string(5) "title" ["description"]=> string(11) "description" ["type"]=> string(4) "type" ["duration"]=> string(1) "1" ["start"]=> string(10) "2019-11-22" ["end"]=> string(10) "2019-11-29" ["institution"]=> string(1) "1" ["expiry_time"]=> string(2) "60" ["newExperience"]=> string(0) "" } // IF USER ENTERS PAGE AFTER 'Create' BUTTON HAS BEEN PRESSED (FROM home.php), INSERT NEW EXPERIENCE TO DATABASE // ELSE (IF USER ENTERED THIS PAGE WITHOUT SUBMITING A FORM) REDIRECT TO home.php if(isset($_POST['newExperience'])) { // CLEAN USER INPUT $title = mysqli_real_escape_string($connection, trim($_POST['title'])); $description = mysqli_real_escape_string($connection, trim($_POST['description'])); $type = mysqli_real_escape_string($connection, trim($_POST['type'])); $duration_weeks = mysqli_real_escape_string($connection, trim($_POST['duration'])); $start_date = mysqli_real_escape_string($connection, trim($_POST['start'])); $end_date = mysqli_real_escape_string($connection, trim($_POST['end'])); $institution = mysqli_real_escape_string($connection, trim($_POST['institution'])); $expiry_time = mysqli_real_escape_string($connection, trim($_POST['expiry_time'])); // Check that experienceTitle is not an empty string // And that it doesn't exceed 60 characters (database limit) if($title === "") { http_response_code(400); echo json_encode(array("error" => "Please specify experience title.")); exit(); } else if(mb_strlen($title) > 60) { http_response_code(400); echo json_encode(array("error" => "Experience title too long (max. is 60 characters).")); exit(); } // Check that experienceDescription is not an empty string // And that it doesn't exceed 100 characters (database limit) if($description === "") { http_response_code(400); echo json_encode(array("error" => "Please specify experience description.")); exit(); } else if(mb_strlen($description) > 100) { http_response_code(400); echo json_encode(array("error" => "Experience description too long (max. is 100 characters).")); exit(); } // Check that experienceType is Course-Based Research or Independent Research if($type !== "Course-Based Research" && $type !== "Independent Research") { http_response_code(400); echo json_encode(array("error" => "Please specify valid experience type (either 'Course-Based Research' or 'Independent Research').")); exit(); } else if(mb_strlen($type) > 60) { http_response_code(400); echo json_encode(array("error" => "Experience type too long (max. is 60 characters).")); exit(); } // Check that startDate is not an empty string // And that startDate is in appropriate format YYYY-MM-DD (e.g. 2222-02-22) // WARNING: only handling AST // HELP: https://www.codexworld.com/how-to/validate-date-input-string-in-php/ function validDate($date) { $d = date_create_from_format("Y-m-d", $date); return $d && date_format($d, "Y-m-d") === $date; } if($start_date === "") { http_response_code(400); echo json_encode(array("error" => "Please specify experience's start date.")); exit(); } else if(!validDate($start_date)) { http_response_code(400); echo json_encode(array("error" => "Experience's start date ($start_date) given in wrong format (use YYYY-MM-DD instead).")); exit(); } // Check that endDate is not an empty string // And that endDate is in appropriate format YYYY-MM-DD (e.g. 2222-02-22) // WARNING: only handling AST // HELP: https://www.codexworld.com/how-to/validate-date-input-string-in-php/ if($end_date === "") { http_response_code(400); echo json_encode(array("error" => "Please specify experience's end date.")); exit(); } else if(!validDate($end_date)) { http_response_code(400); echo json_encode(array("error" => "Experience's end date ($end_date) given in wrong format (use YYYY-MM-DD instead).")); exit(); } // Calculate duration in seconds $duration_seconds = strtotime($end_date) - strtotime($start_date); // Check that endDate occurs after the startDate if($duration_seconds <= 0) { http_response_code(400); echo json_encode(array("error" => "Experience's end date ($end_date) must occur at least a day after the start date ($start_date).")); exit(); } // Change seconds to weeks and round up $duration_weeks = round($duration_seconds / 604800); // 60 * 60 * 24 * 7 // Check that institutionID is not an empty string // And that the institutionID given is in database if($institution === "") { http_response_code(400); echo json_encode(array("error" => "Please specify institution ID.")); exit(); } else if(mysqli_query($connection, "SELECT * FROM institution WHERE id = '$institution';")->num_rows !== 1) { http_response_code(400); echo json_encode(array("error" => "Given institution ID not in database.")); exit(); } // Check that expiryTime is permitted (30min, 1hr, 2hr, 3hr, 6hr, 12hr, 18hr, 24hr) $permittedExpiryTimes = array("30", "60", "120", "180", "360", "720", "1080", "1440"); if(!in_array($expiry_time, $permittedExpiryTimes, TRUE)) { http_response_code(400); echo json_encode(array("error" => "Expiry time given is not permitted (use only 30, 60, 120, 180, 360, 720, 1080 or 1440).")); exit(); } /*** START OF DB QUERIES ***/ // exit(); // while(TRUE) { // exit(); // } // exit(); /*** IF IT GOT THROUGH VALIDATION, IT'S TOO LATE ***/ // INSERTAR A TABLA experience EL TÍTULO, DESCRIPCIÓN, TIPO, DURACIÓN, START Y END DE LA EXPERIENCIA NUEVA $queryInsert = "INSERT INTO `experience` (`title`, `description`, `type`, `duration_weeks`, `start_date`, `end_date`, `expiry_time`) VALUES ('$title', '$description', '$type', '$duration_weeks', '$start_date', '$end_date', '$expiry_time');"; if(!mysqli_query($connection, $queryInsert)) die("Error: ".mysqli_error($connection)); // BUSCAR id DE LA EXPERIENCIA ACABADA DE INSERTAR $id_experience = mysqli_insert_id($connection) or die('Error: '.mysqli_error($connection)); // CREAR HASH PARA EL ENVÍO DEL URL A ESTUDIANTES $hash = substr(sha1($id_experience), 0, 40); $queryHash = "UPDATE experience SET hash_id = '$hash' WHERE id = '$id_experience';"; if(!mysqli_query($connection, $queryHash)) die("Error: ".mysqli_error($connection)); // ASOCIAR LA EXPERIENCIA NUEVA CON LA INSTITUCIÓN ESCOGIDA $queryHookExperienceToInstitution = "INSERT INTO `institution_experience` (`id_institution`, `id_experience`) VALUES ('$institution', '$id_experience');"; if(!mysqli_query($connection, $queryHookExperienceToInstitution)) die("Error: ".mysqli_error($connection)); // MAKE IT CLIENT SIDE!!!!!!!! HAVE TO SEND IT IN SERVER RESPONSE!!!!!!! // header('Location: ../viewExperience.php?view=$id_experience'); // exit(); }