更新一些小东西

netstu · May 16, 2018 · bfa496b · bfa496b
1 parent c6a145d
commit bfa496b
Show file tree

Hide file tree

Showing 43 changed files with 1,882 additions and 514 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,2 @@
 .idea/*
-app/Config.php
-app/db.php
 install/install.lock
diff --git a/app/Config.php b/app/Config.php
@@ -10,13 +10,13 @@ static function db(){
 	static function systemInfo()
 	{
 		return [
-			'version' => 'v1.4',
+			'version' => 'v1.5',
 		];
 	}
 
     public function getMailTpl(){
         return array(
-            '卡密发送','管理员通知'
+            '卡密发送','管理员通知','库存告警'
         );
     }
 

diff --git a/app/common.php b/app/common.php
@@ -101,4 +101,58 @@ function md5Verify($prestr, $sign, $key) {
     else {
         return false;
     }
+}
+
+function remove_xss($val) {
+    // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
+    // this prevents some character re-spacing such as <java\0script>
+    // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
+    $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);
+
+    // straight replacements, the user should never need these since they're normal characters
+    // this prevents like <IMG SRC=@avascript:alert('XSS')>
+    $search = 'abcdefghijklmnopqrstuvwxyz';
+    $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    $search .= '1234567890!@#$%^&*()';
+    $search .= '~`";:?+/={}[]-_|\'\\';
+    for ($i = 0; $i < strlen($search); $i++) {
+        // ;? matches the ;, which is optional
+        // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars
+
+        // @ @ search for the hex values
+        $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
+        // @ @ 0{0,7} matches '0' zero to seven times
+        $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
+    }
+
+    // now the only remaining whitespace attacks are \t, \n, and \r
+    $ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
+    $ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
+    $ra = array_merge($ra1, $ra2);
+
+    $found = true; // keep replacing as long as the previous round replaced something
+    while ($found == true) {
+        $val_before = $val;
+        for ($i = 0; $i < sizeof($ra); $i++) {
+            $pattern = '/';
+            for ($j = 0; $j < strlen($ra[$i]); $j++) {
+                if ($j > 0) {
+                    $pattern .= '(';
+                    $pattern .= '(&#[xX]0{0,8}([9ab]);)';
+                    $pattern .= '|';
+                    $pattern .= '|(&#0{0,8}([9|10|13]);)';
+                    $pattern .= ')*';
+                }
+                $pattern .= $ra[$i][$j];
+            }
+            $pattern .= '/i';
+            $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag
+            $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
+            if ($val_before == $val) {
+                // no replacements were made, so exit the loop
+                $found = false;
+            }
+        }
+    }
+    return $val;
 }
diff --git a/app/controller/PayBase.php b/app/controller/PayBase.php
@@ -52,12 +52,7 @@ public function updateOrder($orderid,$type,$paysid)
                 $data['status'] = 3;
                 foreach ($kami as $v){
                     $ids.= $v['id'].',';
-                    $info .= '卡号： '.$v['kano'];
-                    if($v['kapwd']){
-                        $info.=' ---- 卡密： '.$v['kapwd']."<br/>";
-                    }else{
-                        $info.=' ---- 卡密： 无需卡密！<br/>';
-                    }
+                    $info .= $v['kano']."<br/>";
                 }
                 $data['info'] = $info;
                 //设置卡密过期
@@ -67,7 +62,7 @@ public function updateOrder($orderid,$type,$paysid)
                 $res = $this->model()->query($sql);
                 //减去库存
                 $goods = $this->model()->select()->from('goods')->where(array('fields' => 'id=?', 'values' => array($order['gid'])))->fetchRow();
-                $gdata['kuc'] = $goods['kuc']-$order['onum'];
+                $gdata['kuc'] = ($goods['kuc'] - $order['onum']);
                 $this->model()->from('goods')->updateSet($gdata)->where(array('fields' => 'id = ?', 'values' => array($goods['id'])))->update();
 
