WebSVN – cheapmusic – Blame – /www/php/wishlist.php

Rev	Author	Line No.	Line
45	-	1	`<?php`
65	-	2	`include_once ('php/clsLibGTIN.php');`
		3	`include_once ('php/constants.php');`
45	-	4
		5	`error_reporting(E_ALL);`
		6
65	-	7	`// add new entry to wishlist`
52	-	8	`function addWishlist($uid, $wlArr) {`
50	-	9	`$nul = 'NULL';`
45	-	10	`$conn = MySessionHandler::getDBSessionId();`
		11
		12	`$created = mysqli_real_escape_string($conn, time());`
		13	`$modified = $created;`
		14
52	-	15	`$uid = mysqli_real_escape_string($conn, $uid);`
		16	`$mid = isset($wlArr->{'mid'}) ? mysqli_real_escape_string($conn, $wlArr->{'mid'}) : "";`
		17	`$rid = isset($wlArr->{'rid'}) ? mysqli_real_escape_string($conn, $wlArr->{'rid'}) : "";`
81	-	18	`$asin = isset($wlArr->{'asin'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'asin'}) . "'" : "NULL";`
50	-	19	`$barcode = (empty($wlArr->{'barcode'}) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr->{'barcode'}) . "'");`
		20	`$title = isset($wlArr->{'title'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'title'}) . "'" : "NULL";`
		21	`$artist = isset($wlArr->{'artist'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'artist'}) . "'" : "NULL";`
73	-	22	`$cond = 'Any';`
45	-	23	`$format = 'Any';`
46	-	24	`$currency = 'USD'; //bugbug`
45	-	25	`$price = 'NULL';`
50	-	26	`$url = isset($wlArr->{'url'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'url'}) . "'" : "NULL";`
		27	`$thumbnail = isset($wlArr->{'thumbnail'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'thumbnail'}) . "'" : "NULL";`
96	-	28	`$ip = inet_pton($_SERVER['REMOTE_ADDR']);`
45	-	29
		30	`$sql = "INSERT`
		31	`INTO wishlist`
96	-	32	`(id, created, ip, modified, uid, mid, rid, asin, barcode, title, artist, cond, format, currency, price, url, thumbnail)`
		33	`VALUES (NULL, '$created', '$ip', '$modified', '$uid', '$mid', '$rid', " . $asin . ", " . $barcode . ", " . $title . ", " . $artist . ", '$cond', '$format', '$currency', '$price', " . $url . ", " . $thumbnail . ")";`
45	-	34
		35	`if ($result = mysqli_query($conn, $sql)) {`
52	-	36	`return 0;`
65	-	37	`}`
		38	`else {`
45	-	39	`$error = mysqli_errno($conn);`
		40	`if ($error == 1062) {`
52	-	41	`return 1;`
65	-	42	`}`
		43	`else {`
45	-	44	`error_log("MySQL Read Wishlist SQL: " . $sql);`
52	-	45	`error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		46	`return -1;`
45	-	47	`}`
		48	`}`
		49
52	-	50	`return -1;`
45	-	51	`}`
		52
46	-	53	`function checkWishlist($type, $id) {`
45	-	54	`$conn = MySessionHandler::getDBSessionId();`
81	-	55	`if ($type == "master") {`
		56	`$colName = "mid";`
		57	`} else if ($type == "release") {`
		58	`$colName = "rid";`
		59	`} else if ($type == "asin") {`
		60	`$colName = "asin";`
		61	`}`
45	-	62
52	-	63	`$uid = mysqli_real_escape_string($conn, $_SESSION['sessData']['userID']);`
45	-	64
		65	`$sql = "SELECT id`
		66	`FROM wishlist`
81	-	67	`WHERE uid = '$uid' and $colName = '$id'";`
45	-	68
		69	`if ($result = mysqli_query($conn, $sql)) {`
		70	`if (mysqli_num_rows($result) > 0) {`
		71	`return true;`
		72	`}`
		73	`}`
65	-	74	`else if (mysqli_errno($conn)) {`
		75	`error_log("MySQL Check Wishlist SQL: " . $sql);`
		76	`error_log("MySQL Check Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		77	`return true;`
		78	`}`
45	-	79
