\Image\Captcha();
if (!$captchaController->validateCaptcha($p_captcha)) {
$this->addFlashMessage("验证码错误");
goto out_fail;
}
$adminService = new AdminUserService();
// 验证用户登陆
$admin = $adminService->doAuthAdmin($input['user_name'], $input['user_name'], $input['password']);
if (!$admin) {
$this->addFlashMessage("登陆失败,用户名、密码错误");
goto out_fail;
}
// 记录用户的登陆信息
$adminUserInfo = $admin->toArray();
unset($adminUserInfo['password']);
// 不要记录密码
// 取得用户的角色权限
$adminUserInfo['role_action_list'] = '';
if ($adminUserInfo['role_id'] > 0) {
$metaRoleService = new MetaRoleService();
$role = $metaRoleService->loadRoleById($adminUserInfo['role_id']);
if (!$role->isEmpty()) {
// 赋值角色权限
$adminUserInfo['role_action_list'] = $role['meta_data'];
}
}
AuthHelper::saveAuthUser($adminUserInfo);
try {
// 记录用户登录日志
AdminLog::logAdminOperate('user.login', '用户登录', 'IP:' . $f3->get('IP'));
} catch (\Exception $e) {
// do nothing
}
$this->addFlashMessage("登陆成功");
// 跳转到用户之前看的页面,如果之前没有看过的页面那就回到首页
RouteHelper::jumpBack($this, '/', true);
return;
// 这里正常返回
out_fail:
// 失败从这里入口
$smarty->display('user_login.tpl', 'User|Login|post');
}
public function beforeRoute($f3)
{
global $smarty;
parent::beforeRoute($f3);
// 用户没有登陆,让用户去登陆
if (!AuthHelper::isAuthUser()) {
// 如果已经记录了一个回跳 URL ,则不要再覆盖这个记录了
RouteHelper::reRoute($this, '/User/Login', !RouteHelper::hasRememberUrl());
return;
}
//把认证用户放入到 smarty 中
$smarty->assign('authSupplierUser', AuthHelper::getAuthUser());
}
/**
* 记录管理员的操作日志
*
* @param string $operate 操作
* @param string $operate_desc 操作描述
* @param string $operate_data 操作数据,用于记录一些重要数据
*/
public static function logAdminOperate($operate, $operate_desc, $operate_data)
{
$dataMapper = new DataMapper('admin_log');
$authAdminUser = AuthHelper::getAuthUser();
$dataMapper->user_id = $authAdminUser['user_id'];
$dataMapper->user_name = $authAdminUser['user_name'];
$dataMapper->operate = $operate;
$dataMapper->operate_desc = $operate_desc;
$dataMapper->operate_time = Time::gmTime();
$dataMapper->operate_data = $operate_data;
$dataMapper->save();
unset($dataMapper);
}
public function post($f3)
{
global $smarty;
// 首先做参数合法性验证
$validator = new Validator($f3->get('POST'));
$input = array();
$input['user_name'] = $validator->required('用户名不能为空')->minLength(2, '用户名最短为2个字符')->validate('user_name');
$input['password'] = $validator->required('密码不能为空')->minLength(6, '密码最短为6个非空字符')->validate('password');
$input['email'] = $validator->validate('email');
$input['mobile_phone'] = $validator->digits('手机号格式不对')->validate('mobile_phone');
$p_captcha = $validator->required('验证码不能为空')->validate('captcha');
if (!$this->validate($validator)) {
goto out_fail;
}
// 检查验证码是否有效
$captchaController = new \Controller\Image\Captcha();
if (!$captchaController->validateCaptcha($p_captcha)) {
$this->addFlashMessage("验证码错误");
goto out_fail;
}
$userService = new UserService();
// 检查用户是否已经注册
$isUserExist = $userService->isUserExist($input['user_name'], $input['email']);
if ($isUserExist) {
$this->addFlashMessage($isUserExist . '已经存在');
goto out_fail;
}
// 注册用户
$user = $userService->registerUser($input);
if (!$user) {
$this->addFlashMessage('用户注册失败,请稍后刷新页面重试');
goto out_fail;
}
// 记录用户的登陆信息
$userInfo = $user->toArray();
unset($userInfo['password']);
// 不要记录密码
AuthHelper::saveAuthUser($userInfo, 'normal');
// 设置用户名在网页显示
ClientData::saveClientData(Login::$clientDataIsUserLoginKey, true);
ClientData::saveClientData(Login::$clientDataUserNameDisplayKey, $user->user_name);
$this->addFlashMessage("注册成功");
// 跳转到用户之前看的页面,如果之前没有看过的页面那就回到首页
RouteHelper::jumpBack($this, '/', true);
return;
// 这里正常返回
out_fail:
// 失败,从这里出口
$smarty->display('user_login.tpl', 'User|Register|post');
}
/**
* 判断当前用户是否有某个权限
*
* @param string $needPrivilege
*
* @return bool
*/
protected function hasPrivilege($needPrivilege)
{
$authAdminUser = AuthHelper::getAuthUser();
if (empty($authAdminUser)) {
goto out_fail;
}
// 检查权限
if (!AdminUserService::verifyPrivilege($needPrivilege, $authAdminUser['action_list'] . ',' . $authAdminUser['role_action_list'])) {
goto out_fail;
}
return true;
out_fail:
return false;
}
public function post($f3)
{
global $smarty;
// 首先做参数合法性验证
$validator = new Validator($f3->get('POST'));
$input = array();
$input['user_name'] = $validator->required('用户名不能为空')->validate('user_name');
$input['password'] = $validator->required('密码不能为空')->validate('password');
$p_captcha = $validator->required('验证码不能为空')->validate('captcha');
// 手机输入,输入法经常无故添加空格,我们需要去除所有的空额,防止出错
$p_captcha = Utils::filterAlnumStr($p_captcha);
// 需要跳转回去的地址
$returnUrl = $validator->validate('returnUrl');
if (!$this->validate($validator)) {
goto out_fail;
}
// 检查验证码是否有效
$captchaController = new \Controller\Image\Captcha();
if (!$captchaController->validateCaptcha($p_captcha)) {
$this->addFlashMessage('验证码错误[' . $p_captcha . '][' . $captchaController->getCaptcha() . ']');
goto out_fail;
}
$userService = new UserService();
// 验证用户登陆
$user = $userService->doAuthUser($input['user_name'], $input['user_name'], $input['password']);
if (!$user) {
$this->addFlashMessage("登陆失败,用户名、密码错误");
goto out_fail;
}
// 记录用户的登陆信息
$userInfo = $user->toArray();
unset($userInfo['password']);
// 不要记录密码
AuthHelper::saveAuthUser($userInfo, 'normal');
$this->addFlashMessage("登陆成功");
if ($returnUrl) {
header('Location:' . $returnUrl);
return;
} else {
// 跳转到用户之前看的页面,如果之前没有看过的页面那就回到首页
RouteHelper::jumpBack($this, '/', true);
}
return;
// 这里正常返回
out_fail:
// 失败从这里出口
$smarty->assign('captchaUrl', RouteHelper::makeUrl('/Image/Captcha', array('hash' => time())));
$smarty->display('user_login.tpl', 'User|Login|post');
}
public function post($f3)
{
global $smarty;
// 首先做参数合法性验证
$validator = new Validator($f3->get('POST'));
$input = array();
$input['oldpassword'] = $validator->validate('oldpassword');
$input['password'] = $validator->validate('password');
$input['email'] = $validator->validate('email');
$input['mobile_phone'] = $validator->digits('手机号格式不对')->validate('mobile_phone');
// 用户打算修改密码
if (!Utils::isBlank($input['password'])) {
$validator->required('必须提供旧密码才能修改密码')->validate('oldpassword');
}
// 提供的旧密码,但是新密码为空
if (!Utils::isBlank($input['oldpassword'])) {
$validator->required('新密码不能为空')->validate('password');
}
if (!$this->validate($validator)) {
goto out_fail;
}
$userInfo = AuthHelper::getAuthUser();
$userService = new UserService();
$user = $userService->loadUserById($userInfo['user_id']);
if (!$user) {
// 非法用户,应该让它自动登陆出去
$this->addFlashMessage('非法登陆用户');
RouteHelper::reRoute($this, '/User/Logout', false);
}
// 用户打算修改密码,但是旧密码不对
