getColumn("SELECT count(*) FROM pre_order WHERE uid={$uid} AND status=1"); $orders_today=$DB->getColumn("SELECT count(*) from pre_order WHERE uid={$uid} AND status=1 AND date='$today'"); $settle_money=$DB->getColumn("SELECT sum(realmoney) FROM pre_settle WHERE uid={$uid} and status=1"); $settle_money=round($settle_money,2); $order_today_all = round($DB->getColumn("SELECT sum(money) FROM pre_order WHERE uid={$uid} AND status=1 AND date='$today'"),2); $order_lastday_all = round($DB->getColumn("SELECT sum(money) FROM pre_order WHERE uid={$uid} AND status=1 AND date='$lastday'"),2); $channels = []; $types = \lib\Channel::getTypes($uid, $userrow['gid']); foreach($types as $row){ $order_today = round($DB->getColumn("SELECT sum(money) FROM pre_order WHERE uid={$uid} AND status=1 AND date='$today' AND type={$row['id']}"),2); $order_lastday = round($DB->getColumn("SELECT sum(money) FROM pre_order WHERE uid={$uid} AND status=1 AND date='$lastday' AND type={$row['id']}"),2); $orderrow = $DB->getRow("SELECT COUNT(*) allnum,COUNT(IF(status>0, 1, NULL)) sucnum FROM pre_order WHERE uid={$uid} AND addtime>='$today' AND type={$row['id']}"); $success_rate = $orderrow && $orderrow['allnum'] > 0 ? round($orderrow['sucnum']/$orderrow['allnum']*100,2) : 100; $channels[] = ['name'=>$row['name'], 'showname'=>$row['showname'], 'rate'=>round(100-$row['rate'], 2), 'order_today'=>$order_today, 'order_lastday'=>$order_lastday, 'success_rate'=>$success_rate]; } $result=['code'=>0, 'orders'=>$orders, 'orders_today'=>$orders_today, 'settle_money'=>$settle_money, 'order_today_all'=>$order_today_all, 'order_lastday_all'=>$order_lastday_all, 'channels'=>$channels]; exit(json_encode($result)); break; case 'sendcode': $situation=trim($_POST['situation']); $target=htmlspecialchars(strip_tags(trim($_POST['target']))); if(isset($_SESSION['send_code_time']) && $_SESSION['send_code_time']>time()-10){ exit('{"code":-1,"msg":"请勿频繁发送验证码"}'); } if(!isset($_SESSION['gtserver']))exit('{"code":-1,"msg":"验证加载失败"}'); if(!verify_captcha($uid))exit('{"code":-1,"msg":"验证失败，请重新验证"}'); if($conf['verifytype']==1 || $situation=='bindphone'){ if($situation=='bind' || $situation=='bindphone'){ if(empty($target) || strlen($target)!=11){ exit('{"code":-1,"msg":"请填写正确的手机号码！"}'); } if($target==$userrow['phone']){ exit('{"code":-1,"msg":"你填写的手机号码和之前一样"}'); } $row=$DB->getRow("select * from pre_user where phone=:phone limit 1", [':phone'=>$target]); if($row){ exit('{"code":-1,"msg":"该手机号码已经绑定过其它商户"}'); } }else{ if(empty($userrow['phone']) || strlen($userrow['phone'])!=11){ exit('{"code":-1,"msg":"请先绑定手机号码！"}'); } $target=$userrow['phone']; } $type = 1; }else{ if($situation=='bind'){ if(!preg_match('/^[A-z0-9._-]+@[A-z0-9._-]+\.[A-z0-9._-]+$/', $target)){ exit('{"code":-1,"msg":"邮箱格式不正确"}'); } if($target==$userrow['email']){ exit('{"code":-1,"msg":"你填写的邮箱和之前一样"}'); } $row=$DB->getRow("select * from pre_user where email=:email limit 1", [':email'=>$target]); if($row){ exit('{"code":-1,"msg":"该邮箱已经绑定过其它商户"}'); } }else{ if(empty($userrow['email']) || strpos($userrow['email'],'@')===false){ exit('{"code":-1,"msg":"请先绑定邮箱！"}'); } $target=$userrow['email']; } $type = 0; } $result = \lib\VerifyCode::send_code('edit', $type, $target, $uid); if($result === true){ $_SESSION['send_code_time']=time(); exit(json_encode(['code'=>0, 'msg'=>'succ'])); }else{ exit(json_encode(['code'=>-1, 'msg'=>$result])); } break; case 'verifycode': $code=trim($_POST['code']); if($conf['verifytype']==1){ $sendto = $userrow['phone']; $type = 1; }else{ $sendto = $userrow['email']; $type = 0; } $result = \lib\VerifyCode::verify_code('edit', $type, $sendto, $code, $uid); if($result === true){ $_SESSION['verify_ok']=$uid; \lib\VerifyCode::void_code(); exit(json_encode(['code'=>1, 'msg'=>'succ'])); }else{ exit(json_encode(['code'=>-1, 'msg'=>$result])); } break; case 'completeinfo': $type=intval($_POST['stype']); $account=htmlspecialchars(strip_tags(trim($_POST['account']))); $username=htmlspecialchars(strip_tags(trim($_POST['username']))); $email=htmlspecialchars(strip_tags(trim($_POST['email']))); $qq=htmlspecialchars(strip_tags(trim($_POST['qq']))); $url=htmlspecialchars(strip_tags(trim($_POST['url']))); if(empty($account) || empty($username) || empty($qq) || empty($url)){ exit('{"code":-1,"msg":"请确保每项都不为空"}'); } if(!empty($userrow['account']) && !empty($userrow['username'])){ exit('{"code":-1,"msg":"你已完善相关信息"}'); } if($type==1 && strlen($account)!=11 && strpos($account,'@')==false){ exit('{"code":-1,"msg":"请填写正确的支付宝账号！"}'); } if($type==2 && strlen($account)<3){ exit('{"code":-1,"msg":"请填写正确的微信"}'); } if($type==3 && (strlen($account)<5 || strlen($account)>10 || !is_numeric($account))){ exit('{"code":-1,"msg":"请填写正确的QQ号码"}'); } if(strlen($qq)<5 || strlen($qq)>10 || !is_numeric($qq)){ exit('{"code":-1,"msg":"请填写正确的QQ"}'); } if(strlen($url)<4 || strpos($url,'.')==false){ exit('{"code":-1,"msg":"请填写正确的网站域名！"}'); } $data = ['settle_id'=>$type, 'account'=>$account, 'username'=>$username, 'qq'=>$qq, 'url'=>$url]; if($conf['verifytype']==1){ if(!preg_match('/^[A-z0-9._-]+@[A-z0-9._-]+\.[A-z0-9._-]+$/', $email)){ exit('{"code":-1,"msg":"邮箱格式不正确"}'); } if($email!=$userrow['email']){ $row=$DB->getRow("select * from pre_user where email=:email limit 1", [':email'=>$email]); if($row){ exit('{"code":-1,"msg":"该邮箱已经绑定过其它商户，如需找回，请退出登录后找回密码"}'); } $data['email'] = $email; } } if($DB->update('user', $data, ['uid'=>$uid])!==false){ exit('{"code":1,"msg":"succ"}'); }else{ exit('{"code":-1,"msg":"保存失败！'