mike/wishlist
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

set up show_helptext as a user preference; add name field

Browse source
This commit is contained in:
Michael Erdely 2024-10-09 09:32:36 -04:00
parent a55db3c545
commit 582c53a5fd
13 changed files with 210 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/includes/MySmarty.class.php
View file

@ -19,11 +19,12 @@ class MySmarty extends Smarty {
$opt["pdo_password"]); $opt["pdo_password"]);
} }
public function opt() { public function opt($session = NULL) {
static $opt; static $opt;
if (!isset($opt)) { if (!isset($opt)) {
$opt = getGlobalOptions(); $opt = getGlobalOptions();
} }
$opt['show_helptext'] = isset($_SESSION['show_helptext']) ? $_SESSION['show_helptext'] : $opt['show_helptext'];
return $opt; return $opt;
} }

16
src/index.php
View file

@ -113,28 +113,28 @@ if (!empty($_GET["mysort"]))
$_SESSION["mysort"] = $_GET["mysort"]; $_SESSION["mysort"] = $_GET["mysort"];
if (!isset($_SESSION["mysort"])) { if (!isset($_SESSION["mysort"])) {
$sortby = "rankorder DESC, i.description"; $sortby = "rankorder DESC, i.name";
$_SESSION["mysort"] = "ranking"; $_SESSION["mysort"] = "ranking";
} }
else { else {
switch ($_SESSION["mysort"]) { switch ($_SESSION["mysort"]) {
case "ranking": case "ranking":
$sortby = "rankorder DESC, i.description"; $sortby = "rankorder DESC, i.name";
break; break;
case "description": case "name":
$sortby = "i.description"; $sortby = "i.name";
break; break;
case "price": case "price":
$sortby = "price, rankorder DESC, i.description"; $sortby = "price, rankorder DESC, i.name";
break; break;
case "category": case "category":
$sortby = "c.category, rankorder DESC, i.description"; $sortby = "c.category, rankorder DESC, i.name";
break; break;
default: default:
$sortby = "rankorder DESC, i.description"; $sortby = "rankorder DESC, i.name";
} }
} }
$stmt = $smarty->dbh()->prepare("SELECT itemid, description, c.category, price, url, rendered, comment, image_filename FROM {$opt["table_prefix"]}items i LEFT OUTER JOIN {$opt["table_prefix"]}categories c ON c.categoryid = i.category LEFT OUTER JOIN {$opt["table_prefix"]}ranks r ON r.ranking = i.ranking WHERE userid = ? ORDER BY " . $sortby); $stmt = $smarty->dbh()->prepare("SELECT itemid, name, description, c.category, price, url, rendered, comment, image_filename FROM {$opt["table_prefix"]}items i LEFT OUTER JOIN {$opt["table_prefix"]}categories c ON c.categoryid = i.category LEFT OUTER JOIN {$opt["table_prefix"]}ranks r ON r.ranking = i.ranking WHERE userid = ? ORDER BY " . $sortby);
$stmt->bindParam(1, $userid, PDO::PARAM_INT); $stmt->bindParam(1, $userid, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$myitems_count = 0; $myitems_count = 0;

