WebSVN – cheapmusic – Blame – /www/php/wishlist.php

Rev	Author	Line No.	Line
45	-	1	`<?php`
65	-	2	`include_once ('php/clsLibGTIN.php');`
		3	`include_once ('php/constants.php');`
45	-	4
		5	`error_reporting(E_ALL);`
		6
65	-	7	`// add new entry to wishlist`
52	-	8	`function addWishlist($uid, $wlArr) {`
50	-	9	`$nul = 'NULL';`
45	-	10	`$conn = MySessionHandler::getDBSessionId();`
		11
		12	`$created = mysqli_real_escape_string($conn, time());`
		13	`$modified = $created;`
		14
52	-	15	`$uid = mysqli_real_escape_string($conn, $uid);`
		16	`$mid = isset($wlArr->{'mid'}) ? mysqli_real_escape_string($conn, $wlArr->{'mid'}) : "";`
		17	`$rid = isset($wlArr->{'rid'}) ? mysqli_real_escape_string($conn, $wlArr->{'rid'}) : "";`
81	-	18	`$asin = isset($wlArr->{'asin'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'asin'}) . "'" : "NULL";`
50	-	19	`$barcode = (empty($wlArr->{'barcode'}) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr->{'barcode'}) . "'");`
		20	`$title = isset($wlArr->{'title'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'title'}) . "'" : "NULL";`
		21	`$artist = isset($wlArr->{'artist'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'artist'}) . "'" : "NULL";`
73	-	22	`$cond = 'Any';`
45	-	23	`$format = 'Any';`
46	-	24	`$currency = 'USD'; //bugbug`
45	-	25	`$price = 'NULL';`
50	-	26	`$url = isset($wlArr->{'url'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'url'}) . "'" : "NULL";`
		27	`$thumbnail = isset($wlArr->{'thumbnail'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'thumbnail'}) . "'" : "NULL";`
96	-	28	`$ip = inet_pton($_SERVER['REMOTE_ADDR']);`
45	-	29
		30	`$sql = "INSERT`
		31	`INTO wishlist`
96	-	32	`(id, created, ip, modified, uid, mid, rid, asin, barcode, title, artist, cond, format, currency, price, url, thumbnail)`
		33	`VALUES (NULL, '$created', '$ip', '$modified', '$uid', '$mid', '$rid', " . $asin . ", " . $barcode . ", " . $title . ", " . $artist . ", '$cond', '$format', '$currency', '$price', " . $url . ", " . $thumbnail . ")";`
45	-	34
		35	`if ($result = mysqli_query($conn, $sql)) {`
52	-	36	`return 0;`
65	-	37	`}`
		38	`else {`
45	-	39	`$error = mysqli_errno($conn);`
		40	`if ($error == 1062) {`
52	-	41	`return 1;`
65	-	42	`}`
		43	`else {`
45	-	44	`error_log("MySQL Read Wishlist SQL: " . $sql);`
52	-	45	`error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		46	`return -1;`
45	-	47	`}`
		48	`}`
		49
52	-	50	`return -1;`
45	-	51	`}`
		52
46	-	53	`function checkWishlist($type, $id) {`
45	-	54	`$conn = MySessionHandler::getDBSessionId();`
81	-	55	`if ($type == "master") {`
		56	`$colName = "mid";`
		57	`} else if ($type == "release") {`
		58	`$colName = "rid";`
		59	`} else if ($type == "asin") {`
		60	`$colName = "asin";`
		61	`}`
45	-	62
52	-	63	`$uid = mysqli_real_escape_string($conn, $_SESSION['sessData']['userID']);`
45	-	64
		65	`$sql = "SELECT id`
		66	`FROM wishlist`
81	-	67	`WHERE uid = '$uid' and $colName = '$id'";`
45	-	68
		69	`if ($result = mysqli_query($conn, $sql)) {`
		70	`if (mysqli_num_rows($result) > 0) {`
		71	`return true;`
		72	`}`
		73	`}`
65	-	74	`else if (mysqli_errno($conn)) {`
		75	`error_log("MySQL Check Wishlist SQL: " . $sql);`
