From fc914c0a88ab35d48a97ac5abcd024d5597477eb Mon Sep 17 00:00:00 2001
From: chicpro <chicpro@gmail.com>
Date: Wed, 31 Jul 2013 15:28:28 +0900
Subject: [PATCH] =?UTF-8?q?#267=20cartupdate=20=EC=97=90=EC=84=9C=20?=
 =?UTF-8?q?=EA=B0=80=EA=B2=A9=20=ED=8F=AC=EC=9D=B8=ED=8A=B8=EB=8A=94=20?=
 =?UTF-8?q?=EB=A0=88=EC=BD=94=EB=93=9C=EC=9D=98=20=EA=B0=92=EC=9D=84=20?=
 =?UTF-8?q?=EC=9D=BD=EC=96=B4=EC=84=9C=20=EC=A0=80=EC=9E=A5=ED=95=98?=
 =?UTF-8?q?=EB=8F=84=EB=A1=9D=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 extend/shop.extend2.php  |  10 +++
 mobile/shop/item.php     |   5 +-
 mobile/shop/wishlist.php |   3 -
 shop/cartupdate.php      | 150 +++++++++++++--------------------------
 shop/item.php            |   3 -
 shop/wishlist.php        |   3 -
 6 files changed, 61 insertions(+), 113 deletions(-)

diff --git a/extend/shop.extend2.php b/extend/shop.extend2.php
index 958049835..57aaa0e65 100644
--- a/extend/shop.extend2.php
+++ b/extend/shop.extend2.php
@@ -374,6 +374,16 @@ if(!sql_query(" select od_tax_flag from {$g4['shop_order_table']} limit 1 ", fal
 }
 */
 
+/*
+// notax 필드추가
+$sql = " select ct_notax from {$g4['shop_cart_table']} limit 1 ";
+$result = sql_query($sql, false);
+if(!$result) {
+    sql_query(" ALTER TABLE `{$g4['shop_cart_table']}`
+                    ADD `ct_notax` TINYINT(4) NOT NULL DEFAULT '0' AFTER `ct_num` ", true);
+}
+*/
+
 // 쇼핑몰 스킨 필드 추가
 if (!isset($default['de_shop_skin'])) {
     sql_query(" ALTER TABLE `{$g4['shop_default_table']}`
diff --git a/mobile/shop/item.php b/mobile/shop/item.php
index 0769602a5..299e6c05a 100644
--- a/mobile/shop/item.php
+++ b/mobile/shop/item.php
@@ -163,8 +163,6 @@ else
 
     <form name="fitem" action="<?php echo $action_url; ?>" method="post">
     <input type="hidden" name="it_id" value="<?php echo $it['it_id']; ?>">
-    <input type="hidden" name="it_name" value="<?php echo $it['it_name']; ?>">
-    <input type="hidden" name="total_price" value="">
     <input type="hidden" name="sw_direct">
     <input type="hidden" name="url">
 
@@ -311,7 +309,7 @@ else
             <tr>
                 <th scope="row">판매가격</th>
                 <td>
-                    <?php echo number_format($it['it_price']); ?> 원
+                    <?php echo number_format(get_price($it)); ?> 원
                     <input type="hidden" name="it_price" value="<?php echo get_price($it); ?>">
                 </td>
             </tr>
@@ -333,7 +331,6 @@ else
                     $it_point = get_item_point($it);
                     echo number_format($it_point);
                     ?> 점
-                    <input type="hidden" name="it_point" value="<?php echo $it_point; ?>">
                 </td>
             </tr>
             <?php } ?>
diff --git a/mobile/shop/wishlist.php b/mobile/shop/wishlist.php
index 892b4b8c4..5be977fcd 100644
--- a/mobile/shop/wishlist.php
+++ b/mobile/shop/wishlist.php
@@ -65,9 +65,6 @@ include_once(G4_MSHOP_PATH.'/_head.php');
             <?php } else { //품절이 아니면 체크할수 있도록한다 ?>
             <input type="checkbox" name="it_id[<?php echo $i; ?>]"     value="<?php echo $row['it_id']; ?>" onclick="out_cd_check(this, '<?php echo $out_cd; ?>');">
             <?php } ?>
-            <input type="hidden"   name="it_name[<?php echo $i; ?>]"   value="<?php echo $row['it_name']; ?>">
-            <input type="hidden"   name="it_price[<?php echo $i; ?>]" value="<?php echo $it_price; ?>">
-            <input type="hidden"   name="it_point[<?php echo $i; ?>]"  value="<?php echo $it_point; ?>">
             <input type="hidden"   name="ct_qty[<?php echo $i; ?>]"    value="1">
         </td>
         <td class="td_smallmng"><a href="<?php echo G4_SHOP_URL; ?>/wishupdate.php?w=d&amp;wi_id=<?php echo $row['wi_id']; ?>">삭제</a></td>
diff --git a/shop/cartupdate.php b/shop/cartupdate.php
index 7f1746f97..ee4ed56df 100644
--- a/shop/cartupdate.php
+++ b/shop/cartupdate.php
@@ -24,16 +24,6 @@ if ($member['mb_level'] < $default['de_level_sell'])
     alert('상품을 구입할 수 있는 권한이 없습니다.');
 }
 