		80	`return false;`
46	-	81	`}`
		82
		83	`function getWishlist() {`
107	-	84	`if (!isLoggedIn()) {`
116	-	85	`return ('<div class="container bg-warning text-center py-3"><p class="display-6"><i class="material-icons">error_outline</i> Please login to your Find Cheap Music account in order to maintain the wishlist.</p></div>');`
107	-	86	`}`
		87
46	-	88	`$str = '';`
		89	`$conn = MySessionHandler::getDBSessionId();`
		90
		91	`$uid = $_SESSION['sessData']['userID'];`
		92
		93	`$sql = "SELECT *`
		94	`FROM wishlist`
		95	`WHERE uid = '$uid'";`
		96
		97	`if ($result = mysqli_query($conn, $sql)) {`
		98	`if (mysqli_num_rows($result) > 0) {`
58	-	99	`$str .= "<div class=\"container\">";`
52	-	100	`$str .= "<div class=\"input-group mt-3\">";`
		101	`$str .= "<div class=\"input-group-prepend\">";`
116	-	102	`$str .= "<span class=\"input-group-text\"><i class=\"material-icons\">search</i></span>";`
52	-	103	`$str .= "</div>";`
120	-	104	`$str .= "<input type=\"text\" class=\"form-control\" id=\"tableFilter\" placeholder=\"Search for..\" aria-label=\"Search for entry\" />";`
52	-	105	`$str .= "<div class=\"input-group-append\" id=\"tableFilterButton\">";`
120	-	106	`$str .= "<button id=\"tableFilterReset\" type=\"button\" class=\"btn rounded\"><i class=\"material-icons\">cancel_presentation</i></button>";`
52	-	107	`$str .= "</div>";`
120	-	108	`$str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';`
		109	`$str .= 'document.addEventListener("DOMContentLoaded", function() {';`
		110	`$str .= ' document.getElementById("tableFilter").addEventListener("keyup", function() {';`
		111	`$str .= ' filterWishlist();';`
		112	`$str .= ' });';`
		113	`$str .= ' document.getElementById("tableFilterReset").addEventListener("click", function() {';`
		114	`$str .= ' document.getElementById("tableFilter").value = "";';`
		115	`$str .= ' filterWishlist();';`
		116	`$str .= ' });';`
		117	`$str .= '});';`
		118	`$str .= '</script>';`
52	-	119	`$str .= "</div>";`
		120
61	-	121	`$str .= "<form method=\"post\" action=\"/index.php\">";`
116	-	122	`$str .= "<input type=\"hidden\" name=\"sessionTab\" value=\"" . MySessionHandler::getSessionTab() . "\" />";`
		123	`$str .= "<input id=\"discogsTitle\" type=\"hidden\" name=\"discogsTitle\" value=\"\" />";`
		124	`$str .= "<input id=\"discogsArtist\" type=\"hidden\" name=\"discogsArtist\" value=\"\" />";`
		125	`$str .= "<input id=\"discogsBarcode\" type=\"hidden\" name=\"discogsBarcode\" value=\"\" />";`
122	-	126	`$str .= "<input type=\"hidden\" name=\"nonce\" value=\"" . $_SESSION["nonce"] . "\" />";`
81	-	127	`$str .= "<div class=\"table\">";`
124	-	128	`$str .= "<table id=\"wishlistTable\" class=\"table table-striped table-condensed table-hover small\">";`
81	-	129	`$str .= "<thead class=\"thead-dark table-header-sticky\">";`
124	-	130	`$str .= "<tr>";`
		131	`$str .= "<th class=\"hide-medium\"></th>";`
		132	`$str .= "<th id=\"sortColumn1\" class=\"text-left cursor-pointer\"><span class=\"nowrap\">Artist<span class=\"d-block d-md-none\"><br></span><i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
		133	`$str .= "<th id=\"sortColumn2\" class=\"text-left cursor-pointer\"><span class=\"text-nowrap\">Title<span class=\"d-block d-md-none\"><br></span><i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
