KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17
System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64
User : nobody ( 99)
PHP Version : 5.2.17
Disable Function : NONE
Directory :  /home/queenjbs/www/store/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/queenjbs/www/store/store_order_proc.php
<?include "$DOCUMENT_ROOT/conf/conf_dir.php";?>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8' />
<?
//$category_num 0 -> 유료회원, 1 -> 무료회원, 2 ->둘다 살수있음.

/*$category_num = Get_db("select category from shop_product where uid = '$goodsuid'");
if($category_num == 0 && ($sessionLevel == 3 || $sessionLevel == ""){
		echo"<script>alert('正会員専用のページです.');location.href='/member/?tab=12&tabs=1';</script>";
		exit;
}*/
//회원이 아니면 회원로그인
if($sessionIDX == "0" || $sessionIDX == ""){
		echo"<script>alert('正会員専用のページです.');location.href='/member/?tab=12&tabs=1';</script>";
		exit;
}
//가격 같으면 안되게함.
//$uid = get_db("SELECT A.uid FROM shop_order A ,shop_ordergoods B WHERE A.uid = B.parent and B.goodsuid='$goodsuid' and B.mbruid='$sessionIDX' and A.price='$total_price' and A.o_name='$o_name' and A.o_email='$o_email' and A.orderstep=1");



//상품한번만 살수 있게
$uid = get_db("SELECT A.uid FROM shop_order A ,shop_ordergoods B WHERE A.uid = B.parent and B.goodsuid='$goodsuid' and B.mbruid='$sessionIDX' and A.orderstep < 6");

if($uid) {
	echo"<script>alert('既に予約しました.');location.href='/member/?tab=12&tabs=14';</script>";
	exit;
}

//카렌더 , DVD 중 하나만 살수 있게함. //여러개 굿즈 1번만 사기.
if($goodsuid == 79 || $goodsuid == 80){
	$chk_order = get_db("select uid from shop_order where mbruid='$sessionIDX' and goodsuid in (79,80) and (orderstep!=6)");
	if($chk_order){
	echo"<script>alert('既にご予約されております。');
location.href='/member/?tab=12&tabs=14';</script>";
		exit;
	}
	//$nan_tmp ="D";
}

//굿즈 수량체크
if($goodsuid == 54 || $goodsuid == 55 ||$goodsuid == 100 ||$goodsuid == 106 ||$goodsuid == 125 ||$goodsuid == 130){
		$buycount = count($buynum);
		for($i=0;$i< $buycount ;$i++)
		{
			//$goodsuid
			//$optNum[$i]
			//option에 1이 아니여야함.
			$res2 = Get_dbres("select * from shop_product_opt  where product_prt = '$goodsuid' and uid = $optNum[$i]");
			$row2	= mysql_fetch_array($res2);
			if($row2[display] == 1){
				//솔드아웃
				echo"<script>alert('".$row2[optName]." SOLD OUTとなりました。');location.href='/store/?tab=8&tabs=1';</script>";
				exit;
			}else{
				//현재 예약된 수량
				$sumbuynum = Get_db("select sum(buynum) from shop_ordergoods where goodsuid = '$goodsuid' and options = $optNum[$i] and orderstep in (1,2)");
				if($row2[amount] <= $sumbuynum){
					$queryupok = "update shop_product_opt set display = '1' where product_prt = '$goodsuid' and uid = $optNum[$i]";
					$queryupok_result = mysql_query($queryupok,$db_con);

					echo"<script>alert('".$row2[optName]." SOLD OUTとなりました。');location.href='/store/?tab=8&tabs=1';</script>";
					exit;
				}
			}
			//echo $row2[optName]."총수량:".$row2[amount]." 예약한 수량:".$sumbuynum."<br/>";


		}

		//exit;
}


//$nan_tmp ="M";
if($mode == "order_proc" && $sessionIDX){
	//예약번호
	$nan = explode(' ',microtime());
	$_cartid = $nan_tmp.$nan[1] . substr($nan[0],2,3);
	// 예약함.
	$orderstep = "1";
	$o_email = trim($o_email);

	//결제체크
	$ckind = "1";
	$bank ="三菱東京UFJ銀行";

	$query = "INSERT INTO `shop_order`
	(`uid`, `orderid`, `orderstep`, `price`, `tack`, `goodsuid`,`mbruid`,
	`o_name`, `o_email`, `o_tel`, `o_zip`, `o_addr`, `r_name`, `r_email`,`r_tel`, `r_zip`, `r_addr`,
	`ckind`, `bank`, `b_name`, `escr`,`memo`, `d_regis`, `d_bank`, `d_tack`, `is_mobile`)

		VALUES

	(NULL, '$_cartid', '$orderstep', '$total_price','$deliradio','$goodsuid','$sessionIDX',
	'$o_name', '$o_email','$o_tel','$o_zip','$o_addr','$r_name', '$r_email','$r_tel', '$r_zip', '$r_addr',
	'$ckind', '$bank', '$b_name', '$escr', '$memo','$date[totime]', '', '', '0')";

	$result = mysql_query($query,$db_con);
	//부모 idx 값 가져오기
	$p_idx = get_db("select uid from shop_order where mbruid='$sessionIDX' and orderid='$_cartid'");

	if($p_idx)
	{
	//상품등록 나중에 for문으로 등록
	//echo "<br><br>";
	$buycount = count($buynum);
		for($i=0;$i< $buycount ;$i++)
		{
			// option
			$sub_query = "INSERT INTO `jyjsite`.`shop_ordergoods`
			(`uid`, `parent`, `mbruid`, `orderstep`, `goodsuid`, `goodsname`, `options`, `buynum`, `price`,`d_regis`, `d_bank`, `d_tack`)
				VALUES
			(NULL, '$p_idx', '$sessionIDX', '$orderstep', '$goodsuid', '$optName[$i]', '$optNum[$i]', '$buynum[$i]', '$goodPrice[$i]','$date[totime]',  '', '')";
		//echo "$sub_query<br>";

		$result = mysql_query($sub_query,$db_con);

		}
	//입금메일
	//$mail1 = get_db("select mail1 from shop_product where uid='$goodsuid'");
	}
//$regdate = substr($date[totime],0,4)."-".substr($date[totime],4,2)."-".substr($date[totime],6,2);
	/*if($o_email){
	8$content=$o_name."様<br>
こんにちは。<br>
JYJ Japan Official Fanclubです。<br>
<br>
ご注文いただき誠にありがとうございます。<br>
下記の通りご予約を受け付けいたしました。<br>
<br>
日付: ".$regdate."<br>
予約番号:".$_cartid."<br>
商品名: ".$goodsname."<br>
数量: ".$buynum."個<br>
価格(税込):".number_format($goodPrice)." 円<br>
配送料:".number_format($deli_price)." 円<br>
<br>
決済料金(税込):".number_format($total_price)."<br>
<br>
".stripslashes($mail1)."

<br/>
<br/>
	";

	$from .= "From: JYJ Japan Official<jyjjapan@c-jes.com>\n";
	$from .= "Return-Path: <jyjjapan@c-jes.com>\n";
	$from .= "Content-Type: text/html; charset=utf-8";
	$subject = "JYJ MEMBERSHIP GOODS INFO";
	mail($o_email, $subject, $content, $from);

	}*/
mysql_close();
}else{
echo "<script>alert('error.');parent.location.href='/member/?tab=12&tabs=14&order_code=$_cartid';</script>";
}


echo "<script>alert('商品注文になりました.');parent.location.href='/member/?tab=12&tabs=14&order_code=$_cartid';</script>";
?>

Anon7 - 2021