Justification: check code is unique.

6 years ago · b69a150290
parent a23f90aebd
commit b69a150290
2 changed files with 45 additions and 18 deletions
--- a/plugin/justification/add.php
+++ b/plugin/justification/add.php
@ -22,15 +22,29 @@ $form->addButtonSave(get_lang('Save'));
 if ($form->validate()) {
    $values = $form->getSubmitValues();
    $dateManual = isset($values['date_manual_on']) ? 1 : 0;
-    $params = [
-        'name' => $values['name'],
-        'code' => $values['code'],
-        'validity_duration' => $values['validity_duration'],
-        'date_manual_on' => $dateManual,
-        'comment' => $values['comment'],
-    ];
-    Database::insert('justification_document', $params);
-    Display::addFlash(get_lang('Saved'));
+
+    $cleanedCode = api_replace_dangerous_char($values['code']);
+    $code = Database::escape_string($cleanedCode);
+
+    $sql = "SELECT * FROM justification_document WHERE code = '$code' ";
+    $result = Database::query($sql);
+    $data = Database::fetch_array($result);
+    $message = Display::return_message(get_lang('ThisCodeAlradyExists'), 'warning');
+
+    if (empty($data)) {
+        $params = [
+            'name' => $values['name'],
+            'code' => $cleanedCode,
+            'validity_duration' => $values['validity_duration'],
+            'date_manual_on' => $dateManual,
+            'comment' => $values['comment'],
+        ];
+        Database::insert('justification_document', $params);
+        $message = Display::return_message(get_lang('Saved'));
+    }
+
+    Display::addFlash($message);
+
    $url = api_get_path(WEB_PLUGIN_PATH).'justification/list.php?';
    header('Location: '.$url);
    exit;
--- a/plugin/justification/edit.php
+++ b/plugin/justification/edit.php
@ -31,15 +31,28 @@ $form->setDefaults($justification);

 if ($form->validate()) {
    $values = $form->getSubmitValues();
-    $params = [
-        'name' => $values['name'],
-        'code' => $values['code'],
-        'validity_duration' => $values['validity_duration'],
-        'date_manual_on' => (int) $values['date_manual_on'],
-        'comment' => $values['comment'],
-    ];
-    Database::update('justification_document', $params, ['id = ?' => $id]);
-    Display::addFlash(get_lang('Saved'));
+    $cleanedCode = api_replace_dangerous_char($values['code']);
+    $code = Database::escape_string($cleanedCode);
+
+    $sql = "SELECT * FROM justification_document WHERE code = '$code' AND id <> $id";
+    $result = Database::query($sql);
+    $data = Database::fetch_array($result);
+    $message = Display::return_message(get_lang('ThisCodeAlradyExists'), 'warning');
+    if (empty($data)) {
+        $params = [
+            'name' => $values['name'],
+            'code' => $cleanedCode,
+            'validity_duration' => $values['validity_duration'],
+            'date_manual_on' => (int) $values['date_manual_on'],
+            'comment' => $values['comment'],
+        ];
+
+        Database::update('justification_document', $params, ['id = ?' => $id]);
+        $message = Display::return_message(get_lang('Saved'));
+    }
+
+    Display::addFlash($message);
+
    $url = api_get_path(WEB_PLUGIN_PATH).'justification/list.php?';
    header('Location: '.$url);
    exit;