分析ecshop赠品在购物车中出现
2013-11-01 22:45
686 查看
ecshop是一个非常灵活的电子商务系统,他可以在优惠活动中,为某个商品增加赠送礼品.不但可以设置价格,还可以免费赠送。
在购物的时候,如果你选择了某商品,而且该商品又设置了赠送礼品,那么在购物车的cart页面,将会通过以下程序调用赠品.看下面以下ecshop函数,另外还做了一些修改,完善了漏洞
/**
* 取得某用户等级当前时间可以享受的优惠活动
* @param int $user_rank 用户等级id,0表示非会员
* @return array
*/
function favourable_list($user_rank,$goods_id1)
{
/* 购物车中已有的优惠活动及数量 */
$used_list = cart_favourable();
/* 当前用户可享受的优惠活动 */
$favourable_list = array();
$user_rank = ',' . $user_rank . ',';
$now = gmtime();
$sql = "SELECT * " .
"FROM " . $GLOBALS['ecs']->table('favourable_activity') .
" WHERE CONCAT(',', user_rank, ',') LIKE '%" . $user_rank . "%'" .
" and act_range_ext like '%".$goods_id1."%' AND start_time <= '$now' AND end_time >= '$now'" .
" AND act_type = '" . FAT_GOODS . "'" .
" ORDER BY sort_order";
$res = $GLOBALS['db']->query($sql);
while ($favourable = $GLOBALS['db']->fetchRow($res))//SQL中的LIKE语句,获取了跟商品ID相似的记录,所以会出现“618=18”的错误问题,那么赠品类目就会有问题
{
//此处是把获取的赠品中的ID,中的,号分割
$act_range_ext=$favourable["act_range_ext"];
$str1=explode(',',$act_range_ext);
//分割的ID逐一匹配商品ID
foreach($str1 as $k)
{
//如果分割的ID值和商品的ID对应的话,执行此代码
if($k==$goods_id1)
{
$favourable['start_time'] = local_date($GLOBALS['_CFG']['time_format'], $favourable['start_time']);
$favourable['end_time'] = local_date($GLOBALS['_CFG']['time_format'], $favourable['end_time']);
$favourable['formated_min_amount'] = price_format($favourable['min_amount'], false);
$favourable['formated_max_amount'] = price_format($favourable['max_amount'], false);
$favourable['gift'] = unserialize($favourable['gift']);
foreach ($favourable['gift'] as $key => $value)
{
//判断商品上下架
$favourable['gift'][$key]['formated_price'] = price_format($value['price'], false);
//$favourable['gift'][$key]['goods_thumb'] = $GLOBALS['db']-> getOne("select goods_thumb from ".$GLOBALS['ecs']->table('goods')." where goods_id = $value[id]");
//判断赠送的商品的是否正常,如果不正常则不显示次赠品
$sql = "SELECT COUNT(*) FROM " . $GLOBALS['ecs']->table('goods') . " WHERE is_on_sale = 1 AND goods_id = ".$value['id'];
$is_sale = $GLOBALS['db']->getOne($sql);
if(!$is_sale)
{
//print_r($favourable['gift'][$key]);
unset($favourable['gift'][$key]);
}
}
$favourable['act_range_desc'] = act_range_desc($favourable);
$favourable['act_type_desc'] = sprintf($GLOBALS['_LANG']['fat_ext'][$favourable['act_type']], $favourable['act_type_ext']);
/* 是否能享受 */
$favourable['available'] = favourable_available($favourable);
if ($favourable['available'])
{
/* 是否尚未享受 */
$favourable['available'] = !favourable_used($favourable, $used_list);
}
$favourable_list[]= $favourable;
}
}
}
//print_r($favourable_list);
return $favourable_list;
}
其中的gift值就是赠品的数据信息.而在模板flow.dwt中。
!-- {foreach from=$favourable.gift item=gift} --><br />
<input type="checkbox" value="{$gift.id}" name="gift[]" />
<a href="/goods.php?id={$gift.id}" target="_blank">{$gift.name}</a> [{$gift.formated_price}]
<!-- {/foreach} -->
就是循环显示赠品的相关信息.
在购物的时候,如果你选择了某商品,而且该商品又设置了赠送礼品,那么在购物车的cart页面,将会通过以下程序调用赠品.看下面以下ecshop函数,另外还做了一些修改,完善了漏洞
/**
* 取得某用户等级当前时间可以享受的优惠活动
* @param int $user_rank 用户等级id,0表示非会员
* @return array
*/
function favourable_list($user_rank,$goods_id1)
{
/* 购物车中已有的优惠活动及数量 */
$used_list = cart_favourable();
/* 当前用户可享受的优惠活动 */
$favourable_list = array();
$user_rank = ',' . $user_rank . ',';
$now = gmtime();
$sql = "SELECT * " .
