Server : Apache System : Linux iZ2vcgyutqttsd1p850kl8Z 3.10.0-1160.92.1.el7.x86_64 #1 SMP Tue Jun 20 11:48:01 UTC 2023 x86_64 User : www ( 1000) PHP Version : 5.6.40 Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv Directory : /www/wwwroot/saimikebio.com/ecshopjcw/ |
<?php /** * ECSHOP 会员帐目管理(包括预付款,余额) * ============================================================================ * * 版权所有 2005-2012 上海商派网络科技有限公司,并保留所有权利。 * 网站地址: http://www.ecshop.com; * ---------------------------------------------------------------------------- * 这不是一个自由软件!您只能在不用于商业目的的前提下对程序代码进行修改和 * 使用;不允许对程序代码以任何形式任何目的的再发布。 * ============================================================================ * $Author: liubo $ * $Id: user_account.php 17217 2011-01-19 06:29:08Z liubo $ */ define('IN_ECS', true); require(dirname(__FILE__) . '/includes/init.php'); /* act操作项的初始化 */ if (empty($_REQUEST['act'])) { $_REQUEST['act'] = 'list'; } else { $_REQUEST['act'] = trim($_REQUEST['act']); } /*------------------------------------------------------ */ //-- 会员余额记录列表 /*------------------------------------------------------ */ if ($_REQUEST['act'] == 'list') { /* 权限判断 */ admin_priv('surplus_manage'); /* 指定会员的ID为查询条件 */ $user_id = !empty($_REQUEST['id']) ? intval($_REQUEST['id']) : 0; /* 获得支付方式列表 */ $payment = array(); $sql = "SELECT pay_id, pay_name FROM ".$ecs->table('payment'). " WHERE enabled = 1 AND pay_code != 'cod' ORDER BY pay_id"; $res = $db->query($sql); while ($row = $db->fetchRow($res)) { $payment[$row['pay_name']] = $row['pay_name']; } /* 模板赋值 */ if (isset($_REQUEST['process_type'])) { $smarty->assign('process_type_' . intval($_REQUEST['process_type']), 'selected="selected"'); } if (isset($_REQUEST['is_paid'])) { $smarty->assign('is_paid_' . intval($_REQUEST['is_paid']), 'selected="selected"'); } $smarty->assign('ur_here', $_LANG['09_user_account']); $smarty->assign('id', $user_id); $smarty->assign('payment_list', $payment); $smarty->assign('action_link', array('text' => $_LANG['surplus_add'], 'href'=>'user_account.php?act=add')); $list = account_list(); $smarty->assign('list', $list['list']); $smarty->assign('filter', $list['filter']); $smarty->assign('record_count', $list['record_count']); $smarty->assign('page_count', $list['page_count']); $smarty->assign('full_page', 1); assign_query_info(); $smarty->display('user_account_list.htm'); } /*------------------------------------------------------ */ //-- 添加/编辑会员余额页面 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'add' || $_REQUEST['act'] == 'edit') { admin_priv('surplus_manage'); //权限判断 $ur_here = ($_REQUEST['act'] == 'add') ? $_LANG['surplus_add'] : $_LANG['surplus_edit']; $form_act = ($_REQUEST['act'] == 'add') ? 'insert' : 'update'; $id = isset($_GET['id']) ? intval($_GET['id']) : 0; /* 获得支付方式列表, 不包括“货到付款” */ $user_account = array(); $payment = array(); $sql = "SELECT pay_id, pay_name FROM ".$ecs->table('payment'). " WHERE enabled = 1 AND pay_code != 'cod' ORDER BY pay_id"; $res = $db->query($sql); while ($row = $db->fetchRow($res)) { $payment[$row['pay_name']] = $row['pay_name']; } if ($_REQUEST['act'] == 'edit') { /* 取得余额信息 */ $user_account = $db->getRow("SELECT * FROM " .$ecs->table('user_account') . " WHERE id = '$id'"); // 如果是负数,去掉前面的符号 $user_account['amount'] = str_replace('-', '', $user_account['amount']); /* 取得会员名称 */ $sql = "SELECT user_name FROM " .