WebSVN – cheapmusic – Blame – /www/php/wishlist.php

Rev	Author	Line No.	Line
45	-	1	`<?php`
65	-	2	`include_once ('php/clsLibGTIN.php');`
		3	`include_once ('php/constants.php');`
45	-	4
		5	`error_reporting(E_ALL);`
		6
65	-	7	`// add new entry to wishlist`
52	-	8	`function addWishlist($uid, $wlArr) {`
50	-	9	`$nul = 'NULL';`
45	-	10	`$conn = MySessionHandler::getDBSessionId();`
		11
		12	`$created = mysqli_real_escape_string($conn, time());`
		13	`$modified = $created;`
		14
52	-	15	`$uid = mysqli_real_escape_string($conn, $uid);`
		16	`$mid = isset($wlArr->{'mid'}) ? mysqli_real_escape_string($conn, $wlArr->{'mid'}) : "";`
		17	`$rid = isset($wlArr->{'rid'}) ? mysqli_real_escape_string($conn, $wlArr->{'rid'}) : "";`
81	-	18	`$asin = isset($wlArr->{'asin'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'asin'}) . "'" : "NULL";`
50	-	19	`$barcode = (empty($wlArr->{'barcode'}) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr->{'barcode'}) . "'");`
		20	`$title = isset($wlArr->{'title'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'title'}) . "'" : "NULL";`
		21	`$artist = isset($wlArr->{'artist'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'artist'}) . "'" : "NULL";`
73	-	22	`$cond = 'Any';`
45	-	23	`$format = 'Any';`
46	-	24	`$currency = 'USD'; //bugbug`
45	-	25	`$price = 'NULL';`
50	-	26	`$url = isset($wlArr->{'url'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'url'}) . "'" : "NULL";`
		27	`$thumbnail = isset($wlArr->{'thumbnail'}) ? "'" . mysqli_real_escape_string($conn, $wlArr->{'thumbnail'}) . "'" : "NULL";`
45	-	28
		29	`$sql = "INSERT`
		30	`INTO wishlist`
81	-	31	`(id, created, modified, uid, mid, rid, asin, barcode, title, artist, cond, format, currency, price, url, thumbnail)`
		32	`VALUES (NULL, '$created', '$modified', '$uid', '$mid', '$rid', " . $asin . ", " . $barcode . ", " . $title . ", " . $artist . ", '$cond', '$format', '$currency', '$price', " . $url . ", " . $thumbnail . ")";`
45	-	33
		34	`if ($result = mysqli_query($conn, $sql)) {`
52	-	35	`return 0;`
65	-	36	`}`
		37	`else {`
45	-	38	`$error = mysqli_errno($conn);`
		39	`if ($error == 1062) {`
52	-	40	`return 1;`
65	-	41	`}`
		42	`else {`
45	-	43	`error_log("MySQL Read Wishlist SQL: " . $sql);`
52	-	44	`error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		45	`return -1;`
45	-	46	`}`
		47	`}`
		48
52	-	49	`return -1;`
45	-	50	`}`
		51
46	-	52	`function checkWishlist($type, $id) {`
45	-	53	`$conn = MySessionHandler::getDBSessionId();`
81	-	54	`if ($type == "master") {`
		55	`$colName = "mid";`
		56	`} else if ($type == "release") {`
		57	`$colName = "rid";`
		58	`} else if ($type == "asin") {`
		59	`$colName = "asin";`
		60	`}`
45	-	61
52	-	62	`$uid = mysqli_real_escape_string($conn, $_SESSION['sessData']['userID']);`
45	-	63
		64	`$sql = "SELECT id`
		65	`FROM wishlist`
81	-	66	`WHERE uid = '$uid' and $colName = '$id'";`
45	-	67
		68	`if ($result = mysqli_query($conn, $sql)) {`
		69	`if (mysqli_num_rows($result) > 0) {`
		70	`return true;`
		71	`}`
		72	`}`
65	-	73	`else if (mysqli_errno($conn)) {`
		74	`error_log("MySQL Check Wishlist SQL: " . $sql);`
		75	`error_log("MySQL Check Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		76	`return true;`
		77	`}`
45	-	78
		79	`return false;`
46	-	80	`}`
		81
		82	`function getWishlist() {`
		83	`$str = '';`
		84	`$conn = MySessionHandler::getDBSessionId();`
		85
		86	`$uid = $_SESSION['sessData']['userID'];`
		87
		88	`$sql = "SELECT *`
		89	`FROM wishlist`
		90	`WHERE uid = '$uid'";`
		91
		92	`if ($result = mysqli_query($conn, $sql)) {`
		93	`if (mysqli_num_rows($result) > 0) {`
