db ids replaced with public id in the select cupboard when adding a product, and also now users can edit their cupboard

2019-11-17 23:44:38 +01:00 · 2019-11-17 23:44:38 +01:00 · 4a2f1bbd51
commit 4a2f1bbd51
parent 6491b7d6bd
4 changed files with 55 additions and 22 deletions
--- a/add-product.php
+++ b/add-product.php
@ -61,15 +61,16 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // CUPBOARD
    if (empty(trim($_POST["cupboard"]))) {
        $cupboard = null;
-    } else if (is_numeric(trim($_POST["cupboard"]))) {
-        $cupboard_id = trim($_POST["cupboard"]);
-        if (does_cupboard_exist_from_id($cupboard_id)) {
-            $cupboard = trim($_POST["cupboard"]);
    } else {
+        $cupboard = trim($_POST["cupboard"]);
+        foreach (get_users_cupboards_array() as $cupboards) {
+            if ($cupboards["public_id"] === trim($_POST["cupboard"])) {
+                $cupboard = $cupboards["id"];
+            }
+        }
+        if ($cupboard === "") {
            $cupboard_err = "Unknown cupboard.";
        }
-    } else {
-        $cupboard_err = "Cupboard id isn't int.";
    }

    // ========================================================================
@ -78,14 +79,10 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
    //                  INSERTION IN DATABASE IF CORRECT
    // ========================================================================
    if (empty($product_name_err) && empty($description_err) && empty($expiration_date_err) && empty($cupboard_err)) {
-
-
-
-        if (!add_product($product_name, $description, $expiration_date, $cupboard_id)) {
+        if (!add_product($product_name, $description, $expiration_date, $cupboard)) {
            echo "Error. Something went wrong.";
        }
    } else {
-
        echo $product_name_err;
        echo $description_err;
        echo $expiration_date_err;
@ -100,7 +97,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
 $cupboard_list = "";
 foreach (get_users_cupboards_array() as $row) {
    $cupboard_list = $cupboard_list . "<option value=\""
-        . htmlspecialchars($row["id"]) . "\">"
+        . htmlspecialchars($row["public_id"]) . "\">"
        . htmlspecialchars($row["name"]) . "</option>\n";
 }
 ?>
--- a/assets/php/utils.php
+++ b/assets/php/utils.php
@ -230,13 +230,16 @@ function add_cupboard($name, $description)
    return $query->execute();
 }

-function does_cupboard_exist_from_id($id)
+function is_users_cupboard($cupboard_public_id)
 {
    global $PDO;

-    $sql = "SELECT id FROM cupboards WHERE id = :id;";
+    $sql = "SELECT cupboards.public_id FROM cupboards 
+        INNER JOIN accounts ON cupboards.owner_id = accounts.id
+        WHERE cupboards.public_id = :public_id AND accounts.id = :accounts_id;";
    $query = $PDO->prepare($sql);
-    $query->bindValue(":id", $id);
+    $query->bindValue(":public_id", $cupboard_public_id);
+    $query->bindValue(":accounts_id", get_user_info_from_session_id("id"));

    if ($query->execute()) {
        return ($query->rowCount() === 1);
@ -283,7 +286,7 @@ function get_users_products_array()
        products.id AS id, products.name AS name, products.description AS description,
        cupboards.id AS cupboard_id, cupboards.name AS cupboard_name,
        cupboards.description AS cupboard_description, expiration_date,
-        added_date, products.public_id AS public_id
+        added_date, products.public_id AS public_id, cupboards.public_id AS cupboard_public_id
        FROM products 
        LEFT JOIN cupboards ON products.cupboard_id = cupboards.id 
        WHERE products.owner_id = :owner_id;";
@ -358,7 +361,8 @@ function update_product(
    $product_public_id,
    $new_name,
    $new_description,
-    $new_expiration_date
+    $new_expiration_date,
+    $new_cupboard_id
 ) {
    global $PDO;

