Nav apraksta

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169
  1. <?php
  2. require_once 'config.php';
  3. require_once 'dbh.inc.php';
  4. require_once 'checkLogin.php';
  5. // EXAMPLE INPUT...
  6. // array(9) { ["id_experience"]=> string(1) "1" ["m_title"]=> string(5) "title" ["m_description"]=> string(11) "description" ["m_date"]=> string(18) "121212-12-12T12:12" ["m_questionnaire"]=> string(1) "1" ["m_question_1"]=> string(1) "3" ["m_question_2"]=> string(1) "5" ["m_question_3"]=> string(2) "11" ["newMoment"]=> string(0) "" }
  7. if(isset($_POST['newMoment'])) {
  8. /*** FETCH THE BASIC INFO OF THE NEW QUESTIONNAIRE ***/
  9. $experienceID = mysqli_real_escape_string($connection, trim($_POST['id_experience']));
  10. $momentTitle = mysqli_real_escape_string($connection, trim($_POST['m_title']));
  11. $momentDescription = mysqli_real_escape_string($connection, trim($_POST['m_description']));
  12. $momentDate = mysqli_real_escape_string($connection, trim($_POST['m_date']));
  13. $questionnaireID = mysqli_real_escape_string($connection, trim($_POST['m_questionnaire']));
  14. /*** (START) FIRST BLOCK OF INPUT VALIDATION ***/
  15. // Check that experienceID is not an empty string
  16. // And that experienceID is in the database
  17. if($experienceID === "") {
  18. http_response_code(400);
  19. echo json_encode(array("error" => "Please specify experience ID."));
  20. exit();
  21. } else if(mysqli_query($connection, "SELECT * FROM experience WHERE id = $experienceID;")->num_rows !== 1) {
  22. http_response_code(400);
  23. echo json_encode(array("error" => "Given experience ID ($experienceID) not in database."));
  24. exit();
  25. }
  26. // Check that momentTitle is not an empty string
  27. // And that momentTitle doesn't exceed 60 characters
  28. if($momentTitle === "") {
  29. http_response_code(400);
  30. echo json_encode(array("error" => "Please specify moment title."));
  31. exit();
  32. } else if(mb_strlen($momentTitle) > 60) {
  33. http_response_code(400);
  34. echo json_encode(array("error" => "Moment title too long (max. is 60 characters)."));
  35. exit();
  36. }
  37. // Check that momentDescription is not an empty string
  38. // And that momentDescription doesn't exceed 100 characters
  39. if($momentDescription === "") {
  40. http_response_code(400);
  41. echo json_encode(array("error" => "Please specify moment description."));
  42. exit();
  43. } else if(mb_strlen($momentDescription) > 100) {
  44. http_response_code(400);
  45. echo json_encode(array("error" => "Moment description too long (max. is 100 characters)."));
  46. exit();
  47. }
  48. // Check that momentDate is not an empty string
  49. // And that momentDate is in appropriate format YYYY-MM-DDThh:mm (e.g. 121212-12-12T12:12)
  50. // WARNING: only handling AST
  51. // HELP: https://www.codexworld.com/how-to/validate-date-input-string-in-php/
  52. function validDate($date) {
  53. $d = date_create_from_format("Y-m-d\TH:i", $date);
  54. return $d && date_format($d, "Y-m-d\TH:i") === $date;
  55. }
  56. if($momentDate === "") {
  57. http_response_code(400);
  58. echo json_encode(array("error" => "Please specify moment date."));
  59. exit();
  60. } else if(!validDate($momentDate)) {
  61. http_response_code(400);
  62. echo json_encode(array("error" => "Moment date ($momentDate) given in wrong format (use YYYY-MM-DDTHH:mm instead)."));
  63. exit();
