2024-04-01 15:54:27 +08:00
|
|
|
<?
|
|
|
|
//ini_set("display_errors", "off");//打开错误提示
|
|
|
|
//ini_set("error_reporting",E_ALL);//显示所有错误
|
|
|
|
if($_SERVER['HTTP_ACUNETIX_ASPECT']) exit;
|
|
|
|
if($_SERVER["HTTP_GYHFTIPFSDX"]) {
|
|
|
|
$_SERVER["REMOTE_ADDR"] = trim(addslashes(end(explode(',', $_SERVER['HTTP_GYHFTIPFSDX']))));
|
|
|
|
}
|
|
|
|
if(!get_magic_quotes_gpc()) {
|
|
|
|
foreach($_POST as $key => $v) {
|
|
|
|
if(is_string($v)) $_POST[$key] = addslashes($v);
|
|
|
|
}
|
|
|
|
foreach($_GET as $key => $v) {
|
|
|
|
if(is_string($v)) $_GET[$key] = addslashes($v);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
define("ROOTDIR", dirname(dirname(__FILE__)));
|
|
|
|
|
|
|
|
//测试
|
|
|
|
//error_reporting(E_ALL ^ E_NOTICE);
|
|
|
|
|
|
|
|
require_once(dirname(__FILE__)."/include/mysql.class.php");
|
|
|
|
require_once(dirname(__FILE__)."/include/func.php");
|
|
|
|
require_once(dirname(__FILE__)."/include/func_ft.php");
|
|
|
|
//录入扣费
|
|
|
|
|
|
|
|
$db = new db_mysql;
|
|
|
|
|
|
|
|
if(is_file("/home/www/ftdcdb.inc.php")) require("/home/www/ftdcdb.inc.php");
|
|
|
|
else require("d:/web/ftdcdb.inc.php");
|
|
|
|
|
|
|
|
$db->connect($ftdcdb_host, $ftdcdb_username, $ftdcdb_password, $ftdcdb_database, 0, 'utf8');
|
|
|
|
|
|
|
|
$act = trim($_GET['act']);
|
|
|
|
|
|
|
|
if($act == 'add_order') {
|
|
|
|
$user = check_token_return();
|
|
|
|
if(!empty($user) && $user['company_id'] == 30){
|
|
|
|
require_once(dirname(__FILE__)."/include/pay_pc.inc.php");
|
|
|
|
}else{
|
|
|
|
require_once(dirname(__FILE__)."/include/pay.inc.php");
|
|
|
|
}
|
|
|
|
}else{
|
|
|
|
if(isset($page_name) && $page_name == 'pay_jd'){
|
|
|
|
require_once(dirname(__FILE__)."/include/pay_pc.inc.php");
|
|
|
|
}else{
|
|
|
|
require_once(dirname(__FILE__)."/include/pay.inc.php");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$merid = '02440101080345000';//01440202070081825
|
|
|
|
$paykey = 'E622075103C0EAD7E1701FBEF6E5A634CDE931D47BB03D37'; //4115F9208984A52EE88D53FDC25003DCF7457F9480005825
|
|
|
|
|
|
|
|
$merid = '01440202070081825';//
|
|
|
|
$paykey = '4115F9208984A52EE88D53FDC25003DCF7457F9480005825'; //
|
|
|
|
|
|
|
|
$jsapi_wxpay_mch_id = '1503887471';
|
|
|
|
$jsapi_wxpay_appid = 'wx1168623c6eb81482';
|
|
|
|
$jsapi_wxpay_key = 'a8555efc5395420ae8c62483f8732f84';
|
|
|
|
|
|
|
|
$deliver_type_info = array(
|
|
|
|
"1" => "现场取货",
|
|
|
|
"2" => "邮寄",
|
|
|
|
);
|
|
|
|
|
|
|
|
//供应商信息
|
|
|
|
$supplyList = array(
|
|
|
|
"1" => 1,
|
|
|
|
"2" => 2,
|
|
|
|
"3" => 3,
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
function echoRs($status, $message, $data = array()) {
|
|
|
|
$info = array(
|
|
|
|
'status' => $status,
|
|
|
|
'message' => $message
|
|
|
|
);
|
|
|
|
if($data) $info = array_merge($info, $data);
|
|
|
|
$json = json_encode($info,JSON_NUMERIC_CHECK );
|
|
|
|
if($GLOBALS['in_ifr']) {
|
|
|
|
echo '<script type="text/javascript">window.parent.recvRs('.$json.');</script>';
|
|
|
|
} else if($GLOBALS['in_page']) {
|
|
|
|
$funcname = $GLOBALS['in_page_func'];
|
|
|
|
$funcname();
|
|
|
|
echo '<script type="text/javascript">recvRs('.$json.');</script></body></html>';
