mike/wishlist
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

allow items to be shared publicly

Browse source
This commit is contained in:
Michael Erdely 2024-12-17 10:23:06 -05:00
parent 64baf4332f
commit e77d4364eb
Signed by: mike
SSH key fingerprint: SHA256:ukbnfrRMaRYlBZXENtBTyO2jLnql5AA5m+SzZCfYQe0
6 changed files with 131 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/index.php
View file

@ -190,7 +190,7 @@ else {
$sortby = "rankorder {$_SESSION['sortdir']}, i.name";
}
}
$stmt = $smarty->dbh()->prepare("SELECT itemid, name, description, i.category as catid, c.category, price, price as pricenum, source, url, i.ranking as rankid, rendered, comment, quantity, image_filename FROM {$opt["table_prefix"]}items i LEFT OUTER JOIN {$opt["table_prefix"]}categories c ON c.categoryid = i.category LEFT OUTER JOIN {$opt["table_prefix"]}ranks r ON r.ranking = i.ranking WHERE userid = ? ORDER BY " . $sortby);
$stmt = $smarty->dbh()->prepare("SELECT itemid, name, description, i.category as catid, c.category, price, price as pricenum, source, url, i.ranking as rankid, rendered, comment, quantity, image_filename, public FROM {$opt["table_prefix"]}items i LEFT OUTER JOIN {$opt["table_prefix"]}categories c ON c.categoryid = i.category LEFT OUTER JOIN {$opt["table_prefix"]}ranks r ON r.ranking = i.ranking WHERE userid = ? ORDER BY " . $sortby);
$stmt->bindParam(1, $userid, PDO::PARAM_INT);
$stmt->execute();
$myitems_count = 0;
@ -298,6 +298,7 @@ if (!$opt["auto_connect_family_members"]) {
}
$shoppees[] = $row;
}
$prospects = array();
}
$stmt = $smarty->dbh()->prepare("SELECT messageid, u.fullname, message, created " .

