public function create() { $user = $this->session->get_user(); if (!$user->is_admin()) { throw new Lib\Exceptions\UnauthorizedException(); } $args = $this->request->args; $name = Validate::plaintext($args['name']); $price = Validate::udouble($args['price']); $quantity = Validate::uint($args['quantity']); $image_url = Validate::image_url($args['image_url']); $product = Product::create($name, $price, $quantity, $image_url); $this->response->set_header(Lib\Response::HTTP_CREATED); $this->response->set('product', $product); }
public function hackable_create() { $args = $this->request->args; $token = $_COOKIE['user_token']; $user = User::retrieve_by_token(Validate::token($token)); $username = $user->username; $total = Validate::udouble($args['total']); $products = $args['products']; foreach ($products as $id => $quantity) { Product::decrease_quantity(Validate::uint($id), Validate::uint($quantity)); } $order = Order::create($username, $total); $this->response->set_header(Lib\Response::HTTP_CREATED); $this->response->set('order', $order); }