<?php include_once '../lib/glob.php'; include_once '../lib/lib.php'; if (!isset($_POST["cart_row_0"]) or !isset($_SESSION["id"])) { die("ERROR ON PAGE!"); } else { $cartObj3 = new cartDisplayer($_SESSION["id"]); $arr = array(); //check security for ($i = 0; $i < count($cartObj3->itemArr); $i++) { $arr[$i] = checkQTY3($_POST["pid_{$i}"], $_POST["cart_row_{$i}"]); if (!lib_int_validate($_POST["cart_row_{$i}"])) { die("ERROR ON PAGE"); } } for ($row = 0; $row < count($arr); $row++) { $cartObj3->changeItemQuantity($row, $arr[$row]); } setAlertMsg("更改已被保存!"); header("Location:../cart.php"); }
include_once '../lib/glob.php'; include_once '../lib/lib.php'; if (!isset($_SESSION["id"]) or !isset($_SESSION["username"])) { setAlertMsg("You must log in in order to add any items to shopping cart!"); header("Location:../login.php"); exit; } if (isset($_GET["pid"]) and !empty($_GET["pid"]) and isset($_SESSION["id"])) { if (lib_number_validate($_GET["pid"])) { $pid = $_GET["pid"]; } else { die("<h2>ERROR ON PAGE</h2>"); } $query1 = "SELECT * FROM carts \n\t\t\t\tWHERE carts.pid = '{$pid}' AND carts.id = '{$_SESSION['id']}'"; $result1 = mysql_query($query1); if (mysql_num_rows($result1) == 0) { $query2 = "INSERT INTO `carts` ( `cid` , `id` , `pid` , `quantity` )\n\t\t\t\t\tVALUES (NULL ,'{$_SESSION['id']}','{$pid}','1')"; mysql_query($query2); } else { if (mysql_num_rows($result1) == 1) { $query2 = "UPDATE `carts`\n\t\t\t\t\tSET quantity=quantity+1 \n\t\t\t\t\tWHERE carts.pid = '{$pid}' AND carts.id = '{$_SESSION['id']}'"; mysql_query($query2); } } } else { die("<h2>ERROR ON PAGE</h2>"); } setAlertMsg("Item has been added to shopping cart!"); header("Location:../detail.php?pid={$pid}"); exit;
setAlertMsg("Passwords don't match!"); header("Location:../register.php?username={$usr}"); exit; } //check username input validation: if (!lib_name_validate($usr)) { setAlertMsg("Username can only contain letters, numbers and underscore, and the first character must be a letter!"); header("Location:../register.php?username={$usr}"); exit; } //check password input validation: if (!lib_psw_validate($psw)) { setAlertMsg("Password can only contain letters and numbers!"); header("Location:../register.php?username={$usr}"); exit; } //check if name is avalable: if (isUserExist($usr, $psw)) { setAlertMsg("This username has been taken!"); header("Location:../register.php?username={$usr}"); exit; } //proceed registeration: insertNewUser($usr, $psw); $_SESSION["username"] = $usr; $_SESSION["password"] = $psw; $_SESSION["admin"] = 0; $_SESSION["id"] = getUserID($usr, $psw); setAlertMsg("Thank you, {$usr}! Your registeration has been completed!"); header("Location:../index.php"); exit;
function checkQTY4() { $query = "UPDATE carts, bz_bookstore set quantity = bz_bookstore.QTY_HND WHERE carts.id = '{$_SESSION['id']}' AND pid = UPC AND quantity > bz_bookstore.QTY_HND"; $result = mysql_query($query); if (mysql_affected_rows() != 0) { setAlertMsg("由於庫存變動,請確認你的物品!"); } }
<?php include_once '../lib/glob.php'; include_once '../lib/lib.php'; //security check: if (!isset($_POST["Username"]) or !isset($_POST["Password"])) { die("<h1>ERROR ON PAGE</h1>"); } //assign vars $usr = lib_cn_name_filter(trim($_POST["Username"])); $psw = lib_psw_filter(trim($_POST["Password"])); //check if password and username match: if (isUsrPswMatch($usr, $psw)) { if (email_vertify($usr)) { $_SESSION["username"] = $usr; $_SESSION["password"] = $psw; $_SESSION["id"] = getUserID($usr, $psw); header("Location:../index.php"); exit; } else { setAlertMsg("帳號還沒有被激活!"); header("Location:../login.php"); exit; } } else { setAlertMsg("用戶或密碼不正確!"); header("Location:../login.php"); exit; }
