forum_trade.php 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377
  1. <?php
  2. /**
  3. * [Discuz!] (C)2001-2099 Comsenz Inc.
  4. * This is NOT a freeware, use is subject to license terms
  5. *
  6. * $Id: forum_trade.php 27054 2011-12-31 06:04:21Z monkey $
  7. */
  8. if(!defined('IN_DISCUZ')) {
  9. exit('Access Denied');
  10. }
  11. define('NOROBOT', TRUE);
  12. $apitype = $_GET['apitype'];
  13. if(!$_G['uid']) {
  14. showmessage('not_loggedin', NULL, array(), array('login' => 1));
  15. }
  16. $page = max(1, intval($_GET['page']));
  17. $orderid = $_GET['orderid'];
  18. if(!empty($orderid) && empty($_GET['apitype'])) {
  19. $orderinfo = C::t('forum_tradelog')->fetch($orderid);
  20. $paytype = $orderinfo['paytype'];
  21. if($paytype == 1) {
  22. $apitype = 'alipay';
  23. }
  24. if($paytype == 2) {
  25. $apitype = 'tenpay';
  26. }
  27. }
  28. require_once libfile('function/trade');
  29. if(!empty($orderid)) {
  30. $language = lang('forum/misc');
  31. $tradelog = C::t('forum_tradelog')->fetch($orderid);
  32. if(!$_G['forum_auditstatuson'] && (empty($tradelog) || $_G['uid'] != $tradelog['sellerid'] && $_G['uid'] != $tradelog['buyerid'])) {
  33. showmessage('undefined_action', NULL);
  34. }
  35. $limit = 6;
  36. $query = C::t('forum_trade')->fetch_all_for_seller($tradelog['sellerid'], $limit);
  37. $usertrades = array();
  38. $usertradecount = 0;
  39. foreach($query as $usertrade) {
  40. $usertradecount++;
  41. $usertrades[] = $usertrade;
  42. }
  43. $trade_message = '';
  44. $currentcredit = $_G['setting']['creditstrans'] ? getuserprofile('extcredits'.$_G['setting']['creditstrans']) : 0;
  45. $discountprice = $tradelog['baseprice'] * $tradelog['number'];
  46. if(!empty($_GET['pay']) && !$tradelog['offline'] && $tradelog['status'] == 0 && $tradelog['buyerid'] == $_G['uid']) {
  47. if($_G['setting']['creditstransextra'][5] != -1 && $tradelog['credit']) {
  48. if($tradelog['credit'] > getuserprofile('extcredits'.$_G['setting']['creditstransextra'][5])) {
  49. showmessage('trade_credit_lack');
  50. }
  51. updatemembercount($tradelog['buyerid'], array($_G['setting']['creditstransextra'][5] => -$tradelog['credit']));
  52. }
  53. $trade = C::t('forum_trade')->fetch_goods($tradelog['tid'], $tradelog['pid']);
  54. if($_G['uid'] && $currentcredit < $discountcredit && $tradelog['discount']) {
  55. showmessage('trade_credits_no_enough', '', array('credittitle' => $_G['setting']['extcredits'][$_G['setting']['creditstrans']]['title']));
  56. }
  57. $pay = array();
  58. $pay['commision'] = 0;
  59. $transport = $tradelog['transport'];
  60. $transportfee = 0;
  61. trade_setprice(array('fee' => $fee, 'trade' => $trade, 'transport' => $transport), $price, $pay, $transportfee);
  62. $payurl = trade_payurl($pay, $trade, $tradelog);
  63. $paytype = 0;
  64. if($apitype == 'alipay') {
  65. $paytype = 1;
  66. } elseif($apitype == 'tenpay') {
  67. $paytype = 2;
  68. }
  69. C::t('forum_tradelog')->update($orderid, array('paytype' => $paytype));
  70. showmessage('trade_directtopay', $payurl);
  71. }
  72. if(submitcheck('offlinesubmit') && in_array($_GET['offlinestatus'], trade_offline($tradelog, 0))) {
  73. loaducenter();
  74. $ucresult = uc_user_login($_G['username'], $_GET['password']);
  75. list($tmp['uid']) = daddslashes($ucresult);
  76. if($tmp['uid'] <= 0) {
  77. showmessage('trade_password_error', 'forum.php?mod=trade&orderid='.$orderid);
  78. }
  79. if($_GET['offlinestatus'] == 4) {
  80. if($_G['setting']['creditstransextra'][5] != -1 && $tradelog['credit']) {
  81. if($tradelog['credit'] > getuserprofile('extcredits'.$_G['setting']['creditstransextra'][5])) {
  82. showmessage('trade_credit_lack');
  83. }
