Marle
/
webAdministracion
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull requests 0 Versões 0 Wiki Atividade
Nenhuma descrição
13 Commits
1 Branch
Branch: master
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de master
${ noResults }
webAdministracion/processes/insertExperience.php

insertExperience.php 10KB
Link permanente Histórico Original

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272 
  1. <?php

  2. 

  3. 	require_once 'config.php';

  4. 	require_once 'dbh.inc.php';

  5. 	require_once 'checkLogin.php';

  6. 

  7. 

  8. 	// EXAMPLE INPUT...

  9. 	// array(9) { ["title"]=> string(5) "title" ["description"]=> string(11) "description" ["type"]=> string(4) "type" ["duration"]=> string(1) "1" ["start"]=> string(10) "2019-11-22" ["end"]=> string(10) "2019-11-29" ["institution"]=> string(1) "1" ["expiry_time"]=> string(2) "60" ["newExperience"]=> string(0) "" }

  10. 

  11. 	// IF USER ENTERS PAGE AFTER 'Create' BUTTON HAS BEEN PRESSED (FROM home.php), INSERT NEW EXPERIENCE TO DATABASE

  12. 	// ELSE (IF USER ENTERED THIS PAGE WITHOUT SUBMITING A FORM) REDIRECT TO home.php

  13. 	if(isset($_POST['newExperience'])) {

  14. 

  15. 		

  16. 		// CLEAN USER INPUT

  17. 		$title = mysqli_real_escape_string($connection, trim($_POST['title']));

  18. 		$description = mysqli_real_escape_string($connection, trim($_POST['description']));

  19. 		$type = mysqli_real_escape_string($connection, trim($_POST['type']));

  20. // 		$duration_weeks = mysqli_real_escape_string($connection, trim($_POST['duration']));

  21. 		$start_date = mysqli_real_escape_string($connection, trim($_POST['start']));

  22. 		$end_date = mysqli_real_escape_string($connection, trim($_POST['end']));

  23. 		$institution = mysqli_real_escape_string($connection, trim($_POST['institution']));

  24. 		$expiry_time = mysqli_real_escape_string($connection, trim($_POST['expiry_time']));

  25. 		

  26. 		// (PROJECT INPUT)

  27. 		$typeOfExperience = mysqli_real_escape_string($connection, trim($_POST['typeOfExperience']));

  28. 		$typeOfProject = mysqli_real_escape_string($connection, trim($_POST['typeOfProject']));

  29. 		$projectID = mysqli_real_escape_string($connection, trim($_POST['projectID']));

  30. 		$projectName = mysqli_real_escape_string($connection, trim($_POST['projectName']));

  31. 		$projectDescription = mysqli_real_escape_string($connection, trim($_POST['projectDescription']));

  32. 		

  33. 			

  34. 		

  35. 		// Check that experienceTitle is not an empty string

  36. 		// And that it doesn't exceed 60 characters (database limit)

  37. 		if($title === "") {

  38. 			http_response_code(400);

  39. 			echo json_encode(array("error" => "Please specify experience title."));

  40. 			exit();

  41. 		} else if(mb_strlen($title) > 60) {

  42. 			http_response_code(400);

  43. 			echo json_encode(array("error" => "Experience title too long (max. is 60 characters)."));

  44. 			exit();

  45. 		}

  46. 		

  47. 		

  48. 		// Check that experienceDescription is not an empty string

  49. 		// And that it doesn't exceed 100 characters (database limit)

  50. 		if($description === "") {

  51. 			http_response_code(400);

  52. 			echo json_encode(array("error" => "Please specify experience description."));

  53. 			exit();

  54. 		} else if(mb_strlen($description) > 100) {

  55. 			http_response_code(400);

  56. 			echo json_encode(array("error" => "Experience description too long (max. is 100 characters)."));

  57. 			exit();

  58. 		}

  59. 		

  60. 

  61. 		// Check that experienceType is Course-Based Research or Independent Research

  62. 		// EDIT: THE TERMINOLOGY ITSELF MIGHT CHANGE OVER TIME, DON'T CHECK AGAINST HARD-CODED VALUES

  63. // 		if($type !== "Course-Based Research" && $type !== "Independent Research") {

  64. // 			http_response_code(400);

  65. // 			echo json_encode(array("error" => "Please specify valid experience type (either 'Course-Based Research' or 'Independent Research')."));

  66. // 			exit();

  67. // 		} else

  68. 		

  69. 		if(mb_strlen($type) > 60) {

  70. 			http_response_code(400);

  71. 			echo json_encode(array("error" => "Experience type too long (max. is 60 characters)."));

  72. 			exit();

  73. 		}

  74. 		

  75. 		

