修正支付金额被串改Bug

修正收货地址被串改Bug

.gitignore

@@ -10,3 +10,18 @@ tpl_html
 /data/tpl_www
 /update
 tools
+bank
+excel
+picplayer
+pictures
+project
+soft
+thumb
+video
+201409
+201411
+201502
+201503
+201504
+201510
+201511

framework/api/payment_control.php

@@ -15,6 +15,113 @@ public function __construct()
 		parent::control();
 	}
 
+	public function create_f()
+	{
+		$token = $this->get('token');
+		if(!$token){
+			$this->json(P_Lang('数据传参不完整，请检查'));
+		}
+		if(!$this->site){
+			$this->json(P_Lang('数据异常，无法获取站点信息'));
+		}
+		if(!$this->site['api_code']){
+			$this->lib('token')->keyid($_SESSION['api_code']);
+		}
+		$info = $this->lib('token')->decode($token);
+		if(!$info || !$info['price']){
+			$this->json(P_Lang('数据不完整，请检查'));
+		}
+		if(!$info['sn']){
+			$info['sn'] = $this->_create_sn();
+		}
+		if(!$info['type']){
+			$info['type'] = 'order';
+		}
+		if(!$info['currency_id']){
+			$info['currency_id'] = $this->site['currency_id'];
+		}
+		if($info['type'] == 'order'){
+			$title = P_Lang('订单：{sn}',array('sn'=>$sn));
+		}elseif($info['type'] == 'recharge'){
+			$title = P_Lang('充值：{sn}',array('sn'=>$sn));
+		}else{
+			$title = $this->get('title');
+			if(!$title){
+				$title = P_Lang('其他：{sn}',array('sn'=>$sn));
+			}
+		}
+		$payment = $this->get('payment','int');
+		if(!$payment){
+			$this->json(P_Lang('未指定付款方式'));
+		}
+		$payment_rs = $this->model('payment')->get_one($payment);
+		if(!$payment_rs){
+			$this->json(P_Lang('支付方式不存在'));
+		}
+		if(!$payment_rs['status']){
+			$this->json(P_Lang('支付方式未启用'));
+		}
+		$chk = $this->model('payment')->log_check($info['sn']);
+		if($chk){
+			if($chk['status']){
+				$this->json(P_Lang('订单{sn}已支付完成，不能重复执行',array('sn'=>$info['sn'])));
+			}
+			$array = array('type'=>$info['type'],'payment_id'=>$payment,'title'=>$title,'content'=>$title);
+			$array['dateline'] = $this->time;
+			$array['price'] = $info['price'];
+			$array['currency_id'] = $info['currency_id'];
+			$this->model('payment')->log_update($array,$chk['id']);
+			$this->json($chk['id'],true);
+		}
+		$array = array('sn'=>$info['sn'],'type'=>$$info['type'],'payment_id'=>$payment,'title'=>$title,'content'=>$title);
+		$array['dateline'] = $this->time;
+		$array['user_id'] = $info['user_id'] ? $info['user_id'] : $this->user['id'];
+		$array['price'] = $info['price'];
+		$array['currency_id'] = $info['currency_id'];
+		$insert_id = $this->model('payment')->log_create($array);
+		if(!$insert_id){
+			$this->json(P_Lang('支付记录创建失败'));
+		}
+		//更新订单状态
+		if($info['type'] == 'order'){
+			$order = $this->model('order')->get_one_from_sn($info['sn']);
+			if(!$order){
+				$this->model('payment')->log_delete($insert_id);
+				$this->json(P_Lang('订单信息不存在'));
+			}
+			//更新支付状态
+			$this->model('order')->update_order_status($order['id'],'unpaid');
+			//写入日志
+			$note = P_Lang('订单进入等待支付状态，编号：{sn}',array('sn'=>$sn));
+			$log = array('order_id'=>$order['id'],'addtime'=>$this->time,'who'=>$this->user['user'],'note'=>$note);
+			$this->model('order')->log_save($log);
+			//增加order_payment
+			$array = array('order_id'=>$order['id'],'payment_id'=>$payment_rs['id']);
+			$array['title'] = $payment_rs['title'];
+			$array['price'] = $info['price'];
+			$array['startdate'] = $this->time;
+			$order_payment = $this->model('order')->order_payment($order['id']);
+			if(!$order_payment){
+				$this->model('order')->save_payment($array);
+			}else{
+				$this->model('order')->save_payment($array,$order_payment['id']);
+			}
+		}
+		$this->json($insert_id,true);
+	}
+
+	private function _create_sn()
+	{
+		$a = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+		$rand_str = '';
+		for($i=0;$i<3;$i++){
+			$rand_str .= $a[rand(0,25)];
+		}
+		$rand_str .= rand(1000,9999);
+		$rand_str .= date("YmdHis",$this->time);
+		return $rand_str;
+	}
+
 	//异步通知
 	public function notify_f()
 	{

