WebSVN – cheapmusic – Blame – /www/php/wishlist.php

Rev	Author	Line No.	Line
45	-	1	`<?php`
65	-	2	`include_once ('php/clsLibGTIN.php');`
		3	`include_once ('php/constants.php');`
45	-	4
		5	`error_reporting(E_ALL);`
		6
65	-	7	`// add new entry to wishlist`
52	-	8	`function addWishlist($uid, $wlArr) {`
50	-	9	`$nul = 'NULL';`
45	-	10	`$conn = MySessionHandler::getDBSessionId();`
		11
		12	`$created = mysqli_real_escape_string($conn, time());`
		13	`$modified = $created;`
		14
52	-	15	`$uid = mysqli_real_escape_string($conn, $uid);`
		16	`$mid = isset($wlArr->{'mid'}) ? mysqli_real_escape_string($conn, $wlArr->{'mid'}) : "";`
		17	`$rid = isset($wlArr->{'rid'}) ? mysqli_real_escape_string($conn, $wlArr->{'rid'}) : "";`
81	-	18	`$asin = isset($wlArr->{'asin'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'asin'}) . "'" : "NULL";`
50	-	19	`$barcode = (empty($wlArr->{'barcode'}) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr->{'barcode'}) . "'");`
		20	`$title = isset($wlArr->{'title'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'title'}) . "'" : "NULL";`
		21	`$artist = isset($wlArr->{'artist'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'artist'}) . "'" : "NULL";`
73	-	22	`$cond = 'Any';`
45	-	23	`$format = 'Any';`
46	-	24	`$currency = 'USD'; //bugbug`
45	-	25	`$price = 'NULL';`
50	-	26	`$url = isset($wlArr->{'url'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'url'}) . "'" : "NULL";`
		27	`$thumbnail = isset($wlArr->{'thumbnail'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'thumbnail'}) . "'" : "NULL";`
96	-	28	`$ip = inet_pton($_SERVER['REMOTE_ADDR']);`
45	-	29
		30	`$sql = "INSERT`
		31	`INTO wishlist`
96	-	32	`(id, created, ip, modified, uid, mid, rid, asin, barcode, title, artist, cond, format, currency, price, url, thumbnail)`
		33	`VALUES (NULL, '$created', '$ip', '$modified', '$uid', '$mid', '$rid', " . $asin . ", " . $barcode . ", " . $title . ", " . $artist . ", '$cond', '$format', '$currency', '$price', " . $url . ", " . $thumbnail . ")";`
45	-	34
		35	`if ($result = mysqli_query($conn, $sql)) {`
52	-	36	`return 0;`
65	-	37	`}`
		38	`else {`
45	-	39	`$error = mysqli_errno($conn);`
		40	`if ($error == 1062) {`
52	-	41	`return 1;`
65	-	42	`}`
		43	`else {`
45	-	44	`error_log("MySQL Read Wishlist SQL: " . $sql);`
52	-	45	`error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		46	`return -1;`
45	-	47	`}`
		48	`}`
		49
52	-	50	`return -1;`
45	-	51	`}`
		52
46	-	53	`function checkWishlist($type, $id) {`
45	-	54	`$conn = MySessionHandler::getDBSessionId();`
81	-	55	`if ($type == "master") {`
		56	`$colName = "mid";`
		57	`} else if ($type == "release") {`
		58	`$colName = "rid";`
		59	`} else if ($type == "asin") {`
		60	`$colName = "asin";`
		61	`}`
45	-	62
52	-	63	`$uid = mysqli_real_escape_string($conn, $_SESSION['sessData']['userID']);`
45	-	64
		65	`$sql = "SELECT id`
		66	`FROM wishlist`
81	-	67	`WHERE uid = '$uid' and $colName = '$id'";`
45	-	68
		69	`if ($result = mysqli_query($conn, $sql)) {`
		70	`if (mysqli_num_rows($result) > 0) {`
		71	`return true;`
		72	`}`
		73	`}`
65	-	74	`else if (mysqli_errno($conn)) {`
		75	`error_log("MySQL Check Wishlist SQL: " . $sql);`