		76	`error_log("MySQL Check Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		77	`return true;`
		78	`}`
45	-	79
		80	`return false;`
46	-	81	`}`
		82
		83	`function getWishlist() {`
107	-	84	`if (!isLoggedIn()) {`
116	-	85	`return ('<div class="container bg-warning text-center py-3"><p class="display-6"><i class="material-icons">error_outline</i> Please login to your Find Cheap Music account in order to maintain the wishlist.</p></div>');`
107	-	86	`}`
		87
46	-	88	`$str = '';`
		89	`$conn = MySessionHandler::getDBSessionId();`
		90
		91	`$uid = $_SESSION['sessData']['userID'];`
		92
		93	`$sql = "SELECT *`
		94	`FROM wishlist`
		95	`WHERE uid = '$uid'";`
		96
		97	`if ($result = mysqli_query($conn, $sql)) {`
		98	`if (mysqli_num_rows($result) > 0) {`
58	-	99	`$str .= "<div class=\"container\">";`
52	-	100	`$str .= "<div class=\"input-group mt-3\">";`
		101	`$str .= "<div class=\"input-group-prepend\">";`
116	-	102	`$str .= "<span class=\"input-group-text\"><i class=\"material-icons\">search</i></span>";`
52	-	103	`$str .= "</div>";`
120	-	104	`$str .= "<input type=\"text\" class=\"form-control\" id=\"tableFilter\" placeholder=\"Search for..\" aria-label=\"Search for entry\" />";`
52	-	105	`$str .= "<div class=\"input-group-append\" id=\"tableFilterButton\">";`
120	-	106	`$str .= "<button id=\"tableFilterReset\" type=\"button\" class=\"btn rounded\"><i class=\"material-icons\">cancel_presentation</i></button>";`
52	-	107	`$str .= "</div>";`
120	-	108	`$str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';`
		109	`$str .= 'document.addEventListener("DOMContentLoaded", function() {';`
		110	`$str .= ' document.getElementById("tableFilter").addEventListener("keyup", function() {';`
		111	`$str .= ' filterWishlist();';`
		112	`$str .= ' });';`
		113	`$str .= ' document.getElementById("tableFilterReset").addEventListener("click", function() {';`
		114	`$str .= ' document.getElementById("tableFilter").value = "";';`
		115	`$str .= ' filterWishlist();';`
		116	`$str .= ' });';`
		117	`$str .= '});';`
		118	`$str .= '</script>';`
52	-	119	`$str .= "</div>";`
		120
61	-	121	`$str .= "<form method=\"post\" action=\"/index.php\">";`
116	-	122	`$str .= "<input type=\"hidden\" name=\"sessionTab\" value=\"" . MySessionHandler::getSessionTab() . "\" />";`
		123	`$str .= "<input id=\"discogsTitle\" type=\"hidden\" name=\"discogsTitle\" value=\"\" />";`
		124	`$str .= "<input id=\"discogsArtist\" type=\"hidden\" name=\"discogsArtist\" value=\"\" />";`
		125	`$str .= "<input id=\"discogsBarcode\" type=\"hidden\" name=\"discogsBarcode\" value=\"\" />";`
122	-	126	`$str .= "<input type=\"hidden\" name=\"nonce\" value=\"" . $_SESSION["nonce"] . "\" />";`
81	-	127	`$str .= "<div class=\"table\">";`
68	-	128	`$str .= "<table id=\"wishlistTable\" class=\"table table-striped table-condensed table-hover small bg-info\">";`
81	-	129	`$str .= "<thead class=\"thead-dark table-header-sticky\">";`
65	-	130	`$str .= "<tr><th></th>";`
120	-	131	`$str .= "<th id=\"sortColumn1\" class=\"text-left cursor-pointer\"><span class=\"nowrap\">Artist <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
		132	`$str .= "<th id=\"sortColumn2\" class=\"text-left cursor-pointer\"><span class=\"text-nowrap\">Title <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
