yzms/show/common.php

<?
//ini_set("display_errors", "off");//打开错误提示
//ini_set("error_reporting",E_ALL);//显示所有错误
if($_SERVER['HTTP_ACUNETIX_ASPECT']) exit;
if($_SERVER["HTTP_GYHFTIPFSDX"]) {
	$_SERVER["REMOTE_ADDR"] = trim(addslashes(end(explode(',', $_SERVER['HTTP_GYHFTIPFSDX']))));
}
if(!get_magic_quotes_gpc()) {
	foreach($_POST as $key => $v) {
		if(is_string($v)) $_POST[$key] = addslashes($v);
	}
	foreach($_GET as $key => $v) {
		if(is_string($v)) $_GET[$key] = addslashes($v);
	}
}
define("ROOTDIR", dirname(dirname(__FILE__)));

//测试 
//error_reporting(E_ALL ^ E_NOTICE);  

require_once(dirname(__FILE__)."/include/mysql.class.php");
require_once(dirname(__FILE__)."/include/func.php");
require_once(dirname(__FILE__)."/include/func_ft.php");
//录入扣费

$db = new db_mysql;

if(is_file("/home/www/ftdcdb.inc.php")) require("/home/www/ftdcdb.inc.php");
else require("d:/web/ftdcdb.inc.php");

$db->connect($ftdcdb_host, $ftdcdb_username, $ftdcdb_password, $ftdcdb_database, 0, 'utf8');

$act = trim($_GET['act']);

if($act == 'add_order') {
  $user = check_token_return();
  if(!empty($user) && $user['company_id'] == 30){
    require_once(dirname(__FILE__)."/include/pay_pc.inc.php");
  }else{
    require_once(dirname(__FILE__)."/include/pay.inc.php");
  }
}else{
    if(isset($page_name) && $page_name == 'pay_jd'){
        require_once(dirname(__FILE__)."/include/pay_pc.inc.php");
    }else{
        require_once(dirname(__FILE__)."/include/pay.inc.php");
    }
}

$merid = '02440101080345000';//01440202070081825
$paykey = 'E622075103C0EAD7E1701FBEF6E5A634CDE931D47BB03D37'; //4115F9208984A52EE88D53FDC25003DCF7457F9480005825

$merid = '01440202070081825';//
$paykey = '4115F9208984A52EE88D53FDC25003DCF7457F9480005825'; //

$jsapi_wxpay_mch_id = '1503887471';
$jsapi_wxpay_appid = 'wx1168623c6eb81482';
$jsapi_wxpay_key = 'a8555efc5395420ae8c62483f8732f84';

$deliver_type_info = array(
	"1" => "现场取货",
	"2" => "邮寄",
);

//供应商信息
$supplyList = array(
	"1" => 1,
	"2" => 2,
	"3" => 3,
);


