Overview

Namespaces

  • None
  • PHP

Classes

  • Admins_Model
  • Appointments
  • Appointments_Model
  • Backend
  • Backend_api
  • Customers_Model
  • Errors
  • Google
  • Providers_Model
  • Roles_Model
  • Secretaries_Model
  • Services_Model
  • Settings_Model
  • Test
  • Overview
  • Namespace
  • Class
  • Tree 
  1: <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
  2: 
  3: /**
  4:  * Contains all the backend ajax calls.
  5:  */
  6: class Backend_api extends CI_Controller {
  7:     /**
  8:      * [AJAX] Get the registered appointments for the given date period and record.
  9:      * 
 10:      * This method returns the database appointments and unavailable periods for the 
 11:      * user selected date period and record type (provider or service). 
 12:      * 
 13:      * @param {numeric} $_POST['record_id'] Selected record id. 
 14:      * @param {string} $_POST['filter_type'] Could be either FILTER_TYPE_PROVIDER or FILTER_TYPE_SERVICE.
 15:      * @param {string} $_POST['start_date'] The user selected start date.
 16:      * @param {string} $_POST['end_date'] The user selected end date.
 17:      */
 18:     public function ajax_get_calendar_appointments() {
 19:         $this->load->model('appointments_model');
 20:         $this->load->model('providers_model');
 21:         $this->load->model('services_model');
 22:         $this->load->model('customers_model');
 23:         
 24:         try {
 25:             if ($_POST['filter_type'] == FILTER_TYPE_PROVIDER) {
 26:                 $where_id = 'id_users_provider';
 27:             } else { 
 28:                 $where_id = 'id_services';
 29:             }
 30: 
 31:             // Get appointments
 32:             $where_clause = array(
 33:                 $where_id => $_POST['record_id'],
 34:                 'start_datetime >=' => $_POST['start_date'],
 35:                 'end_datetime <=' => $_POST['end_date'],
 36:                 'is_unavailable' => FALSE
 37:             );
 38:             
 39:             $response['appointments'] = $this->appointments_model->get_batch($where_clause);
 40: 
 41:             foreach($response['appointments'] as &$appointment) {
 42:                 $appointment['provider'] = $this->providers_model->get_row($appointment['id_users_provider']);
 43:                 $appointment['service'] = $this->services_model->get_row($appointment['id_services']);
 44:                 $appointment['customer'] = $this->customers_model->get_row($appointment['id_users_customer']);
 45:             }
 46:             
 47:             // Get unavailable periods (only for provider).
 48:             if ($_POST['filter_type'] == FILTER_TYPE_PROVIDER) {
 49:                 $where_clause = array(
 50:                     $where_id => $_POST['record_id'],
 51:                     'start_datetime >=' => $_POST['start_date'],
 52:                     'end_datetime <=' => $_POST['end_date'],
 53:                     'is_unavailable' => TRUE
 54:                 );
 55:                 
 56:                 $response['unavailables'] = $this->appointments_model->get_batch($where_clause);
 57:             }
 58:                 
 59:             echo json_encode($response);
 60:             
 61:         } catch(Exception $exc) {
 62:             echo json_encode(array(
 63:                 'exceptions' => array(exceptionToJavaScript($exc))
 64:             ));
 65:         }
 66:     }
 67:     
 68:     /**
 69:      * [AJAX] Save appointment changes that are made from the backend calendar
 70:      * page.
 71:      * 
 72:      * @param array $_POST['appointment_data'] (OPTIONAL) Array with the 
 73:      * appointment data.
 74:      * @param array $_POST['customer_data'] (OPTIONAL) Array with the customer 
 75:      * data.