<?php include_once '../lib/glob.php'; include_once '../lib/lib.php'; unset($_SESSION['username']); unset($_SESSION['password']); unset($_SESSION['admin']); unset($_SESSION["id"]); setAlertMsg("成功登出!"); header("Location:../index.php");
<?php include_once '../lib/glob.php'; include_once '../lib/lib.php'; unset($_SESSION['username']); unset($_SESSION['password']); unset($_SESSION['admin']); unset($_SESSION["id"]); setAlertMsg("You have logged out!"); header("Location:../index.php");
<?php include_once '../lib/glob.php'; include_once '../lib/lib.php'; //security check: if (!isset($_POST["username"]) or !isset($_POST["password"])) { die("<h1>ERROR ON PAGE</h1>"); } //assign vars $usr = lib_name_filter(trim($_POST["username"])); $psw = lib_psw_filter(trim($_POST["password"])); //check if password and username match: if (isUsrPswMatch($usr, $psw)) { $_SESSION["username"] = $usr; $_SESSION["password"] = $psw; $_SESSION["admin"] = getAdminValue($usr, $psw); $_SESSION["id"] = getUserID($usr, $psw); setAlertMsg("Hello, {$usr}! You are logged in now!"); header("Location:../index.php"); exit; } else { setAlertMsg("Incorrect username and password!"); header("Location:../login.php"); exit; }
<?php include_once '../lib/glob.php'; include_once '../lib/lib.php'; if (!isset($_POST["cart_row_0"]) or !isset($_SESSION["id"])) { die("ERROR ON PAGE!"); } else { $cartObj3 = new cartDisplayer($_SESSION["id"]); $arr = array(); //check security for ($i = 0; $i < count($cartObj3->itemArr); $i++) { $arr[$i] = $_POST["cart_row_{$i}"]; if (!lib_int_validate($_POST["cart_row_{$i}"])) { die("ERROR ON PAGE"); } } for ($row = 0; $row < count($arr); $row++) { $cartObj3->changeItemQuantity($row, $arr[$row]); } setAlertMsg("Changes have been saved!"); header("Location:../cart.php"); }
<?php include_once '../lib/glob.php'; include_once '../lib/lib.php'; if (!isset($_SESSION["id"]) or !isset($_GET["cid"]) or !lib_number_validate($_GET["cid"])) { die("ERROR ON PAGE"); } $id = $_SESSION["id"]; $cid = $_GET["cid"]; //secret code: cid=0 means delete the whole cart: if ($cid == 0) { $query = "DELETE FROM carts WHERE id = {$id}"; $result = mysql_query($query); setAlertMsg("購物車已清空!"); } else { $query = "DELETE FROM carts WHERE id = {$id} AND cid = {$cid}"; $result = mysql_query($query); setAlertMsg("項目已被刪除!"); } header("Location:../cart.php"); exit;
<?php include_once '../lib/glob.php'; include_once '../lib/lib.php'; if (!isset($_SESSION["id"]) or !isset($_GET["cid"]) or !lib_number_validate($_GET["cid"])) { die("<h2>ERROR ON PAGE</h2>"); } $id = $_SESSION["id"]; $cid = $_GET["cid"]; //secret code: cid=0 means delete the whole cart: if ($cid == 0) { $query = "DELETE FROM carts WHERE id = {$id}"; $result = mysql_query($query); setAlertMsg("Cart has been emptied!"); } else { $query = "DELETE FROM carts WHERE id = {$id} AND cid = {$cid}"; $result = mysql_query($query); setAlertMsg("Item has been deleted!"); } header("Location:../cart.php"); exit;
<?php include_once '../lib/glob.php'; include_once '../lib/lib.php'; if (isset($_POST["name"]) and isset($_POST["email"]) and isset($_POST["subject"]) and isset($_POST["message"])) { $name = $_POST["name"]; $email = $_POST["email"]; $subject = $_POST["subject"]; $message = $_POST["message"]; if (empty($name) or empty($email) or empty($subject) or empty($message)) { setAlertMsg("All fields required!"); $_SESSION["contact_textarea"] = $message; header("Location:../contact.php?name={$name}&email={$email}&subject={$subject}"); exit; } else { if (!lib_email_validate($email)) { setAlertMsg("Invalid email!"); $_SESSION["contact_textarea"] = $message; header("Location:../contact.php?name={$name}&email={$email}&subject={$subject}"); exit; } else { mail("*****@*****.**", $subject, $message, "From: " . $email); setAlertMsg("Thank you! Your email has been sent out!"); header("Location:../contact.php"); exit; } } } else { echo "<h2>ERROR ON PAGE!</h2>"; }