From 6f6ef1eb6f42d63299a907e54d1f44a58ddd9611 Mon Sep 17 00:00:00 2001 From: kelete Date: Fri, 22 Mar 2019 14:10:45 +0100 Subject: [PATCH 1/3] Purchasing module v1 TODO: Review ofuscation of form text values to accept all characters entered. --- src/classes/items/items.core.class.php | 82 +++++++++++++++++++++-- src/classes/items/itemtype.core.class.php | 18 +++-- src/classes/system/html.core.class.php | 11 ++- src/classes/system/model.class.php | 7 ++ src/config/database.constants.php | 5 ++ src/config/db/items/item_department.sql | 12 ++++ src/config/db/items/item_product.sql | 16 +++++ 7 files changed, 135 insertions(+), 16 deletions(-) create mode 100644 src/config/db/items/item_department.sql create mode 100644 src/config/db/items/item_product.sql diff --git a/src/classes/items/items.core.class.php b/src/classes/items/items.core.class.php index e56862a3..e8f7364d 100644 --- a/src/classes/items/items.core.class.php +++ b/src/classes/items/items.core.class.php @@ -8,7 +8,7 @@ * */ -class ItemsCore { +class ItemsCore extends Model { /** * Init, set varnames, validation rules @@ -186,6 +186,7 @@ function extendItem($item, $_options = false) { $ratings = false; $comments = false; $subscription_method = false; + $departments = false; $user = false; $readstate = false; @@ -204,6 +205,7 @@ function extendItem($item, $_options = false) { case "ratings" : $ratings = $_value; break; case "comments" : $comments = $_value; break; case "subscription_method" : $subscription_method = $_value; break; + case "departments" : $departments = $_value; break; case "user" : $user = $_value; break; case "readstate" : $readstate = $_value; break; @@ -217,11 +219,16 @@ function extendItem($item, $_options = false) { // get the specific type data $typeObject = $this->TypeObject($item["itemtype"]); + if(method_exists($typeObject, "get")) { $item = array_merge($item, $typeObject->get($item["id"])); } else { - $item = array_merge($item, $this->getSimpleType($item["id"], $typeObject)); + $tmp_simple_item = $this->getSimpleType($item["id"], $typeObject); + + if(count($tmp_simple_item)) { + $item = array_merge($item, $tmp_simple_item); + } } // add mediae @@ -261,6 +268,12 @@ function extendItem($item, $_options = false) { } + // add departments (for item) + if($all || $departments) { + $item["departments"] = $this->getDepartments(array("item_id" => $item["id"])); + } + + // add user nickname if($all || $user) { $UC = $this->getUserClass(); @@ -317,6 +330,7 @@ function getSimpleType($item_id, $typeObject) { $query = new Query(); $sql = "SELECT * FROM ".$typeObject->db." WHERE item_id = $item_id"; + if($query->sql($sql)) { $item = $query->result(0); unset($item["id"]); @@ -612,10 +626,12 @@ function getItems($_options = false) { // } if(isset($itemtype)) { + // add main itemtype table to enable sorting based on local values $WHERE[] = "items.itemtype = '$itemtype'"; + $WHERE[] = "items.id = ".$itemtype.".item_id"; + $FROM[] = $this->typeObject($itemtype)->db." as ".$itemtype; - // add main itemtype table to enable sorting based on local values - $LEFTJOIN[] = $this->typeObject($itemtype)->db." as ".$itemtype." ON items.id = ".$itemtype.".item_id"; +// $LEFTJOIN[] = $this->typeObject($itemtype)->db." as ".$itemtype." ON items.id = ".$itemtype.".item_id"; } // tag query @@ -691,7 +707,7 @@ function getItems($_options = false) { $ORDER[] = $order; } - $ORDER[] = "items.published_at DESC"; + $ORDER[] = "items.published_at DESC, items.id"; if(isset($limit)) { $limit = " LIMIT $limit"; @@ -703,12 +719,10 @@ function getItems($_options = false) { $items = array(); $sql = $query->compileQuery($SELECT, $FROM, array("LEFTJOIN" => $LEFTJOIN, "WHERE" => $WHERE, "HAVING" => $HAVING, "GROUP_BY" => $GROUP_BY, "ORDER" => $ORDER)) . $limit; -// print $sql."
