From 854d6b824a9f3d23ddb4aa32387360e6700c7c32 Mon Sep 17 00:00:00 2001
From: Fadhil Imam Kurnia <fadhilimamk@gmail.com>
Date: Sat, 7 Oct 2017 09:25:56 +0700
Subject: [PATCH] Add input validation before POST to api

---
 public/order.js | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/public/order.js b/public/order.js
index f3f8a13..0820c6d 100755
--- a/public/order.js
+++ b/public/order.js
@@ -7,19 +7,28 @@
 var resultData;
 
 function makeOrder() {
-
     var customerID = document.getElementById('customer-id').innerHTML;
     var orderPickup = document.getElementById('orderPickup').value;
     var orderDestination = document.getElementById('orderDestination').value;
     var orderPreferredDriver = document.getElementById('orderPreferredDriver').value;
     var data = "id="+customerID+"&pickup="+orderPickup+"&destination="+orderDestination+"&driver="+orderPreferredDriver;
 
+    if (orderPickup.trim() == "" || orderDestination.trim() == "") {
+        alert("Sorce and destination is required!");
+        return;
+    }
+
     var xhttp = new XMLHttpRequest();
     xhttp.onreadystatechange = function() {
         if (this.readyState == 4 && this.status == 200) {
             resultData = JSON.parse(this.responseText);
             bindSearchResult(JSON.parse(this.responseText));
             showDriverPage();
+
+            document.getElementById('orderPickup').disabled = true;
+            document.getElementById('orderDestination').disabled = true;
+            document.getElementById('orderPreferredDriver').disabled = true;
+
         }
     };
     xhttp.open("POST", "/main/order/new", true);
@@ -60,7 +69,7 @@ function finishOrder(id) {
     var name;
     var username;
     var preferred = resultData.preferred;
-    if (preferred.id == id) {
+    if (preferred != null && preferred.id == id) {
         photo = preferred.photo;
         name = preferred.name;
         username = preferred.username;
@@ -116,12 +125,18 @@ function completeOrder(id) {
     var comment = document.getElementById('order-comment').value;
     var data = 'id='+id+'&id_customer='+customerID+'&source='+orderPickup+'&destination='+orderDestination+'&rating='+rating+'&comment='+comment;
 
+    if (comment.trim() == "") {
+        alert("You must give feedback to your driver");
+        return;
+    }
+
     var xhttp = new XMLHttpRequest();
     xhttp.onreadystatechange = function() {
         if (this.readyState == 4 && this.status == 200) {
             if (this.responseText == "Error") {
                 alert("Fail completing your order");
             } else {
+                alert("Thanks for your order :D");
                 window.location.href = "/main/order?u="+customerID;
             }
         }
-- 
GitLab