Initial Commit
This commit is contained in:
commit
9ad6876181
5 changed files with 786 additions and 0 deletions
126
submission.php
Normal file
126
submission.php
Normal file
|
|
@ -0,0 +1,126 @@
|
|||
<?php
|
||||
include "db/bootstrap.php";
|
||||
include "db/functions.php";
|
||||
|
||||
session_start();
|
||||
|
||||
if(empty($_SESSION['csrf_token'])){
|
||||
die("Invalid request: No token supplied.");
|
||||
}
|
||||
|
||||
$sessionToken = (string)($_SESSION['csrf_token'] ?? '');
|
||||
$postToken = (string)($_POST['csrf_token'] ?? '');
|
||||
$getToken = (string)($_GET['csrf_token'] ?? '');
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
|
||||
if(!hash_equals($sessionToken, $postToken)){
|
||||
die("Invalid request: Token mismatch.");
|
||||
}
|
||||
|
||||
//Book Submission
|
||||
if($_POST['submissionType'] == "book"){
|
||||
$title = $_POST['title'] ?? '';
|
||||
$author = $_POST['author'] ?? '';
|
||||
$area = $_POST['area'] ?? '';
|
||||
|
||||
if ($title && $author && $area) {
|
||||
addBook($pdo, $title, $author, $area);
|
||||
} else {
|
||||
echo "<p>Please fill in all fields.</p>";
|
||||
}
|
||||
}
|
||||
|
||||
//Copy Submission
|
||||
if($_POST['submissionType'] == "copy"){
|
||||
$bookID = $_POST['book'] ?? '';
|
||||
$amount = $_POST['amount'] ?? '';
|
||||
$copyCondition = $_POST['condition'] ?? '';
|
||||
|
||||
if ($bookID && $amount && $copyCondition) {
|
||||
addCopies($pdo, $bookID, $amount, $copyCondition);
|
||||
} else {
|
||||
echo "<p>Please fill in all fields.</p>";
|
||||
}
|
||||
}
|
||||
|
||||
//Borrower Submission
|
||||
if($_POST['submissionType'] == "borrower"){
|
||||
$firstname = $_POST['firstname'] ?? '';
|
||||
$lastname = $_POST['lastname'] ?? '';
|
||||
$role = $_POST['role'] ?? '';
|
||||
|
||||
if($firstname && $lastname && $role){
|
||||
addBorrower($pdo, $firstname, $lastname, $role);
|
||||
}else{
|
||||
echo "<p>Please fill in all fields.</p>";
|
||||
}
|
||||
}
|
||||
|
||||
if($_POST['submissionType'] == "loan"){
|
||||
$copyID = $_POST['copyID'] ?? '';
|
||||
$borrowerID = $_POST['borrowerID'] ?? '';
|
||||
$borrowedDate = $_POST['borrowedDate'] ?? '';
|
||||
$dueDate = $_POST['dueDate'];
|
||||
|
||||
if($copyID && $borrowerID && $borrowedDate && $dueDate){
|
||||
addLoan($pdo, $copyID, $borrowerID, $borrowedDate, $dueDate);
|
||||
}else{
|
||||
echo "<p>Please fill in all fields.</p>";
|
||||
}
|
||||
}
|
||||
|
||||
if($_POST['submissionType'] == "return"){
|
||||
$copyIDLoanID = explode("-", $_POST['copyID-loanID'], 2);
|
||||
|
||||
$copyID = $copyIDLoanID[0];
|
||||
$loanID = $copyIDLoanID[1];
|
||||
$returnedDate = $_POST['returnedDate'];
|
||||
|
||||
if($copyID && $loanID){
|
||||
removeLoan($pdo, $copyID, $loanID, $returnedDate);
|
||||
}else{
|
||||
echo "<p>Please fill in all fields</p>";
|
||||
}
|
||||
}
|
||||
|
||||
if($_POST['submissionType'] == "selectRequest"){
|
||||
$selectRequest = $_POST['sqlSelectTextarea'];
|
||||
|
||||
if($selectRequest){
|
||||
selectRequest($pdo, $selectRequest);
|
||||
}else{
|
||||
echo "<p>Please fill in all fields</p>";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] == 'GET'){
|
||||
|
||||
if(!hash_equals($sessionToken, $getToken)){
|
||||
die("Invalid request: Token mismatch.");
|
||||
}
|
||||
|
||||
if($_GET['submissionType'] == "getCopies"){
|
||||
$bookID = $_GET['bookID'];
|
||||
if($bookID){
|
||||
$copies = getAvailableCopiesOfBook($pdo, $bookID);
|
||||
|
||||
echo json_encode($copies);
|
||||
}else{
|
||||
echo json_encode([]);
|
||||
}
|
||||
}
|
||||
|
||||
if($_GET['submissionType'] == "getReturnCopies"){
|
||||
$borrowerID = $_GET['borrowerID'];
|
||||
if($borrowerID){
|
||||
$copies = getBorrowedCopiesOfBorrower($pdo, $borrowerID);
|
||||
|
||||
echo json_encode($copies);
|
||||
}else{
|
||||
echo json_encode([]);
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
Loading…
Add table
Add a link
Reference in a new issue