Subversion Repositories cheapmusic

<?php
include_once($_SERVER['DOCUMENT_ROOT'] . '/php/dnsexit.php');

$rc = -1;
$msg = "";

if (isset($_POST['function']) && in_array($_POST['function'], array("add", "delete", "update"))) {
    if (isset($_POST["id"])) {
        include_once($_SERVER['DOCUMENT_ROOT'] . '/php/sessions_db.php');
        include_once($_SERVER['DOCUMENT_ROOT'] . '/php/cryptor.php');
        include_once($_SERVER['DOCUMENT_ROOT'] . '/php/wishlist.php');
        include_once($_SERVER['DOCUMENT_ROOT'] . '/php/clsLibGTIN.php');
        include_once($_SERVER['DOCUMENT_ROOT'] . '/php/constants.php');

        $configFile = parse_ini_file($_SERVER['DOCUMENT_ROOT'] . "/../MyFiles/config/cheapmusic.ini",true);
        $crypt = Cryptor::getInstance($configFile['cryptor']);
        $tmpSessionTab = (isset($_POST["sessionTab"]) && $_POST["sessionTab"] > 0 ? $_POST["sessionTab"] : null);
        $handler = MySessionHandler::getInstance($tmpSessionTab, $configFile['mysqli']);
        unset($configFile);

        ini_set("session.cookie_httponly", 1);
        ini_set("session.cookie_secure", 1);
        session_set_save_handler($handler, true);
        if (!empty($_COOKIE['PHPSESSID'])) {
            session_id($_COOKIE['PHPSESSID']);
        }
        @session_start();

        $uid = $_SESSION['sessData']['userID'];

        if (!empty($uid) && $uid > 0) {
            if ($_POST['function'] == "delete") {
                $rc = deleteWishlist($uid, $_POST["id"]);
            } else if ($_POST['function'] == "add") {
                $rc = addWishlist($uid, json_decode(base64_decode($_POST['wl'])));
            } else { /* update */
                $wlArr = [];
                $wlArr["id"] = $_POST['id'];
                $wlArr["artist"] = $_POST['artist'];
                $wlArr["title"] = $_POST['title'];
                $wlArr["barcode"] = $_POST['barcode'];
                $wlArr["format"] = $_POST['format'];
                $wlArr["price"] = $_POST['price'];

                if (empty($wlArr['id']) || $wlArr['id'] < 0) {
                    $msg = "Internal Error. Please reload page.";
                }
                
                if (empty($wlArr['artist']) && empty($wlArr['title']) && empty($wlArr['barcode'])) {
                    $msg = "Artist, Ttile and Barcode are empty. Please set at least one of them.";
                }
                
                if (!empty($wlArr['barcode'])) {
                    $barcodeType = clsLibGTIN::GTINCheck($wlArr['barcode'], false, 1);
                    if (empty($barcodeType)) {
                        $msg = "Invalid Barcode number. Please correct.";
                    }
                }
                
                if (!empty($wlArr['price'])) {
                    if (!is_numeric($wlArr['price']) || $wlArr['price'] < 0) {
                        $msg = "Invalid Ceiling Price. Please correct.";
                    }
                }
                
                if (empty($wlArr['format']) || !in_array($wlArr['format'], $formatArr)) {
                    $msg = "Invalid Format. Please correct.";
                }

                if (empty($msg)) {
                    $rc = updateWishlist($uid, $wlArr);
                } else {
                    $rc = 1;
                }
            }
        }
    }
}

echo json_encode(array("retval" => $rc, "msg" => $msg));
exit;