function search($offset = '', $limit = '', $qa)
{
global $conn;
$q = "SELECT product_id,\n product_name,\n product_description,\n unit_price,\n date_added,\n products.product_type_id,\n product_type_name,\n subcategory.subcategory_id,\n subcategory_name,\n category.category_id,\n category_name\n FROM products \n INNER JOIN product_type \n ON products.product_type_id=product_type.product_type_id \n INNER JOIN subcategory \n ON product_type.subcategory_id=subcategory.subcategory_id \n INNER JOIN category \n ON subcategory.category_id=category.category_id ";
$q_ex = " WHERE ( \n product_name LIKE :query\n OR product_description LIKE :query\n OR product_type_name LIKE :query\n OR subcategory_name LIKE :query ";
if (empty($offset) && empty($limit)) {
$q_ord_lmt = " ORDER BY date_added DESC ";
} else {
$q_ord_lmt = " ORDER BY date_added DESC LIMIT " . $offset . "," . $limit;
}
if (!empty($qa['query']) && !empty($qa['cat_name']) && $qa['cat_name'] != 'all') {
$sql = myQuery($q . $q_ex . " ) AND category_name=:category_name " . $q_ord_lmt, array(':query' => '%' . $qa['query'] . '%', ':category_name' => $qa['cat_name']), $conn);
} elseif (!empty($qa['cat_name']) && empty($qa['query'])) {
$sql = myQuery($q . " WHERE category_name=:category_name " . $q_ord_lmt, array(':category_name' => $qa['cat_name']), $conn);
} elseif (!empty($qa['query'])) {
$sql = myQuery($q . $q_ex . " OR category_name LIKE :query) " . $q_ord_lmt, array(':query' => '%' . $qa['query'] . '%'), $conn);
} elseif (!empty($qa['cat_id'])) {
$sql = myQuery($q . " WHERE category.category_id = :category_id " . $q_ord_lmt, array(':category_id' => $qa['cat_id']), $conn);
} elseif (!empty($qa['scat_id'])) {
$sql = myQuery($q . " WHERE subcategory.subcategory_id = :subcategory_id " . $q_ord_lmt, array(':subcategory_id' => $qa['scat_id']), $conn);
} elseif (!empty($qa['pt_id'])) {
$sql = myQuery($q . " WHERE products.product_type_id = :product_type_id " . $q_ord_lmt, array(':product_type_id' => $qa['pt_id']), $conn);
} else {
$sql = myQuery($q . $q_ord_lmt, array(), $conn);
}
return $sql;
}
function option_resources($preset = '')
{
$qry = "SELECT * FROM sites WHERE ep_occi != '' ORDER BY cmf";
$ret = myQuery($qry);
$opts = "<option>::select a site::</option>";
while ($row = myFetchRow($ret)) {
//dd($row);
$v = $row['id'];
$t = site_title($row);
if ($preset == $v) {
$sel = " selected";
} else {
$sel = '';
}
$opts .= "<option value='{$v}'{$sel}>{$t}</option>";
}
return $opts;
}
function List_Resource_Template($siteid)
{
$ctype = 'RES';
$w = array();
$w[] = "siteid='{$siteid}'";
$w[] = "ctype='{$ctype}'";
$vtime = $this->vtime;
if ($vtime > 0) {
$w[] = "idate > date_sub(now(), interval {$vtime} SECOND)";
}
$sql_where = " WHERE " . join(" AND ", $w);
$qry = "SELECT * FROM {$this->tbl} {$sql_where}";
$this->_debug($qry);
$ret = myQuery($qry);
$lists = array();
while ($row = myFetchRow($ret)) {
//dd($row);
$uri = $row['uri'];
$lists[] = $uri;
}
return $lists;
}
if (!empty($current_password) && !empty($new_password) && !empty($confirm_new_password)) {
if ($current_password === $_SESSION['customer_password'] && $new_password === $confirm_new_password) {
$sql = myQuery("UPDATE customer SET customer_password=:customer_password WHERE customer_id=:customer_id", array(":customer_password" => $new_password, ':customer_id' => $_SESSION['customer_id']), $conn);
//if($sql->rowCount()>0){$status['password_update_success']="You have successfully updated your password!";}
