-
Notifications
You must be signed in to change notification settings - Fork 0
/
ajaxHandler.php
339 lines (257 loc) · 12.6 KB
/
ajaxHandler.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
<?php
// Allows for AJAX to be called
header('Access-Control-Allow-Origin: *');
// Validate that there is something to actually call
if(!ISSET($_POST['a']) && !ISSET($_GET['a'])){
echo "'a' not set";
return;
}
// $a: The ajax function that we need to call
// Eg. 'CityLocations', 'StudentsInCity', etc...
$a = $_POST['a'];
// All required files
require "settings.php";
require "class/Alumni.php";
require "class/Database.php";
require "class/MapLocation.php";
try{
if ($a == "CityLocations"){
// CityLocations: For loading locations on the map
$locations = array();
// query all locations from db
// Note: the join enforces alumni actually belong to the location
$req = $Database->query("SELECT * FROM MapLocation m
JOIN Alumni a ON m.ID = a.Location
WHERE a.ID IS NOT NULL");
// Convert all to DTO objects and send back
while ($a = $req->fetch_array())
$locations[] = new MapLocation($a['City'], $a['State'], $a['Longitude'], $a['Latitude']);
responseHandler($locations);
} elseif ( $a == "StudentsInCity" && isset($_POST["City"])){
// StudentsInCity: For loading the students in a city
$lowerCity = strtolower($_POST['City']);
// Get all the students with their locations
$studentQuery = $Database->query(" SELECT
a.ID ID,
a.Name Name,
a.GradYear GradYear,
m.City City,
m.State State,
a.Education Education,
a.Job Job,
a.Salary Salary,
CONCAT(m.City, ', ', m.State) Location
FROM Alumni a
JOIN MapLocation m ON a.Location = m.ID
WHERE LOWER(m.City)='{$lowerCity}' OR LOWER(m.State)='{$lowerCity}'");
// Convert all to DTO objects & send back
$students = array();
while ( $alumni = $studentQuery->fetch_array() )
$students[] = ConvertDbQueryToAlumni($alumni);
responseHandler($students);
} else if ( $a == "JobsAndSalary") {
if(isset($_POST['sort'])) {
$sort = $_POST['sort'];
$cont = false;
if($sort == "salaryDesc") {
$jobs = array();
$query = $Database->query("SELECT Job, AVG(Salary) AS Salary FROM Alumni WHERE Salary IS NOT NULL AND Salary <> 0 GROUP BY Job ORDER BY Salary DESC");
while ( $row = $query->fetch_array())
$jobs[$row['Job']] = $row['Salary'];
responseHandler($jobs);
} else if($sort == "salaryAsc") {
$jobs = array();
$query = $Database->query("SELECT Job, AVG(Salary) AS Salary FROM Alumni WHERE Salary IS NOT NULL AND Salary <> 0 GROUP BY Job ORDER BY Salary ASC");
while ( $row = $query->fetch_array())
$jobs[$row['Job']] = $row['Salary'];
responseHandler($jobs);
} else if($sort == "jobDesc") {
$jobs = array();
$query = $Database->query("SELECT Job, AVG(Salary) AS Salary FROM Alumni WHERE Salary IS NOT NULL AND Salary <> 0 GROUP BY Job ORDER BY Job DESC");
while ( $row = $query->fetch_array())
$jobs[$row['Job']] = $row['Salary'];
responseHandler($jobs);
} else if($sort == "jobAsc") {
$jobs = array();
$query = $Database->query("SELECT Job, AVG(Salary) AS Salary FROM Alumni WHERE Salary IS NOT NULL AND Salary <> 0 GROUP BY Job ORDER BY Job ASC");
while ( $row = $query->fetch_array())
$jobs[$row['Job']] = $row['Salary'];
responseHandler($jobs);
} else {
$cont = true;
}
if(!$cont)
return;
}
//To get the data for the jobs & salary page on the main MTCHS site
$jobs = array();
$query = $Database->query("SELECT Job, AVG(Salary) AS Salary FROM Alumni WHERE Salary IS NOT NULL AND Salary <> 0 GROUP BY Job");
while ( $row = $query->fetch_array())
$jobs[$row['Job']] = $row['Salary'];
responseHandler($jobs);
} else if($a == "StudentFromId" && isset($_POST['Id']) ) {
// StudentFromId: Gets a new alumni object from an existing ID
$query = $Database->query(" SELECT
a.ID ID,
a.Name Name,
a.GradYear GradYear,
m.City City,
m.State State,
a.Education Education,
a.Job Job,
a.Salary Salary,
CONCAT(m.City, ', ', m.State) Location
FROM Alumni a
JOIN MapLocation m ON a.Location = m.ID
WHERE a.ID={$_POST['Id']}")->fetch_array();
$alumni = ConvertDbQueryToAlumni($query);
