function createEvent($type, $name, $description, $date, $public, $owner) { global $db; $query = "INSERT INTO Event (type, name, description, date, public, owner) VALUES (:type, :name, :description, :date, :public, :owner)"; $stmt = $db->prepare($query); $stmt->bindParam(':type', $type, PDO::PARAM_INT); $stmt->bindParam(':name', $name, PDO::PARAM_STR); $stmt->bindParam(':description', $description, PDO::PARAM_STR); $stmt->bindParam(':date', $date, PDO::PARAM_STR); $stmt->bindParam(':public', $public, PDO::PARAM_BOOL); $stmt->bindParam(':owner', $owner, PDO::PARAM_INT); if (!$stmt->execute()) { return -1; } $idEvent = $db->lastInsertId('id'); registerInEvent($owner, $idEvent); return $idEvent; }
require_once INCLUDES_PATH . "/events.php"; require_once DATABASE_PATH . "/events.php"; try { if (!isset($_POST["id"])) { http_response_code(400); echo 'Missing event ID.'; } else { if (!isUserLoggedIn()) { http_response_code(403); echo 'You need to login to register in this event.'; } else { if (!validateCSRFToken($_POST["csrf_token"])) { http_response_code(403); echo 'Invalid CSRF token.'; } else { $event_id = $_POST["id"]; if (!canSeeEvent(getUserID(), $event_id)) { http_response_code(403); echo 'You do not have access to edit this event.'; } else { registerInEvent(getUserID(), $idEvent); } } } } } catch (InvalidArgumentException $e) { http_response_code(400); echo $e->getMessage(); } catch (Exception $e) { http_response_code(500); }
http_response_code(403); echo 'You need to login to edit this event.'; } else { if (!validateCSRFToken(rawurldecode($_GET["csrf_token"]))) { http_response_code(403); echo 'Invalid CSRF token.'; } else { $event_id = $_GET["idEvent"]; $user_id = getUserID(); $register = $_GET["action"]; if (!canSeeEvent($user_id, $event_id)) { http_response_code(403); echo 'You do not have access to this event.'; } else { if ($register) { registerInEvent($user_id, $event_id); } else { unregisterFromEvent($user_id, $event_id); } header("Location: view_event.php?id=" . $event_id); } } } } } } catch (InvalidArgumentException $e) { http_response_code(400); echo $e->getMessage(); } catch (Exception $e) { http_response_code(500); }