.$DB->error().'"}'); } break; case 'edit_settle': $type=intval($_POST['stype']); $account=htmlspecialchars(strip_tags(trim($_POST['account']))); $username=htmlspecialchars(strip_tags(trim($_POST['username']))); if($account==null || $username==null){ exit('{"code":-1,"msg":"请确保每项都不为空"}'); } if($type==1 && strlen($account)!=11 && strpos($account,'@')==false){ exit('{"code":-1,"msg":"请填写正确的支付宝账号！"}'); } if($type==2 && strlen($account)<3){ exit('{"code":-1,"msg":"请填写正确的微信"}'); } if($type==3 && (strlen($account)<5 || strlen($account)>10 || !is_numeric($account))){ exit('{"code":-1,"msg":"请填写正确的QQ号码"}'); } if($userrow['type']!=2 && !empty($userrow['account']) && !empty($userrow['username']) && ($userrow['account']!=$account || $userrow['username']!=$username) && $_SESSION['verify_ok']!==$uid){ if($conf['verifytype']==1 && (empty($userrow['phone']) || strlen($userrow['phone'])!=11)){ exit('{"code":-1,"msg":"请先绑定手机号码！"}'); }elseif($conf['verifytype']==0 && (empty($userrow['email']) || strpos($userrow['email'],'@')===false)){ exit('{"code":-1,"msg":"请先绑定邮箱！"}'); } exit('{"code":2,"msg":"need verify"}'); } $data = ['settle_id'=>$type, 'account'=>$account, 'username'=>$username]; if($DB->update('user', $data, ['uid'=>$uid])!==false){ exit('{"code":1,"msg":"succ"}'); }else{ exit('{"code":-1,"msg":"保存失败！'.$DB->error().'"}'); } break; case 'edit_info': $email=htmlspecialchars(strip_tags(trim($_POST['email']))); $qq=htmlspecialchars(strip_tags(trim($_POST['qq']))); $url=htmlspecialchars(strip_tags(trim($_POST['url']))); $keylogin=intval($_POST['keylogin']); $refund=intval($_POST['refund']); $transfer=intval($_POST['transfer']); $remain_money=trim($_POST['remain_money']); if($qq==null || $url==null){ exit('{"code":-1,"msg":"请确保每项都不为空"}'); } if(strlen($qq)<5 || strlen($qq)>10 || !is_numeric($qq)){ exit('{"code":-1,"msg":"请填写正确的QQ"}'); } if(strlen($url)<4 || strpos($url,'.')==false){ exit('{"code":-1,"msg":"请填写正确的网站域名！"}'); } if($conf['verifytype']==1){ if($email!=$userrow['email']){ $row=$DB->getRow("select * from pre_user where email=:email limit 1", [':email'=>$email]); if($row){ exit('{"code":-1,"msg":"该邮箱已经绑定过其它商户，如需找回，请退出登录后找回密码"}'); } if(!preg_match('/^[A-z0-9._-]+@[A-z0-9._-]+\.[A-z0-9._-]+$/', $email)){ exit('{"code":-1,"msg":"邮箱格式不正确"}'); } } $sqs = $DB->update('user', ['email'=>$email, 'qq'=>$qq, 'url'=>$url, 'keylogin'=>$keylogin, 'refund'=>$refund, 'transfer'=>$transfer, 'remain_money'=>$remain_money], ['uid'=>$uid]); }else{ $sqs = $DB->update('user', ['qq'=>$qq, 'url'=>$url, 'keylogin'=>$keylogin, 'refund'=>$refund, 'transfer'=>$transfer, 'remain_money'=>$remain_money], ['uid'=>$uid]); } if($sqs!==false){ exit('{"code":1,"msg":"succ"}'); }else{ exit('{"code":-1,"msg":"保存失败！'.$DB->error().'"}'); } break; case 'edit_keytype': $keytype=intval($_POST['keytype']); $sqs = $DB->update('user', ['keytype'=>$keytype], ['uid'=>$uid]); if($sqs!==false){ exit('{"code":1,"msg":"succ"}'); }else{ exit('{"code":-1,"msg":"保存失败！'.$DB->error().'"}'); } break; case 'edit_voice': $voice_devid=trim($_POST['voice_devid']); $voice_order=intval($_POST['voice_order']); $sqs = $DB->update('user', ['voice_devid'=>$voice_devid, 'voice_order'=>$voice_order], ['uid'=>$uid]); if($sqs!==false){ exit('{"code":1,"msg":"succ"}'); }else{ exit('{"code":-1,"msg":"保存失败！'.$DB->error().'"}'); } break; case 'edit_channel_info': $setting=$_POST['setting']; $channelinfo = json_encode($setting); $sqs=$DB->update('user', ['channelinfo'=>$channelinfo], ['uid'=>$uid]); if($sqs!==false){ exit('{"code":1,"msg":"succ"}'); }else{ exit('{"code":-1,"msg":"保存失败！'.$DB->error().'"}'); } break; case 'edit_mode': $mode=intval($_POST['mode']); $sqs=$DB->update('user', ['mode'=>$mode], ['uid'=>$uid]); if($sqs!==false){ exit('{"code":1,"msg":"succ"}'); }else{ exit('{"code":-1,"msg":"保存失败！'.$DB->error().'"}'); } break; case 'edit_msgconfig': $msgconfig = [ 'order' => intval($_POST['notice_order']), 'settle' => intval($_POST['notice_settle']), 'login' => intval($_POST['notice_login']), 'complain' => intval($_POST['notice_complain']), 'mchrisk' => intval($_POST['notice_mchrisk']), 'order_money' => trim($_POST['notice_order_money']), 'balance' => intval($_POST['notice_balance']), 'balance_money' => trim($_POST['notice_balance_money']) ]; $sqs=$DB->update('user', ['msgconfig'=>serialize($msgconfig)], ['uid'=>$uid]); if($sqs!==false){ exit('{"code":1,"msg":"succ"}'); }else{ exit('{"code":-1,"msg":"保存失败！'.$DB->error().'"}'); } break; case 'edit_bind': $email=htmlspecialchars(strip_tags(trim($_POST['email']))); $phone=htmlspecialchars(strip_tags(trim($_POST['phone']))); $code=trim($_POST['code']); if($code==null || $email==null && $phone==null){ exit('{"code":-1,"msg":"请确保每项都不为空"}'); } if(empty($_SESSION['verify_ok']) || $_SESSION['verify_ok']!=$uid){ if($conf['verifytype']==1 && !empty($userrow['phone']) && strlen($userrow['phone'])==11){ exit('{"code":2,"msg":"请先完成验证"}'); }elseif($conf['verifytype']==0 && !empty($userrow['email']) && strpos($userrow['email'],'@')!==false && !empty($email) && empty($phone)){ exit('{"code":2,"msg":"请先完成验证"}'); } } if($conf['verifytype']==1 || $conf['verifytype']==0 && empty($email) && !empty($phone)){ $sendto = $phone; $type = 1; }else{ $sendto = $email; $type = 0; } $result = \lib\VerifyCode::verify_code('edit', $type, $sendto, $code, $uid); if($result !== true){ exit(json_encode(['code'=>-1, 'msg'=>$result])); } if($conf['verifytype']==1 || $conf['verifytype']==0 && empty($email) && !empty($phone)){ $sqs=$DB->update('user', ['phone'=>$phone], ['uid'=>$uid]); }else{ $sqs=$DB->update('user', ['email'=>$email], ['uid'=>$uid]); } if($sqs!