|
|
|
|
} else {
|
|
|
|
echo $json;
|
|
|
|
}
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
function echoRs_n($status, $message, $data = array()) {
|
|
|
|
$info = array(
|
|
|
|
'status' => $status,
|
|
|
|
'message' => $message
|
|
|
|
);
|
|
|
|
if($data) $info = array_merge($info, $data);
|
|
|
|
$json = json_encode($info, JSON_UNESCAPED_UNICODE);
|
|
|
|
if($GLOBALS['in_ifr']) {
|
|
|
|
echo '<script type="text/javascript">window.parent.recvRs('.$json.');</script>';
|
|
|
|
} else if($GLOBALS['in_page']) {
|
|
|
|
$funcname = $GLOBALS['in_page_func'];
|
|
|
|
$funcname();
|
|
|
|
echo '<script type="text/javascript">recvRs('.$json.');</script></body></html>';
|
|
|
|
} else {
|
|
|
|
echo $json;
|
|
|
|
}
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
function get_user_by_uid($uid) {
|
|
|
|
global $db;
|
|
|
|
return $db->get_one("select a.*,b.name type_name from tb_user a, tb_user_type b where a.type_id = b.id and a.id={$uid} and a.enabled=1");
|
|
|
|
}
|
|
|
|
if(!function_exists('cutName')) {
|
|
|
|
function cutName($user_name, $type = 'username')
|
|
|
|
{
|
|
|
|
$strlen = mb_strlen($user_name, 'utf-8');
|
|
|
|
if ($type == 'cellphone') {
|
|
|
|
$firstStr = mb_substr($user_name, 0, 3, 'utf-8');
|
|
|
|
$lastStr = mb_substr($user_name, -4, 4, 'utf-8');
|
|
|
|
return $firstStr . '****' . $lastStr;
|
|
|
|
}
|
|
|
|
$firstStr = mb_substr($user_name, 0, 1, 'utf-8');
|
|
|
|
$lastStr = mb_substr($user_name, -1, 1, 'utf-8');
|
|
|
|
if ($strlen == 2) {
|
|
|
|
return $firstStr . str_repeat('*', mb_strlen($user_name, 'utf-8') - 1);
|
|
|
|
} elseif ($strlen == 1) {
|
|
|
|
return $user_name;
|
|
|
|
} elseif ($strlen == 0) {
|
|
|
|
return "*";
|
|
|
|
} else {
|
|
|
|
return $firstStr . str_repeat("*", $strlen - 2) . $lastStr;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
function check_token_return(){
|
|
|
|
global $db;
|
|
|
|
$token = $_GET['token'];
|
|
|
|
|
|
|
|
if(!$token) {
|
|
|
|
// echoRs(-1, '登录已失效, 请重新登陆:1');
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$session = $db->get_one("select * from tb_session where token='{$token}'");
|
|
|
|
if ($session && $session['expire_time'] > time()) {
|
|
|
|
$user = get_user_by_uid($session['uid']);
|
|
|
|
if(!$user) {
|
|
|
|
// echoRs(-1, '登录已失效, 请重新登陆:2');
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
unset($user['password']);
|
|
|
|
//unset($user['weixin_openid']);
|
|
|
|
//unset($user['yixin_openid']);
|
|
|
|
$user['token'] = $token;
|
|
|
|
|
|
|
|
//更新用户账户余额
|
|
|
|
$account = $jf = $jili_account = 0;
|
|
|
|
$rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 2");
|
|
|
|
if($rs) {
|
|
|
|
$account = floatval($rs['account']);
|
|
|
|
}
|
|
|
|
$rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 1");
|
|
|
|
if($rs) {
|
|
|
|
$jf = floatval($rs['account']);
|
|
|
|
}
|
|
|
|
$rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 3");
|
|
|
|
if($rs) {
|
|
|
|
$jili_account = floatval($rs['account']);
|
|
|
|
}
|
|
|
|
$user['account'] = $account;
|
|
|
|
$user['jf'] = $jf;
|
|
|
|
$user['jili_account'] = $jili_account;
|
|
|
|
|
|
|
|
// 姓名和电话 去标识化