120	-	134	`$str .= "<th id=\"sortColumn3\" class=\"d-none\"></th>";`
121	-	135	`$str .= "<th id=\"sortColumn4\" class=\"cursor-pointer hide-medium hide-small\"><span class=\"text-nowrap\">Barcode <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
		136	`$str .= "<th id=\"sortColumn5\" class=\"cursor-pointer hide-small\"><span class=\"text-nowrap\">Condition <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
		137	`$str .= "<th id=\"sortColumn6\" class=\"cursor-pointer hide-small\"><span class=\"text-nowrap\">Format <i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
65	-	138	`$str .= "<th class=\"d-none\">Ceiling Price Number</th>";`
124	-	139	`$str .= "<th id=\"sortColumn7\" class=\"cursor-pointer\"><span class=\"text-nowrap\">Price<span class=\"d-block d-md-none\"><br></span><i class=\"material-icons material-text material-nrm\">arrow_drop_up</i><i class=\"material-icons material-text material-nlm\">arrow_drop_down</i></span></th>";`
65	-	140	`$str .= "<th></th><th class=\"d-none\"></th></tr></thead>";`
120	-	141	`$str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';`
		142	`$str .= 'document.addEventListener("DOMContentLoaded", function() {';`
		143	`$str .= ' document.getElementById("sortColumn1").addEventListener("click", function() {';`
		144	`$str .= ' sortTable("wishlistTable", 1, "text");';`
		145	`$str .= ' });';`
		146	`$str .= ' document.getElementById("sortColumn2").addEventListener("click", function() {';`
		147	`$str .= ' sortTable("wishlistTable", 2, "text");';`
		148	`$str .= ' });';`
		149	`$str .= ' document.getElementById("sortColumn4").addEventListener("click", function() {';`
		150	`$str .= ' sortTable("wishlistTable", 4, "text");';`
		151	`$str .= ' });';`
		152	`$str .= ' document.getElementById("sortColumn5").addEventListener("click", function() {';`
		153	`$str .= ' sortTable("wishlistTable", 5, "text");';`
		154	`$str .= ' });';`
		155	`$str .= ' document.getElementById("sortColumn6").addEventListener("click", function() {';`
		156	`$str .= ' sortTable("wishlistTable", 6, "text");';`
		157	`$str .= ' });';`
		158	`$str .= ' document.getElementById("sortColumn7").addEventListener("click", function() {';`
		159	`$str .= ' sortTable("wishlistTable", 7, "numeric");';`
		160	`$str .= ' });';`
		161	`$str .= '});';`
		162	`$str .= '</script>';`
65	-	163	`$str .= "<tbody>";`
46	-	164
65	-	165	`while ($row = mysqli_fetch_assoc($result)) {`
125	-	166	`$artist = (empty($row["artist"]) ? "Various" : htmlentities($row["artist"]));`
		167	`$altText = "Image for " . htmlentities($row['title']) . " by " . $artist;`
46	-	168	`$price = print_monetary($row['price'], $row['currency']);`
125	-	169	`$searchTitle = 'Searching for:<br><br><strong>' . htmlentities($row['title']) . " by " . $artist;`
50	-	170	`if ($row['barcode'] !== null) {`
		171	`$searchTitle .= " (" . displayBarcode($row['barcode']) . ")";`
		172	`}`
52	-	173	`$searchTitle .= "</strong>";`
47	-	174
124	-	175	`$str .= "<tr class=\"border\">";`
		176	`$str .= "<td class=\"hide-medium wl-img\"><img class=\"img-fluid lazyload\" src=\"data:image/png;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs=\" data-src=\"" . $row["thumbnail"] . "\" alt=\"" . $altText . "\" /></td>";`
65	-	177	`$str .= "<td>$artist</td>";`