==false){ \lib\VerifyCode::void_code(); exit('{"code":1,"msg":"succ"}'); }else{ exit('{"code":-1,"msg":"保存失败！'.$DB->error().'"}'); } break; case 'checkbind': if($conf['verifytype']==1 && (empty($userrow['phone']) || strlen($userrow['phone'])!=11)){ exit('{"code":1,"msg":"bind"}'); }elseif($conf['verifytype']==0 && (empty($userrow['email']) || strpos($userrow['email'],'@')===false)){ exit('{"code":1,"msg":"bind"}'); }elseif(isset($_SESSION['verify_ok']) && $_SESSION['verify_ok']===$uid){ exit('{"code":1,"msg":"bind"}'); }else{ exit('{"code":2,"msg":"need verify"}'); } break; case 'resetKey': if(isset($_POST['submit'])){ $key = random(32); $sql = "UPDATE pre_user SET `key`='$key' WHERE uid='$uid'"; if($DB->exec($sql)!==false)exit('{"code":0,"msg":"重置密钥成功","key":"'.$key.'"}'); else exit('{"code":-1,"msg":"重置密钥失败['.$DB->error().']"}'); } break; case 'createRsaPair': if(isset($_POST['submit'])){ $keypair = generate_key_pair(); $DB->update('user', ['publickey'=>$keypair['public_key']], ['uid'=>$uid]); exit(json_encode(['code'=>0, 'msg'=>'succ', 'public_key'=>$keypair['public_key'], 'private_key'=>$keypair['private_key']])); } break; case 'edit_pwd': $oldpwd=trim($_POST['oldpwd']); $newpwd=trim($_POST['newpwd']); $newpwd2=trim($_POST['newpwd2']); if(!empty($userrow['pwd']) && $oldpwd==null || $newpwd==null || $newpwd2==null){ exit('{"code":-1,"msg":"请确保每项都不为空"}'); } if(!empty($userrow['pwd']) && getMd5Pwd($oldpwd, $uid)!=$userrow['pwd']){ exit('{"code":-1,"msg":"旧密码不正确"}'); } if($newpwd!=$newpwd2){ exit('{"code":-1,"msg":"两次输入密码不一致！"}'); } if($oldpwd==$newpwd){ exit('{"code":-1,"msg":"旧密码和新密码相同！"}'); } if (strlen($newpwd) < 6) { exit('{"code":-1,"msg":"新密码不能低于6位"}'); }elseif ($newpwd == $userrow['email']) { exit('{"code":-1,"msg":"新密码不能和邮箱相同"}'); }elseif ($newpwd == $userrow['phone']) { exit('{"code":-1,"msg":"新密码不能和手机号码相同"}'); }elseif (is_numeric($newpwd)) { exit('{"code":-1,"msg":"新密码不能为纯数字"}'); } $pwd = getMd5Pwd($newpwd, $uid); $sqs=$DB->exec("update `pre_user` set `pwd` ='{$pwd}' where `uid`='$uid'"); if($sqs!==false){ exit('{"code":1,"msg":"修改密码成功！请牢记新密码"}'); }else{ exit('{"code":-1,"msg":"修改密码失败！'.$DB->error().'"}'); } break; case 'edit_codename': $codename=htmlspecialchars(strip_tags(trim($_POST['codename']))); $sqs=$DB->update('user', ['codename'=>$codename], ['uid'=>$uid]); if($sqs!==false){ exit('{"code":1,"msg":"保存成功！"}'); }else{ exit('{"code":-1,"msg":"保存失败！'.$DB->error().'"}'); } break; case 'certificate': $certname=htmlspecialchars(strip_tags(trim($_POST['certname']))); $certno=htmlspecialchars(strip_tags(trim($_POST['certno']))); $certtype=intval($_POST['certtype']); if(!$_POST['csrf_token'] || $_POST['csrf_token']!=$_SESSION['csrf_token'])exit('{"code":-1,"msg":"CSRF TOKEN ERROR"}'); if($userrow['cert']==1 &&($certtype==0 || $certtype==1 && $userrow['certtype']==1))exit('{"code":-1,"msg":"你已完成实名认证"}'); if($conf['cert_money']>0 && $userrow['money']<$conf['cert_money'])exit('{"code":-1,"msg":"账户余额不足'.$conf['cert_money'].'元，无法完成认证"}'); if(empty($certname) || empty($certno))exit('{"code":-1,"msg":"请确保各项不能为空"}'); if(strlen($certname)<3)exit('{"code":-1,"msg":"姓名填写错误"}'); if(!is_idcard($certno))exit('{"code":-1,"msg":"身份证号不正确"}'); /*$row=$DB->getRow("SELECT uid,phone,email FROM pre_user WHERE certname=:certname AND certno=:certno AND cert=1 LIMIT 1", [':certno'=>$certno, ':certname'=>$certname]); if($row){ exit('{"code":-2,"msg":"账号:'.($row['phone']?$row['phone']:$row['email']).'(商户ID:'.$row['uid'].')已经使用此身份认证，是否将该认证信息关联到当前商户？关联需要输入商户ID '.$row['uid'].' 的商户密钥","uid":"'.$row['uid'].'"}'); }*/ if($certtype==1){ $certcorpno=htmlspecialchars(strip_tags(trim($_POST['certcorpno']))); $certcorpname=htmlspecialchars(strip_tags(trim($_POST['certcorpname']))); if(empty($certcorpno) || empty($certcorpname))exit('{"code":-1,"msg":"公司名称和营业执照号码不能为空"}'); $checkres = check_corp_cert($certcorpname, $certcorpno, $certname); if($checkres['code']!=0)exit('{"code":-1,"msg":"'.$checkres['msg'].'"}'); } if($conf['cert_open'] == 1){ //支付宝身份验证 if(!$conf['cert_channel'])exit('{"code":-1,"msg":"未配置支付宝身份验证通道"}'); $channel = \lib\Channel::get($conf['cert_channel']); if(!$channel)exit('{"code":-1,"msg":"当前实名认证通道信息不存在"}'); $alipay_config = require(PLUGIN_ROOT.$channel['plugin'].'/inc/config.php'); $alipay_config['return_url'] = 'alipays://platformapi/startapp?appId=20000067&url='.urlencode($siteurl.'user/alipaycertok.php?state='.urlencode(authcode($uid, 'ENCODE', SYS_KEY))); try{ $certify = new \Alipay\AlipayCertifyService($alipay_config); $outer_order_no = date("YmdHis").rand(000,999).$uid; $certifyResult = $certify->initialize($outer_order_no, $certname, $certno, 'IDENTITY_CARD', 'SMART_FACE'); }catch(Exception $e){ exit('{"code":-1,"msg":"支付宝接口返回异常'.$e->getMessage().'"}'); } if(isset($certifyResult['certify_id'])){ $_SESSION[$uid.'_certify']=true; $sqs=$DB->exec("update `pre_user` set `cert`=0,`certtype`=:certtype,`certmethod`=:certmethod,`certno`=:certno,`certname`=:certname,`certtoken`=:certtoken where `uid`=:uid", [':certtype'=>$certtype, ':certmethod'=>0, ':certno'=>$certno, ':certname'=>$certname, ':certtoken'=>$certifyResult['certify_id'], ':uid'=>$uid]); if($sqs!==false){ if ($certtype==1) { $DB->exec("update `pre_user` set `certcorpno`=:certcorpno,`certcorpname`=:certcorpname where `uid`=:uid", [':certcorpno'=>$certcorpno, ':certcorpname'=>$certcorpname, ':uid'=>$uid]); } exit(json_encode(['code'=>1, 'msg'=>'ok', 'certify_id'=>$certifyResult['certify_id']])); }else{ exit('{"code":-1,"msg":"保存信息失败'.