$disable_profile = "";
$disable_email = $disable_password = "******";
header('location: customer_signout.php');
} else {
$status['match_err'] = "Password didn't match! Try again.";
}
} else {
$status['password_empty_err'] = "Fill up all the fields.";
}
}
}
$sql = myQuery("SELECT * FROM customer WHERE customer_id=:customer_id", array(':customer_id' => $_SESSION['customer_id']), $conn);
if ($sql) {
$res = $sql->fetchAll(PDO::FETCH_ASSOC);
foreach ($res as $row) {
$value['customer_name'] = $row['customer_name'];
$value['phone'] = $row['phone'];
$value['address'] = $row['address'];
$value['postal_code'] = $row['postal_code'];
$value['city'] = $row['city'];
$value['country'] = $row['country'];
}
}
include "directory_from_customer.php";
include "../views/header.view.php";
include "../views/customer/profile.view.php";
include "../views/footer.view.php";
function listIdData($id, $data)
{
//初始化返回值信息,返回一个ID或多个ID
$str = '';
//判断传入的是父类,还是子类
$sql = "select count(*) as total from " . PREFIX . "type where pid={$id}";
$result = myQuery($sql);
if ($result[0]['total'] == 0) {
//当传入值为子类目的情况
$str = $id;
} else {
//当传入ID为父类的情况
$arr['parent'] = $id;
$arr['child'] = typeDate($data, $id);
//使用上面定义的递归函数
foreach ($arr['child'] as $v) {
$str .= $v['id'] . ',';
}
$str = rtrim($str, ',');
}
return $str;
}
// See if that product name is an identical match to another product in the system
myQuery("UPDATE products \n SET product_name=:product_name, unit_price=:unit_price, product_description=:product_description,product_type_id=:product_type_id\n WHERE product_id=:product_id", array(':product_name' => $product_name, ':unit_price' => $unit_price, ':product_description' => $product_description, ':product_type_id' => $product_type_id['product_type_id'], ':product_id' => $pid), $conn);
if ($_FILES['fileField']['tmp_name'] != "") {
// Place image in the folder
$newname = $pid . ".jpg";
move_uploaded_file($_FILES['fileField']['tmp_name'], "../assets/img/" . $newname);
}
header("location: update_product.php?product_id={$pid}");
exit;
}
// Gather this product's full information for inserting automatically into the edit form below on page
$pid_for_img = "";
$pname_for_img = "";
if (isset($_GET['product_id'])) {
$targetID = $_GET['product_id'];
$sql = myQuery("SELECT * FROM products WHERE product_id=:product_id LIMIT 1", array(':product_id' => $targetID), $conn);
if ($sql->rowCount() > 0) {
$res = $sql->fetchAll(PDO::FETCH_ASSOC);
foreach ($res as $row) {
$pid_for_img = $_GET['product_id'];
$pname_for_img = $row['product_name'];
$product_name = $row['product_name'];
$unit_price = $row['unit_price'];
$category = find_category_name($row['product_type_id']);
$subcategory = find_subcategory_name($row['product_type_id']);
$product_type = find_product_type_name($row['product_type_id']);
$product_description = $row['product_description'];
$date_added = strftime("%b %d, %Y", strtotime($row['date_added']));
}
} else {
$data = "Sorry! No such product exists.";
<li><a href="#" onclick="ec.member.orderList.seltime(this,1);"><span>三个月前订单<em id="count-seltime-1" style="display: none; ">0</em></span></a></li>
</ul>
<div class="ec-tab-arrow" style="left: 0px; width: 136px; "></div>
</div>
</div>
</div>
<!-- 20141212-栏目-end -->
<!-- 20141222-我的订单-订单类别-start -->
<div style="margin-top:10px;">
</div>
<!-- 20141222-我的订单-订单类别-end -->
<!-- 20141222-我的订单-列表-start -->
<div class="myOrder-record" id="myOrders-list-content">
<?php