if (!empty($input['password']) && !$userService->verifyPassword($userInfo['user_id'], $input['oldpassword'])) {
$this->addFlashMessage('旧密码不对');
goto out_fail;
}
// 更新数据
unset($input['oldpassword']);
$userService->updateUser($user, $input);
// 更新认证记录
AuthHelper::removeAuthUser();
AuthHelper::saveAuthUser($user->toArray());
$this->addFlashMessage('资料更新成功');
RouteHelper::reRoute($this, '/My/Profile');
return;
// 这里正常返回
out_fail:
// 失败返回
$smarty->display('my_profile.tpl', 'post');
}
public function post($f3)
{
global $smarty;
// 首先做参数合法性验证
$validator = new Validator($f3->get('POST'));
$input = array();
$input['phone'] = $validator->validate('phone');
$input['address'] = $validator->validate('address');
$input['oldpassword'] = $validator->validate('oldpassword');
$input['password'] = $validator->validate('password');
// 用户打算修改密码
if (!Utils::isBlank($input['password'])) {
$validator->required('必须提供旧密码才能修改密码')->validate('oldpassword');
}
// 提供的旧密码,但是新密码为空
if (!Utils::isBlank($input['oldpassword'])) {
$validator->required('新密码不能为空')->validate('password');
}
if (!$this->validate($validator)) {
goto out;
}
$authSupplierUser = AuthHelper::getAuthUser();
$supplierUserService = new SupplierUserService();
// 验证用户登陆
$supplierUser = $supplierUserService->loadSupplierById($authSupplierUser['suppliers_id']);
if ($supplierUser->isEmpty()) {
$this->addFlashMessage("非法登陆用户");
RouteHelper::reRoute($this, '/User/Logout', false);
}
// 用户打算修改密码,但是旧密码不对
if (!empty($input['password']) && !$supplierUserService->verifyPassword($authSupplierUser['suppliers_id'], $input['oldpassword'])) {
$this->addFlashMessage('旧密码不对');
goto out;
}
// 更新数据
unset($input['oldpassword']);
$supplierUserService->updateSupplier($supplierUser, $input);
// 记录用户的登陆信息
$supplierUserInfo = $supplierUser->toArray();
unset($supplierUserInfo['password']);
// 不要记录密码
AuthHelper::saveAuthUser($supplierUserInfo);
$this->addFlashMessage("修改资料成功");
$smarty->assign($supplierUserInfo);
out:
// 从这里出去
$smarty->display('my_profile.tpl');
}
public function get($f3)
{
// 清除客户端所有数据
ClientData::clearClientData();
// 清除服务器端数据
AuthHelper::removeAuthUser();
$f3->clear('SESSION');
$this->addFlashMessage('成功退出登陆');
$backUrl = RouteHelper::getRefer();
if (Utils::isBlank($backUrl)) {
// 没有来路域名则返回首页
$backUrl = '/';
}
// 刷新当前页面
RouteHelper::reRoute($this, $backUrl, false);
}
public function get($f3)
{
global $smarty;
// 参数验证
$validator = new Validator($f3->get('GET'));
$pageNo = $validator->digits()->min(0)->validate('pageNo');
$pageSize = $validator->digits()->min(0)->validate('pageSize');
// 设置缺省值
$pageNo = isset($pageNo) && $pageNo > 0 ? $pageNo : 0;
$pageSize = isset($pageSize) && $pageSize > 0 ? $pageSize : 10;
if (!$this->validate($validator)) {
goto out_display;
}
$userInfo = AuthHelper::getAuthUser();
// 构造查询条件
$searchFormQuery = array();
$searchFormQuery['oi.user_id'] = $userInfo['user_id'];
// 合并查询参数
$searchParamArray = array_merge(QueryBuilder::buildSearchParamArray($searchFormQuery), $this->searchExtraCondArray);
// 查询订单
$totalCount = SearchHelper::count(SearchHelper::Module_OrderGoodsOrderInfo, $searchParamArray);
if ($totalCount <= 0) {
// 没订单,可以直接退出了
goto out_display;
}
// 页数超过最大值,返回第一页
if ($pageNo * $pageSize >= $totalCount) {
RouteHelper::reRoute($this, '/My/Order');
}
// 订单排序
$orderByParam = array();
$orderByParam[] = array('og.rec_id', 'desc');
// 订单列表
$orderGoodsArray = SearchHelper::search(SearchHelper::Module_OrderGoodsOrderInfo, 'og.order_id, og.goods_id, og.goods_attr, og.goods_number, og.goods_price, og.shipping_fee' . ', og.create_time, og.order_goods_status, oi.order_sn, oi.pay_time', $searchParamArray, $orderByParam, $pageNo * $pageSize, $pageSize);
foreach ($orderGoodsArray as &$orderGoodsItem) {
$orderGoodsItem['order_goods_status_desc'] = OrderGoodsService::$orderGoodsStatusDesc[$orderGoodsItem['order_goods_status']];
}
unset($orderGoodsItem);
// 给模板赋值
$smarty->assign('totalCount', $totalCount);
$smarty->assign('pageNo', $pageNo);
$smarty->assign('pageSize', $pageSize);
$smarty->assign('orderGoodsArray', $orderGoodsArray);
out_display:
$smarty->display('my_order.tpl', 'get');
}
public function get($f3)
{
global $smarty;
// 参数验证
$validator = new Validator($f3->get('GET'));
$pageNo = $validator->digits()->min(0)->validate('pageNo');
$pageSize = $validator->digits()->min(0)->validate('pageSize');
// 设置缺省值
$pageNo = isset($pageNo) && $pageNo > 0 ? $pageNo : 0;
$pageSize = isset($pageSize) && $pageSize > 0 ? $pageSize : 10;
if (!$this->validate($validator)) {
goto out_display;
}
$userInfo = AuthHelper::getAuthUser();
$userBasicService = new UserBasicService();
$userInfo = $userBasicService->loadUserById($userInfo['user_id']);
// 用户总共有资金余额
$smarty->assign('userMoney', $userInfo['user_money']);
$accountLog = new AccountLogService();
// 用户总共有多少account_log
$totalCount = $accountLog->countUserMoneyArray($userInfo['user_id'], 10);
//缓存 10 秒钟
if ($totalCount <= 0) {
// 没资金变动记录,可以直接退出了
goto out_display;
}
$smarty->assign('totalCount', $totalCount);
// 页数超过最大值,返回第一页
if ($pageNo * $pageSize >= $totalCount) {
RouteHelper::reRoute($this, '/My/Money');
}
// 传递分页的变量
$smarty->assign('pageNo', $pageNo);
$smarty->assign('pageSize', $pageSize);
// account_log 列表
$accountLogArray = $accountLog->fetchUserMoneyArray($userInfo['user_id'], $pageNo * $pageSize, $pageSize, 10);
//缓存 10 秒钟
foreach ($accountLogArray as &$accountLogItem) {
$accountLogItem['change_type_desc'] = AccountLogService::$changeTypeDesc[$accountLogItem['change_type']];
}
unset($accountLogItem);
$smarty->assign('accountLogArray', $accountLogArray);
out_display:
$smarty->display('my_money.tpl', 'get');
}
/**
* 判断用户是否有某种权限
*
* @param $params
* @param $content
* @param Smarty_Internal_Template $template
* @param $repeat
*/
function smarty_helper_block_verify_privilege($params, $content, Smarty_Internal_Template $template, &$repeat)
{
if ($repeat) {
return '';
}
if (array_key_exists('privilege', $params) && !empty($params['privilege'])) {
$authAdminUser = AuthHelper::getAuthUser();
if (empty($authAdminUser)) {
return '';
}
// 检查权限
if (!AdminUserService::verifyPrivilege($params['privilege'], $authAdminUser['action_list'] . ',' . $authAdminUser['role_action_list'])) {
return '';
}
return $content;
// 成功从这里返回
}
}
public function beforeRoute($f3)
{
parent::beforeRoute($f3);
//设置 SEO 信息
global $smarty;
$smarty->assign('seo_title', MobileThemePlugin::getOptionValue('seo_title'));
$smarty->assign('seo_description', MobileThemePlugin::getOptionValue('seo_description'));
$smarty->assign('seo_keywords', MobileThemePlugin::getOptionValue('seo_keywords'));