$DB->error().'"}'); } }else{ exit('{"code":-1,"msg":"支付宝接口返回异常['.$certifyResult['sub_code'].']'.$certifyResult['sub_msg'].'"}'); } }elseif($conf['cert_open'] == 2){ //手机号三要素实名认证 if(empty($userrow['phone']))exit('{"code":-1,"msg":"你还未绑定手机号码"}'); $res = check_cert($certno, $certname, $userrow['phone']); if($res['code']==0){ $sqs=$DB->exec("update `pre_user` set `cert`=1,`certtype`=:certtype,`certmethod`=:certmethod,`certno`=:certno,`certname`=:certname,`certtime`=NOW() where `uid`=:uid", [':certtype'=>$certtype, ':certmethod'=>2, ':certno'=>$certno, ':certname'=>$certname, ':uid'=>$uid]); if($conf['cert_money']>0){ changeUserMoney($uid, $conf['cert_money'], false, '实名认证'); } exit('{"code":2,"msg":"恭喜您成功提交实名认证！"}'); }else{ exit('{"code":-1,"msg":"认证结果：'.$res['msg'].'"}'); } }elseif($conf['cert_open'] == 3){ //支付宝实名信息验证 if(!$conf['cert_channel'])exit('{"code":-1,"msg":"未配置支付宝实名信息验证通道"}'); $channel = \lib\Channel::get($conf['cert_channel']); if(!$channel)exit('{"code":-1,"msg":"当前实名认证通道信息不存在"}'); $alipay_config = require(PLUGIN_ROOT.$channel['plugin'].'/inc/config.php'); try{ $certdoc = new \Alipay\AlipayCertdocService($alipay_config); $result = $certdoc->preconsult($certname, $certno); }catch(Exception $e){ exit('{"code":-1,"msg":"支付宝接口返回异常'.$e->getMessage().'"}'); } $_SESSION[$uid.'_certify']=true; $sqs=$DB->exec("update `pre_user` set `cert`=0,`certtype`=:certtype,`certmethod`=:certmethod,`certno`=:certno,`certname`=:certname,`certtoken`=:certtoken where `uid`=:uid", [':certtype'=>$certtype, ':certmethod'=>0, ':certno'=>$certno, ':certname'=>$certname, ':certtoken'=>$result['verify_id'], ':uid'=>$uid]); if($sqs!==false){ if ($certtype==1) { $DB->exec("update `pre_user` set `certcorpno`=:certcorpno,`certcorpname`=:certcorpname where `uid`=:uid", [':certcorpno'=>$certcorpno, ':certcorpname'=>$certcorpname, ':uid'=>$uid]); } exit(json_encode(['code'=>1, 'msg'=>'ok', 'verify_id'=>$result['verify_id']])); }else{ exit('{"code":-1,"msg":"保存信息失败'.$DB->error().'"}'); } }elseif($conf['cert_open'] == 4){ //微信扫码实名认证 if(!$conf['cert_qcloudid'] || !$conf['cert_qcloudkey'])exit('{"code":-1,"msg":"未配置腾讯云SecretId和SecretKey"}'); $qcloud = new \lib\QcloudFaceid($conf['cert_qcloudid'], $conf['cert_qcloudkey']); $callbackurl = $siteurl.'user/alipaycertok.php?state='.$uid; $result = $qcloud->GetRealNameAuthToken($certname, $certno, $callbackurl); if(isset($result['AuthToken'])){ $_SESSION[$uid.'_certify']=true; $_SESSION['qrcode_url'] = $result['RedirectURL']; $sqs=$DB->exec("update `pre_user` set `cert`=0,`certtype`=:certtype,`certmethod`=:certmethod,`certno`=:certno,`certname`=:certname,`certtoken`=:certtoken where `uid`=:uid", [':certtype'=>$certtype, ':certmethod'=>1, ':certno'=>$certno, ':certname'=>$certname, ':certtoken'=>$result['AuthToken'], ':uid'=>$uid]); if($sqs!==false){ if ($certtype==1) { $DB->exec("update `pre_user` set `certcorpno`=:certcorpno,`certcorpname`=:certcorpname where `uid`=:uid", [':certcorpno'=>$certcorpno, ':certcorpname'=>$certcorpname, ':uid'=>$uid]); } exit(json_encode(['code'=>1, 'msg'=>'ok', 'wx_token'=>$result['AuthToken']])); }else{ exit('{"code":-1,"msg":"保存信息失败'.$DB->error().'"}'); } }else{ exit('{"code":-1,"msg":"接口返回异常['.$result['Error']['Code'].']'.$result['Error']['Message'].'"}'); } }elseif($conf['cert_open'] == 5){ //阿里云金融级实人认证 if(!$conf['cert_aliyunid'] || !$conf['cert_aliyunkey'] || !$conf['cert_aliyunsceneid'])exit('{"code":-1,"msg":"未配置阿里云接口信息"}'); $aliyun = new \lib\AliyunCertify($conf['cert_aliyunid'], $conf['cert_aliyunkey'], $conf['cert_aliyunsceneid']); $outer_order_no = date("YmdHis").rand(000,999).$uid; $return_url = 'alipays://platformapi/startapp?appId=20000067&url='.urlencode($siteurl.'user/alipaycertok.php?state='.urlencode(authcode($uid, 'ENCODE', SYS_KEY))); $result = $aliyun->initialize($outer_order_no, $certname, $certno, $return_url); if (isset($result['Code']) && $result['Code']==200) { $_SESSION[$uid.'_certify']=true; $_SESSION['qrcode_url'] = $result['Data']['certifyUrl']; $sqs=$DB->exec("update `pre_user` set `cert`=0,`certtype`=:certtype,`certmethod`=:certmethod,`certno`=:certno,`certname`=:certname,`certtoken`=:certtoken where `uid`=:uid", [':certtype'=>$certtype, ':certmethod'=>0, ':certno'=>$certno, ':certname'=>$certname, ':certtoken'=>$result['Data']['certifyId'], ':uid'=>$uid]); if($sqs!==false){ if ($certtype==1) { $DB->exec("update `pre_user` set `certcorpno`=:certcorpno,`certcorpname`=:certcorpname where `uid`=:uid", [':certcorpno'=>$certcorpno, ':certcorpname'=>$certcorpname, ':uid'=>$uid]); } exit(json_encode(['code'=>1, 'msg'=>'ok', 'certify_id'=>$result['Data']['certifyId']])); }else{ exit('{"code":-1,"msg":"保存信息失败'.$DB->error().'"}'); } }else{ exit('{"code":-1,"msg":"接口返回异常['.$result['Code'].']'.$result['Message'].'"}'); } }else{ exit('{"code":-1,"msg":"网站未开启实名认证功能"}'); } break; case 'cert_geturl': if(!$_POST['csrf_token'] || $_POST['csrf_token']!=$_SESSION['csrf_token'])exit('{"code":-1,"msg":"CSRF TOKEN ERROR"}'); if(isset($_SESSION[$uid.'_certify'])){ if($conf['cert_open'] == 1){ $url = $siteurl.'user/alipaycert.php?uid='.$uid.'&certtoken='.$userrow['certtoken']; exit(json_encode(['code'=>1, 'msg'=>'ok', 'url'=>$url])); }elseif($conf['cert_open'] == 3){ $channel = \lib\Channel::get($conf['cert_channel']); if(!$channel)exit('{"code":-1,"msg":"当前实名认证通道信息不存在"}'); $alipay_config = require(PLUGIN_ROOT.