www.gusucode.com > ShopEx481 & PHPWind 整合版码程序 > bbs/hack/invite/index.php
<?php !function_exists('readover') && exit('Forbidden'); require_once(R_P."require/forum.php"); include_once(D_P."data/bbscache/inv_config.php"); $inv_open!='1' && Showmsg('inv_close'); InitGP(array('action')); if (!$windid && !in_array($action,array('pay','alipay'))) { Showmsg('not_login'); } list($db_moneyname,$db_moneyunit,$db_rvrcname,$db_rvrcunit,$db_creditname,$db_creditunit)=explode("\t",$db_credits); $usrecredit = ${'db_'.$inv_credit.'name'}; $creditto = array( 'rvrc' => $userrvrc, 'money' => $winddb['money'], 'credit' => $winddb['credit'], 'currency'=> $winddb['currency'] ); !array_key_exists($inv_credit,$creditto) && exit('Forbidden'); $allowinvite = allowcheck($inv_groups,$groupid,$winddb['groups']) ? 1 : 0; if (empty($action)) { $page = GetGP('page'); $db_perpage = 10; (!is_numeric($page) || $page<1) && $page = 1; $limit = "LIMIT ".($page-1)*$db_perpage.",$db_perpage"; $rt = $db->get_one("SELECT COUNT(*) AS sum FROM pw_invitecode WHERE uid='$winduid'"); $pages = numofpage($rt['sum'],$page,ceil($rt['sum']/$db_perpage),"$basename&"); $query = $db->query("SELECT * FROM pw_invitecode WHERE uid='$winduid' ORDER BY id DESC $limit"); $invdb = array(); while ($rt=$db->fetch_array($query)) { $rt['uselate']=0; if ($rt['ifused']!=2 && $timestamp-$rt['createtime']>$inv_days*86400) { $rt['uselate']=1; } $rt['createtime'] = get_date($rt['createtime'],'Y-m-d H:i:s'); $rt['usetime'] = $rt['usetime'] ? get_date($rt['usetime'],'Y-m-d H:i:s') : ''; $invdb[] = $rt; } require_once PrintHack('index');footer(); } elseif ($action=='send') { if (!$_POST['step']) { $inv_dayss = $inv_days*86400; InitGP(array('id')); if ($id) { $invcode = $db->get_one("SELECT * FROM pw_invitecode WHERE id='$id' AND ifused='0' AND uid='$winduid'"); if ($timestamp-$invcode['createtime']>$inv_dayss) { Showmsg('days_limit'); } } else { $invcode = $db->get_one("SELECT * FROM pw_invitecode WHERE uid='$winduid' AND ifused='0' AND $timestamp-createtime<'$inv_dayss' ORDER BY id ASC limit 0,1"); } !$invcode && Showmsg('invcode_error'); include GetLang('other'); $subject = $lang['invite']; $atc_content = $lang['invite_content']; require_once PrintHack('index');footer(); } elseif ($_POST['step']=='3') { InitGP(array('id','subject','atc_content','sendtoemail'),'P'); if (empty($subject)) { Showmsg('sendeamil_subject_limit'); } if (empty($atc_content) || strlen($atc_content)<=20) { Showmsg('sendeamil_content_limit'); } elseif (!ereg("^[-a-zA-Z0-9_\.]+\@([0-9A-Za-z][0-9A-Za-z-]+\.)+[A-Za-z]{2,5}$",$sendtoemail)){ Showmsg('illegal_email'); } require_once(R_P.'require/sendemail.php'); $additional = "From:{$winddb[email]}\r\nReply-To:{$winddb[email]}\r\nX-Mailer: PHPWind mailer"; $sendinfo = sendemail($sendtoemail,$subject,$atc_content,$additional); if ($sendinfo === true) { $db->update("UPDATE pw_invitecode SET ifused='1' WHERE id='$id' AND uid='$winduid'"); refreshto($basename,'mail_success'); } else { Showmsg('mail_failed'); } } } elseif ($action=='buy') { $allowinvite==0 && Showmsg('group_invite'); if ($inv_limitdays) { $rt = $db->get_one("SELECT createtime FROM pw_invitecode WHERE uid='$winduid' ORDER BY createtime DESC LIMIT 0,1"); if ($timestamp-$rt['createtime']<$inv_limitdays*86400) { Showmsg('inv_limitdays'); } } if (!