"FROM " . $GLOBALS['ecs']->table('favourable_activity') .
" WHERE CONCAT(',', user_rank, ',') LIKE '%" . $user_rank . "%'" .
" and act_range_ext like '%".$goods_id1."%' AND start_time <= '$now' AND end_time >= '$now'" .
" AND act_type = '" . FAT_GOODS . "'" .
" ORDER BY sort_order";
$res = $GLOBALS['db']->query($sql);
while ($favourable = $GLOBALS['db']->fetchRow($res))//SQL中的LIKE语句,获取了跟商品ID相似的记录,所以会出现“618=18”的错误问题,那么赠品类目就会有问题
{
//此处是把获取的赠品中的ID,中的,号分割
$act_range_ext=$favourable["act_range_ext"];
$str1=explode(',',$act_range_ext);
//分割的ID逐一匹配商品ID
foreach($str1 as $k)
{
//如果分割的ID值和商品的ID对应的话,执行此代码
if($k==$goods_id1)
{
$favourable['start_time'] = local_date($GLOBALS['_CFG']['time_format'], $favourable['start_time']);
$favourable['end_time'] = local_date($GLOBALS['_CFG']['time_format'], $favourable['end_time']);
$favourable['formated_min_amount'] = price_format($favourable['min_amount'], false);
$favourable['formated_max_amount'] = price_format($favourable['max_amount'], false);
$favourable['gift'] = unserialize($favourable['gift']);
foreach ($favourable['gift'] as $key => $value)
{
//判断商品上下架
$favourable['gift'][$key]['formated_price'] = price_format($value['price'], false);
//$favourable['gift'][$key]['goods_thumb'] = $GLOBALS['db']-> getOne("select goods_thumb from ".$GLOBALS['ecs']->table('goods')." where goods_id = $value[id]");
//判断赠送的商品的是否正常,如果不正常则不显示次赠品
$sql = "SELECT COUNT(*) FROM " . $GLOBALS['ecs']->table('goods') . " WHERE is_on_sale = 1 AND goods_id = ".$value['id'];
$is_sale = $GLOBALS['db']->getOne($sql);
if(!$is_sale)
{
//print_r($favourable['gift'][$key]);
unset($favourable['gift'][$key]);
}
}
$favourable['act_range_desc'] = act_range_desc($favourable);
$favourable['act_type_desc'] = sprintf($GLOBALS['_LANG']['fat_ext'][$favourable['act_type']], $favourable['act_type_ext']);
/* 是否能享受 */
$favourable['available'] = favourable_available($favourable);
if ($favourable['available'])
{
/* 是否尚未享受 */
$favourable['available'] = !favourable_used($favourable, $used_list);
}
$favourable_list[]= $favourable;
}
}
}
//print_r($favourable_list);
return $favourable_list;
}
其中的gift值就是赠品的数据信息.而在模板flow.dwt中。
!-- {foreach from=$favourable.gift item=gift} --><br />
<input type="checkbox" value="{$gift.id}" name="gift[]" />
<a href="/goods.php?id={$gift.id}" target="_blank">{$gift.name}</a> [{$gift.formated_price}]
<!-- {/foreach} -->
就是循环显示赠品的相关信息.
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- OpenCV图象孔洞内轮廓填充
- OpenCV_轮廓的查找、表达、绘制、特性及匹配
- OpenCV计算连通区域数目与最大连通区域并标示出
- Linux 远程桌面控制
- Linux中三种进程的区别分析
- 数据中心架构和编程
- openMPI小集群安装
- [转载]ubuntu下编译时出现“make: arm-linux-gcc:命令
- Linux内核代码记录--“好记性不如烂笔头”
- CentOS命令提示符设定
- [苹果技巧]苹果系统用于系统监控和管理的命令
- 海康威视采集卡结合opencv使用(两种方法)-转
- Linux安装C++ MAN手册
- 如何利用多核CPU来加速你的Linux命令 — awk, sed, bzip2, grep, wc等
- Dovecot installation and configuration on CentOS
- Windows 7 + VMWare 8 32-bit 装CentOS 6.4 64-bit
- lnmp
- Linux下安装jdk1.6
- Install WAS6.1+IHS for Linux(64bit)
- 监控视频中人的特征识别