responseHandler($alumni);
} else if ($a == "SendAdminLogin" && isset($_POST['email'])){
// SendAdminLogin: Sends a login URL to the provided email, as long as its validated
// If not, simply returns false
// Check if the exist
$email = strtolower($_POST['email']);
$q = $Database->query("SELECT 1 FROM VerifiedEmail WHERE Email='{$email}'");
if ( $q->num_rows > 0 ){
// Send them an email
mail($email, "MTCHS Alumni Admin Login", "Click the following link to login to the MTCHS Alumni Administrator site:\n{$APP_PATH}/admin/AdminLogin.php?ref={$email} \n\nIf you did not request this login, just ignore this message.");
responseHandler(true);
}else
responseHandler(false);
} else if ($a=="UnverifiedAlumni"){
// UnverifiedAlumni: Gets a list of all unverified alumni
$aq = $Database->query("SELECT
a.ID ID,
a.Name Name,
a.GradYear GradYear,
m.City City,
m.State State,
a.Education Education,
a.Job Job,
a.Salary Salary,
CONCAT(m.City, ', ', m.State) Location
FROM UpdatedAlumni a
JOIN MapLocation m ON a.Location = m.ID
ORDER BY a.ID");
$alumni = [];
while($r = $aq->fetch_array())
$alumni[] = ConvertDbQueryToAlumni($r);
responseHandler($alumni);
} else if($a == 'New' && isset($_POST['Name'],$_POST['GradYear'],$_POST['Education'],$_POST['Job'],$_POST['Salary'],$_POST['City'],$_POST['State'])) {
// New: Adds an new alumni request (Still requires validation)
$Name = $_POST['Name'];
$GradYear = $_POST['GradYear'];
$Education = $_POST['Education'];
$Job = $_POST['Job'];
$Salary = $_POST['Salary'];
$Location = getLocationId($_POST['City'], $_POST['State']);
// Inserts them into the unverified table
$query = $Database->query("INSERT INTO `UpdatedAlumni`(`Name`, `GradYear`, `Location`, `Education`, `Job`, `Salary`, `Verified`) VALUES('{$Name}', '{$GradYear}', '{$Location}', '{$Education}', '{$Job}', '{$Salary}', '0')");
// Retrieve their ID and alert an admin of the new submittal
$ID = $Database->query("SELECT LAST_INSERT_ID()")->fetch_array()[0];
$subject = "New alumni verification";
$message = "A new user has been requested in the database.\n\nUse the following link to confirm or deny this addition: {$APP_PATH}/admin/confirmation.php?a=Verify&ID={$ID}";
mail($SMTP_OVERRIDE_EMAIL, $subject, $message);
responseHandler($message);
} else if($a == 'Update') {
// Update: Updates an existing alumni in the database
$Name = $_POST['Name'];
$GradYear = $_POST['GradYear'];
$Location = $_POST['Location'];
$Education = $_POST['Education'];
$Job = $_POST['Job'];
$Salary = $_POST['Salary'];
$Verified = 0;
$query = $Database->query("INSERT INTO `UpdatedAlumni`(`Name`, `GradYear`, `Location`, `Education`, `Job`, `Salary`, `Verified`) VALUES('{$Name}', '{$GradYear}', '{$Location}', '{$Education}', '{$Job}', '{$Salary}', '{$Verified}')");
$ID = $Database->query("SELECT ID FROM UpdatedAlumni WHERE Name ='{$Name}' AND GradYear='{$GradYear}' AND Location='{$Location}'")->fetch_array()[0];
$subject = "Alumni update verification";
$message = "A user has requested update in the database. Use the link below to confirm {$APP_PATH}/admin/confirmation.php?a=Update&Confirm=true&ID=".$ID." or use the following link to decline {$APP_PATH}/admin/confirmation.php?a=Update&Confirm=false&ID=".$ID;
mail($SMTP_OVERRIDE_EMAIL, $subject, $message);
responseHandler($message);
} else if($a == "VerifyRequest" && isset($_POST['id'])) {
// Verifies a pending request and makes it into an Alumni
$ID = @(int)$_POST['id'];
$existingAlumni = $Database->query("SELECT * FROM UpdatedAlumni WHERE ID='{$ID}'");
if ($existingAlumni->num_rows == 0 )
return responseHandler("No pending request with the ID '{$ID}' found");
$existingAlumni = ConvertDbQueryToAlumni($existingAlumni->fetch_array());
$city = explode(', ', $address)[0];
$state = explode(', ', $address)[1];
$locationId = getLocationId($city, $state);
$Database->query("DELETE FROM `UpdatedAlumni` WHERE ID='{$ID}'");
