eirik
/
PaperBag
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity
PaperBag/www/plan/do.php

446 lines
14 KiB
PHP
Raw Blame History

<?php
require '../webdata/init.php';
$db = database();
header("Content-Type: application/json");
if(!checkLogin()){
returns("Not logged in",2);
}
$user_id = $_SESSION['user_id'];
$data = [];
$returns = [];
foreach([$_GET, $_POST] as $request){
if(!empty($request)){
foreach($request as $key => $value){
if(($data[$key] = filter($value)) === false){
print_r($value);
echo "Failed to sanitize: `".$key."`: ".$value." \t-\t type: ".gettype($value)."\n";
}
}
}
}
if(!empty($data) && isset($user_id)){
if(isset($data['plan'])){
if(isset($data['space'])){
$spaceID = verifySpaceID($data['space']);
}
else {
$spaceID = verifySpaceID();
}
if($spaceID == 0){
returns('No access to space', 3);
}
if($data['plan'] == 'saveStore'){
if($data['storeName'] == ""){
returns("Missing store-name value", 1);
}
if( ($temp = initStore($data['storeName'])) !== false ){
returns($temp);
}
else {
returns($db->error,1);
}
}
if($data['plan'] == 'renameStore'){
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "newName"=>@$data['newName']))) !== true){
returns("Missing a value: $temp", 1);
}
if( renameStore($data['storeID'], $data['newName']) !== false ){
returns();
}
else {
returns($db->error,1);
}
}
if($data['plan'] == 'deleteStore'){
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "storeName"=>@$data['storeName'], "itemsLength"=>@$data['itemsLength']))) !== true){
returns("Missing a value: $temp", 1);
}
if( deleteStore($data['storeID'], $data['storeName'], $data['itemsLength']) !== false ){
returns();
}
else {
returns($db->error,1);
}
}
else if($data['plan'] == 'addItem'){
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "name"=>@$data['name'], "price"=>@$data['price']))) !== true){
returns("Missing a value: $temp", 1);
}
if( ($itemID = addItem($data['storeID'], $data['name'], $data['price'])) !== false ){
returns($itemID);
}
else {
returns($db->error,1);
}
}
else if($data['plan'] == "remItem"){
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "itemID"=>@$data['itemID'], "price"=>@$data['price']))) !== true){
returns("Missing a value: $temp", 1);
}
if( remItem($data['storeID'], $data['itemID'], $data['price']) ){
returns();
}
else {
$error = $db->error;
if($error == ""){ $error = "No rows deleted"; }
returns($error,1);
}
}
// UPDATE ITEM AMOUNT
else if ($data['plan'] == "updateItemAmount"){
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "itemID"=>@$data['itemID'], "newAmount"=>@$data['newAmount']))) !== true){
returns("Missing a value: $temp", 1);
}
if( setItemAmount($data['storeID'], $data['itemID'], $data['newAmount']) ){
returns();
}
else {
$error = $db->error;
returns($error,1);
}
}
// UPDATE ITEM POSITION
else if($data['plan'] == 'moveItem'){
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "itemID"=>@$data['itemID'], "afterID"=>@$data['afterID']))) !== true){
returns("Missing a value: $temp", 1);
}
if( moveItem($data['storeID'], $data['itemID'], $data['afterID']) ){
returns();
}
returns($db->error,1);
}
else if($data['plan'] == "setState"){
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "state"=>@$data['state']))) !== true){
returns("Missing a value: $temp", 1);
}
if( setState($data['storeID'], $data['state']) ){
returns();
}
returns($db->error, 1);
}
else if($data['plan'] == 'spaces'){
$spaces = [];
$getOwnedSpacesSQL = "SELECT space_id, space_name, owner_id userid FROM plan_space s WHERE s.owner_id = $user_id;";
$getMemberSpacesSQL = "SELECT s.space_id, s.space_name, member_id userid FROM plan_space_member sm INNER JOIN plan_space s ON sm.space_id = s.space_id WHERE sm.member_id = $user_id;";
if(($getOwnedPlans = $db->query($getOwnedSpacesSQL)) && ($getMemberSpaces = $db->query($getMemberSpacesSQL))){
$numOwned = 1;
while($row = $getOwnedPlans->fetch_assoc()){
if($row['space_name'] == ''){
$row['space_name'] = "Personal space ".$numOwned;
}
$spaces[] = $row;
$numOwned++;
}
$numShared = 1;
while($row = $getMemberSpaces->fetch_assoc()){
if($row['space_name'] == ''){
$row['space_name'] = "Shared space ".$numShared;
}
$spaces[] = $row;
$numShared++;
}
if(isset($_SESSION['lastSpace'])){
$returning['lastSpace'] = $_SESSION['lastSpace'];
}
$returning['spaces'] = $spaces;
returns($returning);
}
returns($db->error,1);
}
else {
$sql = "SELECT `plan_store_id`, `name`, `created`, `state` FROM plan_store WHERE space_id = $spaceID";
$result = $db->query($sql);
if($result->num_rows > 0){
while($stores = $result->fetch_assoc()){
if($result2 = $db->query("SELECT `plan_item_id`, `name`, `price`, `amount` FROM plan_store_item WHERE `plan_store_id` = '$stores[plan_store_id]' ORDER BY pos")){
$stores['items'] = [];
if($result2->num_rows > 0){
$stores['items'] = $result2->fetch_all(MYSQLI_ASSOC);
}
}
else {
returns($db->error,1);
}
try {
$_SESSION['lastSpace'] = $spaceID;
} catch (Exception $e){}
$returns[] = $stores;
}
}
}
returns($returns);
}
}
else {
returns("Nothing to do", 404);
}
returns("Fatal error!\n\nInput data:\n".print_r($data, true), 400);
function returns($content = 'Success', $code = 0){
if($code != 0 || $content == 'Success'){
$returns['status'] = $code;
$returns['message'] = $content;
}
else {
$returns['data'] = $content;
}
echo json_encode($returns);
die();
}
// class Store {
// private $storeID;
// private $storeName;
// private $items = [];
// function __construct($existing = false){
// if($existing){
// $sql = "INSERT INTO "
// }
// }
// }
function checkArgs($args){
foreach($args as $key => $arg){
if($arg == ""){
return $key;
}
}
return true;
}
function verifySpaceID($input = null): int{
global $db, $user_id;
if($input != null){
$countOwnerSQL = "SELECT count(0) FROM plan_space WHERE owner_id = $user_id AND space_id = $input";
$countMemberSQL = "SELECT count(0) FROM plan_space_member WHERE member_id = $user_id AND space_id = $input";
$verifyAccessSQL = "SELECT ($countOwnerSQL)+($countMemberSQL) verified;";
if(($verifyRes = $db->query($verifyAccessSQL)) && $verifyRes->fetch_row()[0] >= 1){
return $input;
}
return 0;
}
// CHECK FOR users own space
$selectSpaceQuery = $db->query("SELECT space_id FROM plan_space WHERE `owner_id` = '$user_id';");
// IF none, create a space
if($selectSpaceQuery->num_rows == 0){
$db->query("INSERT INTO plan_space SET owner_id = $user_id;");
return $db->insert_id;
}
return $selectSpaceQuery->fetch_row()[0];
}
function initStore($storeName){
global $db, $spaceID;
// CHECK IF STORE EXISTS
$storeCheckSql = "SELECT count(0) FROM plan_store WHERE `space_id` = '$spaceID' AND `name` = '$storeName';";
if($storeCheckRes = $db->query($storeCheckSql)){
$matchingStores = $storeCheckRes->fetch_row()[0];
if($matchingStores == 1){
// $sql = "UPDATE plan_store SET null WHERE `user_id` = '$user_id' AND `name` = '$storeName';";
$sql = "SELECT plan_store_id FROM plan_store WHERE `space_id` = '$spaceID' AND `name` = '$storeName';";
if( ($res = $db->query($sql)) !== false){
return $res->fetch_assoc()["plan_store_id"];
}
}
else if($matchingStores == 0){
$sql = "INSERT INTO plan_store (`space_id`, `name`) VALUES ($spaceID, '$storeName');";
if( $db->query($sql) !== false){
return $db->insert_id;
}
}
}
return false;
}
function renameStore($storeID, $newName){
global $db, $spaceID;
$storeCheckSql = "SELECT count(0) FROM plan_store WHERE `space_id` = '$spaceID' AND `name` = '$newName';";
if(($storeCheckRes = $db->query($storeCheckSql)) && $storeCheckRes->fetch_row()[0] > 0){
return false;
}
$renameStoreSql = "UPDATE plan_store SET `name` = '$newName' WHERE `space_id` = '$spaceID' AND `plan_store_id` = '$storeID';";
