WebSVN – cheapmusic – Blame – /www/php/wishlist.php

Rev	Author	Line No.	Line
45	-	1	`<?php`
		2	`include_once('php/clsLibGTIN.php');`
		3	`include_once('php/constants.php');`
		4
		5	`error_reporting(E_ALL);`
		6
		7	`// add new entry to wishlist`
52	-	8	`function addWishlist($uid, $wlArr) {`
50	-	9	`$nul = 'NULL';`
45	-	10	`$conn = MySessionHandler::getDBSessionId();`
		11
		12	`$created = mysqli_real_escape_string($conn, time());`
		13	`$modified = $created;`
		14
52	-	15	`$uid = mysqli_real_escape_string($conn, $uid);`
		16	`$mid = isset($wlArr->{'mid'}) ? mysqli_real_escape_string($conn, $wlArr->{'mid'}) : "";`
		17	`$rid = isset($wlArr->{'rid'}) ? mysqli_real_escape_string($conn, $wlArr->{'rid'}) : "";`
50	-	18	`$barcode = (empty($wlArr->{'barcode'}) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr->{'barcode'}) . "'");`
		19	`$title = isset($wlArr->{'title'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'title'}) . "'" : "NULL";`
		20	`$artist = isset($wlArr->{'artist'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'artist'}) . "'" : "NULL";`
45	-	21	`$format = 'Any';`
46	-	22	`$currency = 'USD'; //bugbug`
45	-	23	`$price = 'NULL';`
50	-	24	`$url = isset($wlArr->{'url'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'url'}) . "'" : "NULL";`
		25	`$thumbnail = isset($wlArr->{'thumbnail'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'thumbnail'}) . "'" : "NULL";`
45	-	26
		27	`$sql = "INSERT`
		28	`INTO wishlist`
50	-	29	`(id, created, modified, uid, mid, rid, barcode, title, artist, format, currency, price, url, thumbnail)`
52	-	30	`VALUES (NULL, '$created', '$modified', '$uid', '$mid', '$rid', " . $barcode . ", " . $title . ", " . $artist . ", '$format', '$currency', '$price', " . $url . ", " . $thumbnail . ")";`
45	-	31
		32	`if ($result = mysqli_query($conn, $sql)) {`
52	-	33	`return 0;`
45	-	34	`} else {`
		35	`$error = mysqli_errno($conn);`
		36	`if ($error == 1062) {`
52	-	37	`return 1;`
45	-	38	`} else {`
		39	`error_log("MySQL Read Wishlist SQL: " . $sql);`
52	-	40	`error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		41	`return -1;`
45	-	42	`}`
		43	`}`
		44
52	-	45	`return -1;`
45	-	46	`}`
		47
46	-	48	`function checkWishlist($type, $id) {`
45	-	49	`$conn = MySessionHandler::getDBSessionId();`
		50
52	-	51	`$uid = mysqli_real_escape_string($conn, $_SESSION['sessData']['userID']);`
45	-	52
		53	`$sql = "SELECT id`
		54	`FROM wishlist`
46	-	55	`WHERE uid = '$uid' and " . ($type == "master" ? "mid" : "rid") . " = '$id'";`
45	-	56
		57	`if ($result = mysqli_query($conn, $sql)) {`
		58	`if (mysqli_num_rows($result) > 0) {`
		59	`return true;`
		60	`}`
		61	`} else if (mysqli_errno($conn)) {`
52	-	62	`error_log("MySQL Check Wishlist SQL: " . $sql);`
		63	`error_log("MySQL Check Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
45	-	64	`return true;`
		65	`}`
		66
		67	`return false;`
46	-	68	`}`
		69
		70	`function getWishlist() {`
		71	`$str = '';`
		72	`$conn = MySessionHandler::getDBSessionId();`
		73
		74	`$uid = $_SESSION['sessData']['userID'];`
		75
		76	`$sql = "SELECT *`
		77	`FROM wishlist`
		78	`WHERE uid = '$uid'";`
		79
		80	`if ($result = mysqli_query($conn, $sql)) {`
		81	`if (mysqli_num_rows($result) > 0) {`
58	-	82	`$str .= "<div class=\"container\">";`
52	-	83	`$str .= "<div class=\"input-group mt-3\">";`