		133	`$str .= "<th id=\"sortColumn3\" class=\"d-none\"></th>";`
121	-	134	`$str .= "<th id=\"sortColumn4\" class=\"cursor-pointer hide-medium hide-small\"><span class=\"text-nowrap\">Barcode <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
		135	`$str .= "<th id=\"sortColumn5\" class=\"cursor-pointer hide-small\"><span class=\"text-nowrap\">Condition <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
		136	`$str .= "<th id=\"sortColumn6\" class=\"cursor-pointer hide-small\"><span class=\"text-nowrap\">Format <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
65	-	137	`$str .= "<th class=\"d-none\">Ceiling Price Number</th>";`
120	-	138	`$str .= "<th id=\"sortColumn7\" class=\"cursor-pointer\"><span class=\"text-nowrap\">Price <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
65	-	139	`$str .= "<th></th><th class=\"d-none\"></th></tr></thead>";`
120	-	140	`$str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';`
		141	`$str .= 'document.addEventListener("DOMContentLoaded", function() {';`
		142	`$str .= ' document.getElementById("sortColumn1").addEventListener("click", function() {';`
		143	`$str .= ' sortTable("wishlistTable", 1, "text");';`
		144	`$str .= ' });';`
		145	`$str .= ' document.getElementById("sortColumn2").addEventListener("click", function() {';`
		146	`$str .= ' sortTable("wishlistTable", 2, "text");';`
		147	`$str .= ' });';`
		148	`$str .= ' document.getElementById("sortColumn4").addEventListener("click", function() {';`
		149	`$str .= ' sortTable("wishlistTable", 4, "text");';`
		150	`$str .= ' });';`
		151	`$str .= ' document.getElementById("sortColumn5").addEventListener("click", function() {';`
		152	`$str .= ' sortTable("wishlistTable", 5, "text");';`
		153	`$str .= ' });';`
		154	`$str .= ' document.getElementById("sortColumn6").addEventListener("click", function() {';`
		155	`$str .= ' sortTable("wishlistTable", 6, "text");';`
		156	`$str .= ' });';`
		157	`$str .= ' document.getElementById("sortColumn7").addEventListener("click", function() {';`
		158	`$str .= ' sortTable("wishlistTable", 7, "numeric");';`
		159	`$str .= ' });';`
		160	`$str .= '});';`
		161	`$str .= '</script>';`
65	-	162	`$str .= "<tbody>";`
46	-	163
65	-	164	`while ($row = mysqli_fetch_assoc($result)) {`
52	-	165	`$artist = (empty($row["artist"]) ? "Various" : sanitizeInput2($row["artist"]));`
		166	`$altText = "Image for " . sanitizeInput2($row['title']) . " by " . $artist;`
46	-	167	`$price = print_monetary($row['price'], $row['currency']);`
52	-	168	`$searchTitle = 'Searching for:<br><br><strong>' . sanitizeInput2($row['title']) . " by " . $artist;`
50	-	169	`if ($row['barcode'] !== null) {`
		170	`$searchTitle .= " (" . displayBarcode($row['barcode']) . ")";`
		171	`}`
52	-	172	`$searchTitle .= "</strong>";`
47	-	173
46	-	174	`$str .= "<tr>";`
118	-	175	`$str .= "<td><img class=\"img-fluid wl-img lazyload\" src=\"data:image/png;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs=\" data-src=\"" . $row["thumbnail"] . "\" alt=\"" . $altText . "\" /></td>";`
65	-	176	`$str .= "<td>$artist</td>";`
		177	`$str .= "<td>" . $row['title'] . "</td>";`
		178	`$str .= "<td class=\"d-none\">" . $row['barcode'] . "</td>";`
