=== modified file 'data/class/db/SC_DB_DBFactory.php' --- data/class/db/SC_DB_DBFactory.php 2010-08-24 05:56:50 +0000 +++ data/class/db/SC_DB_DBFactory.php 2010-08-25 10:03:48 +0000 @@ -122,6 +122,14 @@ function getSendHistoryWhereStartdateSql() { return null; } /** + * ダウンロード販売の検索条件の SQL を返す. + * + * @param string $dtb_order_alias + * @return string 検索条件の SQL + */ + function getDownloadableDaysWhereSql($dtb_order_alias) { return null; } + + /** * 文字列連結を行う. * * @param array $columns 連結を行うカラム名 === modified file 'data/class/db/dbfactory/SC_DB_DBFactory_MYSQL.php' --- data/class/db/dbfactory/SC_DB_DBFactory_MYSQL.php 2010-08-24 05:56:50 +0000 +++ data/class/db/dbfactory/SC_DB_DBFactory_MYSQL.php 2010-08-25 10:02:58 +0000 @@ -136,6 +136,16 @@ } /** + * ダウンロード販売の検索条件の SQL を返す. + * + * @param string $dtb_order_alias + * @return string 検索条件の SQL + */ + function getDownloadableDaysWhereSql($dtb_order_alias) { + return "(SELECT IF((SELECT d1.downloadable_days_unlimited FROM dtb_baseinfo d1)=1, 1, DATE(NOW()) <= DATE(DATE_ADD(" . $dtb_order_alias . ".commit_date, INTERVAL (SELECT downloadable_days FROM dtb_baseinfo) DAY))))"; + } + + /** * 文字列連結を行う. * * @param array $columns 連結を行うカラム名 === modified file 'data/class/db/dbfactory/SC_DB_DBFactory_PGSQL.php' --- data/class/db/dbfactory/SC_DB_DBFactory_PGSQL.php 2010-08-24 05:56:50 +0000 +++ data/class/db/dbfactory/SC_DB_DBFactory_PGSQL.php 2010-08-25 10:01:29 +0000 @@ -116,6 +116,17 @@ } /** + * ダウンロード販売の検索条件の SQL を返す. + * + * @param string $dtb_order_alias + * @return string 検索条件の SQL + */ + function getDownloadableDaysWhereSql($dtb_order_alias) { + $baseinfo = SC_Helper_DB_Ex::sf_getBasisData(); + return "(SELECT CASE WHEN (SELECT d1.downloadable_days_unlimited FROM dtb_baseinfo d1) = 1 THEN 1 WHEN DATE(NOW()) <= DATE(" . $dtb_order_alias . ".commit_date + '". $baseinfo['downloadable_days'] ." days') THEN 1 ELSE 0 END)"; + } + + /** * 文字列連結を行う. * * @param array $columns 連結を行うカラム名 === modified file 'data/class/pages/mypage/LC_Page_Mypage_DownLoad.php' --- data/class/pages/mypage/LC_Page_Mypage_DownLoad.php 2010-08-20 09:04:46 +0000 +++ data/class/pages/mypage/LC_Page_Mypage_DownLoad.php 2010-08-25 10:30:25 +0000 @@ -53,6 +53,20 @@ */ function process() { ob_end_clean(); + + $customer_id = $_SESSION['customer']['customer_id']; + $order_id = $_GET['order_id']; + $product_id = $_GET['product_id']; + + // ID の数値チェック + // TODO SC_FormParam でチェックした方が良い? + if (!is_numeric($customer_id) + || !is_numeric($order_id) + || !is_numeric($product_id)) { + SC_Utils_Ex::sfDispSiteError(""); + } + + $objCustomer = new SC_Customer(); //ログインしていない場合 if (!$objCustomer->isLoginSuccess()){ @@ -60,7 +74,8 @@ } else { //ログインしている場合 //DBから商品情報の読込 - $arrForm = $this->lfGetRealFileName($_GET['product_id']); + + $arrForm = $this->lfGetRealFileName($customer_id, $order_id, $product_id); //ステータスが支払済み以上である事 if ($arrForm["status"] < ORDER_DELIV){ @@ -100,21 +115,24 @@ } } - /* 商品情報の読み込み */ - function lfGetRealFileName($product_id) { + /** + * 商品情報の読み込みを行う. + * + * @param integer $customer_id 顧客ID + * @param integer $order_id 受注ID + * @param integer $product_id 商品ID + * @return array 商品情報の配列 + */ + function lfGetRealFileName($customer_id, $order_id, $product_id) { $objQuery = new SC_Query(); $col = "*"; $table = "vw_download_class AS T1"; - // FIXME order_id, product_id の妥当性をチェックすべき. - if (DB_TYPE == "mysql"){ - $where = "T1.customer_id = " . (int)$_SESSION['customer']['customer_id'] . " AND T1.order_id = " . (int)$_GET['order_id'] . " AND T1.product_id = " . (int)$_GET['product_id'] . - " AND (SELECT IF((SELECT d1.downloadable_days_unlimited FROM dtb_baseinfo d1)=1, 