├── README.md ├── config.php ├── index.php ├── mini.php ├── cron.php ├── api.php └── ajax.php /README.md: -------------------------------------------------------------------------------- 1 | # - 2 | 彩虹自助下单系统;彩虹云商城;彩虹开源系统;彩虹发卡网;彩虹代刷网 3 | -------------------------------------------------------------------------------- /config.php: -------------------------------------------------------------------------------- 1 | 'localhost', //数据库服务器 5 | 'port' => 3306, //数据库端口 6 | 'user' => '', //数据库用户名 7 | 'pwd' => '', //数据库密码 8 | 'dbname' => '', //数据库名 9 | 'dbqz' => 'shua' //数据表前缀 10 | ); 11 | ?> -------------------------------------------------------------------------------- /index.php: -------------------------------------------------------------------------------- 1 | 5.4 !'); 5 | } 6 | if (isset($_SERVER) && $_SERVER['REQUEST_URI'] == '/favicon.ico')exit; 7 | 8 | include("./includes/common.php"); 9 | 10 | if($conf['invite_tid'] && isset($_GET['i']) && $_GET['i']!=$_COOKIE['invitecode']){ 11 | $invite_result = processInvite($_GET['i']); 12 | if($invite_result=='captcha'){ 13 | @header('Content-Type: text/html; charset=UTF-8'); 14 | include TEMPLATE_ROOT.'default/captcha.php'; 15 | exit; 16 | } 17 | } 18 | @header('Content-Type: text/html; charset=UTF-8'); 19 | if($conf['fenzhan_page']==1 && !empty($conf['fenzhan_remain']) && !in_array($domain,explode(',',$conf['fenzhan_remain'])) && $is_fenzhan==false){ 20 | include ROOT.'template/default/404.html'; 21 | exit; 22 | } 23 | if($conf['forceloginhome']==1 && !$islogin2){ 24 | exit(""); 25 | } 26 | 27 | $qq=isset($_GET['qq'])?htmlspecialchars(strip_tags(trim($_GET['qq']))):null; 28 | 29 | $addsalt=md5(mt_rand(0,999).time()); 30 | $_SESSION['addsalt']=$addsalt; 31 | $x = new \lib\hieroglyphy(); 32 | $addsalt_js = $x->hieroglyphyString($addsalt); 33 | 34 | if($is_fenzhan==true && file_exists(ROOT.'assets/img/logo_'.$conf['zid'].'.png')){ 35 | $logo = 'assets/img/logo_'.$conf['zid'].'.png'; 36 | }else{ 37 | $logo = 'assets/img/logo.png'; 38 | } 39 | if($conf['cdnpublic']==1){ 40 | $cdnpublic = '//lib.baomitu.com/'; 41 | }elseif($conf['cdnpublic']==2){ 42 | $cdnpublic = 'https://cdn.bootcdn.net/ajax/libs/'; 43 | }elseif($conf['cdnpublic']==4){ 44 | $cdnpublic = '//s1.pstatp.com/cdn/expire-1-M/'; 45 | }else{ 46 | $cdnpublic = '//cdn.staticfile.org/'; 47 | } 48 | if(!empty($conf['staticurl'])){ 49 | $cdnserver = '//'.$conf['staticurl'].'/'; 50 | }else{ 51 | $cdnserver = null; 52 | } 53 | 54 | if(!empty($conf['gg_announce']))$conf['anounce']=$conf['gg_announce'].$conf['anounce']; 55 | 56 | if($is_fenzhan == true && $siterow['power']==2){ 57 | if($siterow['ktfz_price']>0)$conf['fenzhan_price']=$siterow['ktfz_price']; 58 | if($conf['fenzhan_cost2']<=0)$conf['fenzhan_cost2']=$conf['fenzhan_price2']; 59 | if($siterow['ktfz_price2']>0 && $siterow['ktfz_price2']>=$conf['fenzhan_cost2'])$conf['fenzhan_price2']=$siterow['ktfz_price2']; 60 | } 61 | 62 | list($background_image, $background_css) = \lib\Template::getBackground(); 63 | 64 | if($conf['sitename_hide']==1 && !empty($conf['title'])){ 65 | $hometitle = $conf['title']; 66 | }else{ 67 | $hometitle = $conf['sitename'].(!empty($conf['title'])?' - '.$conf['title']:null); 68 | } 69 | $mod = isset($_GET['mod'])?$_GET['mod']:'index'; 70 | $loadfile = \lib\Template::load($mod); 71 | include $loadfile; -------------------------------------------------------------------------------- /mini.php: -------------------------------------------------------------------------------- 1 | hieroglyphyString($addsalt); 20 | 21 | $rs=$DB->query("SELECT * FROM pre_class WHERE active=1 ORDER BY sort ASC"); 22 | $select=''; 23 | $shua_class[0]='默认分类'; 24 | while($res = $rs->fetch()){ 25 | $shua_class[$res['cid']]=$res['name']; 26 | $select.=''; 27 | } 28 | 29 | $select2=''; 30 | 31 | @header('Content-Type: text/html; charset=UTF-8'); 32 | ?> 33 | 34 | 35 | 36 | 37 | 38 | <?php echo $conf['sitename']?> - <?php echo $conf['title']?> 39 | 40 | 41 | 42 | 43 | 47 | 51 | 52 | 53 |
54 |
55 |

  网站公告

56 | 57 |
58 | 59 |
60 |

  自助下单

61 | 64 |
65 |
66 |
67 |
68 |
选择分类
69 | 70 |
71 |
72 | 77 |
78 |
选择商品
79 | 80 |
81 |
82 |
商品价格
83 | 84 |
85 | 89 | 95 |
96 | 97 | 98 |
99 |
100 |
style="display:none;">
101 |
102 |
查询内容
103 | 104 |
105 | 106 | 113 |
114 |
115 |
116 |
117 |
118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 131 | 132 | 133 | -------------------------------------------------------------------------------- /cron.php: -------------------------------------------------------------------------------- 1 | read('pricejk_type1')), explode(',',$CACHE->read('pricejk_type2'))); 37 | }else{ 38 | $allowType = explode(',',$CACHE->read('pricejk_type1')); 39 | $allowType[] = 'yile'; 40 | } 41 | if(count($allowType) == 0)exit('没有支持价格监控的对接网站类型'); 42 | $rs=$DB->query("SELECT * FROM pre_shequ ORDER BY id ASC"); 43 | while($res = $rs->fetch()) 44 | { 45 | if(!in_array($res['type'], $allowType)) continue; 46 | $tcount = $DB->getColumn("SELECT count(*) FROM pre_tools WHERE is_curl=2 AND shequ='{$res['id']}' AND cid IN ({$conf['pricejk_cid']}) AND active=1"); 47 | if($tcount>0 && $res['username'] && $res['password'] && $res['type']){ 48 | $is_need++; 49 | $results = third_call($res['type'], $res, 'pricejk', [$res['id'], &$success]); 50 | if($results === false) continue; 51 | if($results===true){ 52 | saveSetting('pricejk_status','ok'); 53 | }else{ 54 | saveSetting('pricejk_status',$results); 55 | echo '对接站点ID'.$res['id'].':'.$results.'
'; 56 | } 57 | } 58 | } 59 | if($is_need==0){ 60 | exit('没有需要监控价格的商品'); 61 | }else{ 62 | exit('成功更新'.$success.'个商品的价格'); 63 | } 64 | } 65 | elseif($_GET['do']=='daily'){ //每天执行一次 66 | //每日数据库维护 67 | $maintain = getSetting('maintain', true); 68 | if($maintain != date("Ymd")){ 69 | saveSetting('maintain',date("Ymd")); 70 | $sq1 = $DB->exec("DELETE FROM `pre_pay` WHERE addtime<'".date("Y-m-d H:i:s",strtotime("-12 hours"))."' AND (status=0 OR money='0')"); 71 | $sq2 = $DB->exec("DELETE FROM `pre_cart` WHERE addtime<'".date("Y-m-d H:i:s",strtotime("-30 days"))."'"); 72 | $sq3 = $DB->exec("DELETE FROM `pre_cart` WHERE addtime<'".date("Y-m-d H:i:s",strtotime("-24 hours"))."' and status<2"); 73 | $sq4 = $DB->exec("DELETE FROM `pre_giftlog` WHERE addtime<'".date("Y-m-d H:i:s",strtotime("-7 days"))."'"); 74 | $sq5 = $DB->exec("DELETE FROM `pre_invitelog` WHERE date<'".date("Y-m-d H:i:s",strtotime("-7 days"))."'"); 75 | $DB->exec("OPTIMIZE TABLE `pre_pay`"); 76 | $DB->exec("OPTIMIZE TABLE `pre_cart`"); 77 | $DB->exec("OPTIMIZE TABLE `pre_giftlog`"); 78 | $DB->exec("OPTIMIZE TABLE `pre_invitelog`"); 79 | $count = $sq1+$sq2+$sq3+$sq4+$sq5; 80 | exit('日常维护任务已成功执行,本次共清理'.$count.'条数据
'); 81 | }else{ 82 | echo '日常维护任务今天已执行过
'; 83 | } 84 | //分站排行榜奖励发放 85 | if($conf['rank_reward']){ 86 | $limit = intval($conf['rank_reward']); 87 | $cron_lasttime = getSetting('cron_rank_time', true); 88 | if($cron_lasttime != date("Ymd")){ 89 | $re = $DB->query("SELECT a.zid,SUM(money) AS money FROM pre_orders AS a WHERE (TO_DAYS(NOW()) - TO_DAYS(addtime) = 1) AND zid>1 AND status!=4 GROUP BY zid HAVING money>0 ORDER BY money DESC LIMIT {$limit}"); 90 | $allmoney = 0; 91 | $count = 0; 92 | while ($site = $re->fetch()) { 93 | $reward = round($site['money'] * $conf['rank_percentage'] / 100, 2); 94 | if($reward>0){ 95 | $allmoney += $reward; 96 | $count++; 97 | changeUserMoney($site['zid'], $reward, true, '奖励', '网站昨日销量排行前'.$limit.'名奖励'.$reward.'元'); 98 | } 99 | } 100 | saveSetting('cron_rank_time' , date("Ymd")); 101 | saveSetting('cron_rank_money' , $allmoney); 102 | echo '分站排行榜奖励发放完成,发放站点数量:'.$count.' 总金额:'.$allmoney.'元
'; 103 | }else{ 104 | echo '今日分站排行榜奖励发放任务已完成
'; 105 | } 106 | } 107 | //提成延迟到账 108 | if($conf['tixian_limit']==1 && $conf['tixian_days']>0){ 109 | $cron_lasttime = getSetting('cron_rmb_time', true); 110 | if($cron_lasttime != date("Ymd")){ 111 | $days = intval($conf['tixian_days']); 112 | $maxdays = $days+5; 113 | $rs=$DB->query("SELECT A.id,A.zid,A.point,A.status,B.rmb,B.rmbtc FROM pre_points A LEFT JOIN pre_site B ON A.zid=B.zid WHERE A.action='提成' AND A.status=0 AND TO_DAYS(NOW())-TO_DAYS(A.addtime)>={$days} AND TO_DAYS(NOW())-TO_DAYS(A.addtime)<={$maxdays}"); 114 | $c=0; 115 | while($row = $rs->fetch()){ 116 | if($row['rmb']-$row['rmbtc']>$row['point']){ 117 | $DB->exec("UPDATE pre_site SET rmbtc=rmbtc+{$row['point']} WHERE zid='{$row['zid']}'"); 118 | }else{ 119 | $DB->exec("UPDATE pre_site SET rmbtc={$row['rmb']} WHERE zid='{$row['zid']}'"); 120 | } 121 | $DB->exec("UPDATE pre_points SET status=1 WHERE id='{$row['id']}'"); 122 | $c++; 123 | } 124 | saveSetting('cron_rmb_time' , date("Ymd")); 125 | echo '今日提成处理成功('.$c.')
'; 126 | }else{ 127 | echo '今日提成处理已完成
'; 128 | } 129 | } 130 | } 131 | elseif($_GET['do']=='updatestatus'){ //订单状态监控 132 | if($conf['updatestatus']==0)exit('当前站点未开启订单状态监控'); 133 | $updatestatus_interval = $conf['updatestatus_interval']?$conf['updatestatus_interval']:6; 134 | $times = intval($updatestatus_interval) * 3600; //检测间隔时间 135 | $limit = 10; //每次更新订单数量 136 | $rs=$DB->query("SELECT * FROM pre_orders WHERE status=2 AND djzt=1 AND (uptime IS NULL OR uptime<".(time()-$times).") AND addtime<'".date("Y-m-d H:i:s",time()-$times)."' ORDER BY id DESC LIMIT {$limit}"); 137 | $checkcount=0; 138 | $successcount=0; 139 | while($row = $rs->fetch()){ 140 | $tool=$DB->getRow("SELECT * FROM pre_tools WHERE tid='{$row['tid']}' LIMIT 1"); 141 | if($tool['is_curl']==2){ 142 | $shequ=$DB->getRow("SELECT * FROM pre_shequ WHERE id='{$tool['shequ']}' LIMIT 1"); 143 | if($shequ['result']!=2 || empty($shequ['username']) || empty($shequ['password'])){ 144 | $DB->exec("UPDATE `pre_orders` SET `uptime`=".time()." WHERE id='{$row['id']}'"); 145 | continue; 146 | } 147 | $list = third_call($shequ['type'], $shequ, 'query_order', [$row['djorder'], $tool['goods_id'], [$row['input'], $row['input2'], $row['input3'], $row['input4'], $row['input5']]]); 148 | $checkcount++; 149 | if($list && is_array($list) && ($list['order_state']=='已完成'||$list['order_state']=='订单已完成'||$list['订单状态']=='已完成'||$list['订单状态']=='已发货'||$list['订单状态']=='交易成功'||$list['订单状态']=='已支付')){ 150 | $DB->exec("UPDATE `pre_orders` SET `status`=1,`uptime`=".time()." WHERE id='{$row['id']}'"); 151 | $successcount++; 152 | }elseif($list && is_array($list) && (strpos($list['order_state'],'异常')!==false||strpos($list['order_state'],'退单')!==false||$list['订单状态']=='异常'||$list['订单状态']=='已退单')){ 153 | $DB->exec("UPDATE `pre_orders` SET `status`=3,`uptime`=".time()." WHERE id='{$row['id']}'"); 154 | }else{ 155 | $DB->exec("UPDATE `pre_orders` SET `uptime`=".time()." WHERE id='{$row['id']}'"); 156 | } 157 | } 158 | } 159 | echo '成功检测'.$checkcount.'个订单,更新'.$successcount.'个订单状态'; 160 | saveSetting('updatestatus_lasttime',$date); 161 | } 162 | elseif($conf['epay_pid'] && $conf['epay_key']){ 163 | $id = isset($_GET['id'])?intval($_GET['id']):1; 164 | $cron_lasttime = getSetting('cron_lasttime', true); 165 | if(time()-strtotime($cron_lasttime)<30)exit('ok'); 166 | $trade_no = date("YmdHis",strtotime($cron_lasttime)).'000'; 167 | $limit = $DB->getColumn("SELECT count(*) FROM pre_pay WHERE trade_no>'$trade_no'"); 168 | if($limit<1)exit('ok'); 169 | if($limit>50)$limit=50; 170 | saveSetting('cron_lasttime',$date); 171 | $payapi=pay_api(true, $id); 172 | if(empty($payapi))exit('未配置易支付信息'); 173 | $data = get_curl($payapi.'api.php?act=orders&limit='.$limit.'&pid='.$conf['epay_pid'].'&key='.$conf['epay_key']); 174 | $arr = json_decode($data, true); 175 | if($arr['code']==1){ 176 | foreach($arr['data'] as $row){ 177 | if($row['status']==1){ 178 | $trade_no = $row['trade_no']; 179 | $out_trade_no = $row['out_trade_no']; 180 | $srow=$DB->getRow("SELECT * FROM pre_pay WHERE trade_no='{$out_trade_no}' LIMIT 1"); 181 | if($srow && $srow['status']==0){ 182 | $DB->exec("UPDATE `pre_pay` SET `status`='1',`endtime`='$date',`api_trade_no`='$trade_no' WHERE `trade_no`='{$out_trade_no}'"); 183 | processOrder($srow); 184 | echo '已成功补单:'.$out_trade_no.'
