member_address

mobile/control/member_address.php

@@ -11,7 +11,7 @@
 
 defined('InShopNC') or exit('Access Invalid!');
 
-class member_addressControl extends mobileMemberControl
+class member_addressControl extends mbMemberControl
 {
     const MAX_ADDRESS_COUNT = 10;
 
@@ -25,6 +25,11 @@ class member_addressControl extends mobileMemberControl
      */
     public function address_listOp()
     {
+        $token = trim($_GET['key']);
+        if (false == $this->checkToken($token)) {
+            return joutput_error($this->err_code);
+        }
+
         $model_address = Model('address');
         $address_list = $model_address->getAddressList(array('member_id' => $this->member_info['member_id']));
         joutput_data(array('address_list' => $address_list));
@@ -35,8 +40,12 @@ class member_addressControl extends mobileMemberControl
      */
     public function address_infoOp()
     {
-        $address_id = intval($_POST['address_id']);
+        $token = trim($_GET['key']);
+        if (false == $this->checkToken($token)) {
+            return joutput_error($this->err_code);
+        }
 
+        $address_id = intval($_POST['address_id']);
         if (empty($_POST['address_id']) || $address_id < 0) {
             return joutput_error(errcode::ErrParamter, "address_id = {$address_id}. must > 0.");
         }
@@ -58,8 +67,12 @@ class member_addressControl extends mobileMemberControl
      */
     public function address_delOp()
     {
-        $address_id = intval($_POST['address_id']);
+        $token = trim($_GET['key']);
+        if (false == $this->checkToken($token)) {
+            return joutput_error($this->err_code);
+        }
 
+        $address_id = intval($_POST['address_id']);
         if (empty($_POST['address_id']) || $address_id < 0) {
             return joutput_error(errcode::ErrParamter, "address_id = {$address_id}. must > 0.");
         }
@@ -82,8 +95,12 @@ class member_addressControl extends mobileMemberControl
      */
     public function address_addOp()
     {
-        $model_address = Model('address');
+        $token = trim($_GET['key']);
+        if (false == $this->checkToken($token)) {
+            return joutput_error($this->err_code);
+        }
 
+        $model_address = Model('address');
         $err = '';
         $address_info = $this->_address_valid($err, $err_code);
         if ($err != '') {
@@ -113,6 +130,11 @@ class member_addressControl extends mobileMemberControl
      */
     public function address_editOp()
     {
+        $token = trim($_GET['key']);
+        if (false == $this->checkToken($token)) {
+            return joutput_error($this->err_code);
+        }
+
         $address_id = intval($_POST['address_id']);
         if (empty($_POST['address_id']) || $address_id < 0) {
             return joutput_error(errcode::ErrParamter, "address_id = {$address_id}. must > 0.");
@@ -170,6 +192,11 @@ class member_addressControl extends mobileMemberControl
      */
     public function set_defaultOp()
     {
+        $token = trim($_GET['key']);
+        if (false == $this->checkToken($token)) {
+            return joutput_error($this->err_code);
+        }
+
         $address_id = intval($_POST['address_id']);
         $is_default = intval($_POST['is_default']);
 
@@ -212,6 +239,11 @@ class member_addressControl extends mobileMemberControl
      */
     public function area_listOp()
     {
+        $token = trim($_GET['key']);
+        if (false == $this->checkToken($token)) {
+            return joutput_error($this->err_code);
+        }
+
         $area_id = intval($_POST['area_id']);
         $from = $_POST['from'];
         if ($from === 'app') {
@@ -249,5 +281,4 @@ class member_addressControl extends mobileMemberControl
         }
         return $area_list;
     }
-
 }