137 lines
4.8 KiB
PHP
137 lines
4.8 KiB
PHP
<?php
|
|
defined($security_key) or exit;
|
|
|
|
//------------------------------------------
|
|
// Appointment
|
|
//------------------------------------------
|
|
//Connect to DB
|
|
$pdo = dbConnect($dbname);
|
|
|
|
//CONTENT FROM API (POST)
|
|
$post_content = json_decode($input,true);
|
|
|
|
//SET PARAMETERS FOR QUERY
|
|
$id = $post_content['id'] ?? ''; //check for rowID
|
|
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
|
|
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
|
|
$date = date('Y-m-d H:i:s');
|
|
|
|
//CREATE EMPTY STRINGS
|
|
$clause = '';
|
|
$clause_insert ='';
|
|
$input_insert = '';
|
|
|
|
if(isset($post_content['action']) && $post_content['action'] == 'book_appointment'){
|
|
|
|
//APPOINTMENT BOOKING
|
|
$dealer_id = $post_content['dealer_id'];
|
|
$name = $post_content['name'] ?? '';
|
|
$email = $post_content['email'] ?? '';
|
|
$phone = $post_content['phone'] ?? '';
|
|
$starttime = $post_content['starttime'] ?? '';
|
|
$endtime = $post_content['endtime'] ?? '';
|
|
|
|
// First check if the slot is still available
|
|
$sql = "SELECT start_time, end_time, is_available FROM appointment_slots WHERE start_time = ? AND end_time = ? AND is_available = ? AND dealer_id = ?";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([$starttime,$endtime,1,$dealer_id]);
|
|
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (isset($result['id'])){
|
|
$messages = ['success' => false, 'message' => 'This slot is no longer available'];
|
|
}
|
|
else {
|
|
try {
|
|
//INSERT TIMESLOT
|
|
$sql = "INSERT INTO appointment_slots (dealer_id, start_time, end_time, is_available,createdby) VALUES (?,?, ?, ?, ?)";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([$dealer_id,$starttime,$endtime,0,'system']);
|
|
|
|
$appointment_id = $pdo->lastInsertId();
|
|
|
|
//INSERT APPOINTMENT
|
|
$sql = "INSERT INTO appointments (appointment_slot_id, client_name, client_email, client_phone, appointment_status,createdby, dealer_id) VALUES (?,?,?,?,?,?,?)";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([$appointment_id,$name, $email, $phone,0,'system', $dealer_id]);
|
|
|
|
$messages = [
|
|
'success' => true,
|
|
'message' => 'Appointment requested successfully',
|
|
'appointment_id' => $appointment_id
|
|
];
|
|
} catch (Exception $e) {
|
|
// Roll back transaction on error
|
|
$pdo->rollback();
|
|
$messages = ['success' => false, 'message' => 'Error: ' . $e->getMessage()];
|
|
}
|
|
}
|
|
|
|
//------------------------------------------
|
|
//JSON_ENCODE
|
|
//------------------------------------------
|
|
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
|
|
|
|
//Send results
|
|
echo $messages;
|
|
}
|
|
else {
|
|
|
|
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
|
|
if ($command == 'update'){
|
|
$post_content['updatedby'] = $username ;
|
|
|
|
}
|
|
elseif ($command == 'insert'){
|
|
$post_content['createdby'] = $username;
|
|
}
|
|
else {
|
|
//do nothing
|
|
}
|
|
|
|
//CREAT NEW ARRAY AND MAP TO CLAUSE
|
|
if(isset($post_content) && $post_content!=''){
|
|
foreach ($post_content as $key => $var){
|
|
if ($key == 'submit' || $key == 'id'){
|
|
//do nothing
|
|
}
|
|
else {
|
|
$criterias[$key] = $var;
|
|
$clause .= ' , '.$key.' = ?';
|
|
$clause_insert .= ' , '.$key.'';
|
|
$input_insert .= ', ?'; // ? for each insert item
|
|
$execute_input[]= $var; // Build array for input
|
|
}
|
|
}
|
|
}
|
|
|
|
//CLEAN UP INPUT
|
|
$clause = substr($clause, 2); //Clean clause - remove first comma
|
|
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
|
|
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
|
|
|
|
//QUERY AND VERIFY ALLOWED
|
|
if ($command == 'update' && isAllowed('appointment',$profile,$permission,'U') === 1){
|
|
$sql = 'UPDATE appointment SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
|
|
$execute_input[] = $id;
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute($execute_input);
|
|
}
|
|
elseif ($command == 'insert' && isAllowed('appointment',$profile,$permission,'C') === 1){
|
|
$sql = 'INSERT INTO appointment ('.$clause_insert.') VALUES ('.$input_insert.')';
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute($execute_input);
|
|
// Return ID
|
|
echo json_encode(array('rowID'=> $pdo->lastInsertId()));
|
|
}
|
|
elseif ($command == 'delete' && isAllowed('appointment',$profile,$permission,'D') === 1){
|
|
$stmt = $pdo->prepare('DELETE FROM appointment WHERE rowID = ? '.$whereclause.'');
|
|
$stmt->execute([ $id ]);
|
|
|
|
//Add deletion to changelog
|
|
changelog($dbname,'appointment',$id,'Delete','Delete',$username);
|
|
} else
|
|
{
|
|
//do nothing
|
|
}
|
|
}
|
|
?>
|