Subversion Repositories cheapmusic

Rev

Rev 116 | Rev 120 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
45 - 1
<?php
65 - 2
include_once ('php/clsLibGTIN.php');
3
include_once ('php/constants.php');
45 - 4
 
5
error_reporting(E_ALL);
6
 
65 - 7
// add new entry to wishlist
52 - 8
function addWishlist($uid, $wlArr) {
50 - 9
    $nul = 'NULL';
45 - 10
    $conn = MySessionHandler::getDBSessionId();
11
 
12
    $created = mysqli_real_escape_string($conn, time());
13
    $modified = $created;
14
 
52 - 15
    $uid = mysqli_real_escape_string($conn, $uid);
16
    $mid = isset($wlArr->{'mid'}) ? mysqli_real_escape_string($conn, $wlArr->{'mid'}) : "";
17
    $rid = isset($wlArr->{'rid'}) ? mysqli_real_escape_string($conn, $wlArr->{'rid'}) : "";
81 - 18
    $asin = isset($wlArr->{'asin'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'asin'}) . "'" : "NULL";
50 - 19
    $barcode = (empty($wlArr->{'barcode'}) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr->{'barcode'}) . "'");
20
    $title = isset($wlArr->{'title'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'title'}) . "'" : "NULL";
21
    $artist = isset($wlArr->{'artist'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'artist'}) . "'" : "NULL";
73 - 22
    $cond = 'Any';
45 - 23
    $format = 'Any';
46 - 24
    $currency = 'USD'; //bugbug
45 - 25
    $price = 'NULL';
50 - 26
    $url = isset($wlArr->{'url'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'url'}) . "'" : "NULL";
27
    $thumbnail = isset($wlArr->{'thumbnail'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'thumbnail'}) . "'" : "NULL";
96 - 28
    $ip = inet_pton($_SERVER['REMOTE_ADDR']);
45 - 29
 
30
    $sql = "INSERT
31
            INTO wishlist
96 - 32
            (id, created, ip, modified, uid, mid, rid, asin, barcode, title, artist, cond, format, currency, price, url, thumbnail)
33
            VALUES (NULL, '$created', '$ip', '$modified', '$uid', '$mid', '$rid', " . $asin . ", " . $barcode . ", " . $title . ", " . $artist . ", '$cond', '$format', '$currency', '$price', " . $url . ", " . $thumbnail . ")";
45 - 34
 
35
    if ($result = mysqli_query($conn, $sql)) {
52 - 36
        return 0;
65 - 37
    }
38
    else {
45 - 39
        $error = mysqli_errno($conn);
40
        if ($error == 1062) {
52 - 41
            return 1;
65 - 42
        }
43
        else {
45 - 44
            error_log("MySQL Read Wishlist SQL: " . $sql);
52 - 45
            error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");
46
            return -1;
45 - 47
        }
48
    }
49
 
52 - 50
    return -1;
45 - 51
}
52
 
46 - 53
function checkWishlist($type, $id) {
45 - 54
    $conn = MySessionHandler::getDBSessionId();
81 - 55
    if ($type == "master") {
56
        $colName = "mid";
57
    } else if ($type == "release") {
58
        $colName = "rid";
59
    } else if ($type == "asin") {
60
        $colName = "asin";
61
    }
45 - 62
 
52 - 63
    $uid = mysqli_real_escape_string($conn, $_SESSION['sessData']['userID']);
45 - 64
 
65
    $sql = "SELECT id
66
            FROM wishlist
81 - 67
            WHERE uid = '$uid' and $colName = '$id'";
45 - 68
 
69
    if ($result = mysqli_query($conn, $sql)) {
70
        if (mysqli_num_rows($result) > 0) {
71
            return true;
72
        }
73
    }
65 - 74
    else if (mysqli_errno($conn)) {
75
        error_log("MySQL Check Wishlist SQL: " . $sql);
76
        error_log("MySQL Check Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");
77
        return true;
78
    }
45 - 79
 
80
    return false;
46 - 81
}
82
 
83
function getWishlist() {
107 - 84
    if (!isLoggedIn()) {
116 - 85
        return ('<div class="container bg-warning text-center py-3"><p class="display-6"><i class="material-icons">error_outline</i> Please login to your Find Cheap Music account in order to maintain the wishlist.</p></div>');
107 - 86
    }
87
 