// 设置页面显示用户名
if (AuthHelper::isAuthUser()) {
global $smarty;
$authUser = AuthHelper::getAuthUser();
$smarty->assign('USER_NAME_DISPLAY', $authUser['user_name']);
}
// 记录用户从什么来源到达网站的
ReferHelper::setOrderRefer($f3);
//设置 order_refer 信息
}
public function post($f3)
{
// 权限检查
$this->requirePrivilege('manage_goods_edit_edit_post');
global $smarty;
// 参数验证
$validator = new Validator($f3->get('GET'));
$goods_id = $validator->required('商品ID不能为空')->digits()->min(1)->validate('goods_id');
if (!$this->validate($validator)) {
goto out_fail_list_goods;
}
unset($validator);
// 用户提交的商品信息做验证
$goodsPromoteInfo = $f3->get('POST.goods_promote');
if (empty($goodsPromoteInfo)) {
goto out_fail_validate;
}
//安全性处理
unset($goodsPromoteInfo['promote_id']);
$goodsPromoteInfo['goods_id'] = $goods_id;
// 写入到数据库
$goodsBasicService = new GoodsBasicService();
$goodsPromote = $goodsBasicService->loadGoodsPromoteByGoodsId($goods_id);
$goodsPromote->copyFrom($goodsPromoteInfo);
$goodsPromote->save();
// 记录商品编辑日志
$goodsLogContent = '360分类:' . $goodsPromote['360tuan_category'] . ',' . $goodsPromote['360tuan_category_end'] . "\n" . "360排序:" . $goodsPromote['360tuan_sort_order'];
$authAdminUser = AuthHelper::getAuthUser();
$goodsLogService = new GoodsLogService();
$goodsLogService->addGoodsLog($goods_id, $authAdminUser['user_id'], $authAdminUser['user_name'], static::$goodsLogDesc, $goodsLogContent);
// 成功,显示商品详情
$this->addFlashMessage('商品推广渠道保存成功');
//清除缓存,确保商品显示正确
ClearHelper::clearGoodsCacheById($goods_id);
RouteHelper::reRoute($this, RouteHelper::makeUrl('/Goods/Edit/Promote', array('goods_id' => $goods_id), true));
return;
// 参数验证失败
out_fail_validate:
$smarty->display('goods_edit_promote.tpl');
return;
out_fail_list_goods:
RouteHelper::reRoute($this, '/Goods/Search');
}
public function post($f3)
{
global $smarty;
// 首先做参数合法性验证
$validator = new Validator($f3->get('POST'));
$input = array();
$input['user_name'] = $validator->required('用户名不能为空')->validate('user_name');
$input['password'] = $validator->required('密码不能为空')->validate('password');
$p_captcha = $validator->required('验证码不能为空')->validate('captcha');
if (!$this->validate($validator)) {
goto out_fail;
}
// 检查验证码是否有效
$captchaController = new \Controller\Image\Captcha();
if (!$captchaController->validateCaptcha($p_captcha)) {
$this->addFlashMessage("验证码错误");
goto out_fail;
}
$userService = new UserService();
// 验证用户登陆
$user = $userService->doAuthUser($input['user_name'], $input['user_name'], $input['password']);
if (!$user) {
$this->addFlashMessage("登陆失败,用户名、密码错误");
goto out_fail;
}
// 记录用户的登陆信息
$userInfo = $user->toArray();
unset($userInfo['password']);
// 不要记录密码
AuthHelper::saveAuthUser($userInfo, 'normal');
// 设置用户名在网页显示
ClientData::saveClientData(Login::$clientDataIsUserLoginKey, true);
ClientData::saveClientData(Login::$clientDataUserNameDisplayKey, $user->user_name);
$this->addFlashMessage("登陆成功");
// 跳转到用户之前看的页面,如果之前没有看过的页面那就回到首页
RouteHelper::jumpBack($this, '/', true);
return;
// 这里正常返回
out_fail:
// 失败从这里入口
$smarty->display('user_login.tpl', 'User|Login|post');
}
public function post($f3)
{
// 权限检查
$this->requirePrivilege('manage_goods_edit_edit_get');
// 参数验证
$validator = new Validator($f3->get('POST'));
$goods_id = $validator->required('商品ID不能为空')->validate('goods_id');
$action = $validator->required('操作不能为空')->validate('action');
//任务时间
$taskTimeStr = $validator->required('必须选择时间')->validate('task_time');
$taskTime = Time::gmStrToTime($taskTimeStr) ?: null;
if (!$this->validate($validator)) {
goto out;
}
$authAdminUser = AuthHelper::getAuthUser();
// 添加 Cron 任务
CronHelper::addCronTask($authAdminUser['user_name'] . '[' . $authAdminUser['user_id'] . ']', GoodsCronTask::$task_name, @GoodsCronTask::$actionDesc[$action] . '[' . $goods_id . ']', '\\Core\\Cron\\GoodsCronTask', $taskTime, $f3->get('POST'), $goods_id);
$this->addFlashMessage('成功添加定时任务');
out:
RouteHelper::reRoute($this, RouteHelper::makeUrl('/Goods/Edit/Cron', array('goods_id' => $goods_id), true));
}
public function beforeRoute($f3)
{
parent::beforeRoute($f3);
// 由于我们使用 GET 来传递 session id,出于安全性考虑,我们需要检查来源 IP
$userSessionIP = $f3->get('SESSION[user_session_ip]');
if (empty($userSessionIP)) {
$f3->set('SESSION[user_session_ip]', $f3->get('IP'));
} else {
if ($userSessionIP !== $f3->get('IP')) {
// IP 非法,清空当前 session 数据
$f3->clear('SESSION');
session_destroy();
session_write_close();
}
}
// 用户没有登陆,让用户去登陆
if (!AuthHelper::isAuthUser()) {
// 如果已经记录了一个回跳 URL ,则不要再覆盖这个记录了
RouteHelper::reRoute($this, '/User/Login', !RouteHelper::hasRememberUrl());
}
}
public function post($f3)
{
global $smarty;
// 首先做参数合法性验证
$validator = new Validator($f3->get('POST'));
$addressInfo = array();
$addressInfo['consignee'] = $validator->required('姓名不能为空')->validate('consignee');
$addressInfo['address'] = $validator->required('地址不能为空')->validate('address');
$addressInfo['mobile'] = $validator->required('手机号码不能为空')->digits('手机号码格式不正确')->validate('mobile');
$addressInfo['tel'] = $validator->validate('tel');
$addressInfo['zipcode'] = $validator->digits('邮编格式不正确')->validate('zipcode');
if (!$this->validate($validator)) {
goto out_fail;
}
$userInfo = AuthHelper::getAuthUser();
$userAddressService = new UserAddressService();
$userAddressService->updateUserFirstAddress($userInfo['user_id'], $addressInfo);
$this->addFlashMessage('地址更新成功');
RouteHelper::reRoute($this, '/My/Address');
return;
out_fail:
// 失败返回
$smarty->display('my_address.tpl', 'post');
}
public function Edit($f3)
{
global $smarty;
// 参数验证
$validator = new Validator($f3->get('GET'));
$article_id = $validator->digits()->min(0)->filter('ValidatorIntValue')->validate('article_id');
if (!$this->validate($validator)) {
goto out_fail;
}
// 取得文章
$articleService = new ArticleService();
$article = $articleService->loadArticleById($article_id);
if ($article_id > 0 && $article->isEmpty()) {
$this->addFlashMessage('文章ID[' . $article_id . ']非法');
goto out_fail;
}
// 只是显示文章内容而已
if (Request::isRequestGet()) {
$smarty->assign('article', $article->toArray());
goto out_get;
}
// 权限检查
$this->requirePrivilege('manage_article_article_edit');
// 从这里开始是修改文章内容
unset($validator);
$articleInfoArray = $f3->get('POST[article]');
$validator = new Validator($articleInfoArray);
// 获得修改数据
$inputArray = array();
$inputArray['title'] = $validator->required()->validate('title');
$inputArray['seo_keyword'] = $validator->validate('seo_keyword');
$inputArray['cat_id'] = $validator->validate('cat_id');
$inputArray['is_open'] = $validator->validate('is_open');
