aboutsummaryrefslogtreecommitdiff
path: root/handle-reservation.php
blob: bed1949a670dab1a9a473b14888b249cf4a28aa8 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
  // DB INFO
  $user = "yota_requester";
  $password = "oon5iraeghaidoShi5sheefie2uuz3gu";
  $database = "yota_call_db";
  $table = "activities";

  // SPECIAL CALL
  $specialCall = $_POST["scall"];

  // TIME
  $fromTime = $_POST["sdate"] . " " . $_POST["stime"] . ":00";
  $toTime = $_POST["edate"] . " " . $_POST["etime"] . ":00";

  // FREQUENCIES
  $frequencies = $_POST["freqs"][0];
  for ($i = 1; $i < sizeof($_POST["freqs"]); $i++) {
    $frequencies .= ", " . $_POST["freqs"][$i];
  }

  // MODES
  $modes = $_POST["modes"][0];
  for ($i = 1; $i < sizeof($_POST["modes"]); $i++) {
    $modes .= ", " . $_POST["modes"][$i];
  }

  // OPERATOR INFORMATION
  $operatorCall = $_POST["ocall"];
  $operatorName = $_POST["oname"];
  $operatorEmail = $_POST["email"];
  $operatorPhone = $_POST["phone"];

  // Sanitize data
  $specialCall = clear_input($specialCall);
  $fromTime = clear_input($fromTime);
  $toTime = clear_input($toTime);
  $frequencies = clear_input($frequencies);
  $modes = clear_input($modes);
  $operatorCall = clear_input($operatorCall);
  $operatorName = clear_input($operatorName);
  $operatorEmail = clear_input($operatorEmail);
  $operatorPhone = clear_input($operatorPhone);

  // Check if something is empty
  $is_something_empty = false;
  $is_something_empty |= empty($specialCall);
  $is_something_empty |= empty($fromTime);
  $is_something_empty |= empty($toTime);
  $is_something_empty |= empty($frequencies);
  $is_something_empty |= empty($modes);
  $is_something_empty |= empty($operatorCall);
  $is_something_empty |= empty($operatorName);
  $is_something_empty |= empty($operatorEmail);
  $is_something_empty |= empty($operatorPhone);

  // Operator call sign to uppercase
  $operatorCall = strtoupper($operatorCall);

  // Error handling
  if ($is_something_empty) {
    $_SESSION["msg"] = "All fields must be filed!";
  }
  else {
    // Send to DB
    try {
      $conn = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
      $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
      $sql = "INSERT INTO $table (specialCall, fromTime, toTime, frequencies, modes, operatorCall, operatorName, operatorEmail, operatorPhone)
        VALUES (:specialCall, :fromTime, :toTime, :frequencies, :modes, :operatorCall, :operatorName, :operatorEmail, :operatorPhone)";
      $stmt = $conn->prepare($sql);
      $stmt->bindParam(':specialCall', $specialCall);
      $stmt->bindParam(':fromTime', $fromTime);
      $stmt->bindParam(':toTime', $toTime);
      $stmt->bindParam(':frequencies', $frequencies);
      $stmt->bindParam(':modes', $modes);
      $stmt->bindParam(':operatorCall', $operatorCall);
      $stmt->bindParam(':operatorName', $operatorName);
      $stmt->bindParam(':operatorEmail', $operatorEmail);
      $stmt->bindParam(':operatorPhone', $operatorPhone);
      $stmt->execute();
      $_SESSION["msg"] = "Data inserted.";
    } catch (PDOException $e) {
      $_SESSION["msg"] = "Error!: " . $e->getMessage();
    }
  }
}

function clear_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

header("Location: reservation.php");