		84	`$str .= "<div class=\"input-group-prepend\">";`
		85	`$str .= "<span class=\"input-group-text\"><i class=\"fas fa-search\"></i></span>";`
		86	`$str .= "</div>";`
		87	`$str .= "<input type=\"text\" class=\"form-control\" id=\"tableFilter\" onkeyup=\"filterWishlist();\" placeholder=\"Search for names..\">";`
		88	`$str .= "<div class=\"input-group-append\" id=\"tableFilterButton\">";`
		89	`$str .= "<button type=\"button\" class=\"btn rounded\" onclick=\"document.getElementById('tableFilter').value='';filterWishlist();\"><i class=\"fas fa-window-close\"></i></button>";`
		90	`$str .= "</div>";`
		91	`$str .= "</div>";`
		92
58	-	93	`$str .= "<div class=\"table-responsive\">";`
46	-	94	`$str .= "<table id=\"wishlistTable\" class=\"table table-striped table-condensed small\">";`
		95	`$str .= "<thead class=\"thead-dark sticky-top\">";`
52	-	96	`$str .= "<tr><th></th>";`
58	-	97	`$str .= "<th class=\"text-left cursor-pointer\" onclick=\"sortTable('wishlistTable', 1, 'text')\"><span class=\"nowrap\">Artist <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
		98	`$str .= "<th class=\"text-left cursor-pointer\" onclick=\"sortTable('wishlistTable', 2, 'text')\"><span class=\"text-nowrap\">Title <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
		99	`$str .= "<th class=\"d-none\"></th>";`
		100	`$str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 4, 'text')\"><span class=\"text-nowrap\">Barcode <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
		101	`$str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 5, 'text')\"><span class=\"text-nowrap\">Format <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
46	-	102	`$str .= "<th class=\"d-none\">Ceiling Price Number</th>";`
58	-	103	`$str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 6, 'currency')\"><span class=\"text-nowrap\">Price <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
		104	`$str .= "<th></th><th class=\"d-none\"></th></tr></thead>";`
46	-	105	`$str .= "<tbody>";`
		106
		107	`while($row = mysqli_fetch_assoc($result)) {`
52	-	108	`$artist = (empty($row["artist"]) ? "Various" : sanitizeInput2($row["artist"]));`
		109	`$altText = "Image for " . sanitizeInput2($row['title']) . " by " . $artist;`
46	-	110	`$price = print_monetary($row['price'], $row['currency']);`
52	-	111	`$searchTitle = 'Searching for:<br><br><strong>' . sanitizeInput2($row['title']) . " by " . $artist;`
50	-	112	`if ($row['barcode'] !== null) {`
		113	`$searchTitle .= " (" . displayBarcode($row['barcode']) . ")";`
		114	`}`
52	-	115	`$searchTitle .= "</strong>";`
47	-	116
		117	`$str .= "<form method=\"post\" action=\"/index.php\">";`
		118	`$str .= " <input type=\"hidden\" name=\"sessionTab\" value=\"" . MySessionHandler::getSessionTab() . "\">";`
52	-	119	`$str .= " <input type=\"hidden\" name=\"discogsTitle\" value=\"" . sanitizeInput2($row['title']) . "\">";`
		120	`$str .= " <input type=\"hidden\" name=\"discogsArtist\" value=\"" . sanitizeInput2($row['artist']) . "\">";`
50	-	121	`$str .= " <input type=\"hidden\" name=\"discogsBarcode\" value=\"" . $row['barcode'] . "\">";`
52	-	122
46	-	123	`$str .= "<tr>";`
47	-	124	`$str .= "<td><img class=\"img-fluid wishlist-img\" src=\"" . $row["thumbnail"] . "\" alt=\"$altText\"></td>";`
46	-	125	`$str .= "<td>$artist</td>";`
