$v) { if(is_string($v)) $_POST[$key] = addslashes($v); } foreach($_GET as $key => $v) { if(is_string($v)) $_GET[$key] = addslashes($v); } } define("ROOTDIR", dirname(dirname(__FILE__))); //测试 //error_reporting(E_ALL ^ E_NOTICE); require_once(dirname(__FILE__)."/include/mysql.class.php"); require_once(dirname(__FILE__)."/include/func.php"); require_once(dirname(__FILE__)."/include/func_ft.php"); //录入扣费 $db = new db_mysql; if(is_file("/home/www/ftdcdb.inc.php")) require("/home/www/ftdcdb.inc.php"); else require("d:/web/ftdcdb.inc.php"); $db->connect($ftdcdb_host, $ftdcdb_username, $ftdcdb_password, $ftdcdb_database, 0, 'utf8'); $act = trim($_GET['act']); if($act == 'add_order') { $user = check_token_return(); if(!empty($user) && $user['company_id'] == 30){ require_once(dirname(__FILE__)."/include/pay_pc.inc.php"); }else{ require_once(dirname(__FILE__)."/include/pay.inc.php"); } }else{ if(isset($page_name) && $page_name == 'pay_jd'){ require_once(dirname(__FILE__)."/include/pay_pc.inc.php"); }else{ require_once(dirname(__FILE__)."/include/pay.inc.php"); } } $merid = '02440101080345000';//01440202070081825 $paykey = 'E622075103C0EAD7E1701FBEF6E5A634CDE931D47BB03D37'; //4115F9208984A52EE88D53FDC25003DCF7457F9480005825 $merid = '01440202070081825';// $paykey = '4115F9208984A52EE88D53FDC25003DCF7457F9480005825'; // $jsapi_wxpay_mch_id = '1503887471'; $jsapi_wxpay_appid = 'wx1168623c6eb81482'; $jsapi_wxpay_key = 'a8555efc5395420ae8c62483f8732f84'; $deliver_type_info = array( "1" => "现场取货", "2" => "邮寄", ); //供应商信息 $supplyList = array( "1" => 1, "2" => 2, "3" => 3, ); function echoRs($status, $message, $data = array()) { $info = array( 'status' => $status, 'message' => $message ); if($data) $info = array_merge($info, $data); $json = json_encode($info,JSON_NUMERIC_CHECK ); if($GLOBALS['in_ifr']) { echo ''; } else if($GLOBALS['in_page']) { $funcname = $GLOBALS['in_page_func']; $funcname(); echo ''; } else { echo $json; } exit; } function echoRs_n($status, $message, $data = array()) { $info = array( 'status' => $status, 'message' => $message ); if($data) $info = array_merge($info, $data); $json = json_encode($info, JSON_UNESCAPED_UNICODE); if($GLOBALS['in_ifr']) { echo ''; } else if($GLOBALS['in_page']) { $funcname = $GLOBALS['in_page_func']; $funcname(); echo ''; } else { echo $json; } exit; } function get_user_by_uid($uid) { global $db; return $db->get_one("select a.*,b.name type_name from tb_user a, tb_user_type b where a.type_id = b.id and a.id={$uid} and a.enabled=1"); } if(!function_exists('cutName')) { function cutName($user_name, $type = 'username') { $strlen = mb_strlen($user_name, 'utf-8'); if ($type == 'cellphone') { $firstStr = mb_substr($user_name, 0, 3, 'utf-8'); $lastStr = mb_substr($user_name, -4, 4, 'utf-8'); return $firstStr . '****' . $lastStr; } $firstStr = mb_substr($user_name, 0, 1, 'utf-8'); $lastStr = mb_substr($user_name, -1, 1, 'utf-8'); if ($strlen == 2) { return $firstStr . str_repeat('*', mb_strlen($user_name, 'utf-8') - 1); } elseif ($strlen == 1) { return $user_name; } elseif ($strlen == 0) { return "*"; } else { return $firstStr . str_repeat("*", $strlen - 2) . $lastStr; } } } function check_token_return(){ global $db; $token = $_GET['token']; if(!$token) { // echoRs(-1, '登录已失效， 请重新登陆:1'); return false; } $session = $db->get_one("select * from tb_session where token='{$token}'"); if ($session && $session['expire_time'] > time()) { $user = get_user_by_uid($session['uid']); if(!