173
src/item.php
View file

@ -51,43 +51,102 @@ if (!empty($_REQUEST["action"])) {
if ($action == "insert" || $action == "update") { if ($action == "insert" || $action == "update") {
/* validate the data. */ /* validate the data. */
$description = trim($_REQUEST["description"]); $name = trim($_REQUEST["name"]);
$price = str_replace(",","",trim($_REQUEST["price"])); $bookmarklet = isset($_REQUEST["bookmarklet"]) ? trim($_REQUEST["bookmarklet"]) : "";
$source = trim($_REQUEST["source"]); $image_url = isset($_REQUEST["image_url"]) ? trim($_REQUEST["image_url"]) : "";
$url = trim($_REQUEST["url"]); $description = isset($_REQUEST["description"]) ? trim($_REQUEST["description"]) : "";
$category = trim($_REQUEST["category"]); $price = isset($_REQUEST["price"]) ? str_replace(",","",trim($_REQUEST["price"])) : "0";
$ranking = $_REQUEST["ranking"]; $source = isset($_REQUEST["source"]) ? trim($_REQUEST["source"]) : "";
$comment = $_REQUEST["comment"]; $url = isset($_REQUEST["url"]) ? trim($_REQUEST["url"]) : "";
$quantity = (int) $_REQUEST["quantity"]; $category = isset($_REQUEST["category"]) ? trim($_REQUEST["category"]) : "1";
$ranking = isset($_REQUEST["ranking"]) ? $_REQUEST["ranking"] : "3";
$comment = isset($_REQUEST["comment"]) ? $_REQUEST["comment"] : "";
$quantity = isset($_REQUEST["quantity"]) ? (int) $_REQUEST["quantity"] : 1;
$haserror = false; $haserror = false;
if ($description == "") { if ($name == "") {
$haserror = true; $haserror = true;
$description_error = "A description is required."; $name_error = "A name is required.";
}
if ($image_url != "" && preg_match("/^http(s)?:\/\/([^\/]+)/i",$image_url)) {
$image_file_data = file_get_contents($image_url);
if ($image_file_data !== false) {
$temp_image = tempnam("/tmp","");
file_put_contents($temp_image, $image_file_data);
error_log("MWE: temp_image: $temp_image");
$fh = fopen($temp_image, 'rb');
if ($fh) {
$header = fread($fh, 8);
fclose($fh);
$ext = "";
if (bin2hex(substr($header, 0, 8)) === '89504e470d0a1a0a') {
$ext = 'png';
} elseif (bin2hex(substr($header, 0, 2)) === 'ffd8') {
$ext = 'jpg';
} elseif (in_array(bin2hex(substr($header, 0, 6)), ['474946383761', '474946383961'])) {
$ext = 'gif';
} elseif (bin2hex(substr($header, 0, 2)) === '424d') {
$ext = 'bmp';
} elseif (in_array(bin2hex(substr($header, 0, 4)), ['49492a00', '4d4d002a'])) {
$ext = 'tiff';
} elseif (bin2hex(substr($header, 0, 12)) === '524946462a00000057454250') {
$ext = 'webp';
}
}
error_log("MWE: ext: $ext");
if ($ext != "") {
$parts = pathinfo($_SERVER["SCRIPT_FILENAME"]);
$upload_dir = $parts['dirname'];
// generate a temporary file in the configured directory.
$temp_name = tempnam($upload_dir . "/" . $opt["image_subdir"],"");
// unlink it, we really want an extension on that.
unlink($temp_name);
// here's the name we really want to use. full path is included.
$image_filename = $temp_name . "." . $ext;
error_log("MWE: image_filename: $image_filename");
// move the PHP temporary file to that filename.
rename($temp_image, $image_filename);
// the name we're going to record in the DB is the filename without the path.
$image_base_filename = basename($image_filename);
error_log("MWE: image_base_filename: $image_base_filename");
}
}
}
if ($bookmarklet == "1") {
if ($source == "" && preg_match("/^Amazon.com:/", $name)) {
$source = "Amazon";
}
if ($source == "" && $url != "") {
$source = preg_replace("/^(https?:\/\/)?([^\/]+)(\/.*)?$/", "$2", $url);
}
$name = preg_replace("/^Amazon.com: /", "", $name);
$name = preg_replace("/ : [A-Za-z0-9 &_,-]+/", "", $name);
}
if (strlen($name) > 100 && $description == "") {
$description = $name;
}
if (strlen($name) > 100) {
$name = substr($name, 0, 100);
} }
if ($price == "" || !preg_match("/^\d*(\.\d{2})?$/i",$price)) { if ($price == "" || !preg_match("/^\d*(\.\d{2})?$/i",$price)) {
$haserror = true; $price = 0;
$price_error = "Price format is not valid.<br />Price is required and must be a number, either accurate or approximate.<br />Do not enter the currency symbol.";
}
if ($source == "") {
$haserror = true;
$source_error = "A source is required (i.e., where it can be purchased).";
} }
if ($url != "" && !preg_match("/^http(s)?:\/\/([^\/]+)/i",$url)) { if ($url != "" && !preg_match("/^http(s)?:\/\/([^\/]+)/i",$url)) {
$haserror = true; $haserror = true;
$url_error = "A well-formed URL is required in the format <i>http://www.somesite.net/somedir/somefile.html</i>."; $url_error = "A well-formed URL is required in the format <i>http://www.somesite.net/somedir/somefile.html</i>.";
} }
if ($category == "") {
$category = 1;
}
if ($ranking == "") { if ($ranking == "") {
$haserror = true; $ranking = 3;
$ranking_error = "A ranking is required.";
} }
if ($quantity == "" || (int) $quantity < 1) { if ($quantity == "" || (int) $quantity < 1) {
$haserror = true; $quantity = 1;
$quantity_error = "A positive quantity is required.";
} }
} }
if (isset($haserror) && !$haserror && isset($_REQUEST["image"])) { if (!isset($image_url) && isset($haserror) && !$haserror && isset($_REQUEST["image"])) {
if ($_REQUEST["image"] == "remove" || $_REQUEST["image"] == "replace") { if ($_REQUEST["image"] == "remove" || $_REQUEST["image"] == "replace") {
deleteImageForItem((int) $_REQUEST["itemid"], $smarty->dbh(), $smarty->opt()); deleteImageForItem((int) $_REQUEST["itemid"], $smarty->dbh(), $smarty->opt());
} }
@ -115,19 +174,20 @@ if (!empty($_REQUEST["action"])) {
if ($action == "delete") { if ($action == "delete") {
try { try {
/* find out if this item is bought or reserved. */ /* find out if this item is bought or reserved. */
$stmt = $smarty->dbh()->prepare("SELECT a.userid, a.quantity, a.bought, i.description FROM {$opt["table_prefix"]}allocs a LEFT OUTER JOIN {$opt["table_prefix"]}items i ON i.itemid = a.itemid WHERE a.itemid = ?"); $stmt = $smarty->dbh()->prepare("SELECT a.userid, a.quantity, a.bought, i.name, i.description FROM {$opt["table_prefix"]}allocs a LEFT OUTER JOIN {$opt["table_prefix"]}items i ON i.itemid = a.itemid WHERE a.itemid = ?");
$stmt->bindValue(1, (int) $_REQUEST["itemid"], PDO::PARAM_INT); $stmt->bindValue(1, (int) $_REQUEST["itemid"], PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$description = ""; // need this outside of the while block. $name = ""; // need this outside of the while block.
while ($row = $stmt->fetch()) { while ($row = $stmt->fetch()) {
$buyerid = $row["userid"]; $buyerid = $row["userid"];
$quantity = $row["quantity"]; $quantity = $row["quantity"];
$bought = $row["bought"]; $bought = $row["bought"];
$name = $row["name"]; // need this for descriptions.
$description = $row["description"]; // need this for descriptions. $description = $row["description"]; // need this for descriptions.
if ($buyerid != null) { if ($buyerid != null) {
sendMessage($userid, sendMessage($userid,
$buyerid, $buyerid,
"$description that you " . (($bought == 1) ? "bought" : "reserved") . " $quantity of for {$_SESSION["fullname"]} has been deleted. Check your reservation/purchase to ensure it's still needed.", "$name that you " . (($bought == 1) ? "bought" : "reserved") . " $quantity of for {$_SESSION["fullname"]} has been deleted. Check your reservation/purchase to ensure it's still needed.",
$smarty->dbh(), $smarty->dbh(),
