Ejemplo n.º 1
0
function handle_api(MyDB $db, $post)
{
    if (!array_key_exists('action', $post)) {
        die("Error: no api action given");
    }
    if (!array_key_exists('clean_acom_name', $post)) {
        // no accommodation name given
        die("Error: no api accommodation name given");
    }
    $acom = $db->getAccommodationFromCleanName($post['clean_acom_name']);
    if ($acom === false) {
        die("Error: invalid accommodation " . $post['clean_acom_name']);
    }
    $token_acom = $db->getAccommodationFromToken(@$_COOKIE[Inventeerio::COOKIE_NAME]);
    if (!$token_acom || $token_acom['accom_id'] !== $acom['accom_id']) {
        setcookie(Inventeerio::COOKIE_NAME, null, -1, '/');
        // remove cookie, so the message won't come again
        die("Error: invalid acom_token - Login again? (" . @$_COOKIE[Inventeerio::COOKIE_NAME] . ")");
    }
    if ($post['action'] == 'add') {
        if (!array_key_exists('item_id', $post)) {
            // no accommodation name given
            die("Error: no api item given");
        }
        if ($post['item_id'] == -1) {
            // CREATE new item
            if (!array_key_exists('item_name', $post)) {
                // no accommodation name given
                die("Error: no item name given");
            }
            $new_name = $post['item_name'];
            if (strlen($new_name) > 50) {
                // max length
                die("Error: name too long");
            }
            $item_id = $db->createItem($new_name);
            if ($item_id == -1) {
                die("Error: create item failed");
            }
        } else {
            $item = $db->getItemFromId($post['item_id']);
            if (!$item) {
                die("Error: invalid api item " . $post['item_id']);
            }
            $item_id = $item['item_id'];
        }
        //TODO: handle duplicates
        $new_id = $db->addRequest($acom['accom_id'], $item_id);
        if ($new_id >= 0) {
            echo "success[{$new_id}]";
        } else {
            die("Error: insert failed");
        }
    } else {
        if ($post['action'] == 'delete') {
            if (!array_key_exists('request_id', $post)) {
                // no accommodation name given
                die("Error: no api request_id given");
            }
            $item = $db->getItemFromId($post['request_id']);
            if (!$item) {
                die("Error: invalid api request_id " . $post['request_id']);
            }
            if ($db->removeRequest($post['request_id']) > 0) {
                echo "success";
            } else {
                die("Error: delete failed");
            }
        } else {
            die("Error: unknown api action " . $post['action']);
        }
    }
}