$user) { // echoRs(-1, '登录已失效， 请重新登陆:2'); return false; } unset($user['password']); //unset($user['weixin_openid']); //unset($user['yixin_openid']); $user['token'] = $token; //更新用户账户余额 $account = $jf = $jili_account = 0; $rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 2"); if($rs) { $account = floatval($rs['account']); } $rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 1"); if($rs) { $jf = floatval($rs['account']); } $rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 3"); if($rs) { $jili_account = floatval($rs['account']); } $user['account'] = $account; $user['jf'] = $jf; $user['jili_account'] = $jili_account; // 姓名和电话 去标识化 $user['smsCellphone'] = $user['cellphone']; $user['username'] = cutName($user['username']); $user['cellphone'] = cutName($user['cellphone'], 'cellphone'); $db->query("update tb_session set data='".addslashes(json_encode($user))."', expire_time = ".(time()+86400)." where token = '{$token}'"); return $user; } else { // echoRs(-1, '登录已失效， 请重新登陆:3'); return false; } } function check_token() { global $db; $token = $_GET['token']; $is_jtj = (strpos($_SERVER['REQUEST_URI'], '/jtjapi')===0); if(!$token) { $token = $_POST['token']; } if(!$token) { $s = file_get_contents("php://input"); $a = json_decode($s, true); $token = $a['token']; } if(!$token) { if($is_jtj) { echo '{"code":-1,"err_msg":"登录已失效， 请重新登陆:1","content":null}'; exit; } else echoRs(-1, '登录已失效， 请重新登陆:1'); } $session = $db->get_one("select * from tb_session where token='{$token}'"); if ($session && $session['expire_time'] > time()) { $user = get_user_by_uid($session['uid']); if(!$user) { if($is_jtj) { echo '{"code":-1,"err_msg":"登录已失效， 请重新登陆:2","content":null}'; exit; } else echoRs(-1, '登录已失效， 请重新登陆:2'); } unset($user['password']); //unset($user['weixin_openid']); //unset($user['yixin_openid']); $user['token'] = $token; //更新用户账户余额 $account = $jf = $jili_account = 0; $rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 2"); if($rs) { $account = floatval($rs['account']); } $rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 1"); if($rs) { $jf = floatval($rs['account']); } $rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 3"); if($rs) { $jili_account = floatval($rs['account']); } $user['account'] = $account; $user['jf'] = $jf; $user['jili_account'] = $jili_account; // 姓名和电话 去标识化 $user['smsCellphone'] = $user['cellphone']; $user['username'] = cutName($user['username']); $user['cellphone'] = cutName($user['cellphone'], 'cellphone'); $db->query("update tb_session set data='".addslashes(json_encode($user))."', expire_time = ".(time()+86400)." where token = '{$token}'"); return $user; } else { if($is_jtj) { echo '{"code":-1,"err_msg":"登录已失效， 请重新登陆:3","content":null}'; exit; } else echoRs(-1, '登录已失效， 请重新登陆:3'); } } function getQRCode($str) { require_once ROOTDIR.'/show/include/qrcode/qrlib.php'; $fn = time()."_".rand(); QRcode::png($str, $fn, 'L',7 , 0); header("Content-Type: image/png"); $s = file_get_contents($fn); @unlink($fn); return $s; } function getEncodeStr($str) { $hash = 0; for ($i = 0; $i < strlen($str); $i++) { $hash = $hash * 31 + ord($str[$i]); if(PHP_INT_SIZE == 4) { $hash = intval($hash); } else { $hash = $hash % 4294967296; if ($hash > 2147483647) $hash = $hash - 4294967296; elseif ($hash < -2147483648) $hash = $hash + 4294967296; } } return '[st]'.$str.','.$hash.";"; } function send_sms($phone, $msg) { $tel_q3 = substr(trim($phone), 0, 3); if(!in_array($tel_q3, array('189', '180', '181', '133', '153'))){ send_sms_ek($phone, $msg); return; } $rs = mysql_query("select * from tb_user where cellphone = '{$phone}' and enabled != 0"); if($rs) { $row = mysql_fetch_array($rs); $uid = 0; if($row) $uid = $row['id']; mysql_query("insert into tb_sms_log set cellphone = '{$phone}', uid = {$uid}, content = '".addslashes($msg)."', `addtime` = now()"); } send_sms_dx($phone, $msg); } if(!function_exists("send_sms_ek")) { function send_sms_ek($mobile, $msg) { $appid = 'svcXhqBFtbvNS6GUVumSM8k0WarOLiOZ'; $appkey = 'ex1JUa3xO3JFXB9k5OqULKYYoJz7A2nV'; $msg = '【云中美食】'.