File: /www/wwwroot/bs.kntsleep.com/system/web/member/member.class.php
<?php
/*
* Copyright (c) Huyin Information Technology Co., Ltd. All Rights Reserved.
* BOSSCMS Content Management System (https://www.bosscms.net/)
*/
defined('IS_OK') or exit('Access Forbidden');
into::basic_class('web');
class member extends web
{
public function form()
{
global $G;
switch($action = $G['get']['action']){
case 'login':
$this->login();
break;
case 'register':
$this->register();
break;
case 'phonecode':
$this->phonecode();
break;
case 'email':
$this->email();
break;
case 'information':
$this->information();
break;
case 'material':
$this->material();
break;
case 'logout':
$this->logout();
break;
case 'buy':
$this->buy();
break;
case 'orders':
$this->orders();
break;
case 'collect':
$this->collect();
break;
case 'comment':
$this->comment();
break;
case 'message':
$this->message();
break;
case 'contribute':
$this->contribute();
break;
case 'qrcode':
$this->qrcode();
break;
case 'download':
$this->download();
break;
case 'wxauth':
$this->wxauth();
break;
default:
if(preg_match('/^shop_\w+$/',$action) && $G['config']['shop_open']){
into::load_class('plugin','shop','core','new')->run($action);
}
break;
}
}
public function login()
{
global $G;
if(isset($G['post'])){
if($G['config']['member_login_captcha']){
if($G['config']['member_login_captcha_type']){
into::basic_class('captcha');
if(!captcha::describe($G['post']['randstr'],$G['post']['ticket'])){
alert($G['config']['member_code_error']);
}
}else{
$captcha = arrExist($G['post'],'captcha');
if(!($captcha && $captcha==session::get('captcha'))){
alert($G['config']['member_code_error']);
}
}
}
if(($username=arrExist($G['post'],'username')) && ($password=arrExist($G['post'],'password'))){
if($result=mysql::select_one('*','member',"username='{$username}' AND password='".md5(stripslashes($password))."' AND open>0")){
$data = array('ip'=>getIP(),'ltime'=>TIME,'frequency'=>$result['frequency']+1);
if(is_numeric($G['config']['member_reward_login']) && $G['config']['member_reward_login']>0 && mysql::total('member',"id='{$result['id']}' AND ltime<".strtotime(date('Y-m-d 00:00:00',TIME)))){
$data['points'] = 'points+'.$G['config']['member_reward_login'];
}
mysql::update($data,'member',"id='{$result['id']}'");
$member_logout_time = arrExist($G,'config|member_logout_time');
if(!is_numeric($member_logout_time) || (is_numeric($member_logout_time) && $member_logout_time<60)){
$member_logout_time = 60;
}
session::set('member', $result['id'].P.$result['username'].P.$result['password'].P.TIME, $member_logout_time);
alert($G['config']['member_login_success'],url::member());
}else{
alert($G['config']['member_login_error']);
}
}
}
alert($G['config']['member_post_error']);
}
public function buy()
{
global $G;
if($G['member'] && isset($G['post'])){
if($G['post']['buy'] == 'doc'){
if(preg_match('/^\d+_\d+$/',$G['post']['id'])){
list($type,$id) = explode('_',$G['post']['id']);
if(!mysql::total('docbuy',"model='{$type}' AND parent='{$id}' AND member='{$G['member']['id']}'")){
$res = mysql::select_one('*',array_search($type,$G['pass']['type']),"id='{$id}' AND display=1 AND recycle=0 AND weight>=0");
if($res['id'] && $r=mysql::select_one('*',array_search($type,$G['pass']['type']).'_content',"id='{$id}'")){
$res = $res+$r;
}else{
alert('文档不存在');
}
if(!is_numeric($res['golds']) || $res['golds']<=0){
alert('该文档无需购买');
}
if($G['member']['golds']>$res['golds']){
if(mysql::insert(array('model'=>$type,'parent'=>$id,'ctime'=>TIME,'member'=>$G['member']['id'],'golds'=>$res['golds'],'lang'=>$res['lang']),'docbuy')){
mysql::update(array('golds'=>$G['member']['golds']-$res['golds']),'member',"id='{$G['member']['id']}'");
alert('购买成功',url::group(null,$res));
}
}else{
alert('金币不足,请先充值',url::param(url::member(null,'finance'),'supply','1'),'red');
}
}else{
alert('已购买过该文档');
}
}
}else if(preg_match('/\d+/',$supply=$G['post']['supply'])){
switch($supply*1){
case 0:
case 1:
$payment = $G['post']['payment'];
if($G['option']['payment'][$payment] && $res=mysql::select_one('*','package',"id='{$G['post']['id']}' AND type='{$supply}' AND open=1")){
mysql::delete('orders',"type='{$supply}' AND state=0 AND member='{$G['member']['id']}'");
$price = $res['price'];
$insert = array(
'num'=>$this->num(),
'name'=>$res['name'].'('.($supply?$res['golds'].'金币':$G['option']['term'][$res['term']]).')',
'package'=>$res['id'],
'type'=>$supply,
'ctime'=>TIME,
'price'=>$price,
'member'=>$G['member']['id']
);
if(!$supply){
if($ge = mysql::select_one('*','grade',"id='{$res['grade']}'")){
if($ge['weight']<$G['member']['weight'] || ($ge['weight']==$G['member']['weight'] && $G['member']['etime']==0)){
alert('无法购买'.$ge['name']);
}
}else{
alert('会员等级错误');
}
}
switch($payment){
case 1:
if($G['member']['balance'] >= $price){
$data = array('balance'=>$G['member']['balance']-$price);
if($supply){
$data['golds'] = $G['member']['golds']+$res['golds'];
mysql::update($data,'member',"id='{$G['member']['id']}'");