\n"; $query->sql($sql); $items = $query->results(); - // TODO: consider if this could be integrated in primary query // - but might give issues with flexibility and query load on mixed lists // needs to be investigated @@ -1399,6 +1413,60 @@ function getSubscriptionMethod($_options=false) { return false; } + // get departments for item_id + // maintain $_options parameter despite only one option for now (could be more in the future) + function getDepartments($_options=false) { + $item_id = false; + + if($_options !== false) { + foreach($_options as $_option => $_value) { + switch($_option) { + case "item_id" : $item_id = $_value; break; + } + } + } + + $query = new Query(); + + if($item_id) { + + $sql = "SELECT * FROM ".UT_ITEM_DEPARTMENT." as department + WHERE department.item_id = $item_id"; + + if($query->sql($sql)) { + return $query->results(); + } + + } + + return false; + } + + // togle status value on item + function togleStatus($_options=false) { + $item_id = false; + + if($_options !== false) { + foreach($_options as $_option => $_value) { + switch($_option) { + case "item_id" : $item_id = $_value; break; + } + } + } + + $query = new Query(); + + if($item_id) { + // notice the "!" in the sql. togles the boolean value + $sql = "UPDATE ".UT_ITEMS." as items set status = !status WHERE id = $item_id"; + if($query->sql($sql)) { + return true; + } + + } + + return false; + } } ?> \ No newline at end of file diff --git a/src/classes/items/itemtype.core.class.php b/src/classes/items/itemtype.core.class.php index a0b28300..d0965eb1 100644 --- a/src/classes/items/itemtype.core.class.php +++ b/src/classes/items/itemtype.core.class.php @@ -43,12 +43,11 @@ function status($action) { if($query->sql("SELECT id FROM ".UT_ITEMS." WHERE id = $item_id AND itemtype = '$this->itemtype'")) { $query->sql("UPDATE ".UT_ITEMS." SET status = $status WHERE id = $item_id"); - message()->addMessage("Item ".$this->status_states[$status]); return true; } } - message()->addMessage("Item could not be ".$this->status_states[$status], array("type" => "error")); + message()->addMessage("Item Status could not be changed." , array("type" => "error")); return false; } @@ -349,8 +348,6 @@ function save($action) { // create sindex $this->sindex($sindex, $item_id); - - message()->addMessage("Item saved"); // return current item $IC = new Items(); @@ -431,7 +428,6 @@ function saveItem() { // TODO: implement itemtype checks function update($action) { global $page; - // Get posted values to make them available for models $this->getPostedEntities(); @@ -446,6 +442,16 @@ function update($action) { // get entities for current value $entities = $this->getModel(); + + foreach($entities as $name => $entity) { + if ((is_int($entity['value']) || is_string($entity['value'])) && strstr($entity['value'],"+++")) { + // TODO obfuscatio check + $entity['value'] = base64_decode(str_replace("+++","",$entity['value'])); + $entity['value'] = str_replace("&","&",$entity['value']); + } + + } + $names = array(); $values = array(); @@ -960,7 +966,6 @@ function addMedia($action) { $item_id = $action[1]; $query->checkDbExistence(UT_ITEMS_MEDIAE); - if($this->validateList(array("mediae"), $item_id)) { $uploads = $this->upload($item_id, array("input_name" => "mediae", "auto_add_variant" => true)); if($uploads) { @@ -1184,7 +1189,6 @@ function upload($item_id, $_options) { if(isset($_FILES[$_input_name])) { -// print "input_name:" . $_input_name; // print_r($_FILES[$_input_name]); foreach($_FILES[$_input_name]["name"] as $index => $value) { diff --git a/src/classes/system/html.core.class.php b/src/classes/system/html.core.class.php index cc051401..0929ea03 100644 --- a/src/classes/system/html.core.class.php +++ b/src/classes/system/html.core.class.php @@ -875,7 +875,7 @@ function formStart($action, $_options = false) { $att_action = $this->attribute("action", $action); $att_enctype = $this->attribute("enctype", $enctype); - $_ .= ''."\n"; + $_ .= ''."\n"; $_ .= ''."