$ecs->table('users'). " WHERE user_id = '$user_account[user_id]'"; $user_name = $db->getOne($sql); } else { $surplus_type = ''; $user_name = ''; } /* 模板赋值 */ $smarty->assign('ur_here', $ur_here); $smarty->assign('form_act', $form_act); $smarty->assign('payment_list', $payment); $smarty->assign('action', $_REQUEST['act']); $smarty->assign('user_surplus', $user_account); $smarty->assign('user_name', $user_name); if ($_REQUEST['act'] == 'add') { $href = 'user_account.php?act=list'; } else { $href = 'user_account.php?act=list&' . list_link_postfix(); } $smarty->assign('action_link', array('href' => $href, 'text' => $_LANG['09_user_account'])); assign_query_info(); $smarty->display('user_account_info.htm'); } /*------------------------------------------------------ */ //-- 添加/编辑会员余额的处理部分 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'insert' || $_REQUEST['act'] == 'update') { /* 权限判断 */ admin_priv('surplus_manage'); /* 初始化变量 */ $id = isset($_POST['id']) ? intval($_POST['id']) : 0; $is_paid = !empty($_POST['is_paid']) ? intval($_POST['is_paid']) : 0; $amount = !empty($_POST['amount']) ? floatval($_POST['amount']) : 0; $process_type = !empty($_POST['process_type']) ? intval($_POST['process_type']) : 0; $user_name = !empty($_POST['user_id']) ? trim($_POST['user_id']) : ''; $admin_note = !empty($_POST['admin_note']) ? trim($_POST['admin_note']) : ''; $user_note = !empty($_POST['user_note']) ? trim($_POST['user_note']) : ''; $payment = !empty($_POST['payment']) ? trim($_POST['payment']) : ''; $user_id = $db->getOne("SELECT user_id FROM " .$ecs->table('users'). " WHERE user_name = '$user_name'"); /* 此会员是否存在 */ if ($user_id == 0) { $link[] = array('text' => $_LANG['go_back'], 'href'=>'javascript:history.back(-1)'); sys_msg($_LANG['username_not_exist'], 0, $link); } /* 退款,检查余额是否足够 */ if ($process_type == 1) { $user_account = get_user_surplus($user_id); /* 如果扣除的余额多于此会员拥有的余额,提示 */ if ($amount > $user_account) { $link[] = array('text' => $_LANG['go_back'], 'href'=>'javascript:history.back(-1)'); sys_msg($_LANG['surplus_amount_error'], 0, $link); } } if ($_REQUEST['act'] == 'insert') { /* 入库的操作 */ if ($process_type == 1) { $amount = (-1) * $amount; } $sql = "INSERT INTO " .$ecs->table('user_account'). " VALUES ('', '$user_id', '$_SESSION[admin_name]', '$amount', '".gmtime()."', '".gmtime()."', '$admin_note', '$user_note', '$process_type', '$payment', '$is_paid')"; $db->query($sql); $id = $db->insert_id(); } else { /* 更新数据表 */ $sql = "UPDATE " .$ecs->table('user_account'). " SET ". "admin_note = '$admin_note', ". "user_note = '$user_note', ". "payment = '$payment' ". "WHERE id = '$id'"; $db->query($sql); } // 更新会员余额数量 if ($is_paid == 1) { $change_desc = $amount > 0 ? $_LANG['surplus_type_0'] : $_LANG['surplus_type_1']; $change_type = $amount > 0 ? ACT_SAVING : ACT_DRAWING; log_account_change($user_id, $amount, 0, 0, 0, $change_desc, $change_type); } //如果是预付款并且未确认,向pay_log插入一条记录 if ($process_type == 0 && $is_paid == 0) { include_once(ROOT_PATH . 