446 lines
14 KiB
PHP
446 lines
14 KiB
PHP
<?php
|
|
require '../webdata/init.php';
|
|
|
|
$db = database();
|
|
|
|
header("Content-Type: application/json");
|
|
|
|
if(!checkLogin()){
|
|
returns("Not logged in",2);
|
|
}
|
|
|
|
$user_id = $_SESSION['user_id'];
|
|
|
|
|
|
|
|
$data = [];
|
|
$returns = [];
|
|
|
|
|
|
foreach([$_GET, $_POST] as $request){
|
|
if(!empty($request)){
|
|
foreach($request as $key => $value){
|
|
if(($data[$key] = filter($value)) === false){
|
|
print_r($value);
|
|
echo "Failed to sanitize: `".$key."`: ".$value." \t-\t type: ".gettype($value)."\n";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if(!empty($data) && isset($user_id)){
|
|
if(isset($data['plan'])){
|
|
if(isset($data['space'])){
|
|
$spaceID = verifySpaceID($data['space']);
|
|
}
|
|
else {
|
|
$spaceID = verifySpaceID();
|
|
}
|
|
|
|
if($spaceID == 0){
|
|
returns('No access to space', 3);
|
|
}
|
|
|
|
if($data['plan'] == 'saveStore'){
|
|
|
|
if($data['storeName'] == ""){
|
|
returns("Missing store-name value", 1);
|
|
}
|
|
|
|
if( ($temp = initStore($data['storeName'])) !== false ){
|
|
returns($temp);
|
|
}
|
|
else {
|
|
returns($db->error,1);
|
|
}
|
|
}
|
|
|
|
if($data['plan'] == 'renameStore'){
|
|
|
|
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "newName"=>@$data['newName']))) !== true){
|
|
returns("Missing a value: $temp", 1);
|
|
}
|
|
|
|
if( renameStore($data['storeID'], $data['newName']) !== false ){
|
|
returns();
|
|
}
|
|
else {
|
|
returns($db->error,1);
|
|
}
|
|
}
|
|
|
|
if($data['plan'] == 'deleteStore'){
|
|
|
|
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "storeName"=>@$data['storeName'], "itemsLength"=>@$data['itemsLength']))) !== true){
|
|
returns("Missing a value: $temp", 1);
|
|
}
|
|
|
|
if( deleteStore($data['storeID'], $data['storeName'], $data['itemsLength']) !== false ){
|
|
returns();
|
|
}
|
|
else {
|
|
returns($db->error,1);
|
|
}
|
|
}
|
|
|
|
else if($data['plan'] == 'addItem'){
|
|
|
|
|
|
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "name"=>@$data['name'], "price"=>@$data['price']))) !== true){
|
|
returns("Missing a value: $temp", 1);
|
|
}
|
|
|
|
if( ($itemID = addItem($data['storeID'], $data['name'], $data['price'])) !== false ){
|
|
returns($itemID);
|
|
}
|
|
else {
|
|
returns($db->error,1);
|
|
}
|
|
}
|
|
|
|
else if($data['plan'] == "remItem"){
|
|
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "itemID"=>@$data['itemID'], "price"=>@$data['price']))) !== true){
|
|
returns("Missing a value: $temp", 1);
|
|
}
|
|
|
|
if( remItem($data['storeID'], $data['itemID'], $data['price']) ){
|
|
returns();
|
|
}
|
|
else {
|
|
$error = $db->error;
|
|
if($error == ""){ $error = "No rows deleted"; }
|
|
returns($error,1);
|
|
}
|
|
}
|
|
|
|
// UPDATE ITEM AMOUNT
|
|
else if ($data['plan'] == "updateItemAmount"){
|
|
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "itemID"=>@$data['itemID'], "newAmount"=>@$data['newAmount']))) !== true){
|
|
returns("Missing a value: $temp", 1);
|
|
}
|
|
|
|
if( setItemAmount($data['storeID'], $data['itemID'], $data['newAmount']) ){
|
|
returns();
|
|
}
|
|
else {
|
|
$error = $db->error;
|
|
returns($error,1);
|
|
}
|
|
}
|
|
|
|
// UPDATE ITEM POSITION
|
|
else if($data['plan'] == 'moveItem'){