 76:      */
 77:     public function ajax_save_appointment() {
 78:         try {
 79:             $this->load->model('appointments_model');
 80:             $this->load->model('providers_model');
 81:             $this->load->model('services_model');
 82:             $this->load->model('customers_model');
 83:             $this->load->model('settings_model');
 84:             
 85:             // :: SAVE CUSTOMER CHANGES TO DATABASE
 86:             if (isset($_POST['customer_data'])) {
 87:                 $customer = json_decode(stripcslashes($_POST['customer_data']), true);
 88:                 $customer['id'] = $this->customers_model->add($customer);
 89:             }
 90:             
 91:             // :: SAVE APPOINTMENT CHANGES TO DATABASE
 92:             if (isset($_POST['appointment_data'])) {
 93:                 $appointment = json_decode(stripcslashes($_POST['appointment_data']), true);
 94:                 $manage_mode = isset($appointment['id']);
 95:                 // If the appointment does not contain the customer record id, then it 
 96:                 // means that is is going to be inserted. Get the customer's record id.
 97:                 if (!isset($appointment['id_users_customer'])) {
 98:                     $appointment['id_users_customer'] = $customer['id'];
 99:                 }
100:                 
101:                 $appointment['id'] = $this->appointments_model->add($appointment);
102:             }
103:             
104:             $appointment = $this->appointments_model->get_row($appointment['id']);
105:             $provider = $this->providers_model->get_row($appointment['id_users_provider']);
106:             $customer = $this->customers_model->get_row($appointment['id_users_customer']);
107:             $service = $this->services_model->get_row($appointment['id_services']);
108:             
109:             $company_settings = array(
110:                 'company_name' => $this->settings_model->get_setting('company_name'),
111:                 'company_link' => $this->settings_model->get_setting('company_link'),
112:                 'company_email' => $this->settings_model->get_setting('company_email')
113:             );
114:             
115:             // :: SYNC APPOINTMENT CHANGES WITH GOOGLE CALENDAR
116:             try {
117:                 $google_sync = $this->providers_model->get_setting('google_sync', 
118:                         $appointment['id_users_provider']);
119: 
120:                 if ($google_sync == TRUE) {
121:                     $google_token = json_decode($this->providers_model->get_setting('google_token', 
122:                             $appointment['id_users_provider']));
123: 
124:                     $this->load->library('Google_Sync');
125:                     $this->google_sync->refresh_token($google_token->refresh_token);
126: 
127:                     if ($appointment['id_google_calendar'] == NULL) {
128:                         $google_event = $this->google_sync->add_appointment($appointment, $provider, 
129:                                 $service, $customer, $company_settings);
130:                         $appointment['id_google_calendar'] = $google_event->id;
131:                         $this->appointments_model->add($appointment); // Store google calendar id.
132:                     } else {
133:                         $this->google_sync->update_appointment($appointment, $provider, 
134:                                 $service, $customer, $company_settings);
135:                     }
136:                 }
137:             } catch(Exception $exc) {
138:                 $warnings[] = exceptionToJavaScript($exc);
139:             }
140:             
141:             // :: SEND EMAIL NOTIFICATIONS TO PROVIDER AND CUSTOMER
142:             try {
143:                 $this->load->library('Notifications');
144: 
145:                 if (!$manage_mode) {
146:                     $customer_title = 'Your appointment has been successfully booked!';
147:                     $customer_message = 'Thank you for arranging an appointment with us. '   
148:                             . 'Below you can see the appointment details. Make changes '  
149:                             . 'by clicking the appointment link.';
150:                     $customer_link = $this->config->item('base_url') . 'appointments/index/' 
151:                             . $appointment['hash'];
152: 
153:                     $provider_title = 'A new appointment has been added to your plan.';
154:                     $provider_message = 'You can make changes by clicking the appointment '  
155:                             . 'link below';
156:                     $provider_link = $this->config->item('base_url') . 'backend/' 
157:                             . $appointment['hash'];
158:                 } else {
159:                     $customer_title = 'Appointment changes have been successfully saved!';
160:                     $customer_message = '';
161:                     $customer_link = $this->config->item('base_url') . 'appointments/index/' 
162:                             . $appointment['hash'];
163: 
164:                     $provider_title = 'Appointment details have changed.';
165:                     $provider_message = '';
166:                     $provider_link = $this->config->item('base_url') . 'backend/' 
167:                             . $appointment['hash'];
168:                 }
169:             
170:                 $this->notifications->send_appointment_details($appointment, $provider,
171:                         $service, $customer, $company_settings, $customer_title, 
172:                         $customer_message, $customer_link, $customer['email']);
173: 
174:                 $this->notifications->send_appointment_details($appointment, $provider,
175:                         $service, $customer, $company_settings, $provider_title, 
176:                         $provider_message, $provider_link, $provider['email']);
177:                 
178:             } catch(Exception $exc) {
179:                 $warnings[] = exceptionToJavaScript($exc);
180:             }
181:             
182:             if (!isset($warnings)) {
183:                 echo json_encode(AJAX_SUCCESS);
184:             } else {
185:                 echo json_encode(array(
186:                     'warnings' => $warnings
187:                 ));
188:             }
189:         } catch(Exception $exc) {
190:             echo json_encode(array(
191:                 'exceptions' => array(exceptionToJavaScript($exc))
192:             ));
193:         }
194:     }
195:     
196:     /**
197:      * [AJAX] Delete appointment from the database.