$smarty->opt()); $smarty->opt());
} }
@ -142,7 +202,7 @@ if (!empty($_REQUEST["action"])) {
// TODO: are we leaking allocs records here? // TODO: are we leaking allocs records here?
stampUser($userid, $smarty->dbh(), $smarty->opt()); stampUser($userid, $smarty->dbh(), $smarty->opt());
processSubscriptions($userid, $action, $description, $smarty->dbh(), $smarty->opt()); processSubscriptions($userid, $action, $name, $smarty->dbh(), $smarty->opt());
header("Location: " . getFullPath("index.php?message=Item+deleted.")); header("Location: " . getFullPath("index.php?message=Item+deleted."));
exit; exit;
@ -152,11 +212,12 @@ if (!empty($_REQUEST["action"])) {
} }
} }
else if ($action == "edit") { else if ($action == "edit") {
$stmt = $smarty->dbh()->prepare("SELECT description, price, source, category, url, ranking, comment, quantity, image_filename FROM {$opt["table_prefix"]}items WHERE itemid = ?"); $stmt = $smarty->dbh()->prepare("SELECT name, description, price, source, category, url, ranking, comment, quantity, image_filename FROM {$opt["table_prefix"]}items WHERE itemid = ?");
$stmt->bindValue(1, (int) $_REQUEST["itemid"], PDO::PARAM_INT); $stmt->bindValue(1, (int) $_REQUEST["itemid"], PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
if ($row = $stmt->fetch()) { if ($row = $stmt->fetch()) {
$name = $row["name"];
$description = $row["description"]; $description = $row["description"];
$price = number_format($row["price"],2,".",","); $price = number_format($row["price"],2,".",",");
$source = $row["source"]; $source = $row["source"];
@ -169,37 +230,39 @@ if (!empty($_REQUEST["action"])) {
} }
} }
else if ($action == "add") { else if ($action == "add") {
$name = "";
$description = ""; $description = "";
$price = 0.00; $price = 0.00;
$source = ""; $source = "";
$url = ""; $url = "";
$category = NULL; $category = 1;
$ranking = NULL; $ranking = 3;
$comment = ""; $comment = "";
$quantity = 1; $quantity = 1;
$image_filename = ""; $image_filename = "";
} }
else if ($action == "insert") { else if ($action == "insert") {
if (!$haserror) { if (!$haserror) {
$stmt = $smarty->dbh()->prepare("INSERT INTO {$opt["table_prefix"]}items(userid,description,price,source,category,url,ranking,comment,quantity,image_filename) " . $stmt = $smarty->dbh()->prepare("INSERT INTO {$opt["table_prefix"]}items(userid,name,description,price,source,category,url,ranking,comment,quantity,image_filename) " .
"VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); "VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bindParam(1, $userid, PDO::PARAM_INT); $stmt->bindParam(1, $userid, PDO::PARAM_INT);
$stmt->bindParam(2, $description, PDO::PARAM_STR); $stmt->bindParam(2, $name, PDO::PARAM_STR);
$stmt->bindParam(3, $price); $stmt->bindParam(3, $description, PDO::PARAM_STR);
$stmt->bindParam(4, $source, PDO::PARAM_STR); $stmt->bindParam(4, $price);
$stmt->bindParam(5, $category, PDO::PARAM_INT); $stmt->bindParam(5, $source, PDO::PARAM_STR);
$stmt->bindParam(6, $url, PDO::PARAM_STR); $stmt->bindParam(6, $category, PDO::PARAM_INT);
$stmt->bindParam(7, $ranking, PDO::PARAM_INT); $stmt->bindParam(7, $url, PDO::PARAM_STR);
$stmt->bindParam(8, $comment, PDO::PARAM_STR); $stmt->bindParam(8, $ranking, PDO::PARAM_INT);
$stmt->bindParam(9, $quantity, PDO::PARAM_INT); $stmt->bindParam(9, $comment, PDO::PARAM_STR);
$stmt->bindParam(10, $quantity, PDO::PARAM_INT);
if (!isset($image_base_filename) || $image_base_filename == "") { if (!isset($image_base_filename) || $image_base_filename == "") {
$image_base_filename = NULL; $image_base_filename = NULL;
} }
$stmt->bindParam(10, $image_base_filename, PDO::PARAM_STR); $stmt->bindParam(11, $image_base_filename, PDO::PARAM_STR);
$stmt->execute(); $stmt->execute();
stampUser($userid, $smarty->dbh(), $smarty->opt()); stampUser($userid, $smarty->dbh(), $smarty->opt());
processSubscriptions($userid, $action, $description, $smarty->dbh(), $smarty->opt()); processSubscriptions($userid, $action, $name, $smarty->dbh(), $smarty->opt());
header("Location: " . getFullPath("index.php")); header("Location: " . getFullPath("index.php"));
exit; exit;
@ -209,6 +272,7 @@ if (!empty($_REQUEST["action"])) {
if (!$haserror) { if (!$haserror) {
// TODO: if the quantity is updated, send a message to everyone who has an allocation for it. // TODO: if the quantity is updated, send a message to everyone who has an allocation for it.
$stmt = $smarty->dbh()->prepare("UPDATE {$opt["table_prefix"]}items SET " . $stmt = $smarty->dbh()->prepare("UPDATE {$opt["table_prefix"]}items SET " .
"name = ?, " .
"description = ?, " . "description = ?, " .
"price = ?, " . "price = ?, " .
"source = ?, " . "source = ?, " .
@ -219,25 +283,26 @@ if (!empty($_REQUEST["action"])) {
"quantity = ? " . "quantity = ? " .
($image_base_filename != "" ? ", image_filename = ? " : "") . ($image_base_filename != "" ? ", image_filename = ? " : "") .
"WHERE itemid = ?"); "WHERE itemid = ?");
$stmt->bindParam(1, $description, PDO::PARAM_STR); $stmt->bindParam(1, $name, PDO::PARAM_STR);
$stmt->bindParam(2, $price); $stmt->bindParam(2, $description, PDO::PARAM_STR);
$stmt->bindParam(3, $source, PDO::PARAM_STR); $stmt->bindParam(3, $price);
$stmt->bindParam(4, $category, PDO::PARAM_INT); $stmt->bindParam(4, $source, PDO::PARAM_STR);
$stmt->bindParam(5, $url, PDO::PARAM_STR); $stmt->bindParam(5, $category, PDO::PARAM_INT);
$stmt->bindParam(6, $ranking, PDO::PARAM_INT); $stmt->bindParam(6, $url, PDO::PARAM_STR);
$stmt->bindParam(7, $comment, PDO::PARAM_STR); $stmt->bindParam(7, $ranking, PDO::PARAM_INT);
$stmt->bindParam(8, $quantity, PDO::PARAM_INT); $stmt->bindParam(8, $comment, PDO::PARAM_STR);
$stmt->bindParam(9, $quantity, PDO::PARAM_INT);
if ($image_base_filename != "") { if ($image_base_filename != "") {
$stmt->bindParam(9, $image_base_filename, PDO::PARAM_STR); $stmt->bindParam(10, $image_base_filename, PDO::PARAM_STR);
$stmt->bindValue(10, (int) $_REQUEST["itemid"], PDO::PARAM_INT); $stmt->bindValue(11, (int) $_REQUEST["itemid"], PDO::PARAM_INT);
} }
else { else {
$stmt->bindValue(9, (int) $_REQUEST["itemid"], PDO::PARAM_INT); $stmt->bindValue(10, (int) $_REQUEST["itemid"], PDO::PARAM_INT);
} }
$stmt->execute(); $stmt->execute();
stampUser($userid, $smarty->dbh(), $smarty->opt()); stampUser($userid, $smarty->dbh(), $smarty->opt());
processSubscriptions($userid, $action, $description, $smarty->dbh(), $smarty->opt()); processSubscriptions($userid, $action, $name, $smarty->dbh(), $smarty->opt());
header("Location: " . getFullPath("index.php")); header("Location: " . getFullPath("index.php"));
exit; exit;
@ -269,6 +334,10 @@ $smarty->assign('haserror', isset($haserror) ? $haserror : false);
if (isset($_REQUEST['itemid'])) { if (isset($_REQUEST['itemid'])) {
$smarty->assign('itemid', (int) $_REQUEST['itemid']); $smarty->assign('itemid', (int) $_REQUEST['itemid']);
} }
$smarty->assign('name', $name);
if (isset($descripton_error)) {
$smarty->assign('name_error', $name_error);
}
$smarty->assign('description', $description); $smarty->assign('description', $description);
if (isset($descripton_error)) { if (isset($descripton_error)) {
$smarty->assign('description_error', $description_error); $smarty->assign('description_error', $description_error);

