<?php
include_once '../lib/glob.php';
include_once '../lib/lib.php';
if (!isset($_POST["cart_row_0"]) or !isset($_SESSION["id"])) {
die("ERROR ON PAGE!");
} else {
$cartObj3 = new cartDisplayer($_SESSION["id"]);
$arr = array();
//check security
for ($i = 0; $i < count($cartObj3->itemArr); $i++) {
$arr[$i] = checkQTY3($_POST["pid_{$i}"], $_POST["cart_row_{$i}"]);
if (!lib_int_validate($_POST["cart_row_{$i}"])) {
die("ERROR ON PAGE");
}
}
for ($row = 0; $row < count($arr); $row++) {
$cartObj3->changeItemQuantity($row, $arr[$row]);
}
setAlertMsg("更改已被保存!");
header("Location:../cart.php");
}
include_once '../lib/glob.php';
include_once '../lib/lib.php';
if (!isset($_SESSION["id"]) or !isset($_SESSION["username"])) {
setAlertMsg("You must log in in order to add any items to shopping cart!");
header("Location:../login.php");
exit;
}
if (isset($_GET["pid"]) and !empty($_GET["pid"]) and isset($_SESSION["id"])) {
if (lib_number_validate($_GET["pid"])) {
$pid = $_GET["pid"];
} else {
die("<h2>ERROR ON PAGE</h2>");
}
$query1 = "SELECT * FROM carts \n\t\t\t\tWHERE carts.pid = '{$pid}' AND carts.id = '{$_SESSION['id']}'";
$result1 = mysql_query($query1);
if (mysql_num_rows($result1) == 0) {
$query2 = "INSERT INTO `carts` ( `cid` , `id` , `pid` , `quantity` )\n\t\t\t\t\tVALUES (NULL ,'{$_SESSION['id']}','{$pid}','1')";
mysql_query($query2);
} else {
if (mysql_num_rows($result1) == 1) {
$query2 = "UPDATE `carts`\n\t\t\t\t\tSET quantity=quantity+1 \n\t\t\t\t\tWHERE carts.pid = '{$pid}' AND carts.id = '{$_SESSION['id']}'";
mysql_query($query2);
}
}
} else {
die("<h2>ERROR ON PAGE</h2>");
}
setAlertMsg("Item has been added to shopping cart!");
header("Location:../detail.php?pid={$pid}");
exit;
setAlertMsg("Passwords don't match!");
header("Location:../register.php?username={$usr}");
exit;
}
//check username input validation:
if (!lib_name_validate($usr)) {
setAlertMsg("Username can only contain letters, numbers and underscore, and the first character must be a letter!");
header("Location:../register.php?username={$usr}");
exit;
}
//check password input validation:
if (!lib_psw_validate($psw)) {
setAlertMsg("Password can only contain letters and numbers!");
header("Location:../register.php?username={$usr}");
exit;
}
//check if name is avalable:
if (isUserExist($usr, $psw)) {
setAlertMsg("This username has been taken!");
header("Location:../register.php?username={$usr}");
exit;
}
//proceed registeration:
insertNewUser($usr, $psw);
$_SESSION["username"] = $usr;
$_SESSION["password"] = $psw;
$_SESSION["admin"] = 0;
$_SESSION["id"] = getUserID($usr, $psw);
setAlertMsg("Thank you, {$usr}! Your registeration has been completed!");
header("Location:../index.php");
exit;
function checkQTY4()
{
$query = "UPDATE carts, bz_bookstore set quantity = bz_bookstore.QTY_HND WHERE carts.id = '{$_SESSION['id']}' AND pid = UPC AND quantity > bz_bookstore.QTY_HND";
$result = mysql_query($query);
if (mysql_affected_rows() != 0) {
setAlertMsg("由於庫存變動,請確認你的物品!");
}
}
<?php
include_once '../lib/glob.php';
include_once '../lib/lib.php';
//security check:
if (!isset($_POST["Username"]) or !isset($_POST["Password"])) {
die("<h1>ERROR ON PAGE</h1>");
}
//assign vars
$usr = lib_cn_name_filter(trim($_POST["Username"]));
$psw = lib_psw_filter(trim($_POST["Password"]));
//check if password and username match:
if (isUsrPswMatch($usr, $psw)) {
if (email_vertify($usr)) {
$_SESSION["username"] = $usr;
$_SESSION["password"] = $psw;
$_SESSION["id"] = getUserID($usr, $psw);
header("Location:../index.php");
exit;
} else {
setAlertMsg("帳號還沒有被激活!");
header("Location:../login.php");
exit;
}
} else {
setAlertMsg("用戶或密碼不正確!");
header("Location:../login.php");
exit;
}
<?php
include_once '../lib/glob.php';
include_once '../lib/lib.php';
unset($_SESSION['username']);
unset($_SESSION['password']);