'includes/lib_order.php'); /* 取支付方式信息 */ $payment_info = array(); $payment_info = $db->getRow('SELECT * FROM ' . $ecs->table('payment'). " WHERE pay_name = '$payment' AND enabled = '1'"); //计算支付手续费用 $pay_fee = pay_fee($payment_info['pay_id'], $amount, 0); $total_fee = $pay_fee + $amount; /* 插入 pay_log */ $sql = 'INSERT INTO ' . $ecs->table('pay_log') . " (order_id, order_amount, order_type, is_paid)" . " VALUES ('$id', '$total_fee', '" .PAY_SURPLUS. "', 0)"; $db->query($sql); } /* 记录管理员操作 */ if ($_REQUEST['act'] == 'update') { admin_log($user_name, 'edit', 'user_surplus'); } else { admin_log($user_name, 'add', 'user_surplus'); } /* 提示信息 */ if ($_REQUEST['act'] == 'insert') { $href = 'user_account.php?act=list'; } else { $href = 'user_account.php?act=list&' . list_link_postfix(); } $link[0]['text'] = $_LANG['back_list']; $link[0]['href'] = $href; $link[1]['text'] = $_LANG['continue_add']; $link[1]['href'] = 'user_account.php?act=add'; sys_msg($_LANG['attradd_succed'], 0, $link); } /*------------------------------------------------------ */ //-- 审核会员余额页面 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'check') { /* 检查权限 */ admin_priv('surplus_manage'); /* 初始化 */ $id = isset($_GET['id']) ? intval($_GET['id']) : 0; /* 如果参数不合法,返回 */ if ($id == 0) { ecs_header("Location: user_account.php?act=list\n"); exit; } /* 查询当前的预付款信息 */ $account = array(); $account = $db->getRow("SELECT * FROM " .$ecs->table('user_account'). " WHERE id = '$id'"); $account['add_time'] = local_date($_CFG['time_format'], $account['add_time']); //余额类型:预付款,退款申请,购买商品,取消订单 if ($account['process_type'] == 0) { $process_type = $_LANG['surplus_type_0']; } elseif ($account['process_type'] == 1) { $process_type = $_LANG['surplus_type_1']; } elseif ($account['process_type'] == 2) { $process_type = $_LANG['surplus_type_2']; } else { $process_type = $_LANG['surplus_type_3']; } $sql = "SELECT user_name FROM " .$ecs->table('users'). " WHERE user_id = '$account[user_id]'"; $user_name = $db->getOne($sql); /* 模板赋值 */ $smarty->assign('ur_here', $_LANG['check']); $account['user_note'] = htmlspecialchars($account['user_note']); $smarty->assign('surplus', $account); $smarty->assign('process_type', $process_type); $smarty->assign('user_name', $user_name); $smarty->assign('id', $id); $smarty->assign('action_link', array('text' => $_LANG['09_user_account'], 'href'=>'user_account.php?act=list&' . list_link_postfix())); /* 页面显示 */ assign_query_info(); $smarty->display('user_account_check.htm'); } /*------------------------------------------------------ */ //-- 更新会员余额的状态 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'action') { /* 检查权限 */ admin_priv('surplus_manage'); /* 初始化 */ $id = isset($_POST['id']) ? intval($_POST['id']) : 0; $is_paid = isset($_POST['is_paid']) ? intval($_POST['is_paid']) : 0; $admin_note = isset($_POST['admin_note']) ? trim($_POST['admin_note']) : ''; /* 如果参数不合法,返回 */ if ($id == 0 || empty($admin_note)) { ecs_header("Location: user_account.php?act=list\n"); exit; } /* 查询当前的预付款信息 */ $account = array(); $account = $db->getRow("SELECT * FROM " .