mysql::insert($insert+array('state'=>2,'payment'=>1),'orders');
alert('购买成功',url::member(null,'orders'));
}else{
$data['utime'] = TIME;
if($res['term'] == 0){
$data['etime'] = 0;
}else{
$data['etime'] = strtotime('+'.abs($res['term']).' '.($res['term']>0?'month':'day'),$ge['weight']>$G['member']['weight']?TIME:setDefault($G['member']['etime']*1,TIME));
}
$data['weight'] = $ge['weight'];
$data['golds'] = $G['member']['golds']+$ge['golds'];
$data['points'] = $G['member']['points']+$ge['points'];
mysql::update($data,'member',"id='{$G['member']['id']}'");
mysql::insert($insert+array('state'=>2,'payment'=>1),'orders');
alert('购买成功',url::member(null,'orders'));
}
}else{
alert('余额不足');
}
break;
case 2:
$odersid = mysql::insert($insert+array('state'=>0,'payment'=>2),'orders');
location(url::param(url::param(url::member(null,'assign'),'payment','2'),'orders',$insert['num']));
break;
case 3:
if(mysql::insert($insert+array('state'=>0,'payment'=>3),'orders')){
into::basic_class('alipay');
alipay::pay(array(
'text' => '',
'name' => $insert['name'],
'price' => $insert['price'],
'num' => $insert['num'],
'etime' => ($G['config']['member_orders_expire']*60).'m',
'pc_notify_url' => $G['config']['domain'].'api/member/alipay_pc_notify.php',
'pc_return_url' => $G['config']['domain'].'api/member/alipay_pc_return.php',
'mobile_notify_url' => $G['config']['domain'].'api/member/alipay_mobile_notify.php',
'mobile_return_url' => $G['config']['domain'].'api/member/alipay_mobile_return.php'
));
die();
}
break;
case 4:
if(mysql::insert($insert+array('state'=>0,'payment'=>4),'orders')){
into::basic_class('wechatpay');
wechatpay::pay(array(
'text' => '',
'name' => $insert['name'],
'price' => $insert['price'],
'num' => $insert['num'],
'etime' => date('Y-m-d\TH:i:s',TIME).'+08:00',
'pc_url' => url::param(url::param(url::member(null,'assign'),'payment','4'),'orders',$insert['num']),
'notify_url' => $G['config']['domain'].'api/member/wechatpay.php',
'wxauth_url' => $G['config']['domain'].'api/member/?action=wxauth&orders='.$insert['num'],
'return_url' => url::member(null,'orders')
));
die();
}
break;
}
}
break;
case 2:
if($card = mysql::select_one('*','card',"sn='{$G['post']['sn']}'")){
if($card['state']==0 && $card['utime']==0){
if($res = mysql::select_one('*','package',"id='{$card['package']}' AND type=1 AND open=1")){
$G['member']['golds'] += $res['golds'];
mysql::update(array('golds'=>$G['member']['golds']),'member',"id='{$G['member']['id']}'");
mysql::update(array('state'=>1,'utime'=>TIME,'member'=>$G['member']['id']),'card',"id='{$card['id']}'");
mysql::insert(array('num'=>$this->num(),'name'=>'使用卡号充值'.$res['golds'].'金币','package'=>0,'type'=>2,'ctime'=>TIME,'price'=>0,'payment'=>0,'state'=>2,'member'=>$G['member']['id']),'orders');
alert('充值成功',url::member(null,'orders'));
}else{
alert('卡号没有对应套餐');
}
}else{
alert('卡号已被使用');
}
}else{
alert('充值卡号错误');
}
break;
case 3:
if(is_numeric($G['config']['member_exchange_golds']) && $G['config']['member_exchange_golds']>0){
if(is_numeric($G['post']['golds']) && $G['post']['golds']>0 && $G['post']['golds']<=floor($G['member']['points']/$G['config']['member_exchange_golds'])){
$points = $G['config']['member_exchange_golds']*$G['post']['golds'];
$G['member']['golds'] += $G['post']['golds'];
$G['member']['points'] -= $points;
mysql::update(array('golds'=>$G['member']['golds'],'points'=>$G['member']['points']),'member',"id='{$G['member']['id']}'");
mysql::insert(array('num'=>$this->num(),'name'=>'使用'.$points.'积分兑换'.$G['post']['golds'].'金币','package'=>0,'type'=>3,'ctime'=>TIME,'price'=>0,'payment'=>0,'state'=>2,'member'=>$G['member']['id']),'orders');
alert('兑换成功',url::member(null,'orders'));
}else{
alert('兑换数量错误');
}
}else{
alert('系统兑换比例错误');
}
break;
}
}
}
alert($G['config']['member_post_error']);
}
public function num()
{
global $G;
$num = $G['config']['member_orders_prefix'].date('ymdHis').strRand(4,0,10);
if(mysql::total('orders',"num='{$num}'")){
return $this->num();
}else{
return $num;
}
}
public function register()
{
global $G;
if(isset($G['post']) && $G['config']['member_register_open']){
unset($G['member']);
if($G['config']['member_agreement_open'] && !$G['post']['agreement']){
alert($G['config']['member_agreement_error']);
}
if($G['config']['member_login_captcha']){
if($G['config']['member_login_captcha_type']){
into::basic_class('captcha');
if(!captcha::describe($G['post']['randstr'],$G['post']['ticket'])){
alert($G['config']['member_code_error']);
}
}else{
$captcha = arrExist($G['post'],'captcha');
if(!($captcha && $captcha==session::get('captcha'))){
alert($G['config']['member_code_error']);
}
}
}
$data = array(
'username' => trim($G['post']['username']),
'email' => arrExist($G['post'],'email'),
'phone' => arrExist($G['post'],'phone')
);
if($G['config']['member_captcha_type'] == 1){
if(!preg_match('/^0?1[3|4|5|6|7|8][0-9]\d{8}$/',$data['phone'])){
alert($G['config']['member_phone_error']);
}