$_POST['step']) { require_once PrintHack('index');footer(); } else { InitGP(array('invnum'),'P'); (!is_numeric($invnum) || $invnum<1) && $invnum=1; if ($invnum>10) { Showmsg('invite_buy'); } if ($creditto[$inv_credit]<$invnum*$inv_costs) { Showmsg('invite_costs'); } for ($i=0;$i<$invnum;$i++) { $invcode=randstr(16); $db->update("INSERT INTO pw_invitecode(invcode,uid,createtime) VALUES ('$invcode','$winduid','$timestamp')"); } $cutcredit=$invnum*$inv_costs; $inv_credit=='rvrc' && $cutcredit*=10; $db->update("UPDATE pw_memberdata SET $inv_credit=$inv_credit-'$cutcredit' WHERE uid='$winduid'"); refreshto($basename,'operate_success'); } } elseif ($_POST['action']=='delete') { InitGP(array('selid'),'P'); (!$selid || !is_array($selid)) && Showmsg('del_error'); $delids = ''; foreach ($selid as $value) { is_numeric($value) && $delids.= $delids ? ','.$value : $value; } $db->update("DELETE FROM pw_invitecode WHERE id IN ($delids) AND uid='$winduid'"); refreshto($basename,'operate_success'); } elseif ($action == 'pay') { empty($inv_onlinesell) && Showmsg('invite_onlinesell'); include_once(D_P.'data/bbscache/ol_config.php'); if (empty($_POST['step'])) { $num = 1; $email = ''; require_once PrintHack('index');footer(); } else { InitGP(array('invnum','email','method')); include GetLang('other'); (!is_numeric($invnum) || $invnum<1) && $invnum = 1; $order_no = ($method-1).str_pad('0',10,"0",STR_PAD_LEFT).get_date($timestamp,'YmdHis').num_rand(5); $rt = $db->get_one("SELECT * FROM pw_clientorder WHERE payemail='$email' AND uid='0' AND state='0'"); if ($rt) { if (!isset($_POST['submit'])) { $num = $rt['number']; $email = $rt['payemail']; require_once PrintHack('index');footer(); } $db->Update("UPDATE pw_clientorder SET order_no='$order_no',number='$invnum' WHERE id='$rt[id]'"); } else { $db->update("INSERT INTO pw_clientorder(order_no,uid,subject,body,price,payemail,number,date,state,descrip) VALUES('$order_no','0','$lang[invitecode]','$lang[buy_invitecode]','$inv_price','$email','$invnum','$timestamp','0','$lang[unpay_list]')"); } switch ($method) { case 2 : if (!$ol_payto) { Showmsg('olpay_alipayerror'); } $url = "http://pay.phpwind.com/pay/create_payurl.php?"; $para = array( '_input_charset'=> $db_charset, 'service' => 'create_direct_pay_by_user', 'return_url' => "{$db_bbsurl}/hack.php?H_name=invite&action=alipay", 'payment_type' => '1', 'subject' => $lang['invitecode'], 'body' => $lang['buy_invitecode'], 'out_trade_no' => $order_no, 'total_fee' => $invnum * $inv_price, 'seller_email' => $ol_payto, ); $arg = ''; foreach ($para as $key => $value) { if ($value) { $url .= "$key=".urlencode($value)."&"; } } ObHeader($url); case 4 : if(!$ol_tenpay || !$ol_tenpaycode){ Showmsg('olpay_tenpayerror'); } $strBillDate = get_date($timestamp,'Ymd'); $strSpBillNo = substr($order_no,-10); $strTransactionId = $ol_tenpay.$strBillDate.$strSpBillNo; $db->update("UPDATE pw_clientorder SET order_no='$strTransactionId' WHERE order_no='$order_no'"); $url = "http://pay.phpwind.com/pay/create_payurl.php?"; $para = array( 'cmdno' => '1', 'date' => $strBillDate, 'bargainor_id' => $ol_tenpay, 'transaction_id' => $strTransactionId, 'sp_billno' => $strSpBillNo, 'total_fee' => $invnum*$inv_price*100, 'bank_type' => 0, 'fee_type' => 1, 'return_url' => "{$db_bbsurl}/hack.php?H_name=invite&action=tenpay", 'attach' => 'my_magic_string', ); $arg=''; foreach($para as $key => $value){ if($value){ $url .= "$key=".urlencode($value)."&"; $arg .= "$key=$value&"; } } $strSign = strtoupper(md5($arg."key=$ol_tenpaycode")); $url .= "desc=$lang[currency]&sign=$strSign"; ObHeader($url); } Showmsg('undefined_action'); } } elseif ($action == 'alipay') { include_once(D_P.'data/bbscache/ol_config.php'); if (!$ol_onlinepay) { Showmsg($ol_whycolse); } if (!$ol_payto) { Showmsg('olpay_seterror'); } InitGP(array('out_trade_no','trade_status','buyer_email','notify_id')); $veryfy_result = get_verify("http://notify.alipay.com/trade/notify_query.do?notify_id=$notify_id&partner=2088001505801569"); if (!eregi("true$",$veryfy_result)) { refreshto('userpay.php','安全验证参数校验失败,无法完成充值!'); } $rt = $db->get_one("SELECT * FROM pw_clientorder WHERE order_no='$out_trade_no'"); if (!$rt) { refreshto('userpay.php','系统中没有您的充值订单,无法完成充值!'); } if ($trade_status == 'TRADE_FINISHED') { if ($rt['state'] == 2) { refreshto('userpay.php','该订单已经充值成功!'); } $db->update("UPDATE pw_clientorder SET payemail='$buyer_email',state=2,descrip='已完成订单' WHERE order_no='$out_trade_no'"); $invcodes = ''; for ($i=0;$i<$rt['number'];$i++) { $invcode = randstr(16); $invcodes .= ($invcodes ? "\n" : '').$invcode; $db->update("INSERT INTO pw_invitecode(invcode,uid,createtime) VALUES ('$invcode','0','$timestamp')"); } require_once(R_P.'require/sendemail.php'); $sendinfo = sendemail($rt['payemail'],'email_invite_subject','email_invite_content','email_additional'); if ($sendinfo === true) { Showmsg('email_invite_success',1); } else { Showmsg(is_string($sendinfo) ? $sendinfo : 'email_fail',1); } } else { refreshto('index.php','支付失败,无法完成充值!'); } } elseif ($action == 'alipay') { include_once(D_P.'data/bbscache/ol_config.php'); if(!$ol_onlinepay){ Showmsg($ol_whycolse); } if(!$ol_tenpay || !$ol_tenpaycode){ Showmsg('olpay_tenpayerror'); } InitGP(array('cmdno','pay_result','date','bargainor_id','transaction_id','sp_billno','total_fee','fee_type','attach','sign')); $text = "cmdno=$cmdno&pay_result=$pay_result&date=$date&transaction_id=$transaction_id&sp_billno=$sp_billno&total_fee=$total_fee&fee_type=$fee_type&attach=$attach&key=$ol_tenpaycode"; $mac = strtoupper(md5($text)); if($mac != $sign){ Showmsg( "验证MD5签名失败"); } if( $ol_tenpay != $bargainor_id ){ Showmsg( "错误的商户号"); } if($pay_result != "0" ){ Showmsg( "支付失败"); } $rt = $db->get_one("SELECT * FROM pw_clientorder WHERE order_no='$transaction_id'"); if(!$rt){ refreshto('userpay.php','系统中没有您的充值订单,无法完成充值!'); } if($rt['state'] == 2){ refreshto('userpay.php','该订单已经充值成功!'); } $db->update("UPDATE pw_clientorder SET payemail='$buyer_email',state=2,descrip='已完成订单' WHERE order_no='$transaction_id'"); $invcodes = ''; for ($i=0;$i<$rt['number'];$i++) { $invcode = randstr(16); $invcodes .= ($invcodes ? "\n" : '').$invcode; $db->update("INSERT INTO pw_invitecode(invcode,uid,createtime) VALUES ('$invcode','0','$timestamp')"); } require_once(R_P.'require/sendemail.php'); $sendinfo = sendemail($rt['payemail'],'email_invite_subject','email_invite_content','email_additional'); if ($sendinfo === true) { Showmsg('email_invite_success',1); } else { Showmsg(is_string($sendinfo) ? $sendinfo : 'email_fail',1); } } function get_verify($url,$time_out='60'){ $urlarr= parse_url($url); $errno = $errstr = ''; $urlarr['port'] = '80'; $fp = @fsockopen('tcp://'.$urlarr['host'],$urlarr['port'],$errno,$errstr,$time_out); if (!$fp) { die("ERROR: $errno - $errstr<br />\n"); } else { fputs($fp, 'POST '.$urlarr['path']." HTTP/1.1\r\n"); fputs($fp, 'Host: '.$urlarr['host']."\r\n"); fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n"); fputs($fp, 'Content-length: '.strlen($urlarr['query'])."\r\n"); fputs($fp, "Connection: close\r\n\r\n"); fputs($fp, $urlarr['query'] . "\r\n\r\n"); while (!feof($fp)) { $info[] = @fgets($fp, 1024); } fclose($fp); $info = implode(',',$info); return $info; } } ?>