diff --git a/src/includes/MySmarty.class.php b/src/includes/MySmarty.class.php index 1b91fcd..bbd8b21 100644 --- a/src/includes/MySmarty.class.php +++ b/src/includes/MySmarty.class.php @@ -19,11 +19,12 @@ class MySmarty extends Smarty { $opt["pdo_password"]); } - public function opt() { + public function opt($session = NULL) { static $opt; if (!isset($opt)) { $opt = getGlobalOptions(); } + $opt['show_helptext'] = isset($_SESSION['show_helptext']) ? $_SESSION['show_helptext'] : $opt['show_helptext']; return $opt; } diff --git a/src/index.php b/src/index.php index 1838318..8ad4ab6 100644 --- a/src/index.php +++ b/src/index.php @@ -113,28 +113,28 @@ if (!empty($_GET["mysort"])) $_SESSION["mysort"] = $_GET["mysort"]; if (!isset($_SESSION["mysort"])) { - $sortby = "rankorder DESC, i.description"; + $sortby = "rankorder DESC, i.name"; $_SESSION["mysort"] = "ranking"; } else { switch ($_SESSION["mysort"]) { case "ranking": - $sortby = "rankorder DESC, i.description"; + $sortby = "rankorder DESC, i.name"; break; - case "description": - $sortby = "i.description"; + case "name": + $sortby = "i.name"; break; case "price": - $sortby = "price, rankorder DESC, i.description"; + $sortby = "price, rankorder DESC, i.name"; break; case "category": - $sortby = "c.category, rankorder DESC, i.description"; + $sortby = "c.category, rankorder DESC, i.name"; break; default: - $sortby = "rankorder DESC, i.description"; + $sortby = "rankorder DESC, i.name"; } } -$stmt = $smarty->dbh()->prepare("SELECT itemid, description, c.category, price, url, rendered, comment, image_filename FROM {$opt["table_prefix"]}items i LEFT OUTER JOIN {$opt["table_prefix"]}categories c ON c.categoryid = i.category LEFT OUTER JOIN {$opt["table_prefix"]}ranks r ON r.ranking = i.ranking WHERE userid = ? ORDER BY " . $sortby); +$stmt = $smarty->dbh()->prepare("SELECT itemid, name, description, c.category, price, url, rendered, comment, image_filename FROM {$opt["table_prefix"]}items i LEFT OUTER JOIN {$opt["table_prefix"]}categories c ON c.categoryid = i.category LEFT OUTER JOIN {$opt["table_prefix"]}ranks r ON r.ranking = i.ranking WHERE userid = ? ORDER BY " . $sortby); $stmt->bindParam(1, $userid, PDO::PARAM_INT); $stmt->execute(); $myitems_count = 0; diff --git a/src/item.php b/src/item.php index e2f8538..ca92347 100644 --- a/src/item.php +++ b/src/item.php @@ -51,43 +51,102 @@ if (!empty($_REQUEST["action"])) { if ($action == "insert" || $action == "update") { /* validate the data. */ - $description = trim($_REQUEST["description"]); - $price = str_replace(",","",trim($_REQUEST["price"])); - $source = trim($_REQUEST["source"]); - $url = trim($_REQUEST["url"]); - $category = trim($_REQUEST["category"]); - $ranking = $_REQUEST["ranking"]; - $comment = $_REQUEST["comment"]; - $quantity = (int) $_REQUEST["quantity"]; + $name = trim($_REQUEST["name"]); + $bookmarklet = isset($_REQUEST["bookmarklet"]) ? trim($_REQUEST["bookmarklet"]) : ""; + $image_url = isset($_REQUEST["image_url"]) ? trim($_REQUEST["image_url"]) : ""; + $description = isset($_REQUEST["description"]) ? trim($_REQUEST["description"]) : ""; + $price = isset($_REQUEST["price"]) ? str_replace(",","",trim($_REQUEST["price"])) : "0"; + $source = isset($_REQUEST["source"]) ? trim($_REQUEST["source"]) : ""; + $url = isset($_REQUEST["url"]) ? trim($_REQUEST["url"]) : ""; + $category = isset($_REQUEST["category"]) ? trim($_REQUEST["category"]) : "1"; + $ranking = isset($_REQUEST["ranking"]) ? $_REQUEST["ranking"] : "3"; + $comment = isset($_REQUEST["comment"]) ? $_REQUEST["comment"] : ""; + $quantity = isset($_REQUEST["quantity"]) ? (int) $_REQUEST["quantity"] : 1; $haserror = false; - if ($description == "") { + if ($name == "") { $haserror = true; - $description_error = "A description is required."; + $name_error = "A name is required."; + } + if ($image_url != "" && preg_match("/^http(s)?:\/\/([^\/]+)/i",$image_url)) { + $image_file_data = file_get_contents($image_url); + if ($image_file_data !== false) { + $temp_image = tempnam("/tmp",""); + file_put_contents($temp_image, $image_file_data); + error_log("MWE: temp_image: $temp_image"); + $fh = fopen($temp_image, 'rb'); + if ($fh) { + $header = fread($fh, 8); + fclose($fh); + $ext = ""; + if (bin2hex(substr($header, 0, 8)) === '89504e470d0a1a0a') { + $ext = 'png'; + } elseif (bin2hex(substr($header, 0, 2)) === 'ffd8') { + $ext = 'jpg'; + } elseif (in_array(bin2hex(substr($header, 0, 6)), ['474946383761', '474946383961'])) { + $ext = 'gif'; + } elseif (bin2hex(substr($header, 0, 2)) === '424d') { + $ext = 'bmp'; + } elseif (in_array(bin2hex(substr($header, 0, 4)), ['49492a00', '4d4d002a'])) { + $ext = 'tiff'; + } elseif (bin2hex(substr($header, 0, 12)) === '524946462a00000057454250') { + $ext = 'webp'; + } + } + error_log("MWE: ext: $ext"); + if ($ext != "") { + $parts = pathinfo($_SERVER["SCRIPT_FILENAME"]); + $upload_dir = $parts['dirname']; + // generate a temporary file in the configured directory. + $temp_name = tempnam($upload_dir . "/" . $opt["image_subdir"],""); + // unlink it, we really want an extension on that. + unlink($temp_name); + // here's the name we really want to use. full path is included. + $image_filename = $temp_name . "." . $ext; + error_log("MWE: image_filename: $image_filename"); + // move the PHP temporary file to that filename. + rename($temp_image, $image_filename); + // the name we're going to record in the DB is the filename without the path. + $image_base_filename = basename($image_filename); + error_log("MWE: image_base_filename: $image_base_filename"); + } + } + } + if ($bookmarklet == "1") { + if ($source == "" && preg_match("/^Amazon.com:/", $name)) { + $source = "Amazon"; + } + if ($source == "" && $url != "") { + $source = preg_replace("/^(https?:\/\/)?([^\/]+)(\/.*)?$/", "$2", $url); + } + $name = preg_replace("/^Amazon.com: /", "", $name); + $name = preg_replace("/ : [A-Za-z0-9 &_,-]+/", "", $name); + } + if (strlen($name) > 100 && $description == "") { + $description = $name; + } + if (strlen($name) > 100) { + $name = substr($name, 0, 100); } if ($price == "" || !preg_match("/^\d*(\.\d{2})?$/i",$price)) { - $haserror = true; - $price_error = "Price format is not valid.
Price is required and must be a number, either accurate or approximate.