'; 185 | } 186 | } 187 | } 188 | exit('ok'); 189 | }else{ 190 | exit($arr['msg']); 191 | } 192 | }else{ 193 | exit('未配置易支付信息'); 194 | } -------------------------------------------------------------------------------- /api.php: -------------------------------------------------------------------------------- 1 | query("SELECT * FROM pre_class ORDER BY cid ASC"); 16 | $class=array(); 17 | while($res = $rs->fetch()){ 18 | $class[]=$res; 19 | } 20 | $rs=$DB->query("SELECT * FROM pre_tools ORDER BY tid ASC"); 21 | $tools=array(); 22 | while($res = $rs->fetch()){ 23 | $tools[]=$res; 24 | } 25 | $rs=$DB->query("SELECT id,url,type FROM pre_shequ ORDER BY id ASC"); 26 | $shequ=array(); 27 | while($res = $rs->fetch()){ 28 | $shequ[]=$res; 29 | } 30 | $rs=$DB->query("SELECT * FROM pre_price ORDER BY id ASC"); 31 | $price=array(); 32 | while($res = $rs->fetch()){ 33 | $price[]=$res; 34 | } 35 | $result=array("code"=>1,"class"=>$class,"tools"=>$tools,"shequ"=>$shequ,"price"=>$price); 36 | } 37 | elseif($act=='tools') 38 | { 39 | $key=daddslashes($_GET['key']); 40 | $limit=isset($_GET['limit'])?intval($_GET['limit']):50; 41 | if(!$key)exit('{"code":-5,"msg":"确保各项不能为空"}'); 42 | if($key!=$conf['apikey'])exit('{"code":-4,"msg":"API对接密钥错误,请在后台设置密钥"}'); 43 | $rs=$DB->query("SELECT * FROM pre_tools WHERE active=1 ORDER BY tid ASC LIMIT $limit"); 44 | while($res = $rs->fetch()){ 45 | $data[]=array('tid'=>$res['tid'],'cid'=>$res['cid'],'sort'=>$res['sort'],'name'=>$res['name'],'price'=>$res['price']); 46 | } 47 | exit(json_encode($data)); 48 | } 49 | elseif($act=='orders') 50 | { 51 | $tid=intval($_GET['tid']); 52 | $key=daddslashes($_GET['key']); 53 | $limit=isset($_GET['limit'])?intval($_GET['limit']):50; 54 | $format=isset($_GET['format'])?daddslashes($_GET['format']):'json'; 55 | if(!$key)exit('{"code":-5,"msg":"确保各项不能为空"}'); 56 | if($key!=$conf['apikey'])exit('{"code":-4,"msg":"API对接密钥错误,请在后台设置密钥"}'); 57 | if($tid){ 58 | $tool=$DB->getRow("SELECT tid,value FROM pre_tools WHERE tid='$tid' AND active=1 LIMIT 1"); 59 | if(!$tool)exit('{"code":-5,"msg":"商品ID不存在"}'); 60 | $sqls=" and tid='$tid'"; 61 | $value=$tool['value']>0?$tool['value']:1; 62 | } 63 | $rs=$DB->query("SELECT * FROM pre_orders WHERE status=0{$sqls} ORDER BY id ASC LIMIT $limit"); 64 | while($res = $rs->fetch()){ 65 | $data[]=array('id'=>$res['id'],'tid'=>$res['tid'],'input'=>$res['input'],'input2'=>$res['input2'],'input3'=>$res['input3'],'input4'=>$res['input4'],'input5'=>$res['input5'],'value'=>$res['value'],'status'=>$res['status']); 66 | if($_GET['sign']==1)$DB->exec("UPDATE `pre_orders` SET status=1 WHERE `id`='{$res['id']}'"); 67 | } 68 | if($format=='text'){ 69 | $txt = ''; 70 | foreach($data as $row){ 71 | $txt .= $row['input'] . ($row['input2']?'----'.$row['input2']:null) . ($row['input3']?'----'.$row['input3']:null) . ($row['input4']?'----'.$row['input4']:null) . ($row['input5']?'----'.$row['input5']:null) . '----' . $row['value'] . "\r\n"; 72 | } 73 | exit($txt); 74 | }else{ 75 | exit(json_encode($data)); 76 | } 77 | } 78 | elseif($act=='change') 79 | { 80 | $id=intval($_GET['id']); 81 | $key=daddslashes($_GET['key']); 82 | $status=intval($_GET['zt']); //1:已完成,2:正在处理,3:异常,4:待处理 83 | if(!$id || !$key)exit('{"code":-5,"msg":"确保各项不能为空"}'); 84 | if($key!=$conf['apikey'])exit('{"code":-4,"msg":"API对接密钥错误,请在后台设置密钥"}'); 85 | $row=$DB->getRow("SELECT id FROM pre_orders WHERE id='$id' LIMIT 1"); 86 | if($row) { 87 | $sql="UPDATE `pre_orders` SET `status`='$status' WHERE `id`='{$id}' LIMIT 1"; 88 | if($DB->exec($sql)!==false){ 89 | $result=array("code"=>1,"msg"=>"修改成功","id"=>$id); 90 | }else{ 91 | $result=array("code"=>-2,"msg"=>"修改失败","id"=>$id); 92 | } 93 | } 94 | else 95 | { 96 | $result=array("code"=>-5,"msg"=>"订单ID不存在"); 97 | } 98 | } 99 | elseif($act == 'classlist') 100 | { 101 | $rs=$DB->query("SELECT * FROM pre_class WHERE active=1 ORDER BY sort ASC"); 102 | $data = array(); 103 | while($res = $rs->fetch(PDO::FETCH_ASSOC)){ 104 | $data[]=$res; 105 | } 106 | $result=array("code"=>0,"msg"=>"succ","data"=>$data,"count"=>count($data)); 107 | exit(json_encode($result)); 108 | } 109 | elseif($act == 'goodslistbycid') 110 | { 111 | if(isset($_POST['user']) && isset($_POST['pass'])){ 112 | $user = trim(daddslashes($_POST['user'])); 113 | $pass = trim(daddslashes($_POST['pass'])); 114 | $userrow = $DB->getRow("SELECT * FROM `pre_site` WHERE `user` = '{$user}' LIMIT 1"); 115 | if ($userrow && $userrow['user'] == $user && $userrow['pwd'] == $pass && $userrow['status'] == 1) { 116 | $islogin2 = 1; 117 | $price_obj = new \lib\Price($userrow['zid'],$userrow); 118 | } elseif ($userrow && $userrow['status'] == 0) { 119 | exit('{"code":-1,"message":"该账户已被封禁"}'); 120 | } else { 121 | exit('{"code":-1,"message":"用户名或密码不正确"}'); 122 | } 123 | } 124 | $cid=isset($_POST['cid'])?intval($_POST['cid']):0; 125 | $rs=$DB->query("SELECT * FROM pre_tools WHERE cid='$cid' AND active=1 ORDER BY sort ASC"); 126 | $data = array(); 127 | while($res = $rs->fetch(PDO::FETCH_ASSOC)){ 128 | if(isset($price_obj)){ 129 | $price_obj->setToolInfo($res['tid'],$res); 130 | $price=$price_obj->getToolPrice($res['tid']); 131 | }else $price=$res['price']; 132 | if($res['is_curl']==4){ 133 | $isfaka = 1; 134 | $res['input'] = getFakaInput(); 135 | }else{ 136 | $isfaka = 0; 137 | } 138 | $data[]=array('tid'=>$res['tid'],'cid'=>$res['cid'],'sort'=>$res['sort'],'name'=>$res['name'],'value'=>$res['value'],'price'=>$price,'input'=>$res['input'],'inputs'=>$res['inputs'],'desc'=>$res['desc'],'alert'=>$res['alert'],'shopimg'=>$res['shopimg'],'validate'=>$res['validate'],'valiserv'=>$res['valiserv'],'repeat'=>$res['repeat'],'multi'=>$res['multi'],'close'=>$res['close'],'prices'=>$res['prices'],'min'=>$res['min'],'max'=>$res['max'],'sales'=>$res['sales'],'isfaka'=>$isfaka,'stock'=>$res['stock']); 139 | } 140 | $result=array("code"=>0,"msg"=>"succ","data"=>$data,"count"=>count($data)); 141 | exit(json_encode($result)); 142 | } 143 | elseif($act == 'goodslist') 144 | { 145 | $result['code'] = 0; 146 | if(isset($_POST['user']) && isset($_POST['pass'])){ 147 | $user = trim(daddslashes($_POST['user'])); 148 | $pass = trim(daddslashes($_POST['pass'])); 149 | $userrow = $DB->getRow("SELECT * FROM `pre_site` WHERE `user` = '{$user}' LIMIT 1"); 150 | if ($userrow && $userrow['user'] == $user && $userrow['pwd'] == $pass && $userrow['status'] == 1) { 151 | $islogin2 = 1; 152 | $price_obj = new \lib\Price($userrow['zid'],$userrow); 153 | } elseif ($userrow && $userrow['status'] == 0) { 154 | exit('{"code":-1,"message":"该账户已被封禁"}'); 155 | } else { 156 | exit('{"code":-1,"message":"用户名或密码不正确"}'); 157 | } 158 | } 159 | $rs=$DB->query("SELECT * FROM `pre_tools` WHERE `active` = 1 ORDER BY `cid` ASC,`sort` ASC"); 160 | while($res = $rs->fetch()){ 161 | if($islogin2 == 1 && isset($price_obj)){ 162 | $price_obj->setToolInfo($res['tid'],$res); 163 | $price = $price_obj->getToolPrice($res['tid']); 164 | }else{ 165 | $price = $res['price']; 166 | } 167 | if($res['is_curl']==4){ 168 | $count = $DB->getColumn("SELECT count(*) FROM pre_faka WHERE tid='{$res['tid']}' AND orderid=0"); 169 | //if($count==0)$res['close']=1; 170 | $isfaka = 1; 171 | }else{ 172 | $count = $res['stock']; 173 | $isfaka = 0; 174 | } 175 | $data[] = array('tid' => $res['tid'] , 'cid' => $res['cid'] , 'name' => $res['name'] , 'shopimg' => $res['shopimg'] , 'close' => $res['close'] , 'price' => $price , 'isfaka' => $isfaka , 'stock' => $count); 176 | } 177 | $result['data'] = $data; 178 | exit(json_encode($result)); 179 | } 180 | elseif($act == 'goodsdetails') 181 | { 182 | $result['code'] = 0; 183 | $tid = intval($_POST['tid']); 184 | if(!$tid)exit('{"code":-1,"message":"商品ID不能为空"}'); 185 | if(isset($_POST['user']) && isset($_POST['pass'])){ 186 | $user = trim(daddslashes($_POST['user'])); 187 | $pass = trim(daddslashes($_POST['pass'])); 188 | $userrow = $DB->getRow("SELECT * FROM `pre_site` WHERE `user` = '{$user}' LIMIT 1"); 189 | if ($userrow && $userrow['user'] == $user && $userrow['pwd'] == $pass && $userrow['status'] == 1) { 190 | $islogin2 = 1; 191 | $price_obj = new \lib\Price($userrow['zid'],$userrow); 192 | } elseif ($userrow && $userrow['status'] == 0) { 193 | exit('{"code":-1,"message":"该账户已被封禁"}'); 194 | } else { 195 | exit('{"code":-1,"message":"用户名或密码不正确"}'); 196 | } 197 | } 198 | $tool = $DB->getRow("SELECT * FROM `pre_tools` WHERE `tid` = {$tid} LIMIT 1"); 199 | if(!$tool)exit('{"code":-1,"message":"商品不存在"}'); 200 | if($islogin2 == 1 && isset($price_obj)){ 201 | $price_obj->setToolInfo($tid, $tool); 202 | $price = $price_obj->getToolPrice($tid); 203 | }else{ 204 | $price = $tool['price']; 205 | } 206 | if($tool['is_curl']==4){ 207 | $count = $DB->getColumn("SELECT count(*) FROM pre_faka WHERE tid='{$tool['tid']}' AND orderid=0"); 208 | if($count==0)$tool['close']=1; 209 | $isfaka = 1; 210 | $tool['input'] = getFakaInput(); 211 | }else{ 212 | $count = $tool['stock']; 213 | $isfaka = 0; 214 | if(empty($tool['input']))$tool['input']='下单账号'; 215 | } 216 | $data = array('tid'=>$tool['tid'],'cid'=>$tool['cid'],'sort'=>$tool['sort'],'name'=>$tool['name'],'value'=>$tool['value'],'price'=>$price,'prices'=>$tool['prices'],'input'=>$tool['input'],'inputs'=>$tool['inputs'],'desc'=>$tool['desc'],'alert'=>$tool['alert'],'shopimg'=>$tool['shopimg'],'repeat'=>$tool['repeat'],'multi'=>$tool['multi'],'min'=>$tool['min'],'max'=>$tool['max'],'close'=>$tool['close'],'isfaka'=>$isfaka,'stock'=>$count); 217 | $result['data'] = $data; 218 | exit(json_encode($result)); 219 | } 220 | elseif($act == 'getleftcount') 221 | { 222 | $tid=trim($_POST['tid']); 223 | if(!$tid)exit('{"code":-1,"message":"商品ID不能为空"}'); 224 | if(strpos($tid,',')){ 225 | $tids = explode(',',$tid); 226 | if(count($tids)>20)exit('{"code":-1,"message":"每次最多只能查询20个商品的库存"}'); 227 | } 228 | if(isset($tids) && count($tids)>0){ 229 | $data = []; 230 | foreach($tids as $tid){ 231 | $tool = $DB->getRow("SELECT * FROM `pre_tools` WHERE `tid` = ".intval($tid)." LIMIT 1"); 232 | if(!$tool)continue; 233 | if($tool['is_curl']==4){ 234 | $count = $DB->getColumn("SELECT count(*) FROM pre_faka WHERE tid='$tid' AND orderid=0"); 235 | }elseif($tool['stock']!==null){ 236 | $count = $tool['stock']; 237 | }else{ 238 | $count = null; 239 | } 240 | $data[] = ['tid'=>$tid,'stock'=>$count]; 241 | } 242 | exit(json_encode(['code'=>0, 'data'=>$data])); 243 | }else{ 244 | $tool = $DB->getRow("SELECT * FROM `pre_tools` WHERE `tid` = ".intval($tid)." LIMIT 1"); 245 | if(!$tool)exit('{"code":-1,"message":"商品不存在"}'); 246 | if($tool['is_curl']==4){ 247 | $count = $DB->getColumn("SELECT count(*) FROM pre_faka WHERE tid='$tid' AND orderid=0"); 248 | }elseif($tool['stock']!==null){ 249 | $count = $tool['stock']; 250 | }else{ 251 | exit('{"code":-2,"message":"该商品不限库存"}'); 252 | } 253 | exit(json_encode(["code"=>0,"count"=>$count])); 254 | } 255 | } 256 | elseif($act == 'pay') 257 | { 258 | $result['code'] = -1; 259 | $tid = intval($_POST['tid']); 260 | if(!$tid)exit('{"code":-1,"message":"商品ID不能为空"}'); 261 | $user = trim(daddslashes($_POST['user'])); 262 | $pass = trim(daddslashes($_POST['pass'])); 263 | $input1 = isset($_POST['input1']) ? htmlspecialchars(trim(strip_tags(daddslashes($_POST['input1'])))) : exit('{"code":-1,"message":"首个参数值不能为空"}'); 264 | $input2 = htmlspecialchars(trim(strip_tags(daddslashes($_POST['input2'])))); 265 | $input3 = htmlspecialchars(trim(strip_tags(daddslashes($_POST['input3'])))); 266 | $input4 = htmlspecialchars(trim(strip_tags(daddslashes($_POST['input4'])))); 267 | $input5 = htmlspecialchars(trim(strip_tags(daddslashes($_POST['input5'])))); 268 | $num = isset($_POST['num']) ? intval($_POST['num']) : 1; 269 | $tool = $DB->getRow("SELECT * FROM `pre_tools` WHERE `tid` = {$tid} LIMIT 1"); 270 | if ($tool && $tool['active'] == 1) { 271 | if($tool['close']==1)exit('{"code":-1,"message":"当前商品维护中,停止下单!"}'); 272 | $inputs=explode('|',$tool['inputs']); 273 | if($inputs[0] && empty($input2) || $inputs[1] && empty($input3) || $inputs[2] && empty($input4) || $inputs[3] && empty($input5)){ 274 | exit('{"code":-1,"message":"请确保各项不能为空"}'); 275 | } 276 | if(!$inputs[0] && !empty($input2) || !$inputs[1] && !empty($input3) || !$inputs[2] && !empty($input4) || !$inputs[3] && !empty($input5)){ 277 | exit('{"code":-1,"message":"验证失败"}'); 278 | } 279 | $userrow = $DB->getRow("SELECT * FROM `pre_site` WHERE `user` = '{$user}' LIMIT 1"); 280 | if ($userrow && $userrow['user'] == $user && $userrow['pwd'] == $pass && $userrow['status'] == 1) { 281 | $result['code'] = 0; 282 | if(in_array($input1,explode("|",$conf['blacklist']))) exit('{"code":-1,"message":"你的下单账号已被拉黑,无法下单!"