首頁 探索 說明
註冊 登入
benjamin.harris
/
soil-report-ai
1
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
目錄樹: 8ed4058123
分支列表 標籤列表
soil-report-ai
/
controllers
/
newProductSubmit.php

newProductSubmit.php 1.8 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * controllers/newProductSubmit.php
    4. 

  4.  *
    5. 

  5.  * POST handler: inserts a new product into fertiliser_specifications.
    6. 

  6.  */
    7. 

  7. 

  8. if (session_status() === PHP_SESSION_NONE) {
    9. 

  9.     session_start();
    10. 

  10. }
    11. 

  11. 

  12. require_once __DIR__ . '/../config/database.php';
    13. 

  13. require_once __DIR__ . '/../lib/auth.php';
    14. 

  14. require_once __DIR__ . '/../lib/csrf.php';
    15. 

  15. 

  16. requireLogin();
    17. 

  17. 

  18. if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    19. 

  19.     header('Location: /dashboard/client-settings/product-list.php');
    20. 

  20.     exit;
    21. 

  21. }
    22. 

  22. 

  23. if (!verifyCsrfToken($_POST['csrf_token'] ?? '')) {
    24. 

  24.     $_SESSION['flash_error'] = 'Invalid CSRF token. Please try again.';
    25. 

  25.     header('Location: /dashboard/client-settings/product-list.php');
    26. 

  26.     exit;
    27. 

  27. }
    28. 

  28. 

  29. $name     = trim($_POST['name']     ?? '');
    30. 

  30. $chemical = trim($_POST['chemical'] ?? '');
    31. 

  31. 

  32. if ($name === '') {
    33. 

  33.     $_SESSION['flash_error'] = 'Product name is required.';
    34. 

  34.     header('Location: /dashboard/client-settings/product-list.php');
    35. 

  35.     exit;
    36. 

  36. }
    37. 

  37. 

  38. $pdo    = getDBConnection();
    39. 

  39. $userId = getCurrentUserId();
    40. 

  40. 

  41. $nutrients    = ['N', 'P', 'K', 'Na', 'Ca', 'Mg', 'B', 'Zn', 'Cu', 'Mn', 'Fe', 'Co', 'Mo'];
    42. 

  42. $colList      = 'modx_user_id, name, chemical, ' . implode(', ', array_map(fn($c) => "`$c`", $nutrients));
    43. 

  43. $placeholders = implode(', ', array_fill(0, count($nutrients) + 3, '?'));
    44. 

  44. 

  45. $values = [$userId, $name, $chemical];
    46. 

  46. foreach ($nutrients as $col) {
    47. 

  47.     $val = trim((string) ($_POST[$col] ?? '0'));
    48. 

  48.     $values[] = is_numeric($val) ? $val : '0';
    49. 

  49. }
    50. 

  50. 

  51. try {
    52. 

  52.     $stmt = $pdo->prepare("INSERT INTO fertiliser_specifications ($colList) VALUES ($placeholders)");
    53. 

  53.     $stmt->execute($values);
    54. 

  54.     $_SESSION['flash_success'] = 'Product "' . htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . '" added successfully.';
    55. 

  55. } catch (\PDOException $e) {
    56. 

  56.     $_SESSION['flash_error'] = 'Failed to add product. Please try again.';
    57. 

  57. }
    58. 

  58. 

  59. header('Location: /dashboard/client-settings/product-list.php');
    60. 

  60. exit;
    61.