if(!$G['config']['member_phone_repeat'] && $data['phone'] && mysql::total('member',"phone='{$data['phone']}'")){
alert('手机已被绑定');
}
$phonecode = arrExist($G['post'],'phonecode');
if(!(preg_match('/^\d{6}$/',$phonecode) && $phonecode==session::get('phone_register_code',false) && $data['phone']==session::get('phone_register_tel',false))){
alert($G['config']['member_phone_code_error']);
}
}else if($G['config']['member_captcha_type'] == 2){
if(!preg_match('/^[\w\-]+@[\w\-]+(\.[a-zA-Z]+){1,2}$/',$data['email'])){
alert($G['config']['member_email_error']);
}
if(!$G['config']['member_email_repeat'] && $data['email'] && mysql::total('member',"email='{$data['email']}'")){
alert('邮箱已被绑定');
}
}
$password = arrExist($G['post'],'password');
if($password && preg_match('/^(?![a-zA-Z]+$)(?![0-9]+$).{6,}$/',delFilter($password))){
if($password == arrExist($G['post'],'passwords')){
$data['password'] = md5(stripslashes($password));
}else{
alert($G['config']['member_passwords_error']);
}
}else{
alert($G['config']['member_password_error']);
}
if(strlen($data['username'])<4){
alert($G['config']['member_username_error']);
}
if($data['username'] && strstr($G['config']['member_register_noname'],'"'.$data['username'].'"')){
alert('此名称禁止使用');
}
if(!$data['username'] || mysql::total('member',"username='{$data['username']}'")){
alert($G['config']['member_username_has_error']);
}
$data['avatar'] = '';
if($G['config']['member_avatar_images']){
$aimg = json::decode($G['config']['member_avatar_images']);
$data['avatar'] = $aimg[mt_rand(0,count($aimg)-1)];
}
$data['ip'] = getIP();
$data['alias'] = '';
$data['frequency'] = 0;
$data['contribute'] = setDefault($G['config']['member_contribute_num'],0);
$data['ctime'] = TIME;
$data['ltime'] = $G['config']['member_captcha_type']==2?mt_rand(100000,999999):0;
$data['utime'] = 0;
$data['etime'] = 0;
$data['sex'] = 2;
$data['balance'] = '0.00';
$data['points'] = 0;
$data['golds'] = 0;
$data['open'] = $G['config']['member_captcha_type']==2?-1:($G['config']['member_register_check']?0:1);
$data['weight'] = setDefault($G['config']['member_grade_default'],0);
if($form = page::form_register()){
$uping = 0;
foreach($form as $v){
if($v['must']){
if(($v['style']==8 && $_FILES['params'.$v['id']]['error']!=0) || ($v['style']!=8 && !$G['post']['params'.$v['id']])){
alert($v['title'].'不能为空');
}
}
if($v['style']==8){
$uping++;
}
}
if($uping){
$G['config']['store_type'] = 0;
into::basic_class('upload');
$cadir = 'cache/upload/'.TIME.mt_rand(100,999).'/';
foreach($form as $v){
if($v['style']==8 && $_FILES['params'.$v['id']]['error']==0){
upload::$relative = '';
upload::$maxsize = $G['config']['member_upload_maxsize']*1024*1024;
upload::$extension = json::decode($v['param']);
$dir = $cadir.upload::dirname('.'.pathinfo($_FILES['params'.$v['id']]['name'],PATHINFO_EXTENSION),'file').'/'.date('Ym',TIME).'/';
if(upload::files($_FILES['params'.$v['id']],$dir) && upload::$path){
$G['post']['params'.$v['id']] = upload::$path;
}else{
dir::remove(ROOT_PATH.$cadir);
alert(upload::$msg?upload::$msg:'文件上传失败');
}
}
}
}
}
if($id = mysql::insert($data,'member')){
if($form){
foreach($form as $v){
$value = $G['post']['params'.$v['id']];
if($v['style']==8 && strpos($value,$cadir)===0 && !strstr($value,'../') && in_array('.'.pathinfo($value,PATHINFO_EXTENSION),json::decode($v['param']))){
$newdir = str_replace($cadir, "upload/member/{$id}/", $value);
if(mysql::total('config',"name='store_type' AND value='1' AND parent=0 AND type=0")){
oss::upload($newdir, ROOT_PATH.$value);
}else{
dir::move(ROOT_PATH.$value, ROOT_PATH.$newdir);
}
$value = '..//'.$newdir;
}
mysql::insert(array(
'parent' => $v['id'],
'value' => is_array($value)?json::enFilter($value):$value,
'member' => $id,
'grade' => 0
),'material');
}
if($uping && preg_match('/^cache\/upload\/\d+\/$/',$cadir)){
dir::remove(ROOT_PATH.$cadir);
}
}
if(is_numeric($G['config']['member_reward_promotion']) && $G['config']['member_reward_promotion']>0 && strlen($G['post']['invite'])==18 && mysql::total('member',"invite='{$G['post']['invite']}'")){
mysql::update(array('points'=>'points+'.$G['config']['member_reward_promotion']),'member',"invite='{$G['post']['invite']}' OR id='{$id}'");
}
if($G['config']['member_captcha_type'] == 2){
into::basic_class('mailto');
$url = $G['path']['site'].'api/member/?action=email&t='.TIME.'&e='.$data['email'].'&l='.$data['ltime'];
$content = str_replace('[url]',"<a href=\"{$url}\" target=\"_blank\" style=\"color:rgb(0,168,238);\">{$url}</a>",$G['config']['member_mail_content']);
if(mailto::send($data['email'],$G['config']['member_mail_title'],delHtmlspecial($content))){
alert($G['config']['member_email_send_success'],url::member());
}else{
alert($G['config']['member_email_send_error']);
}
}else{
alert($G['config']['member_register_check']?$G['config']['member_register_success_check']:$G['config']['member_register_success'],url::member());
}
}else{
alert($G['config']['member_register_error']);
}
}
