1 if (empty($order_id) || empty($action_array)) 2 { 3 return $return_res; 4 }
1 if (!isset($operable_list['remove'])) 2 { 3 make_json_error('Hacking attempt'); 4 exit; 5 }
1 elseif ($action == 'del_order') 2 { 3 4 $order_id = isset($_REQUEST['order_id']) ? intval($_REQUEST['order_id']) : 0; 5 if ($order_id == 0) 6 { 7 $err -> show($_LANG['booking_list_lnk'], 'user.php?act=booking_list'); 8 } 9 10 if ($user_id == 0) 11 { 12 /* 用户没有登录 */ 13 $err -> show($_LANG['booking_list_lnk'], 'user.php?act=booking_list'); 14 } 15 16 /* 检查订单是否属于该用户 */ 17 $order_user = $db->getOne("SELECT user_id FROM " .$ecs->table('order_info'). " WHERE order_id = '$order_id'"); 18 if (empty($order_user)) 19 { 20 $err -> show($_LANG['booking_list_lnk'], 'user.php?act=booking_list'); 21 } 22 else 23 { 24 if ($order_user != $user_id) 25 { 26 $err -> show($_LANG['booking_list_lnk'], 'user.php?act=booking_list'); 27 } 28 } 29 30 /* 删除订单 */ 31 $sql = "delete i,g,a from " .$ecs->table('order_info'). " as i join " .$ecs->table('order_goods'). " as g on i.order_id = g.order_id join " .$ecs->table('order_action'). " as a on i.order_id = a.order_id where i.order_id = '$order_id'"; 32 $message = $db->query($sql); 33 34 if ($message === true) 35 { 36 37 show_message('删除成功', $_LANG['back_booking_list'], 'user.php?act=order_list', 'info'); 38 39 } 40 else 41 { 42 $err -> show($_LANG['booking_list_lnk'], 'user.php?act=booking_list'); 43 } 44 }