27
src/item.php
View file

@ -36,6 +36,7 @@ $url = "";
$category = 1;
$ranking = 3;
$comment = "";
$public = 0;
$quantity = 1;
$image_url = "";
$image_filename = "";
@ -78,6 +79,7 @@ if (!empty($_REQUEST["action"])) {
$category = isset($_REQUEST["category"]) ? trim($_REQUEST["category"]) : "1";
$ranking = isset($_REQUEST["ranking"]) ? $_REQUEST["ranking"] : "3";
$comment = isset($_REQUEST["comment"]) ? $_REQUEST["comment"] : "";
$public = isset($_REQUEST["public"]) ? $_REQUEST["public"] : 0;
if (isset($_REQUEST["pricesymbol"]) && $_REQUEST["pricesymbol"] != $opt["currency_symbol"]) {
$price = "";
$comment = trim("$comment Price not in {$opt['currency_symbol']}, it is {$_REQUEST["pricesymbol"]}{$_REQUEST['price']}.");
@ -241,7 +243,7 @@ if (!empty($_REQUEST["action"])) {
}
}
else if ($action == "edit") {
$stmt = $smarty->dbh()->prepare("SELECT name, description, price, source, category, url, ranking, comment, quantity, image_filename FROM {$opt["table_prefix"]}items WHERE itemid = ?");
$stmt = $smarty->dbh()->prepare("SELECT name, description, price, source, category, url, ranking, comment, public, quantity, image_filename FROM {$opt["table_prefix"]}items WHERE itemid = ?");
$stmt->bindValue(1, (int) $_REQUEST["itemid"], PDO::PARAM_INT);
$stmt->execute();
@ -254,6 +256,7 @@ if (!empty($_REQUEST["action"])) {
$category = $row["category"];
$ranking = $row["ranking"];
$comment = $row["comment"];
$public = $row["public"];
$quantity = (int) $row["quantity"];
$image_filename = $row["image_filename"];
}
@ -267,13 +270,14 @@ if (!empty($_REQUEST["action"])) {
$category = 1;
$ranking = 3;
$comment = "";
$public = 0;
$quantity = 1;
$image_filename = "";
}
else if ($action == "insert") {
if (!$haserror) {
$stmt = $smarty->dbh()->prepare("INSERT INTO {$opt["table_prefix"]}items(userid,name,description,price,source,category,url,ranking,comment,quantity,image_filename) " .
"VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt = $smarty->dbh()->prepare("INSERT INTO {$opt["table_prefix"]}items(userid,name,description,price,source,category,url,ranking,comment,public,quantity,image_filename) " .
"VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bindParam(1, $userid, PDO::PARAM_INT);
$stmt->bindParam(2, $name, PDO::PARAM_STR);
$stmt->bindParam(3, $description, PDO::PARAM_STR);
@ -283,11 +287,12 @@ if (!empty($_REQUEST["action"])) {
$stmt->bindParam(7, $url, PDO::PARAM_STR);
$stmt->bindParam(8, $ranking, PDO::PARAM_INT);
$stmt->bindParam(9, $comment, PDO::PARAM_STR);
$stmt->bindParam(10, $quantity, PDO::PARAM_INT);
$stmt->bindParam(10, $public, PDO::PARAM_BOOL);
$stmt->bindParam(11, $quantity, PDO::PARAM_INT);
if (!isset($image_base_filename) || $image_base_filename == "") {
$image_base_filename = NULL;
}
$stmt->bindParam(11, $image_base_filename, PDO::PARAM_STR);
$stmt->bindParam(12, $image_base_filename, PDO::PARAM_STR);
$stmt->execute();
stampUser($userid, $smarty->dbh(), $smarty->opt());
@ -309,6 +314,7 @@ if (!empty($_REQUEST["action"])) {
"url = ?, " .
"ranking = ?, " .
"comment = ?, " .
"public = ?, " .
"quantity = ? " .
($image_base_filename != "" ? ", image_filename = ? " : "") .
"WHERE itemid = ?");
@ -320,13 +326,15 @@ if (!empty($_REQUEST["action"])) {
$stmt->bindParam(6, $url, PDO::PARAM_STR);
$stmt->bindParam(7, $ranking, PDO::PARAM_INT);
$stmt->bindParam(8, $comment, PDO::PARAM_STR);
$stmt->bindParam(9, $quantity, PDO::PARAM_INT);
$stmt->bindParam(9, $public, PDO::PARAM_BOOL);
$stmt->bindParam(10, $quantity, PDO::PARAM_INT);
error_log("public = $public");
if ($image_base_filename != "") {
$stmt->bindParam(10, $image_base_filename, PDO::PARAM_STR);
$stmt->bindValue(11, (int) $_REQUEST["itemid"], PDO::PARAM_INT);
$stmt->bindParam(11, $image_base_filename, PDO::PARAM_STR);
$stmt->bindValue(12, (int) $_REQUEST["itemid"], PDO::PARAM_INT);
}
else {
$stmt->bindValue(10, (int) $_REQUEST["itemid"], PDO::PARAM_INT);
$stmt->bindValue(11, (int) $_REQUEST["itemid"], PDO::PARAM_INT);
}
$stmt->execute();
@ -400,6 +408,7 @@ if (isset($url_error)) {
}
$smarty->assign('image_filename', $image_filename);
$smarty->assign('comment', $comment);
$smarty->assign('public', $public);
$smarty->assign('categories', $categories);
$smarty->assign('ranks', $ranks);
header("Location: " . getFullPath("index.php"));