$sqldz = "select * from " . PREFIX . "address where uid={$_SESSION['user']['id']}";
$resdz = myQuery($sqldz);
//收货人
$linkman = $resdz['0']['linkman'];
$address = $resdz['0']['address'];
$code = $resdz['0']['code'];
$phone = $resdz['0']['phone'];
if ($resdz) {
foreach ($resdz as $value) {
?>
<div class="list-group-item">
<div class="o-pro">
<table cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<td class="col-pro-img"><?php
echo $value['linkman'];
$unit_price = $_POST['unit_price'];
$category = $_POST['category'];
$subcategory = $_POST['subcategory'];
$product_type = $_POST['product_type'];
$product_description = $_POST['product_description'];
if (empty($product_name) || empty($unit_price) || empty($category) || empty($subcategory) || empty($product_type) || empty($product_description)) {
$data['empty_status'] = "Please Fill up all the fields.";
} else {
$sql = myQuery("SELECT product_id FROM products WHERE product_name=:product_name LIMIT 1", array(':product_name' => $product_name), $conn);
if ($sql->rowCount() > 0) {
$data['duplicate_status'] = 'Sorry! You tried to place a duplicate "Product Name" into the system. Try a new name';
} else {
$sql = myQuery("SELECT product_type_id FROM product_type WHERE product_type_name=:product_type_name LIMIT 1", array(':product_type_name' => $product_type), $conn);
$res = $sql->fetch();
$product_type_id = $res['product_type_id'];
myQuery("INSERT INTO products (product_name,product_description,unit_price,product_type_id, date_added) \n VALUES(:product_name,:product_description,:unit_price,:product_type_id,now())", array(':product_name' => $product_name, ':product_description' => $product_description, ':unit_price' => $unit_price, ':product_type_id' => $product_type_id), $conn) or die(error());
$product_id = $conn->lastInsertId();
$newname = $product_id . ".jpg";
move_uploaded_file($_FILES['fileField']['tmp_name'], "../assets/img/" . $newname);
$data['created_status'] = "Product Created Successfully!";
header("location: update_product.php?product_id={$product_id}");
}
}
} elseif (isset($_POST['btn_submit']) && $_POST['btn_submit'] == "slct_cat") {
if (isset($_POST['product_name'])) {
$product_name = $_POST['product_name'];
}
if (isset($_POST['unit_price'])) {
$unit_price = $_POST['unit_price'];
}
if (isset($_POST['product_description'])) {
} elseif (isset($_POST['btn_submit']) && $_POST['btn_submit'] == "slct_cat") {
$value_pt = $_POST['product_type'];
if (empty($_POST['category_pt']) || $_POST['category_pt'] == "--- select category") {
$data['pt']['four'] = "Please select a category.";
} else {
$catpt_value = $_POST['category_pt'];
}
} elseif (isset($_POST['btn_submit']) && $_POST['btn_submit'] == "crt_pt") {
$value_pt = $_POST['product_type'];
if (empty($_POST['subcategory_pt']) || empty($_POST['category_pt']) || $_POST['subcategory_pt'] == "--- select subcategory" || $_POST['category_pt'] == "--- select category") {
$data['pt']['one'] = "Please select a category and a subcategory.";
} else {
$scsql = myQuery("SELECT subcategory_id \n FROM subcategory \n WHERE category_id=(SELECT category_id FROM category WHERE category_name=:category_name LIMIT 1)\n AND subcategory_name=:subcategory_name LIMIT 1", array(':category_name' => $_POST['category_pt'], ':subcategory_name' => $_POST['subcategory_pt']), $conn);
$scategory_id = $scsql->fetch();