framework/api/usercp_control.php

@@ -393,14 +393,23 @@ public function address_default_f()
 	public function address_setting_f()
 	{
 		$id = $this->get('id','int');
+		$array = array();
+		if($id){
+			$chk = $this->model('user')->address_one($id);
+			if(!$chk || $chk['user_id'] != $this->u_id){
+				$this->json(P_Lang('您没有权限执行此操作'));
+			}
+		}else{
+			$array['user_id'] = $this->u_id;
+		}
 		$country = $this->get('country');
 		if(!$country){
 			$country = '中国';
 		}
-		$province = $this->get('pca_p');
-		$city = $this->get('pca_c');
-		$county = $this->get('pca_a');
-		$array = array('user_id'=>$this->u_id,'country'=>$country,'province'=>$province,'city'=>$city,'county'=>$county);
+		$array['country'] = $country;
+		$array['province'] = $this->get('pca_p');
+		$array['city'] = $this->get('pca_c');
+		$array['county'] = $this->get('pca_a');
 		$array['fullname'] = $this->get('fullname');
 		if(!$array['fullname']){
 			$this->json(P_Lang('收件人姓名不能为空'));

framework/libs/token.php

@@ -20,20 +20,34 @@ class token_lib
 	public function __construct()
 	{
 		$this->keyid = $this->_keyid();
-		$this->keya = md5(substr($this->keyid, 0, 16));
-		$this->keyb = md5(substr($this->keyid, 16, 16));
+		$this->config();
 		$this->time = $GLOBALS['app']->time;
 	}
 
+	public function __destruct()
+	{
+		unset($this);
+	}
+
 	public function keyid($keyid='')
 	{
 		if(!$keyid){
 			return $this->keyid;
 		}
 		$this->keyid = strtolower(md5($keyid));
+		$this->config();
 		return $this->keyid;
 	}
 
+	private function config()
+	{
+		if(!$this->keyid){
+			return false;
+		}
+		$this->keya = md5(substr($this->keyid, 0, 16));
+		$this->keyb = md5(substr($this->keyid, 16, 16));
+	}
+
 	//创建一个KEY-ID
 	private function _keyid()
 	{

framework/libs/xml.php

@@ -14,10 +14,11 @@ class xml_lib
 	private $xml_save_func = 'phpok';
 	public function __construct()
 	{
-		$this->xml_read_func = 'phpok';
+		//$this->xml_read_func = 'phpok';
 		if(function_exists('simplexml_load_file') && function_exists('simplexml_load_string')){
 			$this->xml_read_func = 'simplexml';
 		}
+		$this->xml_read_func = 'phpok';
 		$this->xml_save_func = 'phpok';
 	}
 
@@ -89,9 +90,8 @@ private function read_simplexml($info,$isfile=true)
 		}
 		$info = preg_replace('/<\?xml.+\?>/isU','',$info);
 		$info = trim($info);
-		$info = '<?xml version="1.0" encoding="utf-8"?>'.$info;
+		$info = '<?xml version="1.0" encoding="utf-8"?>'."\n".$info;
 		$xml = simplexml_load_string($info);
-		//echo "<pre>".print_r($info,true)."</pre>";
 		return $this->simplexml_obj_to_array($xml);
 	}
 

framework/model/api/order_model.php

@@ -40,14 +40,9 @@ public function log_save($data)
 		if(!$data){
 			return false;
 		}
-		if(!$data['who'] && $_SESSION['admin_id']){
-			$adminer = $this->model('admin')->get_one($_SESSION['admin_id']);
-			$who = $adminer['fullname'] ? $adminer['fullname'].'('.$adminer['account'].')' : $adminer['account'];
-			$data['who'] = $who;
-		}
 		if(!$data['who'] && $_SESSION['user_id']){
 			$user = $this->model('user')->get_one($_SESSION['user_id']);
-			$data['who'] = $user['account'];
+			$data['who'] = $user['user'];
 		}
 		if(!$data['addtime']){
 			$data['addtime'] = $this->time;

framework/www/order_control.php

@@ -81,6 +81,15 @@ function info_f()
 		}else{
 			$paylist = $this->model('payment')->get_all($this->site['id'],1);
 			$this->assign("paylist",$paylist);
+			//创建支付链接
+			if(!$this->site['api_code']){
+				$_SESSION['api_code'] = $this->time.'-'.$_SESSION['user_id'].'-'.$rs['sn'];
+				$this->lib('token')->keyid($_SESSION['api_code']);
+			}
+			$tmp = array('sn'=>$rs['sn'],'price'=>$rs['price'],'user_id'=>$_SESSION['user_id'],'type'=>'order');
+			$tmp['currency_id'] = $rs['currency_id'];
+			$token = $this->lib('token')->encode($tmp);
+			$this->assign('token',$token);
 		}
 		$loglist = $this->model('order')->log_list($rs['id']);
 		$this->assign('loglist',$loglist);