|
|
|
|
$user['smsCellphone'] = $user['cellphone'];
|
|
|
|
$user['username'] = cutName($user['username']);
|
|
|
|
$user['cellphone'] = cutName($user['cellphone'], 'cellphone');
|
|
|
|
|
|
|
|
$db->query("update tb_session set data='".addslashes(json_encode($user))."', expire_time = ".(time()+86400)." where token = '{$token}'");
|
|
|
|
return $user;
|
|
|
|
} else {
|
|
|
|
// echoRs(-1, '登录已失效, 请重新登陆:3');
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
function check_token()
|
|
|
|
{
|
|
|
|
global $db;
|
|
|
|
$token = $_GET['token'];
|
|
|
|
$is_jtj = (strpos($_SERVER['REQUEST_URI'], '/jtjapi')===0);
|
|
|
|
if(!$token) {
|
|
|
|
$token = $_POST['token'];
|
|
|
|
}
|
|
|
|
if(!$token) {
|
|
|
|
$s = file_get_contents("php://input");
|
|
|
|
$a = json_decode($s, true);
|
|
|
|
$token = $a['token'];
|
|
|
|
}
|
|
|
|
if(!$token) {
|
|
|
|
if($is_jtj) {
|
|
|
|
echo '{"code":-1,"err_msg":"登录已失效, 请重新登陆:1","content":null}';
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
else echoRs(-1, '登录已失效, 请重新登陆:1');
|
|
|
|
}
|
|
|
|
$session = $db->get_one("select * from tb_session where token='{$token}'");
|
|
|
|
if ($session && $session['expire_time'] > time()) {
|
|
|
|
$user = get_user_by_uid($session['uid']);
|
|
|
|
if(!$user) {
|
|
|
|
if($is_jtj) {
|
|
|
|
echo '{"code":-1,"err_msg":"登录已失效, 请重新登陆:2","content":null}';
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
else echoRs(-1, '登录已失效, 请重新登陆:2');
|
|
|
|
}
|
|
|
|
unset($user['password']);
|
|
|
|
//unset($user['weixin_openid']);
|
|
|
|
//unset($user['yixin_openid']);
|
|
|
|
$user['token'] = $token;
|
|
|
|
|
|
|
|
//更新用户账户余额
|
|
|
|
$account = $jf = $jili_account = 0;
|
|
|
|
$rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 2");
|
|
|
|
if($rs) {
|
|
|
|
$account = floatval($rs['account']);
|
|
|
|
}
|
|
|
|
$rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 1");
|
|
|
|
if($rs) {
|
|
|
|
$jf = floatval($rs['account']);
|
|
|
|
}
|
|
|
|
$rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 3");
|
|
|
|
if($rs) {
|
|
|
|
$jili_account = floatval($rs['account']);
|
|
|
|
}
|
|
|
|
$user['account'] = $account;
|
|
|
|
$user['jf'] = $jf;
|
|
|
|
$user['jili_account'] = $jili_account;
|
|
|
|
|
|
|
|
// 姓名和电话 去标识化
|
|
|
|
$user['smsCellphone'] = $user['cellphone'];
|
|
|
|
$user['username'] = cutName($user['username']);
|
|
|
|
$user['cellphone'] = cutName($user['cellphone'], 'cellphone');
|
|
|
|
|
|
|
|
$db->query("update tb_session set data='".addslashes(json_encode($user))."', expire_time = ".(time()+86400)." where token = '{$token}'");
|
|
|
|
return $user;
|
|
|
|
} else {
|
|
|
|
if($is_jtj) {
|
|
|
|
echo '{"code":-1,"err_msg":"登录已失效, 请重新登陆:3","content":null}';
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
else echoRs(-1, '登录已失效, 请重新登陆:3');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
function getQRCode($str) {
|
|
|
|
require_once ROOTDIR.'/show/include/qrcode/qrlib.php';
|
|
|
|
$fn = time()."_".rand();
|
|
|
|
QRcode::png($str, $fn, 'L',7 , 0);
|
|
|
|
|
|
|
|
header("Content-Type: image/png");
|
|
|
|
$s = file_get_contents($fn);
|
|
|
|
@unlink($fn);
|
|
|
|
return $s;
