<?php
require_once "libraries/head.php";
if (!isLogin()) {
sendAjaxRedirect("login.php");
}
if (isset($_POST["groupid"]) && isset($_POST["messagetype"]) && isset($_POST["content"])) {
$result = postRecord($_SESSION["userID"], $_POST["groupid"], $_POST["messagetype"], $_POST["content"]);
if ($result === true) {
sendAjaxResSuc();
} else {
sendAjaxResErr($result);
}
}
function postRecord($userID, $groupID, $messageType, $content)
{
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($userID);
if ($user->getRole()->getRoleID() == "4") {
return "This user was forbidden to post!";
}
if (!isValidID($groupID)) {
return "Group id is not valid!";
}
if (!isValidMessageType($messageType)) {
return "Message type is not valid!";
}
if (gettype($content) != "string" || strlen($content) > 1000) {
return "Wrong type content or exceed max length(1000)!";
}
if ($messageType == "4") {
foreach ($_REQUEST as $name => $value) {
$hold = htmlspecialchars($value);
$hold = trim($hold);
$hold = stripslashes($hold);
$postArray[$name] = $hold;
}
$DBConnArray = getDBConn();
if (!$DBConnArray['ErrorReturn']['Success']) {
echo json_encode(array('table' => $DBConnArray['ErrorReturn']['ErrorMessage']));
}
foreach ($postArray as $name => $val) {
if (preg_match("/chk/", $name)) {
$val = preg_replace("/\\[/", "", $val);
$arr = explode("]", $val);
$userID = $arr[0];
$date = $arr[1];
#echo "<br>" . $userID . "<br>" . $date;
postRecord($userID, $date);
}
}
header('location: http://localhost/Caneur/Caneur-4/index.html');
function postRecord($userID, $date)
{
global $DBConnArray;
$sql = "insert into invoices values (" . $userID . ", '" . $date . "', " . "12.49);";
$returnArray = updateData($DBConnArray, $sql);
if (!$returnArray['ErrorReturn']['Success']) {
echo json_encode(array('table' => $DBConnArray['ErrorReturn']['ErrorMessage']));
return;
}
}