}'); 283 | if($tool['is_curl']==4){ 284 | $count = $DB->getColumn("SELECT count(*) FROM pre_faka WHERE tid='$tid' AND orderid=0"); 285 | $nums=($tool['value']>1?$tool['value']:1)*$num; 286 | if($count==0)exit('{"code":-1,"message":"该商品库存卡密不足,请联系站长加卡!"}'); 287 | if($nums>$count)exit('{"code":-1,"message":"你所购买的数量超过库存数量!"}'); 288 | } 289 | elseif($tool['stock']!==null){ 290 | if($tool['stock']==0)exit('{"code":-1,"message":"该商品库存不足,请联系站长增加库存!"}'); 291 | if($num>$tool['stock'])exit('{"code":-1,"message":"你所购买的数量超过库存数量!"}'); 292 | } 293 | elseif($tool['repeat']==0){ 294 | $thtime=date("Y-m-d").' 00:00:00'; 295 | $row=$DB->getRow("SELECT id,input,status,addtime FROM pre_orders WHERE tid=:tid AND input=:input ORDER BY id DESC LIMIT 1", [':tid'=>$tid, ':input'=>$inputvalue]); 296 | if($row['input'] && $row['status']==0) 297 | exit('{"code":-1,"message":"您今天添加的'.$tool['name'].'正在排队中,请勿重复提交!"}'); 298 | elseif($row['addtime']>$thtime) 299 | exit('{"code":-1,"message":"您今天已添加过'.$tool['name'].',请勿重复提交!"}'); 300 | } 301 | if($tool['validate']==1 && is_numeric($input1)){ 302 | if(validate_qzone($input1)==false) exit('{"code":-1,"message":"你的QQ空间设置了访问权限,无法下单!"}'); 303 | } 304 | if($tool['multi'] == 0 || $num < 1) $num = 1; 305 | if($tool['multi']==1 && $tool['min']>0 && $num<$tool['min'])exit('{"code":-1,"message":"当前商品最小下单数量为'.$tool['min'].'"}'); 306 | if($tool['multi']==1 && $tool['max']>0 && $num>$tool['max'])exit('{"code":-1,"message":"当前商品最大下单数量为'.$tool['max'].'"}'); 307 | 308 | $islogin2 = 1; 309 | $price_obj = new \lib\Price($userrow['zid'],$userrow); 310 | $price_obj->setToolInfo($tid,$tool); 311 | $price = $price_obj->getToolPrice($tid); 312 | $price=$price_obj->getFinalPrice($price, $num); 313 | if(!$price)exit('{"code":-1,"message":"当前商品批发价格优惠设置不正确"}'); 314 | 315 | $i=2; 316 | $neednum = $num; 317 | foreach($inputs as $inputname){ 318 | if(strpos($inputname,'[multi]')!==false && isset(${'inputvalue'.$i}) && is_numeric(${'inputvalue'.$i})){ 319 | $val = intval(${'inputvalue'.$i}); 320 | if($val>0){ 321 | $neednum = $neednum * $val; 322 | } 323 | } 324 | $i++; 325 | } 326 | 327 | $need = $price * $neednum; 328 | if($need == 0) exit('{"code":-2,"message":"不支持免费商品对接"}'); 329 | if ($userrow['rmb'] < $need) exit('{"code":-2,"message":"余额不足,购买此商品还差' . ($need - $userrow['rmb']) . '元"}'); 330 | 331 | $trade_no = date("YmdHis").rand(111,999).'RMB'; 332 | $input = $input1 . ($input2 ? '|' . $input2 : null) . ($input3 ? '|' . $input3 : null) . ($input4 ? '|' . $input4 : null) . ($input5 ? '|' . $input5 : null); 333 | $sql="INSERT INTO `pre_pay` (`trade_no`,`type`,`tid`,`zid`,`input`,`num`,`name`,`money`,`ip`,`userid`,`addtime`,`blockdj`,`status`) VALUES (:trade_no, :type, :tid, :zid, :input, :num, :name, :money, :ip, :userid, NOW(), :blockdj, 0)"; 334 | $data = [':trade_no'=>$trade_no, ':type'=>'rmb', ':tid'=>$tid, ':zid'=>$userrow['zid'], ':input'=>$input, ':num'=>$num, ':name'=>$tool['name'], ':money'=>$need, ':ip'=>$clientip, ':userid'=>$userrow['zid'], ':blockdj'=>$blockdj?$blockdj:0]; 335 | if ($DB->exec($sql, $data)) { 336 | if ($DB->exec("UPDATE `pre_site` SET `rmb` = `rmb` - {$need} WHERE `zid` = '{$userrow['zid']}'") && $DB->exec("UPDATE `pre_pay` SET `status` = 1 WHERE `trade_no` = '{$trade_no}'")) { 337 | addPointRecord($userrow['zid'], $need, '消费', 'API购买 '.$tool['name']); 338 | $srow['tid'] = $tid; 339 | $srow['num'] = $num; 340 | $srow['input'] = $input; 341 | $srow['zid'] = $userrow['zid']; 342 | $srow['money'] = $need; 343 | $srow['trade_no'] = $trade_no; 344 | $srow['userid'] = $userrow['zid']; 345 | if($orderid = processOrder($srow)){ 346 | $result['code'] = 0; 347 | $result['message'] = 'success'; 348 | $result['orderid'] = $orderid; 349 | $djzt = $DB->getColumn("SELECT djzt FROM pre_orders WHERE id = '$orderid' LIMIT 1"); 350 | if($djzt == 3){ 351 | $rs=$DB->query("SELECT * FROM pre_faka WHERE tid='$tid' AND orderid='$orderid' ORDER BY kid ASC"); 352 | $kmdata=array(); 353 | while($res = $rs->fetch()) 354 | { 355 | if(!empty($res['pw'])){ 356 | $kmdata[]=array('card'=>$res['km'],'pass'=>$res['pw']); 357 | }else{ 358 | $kmdata[]=array('card'=>$res['km']); 359 | } 360 | } 361 | $result['faka']=true; 362 | $result['kmdata']=$kmdata; 363 | } 364 | } else { 365 | $result['message'] = '下单失败 : ' . $DB->error(); 366 | } 367 | } else { 368 | $result['message'] = '下单失败 : ' . $DB->error(); 369 | } 370 | } else { 371 | $result['message'] = '下单失败 : ' . $DB->error(); 372 | } 373 | } elseif ($userrow && $userrow['status'] == 0) { 374 | $result['message'] = '该账户已被封禁'; 375 | } else { 376 | $result['message'] = '用户名或密码不正确'; 377 | } 378 | } else { 379 | $result['message'] = '商品ID不存在'; 380 | } 381 | } 382 | elseif($act == 'search') 383 | { 384 | $result['code'] = -1; 385 | $id = isset($_POST['id'])?intval($_POST['id']):intval($_GET['id']); 386 | $row = $DB->getRow("SELECT * FROM `pre_orders` WHERE `id` = {$id} LIMIT 1"); 387 | if ($row){ 388 | $tool = $DB->getRow("SELECT * FROM pre_tools WHERE tid='{$row['tid']}' LIMIT 1"); 389 | if($tool['is_curl']==2){ 390 | $shequ = $DB->getRow("SELECT * FROM pre_shequ WHERE id='{$tool['shequ']}' LIMIT 1"); 391 | $list = third_call($shequ['type'], $shequ, 'query_order', [$row['djorder'], $tool['goods_id'], [$row['input'], $row['input2'], $row['input3'], $row['input4'], $row['input5']]]); 392 | if($list && is_array($list)){ 393 | if(($list['order_state']=='已完成'||$list['order_state']=='订单已完成'||$list['订单状态']=='已完成'||$list['订单状态']=='已发货'||$list['订单状态']=='交易成功'||$list['订单状态']=='已支付') && $row['status']==2){ 394 | $DB->exec("UPDATE `pre_orders` SET `status`=1 WHERE id='{$id}'"); 395 | $row['status'] = 1; 396 | } 397 | if((strpos($list['order_state'],'异常')!==false||strpos($list['order_state'],'退单')!==false||$list['订单状态']=='异常'||$list['订单状态']=='已退单') && $row['status']<3){ 398 | $DB->exec("UPDATE `pre_orders` SET `status`=3 WHERE id='{$id}'"); 399 | $row['status'] = 3; 400 | } 401 | }else{ 402 | $list = false; 403 | } 404 | } 405 | if($row['result']){ 406 | $list['订单结果'] = $row['result']; 407 | } 408 | $result['code'] = 0; 409 | $result['message'] = 'success'; 410 | $result['type'] = $tool['is_curl']; 411 | $result['status'] = $row['status']; 412 | $result['data'] = $list; 413 | } else { 414 | $result['message'] = '订单不存在'; 415 | } 416 | } 417 | elseif($act=='siteinfo') 418 | { 419 | $count1=$DB->getColumn("SELECT count(*) from pre_orders"); 420 | $count2=$DB->getColumn("SELECT count(*) from pre_orders where status>=1"); 421 | $count3=$DB->getColumn("SELECT count(*) from pre_site"); 422 | $result=array('sitename'=>$conf['sitename'],'kfqq'=>$conf['qq']?$conf['qq']:$conf['kfqq'],'anounce'=>$conf['anounce'],'modal'=>$conf['modal'],'bottom'=>$conf['bottom'],'alert'=>$conf['alert'],'gg_search'=>$conf['gg_search'],'gg_panel'=>$conf['gg_panel'],'version'=>VERSION,'build'=>$conf['build'],'orders'=>$count1,'orders1'=>$count2,'sites'=>$count3,'appalert'=>$conf['appalert']); 423 | } 424 | elseif($act=='token') 425 | { 426 | $key = isset($_GET['key'])?$_GET['key']:exit('No key'); 427 | $result=array('token'=>get_app_token($key),'time'=>time()); 428 | } 429 | else 430 | { 431 | $result=array("code"=>-5,"msg"=>"No Act!"); 432 | } 433 | 434 | echo json_encode($result); 435 | ?> -------------------------------------------------------------------------------- /ajax.php: -------------------------------------------------------------------------------- 1 | 0)$siterow = $userrow; 13 | }elseif($is_fenzhan == true){ 14 | $price_obj = new \lib\Price($siterow['zid'],$siterow); 15 | }else{ 16 | $price_obj = new \lib\Price(1); 17 | } 18 | if ($conf['cjmsg'] != '') { 19 | $cjmsg = $conf['cjmsg']; 20 | } else { 21 | $cjmsg = '您今天的抽奖次数已经达到上限!'; 22 | } 23 | switch($act){ 24 | case 'payrmb': 25 | if(!$islogin2)exit('{"code":-4,"msg":"你还未登录"}'); 26 | $orderid=isset($_POST['orderid'])?daddslashes($_POST['orderid']):exit('{"code":-1,"msg":"订单号未知"}'); 27 | $srow=$DB->getRow("SELECT * FROM pre_pay WHERE trade_no=:orderid LIMIT 1", [':orderid'=>$orderid]); 28 | if(!$srow['trade_no'] || $srow['tid']==-1)exit('{"code":-1,"msg":"订单号不存在!"}'); 29 | if($srow['money']=='0')exit('{"code":-1,"msg":"当前商品为免费商品,不需要支付"}'); 30 | if(!preg_match('/^[0-9.]+$/', $srow['money']))exit('{"code":-1,"msg":"订单金额不合法"}'); 31 | if($srow['status']==0){ 32 | if($srow['money']>$userrow['rmb'])exit('{"code":-3,"msg":"你的余额不足,请充值!"}'); 33 | if($DB->exec("UPDATE `pre_site` SET `rmb`=`rmb`-'{$srow['money']}' WHERE `zid`='{$userrow['zid']}'") && $DB->exec("UPDATE `pre_pay` SET `type`='rmb',`status`='1',`endtime`=NOW() WHERE `trade_no`='{$orderid}'")){ 34 | $srow['type'] = 'rmb'; 35 | if($orderid=processOrder($srow)){ 36 | addPointRecord($userrow['zid'], $srow['money'], '消费', '购买 '.$srow['name'].' ('.$orderid.')', $orderid); 37 | exit('{"code":1,"msg":"您所购买的商品已付款成功,感谢购买!","orderid":"'.$orderid.'"}'); 38 | }else{ 39 | addPointRecord($userrow['zid'], $srow['money'], '消费', '购买 '.$srow['name']); 40 | exit('{"code":-1,"msg":"下单失败!'.$DB->error().'"}'); 41 | } 42 | }else{ 43 | exit('{"code":-1,"msg":"下单失败!'.$DB->error().'"}'); 44 | } 45 | }else{ 46 | exit('{"code":-2,"msg":"当前订单已付款过,请勿重复提交"}'); 47 | } 48 | break; 49 | case 'captcha': 50 | $GtSdk = new \lib\GeetestLib($conf['captcha_id'], $conf['captcha_key']); 51 | $data = array( 52 | 'user_id' => $cookiesid, # 网站用户id 53 | 'client_type' => "web", # web:电脑上的浏览器;h5:手机上的浏览器,包括移动应用内完全内置的web_view;native:通过原生SDK植入APP应用的方式 54 | 'ip_address' => $clientip # 请在此处传输用户请求验证时所携带的IP 55 | ); 56 | $status = $GtSdk->pre_process($data, 1); 57 | $_SESSION['gtserver'] = $status; 58 | echo $GtSdk->get_response_str(); 59 | break; 60 | case 'getcount': 61 | $strtotime=strtotime($conf['build']);//获取开始统计的日期的时间戳 62 | $now=time();//当前的时间戳 63 | $yxts=ceil(($now-$strtotime)/86400);//取相差值然后除于24小时(86400秒) 64 | if($conf['hide_tongji']==1){ 65 | $result=array("code"=>0,"yxts"=>$yxts,"orders"=>0,"orders1"=>0,"orders2"=>0,"money"=>0,"money1"=>0,"gift"=>$gift); 66 | exit(json_encode($result)); 67 | } 68 | if($conf['tongji_time']>0){ 69 | $tongji_cachetime = $DB->getColumn("SELECT v FROM pre_config WHERE k='tongji_cachetime' limit 1"); 70 | $tongji_cache = $CACHE->read('tongji'); 71 | if($tongji_cachetime+intval($conf['tongji_time'])>=time() && $tongji_cache){ 72 | if($conf['shoppingcart']==1){ 73 | $cart_count = $DB->getColumn("SELECT count(*) from pre_cart WHERE userid='$cookiesid' AND status<=1"); 74 | } 75 | $array = unserialize($tongji_cache); 76 | $result=array("code"=>0,"yxts"=>$yxts,"orders"=>$array['orders'],"orders1"=>$array['orders1'],"orders2"=>$array['orders2'],"money"=>$array['money'],"money1"=>$array['money1'],"site"=>$array['site'],"gift"=>$array['gift'],"cart_count"=>$cart_count); 77 | exit(json_encode($result)); 78 | } 79 | } 80 | if($conf['gift_log']==1 && $conf['gift_open']==1){ 81 | $gift = array(); 82 | $list=$DB->query("SELECT a.*,(SELECT b.name FROM pre_gift AS b WHERE a.gid=b.id) AS name FROM pre_giftlog AS a WHERE status=1 ORDER BY id DESC"); 83 | while($cjlist=$list->fetch()){ 84 | if(!$cjlist['input'])continue; 85 | $gift[$cjlist['input']] = $cjlist['name']; 86 | } 87 | } 88 | $time =date("Y-m-d").' 00:00:01'; 89 | $count1=$DB->getColumn("SELECT count(*) FROM pre_orders"); 90 | $count2=$DB->getColumn("SELECT count(*) FROM pre_orders WHERE status>=1"); 91 | $count3=$DB->getColumn("SELECT sum(money) FROM pre_pay WHERE status=1"); 92 | $count4=round($count3, 2); 93 | $count5=$DB->getColumn("SELECT count(*) FROM `pre_orders` WHERE `addtime` > '$time'"); 94 | $count6=$DB->getColumn("SELECT sum(money) FROM `pre_pay` WHERE `addtime` > '$time' AND `status` = 1"); 95 | $count7=round($count6, 2); 96 | $count8=$DB->getColumn("SELECT count(*) from pre_site"); 97 | if($conf['tongji_time']>0){ 98 | saveSetting('tongji_cachetime',time()); 99 | $CACHE->save('tongji',serialize(array("orders"=>$count1,"orders1"=>$count2,"orders2"=>$count5,"money"=>$count4,"money1"=>$count7,"site"=>$count8,"gift"=>$gift))); 100 | } 101 | if($conf['shoppingcart']==1){ 102 | $cart_count = $DB->getColumn("SELECT count(*) FROM pre_cart WHERE userid='$cookiesid' AND status<=1"); 103 | } 104 | 105 | $result=array("code"=>0,"yxts"=>$yxts,"orders"=>$count1,"orders1"=>$count2,"orders2"=>$count5,"money"=>$count4,"money1"=>$count7,"site"=>$count8,"gift"=>$gift,"cart_count"=>$cart_count); 106 | exit(json_encode($result)); 107 | break; 108 | case 'getclass': 109 | $classhide = explode(',',$siterow['class']); 110 | $rs=$DB->query("SELECT * FROM pre_class WHERE active=1 ORDER BY sort ASC"); 111 | $data = array(); 112 | while($res = $rs->fetch(PDO::FETCH_ASSOC)){ 113 | if($is_fenzhan && in_array($res['cid'], $classhide))continue; 114 | $data[]=$res; 115 | } 116 | $result=array("code"=>0,"msg"=>"succ","data"=>$data); 117 | exit(json_encode($result)); 118 | break; 119 | case 'gettool': 120 | if(isset($_POST['kw'])){ 121 | $kw=trim(daddslashes($_POST['kw'])); 122 | if($kw=='random'){ 123 | $rs=$DB->query("SELECT * FROM pre_tools WHERE active=1 ORDER BY rand() LIMIT 10"); 124 | }else{ 125 | $rs=$DB->query("SELECT * FROM pre_tools WHERE name LIKE '%{$kw}%' AND active=1 ORDER BY sort ASC"); 126 | } 127 | }elseif(isset($_GET['cid'])){ 128 | $cid=intval($_GET['cid']); 129 | $rs=$DB->query("SELECT * FROM pre_tools WHERE cid='$cid' AND active=1 ORDER BY sort ASC"); 130 | if(isset($_GET['info']) && $_GET['info']==1){ 131 | $info=$DB->getRow("SELECT * FROM pre_class WHERE cid=$cid"); 132 | } 133 | }elseif(isset($_GET['tid'])){ 134 | $tid=intval($_GET['tid']); 135 | $rs=$DB->query("SELECT * FROM pre_tools WHERE tid='$tid' AND active=1"); 136 | }else{ 137 | exit('{"code":-1,"msg":"参数错误"}'); 138 | } 139 | $data = array(); 140 | while($res = $rs->fetch(PDO::FETCH_ASSOC)){ 141 | if(isset($_SESSION['gift_id']) && isset($_SESSION['gift_tid']) && $_SESSION['gift_tid']==$res['tid']){ 142 | $price=$conf["cjmoney"]?