91
src/shop.php
View file

@ -18,26 +18,47 @@ require_once(dirname(__FILE__) . "/includes/MySmarty.class.php");
$smarty = new MySmarty();
$opt = $smarty->opt();
session_start();
if (!isset($_SESSION["userid"])) {
header("Location: " . getFullPath("login.php") . "?from=shop.php");
exit;
}
else {
$userid = $_SESSION["userid"];
}
$public_view = 0;
if (isset($_GET["list"])) {
$list = filter_var(strtolower(trim($_GET["list"])), FILTER_SANITIZE_EMAIL);;
$list = htmlspecialchars($list, ENT_QUOTES, 'UTF-8');
$opt['show_helptext'] = $_SESSION['show_helptext'];
if (isset($_GET["shopfor"])) {
$shopfor = filter_var(trim($_GET["shopfor"]), FILTER_SANITIZE_NUMBER_INT);
if (filter_var($shopfor, FILTER_SANITIZE_NUMBER_INT) === false || $shopfor == "" || !is_numeric($shopfor) || $shopfor < 0) {
die("Invalid shopfor ({$_GET["shopfor"]})");
if (filter_var($list, FILTER_SANITIZE_EMAIL) === false || $list == "") {
die("Invalid listid ({$_GET["list"]})");
}
$stmt = $smarty->dbh()->prepare("SELECT userid FROM {$opt["table_prefix"]}users WHERE email = ?");
$stmt->bindParam(1, $list, PDO::PARAM_STR);
$stmt->execute();
if ($row = $stmt->fetch()) {
$shopfor = (int) $row["userid"];
$public_view = 1;
} else {
die("Invalid listid ({$_GET["list"]})");
}
}
if ($public_view == 0) {
session_start();
if (!isset($_SESSION["userid"])) {
header("Location: " . getFullPath("login.php") . "?from=shop.php");
exit;
}
else {
$userid = $_SESSION["userid"];
}
$opt['show_helptext'] = $_SESSION['show_helptext'];
if (isset($_GET["shopfor"])) {
$shopfor = filter_var(trim($_GET["shopfor"]), FILTER_SANITIZE_NUMBER_INT);
if (filter_var($shopfor, FILTER_SANITIZE_NUMBER_INT) === false || $shopfor == "" || !is_numeric($shopfor) || $shopfor < 0) {
die("Invalid shopfor ({$_GET["shopfor"]})");
}
$shopfor = (int) $shopfor;
//} else {
// header("Location: " . getFullPath("index.php"));
}
$shopfor = (int) $shopfor;
//} else {
// header("Location: " . getFullPath("index.php"));
}
if ($shopfor == $userid) {
@ -142,13 +163,15 @@ if (!empty($_GET["action"])) {
}
}
$stmt = $smarty->dbh()->prepare("SELECT * FROM {$opt["table_prefix"]}shoppers WHERE shopper = ? AND mayshopfor = ? AND pending = 0");
$stmt->bindParam(1, $userid, PDO::PARAM_INT);
$stmt->bindParam(2, $shopfor, PDO::PARAM_INT);
$stmt->execute();
if (!($stmt->fetch())) {
echo "Nice try! (You can't shop for someone who hasn't approved it.)";
exit;
if ($public_view == 0) {
$stmt = $smarty->dbh()->prepare("SELECT * FROM {$opt["table_prefix"]}shoppers WHERE shopper = ? AND mayshopfor = ? AND pending = 0");
$stmt->bindParam(1, $userid, PDO::PARAM_INT);
$stmt->bindParam(2, $shopfor, PDO::PARAM_INT);
$stmt->execute();
if (!($stmt->fetch())) {
echo "Nice try! (You can't shop for someone who hasn't approved it.)";
exit;
}
}
if (!empty($_GET["sortdir"])) {
@ -198,7 +221,7 @@ else {
for those items with a quantity of 1. if the item's quantity > 1 we'll query alloc when we
get to that record. the theory is that most items will have quantity = 1 so we'll make the least
number of trips. */
$stmt = $smarty->dbh()->prepare("SELECT i.itemid, name, description, price, price as pricenum, source, i.category as catid, c.category, url, r.title as rank, i.ranking as rankid, image_filename, " .
$sql = "SELECT i.itemid, name, description, price, price as pricenum, source, i.category as catid, c.category, url, r.title as rank, i.ranking as rankid, image_filename, public, " .
"ub.fullname AS bfullname, ub.userid AS boughtid, " .
"ur.fullname AS rfullname, ur.userid AS reservedid, " .
"rendered, i.comment, i.quantity " .
@ -208,8 +231,13 @@ $stmt = $smarty->dbh()->prepare("SELECT i.itemid, name, description, price, pric
"LEFT OUTER JOIN {$opt["table_prefix"]}allocs a ON a.itemid = i.itemid AND i.quantity = 1 " . // only join allocs for single-quantity items.
"LEFT OUTER JOIN {$opt["table_prefix"]}users ub ON ub.userid = a.userid AND a.bought = 1 " .
"LEFT OUTER JOIN {$opt["table_prefix"]}users ur ON ur.userid = a.userid AND a.bought = 0 " .
"WHERE i.userid = ? " .
"ORDER BY " . $sortby);
"WHERE i.userid = ? ";
if ($public_view) {
$sql .= "AND public = 1 ";
}
$sql .= "ORDER BY " . $sortby;
error_log("sql = '$sql'");
$stmt = $smarty->dbh()->prepare($sql);
$stmt->bindParam(1, $shopfor, PDO::PARAM_INT);
$stmt->execute();
$shoprows = array();
@ -238,7 +266,7 @@ while ($row = $stmt->fetch()) {
$itemallocs[] = ($allocrow['quantity'] . " bought by you.");
}
else {
if (!$opt["anonymous_purchasing"]) {
if (!$opt["anonymous_purchasing"] && !$public_view) {
$itemallocs[] = ($allocrow['quantity'] . " bought by " . $allocrow['bfullname'] . ".");
}
else {
@ -252,11 +280,11 @@ while ($row = $stmt->fetch()) {
$itemallocs[] = ($allocrow['quantity'] . " reserved by you.");
}
else {
if (!$opt["anonymous_purchasing"]) {
if (!$opt["anonymous_purchasing"] && !$public_view) {
$itemallocs[] = ($allocrow['quantity'] . " reserved by " . $allocrow['rfullname'] . ".");
}
else {
$itemallocs[] = ($allocrow['quanitity'] . " reserved.");
$itemallocs[] = ($allocrow['quantity'] . " reserved.");
}
}
}
@ -292,6 +320,7 @@ $smarty->assign('ucomment', $ucomment);
$smarty->assign('shopfor', $shopfor);
$smarty->assign('shoprows', $shoprows);
$smarty->assign('userid', $userid);
$smarty->assign('public_view', $public_view);
if (isset($_GET["message"])) {
$message = $_GET["message"];
}