		76	`error_log("MySQL Check Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		77	`return true;`
		78	`}`
45	-	79
		80	`return false;`
46	-	81	`}`
		82
		83	`function getWishlist() {`
107	-	84	`if (!isLoggedIn()) {`
116	-	85	`return ('<div class="container bg-warning text-center py-3"><p class="display-6"><i class="material-icons">error_outline</i> Please login to your Find Cheap Music account in order to maintain the wishlist.</p></div>');`
107	-	86	`}`
		87
46	-	88	`$str = '';`
		89	`$conn = MySessionHandler::getDBSessionId();`
		90
		91	`$uid = $_SESSION['sessData']['userID'];`
		92
		93	`$sql = "SELECT *`
		94	`FROM wishlist`
		95	`WHERE uid = '$uid'";`
		96
		97	`if ($result = mysqli_query($conn, $sql)) {`
		98	`if (mysqli_num_rows($result) > 0) {`
58	-	99	`$str .= "<div class=\"container\">";`
52	-	100	`$str .= "<div class=\"input-group mt-3\">";`
		101	`$str .= "<div class=\"input-group-prepend\">";`
116	-	102	`$str .= "<span class=\"input-group-text\"><i class=\"material-icons\">search</i></span>";`
52	-	103	`$str .= "</div>";`
120	-	104	`$str .= "<input type=\"text\" class=\"form-control\" id=\"tableFilter\" placeholder=\"Search for..\" aria-label=\"Search for entry\" />";`
52	-	105	`$str .= "<div class=\"input-group-append\" id=\"tableFilterButton\">";`
120	-	106	`$str .= "<button id=\"tableFilterReset\" type=\"button\" class=\"btn rounded\"><i class=\"material-icons\">cancel_presentation</i></button>";`
52	-	107	`$str .= "</div>";`
120	-	108	`$str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';`
		109	`$str .= 'document.addEventListener("DOMContentLoaded", function() {';`
		110	`$str .= ' document.getElementById("tableFilter").addEventListener("keyup", function() {';`
		111	`$str .= ' filterWishlist();';`
		112	`$str .= ' });';`
		113	`$str .= ' document.getElementById("tableFilterReset").addEventListener("click", function() {';`
		114	`$str .= ' document.getElementById("tableFilter").value = "";';`
		115	`$str .= ' filterWishlist();';`
		116	`$str .= ' });';`
		117	`$str .= '});';`
		118	`$str .= '</script>';`
52	-	119	`$str .= "</div>";`
		120
61	-	121	`$str .= "<form method=\"post\" action=\"/index.php\">";`
116	-	122	`$str .= "<input type=\"hidden\" name=\"sessionTab\" value=\"" . MySessionHandler::getSessionTab() . "\" />";`
		123	`$str .= "<input id=\"discogsTitle\" type=\"hidden\" name=\"discogsTitle\" value=\"\" />";`
		124	`$str .= "<input id=\"discogsArtist\" type=\"hidden\" name=\"discogsArtist\" value=\"\" />";`
		125	`$str .= "<input id=\"discogsBarcode\" type=\"hidden\" name=\"discogsBarcode\" value=\"\" />";`
81	-	126	`$str .= "<div class=\"table\">";`
68	-	127	`$str .= "<table id=\"wishlistTable\" class=\"table table-striped table-condensed table-hover small bg-info\">";`
81	-	128	`$str .= "<thead class=\"thead-dark table-header-sticky\">";`
65	-	129	`$str .= "<tr><th></th>";`
120	-	130	`$str .= "<th id=\"sortColumn1\" class=\"text-left cursor-pointer\"><span class=\"nowrap\">Artist <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
		131	`$str .= "<th id=\"sortColumn2\" class=\"text-left cursor-pointer\"><span class=\"text-nowrap\">Title <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
		132	`$str .= "<th id=\"sortColumn3\" class=\"d-none\"></th>";`