58	-	94	`$str .= "<div class=\"container\">";`
52	-	95	`$str .= "<div class=\"input-group mt-3\">";`
		96	`$str .= "<div class=\"input-group-prepend\">";`
		97	`$str .= "<span class=\"input-group-text\"><i class=\"fas fa-search\"></i></span>";`
		98	`$str .= "</div>";`
73	-	99	`$str .= "<input type=\"text\" class=\"form-control\" id=\"tableFilter\" onkeyup=\"filterWishlist();\" placeholder=\"Search for..\">";`
52	-	100	`$str .= "<div class=\"input-group-append\" id=\"tableFilterButton\">";`
		101	`$str .= "<button type=\"button\" class=\"btn rounded\" onclick=\"document.getElementById('tableFilter').value='';filterWishlist();\"><i class=\"fas fa-window-close\"></i></button>";`
		102	`$str .= "</div>";`
		103	`$str .= "</div>";`
		104
61	-	105	`$str .= "<form method=\"post\" action=\"/index.php\">";`
		106	`$str .= "<input type=\"hidden\" name=\"sessionTab\" value=\"" . MySessionHandler::getSessionTab() . "\">";`
		107	`$str .= "<input id=\"discogsTitle\" type=\"hidden\" name=\"discogsTitle\" value=\"\">";`
		108	`$str .= "<input id=\"discogsArtist\" type=\"hidden\" name=\"discogsArtist\" value=\"\">";`
		109	`$str .= "<input id=\"discogsBarcode\" type=\"hidden\" name=\"discogsBarcode\" value=\"\">";`
81	-	110	`$str .= "<div class=\"table\">";`
68	-	111	`$str .= "<table id=\"wishlistTable\" class=\"table table-striped table-condensed table-hover small bg-info\">";`
81	-	112	`$str .= "<thead class=\"thead-dark table-header-sticky\">";`
65	-	113	`$str .= "<tr><th></th>";`
		114	`$str .= "<th class=\"text-left cursor-pointer\" onclick=\"sortTable('wishlistTable', 1, 'text')\"><span class=\"nowrap\">Artist <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
		115	`$str .= "<th class=\"text-left cursor-pointer\" onclick=\"sortTable('wishlistTable', 2, 'text')\"><span class=\"text-nowrap\">Title <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
		116	`$str .= "<th class=\"d-none\"></th>";`
		117	`$str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 4, 'text')\"><span class=\"text-nowrap\">Barcode <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
73	-	118	`$str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 5, 'text')\"><span class=\"text-nowrap\">Condition <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
		119	`$str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 6, 'text')\"><span class=\"text-nowrap\">Format <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
65	-	120	`$str .= "<th class=\"d-none\">Ceiling Price Number</th>";`
73	-	121	`$str .= "<th class=\"cursor-pointer\" onclick=\"sortTable('wishlistTable', 7, 'currency')\"><span class=\"text-nowrap\">Price <i class=\"fas fa-caret-up\"></i><i class=\"fas fa-caret-down\"></i></span></th>";`
65	-	122	`$str .= "<th></th><th class=\"d-none\"></th></tr></thead>";`
		123	`$str .= "<tbody>";`
46	-	124
65	-	125	`while ($row = mysqli_fetch_assoc($result)) {`
52	-	126	`$artist = (empty($row["artist"]) ? "Various" : sanitizeInput2($row["artist"]));`
		127	`$altText = "Image for " . sanitizeInput2($row['title']) . " by " . $artist;`
46	-	128	`$price = print_monetary($row['price'], $row['currency']);`
52	-	129	`$searchTitle = 'Searching for:<br><br><strong>' . sanitizeInput2($row['title']) . " by " . $artist;`
50	-	130	`if ($row['barcode'] !== null) {`
		131	`$searchTitle .= " (" . displayBarcode($row['barcode']) . ")";`
		132	`}`
52	-	133	`$searchTitle .= "</strong>";`
47	-	134
46	-	135	`$str .= "<tr>";`
65	-	136	`$str .= "<td><img class=\"img-fluid wishlist-img\" src=\"" . $row["thumbnail"] . "\" alt=\"" . $altText . "\"></td>";`
		137	`$str .= "<td>$artist</td>";`
		138	`$str .= "<td>" . $row['title'] . "</td>";`