$conf["cjmoney"]:0; 143 | }elseif(isset($price_obj)){ 144 | $price_obj->setToolInfo($res['tid'],$res); 145 | if($price_obj->getToolDel($res['tid'])==1)continue; 146 | $price=$price_obj->getToolPrice($res['tid']); 147 | }else $price=$res['price']; 148 | if($res['is_curl']==4){ 149 | $isfaka = 1; 150 | $res['input'] = getFakaInput(); 151 | }else{ 152 | $isfaka = 0; 153 | } 154 | $data[]=array('tid'=>$res['tid'],'cid'=>$res['cid'],'sort'=>$res['sort'],'name'=>$res['name'],'value'=>$res['value'],'price'=>$price,'input'=>$res['input'],'inputs'=>$res['inputs'],'desc'=>$res['desc'],'alert'=>$res['alert'],'shopimg'=>$res['shopimg'],'repeat'=>$res['repeat'],'multi'=>$res['multi'],'close'=>$res['close'],'prices'=>$res['prices'],'min'=>$res['min'],'max'=>$res['max'],'sales'=>$res['sales'],'isfaka'=>$isfaka,'stock'=>$res['stock']); 155 | } 156 | $result=array("code"=>0,"msg"=>"succ","data"=>$data,"info"=>$info); 157 | exit(json_encode($result)); 158 | break; 159 | case 'gettoolnew': 160 | $page = $_POST['page'] ? intval(trim(daddslashes($_POST['page']))) : 1; 161 | $limit = $_POST['limit'] ? intval(trim(daddslashes($_POST['limit']))) : 9; 162 | if($limit < 1) $limit = 9; 163 | if($limit > 18) $limit = 18; 164 | $page = ($page-1)*$limit; 165 | $kw = trim(daddslashes($_POST['kw'])); 166 | $cid = intval($_POST['cid']); 167 | $sort_type = $_POST['sort_type'] ? trim(daddslashes($_POST['sort_type'])) : 'sort'; 168 | $sort = $_POST['sort'] ? trim(daddslashes($_POST['sort'])) : 'ASC'; 169 | if(!$cid && $sort_type == 'sort') $sort_type = 'tid'; 170 | 171 | $sort_type_arr = ['sort','price','sales']; 172 | $sort_arr = ['DESC','ASC']; 173 | $orderBy = "sort ASC"; 174 | if(in_array($sort_type,$sort_type_arr) && in_array($sort,$sort_arr)){ 175 | $orderBy = "{$sort_type} {$sort}"; 176 | } 177 | 178 | $where = "active=1"; 179 | if(!empty($kw)){ 180 | $where .= " and name LIKE '%{$kw}%'"; 181 | } 182 | if($cid){ 183 | $where .= " and cid='$cid'"; 184 | } 185 | 186 | $num=$DB->getColumn("SELECT count(tid) FROM pre_tools WHERE $where"); 187 | $rs=$DB->query("SELECT * FROM pre_tools WHERE $where ORDER BY $orderBy LIMIT $page,$limit"); 188 | 189 | $data = array(); 190 | $curr_time = time(); 191 | while($res = $rs->fetch(PDO::FETCH_ASSOC)){ 192 | if(isset($_SESSION['gift_id']) && isset($_SESSION['gift_tid']) && $_SESSION['gift_tid']==$res['tid']){ 193 | $price=$conf["cjmoney"]?$conf["cjmoney"]:0; 194 | }elseif(isset($price_obj)){ 195 | $price_obj->setToolInfo($res['tid'],$res); 196 | if($price_obj->getToolDel($res['tid'])==1)continue; 197 | $price=$price_obj->getToolPrice($res['tid']); 198 | }else $price=$res['price']; 199 | 200 | 201 | $is_stock_err = 0; 202 | if($res['is_curl']==4){ 203 | $isfaka = 1; 204 | $count = $DB->getColumn("SELECT count(*) FROM pre_faka WHERE tid='{$res['tid']}' AND orderid=0"); 205 | if($count == 0) $is_stock_err = 1; 206 | $res['input'] = getFakaInput(); 207 | }elseif($res['stock']!==null){ 208 | $isfaka = 0; 209 | $count = $res['stock']; 210 | if($count == 0) $is_stock_err = 1; 211 | }else{ 212 | $isfaka = 0; 213 | $count = null; 214 | } 215 | 216 | $data[]=array('tid'=>$res['tid'],'cid'=>$res['cid'],'sort'=>$res['sort'],'name'=>$res['name'],'value'=>$res['value'],'price'=>$price,'input'=>$res['input'],'inputs'=>$res['inputs'],'desc'=>$res['desc'],'alert'=>$res['alert'],'shopimg'=>$res['shopimg'],'repeat'=>$res['repeat'],'multi'=>$res['multi'],'close'=>$res['close'],'prices'=>$res['prices'],'min'=>$res['min'],'max'=>$res['max'],'sales'=>$res['sales'],'stock'=>$count,'isfaka'=>$isfaka,'addtime'=>strtotime($res['addtime']),'is_stock_err'=>$is_stock_err); 217 | } 218 | $pages = ceil($num/$limit); 219 | $result=array("code"=>0,"msg"=>"succ","data"=>$data,"info"=>$info,'pages'=>$pages,'total'=>intval($num)); 220 | exit(json_encode($result)); 221 | break; 222 | case 'getleftcount': 223 | $tid=intval($_POST['tid']); 224 | $count = $DB->getColumn("SELECT count(*) FROM pre_faka WHERE tid='$tid' AND orderid=0"); 225 | if($conf['faka_showleft']==1)$count = $count>0?'充足':'缺货'; 226 | $result=array("code"=>0,"count"=>$count); 227 | exit(json_encode($result)); 228 | break; 229 | case 'pay': 230 | $method=$_GET['method']; 231 | $inputvalue=htmlspecialchars(trim(strip_tags(daddslashes($_POST['inputvalue'])))); 232 | $inputvalue2=htmlspecialchars(trim(strip_tags(daddslashes($_POST['inputvalue2'])))); 233 | $inputvalue3=htmlspecialchars(trim(strip_tags(daddslashes($_POST['inputvalue3'])))); 234 | $inputvalue4=htmlspecialchars(trim(strip_tags(daddslashes($_POST['inputvalue4'])))); 235 | $inputvalue5=htmlspecialchars(trim(strip_tags(daddslashes($_POST['inputvalue5'])))); 236 | $num=isset($_POST['num'])?intval($_POST['num']):1; 237 | $hashsalt=isset($_POST['hashsalt'])?$_POST['hashsalt']:null; 238 | if($method == 'cart_edit'){ 239 | $shop_id=intval($_POST['shop_id']); 240 | $cart_item = $DB->getRow("SELECT * FROM `pre_cart` WHERE `id`='$shop_id' LIMIT 1"); 241 | if(!$cart_item)exit('{"code":-1,"msg":"商品不存在!"}'); 242 | if($cart_item['userid']!=$cookiesid || $cart_item['status']>1)exit('{"code":-1,"msg":"商品权限校验失败"}'); 243 | $tool=$DB->getRow("SELECT * FROM pre_tools WHERE tid='{$cart_item['tid']}' LIMIT 1"); 244 | }else{ 245 | $tid=intval($_POST['tid']); 246 | $tool=$DB->getRow("SELECT A.*,B.blockpay FROM pre_tools A LEFT JOIN pre_class B ON A.cid=B.cid WHERE tid='$tid' LIMIT 1"); 247 | } 248 | if($tool && $tool['active']==1){ 249 | if($tool['close']==1)exit('{"code":-1,"msg":"当前商品维护中,停止下单!"}'); 250 | if(($conf['forcermb']==1 || $conf['forcelogin']==1) && !$islogin2)exit('{"code":4,"msg":"你还未登录"}'); 251 | if(!empty($tool['blockpay']) && !$islogin2){ 252 | $blockpay = explode(',',$tool['blockpay']); 253 | if(in_array('alipay',$blockpay) && in_array('qqpay',$blockpay) && in_array('wxpay',$blockpay))exit('{"code":4,"msg":"当前商品需要登录后才能下单"}'); 254 | } 255 | if($conf['verify_open']==1 && (empty($_SESSION['addsalt']) || $hashsalt!=$_SESSION['addsalt'])){ 256 | exit('{"code":-1,"msg":"验证失败,请刷新页面重试"}'); 257 | } 258 | $inputs=explode('|',$tool['inputs']); 259 | if(empty($inputvalue) || $inputs[0] && empty($inputvalue2) || $inputs[1] && empty($inputvalue3) || $inputs[2] && empty($inputvalue4) || $inputs[3] && empty($inputvalue5)){ 260 | exit('{"code":-1,"msg":"请确保各项不能为空"}'); 261 | } 262 | if(!$inputs[0] && !empty($inputvalue2) || !$inputs[1] && !empty($inputvalue3) || !$inputs[2] && !empty($inputvalue4) || !$inputs[3] && !empty($inputvalue5)){ 263 | exit('{"code":-1,"msg":"验证失败"}'); 264 | } 265 | if(in_array($inputvalue,explode("|",$conf['blacklist'])))exit('{"code":-1,"msg":"你的下单账号已被拉黑,无法下单!"}'); 266 | if($tool['is_curl']==4){ 267 | if(!$islogin2 && $conf['faka_input']==0 && !checkEmail($inputvalue)){ 268 | exit('{"code":-1,"msg":"邮箱格式不正确"}'); 269 | } 270 | $count = $DB->getColumn("SELECT count(*) FROM pre_faka WHERE tid='$tid' AND orderid=0"); 271 | $nums=($tool['value']>1?$tool['value']:1)*$num; 272 | if($count==0)exit('{"code":-1,"msg":"该商品库存卡密不足,请联系站长加卡!"}'); 273 | if($nums>$count)exit('{"code":-1,"msg":"你所购买的数量超过库存数量!"}'); 274 | } 275 | elseif($tool['stock']!==null){ 276 | if($tool['stock']==0)exit('{"code":-1,"msg":"该商品库存不足,请联系站长增加库存!"}'); 277 | if($num>$tool['stock'])exit('{"code":-1,"msg":"你所购买的数量超过库存数量!"}'); 278 | } 279 | elseif($tool['repeat']==0){ 280 | $thtime=date("Y-m-d").' 00:00:00'; 281 | $row=$DB->getRow("SELECT id,input,status,addtime FROM pre_orders WHERE tid=:tid AND input=:input ORDER BY id DESC LIMIT 1", [':tid'=>$tid, ':input'=>$inputvalue]); 282 | if($row['input'] && $row['status']==0) 283 | exit('{"code":-1,"msg":"您今天添加的'.$tool['name'].'正在排队中,请勿重复提交!"}'); 284 | elseif($row['addtime']>$thtime) 285 | exit('{"code":-1,"msg":"您今天已添加过'.$tool['name'].',请勿重复提交!"}'); 286 | } 287 | if($tool['validate']==1 && is_numeric($inputvalue)){ 288 | if(validate_qzone($inputvalue)==false) 289 | exit('{"code":-1,"msg":"你的QQ空间设置了访问权限,无法下单!"}'); 290 | } 291 | if($tool['multi']==0 || $num<1)$num = 1; 292 | if($tool['multi']==1 && $tool['min']>0 && $num<$tool['min'])exit('{"code":-1,"msg":"当前商品最小下单数量为'.$tool['min'].'"}'); 293 | if($tool['multi']==1 && $tool['max']>0 && $num>$tool['max'])exit('{"code":-1,"msg":"当前商品最大下单数量为'.$tool['max'].'"}'); 294 | if(isset($_SESSION['gift_id']) && isset($_SESSION['gift_tid']) && $_SESSION['gift_tid']==$tid){ 295 | $gift_id = intval($_SESSION['gift_id']); 296 | $giftlog=$DB->getColumn("SELECT status FROM pre_giftlog WHERE id='$gift_id' LIMIT 1"); 297 | if($giftlog==1){ 298 | unset($_SESSION['gift_id']); 299 | unset($_SESSION['gift_tid']); 300 | exit('{"code":-1,"msg":"当前奖品已经领取过了!"}'); 301 | } 302 | $price=$conf["cjmoney"]?$conf["cjmoney"]:0; 303 | $num=1; 304 | }elseif($tool['price']==0){ 305 | $price=0; 306 | }elseif(isset($price_obj)){ 307 | $price_obj->setToolInfo($tid,$tool); 308 | $price=$price_obj->getToolPrice($tid); 309 | $price=$price_obj->getFinalPrice($price, $num); 310 | if(!$price)exit('{"code":-1,"msg":"当前商品批发价格优惠设置不正确"}'); 311 | }else $price=$tool['price']; 312 | 313 | $i=2; 314 | $neednum = $num; 315 | foreach($inputs as $inputname){ 316 | if(strpos($inputname,'[multi]')!==false && isset(${'inputvalue'.$i}) && is_numeric(${'inputvalue'.$i})){ 317 | $val = intval(${'inputvalue'.$i}); 318 | if($val>0){ 319 | $neednum = $neednum * $val; 320 | } 321 | } 322 | $i++; 323 | } 324 | 325 | $need=round($price*$neednum, 2); 326 | if($need==0 && $tid!=$_SESSION['gift_tid']){ 327 | if($method == 'cart_add' || $method == 'cart_edit')exit('{"code":-1,"msg":"免费商品请直接点击领取"}'); 328 | $thtime=date("Y-m-d").' 00:00:00'; 329 | if($_SESSION['blockfree']==true || $DB->getColumn("SELECT count(*) FROM `pre_pay` WHERE `money`=0 AND `ip`='$clientip' AND `status`=1 AND `addtime`>'$thtime'")>=1){ 330 | exit('{"code":-1,"msg":"您今天已领取过,请明天再来!"}'); 331 | } 332 | if($conf['captcha_open_free']==1 && $conf['captcha_open']==1){ 333 | if(isset($_POST['geetest_challenge']) && isset($_POST['geetest_validate']) && isset($_POST['geetest_seccode'])){ 334 | if(!isset($_SESSION['gtserver']))exit('{"code":-1,"msg":"验证加载失败"}'); 335 | 336 | $GtSdk = new \lib\GeetestLib($conf['captcha_id'], $conf['captcha_key']); 337 | 338 | $data = array( 339 | 'user_id' => $cookiesid, 340 | 'client_type' => "web", 341 | 'ip_address' => $clientip 342 | ); 343 | 344 | if ($_SESSION['gtserver'] == 1) { //服务器正常 345 | $result = $GtSdk->success_validate($_POST['geetest_challenge'], $_POST['geetest_validate'], $_POST['geetest_seccode'], $data); 346 | if ($result) { 347 | //echo '{"status":"success"}'; 348 | } else{ 349 | exit('{"code":-1,"msg":"验证失败,请重新验证"}'); 350 | } 351 | }else{ //服务器宕机,走failback模式 352 | if ($GtSdk->fail_validate($_POST['geetest_challenge'],$_POST['geetest_validate'],$_POST['geetest_seccode'])) { 353 | //echo '{"status":"success"}'; 354 | }else{ 355 | exit('{"code":-1,"msg":"验证失败,请重新验证"}'); 356 | } 357 | } 358 | }else{ 359 | exit('{"code":2,"type":1,"msg":"请先完成验证"}'); 360 | } 361 | }elseif($conf['captcha_open_free']==1 && $conf['captcha_open']==2){ 362 | if(isset($_POST['token'])){ 363 | $client = new \lib\CaptchaClient($conf['captcha_id'], $conf['captcha_key']); 364 | $client->setTimeOut(2); 365 | $response = $client->verifyToken($_POST['token']); 366 | if($response->result){ 367 | /**token验证通过,继续其他流程**/ 368 | }else{ 369 | /**token验证失败**/ 370 | exit('{"code":-1,"msg":"验证失败,请重新验证"}'); 371 | } 372 | }else{ 373 | exit('{"code":2,"type":2,"appid":"'.