function echoRs($status, $message, $data = array()) {
	$info = array(
		'status' => $status,
		'message' => $message
	);
	if($data) $info = array_merge($info, $data);
	$json = json_encode($info,JSON_NUMERIC_CHECK );
	if($GLOBALS['in_ifr']) {
		echo '<script type="text/javascript">window.parent.recvRs('.$json.');</script>';
	} else if($GLOBALS['in_page']) {
		$funcname = $GLOBALS['in_page_func'];
		$funcname();
		echo '<script type="text/javascript">recvRs('.$json.');</script></body></html>';
	} else {
		echo $json;
	}
	exit;
}
function echoRs_n($status, $message, $data = array()) {
	$info = array(
		'status' => $status,
		'message' => $message
	);
	if($data) $info = array_merge($info, $data);
	$json = json_encode($info, JSON_UNESCAPED_UNICODE);
	if($GLOBALS['in_ifr']) {
		echo '<script type="text/javascript">window.parent.recvRs('.$json.');</script>';
	} else if($GLOBALS['in_page']) {
		$funcname = $GLOBALS['in_page_func'];
		$funcname();
		echo '<script type="text/javascript">recvRs('.$json.');</script></body></html>';
	} else {
		echo $json;
	}
	exit;
}
function get_user_by_uid($uid) {
	global $db;
	return $db->get_one("select a.*,b.name type_name from tb_user a, tb_user_type b where a.type_id = b.id and a.id={$uid} and a.enabled=1");
}
if(!function_exists('cutName')) {
    function cutName($user_name, $type = 'username')
    {
        $strlen = mb_strlen($user_name, 'utf-8');
        if ($type == 'cellphone') {
            $firstStr = mb_substr($user_name, 0, 3, 'utf-8');
            $lastStr = mb_substr($user_name, -4, 4, 'utf-8');
            return $firstStr . '****' . $lastStr;
        }
        $firstStr = mb_substr($user_name, 0, 1, 'utf-8');
        $lastStr = mb_substr($user_name, -1, 1, 'utf-8');
        if ($strlen == 2) {
            return $firstStr . str_repeat('*', mb_strlen($user_name, 'utf-8') - 1);
        } elseif ($strlen == 1) {
            return $user_name;
        } elseif ($strlen == 0) {
            return "*";
        } else {
            return $firstStr . str_repeat("*", $strlen - 2) . $lastStr;
        }
    }
}
function check_token_return(){
    global $db;
    $token = $_GET['token'];

    if(!$token) {
//        echoRs(-1, '登录已失效， 请重新登陆:1');
        return false;
    }

    $session = $db->get_one("select * from tb_session where token='{$token}'");
    if ($session && $session['expire_time'] > time()) {
        $user = get_user_by_uid($session['uid']);
        if(!$user) {
//            echoRs(-1, '登录已失效， 请重新登陆:2');
            return false;
        }
        unset($user['password']);
        //unset($user['weixin_openid']);
        //unset($user['yixin_openid']);
        $user['token'] = $token;

        //更新用户账户余额
        $account = $jf = $jili_account = 0;
        $rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 2");
        if($rs) {
            $account = floatval($rs['account']);
        }
        $rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 1");
        if($rs) {
            $jf = floatval($rs['account']);
        }
        $rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 3");
        if($rs) {
            $jili_account = floatval($rs['account']);
        }
        $user['account'] = $account;
        $user['jf'] = $jf;
        $user['jili_account'] = $jili_account;

        // 姓名和电话 去标识化
        $user['smsCellphone'] = $user['cellphone'];
        $user['username'] = cutName($user['username']);
        $user['cellphone'] = cutName($user['cellphone'], 'cellphone');

        $db->query("update tb_session set data='".addslashes(json_encode($user))."', expire_time = ".(time()+86400)." where token = '{$token}'");
        return $user;
    } else {
//        echoRs(-1, '登录已失效， 请重新登陆:3');
        return false;
    }
}
function check_token()
{
	global $db;
	$token = $_GET['token'];
	$is_jtj = (strpos($_SERVER['REQUEST_URI'], '/jtjapi')===0);
	if(!$token) {
		$token = $_POST['token'];
	}
	if(!$token) {
		$s = file_get_contents("php://input");
		$a = json_decode($s, true);
		$token = $a['token'];
	}
	if(!$token) {
		if($is_jtj) {
			echo '{"code":-1,"err_msg":"登录已失效， 请重新登陆:1","content":null}';
			exit;
		}
		else echoRs(-1, '登录已失效， 请重新登陆:1');
	}
	$session = $db->get_one("select * from tb_session where token='{$token}'");
	if ($session && $session['expire_time'] > time()) {
		$user = get_user_by_uid($session['uid']);
		if(!$user) {
			if($is_jtj) {
				echo '{"code":-1,"err_msg":"登录已失效， 请重新登陆:2","content":null}';
				exit;
			}
			else echoRs(-1, '登录已失效， 请重新登陆:2');
		}
		unset($user['password']);
		//unset($user['weixin_openid']);
		//unset($user['yixin_openid']);
		$user['token'] = $token;
		
