333 lines
10 KiB
PHP
333 lines
10 KiB
PHP
<?php
|
|
require '../webdata/init.php';
|
|
$db = database();
|
|
|
|
$user_id = 1;
|
|
|
|
header("Content-Type: application/json");
|
|
|
|
$data = [];
|
|
$returns = [];
|
|
|
|
|
|
foreach([$_GET, $_POST] as $request){
|
|
if(!empty($request)){
|
|
foreach($request as $key => $value){
|
|
if(($data[$key] = filter($value)) === false){
|
|
print_r($value);
|
|
echo "Failed to sanitize: `".$key."`: ".$value." \t-\t type: ".gettype($value)."\n";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if(!empty($data) && isset($user_id)){
|
|
if(isset($data['plan'])){
|
|
if($data['plan'] == 'saveStore'){
|
|
|
|
if($data['storeName'] == ""){
|
|
returns("Missing store-name value", 1);
|
|
}
|
|
|
|
if( ($temp = initStore($data['storeName'])) !== false ){
|
|
returns($temp);
|
|
}
|
|
else {
|
|
returns($db->error,1);
|
|
}
|
|
}
|
|
|
|
if($data['plan'] == 'renameStore'){
|
|
|
|
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "newName"=>@$data['newName']))) !== true){
|
|
returns("Missing a value: $temp", 1);
|
|
}
|
|
|
|
if( renameStore($data['storeID'], $data['newName']) !== false ){
|
|
returns();
|
|
}
|
|
else {
|
|
returns($db->error,1);
|
|
}
|
|
}
|
|
|
|
if($data['plan'] == 'deleteStore'){
|
|
|
|
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "storeName"=>@$data['storeName'], "itemsLength"=>@$data['itemsLength']))) !== true){
|
|
returns("Missing a value: $temp", 1);
|
|
}
|
|
|
|
if( deleteStore($data['storeID'], $data['storeName'], $data['itemsLength']) !== false ){
|
|
returns();
|
|
}
|
|
else {
|
|
returns($db->error,1);
|
|
}
|
|
}
|
|
|
|
else if($data['plan'] == 'addItem'){
|
|
|
|
|
|
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "name"=>@$data['name'], "price"=>@$data['price']))) !== true){
|
|
returns("Missing a value: $temp", 1);
|
|
}
|
|
|
|
if( ($itemID = addItem($data['storeID'], $data['name'], $data['price'])) !== false ){
|
|
returns($itemID);
|
|
}
|
|
else {
|
|
returns($db->error,1);
|
|
}
|
|
}
|
|
|
|
else if($data['plan'] == "remItem"){
|
|
|
|
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "itemID"=>@$data['itemID'], "price"=>@$data['price']))) !== true){
|
|
returns("Missing a value: $temp", 1);
|
|
}
|
|
|
|
if( remItem($data['storeID'], $data['itemID'], $data['price']) ){
|
|
returns();
|
|
}
|
|
else {
|
|
$error = $db->error;
|
|
if($error == ""){ $error = "No rows deleted"; }
|
|
returns($error,1);
|
|
}
|
|
}
|
|
|
|
// UPDATE ITEM AMOUNT
|
|
|
|
|
|
// UPDATE ITEM POSITION
|
|
else if($data['plan'] == 'moveItem'){
|
|
|
|
if(($temp = checkArgs(array("storeID"=>@$data['storeID'], "itemID"=>@$data['itemID'], "afterID"=>@$data['afterID']))) !== true){
|
|
returns("Missing a value: $temp", 1);
|
|
}
|
|
|
|
if( moveItem($data['storeID'], $data['itemID'], $data['afterID']) ){
|
|
returns();
|
|
}
|
|
|
|
returns($db->error,1);
|
|
}
|
|
|
|
else {
|
|
$sql = "SELECT `plan_store_id`, `name`, `created` FROM plan_store WHERE `user_id` = '$user_id'";
|
|
$result = $db->query($sql);
|
|
|
|
while($stores = $result->fetch_assoc()){
|
|
|
|
if($result2 = $db->query("SELECT `plan_item_id`, `name`, `price`, `amount` FROM plan_store_item WHERE `plan_store_id` = '$stores[plan_store_id]' ORDER BY pos")){
|
|
|
|
$stores['items'] = [];
|
|
if($result2->num_rows > 0){
|
|
$stores['items'] = $result2->fetch_all(MYSQLI_ASSOC);
|
|
}
|
|
}
|
|
else {
|
|
returns($db->error,1);
|
|
}
|
|
|
|
$returns[] = $stores;
|
|
}
|
|
}
|
|
|
|
returns($returns);
|
|
}
|
|
}
|
|
else {
|
|
returns("Nothing to do", 404);
|
|
}
|
|
|
|
returns("Fatal error!\n\nInput data:\n".print_r($data, true), 400);
|
|
|
|
|
|
function returns($content = 'Success', $code = 0){
|
|
if($code != 0 || $content == 'Success'){
|
|
$returns['status'] = $code;
|
|
$returns['message'] = $content;
|
|
}
|
|
else {
|
|
$returns['data'] = $content;
|
|
}
|
|
|
|
echo json_encode($returns);
|
|
die();
|
|
}
|
|
|
|
|
|
function filter($data){
|
|
global $db;
|
|
|
|
if(gettype($data) !== "array"){
|
|
$data = trim(htmlentities(strip_tags($data)));
|
|
|
|
return $db->real_escape_string($data);
|
|
}
|
|
else if(gettype($data) == "array"){
|
|
foreach($data as $key => $value){
|
|
$data[$key] = filter($value);
|
|
}
|
|
|
|
return $data;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
// class Store {
|
|
// private $storeID;
|
|
// private $storeName;
|
|
// private $items = [];
|
|
|
|
// function __construct($existing = false){
|
|
// if($existing){
|
|
// $sql = "INSERT INTO "
|
|
// }
|
|
// }
|
|
// }
|
|
|
|
function checkArgs($args){
|
|
foreach($args as $key => $arg){
|
|
if($arg == ""){
|
|
return $key;
|
|
}
|
|
}
|
|
return true;
|
|
}
|
|
|
|
function initStore($storeName){
|
|
global $db, $user_id;
|
|
|
|
// CHECK IF STORE EXISTS
|
|
$storeCheckSql = "SELECT count(0) FROM plan_store WHERE `user_id` = '$user_id' AND `name` = '$storeName';";
|
|
if($storeCheckRes = $db->query($storeCheckSql)){
|
|
$matchingStores = $storeCheckRes->fetch_row()[0];
|
|
|
|
if($matchingStores == 1){
|
|
// $sql = "UPDATE plan_store SET null WHERE `user_id` = '$user_id' AND `name` = '$storeName';";
|
|
$sql = "SELECT plan_store_id FROM plan_store WHERE `user_id` = '$user_id' AND `name` = '$storeName';";
|
|
|
|
if( ($res = $db->query($sql)) !== false){
|
|
return $res->fetch_assoc()["plan_store_id"];
|
|
}
|
|
}
|
|
else if($matchingStores == 0){
|
|
$sql = "INSERT INTO plan_store (user_id, `name`) VALUES ($user_id, '$storeName');";
|
|
|
|
if( $db->query($sql) !== false){
|
|
return $db->insert_id;
|
|
}
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
function renameStore($storeID, $newName){
|
|
global $db, $user_id;
|
|
|
|
$storeCheckSql = "SELECT count(0) FROM plan_store WHERE `user_id` = '$user_id' AND `name` = '$newName';";
|
|
if(($storeCheckRes = $db->query($storeCheckSql)) && $storeCheckRes->fetch_row()[0] > 0){
|
|
return false;
|
|
}
|
|
|
|
$renameStoreSql = "UPDATE plan_store SET `name` = '$newName' WHERE `user_id` = '$user_id' AND `plan_store_id` = '$storeID';";
|
|
|
|
if($db->query($renameStoreSql) !== false){
|
|
return true;
|
|
}
|
|
}
|
|
|
|
function deleteStore($storeID, $storeName, $itemsLength){
|
|
global $db, $user_id;
|
|
|
|
$verifyOwnerSql = "SELECT `plan_store_id` FROM plan_store WHERE `user_id` = '$user_id' AND `plan_store_id` = '$storeID' AND `name` = '$storeName'";
|
|
$getItemsSql = "SELECT `plan_store_id` FROM plan_store_item WHERE `plan_store_id` = ($verifyOwnerSql)";
|
|
|
|
if(($getItemsSql = $db->query($getItemsSql)) &&
|
|
$getItemsSql->num_rows == $itemsLength &&
|
|
($getItemsSql->num_rows == 0 || $getItemsSql->fetch_row()[0] == $storeID)){
|
|
// DELETE QUERIES HERE
|
|
|
|
$deleteSql = "";
|
|
if($getItemsSql->num_rows > 0){
|
|
$deleteSql .= "DELETE FROM plan_store_item WHERE `plan_store_id` = '$storeID';\n";
|
|
}
|
|
$deleteSql .= "DELETE FROM plan_store WHERE `user_id` = '$user_id' AND `plan_store_id` = '$storeID' AND `name` = '$storeName';";
|
|
|
|
if($db->multi_query($deleteSql)){
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
function addItem($storeID, $name, $price){
|
|
global $db, $user_id;
|
|
|
|
$verifyUserOwnershipSQL = "SELECT plan_store_id FROM plan_store WHERE `user_id` = '$user_id' AND plan_store_id = '$storeID'";
|
|
|
|
$insertItemSQL = "INSERT INTO plan_store_item (`plan_store_id`, `pos`, `name`, `price`)
|
|
SELECT ($verifyUserOwnershipSQL), count(0)+1, '$name', $price FROM plan_store_item WHERE plan_store_id = '$storeID';";
|
|
|
|
if($db->query($insertItemSQL)){
|
|
return $db->insert_id;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function remItem($storeID, $itemID, $price){
|
|
global $db, $user_id;
|
|
|
|
$verifyUserOwnershipSQL = "SELECT `plan_store_id` FROM plan_store WHERE `user_id` = '$user_id' AND `plan_store_id` = '$storeID'";
|
|
$findRowSql = "SELECT `plan_item_id` FROM plan_store_item WHERE `plan_store_id` = ($verifyUserOwnershipSQL) AND `plan_item_id` = '$itemID'";
|
|
$removeItemsql = "DELETE FROM plan_store_item WHERE `plan_item_id` = ($findRowSql) AND `price` = '$price';";
|
|
if($db->query($removeItemsql) && mysqli_affected_rows($db) > 0){
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function moveItem($storeID, $itemID, $afterID){
|
|
global $db, $user_id;
|
|
|
|
$verifyUserOwnershipSQL = "SELECT `plan_store_id` FROM plan_store WHERE `user_id` = '$user_id' AND `plan_store_id` = '$storeID'";
|
|
$getStoreItemsSQL = "SELECT plan_item_id FROM plan_store_item WHERE `plan_store_id` = ($verifyUserOwnershipSQL) ORDER BY if(pos is \N,1,0), pos;";
|
|
|
|
if($getStoreItems = $db->query($getStoreItemsSQL)){
|
|
|
|
$position = 1;
|
|
$newQuery = "";
|
|
|
|
if($afterID == 0){
|
|
$newQuery .= "UPDATE plan_store_item SET pos = $position WHERE plan_item_id = $itemID;";
|
|
$position++;
|
|
}
|
|
|
|
while($row = $getStoreItems->fetch_assoc()){
|
|
|
|
if($row['plan_item_id'] != $itemID){
|
|
$newQuery .= "UPDATE plan_store_item SET pos = $position WHERE plan_item_id = $row[plan_item_id];";
|
|
$position++;
|
|
}
|
|
|
|
if($row['plan_item_id'] == $afterID){
|
|
$newQuery .= "UPDATE plan_store_item SET pos = $position WHERE plan_item_id = $itemID;";
|
|
$position++;
|
|
}
|
|
}
|
|
|
|
if($newQuery != "" && $db->multi_query($newQuery)){
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
|
|
|
|
?>
|