|
|
|
|
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "itemID"=>@$data['itemID'], "afterID"=>@$data['afterID']))) !== true){
|
|
returns("Missing a value: $temp", 1);
|
|
}
|
|
|
|
if( moveItem($data['storeID'], $data['itemID'], $data['afterID']) ){
|
|
returns();
|
|
}
|
|
|
|
returns($db->error,1);
|
|
}
|
|
|
|
else if($data['plan'] == "setState"){
|
|
|
|
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "state"=>@$data['state']))) !== true){
|
|
returns("Missing a value: $temp", 1);
|
|
}
|
|
|
|
if( setState($data['storeID'], $data['state']) ){
|
|
returns();
|
|
}
|
|
|
|
returns($db->error, 1);
|
|
}
|
|
|
|
else if($data['plan'] == 'spaces'){
|
|
$spaces = [];
|
|
$getOwnedSpacesSQL = "SELECT space_id, space_name, owner_id userid FROM plan_space s WHERE s.owner_id = $user_id;";
|
|
$getMemberSpacesSQL = "SELECT s.space_id, s.space_name, member_id userid FROM plan_space_member sm INNER JOIN plan_space s ON sm.space_id = s.space_id WHERE sm.member_id = $user_id;";
|
|
if(($getOwnedPlans = $db->query($getOwnedSpacesSQL)) && ($getMemberSpaces = $db->query($getMemberSpacesSQL))){
|
|
|
|
$numOwned = 1;
|
|
while($row = $getOwnedPlans->fetch_assoc()){
|
|
if($row['space_name'] == ''){
|
|
$row['space_name'] = "Personal space ".$numOwned;
|
|
}
|
|
$spaces[] = $row;
|
|
$numOwned++;
|
|
}
|
|
|
|
$numShared = 1;
|
|
while($row = $getMemberSpaces->fetch_assoc()){
|
|
if($row['space_name'] == ''){
|
|
$row['space_name'] = "Shared space ".$numShared;
|
|
}
|
|
$spaces[] = $row;
|
|
$numShared++;
|
|
}
|
|
|
|
if(isset($_SESSION['lastSpace'])){
|
|
$returning['lastSpace'] = $_SESSION['lastSpace'];
|
|
}
|
|
$returning['spaces'] = $spaces;
|
|
|
|
returns($returning);
|
|
}
|
|
returns($db->error,1);
|
|
}
|
|
|
|
else {
|
|
|
|
$sql = "SELECT `plan_store_id`, `name`, `created`, `state` FROM plan_store WHERE space_id = $spaceID";
|
|
$result = $db->query($sql);
|
|
|
|
if($result->num_rows > 0){
|
|
|
|
while($stores = $result->fetch_assoc()){
|
|
|
|
if($result2 = $db->query("SELECT `plan_item_id`, `name`, `price`, `amount` FROM plan_store_item WHERE `plan_store_id` = '$stores[plan_store_id]' ORDER BY pos")){
|
|
|
|
$stores['items'] = [];
|
|
if($result2->num_rows > 0){
|
|
$stores['items'] = $result2->fetch_all(MYSQLI_ASSOC);
|
|
}
|
|
}
|
|
else {
|
|
returns($db->error,1);
|
|
}
|
|
|
|
try {
|
|
$_SESSION['lastSpace'] = $spaceID;
|
|
} catch (Exception $e){}
|
|
|
|
$returns[] = $stores;
|
|
}
|
|
}
|
|
}
|
|
|
|
returns($returns);
|
|
}
|
|
}
|
|
else {
|
|
returns("Nothing to do", 404);
|
|
}
|
|
|
|
returns("Fatal error!\n\nInput data:\n".print_r($data, true), 400);
|
|
|
|
|
|
function returns($content = 'Success', $code = 0){
|
|
if($code != 0 || $content == 'Success'){
|
|
$returns['status'] = $code;
|
|
$returns['message'] = $content;
|
|
}
|
|
else {
|
|
$returns['data'] = $content;
|
|
}
|
|
|
|
echo json_encode($returns);
|
|
die();
|
|
}
|
|
|
|
|
|
// class Store {
|
|
// private $storeID;
|
|
// private $storeName;
|
|
// private $items = [];
|
|
|
|
// function __construct($existing = false){
|
|
// if($existing){
|
|
// $sql = "INSERT INTO "
|
|
// }
|
|
// }
|
|
// }
|
|
|
|
function checkArgs($args){
|
|
foreach($args as $key => $arg){
|
|
if($arg == ""){
