<?php include_once '../lib/glob.php'; include_once '../lib/lib.php'; //security check: if (!isset($_POST["Username"]) or !isset($_POST["Password"])) { die("<h1>ERROR ON PAGE</h1>"); } //assign vars $usr = lib_cn_name_filter(trim($_POST["Username"])); $psw = lib_psw_filter(trim($_POST["Password"])); //check if password and username match: if (isUsrPswMatch($usr, $psw)) { if (email_vertify($usr)) { $_SESSION["username"] = $usr; $_SESSION["password"] = $psw; $_SESSION["id"] = getUserID($usr, $psw); header("Location:../index.php"); exit; } else { setAlertMsg("帳號還沒有被激活!"); header("Location:../login.php"); exit; } } else { setAlertMsg("用戶或密碼不正確!"); header("Location:../login.php"); exit; }
<?php include_once '../lib/glob.php'; include_once '../lib/lib.php'; if (!isset($_SESSION["id"]) or !isset($_SESSION["username"])) { echo "請登入"; exit; } if (isset($_POST["pid"]) and !empty($_POST["pid"]) and isset($_SESSION["id"]) and isset($_POST["quantity"]) and !empty($_POST["quantity"])) { if (lib_number_validate($_POST["quantity"])) { $QTY = $_POST["quantity"]; } else { die("不能打数字以外的字符!"); } if (lib_psw_filter($_POST["pid"])) { $pid = $_POST["pid"]; } else { die("不正確的字符!"); } $query1 = "SELECT * FROM carts \n\t\t\t\tWHERE carts.pid = '{$pid}' AND carts.id = '{$_SESSION['id']}'"; $result1 = mysql_query($query1); if (mysql_num_rows($result1) == 0) { $QTY = checkQTY($pid, $QTY); if ($QTY == 0) { echo "對不起本書暫時缺貨,如要预订,请联系我们!"; } else { if ($_POST["quantity"] != $QTY) { echo "抱歉, 庫存量限制我們給了最大數量, 如要预订,请联系我们!"; } else { echo "成功添加到購物車"; }