198:      * 
199:      * This method deletes an existing appointment from the database. Once this 
200:      * action is finished it cannot be undone. Notification emails are send to both
201:      * provider and customer and the delete action is executed to the Google Calendar 
202:      * account of the provider, if the "google_sync" setting is enabled.
203:      * 
204:      * @param int $_POST['appointment_id'] The appointment id to be deleted.
205:      */
206:     public function ajax_delete_appointment() {    
207:         try {
208:             if (!isset($_POST['appointment_id'])) {
209:                 throw new Exception('No appointment id provided.');
210:             }
211:             
212:             // :: STORE APPOINTMENT DATA FOR LATER USE IN THIS METHOD
213:             $this->load->model('appointments_model');
214:             $this->load->model('providers_model');
215:             $this->load->model('customers_model');
216:             $this->load->model('services_model');
217:             $this->load->model('settings_model');
218: 
219:             $appointment = $this->appointments_model->get_row($_POST['appointment_id']);
220:             $provider = $this->providers_model->get_row($appointment['id_users_provider']);
221:             $customer = $this->customers_model->get_row($appointment['id_users_customer']);
222:             $service = $this->services_model->get_row($appointment['id_services']);
223: 
224:             $company_settings = array(
225:                 'company_name' => $this->settings_model->get_setting('company_name'),
226:                 'company_email' => $this->settings_model->get_setting('company_email'),
227:                 'company_link' => $this->settings_model->get_setting('company_link')
228:             );
229:             
230:             // :: DELETE APPOINTMENT RECORD FROM DATABASE
231:             $this->appointments_model->delete($_POST['appointment_id']);
232:             
233:             // :: SYNC DELETE WITH GOOGLE CALENDAR
234:             if ($appointment['id_google_calendar'] != NULL) {
235:                 try {
236:                     $google_sync = $this->providers_model->get_setting('google_sync', $provider['id']);
237: 
238:                     if ($google_sync == TRUE) {
239:                         $google_token = json_decode($this->providers_model
240:                                 ->get_setting('google_token', $provider['id']));
241:                         $this->load->library('Google_Sync');
242:                         $this->google_sync->refresh_token($google_token->refresh_token);
243:                         $this->google_sync->delete_appointment($appointment['id_google_calendar']);
244:                     }    
245:                 } catch(Exception $exc) {
246:                     $warnings[] = exceptionToJavaScript($exc);
247:                 }
248:             }
249:             
250:             // :: SEND NOTIFICATION EMAILS TO PROVIDER AND CUSTOMER
251:             try {
252:                 $this->load->library('Notifications');
253:                 $this->notifications->send_delete_appointment($appointment, $provider, 
254:                         $service, $customer, $company_settings, $provider['email'],
255:                         $_POST['delete_reason']);
256:                 $this->notifications->send_delete_appointment($appointment, $provider,
257:                         $service, $customer, $company_settings, $customer['email'],
258:                         $_POST['delete_reason']);
259:             } catch(Exception $exc) {
260:                 $warnings[] = exceptionToJavaScript($exc);
261:             }
262:             
263:             // :: SEND RESPONSE TO CLIENT BROWSER
264:             if (!isset($warnings)) {
265:                 echo json_encode(AJAX_SUCCESS); // Everything executed successfully.
266:             } else {
267:                 echo json_encode(array(
268:                     'warnings' => $warnings // There were warnings during the operation.