		//更新用户账户余额
		$account = $jf = $jili_account = 0;
		$rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 2");
		if($rs) {
			$account = floatval($rs['account']);
		}
		$rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 1");
		if($rs) {
			$jf = floatval($rs['account']);
		}
		$rs = $db->get_one("select sum(account) account from tb_account where user_id = ".$user['id']." and type_id = 3");
		if($rs) {
			$jili_account = floatval($rs['account']);
		}
		$user['account'] = $account;
		$user['jf'] = $jf;
		$user['jili_account'] = $jili_account;

        // 姓名和电话 去标识化
        $user['smsCellphone'] = $user['cellphone'];
        $user['username'] = cutName($user['username']);
        $user['cellphone'] = cutName($user['cellphone'], 'cellphone');

        $db->query("update tb_session set data='".addslashes(json_encode($user))."', expire_time = ".(time()+86400)." where token = '{$token}'");
		return $user;
	} else {
		if($is_jtj) {
			echo '{"code":-1,"err_msg":"登录已失效， 请重新登陆:3","content":null}';
			exit;
		}
		else echoRs(-1, '登录已失效， 请重新登陆:3');
	}
}
function getQRCode($str) {
	require_once ROOTDIR.'/show/include/qrcode/qrlib.php';
	$fn = time()."_".rand();
	QRcode::png($str, $fn, 'L',7 , 0);

	header("Content-Type: image/png");
	$s = file_get_contents($fn);
	@unlink($fn);
	return $s;
}
function getEncodeStr($str) {

	$hash = 0;
	for ($i = 0; $i < strlen($str); $i++) {   
		$hash = $hash * 31 + ord($str[$i]);
		if(PHP_INT_SIZE == 4) {
			$hash = intval($hash);
		} else {
			$hash = $hash % 4294967296;
			if ($hash > 2147483647) $hash = $hash - 4294967296;
			elseif ($hash < -2147483648) $hash = $hash + 4294967296;
		}
	}    

	return '[st]'.$str.','.$hash.";";
}
function send_sms($phone, $msg)
{
    $tel_q3 = substr(trim($phone), 0, 3);
    if(!in_array($tel_q3, array('189', '180', '181', '133', '153'))){
        send_sms_ek($phone, $msg);
        return;
    }

	$rs = mysql_query("select * from tb_user where cellphone = '{$phone}' and enabled != 0");
	if($rs) {
		$row = mysql_fetch_array($rs);
		$uid = 0;
		if($row) $uid = $row['id'];
		mysql_query("insert into tb_sms_log set cellphone = '{$phone}', uid = {$uid}, content = '".addslashes($msg)."', `addtime` = now()");
	}
	send_sms_dx($phone, $msg);
}
if(!function_exists("send_sms_ek")) {
    function send_sms_ek($mobile, $msg)
    {
        $appid = 'svcXhqBFtbvNS6GUVumSM8k0WarOLiOZ';
        $appkey = 'ex1JUa3xO3JFXB9k5OqULKYYoJz7A2nV';
        $msg = '【云中美食】'.$msg;
        $sign = md5($appid.$mobile.$msg.$appkey);
        $url = "https://sms.189ek.com/yktsms/send";

        $c = curl_init($url);
        curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
        curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 0);
        curl_setopt($c, CURLOPT_POST, 1);
        curl_setopt($c, CURLOPT_POSTFIELDS, "appid={$appid}&mobile={$mobile}&msg=".urlencode($msg)."&sign={$sign}");
        curl_setopt($c, CURLOPT_TIMEOUT, 10);
        curl_exec($c);
        curl_close($c);
    }
}

