PaperBag/plan/do.php

333 lines
10 KiB
PHP

<?php
require '../webdata/init.php';
$db = database();
$user_id = 1;
header("Content-Type: application/json");
$data = [];
$returns = [];
foreach([$_GET, $_POST] as $request){
if(!empty($request)){
foreach($request as $key => $value){
if(($data[$key] = filter($value)) === false){
print_r($value);
echo "Failed to sanitize: `".$key."`: ".$value." \t-\t type: ".gettype($value)."\n";
}
}
}
}
if(!empty($data) && isset($user_id)){
if(isset($data['plan'])){
if($data['plan'] == 'saveStore'){
if($data['storeName'] == ""){
returns("Missing store-name value", 1);
}
if( ($temp = initStore($data['storeName'])) !== false ){
returns($temp);
}
else {
returns($db->error,1);
}
}
if($data['plan'] == 'renameStore'){
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "newName"=>@$data['newName']))) !== true){
returns("Missing a value: $temp", 1);
}
if( renameStore($data['storeID'], $data['newName']) !== false ){
returns();
}
else {
returns($db->error,1);
}
}
if($data['plan'] == 'deleteStore'){
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "storeName"=>@$data['storeName'], "itemsLength"=>@$data['itemsLength']))) !== true){
returns("Missing a value: $temp", 1);
}
if( deleteStore($data['storeID'], $data['storeName'], $data['itemsLength']) !== false ){
returns();
}
else {
returns($db->error,1);
}
}
else if($data['plan'] == 'addItem'){
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "name"=>@$data['name'], "price"=>@$data['price']))) !== true){
returns("Missing a value: $temp", 1);
}
if( ($itemID = addItem($data['storeID'], $data['name'], $data['price'])) !== false ){
returns($itemID);
}
else {
returns($db->error,1);
}
}
else if($data['plan'] == "remItem"){
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "itemID"=>@$data['itemID'], "price"=>@$data['price']))) !== true){
returns("Missing a value: $temp", 1);
}
if( remItem($data['storeID'], $data['itemID'], $data['price']) ){
returns();
}
else {
$error = $db->error;
if($error == ""){ $error = "No rows deleted"; }
returns($error,1);
}
}
// UPDATE ITEM AMOUNT
// UPDATE ITEM POSITION
else if($data['plan'] == 'moveItem'){
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "itemID"=>@$data['itemID'], "afterID"=>@$data['afterID']))) !== true){
returns("Missing a value: $temp", 1);
}
if( moveItem($data['storeID'], $data['itemID'], $data['afterID']) ){
returns();
}
returns($db->error,1);
}
else {
$sql = "SELECT `plan_store_id`, `name`, `created` FROM plan_store WHERE `user_id` = '$user_id'";
$result = $db->query($sql);
while($stores = $result->fetch_assoc()){
if($result2 = $db->query("SELECT `plan_item_id`, `name`, `price`, `amount` FROM plan_store_item WHERE `plan_store_id` = '$stores[plan_store_id]' ORDER BY pos")){
$stores['items'] = [];
if($result2->num_rows > 0){
$stores['items'] = $result2->fetch_all(MYSQLI_ASSOC);
}
}
else {
returns($db->error,1);
}
$returns[] = $stores;
}
}
returns($returns);
}
}
else {
returns("Nothing to do", 404);
}
returns("Fatal error!\n\nInput data:\n".print_r($data, true), 400);
function returns($content = 'Success', $code = 0){
if($code != 0 || $content == 'Success'){
$returns['status'] = $code;
$returns['message'] = $content;
}
else {
$returns['data'] = $content;
}
echo json_encode($returns);
die();
}
function filter($data){
global $db;
if(gettype($data) !== "array"){
$data = trim(htmlentities(strip_tags($data)));
return $db->real_escape_string($data);
}
else if(gettype($data) == "array"){
foreach($data as $key => $value){
$data[$key] = filter($value);
}
return $data;
}
return false;
}
// class Store {
// private $storeID;
// private $storeName;
// private $items = [];
// function __construct($existing = false){
// if($existing){
// $sql = "INSERT INTO "
// }
// }
// }
function checkArgs($args){
foreach($args as $key => $arg){
if($arg == ""){
return $key;
}
}
return true;
}
function initStore($storeName){
global $db, $user_id;
// CHECK IF STORE EXISTS
$storeCheckSql = "SELECT count(0) FROM plan_store WHERE `user_id` = '$user_id' AND `name` = '$storeName';";
if($storeCheckRes = $db->query($storeCheckSql)){
$matchingStores = $storeCheckRes->fetch_row()[0];
if($matchingStores == 1){
// $sql = "UPDATE plan_store SET null WHERE `user_id` = '$user_id' AND `name` = '$storeName';";
$sql = "SELECT plan_store_id FROM plan_store WHERE `user_id` = '$user_id' AND `name` = '$storeName';";
if( ($res = $db->query($sql)) !== false){
return $res->fetch_assoc()["plan_store_id"];
}
}
else if($matchingStores == 0){
$sql = "INSERT INTO plan_store (user_id, `name`) VALUES ($user_id, '$storeName');";
if( $db->query($sql) !== false){
return $db->insert_id;
}
}
}
return false;
}
function renameStore($storeID, $newName){
global $db, $user_id;
$storeCheckSql = "SELECT count(0) FROM plan_store WHERE `user_id` = '$user_id' AND `name` = '$newName';";
if(($storeCheckRes = $db->query($storeCheckSql)) && $storeCheckRes->fetch_row()[0] > 0){
return false;
}
$renameStoreSql = "UPDATE plan_store SET `name` = '$newName' WHERE `user_id` = '$user_id' AND `plan_store_id` = '$storeID';";
if($db->query($renameStoreSql) !== false){
return true;
}
}
function deleteStore($storeID, $storeName, $itemsLength){
global $db, $user_id;
$verifyOwnerSql = "SELECT `plan_store_id` FROM plan_store WHERE `user_id` = '$user_id' AND `plan_store_id` = '$storeID' AND `name` = '$storeName'";
$getItemsSql = "SELECT `plan_store_id` FROM plan_store_item WHERE `plan_store_id` = ($verifyOwnerSql)";
if(($getItemsSql = $db->query($getItemsSql)) &&
$getItemsSql->num_rows == $itemsLength &&
($getItemsSql->num_rows == 0 || $getItemsSql->fetch_row()[0] == $storeID)){
// DELETE QUERIES HERE
$deleteSql = "";
if($getItemsSql->num_rows > 0){
$deleteSql .= "DELETE FROM plan_store_item WHERE `plan_store_id` = '$storeID';\n";
}
$deleteSql .= "DELETE FROM plan_store WHERE `user_id` = '$user_id' AND `plan_store_id` = '$storeID' AND `name` = '$storeName';";
if($db->multi_query($deleteSql)){
return true;
}
}
return false;
}
function addItem($storeID, $name, $price){
global $db, $user_id;
$verifyUserOwnershipSQL = "SELECT plan_store_id FROM plan_store WHERE `user_id` = '$user_id' AND plan_store_id = '$storeID'";
$insertItemSQL = "INSERT INTO plan_store_item (`plan_store_id`, `pos`, `name`, `price`)
SELECT ($verifyUserOwnershipSQL), count(0)+1, '$name', $price FROM plan_store_item WHERE plan_store_id = '$storeID';";
if($db->query($insertItemSQL)){
return $db->insert_id;
}
return false;
}
function remItem($storeID, $itemID, $price){
global $db, $user_id;
$verifyUserOwnershipSQL = "SELECT `plan_store_id` FROM plan_store WHERE `user_id` = '$user_id' AND `plan_store_id` = '$storeID'";
$findRowSql = "SELECT `plan_item_id` FROM plan_store_item WHERE `plan_store_id` = ($verifyUserOwnershipSQL) AND `plan_item_id` = '$itemID'";
$removeItemsql = "DELETE FROM plan_store_item WHERE `plan_item_id` = ($findRowSql) AND `price` = '$price';";
if($db->query($removeItemsql) && mysqli_affected_rows($db) > 0){
return true;
}
return false;
}
function moveItem($storeID, $itemID, $afterID){
global $db, $user_id;
$verifyUserOwnershipSQL = "SELECT `plan_store_id` FROM plan_store WHERE `user_id` = '$user_id' AND `plan_store_id` = '$storeID'";
$getStoreItemsSQL = "SELECT plan_item_id FROM plan_store_item WHERE `plan_store_id` = ($verifyUserOwnershipSQL) ORDER BY if(pos is \N,1,0), pos;";
if($getStoreItems = $db->query($getStoreItemsSQL)){
$position = 1;
$newQuery = "";
if($afterID == 0){
$newQuery .= "UPDATE plan_store_item SET pos = $position WHERE plan_item_id = $itemID;";
$position++;
}
while($row = $getStoreItems->fetch_assoc()){
if($row['plan_item_id'] != $itemID){
$newQuery .= "UPDATE plan_store_item SET pos = $position WHERE plan_item_id = $row[plan_item_id];";
$position++;
}
if($row['plan_item_id'] == $afterID){
$newQuery .= "UPDATE plan_store_item SET pos = $position WHERE plan_item_id = $itemID;";
$position++;
}
}
if($newQuery != "" && $db->multi_query($newQuery)){
return true;
}
}
return false;
}
?>