46 - 88
    $str = '';
89
    $conn = MySessionHandler::getDBSessionId();
90
 
91
    $uid = $_SESSION['sessData']['userID'];
92
 
93
    $sql = "SELECT *
94
            FROM wishlist
95
            WHERE uid = '$uid'";
96
 
97
    if ($result = mysqli_query($conn, $sql)) {
98
        if (mysqli_num_rows($result) > 0) {
58 - 99
            $str .= "<div class=\"container\">";
52 - 100
            $str .= "<div class=\"input-group mt-3\">";
101
            $str .= "<div class=\"input-group-prepend\">";
116 - 102
            $str .= "<span class=\"input-group-text\"><i class=\"material-icons\">search</i></span>";
52 - 103
            $str .= "</div>";
116 - 104
            $str .= "<input type=\"text\" class=\"form-control\" id=\"tableFilter\" onkeyup=\"filterWishlist();\" placeholder=\"Search for..\" aria-label=\"Search for entry\" />";
52 - 105
            $str .= "<div class=\"input-group-append\" id=\"tableFilterButton\">";
116 - 106
            $str .= "<button type=\"button\" class=\"btn rounded\" onclick=\"document.getElementById('tableFilter').value='';filterWishlist();\"><i class=\"material-icons\">cancel_presentation</i></button>";
52 - 107
            $str .= "</div>";
108
            $str .= "</div>";
109
 
61 - 110
            $str .= "<form method=\"post\" action=\"/index.php\">";
116 - 111
            $str .= "<input type=\"hidden\" name=\"sessionTab\" value=\"" . MySessionHandler::getSessionTab() . "\" />";
112
            $str .= "<input id=\"discogsTitle\" type=\"hidden\" name=\"discogsTitle\" value=\"\" />";
113
            $str .= "<input id=\"discogsArtist\" type=\"hidden\" name=\"discogsArtist\" value=\"\" />";
114
            $str .= "<input id=\"discogsBarcode\" type=\"hidden\" name=\"discogsBarcode\" value=\"\" />";
81 - 115
            $str .= "<div class=\"table\">";
68 - 116
            $str .= "<table id=\"wishlistTable\" class=\"table table-striped table-condensed table-hover small bg-info\">";
81 - 117
            $str .= "<thead class=\"thead-dark table-header-sticky\">";
65 - 118
            $str .= "<tr><th></th>";
116 - 119
            $str .= "<th class=\"text-left cursor-pointer\" onclick=\"sortTable('wishlistTable', 1, 'text')\"><span class=\"nowrap\">Artist <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";
120
            $str .= "<th class=\"text-left cursor-pointer\" onclick=\"sortTable('wishlistTable', 2, 'text')\"><span class=\"text-nowrap\">Title <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";
65 - 121
            $str .= "<th class=\"d-none\"></th>";
116 - 122
            $str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 4, 'text')\"><span class=\"text-nowrap\">Barcode <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";
123
            $str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 5, 'text')\"><span class=\"text-nowrap\">Condition <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";
124
            $str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 6, 'text')\"><span class=\"text-nowrap\">Format <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";
65 - 125
            $str .= "<th class=\"d-none\">Ceiling Price Number</th>";
116 - 126
            $str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 7, 'currency')\"><span class=\"text-nowrap\">Price <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";
65 - 127
            $str .= "<th></th><th class=\"d-none\"></th></tr></thead>";
128
            $str .= "<tbody>";
46 - 129
 
65 - 130
            while ($row = mysqli_fetch_assoc($result)) {
52 - 131
                $artist = (empty($row["artist"]) ? "Various" : sanitizeInput2($row["artist"]));
132
                $altText = "Image for " . sanitizeInput2($row['title']) . " by " . $artist;
46 - 133
                $price = print_monetary($row['price'], $row['currency']);
52 - 134
                $searchTitle = 'Searching for:<br><br><strong>' . sanitizeInput2($row['title']) . " by " . $artist;
50 - 135
                if ($row['barcode'] !== null) {
136
                    $searchTitle .= " (" . displayBarcode($row['barcode']) . ")";
137
                }
52 - 138
                $searchTitle .= "</strong>";
47 - 139
 
