public function preProcess() { parent::preProcess(); if ($_REQUEST['booking'] == 'view') { //如果是查看订单 $orderId = $_GET['oid']; //获取订单编号 if ($_REQUEST['voucher']) { self::$smarty->assign("voucher", $_REQUEST['voucher']); } $error = Booking::checkUserCanViewOrder(self::$cookie->UserID, self::$cookie->RoleID, $orderId); //查看用户是否可以查看订单 } else { // other(build booking info from post variable for edit, confirm, finish) //或者是查看发票,或者是查看详细信息,或者是保存 $orderId = $_POST['order_id']; $error = Booking::checkUserCanEditOrder(self::$cookie->UserID, self::$cookie->RoleID, $orderId); } if ($error['no'] > 0) { self::$smarty->assign("error", $error); self::$smarty->display(_TAS_THEME_DIR_ . 'error_redirect.tpl'); exit; } if ($_REQUEST['booking'] == 'view') { // view page $this->brandNavi[] = array("name" => "Booking List", "url" => 'booking_list.php'); $booking_info = Booking::getBookingInfo($_GET['oid']); if (!$booking_info) { $booking_info = Booking::getBookingInfo_del($_GET['oid']); if (!$booking_info) { $error['no'] = 3; $error['message'] = 'There is no exist booking info'; self::$smarty->assign("error", $error); self::$smarty->display(_TAS_THEME_DIR_ . 'error_redirect.tpl'); exit; } } $this->brandNavi[] = array("name" => "Booking No:" . $booking_info['BookingNo'], "url" => 'booking_confirm.php?booking=view&oid=' . $booking_info['order_id'], "nolang" => 1); if ($_REQUEST['payment']) { self::$smarty->assign("payment", $_REQUEST['payment']); } self::$smarty->assign("method", 'view'); self::$smarty->assign("booking_info", $booking_info); self::$smarty->assign("payment_currency", DEFAULT_PAYMENT_CURRENCY); self::$smarty->assign("mail_address", DEFAULT_EMAIL_ADDRESS); self::$smarty->assign("env", DEFAULT_ENV); self::$smarty->assign("return_url", RETURN_URL); self::$smarty->assign("notify_url", NOTIFY_URL); } }
public function preProcess() { parent::preProcess(); // if (!Tools::hasFunction('room_plan_edit')) Tools::redirect('index.php'); if ($_GET['action'] == 'customer') { $customer_info_list = array(); for ($i = 0; $i < $_GET['count']; $i++) { // default value $customer_info['customer_fnames'] = ''; $customer_info['customer_gnames'] = ''; $customer_info['customer_sex'] = 1; // male $customer_info['customer_country'] = 109; // japan $customer_info_list[] = $customer_info; } self::$smarty->assign("count", $_GET['count']); self::$smarty->assign("id", $_GET['id']); self::$smarty->assign("countries", Tools::getCountries()); self::$smarty->assign("customers", $customer_info_list); self::$smarty->display(_TAS_THEME_DIR_ . 'booking_sub_customer.tpl'); exit; } if ($_POST['booking'] == 'edit') { // check that user has privilege editing this order $orderId = $_GET['oid']; if ($orderId == '') { return; } $error = Booking::checkUserCanEditOrder(self::$cookie->UserID, self::$cookie->RoleID, $orderId); if ($error['no'] > 0) { self::$smarty->assign("error", $error); self::$smarty->display(_TAS_THEME_DIR_ . 'error_redirect.tpl'); exit; } } $booking_info = array(); if ($_POST['booking'] == 'order') { // new booking order rooms $param_id_amounts = $_POST['plan_id_amount']; // the array in formated [planid]_[count] $_POST['ids'] = array(); // $_POST['roomplan_ids'] = array(); $id = 0; foreach ($param_id_amounts as $id_amount) { // $chars = preg_split('/_/', $param_plan_id); // split [room plan id]_[count] $chars = explode("_", $id_amount); $rpid = $chars[0]; for ($i = 0; $i < $chars[1]; $i++) { $_POST['ids'][] = $id; $_POST['or_ids_' . $id] = 0; // new order roomplan $_POST['roomplan_ids_' . $id] = $rpid; $id++; } // $_POST['roomplan_counts_'.$rpid] = $chars[1]; } $booking_info = Booking::buildBookingInfoFromPost(self::$cookie->CompanyID); $booking_info['OrderUserId'] = self::$cookie->UserID; //获取用户ID $booking_info['paymentMethod'] = Member::getPaymentMethod(self::$cookie->CompanyID); $order_id = Booking::insertNewBooking($booking_info); $booking_info = Booking::getBookingInfo($order_id); // echo 'order_id = '.$order_id; // print_r($booking_info); // print_r(self::$cookie->CompanyID); self::$smarty->assign("language", "order"); self::$smarty->assign("method", "order"); } else { $this->brandNavi[] = array("name" => "Booking List", "url" => 'booking_list.php'); // edit $booking_info = Booking::getBookingInfo($_GET['oid']); //print_r($booking_info); if ($booking_info) { $this->brandNavi[] = array("name" => "Booking No:" . $booking_info['BookingNo'], "url" => 'booking_order.php?booking=edit&oid=' . $booking_info['order_id'], "nolang" => 1); } if (!$booking_info) { $booking_info = Booking::getBookingInfo_del($_GET['oid']); $this->brandNavi[] = array("name" => "Booking No:" . $booking_info['BookingNo'], "url" => 'booking_order.php?booking=edit&oid=' . $booking_info['order_id'], "nolang" => 1); if (!$booking_info) { // redirect Tools::redirect('index.php'); } } self::$smarty->assign("method", "edit"); } self::$smarty->assign("booking_info", $booking_info); // $this->booking_info = $booking_info; // $roomtype_list = RoomPlan::getRoomTypeList(); // }
public static function checkUserCanViewOrder($userId, $roleId, $orderId) { $error = array(); $error['no'] = 0; if ($roleId == 1) { //如果是酒店管理员,酒店用户可以查看属于本酒店的用户订单 $sql = "SELECT count(*) FROM HT_User as A, HT_Order as B \n\t\t\t\tWHERE A.HotelId = B.HotelId and A.`UserID` = {$userId} and B.`OrderId` = {$orderId}"; if ($orderId > 0 && Db::getInstance()->getValue($sql) == 0) { echo "error"; $error['no'] = 1; $error['message'] = 'User can not access this page'; } return $error; } return Booking::checkUserCanEditOrder($userId, $roleId, $orderId); //返回是否可以编辑 }