From d5c6cf57d2c8d7049d27a0cf335cb065b9fb5f8b Mon Sep 17 00:00:00 2001
From: aozhiwei <aozhiwei@kingsome.cn>
Date: Tue, 8 Aug 2023 16:45:09 +0800
Subject: [PATCH] 1

---
 webapp/controller/MallController.class.php | 44 +++++++++++-----------
 1 file changed, 23 insertions(+), 21 deletions(-)

diff --git a/webapp/controller/MallController.class.php b/webapp/controller/MallController.class.php
index 5859c397..559ce8f6 100644
--- a/webapp/controller/MallController.class.php
+++ b/webapp/controller/MallController.class.php
@@ -93,7 +93,6 @@ class MallController extends BaseAuthedController {
                             'ignore_empty' => true,
                             'custom_func' => function () use ($queryData) {
                                 $priceFilters = $queryData['price_filter'];
-                                error_log($priceFilters);
                                 $arrPriceFilter = explode('|', $priceFilters);
                                 $priceLow = $arrPriceFilter[0];
                                 $priceHigh = $arrPriceFilter[1];
@@ -123,17 +122,12 @@ class MallController extends BaseAuthedController {
         $itemId = getReqVal('item_id', '');
         $amount = getReqVal('amount', '');
         $currency = getReqVal('currency', '');
-        $price = getReqVal('price', '');
+        $priceBn = phpcommon\bnInit(getReqVal('price', ''));
         if ($itemId != V_ITEM_GOLD) {
             $this->_rspErr(1, 'only support gold');
             return;
         }
-        if (empty($price)) {
-            $this->_rspErr(1, 'price not found');
-            return;
-        }
-        if ($price <= 0) {
-            $this->_rspErr(1, 'price must > 0');
+        if (!$this->checkPrice($priceBn)) {
             return;
         }
         if (empty($amount)) {
@@ -186,7 +180,7 @@ class MallController extends BaseAuthedController {
             $itemId,
             $amount,
             $currency,
-            $price
+            phpcommon\bnToStr($priceBn)
         );
         myself()->_rspOk();
     }
@@ -243,17 +237,8 @@ class MallController extends BaseAuthedController {
     public function modifyPrice()
     {
         $goodsUuid = getReqVal('goods_uuid', '');
-        $price = getReqVal('price', '');
-        if (empty($price)) {
-            myself()->_rspErr(1, 'price not found');
-            return;
-        }
-        if ($price <= 0) {
-            myself()->_rspErr(1, 'price must > 0');
-            return;
-        }
-        if (!is_numeric($price)) {
-            myself()->_rspErr(1, 'price must be number');
+        $priceBn = phpcommon\bnInit(getReqVal('price', ''));
+        if (!$this->checkPrice($priceBn)) {
             return;
         }
         $goodsDb = Mall::findByGoodsUuid($goodsUuid);
@@ -266,8 +251,25 @@ class MallController extends BaseAuthedController {
             myself()->_rspErr(1, 'cant modify price');
             return;
         }
-        Mall::modifyPrice($goodsDto['goods_uuid'], $price);
+        Mall::modifyPrice($goodsDto['goods_uuid'], phpcommon\bnToStr($priceBn));
         myself()->_rspOk();
     }
 
+    private function checkPrice($priceBn)
+    {
+        if ($priceBn === false) {
+            myself()->_rspErr(1, 'price format error1');
+            return false;
+        }
+        if (phpcommon\bnCmp($this->priceLowBn, $priceBn) > 0) {
+            myself()->_rspErr(1, 'price format error2');
+            return false;
+        }
+        if (phpcommon\bnCmp($this->priceHighBn, $priceBn) < 0) {
+            myself()->_rspErr(1, 'price format error3');
+            return false;
+        }
+        return true;
+    }
+
 }