From 4f8b1d07bc1e21b1c7b89166dcc9dd9a4a0a4f24 Mon Sep 17 00:00:00 2001
From: Marcel Peterkau <marcel@peterkau.de>
Date: Fri, 25 Nov 2022 01:50:02 +0100
Subject: [PATCH] Add List Functions working and changed image-URL

---
 add_item.php              |  9 +++++-
 config/config.php         |  1 +
 include/delete_unused.php | 32 +++++++++++++++++++++
 include/listgenerator.php | 31 ++++++++++++++++++---
 index.php                 | 58 ++++++++++++++++++++++++++++++++-------
 5 files changed, 116 insertions(+), 15 deletions(-)
 create mode 100644 include/delete_unused.php

diff --git a/add_item.php b/add_item.php
index f0547fb..032eeef 100644
--- a/add_item.php
+++ b/add_item.php
@@ -10,6 +10,13 @@ $ItemPrice = $_POST['ItemPrice'];
 $ItemLink = $_POST['ItemLink'];
 $ItemImage = $_POST['ItemImage'];
 
+#--- check if the provided Link is a valid URL
+
+if (filter_var($ItemLink, FILTER_VALIDATE_URL) === FALSE) {
+    die('Not a valid URL');
+}
+
+#---
 
 #--- check if the provided Image-Link is a real image:
 
@@ -17,7 +24,7 @@ $headers = array_change_key_case(get_headers($ItemImage, 1), CASE_LOWER);
 
 if (strpos($headers['content-type'], 'image/') !== false) {
     $strippedimagepath = strtok($ItemImage, '?');
-    $imageLocalLink = 'data/images/' . uniqid() . '.' . pathinfo($strippedimagepath, PATHINFO_EXTENSION);
+    $imageLocalLink = $imagedir . '/' . uniqid() . '.' . pathinfo($strippedimagepath, PATHINFO_EXTENSION);
     echo "ImageLink: " . $imageLocalLink;
     file_put_contents($imageLocalLink, fopen($strippedimagepath, 'r'));
 } else {
diff --git a/config/config.php b/config/config.php
index b64b653..a659a69 100644
--- a/config/config.php
+++ b/config/config.php
@@ -4,5 +4,6 @@ $servername = 'localhost';
 $username = 'wishlist';
 $db = 'wishlist';
 $password = 'R!6CIb-KxM96EC]6';
+$imagedir = 'data/images';
 
 ?>
\ No newline at end of file
diff --git a/include/delete_unused.php b/include/delete_unused.php
new file mode 100644
index 0000000..1ec6b81
--- /dev/null
+++ b/include/delete_unused.php
@@ -0,0 +1,32 @@
+<?php
+
+include_once('../config/config.php');
+$dir = new DirectoryIterator('../' . $imagedir);
+
+$conn = new mysqli($servername, $username, $password, $db);
+
+if ($conn->connect_error)
+    die('Connection failed: ' . $conn->connect_error);
+
+$sql = 'SELECT image FROM whishes';
+$result = $conn->query($sql);
+        
+    if ($result !== false && $result->num_rows > 0)
+    {
+        if ($rows = $result->fetch_all())
+        {
+            foreach ($dir as $fileinfo) {
+                if (!$fileinfo->isDot()) {
+                    $filename = $fileinfo->getFilename();
+            
+                    if (!in_array($filename, $rows))
+                    {
+                        $deletepath = '../' . $imagedir . '/' . $filename;
+                        unset($deletepath);
+                    }    
+                }
+            }
+        }
+    }
+
+$conn->close();
\ No newline at end of file
diff --git a/include/listgenerator.php b/include/listgenerator.php
index fe0f9c3..90dee25 100644
--- a/include/listgenerator.php
+++ b/include/listgenerator.php
@@ -4,7 +4,7 @@ include 'config/config.php';
 
 function generateListItem($ListItemID, $ItemImage, $ItemTitle, $ItemLink, $ItemPrice, $ItemComment, $ItemReserved, $ItemDate)
 {
-  global $loggedin;
+  global $loggedin, $imagedir;
 
   $formatter = new NumberFormatter('de_DE',  NumberFormatter::CURRENCY);
 