4
src/login.php
View file

@ -30,7 +30,7 @@ if (!empty($_POST["username"])) {
$password = $_POST["password"]; $password = $_POST["password"];
try { try {
$stmt = $smarty->dbh()->prepare("SELECT userid, fullname, admin FROM {$opt["table_prefix"]}users WHERE username = ? AND password = {$opt["password_hasher"]}(?) AND approved = 1"); $stmt = $smarty->dbh()->prepare("SELECT userid, fullname, admin, show_helptext FROM {$opt["table_prefix"]}users WHERE username = ? AND password = {$opt["password_hasher"]}(?) AND approved = 1");
$stmt->bindParam(1, $username, PDO::PARAM_STR); $stmt->bindParam(1, $username, PDO::PARAM_STR);
$stmt->bindParam(2, $password, PDO::PARAM_STR); $stmt->bindParam(2, $password, PDO::PARAM_STR);
@ -40,6 +40,8 @@ if (!empty($_POST["username"])) {
$_SESSION["userid"] = $row["userid"]; $_SESSION["userid"] = $row["userid"];
$_SESSION["fullname"] = $row["fullname"]; $_SESSION["fullname"] = $row["fullname"];
$_SESSION["admin"] = $row["admin"]; $_SESSION["admin"] = $row["admin"];
$_SESSION["show_helptext"] = $row["show_helptext"];
$opt['show_helptext'] = $row["show_helptext"];
header("Location: " . getFullPath("index.php")); header("Location: " . getFullPath("index.php"));
exit; exit;

