Ei kuvausta

updateExperience.php 5.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169
  1. <?php
  2. require_once 'config.php';
  3. require_once 'dbh.inc.php';
  4. require_once 'checkLogin.php';
  5. // IF USER ENTERS PAGE AFTER 'Save Changes' BUTTON HAS BEEN PRESSED (FROM viewExperience.php), EDIT EXPERIENCE BASIC INFO FROM DATABASE
  6. // ELSE (IF USER ENTERED THIS PAGE WITHOUT SUBMITING A FORM) REDIRECT TO home.php
  7. if(isset($_POST['updateExperience'])) {
  8. $id = mysqli_real_escape_string($connection, trim($_POST['id']));
  9. $newTitle = mysqli_real_escape_string($connection, trim($_POST['newTitle']));
  10. $newDescription = mysqli_real_escape_string($connection, trim($_POST['newDescription']));
  11. $newType = mysqli_real_escape_string($connection, trim($_POST['newType']));
  12. $newStart = mysqli_real_escape_string($connection, trim($_POST['newStart']));
  13. $newEnd = mysqli_real_escape_string($connection, trim($_POST['newEnd']));
  14. // INSPECT EXPERIENCE ID
  15. // Check that experience ID is not empty string
  16. // And that it's registered in the database
  17. if($id === "") {
  18. http_response_code(400);
  19. echo json_encode(array("error" => "Please specify experience ID."));
  20. exit();
  21. } else if(mysqli_query($connection, "SELECT * FROM experience WHERE id = '$id';")->num_rows !== 1) {
  22. http_response_code(400);
  23. echo json_encode(array("error" => "Given experience ID ($id) not in database."));
  24. exit();
  25. }
  26. // INSPECT TITLE
  27. // Check that experience title is not empty
  28. // And that it's less than 60 characters in length (database limit)
  29. if($newTitle === "") {
  30. http_response_code(400);
  31. echo json_encode(array("error" => "Please specify title."));
  32. exit();
  33. } else if(mb_strlen($newTitle) > 60) {
  34. http_response_code(400);
  35. echo json_encode(array("error" => "Title too long (max. is 60 characters)."));
  36. exit();
  37. }
  38. // INSPECT DESCRIPTION
  39. // Check that experience title is not empty
  40. // And that it's less than 60 characters in length (database limit)
  41. if($newDescription === "") {
  42. http_response_code(400);
  43. echo json_encode(array("error" => "Please specify description."));
  44. exit();
  45. } else if(mb_strlen($newDescription) > 100) {
  46. http_response_code(400);
  47. echo json_encode(array("error" => "Description too long (max. is 100 characters)."));
  48. exit();
  49. }
  50. // INSPECT TYPE
  51. // Check that experience type is not empty
  52. // And that it's either Test, CBRE or URE
  53. if($newType === "") {
  54. http_response_code(400);
  55. echo json_encode(array("error" => "Please specify type."));
  56. exit();
  57. } else if($newType !== 'Course-Based Research Experience' AND $newType !== 'Undergraduate Research Experience' AND $newType !== 'Test') {
  58. http_response_code(400);
  59. echo json_encode(array("error" => "Invalid type ($newType)."));
  60. exit();
  61. }
  62. function validDate($date) {
  63. $d = date_create_from_format("Y-m-d", $date);
  64. return $d && date_format($d, "Y-m-d") === $date;
  65. }
  66. // INSPECT START DATE
  67. // Check that startDate is not an empty string
  68. // And that startDate is in appropriate format YYYY-MM-DD (e.g. 2222-02-22)
  69. // WARNING: only handling AST
  70. // HELP: https://www.codexworld.com/how-to/validate-date-input-string-in-php/
  71. // if($newStart === "") {
  72. // http_response_code(400);
  73. // echo json_encode(array("error" => "Please specify experience's start date."));
  74. // exit();
  75. // } else if(!validDate($newStart)) {
  76. // http_response_code(400);
  77. // echo json_encode(array("error" => "Experience's start date ($newStart) given in wrong format (use YYYY-MM-DD instead)."));
  78. // exit();
  79. // }
  80. // INSPECT END DATE
  81. // Check that endDate is not an empty string
  82. // And that endDate is in appropriate format YYYY-MM-DD (e.g. 2222-02-22)
  83. // WARNING: only handling AST
  84. // HELP: https://www.codexworld.com/how-to/validate-date-input-string-in-php/
  85. if($newEnd === "") {
  86. http_response_code(400);
  87. echo json_encode(array("error" => "Please specify experience's end date."));
  88. exit();
  89. } else if(!validDate($newEnd)) {
  90. http_response_code(400);
  91. echo json_encode(array("error" => "Experience's end date ($newEnd) given in wrong format (use YYYY-MM-DD instead)."));
  92. exit();
  93. }
  94. // Calculate duration in seconds
  95. $duration_seconds = strtotime($newEnd) - strtotime($newStart);
  96. // Check that endDate occurs after the startDate
  97. if($duration_seconds <= 0) {
  98. http_response_code(400);
  99. echo json_encode(array("error" => "Experience's end date ($newEnd) must occur at least a day after the start date ($newStart)."));
  100. exit();
  101. }
  102. // Change seconds to weeks and round up
  103. $duration_weeks = round($duration_seconds / 604800); // 60 * 60 * 24 * 7
  104. // UPDATE TITLE, DESCRIPTION, TYPE, END DATE & DURATION
  105. $newDuration = mysqli_real_escape_string($connection, trim($duration_weeks));
  106. $query = "UPDATE `experience`
  107. SET `title` = '$newTitle',
  108. `description` = '$newDescription',
  109. `type` = '$newType',
  110. `end_date` = '$newEnd',
  111. `duration_weeks` = '$newDuration'
  112. WHERE `id` = '$id';";
  113. $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  114. // UPDATE START DATE
  115. // $query = "UPDATE `experience` SET `start_date` = '$newStart' WHERE `id` = '$id';";
  116. // $result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
  117. }