Do not enter the currency symbol."; - } - if ($source == "") { - $haserror = true; - $source_error = "A source is required (i.e., where it can be purchased)."; + $price = 0; } if ($url != "" && !preg_match("/^http(s)?:\/\/([^\/]+)/i",$url)) { $haserror = true; $url_error = "A well-formed URL is required in the format http://www.somesite.net/somedir/somefile.html."; } + if ($category == "") { + $category = 1; + } if ($ranking == "") { - $haserror = true; - $ranking_error = "A ranking is required."; + $ranking = 3; } if ($quantity == "" || (int) $quantity < 1) { - $haserror = true; - $quantity_error = "A positive quantity is required."; + $quantity = 1; } } - if (isset($haserror) && !$haserror && isset($_REQUEST["image"])) { + if (!isset($image_url) && isset($haserror) && !$haserror && isset($_REQUEST["image"])) { if ($_REQUEST["image"] == "remove" || $_REQUEST["image"] == "replace") { deleteImageForItem((int) $_REQUEST["itemid"], $smarty->dbh(), $smarty->opt()); } @@ -115,19 +174,20 @@ if (!empty($_REQUEST["action"])) { if ($action == "delete") { try { /* find out if this item is bought or reserved. */ - $stmt = $smarty->dbh()->prepare("SELECT a.userid, a.quantity, a.bought, i.description FROM {$opt["table_prefix"]}allocs a LEFT OUTER JOIN {$opt["table_prefix"]}items i ON i.itemid = a.itemid WHERE a.itemid = ?"); + $stmt = $smarty->dbh()->prepare("SELECT a.userid, a.quantity, a.bought, i.name, i.description FROM {$opt["table_prefix"]}allocs a LEFT OUTER JOIN {$opt["table_prefix"]}items i ON i.itemid = a.itemid WHERE a.itemid = ?"); $stmt->bindValue(1, (int) $_REQUEST["itemid"], PDO::PARAM_INT); $stmt->execute(); - $description = ""; // need this outside of the while block. + $name = ""; // need this outside of the while block. while ($row = $stmt->fetch()) { $buyerid = $row["userid"]; $quantity = $row["quantity"]; $bought = $row["bought"]; + $name = $row["name"]; // need this for descriptions. $description = $row["description"]; // need this for descriptions. if ($buyerid != null) { sendMessage($userid, $buyerid, - "$description that you " . (($bought == 1) ? "bought" : "reserved") . " $quantity of for {$_SESSION["fullname"]} has been deleted. Check your reservation/purchase to ensure it's still needed.", + "$name that you " . (($bought == 1) ? "bought" : "reserved") . " $quantity of for {$_SESSION["fullname"]} has been deleted. Check your reservation/purchase to ensure it's still needed.", $smarty->dbh(), $smarty->opt()); } @@ -142,7 +202,7 @@ if (!empty($_REQUEST["action"])) { // TODO: are we leaking allocs records here? stampUser($userid, $smarty->dbh(), $smarty->opt()); - processSubscriptions($userid, $action, $description, $smarty->dbh(), $smarty->opt()); + processSubscriptions($userid, $action, $name, $smarty->dbh(), $smarty->opt()); header("Location: " . getFullPath("index.php?message=Item+deleted.")); exit; @@ -152,11 +212,12 @@ if (!empty($_REQUEST["action"])) { } } else if ($action == "edit") { - $stmt = $smarty->dbh()->prepare("SELECT description, price, source, category, url, ranking, comment, quantity, image_filename FROM {$opt["table_prefix"]}items WHERE itemid = ?"); + $stmt = $smarty->dbh()->prepare("SELECT name, description, price, source, category, url, ranking, comment, quantity, image_filename FROM {$opt["table_prefix"]}items WHERE itemid = ?"); $stmt->bindValue(1, (int) $_REQUEST["itemid"], PDO::PARAM_INT); $stmt->execute(); if ($row = $stmt->fetch()) { + $name = $row["name"]; $description = $row["description"]; $price = number_format($row["price"],2,".",","); $source = $row["source"]; @@ -169,37 +230,39 @@ if (!empty($_REQUEST["action"])) { } } else if ($action == "add") { + $name = ""; $description = ""; $price = 0.00; $source = ""; $url = ""; - $category = NULL; - $ranking = NULL; + $category = 1; + $ranking = 3; $comment = ""; $quantity = 1; $image_filename = ""; } else if ($action == "insert") { if (!