\n"; @@ -912,6 +912,7 @@ function button($value = false, $_options = false) { $type = "button"; $name = false; $class = false; + $script = array(); $wrapper = false; @@ -926,6 +927,8 @@ function button($value = false, $_options = false) { case "class" : $class = $_value; break; case "wrapper" : $wrapper = $_value; break; + + case "script" : $script = $_value; break; } } } @@ -936,6 +939,10 @@ function button($value = false, $_options = false) { $att_type = $this->attribute("type", $type); $att_class = $this->attribute("class", "button", $class); $att_name = $this->attribute("name", $name); + $att_script = ""; + if (count($script)) { + $att_script = $this->attribute($script[0], $script[1]); + } $att_wrap_id = ""; $att_wrap_class = ""; @@ -964,7 +971,7 @@ function button($value = false, $_options = false) { } - $_ .= ''; + $_ .= ''; if($wrapper) { $_ .= ''."\n"; diff --git a/src/classes/system/model.class.php b/src/classes/system/model.class.php index 92bc4d7a..4e06b2e8 100644 --- a/src/classes/system/model.class.php +++ b/src/classes/system/model.class.php @@ -303,6 +303,11 @@ function getPostedEntities() { // regular variable else { $value = getPost($name); + if ((is_int($value) || is_string($value)) && strstr($value,"+++")) { + $value = base64_decode(str_replace("+++","",$value)); + $value = str_replace("\&","",$value); + } + // if($value !== false) { // print $name."=".$value."\n"; $this->setProperty($name, "value", $value); @@ -314,6 +319,8 @@ function getPostedEntities() { } } } + + return true; } diff --git a/src/config/database.constants.php b/src/config/database.constants.php index b3e0d698..c8610d1d 100644 --- a/src/config/database.constants.php +++ b/src/config/database.constants.php @@ -12,6 +12,8 @@ define("UT_MAILLISTS", SITE_DB.".system_maillists"); // Maillists +define("UT_DEPARTMENTS", SITE_DB.".system_departments"); // Maillists + // ITEMS define("UT_ITEMS", SITE_DB.".items"); // Items @@ -28,6 +30,9 @@ // SUBSCRIPTION METHOD define("UT_ITEMS_SUBSCRIPTION_METHOD", SITE_DB.".items_subscription_method"); // Items Subscription method +// DEPARTMENTS +define("UT_ITEM_DEPARTMENT", SITE_DB.".item_department"); // Items Subscription method + // TAGS diff --git a/src/config/db/items/item_department.sql b/src/config/db/items/item_department.sql new file mode 100644 index 00000000..cec1d1aa --- /dev/null +++ b/src/config/db/items/item_department.sql @@ -0,0 +1,12 @@ +CREATE TABLE `SITE_DB`.`item_department` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `item_id` int(11) NOT NULL, + `department_id` int(11) NOT NULL, + + PRIMARY KEY (`id`), + KEY `item_id` (`item_id`), + CONSTRAINT `item_department_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `SITE_DB`.`items` (`id`) ON DELETE CASCADE ON UPDATE CASCADE, + KEY `department_id` (`department_id`), + CONSTRAINT `item_department_ibfk_2` FOREIGN KEY (`department_id`) REFERENCES `SITE_DB`.`system_departments` (`id`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + diff --git a/src/config/db/items/item_product.sql b/src/config/db/items/item_product.sql new file mode 100644 index 00000000..a073f1d2 --- /dev/null +++ b/src/config/db/items/item_product.sql @@ -0,0 +1,16 @@ +CREATE TABLE `SITE_DB`.`item_product` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `item_id` int(11) NOT NULL, + + `name` varchar(100) NOT NULL, + `description` text NOT NULL DEFAULT '', + `producttype` text NOT NULL DEFAULT '', + `supplier` int(11) NOT NULL, + `productAvailability` varchar(255) NULL, + + PRIMARY KEY (`id`), + KEY `item_id` (`item_id`), + CONSTRAINT `item_product_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `SITE_DB`.`items` (`id`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + + From 179a6a778d25e6070b82264ead6188203711c264 Mon Sep 17 00:00:00 2001 From: kelete Date: Mon, 1 Apr 2019 13:05:34 +0200 Subject: [PATCH 2/3] removed stuff from janitor. Code moved to it's corresponding place in kbhff_dk --- src/classes/items/items.core.class.php | 68 +---------------------- src/classes/items/itemtype.core.class.php | 9 --- src/classes/system/html.core.class.php | 11 +--- src/config/database.constants.php | 4 -- src/config/db/items/item_department.sql | 12 ---- src/config/db/items/item_product.sql | 16 ------ 6 files changed, 5 insertions(+), 