  76. 		// Check that startDate is not an empty string

  77. 		// And that startDate is in appropriate format YYYY-MM-DD (e.g. 2222-02-22)

  78. 		// WARNING: only handling AST

  79. 		// HELP: https://www.codexworld.com/how-to/validate-date-input-string-in-php/

  80. 		

  81. 		function validDate($date) {

  82. 			$d = date_create_from_format("Y-m-d", $date);

  83. 			return $d && date_format($d, "Y-m-d") === $date;

  84. 		}

  85. 		

  86. 		if($start_date === "") {

  87. 			http_response_code(400);

  88. 			echo json_encode(array("error" => "Please specify experience's start date."));

  89. 			exit();

  90. 		} else if(!validDate($start_date)) {

  91. 			http_response_code(400);

  92. 			echo json_encode(array("error" => "Experience's start date ($start_date) given in wrong format (use YYYY-MM-DD instead)."));

  93. 			exit();

  94. 		}

  95. 

  96. 

  97. 		// Check that endDate is not an empty string

  98. 		// And that endDate is in appropriate format YYYY-MM-DD (e.g. 2222-02-22)

  99. 		// WARNING: only handling AST

  100. 		// HELP: https://www.codexworld.com/how-to/validate-date-input-string-in-php/

  101. 		if($end_date === "") {

  102. 			http_response_code(400);

  103. 			echo json_encode(array("error" => "Please specify experience's end date."));

  104. 			exit();

  105. 		} else if(!validDate($end_date)) {

  106. 			http_response_code(400);

  107. 			echo json_encode(array("error" => "Experience's end date ($end_date) given in wrong format (use YYYY-MM-DD instead)."));

  108. 			exit();

  109. 		}

  110. 		

  111. 		

  112. 		// Calculate duration in seconds

  113. 		$duration_seconds = strtotime($end_date) - strtotime($start_date);

  114. 		

  115. 		

  116. 		// Check that endDate occurs after the startDate

  117. 		if($duration_seconds <= 0) {

  118. 			http_response_code(400);

  119. 			echo json_encode(array("error" => "Experience's end date ($end_date) must occur at least a day after the start date ($start_date)."));

  120. 			exit();

  121. 		}

  122. 		

  123. 		

  124. 		// Change seconds to weeks and round up

  125. 		$duration_weeks = round($duration_seconds / 604800); // 60 * 60 * 24 * 7

  126. 		

  127. 		

  128. 		// Check that institutionID is not an empty string

  129. 		// And that the institutionID given is in database

  130. 		if($institution === "") {

  131. 			http_response_code(400);

  132. 			echo json_encode(array("error" => "Please specify institution ID."));

  133. 			exit();

  134. 		} else if(mysqli_query($connection, "SELECT * FROM institution WHERE id = '$institution';")->num_rows !== 1) {

  135. 			http_response_code(400);

  136. 			echo json_encode(array("error" => "Given institution ID not in database."));

  137. 			exit();

  138. 		}

  139. 		

  140. 		

  141. 		// Check that expiryTime is permitted (30min, 1hr, 2hr, 3hr, 6hr, 12hr, 18hr, 24hr)

  142. 		$permittedExpiryTimes = array("30", "60", "120", "180", "360", "720", "1080", "1440");

  143. 		if(!in_array($expiry_time, $permittedExpiryTimes, TRUE)) {

  144. 			http_response_code(400);

  145. 			echo json_encode(array("error" => "Expiry time given is not permitted (use only 30, 60, 120, 180, 360, 720, 1080 or 1440)."));

  146. 			exit();

  147. 		}

  148. 		

  149. 		

  150. 		

  151. 		

  152. 		

  153. 		// Check if type of experience is valid

  154. 		if($typeOfExperience !== "Standalone" && $typeOfExperience !== "Part of a Project") {

  155. 			http_response_code(400);

  156. 			echo json_encode(array("error" => "Invalid type of experience."));

  157. 			exit();

  158. 		}

  159. 		

  160. 		// If experience is part of a project, decide if it's an existing project or a new project

  161. 		if($typeOfExperience === "Part of a Project") {

  162. 

  163. 			// If existing project, check validity of project ID

  164. 			// If new project, check validity of project name and description

  165. 			if($typeOfProject === "Existing") {

  166. 				

  167. 				if(mysqli_query($connection, "SELECT * FROM project WHERE id = '$projectID';")->num_rows !== 1) {

  168. 					http_response_code(400);

  169. 					echo json_encode(array("error" => "Given project ID ($projectID) not in database."));

  170. 					exit();

  171. 				}

  172. 				

  173. 			} else if($typeOfProject === "New") {

  174. 				

  175. 				if($projectName === "") {

  176. 					http_response_code(400);

  177. 					echo json_encode(array("error" => "Please specify project name."));

  178. 					exit();

  179. 				} else if(mb_strlen($projectName) > 256) {

  180. 					http_response_code(400);

  181. 					echo json_encode(array("error" => "Project name too long (max. is 256 characters)."));

  182. 					exit();				

  183. 				}

  184. 