-/*
-// notax 필드추가
-$sql = " select ct_notax from {$g4['shop_cart_table']} limit 1 ";
-$result = sql_query($sql, false);
-if(!$result) {
-    sql_query(" ALTER TABLE `{$g4['shop_cart_table']}`
-                    ADD `ct_notax` TINYINT(4) NOT NULL DEFAULT '0' AFTER `ct_num` ", true);
-}
-*/
-
 if($act == "buy")
 {
     if(!count($_POST['ct_chk']))
@@ -86,7 +76,7 @@ else if ($act == "seldelete") // 선택삭제
 }
 else if ($act == "multi") // 여러개의 상품이 한꺼번에 들어옴.
 {
-    $fldcnt = count($_POST['it_name']);
+    $fldcnt = count($_POST['it_id']);
     $arr_item = array();
 
     // 재고등을 검사
@@ -104,24 +94,18 @@ else if ($act == "multi") // 여러개의 상품이 한꺼번에 들어옴.
             continue;
         }
 
-        //--------------------------------------------------------
-        //  변조 검사
-        //--------------------------------------------------------
+        // 상품정보
         $sql = " select * from {$g4['shop_item_table']} where it_id = '{$_POST['it_id'][$i]}' ";
         $it = sql_fetch($sql);
+        if(!$it['it_id'])
+            continue;
+
+        $arr_item[$i]['id'] = $it['it_id'];
+        $arr_item[$i]['name'] = $it['it_name'];
+        $arr_item[$i]['price'] = get_price($it);
+        $arr_item[$i]['point'] = $config['cf_use_point'] ? get_item_point($it) : 0;
         $arr_item[$i]['notax'] = $it['it_notax'];
 
-        $price = get_price($it);
-        // 상품가격이 다름
-        if ((int)$price !== (int)$_POST['it_price'][$i])
-            die("Error..");
-
-        $point = get_item_point($it);
-        // 포인트가 다름
-        if ((int)$point !== (int)$_POST['it_point'][$i] && $config['cf_use_point'])
-            die("Error...");
-        //--------------------------------------------------------
-
         // 이미 장바구니에 있는 같은 상품의 수량합계를 구한다.
         $sql = " select SUM(ct_qty) as cnt from {$g4['shop_cart_table']} where it_id = '{$_POST['it_id'][$i]}' and uq_id = '$tmp_uq_id' ";
         $row = sql_fetch($sql);
@@ -154,9 +138,6 @@ else if ($act == "multi") // 여러개의 상품이 한꺼번에 들어옴.
         if($arr_item[$i]['opt_skip'])
             continue;
 
-        // 포인트 사용하지 않는다면
-        if (!$config['cf_use_point']) $_POST['it_point'][$i] = 0;
-
         // 동일옵션의 상품이 있으면 수량 더함
         $sql2 = " select ct_id
                     from {$g4['shop_cart_table']}
@@ -173,7 +154,7 @@ else if ($act == "multi") // 여러개의 상품이 한꺼번에 들어옴.
             continue;
         }
 