121	-	179	`$str .= "<td class=\"hide-medium hide-small\">" . displayBarcode($row['barcode']) . "</td>";`
		180	`$str .= "<td class=\"hide-small\">" . $row['cond'] . "</td>";`
		181	`$str .= "<td class=\"hide-small\">" . $row['format'] . "</td>";`
65	-	182	`$str .= "<td class=\"d-none\">" . $row['price'] . "</td>";`
		183	`$str .= "<td>" . $price . "</td>";`
120	-	184	`$str .= "<td><span class=\"text-nowrap\"><button id=\"wlEditBtn" . $row['id'] . "\" class=\"btn rounded px-1\" type=\"button\" data-toggle=\"tooltip\" title=\"Edit\" aria-label=\"Edit Entry\"><i class=\"material-icons\">edit</i></button>";`
		185	`$str .= "<button id=\"wlDeleteBtn" . $row['id'] . "\" class=\"btn rounded px-1\" type=\"button\" data-toggle=\"tooltip\" title=\"Delete\" aria-label=\"Delete Entry\"><i class=\"material-icons\">cancel_presentation</i></button>";`
		186	`$str .= "<a class=\"btn rounded px-1\" role=\"button\" data-toggle=\"tooltip\" title=\"Information\" aria-label=\"Information for Entry\" href=\"" . htmlentities($row['url']) . "\" target=\"_blank\" rel=\"noreferrer noopener\"><i class=\"material-icons\">info_outline</i></a>";`
		187	`$str .= "<button id=\"wlSearchBtn" . $row['id'] . "\" type=\"submit\" name=\"submit\" value=\"discogsSearch\" class=\"btn rounded px-1\"><i class=\"material-icons\" title=\"Search for Store Offers\" aria-label=\"Search Store Offers for Entry\" data-toggle=\"tooltip\">search</i></button></span></td>";`
65	-	188	`$str .= "<td class=\"d-none\" id=\"wlIdRow" . $row['id'] . "\"></td>";`
52	-	189
120	-	190	`$str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';`
		191	`$str .= 'document.addEventListener("DOMContentLoaded", function() {';`
		192	`$str .= ' document.getElementById("wlEditBtn' . $row['id'] . '").addEventListener("click", function() {';`
		193	`$str .= ' editWishlist("' . $row["id"] . '", document.getElementById("wlEditBtn' . $row['id'] . '"));';`
		194	`$str .= ' });';`
		195	`$str .= ' document.getElementById("wlDeleteBtn' . $row['id'] . '").addEventListener("click", function() {';`
		196	`$str .= ' deleteWishlist("' . $row["id"] . '", document.getElementById("wlDeleteBtn' . $row['id'] . '"),"' . sanitizeInput2($row['title']) . '","' . $artist . '");';`
		197	`$str .= ' });';`
		198	`$str .= ' document.getElementById("wlSearchBtn' . $row['id'] . '").addEventListener("click", function() {';`
		199	`$str .= ' document.getElementById("discogsTitle").value = "' . sanitizeInput2($row["title"]) . '";';`
		200	`$str .= ' document.getElementById("discogsArtist").value = "' . sanitizeInput2($row['artist']) . '";';`
		201	`$str .= ' document.getElementById("discogsBarcode").value = "' . sanitizeInput2($row['barcode']) . '";';`
		202	`$str .= ' progressBar("' . $searchTitle . '");';`
		203	`$str .= ' });';`
		204	`$str .= '});';`
		205	`$str .= '</script>';`
		206
65	-	207	`$str .= "</tr>";`
46	-	208	`}`
52	-	209
46	-	210	`$str .= "</tbody>";`
		211	`$str .= "</table>";`
58	-	212	`$str .= "</div>";`
61	-	213	`$str .= "</form>";`
52	-	214
65	-	215	`$str .= '<div class="modal fade" id="editWishlistModal">';`
		216	`$str .= ' <div class="modal-dialog">';`
		217	`$str .= ' <div class="modal-content">';`
		218	`$str .= ' <div class="modal-header bg-primary">';`