121	-	133	`$str .= "<th id=\"sortColumn4\" class=\"cursor-pointer hide-medium hide-small\"><span class=\"text-nowrap\">Barcode <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
		134	`$str .= "<th id=\"sortColumn5\" class=\"cursor-pointer hide-small\"><span class=\"text-nowrap\">Condition <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
		135	`$str .= "<th id=\"sortColumn6\" class=\"cursor-pointer hide-small\"><span class=\"text-nowrap\">Format <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
65	-	136	`$str .= "<th class=\"d-none\">Ceiling Price Number</th>";`
120	-	137	`$str .= "<th id=\"sortColumn7\" class=\"cursor-pointer\"><span class=\"text-nowrap\">Price <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
65	-	138	`$str .= "<th></th><th class=\"d-none\"></th></tr></thead>";`
120	-	139	`$str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';`
		140	`$str .= 'document.addEventListener("DOMContentLoaded", function() {';`
		141	`$str .= ' document.getElementById("sortColumn1").addEventListener("click", function() {';`
		142	`$str .= ' sortTable("wishlistTable", 1, "text");';`
		143	`$str .= ' });';`
		144	`$str .= ' document.getElementById("sortColumn2").addEventListener("click", function() {';`
		145	`$str .= ' sortTable("wishlistTable", 2, "text");';`
		146	`$str .= ' });';`
		147	`$str .= ' document.getElementById("sortColumn4").addEventListener("click", function() {';`
		148	`$str .= ' sortTable("wishlistTable", 4, "text");';`
		149	`$str .= ' });';`
		150	`$str .= ' document.getElementById("sortColumn5").addEventListener("click", function() {';`
		151	`$str .= ' sortTable("wishlistTable", 5, "text");';`
		152	`$str .= ' });';`
		153	`$str .= ' document.getElementById("sortColumn6").addEventListener("click", function() {';`
		154	`$str .= ' sortTable("wishlistTable", 6, "text");';`
		155	`$str .= ' });';`
		156	`$str .= ' document.getElementById("sortColumn7").addEventListener("click", function() {';`
		157	`$str .= ' sortTable("wishlistTable", 7, "numeric");';`
		158	`$str .= ' });';`
		159	`$str .= '});';`
		160	`$str .= '</script>';`
65	-	161	`$str .= "<tbody>";`
46	-	162
65	-	163	`while ($row = mysqli_fetch_assoc($result)) {`
52	-	164	`$artist = (empty($row["artist"]) ? "Various" : sanitizeInput2($row["artist"]));`
		165	`$altText = "Image for " . sanitizeInput2($row['title']) . " by " . $artist;`
46	-	166	`$price = print_monetary($row['price'], $row['currency']);`
52	-	167	`$searchTitle = 'Searching for:<br><br><strong>' . sanitizeInput2($row['title']) . " by " . $artist;`
50	-	168	`if ($row['barcode'] !== null) {`
		169	`$searchTitle .= " (" . displayBarcode($row['barcode']) . ")";`
		170	`}`
52	-	171	`$searchTitle .= "</strong>";`
47	-	172
46	-	173	`$str .= "<tr>";`
118	-	174	`$str .= "<td><img class=\"img-fluid wl-img lazyload\" src=\"data:image/png;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs=\" data-src=\"" . $row["thumbnail"] . "\" alt=\"" . $altText . "\" /></td>";`
65	-	175	`$str .= "<td>$artist</td>";`
		176	`$str .= "<td>" . $row['title'] . "</td>";`
		177	`$str .= "<td class=\"d-none\">" . $row['barcode'] . "</td>";`
121	-	178	`$str .= "<td class=\"hide-medium hide-small\">" . displayBarcode($row['barcode']) . "</td>";`