  84. updatemembercount($tradelog['buyerid'], array($_G['setting']['creditstransextra'][5] => -$tradelog['credit']));
  85. }
  86. $trade = C::t('forum_trade')->fetch_goods($tradelog['tid'], $tradelog['pid']);
  87. notification_add($tradelog['sellerid'], 'goods', 'trade_seller_send', array(
  88. 'buyerid' => $tradelog['buyerid'],
  89. 'buyer' => $tradelog['buyer'],
  90. 'orderid' => $orderid,
  91. 'subject' => $tradelog['subject']
  92. ));
  93. } elseif($_GET['offlinestatus'] == 5) {
  94. notification_add($tradelog['buyerid'], 'goods', 'trade_buyer_confirm', array(
  95. 'sellerid' => $tradelog['sellerid'],
  96. 'seller' => $tradelog['seller'],
  97. 'orderid' => $orderid,
  98. 'subject' => $tradelog['subject']
  99. ));
  100. } elseif($_GET['offlinestatus'] == 7) {
  101. if($_G['setting']['creditstransextra'][5] != -1 && $tradelog['basecredit']) {
  102. $netcredit = round($tradelog['number'] * $tradelog['basecredit'] * (1 - $_G['setting']['creditstax']));
  103. updatemembercount($tradelog['sellerid'], array($_G['setting']['creditstransextra'][5] => $netcredit));
  104. } else {
  105. $netcredit = 0;
  106. }
  107. $data = array('lastbuyer' => $tradelog['buyer'], 'lastupdate' => $_G['timestamp']);
  108. C::t('forum_trade')->update($tradelog['tid'], $tradelog['pid'], $data);
  109. C::t('forum_trade')->update_counter($tradelog['tid'], $tradelog['pid'], $tradelog['number'], $tradelog['price'], $netcredit);
  110. notification_add($tradelog['sellerid'], 'goods', 'trade_success', array(
  111. 'orderid' => $orderid,
  112. 'subject' => $tradelog['subject']
  113. ));
  114. notification_add($tradelog['buyerid'], 'goods', 'trade_success', array(
  115. 'orderid' => $orderid,
  116. 'subject' => $tradelog['subject']
  117. ));
  118. } elseif($_GET['offlinestatus'] == 17) {
  119. C::t('forum_trade')->update_counter($tradelog['tid'], $tradelog['pid'], 0, 0, 0, $tradelog['number']);
  120. notification_add($tradelog['sellerid'], 'goods', 'trade_fefund_success', array(
  121. 'orderid' => $orderid,
  122. 'subject' => $tradelog['subject']
  123. ));
  124. notification_add($tradelog['buyerid'], 'goods', 'trade_fefund_success', array(
  125. 'orderid' => $orderid,
  126. 'subject' => $tradelog['subject']
  127. ));
  128. if($_G['setting']['creditstransextra'][5] != -1 && $tradelog['basecredit']) {
  129. updatemembercount($tradelog['buyerid'], array($_G['setting']['creditstransextra'][5] => $tradelog['number'] * $tradelog['basecredit']));
  130. }
  131. }
  132. $_GET['message'] = trim($_GET['message']);
  133. if($_GET['message']) {
  134. $_GET['message'] = $tradelog['message']."\t\t\t".$_G['uid']."\t".$_G['member']['username']."\t".TIMESTAMP."\t".nl2br(strip_tags(substr($_GET['message'], 0, 200)));
  135. } else {
  136. $_GET['message'] = $tradelog['message'];
  137. }
  138. C::t('forum_tradelog')->update($orderid, array(
  139. 'status' => $_GET['offlinestatus'],
  140. 'lastupdate' => $_G['timestamp'],
  141. 'message' => $_GET['message']
  142. ));
  143. showmessage('trade_orderstatus_updated', 'forum.php?mod=trade&orderid='.$orderid);
  144. }
  145. if(submitcheck('tradesubmit')) {
  146. if($tradelog['status'] == 0) {
  147. $update = array();
  148. $oldbasecredit = $tradelog['basecredit'];
  149. $oldnumber = $tradelog['number'];
  150. if($tradelog['sellerid'] == $_G['uid']) {
  151. $tradelog['baseprice'] = floatval($_GET['newprice']);
  152. $tradelog['basecredit'] = intval($_GET['newcredit']);
  153. if(!$tradelog['baseprice'] < 0 || $tradelog['basecredit'] < 0) {
  154. showmessage('trade_pricecredit_error');
  155. }
  156. $tradelog['transportfee'] = intval($_GET['newfee']);
  157. $newnumber = $tradelog['number'];
  158. $update = array(
  159. 'baseprice' => $tradelog['baseprice'],
