fork-n-knife/init.php at main · oscarjiro/fork-n-knife · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
<?php

// Require dependencies
require_once(__DIR__ . "/config.php");
require_once(__DIR__ . "/utils.php");
require_once(__DIR__ . "/components.php");

// Start session
session_start();

// Get current route
$route = get_route();

// Reject access to this route
if ($route === "init.php") {
    header("Location: index.php");
}

// Connect to MySQL server
try {
    $pdo = new PDO("mysql:host=" . DB_HOST, DB_USERNAME, DB_PASSWORD);
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
    redirect_error();
    $error_scope = "An error occured during connecting to database server.";
    return;
}

// Check if database exists
$check_db_query = "SELECT SCHEMA_NAME
                FROM INFORMATION_SCHEMA.SCHEMATA
                WHERE SCHEMA_NAME = :db_name";
try {
    $stmt = $pdo->prepare($check_db_query);
    $stmt->bindValue(":db_name", DB_NAME, PDO::PARAM_STR);
    $stmt->execute();
} catch (PDOException $e) {
    redirect_error();
    $error_scope = "An error occured during setting up database.";
    return;
}

// Create database if it does not exist
if (!$db_exists = $stmt->rowCount() > 0) {
    $create_db_query = "CREATE DATABASE IF NOT EXISTS " . DB_NAME;
    try {
        $stmt = $pdo->prepare($create_db_query);
        $stmt->execute();
    } catch (PDOException $e) {
        redirect_error();
        $error_scope = "An error occured during setting up database.";
        return;
    }
}

// Reconnect to the database
try {
    $pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USERNAME, DB_PASSWORD);
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
    redirect_error();
    $error_scope = "An error occured during connecting to database.";
    return;
}

// Create table User if it does not exist
$create_user_query = "CREATE TABLE IF NOT EXISTS User (
                        username VARCHAR(" . USERNAME_MAX_LENGTH . ") PRIMARY KEY NOT NULL,
                        email VARCHAR(" . EMAIL_MAX_LENGTH . ") NOT NULL UNIQUE,
                        first_name VARCHAR(" . FIRST_NAME_MAX_LENGTH . ") NOT NULL,
                        last_name VARCHAR(" . LAST_NAME_MAX_LENGTH . ") NOT NULL,
                        password VARCHAR(255) NOT NULL,
                        is_admin BOOLEAN NOT NULL DEFAULT FALSE,
                        gender CHAR(1) NOT NULL CHECK (gender IN ('M', 'F')),
                        reset_token_hash VARCHAR(64) UNIQUE,
                        reset_token_expires_at DATETIME,
                        birthdate DATE NOT NULL,
                        CONSTRAINT validate_username CHECK (
                            username REGEXP :username_regexp
                        ),
                        CONSTRAINT validate_email CHECK (
                            email REGEXP :email_regexp
                        )
                    )";
try {
    $stmt = $pdo->prepare($create_user_query);
    $stmt->bindValue(":username_regexp", trim(USERNAME_REGEXP, "/"), PDO::PARAM_STR);
    $stmt->bindValue(":email_regexp", trim(EMAIL_REGEXP, "/"), PDO::PARAM_STR);
    $stmt->execute();
} catch (PDOException $e) {
    redirect_error();
    $error_scope = "An error occured during creating table User.";
    return;
}

// Create table Menu
$valid_categories_list = array_map(function ($category) {
    return "'$category'";
}, MENU_CATEGORIES);
$valid_categories_string = implode(", ", $valid_categories_list);
$create_menu_query = "CREATE TABLE IF NOT EXISTS Menu (
                        id INTEGER PRIMARY KEY AUTO_INCREMENT,
                        name VARCHAR(" . MENU_NAME_MAX_LENGTH . ") NOT NULL,
                        description VARCHAR(" . MENU_DESCRIPTION_MAX_LENGTH . ") NOT NULL,
                        category VARCHAR(25) NOT NULL CHECK (category IN (" . $valid_categories_string . ")),
                        price DECIMAL(10, 2) NOT NULL CHECK (price > 0),
                        image_name VARCHAR(255) NOT NULL UNIQUE
                    )";
try {
    $stmt = $pdo->prepare($create_menu_query);
    $stmt->execute();
} catch (PDOException $e) {
    redirect_error();
    $error_scope = "An error occured during creating table Menu.";
    return;
}

// Create table Order
$create_order_query = "CREATE TABLE IF NOT EXISTS `Order` (
                        id INTEGER PRIMARY KEY AUTO_INCREMENT,
                        username VARCHAR(" . USERNAME_MAX_LENGTH . ") NOT NULL,
                        order_date DATETIME NOT NULL DEFAULT NOW(),
                        complete BOOLEAN NOT NULL DEFAULT FALSE,
                        CONSTRAINT fk_order_user FOREIGN KEY (username) REFERENCES User (username) ON DELETE CASCADE
                    )";
try {
    $stmt = $pdo->prepare($create_order_query);
    $stmt->execute();
} catch (PDOException $e) {
    redirect_error();
    $error_scope = "An error occured during creating table Order.";
    return;
}

// Create table OrderDetails
$create_orderdetails_query = "CREATE TABLE IF NOT EXISTS OrderDetails (
                                    id INTEGER PRIMARY KEY AUTO_INCREMENT,
                                    order_id INTEGER NOT NULL,
                                    menu_id INTEGER NOT NULL,
                                    quantity INTEGER NOT NULL CHECK (quantity > 0),
                                    CONSTRAINT fk_orderdetails_order FOREIGN KEY (order_id) REFERENCES `Order` (id) ON DELETE CASCADE,
                                    CONSTRAINT fk_orderdetails_menu FOREIGN KEY (menu_id) REFERENCES Menu (id) ON DELETE CASCADE
                            )";
try {
    $stmt = $pdo->prepare($create_orderdetails_query);
    $stmt->execute();
} catch (PDOException $e) {
    redirect_error();
    $error_scope = "An error occured during creating table OrderDetails.";
    return;
}

// Throw to login if not authenticated
if (!is_authenticated()) logout();

// Otherwise, ensure user exists
else {
    try {
        $check_user_query = "SELECT * FROM User
                            WHERE username = :username";
        $stmt = $pdo->prepare($check_user_query);
        $stmt->bindParam(":username", $_SESSION["username"], PDO::PARAM_STR);
        $stmt->execute();
    } catch (PDOException $e) {
        redirect_error();
        $error_scope = "An error occured during authenticating user.";
        return;
    }

    // If user does not exist, throw to login
    if ($stmt->rowCount() === 0) logout();
}

// If authenticated but in non authenticated page, throw to index
if (is_authenticated() && in_array($route, UNAUTHENTICATED_ROUTES)) {
    header("Location: index.php");
    exit;
}