Example #1
0
function createEvent($type, $name, $description, $date, $public, $owner)
{
    global $db;
    $query = "INSERT INTO Event (type, name, description, date, public, owner) VALUES (:type, :name, :description, :date, :public, :owner)";
    $stmt = $db->prepare($query);
    $stmt->bindParam(':type', $type, PDO::PARAM_INT);
    $stmt->bindParam(':name', $name, PDO::PARAM_STR);
    $stmt->bindParam(':description', $description, PDO::PARAM_STR);
    $stmt->bindParam(':date', $date, PDO::PARAM_STR);
    $stmt->bindParam(':public', $public, PDO::PARAM_BOOL);
    $stmt->bindParam(':owner', $owner, PDO::PARAM_INT);
    if (!$stmt->execute()) {
        return -1;
    }
    $idEvent = $db->lastInsertId('id');
    registerInEvent($owner, $idEvent);
    return $idEvent;
}
Example #2
0
require_once INCLUDES_PATH . "/events.php";
require_once DATABASE_PATH . "/events.php";
try {
    if (!isset($_POST["id"])) {
        http_response_code(400);
        echo 'Missing event ID.';
    } else {
        if (!isUserLoggedIn()) {
            http_response_code(403);
            echo 'You need to login to register in this event.';
        } else {
            if (!validateCSRFToken($_POST["csrf_token"])) {
                http_response_code(403);
                echo 'Invalid CSRF token.';
            } else {
                $event_id = $_POST["id"];
                if (!canSeeEvent(getUserID(), $event_id)) {
                    http_response_code(403);
                    echo 'You do not have access to edit this event.';
                } else {
                    registerInEvent(getUserID(), $idEvent);
                }
            }
        }
    }
} catch (InvalidArgumentException $e) {
    http_response_code(400);
    echo $e->getMessage();
} catch (Exception $e) {
    http_response_code(500);
}
Example #3
0
                http_response_code(403);
                echo 'You need to login to edit this event.';
            } else {
                if (!validateCSRFToken(rawurldecode($_GET["csrf_token"]))) {
                    http_response_code(403);
                    echo 'Invalid CSRF token.';
                } else {
                    $event_id = $_GET["idEvent"];
                    $user_id = getUserID();
                    $register = $_GET["action"];
                    if (!canSeeEvent($user_id, $event_id)) {
                        http_response_code(403);
                        echo 'You do not have access to this event.';
                    } else {
                        if ($register) {
                            registerInEvent($user_id, $event_id);
                        } else {
                            unregisterFromEvent($user_id, $event_id);
                        }
                        header("Location: view_event.php?id=" . $event_id);
                    }
                }
            }
        }
    }
} catch (InvalidArgumentException $e) {
    http_response_code(400);
    echo $e->getMessage();
} catch (Exception $e) {
    http_response_code(500);
}