269:                 ));
270:             }
271:         } catch(Exception $exc) {
272:             echo json_encode(array(
273:                 'exceptions' => array(exceptionToJavaScript($exc))
274:             ));
275:         }
276:     }
277:     
278:     /**
279:      * [AJAX] Disable a providers sync setting.
280:      * 
281:      * This method deletes the "google_sync" and "google_token" settings from the 
282:      * database. After that the provider's appointments will be no longer synced 
283:      * with google calendar.
284:      * 
285:      * @param string $_POST['provider_id'] The selected provider record id.
286:      */
287:     public function ajax_disable_provider_sync() {
288:         try { 
289:             if (!isset($_POST['provider_id'])) {
290:                 throw new Exception('Provider id not specified.');
291:             }
292:             
293:             $this->load->model('providers_model');
294:             $this->providers_model->set_setting('google_sync', FALSE, $_POST['provider_id']);
295:             $this->providers_model->set_setting('google_token', NULL, $_POST['provider_id']);
296:             
297:             echo json_encode(AJAX_SUCCESS);
298:             
299:         } catch(Exception $exc) {
300:             echo json_encode(array(
301:                 'exceptions' => array(exceptionToJavaScript($exc))
302:             ));
303:         }
304:     }
305:     
306:     /**
307:      * [AJAX] Filter the customer records with the given key string.
308:      * 
309:      * @param string $_POST['key'] The filter key string
310:      * @return array Returns the search results.
311:      */
312:     public function ajax_filter_customers() {
313:         try {
314:             $this->load->model('appointments_model');
315:             $this->load->model('services_model');
316:             $this->load->model('providers_model');
317:             $this->load->model('customers_model');
318:             
319:             $key = $_POST['key']; // @task $this->db->escape($_POST['key']);
320:             
321:             $where_clause = 
322:                     '(first_name LIKE "%' . $key . '%" OR ' . 
323:                     'last_name LIKE "%' . $key . '%" OR ' . 
324:                     'email LIKE "%' . $key . '%" OR ' . 
325:                     'phone_number LIKE "%' . $key . '%" OR ' .
326:                     'address LIKE "%' . $key . '%" OR ' .
327:                     'city LIKE "%' . $key . '%" OR ' .
328:                     'zip_code LIKE "%' . $key . '%")';      
329:             
330:             $customers = $this->customers_model->get_batch($where_clause);
331:             
332:             foreach($customers as &$customer) {
333:                 $appointments = $this->appointments_model
334:                         ->get_batch(array('id_users_customer' => $customer['id']));
335:                 
336:                 foreach($appointments as &$appointment) {
337:                     $appointment['service'] = $this->services_model
338:                             ->get_row($appointment['id_services']);
339:                     $appointment['provider'] = $this->providers_model
340:                             ->get_row($appointment['id_users_provider']);
341:                 }
342:                 
343:                 $customer['appointments'] = $appointments;
344:             }
345:             
346:             echo json_encode($customers);
347:             
348:         } catch(Exception $exc) {
349:             echo json_encode(array(
350:                 'exceptions' => array(exceptionToJavaScript($exc))
351:             ));
352:         }
353:     }
354:     
355:     /**
356:      * [AJAX] Insert of update unavailable time period to database.
357:      * 
358:      * @param array $_POST['unavailable'] JSON encoded array that contains the unavailable 
359:      * period data.