		179	`$str .= "<td class=\"hide-small\">" . $row['cond'] . "</td>";`
		180	`$str .= "<td class=\"hide-small\">" . $row['format'] . "</td>";`
65	-	181	`$str .= "<td class=\"d-none\">" . $row['price'] . "</td>";`
		182	`$str .= "<td>" . $price . "</td>";`
120	-	183	`$str .= "<td><span class=\"text-nowrap\"><button id=\"wlEditBtn" . $row['id'] . "\" class=\"btn rounded px-1\" type=\"button\" data-toggle=\"tooltip\" title=\"Edit\" aria-label=\"Edit Entry\"><i class=\"material-icons\">edit</i></button>";`
		184	`$str .= "<button id=\"wlDeleteBtn" . $row['id'] . "\" class=\"btn rounded px-1\" type=\"button\" data-toggle=\"tooltip\" title=\"Delete\" aria-label=\"Delete Entry\"><i class=\"material-icons\">cancel_presentation</i></button>";`
		185	`$str .= "<a class=\"btn rounded px-1\" role=\"button\" data-toggle=\"tooltip\" title=\"Information\" aria-label=\"Information for Entry\" href=\"" . htmlentities($row['url']) . "\" target=\"_blank\" rel=\"noreferrer noopener\"><i class=\"material-icons\">info_outline</i></a>";`
		186	`$str .= "<button id=\"wlSearchBtn" . $row['id'] . "\" type=\"submit\" name=\"submit\" value=\"discogsSearch\" class=\"btn rounded px-1\"><i class=\"material-icons\" title=\"Search for Store Offers\" aria-label=\"Search Store Offers for Entry\" data-toggle=\"tooltip\">search</i></button></span></td>";`
65	-	187	`$str .= "<td class=\"d-none\" id=\"wlIdRow" . $row['id'] . "\"></td>";`
52	-	188
120	-	189	`$str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';`
		190	`$str .= 'document.addEventListener("DOMContentLoaded", function() {';`
		191	`$str .= ' document.getElementById("wlEditBtn' . $row['id'] . '").addEventListener("click", function() {';`
		192	`$str .= ' editWishlist("' . $row["id"] . '", document.getElementById("wlEditBtn' . $row['id'] . '"));';`
		193	`$str .= ' });';`
		194	`$str .= ' document.getElementById("wlDeleteBtn' . $row['id'] . '").addEventListener("click", function() {';`
		195	`$str .= ' deleteWishlist("' . $row["id"] . '", document.getElementById("wlDeleteBtn' . $row['id'] . '"),"' . sanitizeInput2($row['title']) . '","' . $artist . '");';`
		196	`$str .= ' });';`
		197	`$str .= ' document.getElementById("wlSearchBtn' . $row['id'] . '").addEventListener("click", function() {';`
		198	`$str .= ' document.getElementById("discogsTitle").value = "' . sanitizeInput2($row["title"]) . '";';`
		199	`$str .= ' document.getElementById("discogsArtist").value = "' . sanitizeInput2($row['artist']) . '";';`
		200	`$str .= ' document.getElementById("discogsBarcode").value = "' . sanitizeInput2($row['barcode']) . '";';`
		201	`$str .= ' progressBar("' . $searchTitle . '");';`
		202	`$str .= ' });';`
		203	`$str .= '});';`
		204	`$str .= '</script>';`
		205
65	-	206	`$str .= "</tr>";`
46	-	207	`}`
52	-	208
46	-	209	`$str .= "</tbody>";`
		210	`$str .= "</table>";`
58	-	211	`$str .= "</div>";`
61	-	212	`$str .= "</form>";`
52	-	213
65	-	214	`$str .= '<div class="modal fade" id="editWishlistModal">';`
		215	`$str .= ' <div class="modal-dialog">';`
		216	`$str .= ' <div class="modal-content">';`
		217	`$str .= ' <div class="modal-header bg-primary">';`
