-
Notifications
You must be signed in to change notification settings - Fork 0
/
modify_shop.php
84 lines (77 loc) · 3.26 KB
/
modify_shop.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<!-- Warning: NEVER echo anything in this file except for final JSON. This file should only return json file. -->
<?php session_start(); ?>
<?php
header("Content-Type: application/json", true);
?>
<?php
$dbservername = 'localhost';
$dbname = 'hw2';
$dbusername = 'root';
$dbpassword = '';
$account = $_SESSION['account'];
try {
// modify the value as entered
if (isset($_POST['price']) && (!empty($_POST['price'] || $_POST['price'] == 0))) {
$conn = new PDO("mysql:host=$dbservername;dbname=$dbname", $dbusername, $dbpassword);
# set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$newPrice = $_POST['price'];
$stmt = $conn->prepare( "UPDATE shop SET mask_price=:newPrice
WHERE S_id = (SELECT S_id from job
WHERE U_id = (SELECT U_id from user WHERE account=:account) AND position='owner')" );
$stmt->execute(array('newPrice' => $newPrice, 'account' => $account));
// header('Content-Type: application/json');
// echo json_encode(array('foo' => 'bar'));
echo json_encode(array('success' => '1'));
exit;
}
else if (isset($_POST['amount']) && (!empty($_POST['amount'] || $_POST['amount'] == 0))) {
$conn = new PDO("mysql:host=$dbservername;dbname=$dbname", $dbusername, $dbpassword);
# set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$newAmount = $_POST['amount'];
$stmt = $conn->prepare( "UPDATE shop SET mask_amount=:newAmount
WHERE S_id = (SELECT S_id from job
WHERE U_id = (SELECT U_id from user WHERE account=:account) AND position='owner')" );
$stmt->execute(array('newAmount' => $newAmount, 'account' => $account));
// header('Content-Type: application/json');
// echo json_encode(array('foo' => 'bar'));
echo json_encode(array('success' => '1'));
exit;
}
else if (isset($_POST['employee_account']) && !empty($_POST['employee_account'])) {
$conn = new PDO("mysql:host=$dbservername;dbname=$dbname", $dbusername, $dbpassword);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// First, check if it's already an employee
$newEmployee = $_POST['employee_account'];
$stmt = $conn->prepare("SELECT count(*) from job where S_id = (SELECT S_id from job
WHERE U_id = (SELECT U_id from user WHERE account=:account) AND position='owner')");
$stmt->execute(array('account' => $account));
$row = $stmt->fetch();
$alreadyInShop = $row[0];
if($alreadyInShop > 0) {
echo json_encode(array('success' => '0'));
exit;
}
else {
$stmt = $conn->prepare( "INSERT INTO job(U_id, S_id, position) VALUES
(SELECT U_id from user WHERE account=:newEmployee),
(SELECT S_id from job WHERE U_id = (SELECT U_id from user WHERE account=:account) AND position='owner'),
'employee'");
$stmt->execute(array('account' => $account, ':newEmployee' => $newEmployee));
// header('Content-Type: application/json');
// echo json_encode(array('foo' => 'bar'));
echo json_encode(array('success' => '1'));
exit;
}
}
else {
echo json_encode(array('success' => '0'));
}
} catch (Exception $e) {
$msg = $e->getMessage();
session_unset();
session_destroy();
echo json_encode(array('success' => '0'));
}
?>