if($db->query($renameStoreSql) !== false){
return true;
}
}
function deleteStore($storeID, $storeName, $itemsLength){
global $db, $spaceID;
$verifyOwnerSql = "SELECT `plan_store_id` FROM plan_store WHERE `space_id` = '$spaceID' AND `plan_store_id` = '$storeID' AND `name` = '$storeName'";
$getItemsSql = "SELECT `plan_store_id` FROM plan_store_item WHERE `plan_store_id` = ($verifyOwnerSql)";
if(($getItemsSql = $db->query($getItemsSql)) &&
$getItemsSql->num_rows == $itemsLength &&
($getItemsSql->num_rows == 0 || $getItemsSql->fetch_row()[0] == $storeID)){
// DELETE QUERIES HERE
$deleteSql = "";
if($getItemsSql->num_rows > 0){
$deleteSql .= "DELETE FROM plan_store_item WHERE `plan_store_id` = '$storeID';\n";
}
$deleteSql .= "DELETE FROM plan_store WHERE `space_id` = '$spaceID' AND `plan_store_id` = '$storeID' AND `name` = '$storeName';";
if($db->multi_query($deleteSql)){
return true;
}
}
return false;
}
function addItem($storeID, $name, $price){
global $db, $spaceID;
$verifyUserOwnershipSQL = "SELECT plan_store_id FROM plan_store WHERE `space_id` = '$spaceID' AND plan_store_id = '$storeID'";
$insertItemSQL = "INSERT INTO plan_store_item (`plan_store_id`, `pos`, `name`, `price`)
SELECT ($verifyUserOwnershipSQL), count(0)+1, '$name', $price FROM plan_store_item WHERE plan_store_id = '$storeID';";
if($db->query($insertItemSQL)){
return $db->insert_id;
}
return false;
}
function remItem($storeID, $itemID, $price){
global $db, $spaceID;
$verifyUserOwnershipSQL = "SELECT `plan_store_id` FROM plan_store WHERE `space_id` = '$spaceID' AND `plan_store_id` = '$storeID'";
$findRowSql = "SELECT `plan_item_id` FROM plan_store_item WHERE `plan_store_id` = ($verifyUserOwnershipSQL) AND `plan_item_id` = '$itemID'";
$removeItemsql = "DELETE FROM plan_store_item WHERE `plan_item_id` = ($findRowSql) AND `price` = '$price';";
if($db->query($removeItemsql) && mysqli_affected_rows($db) > 0){
return true;
}
return false;
}
function moveItem($storeID, $itemID, $afterID){
global $db, $spaceID;
$verifyUserOwnershipSQL = "SELECT `plan_store_id` FROM plan_store WHERE `space_id` = '$spaceID' AND `plan_store_id` = '$storeID'";
$getStoreItemsSQL = "SELECT plan_item_id FROM plan_store_item WHERE `plan_store_id` = ($verifyUserOwnershipSQL) ORDER BY if(pos is \N,1,0), pos;";
if($getStoreItems = $db->query($getStoreItemsSQL)){
$position = 1;
$newQuery = "";
if($afterID == 0){
$newQuery .= "UPDATE plan_store_item SET pos = $position WHERE plan_item_id = $itemID;";
$position++;
}
while($row = $getStoreItems->fetch_assoc()){
if($row['plan_item_id'] != $itemID){
$newQuery .= "UPDATE plan_store_item SET pos = $position WHERE plan_item_id = $row[plan_item_id];";
$position++;
}
if($row['plan_item_id'] == $afterID){
$newQuery .= "UPDATE plan_store_item SET pos = $position WHERE plan_item_id = $itemID;";
$position++;
}
}
if($newQuery != "" && $db->multi_query($newQuery)){
return true;
}
}
return false;
}
function setItemAmount($storeID, $itemID, $newAmount = 1){
global $db, $spaceID;
$verifyUserOwnershipSQL = "SELECT `plan_store_id` FROM plan_store WHERE `space_id` = '$spaceID' AND `plan_store_id` = '$storeID'";
$updateAmountSQL = "UPDATE plan_store_item SET amount = $newAmount WHERE plan_item_id = $itemID AND plan_store_id = ($verifyUserOwnershipSQL);";
if($db->query($updateAmountSQL)){
return true;
}
return false;
}
function setState($storeID, $newState){
global $db, $spaceID;
$verifyUserOwnershipSQL = "SELECT `plan_store_id` FROM plan_store WHERE `space_id` = '$spaceID' AND `plan_store_id` = '$storeID'";
$setStateSQL = "UPDATE plan_store SET state = '$newState' WHERE plan_store_id = ($verifyUserOwnershipSQL);";
if($db->query($setStateSQL)){
return true;
}
return false;
}
Reference in New Issue View Git Blame Copy Permalink