109	-	218	`$str .= ' <p class="modal-title display-6">Edit Wishlist Entry</p>';`
65	-	219	`$str .= ' </div>';`
		220	`$str .= ' <span class="mt-0" id="wlMsg"></span>';`
116	-	221	`$str .= ' <input type="hidden" name="sessionTab" value="' . MySessionHandler::getSessionTab() . '" />';`
		222	`$str .= ' <input type="hidden" name="wlId" id="wlId" />';`
65	-	223	`$str .= ' <div class="modal-body">';`
		224	`$str .= ' <div class="form-group">';`
		225	`$str .= ' <label for="wlArtist">Artist:</label>';`
116	-	226	`$str .= ' <input type="text" class="form-control" id="wlArtist" />';`
65	-	227	`$str .= ' </div>';`
		228	`$str .= ' <div class="form-group">';`
		229	`$str .= ' <label for="wlTitle">Title:</label>';`
116	-	230	`$str .= ' <input type="text" class="form-control" id="wlTitle" />';`
65	-	231	`$str .= ' </div>';`
		232	`$str .= ' <div class="form-group">';`
		233	`$str .= ' <label for="wlBarcode">Barcode:</label>';`
116	-	234	`$str .= ' <input type="text" class="form-control" id="wlBarcode" />';`
65	-	235	`$str .= ' </div>';`
		236	`$str .= ' <div class="form-group">';`
73	-	237	`$str .= ' <label for="wlCond">Condition:</label>';`
		238	`$str .= ' <select class="form-control" id="wlCond">';`
		239	`$str .= ' <option>Any</option>';`
		240	`$str .= ' <option>New</option>';`
		241	`$str .= ' <option>Used</option>';`
		242	`$str .= ' </select>';`
		243	`$str .= ' </div>';`
		244	`$str .= ' <div class="form-group">';`
65	-	245	`$str .= ' <label for="wlFormat">Format:</label>';`
		246	`$str .= ' <select class="form-control" id="wlFormat">';`
		247	`$str .= ' <option>Any</option>';`
		248	`$str .= ' <option>CD</option>';`
		249	`$str .= ' <option>Record</option>';`
		250	`$str .= ' <option>Digital</option>';`
		251	`$str .= ' <option>Book</option>';`
		252	`$str .= ' </select>';`
		253	`$str .= ' </div>';`
		254	`$str .= ' <div class="form-group">';`
		255	`$str .= ' <label for="wlPrice">Ceiling Price:</label>';`
116	-	256	`$str .= ' <input type="text" class="form-control" id="wlPrice" />';`
65	-	257	`$str .= ' </div>';`
		258	`$str .= ' </div>';`
		259	`$str .= ' <div class="modal-footer bg-primary">';`
120	-	260	`$str .= ' <button id="saveEditedWl" type="button" class="btn btn-success" name="submit" value="Save">Save</button>';`
		261	`$str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';`
		262	`$str .= 'document.addEventListener("DOMContentLoaded", function() {';`
		263	`$str .= ' document.getElementById("saveEditedWl").addEventListener("click", function() {';`
		264	`$str .= ' saveEditedWishlist();';`
		265	`$str .= ' });';`
		266	`$str .= '});';`
		267	`$str .= '</script>';`
65	-	268	`$str .= ' <button type="button" class="btn btn-danger" data-dismiss="modal">Cancel</button>';`
		269	`$str .= ' </div>';`
		270	`$str .= ' </div>';`
		271	`$str .= ' </div>';`
		272	`$str .= '</div>';`
		273	`$str .= '</div>';`
		274	`}`
		275	`else {`
116	-	276	`$str .= "<div class=\"container bg-warning text-center py-3\"><p class=\"display-6\"><i class=\"material-icons\">bookmark</i> Your wishlist is currently empty. Add matching albums from the search results.</p></div>";`
46	-	277	`}`
		278	`}`
65	-	279	`else if (mysqli_errno($conn)) {`
		280	`error_log("MySQL Read Wishlist SQL: " . $sql);`