  160. 'basecredit' => $tradelog['basecredit'],
  161. 'transportfee' => $tradelog['transportfee']
  162. );
  163. notification_add($tradelog['buyerid'], 'goods', 'trade_order_update_sellerid', array(
  164. 'seller' => $tradelog['seller'],
  165. 'sellerid' => $tradelog['sellerid'],
  166. 'orderid' => $orderid,
  167. 'subject' => $tradelog['subject']
  168. ));
  169. }
  170. if($tradelog['buyerid'] == $_G['uid']) {
  171. $newnumber = intval($_GET['newnumber']);
  172. if($newnumber <= 0) {
  173. showmessage('trade_input_no');
  174. }
  175. $trade = C::t('forum_trade')->fetch_goods($tradelog['tid'], $tradelog['pid']);
  176. if($newnumber > $trade['amount'] + $tradelog['number']) {
  177. showmessage('trade_lack');
  178. }
  179. $amount = $trade['amount'] + $tradelog['number'] - $newnumber;
  180. C::t('forum_trade')->update($tradelog['tid'], $tradelog['pid'], array('amount' => $amount));
  181. $tradelog['number'] = $newnumber;
  182. $update = array(
  183. 'number' => $tradelog['number'],
  184. 'discount' => 0,
  185. 'buyername' => dhtmlspecialchars($_GET['newbuyername']),
  186. 'buyercontact' => dhtmlspecialchars($_GET['newbuyercontact']),
  187. 'buyerzip' => dhtmlspecialchars($_GET['newbuyerzip']),
  188. 'buyerphone' => dhtmlspecialchars($_GET['newbuyerphone']),
  189. 'buyermobile' => dhtmlspecialchars($_GET['newbuyermobile']),
  190. 'buyermsg' => dhtmlspecialchars($_GET['newbuyermsg'])
  191. );
  192. notification_add($tradelog['sellerid'], 'goods', 'trade_order_update_buyerid', array(
  193. 'buyer' => $tradelog['buyer'],
  194. 'buyerid' => $tradelog['buyerid'],
  195. 'orderid' => $orderid,
  196. 'subject' => $tradelog['subject']
  197. ));
  198. }
  199. if($update) {
  200. if($tradelog['discount']) {
  201. $tradelog['baseprice'] = $tradelog['baseprice'] - $tax;
  202. $price = $tradelog['baseprice'] * $tradelog['number'];
  203. } else {
  204. $price = $tradelog['baseprice'] * $tradelog['number'];
  205. }
  206. if($_G['setting']['creditstransextra'][5] != -1 && ($oldnumber != $newnumber || $oldbasecredit != $tradelog['basecredit'])) {
  207. $tradelog['credit'] = $newnumber * $tradelog['basecredit'];
  208. $update['credit'] = $tradelog['credit'];
  209. }
  210. $update['price'] = $price + ($tradelog['transport'] == 2 ? $tradelog['transportfee'] : 0);
  211. C::t('forum_tradelog')->update($orderid, $update);
  212. $tradelog = C::t('forum_tradelog')->fetch($orderid);
  213. }
  214. }
  215. }
  216. $tradelog['lastupdate'] = dgmdate($tradelog['lastupdate'], 'u');
  217. $tradelog['statusview'] = trade_getstatus($tradelog['status']);
  218. $messagelist = array();
  219. if($tradelog['offline']) {
  220. $offlinenext = trade_offline($tradelog, 1, $trade_message);
  221. $message = explode("\t\t\t", $tradelog['message']);
  222. foreach($message as $row) {
  223. $row = explode("\t", $row);
  224. $row[2] = dgmdate($row[2], 'u');
  225. $row[0] && $messagelist[] = $row;
  226. }
  227. } else {
  228. $loginurl = trade_getorderurl($tradelog['tradeno']);
  229. }
  230. $trade = C::t('forum_trade')->fetch_goods($tradelog['tid'], $tradelog['pid']);
  231. include template('forum/trade_view');
  232. } else {
  233. if(empty($_GET['pid'])) {
  234. $pid = C::t('forum_post')->fetch_threadpost_by_tid_invisible($_G['tid']);
  235. $pid = $pid['pid'];
  236. } else {
  237. $pid = $_GET['pid'];
  238. }
  239. $thread = C::t('forum_thread')->fetch($_G['tid']);
  240. if($thread['closed']) {
  241. showmessage('trade_closed', 'forum.php?mod=viewthread&tid='.$_G['tid'].'&page='.$page);
  242. }
  243. $trade = C::t('forum_trade')->fetch_goods($_G['tid'], $pid);
  244. if(empty($trade)) {
  245. showmessage('trade_not_found');
  246. }
  247. $fromcode = false;
  248. if($trade['closed']) {