$sql = myQuery("SELECT product_type_id FROM product_type WHERE product_type_name=:product_type_name AND subcategory_id=:subcategory_id LIMIT 1", array(':product_type_name' => $_POST['product_type'], ':subcategory_id' => $scategory_id['subcategory_id']), $conn);
if ($sql->rowCount() == 1) {
$data['pt']['two'] = 'Sorry! You tried to place a duplicate "Product Type Name" into the system. Try a new name';
} else {
myQuery('INSERT INTO product_type(subcategory_id,product_type_name)
VALUES(:subcategory_id,:product_type_name)', array(':subcategory_id' => $scategory_id['subcategory_id'], ':product_type_name' => $_POST['product_type']), $conn);
}
}
if (empty($value_pt)) {
$data['pt']['three'] = "Please put a subcategory name.";
}
}
include "directory_from_admin.php";
include "../views/header.view.php";
include "../views/admin/admin_header.view.php";
include "../views/admin/create_category.view.php";
include "../views/admin/admin_footer.view.php";
} elseif($approvedstatus=="reverse") {
$condns="verified=1 and formNumber='$searchQuery' or vlSampleID='$searchQuery' or concat(lrCategory,lrEnvelopeNumber,'/',lrNumericID) like '$searchQuery%'";
}
} elseif($searchQueryFrom && $searchQueryTo) {
$condns="concat(lrCategory,lrEnvelopeNumber)>='$searchQueryFrom' and concat(lrCategory,lrEnvelopeNumber)<='$searchQueryTo'";
} else {
if(!$approvedstatus || $approvedstatus=="pending") {
$condns="verified=0";
} elseif($approvedstatus=="processed" || $approvedstatus=="reverse") {
$condns="verified=1";
}
}
//number pages
$numberPages=0;
$query=myQuery($condns,$offset,$rowsToDisplay);
$the_count=mysqlquery("SELECT count(id) AS num FROM vl_samples WHERE $condns LIMIT 1");
$num_res=mysqlfetcharray($the_count);
$num_rows=$num_res['num'];
$numberPages=ceil($num_rows/$rowsToDisplay);
if(mysqlnumrows($query)) {
//how many pages are there?
if($numberPages>1) {
echo "<tr><td style=\"padding:0px 0px 10px 0px\" class=\"vls_grey\"><strong>Pages:</strong> ".displayPagesLinks("/verify/".($approvedstatus=="search"?"search/$encryptedSample":$approvedstatus)."/pg/",1,$numberPages,($pg?$pg:1),$default_radius)."</td></tr>";
}
$numberOfRelevantSamples=0;
$numberOfRelevantSamples=getDetailedTableInfo3("vl_samples","verified=0","count(id)","num");
</div>
<div class="fl u-1-4">
<!--购买该商品的用户还购买了 start-->
<!--购买该商品的用户还购买了 end-->
<div class="hot-area">
<div class="h">
<h3><span>热销榜单</span></h3>
</div>
<div class="b">
<!--商品列表 -->
<div class="pro-list">
<ul>
<!--根据浏览量遍历商品-->
<?php
$sqlk = "select * from " . PREFIX . "goods order by clicknum desc limit 0,5";
$resk = myQuery($sqlk);
$jsq = 1;
//计时器
foreach ($resk as $v) {
?>
<li>
<div>
<p class="p-img"><a href="article.php?id=<?php
echo $v['id'];
?>
" ><img width="56" src="<?php
echo $path . '64_' . $v['picname'];
?>
" alt=""/></a><s class="s<?php
echo $jsq;
?>
</div>
</div>
</div>
<!-- 20141212-栏目-end -->
<!-- 20141222-我的订单-列表-start -->
<div class="myOrder-record" id="myOrders-list-content">
<div class="list-group" id="list-group">
<?php
$ping = array('1' => '差评', '3' => '中评', '5' => '好评');
//遍历评论
$sqlpl = "select c.*,d.userorder,d.picname from " . PREFIX . "comment as c," . PREFIX . "detail as d where c.uid='{$_SESSION['user']['id']}' and c.goodsid=d.goodsid and c.orderid=d.orderid order by c.id";
//echo $sqlpl;die;
$respl = myQuery($sqlpl);
if ($respl) {
foreach ($respl as $val) {
?>
<div class="list-group-item">
<div class="o-info">
<div class="col-info">
<span class="o-date"><?php
echo date('Y-m-d H:i:s', $val['addtime']);
?>
</span>
<span class="o-no">订单号:<a title="1260264708" href="#"><?php
echo $val['userorder'];
