Keine Beschreibung

insertExperience.php 10KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272
  1. <?php
  2. require_once 'config.php';
  3. require_once 'dbh.inc.php';
  4. require_once 'checkLogin.php';
  5. // EXAMPLE INPUT...
  6. // array(9) { ["title"]=> string(5) "title" ["description"]=> string(11) "description" ["type"]=> string(4) "type" ["duration"]=> string(1) "1" ["start"]=> string(10) "2019-11-22" ["end"]=> string(10) "2019-11-29" ["institution"]=> string(1) "1" ["expiry_time"]=> string(2) "60" ["newExperience"]=> string(0) "" }
  7. // IF USER ENTERS PAGE AFTER 'Create' BUTTON HAS BEEN PRESSED (FROM home.php), INSERT NEW EXPERIENCE TO DATABASE
  8. // ELSE (IF USER ENTERED THIS PAGE WITHOUT SUBMITING A FORM) REDIRECT TO home.php
  9. if(isset($_POST['newExperience'])) {
  10. // CLEAN USER INPUT
  11. $title = mysqli_real_escape_string($connection, trim($_POST['title']));
  12. $description = mysqli_real_escape_string($connection, trim($_POST['description']));
  13. $type = mysqli_real_escape_string($connection, trim($_POST['type']));
  14. // $duration_weeks = mysqli_real_escape_string($connection, trim($_POST['duration']));
  15. $start_date = mysqli_real_escape_string($connection, trim($_POST['start']));
  16. $end_date = mysqli_real_escape_string($connection, trim($_POST['end']));
  17. $institution = mysqli_real_escape_string($connection, trim($_POST['institution']));
  18. $expiry_time = mysqli_real_escape_string($connection, trim($_POST['expiry_time']));
  19. // (PROJECT INPUT)
  20. $typeOfExperience = mysqli_real_escape_string($connection, trim($_POST['typeOfExperience']));
  21. $typeOfProject = mysqli_real_escape_string($connection, trim($_POST['typeOfProject']));
  22. $projectID = mysqli_real_escape_string($connection, trim($_POST['projectID']));
  23. $projectName = mysqli_real_escape_string($connection, trim($_POST['projectName']));
  24. $projectDescription = mysqli_real_escape_string($connection, trim($_POST['projectDescription']));
  25. // Check that experienceTitle is not an empty string
  26. // And that it doesn't exceed 60 characters (database limit)
  27. if($title === "") {
  28. http_response_code(400);
  29. echo json_encode(array("error" => "Please specify experience title."));
  30. exit();
  31. } else if(mb_strlen($title) > 60) {
  32. http_response_code(400);
  33. echo json_encode(array("error" => "Experience title too long (max. is 60 characters)."));
  34. exit();
  35. }
  36. // Check that experienceDescription is not an empty string
  37. // And that it doesn't exceed 100 characters (database limit)
  38. if($description === "") {
  39. http_response_code(400);
  40. echo json_encode(array("error" => "Please specify experience description."));
  41. exit();
  42. } else if(mb_strlen($description) > 100) {
  43. http_response_code(400);
  44. echo json_encode(array("error" => "Experience description too long (max. is 100 characters)."));
  45. exit();
  46. }
  47. // Check that experienceType is Course-Based Research or Independent Research
  48. // EDIT: THE TERMINOLOGY ITSELF MIGHT CHANGE OVER TIME, DON'T CHECK AGAINST HARD-CODED VALUES
  49. // if($type !== "Course-Based Research" && $type !== "Independent Research") {
  50. // http_response_code(400);
  51. // echo json_encode(array("error" => "Please specify valid experience type (either 'Course-Based Research' or 'Independent Research')."));
  52. // exit();
  53. // } else
  54. if(mb_strlen($type) > 60) {
  55. http_response_code(400);
  56. echo json_encode(array("error" => "Experience type too long (max. is 60 characters)."));
  57. exit();
  58. }
  59. // Check that startDate is not an empty string