13
src/profile.php
View file

@ -54,18 +54,21 @@ if (!empty($_POST["action"])) {
$email = $_POST["email"]; $email = $_POST["email"];
$comment = $_POST["comment"]; $comment = $_POST["comment"];
$email_msgs = ($_POST["email_msgs"] == "on" ? 1 : 0); $email_msgs = ($_POST["email_msgs"] == "on" ? 1 : 0);
$show_helptext = ($_POST["show_helptext"] == "on" ? 1 : 0);
try { try {
$stmt = $smarty->dbh()->prepare("UPDATE {$opt["table_prefix"]}users SET fullname = ?, email = ?, email_msgs = ?, comment = ? WHERE userid = ?"); $stmt = $smarty->dbh()->prepare("UPDATE {$opt["table_prefix"]}users SET fullname = ?, email = ?, email_msgs = ?, show_helptext = ?, comment = ? WHERE userid = ?");
$stmt->bindParam(1, $fullname, PDO::PARAM_STR); $stmt->bindParam(1, $fullname, PDO::PARAM_STR);
$stmt->bindParam(2, $email, PDO::PARAM_STR); $stmt->bindParam(2, $email, PDO::PARAM_STR);
$stmt->bindParam(3, $email_msgs, PDO::PARAM_BOOL); $stmt->bindParam(3, $email_msgs, PDO::PARAM_BOOL);
$stmt->bindParam(4, $comment, PDO::PARAM_STR); $stmt->bindParam(4, $show_helptext, PDO::PARAM_BOOL);
$stmt->bindParam(5, $userid, PDO::PARAM_INT); $stmt->bindParam(5, $comment, PDO::PARAM_STR);
$stmt->bindParam(6, $userid, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
$_SESSION["fullname"] = $fullname; $_SESSION["fullname"] = $fullname;
$_SESSION['show_helptext'] = $show_helptext;
header("Location: " . getFullPath("index.php?message=Profile+updated.")); header("Location: " . getFullPath("index.php?message=Profile+updated."));
exit; exit;
@ -80,7 +83,7 @@ if (!empty($_POST["action"])) {
} }
try { try {
$stmt = $smarty->dbh()->prepare("SELECT fullname, email, email_msgs, comment FROM {$opt["table_prefix"]}users WHERE userid = ?"); $stmt = $smarty->dbh()->prepare("SELECT fullname, email, email_msgs, show_helptext, comment FROM {$opt["table_prefix"]}users WHERE userid = ?");
$stmt->bindParam(1, $userid, PDO::PARAM_INT); $stmt->bindParam(1, $userid, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
@ -88,6 +91,8 @@ try {
$smarty->assign('fullname', $row["fullname"]); $smarty->assign('fullname', $row["fullname"]);
$smarty->assign('email', $row["email"]); $smarty->assign('email', $row["email"]);
$smarty->assign('email_msgs', $row["email_msgs"]); $smarty->assign('email_msgs', $row["email_msgs"]);
$smarty->assign('show_helptext', $row["show_helptext"]);
$_SESSION['show_helptext'] = $row["show_helptext"];
$smarty->assign('comment', $row["comment"]); $smarty->assign('comment', $row["comment"]);
$smarty->display('profile.tpl'); $smarty->display('profile.tpl');
} }

