WebSVN – cheapmusic – Blame – /www/php/wishlist.php

Rev	Author	Line No.	Line
45	-	1	`<?php`
65	-	2	`include_once ('php/clsLibGTIN.php');`
		3	`include_once ('php/constants.php');`
45	-	4
		5	`error_reporting(E_ALL);`
		6
65	-	7	`// add new entry to wishlist`
52	-	8	`function addWishlist($uid, $wlArr) {`
50	-	9	`$nul = 'NULL';`
45	-	10	`$conn = MySessionHandler::getDBSessionId();`
		11
		12	`$created = mysqli_real_escape_string($conn, time());`
		13	`$modified = $created;`
		14
52	-	15	`$uid = mysqli_real_escape_string($conn, $uid);`
		16	`$mid = isset($wlArr->{'mid'}) ? mysqli_real_escape_string($conn, $wlArr->{'mid'}) : "";`
		17	`$rid = isset($wlArr->{'rid'}) ? mysqli_real_escape_string($conn, $wlArr->{'rid'}) : "";`
50	-	18	`$barcode = (empty($wlArr->{'barcode'}) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr->{'barcode'}) . "'");`
		19	`$title = isset($wlArr->{'title'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'title'}) . "'" : "NULL";`
		20	`$artist = isset($wlArr->{'artist'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'artist'}) . "'" : "NULL";`
73	-	21	`$cond = 'Any';`
45	-	22	`$format = 'Any';`
46	-	23	`$currency = 'USD'; //bugbug`
45	-	24	`$price = 'NULL';`
50	-	25	`$url = isset($wlArr->{'url'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'url'}) . "'" : "NULL";`
		26	`$thumbnail = isset($wlArr->{'thumbnail'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'thumbnail'}) . "'" : "NULL";`
45	-	27
		28	`$sql = "INSERT`
		29	`INTO wishlist`
73	-	30	`(id, created, modified, uid, mid, rid, barcode, title, artist, cond, format, currency, price, url, thumbnail)`
		31	`VALUES (NULL, '$created', '$modified', '$uid', '$mid', '$rid', " . $barcode . ", " . $title . ", " . $artist . ", '$cond', '$format', '$currency', '$price', " . $url . ", " . $thumbnail . ")";`
45	-	32
		33	`if ($result = mysqli_query($conn, $sql)) {`
52	-	34	`return 0;`
65	-	35	`}`
		36	`else {`
45	-	37	`$error = mysqli_errno($conn);`
		38	`if ($error == 1062) {`
52	-	39	`return 1;`
65	-	40	`}`
		41	`else {`
45	-	42	`error_log("MySQL Read Wishlist SQL: " . $sql);`
52	-	43	`error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		44	`return -1;`
45	-	45	`}`
		46	`}`
		47
52	-	48	`return -1;`
45	-	49	`}`
		50
46	-	51	`function checkWishlist($type, $id) {`
45	-	52	`$conn = MySessionHandler::getDBSessionId();`
		53
52	-	54	`$uid = mysqli_real_escape_string($conn, $_SESSION['sessData']['userID']);`
45	-	55
		56	`$sql = "SELECT id`
		57	`FROM wishlist`
46	-	58	`WHERE uid = '$uid' and " . ($type == "master" ? "mid" : "rid") . " = '$id'";`
45	-	59
		60	`if ($result = mysqli_query($conn, $sql)) {`
		61	`if (mysqli_num_rows($result) > 0) {`
		62	`return true;`
		63	`}`
		64	`}`
65	-	65	`else if (mysqli_errno($conn)) {`
		66	`error_log("MySQL Check Wishlist SQL: " . $sql);`
		67	`error_log("MySQL Check Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		68	`return true;`
		69	`}`
45	-	70
		71	`return false;`
46	-	72	`}`
		73
		74	`function getWishlist() {`
		75	`$str = '';`
		76	`$conn = MySessionHandler::getDBSessionId();`
		77
		78	`$uid = $_SESSION['sessData']['userID'];`
		79
		80	`$sql = "SELECT *`
		81	`FROM wishlist`
		82	`WHERE uid = '$uid'";`
		83
		84	`if ($result = mysqli_query($conn, $sql)) {`
		85	`if (mysqli_num_rows($result) > 0) {`
58	-	86	`$str .= "<div class=\"container\">";`
52	-	87	`$str .= "<div class=\"input-group mt-3\">";`
		88	`$str .= "<div class=\"input-group-prepend\">";`