360:      */
361:     public function ajax_save_unavailable() {
362:         try {
363:             $this->load->model('appointments_model');
364:             $this->load->model('providers_model');
365:             
366:             // Add appointment
367:             $unavailable = json_decode($_POST['unavailable'], true);
368:             $unavailable['id'] = $this->appointments_model->add_unavailable($unavailable); 
369:             $unavailable = $this->appointments_model->get_row($unavailable['id']);
370:             
371:             // Google Sync
372:             try {
373:                 $google_sync = $this->providers_model->get_setting('google_sync', 
374:                         $unavailable['id_users_provider']);
375:                 
376:                 if ($google_sync) {
377:                     $google_token = json_decode($this->providers_model->get_setting('google_token',
378:                             $unavailable['id_users_provider']));
379:                     
380:                     $this->load->library('google_sync');
381:                     $this->google_sync->refresh_token($google_token->refresh_token);
382:                     
383:                     if ($unavailable['id_google_calendar'] == NULL) {
384:                         $google_event = $this->google_sync->add_unavailable($unavailable);
385:                         $unavailable['id_google_calendar'] = $google_event->id;
386:                         $this->appointments_model->add_unavailable($unavailable);
387:                     } else {
388:                         $google_event = $this->google_sync->update_unavailable($unavailable);
389:                     }
390:                 }
391:             } catch(Exception $exc) {
392:                 $warnings[] = $exc;
393:             }
394:             
395:             if (isset($warnings)) {
396:                 echo json_encode(array(
397:                     'warnings' => $warnings
398:                 ));
399:             } else {
400:                 echo json_encode(AJAX_SUCCESS);
401:             }
402:             
403:         } catch(Exception $exc) { 
404:             echo json_encode(array(
405:                 'exceptions' => array(exceptionToJavaScript($exc))
406:             ));
407:         }
408:     }
409:     
410:     /**
411:      * [AJAX] Delete an unavailable time period from database.
412:      * 
413:      * @param numeric $_POST['unavailable_id'] Record id to be deleted.
414:      */
415:     public function ajax_delete_unavailable() {
416:         try {
417:             $this->load->model('appointments_model');
418:             $this->load->model('providers_model');
419:             
420:             $unavailable = $this->appointments_model->get_row($_POST['unavailable_id']);
421:             $provider = $this->providers_model->get_row($unavailable['id_users_provider']);
422:             
423:             // Delete unavailable 
424:             $this->appointments_model->delete_unavailable($unavailable['id']);
425:             
426:             // Google Sync
427:             try {
428:                 $google_sync = $this->providers_model->get_setting('google_sync', $provider['id']);
429:                 if ($google_sync == TRUE) {
430:                     $google_token = json_decode($this->providers_model->get_setting('google_token', $provider['id']));
431:                     $this->load->library('google_sync');
432:                     $this->google_sync->refresh_token($google_token->refresh_token);
433:                     $this->google_sync->delete_unavailable($unavailable['id_google_calendar']);
434:                 }
435:             } catch(Exception $exc) {
436:                 $warnings[] = $exc;
437:             }
438:             
439:             if (isset($warnings)) {
440:                 echo json_encode(array(
441:                     'warnings' => $warnings
442:                 ));
443:             } else {
444:                 echo json_encode(AJAX_SUCCESS);
445:             }
446:             
447:         } catch(Exception $exc) {
448:             echo json_encode(array(
449:                 'exceptions' => array(exceptionToJavaScript($exc))
450:             ));
451:         }
452:     }
453:     
454:     /**
455:      * [AJAX] Save (insert or update) a customer record.
456:      * 
457:      * @param array $_POST['customer'] JSON encoded array that contains the customer's data.
458:      */
459:     public function ajax_save_customer() {
460:         try {
461:             $this->load->model('customers_model');
462:             $customer = json_decode($_POST['customer'], true);
463:             $this->customers_model->add($customer);
464:             echo json_encode(AJAX_SUCCESS);
465:         } catch(Exception $exc) {
466:             echo json_encode(array(
467:                 'exceptions' => array(exceptionToJavaScript($exc))
468:             ));
469:         }
470:     }
471:     
472:     /**
473:      * [AJAX] Delete customer from database.
474:      * 
475:      * @param numeric $_POST['customer_id'] Customer record id to be deleted.
476:      */
477:     public function ajax_delete_customer() {
478:         try {
479:             $this->load->model('customers_model');
480:             $this->customers_model->delete($_POST['customer_id']);
481:             echo json_encode(AJAX_SUCCESS);
482:         } catch(Exception $exc) {
483:             echo json_encode(array(
484:                 'exceptions' => array(exceptionToJavaScript($exc))
485:             ));
486:         }
487:     }
488:     
489:     /**
490:      * [AJAX] Save (insert or update) service record.
491:      * 
492:      * @param array $_POST['service'] Contains the service data (json encoded).