-        $sql .= $comma."( '$tmp_uq_id', '{$member['mb_id']}', '{$_POST['it_id'][$i]}', '{$_POST['it_name'][$i]}', '쇼핑', '{$_POST['it_price'][$i]}', '{$_POST['it_point'][$i]}', '0', '0', '{$_POST['it_name'][$i]}', '{$_POST['ct_qty'][$i]}', '0', '{$arr_item[$i]['notax']}', '', '0', '0', '".G4_TIME_YMDHIS."', '$REMOTE_ADDR', '$ct_send_cost', '$sw_direct', '$ct_select' )";
+        $sql .= $comma."( '$tmp_uq_id', '{$member['mb_id']}', '{$arr_item[$i]['id']}', '{$arr_item[$i]['name']}', '쇼핑', '{$arr_item[$i]['price']}', '{$arr_item[$i]['point']}', '0', '0', '{$arr_item[$i]['name']}', '{$_POST['ct_qty'][$i]}', '0', '{$arr_item[$i]['notax']}', '', '0', '0', '".G4_TIME_YMDHIS."', '$REMOTE_ADDR', '$ct_send_cost', '$sw_direct', '$ct_select' )";
         $comma = ' , ';
         $ct_count++;
     }
@@ -197,47 +178,26 @@ else if ($act == "optionmod") // 장바구니에서 옵션변경
                 alert('수량은 1 이상 입력해 주십시오.');
         }
 
-        //--------------------------------------------------------
-        //  변조 검사
-        //--------------------------------------------------------
-        $total_price = 0;
+        // 상품정보
         $sql = " select * from {$g4['shop_item_table']} where it_id = '{$_POST['it_id']}' ";
         $it = sql_fetch($sql);
+        if(!$it['it_id'])
+            alert('상품정보가 존재하지 않습니다.');
 
         // 옵션정보를 얻어서 배열에 저장
         $opt_list = array();
         $sql = " select * from {$g4['shop_item_option_table']} where it_id = '{$_POST['it_id']}' and io_use = '1' order by io_no asc ";
         $result = sql_query($sql);
         for($i=0; $row=sql_fetch_array($result); $i++) {
+            $opt_list[$row['io_type']][$row['io_id']]['id'] = $row['io_id'];
             $opt_list[$row['io_type']][$row['io_id']]['price'] = $row['io_price'];
             $opt_list[$row['io_type']][$row['io_id']]['stock'] = $row['io_stock_qty'];
         }
 
-        for($i=0; $i<$option_count; $i++) {
-            $opt_id = $_POST['io_id'][$i];
-            $opt_type = $_POST['io_type'][$i];
-            $opt_price = $_POST['io_price'][$i];
-            $opt_qty = $_POST['ct_qty'][$i];
-
-            if((int)$opt_price !== (int)$opt_list[$opt_type][$opt_id]['price'])
-                die("Option Price Mismatch");
-
-            if($opt_type == 1)
-                $total_price += $opt_price * $opt_qty;
-            else
-                $total_price += ($it['it_price'] + $opt_price) * $opt_qty;
-        }
-
-        // 상품 총금액이 다름
-        if ((int)$_POST['total_price'] !== (int)$total_price)
-            die("Error..");
-
-        $point = get_item_point($it);
-        // 포인트가 다름
-        if ((int)$point !== (int)$_POST['it_point'] && $config['cf_use_point'])
-            die("Error...");
-        //--------------------------------------------------------
-
+        // 포인트
+        $point = 0;
+        if($config['cf_use_point'])
+            $point = get_item_point($it);
 
         //--------------------------------------------------------
         //  재고 검사
@@ -268,17 +228,24 @@ else if ($act == "optionmod") // 장바구니에서 옵션변경
         // 기존 장바구니 자료를 먼저 삭제
         sql_query(" delete from {$g4['shop_cart_table']} where uq_id = '$tmp_uq_id' and it_id = '$it_id' ");
 
-        // 포인트 사용하지 않는다면
-        if (!$config['cf_use_point']) { $_POST['it_point'] = 0; }
-
         // 장바구니에 Insert
         $comma = '';
         $sql = " INSERT INTO {$g4['shop_cart_table']}
-                        ( uq_id, it_id, it_name, ct_status, ct_price, ct_point, ct_point_use, ct_stock_use, ct_option, ct_qty, ct_num, ct_notax, io_id, io_type, io_price, ct_time, ct_ip, ct_direct, ct_send_cost )
+                        ( uq_id, mb_id, it_id, it_name, ct_status, ct_price, ct_point, ct_point_use, ct_stock_use, ct_option, ct_qty, ct_num, ct_notax, io_id, io_type, io_price, ct_time, ct_ip, ct_direct, ct_send_cost )
                     VALUES ";
 