		89	`$str .= "<span class=\"input-group-text\"><i class=\"fas fa-search\"></i></span>";`
		90	`$str .= "</div>";`
73	-	91	`$str .= "<input type=\"text\" class=\"form-control\" id=\"tableFilter\" onkeyup=\"filterWishlist();\" placeholder=\"Search for..\">";`
52	-	92	`$str .= "<div class=\"input-group-append\" id=\"tableFilterButton\">";`
		93	`$str .= "<button type=\"button\" class=\"btn rounded\" onclick=\"document.getElementById('tableFilter').value='';filterWishlist();\"><i class=\"fas fa-window-close\"></i></button>";`
		94	`$str .= "</div>";`
		95	`$str .= "</div>";`
		96
61	-	97	`$str .= "<form method=\"post\" action=\"/index.php\">";`
		98	`$str .= "<input type=\"hidden\" name=\"sessionTab\" value=\"" . MySessionHandler::getSessionTab() . "\">";`
		99	`$str .= "<input id=\"discogsTitle\" type=\"hidden\" name=\"discogsTitle\" value=\"\">";`
		100	`$str .= "<input id=\"discogsArtist\" type=\"hidden\" name=\"discogsArtist\" value=\"\">";`
		101	`$str .= "<input id=\"discogsBarcode\" type=\"hidden\" name=\"discogsBarcode\" value=\"\">";`
58	-	102	`$str .= "<div class=\"table-responsive\">";`
68	-	103	`$str .= "<table id=\"wishlistTable\" class=\"table table-striped table-condensed table-hover small bg-info\">";`
65	-	104	`$str .= "<thead class=\"thead-dark sticky-top\">";`
		105	`$str .= "<tr><th></th>";`
		106	`$str .= "<th class=\"text-left cursor-pointer\" onclick=\"sortTable('wishlistTable', 1, 'text')\"><span class=\"nowrap\">Artist <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
		107	`$str .= "<th class=\"text-left cursor-pointer\" onclick=\"sortTable('wishlistTable', 2, 'text')\"><span class=\"text-nowrap\">Title <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
		108	`$str .= "<th class=\"d-none\"></th>";`
		109	`$str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 4, 'text')\"><span class=\"text-nowrap\">Barcode <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
73	-	110	`$str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 5, 'text')\"><span class=\"text-nowrap\">Condition <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
		111	`$str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 6, 'text')\"><span class=\"text-nowrap\">Format <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
65	-	112	`$str .= "<th class=\"d-none\">Ceiling Price Number</th>";`
73	-	113	`$str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 7, 'currency')\"><span class=\"text-nowrap\">Price <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
65	-	114	`$str .= "<th></th><th class=\"d-none\"></th></tr></thead>";`
		115	`$str .= "<tbody>";`
46	-	116
65	-	117	`while ($row = mysqli_fetch_assoc($result)) {`
52	-	118	`$artist = (empty($row["artist"]) ? "Various" : sanitizeInput2($row["artist"]));`
		119	`$altText = "Image for " . sanitizeInput2($row['title']) . " by " . $artist;`
46	-	120	`$price = print_monetary($row['price'], $row['currency']);`
52	-	121	`$searchTitle = 'Searching for:<br><br><strong>' . sanitizeInput2($row['title']) . " by " . $artist;`
50	-	122	`if ($row['barcode'] !== null) {`
		123	`$searchTitle .= " (" . displayBarcode($row['barcode']) . ")";`
		124	`}`
52	-	125	`$searchTitle .= "</strong>";`
47	-	126
46	-	127	`$str .= "<tr>";`
65	-	128	`$str .= "<td><img class=\"img-fluid wishlist-img\" src=\"" . $row["thumbnail"] . "\" alt=\"" . $altText . "\"></td>";`
		129	`$str .= "<td>$artist</td>";`
		130	`$str .= "<td>" . $row['title'] . "</td>";`
		131	`$str .= "<td class=\"d-none\">" . $row['barcode'] . "</td>";`
