126 lines
No EOL
3.6 KiB
PHP
126 lines
No EOL
3.6 KiB
PHP
<?php
|
|
include "db/bootstrap.php";
|
|
include "db/functions.php";
|
|
|
|
session_start();
|
|
|
|
if (empty($_SESSION['csrf_token'])) {
|
|
die("Invalid request: No token supplied.");
|
|
}
|
|
|
|
$sessionToken = (string) ($_SESSION['csrf_token'] ?? '');
|
|
$postToken = (string) ($_POST['csrf_token'] ?? '');
|
|
$getToken = (string) ($_GET['csrf_token'] ?? '');
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
|
|
if (!hash_equals($sessionToken, $postToken)) {
|
|
die("Invalid request: Token mismatch.");
|
|
}
|
|
|
|
//Book Submission
|
|
if ($_POST['submissionType'] == "book") {
|
|
$title = $_POST['title'] ?? '';
|
|
$author = $_POST['author'] ?? '';
|
|
$area = $_POST['area'] ?? '';
|
|
|
|
if ($title && $author && $area) {
|
|
addBook($pdo, $title, $author, $area);
|
|
} else {
|
|
echo "<p>Please fill in all fields.</p>";
|
|
}
|
|
}
|
|
|
|
//Copy Submission
|
|
if ($_POST['submissionType'] == "copy") {
|
|
$bookID = $_POST['book'] ?? '';
|
|
$amount = $_POST['amount'] ?? '';
|
|
$copyCondition = $_POST['condition'] ?? '';
|
|
|
|
if ($bookID && $amount && $copyCondition) {
|
|
addCopies($pdo, $bookID, $amount, $copyCondition);
|
|
} else {
|
|
echo "<p>Please fill in all fields.</p>";
|
|
}
|
|
}
|
|
|
|
//Borrower Submission
|
|
if ($_POST['submissionType'] == "borrower") {
|
|
$firstname = $_POST['firstname'] ?? '';
|
|
$lastname = $_POST['lastname'] ?? '';
|
|
$role = $_POST['role'] ?? '';
|
|
|
|
if ($firstname && $lastname && $role) {
|
|
addBorrower($pdo, $firstname, $lastname, $role);
|
|
} else {
|
|
echo "<p>Please fill in all fields.</p>";
|
|
}
|
|
}
|
|
|
|
if ($_POST['submissionType'] == "loan") {
|
|
$copyID = $_POST['copyID'] ?? '';
|
|
$borrowerID = $_POST['borrowerID'] ?? '';
|
|
$borrowedDate = $_POST['borrowedDate'] ?? '';
|
|
$dueDate = $_POST['dueDate'];
|
|
|
|
if ($copyID && $borrowerID && $borrowedDate && $dueDate) {
|
|
addLoan($pdo, $copyID, $borrowerID, $borrowedDate, $dueDate);
|
|
} else {
|
|
echo "<p>Please fill in all fields.</p>";
|
|
}
|
|
}
|
|
|
|
if ($_POST['submissionType'] == "return") {
|
|
$copyIDLoanID = explode("-", $_POST['copyID-loanID'], 2);
|
|
|
|
$copyID = $copyIDLoanID[0];
|
|
$loanID = $copyIDLoanID[1];
|
|
$returnedDate = $_POST['returnedDate'];
|
|
|
|
if ($copyID && $loanID) {
|
|
removeLoan($pdo, $copyID, $loanID, $returnedDate);
|
|
} else {
|
|
echo "<p>Please fill in all fields</p>";
|
|
}
|
|
}
|
|
|
|
if ($_POST['submissionType'] == "selectRequest") {
|
|
$selectRequest = $_POST['sqlSelectTextarea'];
|
|
|
|
if ($selectRequest) {
|
|
selectRequest($pdo, $selectRequest);
|
|
} else {
|
|
echo "<p>Please fill in all fields</p>";
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
|
|
|
|
if (!hash_equals($sessionToken, $getToken)) {
|
|
die("Invalid request: Token mismatch.");
|
|
}
|
|
|
|
if ($_GET['submissionType'] == "getCopies") {
|
|
$bookID = $_GET['bookID'];
|
|
if ($bookID) {
|
|
$copies = getAvailableCopiesOfBook($pdo, $bookID);
|
|
|
|
echo json_encode($copies);
|
|
} else {
|
|
echo json_encode([]);
|
|
}
|
|
}
|
|
|
|
if ($_GET['submissionType'] == "getReturnCopies") {
|
|
$borrowerID = $_GET['borrowerID'];
|
|
if ($borrowerID) {
|
|
$copies = getBorrowedCopiesOfBorrower($pdo, $borrowerID);
|
|
|
|
echo json_encode($copies);
|
|
} else {
|
|
echo json_encode([]);
|
|
}
|
|
}
|
|
}
|
|
?>
|