Javascript-Calendar/addEvent.php at master · austinmprince/Javascript-Calendar · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
<?php
// Adds events into sql database
require 'database.php';
header("Content-Type: application/json");
// Session cookie http only
ini_set("session.cookie_httponly", 1);
session_start();
// Set timezone so we can convert JavaScript time into sql time
date_default_timezone_set('America/Chicago');

$token = (int)$_POST['token'];
if(!hash_equals($_SESSION['token'], $_POST['token'])){
	 die("Request forgery detected");
 }

$title = (String)$_POST['title'];
$undate = $_POST['date'];
$untime = $_POST['time'];
if(isset($title) && isset($undate) && isset($untime) && !empty($title) && !empty($undate) && !empty($untime)){
	//MAKE SURE YOU PASS USER_ID

	$date = date('Y-m-d', strtotime($undate));

	$time = date('H:i:s', strtotime($untime));
	$description = (String)$_POST['description'];
	$user_id = $_SESSION['user_id'];


	$stmt = $mysqli->prepare("insert into events (user_id, title, description, date, time) values (?, ?, ?, ?, ?)");
	if(!$stmt){
		printf("Query Prep Failed: %s\n", $mysqli->error);
		exit;
	}
	// Protect against sql injection
	$stmt->bind_param('sssss', $user_id, $title, $description, $date, $time);
	$stmt->execute();
	$stmt->close();

	echo json_encode(array(
		"success" => true,
		"date" => $undate
	));
}
else{
	echo json_encode(array(
		"success" => false,
		"message" => "Missing information"
	));
}
?>