		139	`$str .= "<td class=\"d-none\">" . $row['barcode'] . "</td>";`
		140	`$str .= "<td>" . displayBarcode($row['barcode']) . "</td>";`
73	-	141	`$str .= "<td>" . $row['cond'] . "</td>";`
65	-	142	`$str .= "<td>" . $row['format'] . "</td>";`
		143	`$str .= "<td class=\"d-none\">" . $row['price'] . "</td>";`
		144	`$str .= "<td>" . $price . "</td>";`
		145	`$str .= "<td><span class=\"text-nowrap\"><button class=\"btn rounded btn-wishlist\" type=\"button\" onclick=\"editWishlist('" . $row["id"] . "',this); return true;\" data-toggle=\"tooltip\" title=\"Edit\"><i class=\"fas fa-edit\"></i></button>";`
68	-	146	`$str .= "<button class=\"btn rounded btn-wishlist\" type=\"button\" onclick=\"deleteWishlist('" . $row["id"] . "',this,'" . sanitizeInput2($row['title']) . "','" . $artist . "'); return true;\" data-toggle=\"tooltip\" title=\"Delete\"><i class=\"fas fa-window-close\"></i></button>";`
65	-	147	`$str .= "<a class=\"btn rounded btn-wishlist\" role=\"button\" data-toggle=\"tooltip\" title=\"Information\" href=\"" . $row['url'] . "\" target=\"_blank\"><i class=\"fas fa-info-circle\"></i></a>";`
61	-	148	$str .= "<button type=\"submit\" name=\"submit\" value=\"discogsSearch\" class=\"btn rounded btn-wishlist\" onclick=\"document.getElementById('discogsTitle').value = '" . sanitizeInput2($row['title']) . "';document.getElementById('discogsArtist').value = '" . sanitizeInput2($row['artist']) . "';document.getElementById('discogsBarcode').value = '" . sanitizeInput2($row['barcode']) . "';progressBar('" . sanitizeInput2($searchTitle) . "');\"><i class=\"fas fa-search\" title=\"Search for Sales Offers\" data-toggle=\"tooltip\"></i></button></span></td>";
65	-	149	`$str .= "<td class=\"d-none\" id=\"wlIdRow" . $row['id'] . "\"></td>";`
52	-	150
65	-	151	`$str .= "</tr>";`
46	-	152	`}`
52	-	153
46	-	154	`$str .= "</tbody>";`
		155	`$str .= "</table>";`
58	-	156	`$str .= "</div>";`
61	-	157	`$str .= "</form>";`
52	-	158
65	-	159	`$str .= '<div class="modal fade" id="editWishlistModal">';`
		160	`$str .= ' <div class="modal-dialog">';`
		161	`$str .= ' <div class="modal-content">';`
		162	`$str .= ' <div class="modal-header bg-primary">';`
		163	`$str .= ' <h4 class="modal-title">Edit Wishlist Entry</h4>';`
		164	`$str .= ' </div>';`
		165	`$str .= ' <span class="mt-0" id="wlMsg"></span>';`
52	-	166	`$str .= ' <input type="hidden" name="sessionTab" value="' . MySessionHandler::getSessionTab() . '">';`
		167	`$str .= ' <input type="hidden" name="wlId" id="wlId">';`
65	-	168	`$str .= ' <div class="modal-body">';`
		169	`$str .= ' <div class="form-group">';`
		170	`$str .= ' <label for="wlArtist">Artist:</label>';`
		171	`$str .= ' <input type="text" class="form-control" id="wlArtist">';`
		172	`$str .= ' </div>';`
		173	`$str .= ' <div class="form-group">';`
		174	`$str .= ' <label for="wlTitle">Title:</label>';`
		175	`$str .= ' <input type="text" class="form-control" id="wlTitle">';`
		176	`$str .= ' </div>';`
		177	`$str .= ' <div class="form-group">';`
		178	`$str .= ' <label for="wlBarcode">Barcode:</label>';`
		179	`$str .= ' <input type="text" class="form-control" id="wlBarcode">';`
		180	`$str .= ' </div>';`
		181	`$str .= ' <div class="form-group">';`
73	-	182	`$str .= ' <label for="wlCond">Condition:</label>';`
		183	`$str .= ' <select class="form-control" id="wlCond">';`
		184	`$str .= ' <option>Any</option>';`
		185	`$str .= ' <option>New</option>';`
		186	`$str .= ' <option>Used</option>';`
		187	`$str .= ' </select>';`
		188	`$str .= ' </div>';`
		189	`$str .= ' <div class="form-group">';`
65	-	190	`$str .= ' <label for="wlFormat">Format:</label>';`