unset($_SESSION['admin']);
unset($_SESSION["id"]);
setAlertMsg("成功登出!");
header("Location:../index.php");
<?php
include_once '../lib/glob.php';
include_once '../lib/lib.php';
unset($_SESSION['username']);
unset($_SESSION['password']);
unset($_SESSION['admin']);
unset($_SESSION["id"]);
setAlertMsg("You have logged out!");
header("Location:../index.php");
<?php
include_once '../lib/glob.php';
include_once '../lib/lib.php';
//security check:
if (!isset($_POST["username"]) or !isset($_POST["password"])) {
die("<h1>ERROR ON PAGE</h1>");
}
//assign vars
$usr = lib_name_filter(trim($_POST["username"]));
$psw = lib_psw_filter(trim($_POST["password"]));
//check if password and username match:
if (isUsrPswMatch($usr, $psw)) {
$_SESSION["username"] = $usr;
$_SESSION["password"] = $psw;
$_SESSION["admin"] = getAdminValue($usr, $psw);
$_SESSION["id"] = getUserID($usr, $psw);
setAlertMsg("Hello, {$usr}! You are logged in now!");
header("Location:../index.php");
exit;
} else {
setAlertMsg("Incorrect username and password!");
header("Location:../login.php");
exit;
}
<?php
include_once '../lib/glob.php';
include_once '../lib/lib.php';
if (!isset($_POST["cart_row_0"]) or !isset($_SESSION["id"])) {
die("ERROR ON PAGE!");
} else {
$cartObj3 = new cartDisplayer($_SESSION["id"]);
$arr = array();
//check security
for ($i = 0; $i < count($cartObj3->itemArr); $i++) {
$arr[$i] = $_POST["cart_row_{$i}"];
if (!lib_int_validate($_POST["cart_row_{$i}"])) {
die("ERROR ON PAGE");
}
}
for ($row = 0; $row < count($arr); $row++) {
$cartObj3->changeItemQuantity($row, $arr[$row]);
}
setAlertMsg("Changes have been saved!");
header("Location:../cart.php");
}
<?php
include_once '../lib/glob.php';
include_once '../lib/lib.php';
if (!isset($_SESSION["id"]) or !isset($_GET["cid"]) or !lib_number_validate($_GET["cid"])) {
die("ERROR ON PAGE");
}
$id = $_SESSION["id"];
$cid = $_GET["cid"];
//secret code: cid=0 means delete the whole cart:
if ($cid == 0) {
$query = "DELETE FROM carts WHERE id = {$id}";
$result = mysql_query($query);
setAlertMsg("購物車已清空!");
} else {
$query = "DELETE FROM carts WHERE id = {$id} AND cid = {$cid}";
$result = mysql_query($query);
setAlertMsg("項目已被刪除!");
}
header("Location:../cart.php");
exit;
<?php
include_once '../lib/glob.php';
include_once '../lib/lib.php';
if (!isset($_SESSION["id"]) or !isset($_GET["cid"]) or !lib_number_validate($_GET["cid"])) {
die("<h2>ERROR ON PAGE</h2>");
}
$id = $_SESSION["id"];
$cid = $_GET["cid"];
//secret code: cid=0 means delete the whole cart:
if ($cid == 0) {
$query = "DELETE FROM carts WHERE id = {$id}";
$result = mysql_query($query);
setAlertMsg("Cart has been emptied!");
} else {
$query = "DELETE FROM carts WHERE id = {$id} AND cid = {$cid}";
$result = mysql_query($query);
setAlertMsg("Item has been deleted!");
}
header("Location:../cart.php");
exit;
<?php
include_once '../lib/glob.php';
include_once '../lib/lib.php';
if (isset($_POST["name"]) and isset($_POST["email"]) and isset($_POST["subject"]) and isset($_POST["message"])) {
$name = $_POST["name"];
$email = $_POST["email"];
$subject = $_POST["subject"];
$message = $_POST["message"];
if (empty($name) or empty($email) or empty($subject) or empty($message)) {
setAlertMsg("All fields required!");
$_SESSION["contact_textarea"] = $message;
header("Location:../contact.php?name={$name}&email={$email}&subject={$subject}");
exit;
} else {
if (!lib_email_validate($email)) {
setAlertMsg("Invalid email!");
$_SESSION["contact_textarea"] = $message;
header("Location:../contact.php?name={$name}&email={$email}&subject={$subject}");
exit;
} else {
mail("*****@*****.**", $subject, $message, "From: " . $email);
setAlertMsg("Thank you! Your email has been sent out!");
header("Location:../contact.php");
exit;
}
}
} else {
echo "<h2>ERROR ON PAGE!</h2>";
}