44
src/shop.php
View file

@ -27,6 +27,8 @@ else {
$userid = $_SESSION["userid"]; $userid = $_SESSION["userid"];
} }
$opt['show_helptext'] = $_SESSION['show_helptext'];
$action = ""; $action = "";
if (!empty($_GET["action"])) { if (!empty($_GET["action"])) {
$action = $_GET["action"]; $action = $_GET["action"];
@ -55,10 +57,11 @@ if (!empty($_GET["action"])) {
$query = "INSERT INTO items(userid,description,price,source,url,category) SELECT $userid, description, price, source, url, category FROM items WHERE itemid = " . $_GET["itemid"]; $query = "INSERT INTO items(userid,description,price,source,url,category) SELECT $userid, description, price, source, url, category FROM items WHERE itemid = " . $_GET["itemid"];
*/ */
/* TODO: copy the image too? */ /* TODO: copy the image too? */
$stmt = $smarty->dbh()->prepare("SELECT userid, description, price, source, url, category, comment FROM {$opt["table_prefix"]}items WHERE itemid = ?"); $stmt = $smarty->dbh()->prepare("SELECT userid, name, description, price, source, url, category, comment FROM {$opt["table_prefix"]}items WHERE itemid = ?");
$stmt->bindParam(1, $itemid, PDO::PARAM_INT); $stmt->bindParam(1, $itemid, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
if ($row = $stmt->fetch()) { if ($row = $stmt->fetch()) {
$name = $row["name"];
$desc = $row["description"]; $desc = $row["description"];
$source = $row["source"]; $source = $row["source"];
$url = $row["url"]; $url = $row["url"];
@ -66,19 +69,20 @@ if (!empty($_GET["action"])) {
$price = (float) $row["price"]; $price = (float) $row["price"];
$cat = (int) $row["category"]; $cat = (int) $row["category"];
$stmt = $smarty->dbh()->prepare("INSERT INTO {$opt["table_prefix"]}items(userid,description,price,source,url,comment,category,ranking,quantity) VALUES(?, ?, ?, ?, ?, ?, ?, 1, 1)"); $stmt = $smarty->dbh()->prepare("INSERT INTO {$opt["table_prefix"]}items(userid,name,description,price,source,url,comment,category,ranking,quantity) VALUES(?, ?, ?, ?, ?, ?, ?, 1, 1)");
$stmt->bindParam(1, $userid, PDO::PARAM_INT); $stmt->bindParam(1, $userid, PDO::PARAM_INT);
$stmt->bindParam(2, $desc, PDO::PARAM_STR); $stmt->bindParam(2, $name, PDO::PARAM_STR);
$stmt->bindParam(3, $price); $stmt->bindParam(3, $desc, PDO::PARAM_STR);
$stmt->bindParam(4, $source, PDO::PARAM_STR); $stmt->bindParam(4, $price);
$stmt->bindParam(5, $url, PDO::PARAM_STR); $stmt->bindParam(5, $source, PDO::PARAM_STR);
$stmt->bindParam(6, $comment, PDO::PARAM_STR); $stmt->bindParam(6, $url, PDO::PARAM_STR);
$stmt->bindParam(7, $cat, PDO::PARAM_INT); $stmt->bindParam(7, $comment, PDO::PARAM_STR);
$stmt->bindParam(8, $cat, PDO::PARAM_INT);
$stmt->execute(); $stmt->execute();
stampUser($userid, $smarty->dbh(), $smarty->opt()); stampUser($userid, $smarty->dbh(), $smarty->opt());
$message = "Added '" . $desc . "' to your gift list."; $message = "Added '" . $name . "' to your gift list.";
} }
} }
} }
@ -98,34 +102,34 @@ if (!($stmt->fetch())) {
} }
if (!isset($_GET["sort"])) { if (!isset($_GET["sort"])) {
$sortby = "rankorder DESC, description"; $sortby = "rankorder DESC, name";
} }
else { else {
$sort = $_GET["sort"]; $sort = $_GET["sort"];
switch ($sort) { switch ($sort) {
case "ranking": case "ranking":
$sortby = "rankorder DESC, description"; $sortby = "rankorder DESC, name";
break; break;
case "description": case "name":
$sortby = "description"; $sortby = "name";
break; break;
case "source": case "source":
$sortby = "source, rankorder DESC, description"; $sortby = "source, rankorder DESC, name";
break; break;
case "price": case "price":
$sortby = "price, rankorder DESC, description"; $sortby = "price, rankorder DESC, name";
break; break;
case "url": case "url":
$sortby = "url, rankorder DESC, description"; $sortby = "url, rankorder DESC, name";
break; break;
case "status": case "status":
$sortby = "reservedid DESC, boughtid DESC, rankorder DESC, description"; $sortby = "reservedid DESC, boughtid DESC, rankorder DESC, name";
break; break;
case "category": case "category":
$sortby = "c.category, rankorder DESC, description"; $sortby = "c.category, rankorder DESC, name";
break; break;
default: default:
$sortby = "rankorder DESC, description"; $sortby = "rankorder DESC, name";
} }
} }
@ -133,7 +137,7 @@ else {
for those items with a quantity of 1. if the item's quantity > 1 we'll query alloc when we for those items with a quantity of 1. if the item's quantity > 1 we'll query alloc when we
get to that record. the theory is that most items will have quantity = 1 so we'll make the least get to that record. the theory is that most items will have quantity = 1 so we'll make the least
number of trips. */ number of trips. */
$stmt = $smarty->dbh()->prepare("SELECT i.itemid, description, price, source, c.category, url, image_filename, " . $stmt = $smarty->dbh()->prepare("SELECT i.itemid, name, description, price, source, c.category, url, image_filename, " .
"ub.fullname AS bfullname, ub.userid AS boughtid, " . "ub.fullname AS bfullname, ub.userid AS boughtid, " .
"ur.fullname AS rfullname, ur.userid AS reservedid, " . "ur.fullname AS rfullname, ur.userid AS reservedid, " .
"rendered, i.comment, i.quantity " . "rendered, i.comment, i.quantity " .

2
src/shoplist.php
View file

@ -27,6 +27,8 @@ else {
$userid = $_SESSION["userid"]; $userid = $_SESSION["userid"];
} }
$opt['show_helptext'] = $_SESSION['show_helptext'];
if (empty($_GET["sort"])) if (empty($_GET["sort"]))
$sort = "source"; $sort = "source";
else else