$conf['captcha_id'].'","msg":"请先完成验证"}'); 374 | } 375 | }elseif($conf['captcha_open_free']==1 && $conf['captcha_open']==3){ 376 | if(isset($_POST['token'])){ 377 | if(vaptcha_verify($conf['captcha_id'], $conf['captcha_key'], $_POST['token'], $clientip)){ 378 | /**token验证通过,继续其他流程**/ 379 | }else{ 380 | /**token验证失败**/ 381 | exit('{"code":-1,"msg":"验证失败,请重新验证"}'); 382 | } 383 | }else{ 384 | exit('{"code":2,"type":3,"appid":"'.$conf['captcha_id'].'","msg":"请先完成验证"}'); 385 | } 386 | } 387 | } 388 | //下单对接预检查 389 | if($need>0 && $tool['shequ']>0 && $tool['is_curl']==2 && in_array($tool['cid'],explode(",",$conf['pricejk_cid'])) && time()-$tool['uptime']>=$conf['pricejk_time']){ 390 | $shequ=$DB->getRow("select * from pre_shequ where id='{$tool['shequ']}' limit 1"); 391 | $allowType = explode(',',$CACHE->read('pricejk_type2')); 392 | if($conf['pricejk_yile']==0 && in_array($shequ['type'],$allowType) && $tool['prid']>0){ 393 | $num_change = third_call($shequ['type'], $shequ, 'pricejk_one', [$tool]); 394 | if($num_change>0){ 395 | exit('{"code":3,"msg":"当前商品价格发生变化,请刷新页面重试","change":"'.$num_change.'"}'); 396 | } 397 | }else{ 398 | $apireturn = third_call($shequ['type'], $shequ, 'pre_check', [$tool, $num]); 399 | if($apireturn && $apireturn['code']==-1){ 400 | exit('{"code":3,"msg":"'.$apireturn['msg'].'"}'); 401 | } 402 | } 403 | } 404 | 405 | $trade_no=date("YmdHis").rand(111,999); 406 | $input=$inputvalue.($inputvalue2?'|'.$inputvalue2:null).($inputvalue3?'|'.$inputvalue3:null).($inputvalue4?'|'.$inputvalue4:null).($inputvalue5?'|'.$inputvalue5:null); 407 | if($method == 'cart_add'){ 408 | $sql="INSERT INTO `pre_cart` (`userid`,`zid`,`tid`,`input`,`num`,`money`,`addtime`,`blockdj`,`status`) VALUES (:userid, :zid, :tid, :input, :num, :money, NOW(), :blockdj, 0)"; 409 | $data = [':userid'=>$cookiesid, ':zid'=>$siterow['zid']?$siterow['zid']:1, ':tid'=>$tid, ':input'=>$input, ':num'=>$num, ':money'=>$need, ':blockdj'=>$blockdj?$blockdj:0]; 410 | if($DB->exec($sql, $data)){ 411 | $cart_count = $DB->getColumn("SELECT count(*) FROM pre_cart WHERE userid='$cookiesid' AND status<=1"); 412 | exit('{"code":0,"msg":"加入购物车成功!","need":"'.$need.'","cart_count":"'.$cart_count.'"}'); 413 | }else{ 414 | exit('{"code":-1,"msg":"加入购物车失败!'.$DB->error().'"}'); 415 | } 416 | }elseif($method == 'cart_edit'){ 417 | $sql="UPDATE `pre_cart` SET `input`=:input,`num`=:num,`money`=:money,`status`='0' WHERE id=:id"; 418 | $data = [':input'=>$input, ':num'=>$num, ':money'=>$need, ':id'=>$shop_id]; 419 | if($DB->exec($sql, $data)!==false){ 420 | exit('{"code":0,"msg":"编辑订单成功!","need":"'.$need.'"}'); 421 | }else{ 422 | exit('{"code":-1,"msg":"编辑订单失败!'.$DB->error().'"}'); 423 | } 424 | }elseif($need==0){ 425 | $trade_no='free'.$trade_no; 426 | $num = 1; 427 | $sql="INSERT INTO `pre_pay` (`trade_no`,`tid`,`zid`,`type`,`input`,`num`,`name`,`money`,`ip`,`userid`,`addtime`,`blockdj`,`status`) VALUES (:trade_no, :tid, :zid, :type, :input, :num, :name, :money, :ip, :userid, NOW(), :blockdj, 1)"; 428 | $data = [':trade_no'=>$trade_no, ':tid'=>$tid, ':zid'=>$siterow['zid']?$siterow['zid']:1, ':type'=>'free', ':input'=>$input, ':num'=>$num, ':name'=>$tool['name'], ':money'=>$need, ':ip'=>$clientip, ':userid'=>$cookiesid, ':blockdj'=>$blockdj?$blockdj:0]; 429 | if($DB->exec($sql, $data)){ 430 | unset($_SESSION['addsalt']); 431 | if(isset($_SESSION['gift_id'])){ 432 | $DB->exec("UPDATE `pre_giftlog` SET `status`=1,`tradeno`=:tradeno,`input`=:input WHERE `id`=:id", [':tradeno'=>$trade_no, ':input'=>$inputvalue, ':id'=>$gift_id]); 433 | unset($_SESSION['gift_id']); 434 | unset($_SESSION['gift_tid']); 435 | $_SESSION['blockfree']=true; 436 | } 437 | $srow['tid']=$tid; 438 | $srow['input']=$input; 439 | $srow['num']=$num; 440 | $srow['zid']=$siterow['zid']?$siterow['zid']:1; 441 | $srow['userid']=$cookiesid; 442 | $srow['trade_no']=$trade_no; 443 | $srow['money']=0; 444 | if($orderid=processOrder($srow)){ 445 | exit('{"code":1,"msg":"下单成功!你可以在进度查询中查看订单进度","orderid":"'.$orderid.'"}'); 446 | }else{ 447 | exit('{"code":-1,"msg":"下单失败!'.$DB->error().'"}'); 448 | } 449 | } 450 | }else{ 451 | $sql="INSERT INTO `pre_pay` (`trade_no`,`tid`,`zid`,`input`,`num`,`name`,`money`,`ip`,`userid`,`inviteid`,`addtime`,`blockdj`,`status`) VALUES (:trade_no, :tid, :zid, :input, :num, :name, :money, :ip, :userid, :inviteid, NOW(), :blockdj, 0)"; 452 | $data = [':trade_no'=>$trade_no, ':tid'=>$tid, ':zid'=>$siterow['zid']?$siterow['zid']:1, ':input'=>$input, ':num'=>$num, ':name'=>$tool['name'], ':money'=>$need, ':ip'=>$clientip, ':userid'=>$cookiesid, ':inviteid'=>$invite_id, ':blockdj'=>$blockdj?$blockdj:0]; 453 | if($DB->exec($sql, $data)){ 454 | unset($_SESSION['addsalt']); 455 | if(isset($_SESSION['gift_id'])){ 456 | $DB->exec("UPDATE `pre_giftlog` SET `status`=1,`tradeno`=:tradeno,`input`=:input WHERE `id`=:id", [':tradeno'=>$trade_no, ':input'=>$inputvalue, ':id'=>$gift_id]); 457 | unset($_SESSION['gift_id']); 458 | unset($_SESSION['gift_tid']); 459 | } 460 | if($conf['forcermb']==1){$conf['alipay_api']=0;$conf['wxpay_api']=0;$conf['qqpay_api']=0;} 461 | if(!empty($tool['blockpay'])){ 462 | $blockpay = explode(',',$tool['blockpay']); 463 | if(in_array('alipay',$blockpay))$conf['alipay_api']=0; 464 | if(in_array('qqpay',$blockpay))$conf['qqpay_api']=0; 465 | if(in_array('wxpay',$blockpay))$conf['wxpay_api']=0; 466 | if(in_array('rmb',$blockpay))$islogin2=0; 467 | } 468 | $result = ['code'=>0, 'msg'=>'提交订单成功!', 'trade_no'=>$trade_no, 'need'=>$need, 'pay_alipay'=>$conf['alipay_api'], 'pay_wxpay'=>$conf['wxpay_api'], 'pay_qqpay'=>$conf['qqpay_api'], 'pay_rmb'=>$islogin2, 'user_rmb'=>$userrow['rmb'], 'paymsg'=>$conf['paymsg']]; 469 | exit(json_encode($result)); 470 | }else{ 471 | exit('{"code":-1,"msg":"提交订单失败!'.$DB->error().'"}'); 472 | } 473 | } 474 | }else{ 475 | exit('{"code":-2,"msg":"该商品不存在"}'); 476 | } 477 | break; 478 | case 'pays': 479 | if(!$conf['openbatchorder'])exit('{"code":-1,"msg":"未开启批量下单功能"}'); 480 | $inputvalues=$_POST['inputvalues']; 481 | $hashsalt=isset($_POST['hashsalt'])?$_POST['hashsalt']:null; 482 | $tid=intval($_POST['tid']); 483 | $num=isset($_POST['num'])?intval($_POST['num']):1; 484 | $tool=$DB->getRow("SELECT A.*,B.blockpay FROM pre_tools A LEFT JOIN pre_class B ON A.cid=B.cid WHERE tid='$tid' LIMIT 1"); 485 | if($tool && $tool['active']==1){ 486 | if($tool['close']==1)exit('{"code":-1,"msg":"当前商品维护中,停止下单!"}'); 487 | if(($conf['forcermb']==1 || $conf['forcelogin']==1) && !$islogin2)exit('{"code":4,"msg":"你还未登录"}'); 488 | if(!empty($tool['blockpay']) && !$islogin2){ 489 | $blockpay = explode(',',$tool['blockpay']); 490 | if(in_array('alipay',$blockpay) && in_array('qqpay',$blockpay) && in_array('wxpay',$blockpay))exit('{"code":4,"msg":"当前商品需要登录后才能下单"}'); 491 | } 492 | if($conf['verify_open']==1 && (empty($_SESSION['addsalt']) || $hashsalt!=$_SESSION['addsalt'])){ 493 | exit('{"code":-1,"msg":"验证失败,请刷新页面重试"}'); 494 | } 495 | $inputvalues = str_replace(array("\r\n", "\r", "\n"), "[br]", $inputvalues); 496 | $match = explode("[br]",$inputvalues); 497 | $count=0; 498 | $inputs=[]; 499 | foreach($match as $val) 500 | { 501 | $inputvalue = htmlspecialchars(trim(strip_tags(daddslashes($val)))); 502 | if($val=='')continue; 503 | $inputs[] = $inputvalue; 504 | $count++; 505 | } 506 | if($count==0)exit('{"code":-1,"msg":"下单账号不能为空"}'); 507 | $totalnum = $count * $num; 508 | 509 | if($tool['is_curl']==4){ 510 | $count = $DB->getColumn("SELECT count(*) FROM pre_faka WHERE tid='$tid' AND orderid=0"); 511 | $nums=($tool['value']>1?$tool['value']:1)*$totalnum; 512 | if($count==0)exit('{"code":-1,"msg":"该商品库存卡密不足,请联系站长加卡!"}'); 513 | if($nums>$count)exit('{"code":-1,"msg":"你所购买的数量超过库存数量!"}'); 514 | } 515 | elseif($tool['stock']!==null){ 516 | if($tool['stock']==0)exit('{"code":-1,"msg":"该商品库存不足,请联系站长增加库存!"}'); 517 | if($totalnum>$tool['stock'])exit('{"code":-1,"msg":"你所购买的数量超过库存数量!"}'); 518 | } 519 | if(isset($price_obj)){ 520 | $price_obj->setToolInfo($tid,$tool); 521 | $price=$price_obj->getToolPrice($tid); 522 | $price=$price_obj->getFinalPrice($price, $totalnum); 523 | if(!$price)exit('{"code":-1,"msg":"当前商品批发价格优惠设置不正确"}'); 524 | }else $price=$tool['price']; 525 | 526 | if($price==0){ 527 | exit('{"code":-1,"msg":"免费商品不支持批量下单"}'); 528 | } 529 | $need=round($price*$totalnum, 2); 530 | 531 | //下单对接预检查 532 | if($need>0 && $tool['shequ']>0 && $tool['is_curl']==2 && in_array($tool['cid'],explode(",",$conf['pricejk_cid'])) && time()-$tool['uptime']>=$conf['pricejk_time']){ 533 | $shequ=$DB->getRow("select * from pre_shequ where id='{$tool['shequ']}' limit 1"); 534 | $allowType = explode(',',$CACHE->read('pricejk_type2')); 535 | if($conf['pricejk_yile']==0 && in_array($shequ['type'],$allowType) && $tool['prid']>0){ 536 | $num_change = third_call($shequ['type'], $shequ, 'pricejk_one', [$tool]); 537 | if($num_change>0){ 538 | exit('{"code":3,"msg":"当前商品价格发生变化,请刷新页面重试","change":"'.$num_change.'"}'); 539 | } 540 | }else{ 541 | $apireturn = third_call($shequ['type'], $shequ, 'pre_check', [$tool, $totalnum]); 542 | if($apireturn && $apireturn['code']==-1){ 543 | exit('{"code":3,"msg":"'.$apireturn['msg'].'"}'); 544 | } 545 | } 546 | } 547 | 548 | $ids = array(); 549 | foreach($inputs as $input){ 550 | $need2=round($price*$num, 2); 551 | $sql="INSERT INTO `pre_cart` (`userid`,`zid`,`tid`,`input`,`num`,`money`,`addtime`,`blockdj`,`status`) VALUES (:userid, :zid, :tid, :input, :num, :money, NOW(), :blockdj, 1)"; 552 | $data = [':userid'=>$cookiesid, ':zid'=>$siterow['zid']?$siterow['zid']:1, ':tid'=>$tid, ':input'=>$input, ':num'=>$num, ':money'=>$need2, ':blockdj'=>0]; 553 | $DB->exec($sql, $data); 554 | $ids[] = $DB->lastInsertId(); 555 | } 556 | $input = implode('|',$ids); 557 | 558 | $trade_no=date("YmdHis").rand(111,999); 559 | $sql="INSERT INTO `pre_pay` (`trade_no`,`tid`,`zid`,`input`,`num`,`name`,`money`,`ip`,`userid`,`inviteid`,`addtime`,`status`) VALUES (:trade_no, :tid, :zid, :input, :num, :name, :money, :ip, :userid, :inviteid, NOW(), 0)"; 560 | $data = [':trade_no'=>$trade_no, ':tid'=>-3, ':zid'=>$siterow['zid']?$siterow['zid']:1, ':input'=>$input, ':num'=>count($ids), ':name'=>$tool['name'], ':money'=>$need, ':ip'=>$clientip, ':userid'=>$cookiesid, ':inviteid'=>$invite_id]; 561 | if($DB->exec($sql, $data)){ 562 | unset($_SESSION['addsalt']); 563 | if($conf['forcermb']==1){$conf['alipay_api']=0;$conf['wxpay_api']=0;$conf['qqpay_api']=0;} 564 | $result = ['code'=>0, 'msg'=>'提交订单成功!', 'trade_no'=>$trade_no, 'need'=>$need, 'num'=>$count, 'pay_alipay'=>$conf['alipay_api'], 'pay_wxpay'=>$conf['wxpay_api'], 'pay_qqpay'=>$conf['qqpay_api'], 'pay_rmb'=>$islogin2, 'user_rmb'=>$userrow['rmb'], 'paymsg'=>$conf['paymsg']]; 565 | exit(json_encode($result)); 566 | }else{ 567 | exit('{"code":-1,"msg":"提交订单失败!'.$DB->error().'"}'); 568 | } 569 | 570 | }else{ 571 | exit('{"code":-2,"msg":"该商品不存在"}'); 572 | } 573 | break; 574 | case 'cancel': 575 | $orderid=isset($_POST['orderid'])?trim($_POST['orderid']):exit('{"code":-1,"msg":"订单号未知"}'); 576 | $hashsalt=isset($_POST['hashsalt'])?$_POST['hashsalt']:null; 577 | $srow=$DB->getRow("SELECT trade_no,userid FROM pre_pay WHERE trade_no=:orderid LIMIT 1", [':orderid'=>$orderid]); 578 | if(!$srow['trade_no'] || $srow['userid']!=$cookiesid)exit('{"code":-1,"msg":"订单号不存在!"}'); 579 | if($srow['status']==0){ 580 | //$DB->exec("DELETE FROM pre_pay WHERE trade_no=:orderid", [':orderid'=>$orderid]); 581 | if($conf['verify_open']==1){ 582 | $_SESSION['addsalt'] = $hashsalt; 583 | } 584 | } 585 | exit('{"code":0,"msg":"ok"}'); 586 | break; 587 | case 'card_check': 588 | if($conf['iskami']==0)exit('{"code":-1,"msg":"当前站点未开启卡密下单"}'); 589 | $km=trim(daddslashes($_POST['km'])); 590 | $hashsalt=isset($_POST['hashsalt'])?$_POST['hashsalt']:null; 591 | $myrow=$DB->getRow("SELECT * FROM pre_kms WHERE km='$km' AND type=1 LIMIT 1"); 592 | if(!$myrow) exit('{"code":-1,"msg":"此卡密不存在!"}'); 593 | if($myrow['status']==1) exit('{"code":-1,"msg":"此卡密已被使用!"}'); 594 | $res=$DB->getRow("SELECT * FROM pre_tools WHERE tid='{$myrow['tid']}' AND active=1 LIMIT 1"); 595 | if(!