$inputArray['description'] = $validator->validate('description');
$inputArray['content'] = $articleInfoArray['content'];
// 不要过滤 html
if (!$this->validate($validator)) {
goto out_get;
}
$authAdminUser = AuthHelper::getAuthUser();
// 新建文章
if ($article_id <= 0) {
$inputArray['admin_user_id'] = $authAdminUser['user_id'];
$inputArray['admin_user_name'] = $authAdminUser['user_name'];
$inputArray['add_time'] = Time::gmTime();
}
// 文章更新
$inputArray['update_user_id'] = $authAdminUser['user_id'];
$inputArray['update_user_name'] = $authAdminUser['user_name'];
$inputArray['update_time'] = Time::gmTime();
// 保存修改
$article->copyFrom($inputArray);
$article->save();
// 清除文章缓存
ClearHelper::clearArticleCacheById($article->article_id);
$this->addFlashMessage('文章保存成功');
RouteHelper::reRoute($this, RouteHelper::makeUrl('/Article/Article/Edit', array('article_id' => $article->article_id), true));
return;
// POST 从这里退出
out_get:
// GET 从这里退出
$smarty->display('article_article_edit.tpl');
return;
out_fail:
// 失败从这里退出
RouteHelper::reRoute($this, '/Article/Article/Search');
}
/**
* 设置订单为 退款中 状态
*
* 即:确认已经收到用户的退货了,告知财务这个订单可以给用户退款了
*
* @param $f3
*/
public function SetRefund($f3)
{
// 参数验证
$validator = new Validator($f3->get('GET'));
$rec_id = $validator->required()->digits()->min(1)->validate('rec_id');
if (!$this->validate($validator)) {
goto out;
}
// 取得当前供货商
$authSupplierUser = AuthHelper::getAuthUser();
$orderBasicService = new OrderBasicService();
$orderGoods = $orderBasicService->loadOrderGoodsById($rec_id);
if ($orderGoods->isEmpty() || OrderGoodsService::OGS_ASKREFUND != $orderGoods->order_goods_status || $orderGoods['suppliers_id'] != $authSupplierUser['suppliers_id']) {
$this->addFlashMessage('订单ID非法');
goto out;
}
$orderInfo = $orderBasicService->loadOrderInfoById($orderGoods['order_id']);
if ($orderInfo->isEmpty() || $orderInfo->pay_status != OrderBasicService::PS_PAYED) {
$this->addFlashMessage('订单ID非法');
goto out;
}
// 设置订单状态为 退款中
$orderGoods->order_goods_status = OrderGoodsService::OGS_REFUNDING;
$orderGoods->save();
// 更新 order_info 的 update_time 字段
$orderInfo->update_time = Time::gmTime();
$orderInfo->save();
$action_note = '设置为退款中' . "\n";
$action_note .= '操作人:[' . $authSupplierUser['suppliers_id'] . ']' . $authSupplierUser['suppliers_name'] . "\n";
// 添加订单操作日志
$orderActionService = new OrderActionService();
$orderActionService->logOrderAction($orderGoods['order_id'], $orderGoods['rec_id'], $orderInfo['order_status'], $orderInfo['pay_status'], $orderGoods['order_goods_status'], $action_note, $authSupplierUser['suppliers_name'], 0, $orderInfo['shipping_status']);
$this->addFlashMessage('订单状态设置为[退款中]');
out:
RouteHelper::reRoute($this, RouteHelper::getRefer(), false);
}
/**
* 设置订单的信息,注意:这个方法里面糅合了很多功能,通过 action="xxxx" 来区分
*
* @param $f3
*/
public function Update($f3)
{
// 验证 action
$validator = new Validator($f3->get('GET'));
$action = $validator->required()->oneOf(array('set_extra_discount', 'set_suppliers_price', 'set_shipping_no', 'set_memo', 'set_refund', 'set_extra_refund'), '非法操作')->validate('action');
if (!$this->validate($validator)) {
goto out;
}
// 验证提交上来的参数
$validator = new Validator($f3->get('POST'));
$updateValueArray = array();
$rec_id = $validator->required()->digits()->min(1)->validate('rec_id');
// 针对不同的 action 做不同的验证
switch ($action) {
case 'set_extra_discount':
// 权限检查
$this->requirePrivilege('manage_order_goods_update_set_extra_discount');
$updateValueArray['extra_discount'] = Money::toStorage($validator->validate('extra_discount'));
$updateValueArray['extra_discount_note'] = $validator->required()->validate('extra_discount_note');
break;
case 'set_suppliers_price':
// 权限检查
$this->requirePrivilege('manage_order_goods_update_set_suppliers_price');
$updateValueArray['suppliers_price'] = Money::toStorage($validator->validate('suppliers_price'));
$updateValueArray['suppliers_shipping_fee'] = Money::toStorage($validator->validate('suppliers_shipping_fee'));
break;
case 'set_shipping_no':
// 权限检查
$this->requirePrivilege('manage_order_goods_update_set_shipping_no');
$updateValueArray['shipping_id'] = $validator->digits()->min(1)->validate('shipping_id');
$updateValueArray['shipping_no'] = $validator->validate('shipping_no');
break;
case 'set_memo':
// 权限检查
$this->requirePrivilege('manage_order_goods_update_set_memo');
$updateValueArray['memo'] = $validator->validate('memo');
break;
case 'set_refund':
// 权限检查
$this->requirePrivilege('manage_order_goods_update_set_refund');
$updateValueArray['refund'] = Money::toStorage($validator->validate('refund'));
$updateValueArray['refund_note'] = $validator->required()->validate('refund_note');
$updateValueArray['refund_time'] = Time::gmTime();
$updateValueArray['suppliers_refund'] = Money::toStorage($validator->validate('suppliers_refund'));
$updateValueArray['suppliers_refund_note'] = $validator->required()->validate('suppliers_refund_note');
break;
case 'set_extra_refund':
// 权限检查
$this->requirePrivilege('manage_order_goods_update_set_extra_refund');
$updateValueArray['extra_refund'] = Money::toStorage($validator->validate('extra_refund'));
$updateValueArray['extra_refund_note'] = $validator->required()->validate('extra_refund_note');
$updateValueArray['extra_refund_time'] = Time::gmTime();
break;
default:
// 非法的 action
goto out;
}
if (!$this->validate($validator)) {
goto out;
}
// 取 order_goods
$orderBasicService = new OrderBasicService();
$orderGoods = $orderBasicService->loadOrderGoodsById($rec_id);
if ($orderGoods->isEmpty()) {
$this->addFlashMessage('非法订单');
goto out_fail;
}
// 取得 orderInfo
$orderInfo = $orderBasicService->loadOrderInfoById($orderGoods['order_id']);
// 针对不同的 action 做额外不同的工作
$action_note = '';
switch ($action) {
case 'set_extra_discount':
// 商品只有是未付款状态才可以设置额外优惠
if (OrderGoodsService::OGS_UNPAY != $orderGoods['order_goods_status']) {
$this->addFlashMessage('只有未付款订单才可以给予额外优惠');
goto out;
}
// 额外优惠允许的最大金额
$allowExtraDiscount = $orderGoods['goods_price'] + $orderGoods['shipping_fee'] - $orderGoods['discount'];
$maxExtraDiscount = intval($allowExtraDiscount * $f3->get('sysConfig[max_order_goods_extra_discount_rate]'));
$maxExtraDiscount = max($maxExtraDiscount, $f3->get('sysConfig[max_order_goods_extra_discount_value]'));
$maxExtraDiscount = min($maxExtraDiscount, $allowExtraDiscount);
// 额外优惠不能超过商品本身的金额
if ($updateValueArray['extra_discount'] > $maxExtraDiscount) {
$this->addFlashMessage('额外优惠不能超过商品总金额 ' . $maxExtraDiscount);
goto out;
}
// 设置额外余额,需要重新计算 order_info 中的值
$diffDiscount = 0;
if ($orderGoods->extra_discount != $updateValueArray['extra_discount']) {