		191	`$str .= ' <select class="form-control" id="wlFormat">';`
		192	`$str .= ' <option>Any</option>';`
		193	`$str .= ' <option>CD</option>';`
		194	`$str .= ' <option>Record</option>';`
		195	`$str .= ' <option>Digital</option>';`
		196	`$str .= ' <option>Book</option>';`
		197	`$str .= ' </select>';`
		198	`$str .= ' </div>';`
		199	`$str .= ' <div class="form-group">';`
		200	`$str .= ' <label for="wlPrice">Ceiling Price:</label>';`
		201	`$str .= ' <input type="text" class="form-control" id="wlPrice">';`
		202	`$str .= ' </div>';`
		203	`$str .= ' </div>';`
		204	`$str .= ' <div class="modal-footer bg-primary">';`
		205	`$str .= ' <button type="button" class="btn btn-success" name="submit" value="Save" onclick="saveEditedWishlist(); return true;">Save</button>';`
		206	`$str .= ' <button type="button" class="btn btn-danger" data-dismiss="modal">Cancel</button>';`
		207	`$str .= ' </div>';`
		208	`$str .= ' </div>';`
		209	`$str .= ' </div>';`
		210	`$str .= '</div>';`
		211	`$str .= '</div>';`
		212	`}`
		213	`else {`
58	-	214	`$str .= "<div class=\"container bg-warning text-center py-3\"><h3><i class=\"fas fa-bookmark\"></i> Your wishlist is currently empty. Add matching albums from the search results.</h3></div>";`
46	-	215	`}`
		216	`}`
65	-	217	`else if (mysqli_errno($conn)) {`
		218	`error_log("MySQL Read Wishlist SQL: " . $sql);`
		219	`error_log("MySQL Read Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		220	`}`
46	-	221
		222	`return $str;`
52	-	223	`}`
		224
		225	`function deleteWishlist($uid, $id) {`
		226	`$conn = MySessionHandler::getDBSessionId();`
		227
		228	`$id = mysqli_real_escape_string($conn, $id);`
		229	`$uid = mysqli_real_escape_string($conn, $uid);`
		230
		231	`$sql = "DELETE FROM wishlist WHERE id = $id AND uid = $uid;";`
		232
		233	`if (!($result = mysqli_query($conn, $sql))) {`
65	-	234	`error_log("MySQL Delete Wishlist SQL: " . $sql);`
		235	`error_log("MySQL Delete Wishlist Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		236	`return -1;`
52	-	237	`}`
		238
		239	`return 0;`
		240	`}`
		241
		242	`function updateWishlist($uid, $wlArr) {`
		243	`$nul = 'NULL';`
		244	`$conn = MySessionHandler::getDBSessionId();`
		245
		246	`$modified = mysqli_real_escape_string($conn, time());`
		247
		248	`$id = (empty($wlArr['id']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['id']) . "'");`
		249	`$uid = mysqli_real_escape_string($conn, $uid);`
		250	`$barcode = (empty($wlArr['barcode']) ? "NULL" : "'" . mysqli_real_escape_string($conn, $wlArr['barcode']) . "'");`
		251	`$title = isset($wlArr['title']) ? "'" . mysqli_real_escape_string($conn, $wlArr['title']) . "'" : "NULL";`
		252	`$artist = isset($wlArr['artist']) ? "'" . mysqli_real_escape_string($conn, $wlArr['artist']) . "'" : "NULL";`
73	-	253	`$cond = isset($wlArr['cond']) ? mysqli_real_escape_string($conn, $wlArr['cond']) : "Any";`
52	-	254	`$format = isset($wlArr['format']) ? mysqli_real_escape_string($conn, $wlArr['format']) : "Any";`
		255	`$currency = 'USD'; //bugbug`
		256	`$price = isset($wlArr['price']) ? "'" . mysqli_real_escape_string($conn, $wlArr['price']) . "'" : "NULL";`
		257
		258	`$sql = "UPDATE wishlist`
73	-	259	`SET modified='$modified', barcode=" . $barcode . ", title=" . $title . ", artist=" . $artist . ", cond='$cond', format='$format', price=" . $price . "`
52	-	260	`WHERE id=$id and uid=$uid";`
		261
		262	`if ($result = mysqli_query($conn, $sql)) {`
		263	`return 0;`
65	-	264	`}`
		265	`else {`
52	-	266	`error_log("MySQL Update Wishlist SQL: " . $sql);`
		267	`error_log("MySQL Update Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		268	`return -1;`