125	-	178	`$str .= "<td>" . htmlentities($row['title']) . "</td>";`
65	-	179	`$str .= "<td class=\"d-none\">" . $row['barcode'] . "</td>";`
121	-	180	`$str .= "<td class=\"hide-medium hide-small\">" . displayBarcode($row['barcode']) . "</td>";`
		181	`$str .= "<td class=\"hide-small\">" . $row['cond'] . "</td>";`
		182	`$str .= "<td class=\"hide-small\">" . $row['format'] . "</td>";`
65	-	183	`$str .= "<td class=\"d-none\">" . $row['price'] . "</td>";`
		184	`$str .= "<td>" . $price . "</td>";`
124	-	185	`$str .= "<td><span class=\"text-nowrap\"><button id=\"wlEditBtn" . $row['id'] . "\" class=\"btn btn-sm btn-warning rounded px-1\" type=\"button\" data-toggle=\"tooltip\" title=\"Edit\" aria-label=\"Edit Entry\"><i class=\"material-icons\">edit</i></button>";`
		186	`$str .= " ";`
		187	`$str .= "<button id=\"wlDeleteBtn" . $row['id'] . "\" class=\"btn btn-sm btn-danger rounded px-1\" type=\"button\" data-toggle=\"tooltip\" title=\"Delete\" aria-label=\"Delete Entry\"><i class=\"material-icons\">cancel_presentation</i></button>";`
		188	`$str .= " ";`
		189	`$str .= "<a class=\"btn btn-sm btn-info rounded px-1 hide-small\" role=\"button\" data-toggle=\"tooltip\" title=\"Information\" aria-label=\"Information for Entry\" href=\"" . htmlentities($row['url']) . "\" target=\"_blank\" rel=\"noreferrer noopener\"><i class=\"material-icons\">info_outline</i></a>";`
		190	`$str .= " ";`
		191	`$str .= "<button id=\"wlSearchBtn" . $row['id'] . "\" type=\"submit\" name=\"submit\" value=\"discogsSearch\" class=\"btn btn-sm btn-success rounded px-1\"><i class=\"material-icons\" title=\"Search for Store Offers\" aria-label=\"Search Store Offers for Entry\" data-toggle=\"tooltip\">search</i></button></span></td>";`
65	-	192	`$str .= "<td class=\"d-none\" id=\"wlIdRow" . $row['id'] . "\"></td>";`
52	-	193
120	-	194	`$str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';`
		195	`$str .= 'document.addEventListener("DOMContentLoaded", function() {';`
		196	`$str .= ' document.getElementById("wlEditBtn' . $row['id'] . '").addEventListener("click", function() {';`
		197	`$str .= ' editWishlist("' . $row["id"] . '", document.getElementById("wlEditBtn' . $row['id'] . '"));';`
		198	`$str .= ' });';`
		199	`$str .= ' document.getElementById("wlDeleteBtn' . $row['id'] . '").addEventListener("click", function() {';`
125	-	200	`$str .= ' deleteWishlist("' . $row["id"] . '", document.getElementById("wlDeleteBtn' . $row['id'] . '"),"' . htmlentities($row['title']) . '","' . htmlentities($artist) . '");';`
120	-	201	`$str .= ' });';`
		202	`$str .= ' document.getElementById("wlSearchBtn' . $row['id'] . '").addEventListener("click", function() {';`
		203	`$str .= ' document.getElementById("discogsTitle").value = "' . sanitizeInput2($row["title"]) . '";';`
		204	`$str .= ' document.getElementById("discogsArtist").value = "' . sanitizeInput2($row['artist']) . '";';`
		205	`$str .= ' document.getElementById("discogsBarcode").value = "' . sanitizeInput2($row['barcode']) . '";';`
		206	`$str .= ' progressBar("' . $searchTitle . '");';`
		207	`$str .= ' });';`
		208	`$str .= '});';`
		209	`$str .= '</script>';`
		210
65	-	211	`$str .= "</tr>";`
46	-	212	`}`
52	-	213
46	-	214	`$str .= "</tbody>";`
		215	`$str .= "</table>";`
58	-	216	`$str .= "</div>";`
61	-	217	`$str .= "</form>";`
52	-	218