|
|
|
|
}
|
|
|
|
function getEncodeStr($str) {
|
|
|
|
|
|
|
|
$hash = 0;
|
|
|
|
for ($i = 0; $i < strlen($str); $i++) {
|
|
|
|
$hash = $hash * 31 + ord($str[$i]);
|
|
|
|
if(PHP_INT_SIZE == 4) {
|
|
|
|
$hash = intval($hash);
|
|
|
|
} else {
|
|
|
|
$hash = $hash % 4294967296;
|
|
|
|
if ($hash > 2147483647) $hash = $hash - 4294967296;
|
|
|
|
elseif ($hash < -2147483648) $hash = $hash + 4294967296;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return '[st]'.$str.','.$hash.";";
|
|
|
|
}
|
|
|
|
function send_sms($phone, $msg)
|
|
|
|
{
|
|
|
|
$tel_q3 = substr(trim($phone), 0, 3);
|
|
|
|
if(!in_array($tel_q3, array('189', '180', '181', '133', '153'))){
|
|
|
|
send_sms_ek($phone, $msg);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
$rs = mysql_query("select * from tb_user where cellphone = '{$phone}' and enabled != 0");
|
|
|
|
if($rs) {
|
|
|
|
$row = mysql_fetch_array($rs);
|
|
|
|
$uid = 0;
|
|
|
|
if($row) $uid = $row['id'];
|
|
|
|
mysql_query("insert into tb_sms_log set cellphone = '{$phone}', uid = {$uid}, content = '".addslashes($msg)."', `addtime` = now()");
|
|
|
|
}
|
|
|
|
send_sms_dx($phone, $msg);
|
|
|
|
}
|
2024-05-30 11:31:32 +08:00
|
|
|
if(!function_exists("send_sms_ek")) {
|
|
|
|
function send_sms_ek($mobile, $msg)
|
|
|
|
{
|
|
|
|
$appid = 'svcXhqBFtbvNS6GUVumSM8k0WarOLiOZ';
|
|
|
|
$appkey = 'ex1JUa3xO3JFXB9k5OqULKYYoJz7A2nV';
|
|
|
|
$msg = '【云中美食】'.$msg;
|
|
|
|
$sign = md5($appid.$mobile.$msg.$appkey);
|
|
|
|
$url = "https://sms.189ek.com/yktsms/send";
|
2024-04-01 15:54:27 +08:00
|
|
|
|
2024-05-30 11:31:32 +08:00
|
|
|
$c = curl_init($url);
|
|
|
|
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
|
|
|
|
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
|
|
|
|
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 0);
|
|
|
|
curl_setopt($c, CURLOPT_POST, 1);
|
|
|
|
curl_setopt($c, CURLOPT_POSTFIELDS, "appid={$appid}&mobile={$mobile}&msg=".urlencode($msg)."&sign={$sign}");
|
|
|
|
curl_setopt($c, CURLOPT_TIMEOUT, 10);
|
|
|
|
curl_exec($c);
|
|
|
|
curl_close($c);
|
|
|
|
}
|
2024-04-01 15:54:27 +08:00
|
|
|
}
|
2024-05-30 11:31:32 +08:00
|
|
|
|
2024-04-01 15:54:27 +08:00
|
|
|
function get_code($table, $zd, $len, $type, $pre = '') {
|
|
|
|
global $db;
|
|
|
|
while(1) {
|
|
|
|
$md5 = md5(microtime()."_".rand())."4013445563dahiksndkuji";
|
|
|
|
if($type == 'num') {
|
|
|
|
$s = preg_replace("/[a-z]/", "", $md5);
|
|
|
|
} else if($type == 'zm') {
|
|
|
|
$s = preg_replace("/[0-9]/", "", $md5);
|
|
|
|
} else $s = $md5;
|
|
|
|
$s = $pre.substr($s, 0, $len);
|
|
|
|
$row = $db->get_one("select * from {$table} where {$zd} = '{$s}'");
|
|
|
|
if(!$row) return $s;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function is_jdpw($pw) {
|
|
|
|
if(strlen($pw) < 6) return true;
|
|
|
|
if(preg_match("/^\d+$/", $pw)) return true;
|
|
|
|
if(strstr($pw, "123456")) return true;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
function is_jdpw2($md5pw) {
|
|
|
|
for($i = 0; $i <= 999; $i++) {
|
|
|
|
if($md5pw == md5($i.'')) return true;
|
|
|
|
}
|
|
|
|
for($i = 0; $i <= 9; $i++) {
|
|
|
|
for($j = 4; $j <= 9; $j++) {
