📄 cardinfo.aspx.cs
字号:
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Data.OleDb;
using System.Web.Security;
namespace SCard
{
/// <summary>
/// cardinfo 的摘要说明。
/// </summary>
public class cardinfo : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label lblOrderid;
protected System.Web.UI.WebControls.Label lblAmount;
protected System.Web.UI.WebControls.Label lblSucceed;
protected System.Web.UI.WebControls.Label lblDate;
protected System.Web.UI.WebControls.Label lblPName;
protected System.Web.UI.WebControls.Repeater CardRepeater;
private void Page_Load(object sender, System.EventArgs e)
{
Response.ContentEncoding = System.Text.Encoding.GetEncoding("GB2312"); //转换编码
if( !IsPostBack )
{
/* 验证参数是否存在 */
if ( Request.QueryString["merchant_id"] == null || Request.QueryString["orderid"] == null
|| Request.QueryString["amount"] == null || Request.QueryString["date"] == null
|| Request.QueryString["succeed"] == null || Request.QueryString["mac"] == null
|| Request.QueryString["merchant_param"] == null )
{
Response.Redirect("index.aspx");
return;
}
/* 获取传来的参数 */
String strMerchant_id = Request.QueryString["merchant_id"].ToString(); //商户编号
String strOrderid = Request.QueryString["orderid"].ToString(); //交易订单编号
String strAmount = Request.QueryString["amount"].ToString(); //交易金额
String strDate = Request.QueryString["date"].ToString(); //交易日期
String strSucceed = Request.QueryString["succeed"].ToString(); //交易结果,"Y"表示成功,"N"表示失败
String strMac = Request.QueryString["mac"].ToString();
String strMerchant_param = Request.QueryString["merchant_param"].ToString();
//获取 私钥值
String key = getMerchantKey();
//拼合参数 ( 注意正确的参数串拼凑顺序 )
String src = "merchant_id=" + strMerchant_id + "&orderid=" + strOrderid +
"&amount=" + strAmount + "&date=" + strDate + "&succeed=" +
strSucceed + "&merchant_key=" + key;
//md5加密 拼合参数后的字符串
String digestString = FormsAuthentication.HashPasswordForStoringInConfigFile( src ,"MD5");
//mac值校验
if ( digestString.Equals( strMac ) )
{ //------------------------如果签名验证成功! [*特别提示*]
/*
@[*特别提示*]------------begin
为保证数据传输的精准,建议对如下返回值 与 提交支付网关前的值 进行比较:
merchant_id ==>与您的商户编号一致
orderid ==>与您网站产生的订单编号一致
amount ==>与该订单需要支付的金额一致
如果不一致,则返回的值可能被伪造,交易应该判定为失败。
succeed 返回支付的结果。返回"Y"表示成功,其他为失败。商户必须对此进行验证。
@ [*特别提示*]------------end
*/
//获取 商户编号
string sMerchantID = getMerchantID();
//检查商户编号是否一致
if( !strMerchant_id.Equals( sMerchantID ) )
{
Response.Redirect("index.aspx");
Response.End();
return;
}
strOrderid = CleanString.htmlInputText( strOrderid );//安全过滤
if( !checkOrderidAndAmount( strOrderid, strAmount ) )//检查 订单编号 && 支付的金额
{
Response.Redirect("index.aspx");
Response.End();
return;
}
//显示 支付信息
lblOrderid.Text = strOrderid;
lblAmount.Text = strAmount;
if( strSucceed.Equals("Y") )
{
lblSucceed.Text = "<font color=#0000ff>成功</font>";
}
else
{
lblSucceed.Text = "<font color=#ff0000>失败</font>";
}
lblDate.Text = strDate;
if( strSucceed.Equals("Y") )
{ //---------如果支付成功
/*
#商户网站逻辑处理#
*/
string strPID = "";
string strPName = "";