65	-	219	`$str .= '<div class="modal fade" id="editWishlistModal">';`
		220	`$str .= ' <div class="modal-dialog">';`
		221	`$str .= ' <div class="modal-content">';`
124	-	222	`$str .= ' <div class="modal-header bg-secondary">';`
109	-	223	`$str .= ' <p class="modal-title display-6">Edit Wishlist Entry</p>';`
65	-	224	`$str .= ' </div>';`
		225	`$str .= ' <span class="mt-0" id="wlMsg"></span>';`
116	-	226	`$str .= ' <input type="hidden" name="sessionTab" value="' . MySessionHandler::getSessionTab() . '" />';`
		227	`$str .= ' <input type="hidden" name="wlId" id="wlId" />';`
65	-	228	`$str .= ' <div class="modal-body">';`
		229	`$str .= ' <div class="form-group">';`
		230	`$str .= ' <label for="wlArtist">Artist:</label>';`
116	-	231	`$str .= ' <input type="text" class="form-control" id="wlArtist" />';`
65	-	232	`$str .= ' </div>';`
		233	`$str .= ' <div class="form-group">';`
		234	`$str .= ' <label for="wlTitle">Title:</label>';`
116	-	235	`$str .= ' <input type="text" class="form-control" id="wlTitle" />';`
65	-	236	`$str .= ' </div>';`
		237	`$str .= ' <div class="form-group">';`
		238	`$str .= ' <label for="wlBarcode">Barcode:</label>';`
116	-	239	`$str .= ' <input type="text" class="form-control" id="wlBarcode" />';`
65	-	240	`$str .= ' </div>';`
		241	`$str .= ' <div class="form-group">';`
73	-	242	`$str .= ' <label for="wlCond">Condition:</label>';`
		243	`$str .= ' <select class="form-control" id="wlCond">';`
		244	`$str .= ' <option>Any</option>';`
		245	`$str .= ' <option>New</option>';`
		246	`$str .= ' <option>Used</option>';`
		247	`$str .= ' </select>';`
		248	`$str .= ' </div>';`
		249	`$str .= ' <div class="form-group">';`
65	-	250	`$str .= ' <label for="wlFormat">Format:</label>';`
		251	`$str .= ' <select class="form-control" id="wlFormat">';`
		252	`$str .= ' <option>Any</option>';`
		253	`$str .= ' <option>CD</option>';`
		254	`$str .= ' <option>Record</option>';`
		255	`$str .= ' <option>Digital</option>';`
		256	`$str .= ' <option>Book</option>';`
		257	`$str .= ' </select>';`
		258	`$str .= ' </div>';`
		259	`$str .= ' <div class="form-group">';`
		260	`$str .= ' <label for="wlPrice">Ceiling Price:</label>';`
116	-	261	`$str .= ' <input type="text" class="form-control" id="wlPrice" />';`
65	-	262	`$str .= ' </div>';`
		263	`$str .= ' </div>';`
124	-	264	`$str .= ' <div class="modal-footer bg-secondary">';`
120	-	265	`$str .= ' <button id="saveEditedWl" type="button" class="btn btn-success" name="submit" value="Save">Save</button>';`
		266	`$str .= '<script nonce="' . base64_encode($_SESSION["nonce"]) .'">';`
		267	`$str .= 'document.addEventListener("DOMContentLoaded", function() {';`
		268	`$str .= ' document.getElementById("saveEditedWl").addEventListener("click", function() {';`
		269	`$str .= ' saveEditedWishlist();';`
		270	`$str .= ' });';`
		271	`$str .= '});';`
		272	`$str .= '</script>';`
65	-	273	`$str .= ' <button type="button" class="btn btn-danger" data-dismiss="modal">Cancel</button>';`
		274	`$str .= ' </div>';`
		275	`$str .= ' </div>';`
		276	`$str .= ' </div>';`
		277	`$str .= '</div>';`
		278	`$str .= '</div>';`
		279	`}`
		280	`else {`
116	-	281	`$str .= "<div class=\"container bg-warning text-center py-3\"><p class=\"display-6\"><i class=\"material-icons\">bookmark</i> Your wishlist is currently empty. Add matching albums from the search results.</p></div>";`