alert($G['config']['member_post_error']);
}
public function phonecode()
{
global $G;
header('Content: application/json;chartset=uft-8');
if($G['config']['member_captcha_type'] == 1){
$phonerdtime = session::get('phone_rdtime');
if(arrExist($G,'get|rdtime')){
$state = 'rdtime';
$msg = $phonerdtime?60-(TIME-$phonerdtime):0;
$msg = $msg>=0?$msg:0;
}else{
if($phonerdtime && TIME-$phonerdtime<60){
$state = 'retimeerror';
$msg = (TIME-$phonerdtime).$G['config']['member_phone_rdtime_min'];
}else{
$phone = arrExist($G,'post|phone');
if(preg_match('/^0?1[3|4|5|6|7|8][0-9]\d{8}$/',$phone)){
$code = mt_rand(123456,999999);
into::basic_class('smsto');
if(smsto::send($phone,array('code'=>$code),$G['config']['member_sms_template'])->Code == 'OK'){
session::set('phone_register_tel',$phone,60*10);
session::set('phone_register_code',$code,60*10); //验证码10分钟内有效
session::set('phone_rdtime',TIME);
$state = 'success';
$msg = $G['config']['member_phone_sms_success'];
}else{
$state = 'smserror';
$msg = $G['config']['member_phone_sms_error'];
}
}else{
$state = 'phoneerror';
$msg = $G['config']['member_phone_error'];
}
}
}
}else{
$state = 'error';
$msg = $G['config']['member_post_error'];
}
echo json::encode(
array(
'state' => $state,
'msg' => $msg
)
);
die();
}
public function email()
{
global $G;
if($G['config']['member_captcha_type'] == 2){
$ctime = $G['get']['t'];
$email = $G['get']['e'];
$ltime = $G['get']['l'];
if(is_numeric($ctime) && $ctime+1800>=TIME && preg_match('/^\d{6}$/',$ltime) &&
preg_match('/^[\w\-]+@[\w\-]+(\.[a-zA-Z]+){1,2}$/',$email) &&
$res=mysql::select_one('id','member',"email='{$email}' AND open='-1' AND ltime='{$ltime}' AND frequency=0 AND ctime='{$ctime}'")){
mysql::update(array('ltime'=>0,'open'=>$G['config']['member_register_check']?0:1),'member',"id='{$res['id']}'");
alert($G['config']['member_register_check']?$G['config']['member_register_success_check']:$G['config']['member_register_success'],url::member());
}
}
alert($G['config']['member_email_link_error'],url::member());
}
public function information()
{
global $G;
if($G['member'] && isset($G['post'])){
$data = array();
if((!$G['member']['alias'] || $G['config']['member_modify_alias']) && $G['member']['alias']!=$G['post']['alias']){
$data['alias'] = $G['post']['alias'];
if(strlen($data['alias'])<4){
alert('昵称错误');
}else if(!$G['config']['member_alias_repeat'] && mysql::total('member',"alias='{$data['alias']}' AND id!='{$G['member']['id']}'")){
alert('昵称已被使用');
}
}
if(is_numeric($G['post']['sex']) && $G['member']['sex'] != $G['post']['sex']){
$data['sex'] = $G['post']['sex'];
}
if($form = page::form_register()){
foreach($form as $v){
if($v['must'] && !$G['post']['params'.$v['id']]){
alert($v['title'].'不能为空');
}
}
}
if((!$G['member']['email'] || $G['config']['member_modify_email']) && $G['member']['email']!=$G['post']['email']){
if(preg_match('/^[\w\-]+@[\w\-]+(\.[a-zA-Z]+){1,2}$/',$G['post']['email'])){
$data['email'] = $G['post']['email'];
if(!$G['config']['member_email_repeat'] && $data['email'] && mysql::total('member',"email='{$data['email']}' AND id!='{$G['member']['id']}'")){
alert('邮箱已被绑定');
}
}else{
alert($G['config']['member_email_error']);
}
}
if((!$G['member']['phone'] || $G['config']['member_modify_phone']) && $G['member']['phone']!=$G['post']['phone']){
if(preg_match('/^0?1[3|4|5|6|7|8][0-9]\d{8}$/',$G['post']['phone'])){
$data['phone'] = $G['post']['phone'];
if(!$G['config']['member_phone_repeat'] && $data['phone'] && mysql::total('member',"phone='{$data['phone']}' AND id!='{$G['member']['id']}'")){
alert('手机已被绑定');
}
}else{
alert($G['config']['member_phone_error']);
}
}
if($password = arrExist($G['post'],'password')){
if(preg_match('/^(?![a-zA-Z]+$)(?![0-9]+$).{6,}$/',delFilter($password))){
$data['password'] = md5(stripslashes($password));
}else{
alert($G['config']['member_password_error']);
}
}
if($G['config']['member_modify_avatar'] && $G['config']['upload_web_allow'] && arrExist($_FILES,'avatar|error')==0){
into::basic_class('upload');
upload::$relative = '..//';
upload::$maxsize = $G['config']['member_avatar_size']*1024;
upload::$extension = array('.png','.jpg','.jpeg','.gif');
if(upload::files($_FILES['avatar']) && upload::$path){
$data['avatar'] = upload::$path;
}else if(upload::$msg){
alert(upload::$msg);
}else{
alert($G['config']['member_avatar_error']);
}
}
if($data){
mysql::update($data,'member',"id='{$G['member']['id']}'");
$path = "upload/member/{$G['member']['id']}/";
if(is_numeric($G['config']['member_reward_upavatar']) && $G['config']['member_reward_upavatar']>0 &&
strstr($data['avatar'],$path) && !strstr($G['member']['avatar'],$path)){
mysql::update(array('points'=>'points+'.$G['config']['member_reward_upavatar']),'member',"id='{$G['member']['id']}'");
}
if(is_numeric($G['config']['member_reward_completion']) && $G['config']['member_reward_completion']>0 &&
(!$G['member']['alias'] || !$G['member']['email'] || !$G['member']['phone']) &&