  185. 				if($projectDescription === "") {

  186. 					http_response_code(400);

  187. 					echo json_encode(array("error" => "Please specify project description."));

  188. 					exit();

  189. 				} else if(mb_strlen($projectDescription) > 256) {

  190. 					http_response_code(400);

  191. 					echo json_encode(array("error" => "Project description too long (max. is 256 characters)."));

  192. 					exit();				

  193. 				}

  194. 				

  195. 			}

  196. 			

  197. 		}

  198. 		

  199. 		

  200. 		

  201. 		/*** START OF DB QUERIES ***/

  202. // 		exit();

  203. // 		while(TRUE) {

  204. // 			exit();

  205. // 		}

  206. // 		exit();

  207. 		/*** IF IT GOT THROUGH VALIDATION, IT'S TOO LATE ***/

  208. 	

  209. 		

  210. 		

  211. 		

  212. 		// INSERTAR A TABLA experience EL TÍTULO, DESCRIPCIÓN, TIPO, DURACIÓN, START Y END DE LA EXPERIENCIA NUEVA

  213. 		$queryInsert = "INSERT INTO `experience` (`title`, `description`, `type`, `duration_weeks`, `start_date`, `end_date`, `expiry_time`) VALUES ('$title', '$description', '$type', '$duration_weeks', '$start_date', '$end_date', '$expiry_time');";

  214. 		if(!mysqli_query($connection, $queryInsert)) die("Error: ".mysqli_error($connection));

  215. 		

  216. 		

  217. 		// BUSCAR id DE LA EXPERIENCIA ACABADA DE INSERTAR

  218. 		$id_experience = mysqli_insert_id($connection) or die('Error: '.mysqli_error($connection));

  219. 		

  220. 		

  221. 		// CREAR HASH PARA EL ENVÍO DEL URL A ESTUDIANTES

  222. 		$hash = substr(sha1($id_experience), 0, 40);

  223. 		$queryHash = "UPDATE experience SET hash_id = '$hash' WHERE id = '$id_experience';";

  224. 		if(!mysqli_query($connection, $queryHash)) die("Error: ".mysqli_error($connection));

  225. 

  226. 		

  227. 		// ASOCIAR LA EXPERIENCIA NUEVA CON LA INSTITUCIÓN ESCOGIDA

  228. 		$queryHookExperienceToInstitution = "INSERT INTO `institution_experience` (`id_institution`, `id_experience`) VALUES ('$institution', '$id_experience');";

  229. 		if(!mysqli_query($connection, $queryHookExperienceToInstitution)) die("Error: ".mysqli_error($connection));

  230. 		

  231. 		

  232. 		// ASOCIAR LA EXPERIENCIA NUEVA CON EL USUARIO

  233. 		$queryHookExperienceToUser = "INSERT INTO `researcher_experience` (`id_researcher`, `id_experience`) VALUES ('" . $_SESSION['dbUserData']['id_researcher'] . "', '$id_experience')";

  234. 		if(!mysqli_query($connection, $queryHookExperienceToUser)) die("Error: ".mysqli_error($connection));

  235. 		

  236. 		

  237. 		

  238. 		

  239. 		

  240. 		

  241. 		

  242. 		

  243. 		// CREAR PROJECT

  244. 		if($typeOfExperience === "Part of a Project") {

  245. 

  246. 			// If existing project, just hook experience to project

  247. 			// If new project, create project and then hook

  248. 			if($typeOfProject === "New") {

  249. 				

  250. 				$queryProject = "INSERT INTO project (`name`, `description`) VALUES ('$projectName', '$projectDescription');";

  251. 				if(!mysqli_query($connection, $queryProject)) die("Error: ".mysqli_error($connection));

  252. 				

  253. 				// BUSCAR id DEL PROYECTO ACABADO DE INSERTAR

  254. 				$projectID = mysqli_insert_id($connection) or die('Error: '.mysqli_error($connection));

  255. 				

  256. 			}

  257. 			

  258. 			$queryHookExperienceToProject = "INSERT INTO project_experience (`id_experience`, `id_project`) VALUES ('$id_experience', '$projectID');";

  259. 			if(!mysqli_query($connection, $queryHookExperienceToProject)) die("Error: ".mysqli_error($connection));

  260. 			

  261. 		}

  262. 		

  263. 		

  264. 		

  265. 		// MAKE IT CLIENT SIDE!!!!!!!! HAVE TO SEND IT IN SERVER RESPONSE!!!!!!!

  266. // 		header('Location: ../viewExperience.php?view=$id_experience');

  267. // 		exit();

  268. 		

  269. 	}

  270. 	

  271. 	

  272.