1
src/sql/create-phpgiftregdb.sql
View file

@ -78,6 +78,7 @@ CREATE TABLE `items` (
`comment` text,
`quantity` int(11) NOT NULL default '0',
`image_filename` varchar(255) default NULL,
`public` tinyint(1) NOT NULL default '0',
PRIMARY KEY (`itemid`)
);

17
src/templates/home.tpl
View file

@ -203,6 +203,14 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
</div>
</div>
{/if}
<div class="row row-cols-2 mb-2 g-3 align-items-center">
<div class="col-4">
<label class="col-form-label" for="public">Make public</label>
</div>
<div class="col">
<input id="public" name="public" type="checkbox" class="form-check-input" {if $row.public == 1}checked{/if}>
</div> <!-- col -->
</div> <!-- row -->
<div class="row row-cols-2 mb-2 g-3 align-items-center">
<div class="col-4">
<label class="col-form-label" for="comment">Comment</label>
@ -228,6 +236,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
<span title="{$row.description|escape:'htmlall'}">{$row.name|truncate:50|escape:'htmlall'}</span>
</a>
<span title="{$row.description|escape:'htmlall'}">
{if $row.public == 1} &nbsp; <img alt="Item is Public" class="theme-image" data-light-src="images/globe-light.png" data-dark-src="images/globe-dark.png" src="images/globe-light.png" border="0" title="Item is Public">{/if}
</td>
<td nowrap class="text-center">{$row.rankid}</td>
<td nowrap class="text-center">{$row.quantity}</td>
@ -363,6 +372,14 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
</div>
</div>
{/if}
<div class="row row-cols-2 mb-2 g-3 align-items-center">
<div class="col-4">
<label class="col-form-label" for="public">Make public</label>
</div>
<div class="col">
<input id="public" name="public" type="checkbox" class="form-check-input">
</div> <!-- col -->
</div> <!-- row -->
<div class="row row-cols-2 mb-2 g-3 align-items-center">
<div class="col-4">
<label class="col-form-label" for="comment">Comment</label>

