<?php
@(include 'utilities/all.php');
header("Content-Type: application/json");
checkGetParameter('title');
checkGetParameter('price');
checkGetParameter('description');
checkGetParameter('photo');
checkGetParameter('thumbnail');
checkGetParameter('fb_id');
checkGetParameter('cat_name');
$title = cleanString(getGet('title'));
$price = cleanString(getGet('price'));
$description = cleanString(getGet('description'));
$photo = cleanString(getGet('photo'));
$thumbnail = cleanString(getGet('thumbnail'));
$fb_id = cleanString(getGet('fb_id'));
$cat_name = cleanString(getGet('cat_name'));
$sql = "SELECT * FROM users, schools WHERE fb_id={$fb_id} AND users.school_id = schools.school_id";
$result = db_query($sql);
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$school_id = $row['school_id'];
$user_name = $row['name'];
#TODO: Checking if the user has submitted the maximum number of items
$sql = "INSERT INTO items (item_title, item_price, item_description, item_photo, item_thumbnail, \n\tfb_id, cat_name, school_id, user_name)\n\t\tVALUES ('{$title}', {$price}, '{$description}', '{$photo}', '{$thumbnail}', {$fb_id}, \n\t'{$cat_name}', {$school_id}, '{$user_name}')";
$result = db_query($sql);
$out['success'] = true;
echo json_encode($out);
<?php
@(include 'utilities/all.php');
header("Content-Type: application/json");
checkGetParameter('item_id');
checkGetParameter('fb_id');
$item_id = cleanString(getGet('item_id'));
$fb_id = cleanString(getGet('fb_id'));
$sql = "UPDATE items SET item_status=2 WHERE item_id={$item_id} AND fb_id={$fb_id}";
$result = db_query($sql);
$out['success'] = true;
echo json_encode($out);
<?php
@(include 'utilities/all.php');
header("Content-Type: application/json");
checkGetParameter('school');
//checkGetParameter('query');
$school = cleanString(getGet('school'));
$category = cleanString(getGet('category'));
$num = cleanString(getGet('num'));
$where = "WHERE school_id={$school}";
if ($category != '') {
$where .= " AND cat_name='{$category}' ";
}
if ($num == '') {
$num = 10;
}
$order = "ORDER BY search_count DESC";
$limit = "LIMIT {$num}";
$group = "GROUP BY search_q";
$sql = "SELECT search_q, count(search_q) as search_count FROM searches {$where} {$group} {$order} {$limit}";
#echo $sql;
$result = db_query($sql);
$arr = array();
$count = 0;
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
$arr[$count] = $row;
$count++;
}
$out['searches'] = $arr;
echo json_encode($out);
$product_info = sortByName(getProductInfo());
exit;
} elseif ($sortBy == "cheap") {
$product_info = sortByPriceAsc(getProductInfo());
exit;
} elseif ($sortBy == "expensive") {
$product_info = sortByPriceDes(getProductInfo());
exit;
}
}
if (!isset($sortBy)) {
// default sorting - by name
$product_info = sortByName(getProductInfo());
}
}
checkGetParameter();
/**
* Function to sort by product name from A to Z
*/
function sortByName($product_info)
{
$product_info = getProductInfo();
$tmp = [];
foreach ($product_info as &$val) {
$tmp[] =& $val[1][1];
// [1][1] is name
}
array_multisort($tmp, $product_info);
// foreach($product_info as &$val) { // проверка
// echo $val[1][1]."<br/>";
// }
<?php
@(include 'utilities/all.php');
header("Content-Type: application/json");
checkGetParameter('item_id');
checkGetParameter('fb_id');
checkGetParameter('message');
$item_id = cleanString(getGet('item_id'));
$fb_id = cleanString(getGet('fb_id'));
$message = cleanString(getGet('message'));
$sql = "INSERT INTO messages (item_id, fb_id, message) \n\tVALUES ({$item_id}, {$fb_id}, '{$message}')";
$result = db_query($sql);
$out['success'] = true;
echo json_encode($out);
<?php
@(include 'utilities/all.php');
header("Content-Type: application/json");
checkGetParameter('fb_id');
checkGetParameter('school_id');
$fb_id = cleanString(getGet('fb_id'));
$school_id = cleanString(getGet('school_id'));
$sql = "UPDATE users SET school_id={$school_id} WHERE fb_id={$fb_id}";
$result = db_query($sql);
$sql = "UPDATE items SET school_id={$school_id} WHERE fb_id={$fb_id}";
$result = db_query($sql);
$out['success'] = true;
echo json_encode($out);
// TODO: Update all items by the user to the new school
<?php
@(include 'utilities/all.php');
header("Content-Type: application/json");
checkGetParameter('userid');
$userid = cleanString(getGet('userid'));
$where = "WHERE fb_id={$userid} AND (item_status=0 OR item_status=1)";
$order = "ORDER BY item_date DESC";
$sql = "SELECT * FROM items {$where} {$order}";
#echo $sql;
$result = db_query($sql);
$arr = array();
$count = 0;
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
$arr[$count] = $row;
$count++;
}
$out['items'] = $arr;
echo json_encode($out);
<?php
@(include 'utilities/all.php');
header("Content-Type: application/json");
checkGetParameter('item_id');
$item_id = cleanString(getGet('item_id'));
$sql = "UPDATE items SET item_status=-1 WHERE item_id={$item_id}";
$result = db_query($sql);
$out['success'] = true;
echo json_encode($out);
<?php
@(include 'utilities/all.php');
header("Content-Type: application/json");
checkGetParameter('fb_id');
checkGetParameter('name');
checkGetParameter('email');
$fb_id = cleanString(getGet('fb_id'));
$name = cleanString(getGet('name'));
$email = cleanString(getGet('email'));
$sql = "INSERT INTO users (fb_id, name, email) VALUES({$fb_id}, '{$name}', '{$email}') \n\t\t\tON DUPLICATE KEY UPDATE name='{$name}', email='{$email}'";
$result = db_query($sql);
$out['success'] = true;
echo json_encode($out);