?>
</a></span>
</div>
<em class="channel-subtitle">华为精品手机</em>
<ul class="channel-nav">
<li><a href="#" target="_blank">荣耀</a></li>
<li><a href="#" target="_blank">畅玩</a></li>
<li><a href="#" target="_blank">华为 Mate/P系列</a></li>
<li><a href="#" target="_blank">G/Y系列</a></li>
<li><a href="#" target="_blank">运营商合约</a></li>
</ul>
</div>
<div class="b">
<ul class="channel-pro-list">
<?php
//php遍历数据,手机栏目
$sqlw = "select * from " . PREFIX . "goods where typeid in(3,4,5) limit 0,8";
$resultw = myQuery($sqlw);
//var_dump($result);die();
//图片路径
$path = "../public/uploads/";
foreach ($resultw as $k => $val) {
$h = $k + 4;
?>
<li id="channel-pro-1-<?php
echo $h;
?>
" class="channel-pro-item">
<div class="channel-pro-panels">
<div class="pro-info">
<div class="p-img"><a href="article.php?id=<?php
echo $val['id'];
include "../db/connect.php";
include "../db/db_helper.php";
$status = NULL;
$value = NULL;
// Parse the log in form if the user has filled it out and pressed "Log In"
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$admin_name = $_POST["admin_name"];
$admin_password = $_POST["password"];
if (empty($admin_name) or empty($admin_password)) {
$status = "Please give valid admin name and password.";
} else {
$value = $admin_name;
$admin_name = preg_replace('#[^A-Za-z0-9]#i', '', $admin_name);
// filter everything but numbers and letters
// Connect to the MySQL database
$sql = myQuery("SELECT admin_id FROM admin WHERE admin_name=:admin_name AND admin_password=:admin_password LIMIT 1", array(":admin_name" => $admin_name, ":admin_password" => $admin_password), $conn);
// query the person
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
if ($sql->rowCount() == 0) {
$status = "Wrong admin name or password.";
} elseif ($sql->rowCount() == 1) {
// evaluate the count\
$res = $sql->fetchAll(PDO::FETCH_ASSOC);
foreach ($res as $row) {
$admin_id = $row["admin_id"];
}
$_SESSION["admin_id"] = $admin_id;
$_SESSION["admin_name"] = $admin_name;
$_SESSION["admin_password"] = $admin_password;
header("location: index.php");
exit;
<div class="box-form-tips"><span class=""></span></div>
</form>
</div>
</div>
<td class="box-cr"></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<?php
if (isset($_GET['editaddress'])) {
$sqlt = "select * from " . PREFIX . "address where id=6";
$rest = myQuery($sqlt);
//var_dump($rest);die;
?>
<!--下面是修改菜单,根据URL是否有edit标识进行判断-->
<div id="edit_address">
<div style="z-index: 500; width: 700px; visibility: visible; position: fixed; top: 50%; left: 50%; margin-left:-350px;margin-top:-212px;" id="myAddress-new-box" class="ol_box_4">
<div class="box-ct">
<div class="box-header">
<div class="box-tl"></div>
<div class="box-tc">
<div class="box-tc1"></div>
<div class="box-tc2"><a href="javascript:;" onclick="$('#edit_address').hide();" title="关闭" class="box-close"></a><span class="box-title">修改地址</span></div>
</div>
<div class="box-tr"></div>
</div>
<td onclick="nologin();"><a target="_blank" class="p-button-cart"><span>加入购物车</span></a></td>
<?php
} else {
?>
<td id="sub_goods"><a target="_blank" class="p-button-cart"><span>加入购物车</span></a></td>
<?php
}
?>
<!--遍历输出商品评价数目-->
<?php
//初始化评论数
$plNum = 0;
//获取商品id
$goodsid = $value['id'];
$sqlpl = "select count(*) as total from " . PREFIX . "comment where goodsid={$goodsid}";
$resultpl = myQuery($sqlpl);
$plNum = $resultpl[0]['total'];
echo '<td><label class="p-button-score"><span>' . ($plNum + 3) . '人评价</span></label></td>';
?>