		126	`$str .= "<td>" . $row['title'] . "</td>";`
52	-	127	`$str .= "<td class=\"d-none\">" . $row['barcode'] . "</td>";`
50	-	128	`$str .= "<td>" . displayBarcode($row['barcode']) . "</td>";`
46	-	129	`$str .= "<td>" . $row['format'] . "</td>";`
		130	`$str .= "<td class=\"d-none\">" . $row['price'] . "</td>";`
		131	`$str .= "<td>" . $price . "</td>";`
58	-	132	`$str .= "<td><span class=\"text-nowrap\"><button class=\"btn rounded btn-wishlist\" type=\"button\" onclick=\"editWishlist('" . $row["id"] . "',this); return true;\" data-toggle=\"tooltip\" title=\"Edit\"><i class=\"fas fa-edit\"></i></button>";`
52	-	133	`$str .= "<button class=\"btn rounded btn-wishlist\" type=\"button\" onclick=\"deleteWishlist('" . $row["id"] . "',this,'" . sanitizeInput2($row['title']) . "','" . $artist . "'); return true;\" data-toggle=\"tooltip\" title=\"Delete\"><i class=\"fas fa-window-close btn-wishlist-delete\"></i></button>";`
		134	`$str .= "<button class=\"btn rounded btn-wishlist\" type=\"button\" data-toggle=\"tooltip\" title=\"Information\"><a href=\"" . $row['url'] . "\" target=\"_blank\"><i class=\"fas fa-info-circle\"></i></a></button>";`
58	-	135	`$str .= "<button type=\"submit\" name=\"submit\" value=\"discogsSearch\" class=\"btn rounded btn-wishlist\" onclick=\"progressBar('" . sanitizeInput2($searchTitle) . "');\"><i class=\"fas fa-search\" title=\"Search for Sales Offers\" data-toggle=\"tooltip\"></i></button></span></td>";`
52	-	136	`$str .= "<td class=\"d-none\" id=\"wlIdRow" . $row['id'] . "\"></td>";`
		137
46	-	138	`$str .= "</tr>";`
47	-	139	`$str .= "</form>";`
46	-	140	`}`
52	-	141
46	-	142	`$str .= "</tbody>";`
		143	`$str .= "</table>";`
58	-	144	`$str .= "</div>";`
52	-	145
		146	`$str .= '<div class="modal fade" id="editWishlistModal">';`
		147	`$str .= ' <div class="modal-dialog">';`
		148	`$str .= ' <div class="modal-content">';`
		149	`$str .= ' <div class="modal-header bg-primary">';`
		150	`$str .= ' <h4 class="modal-title">Edit Wishlist Entry</h4>';`
		151	`$str .= ' </div>';`
		152	`$str .= ' <span class="mt-0" id="wlMsg"></span>';`
		153	`$str .= ' <input type="hidden" name="sessionTab" value="' . MySessionHandler::getSessionTab() . '">';`
		154	`$str .= ' <input type="hidden" name="wlId" id="wlId">';`
		155	`$str .= ' <div class="modal-body">';`
		156	`$str .= ' <div class="form-group">';`
		157	`$str .= ' <label for="wlArtist">Artist:</label>';`
		158	`$str .= ' <input type="text" class="form-control" id="wlArtist">';`
		159	`$str .= ' </div>';`
		160	`$str .= ' <div class="form-group">';`
		161	`$str .= ' <label for="wlTitle">Title:</label>';`
		162	`$str .= ' <input type="text" class="form-control" id="wlTitle">';`
		163	`$str .= ' </div>';`
		164	`$str .= ' <div class="form-group">';`
		165	`$str .= ' <label for="wlBarcode">Barcode:</label>';`
		166	`$str .= ' <input type="text" class="form-control" id="wlBarcode">';`
		167	`$str .= ' </div>';`
		168	`$str .= ' <div class="form-group">';`
		169	`$str .= ' <label for="wlFormat">Format:</label>';`
		170	`$str .= ' <select class="form-control" id="wlFormat">';`
		171	`$str .= ' <option>Any</option>';`
		172	`$str .= ' <option>CD</option>';`
		173	`$str .= ' <option>Record</option>';`
		174	`$str .= ' <option>Digital</option>';`
		175	`$str .= ' <option>Book</option>';`