|
|
return $key;
|
|
}
|
|
}
|
|
return true;
|
|
}
|
|
|
|
function verifySpaceID($input = null): int{
|
|
global $db, $user_id;
|
|
|
|
if($input != null){
|
|
$countOwnerSQL = "SELECT count(0) FROM plan_space WHERE owner_id = $user_id AND space_id = $input";
|
|
$countMemberSQL = "SELECT count(0) FROM plan_space_member WHERE member_id = $user_id AND space_id = $input";
|
|
$verifyAccessSQL = "SELECT ($countOwnerSQL)+($countMemberSQL) verified;";
|
|
if(($verifyRes = $db->query($verifyAccessSQL)) && $verifyRes->fetch_row()[0] >= 1){
|
|
return $input;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
|
|
// CHECK FOR users own space
|
|
$selectSpaceQuery = $db->query("SELECT space_id FROM plan_space WHERE `owner_id` = '$user_id';");
|
|
|
|
// IF none, create a space
|
|
if($selectSpaceQuery->num_rows == 0){
|
|
$db->query("INSERT INTO plan_space SET owner_id = $user_id;");
|
|
return $db->insert_id;
|
|
}
|
|
|
|
return $selectSpaceQuery->fetch_row()[0];
|
|
}
|
|
|
|
function initStore($storeName){
|
|
global $db, $spaceID;
|
|
|
|
// CHECK IF STORE EXISTS
|
|
$storeCheckSql = "SELECT count(0) FROM plan_store WHERE `space_id` = '$spaceID' AND `name` = '$storeName';";
|
|
if($storeCheckRes = $db->query($storeCheckSql)){
|
|
$matchingStores = $storeCheckRes->fetch_row()[0];
|
|
|
|
if($matchingStores == 1){
|
|
// $sql = "UPDATE plan_store SET null WHERE `user_id` = '$user_id' AND `name` = '$storeName';";
|
|
$sql = "SELECT plan_store_id FROM plan_store WHERE `space_id` = '$spaceID' AND `name` = '$storeName';";
|
|
|
|
if( ($res = $db->query($sql)) !== false){
|
|
return $res->fetch_assoc()["plan_store_id"];
|
|
}
|
|
}
|
|
else if($matchingStores == 0){
|
|
$sql = "INSERT INTO plan_store (`space_id`, `name`) VALUES ($spaceID, '$storeName');";
|
|
|
|
if( $db->query($sql) !== false){
|
|
return $db->insert_id;
|
|
}
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
function renameStore($storeID, $newName){
|
|
global $db, $spaceID;
|
|
|
|
$storeCheckSql = "SELECT count(0) FROM plan_store WHERE `space_id` = '$spaceID' AND `name` = '$newName';";
|
|
if(($storeCheckRes = $db->query($storeCheckSql)) && $storeCheckRes->fetch_row()[0] > 0){
|
|
return false;
|
|
}
|
|
|
|
$renameStoreSql = "UPDATE plan_store SET `name` = '$newName' WHERE `space_id` = '$spaceID' AND `plan_store_id` = '$storeID';";
|
|
|
|
if($db->query($renameStoreSql) !== false){
|
|
return true;
|
|
}
|
|
}
|
|
|
|
function deleteStore($storeID, $storeName, $itemsLength){
|
|
global $db, $spaceID;
|
|
|
|
$verifyOwnerSql = "SELECT `plan_store_id` FROM plan_store WHERE `space_id` = '$spaceID' AND `plan_store_id` = '$storeID' AND `name` = '$storeName'";
|
|
$getItemsSql = "SELECT `plan_store_id` FROM plan_store_item WHERE `plan_store_id` = ($verifyOwnerSql)";
|
|
|
|
if(($getItemsSql = $db->query($getItemsSql)) &&
|
|
$getItemsSql->num_rows == $itemsLength &&
|
|
($getItemsSql->num_rows == 0 || $getItemsSql->fetch_row()[0] == $storeID)){
|
|
// DELETE QUERIES HERE
|
|
|
|
$deleteSql = "";
|
|
if($getItemsSql->num_rows > 0){
|
|
$deleteSql .= "DELETE FROM plan_store_item WHERE `plan_store_id` = '$storeID';\n";
|
|
}
|
|
$deleteSql .= "DELETE FROM plan_store WHERE `space_id` = '$spaceID' AND `plan_store_id` = '$storeID' AND `name` = '$storeName';";