$res)exit('{"code":-1,"msg":"当前卡密对应的商品不存在"}'); 596 | if($res['is_curl']==4){ 597 | $isfaka = 1; 598 | $res['input'] = getFakaInput(); 599 | }else{ 600 | $isfaka = 0; 601 | } 602 | $result=array("code"=>0,"num"=>$myrow['num'],"data"=>array('tid'=>$res['tid'],'cid'=>$res['cid'],'sort'=>$res['sort'],'name'=>$res['name'],'value'=>$res['value'],'price'=>$price,'input'=>$res['input'],'inputs'=>$res['inputs'],'desc'=>$res['desc'],'alert'=>$res['alert'],'shopimg'=>$res['shopimg'],'repeat'=>$res['repeat'],'multi'=>$res['multi'],'close'=>$res['close'],'prices'=>$res['prices'],'min'=>$res['min'],'max'=>$res['max'],'sales'=>$res['sales'],'isfaka'=>$isfaka,'stock'=>$res['stock'])); 603 | exit(json_encode($result)); 604 | break; 605 | case 'card_pay': 606 | if($conf['iskami']==0)exit('{"code":-1,"msg":"当前站点未开启卡密下单"}'); 607 | $km=trim(daddslashes($_POST['km'])); 608 | $inputvalue=htmlspecialchars(trim(strip_tags(daddslashes($_POST['inputvalue'])))); 609 | $inputvalue2=htmlspecialchars(trim(strip_tags(daddslashes($_POST['inputvalue2'])))); 610 | $inputvalue3=htmlspecialchars(trim(strip_tags(daddslashes($_POST['inputvalue3'])))); 611 | $inputvalue4=htmlspecialchars(trim(strip_tags(daddslashes($_POST['inputvalue4'])))); 612 | $inputvalue5=htmlspecialchars(trim(strip_tags(daddslashes($_POST['inputvalue5'])))); 613 | $hashsalt=isset($_POST['hashsalt'])?$_POST['hashsalt']:null; 614 | $myrow=$DB->getRow("SELECT * FROM pre_kms WHERE km='$km' AND type=1 LIMIT 1"); 615 | if(!$myrow) exit('{"code":-1,"msg":"此卡密不存在!"}'); 616 | if($myrow['status']==1) exit('{"code":-1,"msg":"此卡密已被使用!"}'); 617 | $num = $myrow['num']?$myrow['num']:1; 618 | $tid = $myrow['tid']; 619 | $tool=$DB->getRow("SELECT * FROM pre_tools WHERE tid='$tid' LIMIT 1"); 620 | if($tool && $tool['active']==1){ 621 | if($tool['close']==1)exit('{"code":-1,"msg":"当前商品维护中,停止下单!"}'); 622 | if($conf['forcelogin']==1 && !$islogin2)exit('{"code":4,"msg":"你还未登录"}'); 623 | if($conf['verify_open']==1 && (empty($_SESSION['addsalt']) || $hashsalt!=$_SESSION['addsalt'])){ 624 | exit('{"code":-1,"msg":"验证失败,请刷新页面重试"}'); 625 | } 626 | $inputs=explode('|',$tool['inputs']); 627 | if(empty($inputvalue) || $inputs[0] && empty($inputvalue2) || $inputs[1] && empty($inputvalue3) || $inputs[2] && empty($inputvalue4) || $inputs[3] && empty($inputvalue5)){ 628 | exit('{"code":-1,"msg":"请确保各项不能为空"}'); 629 | } 630 | if(!$inputs[0] && !empty($inputvalue2) || !$inputs[1] && !empty($inputvalue3) || !$inputs[2] && !empty($inputvalue4) || !$inputs[3] && !empty($inputvalue5)){ 631 | exit('{"code":-1,"msg":"验证失败"}'); 632 | } 633 | if(in_array($inputvalue,explode("|",$conf['blacklist'])))exit('{"code":-1,"msg":"你的下单账号已被拉黑,无法下单!"}'); 634 | if($tool['is_curl']==4){ 635 | if(!$islogin2 && $conf['faka_input']==0 && !checkEmail($inputvalue)){ 636 | exit('{"code":-1,"msg":"邮箱格式不正确"}'); 637 | } 638 | $count = $DB->getColumn("SELECT count(*) FROM pre_faka WHERE tid='$tid' AND orderid=0"); 639 | $nums=($tool['value']>1?$tool['value']:1)*$num; 640 | if($count==0)exit('{"code":-1,"msg":"该商品库存卡密不足,请联系站长加卡!"}'); 641 | if($nums>$count)exit('{"code":-1,"msg":"你所购买的数量超过库存数量!"}'); 642 | } 643 | elseif($tool['stock']!==null){ 644 | if($tool['stock']==0)exit('{"code":-1,"msg":"该商品库存不足,请联系站长增加库存!"}'); 645 | if($num>$tool['stock'])exit('{"code":-1,"msg":"你所购买的数量超过库存数量!"}'); 646 | } 647 | elseif($tool['repeat']==0){ 648 | $thtime=date("Y-m-d").' 00:00:00'; 649 | $row=$DB->getRow("SELECT id,input,status,addtime FROM pre_orders WHERE tid=:tid AND input=:input ORDER BY id DESC LIMIT 1", [':tid'=>$tid, ':input'=>$inputvalue]); 650 | if($row['input'] && $row['status']==0) 651 | exit('{"code":-1,"msg":"您今天添加的'.$tool['name'].'正在排队中,请勿重复提交!"}'); 652 | elseif($row['addtime']>$thtime) 653 | exit('{"code":-1,"msg":"您今天已添加过'.$tool['name'].',请勿重复提交!"}'); 654 | } 655 | if($tool['validate']==1 && is_numeric($inputvalue)){ 656 | if(validate_qzone($inputvalue)==false) 657 | exit('{"code":-1,"msg":"你的QQ空间设置了访问权限,无法下单!"}'); 658 | } 659 | if($tool['multi']==0 || $num<1)$num = 1; 660 | if($tool['multi']==1 && $tool['min']>0 && $num<$tool['min'])exit('{"code":-1,"msg":"当前商品最小下单数量为'.$tool['min'].'"}'); 661 | if($tool['multi']==1 && $tool['max']>0 && $num>$tool['max'])exit('{"code":-1,"msg":"当前商品最大下单数量为'.$tool['max'].'"}'); 662 | 663 | $trade_no='kid:'.$myrow['kid']; 664 | $input=$inputvalue.($inputvalue2?'|'.$inputvalue2:null).($inputvalue3?'|'.$inputvalue3:null).($inputvalue4?'|'.$inputvalue4:null).($inputvalue5?'|'.$inputvalue5:null); 665 | $srow['tid']=$tid; 666 | $srow['input']=$input; 667 | $srow['num']=$num; 668 | $srow['zid']=$siterow['zid']?$siterow['zid']:1; 669 | $srow['userid']=$cookiesid; 670 | $srow['trade_no']=$trade_no; 671 | $srow['money']=0; 672 | if($orderid=processOrder($srow)){ 673 | unset($_SESSION['addsalt']); 674 | $DB->query("UPDATE `pre_kms` SET `status`=1,`orderid`='$orderid',`usetime`=NOW() where `kid`='{$myrow['kid']}'"); 675 | exit('{"code":1,"msg":"下单成功!你可以在进度查询中查看订单进度","orderid":"'.$orderid.'"}'); 676 | }else{ 677 | exit('{"code":-1,"msg":"下单失败!'.$DB->error().'"}'); 678 | } 679 | }else{ 680 | exit('{"code":-2,"msg":"该商品不存在"}'); 681 | } 682 | break; 683 | case 'query': 684 | $type=intval($_POST['type']); 685 | $qq=trim(daddslashes($_POST['qq'])); 686 | $page=isset($_POST['page'])?intval($_POST['page']):1; 687 | if($type==1 && !empty($qq)){ 688 | if(strlen($qq)==17 && is_numeric($qq))$sql=" A.`tradeno`='{$qq}'"; 689 | else if(is_numeric($qq))$sql=" A.`id`='{$qq}' AND A.`userid`='$cookiesid'"; 690 | else exit('{"code":-1,"msg":"请输入正确的订单号"}'); 691 | } 692 | elseif(!empty($qq)){ 693 | $sql=" A.`input`='{$qq}'"; 694 | if($conf['queryorderlimit']==1)$sql.=" AND A.`userid`='$cookiesid'"; 695 | } 696 | else $sql=" A.`userid`='$cookiesid'"; 697 | 698 | $limit = 10; 699 | $start = $limit * ($page-1); 700 | $sql = "SELECT A.*,B.`name` FROM `pre_orders` A LEFT JOIN `pre_tools` B ON A.`tid`=B.`tid` WHERE{$sql} ORDER BY A.`id` DESC LIMIT {$start},{$limit}"; 701 | $rs=$DB->query($sql); 702 | $data=array(); 703 | $count = 0; 704 | while($res = $rs->fetch(PDO::FETCH_ASSOC)){ 705 | $count++; 706 | $data[]=array('id'=>$res['id'],'tid'=>$res['tid'],'input'=>$res['input'],'name'=>$res['name'],'value'=>$res['value'],'addtime'=>$res['addtime'],'endtime'=>$res['endtime'],'result'=>$res['result'],'status'=>$res['status'],'skey'=>md5($res['id'].SYS_KEY.$res['id'])); 707 | } 708 | if($page>1 && $count==0)exit('{"code":-1,"msg":"没有更多订单了"}'); 709 | $result=array("code"=>0,"msg"=>"succ","content"=>$qq,"page"=>$page,"isnext"=>($count==$limit?true:false),"islast"=>($page>1?true:false),"data"=>$data); 710 | exit(json_encode($result)); 711 | break; 712 | case 'order': //订单进度查询 713 | $id=intval($_POST['id']); 714 | if(md5($id.SYS_KEY.$id)!==$_POST['skey'])exit('{"code":-1,"msg":"验证失败"}'); 715 | $row=$DB->getRow("SELECT * FROM pre_orders WHERE id='$id' LIMIT 1"); 716 | if(!$row) 717 | exit('{"code":-1,"msg":"当前订单不存在!"}'); 718 | $tool=$DB->getRow("SELECT * FROM pre_tools WHERE tid='{$row['tid']}' LIMIT 1"); 719 | if($tool['is_curl']==4 || $row['djzt']==3){ 720 | $count = ($tool['value']>1?$tool['value']:1)*$row['value']; 721 | if($count>6){ 722 | $kmdata='
点此查看卡密
'; 723 | }else{ 724 | $rs=$DB->query("SELECT * FROM pre_faka WHERE tid='{$row['tid']}' AND orderid='$id' ORDER BY kid ASC LIMIT {$count}"); 725 | $kmdata=''; 726 | while($res = $rs->fetch(PDO::FETCH_ASSOC)) 727 | { 728 | if(!empty($res['pw'])){ 729 | $kmdata.='卡号:'.$res['km'].' 密码:'.$res['pw'].'
'; 730 | }else{ 731 | $kmdata.=$res['km'].'
'; 732 | } 733 | if(strlen($res['km'].$res['pw'])>80){ 734 | $kmdata='
点此查看卡密
'; 735 | break; 736 | } 737 | } 738 | } 739 | }elseif($tool['is_curl']==2){ 740 | $shequ=$DB->getRow("SELECT * FROM pre_shequ WHERE id='{$tool['shequ']}' LIMIT 1"); 741 | $list = third_call($shequ['type'], $shequ, 'query_order', [$row['djorder'], $tool['goods_id'], [$row['input'], $row['input2'], $row['input3'], $row['input4'], $row['input5']]]); 742 | if($list && is_array($list)){ 743 | if(($list['order_state']=='已完成'||$list['order_state']=='订单已完成'||$list['订单状态']=='已完成'||$list['订单状态']=='已发货'||$list['订单状态']=='交易成功'||$list['订单状态']=='已支付') && $row['status']==2){ 744 | $DB->exec("UPDATE `pre_orders` SET `status`=1 WHERE id='{$id}'"); 745 | $row['status']=1; 746 | } 747 | if((strpos($list['order_state'],'异常')!==false||strpos($list['order_state'],'退单')!==false||strpos($list['order_state'],'退款')!==false||$list['订单状态']=='异常'||$list['订单状态']=='已退单') && $row['status']<3){ 748 | $DB->exec("UPDATE `pre_orders` SET `status`=3 WHERE id='{$id}'"); 749 | $row['status']=3; 750 | } 751 | }else{ 752 | $list = false; 753 | } 754 | }elseif($tool['is_curl']==5 && empty($row['result'])){ 755 | $row['result'] = $tool['goods_param']; 756 | } 757 | $input=$tool['input']?$tool['input']:'下单账号'; 758 | if($tool['is_curl']==4)$input='联系方式'; 759 | $inputs=explode('|',$tool['inputs']); 760 | $inputsdata=$input.':'.$row['input']; 761 | $i=2; 762 | foreach($inputs as $input){ 763 | if(!$input)continue; 764 | if(strpos($input,'{')!==false && strpos($input,'}')!==false){ 765 | $input = substr($input,0,strpos($input,'{')); 766 | } 767 | if(strpos($input,'[')!==false && strpos($input,']')!==false){ 768 | $input = substr($input,0,strpos($input,'[')); 769 | } 770 | $inputsdata.='
'.$input.':'.(strpos($input,'密码')===false?$row['input'.$i]:'********'); 771 | if($i==2 && strpos($input,'密码')!==false && $conf['show_changepwd']==1){ 772 | $inputsdata.=' [修改密码]'; 773 | } 774 | $i++; 775 | } 776 | $result=array('code'=>0,'msg'=>'succ','name'=>$tool['name'],'money'=>$row['money'],'date'=>$row['addtime'],'inputs'=>$inputsdata,'list'=>$list,'kminfo'=>$kmdata,'alert'=>$tool['alert'],'desc'=>$tool['desc'],'status'=>$row['status'],'result'=>$row['result'],'complain'=>intval($conf['show_complain']),'islogin'=>$islogin2,'selfrefund'=>$conf['selfrefund']); 777 | exit(json_encode($result)); 778 | break; 779 | case 'apply_refund': 780 | if(!$conf['selfrefund'])exit('{"code":-1,"msg":"当前站点未开启自助申请退款"}'); 781 | if(!$islogin2)exit('{"code":-1,"msg":"未登录"}'); 782 | $id=intval($_POST['id']); 783 | if(md5($id.SYS_KEY.$id)!==$_POST['skey'])exit('{"code":-1,"msg":"验证失败"}'); 784 | $DB->beginTransaction(); 785 | $row=$DB->getRow("SELECT * FROM pre_orders WHERE id='$id' AND userid='{$userrow['zid']}' LIMIT 1 FOR UPDATE"); 786 | if(!$row) 787 | exit('{"code":-1,"msg":"当前订单不存在!"}'); 788 | if($row['status']!=0 && $row['status']!=3) exit('{"code":-1,"msg":"只有未处理和异常的订单才支持退款"}'); 789 | if($row['status']==4)exit('{"code":-1,"msg":"该订单已退款请勿重复提交"}'); 790 | if(!rollbackPoint($id)){ 791 | $DB->rollBack(); 792 | exit('{"code":-1,"msg":"该订单扣除上级提成失败,无法自助申请退款"}'); 793 | } 794 | changeUserMoney($userrow['zid'], $row['money'], true, '退款', '订单(ID'.$id.')已退款到余额'); 795 | $DB->exec("update pre_orders set status='4' where id='{$id}'"); 796 | $DB->commit(); 797 | exit(json_encode(['code'=>0, 'msg'=>'succ', 'money'=>$row['money']])); 798 | break; 799 | case 'changepwd': 800 | $orderid=daddslashes($_POST['id']); 801 | if(!$conf['show_changepwd'])exit('{"code":-1,"msg":"站点未开启修改订单密码"}'); 802 | if(md5($orderid.SYS_KEY.$orderid)!==$_POST['skey'])exit('{"code":-1,"msg":"验证失败"}'); 803 | $pwd=htmlspecialchars(trim(strip_tags(daddslashes($_POST['pwd'])))); 804 | if(strlen($pwd)<5)exit('{"code":-1,"msg":"请输入正确的密码"}'); 805 | $row=$DB->getRow("SELECT id,status FROM pre_orders WHERE id='$orderid' LIMIT 1"); 806 | if($row['status']==1)exit('{"code":-1,"msg":"该订单已完成,无法修改密码"}'); 807 | if($row){ 808 | if($DB->exec("UPDATE `pre_orders` SET `input2` ='{$pwd}',status=0 WHERE `id`='{$orderid}'")!==false){ 809 | $result=array("code"=>0,"msg"=>"已成功修改密码"); 810 | }else{ 811 | $result=array("code"=>0,"msg"=>"修改密码失败"); 812 | } 813 | }else{ 814 | $result=array("code"=>-1,"msg"=>"订单不存在"); 815 | } 816 | exit(json_encode($result)); 817 | break; 818 | case 'fill': 819 | $orderid=intval($_POST['orderid']); 820 | if(md5($orderid.SYS_KEY.$orderid)!==$_POST['skey'])exit('{"code":-1,"msg":"验证失败"}'); 821 | $row=$DB->getRow("SELECT id,status FROM pre_orders WHERE id='$orderid' LIMIT 1"); 822 | if($row){ 823 | if($row['status']==3){ 824 | $DB->exec("UPDATE `pre_orders` SET `status` ='0',result=NULL WHERE `id`='{$orderid}'"); 825 | $result=array("code"=>0,"msg"=>"已成功补交订单"); 826 | }else{ 827 | $result=array("code"=>0,"msg"=>"该订单不符合补交条件"); 828 | } 829 | }else{ 830 | $result=array("code"=>-1,"msg"=>"订单不存在"); 831 | } 832 | exit(json_encode($result)); 833 | break; 834 | case 'checklogin': 835 | if($islogin2==1)exit('{"code":1}'); 836 | else exit('{"code":0}'); 837 | break; 838 | case 'getshuoshuo': 839 | $uin=trim(daddslashes($_GET['uin'])); 840 | $page=intval($_GET['page']); 841 | $hashsalt=isset($_GET['hashsalt'])?$_GET['hashsalt']:null; 842 | if($conf['verify_open']==1 && (empty($_SESSION['addsalt']) || $hashsalt!=$_SESSION['addsalt'])){ 843 | exit('{"code":-1,"msg":"验证失败,请刷新页面重试"}'); 844 | } 845 | if(empty($uin))exit('{"code":-5,"msg":"QQ号不能为空"}'); 846 | $result = getshuoshuo($uin,$page); 847 | exit(json_encode($result)); 848 | break; 849 | case 'getrizhi': 850 | $uin=trim(daddslashes($_GET['uin'])); 851 | $page=intval($_GET['page']); 852 | $hashsalt=isset($_GET['hashsalt'])?