$ecs->table('user_account'). " WHERE id = '$id'"); $amount = $account['amount']; //如果状态为未确认 if ($account['is_paid'] == 0) { //如果是退款申请, 并且已完成,更新此条记录,扣除相应的余额 if ($is_paid == '1' && $account['process_type'] == '1') { $user_account = get_user_surplus($account['user_id']); $fmt_amount = str_replace('-', '', $amount); //如果扣除的余额多于此会员拥有的余额,提示 if ($fmt_amount > $user_account) { $link[] = array('text' => $_LANG['go_back'], 'href'=>'javascript:history.back(-1)'); sys_msg($_LANG['surplus_amount_error'], 0, $link); } update_user_account($id, $amount, $admin_note, $is_paid); //更新会员余额数量 log_account_change($account['user_id'], $amount, 0, 0, 0, $_LANG['surplus_type_1'], ACT_DRAWING); } elseif ($is_paid == '1' && $account['process_type'] == '0') { //如果是预付款,并且已完成, 更新此条记录,增加相应的余额 update_user_account($id, $amount, $admin_note, $is_paid); //更新会员余额数量 log_account_change($account['user_id'], $amount, 0, 0, 0, $_LANG['surplus_type_0'], ACT_SAVING); } elseif ($is_paid == '0') { /* 否则更新信息 */ $sql = "UPDATE " .$ecs->table('user_account'). " SET ". "admin_user = '$_SESSION[admin_name]', ". "admin_note = '$admin_note', ". "is_paid = 0 WHERE id = '$id'"; $db->query($sql); } /* 记录管理员日志 */ admin_log('(' . addslashes($_LANG['check']) . ')' . $admin_note, 'edit', 'user_surplus'); /* 提示信息 */ $link[0]['text'] = $_LANG['back_list']; $link[0]['href'] = 'user_account.php?act=list&' . list_link_postfix(); sys_msg($_LANG['attradd_succed'], 0, $link); } } /*------------------------------------------------------ */ //-- ajax帐户信息列表 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'query') { $list = account_list(); $smarty->assign('list', $list['list']); $smarty->assign('filter', $list['filter']); $smarty->assign('record_count', $list['record_count']); $smarty->assign('page_count', $list['page_count']); $sort_flag = sort_flag($list['filter']); $smarty->assign($sort_flag['tag'], $sort_flag['img']); make_json_result($smarty->fetch('user_account_list.htm'), '', array('filter' => $list['filter'], 'page_count' => $list['page_count'])); } /*------------------------------------------------------ */ //-- ajax删除一条信息 /*------------------------------------------------------ */ elseif ($_REQUEST['act'] == 'remove') { /* 检查权限 */ check_authz_json('surplus_manage'); $id = @intval($_REQUEST['id']); $sql = "SELECT u.user_name FROM " . $ecs->table('users') . " AS u, " . $ecs->table('user_account') . " AS ua " . " WHERE u.user_id = ua.user_id AND ua.id = '$id' "; $user_name = $db->getOne($sql); $sql = "DELETE FROM " . $ecs->table('user_account') . " WHERE id = '$id'"; if ($db->query($sql, 'SILENT')) { admin_log(addslashes($user_name), 'remove', 'user_surplus'); $url = 'user_account.php?act=query&' . str_replace('act=remove', '', $_SERVER['QUERY_STRING']); ecs_header("Location: $url\n"); exit; } else { make_json_error($db->error()); } } /*------------------------------------------------------ */ //-- 会员余额函数部分 /*------------------------------------------------------ */ /** * 查询会员余额的数量 * @access public * @param int $user_id 会员ID * @return int */ function get_user_surplus($user_id) { $sql = "SELECT SUM(user_money) FROM " .$GLOBALS['ecs']->table('account_log'). " WHERE user_id = '$user_id'"; return $GLOBALS['db']->getOne($sql); } /** * 更新会员账目明细 * * @access public * @param array $id 帐目ID * @param array $admin_note 管理员描述 * @param array $amount 操作的金额 * @param array $is_paid 是否已完成 * * @return int */ function update_user_account($id, $amount, $admin_note, $is_paid) { $sql = "UPDATE " .