$channel['plugin'].'/inc/config.php'); $certdoc = new \Alipay\AlipayCertdocService($alipay_config); $redirect_uri = $siteurl.'user/alipaycertok.php'; $state = authcode($uid, 'ENCODE', SYS_KEY); $url = $certdoc->oauth($redirect_uri, $userrow['certtoken'], $state, true); exit(json_encode(['code'=>1, 'msg'=>'ok', 'url'=>$url])); }else{ $url = $_SESSION['qrcode_url']; if(!$url)exit('{"code":-1,"msg":"二维码图片不存在"}'); exit(json_encode(['code'=>1, 'msg'=>'ok', 'url'=>$url])); } }else{ exit('{"code":-1,"msg":"Access Denied"}'); } break; case 'cert_query': if(!$_POST['csrf_token'] || $_POST['csrf_token']!=$_SESSION['csrf_token'])exit('{"code":-1,"msg":"CSRF TOKEN ERROR"}'); $cert = $DB->getColumn("select cert from pre_user where uid=$uid"); if($cert == 1){ unset($_SESSION[$uid.'_certify']); unset($_SESSION['qrcode_url']); exit('{"code":1,"msg":"succ","passed":true}'); }else{ exit('{"code":1,"msg":"succ","passed":false}'); } break; case 'order': //订单详情 $trade_no=$_GET['trade_no']; $row=$DB->getRow("select A.*,B.showname typename from pre_order A left join pre_type B on A.type=B.id where trade_no=:trade_no and uid=:uid limit 1", [':trade_no'=>$trade_no, ':uid'=>$uid]); if(!$row) exit('{"code":-1,"msg":"当前订单不存在！"}'); $row['subchannelname'] = $row['subchannel'] > 0 ? $DB->findColumn('subchannel', 'name', ['id'=>$row['subchannel']]) : ''; if($row['status']==2){ $row['refundtime'] = $DB->findColumn('refundorder', 'addtime', ['trade_no'=>$trade_no], 'refund_no DESC'); } $result=array("code"=>0,"msg"=>"succ","data"=>$row); exit(json_encode($result)); break; case 'subOrders': $trade_no=trim($_GET['trade_no']); $list = \lib\Payment::getSubOrders($trade_no); exit(json_encode(['code'=>0, 'data'=>$list, 'settle'=>$DB->findColumn('order', 'settle', ['trade_no'=>$trade_no])])); break; case 'notify': $trade_no=$_POST['trade_no']; $row=$DB->getRow("select * from pre_order where trade_no=:trade_no AND uid=:uid limit 1", [':trade_no'=>$trade_no, ':uid'=>$uid]); if(!$row) exit('{"code":-1,"msg":"当前订单不存在！"}'); if($row['status']==0)exit('{"code":-1,"msg":"订单尚未支付，无法重新通知！"}'); $url=creat_callback($row); if($row['notify']>0) $DB->exec("update pre_order set notify=0 where trade_no=:trade_no", [':trade_no'=>$trade_no]); exit('{"code":0,"url":"'.($_POST['isreturn']==1?$url['return']:$url['notify']).'"}'); break; case 'settle_result': $id=intval($_GET['id']); $row=$DB->getRow("select result from pre_settle where id='$id' limit 1"); if(!$row) exit('{"code":-1,"msg":"当前结算记录不存在！"}'); $result = ['code'=>0,'msg'=>$row['result']?$row['result']:'未知']; exit(json_encode($result)); break; case 'recharge': $money=trim(daddslashes($_POST['money'])); $typeid=intval($_POST['typeid']); $name = '充值余额 UID:'.$uid; if(!$_POST['csrf_token'] || $_POST['csrf_token']!=$_SESSION['csrf_token'])exit('{"code":-1,"msg":"CSRF TOKEN ERROR"}'); if($userrow['pay']==0)exit('{"code":-1,"msg":"当前商户已被封禁"}'); //if($conf['cert_force']==1 && $userrow['cert']==0)exit('{"code":-1,"msg":"当前商户未完成实名认证，无法收款"}'); if($money<=0 || !is_numeric($money) || !preg_match('/^[0-9.]+$/', $money))exit('{"code":-1,"msg":"金额不合法"}'); if($conf['pay_maxmoney']>0 && $money>$conf['pay_maxmoney'])exit('{"code":-1,"msg":"最大支付金额是'.$conf['pay_maxmoney'].'元"}'); if($conf['pay_minmoney']>0 && $money<$conf['pay_minmoney'])exit('{"code":-1,"msg":"最小支付金额是'.$conf['pay_minmoney'].'元"}'); $trade_no=date("YmdHis").rand(11111,99999); $return_url=$siteurl.'user/recharge.php?ok=1&trade_no='.$trade_no; $domain=getdomain($return_url); $param = json_encode(['uid'=>$uid]); if(!$DB->exec("INSERT INTO `pre_order` (`trade_no`,`out_trade_no`,`uid`,`tid`,`addtime`,`name`,`money`,`notify_url`,`return_url`,`domain`,`ip`,`status`,`param`) VALUES (:trade_no, :out_trade_no, :uid, 2, NOW(), :name, :money, :notify_url, :return_url, :domain, :clientip, 0, :param)", [':trade_no'=>$trade_no, ':out_trade_no'=>$trade_no, ':uid'=>$conf['reg_pay_uid'], ':name'=>$name, ':money'=>$money, ':notify_url'=>$return_url, ':return_url'=>$return_url, ':domain'=>$domain, ':clientip'=>$clientip, ':param'=>$param]))exit('{"code":-1,"msg":"创建订单失败，请返回重试！"}'); unset($_SESSION['csrf_token']); $result = ['code'=>0, 'msg'=>'succ', 'url'=>'../submit2.php?typeid='.$typeid.'&trade_no='.$trade_no]; exit(json_encode($result)); break; case 'groupinfo': $gid=intval($_POST['gid']); $row=$DB->getRow("select * from pre_group where gid='$gid' limit 1"); if(!$row) exit('{"code":-1,"msg":"当前会员等级不存在！"}'); if($row['isbuy']==0) exit('{"code":-1,"msg":"当前会员等级无法购买！"}'); if($gid==$userrow['gid'] && $userrow['endtime']==null)exit('{"code":-1,"msg":"你已购买此会员等级，请勿重复购买"}'); $result = ['code'=>0,'msg'=>'succ','gid'=>$gid,'name'=>$row['name'],'price'=>$row['price'],'expire'=>$row['expire']]; exit(json_encode($result)); break; case 'groupbuy': $gid=intval($_POST['gid']); $row=$DB->getRow("select * from pre_group where gid='$gid' limit 1"); if(!$row) exit('{"code":-1,"msg":"当前会员等级不存在！"}'); if($row['isbuy']==0) exit('{"code":-1,"msg":"当前会员等级无法购买！"}'); if($gid==$userrow['gid'] && $userrow['endtime']==null)exit('{"code":-1,"msg":"你已购买此会员等级，请勿重复购买"}'); if(!$_POST['csrf_token'] || $_POST['csrf_token']!