46 - 140
                $str .= "<tr>";
118 - 141
                $str .= "<td><img class=\"img-fluid wl-img lazyload\" src=\"data:image/png;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs=\" data-src=\"" . $row["thumbnail"] . "\" alt=\"" . $altText . "\" /></td>";
65 - 142
                $str .= "<td>$artist</td>";
143
                $str .= "<td>" . $row['title'] . "</td>";
144
                $str .= "<td class=\"d-none\">" . $row['barcode'] . "</td>";
145
                $str .= "<td>" . displayBarcode($row['barcode']) . "</td>";
73 - 146
                $str .= "<td>" . $row['cond'] . "</td>";
65 - 147
                $str .= "<td>" . $row['format'] . "</td>";
148
                $str .= "<td class=\"d-none\">" . $row['price'] . "</td>";
149
                $str .= "<td>" . $price . "</td>";
116 - 150
                $str .= "<td><span class=\"text-nowrap\"><button class=\"btn rounded px-1\" type=\"button\" onclick=\"editWishlist('" . $row["id"] . "',this); return true;\" data-toggle=\"tooltip\" title=\"Edit\" aria-label=\"Edit Entry\"><i class=\"material-icons\">edit</i></button>";
151
                $str .= "<button class=\"btn rounded px-1\" type=\"button\" onclick=\"deleteWishlist('" . $row["id"] . "',this,'" . sanitizeInput2($row['title']) . "','" . $artist . "'); return true;\" data-toggle=\"tooltip\" title=\"Delete\" aria-label=\"Delete Entry\"><i class=\"material-icons\">cancel_presentation</i></button>";
152
                $str .= "<a class=\"btn rounded px-1\" role=\"button\" data-toggle=\"tooltip\" title=\"Information\" aria-label=\"Information for Entry\" href=\"" . $row['url'] . "\" target=\"_blank\" rel=\"noreferrer noopener\"><i class=\"material-icons\">info_outline</i></a>";
153
                $str .= "<button type=\"submit\" name=\"submit\" value=\"discogsSearch\" class=\"btn rounded px-1\" onclick=\"document.getElementById('discogsTitle').value = '" . sanitizeInput2($row['title']) . "';document.getElementById('discogsArtist').value = '" . sanitizeInput2($row['artist']) . "';document.getElementById('discogsBarcode').value = '" . sanitizeInput2($row['barcode']) . "';progressBar('" . sanitizeInput2($searchTitle) . "');\"><i class=\"material-icons\" title=\"Search for Store Offers\" aria-label=\"Search Store Offers for Entry\" data-toggle=\"tooltip\">search</i></button></span></td>";
65 - 154
                $str .= "<td class=\"d-none\" id=\"wlIdRow" . $row['id'] . "\"></td>";
52 - 155
 
65 - 156
                $str .= "</tr>";
46 - 157
            }
52 - 158
 
46 - 159
            $str .= "</tbody>";
160
            $str .= "</table>";
58 - 161
            $str .= "</div>";
61 - 162
            $str .= "</form>";
52 - 163
 
