Без опису

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208
  1. <?php
  2. require_once 'config.php';
  3. require_once 'dbh.inc.php';
  4. require_once 'checkLogin.php';
  5. // EXAMPLE INPUT...
  6. // array(10) { ["questionnaireID"]=> string(2) "23" ["q_premise"]=> string(18) "esta es la premisa" ["q_type"]=> string(1) "1" ["min_val"]=> string(1) "1" ["min_text"]=> string(4) "caca" ["max_val"]=> string(1) "5" ["max_text"]=> string(5) "bueno" ["q_category"]=> string(2) "92" ["q_subcategory"]=> string(3) "115" ["insertQuestionToQuestionnaire"]=> string(0) "" }
  7. // WARNING: SHOULD CHECK THAT CATEGORY/SUBCATEGORY GIVEN CORRESPOND TO THE QUESTIONNAIRE ID
  8. if(isset($_POST['insertQuestionToQuestionnaire'])) {
  9. $questionnaireID = mysqli_real_escape_string($connection, trim($_POST['questionnaireID']));
  10. $premise = mysqli_real_escape_string($connection, trim($_POST['q_premise']));
  11. $typeID = mysqli_real_escape_string($connection, trim($_POST['q_type']));
  12. $minVal = mysqli_real_escape_string($connection, trim($_POST['min_val']));
  13. $minText = mysqli_real_escape_string($connection, trim($_POST['min_text']));
  14. $maxVal = mysqli_real_escape_string($connection, trim($_POST['max_val']));
  15. $maxText = mysqli_real_escape_string($connection, trim($_POST['max_text']));
  16. $categoryID = mysqli_real_escape_string($connection, trim($_POST['q_category']));
  17. $subcategoryID = mysqli_real_escape_string($connection, trim($_POST['q_subcategory']));
  18. // Check that questionnaire ID is not empty string
  19. // And that it's registered in the database
  20. if($questionnaireID === "") {
  21. http_response_code(400);
  22. echo json_encode(array("error" => "Please specify questionnaire ID."));
  23. exit();
  24. } else if(mysqli_query($connection, "SELECT * FROM questionnair WHERE id = '$questionnaireID';")->num_rows !== 1) {
  25. http_response_code(400);
  26. echo json_encode(array("error" => "Given questionnaire ID ($questionnaireID) not in database."));
  27. exit();
  28. }
  29. // Check that premise is not empty string
  30. // And that it doesn't exceed 600 characters (database limit)
  31. if($premise === "") {
  32. http_response_code(400);
  33. echo json_encode(array("error" => "Question premise can't be empty."));
  34. exit();
  35. } else if(mb_strlen($premise) > 600) {
  36. http_response_code(400);
  37. echo json_encode(array("error" => "Question premise too long (max. is 600 characters)."));
  38. exit();
  39. }
  40. // Check that question type isn not empty string
  41. // If the question type is neither (invalid; nor "1" nor "2"), let user know (user probably tampered with client-side)
  42. if($typeID === "" || ($typeID != "1" && $typeID != "2")) {
  43. http_response_code(400);
  44. echo json_encode(array("error" => "Please specify a type (1 for scaled, 2 for open)."));
  45. exit();
  46. } else if($typeID === "1") {
  47. // Check if minVal is equal to 1 (we decided it should be like that)
  48. if($minVal !== "1") {
  49. http_response_code(400);
  50. echo json_encode(array("error" => "Minimum value has to be 1."));
  51. exit();
  52. }
  53. // Check if minText is not an empty string
  54. if($minText === "") {
  55. http_response_code(400);
  56. echo json_encode(array("error" => "Please specify a valid minimum text."));
  57. exit();
  58. } else if(mb_strlen($minText) > 40) {
  59. http_response_code(400);
  60. echo json_encode(array("error" => "Minimum text '$minText' too long (max. is 40 characters)."));
  61. exit();
  62. }
  63. // Check if maxVal is greater or equal to 2 (we decided it should be like that)
  64. // REMINDERS:
  65. // is_numeric() ensures the string is a number
  66. // intval() returns truncates "starting numeric-like" numbers (e.g. 1234asdf is 1234)
  67. // intval() returns 0 if it detects "normal string" (e.g. asdf1234 is 0)
  68. if(!is_numeric($maxVal)) {
  69. http_response_code(400);