=$_SESSION['csrf_token'])exit('{"code":-1,"msg":"CSRF TOKEN ERROR"}'); $money = $row['price']; $num=intval($_POST['num']); $typeid=intval($_POST['typeid']); if($num<=0 || $num>300)exit('{"code":-1,"msg":"数量不正确"}'); $money = round($money * $num, 2); if($row['expire']>0){ $expirenum = $num*$row['expire']; if($gid==$userrow['gid'])$endtime = date("Y-m-d",strtotime("+ {$expirenum} month", strtotime($userrow['endtime']))); else $endtime = date("Y-m-d",strtotime("+ {$expirenum} month")); }else{ $endtime = null; } if($typeid==0){ if($money>$userrow['money'])exit('{"code":-1,"msg":"余额不足，请选择其他方式支付"}'); changeUserMoney($uid, $money, false, '购买会员'); changeUserGroup($uid, $gid, $endtime); unset($_SESSION['csrf_token']); $result = ['code'=>1, 'msg'=>'购买会员成功！']; exit(json_encode($result)); }else{ $name = '购买会员-'.$row['name']; $trade_no=date("YmdHis").rand(11111,99999); $return_url=$siteurl.'user/groupbuy.php?ok=1&trade_no='.$trade_no; $domain=getdomain($return_url); $param = json_encode(['uid'=>$uid, 'gid'=>$gid, 'endtime'=>$endtime]); if(!$DB->exec("INSERT INTO `pre_order` (`trade_no`,`out_trade_no`,`uid`,`tid`,`addtime`,`name`,`money`,`notify_url`,`return_url`,`domain`,`ip`,`status`,`param`) VALUES (:trade_no, :out_trade_no, :uid, 4, NOW(), :name, :money, :notify_url, :return_url, :domain, :clientip, 0, :param)", [':trade_no'=>$trade_no, ':out_trade_no'=>$trade_no, ':uid'=>$conf['reg_pay_uid'], ':name'=>$name, ':money'=>$money, ':notify_url'=>$return_url, ':return_url'=>$return_url, ':domain'=>$domain, ':clientip'=>$clientip, ':param'=>$param]))exit('{"code":-1,"msg":"创建订单失败，请返回重试！"}'); unset($_SESSION['csrf_token']); $result = ['code'=>0, 'msg'=>'succ', 'url'=>'../submit2.php?typeid='.$typeid.'&trade_no='.$trade_no]; exit(json_encode($result)); } break; case 'addDomain': if(!$conf['pay_domain_open']) exit('{"code":-1,"msg":"未开启授权支付域名添加"}'); $domain = trim(daddslashes($_POST['domain'])); if(empty($domain))exit('{"code":-1,"msg":"域名不能为空"}'); if(!checkDomain($domain))exit('{"code":-1,"msg":"域名格式不正确"}'); if($DB->getRow("select * from pre_domain where uid=:uid and domain=:domain limit 1", [':uid'=>$uid, ':domain'=>$domain])) exit('{"code":-1,"msg":"该域名已存在，请勿重复添加"}'); if(!$DB->exec("INSERT INTO `pre_domain` (`uid`,`domain`,`status`,`addtime`) VALUES (:uid, :domain, 0, NOW())", [':uid'=>$uid, ':domain'=>$domain]))exit('{"code":-1,"msg":"添加失败'.$DB->error().'"}'); \lib\MsgNotice::send('domain', 0, ['uid'=>$uid, 'domain'=>$domain]); exit(json_encode(['code'=>0, 'msg'=>'添加域名成功！'])); break; case 'delDomain': if(!$conf['pay_domain_open']) exit('{"code":-1,"msg":"未开启授权支付域名添加"}'); $id = intval($_POST['id']); if(!$DB->exec("DELETE FROM pre_domain WHERE id='$id' and uid='$uid'"))exit('{"code":-1,"msg":"删除失败'.$DB->error().'"}'); exit(json_encode(['code'=>0, 'msg'=>'succ'])); break; case 'orderList': $paytype = []; $paytypes = []; $rs = $DB->getAll("SELECT * FROM pre_type WHERE status=1"); foreach($rs as $row){ $paytype[$row['id']] = $row['showname']; $paytypes[$row['id']] = $row['name']; } unset($rs); $sql=" A.uid=$uid"; if(isset($_POST['paytype']) && !empty($_POST['paytype'])) { $type = intval($_POST['paytype']); $sql.=" AND A.`type`='$type'"; }elseif(isset($_POST['channel']) && !empty($_POST['channel'])) { $channel = intval($_POST['channel']); $sql.=" AND A.`channel`='$channel'"; }elseif(isset($_POST['subchannel']) && !empty($_POST['subchannel'])) { $subchannel = trim($_POST['subchannel']); $subchannel = explode('|', $subchannel); $subchannel = array_map('intval', $subchannel); $sql.=" AND A.`subchannel` IN (".implode(",", $subchannel).")"; } if(isset($_POST['dstatus']) && $_POST['dstatus']>-1) { $dstatus = intval($_POST['dstatus']); $sql.=" AND A.status='{$dstatus}'"; } if(!empty($_POST['starttime']) || !empty($_POST['endtime'])){ if(!empty($_POST['starttime'])){ $starttime = daddslashes($_POST['starttime']); $sql.=" AND A.addtime>='{$starttime} 00:00:00'"; } if(!empty($_POST['endtime'])){ $endtime = daddslashes($_POST['endtime']); $sql.=" AND A.addtime<='{$endtime} 23:59:59'"; } } if(isset($_POST['kw']) && !empty($_POST['kw'])) { $kw=daddslashes($_POST['kw']); if($_POST['type']==1){ $sql.=" AND A.`trade_no`='{$kw}'"; }elseif($_POST['type']==2){ $sql.=" AND A.`out_trade_no`='{$kw}'"; }elseif($_POST['type']==3){ $sql.=" AND A.`name` like '%{$kw}%'"; }elseif($_POST['type']==4){ $sql.=" AND A.`money`='{$kw}'"; }elseif($_POST['type']==5){ $sql.=" AND A.`realmoney`='{$kw}'"; }elseif($_POST['type']==6){ $sql.=" AND A.`domain`='{$kw}'"; }elseif($_POST['type']==7){ $sql.=" AND A.`ip`='{$kw}'"; }elseif($_POST['type']==8){ $sql.=" AND A.`buyer`='{$kw}'"; }elseif($_POST['type']==9){ $sql.=" AND A.`api_trade_no`='{$kw}'"; }elseif($_POST['type']==10){ $sql.=" AND A.`bill_trade_no`='{$kw}'"; } } $offset = intval($_POST['offset']); $limit = intval($_POST['limit']); $total = $DB->getColumn("SELECT count(*) from pre_order A WHERE{$sql}"); $list = $DB->getAll("SELECT A.*,B.plugin FROM pre_order A LEFT JOIN pre_channel B ON A.channel=B.id WHERE{$sql} order by trade_no desc limit $offset,$limit"); $list2 = []; foreach($list as $row){ $row['typename'] = $paytypes[$row['type']]; $row['typeshowname'] = $paytype[$row['type']]; $list2[] = $row; } exit(json_encode(['total'=>$total, 'rows'=>$list2])); break; case 'statistics': $sql=" A.uid=$uid"; if(isset($_POST['paytype']) && !empty($_POST['paytype'])) { $type = intval($_POST['paytype']); $sql.=" AND A.`type`='$type'"; }elseif(isset($_POST['channel']) && !empty($_POST['channel'])) { $channel = intval($_POST['channel']); $sql.=" AND A.`channel`='$channel'"; }elseif(isset($_POST['subchannel']) && !empty($_POST['subchannel'])) { $subchannel = trim($_POST['subchannel']); $subchannel = explode('|', $subchannel); $subchannel = array_map('intval', $subchannel); $sql.=" AND A.