  60. // And that startDate is in appropriate format YYYY-MM-DD (e.g. 2222-02-22)
  61. // WARNING: only handling AST
  62. // HELP: https://www.codexworld.com/how-to/validate-date-input-string-in-php/
  63. function validDate($date) {
  64. $d = date_create_from_format("Y-m-d", $date);
  65. return $d && date_format($d, "Y-m-d") === $date;
  66. }
  67. if($start_date === "") {
  68. http_response_code(400);
  69. echo json_encode(array("error" => "Please specify experience's start date."));
  70. exit();
  71. } else if(!validDate($start_date)) {
  72. http_response_code(400);
  73. echo json_encode(array("error" => "Experience's start date ($start_date) given in wrong format (use YYYY-MM-DD instead)."));
  74. exit();
  75. }
  76. // Check that endDate is not an empty string
  77. // And that endDate is in appropriate format YYYY-MM-DD (e.g. 2222-02-22)
  78. // WARNING: only handling AST
  79. // HELP: https://www.codexworld.com/how-to/validate-date-input-string-in-php/
  80. if($end_date === "") {
  81. http_response_code(400);
  82. echo json_encode(array("error" => "Please specify experience's end date."));
  83. exit();
  84. } else if(!validDate($end_date)) {
  85. http_response_code(400);
  86. echo json_encode(array("error" => "Experience's end date ($end_date) given in wrong format (use YYYY-MM-DD instead)."));
  87. exit();
  88. }
  89. // Calculate duration in seconds
  90. $duration_seconds = strtotime($end_date) - strtotime($start_date);
  91. // Check that endDate occurs after the startDate
  92. if($duration_seconds <= 0) {
  93. http_response_code(400);
  94. echo json_encode(array("error" => "Experience's end date ($end_date) must occur at least a day after the start date ($start_date)."));
  95. exit();
  96. }
  97. // Change seconds to weeks and round up
  98. $duration_weeks = round($duration_seconds / 604800); // 60 * 60 * 24 * 7
  99. // Check that institutionID is not an empty string
  100. // And that the institutionID given is in database
  101. if($institution === "") {
  102. http_response_code(400);
  103. echo json_encode(array("error" => "Please specify institution ID."));
  104. exit();
  105. } else if(mysqli_query($connection, "SELECT * FROM institution WHERE id = '$institution';")->num_rows !== 1) {
  106. http_response_code(400);
  107. echo json_encode(array("error" => "Given institution ID not in database."));
  108. exit();
  109. }
  110. // Check that expiryTime is permitted (30min, 1hr, 2hr, 3hr, 6hr, 12hr, 18hr, 24hr)
  111. $permittedExpiryTimes = array("30", "60", "120", "180", "360", "720", "1080", "1440");
  112. if(!in_array($expiry_time, $permittedExpiryTimes, TRUE)) {
  113. http_response_code(400);
  114. echo json_encode(array("error" => "Expiry time given is not permitted (use only 30, 60, 120, 180, 360, 720, 1080 or 1440)."));
  115. exit();
  116. }
  117. // Check if type of experience is valid
  118. if($typeOfExperience !== "Standalone" && $typeOfExperience !== "Part of a Project") {
  119. http_response_code(400);
  120. echo json_encode(array("error" => "Invalid type of experience."));
  121. exit();
  122. }
  123. // If experience is part of a project, decide if it's an existing project or a new project
  124. if($typeOfExperience === "Part of a Project") {
  125. // If existing project, check validity of project ID
  126. // If new project, check validity of project name and description
  127. if($typeOfProject === "Existing") {
  128. if(mysqli_query($connection, "SELECT * FROM project WHERE id = '$projectID';")->num_rows !== 1) {
  129. http_response_code(400);
  130. echo json_encode(array("error" => "Given project ID ($projectID) not in database."));