string strPNum = "";
//string strPPrice = "";
//string strTotalPrice = "";
//string strTName = "";
//string strEmail = "";
//string strPhone = "";
string strOState = "";
//获取 订单编号对应的订单记录
DBConn myDB = new DBConn();
string mySql = "select * from [Order] where OID='" + strOrderid + "'";
OleDbDataReader mydr = myDB.getDataReader( mySql );
if( mydr.Read() )
{
strPID = mydr["PID"].ToString();
strPName = mydr["PName"].ToString();
strPNum = mydr["PNum"].ToString();
//string strTotalPrice = double.Parse( mydr["TotalPrice"].ToString() ).ToString("f2");
//strPPrice = mydr["PPrice"].ToString();
//strTName = mydr["TName"].ToString();
//strEmail = mydr["Email"].ToString();
//strPhone = mydr["Phone"].ToString();
strOState = mydr["OState"].ToString();
}
else
{
Response.Write("找不到订单编号对应的订单记录<br>");
mydr.Close();
myDB.Close();
return;
}
mydr.Close();
myDB.Close();
//显示 商品名称
lblPName.Text = strPName;
if( !strOState.Equals("0") )//检查 订单是否完成
{
/*
//是否刚刚 获取了卡的信息
if( Session["getCardinfor"] == null || !Session["getCardinfor"].ToString().Equals("Yes") )
{
Response.Write("订单号: <font color=#ff0000><b>" + strOrderid + "</b></font> <br>");
Response.Write("订单 <font color=#0000ff><b>已经完成!!!</b></font><br>");
Response.Write("如果您还没获得相应的商品信息(卡号/密码);<br>");
Response.Write("请与 <b>客户服务部</b> 联系!!!<br>");
Response.End();
return;
}
*/
getCardinfo( strOrderid );//获取 所购卡的信息 卡号,密码
return;
}
//检查库存
DBConn DB = new DBConn();
string Sql = "select PStock from Products where PID=" + strPID;
OleDbDataReader dr = DB.getDataReader( Sql );
if( dr.Read() )
{
int iPStock = Int32.Parse( dr["PStock"].ToString() );
if( iPStock < Int32.Parse( strPNum ) )
{
Response.Write("<script>");
Response.Write("alert('库存不足!!!现在库存还有[ " + iPStock.ToString() + " ] 请与客服服务部联系!');");
Response.Write("</script>");
dr.Close();
DB.Close();
Response.Write("<font color=#ff0000><B>库存不足!!!</B>现在库存还有[ " + iPStock.ToString() + " ] ,请与客服服务部联系!</font>");
return;
}
}
else
{
Response.Write("<script>");
Response.Write("alert('没有这个商品!!!');");
Response.Write("</script>");
dr.Close();
DB.Close();
return;
}
dr.Close();
DB.Close();
/*********** 开始取卡 ***********/
DataTable myDT = new DataTable(); //存放卡号,密码
myDT.Columns.Add("CardNum");
myDT.Columns.Add("CardPassword");
//取出商品所对应的 卡号,密码
DBConn myDB2 = new DBConn();
string mySql2 = "select top " + strPNum + " * from PList where PID=" + strPID + " and CardState=0";
OleDbDataReader mydr2 = myDB2.getDataReader( mySql2 );
if( mydr2.Read() )
{
do
{
string sPLID = mydr2["PLID"].ToString();
string sCardNum = mydr2["CardNum"].ToString();
string sCardPassword = mydr2["CardPassword"].ToString();
setCardState( sPLID );//修改卡的状态
setOrderList( strOrderid, sPLID );//添加到订单明细表
setPStock( strPID );//修改卡的库存(-1)和卖出个数(+1)
/******** 为了测试方便..先不修改订单状态 *********/
setOState( strOrderid );//修改订单的状态 1
//加密对象
DCard.Encode myEncode = new DCard.Encode();
try
{
sCardPassword = myEncode.DecryptString( sCardPassword );//解密
}
catch
{
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -