<?php require_once "libraries/head.php"; if (!isLogin()) { sendAjaxRedirect("login.php"); } if (isset($_POST["groupid"]) && isset($_POST["messagetype"]) && isset($_POST["content"])) { $result = postRecord($_SESSION["userID"], $_POST["groupid"], $_POST["messagetype"], $_POST["content"]); if ($result === true) { sendAjaxResSuc(); } else { sendAjaxResErr($result); } } function postRecord($userID, $groupID, $messageType, $content) { $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); if ($user->getRole()->getRoleID() == "4") { return "This user was forbidden to post!"; } if (!isValidID($groupID)) { return "Group id is not valid!"; } if (!isValidMessageType($messageType)) { return "Message type is not valid!"; } if (gettype($content) != "string" || strlen($content) > 1000) { return "Wrong type content or exceed max length(1000)!"; } if ($messageType == "4") {
foreach ($_REQUEST as $name => $value) { $hold = htmlspecialchars($value); $hold = trim($hold); $hold = stripslashes($hold); $postArray[$name] = $hold; } $DBConnArray = getDBConn(); if (!$DBConnArray['ErrorReturn']['Success']) { echo json_encode(array('table' => $DBConnArray['ErrorReturn']['ErrorMessage'])); } foreach ($postArray as $name => $val) { if (preg_match("/chk/", $name)) { $val = preg_replace("/\\[/", "", $val); $arr = explode("]", $val); $userID = $arr[0]; $date = $arr[1]; #echo "<br>" . $userID . "<br>" . $date; postRecord($userID, $date); } } header('location: http://localhost/Caneur/Caneur-4/index.html'); function postRecord($userID, $date) { global $DBConnArray; $sql = "insert into invoices values (" . $userID . ", '" . $date . "', " . "12.49);"; $returnArray = updateData($DBConnArray, $sql); if (!$returnArray['ErrorReturn']['Success']) { echo json_encode(array('table' => $DBConnArray['ErrorReturn']['ErrorMessage'])); return; } }