109	-	219	`$str .= ' <p class="modal-title display-6">Edit Wishlist Entry</p>';`
65	-	220	`$str .= ' </div>';`
		221	`$str .= ' <span class="mt-0" id="wlMsg"></span>';`
116	-	222	`$str .= ' <input type="hidden" name="sessionTab" value="' . MySessionHandler::getSessionTab() . '" />';`
		223	`$str .= ' <input type="hidden" name="wlId" id="wlId" />';`
65	-	224	`$str .= ' <div class="modal-body">';`
		225	`$str .= ' <div class="form-group">';`
		226	`$str .= ' <label for="wlArtist">Artist:</label>';`
116	-	227	`$str .= ' <input type="text" class="form-control" id="wlArtist" />';`
65	-	228	`$str .= ' </div>';`
		229	`$str .= ' <div class="form-group">';`
		230	`$str .= ' <label for="wlTitle">Title:</label>';`
116	-	231	`$str .= ' <input type="text" class="form-control" id="wlTitle" />';`
65	-	232	`$str .= ' </div>';`
		233	`$str .= ' <div class="form-group">';`
		234	`$str .= ' <label for="wlBarcode">Barcode:</label>';`
116	-	235	`$str .= ' <input type="text" class="form-control" id="wlBarcode" />';`
65	-	236	`$str .= ' </div>';`
		237	`$str .= ' <div class="form-group">';`
73	-	238	`$str .= ' <label for="wlCond">Condition:</label>';`
		239	`$str .= ' <select class="form-control" id="wlCond">';`
		240	`$str .= ' <option>Any</option>';`
		241	`$str .= ' <option>New</option>';`
		242	`$str .= ' <option>Used</option>';`
		243	`$str .= ' </select>';`
		244	`$str .= ' </div>';`
		245	`$str .= ' <div class="form-group">';`
65	-	246	`$str .= ' <label for="wlFormat">Format:</label>';`
		247	`$str .= ' <select class="form-control" id="wlFormat">';`
		248	`$str .= ' <option>Any</option>';`
		249	`$str .= ' <option>CD</option>';`
		250	`$str .= ' <option>Record</option>';`
		251	`$str .= ' <option>Digital</option>';`
		252	`$str .= ' <option>Book</option>';`
		253	`$str .= ' </select>';`
		254	`$str .= ' </div>';`
		255	`$str .= ' <div class="form-group">';`
		256	`$str .= ' <label for="wlPrice">Ceiling Price:</label>';`
116	-	257	`$str .= ' <input type="text" class="form-control" id="wlPrice" />';`
65	-	258	`$str .= ' </div>';`
		259	`$str .= ' </div>';`
		260	`$str .= ' <div class="modal-footer bg-primary">';`
120	-	261	`$str .= ' <button id="saveEditedWl" type="button" class="btn btn-success" name="submit" value="Save">Save</button>';`
		262	`$str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';`
		263	`$str .= 'document.addEventListener("DOMContentLoaded", function() {';`
		264	`$str .= ' document.getElementById("saveEditedWl").addEventListener("click", function() {';`
		265	`$str .= ' saveEditedWishlist();';`
		266	`$str .= ' });';`
		267	`$str .= '});';`
		268	`$str .= '</script>';`
65	-	269	`$str .= ' <button type="button" class="btn btn-danger" data-dismiss="modal">Cancel</button>';`
		270	`$str .= ' </div>';`
		271	`$str .= ' </div>';`
		272	`$str .= ' </div>';`
		273	`$str .= '</div>';`
		274	`$str .= '</div>';`
		275	`}`
		276	`else {`
116	-	277	`$str .= "<div class=\"container bg-warning text-center py-3\"><p class=\"display-6\"><i class=\"material-icons\">bookmark</i> Your wishlist is currently empty. Add matching albums from the search results.</p></div>";`
46	-	278	`}`
		279	`}`
65	-	280	`else if (mysqli_errno($conn)) {`