		132	`$str .= "<td>" . displayBarcode($row['barcode']) . "</td>";`
73	-	133	`$str .= "<td>" . $row['cond'] . "</td>";`
65	-	134	`$str .= "<td>" . $row['format'] . "</td>";`
		135	`$str .= "<td class=\"d-none\">" . $row['price'] . "</td>";`
		136	`$str .= "<td>" . $price . "</td>";`
		137	`$str .= "<td><span class=\"text-nowrap\"><button class=\"btn rounded btn-wishlist\" type=\"button\" onclick=\"editWishlist('" . $row["id"] . "',this); return true;\" data-toggle=\"tooltip\" title=\"Edit\"><i class=\"fas fa-edit\"></i></button>";`
68	-	138	`$str .= "<button class=\"btn rounded btn-wishlist\" type=\"button\" onclick=\"deleteWishlist('" . $row["id"] . "',this,'" . sanitizeInput2($row['title']) . "','" . $artist . "'); return true;\" data-toggle=\"tooltip\" title=\"Delete\"><i class=\"fas fa-window-close\"></i></button>";`
65	-	139	`$str .= "<a class=\"btn rounded btn-wishlist\" role=\"button\" data-toggle=\"tooltip\" title=\"Information\" href=\"" . $row['url'] . "\" target=\"_blank\"><i class=\"fas fa-info-circle\"></i></a>";`
61	-	140	$str .= "<button type=\"submit\" name=\"submit\" value=\"discogsSearch\" class=\"btn rounded btn-wishlist\" onclick=\"document.getElementById('discogsTitle').value = '" . sanitizeInput2($row['title']) . "';document.getElementById('discogsArtist').value = '" . sanitizeInput2($row['artist']) . "';document.getElementById('discogsBarcode').value = '" . sanitizeInput2($row['barcode']) . "';progressBar('" . sanitizeInput2($searchTitle) . "');\"><i class=\"fas fa-search\" title=\"Search for Sales Offers\" data-toggle=\"tooltip\"></i></button></span></td>";
65	-	141	`$str .= "<td class=\"d-none\" id=\"wlIdRow" . $row['id'] . "\"></td>";`
52	-	142
65	-	143	`$str .= "</tr>";`
46	-	144	`}`
52	-	145
46	-	146	`$str .= "</tbody>";`
		147	`$str .= "</table>";`
58	-	148	`$str .= "</div>";`
61	-	149	`$str .= "</form>";`
52	-	150
65	-	151	`$str .= '<div class="modal fade" id="editWishlistModal">';`
		152	`$str .= ' <div class="modal-dialog">';`
		153	`$str .= ' <div class="modal-content">';`
		154	`$str .= ' <div class="modal-header bg-primary">';`
		155	`$str .= ' <h4 class="modal-title">Edit Wishlist Entry</h4>';`
		156	`$str .= ' </div>';`
		157	`$str .= ' <span class="mt-0" id="wlMsg"></span>';`
52	-	158	`$str .= ' <input type="hidden" name="sessionTab" value="' . MySessionHandler::getSessionTab() . '">';`
		159	`$str .= ' <input type="hidden" name="wlId" id="wlId">';`
65	-	160	`$str .= ' <div class="modal-body">';`
		161	`$str .= ' <div class="form-group">';`
		162	`$str .= ' <label for="wlArtist">Artist:</label>';`
		163	`$str .= ' <input type="text" class="form-control" id="wlArtist">';`
		164	`$str .= ' </div>';`
		165	`$str .= ' <div class="form-group">';`
		166	`$str .= ' <label for="wlTitle">Title:</label>';`
		167	`$str .= ' <input type="text" class="form-control" id="wlTitle">';`
		168	`$str .= ' </div>';`
		169	`$str .= ' <div class="form-group">';`
		170	`$str .= ' <label for="wlBarcode">Barcode:</label>';`
		171	`$str .= ' <input type="text" class="form-control" id="wlBarcode">';`
		172	`$str .= ' </div>';`
		173	`$str .= ' <div class="form-group">';`
73	-	174	`$str .= ' <label for="wlCond">Condition:</label>';`
		175	`$str .= ' <select class="form-control" id="wlCond">';`
		176	`$str .= ' <option>Any</option>';`
		177	`$str .= ' <option>New</option>';`
		178	`$str .= ' <option>Used</option>';`
		179	`$str .= ' </select>';`
		180	`$str .= ' </div>';`