`subchannel` IN (".implode(",", $subchannel).")"; } if(isset($_POST['dstatus']) && $_POST['dstatus']>-1) { $dstatus = intval($_POST['dstatus']); $sql.=" AND A.status='{$dstatus}'"; } if(!empty($_POST['starttime']) || !empty($_POST['endtime'])){ if(!empty($_POST['starttime'])){ $starttime = daddslashes($_POST['starttime']); $sql.=" AND A.addtime>='{$starttime} 00:00:00'"; } if(!empty($_POST['endtime'])){ $endtime = daddslashes($_POST['endtime']); $sql.=" AND A.addtime<='{$endtime} 23:59:59'"; } } if(isset($_POST['kw']) && !empty($_POST['kw'])) { $kw=daddslashes($_POST['kw']); if($_POST['type']==1){ $sql.=" AND A.`trade_no`='{$kw}'"; }elseif($_POST['type']==2){ $sql.=" AND A.`out_trade_no`='{$kw}'"; }elseif($_POST['type']==3){ $sql.=" AND A.`name` like '%{$kw}%'"; }elseif($_POST['type']==4){ $sql.=" AND A.`money`='{$kw}'"; }elseif($_POST['type']==5){ $sql.=" AND A.`realmoney`='{$kw}'"; }elseif($_POST['type']==6){ $sql.=" AND A.`domain`='{$kw}'"; }elseif($_POST['type']==7){ $sql.=" AND A.`ip`='{$kw}'"; }elseif($_POST['type']==8){ $sql.=" AND A.`buyer`='{$kw}'"; }elseif($_POST['type']==9){ $sql.=" AND A.`api_trade_no`='{$kw}'"; }elseif($_POST['type']==10){ $sql.=" AND A.`bill_trade_no`='{$kw}'"; } } // 统计数据 $resultMoneyData = $DB->getRow("SELECT SUM(money) AS totalMoney, SUM(CASE WHEN A.status = 1 THEN money ELSE 0 END) AS successMoney, SUM(CASE WHEN A.status = 0 THEN money ELSE 0 END) AS unpaidMoney, SUM(CASE WHEN A.status = 2 THEN refundmoney ELSE 0 END) AS refundMoney FROM pre_order A LEFT JOIN pre_channel B ON A.channel=B.id WHERE {$sql} order by trade_no desc"); $resultCount = $DB->getRow("SELECT COUNT(*) AS totalCount, SUM(CASE WHEN A.status = 1 THEN 1 ELSE 0 END) AS successCount, SUM(CASE WHEN A.status = 0 THEN 1 ELSE 0 END) AS unpaidCount, SUM(CASE WHEN A.status = 2 THEN 1 ELSE 0 END) AS refundCount FROM pre_order A LEFT JOIN pre_channel B ON A.channel=B.id WHERE {$sql} order by trade_no desc"); // 获取平台总收入利润 $platformProfit = $DB->getColumn("SELECT SUM(A.profitmoney) FROM pre_order A LEFT JOIN pre_channel B ON A.channel=B.id WHERE {$sql} AND status = 1 order by trade_no desc"); $result = [ 'totalMoney' => number_format($resultMoneyData['totalMoney'], 2, '.', '') ?? 0.00, 'successMoney' => number_format($resultMoneyData['successMoney'], 2, '.', '') ?? 0.00, 'unpaidMoney' => number_format($resultMoneyData['unpaidMoney'], 2, '.', '') ?? 0.00, 'refundMoney' => number_format($resultMoneyData['refundMoney'], 2, '.', '') ?? 0.00, 'totalCount' => $resultCount['totalCount'] ?? '0', 'successCount' => $resultCount['successCount'] ?? '0', 'unpaidCount' => $resultCount['unpaidCount'] ?? '0', 'refundCount' => $resultCount['refundCount'] ?? '0', 'platformProfit' => number_format($platformProfit, 2, '.', '') ?? 0.00 ]; $result['successRate'] = $result['totalCount'] > 0 ? round(($result['totalCount']-$result['unpaidCount']) / $result['totalCount'] * 100, 2) : 0; exit(json_encode(['code'=>0, 'data'=>$result])); break; case 'recordList': $sql=" uid=$uid"; if(isset($_POST['kw']) && !empty($_POST['kw'])) { $kw=daddslashes($_POST['kw']); if($_POST['type']==1){ $sql.=" AND `type`='{$kw}'"; }elseif($_POST['type']==2){ $sql.=" AND `money`='{$kw}'"; }elseif($_POST['type']==3){ $sql.=" AND `trade_no`='{$kw}'"; } } $offset = intval($_POST['offset']); $limit = intval($_POST['limit']); $total = $DB->getColumn("SELECT count(*) from pre_record WHERE{$sql}"); $list = $DB->getAll("SELECT * FROM pre_record WHERE{$sql} order by id desc limit $offset,$limit"); exit(json_encode(['total'=>$total, 'rows'=>$list])); break; case 'settleList': $sql=" uid=$uid"; if(isset($_POST['dstatus']) && $_POST['dstatus']>-1) { $dstatus = intval($_POST['dstatus']); $sql.=" AND status='{$dstatus}'"; } $offset = intval($_POST['offset']); $limit = intval($_POST['limit']); $total = $DB->getColumn("SELECT count(*) from pre_settle WHERE{$sql}"); $list = $DB->getAll("SELECT * FROM pre_settle WHERE{$sql} order by id desc limit $offset,$limit"); $list2 = []; foreach($list as $row){ if($row['type'] == 2 && $row['status'] == 1 && !empty($row['transfer_ext']) && time() - strtotime($row['transfer_date']) <= 86400){ if(substr($row['ext'], 0, 4) == 'http'){ $row['jumpurl'] = $row['ext']; }else{ $row['jumpurl'] = $siteurl.'paypage/wxtrans.php?id='.$row['id'].'&type=settle'; } } $list2[] = $row; } exit(json_encode(['total'=>$total, 'rows'=>$list2])); break; case 'transferList': $sql=" uid=$uid"; if(isset($_POST['type']) && !empty($_POST['type'])) { $type = intval($_POST['type']); $sql.=" AND `type`='$type'"; } if(isset($_POST['dstatus']) && $_POST['dstatus']>-1) { $dstatus = intval($_POST['dstatus']); $sql.=" AND `status`='{$dstatus}'"; } if(isset($_POST['value']) && !empty($_POST['value'])) { $value = daddslashes($_POST['value']); $sql.=" AND (`biz_no`='{$value}' OR `account` like '%{$value}%' OR `username` like '%{$value}%')"; } $offset = intval($_POST['offset']); $limit = intval($_POST['limit']); $total = $DB->getColumn("SELECT count(*) from pre_transfer WHERE{$sql}"); $list = $DB->getAll("SELECT * FROM pre_transfer WHERE{$sql} order by biz_no desc limit $offset,$limit"); $list2 = []; foreach($list as $row){ if($row['type'] == 'wxpay' && $row['status'] == 0 && !empty($row['ext'])){ if(substr($row['ext'], 0, 4) == 'http'){ $row['jumpurl'] = $row['ext']; }else{ $row['jumpurl'] = $siteurl.'paypage/wxtrans.php?id='.$row['biz_no'].'&type=transfer'; } } $list2[] = $row; } exit(json_encode(['total'=>$total, 'rows'=>$list2])); break; case 'transfer_result': $biz_no=trim($_GET['biz_no']); $row=$DB->find('transfer', 'result', ['biz_no'=>$biz_no, 'uid'=>$uid]); if(!