//This file displays an individual item //TODO Check item exists in database. if(!isset($_GET['id']) || !is_numeric($_GET['id'])){ redirect_to_url('/'); //Send to homepage. } else { $item_id = (int)$_GET['id']; } $item = new Item($item_id); QR::item($item_id); $valid_actions = array('delete', 'checkout', 'return'); if(isset($_GET['action']) && in_array($_GET['action'], $valid_actions)){ $auth->require_login(); $action = $_GET['action']; if( $action == 'delete' && $item->get_owner_id() == $user_id ){ Item::delete($item_id); redirect_to_url('/items/view_items.php?u=' . $user_id); } //TODO: May want to add check if item is available to be checked out else if( $action == 'checkout' ){ Item::checkout_by_ids($item_id, $user_id); redirect_to_url('/items/view_items.php?u=' . $user_id); } else if( $action == 'return' ){ Item::return_by_id($item_id, $user_id); //redirect_to_url('/items/view_items.php?u=' . $user_id); } } $page->assign('item', $item->to_array());
<?php namespace tatt; require_once 'tatt/webcommon.php'; var_dump($_POST); $auth->require_login(); if(!isset($_GET['id']) || !is_numeric($_GET['id'])) redirect_to_url('/items/view_items.php'); //Redirect to inventory page. $item_id = (int)$_GET['id']; $item = new Item($item_id); if($item->get_owner_id() != $user_id) redirect_to_url('/items/view_items.php'); //Redirect to inventory page. if(isset($_POST['name'])){ //form was submitted $name = $db->escape_string($_POST['name']); $location = $db->escape_string($_POST['location']); $item->set_name($name); $item->set_location($location); if(isset($_POST['attributes'])){ $attributes = $_POST['attributes']; foreach($attributes as $attribute){ $attribute_id = (int)$attribute['id']; $value = $db->escape_string($attribute['value']); //echo "ID: $attribute_id V: $value"; $new_attribute = new Attribute($item_id, $attribute_id); $new_attribute->set_value($value);