  249. showmessage('trade_closed', 'forum.php?mod=viewthread&tid='.$_G['tid'].'&page='.$page);
  250. }
  251. if($trade['price'] <= 0 && $trade['credit'] <= 0) {
  252. showmessage('trade_invalid', 'forum.php?mod=viewthread&tid='.$_G['tid'].'&page='.$page);
  253. }
  254. if($trade['credit'] > 0 && $_G['setting']['creditstransextra'][5] == -1) {
  255. showmessage('trade_credit_invalid', 'forum.php?mod=viewthread&tid='.$_G['tid'].'&page='.$page);
  256. }
  257. $limit = 6;
  258. $query = C::t('forum_trade')->fetch_all_for_seller($trade['sellerid'], $limit);
  259. $usertrades = array();
  260. $usertradecount = 0;
  261. foreach($query as $usertrade) {
  262. $usertradecount++;
  263. $usertrades[] = $usertrade;
  264. }
  265. if($_GET['action'] != 'trade' && !submitcheck('tradesubmit')) {
  266. $lastbuyerinfo = dhtmlspecialchars(C::t('forum_tradelog')->fetch_last($_G['uid']));
  267. $extra = rawurlencode($extra);
  268. include template('forum/trade');
  269. } else {
  270. if($trade['sellerid'] == $_G['uid']) {
  271. showmessage('trade_by_myself');
  272. } elseif($_GET['number'] <= 0) {
  273. showmessage('trade_input_no');
  274. } elseif(!$fromcode && $_GET['number'] > $trade['amount']) {
  275. showmessage('trade_lack');
  276. }
  277. $pay['number'] = $_GET['number'];
  278. $pay['price'] = $trade['price'];
  279. $credit = 0;
  280. if($_G['setting']['creditstransextra'][5] != -1 && $trade['credit']) {
  281. $credit = $_GET['number'] * $trade['credit'];
  282. }
  283. $price = $pay['price'] * $pay['number'];
  284. $buyercredits = 0;
  285. $pay['commision'] = 0;
  286. $orderid = $pay['orderid'] = dgmdate(TIMESTAMP, 'YmdHis').random(18);
  287. $transportfee = 0;
  288. trade_setprice(array('fee' => $fee, 'trade' => $trade, 'transport' => $_GET['transport']), $price, $pay, $transportfee);
  289. $buyerid = $_G['uid'] ? $_G['uid'] : 0;
  290. $_G['username'] = $_G['username'] ? $_G['username'] : $guestuser;
  291. $trade = daddslashes($trade, 1);
  292. $buyermsg = dhtmlspecialchars($_GET['buyermsg']);
  293. $buyerzip = dhtmlspecialchars($_GET['buyerzip']);
  294. $buyerphone = dhtmlspecialchars($_GET['buyerphone']);
  295. $buyermobile = dhtmlspecialchars($_GET['buyermobile']);
  296. $buyername = dhtmlspecialchars($_GET['buyername']);
  297. $buyercontact = dhtmlspecialchars($_GET['buyercontact']);
  298. $offline = !empty($_GET['offline']) ? 1 : 0;
  299. C::t('forum_tradelog')->insert(array(
  300. 'tid' => $trade['tid'],
  301. 'pid' => $trade['pid'],
  302. 'orderid' => $orderid,
  303. 'subject' => $trade['subject'],
  304. 'price' => $price,
  305. 'quality' => $trade['quality'],
  306. 'itemtype' => $trade['itemtype'],
  307. 'number' => $_GET['number'],
  308. 'tax' => $tax,
  309. 'locus' => $trade['locus'],
  310. 'sellerid' => $trade['sellerid'],
  311. 'seller' => $trade['seller'],
  312. 'selleraccount' => $trade['account'],
  313. 'tenpayaccount' => $trade['tenpayaccount'],
  314. 'buyerid' => $_G['uid'],
  315. 'buyer' => $_G['username'],
  316. 'buyercontact' => $buyercontact,
  317. 'buyercredits' => 0,
  318. 'buyermsg' => $buyermsg,
  319. 'lastupdate' => $_G['timestamp'],
  320. 'offline' => $offline,
  321. 'buyerzip' => $buyerzip,
  322. 'buyerphone' => $buyerphone,
  323. 'buyermobile' => $buyermobile,
  324. 'buyername' => $buyername,
  325. 'transport' => $_GET['transport'],
  326. 'transportfee' => $transportfee,
  327. 'baseprice' => $trade['price'],
  328. 'discount' => 0,
  329. 'credit' => $credit,
  330. 'basecredit' => $trade['credit']
  331. ));
  332. C::t('forum_trade')->update_counter($trade['tid'], $trade['pid'], 0, 0, 0, '-'.$_GET['number']);
  333. showmessage('trade_order_created', 'forum.php?mod=trade&orderid='.$orderid);
  334. }
  335. }
  336. ?>