From 16325794bb8de0517905aa8fafba73f9b12c54d0 Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Fri, 30 May 2014 16:03:07 +0900
Subject: [PATCH] =?UTF-8?q?=EC=9C=84=EC=8B=9C=EB=A6=AC=EC=8A=A4=ED=8A=B8?=
 =?UTF-8?q?=20=EB=93=B1=EB=A1=9D=20=EB=B0=8F=20=EC=82=AD=EC=A0=9C=20?=
 =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=A0=95=EB=A6=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 shop/wishupdate.php | 36 +++++++++++++++++++++++-------------
 1 file changed, 23 insertions(+), 13 deletions(-)

diff --git a/shop/wishupdate.php b/shop/wishupdate.php
index 123eb7049..ebea16926 100644
--- a/shop/wishupdate.php
+++ b/shop/wishupdate.php
@@ -7,6 +7,13 @@ if (!$is_member)
 if ($w == "d")
 {
     $wi_id = trim($_GET['wi_id']);
+
+    $sql = " select mb_id from {$g5['g5_shop_wish_table']} where wi_id = '$wi_id' ";
+    $row = sql_fetch($sql);
+
+    if($row['mb_id'] != $member['mb_id'])
+        alert('위시리시트 상품을 삭제할 권한이 없습니다.');
+
     $sql = " delete from {$g5['g5_shop_wish_table']}
               where wi_id = '$wi_id'
                 and mb_id = '{$member['mb_id']}' ";
@@ -17,25 +24,28 @@ else
     if(is_array($it_id))
         $it_id = $_POST['it_id'][0];
 
-    $sql_common = " set mb_id = '{$member['mb_id']}',
-                        it_id = '$it_id',
-                        wi_time = '".G5_TIME_YMDHIS."',
-                        wi_ip = '$REMOTE_ADDR' ";
+    if(!$it_id)
+        alert('상품코드가 올바르지 않습니다.', G5_SHOP_URL);
+
+    // 상품정보 체크
+    $sql = " select it_id from {$g5['g5_shop_item_table']} where it_id = '$it_id' ";
+    $row = sql_fetch($sql);
+
+    if(!$row['it_id'])
+        alert('상품정보가 존재하지 않습니다.', G5_SHOP_URL);
 
     $sql = " select wi_id from {$g5['g5_shop_wish_table']}
               where mb_id = '{$member['mb_id']}' and it_id = '$it_id' ";
     $row = sql_fetch($sql);
-    if ($row['wi_id']) { // 이미 있다면 삭제함
-        $sql = " delete from {$g5['g5_shop_wish_table']} where wi_id = '{$row['wi_id']}' ";
+
+    if (!$row['wi_id']) { // 없다면 등록
+        $sql = " insert {$g5['g5_shop_wish_table']}
+                    set mb_id = '{$member['mb_id']}',
+                        it_id = '$it_id',
+                        wi_time = '".G5_TIME_YMDHIS."',
+                        wi_ip = '$REMOTE_ADDR' ";
         sql_query($sql);
     }
-
-    $sql = " insert {$g5['g5_shop_wish_table']}
-                set mb_id = '{$member['mb_id']}',
-                    it_id = '$it_id',
-                    wi_time = '".G5_TIME_YMDHIS."',
-                    wi_ip = '$REMOTE_ADDR' ";
-    sql_query($sql);
 }
 
 goto_url('./wishlist.php');