493:      */
494:     public function ajax_save_service() {
495:         try {
496:             $this->load->model('services_model');
497:             $service = json_decode($_POST['service'], true);
498:             $this->services_model->add($service);
499:             echo json_encode(AJAX_SUCCESS);
500:         } catch(Exception $exc) {
501:             echo json_encode(array(
502:                 'exceptions' => array(exceptionToJavaScript($exc))
503:             ));
504:         }
505:     }
506:     
507:     /**
508:      * [AJAX] Delete service record from database.
509:      * 
510:      * @param numeric $_POST['service_id'] Record id to be deleted.
511:      */
512:     public function ajax_delete_service() {
513:         try {
514:             $this->load->model('services_model');
515:             $result = $this->services_model->delete($_POST['service_id']);
516:             echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE);
517:         } catch(Exception $exc) {
518:             echo json_encode(array(
519:                 'exceptions' => array(exceptionToJavaScript($exc))
520:             ));
521:         }
522:     }
523:     
524:     /**
525:      * [AJAX] Filter service records by given key string.
526:      * 
527:      * @param string $_POST['key'] Key string used to filter the records.
528:      * @return array Returns a json encoded array back to client.
529:      */
530:     public function ajax_filter_services() {
531:         try {
532:             $this->load->model('services_model');
533:             $key = $_POST['key']; // @task fix sql injection
534:             $where = 
535:                     '(name LIKE "%' . $key . '%" OR duration LIKE "%' . $key . '%" OR ' . 
536:                     'price LIKE "%' . $key . '%" OR currency LIKE "%' . $key . '%" OR ' .
537:                     'description LIKE "%' . $key . '%")';
538:             $services = $this->services_model->get_batch($where);
539:             echo json_encode($services);
540:         } catch(Exception $exc) {
541:             echo json_encode(array(
542:                 'exceptions' => array(exceptionToJavaScript($exc))
543:             ));
544:         }
545:     }
546:     
547:     /**
548:      * [AJAX] Save (insert or update) category record.
549:      * 
550:      * @param array $_POST['category'] Json encoded array with the category data. If an id
551:      * value is provided then the category is going to be udpated instead of inserted.
552:      */
553:     public function ajax_save_service_category() {
554:         try {
555:             $this->load->model('services_model');
556:             $category = json_decode($_POST['category'], true);
557:             $this->services_model->add_category($category);
558:             echo json_encode(AJAX_SUCCESS);
559:         } catch(Exception $exc) {
560:             echo json_encode(array(
561:                 'exceptions' => array(exceptionToJavaScript($exc))
562:             ));
563:         }
564:     }
565:     
566:     /**
567:      * [AJAX] Delete category record from database.
568:      * 
569:      * @param numeric $_POST['category_id'] Record id to be deleted.
570:      */
571:     public function ajax_delete_service_category() {
572:         try {
573:             $this->load->model('services_model');
574:             $result = $this->services_model->delete_category($_POST['category_id']);
575:             echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE);
576:         } catch(Exception $exc) {
577:             echo json_encode(array(
578:                 'exceptions' => array(exceptionToJavaScript($exc))
579:             ));
580:         }
581:     }
582:     
583:     /**
584:      * [AJAX] Filter services categories with key string.
585:      * 
586:      * @param string $_POST['key'] The key string used to filter the records.
587:      * @return array Returns a json encoded array back to client with the category records.
588:      */
589:     public function ajax_filter_service_categories() {
590:         try {
591:             $this->load->model('services_model');
592:             $key = $_POST['key']; // @task sql injection
593:             $where = '(name LIKE "%' . $key . '%" OR description LIKE "%' . $key . '%")';
594:             $categories = $this->services_model->get_all_categories($where);
595:             echo json_encode($categories);
596:         } catch(Exception $exc) {
597:             echo json_encode(array(
598:                 'exceptions' => array(exceptionToJavaScript($exc))
599:             ));
600:         }
601:     }
602:     
603:     /**
604:      * [AJAX] Filter admin records with string key.
605:      * 
606:      * @param string $_POST['key'] The key string used to filter the records.
607:      * @return array Returns a json encoded array back to client with the admin records.
