From f1b1297804a8be1cf09f7a52812b02adc3b4c504 Mon Sep 17 00:00:00 2001
From: thomas <thomas@de-roo.org>
Date: Wed, 12 Nov 2025 11:47:10 +0100
Subject: [PATCH] verlanglijstje

---
 whishlist.php | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100644 whishlist.php

diff --git a/whishlist.php b/whishlist.php
new file mode 100644
index 0000000..dd0d0fe
--- /dev/null
+++ b/whishlist.php
@@ -0,0 +1,87 @@
+<?php
+session_start();
+require __DIR__ . '/data/db.php';
+require __DIR__ . '/functions/logging.php';
+require __DIR__ . '/auth/ldap.php';
+
+if (!isset($_SESSION['user'])) {
+    header('Location: test_ldap.php'); // redirect naar login
+    exit;
+}
+
+$username = $_SESSION['user']['username'];
+$message = '';
+
+// Verwijderen van item
+if (isset($_POST['delete'])) {
+    $stmt = $pdo->prepare("DELETE FROM wishlist WHERE id = ? AND username = ?");
+    $stmt->execute([$_POST['delete'], $username]);
+    log_action($pdo, $username, 'Wishlist item verwijderd', 'Wishlist script');
+    $message = "Item verwijderd!";
+}
+
+// Opslaan/updaten
+if (isset($_POST['save'])) {
+    $content = $_POST['content'] ?? '';
+    // Check of er al een wishlist is voor deze gebruiker
+    $stmt = $pdo->prepare("SELECT id FROM wishlist WHERE username = ?");
+    $stmt->execute([$username]);
+    if ($stmt->rowCount() > 0) {
+        $row = $stmt->fetch();
+        $stmtUpdate = $pdo->prepare("UPDATE wishlist SET content = ? WHERE id = ?");
+        $stmtUpdate->execute([$content, $row['id']]);
+        log_action($pdo, $username, 'Wishlist geüpdatet', 'Wishlist script');
+        $message = "Wishlist geüpdatet!";
+    } else {
+        $stmtInsert = $pdo->prepare("INSERT INTO wishlist (username, content) VALUES (?, ?)");
+        $stmtInsert->execute([$username, $content]);
+        log_action($pdo, $username, 'Wishlist aangemaakt', 'Wishlist script');
+        $message = "Wishlist aangemaakt!";
+    }
+}
+
+// Huidige wishlist ophalen
+$stmt = $pdo->prepare("SELECT * FROM wishlist WHERE username = ?");
+$stmt->execute([$username]);
+$wishlist = $stmt->fetch(PDO::FETCH_ASSOC);
+$content = $wishlist['content'] ?? '';
+
+?>
+<!DOCTYPE html>
+<html lang="nl">
+<head>
+<meta charset="UTF-8">
+<title>Verlanglijstje</title>
+<script src="https://cdn.tiny.cloud/1/no-api-key/tinymce/6/tinymce.min.js" referrerpolicy="origin"></script>
+<script>
+tinymce.init({
+  selector: '#content',
+  height: 300,
+  menubar: false,
+  plugins: 'lists link paste',
+  toolbar: 'undo redo | bold italic underline | bullist numlist | link | removeformat',
+  paste_as_text: false
+});
+</script>
+</head>
+<body>
+
+<h2>Verlanglijstje van <?= htmlspecialchars($username) ?></h2>
+
+<?php if($message): ?>
+<p style="color:green;"><?= htmlspecialchars($message) ?></p>
+<?php endif; ?>
+
+<form method="post">
+    <textarea id="content" name="content"><?= htmlspecialchars($content) ?></textarea><br>
+    <button type="submit" name="save">Opslaan / Bijwerken</button>
+</form>
+
+<?php if ($wishlist): ?>
+<form method="post" style="margin-top:10px;">
+    <button type="submit" name="delete" value="<?= $wishlist['id'] ?>" onclick="return confirm('Weet je het zeker?');">Verwijderen</button>
+</form>
+<?php endif; ?>
+
+</body>
+</html>