$diffDiscount = $updateValueArray['extra_discount'] - $orderGoods->extra_discount;
}
$orderInfo->extra_discount += $diffDiscount;
$orderInfo->order_amount -= $diffDiscount;
$action_note .= '额外优惠:' . Money::toSmartyDisplay($updateValueArray['extra_discount']) . ",";
$action_note .= '优惠说明:' . $updateValueArray['extra_discount_note'] . "\n";
break;
case 'set_suppliers_price':
$action_note .= '供货价:' . Money::toSmartyDisplay($updateValueArray['suppliers_price']) . ",";
$action_note .= '供货快递费:' . Money::toSmartyDisplay($updateValueArray['suppliers_shipping_fee']) . "\n";
break;
case 'set_shipping_no':
if ($updateValueArray['shipping_id'] > 0) {
//取得快递信息
$expressService = new ExpressService();
$expressInfo = $expressService->loadMetaById($updateValueArray['shipping_id']);
if ($expressInfo->isEmpty() || ExpressService::META_TYPE != $expressInfo['meta_type']) {
$this->addFlashMessage('快递ID非法');
goto out;
}
$updateValueArray['shipping_name'] = $expressInfo['meta_name'];
} else {
$updateValueArray['shipping_name'] = null;
}
$action_note .= '快递公司:' . $updateValueArray['shipping_name'] . "\n";
$action_note .= '快递单号:' . $updateValueArray['shipping_no'] . "\n";
break;
case 'set_memo':
$action_note .= '客服备注:' . $updateValueArray['memo'] . "\n";
break;
case 'set_refund':
// 检查订单状态
if (!in_array($orderGoods['order_goods_status'], array(OrderGoodsService::OGS_PAY, OrderGoodsService::OGS_ASKREFUND))) {
$this->addFlashMessage('订单状态非法,不能退款');
goto out;
}
if ($orderGoods['settle_id'] > 0) {
$this->addFlashMessage('已经结算的订单不能退款');
goto out;
}
// 订单设置为 申请退款
$updateValueArray['order_goods_status'] = OrderGoodsService::OGS_ASKREFUND;
// 同步更新 order_info 中的 refund 字段
$diffRefund = 0;
if ($orderGoods->refund != $updateValueArray['refund']) {
$diffRefund = $updateValueArray['refund'] - $orderGoods->refund;
}
$orderInfo->refund += $diffRefund;
// 检查金额,对一些常见错误提出警告
if (0 == $updateValueArray['refund']) {
$this->addFlashMessage('警告:你确定给顾客退款金额设置为 ' . Money::toSmartyDisplay($updateValueArray['refund']) . ' ?');
}
if (0 == $updateValueArray['suppliers_refund']) {
$this->addFlashMessage('警告:你确定供货商给我们退款金额为 ' . Money::toSmartyDisplay($updateValueArray['refund']) . ' ?');
}
if ($updateValueArray['refund'] <= $updateValueArray['suppliers_refund']) {
$this->addFlashMessage('警告:给顾客退款金额 <= 供货商给我们的退款金额');
}
// 日志信息记录
$action_note .= '申请退款' . "\n";
$action_note .= '顾客金额:' . Money::toSmartyDisplay($updateValueArray['refund']) . ",";
$action_note .= '顾客说明:' . $updateValueArray['refund_note'] . "\n";
$action_note .= '供货商金额:' . Money::toSmartyDisplay($updateValueArray['suppliers_refund']) . ",";
$action_note .= '供货商说明:' . $updateValueArray['suppliers_refund_note'] . "\n";
break;
case 'set_extra_refund':
// 检查订单状态
if (OrderGoodsService::OGS_UNPAY == $orderGoods['order_goods_status']) {
$this->addFlashMessage('订单状态非法,不能退款');
goto out;
}
$action_note .= '额外退款:' . Money::toSmartyDisplay($updateValueArray['extra_refund']) . ",";
$action_note .= '退款说明:' . $updateValueArray['extra_refund_note'] . "\n";
break;
default:
// 非法的 action
goto out;
}
// 更新订单信息
$orderGoods->copyFrom($updateValueArray);
$orderGoods->update_time = Time::gmTime();
$orderGoods->save();
// 更新 order_info 的 update_time 字段
$orderInfo->update_time = Time::gmTime();
$orderInfo->save();
// 添加订单操作日志
$authAdminUser = AuthHelper::getAuthUser();
$orderActionService = new OrderActionService();
$orderActionService->logOrderAction($orderGoods['order_id'], $orderGoods['rec_id'], $orderInfo['order_status'], $orderInfo['pay_status'], $orderGoods['order_goods_status'], $action_note, $authAdminUser['user_name'], 0, $orderInfo['shipping_status']);
$this->addFlashMessage('订单信息保存成功');
out:
RouteHelper::reRoute($this, RouteHelper::makeUrl('/Order/Goods/Detail', array('rec_id' => $rec_id), true));
return;
out_fail:
// 失败从这里退出
RouteHelper::reRoute($this, '/Order/Goods/Search', false);
}
public function post($f3)
{
// 权限检查
$this->requirePrivilege('manage_goods_edit_edit_post');
global $smarty;
$isCreateGoods = false;
// 是否是创建新商品
// 参数验证
$validator = new Validator($f3->get('GET'));
$goods_id = $validator->digits()->filter('ValidatorIntValue')->validate('goods_id');
if (!$this->validate($validator)) {
goto out_fail_list_goods;
}
unset($validator);
// 用户提交的商品信息做验证
$goods = $f3->get('POST[goods]');
if (empty($goods)) {
goto out_fail_validate;
}
$validator = new Validator($goods);
$goodsInfo = array();
//表单数据验证、过滤
$goodsInfo['goods_name'] = $validator->required('商品名不能为空')->validate('goods_name');
$goodsInfo['goods_name_short'] = $validator->required('商品短标题不能为空')->validate('goods_name_short');
$goodsInfo['keywords'] = $validator->validate('keywords');
$goodsInfo['seo_title'] = $validator->validate('seo_title');
$goodsInfo['seo_keyword'] = $validator->validate('seo_keyword');
$goodsInfo['seo_description'] = $validator->validate('seo_description');
$goodsInfo['goods_sn'] = $validator->validate('goods_sn');
$goodsInfo['warehouse'] = $validator->validate('warehouse');
$goodsInfo['shelf'] = $validator->validate('shelf');
$goodsInfo['cat_id'] = $validator->required('商品分类不能为空')->filter('ValidatorIntValue')->validate('cat_id');
// 记录管理员
$authAdminUser = AuthHelper::getAuthUser();
$goodsInfo['admin_user_id'] = $validator->filter('ValidatorIntValue')->validate('admin_user_id');
// 如果没有选择管理员,就用当前管理员
if (empty($goodsInfo['admin_user_id'])) {
$goodsInfo['admin_user_id'] = $authAdminUser['user_id'];
$goodsInfo['admin_user_name'] = $authAdminUser['user_name'];
} else {
$adminUserService = new AdminUserService();
$adminUser = $adminUserService->loadAdminById($goodsInfo['admin_user_id']);
if ($adminUser->isEmpty()) {
$this->addFlashMessage('管理员[' . $goodsInfo['admin_user_id'] . ']不存在');
goto out_fail_validate;
}
$goodsInfo['admin_user_name'] = $adminUser['user_name'];
unset($adminUser);
unset($adminUserService);
}
$goodsInfo['brand_id'] = $validator->filter('ValidatorIntValue')->validate('brand_id');
$goodsInfo['suppliers_id'] = $validator->required('供货商不能为空')->filter('ValidatorIntValue')->validate('suppliers_id');
$goodsInfo['is_alone_sale'] = $validator->filter('ValidatorIntValue')->validate('is_alone_sale');
$goodsInfo['is_best'] = $validator->filter('ValidatorIntValue')->validate('is_best');
$goodsInfo['is_new'] = $validator->filter('ValidatorIntValue')->validate('is_new');
$goodsInfo['is_hot'] = $validator->filter('ValidatorIntValue')->validate('is_hot');
$goodsInfo['is_on_sale'] = $validator->filter('ValidatorIntValue')->validate('is_on_sale');
$goodsInfo['market_price'] = Money::toStorage($validator->validate('market_price'));