608:      */
609:     public function ajax_filter_admins() {
610:         try {
611:             $this->load->model('admins_model');
612:             $key = $_POST['key']; // @task sql injection
613:             $where = 
614:                 '(first_name LIKE "%' . $key . '%" OR last_name LIKE "%' . $key . '%" ' . 
615:                 'OR email LIKE "%' . $key . '%" OR mobile_number LIKE "%' . $key . '%" ' . 
616:                 'OR phone_number LIKE "%' . $key . '%" OR address LIKE "%' . $key . '%" ' .
617:                 'OR city LIKE "%' . $key . '%" OR state LIKE "%' . $key . '%" ' .
618:                 'OR zip_code LIKE "%' . $key . '%" OR notes LIKE "%' . $key . '%")';
619:             $admins = $this->admins_model->get_batch($where);
620:             echo json_encode($admins);
621:         } catch(Exception $exc) {
622:             echo json_encode(array(
623:                 'exceptions' => array(exceptionToJavaScript($exc))
624:             ));
625:         }
626:     }
627:     
628:     /**
629:      * [AJAX] Save (insert or update) admin record into database.
630:      * 
631:      * @param array $_POST['admin'] A json encoded array that contains the admin data. If an 'id'
632:      * value is provided then the record is going to be updated.
633:      * @return string Returns the success contant 'AJAX_SUCCESS' so javascript knows that  
634:      * everything completed successfully.
635:      */
636:     public function ajax_save_admin() {
637:         try {
638:             $this->load->model('admins_model');
639:             $admin = json_decode($_POST['admin'], true);
640:             $this->admins_model->add($admin);
641:             echo json_encode(AJAX_SUCCESS);
642:         } catch(Exception $exc) {
643:             echo json_encode(array(
644:                 'exceptions' => array(exceptionToJavaScript($exc))
645:             ));
646:         }
647:     }
648:     
649:     /**
650:      * [AJAX] Delete an admin record from the database.
651:      * 
652:      * @param numeric $_POST['admin_id'] The id of the record to be deleted.
653:      * @return string Returns the operation result constant (AJAX_SUCESS or AJAX_FAILURE).
654:      */
655:     public function ajax_delete_admin() {
656:         try {
657:             $this->load->model('admins_model');
658:             $result = $this->admins_model->delete($_POST['admin_id']);
659:             echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE);
660:         } catch(Exception $exc) {
661:             echo json_encode(array(
662:                 'exceptions' => array(exceptionToJavaScript($exc))
663:             ));
664:         }
665:     }
666:     
667:     /**
668:      * [AJAX] Filter provider records with string key.
669:      * 
670:      * @param string $_POST['key'] The key string used to filter the records.
671:      * @return array Returns a json encoded array back to client with the provider records.
672:      */
673:     public function ajax_filter_providers() {
674:         try {
675:             $this->load->model('providers_model');
676:             $key = $_POST['key']; // @task sql injection
677:             $where = 
678:                 '(first_name LIKE "%' . $key . '%" OR last_name LIKE "%' . $key . '%" ' . 
679:                 'OR email LIKE "%' . $key . '%" OR mobile_number LIKE "%' . $key . '%" ' . 
680:                 'OR phone_number LIKE "%' . $key . '%" OR address LIKE "%' . $key . '%" ' .
681:                 'OR city LIKE "%' . $key . '%" OR state LIKE "%' . $key . '%" ' .
682:                 'OR zip_code LIKE "%' . $key . '%" OR notes LIKE "%' . $key . '%")';
683:             $providers = $this->providers_model->get_batch($where);
684:             echo json_encode($providers);
685:         } catch(Exception $exc) {
686:             echo json_encode(array(
687:                 'exceptions' => array(exceptionToJavaScript($exc))
688:             ));
689:         }
690:     }
691:     
692:     /**
693:      * [AJAX] Save (insert or update) a provider record into database.
694:      * 
695:      * @param array $_POST['provider'] A json encoded array that contains the provider data. If an 'id'
696:      * value is provided then the record is going to be updated.
697:      * @return string Returns the success contant 'AJAX_SUCCESS' so javascript knows that  
698:      * everything completed successfully.