             }
@@ -103,7 +98,7 @@ private function sendEmail($email,$order,$info = '')
                 'cmoney' => $order['cmoney'],
                 'ctime' => date('Y-m-d H:i',$order['ctime']),
                 'orderinfo' => $info,
-                'url' => $this->config['siteurl']
+                'siteurl' => $this->config['siteurl']
             ];
             $newData = $this->res->replaceMailTpl($mailtpl, $mdata);
             $subject = array('title' => $newData['title'], 'email' => $email, 'content' => $newData['content']);
@@ -117,7 +112,7 @@ private function sendEmail($email,$order,$info = '')
                 'ornum' => $order['onum'],
                 'cmoney' => $order['cmoney'],
                 'ctime' => date('Y-m-d H:i',$order['ctime']),
-                'url' => $this->config['siteurl']
+                'siteurl' => $this->config['siteurl']
             ];
             $newData = $this->res->replaceMailTpl($mailtpl, $mdata);
             $subject = array('title' => $newData['title'], 'email' => $this->config['email'], 'content' => $newData['content']);

diff --git a/app/controller/clean.php b/app/controller/clean.php
@@ -10,16 +10,37 @@ class clean extends Controller
 
     public function index()
     {
-        $db = Config::db();
         $token = $this->req->get('token');
-        if($token != $db['serive_token'])exit('非法请求，已记录ip');
+        if($token != $this->config['serive_token'])exit('非法请求，已记录ip');
 
         //清理过期订单
         $ctime = (time() - 3600);
         $this->model()->from('orders')->where(array('fields' => 'ctime < ? AND status = 0', 'values' => array($ctime)))->delete();
-        //查询有误库存告警 预留开发空间
-
-
+        if($this->config['ismail_kuc'] = 0) return;
+        //查询有误库存告警，查询出所有上架商品信息
+        $goodList = $this->model()->select()->from('goods')->where(array('fields' => 'is_ste = 1', 'values' => []))->orderby('id desc')->fetchAll();
+        $mailtpl = $this->model()->select()->from('mailtpl')->where(array('fields' => 'is_state=? and cname=?', 'values' => array(0, '库存告警')))->fetchRow();
+        $goodNames = "";
+        foreach ($goodList as $v){
+            if($v['kuc'] < $this->config['ismail_num']){
+               $goodNames .= $v['gname']."--";
+            }
+        }
+
+        if($goodNames != ""){
+            $goodNames = trim($goodNames,'--');
+            $info = [
+                'sitename' => $this->config['sitename'],
+                'gname' => $goodNames,
+                'ornum' => $this->config['ismail_num'],
+                'siteurl' => $this->config['siteurl'],
+            ];
+            $newData = $this->res->replaceMailTpl($mailtpl, $info);
+            $subject = array('title' => $newData['title'], 'email' => $this->config['email'], 'content' => $newData['content']);
+            print_r($subject);
+
+            $this->res->sendMail($subject, $this->config);
+        }
 
 
     }

diff --git a/app/controller/ysmd/arlist.php b/app/controller/ysmd/arlist.php
diff --git a/app/controller/ysmd/goods.php b/app/controller/ysmd/goods.php
@@ -46,6 +46,12 @@ public function index()
             $offset = ($page - 1) * $pagesize;
             $lists = $this->model()->select('g.*,c.title')->from('goods g')->limit($pagesize)->left('gdclass c')->on('c.id=g.cid')->join()->offset($offset)->where(array('fields' => $cons, 'values' => $consArr))->orderby('g.ord desc')->fetchAll();
         }
+        //查询出已卖
+        foreach ($lists as &$li) {
+
+            $li['is_ym'] = $this->model()->from('orders')->where(array('fields' => 'gid = ? and status = 3', 'values' => [$li['id']]))->count();
+
+        }
         $pagelist = $this->page->put(array('page' => $page, 'pagesize' => $pagesize, 'totalsize' => $totalsize, 'url' => '?cid='.$cid.'&is_ste='.$is_ste.'&type='.$type.'&gname='.$gname.'&p='));
         $class = $this->model()->select()->from('gdclass')->fetchAll();
         $search =[

diff --git a/app/controller/ysmd/kami.php b/app/controller/ysmd/kami.php
@@ -53,6 +53,29 @@ public function index()
 