$goodsInfo['shop_price'] = Money::toStorage($validator->validate('shop_price'));
$goodsInfo['shipping_fee'] = Money::toStorage($validator->validate('shipping_fee'));
$goodsInfo['shipping_free_number'] = $validator->validate('shipping_free_number');
$goodsInfo['goods_number'] = abs($validator->filter('ValidatorIntValue')->validate('goods_number'));
$goodsInfo['virtual_buy_number'] = $validator->filter('ValidatorIntValue')->validate('virtual_buy_number');
$goodsInfo['suppliers_price'] = Money::toStorage($validator->validate('suppliers_price'));
$goodsInfo['suppliers_shipping_fee'] = Money::toStorage($validator->validate('suppliers_shipping_fee'));
$goodsInfo['sort_order'] = $validator->validate('sort_order');
$goodsInfo['warn_number'] = $validator->filter('ValidatorIntValue')->validate('warn_number');
$goodsInfo['goods_brief'] = @$goods['goods_brief'];
//不需要过滤 html
$goodsInfo['goods_notice'] = @$goods['goods_notice'];
//不需要过滤 html
$goodsInfo['goods_after_service'] = @$goods['goods_after_service'];
//不需要过滤 html
$goodsInfo['seller_note'] = $validator->validate('seller_note');
$goodsInfo['system_tag_list'] = Utils::makeTagString(@$goods['system_tag_list']);
// 生成系统的 tag string
$goodsInfo['update_time'] = Time::gmTime();
// 商品的更新时间
$goodsInfo['goods_desc'] = @$goods['goods_desc'];
//不需要过滤 html
if (!$this->validate($validator)) {
goto out_fail_validate;
}
// 某些时候,我们不允许编辑直接粘贴别人网站的图片上来,所以我们需要过滤图片的域名
$goodsDescAllowImageDomainArray = $f3->get('sysConfig[goods_desc_allow_image_domain_array]');
if ($goodsDescAllowImageDomainArray && is_array($goodsDescAllowImageDomainArray) && !empty($goodsDescAllowImageDomainArray)) {
$patternMatch = array();
preg_match_all('/<img(.*?)src="(.*?)"(.*?)\\/?>/', $goodsInfo['goods_desc'], $patternMatch, PREG_SET_ORDER);
// 检查每一个图片
foreach ($patternMatch as $matchItem) {
$imageUrl = $matchItem[2];
$urlInfo = parse_url($imageUrl);
if (!in_array(@$urlInfo['host'], $goodsDescAllowImageDomainArray)) {
$this->addFlashMessage('商品详情非法图片 ' . $imageUrl);
goto out_fail_validate;
}
}
}
// 写入到数据库
unset($goods);
$goodsBasicService = new GoodsBasicService();
$goods = $goodsBasicService->loadGoodsById($goods_id);
// 判断是否是新建商品
$isCreateGoods = $goods->isEmpty();
if ($isCreateGoods) {
// 权限检查
$this->requirePrivilege('manage_goods_create');
$goodsInfo['add_time'] = Time::gmTime();
}
$post_goods_sn = $validator->validate('goods_sn');
if ($isCreateGoods && !Utils::isBlank($post_goods_sn)) {
$goodsInfo['goods_sn'] = $post_goods_sn;
}
$goods->copyFrom($goodsInfo);
$goods->save();
// 新商品需要自动生成 goods_sn
if ($isCreateGoods && Utils::isBlank($post_goods_sn)) {
$goods->goods_sn = $f3->get('sysConfig[goods_sn_prefix]') . $goods['goods_id'];
$goods->save();
}
// 取得供货商信息
$supplierName = '';
if (!empty($goods['suppliers_id'])) {
$supplierUserService = new SupplierUserService();
$supplierInfo = $supplierUserService->loadSupplierById($goods['suppliers_id']);
if (!$supplierInfo->isEmpty()) {
$supplierName = $supplierInfo['suppliers_name'];
}
}
// 记录商品编辑日志
$goodsLogContent = '商品编辑:[' . $goods['admin_user_id'] . ']' . $goods['admin_user_name'] . "\n" . '上架状态:' . ($goods['is_on_sale'] > 0 ? '已上架' : '未上架') . "\n" . '销售价:' . Money::toSmartyDisplay($goods['shop_price']) . ' 供货价:' . Money::toSmartyDisplay($goods['suppliers_price']) . "\n" . '快递费:' . Money::toSmartyDisplay($goods['shipping_fee']) . ' 供货快递费:' . Money::toSmartyDisplay($goods['suppliers_shipping_fee']) . "\n" . ($goods['shipping_free_number'] > 0 ? '' . $goods['shipping_free_number'] . "件免邮\n" : '') . '商品排序:' . $goods['sort_order'] . "\n" . '系统Tag:' . $goods['system_tag_list'] . "\n" . '供货商:[' . $goods['suppliers_id'] . ']' . $supplierName;
$goodsLogService = new GoodsLogService();
$goodsLogService->addGoodsLog($goods['goods_id'], $authAdminUser['user_id'], $authAdminUser['user_name'], $isCreateGoods ? '新建商品' : static::$goodsLogDesc, $goodsLogContent);
// 成功,显示商品详情
$this->addFlashMessage('商品信息保存成功');
//清除缓存,确保商品显示正确
ClearHelper::clearGoodsCacheById($goods->goods_id);
RouteHelper::reRoute($this, RouteHelper::makeUrl('/Goods/Edit/Edit', array('goods_id' => $goods->goods_id), true));
return;
// 参数验证失败
out_fail_validate:
if (!$goods_id) {
// 新建商品验证失败
RouteHelper::reRoute($this, '/Goods/Create');
return;
}
$smarty->assign('goods', $goodsInfo);
$smarty->display('goods_edit_edit.tpl');
return;
out_fail_list_goods:
RouteHelper::reRoute($this, '/Goods/Search');
}
/**
* 把购物车中的信息保存到数据库订单中,如果订单已经存在,则更新订单数据,
* 注意:这个方法必须在购物车计算完成之后调用,否则无法正确保存计算之后的数据
*
* @return mixed 失败返回 false,成功返回订单记录
*
* @param int $userId 用户的数字 ID
* @param string $username 用户名
*/
public function saveOrder($userId, $username)
{
// 参数验证
$validator = new Validator(array('userId' => $userId));
$userId = $validator->required()->digits()->min(1)->validate('userId');
$this->validate($validator);
$orderBasicService = new OrderBasicService();
$orderId = isset($this->cartContext->orderInfo) ? $this->cartContext->orderInfo['order_id'] : null;
// 不允许创建空订单
if (!$orderId && $this->cartContext->isEmpty()) {
return false;
}
// 是否需要新建订单
$isNewOrder = false;
//检查这个 order_info 是否合法
if ($orderId) {
$orderInfo = $orderBasicService->loadOrderInfoById($orderId);
// 不存在的 order_info 或者 已经付款了的订单不能再用了
if ($orderInfo->isEmpty() || OrderBasicService::PS_UNPAYED != $orderInfo->pay_status) {
$orderId = null;
$isNewOrder = true;
}
} else {
$isNewOrder = true;
}
// 创建 order_info 记录
$orderInfoArray = $this->cartContext->orderInfoValue;
$orderInfoArray['user_id'] = $userId;
$orderInfoArray['order_status'] = OrderBasicService::OS_UNCONFIRMED;
$orderInfoArray['pay_status'] = OrderBasicService::PS_UNPAYED;
if (!$orderId) {
// 新订单,生成 add_time 和 order_sn
$orderInfoArray['add_time'] = Time::gmTime();
$orderInfoArray['order_sn'] = OrderBasicService::generateOrderSn();
$orderInfoArray['system_id'] = Cart::$cartSystemId;
// 记录订单来自于哪个系统
} elseif ($this->cartContext->isOrderAmountChange()) {
// 去支付网关支付,如果订单金额发生变化都需要重新生成一次 order_sn ,因为订单金额如果发生变化,支付网关会拒绝支付
$orderInfoArray['order_sn'] = OrderBasicService::generateOrderSn();
} else {
// do nothing
}
// 我们需要数据库事务的保障
$dbEngine = DataMapper::getDbEngine();
$dbEngine->begin();
// 记录余额支付
$oldSurplus = $this->cartContext->orderInfo ? $this->cartContext->orderInfo['surplus'] : 0;
$newSurplus = $this->cartContext->getValue('surplus') > 0 ? $this->cartContext->getValue('surplus') : 0;
// 记录使用红包
$oldBonusId = $this->cartContext->orderInfo ? $this->cartContext->orderInfo['bonus_id'] : 0;
$newBonusId = $this->cartContext->getValue('bonus_id') > 0 ? $this->cartContext->getValue('bonus_id') : 0;