		281	`error_log("MySQL Read Wishlist SQL: " . $sql);`
		282	`error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		283	`}`
46	-	284
		285	`return $str;`
52	-	286	`}`
		287
		288	`function deleteWishlist($uid, $id) {`
		289	`$conn = MySessionHandler::getDBSessionId();`
		290
		291	`$id = mysqli_real_escape_string($conn, $id);`
		292	`$uid = mysqli_real_escape_string($conn, $uid);`
		293
		294	`$sql = "DELETE FROM wishlist WHERE id = $id AND uid = $uid;";`
		295
		296	`if (!($result = mysqli_query($conn, $sql))) {`
65	-	297	`error_log("MySQL Delete Wishlist SQL: " . $sql);`
		298	`error_log("MySQL Delete Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		299	`return -1;`
52	-	300	`}`
		301
		302	`return 0;`
		303	`}`
		304
		305	`function updateWishlist($uid, $wlArr) {`
		306	`$nul = 'NULL';`
		307	`$conn = MySessionHandler::getDBSessionId();`
		308
		309	`$modified = mysqli_real_escape_string($conn, time());`
		310
		311	`$id = (empty($wlArr['id']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['id']) . "'");`
		312	`$uid = mysqli_real_escape_string($conn, $uid);`
		313	`$barcode = (empty($wlArr['barcode']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['barcode']) . "'");`
		314	`$title = isset($wlArr['title']) ? "'" . mysqli_real_escape_string($conn, $wlArr['title']) . "'" : "NULL";`
		315	`$artist = isset($wlArr['artist']) ? "'" . mysqli_real_escape_string($conn, $wlArr['artist']) . "'" : "NULL";`
73	-	316	`$cond = isset($wlArr['cond']) ? mysqli_real_escape_string($conn, $wlArr['cond']) : "Any";`
52	-	317	`$format = isset($wlArr['format']) ? mysqli_real_escape_string($conn, $wlArr['format']) : "Any";`
		318	`$currency = 'USD'; //bugbug`
		319	`$price = isset($wlArr['price']) ? "'" . mysqli_real_escape_string($conn, $wlArr['price']) . "'" : "NULL";`
		320
		321	`$sql = "UPDATE wishlist`
73	-	322	`SET modified='$modified', barcode=" . $barcode . ", title=" . $title . ", artist=" . $artist . ", cond='$cond', format='$format', price=" . $price . "`
52	-	323	`WHERE id=$id and uid=$uid";`
		324
		325	`if ($result = mysqli_query($conn, $sql)) {`
		326	`return 0;`
65	-	327	`}`
		328	`else {`
52	-	329	`error_log("MySQL Update Wishlist SQL: " . $sql);`
		330	`error_log("MySQL Update Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		331	`return -1;`
		332	`}`
		333
		334	`return -1;`
		335	`}`
73	-	336
		337	`function unsubscribeWishlist($arr) {`
116	-	338	`if (empty($arr['id']) \|\| empty($arr['email'])) {`
		339	`return "";`
		340	`}`
73	-	341	`$conn = MySessionHandler::getDBSessionId();`
		342
		343	`$modified = mysqli_real_escape_string($conn, time());`
		344
		345	`$id = mysqli_real_escape_string($conn, $arr['id']);`
		346	`$email = mysqli_real_escape_string($conn, $arr['email']);`
		347
		348	`$sql = "UPDATE users`
		349	`SET wlEmailFlag = '0'`
		350	`WHERE id=$id and email='$email'";`
		351
		352	`if (!($result = mysqli_query($conn, $sql))) {`
		353	`error_log("MySQL Update Wishlist SQL: " . $sql);`
		354	`error_log("MySQL Update Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		355	`}`
		356
		357	`$str = "<div class=\"container text-center bg-warning p-3 rounded\">";`
		358	`$str .= "<p class=\"display-6 font-weight-bold\">The wishlist price check emails for " . $email . " have been turned off</p>";`