</tr>
</tbody>
</table>
</div>
<s class="p-tag"><img src="images/1382542518162.png"/></s>
</div>
</li>
<?php
}
}
?>
function _update_vm_status($id, $stat)
{
$qry = "UPDATE vminfo SET state='{$stat}' WHERE id='{$id}'";
$ret = myQuery($qry);
}
$email = $_POST['email'];
$customer_password = $_POST['password'];
$value = $email;
$confirm_customer_password = $_POST['confirm_password'];
if (empty($email) or empty($customer_password) or empty($confirm_customer_password)) {
$status['empty_err'] = "Please fill up all the fields.";
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$status['email_err'] = "Invalid email format.";
} elseif ($confirm_customer_password !== $customer_password) {
$status['customer_password_err'] = "Password didn't match!";
} else {
$sql = myQuery("SELECT customer_id FROM customer WHERE email=:email", array(':email' => $email), $conn);
if ($sql->rowCount() == 1) {
$status['duplicate_err'] = "Sorry! There's an account with this email ! ";
} else {
$sql = myQuery("INSERT INTO customer(email,customer_password) VALUES(:email,:customer_password)", array(':email' => $email, ':customer_password' => $customer_password), $conn);
if ($sql->rowCount() == 1) {
$status['success'] = "Congratulations! You have successfully signed up!";
$value = "";
$_SESSION['customer_email'] = $email;
$_SESSION['customer_id'] = $conn->lastInsertId();
$_SESSION['customer_password'] = $customer_password;
header("location: profile.php");
}
}
}
}
include "directory_from_customer.php";
include "../views/header.view.php";
include "../views/customer/customer_signup.view.php";
include "../views/footer.view.php";
</div>
<div class="uc">
<!-- 头部 -->
<div class="uc_head">
<div class="uc_head_middle">
<div class="uc_head_middle_left">我的华为帐号</div>
<div class="uc_head_middle_right"><a class="logout_c" href="#"><?php
echo $_SESSION['user']['username'];
?>
</a> | <a class="logout_c" href="useraction.php?a=logout">退出</a></div>
</div>
</div>
<?php
$path = '../public/user/';
$sql = "select * from " . PREFIX . "users where id={$_SESSION['user']['id']}";
$result = myQuery($sql);
//echo $sql;die;
?>
<div class="uc_body">
<div class="uc_body_form">
<dl>
<dd class="dd_left" style="text-align: center; position: relative;"> <img alt="头像" id="headPic" src="<?php
echo $path . $result['0']['mypic'];
?>
">
<div id="uploadHead">上传头像</div>
</dd>
<dd>
<form action="useraction.php?a=update" method="post" enctype="multipart/form-data">
<table style="width:700px;">
<tbody>
?>
</a></span>
</div>
<div class="col-state">
状态
</div>
</div>
<div class="o-pro">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<!-- 组合套餐列表 -->
<!-- 普通商品列表 -->
<?php
$sqla = "select * from " . PREFIX . "detail where orderid={$value['id']} order by id desc";
//echo $sqla;die;
$resulta = myQuery($sqla);
$tiao = count($resulta);
$i = 0;
//定时器
foreach ($resulta as $v) {
$i++;
?>
<tr>
<td class="col-pro-img"><p class="p-img"> <a title="" href="article.php?id=<?php
echo $v['goodsid'];
?>
" target="_blank"> <img width="100" src="<?php
echo $path . '218_' . $v['picname'];
?>
"> </a> </p></td>
<td class="col-pro-info"><p class="p-name"> <a title="" target="_blank" href="article.php?id=<?php
} else {
$page = 1;
}
}
if (!empty($_POST['next']) && $_POST['next'] === 'next') {
if ($page < $pg_qty) {
$page++;
} else {
$page = $pg_qty;
}
}
header('location: index.php?page=' . $page);
}
//Delete Product
if (isset($_GET['deleteproduct_id'])) {
