added on local at 2026-07-01 21:47:31
| 1 | #!/usr/bin/perl | |
| 2 | #====================================================================== | |
| 3 | # RePricer -- remove an item from the cart. | |
| 4 | # | |
| 5 | # POST params: | |
| 6 | # cart_item_id = which cart_items row to delete | |
| 7 | # | |
| 8 | # Returns JSON { success: 1, count: N } with the remaining cart count. | |
| 9 | # Auth is the cart_token cookie -- buyer must own the row. | |
| 10 | #====================================================================== | |
| 11 | use strict; | |
| 12 | use warnings; | |
| 13 | ||
| 14 | use lib '/var/www/vhosts/3dshawn.com/repricer.3dshawn.com'; | |
| 15 | use CGI; | |
| 16 | use MODS::DBConnect; | |
| 17 | use MODS::RePricer::Config; | |
| 18 | use MODS::RePricer::Cart; | |
| 19 | ||
| 20 | $| = 1; | |
| 21 | ||
| 22 | my $q = CGI->new; | |
| 23 | my $db = MODS::DBConnect->new; | |
| 24 | my $config = MODS::RePricer::Config->new; | |
| 25 | my $cart = MODS::RePricer::Cart->new; | |
| 26 | my $DB = $config->settings('database_name'); | |
| 27 | ||
| 28 | print "Content-Type: application/json\nCache-Control: no-cache\n\n"; | |
| 29 | ||
| 30 | our $DONE = 0; | |
| 31 | END { | |
| 32 | if (!$DONE) { | |
| 33 | print qq~{"success":0,"error":"server aborted -- check MODS/DB_ERRORS.log"}~; | |
| 34 | } | |
| 35 | } | |
| 36 | ||
| 37 | sub fail { | |
| 38 | my ($msg) = @_; | |
| 39 | $msg =~ s/"/\\"/g; | |
| 40 | print qq~{"success":0,"error":"$msg"}~; | |
| 41 | $DONE = 1; | |
| 42 | exit; | |
| 43 | } | |
| 44 | ||
| 45 | my $token = $cart->read_token($q); | |
| 46 | fail('no cart') unless $token; | |
| 47 | ||
| 48 | my $cart_item_id = $q->param('cart_item_id') || 0; | |
| 49 | $cart_item_id =~ s/[^0-9]//g; | |
| 50 | fail('missing cart_item_id') unless $cart_item_id; | |
| 51 | ||
| 52 | my $dbh = $db->db_connect(); | |
| 53 | ||
| 54 | # Verify the row exists AND belongs to this cart token. The | |
| 55 | # combination of WHERE id AND WHERE cart_token gates ownership -- | |
| 56 | # without the right cookie, you can't delete someone else's row. | |
| 57 | my $row = $db->db_readwrite($dbh, qq~ | |
| 58 | SELECT storefront_id FROM `${DB}`.cart_items | |
| 59 | WHERE id='$cart_item_id' AND cart_token='$token' LIMIT 1 | |
| 60 | ~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 61 | unless ($row && $row->{storefront_id}) { | |
| 62 | $db->db_disconnect($dbh); | |
| 63 | fail('cart item not found'); | |
| 64 | } | |
| 65 | my $sid = $row->{storefront_id}; | |
| 66 | ||
| 67 | $db->db_readwrite($dbh, | |
| 68 | qq~DELETE FROM `${DB}`.cart_items WHERE id='$cart_item_id' AND cart_token='$token' LIMIT 1~, | |
| 69 | $ENV{SCRIPT_NAME}, __LINE__); | |
| 70 | ||
| 71 | my $count = $cart->count($db, $dbh, $DB, $token, $sid); | |
| 72 | $db->db_disconnect($dbh); | |
| 73 | ||
| 74 | print qq~{"success":1,"count":$count}~; | |
| 75 | $DONE = 1; | |
| 76 | exit; |