     }
 
+    /**
+     * 导出卡密
+     */
+    public function import()
+    {
+        $gid = $this->req->get('gid');
+        $lists = $this->model()->select()->from('kami k')->where(array('fields' => 'gid = ? AND is_ste = 0', 'values' => [$gid]))->orderby('k.ctime desc')->fetchAll();
+        if(!$lists) exit('库存卡密数量为0');
+        $word = "";
+        $filename = date('Ymd').rand(100000,999999).".txt";
+        Header( "Content-type:   application/octet-stream ");
+        Header( "Accept-Ranges:   bytes ");
+        header( "Content-Disposition:   attachment;   filename=".$filename);
+        header( "Expires:   0 ");
+        header( "Cache-Control:   must-revalidate,   post-check=0,   pre-check=0 ");
+        header( "Pragma:   public ");
+        foreach ($lists as $li) {
+            echo $li['kano']."\r\n";
+        }
+        //file_put_contents('./upload/kamitxt/'.$filename, $word);
+
+    }
+
     /**
      * 导入卡密
      */
@@ -62,11 +85,38 @@ public function impka()
         $goods = $this->model()->select()->from('goods')->where(array('fields' => 'id=?', 'values' => array($data['gid'])))->fetchRow();
         if (!$goods)$this->error('商品不存在');
         $kami = trim($data['kamicont']);
-        if (!$kami) $this->error('请填写卡密');
         $ka_arr = explode("\r\n", $kami);
         $kamiList = [];
-            //格式化数据
+        if(!empty($_FILES['file']['tmp_name'])) {
+            $upload = new \Dj\Upload();
+            $upload->mime = [
+                'text/plain',
+            ];
+            $filelist = $upload->save('./upload/kamitxt');
+            if(is_array($filelist)){
+                $filedata = file_get_contents($filelist['url']);
+                // 删除文件
+                unlink($filelist['url']);
+            }else{
+                # 如果返回负整数(int)就是发生错误了
+                $error_msg = [-1=>'上传失败',-2=>'文件存储路径不合法',-3=>'上传非法格式文件',-4=>'文件大小不合符规定',-5=>'token验证错误'];
+                echo $error_msg[$filelist];
+            }
+            if($filedata){
+                $kami = $filedata;
+            }
+        }
+        if (!$kami) $this->error('请填写或上传卡密');
+        $ka_arr = explode("\r\n", $kami);
+        //新版算法
         foreach ($ka_arr as $key => $v) {
+            if($v != ""){
+                $kamiList[$key]['kano'] = $v;
+                $kamiList[$key]['gid'] = $goods['id'];
+            }
+        }
+            //老版算法
+        /*foreach ($ka_arr as $key => $v) {
             $kamiList[$key]['gid'] = $goods['id'];
             $kamiList[$key]['ctime'] = time();
             if (strstr($v, '----')) {
@@ -76,7 +126,7 @@ public function impka()
             } else {
                 $kamiList[$key]['kano'] = $v;
             }
-        }
+        }*/
         //去重
         if($data['checkm'] == 1){
             $kamiList = array_unique($kamiList, SORT_REGULAR);
@@ -101,9 +151,21 @@ public function impka()
         }
     }
 
-    public function del()
+    public function delall()
     {
-        $id = $this->req->get('id');
+        $ids = $this->req->post('ids');
+        $idsarr = explode(',',$ids);
+        foreach ($idsarr as $id)
+        {
+            $this->del($id);
+        }
+        echo json_encode(array('status' => 1));exit;
+
+    }
+
+    public function del($cid = "")
+    {
+        $id = $cid? $cid : $this->req->get('id');
         if ($id) {
             $kami = $this->model()->select()->from('kami')->where(array('fields' => 'id=?', 'values' => array($id)))->fetchRow();
             if ($this->model()->from('kami')->where(array('fields' => 'id = ?', 'values' => array($id)))->delete()) {
@@ -113,12 +175,16 @@ public function del()
                     $gdata['kuc'] = $goods['kuc'] - 1;
                     $this->model()->from('goods')->updateSet($gdata)->where(array('fields' => 'id = ?', 'values' => array($goods['id'])))->update();
                 }
-                echo json_encode(array('status' => 1));
-                exit;
+                if(!$cid){
+                    echo json_encode(array('status' => 1));
+                    exit;
+                }
             }
         }
-        echo json_encode(array('status' => 0));
-        exit;
+        if(!$cid) {
+            echo json_encode(array('status' => 0));
+            exit;
+        }
     }
 
 }