diff --git a/public/order.js b/public/order.js index 0b73fd1e5846e022665ceb5ca59467fa11981566..f3f8a133839d1e447689f7bf554d2fb4b060aea9 100755 --- a/public/order.js +++ b/public/order.js @@ -8,10 +8,11 @@ var resultData; function makeOrder() { + var customerID = document.getElementById('customer-id').innerHTML; var orderPickup = document.getElementById('orderPickup').value; var orderDestination = document.getElementById('orderDestination').value; var orderPreferredDriver = document.getElementById('orderPreferredDriver').value; - var data = "pickup="+orderPickup+"&destination="+orderDestination+"&driver="+orderPreferredDriver; + var data = "id="+customerID+"&pickup="+orderPickup+"&destination="+orderDestination+"&driver="+orderPreferredDriver; var xhttp = new XMLHttpRequest(); xhttp.onreadystatechange = function() { diff --git a/src/controller/OrderController.php b/src/controller/OrderController.php index 4d36ec0f98d544caca611048fa13ad84460baf03..846c6b30dfbafe7a97ff7872b9096976ff78b7c1 100644 --- a/src/controller/OrderController.php +++ b/src/controller/OrderController.php @@ -27,6 +27,7 @@ class OrderController { public static function MakeOrderHandler() { + $id = simpleCrypt($_POST['id'], 'd'); $pickup = $_POST['pickup']; $destination = $_POST['destination']; $driver = $_POST['driver']; @@ -41,10 +42,10 @@ class OrderController { WHERE user.id IN ( SELECT DISTINCT id_driver FROM prefered_location - WHERE location = ? OR location = ? + WHERE (location = ? OR location = ?) AND user.id <> ? )' ); - $stmt->execute(array($pickup, $destination)); + $stmt->execute(array($pickup, $destination, $id)); if ($stmt === false) { echo "Error"; return; @@ -62,9 +63,9 @@ class OrderController { 'SELECT user.id AS id, name, username, photo, rating, sum_order FROM user NATURAL JOIN driver - WHERE username = ?' + WHERE username = ? AND user.id <> ?' ); - $stmt->execute(array($driver)); + $stmt->execute(array($driver, $id)); if ($stmt === false) { echo "Error"; return;