mysql::total('member',"alias!='' AND email!='' AND phone!='' AND id='{$G['member']['id']}'")){
mysql::update(array('points'=>'points+'.$G['config']['member_reward_completion']),'member',"id='{$G['member']['id']}'");
}
}
if($form){
foreach($form as $v){
$value = $G['post']['params'.$v['id']];
$value = arrRoundHandle(delHtmlspecial($value),function($s, $param){ return htmlspecialchars($s, ENT_QUOTES); });
$value = is_array($value)?json::enFilter($value):$value;
if(mysql::total('material',$whe="parent='{$v['id']}' AND member='{$G['member']['id']}' AND grade=0")){
mysql::update(array('value'=>$value),'material',$whe);
}else{
mysql::insert(array('parent'=>$v['id'],'member'=>$G['member']['id'],'value'=>$value,'grade'=>0),'material');
}
}
}
alert($G['config']['member_information_success'],$_SERVER['HTTP_REFERER']);
}
alert($G['config']['member_post_error']);
}
public function material()
{
global $G;
if($G['member'] && $G['config']['member_material_open'] && isset($G['post'])){
if($G['member']['weight']>0 && $grade=page::grade_one($G['member']['weight'])){
if($form = page::form_grade($grade['id'])){
$data = array();
foreach($form as $v){
if($v['must'] && !$G['post']['params'.$v['id']]){
alert($v['title'].'不能为空');
}
}
$gradeid = arrExist(page::grade_one($G['member']['weight']),'id');
foreach($form as $v){
$value = $G['post']['params'.$v['id']];
$value = arrRoundHandle(delHtmlspecial($value),function($s, $param){ return htmlspecialchars($s, ENT_QUOTES); });
$value = is_array($value)?json::enFilter($value):$value;
if(mysql::total('material',$whe="parent='{$v['id']}' AND member='{$G['member']['id']}' AND grade='{$gradeid}'")){
mysql::update(array('value'=>$value),'material',$whe);
}else{
mysql::insert(array('parent'=>$v['id'],'member'=>$G['member']['id'],'value'=>$value,'grade'=>$gradeid),'material');
}
}
alert('提交成功',$_SERVER['HTTP_REFERER']);
}
}else{
alert('会员等级为空');
}
}
alert($G['config']['member_post_error']);
}
public function orders()
{
global $G;
if($G['member'] && is_array($G['post']['id']) && $G['post']['id'] && $G['config']['member_authorize_delete']){
$where = "FIND_IN_SET(id,'".implode(',',$G['post']['id'])."') AND member='{$G['member']['id']}'";
if(mysql::total('orders',$where) == count($G['post']['id'])){
mysql::delete('orders',$where);
alert('删除成功',$_SERVER['HTTP_REFERER']);
}else{
alert('权限不足');
}
}
alert($G['config']['member_post_error']);
}
public function collect()
{
global $G;
if($G['get']['func']=='add'){
if($G['member']){
if(is_numeric($G['post']['type']) && is_numeric($G['post']['id'])){
$data = array(
'type'=>0,
'model'=>$G['post']['type'],
'parent'=>$G['post']['id'],
'member'=>$G['member']['id']
);
if(!mysql::total('collect',"type=0 AND model='{$data['model']}' AND parent='{$data['parent']}' AND member='{$data['member']}'")){
mysql::insert($data+array('ctime'=>TIME),'collect');
alert('收藏成功',$_SERVER['HTTP_REFERER']);
}else{
alert('已经收藏');
}
}
}else{
alert($G['config']['member_not_login']);
}
}else if($G['get']['func']=='delete'){
if($G['member'] && is_array($G['post']['id']) && $G['post']['id']){
$where = "FIND_IN_SET(id,'".implode(',',$G['post']['id'])."') AND member='{$G['member']['id']}'";
if(mysql::total('collect',$where) == count($G['post']['id'])){
mysql::delete('collect',$where);
alert('删除成功',$_SERVER['HTTP_REFERER']);
}else{
alert('权限不足');
}
}
}
alert($G['config']['member_post_error']);
}
public function message()
{
global $G;
if($G['member'] && is_array($G['post']['id']) && $G['post']['id'] && $G['config']['member_authorize_delete']){
$where = "FIND_IN_SET(id,'".implode(',',$G['post']['id'])."') AND member='{$G['member']['id']}'";
if(mysql::total('message',$where) == count($G['post']['id'])){
mysql::delete('message',$where);
alert('删除成功',$_SERVER['HTTP_REFERER']);
}else{
alert('权限不足');
}
}
alert($G['config']['member_post_error']);
}
public function comment()
{
global $G;
if($G['config']['member_comment_open']){
$func = $G['get']['func'];
if(!$func){
$model = $G['get']['model'];
$gid = $G['get']['gid'];
$pages = $G['get']['pages'];
$parent = $G['get']['parent'];
if(is_numeric($gid) && is_numeric($model) && is_numeric($pages) && is_numeric($parent)){
echo html::comment($gid, $model, $parent, $pages);
die();
}
}else{
if($G['member']){
if($func == 'like'){
$id = $G['post']['id'];
if(is_numeric($id) && $res=mysql::select_one('*','comment',"id='{$id}'")){
if(preg_match("/(^|,){$G['member']['id']}(,|$)/",$res['heart'])){
$heart = preg_replace("/(^|,){$G['member']['id']}(,|$)/",'',$res['heart']);
if(!preg_match("/(^|,){$G['member']['id']}(,|$)/",$res['unheart'])){
$res['unheart'] = trim($res['unheart'].','.$G['member']['id'],',');
}
$ab = '-';
}else{
$heart = trim($res['heart'].','.$G['member']['id'],',');
$ab = '+';
}
if(mysql::update(array('heart'=>$heart,'unheart'=>$res['unheart']),'comment',"id='{$id}'")){
if(is_numeric($G['config']['member_reward_like']) && $G['config']['member_reward_like']>0 && $ab=='+' && !preg_match('/^'.(str_replace(',','|',$res['unheart'])).'$/',$G['member']['id'])){