1, DATE(NOW()) <= DATE(DATE_ADD(T1.commit_date, INTERVAL (SELECT downloadable_days FROM dtb_baseinfo) DAY)))) = 1;"; - }else{ - $baseinfo = SC_Helper_DB_Ex::sf_getBasisData(); - $where = "T1.customer_id = " . (int)$_SESSION['customer']['customer_id'] . " AND T1.order_id = " . (int)$_GET['order_id'] . " AND T1.product_id = " . (int)$_GET['product_id'] . - " AND (SELECT CASE WHEN (SELECT d1.downloadable_days_unlimited FROM dtb_baseinfo d1) = 1 THEN 1 WHEN DATE(NOW()) <= DATE(T1.commit_date + '". $baseinfo['downloadable_days'] ." days') THEN 1 ELSE 0 END) = 1;"; - } - $arrRet = $objQuery->select($col, $table, $where); + $dbFactory = SC_DB_DBFactory_Ex::getInstance(); + $where = "T1.customer_id = ? AND T1.order_id = ? AND T1.product_id = ?"; + $where .= " AND " . $dbFactory->getDownloadableDaysWhereSql("T1"); + $where .= " = 1"; + $arrRet = $objQuery->select($col, $table, $where, + array($customer_id, $order_id, $product_id)); return $arrRet[0]; } === modified file 'data/class/pages/mypage/LC_Page_Mypage_History.php' --- data/class/pages/mypage/LC_Page_Mypage_History.php 2010-08-06 05:52:59 +0000 +++ data/class/pages/mypage/LC_Page_Mypage_History.php 2010-08-25 10:10:26 +0000 @@ -221,20 +221,15 @@ */ function lfGetOrderDetail($orderId) { $objQuery = new SC_Query(); - if (DB_TYPE == "mysql"){ - $col = "od.product_id AS product_id, od.product_code AS product_code, od.product_name AS product_name, od.classcategory_name1 AS classcategory_name1,"; - $col .= "od.classcategory_name2 AS classcategory_name2, od.price AS price, od.quantity AS quantity, od.point_rate AS point_rate"; - $col .= ",CASE WHEN EXISTS(SELECT * FROM dtb_products WHERE product_id = od.product_id AND del_flg = 0 AND status = 1) THEN '1' ELSE '0' END AS enable"; - $col .= ",o.status AS status, p.down AS down, (SELECT IF((SELECT d1.downloadable_days_unlimited FROM dtb_baseinfo d1)=1, 1, DATE(NOW()),"; - $col .= "<= DATE(DATE_ADD(o.commit_date, INTERVAL (SELECT downloadable_days FROM dtb_baseinfo) DAY)))) AS effective"; - }else{ - $baseinfo = SC_Helper_DB_Ex::sf_getBasisData(); - $col = "od.product_id AS product_id, od.product_code AS product_code, od.product_name AS product_name, od.classcategory_name1 AS classcategory_name1,"; - $col .= "od.classcategory_name2 AS classcategory_name2, od.price AS price, od.quantity AS quantity, od.point_rate AS point_rate"; - $col .= ",CASE WHEN EXISTS(SELECT * FROM dtb_products WHERE product_id = od.product_id AND del_flg = 0 AND status = 1) THEN '1' ELSE '0' END AS enable"; - $col .= ",o.status AS status, p.down AS down, (SELECT CASE WHEN (SELECT d1.downloadable_days_unlimited FROM dtb_baseinfo d1) = 1 THEN 1 WHEN DATE(NOW())"; - $col .= "<= DATE(o.commit_date + '". $baseinfo['downloadable_days'] ." days') THEN 1 ELSE 0 END) AS effective"; - } + $dbFactory = SC_DB_DBFactory_Ex::getInstance(); + + $col = "od.product_id AS product_id, od.product_code AS product_code, od.product_name AS product_name, od.classcategory_name1 AS classcategory_name1,"; + $col .= "od.classcategory_name2 AS classcategory_name2, od.price AS price, od.quantity AS quantity, od.point_rate AS point_rate"; + $col .= ",CASE WHEN EXISTS(SELECT * FROM dtb_products WHERE product_id = od.product_id AND del_flg = 0 AND status = 1) THEN '1' ELSE '0' END AS enable"; + $col .= ",o.status AS status, p.down AS down, "; + $col .= $dbFactory->getDownloadableDaysWhereSql("o"); + $col .= " AS effective"; + $where = "p.product_id = od.product_id AND od.order_id = o.order_id AND od.order_id = ?"; $objQuery->setOrder("classcategory_id1, classcategory_id2"); $arrRet = $objQuery->select($col, "dtb_products p, dtb_order_detail od, dtb_order o", $where, array($orderId));