openflights/php/trip.php at master · jpatokal/openflights · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php

include_once 'locale.php';
include_once 'db_pdo.php';

$type = $_POST["type"];
$trid = $_POST["trid"] ?? null;

if ($type != "NEW" && (!$trid || $trid == 0)) {
    die("0;" . sprintf(_("Trip ID %s invalid."), htmlspecialchars($trid)));
}

$uid = $_SESSION["uid"];
if (!$uid || empty($uid)) {
    die('0;' . _("Your session has timed out, please log in again."));
}

/**
 * @param $res bool
 * @param $name string
 */
function failIfFalse($res, $name) {
    if (!$res) {
        die("0;" . sprintf(_("Operation on trip %s failed."), htmlspecialchars($name)));
    }
}

$name = $_POST["name"];
$url = $_POST["url"];
$privacy = $_POST["privacy"];

switch ($type) {
    case "NEW":
        // Create a new trip
        $sth = $dbh->prepare("INSERT INTO trips(name, url, public, uid) VALUES(?, ?, ?, ?)");
        $success = $sth->execute([$name, $url, $privacy, $uid]);
        break;

    case "EDIT":
        // Edit an existing trip
        $sth = $dbh->prepare("UPDATE trips SET name = ?, url = ?, public = ? WHERE uid = ? AND trid = ?");
        $success = $sth->execute([$name, $url, $privacy, $uid, $trid]);
        break;

    case "DELETE":
        // Assign flights with this trip id to null and then delete the trip
        $sth = $dbh->prepare("UPDATE flights SET trid = NULL WHERE trid = ? AND uid = ?");
        failIfFalse($sth->execute([$trid, $uid]), $name);

        $sth = $dbh->prepare("DELETE FROM trips WHERE trid = ? AND uid = ?");
        $success = $sth->execute([$trid, $uid]);
        break;

    default:
        die('0;Unknown operation ' . htmlspecialchars($type));
}

failIfFalse($success, $name);

if ($sth->rowCount() !== 1) {
    if ($type == "EDIT") {
        die("0;No updates were performed, was anything changed?");
    }
    // DELETE
    die("0;No matching trip found");
}

switch ($type) {
    case "NEW":
        $trid = $dbh->lastInsertId();
        printf("1;%s;" . _("Trip successfully created"), $trid);
        break;

    case "DELETE":
        printf("100;%s;" . _("Trip successfully deleted"), $trid);
        break;

    default:
        printf("2;%s;" . _("Trip successfully edited."), $trid);
        break;
}