126 lines
No EOL
3.6 KiB
PHP
126 lines
No EOL
3.6 KiB
PHP
<?php
|
|
include "db/bootstrap.php";
|
|
include "db/functions.php";
|
|
|
|
session_start();
|
|
|
|
if(empty($_SESSION['csrf_token'])){
|
|
die("Invalid request: No token supplied.");
|
|
}
|
|
|
|
$sessionToken = (string)($_SESSION['csrf_token'] ?? '');
|
|
$postToken = (string)($_POST['csrf_token'] ?? '');
|
|
$getToken = (string)($_GET['csrf_token'] ?? '');
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
|
|
if(!hash_equals($sessionToken, $postToken)){
|
|
die("Invalid request: Token mismatch.");
|
|
}
|
|
|
|
//Book Submission
|
|
if($_POST['submissionType'] == "book"){
|
|
$title = $_POST['title'] ?? '';
|
|
$author = $_POST['author'] ?? '';
|
|
$area = $_POST['area'] ?? '';
|
|
|
|
if ($title && $author && $area) {
|
|
addBook($pdo, $title, $author, $area);
|
|
} else {
|
|
echo "<p>Please fill in all fields.</p>";
|
|
}
|
|
}
|
|
|
|
//Copy Submission
|
|
if($_POST['submissionType'] == "copy"){
|
|
$bookID = $_POST['book'] ?? '';
|
|
$amount = $_POST['amount'] ?? '';
|
|
$copyCondition = $_POST['condition'] ?? '';
|
|
|
|
if ($bookID && $amount && $copyCondition) {
|
|
addCopies($pdo, $bookID, $amount, $copyCondition);
|
|
} else {
|
|
echo "<p>Please fill in all fields.</p>";
|
|
}
|
|
}
|
|
|
|
//Borrower Submission
|
|
if($_POST['submissionType'] == "borrower"){
|
|
$firstname = $_POST['firstname'] ?? '';
|
|
$lastname = $_POST['lastname'] ?? '';
|
|
$role = $_POST['role'] ?? '';
|
|
|
|
if($firstname && $lastname && $role){
|
|
addBorrower($pdo, $firstname, $lastname, $role);
|
|
}else{
|
|
echo "<p>Please fill in all fields.</p>";
|
|
}
|
|
}
|
|
|
|
if($_POST['submissionType'] == "loan"){
|
|
$copyID = $_POST['copyID'] ?? '';
|
|
$borrowerID = $_POST['borrowerID'] ?? '';
|
|
$borrowedDate = $_POST['borrowedDate'] ?? '';
|
|
$dueDate = $_POST['dueDate'];
|
|
|
|
if($copyID && $borrowerID && $borrowedDate && $dueDate){
|
|
addLoan($pdo, $copyID, $borrowerID, $borrowedDate, $dueDate);
|
|
}else{
|
|
echo "<p>Please fill in all fields.</p>";
|
|
}
|
|
}
|
|
|
|
if($_POST['submissionType'] == "return"){
|
|
$copyIDLoanID = explode("-", $_POST['copyID-loanID'], 2);
|
|
|
|
$copyID = $copyIDLoanID[0];
|
|
$loanID = $copyIDLoanID[1];
|
|
$returnedDate = $_POST['returnedDate'];
|
|
|
|
if($copyID && $loanID){
|
|
removeLoan($pdo, $copyID, $loanID, $returnedDate);
|
|
}else{
|
|
echo "<p>Please fill in all fields</p>";
|
|
}
|
|
}
|
|
|
|
if($_POST['submissionType'] == "selectRequest"){
|
|
$selectRequest = $_POST['sqlSelectTextarea'];
|
|
|
|
if($selectRequest){
|
|
selectRequest($pdo, $selectRequest);
|
|
}else{
|
|
echo "<p>Please fill in all fields</p>";
|
|
}
|
|
}
|
|
}
|
|
|
|
if($_SERVER['REQUEST_METHOD'] == 'GET'){
|
|
|
|
if(!hash_equals($sessionToken, $getToken)){
|
|
die("Invalid request: Token mismatch.");
|
|
}
|
|
|
|
if($_GET['submissionType'] == "getCopies"){
|
|
$bookID = $_GET['bookID'];
|
|
if($bookID){
|
|
$copies = getAvailableCopiesOfBook($pdo, $bookID);
|
|
|
|
echo json_encode($copies);
|
|
}else{
|
|
echo json_encode([]);
|
|
}
|
|
}
|
|
|
|
if($_GET['submissionType'] == "getReturnCopies"){
|
|
$borrowerID = $_GET['borrowerID'];
|
|
if($borrowerID){
|
|
$copies = getBorrowedCopiesOfBorrower($pdo, $borrowerID);
|
|
|
|
echo json_encode($copies);
|
|
}else{
|
|
echo json_encode([]);
|
|
}
|
|
}
|
|
}
|
|
?>
|