This repository has been archived by the owner on Jan 26, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
functions.php
157 lines (135 loc) · 7.17 KB
/
functions.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<?php
require_once("./connection.php");
session_start();
function uploadFilesInServer($group_id, $new_group_expend_id)
{
$folder_name = md5($group_id);
$valid_ext = array("jpg", "png", "jpeg", "txt", "pdf");
$count_files = count($_FILES['files']['name']);
$upload_location = __DIR__ . "/media/$folder_name/";
if (!is_dir($upload_location))
mkdir($upload_location, 0777);
for ($i = 0; $i < $count_files; $i++) {
$filename = $_FILES['files']['name'][$i];
$file_extension = pathinfo($filename, PATHINFO_EXTENSION);
$file_extension = strtolower($file_extension);
if (in_array($file_extension, $valid_ext)) {
$filename = $new_group_expend_id . "_" . basename($filename, ".$file_extension") . "_" . $i . "." . $file_extension;
$path = $upload_location . $filename;
if (!move_uploaded_file($_FILES['files']['tmp_name'][$i], $path)) {
if (!isset($_SESSION['msg'])) $_SESSION['msg'] = [];
$msg = ["error", "No se ha podido subir la imagen $filename.", "container-messages", 5];
array_push($_SESSION['msg'], $msg);
}
}
}
}
function insertQuery($bd, $sql, $params)
{
$query = $bd->prepare($sql); // Prepare the query.
for ($i = 0; $i < sizeOf($params); $i++)
$query->bindParam($i + 1, $params[$i]);
$query->execute(); // Execute the query
}
if (isset($_POST['nameTrip'])) {
if (isset($_SESSION['user'][0])) {
$userId = $_SESSION['user'][0];
$_SESSION['first_load_invitation_page'] = true;
$params = [];
// PARAMETERS OF TRAVEL
foreach ($_POST as $value)
array_push($params, filter_var($value, FILTER_SANITIZE_STRING));
insertQuery($bd, "INSERT INTO `Travels`(`name`, `description`, `coin`) VALUES (?, ?, ?);", $params); // INSERT NEW TRAVEL
$id_travel = $bd->lastInsertId();
$new_travel = $bd->prepare("SELECT `trip_id`, `creation_date` FROM Travels WHERE trip_id = $id_travel");
$new_travel->execute();
$travel = $new_travel->fetch();
$string = $travel[1] . $travel[0];
insertQuery($bd, "UPDATE Travels SET token=md5('$string') WHERE trip_id=$id_travel;", []); // INSERT NEW TRAVEL
insertQuery($bd, "INSERT INTO `Groups` VALUES (null, $userId, $id_travel)", []); // INSERT NEW GROUP
$new_token = $bd->prepare("SELECT `token` FROM Travels WHERE trip_id = $id_travel");
$new_token->execute();
$token = $new_token->fetch();
$_SESSION['trip_name'] = $params[0];
$_SESSION['token'] = $token[0];
header("location: ./invitations.php");
} else header("location:login.php?status=session_expired");
} else if (isset($_GET['action']) && $_GET['action'] == "new-spend" && isset($_GET['id']) && isset($_SESSION['user'][0])) {
$id_travel = filter_var($_GET['id'], FILTER_SANITIZE_STRING);
$travel_details = $bd->prepare("SELECT trip_id FROM Travels WHERE trip_id = $id_travel");
$travel_details->execute();
$id_travel = $travel_details->fetch();
if ($id_travel) {
$_SESSION['travelSelected'] = $id_travel[0];
header("location: enterPayment.php");
} else {
$_SESSION['travelSelected'] = null;
header("location: home.php?msg=ID del vuelo no encontrado.");
}
} else if ((isset($_GET['action']) && $_GET['action'] == "new-spend" || isset($_GET['action']) && $_GET['action'] == "new-spend-advanced") && isset($_POST['paid-by']) && isset($_POST['total-expend']) >= 1 && isset($_POST['total-expend']) <= 10000) {
$group_id = $_SESSION['newSpend']['groupId'];
$paid_by = $_POST['paid-by'];
$price = $_POST['total-expend'];
$params = [
filter_var($paid_by, FILTER_SANITIZE_STRING),
filter_var($price, FILTER_SANITIZE_STRING),
$group_id
];
insertQuery($bd, "INSERT INTO Group_Expenses(paid_by, price, group_id) VALUES (?, ?, ?);", $params); // INSERT NEW GROUP EXPEND
$new_group_expend_id = $bd->lastInsertId();
uploadFilesInServer($group_id, $new_group_expend_id);
if ($_GET['action'] == "new-spend") {
$params = [
filter_var($paid_by, FILTER_SANITIZE_STRING),
filter_var($price, FILTER_SANITIZE_STRING),
random_int(0, 1),
$new_group_expend_id
];
insertQuery($bd, "INSERT INTO Personal_Expenses(`user_id`, amount, payment_status, group_expense_id) VALUES (?, ?, ?, ?);", $params); // INSERT NEW PERSONAL EXPEND
} else if ($_GET['action'] == "new-spend-advanced" && isset($_GET['ids']) && isset($_GET['prices'])) {
$ids = [];
$id_positions = explode("-", $_GET['ids']);
for ($i = 0; $i < sizeOf($id_positions); $i++)
array_push($ids, explode(" - ", $_SESSION['newSpend']['users'][$id_positions[$i]])[0]);
$prices = explode("-", $_GET['prices']);
for ($i = 0; $i < sizeOf($ids); $i++) {
$params = [
filter_var($ids[$i], FILTER_SANITIZE_STRING),
filter_var($prices[$i], FILTER_SANITIZE_STRING),
random_int(0, 1),
$new_group_expend_id
];
insertQuery($bd, "INSERT INTO Personal_Expenses(`user_id`, amount, payment_status, group_expense_id) VALUES (?, ?, ?, ?);", $params); // INSERT NEW PERSONAL EXPEND
}
}
if (!isset($_SESSION['msg'])) $_SESSION['msg'] = [];
$msg = ["success", "Se ha agregado un nuevo gasto al viaje " . $_SESSION['newSpend']['tripName'] . " de $price.", "container-messages", 5];
array_push($_SESSION['msg'], $msg);
header("location: home.php");
} else if (isset($_GET['action']) && $_GET['action'] == "edit-travel" && isset($_GET['group']) && $_GET['group'] >= 1) {
$id_travel = filter_var($_GET['group'], FILTER_SANITIZE_STRING);
$travel_details = $bd->prepare("SELECT `trip_id`, `name`, `description`, `coin` FROM Travels WHERE trip_id = $id_travel");
$travel_details->execute();
$travel = $travel_details->fetch();
$_SESSION['travelSelected'] = $travel;
header("location: editTravel.php");
} else if (isset($_GET['action']) && $_GET['action'] == "save-travel") {
$id_travel = $_SESSION['travelSelected'][0];
$params = [];
foreach ($_POST as $value)
array_push($params, filter_var($value, FILTER_SANITIZE_STRING));
insertQuery($bd, "UPDATE Travels SET `name` = ? , `coin`= ? , `description` = ? WHERE trip_id=$id_travel;", $params);
$_SESSION['travelSelected'][1] = $params[0];
$_SESSION['travelSelected'][2] = $params[2];
$_SESSION['travelSelected'][3] = $params[1];
if (!isset($_SESSION['msg'])) $_SESSION['msg'] = [];
$msg = ["success", "Los cambios del viaje han sido guardados correctamente.", "container-messages", 5];
array_push($_SESSION['msg'], $msg);
header("location: editTravel.php");
} else if (isset($_GET['action']) && $_GET['action'] == "save-travel-to-invitations") {
$_SESSION['trip_name'] = $_SESSION['travelSelected'][1];
header("location: invitations.php");
} else if (isset($_GET['action']) && $_GET['action'] == "balance" && isset($_GET['id']) && $_GET['id'] >= 1) {
$_SESSION["travel_id"] = filter_var($_GET['id'], FILTER_SANITIZE_STRING);
header("location: balance.php");
}