65 - 164
            $str .= '<div class="modal fade" id="editWishlistModal">';
165
            $str .= '    <div class="modal-dialog">';
166
            $str .= '        <div class="modal-content">';
167
            $str .= '            <div class="modal-header bg-primary">';
109 - 168
            $str .= '                <p class="modal-title display-6">Edit Wishlist Entry</p>';
65 - 169
            $str .= '            </div>';
170
            $str .= '            <span class="mt-0" id="wlMsg"></span>';
116 - 171
            $str .= '            <input type="hidden" name="sessionTab" value="' . MySessionHandler::getSessionTab() . '" />';
172
            $str .= '            <input type="hidden" name="wlId" id="wlId" />';
65 - 173
            $str .= '            <div class="modal-body">';
174
            $str .= '                <div class="form-group">';
175
            $str .= '                    <label for="wlArtist">Artist:</label>';
116 - 176
            $str .= '                    <input type="text" class="form-control" id="wlArtist" />';
65 - 177
            $str .= '                </div>';
178
            $str .= '                <div class="form-group">';
179
            $str .= '                    <label for="wlTitle">Title:</label>';
116 - 180
            $str .= '                    <input type="text" class="form-control" id="wlTitle" />';
65 - 181
            $str .= '                </div>';
182
            $str .= '                <div class="form-group">';
183
            $str .= '                    <label for="wlBarcode">Barcode:</label>';
116 - 184
            $str .= '                    <input type="text" class="form-control" id="wlBarcode" />';
65 - 185
            $str .= '                </div>';
186
            $str .= '                <div class="form-group">';
73 - 187
            $str .= '                    <label for="wlCond">Condition:</label>';
188
            $str .= '                    <select class="form-control" id="wlCond">';
189
            $str .= '                    <option>Any</option>';
190
            $str .= '                    <option>New</option>';
191
            $str .= '                    <option>Used</option>';
192
            $str .= '                    </select>';
193
            $str .= '                </div>';
194
            $str .= '                <div class="form-group">';
65 - 195
            $str .= '                    <label for="wlFormat">Format:</label>';
196
            $str .= '                    <select class="form-control" id="wlFormat">';
197
            $str .= '                    <option>Any</option>';
198
            $str .= '                    <option>CD</option>';
199
            $str .= '                    <option>Record</option>';
200
            $str .= '                    <option>Digital</option>';
201
            $str .= '                    <option>Book</option>';
202
            $str .= '                    </select>';
203
            $str .= '                </div>';
204
            $str .= '                <div class="form-group">';
205
            $str .= '                    <label for="wlPrice">Ceiling Price:</label>';
116 - 206
            $str .= '                    <input type="text" class="form-control" id="wlPrice" />';
65 - 207
            $str .= '                </div>';
208
            $str .= '            </div>';
209
            $str .= '            <div class="modal-footer bg-primary">';
210
            $str .= '                <button type="button" class="btn btn-success" name="submit" value="Save" onclick="saveEditedWishlist(); return true;">Save</button>';
211
            $str .= '                <button type="button" class="btn btn-danger" data-dismiss="modal">Cancel</button>';
212
            $str .= '            </div>';
213
            $str .= '        </div>';
214
            $str .= '    </div>';
215
            $str .= '</div>';
216
            $str .= '</div>';
217
        }
218
        else {
116 - 219
            $str .= "<div class=\"container bg-warning text-center py-3\"><p class=\"display-6\"><i class=\"material-icons\">bookmark</i> Your wishlist is currently empty. Add matching albums from the search results.</p></div>";
46 - 220
        }
221
    }
65 - 222
    else if (mysqli_errno($conn)) {
223
        error_log("MySQL Read Wishlist SQL: " . $sql);
224
        error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");
225
    }
46 - 226
 
227
    return $str;
52 - 228
}
229
 
230
function deleteWishlist($uid, $id) {
231
    $conn = MySessionHandler::getDBSessionId();
232
 
233
    $id = mysqli_real_escape_string($conn, $id);
234
    $uid = mysqli_real_escape_string($conn, $uid);
235
 
236
    $sql = "DELETE FROM wishlist WHERE id = $id AND uid = $uid;";
237
 
238
    if (!($result = mysqli_query($conn, $sql))) {
65 - 239
        error_log("MySQL Delete Wishlist SQL: " . $sql);
240
        error_log("MySQL Delete Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");
241
        return -1;
52 - 242
    }
243
 
244
    return 0;
245
}
246
 
247
function updateWishlist($uid, $wlArr) {
248
    $nul = 'NULL';
249
    $conn = MySessionHandler::getDBSessionId();
250
 
251
    $modified = mysqli_real_escape_string($conn, time());
252
 
253
    $id = (empty($wlArr['id']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['id']) . "'");
254
    $uid = mysqli_real_escape_string($conn, $uid);
255
    $barcode = (empty($wlArr['barcode']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['barcode']) . "'");
256
    $title = isset($wlArr['title']) ? "'" . mysqli_real_escape_string($conn, $wlArr['title']) . "'" : "NULL";
257
    $artist = isset($wlArr['artist']) ? "'" . mysqli_real_escape_string($conn, $wlArr['artist']) . "'" : "NULL";
73 - 258
    $cond = isset($wlArr['cond']) ? mysqli_real_escape_string($conn, $wlArr['cond']) : "Any";
52 - 259
    $format = isset($wlArr['format']) ? mysqli_real_escape_string($conn, $wlArr['format']) : "Any";
260
    $currency = 'USD'; //bugbug
261
    $price = isset($wlArr['price']) ? "'" . mysqli_real_escape_string($conn, $wlArr['price']) . "'" : "NULL";
262
 
263
    $sql = "UPDATE wishlist
73 - 264
            SET modified='$modified', barcode=" . $barcode . ", title=" . $title . ", artist=" . $artist . ", cond='$cond', format='$format', price=" . $price . "
52 - 265
            WHERE id=$id and uid=$uid";
266
 
267
    if ($result = mysqli_query($conn, $sql)) {
268
        return 0;
65 - 269
    }
270
    else {
52 - 271
        error_log("MySQL Update Wishlist SQL: " . $sql);
272
        error_log("MySQL Update Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");
273
        return -1;
274
    }
275
 
