api/v1/read/index.php at master · stau.space/aecc-db

stau.space / aecc-db
AECC database project.
aecc-db / api / v1 / read / index.php
at master 302 lines 7.8 kB view raw
  1<?php
  2print header('Content-Type: application/json');
  3include("../../../lib/header.php");
  4
  5if (isset($_GET["t"])) {
  6	$type = validate_input($_GET["t"]);
  7	print match($type) {
  8		"activity" => activity(),
  9		"activity_transaction" => activity_transaction(),
 10		"board_member" => board_member(),
 11		"member" => member(),
 12		"product" => product(),
 13		"transaction" => transaction(),
 14		default => json_encode(err_msg(3))
 15	};
 16} else {
 17	print json_encode(err_msg(2));
 18}
 19
 20function activity() {
 21	include("../../../lib/db.php");
 22	$out = "";
 23	if (isset($_GET["a_id"])) {
 24		$stmt = $db -> prepare("SELECT * FROM activity WHERE a_id = ?;");
 25		$stmt -> bind_param("i", $a_id);
 26		$a_id = validate_input($_GET["a_id"]);
 27		$stmt->execute();
 28	} else {
 29		$s = "SELECT * FROM activity WHERE ";
 30		$param_str = "";
 31		$params = array();
 32		if (isset($_GET["title"])) {
 33			$s .= "MATCH title AGAINST (? WITH QUERY EXPANSION) AND ";
 34			$param_str .= "s";
 35			$params[] = validate_input($_GET["title"]);
 36		}
 37		if (isset($_GET["description"])) {
 38			$s .= "MATCH description AGAINST (? WITH QUERY EXPANSION) AND ";
 39			$param_str .= "s";
 40			$params[] = validate_input($_GET["description"]);
 41		}
 42		if (isset($_GET["date"])) {
 43			$s .= "date = ? AND ";
 44			$param_str .= "s";
 45			$params[] = validate_input($_GET["date"]);
 46		}
 47		$s .= "1 = 1;";
 48
 49		$stmt = $db -> prepare($s);
 50		if ($param_str != "")
 51			$stmt -> bind_param($param_str, ...$params);
 52		$stmt->execute();
 53	}
 54
 55	print header("HTTP/1.1 200 Succesfully got activities");
 56	$result = $stmt->get_result();
 57	$out .= json_encode($result->fetch_all());
 58
 59	$result->close();
 60	$db->next_result();
 61	$db->close();
 62	return $out;
 63}
 64
 65function activity_transaction() {
 66	include("../../../lib/db.php");
 67	$out = "";
 68	$s = "SELECT * FROM activity_transaction WHERE ";
 69	$param_str = "";
 70	$params = array();
 71	if (isset($_GET["a_id"])) {
 72		$s .= "a_id = ? AND ";
 73		$param_str .= "i";
 74		$params[] = validate_input($_GET["a_id"]);
 75	}
 76	if (isset($_GET["t_id"])) {
 77		$s .= "t_id = ? AND ";
 78		$param_str .= "i";
 79		$params[] = validate_input($_GET["t_id"]);
 80	}
 81	$s .= "1 = 1;";
 82	$stmt = $db -> prepare($s);
 83	if ($param_str != "")
 84		$stmt -> bind_param($param_str, ...$params);
 85	$stmt -> execute();
 86
 87	print header("HTTP/1.1 200 Succesfully got activity transactions");
 88	$result = $stmt->get_result();
 89	$out .= json_encode($result->fetch_all());
 90
 91	$result->close();
 92	$db->next_result();
 93	$db->close();
 94	return $out;
 95}
 96
 97function board_member() {
 98	include("../../../lib/db.php");
 99	$out = "";
100
101	if (isset($_GET["m_id"])) {
102		$stmt = $db -> prepare("SELECT * FROM board_member WHERE m_id = ?;");
103		$stmt -> bind_param("i", m_id);
104		$m_id = validate_input($_GET["m_id"]);
105		$stmt -> execute();
106	} else {
107		$s = "SELECT * FROM board_member WHERE ";
108		$param_str = "";
109		$params = array();
110		if (isset($_GET["position"])) {
111			$s .= "position = ? AND ";
112			$param_str .= "s";
113			$params[] = validate_input($_GET["position"]);
114		}
115		if (isset($_GET["year"])) {
116			$s .= "year = ? AND ";
117			$param_str .= "i";
118			$params[] = validate_input($_GET["date"]);
119		}
120		if (isset($_GET["role"])) {
121			$s .= "role = ? AND ";
122			$param_str .= "s";
123			$params[] = validate_input($_GET["role"]);
124		}
125		if (isset($_GET["password"])) {
126			$s .= "password = ? AND ";
127			$param_str .= "s";
128			$params[] = validate_input($_GET["password"]);
129		}
130		$s .= "1 = 1;";
131		$stmt = $db -> prepare($s);
132		if ($param_str != "")
133			$stmt -> bind_param($param_str, ...$params);
134		$stmt->execute();
135	}
136
137	print header("HTTP/1.1 200 Succesfully got board member");
138	$result = $stmt->get_result();
139	$out .= json_encode($result->fetch_all());
140
141	$result->close();
142	$db->next_result();
143	$db->close();
144	return $out;
145}
146
147function member() {
148	include("../../../lib/db.php");
149	$out = "";
150
151	if (isset($_GET["m_id"])) {
152		$stmt = $db -> prepare("SELECT * FROM member WHERE m_id = ?;");