17
src/templates/home.tpl
View file

@ -90,26 +90,27 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
<table class="table table-bordered table-striped"> <table class="table table-bordered table-striped">
<thead> <thead>
<tr> <tr>
<th class="colheader"><a href="index.php?mysort=description">Description</a></th> <th class="colheader"><a href="index.php?mysort=name">Name</a></th>
<th class="colheader"><a href="index.php?mysort=ranking">Ranking</a></th> <th class="colheader"><a href="index.php?mysort=ranking">Ranking</a></th>
<th class="colheader"><a href="index.php?mysort=category">Category</a></th> <th class="colheader"><a href="index.php?mysort=category">Category</a></th>
<th class="rcolheader"><a href="index.php?mysort=price">Price</a></th> <th class="colheader"><a href="index.php?mysort=price">Price</a></th>
<th>&nbsp;</th> <th class="rcolheader">Actions</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
{foreach from=$myitems item=row} {foreach from=$myitems item=row}
<tr valign="top"> <tr valign="top">
<td> <td>
{$row.description|escape:'htmlall'} <span title="{$row.description|escape:'htmlall'}">
<a href="item.php?action=edit&itemid={$row.itemid}">{$row.name|escape:'htmlall'}</a></span>
{if $row.comment != ''} {if $row.comment != ''}
<a class="btn btn-small" rel="popover" href="#" data-placement="right" data-original-title="Comment" data-content="{$row.comment|escape:'htmlall'}">...</a> &nbsp;<a class="btn btn-small" rel="popover" href="#" data-placement="right" data-original-title="Comment" data-content="{$row.comment|escape:'htmlall'}">...</a>
{/if} {/if}
{if $row.url != ''} {if $row.url != ''}
<a href="{$row.url|escape:'htmlall'}" target="_blank"><img src="images/link.png" border="0" alt="URL" title="URL"></a> &nbsp;<a rel="lightbox" href="{$row.url}" title="{$row.url}"><img src="images/link.png" border="0" alt="Image" /></a>
{/if} {/if}
{if $row.image_filename != '' && $opt.allow_images} {if $row.image_filename != '' && $opt.allow_images}
<a rel="lightbox" href="{$opt.image_subdir}/{$row.image_filename}" title="{$row.description|escape:'htmlall'}"><img src="images/image.png" border="0" alt="Image" /></a> &nbsp;<a rel="lightbox" href="{$opt.image_subdir}/{$row.image_filename}" title="{$row.name|escape:'htmlall'}"><img src="images/image.png" border="0" alt="Image" /></a>
{/if} {/if}
</td> </td>
<td nowrap>{$row.rendered}</td> <td nowrap>{$row.rendered}</td>
@ -118,7 +119,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
<td align="right" nowrap> <td align="right" nowrap>
<a href="receive.php?itemid={$row.itemid}"><img alt="Mark Item Received" src="images/return.png" border="0" title="Mark Item Received" /></a>&nbsp; <a href="receive.php?itemid={$row.itemid}"><img alt="Mark Item Received" src="images/return.png" border="0" title="Mark Item Received" /></a>&nbsp;
<a href="item.php?action=edit&itemid={$row.itemid}"><img alt="Edit Item" src="images/pencil.png" border="0" title="Edit Item" /></a>&nbsp; <a href="item.php?action=edit&itemid={$row.itemid}"><img alt="Edit Item" src="images/pencil.png" border="0" title="Edit Item" /></a>&nbsp;
<a rel="confirmitemdelete" data-content="{$row.description|escape:'htmlall'}" href="item.php?action=delete&itemid={$row.itemid}"><img alt="Delete Item" src="images/bin.png" border="0" alt="Delete" title="Delete Item" /></a> <a rel="confirmitemdelete" data-content="{$row.name|escape:'htmlall'}" href="item.php?action=delete&itemid={$row.itemid}"><img alt="Delete Item" src="images/bin.png" border="0" alt="Delete" title="Delete Item" /></a>
</td> </td>
</tr> </tr>
{/foreach} {/foreach}

24
src/templates/item.tpl
View file

@ -36,8 +36,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
highlight: validate_highlight, highlight: validate_highlight,
success: validate_success, success: validate_success,
rules: { rules: {
description: { name: {
required: true, required: true,
maxlength: 100
},
description: {
maxlength: 255 maxlength: 255
}, },
category: { category: {
@ -49,7 +52,6 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
"number": true "number": true
}, },
source: { source: {
required: true,
maxlength: 255 maxlength: 255
}, },
ranking: { ranking: {
@ -65,8 +67,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
} }
}, },
messages: { messages: {
name: {
required: "The item's name is required.",
maxlength: "The item's name must be 100 characters or less."
},
description: { description: {
required: "The item's description is required.",
maxlength: "The item's description must be 255 characters or less." maxlength: "The item's description must be 255 characters or less."
}, },
category: { category: {
@ -78,7 +83,6 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
"number": "Price must be a valid number." "number": "Price must be a valid number."
}, },
source: { source: {
required: "A source to buy the item is required.",
maxlength: "The source must be 255 characters or less." maxlength: "The source must be 255 characters or less."
}, },
ranking: { ranking: {
@ -130,10 +134,19 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
{elseif $action == "add" || (isset($haserror) && $action == 'insert')} {elseif $action == "add" || (isset($haserror) && $action == 'insert')}
<input type="hidden" name="action" value="insert"> <input type="hidden" name="action" value="insert">
{/if} {/if}
<div class="control-group {if isset($name_error)}warning{/if}">
<label class="control-label" for="name">Name</label>
<div class="controls">
<input id="name" name="name" type="text" value="{$name|escape:'htmlall'}" class="input-xlarge" placeholder="Name" maxlength="100">
{if isset($name_error)}
<span class="help-inline">{$name_error}</span>
{/if}
</div>
</div>
<div class="control-group {if isset($description_error)}warning{/if}"> <div class="control-group {if isset($description_error)}warning{/if}">
<label class="control-label" for="description">Description</label> <label class="control-label" for="description">Description</label>
<div class="controls"> <div class="controls">
<input id="description" name="description" type="text" value="{$description|escape:'htmlall'}" class="input-xlarge" placeholder="Description" maxlength="255"> <textarea id="description" name="description" class="input-xlarge" rows="2" cols="40">{$description|escape:'htmlall'}</textarea>
{if isset($description_error)} {if isset($description_error)}
<span class="help-inline">{$description_error}</span> <span class="help-inline">{$description_error}</span>
{/if} {/if}
@ -143,7 +156,6 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
<label class="control-label" for="category">Category</label> <label class="control-label" for="category">Category</label>
<div class="controls"> <div class="controls">
<select id="category" name="category" class="input-xlarge"> <select id="category" name="category" class="input-xlarge">
<option value="">Uncategorized</option>
{foreach from=$categories item=row} {foreach from=$categories item=row}
<option value="{$row.categoryid}" {if $row.categoryid == $category}SELECTED{/if}>{$row.category|escape:'htmlall'}</option> <option value="{$row.categoryid}" {if $row.categoryid == $category}SELECTED{/if}>{$row.category|escape:'htmlall'}</option>
{/foreach} {/foreach}