54
src/templates/shop.tpl
View file

@ -35,7 +35,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
</script>
</head>
<body>
{include file='navbar.tpl' isadmin=$isadmin}
{if !$public_view}
{include file='navbar.tpl' isadmin=$isadmin}
{else}
{include file='public_navbar.tpl'}
{/if}
<main>
<div class="container">
{if isset($message)}
@ -52,7 +56,9 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
<li>If you return something you've purchased, come back and click the <img src="images/return-light.png"> icon. It will remain reserved for you.</li>
<li>Just because an item has a URL listed doesn't mean you have to buy it from there (unless the comment says so).</li>
<li>You can click the column headers to sort by that attribute.</li>
<li>If you see something you'd like for yourself, click the <img src="images/split-2-light.png"> icon to copy it to your own list.</li>
{if !$public_view}
<li>If you see something you'd like for yourself, click the <img src="images/split-2-light.png"> icon to copy it to your own list.</li>
{/if}
</ul>
</div> <!-- card body -->
</div> <!-- card -->
@ -186,7 +192,9 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
{/if}
{/if}
{/if}
<a role="button" class="btn btn-secondary" href="shop.php?action=copy&itemid={$row.itemid}&shopfor={$shopfor}"><img alt="I Want This Too" title="I Want This Too" src="images/split-2-dark.png" border="0" /></a>
{if !$public_view}
<a role="button" class="btn btn-secondary" href="shop.php?action=copy&itemid={$row.itemid}&shopfor={$shopfor}"><img alt="I Want This Too" title="I Want This Too" src="images/split-2-dark.png" border="0" /></a>
{/if}
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
</div> <!-- modal-footer -->
</div> <!-- modal-content -->
@ -249,7 +257,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
{* </td> *}
{else}
<td> <!-- status -->
{if $opt.anonymous_purchasing}
{if $opt.anonymous_purchasing || $public_view}
<i>Reserved.</i>
{else}
<i>Reserved by {$row.rfullname|escape:'htmlall'}.</i>
@ -286,7 +294,9 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
{/if}
{/if}
{* <td> *}
<a href="shop.php?action=copy&itemid={$row.itemid}&shopfor={$shopfor}"><img alt="I Want This Too" title="I Want This Too" class="theme-image" data-light-src="images/split-2-light.png" data-dark-src="images/split-2-dark.png" src="images/split-2-light.png" border="0" /></a>
{if !$public_view}
<a href="shop.php?action=copy&itemid={$row.itemid}&shopfor={$shopfor}"><img alt="I Want This Too" title="I Want This Too" class="theme-image" data-light-src="images/split-2-light.png" data-dark-src="images/split-2-dark.png" src="images/split-2-light.png" border="0" /></a>
{/if}
</td>
</tr>
{/foreach}
@ -296,25 +306,27 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
</div> <!-- card body -->
<div class="card-footer text-body-secondary"><a onClick="printPage()" href="#">Send to printer</a></div>
</div> <!-- card -->
<div class="row row-cols-1 row-cols-md-2 g4 d-flex d-flex justify-content-center">
<div class="col mb-3">
<div class="card mb-3">
<div class="card-header"><h1>{$ufullname|escape:'htmlall'} Info</h1></div>
<div class="card-body">
{if $uemail != ''}
Email Address: {$uemail|escape:'htmlall'}<br /><br />
{/if}
{if $ucomment != ''}
{$ucomment|escape:'htmlall'|nl2br}
{/if}
</div> <!-- col -->
</div> <!-- row -->
</div> <!-- col -->
</div> <!-- row -->
{if !$public_view}
<div class="row row-cols-1 row-cols-md-2 g4 d-flex d-flex justify-content-center">
<div class="col mb-3">
<div class="card mb-3">
<div class="card-header"><h1>{$ufullname|escape:'htmlall'} Info</h1></div>
<div class="card-body">
{if $uemail != ''}
Email Address: {$uemail|escape:'htmlall'}<br /><br />
{/if}
{if $ucomment != ''}
{$ucomment|escape:'htmlall'|nl2br}
{/if}
</div> <!-- col -->
</div> <!-- row -->
</div> <!-- col -->
</div> <!-- row -->
{/if}
<div class="card text-bg-info mb-3">
<div class="card-header">Legend</div>
<div class="card-body text-center">
<img src="images/locked-light.png" alt="Reserve" title="Reserve"> = Reserve, <img src="images/unlocked-light.png" alt="Release" title="Release"> = Release, <img src="images/credit-card-3-light.png" alt="Purchase" title="Purchase"> = Purchase, <img src="images/return-light.png" alt="Return" title="Return"> = Return, <img src="images/split-2-light.png" alt="I Want This Too" title="I Want This Too"> = I Want This Too
<img src="images/locked-light.png" alt="Reserve" title="Reserve"> = Reserve, <img src="images/unlocked-light.png" alt="Release" title="Release"> = Release, <img src="images/credit-card-3-light.png" alt="Purchase" title="Purchase"> = Purchase, <img src="images/return-light.png" alt="Return" title="Return"> = Return{if !$public_view}, <img src="images/split-2-light.png" alt="I Want This Too" title="I Want This Too"> = I Want This Too{/if}
</div> <!-- card body -->
</div> <!-- card -->
</div>