		359	`$str .= "<p>You can reinstate the emails at any time by setting the option 'Email Price Checks' for your account back to 'Yes'.</p>";`
		360	`$str .= "</div>";`
		361
		362	`return $str;`
		363	`}`
78	-	364
		365	`function checkPriceMonitor() {`
		366	`if (empty($_SESSION['sessData']['userID'])) {`
		367	`unset($_SESSION['priceMonitor']);`
		368	`return -1;`
		369	`}`
		370
		371	`$conn = MySessionHandler::getDBSessionId();`
		372
		373	`$uid = $_SESSION['sessData']['userID'];`
		374
		375	`$sql = "SELECT created, access`
		376	`FROM pricemonitor`
		377	`WHERE userId = '$uid'";`
		378
		379	`if ($result = mysqli_query($conn, $sql)) {`
		380	`if (mysqli_num_rows($result) > 0) {`
		381	`if ($row = mysqli_fetch_assoc($result)) {`
		382	`$_SESSION['priceMonitor']['created'] = $row['created'];`
		383	`$_SESSION['priceMonitor']['access'] = $row['access'];`
110	-	384	`if ($_SESSION['priceMonitor']['created'] > $_SESSION['priceMonitor']['access']) {`
79	-	385	`$_SESSION['priceMonitor']['newFlag'] = true;`
		386	`} else {`
		387	`$_SESSION['priceMonitor']['newFlag'] = false;`
		388	`}`
78	-	389
		390	`return 0;`
		391	`}`
		392	`}`
		393	`}`
		394	`else if (mysqli_errno($conn)) {`
		395	`error_log("MySQL Read Price Monitor SQL: " . $sql);`
		396	`error_log("MySQL Read Price Monitor Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		397	`}`
		398
		399	`return -1;`
		400	`}`
		401
		402
		403	`function getPriceMonitor() {`
107	-	404	`if (!isLoggedIn()) {`
116	-	405	`return ('<div class="container bg-warning text-center py-3"><p class="display-6"><i class="material-icons">error_outline</i> Please login to your Find Cheap Music account in order to see the price monitor results.</p></div>');`
107	-	406	`}`
		407
78	-	408	`$conn = MySessionHandler::getDBSessionId();`
		409
		410	`$uid = $_SESSION['sessData']['userID'];`
		411
		412	`$sql = "SELECT data`
		413	`FROM pricemonitor`
		414	`WHERE userId = '$uid'";`
		415
		416	`if ($result = mysqli_query($conn, $sql)) {`
		417	`if (mysqli_num_rows($result) > 0) {`
		418	`if ($row = mysqli_fetch_assoc($result)) {`
		419	`$access = mysqli_real_escape_string($conn, time());`
		420	`$sql = "UPDATE pricemonitor`
		421	`SET access = $access`
		422	`WHERE userId = '$uid'";`
		423	`if (!($result = mysqli_query($conn, $sql))) {`
		424	`error_log("MySQL Update Price Monitor SQL: " . $sql);`
		425	`error_log("MySQL Update Price Monitor Error: " . mysqli_error($conn) . " (" . $error . ")");`
		426	`}`
		427
121	-	428	`$html = gzdecode(base64_decode($row['data']));`
		429	`$html = str_replace(base64_encode("xxxNONCExxx"), base64_encode($_SESSION["nonce"]), $html);`
		430	`return ($html);`
78	-	431	`}`
		432	`}`
		433	`}`
		434	`else if (mysqli_errno($conn)) {`
		435	`error_log("MySQL Read Price Monitor SQL: " . $sql);`
		436	`error_log("MySQL Read Price Monitor Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		437	`}`
		438
116	-	439	`return ('<div class="container bg-warning text-center py-3"><p class="display-6"><i class="material-icons">bookmark</i> Your price monitor list is currently empty.</p></div>');`
78	-	440	`}`

Subversion Repositories cheapmusic

(root)/www/php/wishlist.php – Rev 122