mysql::update(array('points'=>'points+'.$G['config']['member_reward_like']),'member',"id='{$res['member']}'");
}
alert($ab.($heart?substr_count($heart,',')+1:0),$_SERVER['HTTP_REFERER']);
}
}
}else if($func == 'publish'){
if($G['config']['member_banned_speaking'] || $G['member']['open']==2){
alert($G['config']['member_comment_prohibit']);
}
$model = $G['post']['model'];
$gid = $G['post']['gid'];
$parent = $G['post']['parent'];
$superior = $G['post']['superior'];
$content = $G['post']['content'];
$anonymity = $G['post']['anonymity'];
if(is_numeric($gid) && is_numeric($model) && is_numeric($parent) && is_numeric($anonymity) && is_numeric($superior) && $content){
if(mysql::total('models',"id='{$model}' AND comments=1 AND display=1") &&
(!$parent || mysql::total('comment',"id='{$parent}' AND examine=1")) &&
(!$superior || mysql::total('comment',"id='{$superior}' AND examine=1")) &&
mysql::total(array_search($model,$G['pass']['type']).'_content',"id='{$gid}' AND comments=1") &&
$res=mysql::select_one('items',array_search($model,$G['pass']['type']),"id='{$gid}'AND display=1 AND recycle=0 AND weight>=0 AND weight<='{$G['member']['weight']}'")
){
if(!mysql::total('items',"id='{$res['items']}' AND comments=1 AND display=1 AND weight<='{$G['member']['weight']}'")){
alert($G['config']['member_post_error']);
}
if(!is_numeric($G['config']['member_comment_words'])){
$G['config']['member_comment_words'] = 200;
}
if(mb_strlen($content,'utf-8')>$G['config']['member_comment_words']){
alert('评论内容不能超过'.$G['config']['member_comment_words'].'字');
}
if($noky = json::decode($G['config']['member_comment_notkeyword'])){
foreach($noky as $k=>$v){
$noky[$k] = preg_quote($v);
}
if(preg_match('/'.implode('|',$noky).'/',$content)){
alert('存在限制词');
}
}
$period = is_numeric($G['config']['member_comment_period'])?$G['config']['member_comment_period']:60;
if(mysql::total('comment',"member='{$G['member']['id']}' AND ctime>".(TIME-$period))){
alert(str_replace('[s]',$period,$G['config']['member_comment_period_text']));
}
$ip = getIP();
$iphour = is_numeric($G['config']['member_comment_iphour'])?$G['config']['member_comment_iphour']:20;
if(mysql::total('comment',"ip='{$ip}' AND ctime>".(TIME-3600)) >= $iphour){
alert(str_replace('[n]',$iphour,$G['config']['member_comment_iphour_text']));
}
if(mysql::insert(array(
"parent" => $parent,
"superior" => $superior,
"model" => $model,
"gid" => $gid,
"content" => $content,
"ip" => $ip,
"ctime" => TIME,
"examine" => $G['config']['member_comment_examine']?0:1,
"anonymity" => $G['config']['member_comment_anonymity']&&$anonymity*1?1:0,
"member" => $G['member']['id'],
"heart" => '',
"unheart" => ''
),'comment')){
if(is_numeric($G['config']['member_reward_comment']) && $G['config']['member_reward_comment']>0){
mysql::update(array('points'=>'points+'.$G['config']['member_reward_comment']),'member',"id='{$G['member']['id']}'");
}
}
alert(
$G['config']['member_comment_examine']?
$G['config']['member_comment_examine_success']:
$G['config']['member_comment_success'],
$_SERVER['HTTP_REFERER']);
}
}
}else if($func == 'delete'){
if($G['post']['id']){
if($G['config']['member_authorize_delete']){
foreach($G['post']['id'] as $id){
if(is_numeric(mysql::delete('comment',"id='{$id}' AND member='{$G['member']['id']}'"))){
mysql::delete('comment',"parent='{$id}'");
}
}
alert('删除成功',$_SERVER['HTTP_REFERER']);
}else{
alert('权限不足');
}
}
}
alert($G['config']['member_post_error']);
}else{
alert($G['config']['member_not_login']);
}
}
}
}
public function contribute()
{
global $G;
if($G['member']){
if($G['get']['func']=='publish'){
if($G['config']['member_contribute_open'] && isset($G['post'])){
$type = $G['post']['type'];
if(!preg_match('/^(2|3|4|5)\d?$/',$type)){
alert('没有指定栏目类型');
}
if($res = mysql::select_one('cweight','models',"id='{$type}' AND contribute=1 AND display=1")){
if($G['member']['weight'] < $res['cweight']){
alert('会员等级不足');
}
}else{
alert('本模型不允许投稿');
}
$total = 0;
foreach($G['pass']['type'] as $k=>$v){
if(preg_match('/^(2|3|4|5)\d?$/',$v)){
$total += mysql::total($k,"issuer='-{$G['member']['id']}' AND display=1 AND recycle=0 AND weight>=0");
}
}
if($G['member']['contribute']<=$total){
alert('投稿次数已用完');
}
$subcon = $content?strSub(addslashes(strip_tags(delFilter($G['post']['content']))),0,100):'';
$data = array(
'name' => $G['post']['name'],
'items' => $G['post']['items'],
'sort' => 0,
'notice' => 0,
'recommend' => '',
'top' => 0,
'display' => 1,
'recycle' => 0,
'static' => '',
'ctime' => TIME,
'mtime' => TIME,
'weight' => -1,
'link' => '',
'issuer' => -$G['member']['id']
);
$dcon = array(
'theme' => '',
'title' => '',
'keywords' => '',
'description' => $subcon,
'alt' => '',
'target' => 0,
'comments' => 1,
'golds' => 0,
'color' => '',
'author' => $G['member']['alias']?$G['member']['alias']:$G['member']['username'],
);
if(!mysql::total('items',"id='{$data['items']}' AND contribute=1 AND display=1 AND weight<='{$G['member']['weight']}'")){