46	-	282	`}`
		283	`}`
65	-	284	`else if (mysqli_errno($conn)) {`
		285	`error_log("MySQL Read Wishlist SQL: " . $sql);`
		286	`error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		287	`}`
46	-	288
		289	`return $str;`
52	-	290	`}`
		291
		292	`function deleteWishlist($uid, $id) {`
		293	`$conn = MySessionHandler::getDBSessionId();`
		294
		295	`$id = mysqli_real_escape_string($conn, $id);`
		296	`$uid = mysqli_real_escape_string($conn, $uid);`
		297
		298	`$sql = "DELETE FROM wishlist WHERE id = $id AND uid = $uid;";`
		299
		300	`if (!($result = mysqli_query($conn, $sql))) {`
65	-	301	`error_log("MySQL Delete Wishlist SQL: " . $sql);`
		302	`error_log("MySQL Delete Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		303	`return -1;`
52	-	304	`}`
		305
		306	`return 0;`
		307	`}`
		308
		309	`function updateWishlist($uid, $wlArr) {`
		310	`$nul = 'NULL';`
		311	`$conn = MySessionHandler::getDBSessionId();`
		312
		313	`$modified = mysqli_real_escape_string($conn, time());`
		314
		315	`$id = (empty($wlArr['id']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['id']) . "'");`
		316	`$uid = mysqli_real_escape_string($conn, $uid);`
		317	`$barcode = (empty($wlArr['barcode']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['barcode']) . "'");`
		318	`$title = isset($wlArr['title']) ? "'" . mysqli_real_escape_string($conn, $wlArr['title']) . "'" : "NULL";`
		319	`$artist = isset($wlArr['artist']) ? "'" . mysqli_real_escape_string($conn, $wlArr['artist']) . "'" : "NULL";`
73	-	320	`$cond = isset($wlArr['cond']) ? mysqli_real_escape_string($conn, $wlArr['cond']) : "Any";`
52	-	321	`$format = isset($wlArr['format']) ? mysqli_real_escape_string($conn, $wlArr['format']) : "Any";`
		322	`$currency = 'USD'; //bugbug`
		323	`$price = isset($wlArr['price']) ? "'" . mysqli_real_escape_string($conn, $wlArr['price']) . "'" : "NULL";`
		324
		325	`$sql = "UPDATE wishlist`
73	-	326	`SET modified='$modified', barcode=" . $barcode . ", title=" . $title . ", artist=" . $artist . ", cond='$cond', format='$format', price=" . $price . "`
52	-	327	`WHERE id=$id and uid=$uid";`
		328
		329	`if ($result = mysqli_query($conn, $sql)) {`
		330	`return 0;`
65	-	331	`}`
		332	`else {`
52	-	333	`error_log("MySQL Update Wishlist SQL: " . $sql);`
		334	`error_log("MySQL Update Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		335	`return -1;`
		336	`}`
		337
		338	`return -1;`
		339	`}`
73	-	340
		341	`function unsubscribeWishlist($arr) {`
116	-	342	`if (empty($arr['id']) \|\| empty($arr['email'])) {`
		343	`return "";`
		344	`}`
73	-	345	`$conn = MySessionHandler::getDBSessionId();`
		346
		347	`$modified = mysqli_real_escape_string($conn, time());`
		348
		349	`$id = mysqli_real_escape_string($conn, $arr['id']);`
		350	`$email = mysqli_real_escape_string($conn, $arr['email']);`
		351
		352	`$sql = "UPDATE users`
		353	`SET wlEmailFlag = '0'`
		354	`WHERE id=$id and email='$email'";`
		355
		356	`if (!($result = mysqli_query($conn, $sql))) {`
		357	`error_log("MySQL Update Wishlist SQL: " . $sql);`
		358	`error_log("MySQL Update Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		359	`}`
		360
		361	`$str = "<div class=\"container text-center bg-warning p-3 rounded\">";`