		269	`}`
		270
		271	`return -1;`
		272	`}`
73	-	273
		274	`function unsubscribeWishlist($arr) {`
		275	`$conn = MySessionHandler::getDBSessionId();`
		276
		277	`$modified = mysqli_real_escape_string($conn, time());`
		278
		279	`$id = mysqli_real_escape_string($conn, $arr['id']);`
		280	`$email = mysqli_real_escape_string($conn, $arr['email']);`
		281
		282	`$sql = "UPDATE users`
		283	`SET wlEmailFlag = '0'`
		284	`WHERE id=$id and email='$email'";`
		285
		286	`if (!($result = mysqli_query($conn, $sql))) {`
		287	`error_log("MySQL Update Wishlist SQL: " . $sql);`
		288	`error_log("MySQL Update Wishlist Error: " . mysqli_error($conn) . " (" . $error . ")");`
		289	`}`
		290
		291	`$str = "<div class=\"container text-center bg-warning p-3 rounded\">";`
		292	`$str .= "<p class=\"display-6 font-weight-bold\">The wishlist price check emails for " . $email . " have been turned off</p>";`
		293	`$str .= "<p>You can reinstate the emails at any time by setting the option 'Email Price Checks' for your account back to 'Yes'.</p>";`
		294	`$str .= "</div>";`
		295
		296	`return $str;`
		297	`}`
78	-	298
		299	`function checkPriceMonitor() {`
		300	`if (empty($_SESSION['sessData']['userID'])) {`
		301	`unset($_SESSION['priceMonitor']);`
		302	`return -1;`
		303	`}`
		304
		305	`$conn = MySessionHandler::getDBSessionId();`
		306
		307	`$uid = $_SESSION['sessData']['userID'];`
		308
		309	`$sql = "SELECT created, access`
		310	`FROM pricemonitor`
		311	`WHERE userId = '$uid'";`
		312
		313	`if ($result = mysqli_query($conn, $sql)) {`
		314	`if (mysqli_num_rows($result) > 0) {`
		315	`if ($row = mysqli_fetch_assoc($result)) {`
		316	`$_SESSION['priceMonitor']['created'] = $row['created'];`
		317	`$_SESSION['priceMonitor']['access'] = $row['access'];`
79	-	318	`if (!empty($_SESSION['priceMonitor']['created']) && !empty($_SESSION['priceMonitor']['access'])`
		319	`&& $_SESSION['priceMonitor']['created'] > $_SESSION['priceMonitor']['access']) {`
		320	`$_SESSION['priceMonitor']['newFlag'] = true;`
		321	`} else {`
		322	`$_SESSION['priceMonitor']['newFlag'] = false;`
		323	`}`
78	-	324
		325	`return 0;`
		326	`}`
		327	`}`
		328	`}`
		329	`else if (mysqli_errno($conn)) {`
		330	`error_log("MySQL Read Price Monitor SQL: " . $sql);`
		331	`error_log("MySQL Read Price Monitor Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		332	`}`
		333
		334	`return -1;`
		335	`}`
		336
		337
		338	`function getPriceMonitor() {`
		339	`$conn = MySessionHandler::getDBSessionId();`
		340
		341	`$uid = $_SESSION['sessData']['userID'];`
		342
		343	`$sql = "SELECT data`
		344	`FROM pricemonitor`
		345	`WHERE userId = '$uid'";`
		346
		347	`if ($result = mysqli_query($conn, $sql)) {`
		348	`if (mysqli_num_rows($result) > 0) {`
		349	`if ($row = mysqli_fetch_assoc($result)) {`
		350	`$access = mysqli_real_escape_string($conn, time());`
		351	`$sql = "UPDATE pricemonitor`
		352	`SET access = $access`
		353	`WHERE userId = '$uid'";`
		354	`if (!($result = mysqli_query($conn, $sql))) {`
		355	`error_log("MySQL Update Price Monitor SQL: " . $sql);`
		356	`error_log("MySQL Update Price Monitor Error: " . mysqli_error($conn) . " (" . $error . ")");`
		357	`}`
		358
		359	`return($row['data']);`
		360	`}`
		361	`}`
		362	`}`
		363	`else if (mysqli_errno($conn)) {`
		364	`error_log("MySQL Read Price Monitor SQL: " . $sql);`
		365	`error_log("MySQL Read Price Monitor Error: " . mysqli_error($conn) . " (" . mysqli_errno($conn) . ")");`
		366	`}`
		367
		368	`return "";`
		369	`}`

Subversion Repositories cheapmusic

(root)/www/php/wishlist.php – Rev 81