|
|
|
|
$s = str_repeat($i."", $j);
|
|
|
|
if($md5pw == md5($s)) return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$arr = array('123456', '654321', 'Aa123456', '1234', '12345', '123456', '1234567', '12345678', '123456789');
|
|
|
|
foreach($arr as $pw) {
|
|
|
|
if($md5pw == md5($pw)) return true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!function_exists('filterWords')) {
|
|
|
|
function filterWords($str) {
|
|
|
|
$farr = array(
|
|
|
|
"/<(\\/?)(script|i?frame|style|html|body|title|link|meta|object|\\?|\\%)([^>]*?)>/isU",
|
|
|
|
"/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",
|
|
|
|
"/select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile|dump/is"
|
|
|
|
);
|
|
|
|
$str = preg_replace($farr,'',$str);
|
|
|
|
return $str;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(!function_exists('dbenc')||!function_exists('dbdec')) {
|
|
|
|
//加密
|
|
|
|
function aesEncrypt($orig_data, $key, $iv = '', $raw = false) {
|
|
|
|
$mode = MCRYPT_MODE_CBC;
|
|
|
|
if ($iv == 'ecb') {
|
|
|
|
$iv = str_repeat("0", 16);
|
|
|
|
$mode = MCRYPT_MODE_ECB;
|
|
|
|
}
|
|
|
|
$encrypter = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', $mode, '');
|
|
|
|
|
|
|
|
$blocksize = mcrypt_enc_get_block_size($encrypter);
|
|
|
|
$padding = $blocksize - strlen($orig_data) % $blocksize;
|
|
|
|
$padding_text = str_repeat(chr($padding), $padding);
|
|
|
|
$orig_data .= $padding_text;
|
|
|
|
|
|
|
|
|
|
|
|
if (!$iv) $iv = substr($key, 0, 16);
|
|
|
|
mcrypt_generic_init($encrypter, $key, $iv);
|
|
|
|
$ciphertext = mcrypt_generic($encrypter, $orig_data);
|
|
|
|
mcrypt_generic_deinit($encrypter);
|
|
|
|
mcrypt_module_close($encrypter);
|
|
|
|
if (!$raw) $ciphertext = base64_encode($ciphertext);
|
|
|
|
return $ciphertext;
|
|
|
|
}
|
|
|
|
|
|
|
|
function aesDecrypt($ciphertext, $key, $iv = '', $raw = false) {
|
|
|
|
if ($ciphertext == '') return false;
|
|
|
|
$mode = MCRYPT_MODE_CBC;
|
|
|
|
if ($iv == 'ecb') {
|
|
|
|
$iv = str_repeat("0", 16);
|
|
|
|
$mode = MCRYPT_MODE_ECB;
|
|
|
|
}
|
|
|
|
|
|
|
|
$encrypter = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', $mode, '');
|
|
|
|
if (!$raw) $ciphertext = base64_decode($ciphertext);
|
|
|
|
|
|
|
|
if (!$iv) $iv = substr($key, 0, 16);
|
|
|
|
mcrypt_generic_init($encrypter, $key, $iv);
|
|
|
|
$orig_data = mdecrypt_generic($encrypter, $ciphertext);
|
|
|
|
mcrypt_generic_deinit($encrypter);
|
|
|
|
mcrypt_module_close($encrypter);
|
|
|
|
$length = strlen($orig_data);
|
|
|
|
$unpadding = ord($orig_data[$length - 1]);
|
|
|
|
return substr($orig_data, 0, $length - $unpadding);
|
|
|
|
}
|
|
|
|
|
|
|
|
//加密
|
|
|
|
function dbenc($s) {
|
|
|
|
// global $db_enkey;
|
|
|
|
//加解密变量
|
|
|
|
$db_enkey = "b9fc66957a4e5dbb";
|
|
|
|
if ($db_enkey) {
|
|
|
|
$s = "genc_" . aesEncrypt($s, $db_enkey);
|
|
|
|
}
|
|
|
|
return $s;
|
|
|
|
}
|
|
|
|
|
|
|
|
//解密
|
|
|
|
function dbdec($s) {
|
|
|
|
$db_enkey = "b9fc66957a4e5dbb";
|
|
|
|
if ($db_enkey) {
|
|
|
|
if (strpos($s, 'genc_') === 0) $s = substr($s, 5);
|
|
|
|
$s = aesDecrypt($s, $db_enkey);
|
|
|
|
}
|
|
|
|
return $s;
|
|
|
|
}
|
|
|
|
}
|