$query = $Database->query("INSERT INTO `Alumni`(`Name`, `GradYear`, `Location`, `Education`, `Job`, `Salary`, `Verified`) VALUES('{$existingAlumni->name}', '{$existingAlumni->gradYear}', '{$existingAlumni->location}', '{$existingAlumni->highestEducation}', '{$existingAlumni->job}', '{$existingAlumni->salary}', '1')");
$message = "Added user: ".$Name;
responseHandler($message);
} else if($a == "DeleteRequest" && isset($_POST['id'])) {
// Deletes a pending request
$ID = $_POST['id'];
$Name = $Database->query("SELECT Name FROM `UpdatedAlumni` WHERE ID = '".$ID."'")->fetch_array()[0];
$query = $Database->query("DELETE FROM `UpdatedAlumni` WHERE ID='{$ID}'");
$message = "Approval denied for user: ".$Name;
responseHandler($message);
} else if($a == 'ApproveUpdateRequest' && isset($_POST['id'])) {
// Approves a request to update an existing alumni
$ID = $_POST['ID'];
$Name = $Database->query("SELECT Name FROM `UpdatedAlumni` WHERE ID = '".$ID."'")->fetch_array()[0];
$GradYear = $Database->query("SELECT GradYear FROM `UpdatedAlumni` WHERE ID = '".$ID."'")->fetch_array()[0];
$address = $Database->query("SELECT Location FROM `UpdatedAlumni` WHERE ID = '".$ID."'")->fetch_array()[0];
$city = explode(', ', $address)[0];
$state = explode(', ', $address)[1];
$location = getLocationId($city, $state);
$Education = $Database->query("SELECT Education FROM `UpdatedAlumni` WHERE ID = '".$ID."'")->fetch_array()[0];
$Job = $Database->query("SELECT Job FROM `UpdatedAlumni` WHERE ID = '".$ID."'")->fetch_array()[0];
$Salary = $Database->query("SELECT Salary FROM `UpdatedAlumni` WHERE ID = '".$ID."'")->fetch_array()[0];
$Verified = 1;
$query = $Database->query("UPDATE `Alumni` SET `Name` = '{$Name}', `GradYear` = '{$GradYear}', `Location` = '{$location}', `Education` = '{$Education}', `Job` = '{$Job}', `Salary` = '{$Salary}', `Verified` = '{$Verified}' WHERE `Name` = '{$Name}'");
$query = $Database->query("DELETE FROM `UpdatedAlumni` WHERE ID='{$ID}'");
$message = "Updated user: ".$Name;
responseHandler($message);
} else if($a == 'DeleteUpdateRequest') {
// Deletes a request to update an existing alumni
$Name = $Database->query("SELECT Name FROM `UpdatedAlumni` WHERE ID = '".$ID."'")->fetch_array()[0];
$query = $Database->query("DELETE FROM `UpdatedAlumni` WHERE ID='{$ID}'");
$message = "Update denied for user: ".$Name;
responseHandler($message);
} else {
// Unknown action??
responseHandler("Unknown action: {$a}");
}
}catch(Exception $e){
responseHandler("There was an error: {$e}");
}
// Used to send a reply back to the client
// Simply prints the variable as a json string
// $data: any data type - the message/object to send back to the client
function responseHandler($data){
return print_r(json_encode($data));
}
// getLocationId
// Checks if a location exists in the database
// If it does, sends back its ID
// If not, then it creates it using google maps API and sends the ID of that
// $city: the location city to check
// $state: the location state to check
function getLocationId($city, $state){
// Get access to the DB
global $Database;
// Read googles API for location coordinates
$loc = urlencode($city . ', ' . $state);
$data = json_decode(file_get_contents("https://maps.googleapis.com/maps/api/geocode/json?address={$loc}"));
if (count($data->results) == 0)
return null;
// Get actual coordinates of the reply
$lat = ($data->results[0]->geometry->location->lat);
$lng = ($data->results[0]->geometry->location->lng);
// Check if the coordinates are in the database
$existingQuery = $Database->query("SELECT ID FROM MapLocation WHERE Latitude='{$lat}' AND Longitude='{$lng}'");
if (!$existingQuery || $existingQuery->num_rows == 0){
// They're not, we need to add and send back
$Database->query("INSERT INTO `MapLocation`(`Latitude`, `Longitude`, `City`, `State`) VALUES('{$lat}', '{$lng}', '{$city}', '{$state}')");
$existingQuery = $Database->query("SELECT ID from `MapLocation` WHERE Latitude = '{$lat}' AND Longitude = '{$lng}'");
}
// Makes sure there was an actual result
if(is_null($existingQuery) || $existingQuery->num_rows == 0)
return null;
$loc = $existingQuery->fetch_array()[0];
return $loc;
}