         for($i=0; $i<$option_count; $i++) {
-            $sql .= $comma."( '$tmp_uq_id', '{$_POST['it_id']}', '{$_POST['it_name']}', '쇼핑', '{$_POST['it_price']}', '{$_POST['it_point']}', '0', '0', '{$_POST['io_value'][$i]}', '{$_POST['ct_qty'][$i]}', '$i', '{$it['it_notax']}', '{$_POST['io_id'][$i]}', '{$_POST['io_type'][$i]}', '{$_POST['io_price'][$i]}', '".G4_TIME_YMDHIS."', '$REMOTE_ADDR', '$sw_direct', '$ct_send_cost' )";
+            $opt_id = $_POST['io_id'][$i];
+            $opt_type = $_POST['io_type'][$i];
+
+            // 옵션테이블에 정보가 없으면 건너뜀
+            if($opt_id && !$opt_list[$opt_type][$opt_id]['id'])
+                continue;
+
+            $opt_price = $opt_list[$opt_type][$opt_id]['price'];
+            $opt_qty = $_POST['ct_qty'][$i];
+
+            $sql .= $comma."( '$tmp_uq_id', '{$member['mb_id']}', '{$it['it_id']}', '{$it['it_name']}', '쇼핑', '{$it['it_price']}', '$point', '0', '0', '{$_POST['io_value'][$i]}', '$opt_qty', '$i', '{$it['it_notax']}', '$opt_id', '$opt_type', '$opt_price', '".G4_TIME_YMDHIS."', '$REMOTE_ADDR', '$sw_direct', '$ct_send_cost' )";
             $comma = ' , ';
         }
 
@@ -303,47 +270,27 @@ else // 장바구니에 담기
                 alert('수량은 1 이상 입력해 주십시오.');
         }
 
-        //--------------------------------------------------------
-        //  변조 검사
-        //--------------------------------------------------------
+        // 상품정보
         $total_price = 0;
         $sql = " select * from {$g4['shop_item_table']} where it_id = '{$_POST['it_id']}' ";
         $it = sql_fetch($sql);
+        if(!$it['it_id'])
+            alert('상품정보가 존재하지 않습니다.');
 
         // 옵션정보를 얻어서 배열에 저장
         $opt_list = array();
         $sql = " select * from {$g4['shop_item_option_table']} where it_id = '{$_POST['it_id']}' and io_use = '1' order by io_no asc ";
         $result = sql_query($sql);
         for($i=0; $row=sql_fetch_array($result); $i++) {
+            $opt_list[$row['io_type']][$row['io_id']]['id'] = $row['io_id'];
             $opt_list[$row['io_type']][$row['io_id']]['price'] = $row['io_price'];
             $opt_list[$row['io_type']][$row['io_id']]['stock'] = $row['io_stock_qty'];
         }
 
-        for($i=0; $i<$option_count; $i++) {
-            $opt_id = $_POST['io_id'][$i];
-            $opt_type = $_POST['io_type'][$i];
-            $opt_price = $_POST['io_price'][$i];
-            $opt_qty = $_POST['ct_qty'][$i];
-
-            if((int)$opt_price !== (int)$opt_list[$opt_type][$opt_id]['price'])
-                die("Option Price Mismatch");
-
-            if($opt_type == 1)
-                $total_price += $opt_price * $opt_qty;
-            else
-                $total_price += ($it['it_price'] + $opt_price) * $opt_qty;
-        }
-
-        // 상품 총금액이 다름
-        if ((int)$_POST['total_price'] !== (int)$total_price)
-            die("Error..");
-
-        $point = get_item_point($it);
-        // 포인트가 다름
-        if ((int)$point !== (int)$_POST['it_point'] && $config['cf_use_point'])
-            die("Error...");
-        //--------------------------------------------------------
-
+        // 포인트
+        $point = 0;
+        if($config['cf_use_point'])
+            $point = get_item_point($it);
 
         //--------------------------------------------------------
         //  재고 검사
@@ -372,14 +319,7 @@ else // 장바구니에 담기
         //--------------------------------------------------------
 
         // 바로구매에 있던 장바구니 자료를 지운다.
-        $result = sql_query(" delete from {$g4['shop_cart_table']} where uq_id = '$tmp_uq_id' and ct_direct = 1 ", false);
-        if (!$result) {
-            // 삭제중 에러가 발생했다면 필드가 없다는 것이므로 바로구매 필드를 생성한다.
-            sql_query(" ALTER TABLE `{$g4['shop_cart_table']}` ADD `ct_direct` TINYINT NOT NULL ");
-        }
-
-        // 포인트 사용하지 않는다면
-        if (!$config['cf_use_point']) { $_POST['it_point'] = 0; }
+        sql_query(" delete from {$g4['shop_cart_table']} where uq_id = '$tmp_uq_id' and ct_direct = 1 ", false);
 