		362	`$str .= "<p class=\"display-6 font-weight-bold\">The wishlist price check emails for " . $email . " have been turned off</p>";`
		363	`$str .= "<p>You can reinstate the emails at any time by setting the option 'Email Price Checks' for your account back to 'Yes'.</p>";`
		364	`$str .= "</div>";`
		365
		366	`return $str;`
		367	`}`
78	-	368
		369	`function checkPriceMonitor() {`
		370	`if (empty($_SESSION['sessData']['userID'])) {`
		371	`unset($_SESSION['priceMonitor']);`
		372	`return -1;`
		373	`}`
		374
		375	`$conn = MySessionHandler::getDBSessionId();`
		376
		377	`$uid = $_SESSION['sessData']['userID'];`
		378
		379	`$sql = "SELECT created, access`
		380	`FROM pricemonitor`
		381	`WHERE userId = '$uid'";`
		382
		383	`if ($result = mysqli_query($conn, $sql)) {`
		384	`if (mysqli_num_rows($result) > 0) {`
		385	`if ($row = mysqli_fetch_assoc($result)) {`
		386	`$_SESSION['priceMonitor']['created'] = $row['created'];`
		387	`$_SESSION['priceMonitor']['access'] = $row['access'];`
110	-	388	`if ($_SESSION['priceMonitor']['created'] > $_SESSION['priceMonitor']['access']) {`
79	-	389	`$_SESSION['priceMonitor']['newFlag'] = true;`
		390	`} else {`
		391	`$_SESSION['priceMonitor']['newFlag'] = false;`
		392	`}`
78	-	393
		394	`return 0;`
		395	`}`
		396	`}`
		397	`}`
		398	`else if (mysqli_errno($conn)) {`
		399	`error_log("MySQL Read Price Monitor SQL: " . $sql);`
		400	`error_log("MySQL Read Price Monitor Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		401	`}`
		402
		403	`return -1;`
		404	`}`
		405
		406
		407	`function getPriceMonitor() {`
107	-	408	`if (!isLoggedIn()) {`
116	-	409	`return ('<div class="container bg-warning text-center py-3"><p class="display-6"><i class="material-icons">error_outline</i> Please login to your Find Cheap Music account in order to see the price monitor results.</p></div>');`
107	-	410	`}`
		411
78	-	412	`$conn = MySessionHandler::getDBSessionId();`
		413
		414	`$uid = $_SESSION['sessData']['userID'];`
		415
		416	`$sql = "SELECT data`
		417	`FROM pricemonitor`
		418	`WHERE userId = '$uid'";`
		419
		420	`if ($result = mysqli_query($conn, $sql)) {`
		421	`if (mysqli_num_rows($result) > 0) {`
		422	`if ($row = mysqli_fetch_assoc($result)) {`
		423	`$access = mysqli_real_escape_string($conn, time());`
		424	`$sql = "UPDATE pricemonitor`
		425	`SET access = $access`
		426	`WHERE userId = '$uid'";`
		427	`if (!($result = mysqli_query($conn, $sql))) {`
		428	`error_log("MySQL Update Price Monitor SQL: " . $sql);`
		429	`error_log("MySQL Update Price Monitor Error: " . mysqli_error($conn) . " (" . $error . ")");`
		430	`}`
		431
121	-	432	`$html = gzdecode(base64_decode($row['data']));`
		433	`$html = str_replace(base64_encode("xxxNONCExxx"), base64_encode($_SESSION["nonce"]), $html);`
		434	`return ($html);`
78	-	435	`}`
		436	`}`
		437	`}`
		438	`else if (mysqli_errno($conn)) {`
		439	`error_log("MySQL Read Price Monitor SQL: " . $sql);`
		440	`error_log("MySQL Read Price Monitor Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		441	`}`
		442
116	-	443	`return ('<div class="container bg-warning text-center py-3"><p class="display-6"><i class="material-icons">bookmark</i> Your price monitor list is currently empty.</p></div>');`
78	-	444	`}`

Subversion Repositories cheapmusic

(root)/www/php/wishlist.php – Rev 125