Нема описа

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268
  1. <?php
  2. require_once 'config.php';
  3. require_once 'dbh.inc.php';
  4. require_once 'checkLogin.php';
  5. // EXAMPLE INPUT...
  6. // array(10) { ["questionID"]=> string(3) "266" ["update_q_premise"]=> string(7) "Saludos" ["update_q_type"]=> string(1) "1" ["update_min_val"]=> string(1) "1" ["update_min_text"]=> string(5) "adios" ["update_max_val"]=> string(1) "5" ["update_max_text"]=> string(4) "hola" ["update_q_category"]=> string(2) "92" ["update_q_subcategory"]=> string(3) "115" ["updateQuestion"]=> string(0) "" }
  7. // WARNING: SHOULD CHECK THAT CATEGORY/SUBCATEGORY GIVEN CORRESPOND TO THE QUESTIONNAIRE ID
  8. if(isset($_POST['updateQuestion'])) {
  9. $questionID = mysqli_real_escape_string($connection, trim($_POST['questionID']));
  10. // Check that question ID is not empty string
  11. // And that it's registered in the database
  12. if($questionID === "") {
  13. http_response_code(400);
  14. echo json_encode(array("error" => "Please specify experience ID."));
  15. exit();
  16. } else if(mysqli_query($connection, "SELECT * FROM question WHERE id = '$questionID';")->num_rows !== 1) {
  17. http_response_code(400);
  18. echo json_encode(array("error" => "Given experience ID ($id) not in database."));
  19. exit();
  20. }
  21. // UPDATE PREMISE
  22. if(isset($_POST['update_q_premise'])) {
  23. $premise = mysqli_real_escape_string($connection, trim($_POST['update_q_premise']));
  24. // Check that premise is not empty string
  25. // And that it doesn't exceed 600 characters (database limit)
  26. if($premise === "") {
  27. http_response_code(400);
  28. echo json_encode(array("error" => "Question premise can't be empty."));
  29. exit();
  30. } else if(mb_strlen($premise) > 600) {
  31. http_response_code(400);
  32. echo json_encode(array("error" => "Question premise too long (max. is 600 characters)."));
  33. exit();
  34. }
  35. $query = "UPDATE `question` SET `premise` = '$premise' WHERE `id` = '$questionID';";
  36. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  37. }
  38. // UPDATE TYPE
  39. if(isset($_POST['update_q_type'])) {
  40. $typeID = mysqli_real_escape_string($connection, trim($_POST['update_q_type']));
  41. // Check that question type isn not empty string
  42. // If the question type is neither (invalid; nor "1" nor "2"), let user know (user probably tampered with client-side)
  43. if($typeID === "" || ($typeID != "1" && $typeID != "2")) {
  44. http_response_code(400);
  45. echo json_encode(array("error" => "Please specify a type (1 for scaled, 2 for open)."));
  46. exit();
  47. }
  48. // If the question type is scaled (e.g. value of "1"), make sure all the min/max settings are valid
  49. // If the question type is open, we don't have to check for min/max settings
  50. if($typeID === "1") {
  51. // FETCH MIN VAL, MAX VAL, MIN TEXT AND MAX TEXT
  52. $minVal = mysqli_real_escape_string($connection, trim($_POST['update_min_val']));
  53. $maxVal = mysqli_real_escape_string($connection, trim($_POST['update_max_val']));
  54. $minText = mysqli_real_escape_string($connection, trim($_POST['update_min_text']));
  55. $maxText = mysqli_real_escape_string($connection, trim($_POST['update_max_text']));
  56. // Check if minVal is not 1 (we decided it should be like that)
  57. if($minVal !== "1") {
  58. http_response_code(400);
  59. echo json_encode(array("error" => "Minimum value has to be 1."));
  60. exit();
  61. }
  62. // Check if minText is not an empty string
  63. if($minText === "") {
  64. http_response_code(400);
  65. echo json_encode(array("error" => "Please specify a valid minimum text."));
  66. exit();
  67. } else if(mb_strlen($minText) > 40) {
  68. http_response_code(400);
  69. echo json_encode(array("error" => "Minimum text '$minText' too long (max. is 40 characters)."));
  70. exit();
  71. }
  72. // Check if maxVal is greater or equal to 2 (we decided it should be like that)
  73. // REMINDERS:
  74. // is_numeric() ensures the string is a number
  75. // intval() returns truncates "starting numeric-like" numbers (e.g. 1234asdf is 1234)
  76. // intval() returns 0 if it detects "normal string" (e.g. asdf1234 is 0)
  77. if(!is_numeric($maxVal)) {
  78. http_response_code(400);
  79. echo json_encode(array("error" => "Maximum value has to be numeric."));
  80. exit();
  81. } else if(intval($maxVal) < 2) {
  82. http_response_code(400);
  83. echo json_encode(array("error" => "Maximum value has to be greater or equal to 2."));
  84. exit();
  85. }
  86. // Check if maxText is not an empty string
  87. if($maxText === "") {
  88. http_response_code(400);
  89. echo json_encode(array("error" => "Please specify a valid maximum text."));
  90. exit();
  91. } else if(mb_strlen($maxText) > 40) {
  92. http_response_code(400);
