Esempio n. 1
0
function try_to_login()
{
    $username = Injection::excute('username');
    $password = Injection::excute('pwd');
    //  echo $username;
    // echo $password;
    include_once 'class/DBtraverser.php';
    include_once 'class/Config.php';
    include_once 'class/Config_user.php';
    $myDBtraveser = new DBtraverser(Config_user::table_name, ' where ' . Config_user::log_name . "='{$username}'");
    $retval = $myDBtraveser->excute_without_conn();
    //handle the login result
    if (mysqli_num_rows($retval) == 0) {
        echo "<script language='javascript'> alert('wrong log name!');\r\n                window.history.go(-1);\r\n                </script>";
    } else {
        $complete_ary = mysqli_fetch_array($retval, MYSQLI_ASSOC);
        if ($complete_ary[Config_user::password] == $password) {
            $_SESSION['CURRENT_LOGIN_USER'] = $username;
            $_SESSION['CURRENT_LOGIN_ID'] = $complete_ary[Config_user::id];
            mysqli_free_result($retval);
            header("Location:Commodity_browse.php");
        } else {
            mysqli_free_result($retval);
            echo "<script language='javascript'> alert('wrong password!');\r\n                window.history.go(-1);\r\n                </script>";
        }
    }
}
Esempio n. 2
0
 /**
  * 获取商品信息
  * @return   如果跟id对应的商品信息存在,返回关联数组;   否则返回false
  */
 public function commodity_info()
 {
     $path = dirname(dirname(__FILE__));
     include_once $path . '/DBtraverser.php';
     include_once $path . '/Config_commodity.php';
     $traverser = new DBtraverser(Config_commodity::table_name, Config_commodity::id . " = '{$this->commodity_id}' ");
     $result = $traverser->excute_without_conn();
     $commodity_info = mysqli_fetch_array($result, MYSQLI_ASSOC);
     return $commodity_info == null ? false : $commodity_info;
 }
Esempio n. 3
0
 /**
  * @deprecated
  */
 public function is_exist()
 {
     $path = dirname(dirname(__FILE__));
     include_once $path . '/DBtraverser.php';
     include_once $path . '/Config.php';
     include_once $path . '/Config_user.php';
     $ary = 'where ' . Config_user::log_name . ' =  ' . " '{$this->user_name}' ";
     $myDBfinder = new DBtraverser(Config_user::table_name, $ary);
     $retval = $myDBfinder->excute_without_conn();
     if (mysqli_num_rows($retval) == 0) {
         return false;
     } else {
         return true;
     }
 }