		281	`error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		282	`}`
46	-	283
		284	`return $str;`
52	-	285	`}`
		286
		287	`function deleteWishlist($uid, $id) {`
		288	`$conn = MySessionHandler::getDBSessionId();`
		289
		290	`$id = mysqli_real_escape_string($conn, $id);`
		291	`$uid = mysqli_real_escape_string($conn, $uid);`
		292
		293	`$sql = "DELETE FROM wishlist WHERE id = $id AND uid = $uid;";`
		294
		295	`if (!($result = mysqli_query($conn, $sql))) {`
65	-	296	`error_log("MySQL Delete Wishlist SQL: " . $sql);`
		297	`error_log("MySQL Delete Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		298	`return -1;`
52	-	299	`}`
		300
		301	`return 0;`
		302	`}`
		303
		304	`function updateWishlist($uid, $wlArr) {`
		305	`$nul = 'NULL';`
		306	`$conn = MySessionHandler::getDBSessionId();`
		307
		308	`$modified = mysqli_real_escape_string($conn, time());`
		309
		310	`$id = (empty($wlArr['id']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['id']) . "'");`
		311	`$uid = mysqli_real_escape_string($conn, $uid);`
		312	`$barcode = (empty($wlArr['barcode']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['barcode']) . "'");`
		313	`$title = isset($wlArr['title']) ? "'" . mysqli_real_escape_string($conn, $wlArr['title']) . "'" : "NULL";`
		314	`$artist = isset($wlArr['artist']) ? "'" . mysqli_real_escape_string($conn, $wlArr['artist']) . "'" : "NULL";`
73	-	315	`$cond = isset($wlArr['cond']) ? mysqli_real_escape_string($conn, $wlArr['cond']) : "Any";`
52	-	316	`$format = isset($wlArr['format']) ? mysqli_real_escape_string($conn, $wlArr['format']) : "Any";`
		317	`$currency = 'USD'; //bugbug`
		318	`$price = isset($wlArr['price']) ? "'" . mysqli_real_escape_string($conn, $wlArr['price']) . "'" : "NULL";`
		319
		320	`$sql = "UPDATE wishlist`
73	-	321	`SET modified='$modified', barcode=" . $barcode . ", title=" . $title . ", artist=" . $artist . ", cond='$cond', format='$format', price=" . $price . "`
52	-	322	`WHERE id=$id and uid=$uid";`
		323
		324	`if ($result = mysqli_query($conn, $sql)) {`
		325	`return 0;`
65	-	326	`}`
		327	`else {`
52	-	328	`error_log("MySQL Update Wishlist SQL: " . $sql);`
		329	`error_log("MySQL Update Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		330	`return -1;`
		331	`}`
		332
		333	`return -1;`
		334	`}`
73	-	335
		336	`function unsubscribeWishlist($arr) {`
116	-	337	`if (empty($arr['id']) \|\| empty($arr['email'])) {`
		338	`return "";`
		339	`}`
73	-	340	`$conn = MySessionHandler::getDBSessionId();`
		341
		342	`$modified = mysqli_real_escape_string($conn, time());`
		343
		344	`$id = mysqli_real_escape_string($conn, $arr['id']);`
		345	`$email = mysqli_real_escape_string($conn, $arr['email']);`
		346
		347	`$sql = "UPDATE users`
		348	`SET wlEmailFlag = '0'`
		349	`WHERE id=$id and email='$email'";`
		350
		351	`if (!($result = mysqli_query($conn, $sql))) {`
		352	`error_log("MySQL Update Wishlist SQL: " . $sql);`
		353	`error_log("MySQL Update Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		354	`}`
		355
		356	`$str = "<div class=\"container text-center bg-warning p-3 rounded\">";`
		357	`$str .= "<p class=\"display-6 font-weight-bold\">The wishlist price check emails for " . $email . " have been turned off</p>";`