$GLOBALS['ecs']->table('user_account'). " SET ". "admin_user = '$_SESSION[admin_name]', ". "amount = '$amount', ". "paid_time = '".gmtime()."', ". "admin_note = '$admin_note', ". "is_paid = '$is_paid' WHERE id = '$id'"; return $GLOBALS['db']->query($sql); } /** * * * @access public * @param * * @return void */ function account_list() { $result = get_filter(); if ($result === false) { /* 过滤列表 */ $filter['user_id'] = !empty($_REQUEST['user_id']) ? intval($_REQUEST['user_id']) : 0; $filter['keywords'] = empty($_REQUEST['keywords']) ? '' : trim($_REQUEST['keywords']); if (isset($_REQUEST['is_ajax']) && $_REQUEST['is_ajax'] == 1) { $filter['keywords'] = json_str_iconv($filter['keywords']); } $filter['process_type'] = isset($_REQUEST['process_type']) ? intval($_REQUEST['process_type']) : -1; $filter['payment'] = empty($_REQUEST['payment']) ? '' : trim($_REQUEST['payment']); $filter['is_paid'] = isset($_REQUEST['is_paid']) ? intval($_REQUEST['is_paid']) : -1; $filter['sort_by'] = empty($_REQUEST['sort_by']) ? 'add_time' : trim($_REQUEST['sort_by']); $filter['sort_order'] = empty($_REQUEST['sort_order']) ? 'DESC' : trim($_REQUEST['sort_order']); $filter['start_date'] = empty($_REQUEST['start_date']) ? '' : local_strtotime($_REQUEST['start_date']); $filter['end_date'] = empty($_REQUEST['end_date']) ? '' : (local_strtotime($_REQUEST['end_date']) + 86400); $where = " WHERE 1 "; if ($filter['user_id'] > 0) { $where .= " AND ua.user_id = '$filter[user_id]' "; } if ($filter['process_type'] != -1) { $where .= " AND ua.process_type = '$filter[process_type]' "; } else { $where .= " AND ua.process_type " . db_create_in(array(SURPLUS_SAVE, SURPLUS_RETURN)); } if ($filter['payment']) { $where .= " AND ua.payment = '$filter[payment]' "; } if ($filter['is_paid'] != -1) { $where .= " AND ua.is_paid = '$filter[is_paid]' "; } if ($filter['keywords']) { $where .= " AND u.user_name LIKE '%" . mysql_like_quote($filter['keywords']) . "%'"; $sql = "SELECT COUNT(*) FROM " .$GLOBALS['ecs']->table('user_account'). " AS ua, ". $GLOBALS['ecs']->table('users') . " AS u " . $where; } /* 时间过滤 */ if (!empty($filter['start_date']) && !empty($filter['end_date'])) { $where .= "AND paid_time >= " . $filter['start_date']. " AND paid_time < '" . $filter['end_date'] . "'"; } $sql = "SELECT COUNT(*) FROM " .$GLOBALS['ecs']->table('user_account'). " AS ua, ". $GLOBALS['ecs']->table('users') . " AS u " . $where; $filter['record_count'] = $GLOBALS['db']->getOne($sql); /* 分页大小 */ $filter = page_and_size($filter); /* 查询数据 */ $sql = 'SELECT ua.*, u.user_name FROM ' . $GLOBALS['ecs']->table('user_account'). ' AS ua LEFT JOIN ' . $GLOBALS['ecs']->table('users'). ' AS u ON ua.user_id = u.user_id'. $where . "ORDER by " . $filter['sort_by'] . " " .$filter['sort_order']. " LIMIT ".$filter['start'].", ".$filter['page_size']; $filter['keywords'] = stripslashes($filter['keywords']); set_filter($filter, $sql); } else { $sql = $result['sql']; $filter = $result['filter']; } $list = $GLOBALS['db']->getAll($sql); foreach ($list AS $key => $value) { $list[$key]['surplus_amount'] = price_format(abs($value['amount']), false); $list[$key]['add_date'] = local_date($GLOBALS['_CFG']['time_format'], $value['add_time']); $list[$key]['process_type_name'] = $GLOBALS['_LANG']['surplus_type_' . $value['process_type']]; } $arr = array('list' => $list, 'filter' => $filter, 'page_count' => $filter['page_count'], 'record_count' => $filter['record_count']); return $arr; } ?>