		176	`$str .= ' </select>';`
		177	`$str .= ' </div>';`
		178	`$str .= ' <div class="form-group">';`
		179	`$str .= ' <label for="wlPrice">Ceiling Price:</label>';`
		180	`$str .= ' <input type="text" class="form-control" id="wlPrice">';`
		181	`$str .= ' </div>';`
		182	`$str .= ' </div>';`
		183	`$str .= ' <div class="modal-footer bg-primary">';`
		184	`$str .= ' <button type="button" class="btn btn-success" name="submit" value="Save" onclick="saveEditedWishlist(); return true;">Save</button>';`
		185	`$str .= ' <button type="button" class="btn btn-danger" data-dismiss="modal">Cancel</button>';`
		186	`$str .= ' </div>';`
		187	`$str .= ' </div>';`
		188	`$str .= ' </div>';`
		189	`$str .= '</div>';`
58	-	190	`$str .= '</div>';`
52	-	191	`} else {`
58	-	192	`$str .= "<div class=\"container bg-warning text-center py-3\"><h3><i class=\"fas fa-bookmark\"></i> Your wishlist is currently empty. Add matching albums from the search results.</h3></div>";`
46	-	193	`}`
		194	`} else if (mysqli_errno($conn)) {`
		195	`error_log("MySQL Read Wishlist SQL: " . $sql);`
		196	`error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		197	`}`
		198
		199	`return $str;`
52	-	200	`}`
		201
		202	`function deleteWishlist($uid, $id) {`
		203	`$conn = MySessionHandler::getDBSessionId();`
		204
		205	`$id = mysqli_real_escape_string($conn, $id);`
		206	`$uid = mysqli_real_escape_string($conn, $uid);`
		207
		208	`$sql = "DELETE FROM wishlist WHERE id = $id AND uid = $uid;";`
		209
		210	`if (!($result = mysqli_query($conn, $sql))) {`
		211	`error_log("MySQL Delete Wishlist SQL: " . $sql);`
		212	`error_log("MySQL Delete Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		213	`return -1;`
		214	`}`
		215
		216	`return 0;`
		217	`}`
		218
		219	`function updateWishlist($uid, $wlArr) {`
		220	`$nul = 'NULL';`
		221	`$conn = MySessionHandler::getDBSessionId();`
		222
		223	`$modified = mysqli_real_escape_string($conn, time());`
		224
		225	`$id = (empty($wlArr['id']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['id']) . "'");`
		226	`$uid = mysqli_real_escape_string($conn, $uid);`
		227	`$barcode = (empty($wlArr['barcode']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['barcode']) . "'");`
		228	`$title = isset($wlArr['title']) ? "'" . mysqli_real_escape_string($conn, $wlArr['title']) . "'" : "NULL";`
		229	`$artist = isset($wlArr['artist']) ? "'" . mysqli_real_escape_string($conn, $wlArr['artist']) . "'" : "NULL";`
		230	`$format = isset($wlArr['format']) ? mysqli_real_escape_string($conn, $wlArr['format']) : "Any";`
		231	`$currency = 'USD'; //bugbug`
		232	`$price = isset($wlArr['price']) ? "'" . mysqli_real_escape_string($conn, $wlArr['price']) . "'" : "NULL";`
		233
		234	`$sql = "UPDATE wishlist`
		235	`SET modified='$modified', barcode=" . $barcode . ", title=" . $title . ", artist=" . $artist . ", format='$format', price=" . $price . "`
		236	`WHERE id=$id and uid=$uid";`
		237
		238	`if ($result = mysqli_query($conn, $sql)) {`
		239	`return 0;`
		240	`} else {`
		241	`error_log("MySQL Update Wishlist SQL: " . $sql);`
		242	`error_log("MySQL Update Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		243	`return -1;`
		244	`}`
		245
		246	`return -1;`
		247	`}`

Subversion Repositories cheapmusic

(root)/www/php/wishlist.php – Rev 58