		181	`$str .= ' <div class="form-group">';`
65	-	182	`$str .= ' <label for="wlFormat">Format:</label>';`
		183	`$str .= ' <select class="form-control" id="wlFormat">';`
		184	`$str .= ' <option>Any</option>';`
		185	`$str .= ' <option>CD</option>';`
		186	`$str .= ' <option>Record</option>';`
		187	`$str .= ' <option>Digital</option>';`
		188	`$str .= ' <option>Book</option>';`
		189	`$str .= ' </select>';`
		190	`$str .= ' </div>';`
		191	`$str .= ' <div class="form-group">';`
		192	`$str .= ' <label for="wlPrice">Ceiling Price:</label>';`
		193	`$str .= ' <input type="text" class="form-control" id="wlPrice">';`
		194	`$str .= ' </div>';`
		195	`$str .= ' </div>';`
		196	`$str .= ' <div class="modal-footer bg-primary">';`
		197	`$str .= ' <button type="button" class="btn btn-success" name="submit" value="Save" onclick="saveEditedWishlist(); return true;">Save</button>';`
		198	`$str .= ' <button type="button" class="btn btn-danger" data-dismiss="modal">Cancel</button>';`
		199	`$str .= ' </div>';`
		200	`$str .= ' </div>';`
		201	`$str .= ' </div>';`
		202	`$str .= '</div>';`
		203	`$str .= '</div>';`
		204	`}`
		205	`else {`
58	-	206	`$str .= "<div class=\"container bg-warning text-center py-3\"><h3><i class=\"fas fa-bookmark\"></i> Your wishlist is currently empty. Add matching albums from the search results.</h3></div>";`
46	-	207	`}`
		208	`}`
65	-	209	`else if (mysqli_errno($conn)) {`
		210	`error_log("MySQL Read Wishlist SQL: " . $sql);`
		211	`error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		212	`}`
46	-	213
		214	`return $str;`
52	-	215	`}`
		216
		217	`function deleteWishlist($uid, $id) {`
		218	`$conn = MySessionHandler::getDBSessionId();`
		219
		220	`$id = mysqli_real_escape_string($conn, $id);`
		221	`$uid = mysqli_real_escape_string($conn, $uid);`
		222
		223	`$sql = "DELETE FROM wishlist WHERE id = $id AND uid = $uid;";`
		224
		225	`if (!($result = mysqli_query($conn, $sql))) {`
65	-	226	`error_log("MySQL Delete Wishlist SQL: " . $sql);`
		227	`error_log("MySQL Delete Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		228	`return -1;`
52	-	229	`}`
		230
		231	`return 0;`
		232	`}`
		233
		234	`function updateWishlist($uid, $wlArr) {`
		235	`$nul = 'NULL';`
		236	`$conn = MySessionHandler::getDBSessionId();`
		237
		238	`$modified = mysqli_real_escape_string($conn, time());`
		239
		240	`$id = (empty($wlArr['id']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['id']) . "'");`
		241	`$uid = mysqli_real_escape_string($conn, $uid);`
		242	`$barcode = (empty($wlArr['barcode']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['barcode']) . "'");`
		243	`$title = isset($wlArr['title']) ? "'" . mysqli_real_escape_string($conn, $wlArr['title']) . "'" : "NULL";`
		244	`$artist = isset($wlArr['artist']) ? "'" . mysqli_real_escape_string($conn, $wlArr['artist']) . "'" : "NULL";`
73	-	245	`$cond = isset($wlArr['cond']) ? mysqli_real_escape_string($conn, $wlArr['cond']) : "Any";`
52	-	246	`$format = isset($wlArr['format']) ? mysqli_real_escape_string($conn, $wlArr['format']) : "Any";`
		247	`$currency = 'USD'; //bugbug`
		248	`$price = isset($wlArr['price']) ? "'" . mysqli_real_escape_string($conn, $wlArr['price']) . "'" : "NULL";`
		249
		250	`$sql = "UPDATE wishlist`
73	-	251	`SET modified='$modified', barcode=" . $barcode . ", title=" . $title . ", artist=" . $artist . ", cond='$cond', format='$format', price=" . $price . "`
52	-	252	`WHERE id=$id and uid=$uid";`
		253
