Marle
/
webAdministracion


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208
							<?php

	require_once 'config.php';
	require_once 'dbh.inc.php';
	require_once 'checkLogin.php';
	
	
	// EXAMPLE INPUT...
	// array(10) { ["questionnaireID"]=> string(2) "23" ["q_premise"]=> string(18) "esta es la premisa" ["q_type"]=> string(1) "1" ["min_val"]=> string(1) "1" ["min_text"]=> string(4) "caca" ["max_val"]=> string(1) "5" ["max_text"]=> string(5) "bueno" ["q_category"]=> string(2) "92" ["q_subcategory"]=> string(3) "115" ["insertQuestionToQuestionnaire"]=> string(0) "" }

	// WARNING: SHOULD CHECK THAT CATEGORY/SUBCATEGORY GIVEN CORRESPOND TO THE QUESTIONNAIRE ID

	if(isset($_POST['insertQuestionToQuestionnaire'])) {
		

		$questionnaireID = mysqli_real_escape_string($connection, trim($_POST['questionnaireID']));
		$premise = mysqli_real_escape_string($connection, trim($_POST['q_premise']));
		$typeID = mysqli_real_escape_string($connection, trim($_POST['q_type']));
		$minVal = mysqli_real_escape_string($connection, trim($_POST['min_val']));
		$minText = mysqli_real_escape_string($connection, trim($_POST['min_text']));		
		$maxVal = mysqli_real_escape_string($connection, trim($_POST['max_val']));
		$maxText = mysqli_real_escape_string($connection, trim($_POST['max_text']));
		$categoryID = mysqli_real_escape_string($connection, trim($_POST['q_category']));
		$subcategoryID = mysqli_real_escape_string($connection, trim($_POST['q_subcategory']));
		
		
		// Check that questionnaire ID is not empty string
		// And that it's registered in the database
		if($questionnaireID === "") {
			http_response_code(400);
			echo json_encode(array("error" => "Please specify questionnaire ID."));
			exit();
		} else if(mysqli_query($connection, "SELECT * FROM questionnair WHERE id = '$questionnaireID';")->num_rows !== 1) {
			http_response_code(400);
			echo json_encode(array("error" => "Given questionnaire ID ($questionnaireID) not in database."));
			exit();
		}


		// Check that premise is not empty string
		// And that it doesn't exceed 600 characters (database limit)
		if($premise === "") {
			http_response_code(400);
			echo json_encode(array("error" => "Question premise can't be empty."));
			exit();
		} else if(mb_strlen($premise) > 600) {
			http_response_code(400);
			echo json_encode(array("error" => "Question premise too long (max. is 600 characters)."));
			exit();
		}


		// Check that question type isn not empty string
		// If the question type is neither (invalid; nor "1" nor "2"), let user know (user probably tampered with client-side)
		if($typeID === "" || ($typeID != "1" && $typeID != "2")) {
		
			http_response_code(400);
			echo json_encode(array("error" => "Please specify a type (1 for scaled, 2 for open)."));
			exit();
			
		} else if($typeID === "1") {
			
			
			// Check if minVal is equal to 1 (we decided it should be like that)
			if($minVal !== "1") {
				http_response_code(400);
				echo json_encode(array("error" => "Minimum value has to be 1."));
				exit();
			}


			// Check if minText is not an empty string
			if($minText === "") {
				http_response_code(400);
				echo json_encode(array("error" => "Please specify a valid minimum text."));
				exit();
			} else if(mb_strlen($minText) > 40) {
				http_response_code(400);
				echo json_encode(array("error" => "Minimum text '$minText' too long (max. is 40 characters)."));
				exit();
			}
				
				
			// Check if maxVal is greater or equal to 2 (we decided it should be like that)
			// REMINDERS:
				// is_numeric() ensures the string is a number
				// intval() returns truncates "starting numeric-like" numbers (e.g. 1234asdf is 1234)
				// intval() returns 0 if it detects "normal string" (e.g. asdf1234 is 0)
			if(!is_numeric($maxVal)) {
				http_response_code(400);
				echo json_encode(array("error" => "Maximum value has to be numeric."));
				exit();
			} else if(intval($maxVal) < 2) {
				http_response_code(400);
				echo json_encode(array("error" => "Maximum value has to be greater or equal to 2."));
				exit();
			}
				