115 deletions(-) delete mode 100644 src/config/db/items/item_department.sql delete mode 100644 src/config/db/items/item_product.sql diff --git a/src/classes/items/items.core.class.php b/src/classes/items/items.core.class.php index e8f7364d..531692a4 100755 --- a/src/classes/items/items.core.class.php +++ b/src/classes/items/items.core.class.php @@ -8,7 +8,7 @@ * */ -class ItemsCore extends Model { +class ItemsCore { /** * Init, set varnames, validation rules @@ -186,7 +186,6 @@ function extendItem($item, $_options = false) { $ratings = false; $comments = false; $subscription_method = false; - $departments = false; $user = false; $readstate = false; @@ -205,7 +204,7 @@ function extendItem($item, $_options = false) { case "ratings" : $ratings = $_value; break; case "comments" : $comments = $_value; break; case "subscription_method" : $subscription_method = $_value; break; - case "departments" : $departments = $_value; break; + case "user" : $user = $_value; break; case "readstate" : $readstate = $_value; break; @@ -267,13 +266,6 @@ function extendItem($item, $_options = false) { $item["subscription_method"] = $this->getSubscriptionMethod(array("item_id" => $item["id"])); } - - // add departments (for item) - if($all || $departments) { - $item["departments"] = $this->getDepartments(array("item_id" => $item["id"])); - } - - // add user nickname if($all || $user) { $UC = $this->getUserClass(); @@ -1381,7 +1373,7 @@ function getPrices($_options = false) { } // no matching prices found - return false; + return array(); } @@ -1413,60 +1405,6 @@ function getSubscriptionMethod($_options=false) { return false; } - // get departments for item_id - // maintain $_options parameter despite only one option for now (could be more in the future) - function getDepartments($_options=false) { - $item_id = false; - - if($_options !== false) { - foreach($_options as $_option => $_value) { - switch($_option) { - case "item_id" : $item_id = $_value; break; - } - } - } - - $query = new Query(); - - if($item_id) { - - $sql = "SELECT * FROM ".UT_ITEM_DEPARTMENT." as department - WHERE department.item_id = $item_id"; - - if($query->sql($sql)) { - return $query->results(); - } - - } - - return false; - } - - // togle status value on item - function togleStatus($_options=false) { - $item_id = false; - - if($_options !== false) { - foreach($_options as $_option => $_value) { - switch($_option) { - case "item_id" : $item_id = $_value; break; - } - } - } - - $query = new Query(); - - if($item_id) { - // notice the "!" in the sql. togles the boolean value - $sql = "UPDATE ".UT_ITEMS." as items set status = !status WHERE id = $item_id"; - if($query->sql($sql)) { - return true; - } - - } - - return false; - } } ?> \ No newline at end of file diff --git a/src/classes/items/itemtype.core.class.php b/src/classes/items/itemtype.core.class.php index 706adfa8..8ecf8de5 100755 --- a/src/classes/items/itemtype.core.class.php +++ b/src/classes/items/itemtype.core.class.php @@ -443,15 +443,6 @@ function update($action) { // get entities for current value $entities = $this->getModel(); - foreach($entities as $name => $entity) { - if ((is_int($entity['value']) || is_string($entity['value'])) && strstr($entity['value'],"+++")) { - // TODO obfuscatio check - $entity['value'] = base64_decode(str_replace("+++","",$entity['value'])); - $entity['value'] = str_replace("&","&",$entity['value']); - } - - } - $names = array(); $values = array(); diff --git a/src/classes/system/html.core.class.php b/src/classes/system/html.core.class.php index 0929ea03..cc051401 100755 --- a/src/classes/system/html.core.class.php +++ b/src/classes/system/html.core.class.php @@ -875,7 +875,7 @@ function formStart($action, $_options = false) { $att_action = $this->attribute("action", $action); $att_enctype = $this->attribute("enctype", $enctype); - $_ .= ''."\n"; + $_ .= ''."\n"; $_ .= ''."