		254	`if ($result = mysqli_query($conn, $sql)) {`
		255	`return 0;`
65	-	256	`}`
		257	`else {`
52	-	258	`error_log("MySQL Update Wishlist SQL: " . $sql);`
		259	`error_log("MySQL Update Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		260	`return -1;`
		261	`}`
		262
		263	`return -1;`
		264	`}`
73	-	265
		266	`function unsubscribeWishlist($arr) {`
		267	`$conn = MySessionHandler::getDBSessionId();`
		268
		269	`$modified = mysqli_real_escape_string($conn, time());`
		270
		271	`$id = mysqli_real_escape_string($conn, $arr['id']);`
		272	`$email = mysqli_real_escape_string($conn, $arr['email']);`
		273
		274	`$sql = "UPDATE users`
		275	`SET wlEmailFlag = '0'`
		276	`WHERE id=$id and email='$email'";`
		277
		278	`if (!($result = mysqli_query($conn, $sql))) {`
		279	`error_log("MySQL Update Wishlist SQL: " . $sql);`
		280	`error_log("MySQL Update Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		281	`}`
		282
		283	`$str = "<div class=\"container text-center bg-warning p-3 rounded\">";`
		284	`$str .= "<p class=\"display-6 font-weight-bold\">The wishlist price check emails for " . $email . " have been turned off</p>";`
		285	`$str .= "<p>You can reinstate the emails at any time by setting the option 'Email Price Checks' for your account back to 'Yes'.</p>";`
		286	`$str .= "</div>";`
		287
		288	`return $str;`
		289	`}`
78	-	290
		291	`function checkPriceMonitor() {`
		292	`if (empty($_SESSION['sessData']['userID'])) {`
		293	`unset($_SESSION['priceMonitor']);`
		294	`return -1;`
		295	`}`
		296
		297	`$conn = MySessionHandler::getDBSessionId();`
		298
		299	`$uid = $_SESSION['sessData']['userID'];`
		300
		301	`$sql = "SELECT created, access`
		302	`FROM pricemonitor`
		303	`WHERE userId = '$uid'";`
		304
		305	`if ($result = mysqli_query($conn, $sql)) {`
		306	`if (mysqli_num_rows($result) > 0) {`
		307	`if ($row = mysqli_fetch_assoc($result)) {`
		308	`$_SESSION['priceMonitor']['created'] = $row['created'];`
		309	`$_SESSION['priceMonitor']['access'] = $row['access'];`
		310
		311	`return 0;`
		312	`}`
		313	`}`
		314	`}`
		315	`else if (mysqli_errno($conn)) {`
		316	`error_log("MySQL Read Price Monitor SQL: " . $sql);`
		317	`error_log("MySQL Read Price Monitor Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		318	`}`
		319
		320	`return -1;`
		321	`}`
		322
		323
		324	`function getPriceMonitor() {`
		325	`$conn = MySessionHandler::getDBSessionId();`
		326
		327	`$uid = $_SESSION['sessData']['userID'];`
		328
		329	`$sql = "SELECT data`
		330	`FROM pricemonitor`
		331	`WHERE userId = '$uid'";`
		332
		333	`if ($result = mysqli_query($conn, $sql)) {`
		334	`if (mysqli_num_rows($result) > 0) {`
		335	`if ($row = mysqli_fetch_assoc($result)) {`
		336	`$access = mysqli_real_escape_string($conn, time());`
		337	`$sql = "UPDATE pricemonitor`
		338	`SET access = $access`
		339	`WHERE userId = '$uid'";`
		340	`if (!($result = mysqli_query($conn, $sql))) {`
		341	`error_log("MySQL Update Price Monitor SQL: " . $sql);`
		342	`error_log("MySQL Update Price Monitor Error: " . mysqli_error($conn) . " (" . $error . ")");`
		343	`}`
		344
		345	`return($row['data']);`
		346	`}`
		347	`}`
		348	`}`
		349	`else if (mysqli_errno($conn)) {`
		350	`error_log("MySQL Read Price Monitor SQL: " . $sql);`
		351	`error_log("MySQL Read Price Monitor Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		352	`}`
		353
		354	`return "";`
		355	`}`

Subversion Repositories cheapmusic

(root)/www/php/wishlist.php – Rev 78