$row) exit('{"code":-1,"msg":"当前付款记录不存在！"}'); $result = ['code'=>0,'msg'=>$row['result']?$row['result']:'未知']; exit(json_encode($result)); break; case 'transfer_query': $biz_no=trim($_GET['biz_no']); $result = \lib\Transfer::status($biz_no); exit(json_encode($result)); break; case 'transfer_proof': $biz_no=trim($_POST['biz_no']); $result = \lib\Transfer::proof($biz_no); exit(json_encode($result)); break; case 'refund_query': //退款查询 $trade_no=daddslashes(trim($_POST['trade_no'])); $result = \lib\Order::refund_info($trade_no, 1, $uid); exit(json_encode($result)); break; case 'refund_submit': //确认退款 $trade_no=daddslashes(trim($_POST['trade_no'])); $pwd=trim($_POST['pwd']); $money = trim($_POST['money']); if(!is_numeric($money) || !preg_match('/^[0-9.]+$/', $money))exit('{"code":-1,"msg":"金额输入错误"}'); if(getMd5Pwd($pwd, $userrow['uid'])!=$userrow['pwd']) exit('{"code":-1,"msg":"登录密码输入错误！"}'); $refund_no = date("YmdHis").rand(11111,99999); $result = \lib\Order::refund($refund_no, $trade_no, $money, 1, $uid); if($result['code'] == 0){ $result['msg'] = '退款成功！退款金额¥'.$result['money']; } exit(json_encode($result)); break; case 'inviteStat': $lastday=date("Y-m-d",strtotime("-1 day")).' 00:00:00'; $today=date("Y-m-d").' 00:00:00'; $invite_users=$DB->getColumn("SELECT count(*) FROM pre_user WHERE upid={$uid}"); $income_today=$DB->getColumn("SELECT sum(money) FROM pre_record WHERE uid={$uid} AND type='邀请返现' AND date>='$today'"); $income_today=round($income_today,2); $income_lastday=$DB->getColumn("SELECT sum(money) FROM pre_record WHERE uid={$uid} AND type='邀请返现' AND date>='$lastday' AND date<'$today'"); $income_lastday=round($income_lastday,2); $result=['code'=>0, 'invite_users'=>$invite_users, 'income_today'=>$income_today, 'income_lastday'=>$income_lastday]; exit(json_encode($result)); break; case 'inviteList': $sql=" upid=$uid"; $offset = intval($_POST['offset']); $limit = intval($_POST['limit']); $total = $DB->getColumn("SELECT count(*) from pre_user WHERE{$sql}"); $list = $DB->getAll("SELECT uid,upid,addtime,lasttime,status FROM pre_user WHERE{$sql} order by uid desc limit $offset,$limit"); exit(json_encode(['total'=>$total, 'rows'=>$list])); break; case 'deposit_recharge': $money=trim(daddslashes($_POST['money'])); $typeid=intval($_POST['typeid']); if($money<=0 || !is_numeric($money) || !preg_match('/^[0-9.]+$/', $money))exit('{"code":-1,"msg":"金额不合法"}'); if(!$_POST['csrf_token'] || $_POST['csrf_token']!=$_SESSION['csrf_token'])exit('{"code":-1,"msg":"CSRF TOKEN ERROR"}'); if($typeid==0){ if($money>$userrow['money'])exit('{"code":-1,"msg":"余额不足，请选择其他方式支付"}'); changeUserMoney($uid, $money, false, '充值保证金'); $deposit = $userrow['deposit'] > 0 ? round($userrow['deposit'] + $money, 2) : $money; $DB->exec("UPDATE pre_user SET deposit=:deposit WHERE uid=:uid", [':deposit'=>$deposit, ':uid'=>$uid]); unset($_SESSION['csrf_token']); $result = ['code'=>1, 'msg'=>'成功充值'.$money.'元保证金！']; exit(json_encode($result)); }else{ $name = '充值保证金 UID:'.$uid; if($userrow['pay']==0)exit('{"code":-1,"msg":"当前商户已被封禁"}'); if($conf['pay_maxmoney']>0 && $money>$conf['pay_maxmoney'])exit('{"code":-1,"msg":"最大支付金额是'.$conf['pay_maxmoney'].'元"}'); if($conf['pay_minmoney']>0 && $money<$conf['pay_minmoney'])exit('{"code":-1,"msg":"最小支付金额是'.$conf['pay_minmoney'].'元"}'); $trade_no=date("YmdHis").rand(11111,99999); $return_url=$siteurl.'user/deposit.php?ok=1&trade_no='.$trade_no; $domain=getdomain($return_url); $param = json_encode(['uid'=>$uid]); if(!$DB->exec("INSERT INTO `pre_order` (`trade_no`,`out_trade_no`,`uid`,`tid`,`addtime`,`name`,`money`,`notify_url`,`return_url`,`domain`,`ip`,`status`,`param`) VALUES (:trade_no, :out_trade_no, :uid, 5, NOW(), :name, :money, :notify_url, :return_url, :domain, :clientip, 0, :param)", [':trade_no'=>$trade_no, ':out_trade_no'=>$trade_no, ':uid'=>$conf['reg_pay_uid'], ':name'=>$name, ':money'=>$money, ':notify_url'=>$return_url, ':return_url'=>$return_url, ':domain'=>$domain, ':clientip'=>$clientip, ':param'=>$param]))exit('{"code":-1,"msg":"创建订单失败，请返回重试！"}'); unset($_SESSION['csrf_token']); $result = ['code'=>0, 'msg'=>'succ', 'url'=>'../submit2.php?typeid='.$typeid.'&trade_no='.$trade_no]; exit(json_encode($result)); } break; case 'deposit_withdraw': $money=trim(daddslashes($_POST['money'])); if($money<=0 || !is_numeric($money) || !preg_match('/^[0-9.]+$/', $money))exit('{"code":-1,"msg":"金额不合法"}'); if(!$_POST['csrf_token'] || $_POST['csrf_token']!=$_SESSION['csrf_token'])exit('{"code":-1,"msg":"CSRF TOKEN ERROR"}'); if($money>$userrow['deposit'])exit('{"code":-1,"msg":"保证金不足"}'); if($conf['user_deposit_day']>0){ $days = intval($conf['user_deposit_day']); $orders = $DB->getColumn("SELECT count(*) FROM pre_order WHERE uid='{$uid}' AND status=1 AND addtime>DATE_SUB(NOW(),INTERVAL {$days} DAY)"); if($orders>0)exit('{"code":-1,"msg":"你在最近'.$days.'天内有订单，无法提取保证金"}'); $complains = $DB->getColumn("SELECT count(*) FROM pre_complain WHERE uid='{$uid}' AND addtime>DATE_SUB(NOW(),INTERVAL {$days} DAY)"); if($complains>0)exit('{"code":-1,"msg":"你在最近'.$days.'天内有投诉记录，无法提取保证金"}'); } $deposit = round($userrow['deposit'] - $money, 2); $DB->exec("UPDATE pre_user SET deposit=:deposit WHERE uid=:uid", [':deposit'=>$deposit, ':uid'=>$uid]); changeUserMoney($uid, $money, true, '提取保证金'); unset($_SESSION['csrf_token']); $result = ['code'=>0, 'msg'=>'成功提取'.$money.'元保证金！']; exit(json_encode($result)); break; default: exit('{"code":-4,"msg":"No Act"}'); break; }