153		$stmt -> bind_param("i", $m_id);
154		$m_id = validate_input($_GET["m_id"]);
155		$stmt -> execute();
156	} else {
157		$s = "SELECT * FROM member WHERE ";
158		$param_str = "";
159		$params = array();
160		if (isset($_GET["name"])) {
161			$s .= "MATCH (name) AGAINST (? WITH QUERY EXPANSION) AND ";
162			$param_str .= "s";
163			$params[] = validate_input($_GET["name"]);
164		}
165		if (isset($_GET["second_name"])) {
166			$s .= "MATCH (second_name) AGAINST (? WITH QUERY EXPANSION) AND ";
167			$param_str .= "s";
168			$params[] = validate_input($_GET["second_name"]);
169		}
170		if (isset($_GET["last_name"])) {
171			$s .= "MATCH (last_name) AGAINST (? WITH QUERY EXPANSION) AND ";
172			$param_str .= "s";
173			$params[] = validate_input($_GET["last_name"]);
174		}
175		if (isset($_GET["second_last_name"])) {
176			$s .= "MATCH (second_last_name) AGAINST (? WITH QUERY EXPANSION) AND ";
177			$param_str .= "s";
178			$params[] = validate_input($_GET["second_last_name"]);
179		}
180		if (isset($_GET["email"])) {
181			$s .= "email = ? AND ";
182			$param_str .= "s";
183			$params[] = validate_input($_GET["email"]);
184		}
185		if (isset($_GET["phone_number"])) {
186			$s .= "phone_number = ? AND ";
187			$param_str .= "s";
188			$params[] = validate_input($_GET["phone_number"]);
189		}
190		if (isset($_GET["status"])) {
191			$s .= "status = ? AND ";
192			$param_str .= "s";
193			$params[] = validate_input($_GET["status"]);
194		}
195		$s .= "1 = 1;";
196		$stmt = $db -> prepare($s);
197		if ($param_str != "")
198			$stmt -> bind_param($param_str, ...$params);
199		$stmt -> execute();
200	}
201
202	print header("HTTP/1.1 201 Succesfully got transactions.");
203	$result = $stmt->get_result();
204	$out .= json_encode($result->fetch_all());
205
206	$result->close();
207	$db->next_result();
208	$db->close();
209	return $out;
210}
211
212function product() {
213	include("../../../lib/db.php");
214
215	$out = "";
216
217	if (isset($_GET["p_id"])) {
218		$stmt = $db -> prepare("SELECT * FROM product WHERE p_id = ?;");
219		$stmt -> bind_param("i", $p_id);
220		$p_id = validate_input($_GET["p_id"]);
221		$stmt -> execute();
222	} else {
223		$s = "SELECT * FROM product WHERE ";
224		$param_str = "";
225		$params = array();
226		if (isset($_GET["description"])) {
227			$s .= "MATCH (description) AGAINST (? WITH QUERY EXPANSION) AND ";
228			$param_str .= "s";
229			$params[] = validate_input($_GET["description"]);
230		}
231		if (isset($_GET["cents"])) {
232			$s .= "cents = ? AND ";
233			$param_str .= "i";
234			$params[] = validate_input($_GET["cents"]);
235		}
236		$s .= "1 = 1;";
237		$stmt = $db -> prepare($s);
238		if ($param_str != "")
239			$stmt -> bind_param($param_str, ...$params);
240		$stmt -> execute();
241	}
242
243	print header("HTTP/1.1 201 Successfully got products.");
244	$result = $stmt->get_result();
245	$out .= json_encode($result->fetch_all());
246
247	$result->close();
248	$db->next_result();
249	$db->close();
250	return $out;
251}
252
253function transaction() {
254	include("../../../lib/db.php");
255	$out = "";
256
257	if (isset($_GET["t_id"])) {
258		$stmt = $db -> prepare("SELECT * FROM transaction WHERE t_id = ?;");
259		$stmt -> bind_param("i", $t_id);
260		$t_id = validate_input($_GET["t_id"]);
261		$stmt -> execute();
262	} else {
263		$s = "SELECT * FROM transaction WHERE ";
264		$param_str = "";
265		$params = array();
266		if (isset($_GET["type"])) {
267			$s .= "type = ? AND ";
268			$param_str .= "s";
269			$params[] = validate_input($_GET["type"]);
270		}
271		if (isset($_GET["date"])) {
272			$s .= "date = ? AND ";
273			$param_str .= "s";
274			$params[] = validate_input($_GET["date"]);
275		}
276		if (isset($_GET["quantity"])) {
277			$s .= "quantity = ? AND ";
278			$param_str .= "i";
279			$params[] = validate_input($_GET["quantity"]);
280		}
281		if (isset($_GET["p_id"])) {
282			$s .= "p_id = ? AND ";
283			$param_str .= "i";
284			$params[] = validate_input($_GET["p_id"]);
285		}
286		$s .= "1 = 1;";
287		$stmt = $db -> prepare($s);
288		if ($param_str != "")
289			$stmt -> bind_param($param_str, ...$params);
290		$stmt -> execute();
291	}
292
293	print header("HTTP/1.1 201 Succesfully got transactions.");
294	$result = $stmt->get_result();
295	$out .= json_encode($result->fetch_all());
296
297	$result->close();
298	$db->next_result();
299	$db->close();
300	return $out;
301}
302?>