		358	`$str .= "<p>You can reinstate the emails at any time by setting the option 'Email Price Checks' for your account back to 'Yes'.</p>";`
		359	`$str .= "</div>";`
		360
		361	`return $str;`
		362	`}`
78	-	363
		364	`function checkPriceMonitor() {`
		365	`if (empty($_SESSION['sessData']['userID'])) {`
		366	`unset($_SESSION['priceMonitor']);`
		367	`return -1;`
		368	`}`
		369
		370	`$conn = MySessionHandler::getDBSessionId();`
		371
		372	`$uid = $_SESSION['sessData']['userID'];`
		373
		374	`$sql = "SELECT created, access`
		375	`FROM pricemonitor`
		376	`WHERE userId = '$uid'";`
		377
		378	`if ($result = mysqli_query($conn, $sql)) {`
		379	`if (mysqli_num_rows($result) > 0) {`
		380	`if ($row = mysqli_fetch_assoc($result)) {`
		381	`$_SESSION['priceMonitor']['created'] = $row['created'];`
		382	`$_SESSION['priceMonitor']['access'] = $row['access'];`
110	-	383	`if ($_SESSION['priceMonitor']['created'] > $_SESSION['priceMonitor']['access']) {`
79	-	384	`$_SESSION['priceMonitor']['newFlag'] = true;`
		385	`} else {`
		386	`$_SESSION['priceMonitor']['newFlag'] = false;`
		387	`}`
78	-	388
		389	`return 0;`
		390	`}`
		391	`}`
		392	`}`
		393	`else if (mysqli_errno($conn)) {`
		394	`error_log("MySQL Read Price Monitor SQL: " . $sql);`
		395	`error_log("MySQL Read Price Monitor Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		396	`}`
		397
		398	`return -1;`
		399	`}`
		400
		401
		402	`function getPriceMonitor() {`
107	-	403	`if (!isLoggedIn()) {`
116	-	404	`return ('<div class="container bg-warning text-center py-3"><p class="display-6"><i class="material-icons">error_outline</i> Please login to your Find Cheap Music account in order to see the price monitor results.</p></div>');`
107	-	405	`}`
		406
78	-	407	`$conn = MySessionHandler::getDBSessionId();`
		408
		409	`$uid = $_SESSION['sessData']['userID'];`
		410
		411	`$sql = "SELECT data`
		412	`FROM pricemonitor`
		413	`WHERE userId = '$uid'";`
		414
		415	`if ($result = mysqli_query($conn, $sql)) {`
		416	`if (mysqli_num_rows($result) > 0) {`
		417	`if ($row = mysqli_fetch_assoc($result)) {`
		418	`$access = mysqli_real_escape_string($conn, time());`
		419	`$sql = "UPDATE pricemonitor`
		420	`SET access = $access`
		421	`WHERE userId = '$uid'";`
		422	`if (!($result = mysqli_query($conn, $sql))) {`
		423	`error_log("MySQL Update Price Monitor SQL: " . $sql);`
		424	`error_log("MySQL Update Price Monitor Error: " . mysqli_error($conn) . " (" . $error . ")");`
		425	`}`
		426
121	-	427	`$html = gzdecode(base64_decode($row['data']));`
		428	`$html = str_replace(base64_encode("xxxNONCExxx"), base64_encode($_SESSION["nonce"]), $html);`
		429	`return ($html);`
78	-	430	`}`
		431	`}`
		432	`}`
		433	`else if (mysqli_errno($conn)) {`
		434	`error_log("MySQL Read Price Monitor SQL: " . $sql);`
		435	`error_log("MySQL Read Price Monitor Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		436	`}`
		437
116	-	438	`return ('<div class="container bg-warning text-center py-3"><p class="display-6"><i class="material-icons">bookmark</i> Your price monitor list is currently empty.</p></div>');`
78	-	439	`}`

Subversion Repositories cheapmusic

(root)/www/php/wishlist.php – Rev 121