@@ -18,7 +18,7 @@ function generateListItem($ListItemID, $ItemImage, $ItemTitle, $ItemLink, $ItemP
         <div class="card-header">
           <h5 class="card-title">' . $ItemTitle . '</h5>
         </div>
-        <img src="' . $ItemImage . '" class="card-img-top">
+        <img src="' . $imagedir . '/' . $ItemImage . '" class="card-img-top">
         <div class="card-body">
           <p class="card-text">' . $ItemComment . '</p>
           <div class="row justify-content-end">
@@ -81,8 +81,31 @@ function wishlistMainBuilder($ListID, $sortby)
     }
   } else {
     echo ('
-    <h1 class="fw-light">Das tut mir leid...</h1>
-    <p class="lead text-muted">Diese Liste gibt es nicht mehr</p>
+    <div class="modal-dialog" role="document">
+      <div class="modal-content rounded-4 shadow">
+        <div class="modal-header p-5 pb-4 border-bottom-0">
+          <h1 class="fw-bold mb-0 fs-2">Das tut mir leid...</h1>
+          <p class="modal-title fs-5" >..aber diese Liste exisiert nicht. Möchten Sie eine neue anlegen ?</p>
+        </div>
+
+        <div class="modal-body p-5 pt-0">
+          <form action="" method="POST">  
+            <div class="form-floating mb-3">
+              <input type="text" class="form-control rounded-3" id="listName" name="listName"  placeholder="Name der Liste">
+              <label for="listName">Name der Liste</label>
+            </div>
+            <div class="form-floating mb-3">
+              <input type="password" class="form-control rounded-3" id="listPassword" name="listPassword" placeholder="Password">
+              <label for="listPassword">Password</label>
+            </div>
+            <div class="form-floating mb-3">
+              <input type="text" class="form-control rounded-3" id="listDescription" name="listDescription" placeholder="Beschreibung">
+              <label for="listDescription">Beschreibung</label>
+            </div>
+            <button class="w-100 mb-2 btn btn-lg rounded-3 btn-primary" name="listadd" type="submit">Absenden</button>
+          </form>
+        </div>
+    </div>
     ');
   }
 
diff --git a/index.php b/index.php
index 4ab3214..7f8468d 100644
--- a/index.php
+++ b/index.php
@@ -51,6 +51,36 @@ if (isset($_POST['login'])) {
   $conn->close();
 }
 
+if (isset($_POST['listadd'])) {
+  $listName = $_POST['listName'];
+  $listPassword = password_hash($_POST['listPassword'], PASSWORD_DEFAULT);
+  $listDescription = $_POST['listDescription'];
+  $conn = new mysqli($servername, $username, $password, $db);
+
+  // Check connection
+  if ($conn->connect_error) {
+    die('Connection failed: ' . $conn->connect_error);
+  }
+
+  $sql = 'INSERT INTO lists (title, description, edit_pw) VALUES ("' . $listName . '", "' .$listDescription. '","' . $listPassword . '")';
+  
+  $result = $conn->query($sql);
+
+  if ($conn->query($sql) === TRUE) {
+    $last_id = $conn->insert_id;
+
+    $_SESSION['listid'] = $last_id;
+    $loggedin = true;
+    $actual_link = 'http://' . $_SERVER['HTTP_HOST'] . '/?list=' . $last_id;
+    header('Location: ' . $actual_link);
+
+  } else {
+    $message = array('msg' => 'Error: ' . $sql . '<br>' . $conn->error, 'type' => 'error');
+  }
+  
+  $conn->close();
+}
+
 if (isset($_POST['logout'])) {
   session_destroy();
   $loggedin = false;
@@ -334,6 +364,7 @@ if (isset($_POST['delete']) && $loggedin == true) {
       </div>
     </div>
   </div>
+  <!-- END OF Modal Delete-->
   ');
   }
   ?>
@@ -364,7 +395,7 @@ if (isset($_POST['delete']) && $loggedin == true) {
       </div>
     </div>
   </div>
-
+  <!-- END OF Modal Reservation-->
 
   <script>
     $('#reservationModal').on('show.bs.modal', function(event) {
@@ -384,21 +415,28 @@ if (isset($_POST['delete']) && $loggedin == true) {
       }
     });
 
-    $('#deleteModal').on('show.bs.modal', function(event) {
-      var resTr = $(event.relatedTarget)
-      var whishcard = resTr.parents().closest('.card');
-      var whishtitle = whishcard.find('.card-title').text();
-      var wishid = resTr.data('wishid')
-      var modal = $(this)
-      modal.find('#WhishID').val(wishid)
-      modal.find('#whish-title').text(whishtitle)
-    });
+    <?php
+    if ($loggedin == true) {
+      echo ('
+        $(\'#deleteModal\').on(\'show.bs.modal\', function(event) \{
+          var resTr = $(event.relatedTarget)
+          var whishcard = resTr.parents().closest(\'.card\');
+          var whishtitle = whishcard.find(\'.card-title\').text();
+          var wishid = resTr.data(\'wishid\')
+          var modal = $(this)
+          modal.find(\'#WhishID\').val(wishid)
+          modal.find(\'#whish-title\').text(whishtitle)
+        });
+    ');
+    }
+    ?>
 
     $(document).ready(function() {
       $('#sortby').on('change', function() {
         this.form.submit();
       });
     });
+
   </script>
 
 </body>