alert('本栏目不允许投稿');
}
$table = array_search($type,$G['pass']['type']);
if($G['config']['member_contribute_repeat'] && mysql::total($table,"name='{$data['name']}' AND id!='{$G['post']['id']}'")){
alert('投稿标题已存在');
}
if(preg_match('/^(2|3|4|5)$/',$type)){
$dcon['text'] = $G['post']['text']?$G['post']['text']:$subcon;
$dcon['content'] = delXss($G['post']['content']);
$dcon['container'] = delXss($G['post']['container']);
if(!$dcon['image'] = arrExist($G['post'],'image')){
preg_match('/<img src="([^"]+)"/',delFilter($dcon['content']),$match);
if(isset($match[1])){
$dcon['image'] = addslashes($match[1]);
}
}
}
if(preg_match('/^(2|3|4)$/',$type)){
$dcon['text1'] = arrExist($G['post'],'text1');
$dcon['text2'] = arrExist($G['post'],'text2');
$dcon['text3'] = arrExist($G['post'],'text3');
$dcon['image1'] = arrExist($G['post'],'image1');
$dcon['image2'] = arrExist($G['post'],'image2');
$dcon['image3'] = arrExist($G['post'],'image3');
$dcon['images'] = arrExist($G['post'],'images');
}
if($type == 3){
$dcon['icon'] = arrExist($G['post'],'icon');
$dcon['video'] = arrExist($G['post'],'video');
$dcon['content1'] = delXss($G['post']['content1']);
$dcon['content2'] = delXss($G['post']['content2']);
$dcon['content3'] = delXss($G['post']['content3']);
$dcon['content4'] = delXss($G['post']['content4']);
$dcon['price'] = arrExist($G['post'],'price');
}else if($type == 5){
$dcon['dweight'] = 0;
$dcon['dfiles'] = '';
$dcon['icon'] = arrExist($G['post'],'icon');
$dcon['file'] = $G['post']['file'];
$dcon['down'] = $G['post']['down'];
if($dcon['file']){
$file = url::upload($dcon['file'],'sub',ROOT_PATH);
$dcon['size'] = is_file($file)?@filesize($file):0;
}
}
if(preg_match('/^(2|3|4|5)\d$/',$type)){
$field = page::field($type);
foreach($field as $v){
$n = $v['name'];
if($v['display']){
$dcon[$n] = $G['post'][$n];
if($v['style'] == 2){
$dcon[$n] = delXss($dcon[$n]);
}
if(is_array($dcon[$n])){
$dcon[$n] = json::enfilter($dcon[$n]);
}
}else{
$dcon[$n] = preg_match('/^int/',$v['type'])?0:'';
}
}
}
$data = arrRoundHandle(delHtmlspecial($data),function($s, $param){ return htmlspecialchars($s, ENT_QUOTES); });
$dcon = arrRoundHandle(delHtmlspecial($dcon),function($s, $param){ return htmlspecialchars($s, ENT_QUOTES); });
if(mysql::total('items',"id='{$data['items']}' AND type='{$type}'")){
if($id = arrExist($G['post'],'id')){
unset($data['items']);
if($result = mysql::select_one('id,mtime',$table,"id='{$id}' AND issuer='-{$G['member']['id']}' AND recycle=0 AND display=1 AND weight=-1")){
if($result['mtime'] == $data['mtime']){
$data['mtime'] = TIME;
}
if(mysql::update($data,$table,"id='{$id}'")){
if(mysql::total($table.'_content',"id='{$id}'")){
mysql::update($dcon,$table.'_content',"id='{$id}'");
}else{
$dcon['id'] = $id;
mysql::insert($dcon,$table.'_content');
}
}
}else{
alert('没有内容');
}
}else{
if($id = mysql::insert($data,$table)){
$dcon['id'] = $id;
mysql::insert($dcon,$table.'_content');
if(is_numeric($G['config']['member_reward_contribute']) && $G['config']['member_reward_contribute']>0){
mysql::update(array('points'=>$G['member']['points']+$G['config']['member_reward_contribute']),'member',"id='{$G['member']['id']}'");
}
}
}
if($G['config']['rule_static_auto']){
mysql::update(array('static'=>into::load_class('admin','seo','rule','new')->repstatic($data['name'],$id)),$table,"id='{$id}'");
}
//if($type!=2 && isset($G['post']['tc'])){
//value::set($G['post']['tc'], $id, $type);
//}
alert('提交成功',url::member(null,'contribute'));
}else{
alert('没有指定栏目');
}
}else{
alert('没有提交信息');
}
}else if($G['get']['func']=='delete'){
if($G['post']['id']){
if($G['config']['member_authorize_delete']){
$success = array();
foreach($G['post']['id'] as $val){
if(!$G['post']['tools']){
$ti = explode('_',$val);
if(preg_match('/^(2|3|4|5)\d?$/',$ti[0]) && $table=array_search($ti[0],$G['pass']['type'])){
if(mysql::total($table,"id='{$ti[1]}' AND issuer='-{$G['member']['id']}' AND weight=-1 AND display=1 AND recycle=0")){
mysql::delete($table,"id='{$ti[1]}'");
mysql::delete($table.'_content',"id='{$ti[1]}'");
$success[] = $val;
}
}
}else if($G['post']['tools']==1){
if(mysql::total('docbuy',"id='{$val}' AND member='{$G['member']['id']}'")){
mysql::delete('docbuy',"id='{$val}'");
$success[] = $val;
}
}
}
if($success){
alert('删除成功',$_SERVER['HTTP_REFERER']);
}else{
alert('删除失败');
}
}else{
alert('权限不足');
}
}
alert($G['config']['member_post_error']);
}
}else{
alert($G['config']['member_not_login']);
}
}
public function logout()
{
global $G;
unset($G['member']);
session::clear('member');
alert($G['config']['member_logout_success'],url::member());
}
public function qrcode()
{
global $G;
if($G['config']['member_open'] && $G['member']){
require_once ROOT_PATH.'system/extend/qrcode/phpqrcode.php';
switch($G['get']['type']){
case 'wechatpay':
if($order = mysql::select_one('*','orders',"num='{$G['get']['orders']}' AND payment=4 AND member='{$G['member']['id']}' AND state=0 AND lang=lang")){