  131. exit();
  132. }
  133. } else if($typeOfProject === "New") {
  134. if($projectName === "") {
  135. http_response_code(400);
  136. echo json_encode(array("error" => "Please specify project name."));
  137. exit();
  138. } else if(mb_strlen($projectName) > 256) {
  139. http_response_code(400);
  140. echo json_encode(array("error" => "Project name too long (max. is 256 characters)."));
  141. exit();
  142. }
  143. if($projectDescription === "") {
  144. http_response_code(400);
  145. echo json_encode(array("error" => "Please specify project description."));
  146. exit();
  147. } else if(mb_strlen($projectDescription) > 256) {
  148. http_response_code(400);
  149. echo json_encode(array("error" => "Project description too long (max. is 256 characters)."));
  150. exit();
  151. }
  152. }
  153. }
  154. /*** START OF DB QUERIES ***/
  155. // exit();
  156. // while(TRUE) {
  157. // exit();
  158. // }
  159. // exit();
  160. /*** IF IT GOT THROUGH VALIDATION, IT'S TOO LATE ***/
  161. // INSERTAR A TABLA experience EL TÍTULO, DESCRIPCIÓN, TIPO, DURACIÓN, START Y END DE LA EXPERIENCIA NUEVA
  162. $queryInsert = "INSERT INTO `experience` (`title`, `description`, `type`, `duration_weeks`, `start_date`, `end_date`, `expiry_time`) VALUES ('$title', '$description', '$type', '$duration_weeks', '$start_date', '$end_date', '$expiry_time');";
  163. if(!mysqli_query($connection, $queryInsert)) die("Error: ".mysqli_error($connection));
  164. // BUSCAR id DE LA EXPERIENCIA ACABADA DE INSERTAR
  165. $id_experience = mysqli_insert_id($connection) or die('Error: '.mysqli_error($connection));
  166. // CREAR HASH PARA EL ENVÍO DEL URL A ESTUDIANTES
  167. $hash = substr(sha1($id_experience), 0, 40);
  168. $queryHash = "UPDATE experience SET hash_id = '$hash' WHERE id = '$id_experience';";
  169. if(!mysqli_query($connection, $queryHash)) die("Error: ".mysqli_error($connection));
  170. // ASOCIAR LA EXPERIENCIA NUEVA CON LA INSTITUCIÓN ESCOGIDA
  171. $queryHookExperienceToInstitution = "INSERT INTO `institution_experience` (`id_institution`, `id_experience`) VALUES ('$institution', '$id_experience');";
  172. if(!mysqli_query($connection, $queryHookExperienceToInstitution)) die("Error: ".mysqli_error($connection));
  173. // ASOCIAR LA EXPERIENCIA NUEVA CON EL USUARIO
  174. $queryHookExperienceToUser = "INSERT INTO `researcher_experience` (`id_researcher`, `id_experience`) VALUES ('" . $_SESSION['dbUserData']['id_researcher'] . "', '$id_experience')";
  175. if(!mysqli_query($connection, $queryHookExperienceToUser)) die("Error: ".mysqli_error($connection));
  176. // CREAR PROJECT
  177. if($typeOfExperience === "Part of a Project") {
  178. // If existing project, just hook experience to project
  179. // If new project, create project and then hook
  180. if($typeOfProject === "New") {
  181. $queryProject = "INSERT INTO project (`name`, `description`) VALUES ('$projectName', '$projectDescription');";
  182. if(!mysqli_query($connection, $queryProject)) die("Error: ".mysqli_error($connection));
  183. // BUSCAR id DEL PROYECTO ACABADO DE INSERTAR
  184. $projectID = mysqli_insert_id($connection) or die('Error: '.mysqli_error($connection));
  185. }
  186. $queryHookExperienceToProject = "INSERT INTO project_experience (`id_experience`, `id_project`) VALUES ('$id_experience', '$projectID');";
  187. if(!mysqli_query($connection, $queryHookExperienceToProject)) die("Error: ".mysqli_error($connection));
  188. }
  189. // MAKE IT CLIENT SIDE!!!!!!!! HAVE TO SEND IT IN SERVER RESPONSE!!!!!!!
  190. // header('Location: ../viewExperience.php?view=$id_experience');
  191. // exit();
  192. }