\n"; @@ -912,7 +912,6 @@ function button($value = false, $_options = false) { $type = "button"; $name = false; $class = false; - $script = array(); $wrapper = false; @@ -927,8 +926,6 @@ function button($value = false, $_options = false) { case "class" : $class = $_value; break; case "wrapper" : $wrapper = $_value; break; - - case "script" : $script = $_value; break; } } } @@ -939,10 +936,6 @@ function button($value = false, $_options = false) { $att_type = $this->attribute("type", $type); $att_class = $this->attribute("class", "button", $class); $att_name = $this->attribute("name", $name); - $att_script = ""; - if (count($script)) { - $att_script = $this->attribute($script[0], $script[1]); - } $att_wrap_id = ""; $att_wrap_class = ""; @@ -971,7 +964,7 @@ function button($value = false, $_options = false) { } - $_ .= ''; + $_ .= ''; if($wrapper) { $_ .= ''."\n"; diff --git a/src/config/database.constants.php b/src/config/database.constants.php index c8610d1d..ff18dca3 100755 --- a/src/config/database.constants.php +++ b/src/config/database.constants.php @@ -12,8 +12,6 @@ define("UT_MAILLISTS", SITE_DB.".system_maillists"); // Maillists -define("UT_DEPARTMENTS", SITE_DB.".system_departments"); // Maillists - // ITEMS define("UT_ITEMS", SITE_DB.".items"); // Items @@ -30,8 +28,6 @@ // SUBSCRIPTION METHOD define("UT_ITEMS_SUBSCRIPTION_METHOD", SITE_DB.".items_subscription_method"); // Items Subscription method -// DEPARTMENTS -define("UT_ITEM_DEPARTMENT", SITE_DB.".item_department"); // Items Subscription method diff --git a/src/config/db/items/item_department.sql b/src/config/db/items/item_department.sql deleted file mode 100644 index cec1d1aa..00000000 --- a/src/config/db/items/item_department.sql +++ /dev/null @@ -1,12 +0,0 @@ -CREATE TABLE `SITE_DB`.`item_department` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `item_id` int(11) NOT NULL, - `department_id` int(11) NOT NULL, - - PRIMARY KEY (`id`), - KEY `item_id` (`item_id`), - CONSTRAINT `item_department_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `SITE_DB`.`items` (`id`) ON DELETE CASCADE ON UPDATE CASCADE, - KEY `department_id` (`department_id`), - CONSTRAINT `item_department_ibfk_2` FOREIGN KEY (`department_id`) REFERENCES `SITE_DB`.`system_departments` (`id`) ON DELETE CASCADE ON UPDATE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8; - diff --git a/src/config/db/items/item_product.sql b/src/config/db/items/item_product.sql deleted file mode 100644 index a073f1d2..00000000 --- a/src/config/db/items/item_product.sql +++ /dev/null @@ -1,16 +0,0 @@ -CREATE TABLE `SITE_DB`.`item_product` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `item_id` int(11) NOT NULL, - - `name` varchar(100) NOT NULL, - `description` text NOT NULL DEFAULT '', - `producttype` text NOT NULL DEFAULT '', - `supplier` int(11) NOT NULL, - `productAvailability` varchar(255) NULL, - - PRIMARY KEY (`id`), - KEY `item_id` (`item_id`), - CONSTRAINT `item_product_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `SITE_DB`.`items` (`id`) ON DELETE CASCADE ON UPDATE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8; - - From 6b0c0f89f0798e694760a0ce88d08ed228d34dc3 Mon Sep 17 00:00:00 2001 From: kelete Date: Fri, 10 May 2019 13:33:02 +0200 Subject: [PATCH 3/3] Added item id to make unique ID for the editSingleMedia If calling the functionality more than once in the same page, the elemnt ID is not unique and then all interactions happen to the very first print. --- src/classes/system/html.janitor.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/classes/system/html.janitor.class.php b/src/classes/system/html.janitor.class.php index bb72b890..8106e630 100755 --- a/src/classes/system/html.janitor.class.php +++ b/src/classes/system/html.janitor.class.php @@ -626,9 +626,9 @@ function editSingleMedia(&$item, $_options = false) { $_ .= '
jsData().'>'; $_ .= '

'.$label.'

'; - $_ .= $model->formStart($this->path."/addSingleMedia/".$item["id"]."/".$variant, array("class" => "upload labelstyle:inject")); + $_ .= $model->formStart($this->path."/addSingleMedia/".$item["id"]."/".$variant, array("class" => "upload labelstyle:inject", "id" => $item["id"])); $_ .= '
'; - $_ .= $model->input($variant, array("value" => $media)); + $_ .= $model->input($variant, array("value" => $media, "id" => "single_media_".$item["id"])); $_ .= '
'; $_ .= $model->formEnd();