Skip to content

Add wheel of fortune prettyblock #364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
CySSoO merged 12 commits into from
Sep 14, 2025
Merged

Add wheel of fortune prettyblock #364

CySSoO merged 12 commits into from
Sep 14, 2025

Conversation

@CySSoO
Copy link
Contributor

@CySSoO CySSoO commented Sep 14, 2025

Summary

  • add configurable wheel of fortune block in Prettyblocks
  • handle one play per customer without storing emails
  • persist wheel plays in new database table
  • require customer login and generate unique voucher codes on spin
  • show login and account creation forms with newsletter opt-in to capture customer accounts
  • move wheel interface logic to everblock.js using jQuery
  • let admins configure coupon name, prefix, validity and discount type for generated vouchers

Testing

  • php -l controllers/front/wheel.php
  • php -l models/EverblockPrettyBlocks.php

https://chatgpt.com/codex/tasks/task_e_68c5adfc94dc8322a20c50d081b83554

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Sep 14, 2025
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Codex Review: Here are some suggestions.

Reply with @codex fix comments to fix any unresolved comments.

About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you open a pull request for review, mark a draft as ready, or comment "@codex review". If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex fix this CI failure" or "@codex address that feedback".

controllers/front/wheel.php Outdated
Comment on lines 45 to 58
$segments = Tools::getValue('segments');
if (is_string($segments)) {
$segments = json_decode($segments, true);
}
if (!is_array($segments) || empty($segments)) {
die(json_encode([
'status' => false,
'message' => $this->module->l('No segments available', 'wheel'),
]));
}
$prefix = Tools::getValue('coupon_prefix', 'WHEEL');
$validity = (int) Tools::getValue('coupon_validity', 30);
$discountType = Tools::getValue('coupon_type', 'percent');
$couponName = Tools::getValue('coupon_name', 'Wheel reward');
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Sep 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[P0] Validate wheel spin parameters server-side

The spin controller reads segments, coupon_prefix, coupon_validity, coupon_type, and coupon_name directly from the POST payload (around lines 45‑58) and uses them to determine which prize wins and what coupon is created, without cross-checking the saved PrettyBlock configuration. Any authenticated user can POST an arbitrary JSON array and discount values to /module/everblock/wheel and obtain a voucher with any amount, percent, validity or code prefix they choose, effectively bypassing the intended probabilities and limits. This allows trivial creation of high-value coupons and undermines the marketing rules for the wheel.

Useful? React with 👍 / 👎.

@CySSoO CySSoO merged commit 1fbd153 into master Sep 14, 2025
0 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CySSoO