Halaman utama Jelajahi Bantuan
Daftar Masuk
benjamin.harris
/
soil-report-ai
1
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Pohon: 8a7bbc6533
Ranting Tag
soil-report-ai
/
controllers
/
blockSubmit.php

blockSubmit.php 3.1 KB
Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * controllers/blockSubmit.php
    4. 

  4.  *
    5. 

  5.  * Handles Create and Edit (update) submissions for block_info records.
    6. 

  6.  * Redirects back to /dashboard/crop-cards/ on success or failure.
    7. 

  7.  */
    8. 

  8. 

  9. if (session_status() === PHP_SESSION_NONE) {
    10. 

  10.     session_start();
    11. 

  11. }
    12. 

  12. 

  13. require_once __DIR__ . '/../config/database.php';
    14. 

  14. require_once __DIR__ . '/../lib/auth.php';
    15. 

  15. require_once __DIR__ . '/../lib/csrf.php';
    16. 

  16. 

  17. requireLogin();
    18. 

  18. 

  19. if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    20. 

  20.     header('Location: /dashboard/crop-cards/');
    21. 

  21.     exit;
    22. 

  22. }
    23. 

  23. 

  24. if (!verifyCsrfToken($_POST['csrf_token'] ?? '')) {
    25. 

  25.     $_SESSION['flash_error'] = 'Invalid security token. Please try again.';
    26. 

  26.     header('Location: /dashboard/crop-cards/');
    27. 

  27.     exit;
    28. 

  28. }
    29. 

  29. 

  30. $action    = $_POST['action'] ?? '';
    31. 

  31. $userId    = getCurrentUserId();
    32. 

  32. $pdo       = getDBConnection();
    33. 

  33. 

  34. // Shared field sanitisation
    35. 

  35. $name      = trim($_POST['name']      ?? '');
    36. 

  36. $blockId   = trim($_POST['block_id']  ?? '');
    37. 

  37. $location  = trim($_POST['location']  ?? '');
    38. 

  38. $areaHa    = is_numeric($_POST['area_ha'] ?? '') ? (float) $_POST['area_ha'] : 0;
    39. 

  39. $gps       = trim($_POST['gps']       ?? '');
    40. 

  40. $soilType  = trim($_POST['analysis_type'] ?? '');
    41. 

  41. 

  42. if ($name === '' || $blockId === '') {
    43. 

  43.     $_SESSION['flash_error'] = 'Block ID and Block Name are required.';
    44. 

  44.     header('Location: /dashboard/crop-cards/');
    45. 

  45.     exit;
    46. 

  46. }
    47. 

  47. 

  48. if ($action === 'create') {
    49. 

  49.     $stmt = $pdo->prepare('
    50. 

  50.         INSERT INTO block_info (modx_user_id, name, block_id, location, area, gps, analysis_type, status, date_added)
    51. 

  51.         VALUES (?, ?, ?, ?, ?, ?, ?, 0, CURDATE())
    52. 

  52.     ');
    53. 

  53.     $stmt->execute([$userId, $name, $blockId, $location, $areaHa, $gps, $soilType]);
    54. 

  54. 

  55.     $_SESSION['flash_success'] = 'Paddock "' . htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . '" created.';
    56. 

  56.     header('Location: /dashboard/crop-cards/');
    57. 

  57.     exit;
    58. 

  58. }
    59. 

  59. 

  60. if ($action === 'edit') {
    61. 

  61.     $recordId = (int) ($_POST['record_id'] ?? 0);
    62. 

  62. 

  63.     if ($recordId <= 0) {
    64. 

  64.         $_SESSION['flash_error'] = 'Invalid record.';
    65. 

  65.         header('Location: /dashboard/crop-cards/');
    66. 

  66.         exit;
    67. 

  67.     }
    68. 

  68. 

  69.     // Ownership check
    70. 

  70.     $check = $pdo->prepare('SELECT id FROM block_info WHERE id = ? AND modx_user_id = ? LIMIT 1');
    71. 

  71.     $check->execute([$recordId, $userId]);
    72. 

  72.     if (!$check->fetch()) {
    73. 

  73.         $_SESSION['flash_error'] = 'Record not found or access denied.';
    74. 

  74.         header('Location: /dashboard/crop-cards/');
    75. 

  75.         exit;
    76. 

  76.     }
    77. 

  77. 

  78.     $stmt = $pdo->prepare('
    79. 

  79.         UPDATE block_info
    80. 

  80.         SET name = ?, block_id = ?, location = ?, area = ?, gps = ?, analysis_type = ?
    81. 

  81.         WHERE id = ? AND modx_user_id = ?
    82. 

  82.     ');
    83. 

  83.     $stmt->execute([$name, $blockId, $location, $areaHa, $gps, $soilType, $recordId, $userId]);
    84. 

  84. 

  85.     $_SESSION['flash_success'] = 'Paddock "' . htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . '" updated.';
    86. 

  86. 

  87.     // Return to paddock dashboard if the edit came from there
    88. 

  88.     $referer = $_POST['_referer'] ?? '';
    89. 

  89.     if (str_contains($referer, 'block-detail.php')) {
    90. 

  90.         header('Location: /dashboard/crop-cards/block-detail.php?rid=' . $recordId
    91. 

  91.             . '&id=' . urlencode($blockId));
    92. 

  92.     } else {
    93. 

  93.         header('Location: /dashboard/crop-cards/');
    94. 

  94.     }
    95. 

  95.     exit;
    96. 

  96. }
    97. 

  97. 

  98. // Unknown action
    99. 

  99. header('Location: /dashboard/crop-cards/');
    100. 

  100. exit;
    101.