|
|
|
|
if($db->multi_query($deleteSql)){
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
function addItem($storeID, $name, $price){
|
|
global $db, $spaceID;
|
|
|
|
$verifyUserOwnershipSQL = "SELECT plan_store_id FROM plan_store WHERE `space_id` = '$spaceID' AND plan_store_id = '$storeID'";
|
|
|
|
$insertItemSQL = "INSERT INTO plan_store_item (`plan_store_id`, `pos`, `name`, `price`)
|
|
SELECT ($verifyUserOwnershipSQL), count(0)+1, '$name', $price FROM plan_store_item WHERE plan_store_id = '$storeID';";
|
|
|
|
if($db->query($insertItemSQL)){
|
|
return $db->insert_id;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function remItem($storeID, $itemID, $price){
|
|
global $db, $spaceID;
|
|
|
|
$verifyUserOwnershipSQL = "SELECT `plan_store_id` FROM plan_store WHERE `space_id` = '$spaceID' AND `plan_store_id` = '$storeID'";
|
|
$findRowSql = "SELECT `plan_item_id` FROM plan_store_item WHERE `plan_store_id` = ($verifyUserOwnershipSQL) AND `plan_item_id` = '$itemID'";
|
|
$removeItemsql = "DELETE FROM plan_store_item WHERE `plan_item_id` = ($findRowSql) AND `price` = '$price';";
|
|
if($db->query($removeItemsql) && mysqli_affected_rows($db) > 0){
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function moveItem($storeID, $itemID, $afterID){
|
|
global $db, $spaceID;
|
|
|
|
$verifyUserOwnershipSQL = "SELECT `plan_store_id` FROM plan_store WHERE `space_id` = '$spaceID' AND `plan_store_id` = '$storeID'";
|
|
$getStoreItemsSQL = "SELECT plan_item_id FROM plan_store_item WHERE `plan_store_id` = ($verifyUserOwnershipSQL) ORDER BY if(pos is \N,1,0), pos;";
|
|
|
|
if($getStoreItems = $db->query($getStoreItemsSQL)){
|
|
|
|
$position = 1;
|
|
$newQuery = "";
|
|
|
|
if($afterID == 0){
|
|
$newQuery .= "UPDATE plan_store_item SET pos = $position WHERE plan_item_id = $itemID;";
|
|
$position++;
|
|
}
|
|
|
|
while($row = $getStoreItems->fetch_assoc()){
|
|
|
|
if($row['plan_item_id'] != $itemID){
|
|
$newQuery .= "UPDATE plan_store_item SET pos = $position WHERE plan_item_id = $row[plan_item_id];";
|
|
$position++;
|
|
}
|
|
|
|
if($row['plan_item_id'] == $afterID){
|
|
$newQuery .= "UPDATE plan_store_item SET pos = $position WHERE plan_item_id = $itemID;";
|
|
$position++;
|
|
}
|
|
}
|
|
|
|
if($newQuery != "" && $db->multi_query($newQuery)){
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function setItemAmount($storeID, $itemID, $newAmount = 1){
|
|
global $db, $spaceID;
|
|
|
|
$verifyUserOwnershipSQL = "SELECT `plan_store_id` FROM plan_store WHERE `space_id` = '$spaceID' AND `plan_store_id` = '$storeID'";
|
|
$updateAmountSQL = "UPDATE plan_store_item SET amount = $newAmount WHERE plan_item_id = $itemID AND plan_store_id = ($verifyUserOwnershipSQL);";
|
|
|
|
if($db->query($updateAmountSQL)){
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
function setState($storeID, $newState){
|
|
global $db, $spaceID;
|
|
|
|
$verifyUserOwnershipSQL = "SELECT `plan_store_id` FROM plan_store WHERE `space_id` = '$spaceID' AND `plan_store_id` = '$storeID'";
|
|
$setStateSQL = "UPDATE plan_store SET state = '$newState' WHERE plan_store_id = ($verifyUserOwnershipSQL);";
|
|
|
|
if($db->query($setStateSQL)){
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
} |