  93. echo json_encode(array("error" => "Maximum text '$maxText' too long (max. is 40 characters)."));
  94. exit();
  95. }
  96. // Check that maxText and minText are different strings
  97. if(mb_strtolower($maxText) === mb_strtolower($minText)) {
  98. http_response_code(400);
  99. echo json_encode(array("error" => "Labels must be different."));
  100. exit();
  101. }
  102. // First change the question type
  103. $query = "UPDATE `question` SET `id_type` = '$typeID' WHERE `id` = '$questionID'";
  104. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  105. // Fetch all the min/max labels and values (if already present)
  106. if(mysqli_query($connection, "SELECT * FROM question_type WHERE id_question = '$questionID';")->num_rows === 4) {
  107. // Then update all the min/max labels and values
  108. $query = "UPDATE `question_type` SET value = '$minVal' WHERE `id_type` = '$typeID' AND `id_question` = '$questionID' AND `label` = 'min_val';";
  109. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  110. $query = "UPDATE `question_type` SET value = '$minText' WHERE `id_type` = '$typeID' AND `id_question` = '$questionID' AND `label` = 'min_texto';";
  111. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  112. $query = "UPDATE `question_type` SET value = '$maxVal' WHERE `id_type` = '$typeID' AND `id_question` = '$questionID' AND `label` = 'max_val';";
  113. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  114. $query = "UPDATE `question_type` SET value = '$maxText' WHERE `id_type` = '$typeID' AND `id_question` = '$questionID' AND `label` = 'max_texto';";
  115. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  116. } else {
  117. // Then create all the new min/max labels and values
  118. $query = "INSERT INTO `question_type` (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'min_val', '$minVal');";
  119. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  120. $query = "INSERT INTO `question_type` (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'min_texto', '$minText');";
  121. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  122. $query = "INSERT INTO `question_type` (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'max_val', '$maxVal');";
  123. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  124. $query = "INSERT INTO `question_type` (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'max_texto', '$maxText');";
  125. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  126. }
  127. } else if($typeID === "2") {
  128. // First change the question type
  129. $query = "UPDATE `question` SET `id_type` = '$typeID' WHERE `id` = '$questionID';";
  130. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  131. // Then delete the min/max labels and values
  132. $query = "DELETE FROM `question_type` WHERE `id_question` = '$questionID'";
  133. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  134. }
  135. // UPDATE CATEGORY
  136. if(isset($_POST['update_q_category'])) {
  137. $categoryID = mysqli_real_escape_string($connection, trim($_POST['update_q_category']));
  138. // Check that category ID is not empty string
  139. // And that it's registered in the database
  140. if($categoryID === "") {
  141. http_response_code(400);
  142. echo json_encode(array("error" => "Please specify category ID."));
  143. exit();
  144. } else if(mysqli_query($connection, "SELECT * FROM category WHERE id = '$categoryID';")->num_rows !== 1) {
  145. http_response_code(400);
  146. echo json_encode(array("error" => "Given category ID ($categoryID) not in database."));
  147. exit();
  148. }
  149. $query = "UPDATE `question` SET `id_category` = '$categoryID' WHERE `id` = '$questionID';";
  150. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  151. }
  152. // UPDATE SUBCATEGORY
  153. if(isset($_POST['update_q_subcategory'])) {
  154. $subcategoryID = mysqli_real_escape_string($connection, trim($_POST['update_q_subcategory']));
  155. // Check that subcategory ID is not empty string
  156. // And that it's registered in the database
  157. if($subcategoryID === "") {
  158. http_response_code(400);
  159. echo json_encode(array("error" => "Please specify subcategory ID."));
  160. exit();
  161. } else if(mysqli_query($connection, "SELECT * FROM subcategory WHERE id = '$subcategoryID';")->num_rows !== 1) {
  162. http_response_code(400);
  163. echo json_encode(array("error" => "Given subcategory ID ($subcategoryID) not in database."));
  164. exit();
  165. }
  166. $query = "UPDATE `question` SET `id_subcategory` = '$subcategoryID' WHERE `id` = '$questionID';";
  167. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  168. }
  169. }
  170. // UPDATE REFERENCE
  171. // if(isset($_POST['newReference'])) {
  172. // $query = "UPDATE `question` SET `id_referencia`='".$_POST['newReference']."' WHERE `id`='".$_POST['id']."';";
  173. // $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  174. // }
  175. }