4
src/templates/mylist.tpl
View file

@ -56,7 +56,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
<tr> <tr>
<th><a href="mylist.php?sort=ranking">Ranking</a></th> <th><a href="mylist.php?sort=ranking">Ranking</a></th>
<th><a href="mylist.php?sort=source">Source</a></th> <th><a href="mylist.php?sort=source">Source</a></th>
<th><a href="mylist.php?sort=description">Description</a></th> <th><a href="mylist.php?sort=name">Name</a></th>
<th><a href="mylist.php?sort=category">Category</a></th> <th><a href="mylist.php?sort=category">Category</a></th>
<th><a href="mylist.php?sort=price">Price</a></th> <th><a href="mylist.php?sort=price">Price</a></th>
</tr> </tr>
@ -66,7 +66,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
<tr> <tr>
<td>{$row.rendered}</td> <td>{$row.rendered}</td>
<td>{$row.source|escape:'htmlall'}</td> <td>{$row.source|escape:'htmlall'}</td>
<td>{$row.description|escape:'htmlall'}</td> <td>{$row.name|escape:'htmlall'}</td>
<td>{$row.category|escape:'htmlall'}</td> <td>{$row.category|escape:'htmlall'}</td>
<td>{$row.price}</td> <td>{$row.price}</td>
</tr> </tr>

1
src/templates/navbar.tpl
View file

@ -47,6 +47,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
</li> </li>
{/if} {/if}
<li><a href="login.php?action=logout">Logout</a></li> <li><a href="login.php?action=logout">Logout</a></li>
<li><a href="help.php">Help</a></li>
</ul> </ul>
</div> </div>
</div> </div>

7
src/templates/profile.tpl
View file

@ -139,6 +139,13 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
E-mail me a copy of every message E-mail me a copy of every message
</div> </div>
</div> </div>
<div class="control-group">
<label class="control-label" for="show_helptext">Show help text</label>
<div class="controls">
<input type="checkbox" id="show_helptext" name="show_helptext" {if $show_helptext}CHECKED{/if}>
Show help messages on pages
</div>
</div>
<div class="control-group"> <div class="control-group">
<label class="control-label" for="comment">Comments / shipping address / etc. (optional)</label> <label class="control-label" for="comment">Comments / shipping address / etc. (optional)</label>
<div class="controls"> <div class="controls">

8
src/templates/shop.tpl
View file

@ -87,13 +87,13 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
<table class="table table-bordered table-striped"> <table class="table table-bordered table-striped">
<thead> <thead>
<tr> <tr>
<th><a href="shop.php?shopfor={$shopfor}&sort=description">Description</a></th> <th><a href="shop.php?shopfor={$shopfor}&sort=name">Name</a></th>
<th><a href="shop.php?shopfor={$shopfor}&sort=ranking">Rank</a></th> <th><a href="shop.php?shopfor={$shopfor}&sort=ranking">Rank</a></th>
<th><a href="shop.php?shopfor={$shopfor}&sort=category">Category</a></th> <th><a href="shop.php?shopfor={$shopfor}&sort=category">Category</a></th>
<th><a href="shop.php?shopfor={$shopfor}&sort=price">Price</a></th> <th><a href="shop.php?shopfor={$shopfor}&sort=price">Price</a></th>
<th><a href="shop.php?shopfor={$shopfor}&sort=source">Store/Location</a></th> <th><a href="shop.php?shopfor={$shopfor}&sort=source">Store/Location</a></th>
<th><a href="shop.php?shopfor={$shopfor}&sort=status">Status</a></th> <th><a href="shop.php?shopfor={$shopfor}&sort=status">Status</a></th>
<th>&nbsp;</th> <th>Actions</th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
@ -103,7 +103,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
{if $row.url != ''} {if $row.url != ''}
<a href="{$row.url}" target="_blank"> <a href="{$row.url}" target="_blank">
{/if} {/if}
{$row.description|escape:'htmlall'} <span title="{$row.description|escape:'htmlall'}">{$row.name|escape:'htmlall'}</span>
{if $row.url != ''} {if $row.url != ''}
</a> </a>
{/if} {/if}
@ -114,7 +114,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
<a rel="lightbox" href="{$opt.image_subdir}/{$row.image_filename}" title="{$row.description|escape:'htmlall'}"><img src="images/image.png" border="0" alt="Image" /></a> <a rel="lightbox" href="{$opt.image_subdir}/{$row.image_filename}" title="{$row.description|escape:'htmlall'}"><img src="images/image.png" border="0" alt="Image" /></a>
{/if} {/if}
</td> </td>
<td nowrap>{$row.rendered}</td> <td nowrap>{$row.rendered}&nbsp;&nbsp;&nbsp;</td>
<td>{$row.category|default:"&nbsp;"}</td> <td>{$row.category|default:"&nbsp;"}</td>
<td align="right">{$row.price}</td> <td align="right">{$row.price}</td>
<td>{$row.source|escape:'htmlall'}</td> <td>{$row.source|escape:'htmlall'}</td>