699:      */
700:     public function ajax_save_provider() {
701:         try {
702:             $this->load->model('providers_model');
703:             $provider = json_decode($_POST['provider'], true);
704:             $this->providers_model->add($provider);
705:             echo json_encode(AJAX_SUCCESS);
706:         } catch(Exception $exc) {
707:             echo json_encode(array(
708:                 'exceptions' => array(exceptionToJavaScript($exc))
709:             ));
710:         }
711:     }
712:     
713:     /**
714:      * [AJAX] Delete a provider record from the database.
715:      * 
716:      * @param numeric $_POST['provider_id'] The id of the record to be deleted.
717:      * @return string Returns the operation result constant (AJAX_SUCESS or AJAX_FAILURE).
718:      */
719:     public function ajax_delete_provider() {
720:         try {
721:             $this->load->model('providers_model');
722:             $result = $this->providers_model->delete($_POST['provider_id']);
723:             echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE);
724:         } catch(Exception $exc) {
725:             echo json_encode(array(
726:                 'exceptions' => array(exceptionToJavaScript($exc))
727:             ));
728:         }
729:     }
730:     
731:     /**
732:      * [AJAX] Filter secretary records with string key.
733:      * 
734:      * @param string $_POST['key'] The key string used to filter the records.
735:      * @return array Returns a json encoded array back to client with the secretary records.
736:      */
737:     public function ajax_filter_secretaries() {
738:         try {
739:             $this->load->model('secretaries_model');
740:             $key = $_POST['key']; // @task sql injection
741:             $where = 
742:                 '(first_name LIKE "%' . $key . '%" OR last_name LIKE "%' . $key . '%" ' . 
743:                 'OR email LIKE "%' . $key . '%" OR mobile_number LIKE "%' . $key . '%" ' . 
744:                 'OR phone_number LIKE "%' . $key . '%" OR address LIKE "%' . $key . '%" ' .
745:                 'OR city LIKE "%' . $key . '%" OR state LIKE "%' . $key . '%" ' .
746:                 'OR zip_code LIKE "%' . $key . '%" OR notes LIKE "%' . $key . '%")';
747:             $secretaries = $this->secretaries_model->get_batch($where);
748:             echo json_encode($secretaries);
749:         } catch(Exception $exc) {
750:             echo json_encode(array(
751:                 'exceptions' => array(exceptionToJavaScript($exc))
752:             ));
753:         }
754:     }
755:     
756:     /**
757:      * [AJAX] Save (insert or update) a secretary record into database.
758:      * 
759:      * @param array $_POST['secretary'] A json encoded array that contains the secretary data. 
760:      * If an 'id' value is provided then the record is going to be updated.
761:      * @return string Returns the success contant 'AJAX_SUCCESS' so javascript knows that  
762:      * everything completed successfully.
763:      */
764:     public function ajax_save_secretary() {
765:         try {
766:             $this->load->model('secretaries_model');
767:             $secretary = json_decode($_POST['secretary'], true);
768:             $this->secretaries_model->add($secretary);
769:             echo json_encode(AJAX_SUCCESS);
770:         } catch(Exception $exc) {
771:             echo json_encode(array(
772:                 'exceptions' => array(exceptionToJavaScript($exc))
773:             ));
774:         }
775:     }
776:     
777:     /**
778:      * [AJAX] Delete a secretary record from the database.
779:      * 
780:      * @param numeric $_POST['secretary_id'] The id of the record to be deleted.
781:      * @return string Returns the operation result constant (AJAX_SUCESS or AJAX_FAILURE).
782:      */
783:     public function ajax_delete_secretary() {
784:         try {
785:             $this->load->model('secretaries_model');
786:             $result = $this->secretaries_model->delete($_POST['secretary_id']);
787:             echo ($result) ? json_encode(AJAX_SUCCESS) : json_encode(AJAX_FAILURE);
788:         } catch(Exception $exc) {
789:             echo json_encode(array(
790:                 'exceptions' => array(exceptionToJavaScript($exc))
791:             ));
792:         }
793:     }
794: }
795: 
796: /* End of file backend_api.php */
797: /* Location: ./application/controllers/backend_api.php */
API documentation generated by ApiGen 2.8.0