From 4a2f1bbd510ff0bf2e07572a16ef5b0d77884d35 Mon Sep 17 00:00:00 2001 From: Louis Vallat Date: Sun, 17 Nov 2019 23:44:38 +0100 Subject: [PATCH] db ids replaced with public id in the select cupboard when adding a product, and also now users can edit their cupboard --- add-product.php | 23 ++++++++++------------- assets/php/utils.php | 22 ++++++++++++++++------ list-cupboards.php | 3 +++ list-products.php | 29 ++++++++++++++++++++++++++--- 4 files changed, 55 insertions(+), 22 deletions(-) diff --git a/add-product.php b/add-product.php index b7852cf..707b8fb 100644 --- a/add-product.php +++ b/add-product.php @@ -61,15 +61,16 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { // CUPBOARD if (empty(trim($_POST["cupboard"]))) { $cupboard = null; - } else if (is_numeric(trim($_POST["cupboard"]))) { - $cupboard_id = trim($_POST["cupboard"]); - if (does_cupboard_exist_from_id($cupboard_id)) { - $cupboard = trim($_POST["cupboard"]); - } else { + } else { + $cupboard = trim($_POST["cupboard"]); + foreach (get_users_cupboards_array() as $cupboards) { + if ($cupboards["public_id"] === trim($_POST["cupboard"])) { + $cupboard = $cupboards["id"]; + } + } + if ($cupboard === "") { $cupboard_err = "Unknown cupboard."; } - } else { - $cupboard_err = "Cupboard id isn't int."; } // ======================================================================== @@ -78,14 +79,10 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { // INSERTION IN DATABASE IF CORRECT // ======================================================================== if (empty($product_name_err) && empty($description_err) && empty($expiration_date_err) && empty($cupboard_err)) { - - - - if (!add_product($product_name, $description, $expiration_date, $cupboard_id)) { + if (!add_product($product_name, $description, $expiration_date, $cupboard)) { echo "Error. Something went wrong."; } } else { - echo $product_name_err; echo $description_err; echo $expiration_date_err; @@ -100,7 +97,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { $cupboard_list = ""; foreach (get_users_cupboards_array() as $row) { $cupboard_list = $cupboard_list . "\n"; } ?> diff --git a/assets/php/utils.php b/assets/php/utils.php index 96ddd5c..4536ff6 100644 --- a/assets/php/utils.php +++ b/assets/php/utils.php @@ -230,13 +230,16 @@ function add_cupboard($name, $description) return $query->execute(); } -function does_cupboard_exist_from_id($id) +function is_users_cupboard($cupboard_public_id) { global $PDO; - $sql = "SELECT id FROM cupboards WHERE id = :id;"; + $sql = "SELECT cupboards.public_id FROM cupboards + INNER JOIN accounts ON cupboards.owner_id = accounts.id + WHERE cupboards.public_id = :public_id AND accounts.id = :accounts_id;"; $query = $PDO->prepare($sql); - $query->bindValue(":id", $id); + $query->bindValue(":public_id", $cupboard_public_id); + $query->bindValue(":accounts_id", get_user_info_from_session_id("id")); if ($query->execute()) { return ($query->rowCount() === 1); @@ -283,7 +286,7 @@ function get_users_products_array() products.id AS id, products.name AS name, products.description AS description, cupboards.id AS cupboard_id, cupboards.name AS cupboard_name, cupboards.description AS cupboard_description, expiration_date, - added_date, products.public_id AS public_id + added_date, products.public_id AS public_id, cupboards.public_id AS cupboard_public_id FROM products LEFT JOIN cupboards ON products.cupboard_id = cupboards.id WHERE products.owner_id = :owner_id;"; @@ -358,7 +361,8 @@ function update_product( $product_public_id, $new_name, $new_description, - $new_expiration_date + $new_expiration_date, + $new_cupboard_id ) { global $PDO; @@ -367,7 +371,8 @@ function update_product( ON products.owner_id = accounts.id SET products.name = :new_name, products.description = :new_description, - products.expiration_date = :new_expiration_date + products.expiration_date = :new_expiration_date, + products.cupboard_id = :new_cupboard_id WHERE products.public_id = :id AND products.owner_id = :owner_id;"; $query = $PDO->prepare($sql); @@ -379,6 +384,11 @@ function update_product( } else { $query->bindValue(":new_expiration_date", $new_expiration_date); } + if ($new_cupboard_id === null) { + $query->bindValue(":new_cupboard_id", $new_cupboard_id, PDO::PARAM_INT); + } else { + $query->bindValue(":new_cupboard_id", $new_cupboard_id); + } $query->bindValue(":id", $product_public_id); $query->bindValue(":owner_id", get_user_info_from_session_id("id")); diff --git a/list-cupboards.php b/list-cupboards.php index 46f6d19..c356ad9 100644 --- a/list-cupboards.php +++ b/list-cupboards.php @@ -23,6 +23,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["edit"])) { $edit_description = $cupboard["description"]; } } + if ($edit_id === "") { + $erreur = "

Unknown cupboard.

"; + } } if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["edit_completed"])) { diff --git a/list-products.php b/list-products.php index b36cf0e..232eff4 100644 --- a/list-products.php +++ b/list-products.php @@ -2,7 +2,7 @@ require_once("./assets/php/utils.php"); -$erreur = $edit_id = $edit_name = $edit_description = $edit_expiration = ""; +$erreur = $edit_id = $edit_name = $edit_description = $edit_expiration = $edit_cupboard = ""; if (!is_connected()) { header("location: login.php"); @@ -22,17 +22,35 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["edit"])) { $edit_name = $product["name"]; $edit_description = $product["description"]; $edit_expiration = $product["expiration_date"]; + $edit_cupboard = $product["cupboard_public_id"]; } } + if ($edit_id === "") { + $erreur = "

Unknown product.p>"; + } + + $cupboard_list = ""; + foreach (get_users_cupboards_array() as $row) { + $cupboard_list = $cupboard_list . "\n"; + } } if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["edit_completed"])) { - if (isset($_POST["name"]) && isset($_POST["description"]) && isset($_POST["expiration"])) { + if (isset($_POST["name"]) && isset($_POST["description"]) && isset($_POST["expiration"]) && isset($_POST["cupboard"])) { + $cupboard_id = null; + foreach (get_users_cupboards_array() as $cupboards) { + if ($cupboards["public_id"] === $_POST["cupboard"]) $cupboard_id = $cupboards["id"]; + } if (!update_product( $_POST["edit_completed"], $_POST["name"], $_POST["description"], - empty(trim($_POST["expiration"])) ? null : $_POST["expiration"] + empty(trim($_POST["expiration"])) ? null : $_POST["expiration"], + $cupboard_id )) { $erreur = "

Something went wrong. Try again later.

"; } @@ -95,6 +113,11 @@ foreach (get_users_products_array() as $row) { + +