$msg; $sign = md5($appid.$mobile.$msg.$appkey); $url = "https://sms.189ek.com/yktsms/send"; $c = curl_init($url); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($c, CURLOPT_POST, 1); curl_setopt($c, CURLOPT_POSTFIELDS, "appid={$appid}&mobile={$mobile}&msg=".urlencode($msg)."&sign={$sign}"); curl_setopt($c, CURLOPT_TIMEOUT, 10); curl_exec($c); curl_close($c); } } function get_code($table, $zd, $len, $type, $pre = '') { global $db; while(1) { $md5 = md5(microtime()."_".rand())."4013445563dahiksndkuji"; if($type == 'num') { $s = preg_replace("/[a-z]/", "", $md5); } else if($type == 'zm') { $s = preg_replace("/[0-9]/", "", $md5); } else $s = $md5; $s = $pre.substr($s, 0, $len); $row = $db->get_one("select * from {$table} where {$zd} = '{$s}'"); if(!$row) return $s; } } function is_jdpw($pw) { if(strlen($pw) < 6) return true; if(preg_match("/^\d+$/", $pw)) return true; if(strstr($pw, "123456")) return true; return false; } function is_jdpw2($md5pw) { for($i = 0; $i <= 999; $i++) { if($md5pw == md5($i.'')) return true; } for($i = 0; $i <= 9; $i++) { for($j = 4; $j <= 9; $j++) { $s = str_repeat($i."", $j); if($md5pw == md5($s)) return true; } } $arr = array('123456', '654321', 'Aa123456', '1234', '12345', '123456', '1234567', '12345678', '123456789'); foreach($arr as $pw) { if($md5pw == md5($pw)) return true; } return false; } if (!function_exists('filterWords')) { function filterWords($str) { $farr = array( "/<(\\/?)(script|i?frame|style|html|body|title|link|meta|object|\\?|\\%)([^>]*?)>/isU", "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU", "/select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile|dump/is" ); $str = preg_replace($farr,'',$str); return $str; } } if(!function_exists('dbenc')||!function_exists('dbdec')) { //加密 function aesEncrypt($orig_data, $key, $iv = '', $raw = false) { $mode = MCRYPT_MODE_CBC; if ($iv == 'ecb') { $iv = str_repeat("0", 16); $mode = MCRYPT_MODE_ECB; } $encrypter = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', $mode, ''); $blocksize = mcrypt_enc_get_block_size($encrypter); $padding = $blocksize - strlen($orig_data) % $blocksize; $padding_text = str_repeat(chr($padding), $padding); $orig_data .= $padding_text; if (!$iv) $iv = substr($key, 0, 16); mcrypt_generic_init($encrypter, $key, $iv); $ciphertext = mcrypt_generic($encrypter, $orig_data); mcrypt_generic_deinit($encrypter); mcrypt_module_close($encrypter); if (!$raw) $ciphertext = base64_encode($ciphertext); return $ciphertext; } function aesDecrypt($ciphertext, $key, $iv = '', $raw = false) { if ($ciphertext == '') return false; $mode = MCRYPT_MODE_CBC; if ($iv == 'ecb') { $iv = str_repeat("0", 16); $mode = MCRYPT_MODE_ECB; } $encrypter = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', $mode, ''); if (!$raw) $ciphertext = base64_decode($ciphertext); if (!$iv) $iv = substr($key, 0, 16); mcrypt_generic_init($encrypter, $key, $iv); $orig_data = mdecrypt_generic($encrypter, $ciphertext); mcrypt_generic_deinit($encrypter); mcrypt_module_close($encrypter); $length = strlen($orig_data); $unpadding = ord($orig_data[$length - 1]); return substr($orig_data, 0, $length - $unpadding); } //加密 function dbenc($s) { // global $db_enkey; //加解密变量 $db_enkey = "b9fc66957a4e5dbb"; if ($db_enkey) { $s = "genc_" . aesEncrypt($s, $db_enkey); } return $s; } //解密 function dbdec($s) { $db_enkey = "b9fc66957a4e5dbb"; if ($db_enkey) { if (strpos($s, 'genc_') === 0) $s = substr($s, 5); $s = aesDecrypt($s, $db_enkey); } return $s; } }