📄 wish_remove.php
字号:
<?php
include "auth.inc.php";
include "conn.inc.php";
?>
<html>
<head>
<title>WoW-Wish: Remove a wish</title>
<link rel="stylesheet" href="wish.css">
</head>
<body>
<?php include "header.inc.php"; ?>
<h1>Remove a wish</h1>
<?php
if (isset($_POST['submit']) && $_POST['submit'] == "Remove")
{
//user has confirmed they want to remove the wish
$wishid = addslashes($_GET['remove']); //TODO: sanitise input
$aquery = "SELECT altname, altrealm FROM alts INNER JOIN wishes ON wishes.wishid = '" .$wishid ."' AND alts.altid = wishes.wishaltid";
$aresult = mysql_query($aquery) or die(mysql_error());
$arow = mysql_fetch_assoc($aresult);
$dquery = "SELECT dungeonname FROM dungeons INNER JOIN wishes ON dungeons.dungeonid = wishes.wishdungeonid AND wishes.wishid = '" .$wishid ."';";
$dresult = mysql_query($dquery) or die(mysql_error());
$drow = mysql_fetch_assoc($dresult);
$hcquery = "SELECT heroic FROM wishes WHERE wishid = '". $wishid ."';";
$hcresult = mysql_query($hcquery) or die(mysql_error());
$hcrow = mysql_fetch_assoc($hcresult);
if ($hcrow[heroic] == 1)
{ $hc = " (heroic)"; }
else
{ $hc = ""; }
echo "<h2>Wish removed:</h2><p>". $arow[altname] ." (".$arow[altrealm].") wish going to ". $drow[dungeonname] .$hc."</p>";
//the actual delete
$rquery = "DELETE FROM wishes WHERE wishid = '".$wishid."' LIMIT 1";
$rresult = mysql_query($rquery) or die(mysql_error());
echo "<p>Go back to to <a href=\"alt_list.php\">the alts list</a></p>";
}
elseif (isset($_POST['submit']) && $_POST['submit'] == "No thanks")
{
//user doesn't want to remove the wish
echo "<h2>Wish not removed</h2>";
echo "Go back to to <a href=\"alt_list.php\">the alts list</a>";
}
else
{
//first visit/ not coming from form
if (isset($_GET['remove']))
{
$s_remove = addslashes($_GET['remove']);
$s_session_user_logged = addslashes($_SESSION['user_logged']);
$query = "SELECT * FROM wishes INNER JOIN alts ON wishes.wishid = '". $s_remove ."' AND ".
"wishes.wishaltid = alts.altid AND ".
"alts.owner = '" .$s_session_user_logged. "';";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) == 1)//does the wishid match logged user/unique
{
$wishid = addslashes( $_GET['remove']); //TODO: sanitise input
$aquery = "SELECT altname, altrealm FROM alts INNER JOIN wishes ON wishes.wishid = '" .$wishid ."' AND alts.altid = wishes.wishaltid";
$aresult = mysql_query($aquery) or die(mysql_error());
$arow = mysql_fetch_assoc($aresult);
$dquery = "SELECT dungeonname FROM dungeons INNER JOIN wishes ON dungeons.dungeonid = wishes.wishdungeonid AND wishes.wishid = '" .$wishid ."';";
$dresult = mysql_query($dquery) or die(mysql_error());
$drow = mysql_fetch_assoc($dresult);
$hcquery = "SELECT heroic FROM wishes WHERE wishid = '". $wishid ."';";
$hcresult = mysql_query($hcquery) or die(mysql_error());
$hcrow = mysql_fetch_assoc($hcresult);
if ($hcrow[heroic] == 1)
{ $hc = " (heroic)"; }
else
{ $hc = ""; }
echo "<h2>Do you want to remove ". $arow[altname] ." (".$arow[altrealm].") wish going to ". $drow[dungeonname] .$hc."?</h2>";
$wishid = htmlentities($wishid);
echo "<form action=\"wish_remove.php?remove=".$wishid."\" method=\"post\">";
echo "<input type=\"submit\" name=\"submit\" value=\"Remove\"> ";
echo "<input type=\"submit\" name=\"submit\" value=\"No thanks\">";
echo "</form>";
}
else
{
//mysterious error
//could be:
//trying to remove a wish that doesn't belong to them
//wish doesn't exist
//show an error message, get them to start over
echo "<h2>Oops</h2>There was some sort of error. Lets try that again:<br />";
include "wish_remove.list.inc.php";
}
}
else
{
//not coming from wish_match
include "wish_remove.list.inc.php";
}
}
?>
</body>
</html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -