string(5) "title" ["description"]=> string(11) "description" ["type"]=> string(4) "type" ["duration"]=> string(1) "1" ["start"]=> string(10) "2019-11-22" ["end"]=> string(10) "2019-11-29" ["institution"]=> string(1) "1" ["expiry_time"]=> string(2) "60" ["newExperience"]=> string(0) "" } // IF USER ENTERS PAGE AFTER 'Create' BUTTON HAS BEEN PRESSED (FROM home.php), INSERT NEW EXPERIENCE TO DATABASE // ELSE (IF USER ENTERED THIS PAGE WITHOUT SUBMITING A FORM) REDIRECT TO home.php if(isset($_POST['newExperience'])) { // CLEAN USER INPUT $title = mysqli_real_escape_string($connection, trim($_POST['title'])); $description = mysqli_real_escape_string($connection, trim($_POST['description'])); $type = mysqli_real_escape_string($connection, trim($_POST['type'])); // $duration_weeks = mysqli_real_escape_string($connection, trim($_POST['duration'])); $start_date = mysqli_real_escape_string($connection, trim($_POST['start'])); $end_date = mysqli_real_escape_string($connection, trim($_POST['end'])); $institution = mysqli_real_escape_string($connection, trim($_POST['institution'])); $expiry_time = mysqli_real_escape_string($connection, trim($_POST['expiry_time'])); // (PROJECT INPUT) $typeOfExperience = mysqli_real_escape_string($connection, trim($_POST['typeOfExperience'])); $typeOfProject = mysqli_real_escape_string($connection, trim($_POST['typeOfProject'])); $projectID = mysqli_real_escape_string($connection, trim($_POST['projectID'])); $projectName = mysqli_real_escape_string($connection, trim($_POST['projectName'])); $projectDescription = mysqli_real_escape_string($connection, trim($_POST['projectDescription'])); // Check that experienceTitle is not an empty string // And that it doesn't exceed 60 characters (database limit) if($title === "") { http_response_code(400); echo json_encode(array("error" => "Please specify experience title.")); exit(); } else if(mb_strlen($title) > 60) { http_response_code(400); echo json_encode(array("error" => "Experience title too long (max. is 60 characters).")); exit(); } // Check that experienceDescription is not an empty string // And that it doesn't exceed 100 characters (database limit) if($description === "") { http_response_code(400); echo json_encode(array("error" => "Please specify experience description.")); exit(); } else if(mb_strlen($description) > 100) { http_response_code(400); echo json_encode(array("error" => "Experience description too long (max. is 100 characters).")); exit(); } // Check that experienceType is Course-Based Research or Independent Research // EDIT: THE TERMINOLOGY ITSELF MIGHT CHANGE OVER TIME, DON'T CHECK AGAINST HARD-CODED VALUES // if($type !== "Course-Based Research" && $type !== "Independent Research") { // http_response_code(400); // echo json_encode(array("error" => "Please specify valid experience type (either 'Course-Based Research' or 'Independent Research').")); // exit(); // } else if(mb_strlen($type) > 60) { http_response_code(400); echo json_encode(array("error" => "Experience type too long (max. is 60 characters).")); exit(); } // Check that startDate is not an empty string // And that startDate is in appropriate format YYYY-MM-DD (e.g. 2222-02-22) // WARNING: only handling AST // HELP: https://www.codexworld.com/how-to/validate-date-input-string-in-php/ function validDate($date) { $d = date_create_from_format("Y-m-d", $date); return $d && date_format($d, "Y-m-d") === $date; } if($start_date === "") { http_response_code(400); echo json_encode(array("error" => "Please specify experience's start date.")); exit(); } else if(!validDate($start_date)) { http_response_code(400); echo json_encode(array("error" => "Experience's start date ($start_date) given in wrong format (use YYYY-MM-DD instead).")); exit(); } // Check that endDate is not an empty string // And that endDate is in appropriate format YYYY-MM-DD (e.g. 2222-02-22) // WARNING: only handling AST // HELP: https://www.codexworld.com/how-to/validate-date-input-string-in-php/ if($end_date === "") { http_response_code(400); echo json_encode(array("error" => "Please specify experience's end date.")); exit(); } else if(!validDate($end_date)) { http_response_code(400); echo json_encode(array("error" => "Experience's end date ($end_date) given in wrong format (use YYYY-MM-DD instead).")); exit(); } // Calculate duration in seconds $duration_seconds = strtotime($end_date) - strtotime($start_date); // Check that endDate occurs after the startDate if($duration_seconds <= 0) { http_response_code(400); echo json_encode(array("error" => "Experience's end date ($end_date) must occur at least a day after the start date ($start_date).")); exit(); } // Change seconds to weeks and round up $duration_weeks = round($duration_seconds / 604800); // 60 * 60 * 24 * 7 // Check that institutionID is not an empty string // And that the institutionID given is in database if($institution === "") { http_response_code(400); echo json_encode(array("error" => "Please specify institution ID.")); exit(); } else if(mysqli_query($connection, "SELECT * FROM institution WHERE id = '$institution';")->num_rows !== 1) { http_response_code(400); echo json_encode(array("error" => "Given institution ID not in database.")); exit(); } // Check that expiryTime is permitted (30min, 1hr, 2hr, 3hr, 6hr, 12hr, 18hr, 24hr) $permittedExpiryTimes = array("30", "60", "120", "180", "360", "720", "1080", "1440"); if(!in_array($expiry_time, $permittedExpiryTimes, TRUE)) { http_response_code(400); echo json_encode(array("error" => "Expiry time given is not permitted (use only 30, 60, 120, 180, 360, 720, 1080 or 1440).")); exit(); } // Check if type of experience is valid if($typeOfExperience !== "Standalone" && $typeOfExperience !== "Part of a Project") { http_response_code(400); echo json_encode(array("error" => "Invalid type of experience.")); exit(); } // If experience is part of a project, decide if it's an existing project or a new project if($typeOfExperience === "Part of a Project") { // If existing project, check validity of project ID // If new project, check validity of project name and description if($typeOfProject === "Existing") { if(mysqli_query($connection, "SELECT * FROM project WHERE id = '$projectID';")->num_rows !== 1) { http_response_code(400); echo json_encode(array("error" => "Given project ID ($projectID) not in database.")); exit(); } } else if($typeOfProject === "New") { if($projectName === "") { http_response_code(400); echo json_encode(array("error" => "Please specify project name.")); exit(); } else if(mb_strlen($projectName) > 256) { http_response_code(400); echo json_encode(array("error" => "Project name too long (max. is 256 characters).")); exit(); } if($projectDescription === "") { http_response_code(400); echo json_encode(array("error" => "Please specify project description.")); exit(); } else if(mb_strlen($projectDescription) > 256) { http_response_code(400); echo json_encode(array("error" => "Project description too long (max. is 256 characters).")); exit(); } } } /*** START OF DB QUERIES ***/ // exit(); // while(TRUE) { // exit(); // } // exit(); /*** IF IT GOT THROUGH VALIDATION, IT'S TOO LATE ***/ // INSERTAR A TABLA experience EL TÍTULO, DESCRIPCIÓN, TIPO, DURACIÓN, START Y END DE LA EXPERIENCIA NUEVA $queryInsert = "INSERT INTO `experience` (`title`, `description`, `type`, `duration_weeks`, `start_date`, `end_date`, `expiry_time`) VALUES ('$title', '$description', '$type', '$duration_weeks', '$start_date', '$end_date', '$expiry_time');"; if(!mysqli_query($connection, $queryInsert)) die("Error: ".mysqli_error($connection)); // BUSCAR id DE LA EXPERIENCIA ACABADA DE INSERTAR $id_experience = mysqli_insert_id($connection) or die('Error: '.mysqli_error($connection)); // CREAR HASH PARA EL ENVÍO DEL URL A ESTUDIANTES $hash = substr(sha1($id_experience), 0, 40); $queryHash = "UPDATE experience SET hash_id = '$hash' WHERE id = '$id_experience';"; if(!mysqli_query($connection, $queryHash)) die("Error: ".mysqli_error($connection)); // ASOCIAR LA EXPERIENCIA NUEVA CON LA INSTITUCIÓN ESCOGIDA $queryHookExperienceToInstitution = "INSERT INTO `institution_experience` (`id_institution`, `id_experience`) VALUES ('$institution', '$id_experience');"; if(!mysqli_query($connection, $queryHookExperienceToInstitution)) die("Error: ".mysqli_error($connection)); // ASOCIAR LA EXPERIENCIA NUEVA CON EL USUARIO $queryHookExperienceToUser = "INSERT INTO `researcher_experience` (`id_researcher`, `id_experience`) VALUES ('" . $_SESSION['dbUserData']['id_researcher'] . "', '$id_experience')"; if(!mysqli_query($connection, $queryHookExperienceToUser)) die("Error: ".mysqli_error($connection)); // CREAR PROJECT if($typeOfExperience === "Part of a Project") { // If existing project, just hook experience to project // If new project, create project and then hook if($typeOfProject === "New") { $queryProject = "INSERT INTO project (`name`, `description`) VALUES ('$projectName', '$projectDescription');"; if(!mysqli_query($connection, $queryProject)) die("Error: ".mysqli_error($connection)); // BUSCAR id DEL PROYECTO ACABADO DE INSERTAR $projectID = mysqli_insert_id($connection) or die('Error: '.mysqli_error($connection)); } $queryHookExperienceToProject = "INSERT INTO project_experience (`id_experience`, `id_project`) VALUES ('$id_experience', '$projectID');"; if(!mysqli_query($connection, $queryHookExperienceToProject)) die("Error: ".mysqli_error($connection)); } // MAKE IT CLIENT SIDE!!!!!!!! HAVE TO SEND IT IN SERVER RESPONSE!!!!!!! // header('Location: ../viewExperience.php?view=$id_experience'); // exit(); }