function get_code($table, $zd, $len, $type, $pre = '') {
	global $db;
	while(1) {
		$md5 = md5(microtime()."_".rand())."4013445563dahiksndkuji";
		if($type == 'num') {
			$s = preg_replace("/[a-z]/", "", $md5);
		} else if($type == 'zm') {
			$s = preg_replace("/[0-9]/", "", $md5);
		} else $s = $md5;
		$s = $pre.substr($s, 0, $len);
		$row = $db->get_one("select * from {$table} where {$zd} = '{$s}'");
		if(!$row) return $s;
	}
}


function is_jdpw($pw) {
	if(strlen($pw) < 6) return true;
	if(preg_match("/^\d+$/", $pw)) return true;
	if(strstr($pw, "123456")) return true;
	return false;
}
function is_jdpw2($md5pw) {
	for($i = 0; $i <= 999; $i++) {
		if($md5pw == md5($i.'')) return true;
	}
	for($i = 0; $i <= 9; $i++) {
		for($j = 4; $j <= 9; $j++) {
			$s = str_repeat($i."", $j);
			if($md5pw == md5($s)) return true;
		}
	}
	$arr = array('123456', '654321', 'Aa123456', '1234', '12345', '123456', '1234567', '12345678', '123456789');
	foreach($arr as $pw) {
		if($md5pw == md5($pw)) return true;
	}
	return false;
}

if (!function_exists('filterWords')) {
    function filterWords($str) {
        $farr = array(
            "/<(\\/?)(script|i?frame|style|html|body|title|link|meta|object|\\?|\\%)([^>]*?)>/isU",
            "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU",
            "/select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile|dump/is"
        );
        $str = preg_replace($farr,'',$str);
        return $str;
    }
}

if(!function_exists('dbenc')||!function_exists('dbdec')) {
//加密
    function aesEncrypt($orig_data, $key, $iv = '', $raw = false) {
        $mode = MCRYPT_MODE_CBC;
        if ($iv == 'ecb') {
            $iv = str_repeat("0", 16);
            $mode = MCRYPT_MODE_ECB;
        }
        $encrypter = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', $mode, '');

        $blocksize = mcrypt_enc_get_block_size($encrypter);
        $padding = $blocksize - strlen($orig_data) % $blocksize;
        $padding_text = str_repeat(chr($padding), $padding);
        $orig_data .= $padding_text;


        if (!$iv) $iv = substr($key, 0, 16);
        mcrypt_generic_init($encrypter, $key, $iv);
        $ciphertext = mcrypt_generic($encrypter, $orig_data);
        mcrypt_generic_deinit($encrypter);
        mcrypt_module_close($encrypter);
        if (!$raw) $ciphertext = base64_encode($ciphertext);
        return $ciphertext;
    }

    function aesDecrypt($ciphertext, $key, $iv = '', $raw = false) {
        if ($ciphertext == '') return false;
        $mode = MCRYPT_MODE_CBC;
        if ($iv == 'ecb') {
            $iv = str_repeat("0", 16);
            $mode = MCRYPT_MODE_ECB;
        }

        $encrypter = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', $mode, '');
        if (!$raw) $ciphertext = base64_decode($ciphertext);

        if (!$iv) $iv = substr($key, 0, 16);
        mcrypt_generic_init($encrypter, $key, $iv);
        $orig_data = mdecrypt_generic($encrypter, $ciphertext);
        mcrypt_generic_deinit($encrypter);
        mcrypt_module_close($encrypter);
        $length = strlen($orig_data);
        $unpadding = ord($orig_data[$length - 1]);
        return substr($orig_data, 0, $length - $unpadding);
    }

//加密
    function dbenc($s) {
//        global $db_enkey;
        //加解密变量
        $db_enkey = "b9fc66957a4e5dbb";
        if ($db_enkey) {
            $s = "genc_" . aesEncrypt($s, $db_enkey);
        }
        return $s;
    }

//解密
    function dbdec($s) {
        $db_enkey = "b9fc66957a4e5dbb";
        if ($db_enkey) {
            if (strpos($s, 'genc_') === 0) $s = substr($s, 5);
            $s = aesDecrypt($s, $db_enkey);
        }
        return $s;
    }
}