$_GET['hashsalt']:null; 853 | if($conf['verify_open']==1 && (empty($_SESSION['addsalt']) || $hashsalt!=$_SESSION['addsalt'])){ 854 | exit('{"code":-1,"msg":"验证失败,请刷新页面重试"}'); 855 | } 856 | if(empty($uin))exit('{"code":-5,"msg":"QQ号不能为空"}'); 857 | $result = getrizhi($uin,$page); 858 | exit(json_encode($result)); 859 | break; 860 | case 'getshareid': 861 | $url=trim($_POST['url']); 862 | $hashsalt=isset($_POST['hashsalt'])?$_POST['hashsalt']:null; 863 | if($conf['verify_open']==1 && (empty($_SESSION['addsalt']) || $hashsalt!=$_SESSION['addsalt'])){ 864 | exit('{"code":-1,"msg":"验证失败,请刷新页面重试"}'); 865 | } 866 | if(empty($url))exit('{"code":-5,"msg":"url不能为空"}'); 867 | $result = getshareid($url); 868 | exit(json_encode($result)); 869 | break; 870 | case 'getshareids': 871 | $urls=$_POST['urls']; 872 | $hashsalt=isset($_POST['hashsalt'])?$_POST['hashsalt']:null; 873 | if($conf['verify_open']==1 && (empty($_SESSION['addsalt']) || $hashsalt!=$_SESSION['addsalt'])){ 874 | exit('{"code":-1,"msg":"验证失败,请刷新页面重试"}'); 875 | } 876 | if(!is_array($urls) || count($urls)==0)exit('{"code":-5,"msg":"url不能为空"}'); 877 | $list = []; 878 | foreach($urls as $url){ 879 | $res = getshareid($url); 880 | if($res['code']==0) $list[] = $res['songid']; 881 | } 882 | $result = ['code'=>0,'data'=>$list]; 883 | exit(json_encode($result)); 884 | break; 885 | case 'gift_start': 886 | $action = $_GET['action']; 887 | if ($action == '') { 888 | if(!$conf['gift_open'])exit('{"code":-2,"msg":"网站未开启抽奖功能"}'); 889 | if(!$conf['cjcishu'])exit('{"code":-2,"msg":"站长未设置每日抽奖次数!"}'); 890 | $thtime=date("Y-m-d").' 00:00:00'; 891 | $cjcount = $DB->getColumn("SELECT count(*) FROM pre_giftlog WHERE (userid='$cookiesid' OR ip='$clientip') AND addtime>='$thtime'"); 892 | if ($cjcount >= $conf['cjcishu']) { 893 | exit('{"code":-1,"msg":"' . $cjmsg . '"}'); 894 | } 895 | $query = $DB->query("SELECT * FROM pre_gift WHERE ok=0"); 896 | while ($row = $query->fetch()) { 897 | $arr[] = array("id" => $row["id"], "tid" => $row["tid"], "name" => $row["name"]); 898 | } 899 | $rateall = $DB->getColumn("SELECT sum(rate) FROM pre_gift WHERE ok=0"); 900 | if($rateall<100)$arr[] = array("id" => 0, "tid" => 0, "name" => '未中奖'); 901 | if (!$arr) { 902 | exit('{"code":-2,"msg":"站长未设置奖品"}'); 903 | } 904 | $result=array("code"=>0,"data"=>$arr); 905 | exit(json_encode($result)); 906 | } else { 907 | $token = md5($_GET['r'].SYS_KEY.$_GET['r']); 908 | exit('{"code":0,"token":"'.$token.'"}'); 909 | } 910 | break; 911 | case 'gift_stop': 912 | if(!$conf['gift_open'])exit('{"code":-2,"msg":"网站未开启抽奖功能"}'); 913 | if(!$conf['cjcishu'])exit('{"code":-2,"msg":"站长未设置每日抽奖次数!"}'); 914 | $hashsalt=isset($_POST['hashsalt'])?$_POST['hashsalt']:null; 915 | $token=isset($_POST['token'])?$_POST['token']:null; 916 | if($conf['verify_open']==1 && (empty($_SESSION['addsalt']) || $hashsalt!=$_SESSION['addsalt'])){ 917 | exit('{"code":-1,"msg":"验证失败,请刷新页面重试"}'); 918 | } 919 | if(md5($_GET['r'].SYS_KEY.$_GET['r']) !== $token)exit('{"code":-1,"msg":"请勿重复提交请求"}'); 920 | $thtime=date("Y-m-d").' 00:00:00'; 921 | $cjcount = $DB->getColumn("SELECT count(*) FROM pre_giftlog WHERE (userid='$cookiesid' OR ip='$clientip') AND addtime>='$thtime'"); 922 | if ($cjcount >= $conf['cjcishu']) { 923 | exit('{"code":-1,"msg":"' . $cjmsg . '"}'); 924 | } 925 | $prize_arr = array(); 926 | $query = $DB->query("SELECT * FROM pre_gift WHERE ok=0"); 927 | $i = 1; 928 | $bre = $DB->getColumn("SELECT count(*) FROM pre_gift WHERE ok=0"); 929 | while ($i <= $bre) { 930 | while ($row = $query->fetch()) { 931 | $prize_arr[] = array("id" => ($i = $i + 1) -1, "gid" => $row["id"], "tid" => $row["tid"], "name" => $row["name"], "rate" => $row["rate"], "not" => 0); 932 | } 933 | } 934 | if (!$prize_arr) { 935 | exit('{"code":-2,"msg":"站长未设置奖品"}'); 936 | } 937 | $rateall = $DB->getColumn("SELECT sum(rate) FROM pre_gift WHERE ok=0"); 938 | if($rateall<100)$prize_arr[] = array("id" => ($i = $i + 1) -1, "gid" => 0, "tid" => 0, "name" => '未中奖', "rate" => 100-$rateall, "not" => 1); 939 | foreach ($prize_arr as $key => $val) { 940 | $arr[$val["id"]] = $val["rate"]; 941 | } 942 | $prize_id = get_rand($arr); 943 | $data['rate'] = $prize_arr[$prize_id - 1]['rate']; 944 | $data['id'] = $prize_arr[$prize_id - 1]['id']; 945 | $data['gid'] = $prize_arr[$prize_id - 1]['gid']; 946 | $data['name'] = $prize_arr[$prize_id - 1]['name']; 947 | $data['tid'] = $prize_arr[$prize_id - 1]['tid']; 948 | $data['not'] = $prize_arr[$prize_id - 1]['not']; 949 | 950 | $gift_id = $DB->exec("INSERT INTO `pre_giftlog`(`zid`,`tid`,`gid`,`userid`,`ip`,`addtime`,`status`) VALUES ('".($siterow['zid']?$siterow['zid']:1)."','".$data['tid']."','".$data['gid']."','".$cookiesid."','".$clientip."','".$date."',0)"); 951 | if ($gift_id) { 952 | if ($data['not'] == 1) { 953 | exit('{"code":-1,"msg":"未中奖,谢谢参与!"}'); 954 | } 955 | $_SESSION['gift_tid'] = $data['tid']; 956 | $_SESSION['gift_id'] = $DB->lastInsertId(); 957 | unset($_SESSION['addsalt']); 958 | 959 | $cid = $DB->getColumn("SELECT cid FROM pre_tools WHERE tid='{$data['tid']}' LIMIT 1"); 960 | $result = array("code" => 0, "msg" => "succ", "cid" => $cid, "tid" => $data['tid'], "name" => $data['name']); 961 | exit(json_encode($result)); 962 | } else { 963 | exit('{"code":-3,"msg":"' . $DB->error() . '"}'); 964 | } 965 | break; 966 | case 'invite_create': 967 | if(!$conf['invite_tid'])exit('{"code":-1,"msg":"未开启该功能"}'); 968 | $nid = intval($_POST['nid']); 969 | $query_qq=htmlspecialchars(trim(strip_tags(daddslashes($_POST['query_qq'])))); 970 | $inputvalue=htmlspecialchars(trim(strip_tags(daddslashes($_POST['inputvalue'])))); 971 | $inputvalue2=htmlspecialchars(trim(strip_tags(daddslashes($_POST['inputvalue2'])))); 972 | $inputvalue3=htmlspecialchars(trim(strip_tags(daddslashes($_POST['inputvalue3'])))); 973 | $inputvalue4=htmlspecialchars(trim(strip_tags(daddslashes($_POST['inputvalue4'])))); 974 | $inputvalue5=htmlspecialchars(trim(strip_tags(daddslashes($_POST['inputvalue5'])))); 975 | $hashsalt=isset($_POST['hashsalt'])?$_POST['hashsalt']:null; 976 | 977 | if (!preg_match('/^[1-9][0-9]{4,9}$/i', $query_qq)) { 978 | exit('{"code":-1,"msg":"QQ号码格式不正确"}'); 979 | } 980 | $inviteshop=$DB->getRow("SELECT * FROM pre_inviteshop WHERE id='$nid' LIMIT 1"); 981 | if(!$inviteshop || $inviteshop['active']==0){ 982 | exit('{"code":-2,"msg":"该推广商品不存在"}'); 983 | } 984 | if($inviteshop['type']==1){ 985 | $plan = $inviteshop['value']; 986 | }else{ 987 | $plan = 0; 988 | } 989 | $tid = $inviteshop['tid']; 990 | $tool=$DB->getRow("SELECT * FROM pre_tools WHERE tid='$tid' LIMIT 1"); 991 | if(!$tool || $tool['active']==0){ 992 | exit('{"code":-2,"msg":"该商品不存在"}'); 993 | } 994 | if($tool['close']==1)exit('{"code":-1,"msg":"当前商品维护中,停止下单!"}'); 995 | if(in_array($inputvalue,explode("|",$conf['blacklist'])))exit('{"code":-1,"msg":"你的下单账号已被拉黑,无法下单!"}'); 996 | $inputs=explode('|',$tool['inputs']); 997 | if($inputs[0] && empty($inputvalue2) || $inputs[1] && empty($inputvalue3) || $inputs[2] && empty($inputvalue4) || $inputs[3] && empty($inputvalue5)){ 998 | exit('{"code":-1,"msg":"请确保各项不能为空"}'); 999 | } 1000 | if(!$inputs[0] && !empty($inputvalue2) || !$inputs[1] && !empty($inputvalue3) || !$inputs[2] && !empty($inputvalue4) || !$inputs[3] && !empty($inputvalue5)){ 1001 | exit('{"code":-1,"msg":"验证失败"}'); 1002 | } 1003 | if($tool['validate']==1 && is_numeric($inputvalue)){ 1004 | if(validate_qzone($inputvalue)==false) 1005 | exit('{"code":-1,"msg":"你的QQ空间设置了访问权限,无法下单!"}'); 1006 | } 1007 | $input=$inputvalue.($inputvalue2?'|'.$inputvalue2:null).($inputvalue3?'|'.$inputvalue3:null).($inputvalue4?'|'.$inputvalue4:null).($inputvalue5?'|'.$inputvalue5:null); 1008 | 1009 | $qqrow = $DB->getRow("SELECT * FROM `pre_invite` WHERE `qq`='$query_qq' AND tid='$tid' AND status=0 LIMIT 1"); 1010 | if ($qqrow) 1011 | { 1012 | if($qqrow['input']!=$input){ 1013 | $DB->exec("UPDATE `pre_invite` SET `input`=:input WHERE `id`=:id", [':input'=>$input, ':id'=>$qqrow['id']]); 1014 | } 1015 | $code = 2; 1016 | $url = $siteurl . '?i=' .$qqrow['key']; 1017 | } else { 1018 | if($conf['verify_open']==1 && (empty($_SESSION['addsalt']) || $hashsalt!=$_SESSION['addsalt'])){ 1019 | exit('{"code":-1,"msg":"验证失败,请刷新页面重试"}'); 1020 | } 1021 | $key = random(6); 1022 | if($DB->exec("INSERT INTO `pre_invite` (`nid`,`tid`,`qq`,`input`,`key`,`ip`,`plan`,`date`,`status`) VALUES (:nid,:tid,:qq,:input,:key,:ip,:plan,NOW(),0)", [':nid'=>$nid, ':tid'=>$tid, ':qq'=>$query_qq, ':input'=>$input, ':key'=>$key, ':ip'=>$clientip, ':plan'=>$plan])){ 1023 | unset($_SESSION['addsalt']); 1024 | $url = $siteurl . '?i=' . $key ; 1025 | }else{ 1026 | exit('{"code":-1,"msg":"' . $DB->error() . '"}'); 1027 | } 1028 | } 1029 | if($conf['fanghong_api']>0)$url = fanghongdwz($url); 1030 | $content = str_replace('[url]',$url,$conf['invite_content']); 1031 | if(!$content)$content = $url; 1032 | $result = array('code'=>0, 'msg'=>'succ', 'url'=>$url, 'content'=>$content); 1033 | exit(json_encode($result)); 1034 | break; 1035 | case 'invite_query': 1036 | $qq = daddslashes($_POST['query_qq']); 1037 | if (!preg_match('/^[1-9][0-9]{4,12}$/i', $qq)) { 1038 | exit('{"code":-1,"msg":"QQ号码格式不正确"}'); 1039 | } 1040 | $re = $DB->query("SELECT A.*,B.`name` FROM `pre_invite` A LEFT JOIN `pre_tools` B ON A.`tid`=B.`tid` WHERE A.`qq`='$qq' ORDER BY A.`id` DESC LIMIT 30"); 1041 | $ar_log = []; 1042 | while ($res = $re->fetch()) { 1043 | $input_arr = explode('|',$res['input']); 1044 | $ar_log[] = [ 1045 | 'id' => $res['id'], 1046 | 'nid' => $res['nid'], 1047 | 'tid' => $res['tid'], 1048 | 'input' => $input_arr[0], 1049 | 'name' => $res['name'], 1050 | 'count' => $res['count'], 1051 | 'plan' => $res['plan'], 1052 | 'click' => $res['click'], 1053 | 'key' => $res['key'], 1054 | 'addtime' => $res['date'], 1055 | 'status' => $res['status'], 1056 | ]; 1057 | }; 1058 | 1059 | if (count($ar_log) == 0) exit(json_encode(['code' => -1, 'msg' => '无相关数据,请先去生成对应的推广链接再来查询!'])); 1060 | 1061 | exit(json_encode(['code' => 0, 'msg' => 'succ', 'data' => $ar_log])); 1062 | break; 1063 | case 'invite_verify': 1064 | $key = isset($_POST['key'])?$_POST['key']:exit('{"code":-1,"msg":"key null"}'); 1065 | $code = isset($_POST['code'])?$_POST['code']:null; 1066 | if($conf['captcha_open']==1){ 1067 | if(isset($_POST['geetest_challenge']) && isset($_POST['geetest_validate']) && isset($_POST['geetest_seccode'])){ 1068 | if(!isset($_SESSION['gtserver']))exit('{"code":-1,"msg":"验证加载失败"}'); 1069 | $GtSdk = new \lib\GeetestLib($conf['captcha_id'], $conf['captcha_key']); 1070 | 1071 | $data = array( 1072 | 'user_id' => $cookiesid, 1073 | 'client_type' => "web", 1074 | 'ip_address' => $clientip 1075 | ); 1076 | 1077 | if ($_SESSION['gtserver'] == 1) { //服务器正常 1078 | $result = $GtSdk->success_validate($_POST['geetest_challenge'], $_POST['geetest_validate'], $_POST['geetest_seccode'], $data); 1079 | if ($result) { 1080 | //echo '{"status":"success"}'; 1081 | } else{ 1082 | exit('{"code":-1,"msg":"验证失败,请重新验证"}'); 1083 | } 1084 | }else{ //服务器宕机,走failback模式 1085 | if ($GtSdk->fail_validate($_POST['geetest_challenge'],$_POST['geetest_validate'],$_POST['geetest_seccode'])) { 1086 | //echo '{"status":"success"}'; 1087 | }else{ 1088 | exit('{"code":-1,"msg":"验证失败,请重新验证"}'); 1089 | } 1090 | } 1091 | }else{ 1092 | exit('{"code":2,"type":1,"msg":"请先完成验证"}'); 1093 | } 1094 | }elseif($conf['captcha_open']==2){ 1095 | if(isset($_POST['token'])){ 1096 | $client = new \lib\CaptchaClient($conf['captcha_id'], $conf['captcha_key']); 1097 | $client->setTimeOut(2); 1098 | $response = $client->verifyToken($_POST['token']); 1099 | if($response->result){ 1100 | /**token验证通过,继续其他流程**/ 1101 | }else{ 1102 | /**token验证失败**/ 1103 | exit('{"code":-1,"msg":"验证失败,请重新验证"}'); 1104 | } 1105 | }else{ 1106 | exit('{"code":2,"type":2,"appid":"'.$conf['captcha_id'].'","msg":"请先完成验证"}'); 1107 | } 1108 | }elseif($conf['captcha_open']==3){ 1109 | if(isset($_POST['token'])){ 1110 | if(vaptcha_verify($conf['captcha_id'], $conf['captcha_key'], $_POST['token'], $clientip)){ 1111 | /**token验证通过,继续其他流程**/ 1112 | }else{ 1113 | /**token验证失败**/ 1114 | exit('{"code":-1,"msg":"验证失败,请重新验证"}'); 1115 | } 1116 | }else{ 1117 | exit('{"code":2,"type":3,"appid":"'.$conf['captcha_id'].'","msg":"请先完成验证"}'); 1118 | } 1119 | }elseif (!$code || strtolower($code) != $_SESSION['vc_code']) { 1120 | unset($_SESSION['vc_code']); 1121 | exit('{"code":2,"msg":"验证码错误!"