Subversion Repositories cheapmusic

Rev

Rev 122 | Blame | Compare with Previous | Last modification | View Log | RSS feed 

<?php
include_once ($_SERVER['DOCUMENT_ROOT'] . '/php/hosting.php');

$rc = - 1;
$msg = "";

if (isset($_POST['function']) && in_array($_POST['function'], array(
    "add",
    "delete",
    "update"
))) {
    if (isset($_POST["id"])) {
        include_once ($_SERVER['DOCUMENT_ROOT'] . '/php/sessions_db.php');
        include_once ($_SERVER['DOCUMENT_ROOT'] . '/php/cryptor.php');
        include_once ($_SERVER['DOCUMENT_ROOT'] . '/php/wishlist.php');
        include_once ($_SERVER['DOCUMENT_ROOT'] . '/php/clsLibGTIN.php');
        include_once ($_SERVER['DOCUMENT_ROOT'] . '/php/constants.php');
        include_once ($_SERVER['DOCUMENT_ROOT'] . "/php/NonceUtil.php");

        $configFile = parse_ini_file(FCM_CONFIGFILE, true);
        $crypt = Cryptor::getInstance($configFile['cryptor']);
        $tmpSessionTab = (isset($_POST["sessionTab"]) && $_POST["sessionTab"] > 0 ? $_POST["sessionTab"] : null);
        $handler = MySessionHandler::getInstance($tmpSessionTab, $configFile['mysqli']);
        $systemConf = $configFile['system'];
        unset($configFile);

        session_set_cookie_params(604800, '/', '.findcheapmusic.com', true, true);
        session_set_save_handler($handler, true);
        if (!empty($_COOKIE['PHPSESSID'])) {
            session_id($_COOKIE['PHPSESSID']);
        }
        @session_start();

        $uid = $_SESSION['sessData']['userID'];
        $rc = 0;

        if (empty($_POST["nonce"]) || NonceUtil::check($systemConf["nonce_secret"], $_POST["nonce"]) === false) {
            $msg = "Internal Error. Please reload page.";
            $rc = 1;
        }

        if (!$rc && !empty($uid) && $uid > 0) {

            if ($_POST['function'] == "delete") {
                $rc = deleteWishlist($uid, $_POST["id"]);
            }
            else if ($_POST['function'] == "add") {
                $rc = addWishlist($uid, json_decode(base64_decode($_POST['wl'])));
            }
            else { /* update */
                $wlArr = [];
                $wlArr["id"] = $_POST['id'];
                $wlArr["artist"] = $_POST['artist'];
                $wlArr["title"] = $_POST['title'];
                $wlArr["barcode"] = $_POST['barcode'];
                $wlArr["cond"] = $_POST['cond'];
                $wlArr["format"] = $_POST['format'];
                $wlArr["price"] = $_POST['price'];

                if (empty($wlArr['id']) || $wlArr['id'] < 0) {
                    $msg = "Internal Error. Please reload page.";
                }

                if (empty($wlArr['artist']) && empty($wlArr['title']) && empty($wlArr['barcode'])) {
                    $msg = "Artist, Ttile and Barcode are empty. Please set at least one of them.";
                }

                if (!empty($wlArr['barcode'])) {
                    $barcodeType = clsLibGTIN::GTINCheck($wlArr['barcode'], false, 1);
                    if (empty($barcodeType)) {
                        $msg = "Invalid Barcode number. Please correct.";
                    }
                }

                if (!empty($wlArr['price'])) {
                    if (!is_numeric($wlArr['price']) || $wlArr['price'] < 0) {
                        $msg = "Invalid Ceiling Price. Please correct.";
                    }
                }

                if (empty($wlArr['cond']) || !in_array($wlArr['cond'], $condArr)) {
                    $msg = "Invalid Condition. Please correct.";
                }

                if (empty($wlArr['format']) || !in_array($wlArr['format'], $formatArr)) {
                    $msg = "Invalid Format. Please correct.";
                }

                if (empty($msg)) {
                    $rc = updateWishlist($uid, $wlArr);
                }
                else {
                    $rc = 1;
                }
            }
        }
    }
}

echo json_encode(array(
    "retval" => $rc,
    "msg" => $msg
));
exit;