@ -367,7 +371,8 @@ function update_product(
        ON products.owner_id = accounts.id 
        SET products.name = :new_name,
            products.description = :new_description,
-            products.expiration_date = :new_expiration_date
+            products.expiration_date = :new_expiration_date,
+            products.cupboard_id = :new_cupboard_id
        WHERE products.public_id = :id 
        AND products.owner_id = :owner_id;";
    $query = $PDO->prepare($sql);
@ -379,6 +384,11 @@ function update_product(
    } else {
        $query->bindValue(":new_expiration_date", $new_expiration_date);
    }
+    if ($new_cupboard_id === null) {
+        $query->bindValue(":new_cupboard_id", $new_cupboard_id, PDO::PARAM_INT);
+    } else {
+        $query->bindValue(":new_cupboard_id", $new_cupboard_id);
+    }
    $query->bindValue(":id", $product_public_id);
    $query->bindValue(":owner_id", get_user_info_from_session_id("id"));

--- a/list-cupboards.php
+++ b/list-cupboards.php
@ -23,6 +23,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["edit"])) {
                $edit_description = $cupboard["description"];
            }
        }
+    if ($edit_id === "") {
+        $erreur = "<p>Unknown cupboard.</p>";
+    }
 }

 if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["edit_completed"])) {
--- a/list-products.php
+++ b/list-products.php
@ -2,7 +2,7 @@

 require_once("./assets/php/utils.php");

-$erreur = $edit_id = $edit_name = $edit_description = $edit_expiration = "";
+$erreur = $edit_id = $edit_name = $edit_description = $edit_expiration = $edit_cupboard = "";

 if (!is_connected()) {
    header("location: login.php");
@ -22,17 +22,35 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["edit"])) {
                $edit_name = $product["name"];
                $edit_description = $product["description"];
                $edit_expiration = $product["expiration_date"];
+                $edit_cupboard = $product["cupboard_public_id"];
            }
        }
+    if ($edit_id === "") {
+        $erreur = "<p>Unknown product.</>p>";
+    }
+
+    $cupboard_list = "";
+    foreach (get_users_cupboards_array() as $row) {
+        $cupboard_list = $cupboard_list . "<option value=\""
+            . htmlspecialchars($row["public_id"]) . "\"";
+        if ($row["public_id"] === $edit_cupboard) $cupboard_list = $cupboard_list . " selected ";
+        $cupboard_list = $cupboard_list . ">"
+            . htmlspecialchars($row["name"]) . "</option>\n";
+    }
 }

 if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["edit_completed"])) {
-    if (isset($_POST["name"]) && isset($_POST["description"]) && isset($_POST["expiration"])) {
+    if (isset($_POST["name"]) && isset($_POST["description"]) && isset($_POST["expiration"]) && isset($_POST["cupboard"])) {
+        $cupboard_id = null;
+        foreach (get_users_cupboards_array() as $cupboards) {
+            if ($cupboards["public_id"] === $_POST["cupboard"]) $cupboard_id = $cupboards["id"];
+        }
        if (!update_product(
            $_POST["edit_completed"],
            $_POST["name"],
            $_POST["description"],
-            empty(trim($_POST["expiration"])) ? null : $_POST["expiration"]
+            empty(trim($_POST["expiration"])) ? null : $_POST["expiration"],
+            $cupboard_id
        )) {
            $erreur = "<p>Something went wrong. Try again later.</p>";
        }
@ -95,6 +113,11 @@ foreach (get_users_products_array() as $row) {
            <label>Nom : </label><input type="text" name="name" value="<?php echo $edit_name; ?>">
            <label>Description : </label><input type="text" name="description" value="<?php echo $edit_description; ?>">
            <label>Expiration : </label><input type="date" name="expiration" value="<?php echo $edit_expiration; ?>">
+            <label>Cupboard:</label>
+            <select name="cupboard">
+                <option value=""></option>
+                <?php echo $cupboard_list; ?>
+            </select>
            <button type="publish" name="edit_completed" value="<?php echo $edit_id; ?>">Valider</button>
        </form>
    <?php