}'); 1122 | } 1123 | $isAddShop=false; 1124 | $invite_row = $DB->getRow("SELECT * FROM `pre_invite` WHERE `key` = :key LIMIT 1", [':key'=>$key]); 1125 | if($invite_row && $invite_row['status']==0){ 1126 | $shop = $DB->getRow("SELECT * FROM `pre_inviteshop` WHERE `id`=:id LIMIT 1", [':id'=>$invite_row['nid']]); 1127 | if($shop && $shop['active']==1 && $shop['type']==1){ 1128 | //if($invite_row['click']/$shop['value']>=0.8)exit(json_encode(array('code' => 0, 'msg' => 'succ', 'key'=>$key))); 1129 | if($DB->getColumn("SELECT count(*) FROM `pre_invitelog` WHERE `ip`=:ip", [':ip'=>$clientip])==0){ 1130 | $DB->exec("INSERT INTO `pre_invitelog`(`iid`,`type`,`date`,`ip`,`status`) VALUES (:iid, 1, NOW(), :ip, 0)", [':iid'=>$invite_row['id'], ':ip'=>$clientip]); 1131 | $DB->exec("UPDATE `pre_invite` SET `click`=`click`+1 WHERE `id`=:id", [':id'=>$invite_row['id']]); 1132 | if($invite_row['click']+1 >= $shop['value']){ 1133 | $isAddShop=true; 1134 | } 1135 | } 1136 | } 1137 | } 1138 | if($isAddShop && $DB->exec("UPDATE `pre_invite` SET `status`=1 WHERE `id`=:id", [':id'=>$invite_row['id']])){ 1139 | $DB->exec("UPDATE `pre_invite` SET `count`=`count`+1 WHERE `id`=:id", [':id'=>$invite_row['id']]); 1140 | $trade_no='invite'.date("YmdHis").rand(111,999); 1141 | $cookiesid=md5(uniqid(mt_rand(), 1) . time()); 1142 | $sql="INSERT INTO `pre_pay` (`trade_no`,`tid`,`zid`,`type`,`input`,`num`,`name`,`money`,`ip`,`userid`,`addtime`,`blockdj`,`status`) VALUES (:trade_no, :tid, :zid, :type, :input, :num, :name, :money, :ip, :userid, NOW(), 0, 1)"; 1143 | $data = [':trade_no'=>$trade_no, ':tid'=>$shop['tid'], ':zid'=>$siterow['zid']?$siterow['zid']:1, ':type'=>'free', ':input'=>$invite_row['input'], ':num'=>1, ':name'=>'推广奖励商品', ':money'=>'0', ':ip'=>$invite_row['ip'], ':userid'=>$cookiesid]; 1144 | if($DB->exec($sql, $data)){ 1145 | $srow['tid']=$shop['tid']; 1146 | $srow['input']=$invite_row['input']; 1147 | $srow['num']=1; 1148 | $srow['zid']=$siterow['zid']?$siterow['zid']:1; 1149 | $srow['userid']=$cookiesid; 1150 | $srow['trade_no']=$trade_no; 1151 | $srow['money']=0; 1152 | $orderid=processOrder($srow); 1153 | } 1154 | } 1155 | $result = array('code' => 0, 'msg' => 'succ', 'key'=>$key); 1156 | exit(json_encode($result)); 1157 | break; 1158 | case 'invite_content': 1159 | $id = intval($_POST['id']); 1160 | $qqrow = $DB->getRow("SELECT * FROM `pre_invite` WHERE `id`='$id' LIMIT 1"); 1161 | 1162 | if ($qqrow) { 1163 | if($qqrow['status']==1)exit('{"code":-1,"msg":"该推广订单已经完成,奖励已经到账,请重新创建推广订单进行推广!"}'); 1164 | $url = $siteurl . '?i=' . $qqrow['key']; 1165 | 1166 | if ($conf['fanghong_api'] > 0) $url = fanghongdwz($url); 1167 | $content = str_replace('[url]',$url,$conf['invite_content']); 1168 | if(!$content)$content = $url; 1169 | $result = array('code' => 0, 'msg' => 'succ', 'url' => $url, 'content'=>$content); 1170 | exit(json_encode($result)); 1171 | 1172 | } else exit('{"code":-1,"msg":"获取失败!"}'); 1173 | break; 1174 | case 'cart_info': 1175 | if($conf['shoppingcart']==1){ 1176 | $cart_count = $DB->getColumn("SELECT count(*) FROM pre_cart WHERE userid='$cookiesid' AND status<=1"); 1177 | } 1178 | $result = array('code'=>0, 'msg'=>'succ', 'count'=>$cart_count); 1179 | exit(json_encode($result)); 1180 | break; 1181 | case 'cart_num': 1182 | $shop_id = intval($_POST['id']); 1183 | $num = intval($_POST['num']); 1184 | $cart_item = $DB->getRow("SELECT * FROM `pre_cart` WHERE `id`='$shop_id' LIMIT 1"); 1185 | if(!$cart_item)exit('{"code":-1,"msg":"商品不存在!"}'); 1186 | if($cart_item['userid']!=$cookiesid || $cart_item['status']>1)exit('{"code":-1,"msg":"商品权限校验失败"}'); 1187 | $tool=$DB->getRow("SELECT * FROM pre_tools WHERE tid='{$cart_item['tid']}' LIMIT 1"); 1188 | if($tool['multi']==0 || $num<1)$num = 1; 1189 | if($tool['multi']==1 && $tool['min']>0 && $num<$tool['min'])exit('{"code":-1,"msg":"当前商品最小下单数量为'.$tool['min'].'"}'); 1190 | if($tool['multi']==1 && $tool['max']>0 && $num>$tool['max'])exit('{"code":-1,"msg":"当前商品最大下单数量为'.$tool['max'].'"}'); 1191 | if($tool['price']==0){ 1192 | $price=0; 1193 | }elseif(isset($price_obj)){ 1194 | $price_obj->setToolInfo($tid,$tool); 1195 | $price=$price_obj->getToolPrice($tid); 1196 | $price=$price_obj->getFinalPrice($price, $num); 1197 | if(!$price)exit('{"code":-1,"msg":"当前商品批发价格优惠设置不正确"}'); 1198 | }else $price=$tool['price']; 1199 | 1200 | $need=$price*$num; 1201 | $sql="UPDATE `pre_cart` SET `num`=:num,`money`=:money,`status`='0' WHERE id=:id"; 1202 | $data = [':num'=>$num, ':money'=>$need, ':id'=>$shop_id]; 1203 | if($DB->exec($sql, $data)!==false){ 1204 | exit('{"code":0,"msg":"修改数量成功!","need":"'.$need.'"}'); 1205 | }else{ 1206 | exit('{"code":-1,"msg":"修改数量失败!'.$DB->error().'"}'); 1207 | } 1208 | break; 1209 | case 'cart_list': 1210 | $cartids = $_GET['ids']; 1211 | if($cartids && count($cartids)>0){ 1212 | $ids = implode(',',$cartids); 1213 | $rs=$DB->query("SELECT a.*,b.name,b.input AS inputname,b.shopimg,b.multi,b.inputs,b.is_curl FROM pre_cart AS a LEFT JOIN pre_tools AS b ON a.tid=b.tid WHERE a.userid=:userid AND a.id IN (:ids) AND a.status<=1 ORDER BY a.id ASC", [':userid'=>$cookiesid, ':ids'=>$ids]); 1214 | }else{ 1215 | $rs=$DB->query("SELECT a.*,b.name,b.input AS inputname,b.shopimg,b.multi,b.inputs,b.is_curl FROM pre_cart AS a LEFT JOIN pre_tools AS b ON a.tid=b.tid WHERE a.userid=:userid AND a.status<=1 ORDER BY a.id ASC", [':userid'=>$cookiesid]); 1216 | } 1217 | $data = array(); 1218 | while($res = $rs->fetch(PDO::FETCH_ASSOC)) 1219 | { 1220 | $input=$res['inputname']?$res['inputname']:'下单账号'; 1221 | $inputs=explode('|',$res['inputs']); 1222 | $inputsdata=explode('|',$res['input']); 1223 | $show=$input.':'.$inputsdata[0]; 1224 | $i=1; 1225 | foreach($inputs as $input){ 1226 | if(!$input)continue; 1227 | if(strpos($input,'{')!==false && strpos($input,'}')!==false){ 1228 | $input = substr($input,0,strpos($input,'{')); 1229 | } 1230 | if(strpos($input,'[')!==false && strpos($input,']')!==false){ 1231 | $input = substr($input,0,strpos($input,'[')); 1232 | } 1233 | $show.=' '.$input.':'.(strpos($input,'密码')===false?$inputsdata[$i++]:'********'); 1234 | } 1235 | $res['inputsdata']=$show; 1236 | $data[] = $res; 1237 | } 1238 | $count = count($data); 1239 | $result=array("code"=>0,"msg"=>"succ","count"=>$count,"data"=>$data,"sitename"=>$conf['sitename']); 1240 | exit(json_encode($result)); 1241 | break; 1242 | case 'cart_buy': 1243 | $shop_ids = $_POST['shop_id']; 1244 | $hashsalt=isset($_POST['hashsalt'])?$_POST['hashsalt']:null; 1245 | if($conf['verify_open']==1 && (empty($_SESSION['addsalt']) || $hashsalt!=$_SESSION['addsalt'])){ 1246 | exit('{"code":-1,"msg":"验证失败,请刷新页面重试"}'); 1247 | } 1248 | $allmoney = 0; 1249 | $ids = array(); 1250 | foreach($shop_ids as $shop_id){ 1251 | $cart_item = $DB->getRow("SELECT * FROM `pre_cart` WHERE `id`='".intval($shop_id)."' LIMIT 1"); 1252 | if(!$cart_item)exit('{"code":-1,"msg":"商品不存在!"}'); 1253 | if($cart_item['userid']!=$cookiesid || $cart_item['status']>1)exit('{"code":-1,"msg":"商品权限校验失败"}'); 1254 | if($cart_item['money']=='0' || !preg_match('/^[0-9.]+$/', $cart_item['money']))exit('{"code":-1,"msg":"商品金额不合法"}'); 1255 | $ids[] = intval($shop_id); 1256 | $allmoney += floatval($cart_item['money']); 1257 | $DB->exec("UPDATE `pre_cart` SET `status`=1 WHERE `id`='{$cart_item['id']}'"); 1258 | } 1259 | if(count($ids)==0)exit('{"code":-1,"msg":"您未在购物车添加任何商品"}'); 1260 | $toolname=$DB->getColumn("SELECT name FROM pre_tools WHERE tid='{$cart_item['tid']}' LIMIT 1"); 1261 | $toolname = $toolname.'等多件'; 1262 | $input = implode('|',$ids); 1263 | $trade_no=date("YmdHis").rand(111,999); 1264 | 1265 | $sql="INSERT INTO `pre_pay` (`trade_no`,`tid`,`zid`,`input`,`num`,`name`,`money`,`ip`,`userid`,`inviteid`,`addtime`,`status`) VALUES (:trade_no, :tid, :zid, :input, :num, :name, :money, :ip, :userid, :inviteid, NOW(), 0)"; 1266 | $data = [':trade_no'=>$trade_no, ':tid'=>-3, ':zid'=>$siterow['zid']?$siterow['zid']:1, ':input'=>$input, ':num'=>count($ids), ':name'=>$toolname, ':money'=>$allmoney, ':ip'=>$clientip, ':userid'=>$cookiesid, ':inviteid'=>$invite_id]; 1267 | if($DB->exec($sql, $data)){ 1268 | unset($_SESSION['addsalt']); 1269 | if($conf['forcermb']==1){$conf['alipay_api']=0;$conf['wxpay_api']=0;$conf['qqpay_api']=0;} 1270 | $result = ['code'=>0, 'msg'=>'提交订单成功!', 'trade_no'=>$trade_no, 'need'=>$allmoney, 'pay_alipay'=>$conf['alipay_api'], 'pay_wxpay'=>$conf['wxpay_api'], 'pay_qqpay'=>$conf['qqpay_api'], 'pay_rmb'=>$islogin2, 'user_rmb'=>$userrow['rmb'], 'paymsg'=>$conf['paymsg']]; 1271 | exit(json_encode($result)); 1272 | }else{ 1273 | exit('{"code":-1,"msg":"提交订单失败!'.$DB->error().'"}'); 1274 | } 1275 | break; 1276 | case 'cart_cancel': 1277 | $orderid=isset($_POST['orderid'])?daddslashes($_POST['orderid']):exit('{"code":-1,"msg":"订单号未知"}'); 1278 | $hashsalt=isset($_POST['hashsalt'])?$_POST['hashsalt']:null; 1279 | $srow=$DB->getRow("SELECT * FROM pre_pay WHERE trade_no='{$orderid}' LIMIT 1"); 1280 | if(!$srow['trade_no'] || $srow['userid']!=$cookiesid)exit('{"code":-1,"msg":"订单号不存在!"}'); 1281 | if($srow['status']==0){ 1282 | //$DB->exec("DELETE FROM pre_pay WHERE trade_no='{$orderid}'"); 1283 | $input=explode('|',$srow['input']); 1284 | $ids = implode(',',$input); 1285 | $DB->exec("UPDATE pre_cart SET status=0 WHERE id IN ($ids) AND status=1"); 1286 | if($conf['verify_open']==1){ 1287 | $_SESSION['addsalt'] = $hashsalt; 1288 | } 1289 | } 1290 | exit('{"code":0,"msg":"ok"}'); 1291 | break; 1292 | case 'cart_empty': 1293 | if($DB->exec("DELETE FROM pre_cart WHERE userid='$cookiesid' AND (status=0 OR status=1)")!==false){ 1294 | exit('{"code":0,"msg":"清空购物车成功!"}'); 1295 | }else{ 1296 | exit('{"code":-1,"msg":"清空购物车失败!'.$DB->error().'"}'); 1297 | } 1298 | break; 1299 | case 'cart_shop_del': 1300 | $id = intval($_POST['id']); 1301 | $cart_item = $DB->getRow("SELECT * FROM `pre_cart` WHERE `id`='$id' LIMIT 1"); 1302 | if(!$cart_item)exit('{"code":-1,"msg":"商品不存在!"}'); 1303 | if($cart_item['userid']!=$cookiesid || $cart_item['status']>1)exit('{"code":-1,"msg":"商品权限校验失败"}'); 1304 | if($DB->exec("DELETE FROM pre_cart WHERE id='$id'")!==false){ 1305 | exit('{"code":0,"msg":"商品删除成功!"}'); 1306 | }else{ 1307 | exit('{"code":-1,"msg":"商品删除失败!'.$DB->error().'"}'); 1308 | } 1309 | break; 1310 | case 'cart_shop_item': 1311 | $id = intval($_POST['id']); 1312 | $cart_item = $DB->getRow("SELECT * FROM `pre_cart` WHERE `id`='$id' LIMIT 1"); 1313 | if(!$cart_item)exit('{"code":-1,"msg":"商品不存在!"}'); 1314 | if($cart_item['userid']!=$cookiesid || $cart_item['status']>1)exit('{"code":-1,"msg":"商品权限校验失败"}'); 1315 | $tool=$DB->getRow("SELECT * FROM pre_tools WHERE tid='{$cart_item['tid']}' LIMIT 1"); 1316 | $input=$tool['input']?$tool['input']:'下单QQ'; 1317 | $inputs=explode('|',$tool['inputs']); 1318 | $inputvalue=explode('|',$cart_item['input']); 1319 | $data = '
'; 1320 | if($tool['value']>1)$data .= '
下单数量
'; 1321 | $data .= '
下单份数
'; 1322 | if($tool['max']>1)$data .= ' 该商品下单份数不能超过'.$tool['max'].'
'; 1323 | else $data .= '
'; 1324 | $data .= '
'.$input.'
'; 1325 | $i=2; 1326 | foreach($inputs as $input){ 1327 | if(!$input)continue; 1328 | if(strpos($input,'{')!==false && strpos($input,'}')!==false){ 1329 | $inputname = substr($input,0,strpos($input,'{')); 1330 | $arr = explode(',',getSubstr($input,'{','}')); 1331 | $select=''; 1332 | foreach($arr as $option){ 1333 | if(strpos($option,':')!==false){ 1334 | $select.=''; 1335 | }else{ 1336 | $select.=''; 1337 | } 1338 | } 1339 | $data .= '
'.$inputname.'
'; 1340 | }else{ 1341 | $data .= '
'.$input.'
'; 1342 | } 1343 | $i++; 1344 | } 1345 | $data .= ''; 1346 | $data .= ''; 1347 | $result=array("code"=>0,"msg"=>"succ","data"=>$data); 1348 | exit(json_encode($result)); 1349 | break; 1350 | case 'share_link': 1351 | $tid = intval($_GET['tid']); 1352 | if(!$tid)exit('{"code":-1,"msg":"参数不能为空"}'); 1353 | $tool=$DB->getRow("SELECT * FROM pre_tools WHERE tid='$tid' AND active=1 LIMIT 1"); 1354 | if(!$tool)exit('{"code":-1,"msg":"商品不存在!"}'); 1355 | if(file_exists(TEMPLATE_ROOT.$conf['template'].'/buy.php')){ 1356 | $url = $siteurl.'?mod=buy&cid='.$tool['cid'].'&tid='.$tid; 1357 | }else{ 1358 | $url = $siteurl.'?cid='.$tool['cid'].'&tid='.$tid; 1359 | } 1360 | if(isset($price_obj)){ 1361 | $price_obj->setToolInfo($tool['tid'],$tool); 1362 | $price=$price_obj->getToolPrice($tool['tid']); 1363 | }else $price=$tool['price']; 1364 | if($conf['fanghong_api']>0)$url = fanghongdwz($url); 1365 | $content = '【'.$tool['name'].'】'.$price.'元 下单链接:'.$url; 1366 | $result=array("code"=>0,"msg"=>"succ","link"=>$url,"content"=>$content); 1367 | exit(json_encode($result)); 1368 | break; 1369 | default: 1370 | exit('{"code":-4,"msg":"No Act"}'); 1371 | break; 1372 | } --------------------------------------------------------------------------------