framework/www/payment_control.php

@@ -15,108 +15,6 @@ public function __construct()
 		parent::control();
 	}
 
-	//创建一条支付接口
-	public function create_f()
-	{
-		$sn = $this->get('sn');
-		if(!$sn){
-			$sn = $this->_create_sn();
-		}
-		$type = $this->get('type');
-		if(!$type){
-			$type = 'order';
-		}
-		$price = $this->get('price','float');
-		if(!$price){
-			$this->json(P_Lang('未指定金额'));
-		}
-		$currency_id = $this->get('currency_id');
-		if(!$currency_id){
-			$currency_id = $this->site['currency_id'];
-		}
-		if($type == 'order'){
-			$title = P_Lang('订单：{sn}',array('sn'=>$sn));
-		}elseif($type == 'recharge'){
-			$title = P_Lang('充值：{sn}',array('sn'=>$sn));
-		}else{
-			$title = $this->get('title');
-			if(!$title){
-				$title = P_Lang('其他：{sn}',array('sn'=>$sn));
-			}
-		}
-		$payment = $this->get('payment','int');
-		if(!$payment){
-			$this->json(P_Lang('未指定付款方式'));
-		}
-		$payment_rs = $this->model('payment')->get_one($payment);
-		if(!$payment_rs){
-			$this->json(P_Lang('支付方式不存在'));
-		}
-		if(!$payment_rs['status']){
-			$this->json(P_Lang('支付方式未启用'));
-		}
-		//检测sn是否已存在
-		$chk = $this->model('payment')->log_check($sn);
-		if($chk){
-			if($chk['status']){
-				$this->json(P_Lang('订单{sn}已支付完成，不能重复执行'));
-			}
-			$array = array('sn'=>$sn,'type'=>$type,'payment_id'=>$payment,'title'=>$title,'content'=>$title);
-			$array['dateline'] = $this->time;
-			$array['price'] = $price;
-			$array['currency_id'] = $currency_id;
-			$this->model('payment')->log_update($array,$chk['id']);
-			$this->json($chk['id'],true);
-		}
-		$array = array('sn'=>$sn,'type'=>$type,'payment_id'=>$payment,'title'=>$title,'content'=>$title);
-		$array['dateline'] = $this->time;
-		$array['user_id'] = $this->user['id'];
-		$array['price'] = $price;
-		$array['currency_id'] = $currency_id;
-		$insert_id = $this->model('payment')->log_create($array);
-		if(!$insert_id){
-			$this->json(P_Lang('支付记录创建失败'));
-		}
-		//更新订单状态
-		if($type == 'order'){
-			$order = $this->model('order')->get_one_from_sn($sn);
-			if(!$order){
-				$this->model('payment')->log_delete($insert_id);
-				$this->json(P_Lang('订单信息不存在'));
-			}
-			//更新支付状态
-			$this->model('order')->update_order_status($order['id'],'unpaid');
-			//写入日志
-			$note = P_Lang('订单进入等待支付状态，编号：{sn}',array('sn'=>$sn));
-			$log = array('order_id'=>$order['id'],'addtime'=>$this->time,'who'=>$this->user['user'],'note'=>$note);
-			$this->model('order')->log_save($log);
-			//增加order_payment
-			$array = array('order_id'=>$order['id'],'payment_id'=>$payment_rs['id']);
-			$array['title'] = $payment_rs['title'];
-			$array['price'] = $price;
-			$array['startdate'] = $this->time;
-			$order_payment = $this->model('order')->order_payment($order['id']);
-			if(!$order_payment){
-				$this->model('order')->save_payment($array);
-			}else{
-				$this->model('order')->save_payment($array,$order_payment['id']);
-			}
-		}
-		$this->json($insert_id,true);
-	}
-
-	private function _create_sn()
-	{
-		$a = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
-		$rand_str = '';
-		for($i=0;$i<3;$i++){
-			$rand_str .= $a[rand(0,25)];
-		}
-		$rand_str .= rand(1000,9999);
-		$rand_str .= date("YmdHis",$this->time);
-		return $rand_str;
-	}
-
 	//提交支付
 	public function submit_f()
 	{

tpl/www/order_info.html

@@ -151,14 +151,14 @@ <h3 id="title_{$value.id}">{$value.title}</h3>
 	<div class="clear"></div>
 	<!-- if !$pay_end -->
 	<script type="text/javascript">
-	function go_payment(sn,price)
+	function go_payment()
 	{
 		var payment = $("input[name=payment]:checked").val();
 		if(!payment){
 			$.dialog.alert('未指定支付方式');
 			return false;
 		}
-		var url = get_url('payment','create','sn='+sn+"&price="+$.str.encode(price)+"&payment="+payment);
+		var url = api_url('payment','create','token={func rawurlencode $token}&payment='+payment);
 		var rs = $.phpok.json(url);
 		if(rs.status != 'ok'){
 			$.dialog.alert(rs.content);
@@ -170,7 +170,7 @@ <h3 id="title_{$value.id}">{$value.title}</h3>
 		return false;
 	}
 	</script>
-	<form method="post" onsubmit="return go_payment('{$rs.sn}','{func price_format_val $rs.price $rs.currency_id}')">
+	<form method="post" onsubmit="return go_payment()">
 	<!-- loop from=$paylist key=$key value=$value -->
 	<!-- if $value.paylist -->
 	<div class="pfw mbottom10">