				
			// Check if maxText is not an empty string
			if($maxText === "") {
				http_response_code(400);
				echo json_encode(array("error" => "Please specify a valid maximum text."));
				exit();
			} else if(mb_strlen($maxText) > 40) {
				http_response_code(400);
				echo json_encode(array("error" => "Maximum text '$maxText' too long (max. is 40 characters)."));
				exit();
			}
				
				
			// Check that maxText and minText are different strings
			if(mb_strtolower($maxText) === mb_strtolower($minText)) {
				http_response_code(400);
				echo json_encode(array("error" => "Labels must be different."));
				exit();
			}


		}


		// Check that category ID is not empty string
		// And that it's registered in the database
		if($categoryID === "") {
			http_response_code(400);
			echo json_encode(array("error" => "Please specify category ID."));
			exit();
		} else if(mysqli_query($connection, "SELECT * FROM category WHERE id = '$categoryID';")->num_rows !== 1) {
			http_response_code(400);
			echo json_encode(array("error" => "Given category ID ($categoryID) not in database."));
			exit();
		}	


		// Check that subcategory ID is not empty string
		// And that it's registered in the database
		if($subcategoryID === "") {
			http_response_code(400);
			echo json_encode(array("error" => "Please specify subcategory ID."));
			exit();
		} else if(mysqli_query($connection, "SELECT * FROM subcategory WHERE id = '$subcategoryID';")->num_rows !== 1) {
			http_response_code(400);
			echo json_encode(array("error" => "Given subcategory ID ($subcategoryID) not in database."));
			exit();
		}		


		/*** START OF DB QUERIES ***/
// 		exit();
// 		while(TRUE) {
// 			exit();
// 		}
// 		exit();
		/*** IF IT GOT THROUGH VALIDATION, IT'S TOO LATE ***/


		// INSERT NEW QUESTION
		$query = "INSERT INTO question (`premise`, `id_category`, `id_subcategory`, `id_type`) VALUES ('$premise', '$categoryID', '$subcategoryID', '$typeID');";
		$result = mysqli_query($connection, $query) or die("Error: ".mysqli_error($connection));
		
		// RETRIEVE INSERTED QUESTION ID
		$questionID = mysqli_insert_id($connection) or die("Error: ".mysqli_error($connection));


		// IF QUESTION IS SCALED, INSERT MIN/MAX VALUES/TEXT
		if($typeID === "1") {
		
			$queryMinVal = "INSERT INTO question_type (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'min_val', '$minVal');";
			$result = mysqli_query($connection, $queryMinVal) or die("Error: ".mysqli_error($connection));

			$queryMinText = "INSERT INTO question_type (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'min_texto', '$minText');";
			$result = mysqli_query($connection, $queryMinText) or die("Error: ".mysqli_error($connection));
			

			$queryMaxVal = "INSERT INTO question_type (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'max_val', '$maxVal');";
			$result = mysqli_query($connection, $queryMaxVal) or die("Error: ".mysqli_error($connection));

			$queryMaxText = "INSERT INTO question_type (`id_type`, `id_question`, `label`, `value`) VALUES ('$typeID', '$questionID', 'max_texto', '$maxText');";
			$result = mysqli_query($connection, $queryMaxText) or die("Error: ".mysqli_error($connection));
				
		}

		
		// HOOK QUESTION TO QUESTIONNAIRE
		$queryHookQuestionToQuestionnaire = "INSERT INTO questionnair_question (`id_questionnair`, `id_question`) VALUES ('$questionnaireID', '$questionID');";
		$result = mysqli_query($connection, $queryHookQuestionToQuestionnaire) or die("Error: ".mysqli_error($connection));

		
	}