         // 장바구니에 Insert
         $sql = " select ct_num
@@ -405,6 +345,16 @@ else // 장바구니에 담기
                     VALUES ";
 
         for($i=0; $i<$option_count; $i++) {
+            $opt_id = $_POST['io_id'][$i];
+            $opt_type = $_POST['io_type'][$i];
+
+            // 옵션테이블에 정보가 없으면 건너뜀
+            if($opt_id && !$opt_list[$opt_type][$opt_id]['id'])
+                continue;
+
+            $opt_price = $opt_list[$opt_type][$opt_id]['price'];
+            $opt_qty = $_POST['ct_qty'][$i];
+
             // 동일옵션의 상품이 있으면 수량 더함
             $sql2 = " select ct_id
                         from {$g4['shop_cart_table']}
@@ -422,7 +372,7 @@ else // 장바구니에 담기
                 continue;
             }
 
-            $sql .= $comma."( '$tmp_uq_id', '{$member['mb_id']}', '{$_POST['it_id']}', '{$_POST['it_name']}', '쇼핑', '{$_POST['it_price']}', '{$_POST['it_point']}', '0', '0', '{$_POST['io_value'][$i]}', '{$_POST['ct_qty'][$i]}', '$ct_num', '{$it['it_notax']}', '{$_POST['io_id'][$i]}', '{$_POST['io_type'][$i]}', '{$_POST['io_price'][$i]}', '".G4_TIME_YMDHIS."', '$REMOTE_ADDR', '$ct_send_cost', '$sw_direct', '$ct_select' )";
+            $sql .= $comma."( '$tmp_uq_id', '{$member['mb_id']}', '{$it['it_id']}', '{$it['it_name']}', '쇼핑', '{$it['it_price']}', '$point', '0', '0', '{$_POST['io_value'][$i]}', '$opt_qty', '$ct_num', '{$it['it_notax']}', '$opt_id', '$opt_type', '$opt_price', '".G4_TIME_YMDHIS."', '$REMOTE_ADDR', '$ct_send_cost', '$sw_direct', '$ct_select' )";
             $comma = ' , ';
             $ct_num++;
             $ct_count++;
diff --git a/shop/item.php b/shop/item.php
index 30c1e796a..8cfa84f8c 100644
--- a/shop/item.php
+++ b/shop/item.php
@@ -163,8 +163,6 @@ else
 
     <form name="fitem" action="<?php echo $action_url; ?>" method="post">
     <input type="hidden" name="it_id" value="<?php echo $it['it_id']; ?>">
-    <input type="hidden" name="it_name" value="<?php echo $it['it_name']; ?>">
-    <input type="hidden" name="total_price" value="">
     <input type="hidden" name="sw_direct">
     <input type="hidden" name="url">
 
@@ -323,7 +321,6 @@ else
                     $it_point = get_item_point($it);
                     echo number_format($it_point);
                     ?> 점
-                    <input type="hidden" name="it_point" value="<?php echo $it_point; ?>">
                 </td>
             </tr>
             <?php } ?>
diff --git a/shop/wishlist.php b/shop/wishlist.php
index 4add815f6..e16ee1b34 100644
--- a/shop/wishlist.php
+++ b/shop/wishlist.php
@@ -65,9 +65,6 @@ include_once('./_head.php');
             <?php } else { //품절이 아니면 체크할수 있도록한다 ?>
             <input type="checkbox" name="it_id[<?php echo $i; ?>]" value="<?php echo $row['it_id']; ?>" onclick="out_cd_check(this, '<?php echo $out_cd; ?>');">
             <?php } ?>
-            <input type="hidden"   name="it_name[<?php echo $i; ?>]"   value="<?php echo $row['it_name']; ?>">
-            <input type="hidden"   name="it_price[<?php echo $i; ?>]" value="<?php echo $it_price; ?>">
-            <input type="hidden"   name="it_point[<?php echo $i; ?>]"  value="<?php echo $it_point; ?>">
             <input type="hidden"   name="ct_qty[<?php echo $i; ?>]"    value="1">
         </td>
         <td class="sod_ws_img"><?php echo $image; ?></td>