// 创建订单或者更新 order_info
$orderInfo = $orderBasicService->saveOrderInfo($orderId, $orderInfoArray);
// 创建订单失败,返回 false
if ($orderInfo->isEmpty()) {
goto out_fail;
}
// 处理余额支付
if ($oldSurplus != $newSurplus) {
// 前后发生了支付余额的改变
$accountLog = new AccountLog();
if ($oldSurplus > 0) {
// 把之前的余额退还
$accountLog->logChange($userId, $oldSurplus, 0, 0, 0, '退还余额,订单:' . $orderInfo['order_id'], AccountLog::ACT_OTHER);
}
if ($newSurplus > 0) {
// 使用余额
$accountLog->logChange($userId, -1 * $newSurplus, 0, 0, 0, '使用余额,订单:' . $orderInfo['order_id'], AccountLog::ACT_OTHER);
}
// 由于修改了用户信息,需要 reload 用户数据
AuthHelper::reloadAuthUser();
}
// 处理红包支付
if ($oldBonusId != $newBonusId) {
// 红包支付前后发生了变化
$bonusService = new Bonus();
if ($oldBonusId > 0) {
//退还之前使用的红包
$bonusService->unUseBonus($oldBonusId);
}
if ($newBonusId > 0) {
// 使用新的红包
$bonusService->useBonus($newBonusId, $orderInfo['order_id']);
}
}
// 创建 orderRefer 对象,记录订单的来源
$orderReferService = new OrderReferService();
$orderRefer = $orderReferService->loadOrderReferByOrderId($orderInfo['order_id']);
// order_refer 记录创建一次之后就不会再修改了
if ($orderRefer->isEmpty()) {
// 新的 order_refer 记录,设置 order_id 值
$orderRefer->order_id = $orderInfo['order_id'];
$orderRefer->create_time = Time::gmTime();
$orderRefer->login_type = AuthHelper::getLoginType();
global $f3;
$orderReferArray = ReferHelper::parseOrderRefer($f3);
if (!empty($orderReferArray)) {
unset($orderReferArray['refer_id']);
//清除掉危险字段
unset($orderReferArray['order_id']);
//清除掉危险字段
$orderRefer->copyFrom($orderReferArray);
}
$orderRefer->save();
// 保存 order_refer 记录
}
// 取得数据库中已经存在的 order_goods 列表
$dbOrderGoodsArray = array();
if ($orderId > 0) {
$dbOrderGoodsArray = $orderBasicService->fetchOrderGoodsArray($orderId);
}
$stillExistOrderGoodsIdArray = array();
// 在购物车中仍然存在的 orderGoods 对象
// 创建 orderInfo 对应的 order_goods 对象
foreach ($this->cartContext->orderGoodsArray as $orderGoodsItem) {
$orderGoodsValueArray = array();
$orderGoodsValueArray['order_id'] = $orderInfo['order_id'];
//从 goods 中复制属性
$orderGoodsValueArray['goods_id'] = $orderGoodsItem->goods['goods_id'];
$orderGoodsValueArray['goods_admin_user_id'] = $orderGoodsItem->goods['admin_user_id'];
$orderGoodsValueArray['goods_admin_user_name'] = $orderGoodsItem->goods['admin_user_name'];
$orderGoodsValueArray['goods_name'] = $orderGoodsItem->goods['goods_name_short'];
$orderGoodsValueArray['goods_sn'] = $orderGoodsItem->goods['goods_sn'];
$orderGoodsValueArray['warehouse'] = $orderGoodsItem->goods['warehouse'];
$orderGoodsValueArray['shelf'] = $orderGoodsItem->goods['shelf'];
$orderGoodsValueArray['market_price'] = $orderGoodsItem->goods['market_price'];
$orderGoodsValueArray['shop_price'] = $orderGoodsItem->goods['shop_price'];
$orderGoodsValueArray['shipping_fee'] = $orderGoodsItem->goods['shipping_fee'];
$orderGoodsValueArray['is_real'] = $orderGoodsItem->goods['is_real'];
$orderGoodsValueArray['extension_code'] = $orderGoodsItem->goods['extension_code'];
$orderGoodsValueArray['suppliers_id'] = $orderGoodsItem->goods['suppliers_id'];
$orderGoodsValueArray['suppliers_price'] = $orderGoodsItem->goods['suppliers_price'];
$orderGoodsValueArray['suppliers_shipping_fee'] = $orderGoodsItem->goods['suppliers_shipping_fee'];
// 合并一些因为计算而覆盖的值
$orderGoodsValueArray = array_merge($orderGoodsValueArray, $orderGoodsItem->orderGoodsValue);
$orderGoodsId = null;
if (!$isNewOrder && $orderGoodsItem->orderGoods) {
// 如果不是新订单,并且已经存在的 order_goods,做更新
$orderGoodsId = $orderGoodsItem->orderGoods['rec_id'];
$stillExistOrderGoodsIdArray[] = $orderGoodsId;
} else {
// 新建的 order_goods,我们需要取得它的 CPS 信息,CPS 信息只在一开始加入,后面不会再被修改了
$cpsArray = ReferHelper::getCpsParam($orderRefer, $orderInfo, $orderGoodsValueArray);
if (!empty($cpsArray)) {
$orderGoodsValueArray['cps_rate'] = isset($cpsArray['cps_rate']) ? $cpsArray['cps_rate'] : 0;
$orderGoodsValueArray['cps_fix_fee'] = isset($cpsArray['cps_fix_fee']) ? $cpsArray['cps_fix_fee'] : 0;
}
}
$orderGoods = $orderBasicService->saveOrderGoods($orderGoodsId, $orderInfo['order_id'], $orderGoodsValueArray);
if ($orderGoods->isEmpty()) {
//创建失败
goto out_fail;
}
}
// 删除已经被用户删除的 order_goods
foreach ($dbOrderGoodsArray as $dbOrderGoodsItem) {
// 这个 order_goods 已经不存在了,删除它
if (!in_array($dbOrderGoodsItem['rec_id'], $stillExistOrderGoodsIdArray)) {
$orderBasicService->removeOrderGoods($dbOrderGoodsItem['rec_id']);
}
}
// 记录订单操作日志
$orderActionService = new OrderActionService();
$orderActionService->logOrderAction($orderInfo['order_id'], 0, OrderBasicService::OS_UNCONFIRMED, OrderBasicService::PS_UNPAYED, OrderGoodsService::OGS_UNPAY, '订单创建或更新', $username, 0, 0);
$dbEngine->commit();
return $orderInfo;
// 返回创建的订单
out_fail:
$dbEngine->rollback();
return false;
}
/**
* 批量上传快递单号,必须上传配货单
*
* @param $f3
*/
public function Upload($f3)
{
$recIdColumnIndex = 5;
// 子订单 ID 列号
$shippingIdColumnIndex = 23;
// 快递公司 ID 列号
$shippingNoColumnIndex = 24;
// 快递单号列
if (empty($_FILES) || !array_key_exists('uploadfile', $_FILES)) {
$this->addFlashMessage('没有上传文件');
goto out;
}
if ($_FILES['uploadfile']['error'] > 0) {
$this->addFlashMessage('上传文件错误:' . $_FILES['uploadfile']['error']);
goto out;
}
// 解析上传的文件名
$pathInfoArray = pathinfo($_FILES['uploadfile']['name']);
$fileExt = strtolower($pathInfoArray['extension']);
if ('xls' != $fileExt) {
$this->addFlashMessage('文件格式错误,必须是 Excel xls 文件');
goto out;
}
$targetFile = $f3->get('TEMP') . time() . $fileExt;
move_uploaded_file($_FILES['uploadfile']['tmp_name'], $targetFile);
require_once PROTECTED_PATH . '/Vendor/PHPExcel/Settings.php';
// 设置Excel缓存,防止数据太多拖死了程序
\PHPExcel_Settings::setCacheStorageMethod(\PHPExcel_CachedObjectStorageFactory::cache_to_phpTemp);
try {
$objPHPExcel = \PHPExcel_IOFactory::load($targetFile);
} catch (\Exception $e) {
$this->addFlashMessage('上传的文件格式错误,请注意不要修改批量下载订单文件的格式');
goto out;
}
// 取得快递公司列表
$expressService = new ExpressService();
$expressArray = $expressService->fetchExpressArray();
// 构建 shipping_id --> express 的反查表
$shippingIdExpressArray = array();
foreach ($expressArray as $expressItem) {
$shippingIdExpressArray[$expressItem['meta_id']] = $expressItem;
}
unset($expressArray);
unset($expressService);
// 释放内存
$activeSheet = $objPHPExcel->setActiveSheetIndex(0);
$maxRow = $activeSheet->getHighestRow();
$expressSetCount = 0;
// 成功设置计数
// 当前登录用户
$authSupplierUser = AuthHelper::getAuthUser();
$orderBasicService = new OrderBasicService();
// 一行一行的读取数据
for ($currentRow = 1; $currentRow <= $maxRow; $currentRow++) {
// 取得子订单 ID
$recIdStr = trim($activeSheet->getCellByColumnAndRow($recIdColumnIndex, $currentRow)->getValue());