  64. }
  65. /*** (END) FIRST BLOCK OF INPUT VALIDATION ***/
  66. /*** INITIALIZE OTHER VARIABLES ***/
  67. $questionIDs = array();
  68. $numberOfQuestions = 0;
  69. /*** STORE THE QUESTIONS' DATA ***/
  70. // WARNING: $start IS VERY SENSITIVE TO NUMBER OF INPUTS GIVEN //
  71. $start = 5;
  72. for($i = $start; $i < count($_POST) - 1; $i++) {
  73. $questionIDs[] = mysqli_real_escape_string($connection, trim(array_values($_POST)[$i]));
  74. $numberOfQuestions++;
  75. // Check that questionID is not an empty string
  76. // And that the questionID is in the database
  77. // And that there is not a duplicate questionID in the array (regardless of whether in DB or not)
  78. // NOTE: array_count_values($arr)[$key] might return null if $key not in $arr
  79. if($questionIDs[$numberOfQuestions - 1] === "") {
  80. http_response_code(400);
  81. echo json_encode(array("error" => "Please specify question ID (in Question #$numberOfQuestions)."));
  82. exit();
  83. } else if(mysqli_query($connection, "SELECT * FROM question WHERE id = ".$questionIDs[$numberOfQuestions - 1])->num_rows !== 1) {
  84. http_response_code(400);
  85. echo json_encode(array("error" => "Given question ID (".$questionIDs[$numberOfQuestions - 1].") not in database."));
  86. exit();
  87. } else if(array_count_values($questionIDs)[$questionIDs[$numberOfQuestions - 1]] !== 1) {
  88. http_response_code(400);
  89. echo json_encode(array("error" => "Duplicate question (in Question #$numberOfQuestions)."));
  90. exit();
  91. }
  92. }
  93. /*** START OF DB QUERIES ***/
  94. // exit();
  95. // while(TRUE) {
  96. // exit();
  97. // }
  98. // exit();
  99. /*** IF IT GOT THROUGH VALIDATION, IT'S TOO LATE ***/
  100. /*** CREATE MOMENT, RETRIEVE ITS ID (TO USE IT IN TABLES subquestionnair_question AND experience_subquestionnair) AND HOOK TO CURRENT EXPERIENCE ***/
  101. $queryMoment = "INSERT INTO subquestionnair (title, description, id_questionnair, date_to_administer) VALUES ('$momentTitle','$momentDescription','$questionnaireID','$momentDate');";
  102. if(!mysqli_query($connection, $queryMoment)) {
  103. echo $queryMoment . "<br>";
  104. die("Error: Couldn't create moment with title $momentTitle<br>".mysqli_error($connection));
  105. }
  106. $momentID = mysqli_insert_id($connection) or die('Error: '.mysqli_error($connection));
  107. $queryHookMomentToExperience = "INSERT INTO experience_subquestionnair (id_experience, id_subquestionnair) VALUES ('$experienceID', '$momentID');";
  108. if(!mysqli_query($connection, $queryHookMomentToExperience)) {
  109. echo $queryHookMomentToExperience . "<br>";
  110. die("Error: Couldn't hook moment to experience (Moment ID: $momentID, Experience ID: $experienceID)<br>".mysqli_error($connection));
  111. }
  112. // DEBERIA DE POPULAR LA TABLA DE schedule???
  113. // DEBERIA DE POPULAR LA TABLA DE reminder_subquestionnair??
  114. /*** HOOK EACH QUESTION TO NEWLY CREATED MOMENT ***/
  115. for($i = 0; $i < count($questionIDs); $i++) {
  116. $queryQuestion = "INSERT INTO subquestionnair_question (id_subquestionnair, id_question) VALUES ('$momentID','".$questionIDs[$i]."');";
  117. if(!mysqli_query($connection, $queryQuestion)) {
  118. echo $queryQuestion . "<br>";
  119. die("Error: Couldn't hook question to moment (Question ID: ".$questionIDs[$i].", Moment ID: $momentID)<br>".mysqli_error($connection));
  120. }
  121. }
  122. }
  123. ?>