276
    return -1;
277
}
73 - 278
 
279
function unsubscribeWishlist($arr) {
116 - 280
    if (empty($arr['id']) || empty($arr['email'])) {
281
        return "";
282
    }
73 - 283
    $conn = MySessionHandler::getDBSessionId();
284
 
285
    $modified = mysqli_real_escape_string($conn, time());
286
 
287
    $id = mysqli_real_escape_string($conn, $arr['id']);
288
    $email = mysqli_real_escape_string($conn, $arr['email']);
289
 
290
    $sql = "UPDATE users
291
            SET wlEmailFlag = '0'
292
            WHERE id=$id and email='$email'";
293
 
294
    if (!($result = mysqli_query($conn, $sql))) {
295
        error_log("MySQL Update Wishlist SQL: " . $sql);
296
        error_log("MySQL Update Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");
297
    }
298
 
299
    $str = "<div class=\"container text-center bg-warning p-3 rounded\">";
300
    $str .= "<p class=\"display-6 font-weight-bold\">The wishlist price check emails for " . $email . " have been turned off</p>";
301
    $str .= "<p>You can reinstate the emails at any time by setting the option 'Email Price Checks' for your account back to 'Yes'.</p>";
302
    $str .= "</div>";
303
 
304
    return $str;
305
}
78 - 306
 
307
function checkPriceMonitor() {
308
    if (empty($_SESSION['sessData']['userID'])) {
309
        unset($_SESSION['priceMonitor']);
310
        return -1;
311
    }
312
 
313
    $conn = MySessionHandler::getDBSessionId();
314
 
315
    $uid = $_SESSION['sessData']['userID'];
316
 
317
    $sql = "SELECT created, access
318
            FROM pricemonitor
319
            WHERE userId = '$uid'";
320
 
321
    if ($result = mysqli_query($conn, $sql)) {
322
        if (mysqli_num_rows($result) > 0) {
323
            if ($row = mysqli_fetch_assoc($result)) {
324
                $_SESSION['priceMonitor']['created'] = $row['created'];
325
                $_SESSION['priceMonitor']['access'] = $row['access'];
110 - 326
                if ($_SESSION['priceMonitor']['created'] > $_SESSION['priceMonitor']['access']) {
79 - 327
                    $_SESSION['priceMonitor']['newFlag'] = true;
328
                } else {
329
                    $_SESSION['priceMonitor']['newFlag'] = false;
330
                }
78 - 331
 
332
                return 0;
333
            }
334
        }
335
    }
336
    else if (mysqli_errno($conn)) {
337
        error_log("MySQL Read Price Monitor SQL: " . $sql);
338
        error_log("MySQL Read Price Monitor Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");
339
    }
340
 
341
    return -1;
342
}
343
 
344
 
345
function getPriceMonitor() {
107 - 346
    if (!isLoggedIn()) {
116 - 347
        return ('<div class="container bg-warning text-center py-3"><p class="display-6"><i class="material-icons">error_outline</i> Please login to your Find Cheap Music account in order to see the price monitor results.</p></div>');
107 - 348
    }
349
 
78 - 350
    $conn = MySessionHandler::getDBSessionId();
351
 
352
    $uid = $_SESSION['sessData']['userID'];
353
 
354
    $sql = "SELECT data
355
            FROM pricemonitor
356
            WHERE userId = '$uid'";
357
 
358
    if ($result = mysqli_query($conn, $sql)) {
359
        if (mysqli_num_rows($result) > 0) {
360
            if ($row = mysqli_fetch_assoc($result)) {
361
                $access = mysqli_real_escape_string($conn, time());
362
                $sql = "UPDATE pricemonitor
363
                        SET access = $access
364
                        WHERE userId = '$uid'";
365
                if (!($result = mysqli_query($conn, $sql))) {
366
                    error_log("MySQL Update Price Monitor SQL: " . $sql);
367
                    error_log("MySQL Update Price Monitor Error: " . mysqli_error($conn) . " (" . $error . ")");
368
                }
369
 
104 - 370
                return(gzdecode(base64_decode($row['data'])));
78 - 371
            }
372
        }
373
    }
374
    else if (mysqli_errno($conn)) {
375
        error_log("MySQL Read Price Monitor SQL: " . $sql);
376
        error_log("MySQL Read Price Monitor Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");
377
    }
378
 
116 - 379
    return ('<div class="container bg-warning text-center py-3"><p class="display-6"><i class="material-icons">bookmark</i> Your price monitor list is currently empty.</p></div>');
78 - 380
}