1 if (empty($order_id) || empty($action_array))
2 {
3 return $return_res;
4 }
1 if (!isset($operable_list['remove']))
2 {
3 make_json_error('Hacking attempt');
4 exit;
5 }
1 elseif ($action == 'del_order')
2 {
3
4 $order_id = isset($_REQUEST['order_id']) ? intval($_REQUEST['order_id']) : 0;
5 if ($order_id == 0)
6 {
7 $err -> show($_LANG['booking_list_lnk'], 'user.php?act=booking_list');
8 }
9
10 if ($user_id == 0)
11 {
12 /* 用户没有登录 */
13 $err -> show($_LANG['booking_list_lnk'], 'user.php?act=booking_list');
14 }
15
16 /* 检查订单是否属于该用户 */
17 $order_user = $db->getOne("SELECT user_id FROM " .$ecs->table('order_info'). " WHERE order_id = '$order_id'");
18 if (empty($order_user))
19 {
20 $err -> show($_LANG['booking_list_lnk'], 'user.php?act=booking_list');
21 }
22 else
23 {
24 if ($order_user != $user_id)
25 {
26 $err -> show($_LANG['booking_list_lnk'], 'user.php?act=booking_list');
27 }
28 }
29
30 /* 删除订单 */
31 $sql = "delete i,g,a from " .$ecs->table('order_info'). " as i join " .$ecs->table('order_goods'). " as g on i.order_id = g.order_id join " .$ecs->table('order_action'). " as a on i.order_id = a.order_id where i.order_id = '$order_id'";
32 $message = $db->query($sql);
33
34 if ($message === true)
35 {
36
37 show_message('删除成功', $_LANG['back_booking_list'], 'user.php?act=order_list', 'info');
38
39 }
40 else
41 {
42 $err -> show($_LANG['booking_list_lnk'], 'user.php?act=booking_list');
43 }
44 }
浙公网安备 33010602011771号