  70. echo json_encode(array("error" => "Maximum value has to be numeric."));
  71. exit();
  72. } else if(intval($maxVal) < 2) {
  73. http_response_code(400);
  74. echo json_encode(array("error" => "Maximum value has to be greater or equal to 2."));
  75. exit();
  76. }
  77. // Check if maxText is not an empty string
  78. if($maxText === "") {
  79. http_response_code(400);
  80. echo json_encode(array("error" => "Please specify a valid maximum text."));
  81. exit();
  82. } else if(mb_strlen($maxText) > 40) {
  83. http_response_code(400);
  84. echo json_encode(array("error" => "Maximum text '$maxText' too long (max. is 40 characters)."));
  85. exit();
  86. }
  87. // Check that maxText and minText are different strings
  88. if(mb_strtolower($maxText) === mb_strtolower($minText)) {
  89. http_response_code(400);
  90. echo json_encode(array("error" => "Labels must be different."));
  91. exit();
  92. }
  93. }
  94. // Check that category ID is not empty string
  95. // And that it's registered in the database
  96. if($categoryID === "") {
  97. http_response_code(400);
  98. echo json_encode(array("error" => "Please specify category ID."));
  99. exit();
  100. } else if(mysqli_query($connection, "SELECT * FROM category WHERE id = '$categoryID';")->num_rows !== 1) {
  101. http_response_code(400);
  102. echo json_encode(array("error" => "Given category ID ($categoryID) not in database."));
  103. exit();
  104. }
  105. // Check that subcategory ID is not empty string
  106. // And that it's registered in the database
  107. if($subcategoryID === "") {
  108. http_response_code(400);
  109. echo json_encode(array("error" => "Please specify subcategory ID."));
  110. exit();
  111. } else if(mysqli_query($connection, "SELECT * FROM subcategory WHERE id = '$subcategoryID';")->num_rows !== 1) {
  112. http_response_code(400);
  113. echo json_encode(array("error" => "Given subcategory ID ($subcategoryID) not in database."));
  114. exit();
  115. }
  116. /*** START OF DB QUERIES ***/
  117. // exit();
  118. // while(TRUE) {
  119. // exit();
  120. // }
  121. // exit();
  122. /*** IF IT GOT THROUGH VALIDATION, IT'S TOO LATE ***/
  123. // INSERT NEW QUESTION
  124. $query = "INSERT INTO question (`premise`, `id_category`, `id_subcategory`, `id_type`) VALUES ('$premise', '$categoryID', '$subcategoryID', '$typeID');";
  125. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  126. // RETRIEVE INSERTED QUESTION ID
  127. $questionID = mysqli_insert_id($connection) or die("Error: ".mysqli_error($connection));
  128. // IF QUESTION IS SCALED, INSERT MIN/MAX VALUES/TEXT
  129. if($typeID === "1") {
  130. $queryMinVal = "INSERT INTO question_type (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'min_val', '$minVal');";
  131. $result = mysqli_query($connection, $queryMinVal) or die("Error: ".mysqli_error($connection));
  132. $queryMinText = "INSERT INTO question_type (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'min_texto', '$minText');";
  133. $result = mysqli_query($connection, $queryMinText) or die("Error: ".mysqli_error($connection));
  134. $queryMaxVal = "INSERT INTO question_type (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'max_val', '$maxVal');";
  135. $result = mysqli_query($connection, $queryMaxVal) or die("Error: ".mysqli_error($connection));
  136. $queryMaxText = "INSERT INTO question_type (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'max_texto', '$maxText');";
  137. $result = mysqli_query($connection, $queryMaxText) or die("Error: ".mysqli_error($connection));
  138. }
  139. // HOOK QUESTION TO QUESTIONNAIRE
  140. $queryHookQuestionToQuestionnaire = "INSERT INTO questionnair_question (`id_questionnair`, `id_question`) VALUES ('$questionnaireID', '$questionID');";
  141. $result = mysqli_query($connection, $queryHookQuestionToQuestionnaire) or die("Error: ".mysqli_error($connection));
  142. }