Untitled

<?php
/*
 *      rest.php
 *
 *      Copyright 2011 Lana Krnic <lana.krnic@gmail.com>
 *
 *      This program is free software; you can redistribute it and/or modify
 *      it under the terms of the GNU General Public License as published by
 *      the Free Software Foundation; either version 2 of the License, or
 *      (at your option) any later version.
 *
 *      This program is distributed in the hope that it will be useful,
 *      but WITHOUT ANY WARRANTY; without even the implied warranty of
 *      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *      GNU General Public License for more details.
 *
 *      You should have received a copy of the GNU General Public License
 *      along with this program; if not, write to the Free Software
 *      Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 *      MA 02110-1301, USA.
 */

echo "URL: ". $_GET['url'];

$url_parts = explode("/", $_GET['url']);

$service=$url_parts[0];

echo "Service: " . $service;

$dbconn = pg_connect("host=localhost dbname=rest user=hmp password=temperatime")
    or die('Could not connect: ' . pg_last_error());


if($_SERVER['REQUEST_METHOD'] == 'GET') {
    if($service == 'order') {
        $id=$url_parts[1];
        if(!$id) {
            $result = pg_query($dbconn, "SELECT id, buyerid FROM orders") or die('Could not query: ' . pg_last_error());
            while ($arr = pg_fetch_array($result)) {
                echo "<order id=$arr[0]>\n";
                echo "\t<buyerid>$arr[1]</buyerid>\n";
                echo "</order>\n\n";
            }
        }
        else {
            $result = pg_query($dbconn, "SELECT buyerid FROM orders WHERE id = $id") or die('Could not query: ' . pg_last_error());
            while ($arr = pg_fetch_array($result)) {
                echo "<order id=$id>\n";
                echo "\t<buyerid>$arr[0]</buyerid>\n";
                $result2 = pg_query($dbconn, "SELECT itemname FROM items WHERE orderid = $id");
                while ($arr2 = pg_fetch_array($result2)) {
                    echo "\t<item>$arr2[0]</item>\n";
                }
                echo "</order>\n\n";
            }
        }
    }
    if ($service == 'customers') {
        $id = $url_parts[1];
        $orders = $url_parts[2];
        if(!$id) {
            $result = pg_query($dbconn, "SELECT id, name FROM customers") or die('Could not query: ' . pg_last_error());
            while ($arr = pg_fetch_array($result)) {
                echo "<customer id=$arr[0]>\n";
                echo "\t<name>$arr[1]</name>\n";
                echo "</customer>\n\n";
            }
        }
        elseif(!$orders) {
            $result = pg_query($dbconn, "SELECT id, name, age, city FROM customers WHERE id='$id'") or die('Could not query: ' . pg_last_error());
            while ($arr = pg_fetch_array($result)) {
                echo "<customer id=$arr[0]>\n";
                echo "\t<name>$arr[1]</name>\n";
                echo "\t<age>$arr[2]</age>\n";
                echo "\t<city>$arr[3]</city>\n";
                echo "</customer>\n\n";
            }
        }
        elseif ($orders == 'orders') {
            echo "<customer id=$id>\n";
            $result = pg_query($dbconn, "SELECT id FROM orders WHERE buyerid = '$id'");
            while ($arr = pg_fetch_array($result)) {
                echo "\t<order>$arr[0]</order>\n";
            }
            echo "</customer>\n\n";

        }

    }
}

if($_SERVER['REQUEST_METHOD'] == 'POST') {
    if($service == 'order') {
        $id=$url_parts[1];
        if(!$id) {
            $buyerid = $_POST['buyerid'];
            $result = pg_query ($dbconn, "INSERT INTO orders (buyerid) VALUES ('$buyerid')");
        }
        else
        {
            $item = $_POST['item'];
            $result = pg_query ($dbconn, "INSERT INTO items (orderid, itemname) VALUES ('$id:*', '$item')");
        }
    }
    if($service == 'customers') {
        $id=$url_parts[1];
        $orders=$url_parts[2];
        if(!$id) {
            $name = $_POST['name'];
            $age = $_POST['age'];
            $city = $_POST['city'];
            $result = pg_query ($dbconn, "INSERT INTO customers (name, age, city) VALUES ('$name', '$age', '$city')");
        }
        if($orders) {
            $result = pg_query ($dbconn, "INSERT INTO orders (buyerid) VAlUES ('$id')");
        }
    }
}

if($_SERVER['REQUEST_METHOD'] == 'PUT') {
    parse_str(file_get_contents("php://input"), $post_vars);
    if($service == 'order') {
        $id=$url_parts[1];
        if($id) {
            $buyerid = $post_vars['buyerid'];
            $result = pg_query($dbconn, "UPDATE orders SET buyerid='$buyerid' WHERE id='$id'");
        }
    }
    if($service == 'customers') {
        $id=$url_parts[1];
        $orders = $url_parts[2];
        if($id && !$orders) {
            $name = $post_vars['name'];
            $city = $post_vars['city'];
            $age=  $post_vars['age'];
            if($name) $query .= ",name='" . $name ."'";
            if($city) $query .= ",city='" . $city . "'";
            if($age) $query .= ",age='" . $age ."'";
            $query = substr($query, 1);
            $result = pg_query($dbconn, "UPDATE customers SET $query WHERE id='$id'");
        }
    }
}

if($_SERVER['REQUEST_METHOD'] == 'DELETE') {
    parse_str(file_get_contents("php://input"), $post_vars);
    if($service == 'order') {
        $id=$url_parts[1];
        if($id) {
            $result = pg_query($dbconn, "DELETE FROM orders WHERE id='$id'");
        }
    }
    if($service == 'customers') {
        $id=$url_parts[1];
        $orders = $url_parts[2];
        if($id && !$orders) {
            $result = pg_query($dbconn, "DELETE FROM customers WHERE id='$id'");
        }
        elseif($orders) {
            $result = pg_query($dbconn, "DELETE FROM orders WHERE buyerid='$id'");
        }
    }
}
?>