if (!ctype_digit($recIdStr)) {
// 如果不全是数字,说明这列不对
continue;
}
$orderGoods = $orderBasicService->loadOrderGoodsById(intval($recIdStr));
if ($orderGoods->isEmpty() || OrderGoodsService::OGS_PAY != $orderGoods->order_goods_status || $orderGoods['suppliers_id'] != $authSupplierUser['suppliers_id']) {
$this->addFlashMessage('子订单[' . $recIdStr . ']非法');
continue;
}
//取得快递公司 ID 设置
$shippingIdStr = trim($activeSheet->getCellByColumnAndRow($shippingIdColumnIndex, $currentRow)->getValue());
if (!ctype_digit($shippingIdStr) || intval($shippingIdStr) <= 0) {
$this->addFlashMessage('子订单[' . $recIdStr . '] 对应的 快递ID 错误');
continue;
}
$shipping_id = intval($shippingIdStr);
if (!isset($shippingIdExpressArray[$shipping_id])) {
$this->addFlashMessage('子订单[' . $recIdStr . '] 对应的 快递ID[' . $shipping_id . '] 非法');
continue;
}
if ($orderGoods->shipping_id > 0) {
$this->addFlashMessage('子订单[' . $recIdStr . '] 覆盖了之前已有的快递信息 [' . $orderGoods->shipping_name . ':' . $orderGoods->shipping_no . ']');
}
//取得快递单号
$shippingNoStr = trim($activeSheet->getCellByColumnAndRow($shippingNoColumnIndex, $currentRow)->getValue());
//设置快递信息
$orderGoods->shipping_id = $shipping_id;
$orderGoods->shipping_name = $shippingIdExpressArray[$shipping_id]['meta_name'];
$orderGoods->shipping_no = $shippingNoStr;
$orderGoods->save();
$expressSetCount++;
// 更新 order_info 的 update_time 字段
$orderInfo = $orderBasicService->loadOrderInfoById($orderGoods['order_id'], 1);
//缓存1秒
$orderInfo->update_time = Time::gmTime();
$orderInfo->save();
// 添加订单操作日志
$action_note = '' . $shipping_id . ',' . $shippingIdExpressArray[$shipping_id]['meta_name'] . ',' . $shippingNoStr;
$orderActionService = new OrderActionService();
$orderActionService->logOrderAction($orderGoods['order_id'], $orderGoods['rec_id'], $orderInfo['order_status'], $orderInfo['pay_status'], $orderGoods['order_goods_status'], $action_note, '供货商:[' . $authSupplierUser['suppliers_id'] . ']' . $authSupplierUser['suppliers_name'], 0, $orderInfo['shipping_status']);
}
$this->addFlashMessage('一共更新了 ' . $expressSetCount . ' 个快递信息');
out:
// 删除上传文件
if (!empty($targetFile)) {
@unlink($targetFile);
}
// 回到批量下载界面
RouteHelper::reRoute($this, '/Order/Excel');
}
/**
* 管理员权限管理
*
* @param $f3
*/
public function Privilege($f3)
{
// 权限检查
$this->requirePrivilege('manage_account_admin_privilege_get');
global $smarty;
// 参数验证
$validator = new Validator($f3->get('GET'));
$user_id = $validator->required()->digits()->min(1)->validate('user_id');
if (!$this->validate($validator)) {
goto out_fail;
}
// 查询管理员信息
$adminUserService = new AdminUserService();
$adminUser = $adminUserService->loadAdminById($user_id);
if ($adminUser->isEmpty()) {
// 不存在的管理员
$this->addFlashMessage('管理员不存在');
goto out_fail;
} else {
if (AdminUserService::verifyPrivilege(AdminUserService::privilegeAll, $adminUser['action_list'])) {
// 拥有最高权限的管理员只有他自己能编辑自己
$authAdminUser = AuthHelper::getAuthUser();
if ($authAdminUser['user_id'] != $adminUser['user_id']) {
$this->addFlashMessage('超级管理员只有他自己能操作自己的信息');
RouteHelper::reRoute($this, '/Account/Admin/ListUser');
}
}
}
if (!Request::isRequestPost()) {
// 没有 post ,只是普通的显示
goto out_display;
}
// 权限检查
$this->requirePrivilege('manage_account_admin_privilege_post');
$action_list_str = '';
$actionCodeArray = $f3->get('POST[action_code]');
if (empty($actionCodeArray)) {
// 清空了所有权限
$action_list_str = '';
goto update_privilege;
}
if (in_array(AdminUserService::privilegeAll, $actionCodeArray)) {
// 权限检查,只有自身拥有 privilegeAll 权限的人才能给别人授权 privilegeAll
$this->requirePrivilege(AdminUserService::privilegeAll);
// 用户有所有的权限
$action_list_str = AdminUserService::privilegeAll;
goto update_privilege;
}
// 生成权限字符串
$action_list_str = implode(',', $actionCodeArray);
update_privilege:
$adminUser->role_id = $f3->get('POST[role_id]');
$adminUser->action_list = $action_list_str;
$adminUser->save();
$this->addFlashMessage('管理员权限保存成功');
out_display:
$smarty->assign($adminUser->toArray());
// 取得权限显示列表
$metaPrivilegeService = new MetaPrivilegeService();
$smarty->assign('privilegeArray', $metaPrivilegeService->fetchPrivilegeArray());
$smarty->display('account_admin_privilege.tpl');
return;
// 正常从这里返回
out_fail:
// 失败,返回管理员列表
RouteHelper::reRoute($this, RouteHelper::makeUrl('/Account/Admin/ListUser', array('user_id' => $user_id), true));
}
/**
*
* 为 mobile 系统设置运行环境
*
* @return bool
*/
private function doMobileAction()
{
global $f3;
// 获取当前插件的根地址
$currentThemeBasePath = dirname(__FILE__);
// 通用的加载
$this->doOtherAction();
// mobile 目录加入到 auto load 的路径中,这样系统就能自动做 class 加载
SystemHelper::addAutoloadPath($currentThemeBasePath . '/mobile/Code', true);
// 设置路由,这样用户就能访问到我们的程序了
$f3->config($currentThemeBasePath . '/mobile/route.cfg');
$f3->config($currentThemeBasePath . '/mobile/route-rewrite.cfg');
// 记录用户从什么来源到达网站的
ReferHelper::addReferItem('HostRefer', new HostRefer());
// 记录来源的 refer_host 和 refer_url
// 注册 Asset 模块
\Core\Asset\ManagerHelper::registerModule(MobileThemePlugin::pluginGetUniqueId(), $this->pluginGetVersion(), $currentThemeBasePath . '/mobile/Asset');
// 发布必要的资源文件
\Core\Asset\ManagerHelper::publishAsset(MobileThemePlugin::pluginGetUniqueId(), 'jquery-mobile');
\Core\Asset\ManagerHelper::publishAsset(MobileThemePlugin::pluginGetUniqueId(), 'css');
\Core\Asset\ManagerHelper::publishAsset(MobileThemePlugin::pluginGetUniqueId(), 'js');
\Core\Asset\ManagerHelper::publishAsset(MobileThemePlugin::pluginGetUniqueId(), 'img');
// 增加 smarty 模板搜索路径
global $smarty;
$smarty->addTemplateDir($currentThemeBasePath . '/mobile/Tpl/');
// 加载 smarty 的扩展,里面有一些我们需要用到的函数
require_once $currentThemeBasePath . '/mobile/Code/smarty_helper.php';
// 注册 smarty 函数
smarty_helper_register($smarty);
global $f3;
// 设置网站的 Base 路径,给 JavaScript 使用
$smarty->assign("WEB_ROOT_HOST", $f3->get('sysConfig[webroot_schema_host]'));
$smarty->assign("WEB_ROOT_BASE", $f3->get('BASE'));
$smarty->assign("WEB_ROOT_BASE_RES", smarty_helper_function_get_asset_url(array('asset' => ''), null));
$smarty->assign("IS_USER_AUTH", \Core\Helper\Utility\Auth::isAuthUser());
// jQuery Mobile 根据当前页面的 URL 来决定是否缓存,我们对某些不希望缓存的页面在这里需要特殊处理,
// 确保它的 url 是一直变化的
$currentPageUrl = \Core\Helper\Utility\Route::getRequestURL();
// 下面的操作页面不要缓存,因为每次可能都不一样,比如有验证码,或者有新订单
if (false !== strpos($currentPageUrl, '/User/') || false !== strpos($currentPageUrl, '/My/') || false !== strpos($currentPageUrl, '/Cart/')) {
$currentPageUrl = \Core\Helper\Utility\Route::addParam($currentPageUrl, array('_no_cache_page' => time()));
}
$smarty->assign("CURRENT_PAGE_URL", $currentPageUrl);
return true;
}
