<?php 
require_once("connections/connection.php");


// *** Logout the current user.
$FF_Logout = $_SERVER['PHP_SELF'] . "?FF_Logoutnow=1";
if (isset($_GET['FF_Logoutnow']) && $_GET['FF_Logoutnow']=="1") {
  session_start();
  session_unregister("MM_Username");
  session_unregister("MM_UserAuthorization");
  $FF_logoutRedirectPage = "index.php";
    session_destroy();

  // redirect with URL parameters (remove the "FF_Logoutnow" query param).
  if ($FF_logoutRedirectPage == "") $FF_logoutRedirectPage = $_SERVER['PHP_SELF'];
  if (!strpos($FF_logoutRedirectPage, "?") && $_SERVER['QUERY_STRING'] != "") {
    $FF_newQS = "?";
    reset ($_GET);
    while (list ($key, $val) = each ($_GET)) {
      if($key != "FF_Logoutnow"){
        if (strlen($FF_newQS) > 1) $FF_newQS .= "&";
        $FF_newQS .= $key . "=" . urlencode($val);
      }
    }
    if (strlen($FF_newQS) > 1) $FF_logoutRedirectPage .= $FF_newQS;
  }
  header("Location: $FF_logoutRedirectPage");
  exit;
}

session_start();
$colname_User = "1";
if (isset($_SESSION['MM_Username'])) {
  $colname_User = (get_magic_quotes_gpc()) ? $_SESSION['MM_Username'] : addslashes($_SESSION['MM_Username']);
}
//mysql_select_db("test",$link) ;
$query_User = sprintf("SELECT * FROM member WHERE m_username = '%s'", $colname_User);
$User = mysql_query($query_User, $link) or die(mysql_error());
$row_User = mysql_fetch_assoc($User);
$totalRows_User = mysql_num_rows($User);

$pro ="Select movie from product WHERE pro_id=".$_GET['pro_id'];
$pro_result=mysql_query ($pro,$link);



$MM_paramName = ""; 

// *** Start the session
session_start();
// *** Validate request to log in to this site.
$FF_LoginAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING']!="") $FF_LoginAction .= "?".$_SERVER['QUERY_STRING'];
if ((isset($_POST['m_username'])&&($_POST['m_username']!=''))) {
  $FF_valUsername=$_POST['m_username'];
  $FF_valPassword=$_POST['m_password'];
  $FF_fldUserAuthorization="level";
  $FF_redirectLoginSuccess="index.php";
  $FF_redirectLoginFailed="index.php?errMsg=not";
  $FF_rsUser_Source="SELECT m_username, m_password ";
  if ($FF_fldUserAuthorization != "") $FF_rsUser_Source .= "," . $FF_fldUserAuthorization;
  $FF_rsUser_Source .= " FROM member WHERE m_username='" . $FF_valUsername . "' AND m_password='" . $FF_valPassword . "'";
  $FF_rsUser=mysql_query($FF_rsUser_Source, $link) or die(mysql_error());
  $row_FF_rsUser = mysql_fetch_assoc($FF_rsUser);
  if(mysql_num_rows($FF_rsUser) > 0) {
    // username and password match - this is a valid user
    $MM_Username=$FF_valUsername;
    session_register("MM_Username");
    if ($FF_fldUserAuthorization != "") {
      $MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAuthorization];
    } else {
      $MM_UserAuthorization="";
    }
    session_register("MM_UserAuthorization");
    if (isset($accessdenied) && false) {
      $FF_redirectLoginSuccess = $accessdenied;
    }
    mysql_free_result($FF_rsUser);
    session_register("FF_login_failed");
	$FF_login_failed = false;
    header ("Location: $FF_redirectLoginSuccess");
    exit;
  }
  mysql_free_result($FF_rsUser);
  session_register("FF_login_failed");
  $FF_login_failed = true;
  header ("Location: $FF_redirectLoginFailed");
  exit;
}

$MM_removeList = "&test=";
if ($MM_paramName != "") $MM_removeList .= "&".strtolower($MM_paramName)."=";
$MM_keepURL="";
$MM_keepForm="";
$MM_keepBoth="";
$MM_keepNone="";
// add the URL parameters to the MM_keepURL string
reset ($_GET);
while (list ($key, $val) = each ($_GET)) {
	$nextItem = "&".strtolower($key)."=";
	if (!stristr($MM_removeList, $nextItem)) {
		$MM_keepURL .= "&".$key."=".urlencode($val);
	}
}
// add the URL parameters to the MM_keepURL string
if(isset($_POST)){
	reset ($_POST);
	while (list ($key, $val) = each ($_POST)) {
		$nextItem = "&".strtolower($key)."=";
		if (!stristr($MM_removeList, $nextItem)) {
			$MM_keepForm .= "&".$key."=".urlencode($val);
		}
	}
}
// create the Form + URL string and remove the intial '&' from each of the strings
$MM_keepBoth = $MM_keepURL."&".$MM_keepForm;
if (strlen($MM_keepBoth) > 0) $MM_keepBoth = substr($MM_keepBoth, 1);
if (strlen($MM_keepURL) > 0)  $MM_keepURL = substr($MM_keepURL, 1);
if (strlen($MM_keepForm) > 0) $MM_keepForm = substr($MM_keepForm, 1);
 ?>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<script language="JavaScript" type="text/JavaScript">
<!--

function MM_preloadImages() { //v3.0
  var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}
//-->
</script>
<head>
<SCRIPT language=JavaScript>
<!--


function MM_findObj(n, d) { //v4.0
  var p,i,x;  if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
    d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
  if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
  for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
  if(!x && document.getElementById) x=document.getElementById(n); return x;
}

function MM_showHideLayers() { //v3.0
  var i,p,v,obj,args=MM_showHideLayers.arguments;
  for (i=0; i<(args.length-2); i+=3) if ((obj=MM_findObj(args[i]))!=null) { v=args[i+2];
    if (obj.style) { obj=obj.style; v=(v=='show')?'visible':(v='hide')?'hidden':v; }
    obj.visibility=v; }
}
//-->
</SCRIPT></head>
<title>影片介紹</title>
<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<table border="0" align="center">
  <tr>
    <td><table width="440" border="0" align="center" cellpadding="0" cellspacing="0">
        <tr> 
          <td> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0">
              <tr> 
                <td width="23" height="32" background="pic/203-1.gif"><img src="pic/203.gif" width="23" height="32"></td>
                <td width="295" background="pic/203-1.gif">&nbsp;</td>
                <td width="112" valign="bottom" background="pic/210.gif"> <table width="95%" border="0" align="center">
                    <tr> 
                      <td width="24%" height="23"> <div align="center"></div></td>
                      <td width="76%"><font color="#FFFFFF" size="2">影片介紹</font></td>
                    </tr>
                  </table></td>
              </tr>
            </table></td>
        </tr>
      </table></td>
  </tr>
</table>
<table width="440" height="462" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr> 
    <td height="440" background="pic/201.gif"> 
      <div align="center"> 
        <embed src="<? echo $_GET['movie']; ?>" align="middle" width="400" height="400"></embed></div></td>
  </tr>
  <tr>
    <td height="13">
<div align="center"> <a href="product_big.php" onClick="self.close();"><img src="pic/209.gif" width="130" height="35" vspace="3" border="0" align="absmiddle"></a></div></td>
  </tr>
  <tr> 
    <td height="9"> 
      <div align="center"><img src="pic/208-1.gif" width="440" height="9"></div></td>
  </tr>
</table>

</body>
</html>