into::basic_class('wechatpay');
if($res = wechatpay::pay(array(
'text' => '',
'name' => $order['name'],
'price' => $order['price'],
'num' => $order['num'],
'etime' => date('Y-m-d\TH:i:s',$order['ctime']).'+08:00',
'notify_url' => $G['config']['domain'].'api/member/wechatpay.php'
),'pc',false)){
QRcode::png($res['url'], false, false, 6, 1, true);
}
}
break;
default:
url::$domain = $G['config']['domain'];
QRcode::png(url::param(url::member($G['items']['folder'],'register'),'invite',$G['member']['invite']), false, false, 5, 1, true);
break;
}
die();
}
}
public function download()
{
global $G;
if(is_numeric($G['get']['id']) && preg_match('/^\w{28}$/',$G['get']['file'])){
$group = mysql::select_one('*','download',"id='{$G['get']['id']}' AND display=1 AND weight>=0 AND recycle=0");
if($group['id'] && $res=mysql::select_one('*','download_content',"id='{$group['id']}'")){
$group = $group+$res;
}
if($group['dweight'] > 0){
if($G['member']){
if($group['dweight'] > $G['member']['weight']){
$res = page::grade_one($group['dweight']);
alert('“'.$res['name'].'”才能下载附件');
}
}else{
alert($G['config']['member_not_login']);
}
}
if(!$G['view'] && $group['golds']){
if(!$G['member'] || !mysql::total('docbuy',"model='5' AND parent='{$group['id']}' AND member='{$G['member']['id']}'")){
location(url::param(url::param(url::member(null,'warning'),'buy','doc'),'id','5_'.$group['id']));
}
}
if(strstr(md5($group['file']),$G['get']['file'])){
location(url::upload($group['file']));
}
if($dfiles = json::decode($group['dfiles'])){
foreach($dfiles as $v){
if(strstr(md5($v['file']),$G['get']['file'])){
location(url::upload($v['file']));
}
}
}
if($group['file'] && $G['config']['download_mirror_open'] && $mirror=json::decode($G['config']['download_mirror_dfiles'])){
foreach($mirror as $v){
$url = url::upload($group['file'],$v['file']);
if(strstr(md5($url),$G['get']['file'])){
location($url);
}
}
}
alert('附件地址错误');
}
alert($G['config']['member_post_error']);
}
public function alipay()
{
global $G;
into::basic_class('alipay');
if($res = alipay::receive(notify,mobile)){
if(is_numeric($res['price']) && $order=mysql::select_one('*','orders',"num='{$res['num']}' AND price={$res['price']} AND state=0 AND payment=3 AND lang=lang")){
$pk = mysql::select_one('*','package',"id='{$order['package']}' AND type='{$order['type']}'");
if($order['type']){
mysql::update(array('golds'=>'golds+'.$pk['golds']),'member',"id='{$order['member']}'");
}else{
if($ge = mysql::select_one('*','grade',"id='{$pk['grade']}'")){
if($member = mysql::select_one('*','member',"id='{$order['member']}'")){
$data = array(
'utime' => TIME,
'weight' => $ge['weight'],
'golds' => $member['golds']+$ge['golds'],
'points' => $member['points']+$ge['points']
);
if($pk['term'] == 0){
$data['etime'] = 0;
}else{
$data['etime'] = strtotime('+'.abs($pk['term']).' '.($pk['term']>0?'month':'day'),$ge['weight']>$member['weight']?TIME:setDefault($member['etime']*1,TIME));
}
mysql::update($data,'member',"id='{$member['id']}'");
}
}
}
mysql::update(array('state'=>2),'orders',"id='{$order['id']}' AND lang=lang");
}
if(!$res['notify']){
alert('购买成功',url::member(null,'orders'));
}
}
}
public function wechatpay()
{
global $G;
into::basic_class('wechatpay');
if($res = wechatpay::receive()){
if(is_numeric($res['price']) && $order=mysql::select_one('*','orders',"num='{$res['num']}' AND price={$res['price']} AND state=0 AND payment=4 AND lang=lang")){
$pk = mysql::select_one('*','package',"id='{$order['package']}' AND type='{$order['type']}'");
if($order['type']){
mysql::update(array('golds'=>'golds+'.$pk['golds']),'member',"id='{$order['member']}'");
}else{
if($ge = mysql::select_one('*','grade',"id='{$pk['grade']}'")){
if($member = mysql::select_one('*','member',"id='{$order['member']}'")){
$data = array(
'utime' => TIME,
'weight' => $ge['weight'],
'golds' => $member['golds']+$ge['golds'],
'points' => $member['points']+$ge['points']
);
if($pk['term'] == 0){
$data['etime'] = 0;
}else{
$data['etime'] = strtotime('+'.abs($pk['term']).' '.($pk['term']>0?'month':'day'),$ge['weight']>$member['weight']?TIME:setDefault($member['etime']*1,TIME));
}
mysql::update($data,'member',"id='{$member['id']}'");
}
}
}
mysql::update(array('state'=>2),'orders',"id='{$order['id']}' AND lang=lang");
}
}
}
public function wxauth()
{
global $G;
if($G['config']['member_open'] && $G['member']){
if($G['get']['code'] && $G['get']['orders'] && $order=mysql::select_one('*','orders',"num='{$G['get']['orders']}' AND payment=4 AND member='{$G['member']['id']}' AND state=0 AND lang=lang")){
into::basic_class('wechatpay');
if(wechatpay::pay(array(
'text' => '',
'name' => $order['name'],
'price' => $order['price'],
'num' => $order['num'],
'etime' => date('Y-m-d\TH:i:s',$order['ctime']).'+08:00',
'code' => $G['get']['code'],
'notify_url' => $G['config']['domain'].'api/member/wechatpay.php',
'return_url' => url::member(null,'orders')
),'weixin'));
}
}
}
}
?>