$haserror) { - $stmt = $smarty->dbh()->prepare("INSERT INTO {$opt["table_prefix"]}items(userid,description,price,source,category,url,ranking,comment,quantity,image_filename) " . - "VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); + $stmt = $smarty->dbh()->prepare("INSERT INTO {$opt["table_prefix"]}items(userid,name,description,price,source,category,url,ranking,comment,quantity,image_filename) " . + "VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->bindParam(1, $userid, PDO::PARAM_INT); - $stmt->bindParam(2, $description, PDO::PARAM_STR); - $stmt->bindParam(3, $price); - $stmt->bindParam(4, $source, PDO::PARAM_STR); - $stmt->bindParam(5, $category, PDO::PARAM_INT); - $stmt->bindParam(6, $url, PDO::PARAM_STR); - $stmt->bindParam(7, $ranking, PDO::PARAM_INT); - $stmt->bindParam(8, $comment, PDO::PARAM_STR); - $stmt->bindParam(9, $quantity, PDO::PARAM_INT); + $stmt->bindParam(2, $name, PDO::PARAM_STR); + $stmt->bindParam(3, $description, PDO::PARAM_STR); + $stmt->bindParam(4, $price); + $stmt->bindParam(5, $source, PDO::PARAM_STR); + $stmt->bindParam(6, $category, PDO::PARAM_INT); + $stmt->bindParam(7, $url, PDO::PARAM_STR); + $stmt->bindParam(8, $ranking, PDO::PARAM_INT); + $stmt->bindParam(9, $comment, PDO::PARAM_STR); + $stmt->bindParam(10, $quantity, PDO::PARAM_INT); if (!isset($image_base_filename) || $image_base_filename == "") { $image_base_filename = NULL; } - $stmt->bindParam(10, $image_base_filename, PDO::PARAM_STR); + $stmt->bindParam(11, $image_base_filename, PDO::PARAM_STR); $stmt->execute(); stampUser($userid, $smarty->dbh(), $smarty->opt()); - processSubscriptions($userid, $action, $description, $smarty->dbh(), $smarty->opt()); + processSubscriptions($userid, $action, $name, $smarty->dbh(), $smarty->opt()); header("Location: " . getFullPath("index.php")); exit; @@ -209,6 +272,7 @@ if (!empty($_REQUEST["action"])) { if (!$haserror) { // TODO: if the quantity is updated, send a message to everyone who has an allocation for it. $stmt = $smarty->dbh()->prepare("UPDATE {$opt["table_prefix"]}items SET " . + "name = ?, " . "description = ?, " . "price = ?, " . "source = ?, " . @@ -219,25 +283,26 @@ if (!empty($_REQUEST["action"])) { "quantity = ? " . ($image_base_filename != "" ? ", image_filename = ? " : "") . "WHERE itemid = ?"); - $stmt->bindParam(1, $description, PDO::PARAM_STR); - $stmt->bindParam(2, $price); - $stmt->bindParam(3, $source, PDO::PARAM_STR); - $stmt->bindParam(4, $category, PDO::PARAM_INT); - $stmt->bindParam(5, $url, PDO::PARAM_STR); - $stmt->bindParam(6, $ranking, PDO::PARAM_INT); - $stmt->bindParam(7, $comment, PDO::PARAM_STR); - $stmt->bindParam(8, $quantity, PDO::PARAM_INT); + $stmt->bindParam(1, $name, PDO::PARAM_STR); + $stmt->bindParam(2, $description, PDO::PARAM_STR); + $stmt->bindParam(3, $price); + $stmt->bindParam(4, $source, PDO::PARAM_STR); + $stmt->bindParam(5, $category, PDO::PARAM_INT); + $stmt->bindParam(6, $url, PDO::PARAM_STR); + $stmt->bindParam(7, $ranking, PDO::PARAM_INT); + $stmt->bindParam(8, $comment, PDO::PARAM_STR); + $stmt->bindParam(9, $quantity, PDO::PARAM_INT); if ($image_base_filename != "") { - $stmt->bindParam(9, $image_base_filename, PDO::PARAM_STR); - $stmt->bindValue(10, (int) $_REQUEST["itemid"], PDO::PARAM_INT); + $stmt->bindParam(10, $image_base_filename, PDO::PARAM_STR); + $stmt->bindValue(11, (int) $_REQUEST["itemid"], PDO::PARAM_INT); } else { - $stmt->bindValue(9, (int) $_REQUEST["itemid"], PDO::PARAM_INT); + $stmt->bindValue(10, (int) $_REQUEST["itemid"], PDO::PARAM_INT); } $stmt->execute(); stampUser($userid, $smarty->dbh(), $smarty->opt()); - processSubscriptions($userid, $action, $description, $smarty->dbh(), $smarty->opt()); + processSubscriptions($userid, $action, $name, $smarty->dbh(), $smarty->opt()); header("Location: " . getFullPath("index.php")); exit; @@ -269,6 +334,10 @@ $smarty->assign('haserror', isset($haserror) ? $haserror : false); if (isset($_REQUEST['itemid'])) { $smarty->assign('itemid', (int) $_REQUEST['itemid']); } +$smarty->assign('name', $name); +if (isset($descripton_error)) { + $smarty->assign('name_error', $name_error); +} $smarty->assign('description', $description); if (isset($descripton_error)) { $smarty->assign('description_error', $description_error); diff --git a/src/login.php b/src/login.php index bb8e50c..cca2ef5 100644 --- a/src/login.php +++ b/src/login.php @@ -30,7 +30,7 @@ if (!empty($_POST["username"])) { $password = $_POST["password"]; try { - $stmt = $smarty->dbh()->prepare("SELECT userid, fullname, admin FROM {$opt["table_prefix"]}users WHERE username = ? AND password = {$opt["password_hasher"]}(?) AND approved = 1"); + $stmt = $smarty->dbh()->prepare("SELECT userid, fullname, admin, show_helptext FROM {$opt["table_prefix"]}users WHERE username = ? AND password = {$opt["password_hasher"]}(?) AND approved = 1"); $stmt->bindParam(1, $username, PDO::PARAM_STR); $stmt->bindParam(2, $password, PDO::PARAM_STR); @@ -40,6 +40,8 @@ if (!empty($_POST["username"])) { $_SESSION["userid"] = $row["userid"]; $_SESSION["fullname"] = $row["fullname"]; $_SESSION["admin"] = $row["admin"]; + $_SESSION["show_helptext"] = $row["show_helptext"]; + $opt['show_helptext'] = $row["show_helptext"]; header("Location: " . getFullPath("index.php")); exit; diff --git a/src/profile.php b/src/profile.php index 352ca48..c5a7404 100644 --- a/src/profile.php +++ b/src/profile.php @@ -54,18 +54,21 @@ if (!empty($_POST["action"])) { $email = $_POST["email"]; $comment = $_POST["comment"]; $email_msgs = ($_POST["email_msgs"] == "on" ? 1 : 0); + $show_helptext = ($_POST["show_helptext"] == "on" ? 1 : 0); try { - $stmt = $smarty->dbh()->prepare("UPDATE {$opt["table_prefix"]}users SET fullname = ?, email = ?, email_msgs = ?, comment = ? WHERE userid = ?"); + $stmt = $smarty->dbh()->prepare("UPDATE {$opt["table_prefix"]}users SET fullname = ?, email = ?, email_msgs = ?, show_helptext = ?, comment = ? WHERE userid = ?"); $stmt->bindParam(1, $fullname, PDO::PARAM_STR); $stmt->bindParam(2, $email, PDO::PARAM_STR); $stmt->bindParam(3, $email_msgs, PDO::PARAM_BOOL); - $stmt->bindParam(4, $comment, PDO::PARAM_STR); - $stmt->bindParam(5, $userid, PDO::PARAM_INT); + $stmt->bindParam(4, $show_helptext, PDO::PARAM_BOOL); + $stmt->bindParam(5, $comment, PDO::PARAM_STR); + $stmt->bindParam(6, $userid, PDO::PARAM_INT); $stmt->execute(); $_SESSION["fullname"] = $fullname; + $_SESSION['show_helptext'] = $show_helptext; header("Location: " . getFullPath("index.php?message=Profile+updated.")); exit; @@ -80,7 +83,7 @@ if (!empty($_POST["action"])) { } try { - $stmt = $smarty->dbh()->prepare("SELECT fullname, email, email_msgs, comment FROM {$opt["table_prefix"]}users WHERE userid = ?"); + $stmt = $smarty->dbh()->prepare("SELECT fullname, email, email_msgs, show_helptext, comment FROM {$opt["table_prefix"]}users WHERE userid = ?"); $stmt->bindParam(1, $userid, PDO::PARAM_INT); $stmt->execute(); @@ -88,6 +91,8 @@ try { $smarty->assign('fullname', $row["fullname"]); $smarty->assign('email', $row["email"]); $smarty->assign('email_msgs', $row["email_msgs"]); + $smarty->assign('show_helptext', $row["show_helptext"]); + $_SESSION['show_helptext'] = $row["show_helptext"]; $smarty->assign('comment', $row["comment"]); $smarty->display('profile.tpl'); } diff --git a/src/shop.php b/src/shop.php index a505b52..4075e3d 100644 --- a/src/shop.php +++ b/src/shop.php @@ -27,6 +27,8 @@ else { $userid = $_SESSION["userid"]; } +$opt['show_helptext'] = $_SESSION['show_helptext']; + $action = ""; if (!empty($_GET["action"])) { $action = $_GET["action"]; @@ -55,10 +57,11 @@ if (!empty($_GET["action"])) { $query = "INSERT INTO items(userid,description,price,source,url,category) SELECT $userid, description, price, source, url, category FROM items WHERE itemid = " . $_GET["itemid"]; */ /* TODO: copy the image too? */ - $stmt = $smarty->dbh()->prepare("SELECT userid, description, price, source, url, category, comment FROM {$opt["table_prefix"]}items WHERE itemid = ?"); + $stmt = $smarty->dbh()->prepare("SELECT userid, name, description, price, source, url, category, comment FROM {$opt["table_prefix"]}items WHERE itemid = ?"); $stmt->bindParam(1, $itemid, PDO::PARAM_INT); $stmt->execute(); if ($row = $stmt->fetch()) { + $name = $row["name"]; $desc = $row["description"]; $source = $row["source"]; $url = $row["url"]; @@ -66,19 +69,20 @@ if (!empty($_GET["action"])) { $price = (float) $row["price"]; $cat = (int) $row["category"]; - $stmt = $smarty->dbh()->prepare("INSERT INTO {$opt["table_prefix"]}items(userid,description,price,source,url,comment,category,ranking,quantity) VALUES(?, ?, ?, ?, ?, ?, ?, 1, 1)"); + $stmt = $smarty->dbh()->prepare("INSERT INTO {$opt["table_prefix"]}items(userid,name,description,price,source,url,comment,category,ranking,quantity) VALUES(?, ?, ?, ?, ?, ?, ?, 1, 1)"); $stmt->bindParam(1, $userid, PDO::PARAM_INT); - $stmt->bindParam(2, $desc, PDO::PARAM_STR); - $stmt->bindParam(3, $price); - $stmt->bindParam(4, $source, PDO::PARAM_STR); - $stmt->bindParam(5, $url, PDO::PARAM_STR); - $stmt->bindParam(6, $comment, PDO::PARAM_STR); - $stmt->bindParam(7, $cat, PDO::PARAM_INT); + $stmt->bindParam(2, $name, PDO::PARAM_STR); + $stmt->bindParam(3, $desc, PDO::PARAM_STR); + $stmt->bindParam(4, $price); + $stmt->bindParam(5, $source, PDO::PARAM_STR); + $stmt->bindParam(6, $url, PDO::PARAM_STR); + $stmt->bindParam(7, $comment, PDO::PARAM_STR); + $stmt->bindParam(8, $cat, PDO::PARAM_INT); $stmt->execute(); stampUser($userid, $smarty->dbh(), $smarty->opt()); - $message = "Added '" . $desc . "' to your gift list."; + $message = "Added '" . $name . "' to your gift list."; } } } @@ -98,34 +102,34 @@ if (!($stmt->fetch())) { } if (!isset($_GET["sort"])) { - $sortby = "rankorder DESC, description"; + $sortby = "rankorder DESC, name"; } else { $sort = $_GET["sort"]; switch ($sort) { case "ranking": - $sortby = "rankorder DESC, description"; + $sortby = "rankorder DESC, name"; break; - case "description": - $sortby = "description"; + case "name": + $sortby = "name"; break; case "source": - $sortby = "source, rankorder DESC, description"; + $sortby = "source, rankorder DESC, name"; break; case "price": - $sortby = "price, rankorder DESC, description"; + $sortby = "price, rankorder DESC, name"; break; case "url": - $sortby = "url, rankorder DESC, description"; + $sortby = "url, rankorder DESC, name"; break; case "status": - $sortby = "reservedid DESC, boughtid DESC, rankorder DESC, description"; + $sortby = "reservedid DESC, boughtid DESC, rankorder DESC, name"; break; case "category": - $sortby = "c.category, rankorder DESC, description"; + $sortby = "c.category, rankorder DESC, name"; break; default: - $sortby = "rankorder DESC, description"; + $sortby = "rankorder DESC, name"; } } @@ -133,7 +137,7 @@ else { for those items with a quantity of 1. if the item's quantity > 1 we'll query alloc when we get to that record. the theory is that most items will have quantity = 1 so we'll make the least number of trips. */ -$stmt = $smarty->dbh()->prepare("SELECT i.itemid, description, price, source, c.category, url, image_filename, " . +$stmt = $smarty->dbh()->prepare("SELECT i.itemid, name, description, price, source, c.category, url, image_filename, " . "ub.fullname AS bfullname, ub.userid AS boughtid, " . "ur.fullname AS rfullname, ur.userid AS reservedid, " . "rendered, i.comment, i.quantity " . diff --git a/src/shoplist.php b/src/shoplist.php index 80b02d3..57b7583 100644 --- a/src/shoplist.php +++ b/src/shoplist.php @@ -27,6 +27,8 @@ else { $userid = $_SESSION["userid"]; } +$opt['show_helptext'] = $_SESSION['show_helptext']; + if (empty($_GET["sort"])) $sort = "source"; else diff --git a/src/templates/home.tpl b/src/templates/home.tpl index 1881122..0109b31 100644 --- a/src/templates/home.tpl +++ b/src/templates/home.tpl @@ -90,26 +90,27 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - + - - + + {foreach from=$myitems item=row} @@ -118,7 +119,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA {/foreach} diff --git a/src/templates/item.tpl b/src/templates/item.tpl index 662cd05..2522b2b 100644 --- a/src/templates/item.tpl +++ b/src/templates/item.tpl @@ -36,8 +36,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA highlight: validate_highlight, success: validate_success, rules: { - description: { + name: { required: true, + maxlength: 100 + }, + description: { maxlength: 255 }, category: { @@ -49,7 +52,6 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA "number": true }, source: { - required: true, maxlength: 255 }, ranking: { @@ -65,8 +67,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA } }, messages: { + name: { + required: "The item's name is required.", + maxlength: "The item's name must be 100 characters or less." + }, description: { - required: "The item's description is required.", maxlength: "The item's description must be 255 characters or less." }, category: { @@ -78,7 +83,6 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA "number": "Price must be a valid number." }, source: { - required: "A source to buy the item is required.", maxlength: "The source must be 255 characters or less." }, ranking: { @@ -130,10 +134,19 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA {elseif $action == "add" || (isset($haserror) && $action == 'insert')} {/if} +
+ +
+ + {if isset($name_error)} + {$name_error} + {/if} +
+
- + {if isset($description_error)} {$description_error} {/if} @@ -143,7 +156,6 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- + @@ -66,7 +66,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - + diff --git a/src/templates/navbar.tpl b/src/templates/navbar.tpl index 3103513..c4d41d4 100644 --- a/src/templates/navbar.tpl +++ b/src/templates/navbar.tpl @@ -47,6 +47,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA {/if}
  • Logout
    • +
  • Help
    • diff --git a/src/templates/profile.tpl b/src/templates/profile.tpl index b5794a0..7418ac0 100644 --- a/src/templates/profile.tpl +++ b/src/templates/profile.tpl @@ -139,6 +139,13 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA E-mail me a copy of every message +
    + +
    + + Show help messages on pages +
    +
    diff --git a/src/templates/shop.tpl b/src/templates/shop.tpl index c48ca8c..3e432dd 100644 --- a/src/templates/shop.tpl +++ b/src/templates/shop.tpl @@ -87,13 +87,13 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
    DescriptionName Ranking CategoryPrice PriceActions
    - {$row.description|escape:'htmlall'} + + {$row.name|escape:'htmlall'} {if $row.comment != ''} - ... +  ... {/if} {if $row.url != ''} - URL +  Image {/if} {if $row.image_filename != '' && $opt.allow_images} - Image +  Image {/if} {$row.rendered} Mark Item Received  Edit Item  - Delete Item + Delete Item
    Ranking SourceDescriptionName Category Price
    {$row.rendered} {$row.source|escape:'htmlall'}{$row.description|escape:'htmlall'}{$row.name|escape:'htmlall'} {$row.category|escape:'htmlall'} {$row.price}
    - + - + @@ -103,7 +103,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA {if $row.url != ''} {/if} - {$row.description|escape:'htmlall'} + {$row.name|escape:'htmlall'} {if $row.url != ''} {/if} @@ -114,7 +114,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Image {/if} - +
    DescriptionName Rank Category Price Store/Location Status Actions
    {$row.rendered}{$row.rendered}    {$row.category|default:" "} {$row.price} {$row.source|escape:'htmlall'}