$data['confirmation'] = '<div class="confirmation" align="center"> Do you really want to delete product with ID of ' . $_GET['deleteproduct_id'] . '? <a class="btn btn-warning" href="index.php?yesdelete=' . $_GET['deleteproduct_id'] . '">Yes</a> | <a class="btn btn-info" href="index.php">No</a> </div>';
}
if (isset($_GET['yesdelete'])) {
$product_id_to_delete = $_GET['yesdelete'];
myQuery("DELETE FROM products WHERE product_id=:product_id LIMIT 1", array(':product_id' => $product_id_to_delete), $conn) or die(error());
$pictodelete = "../assets/img/{$product_id_to_delete}.jpg";
if (file_exists($pictodelete)) {
unlink($pictodelete);
}
header("location: index.php");
}
include "directory_from_admin.php";
include "../views/header.view.php";
include "../views/admin/admin_header.view.php";
include "../views/admin/index.view.php";
include "../views/admin/admin_footer.view.php";
mysql_select_db(DBNAME, $conn);
mysql_set_charset('utf8');
$wd = $_GET['wd'];
//下一页进来的时候,必须要带上wd,不然下一页就出不来信息了
//echo $wd;die;
if (empty($wd)) {
//echo "请输入查询内容";
echo "<script>alert('请输入查询的内容!');window.location.href='./index.php';</script>";
die;
}
//设置where like语句
$where = "where linkman like '%{$wd}%' or userorder like '%{$wd}%'";
//分页
//总条数
$sqlmax = "select count(*) as total from " . PREFIX . "orders {$where}";
$resmax = myQuery($sqlmax);
$count = $resmax[0]['total'];
//echo $count;die;
//每页显示5条
$row = 5;
//总页数
$countPage = ceil($count / $row);
//当前页数
$page = empty($_GET['page']) ? '1' : $_GET['page'];
//偏移量
$py = ($page - 1) * 5;
$where2 = "where o.uid=u.id and (o.linkman like '%{$wd}%' or o.userorder like '%{$wd}%')";
$limit = "limit {$py},{$row}";
$sql = "select o.*,u.username from " . PREFIX . "orders as o," . PREFIX . "users as u {$where2} order by o.id desc {$limit}";
//echo $sql;die;
$result = mysql_query($sql);
var form = document.form;
form.mode.value = 'dodelete';
//form.target = 'hiddenframe'
form.submit();
}
</script>
EOS;
pagetail();
exit;
}
### }}}
pagehead($pgtitle);
ParagraphTitle($pgtitle);
ParagraphTitle("OS Template", 1);
$qry = "SELECT O.*\n, R.affiliation, R.cmf, R.cc\n FROM ostpl O\n LEFT JOIN resources R ON O.resid=R.id";
$ret = myQuery($qry);
print <<<EOS
<table border='1' class='mmdata'>
<th>#</th>
<th>Affiliation</th>
<th>CC</th>
<th>CMF</th>
<th>OSID</th>
<th>Date</th>
</tr>
EOS;
$cnt = 0;
while ($row = myFetchRow($ret)) {
$cnt++;
//dd($row);
include "../db/db_helper.php";
$status = NULL;
$value = NULL;
// Parse the log in form if the user has filled it out and pressed "Log In"
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = $_POST["email"];
$customer_password = $_POST["password"];
if (empty($email) or empty($customer_password)) {
$status = "Please give valid email and password.";
} else {
$value = $email;
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$status = "Invalid Email.";
} else {
// Connect to the MySQL database
$sql = myQuery("SELECT customer_id FROM customer WHERE email=:email AND customer_password=:customer_password LIMIT 1", array(':email' => $email, ':customer_password' => $customer_password), $conn);
// query the person
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
if ($sql->rowCount() == 0) {
$status = "Wrong email or password.";
} elseif ($sql->rowCount() == 1) {
// evaluate the count\
$res = $sql->fetch();
$_SESSION["customer_id"] = $res["customer_id"];
$_SESSION["customer_email"] = $email;
$_SESSION["customer_password"] = $customer_password;
header("location: index.php");
exit;
}
}
}
