Insert to basket

vrana · Aug 11, 2012 · 56ca53b · 56ca53b
1 parent beafd01
commit 56ca53b
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 3 deletions.
diff --git a/category.php b/category.php
@@ -3,13 +3,36 @@
 if (!$row) {
 	pageNotFound();
 }
+
+$error = "";
+if ($_POST["id"]) {
+	if (!checkCSRF()) {
+		$error = "<p>Invalid CSRF token.</p>\n";
+	} else if ($_POST["amount"] <= 0) {
+		$error = "<p>Invalid amount.</p>\n";
+	} else {
+		$_SESSION["basket"][$_POST["id"]] += $_POST["amount"];
+		redirect("cat/$row[url]/");
+	}
+}
+
 $products = query("SELECT id, name, about, price FROM products WHERE categories_id = %d AND visible = 1", $row["id"]);
 
 htmlHead($row["name"], $row["url"]);
+echo $error;
+
 foreach ($products as $product) {
 	echo "<h3>" . h($product["name"]) . "</h3>\n";
 	echo "<p>" . h($product["about"]) . "</p>\n";
-	if ($product["price"] !== null) {
-		echo "<p><b>$product[price]</b></p>\n";
-	}
+	?>
+<form action="" method="post">
+<p>
+<b><?=$product["price"]?></b>
+<input type="hidden" name="csrf" value="<?=$_SESSION["csrf"]?>">
+<input type="hidden" name="id" value="<?=$product["id"]?>">
+<input name="amount" value="1" size="3">
+<input type="submit" value="Buy">
+</p>
+</form>
+<?php
 }
diff --git a/functions.inc.php b/functions.inc.php
@@ -45,6 +45,7 @@ function query($sql /*, ... */) {
 function pageNotFound() {
 	header("HTTP/1.1 404 Not Found");
 	htmlHead("Page Not Found");
+	exit;
 }
 
 function redirect($path) {