wsh5485/carwash_order
Archived
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects 1 Releases 8 Wiki Activity

fix: 增强表单提交的数据验证和冲突检查逻辑

Browse Source 
- 添加客户类型验证,只允许'vip'或'new'
- 优化VIP客户信息处理逻辑,允许通过表单覆盖
- 为所有输入字段添加默认值和trim处理
- 添加会员类型和来源渠道的验证
- 简化时间冲突检查逻辑并添加调试日志
- 修复空值可能导致的问题
This commit is contained in:
吴展鹏
2025-12-12 02:42:51 +08:00
parent 905bbc5934
commit ae557aa5c2
1 changed files with 38 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
index.php
+38 -21
View File
@@ -9,7 +9,12 @@ $success_message = '';
// 处理表单提交 // 处理表单提交
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
try { try {
$customer_type = $_POST['customer_type']; // 验证并获取客户类型
$customer_type = isset($_POST['customer_type']) ? $_POST['customer_type'] : '';
if (!in_array($customer_type, ['vip', 'new'])) {
throw new Exception('无效的客户类型');
}
$vip_id = isset($_POST['vip_id']) ? (int)$_POST['vip_id'] : 0; $vip_id = isset($_POST['vip_id']) ? (int)$_POST['vip_id'] : 0;
// 如果选择VIP客户,从VIP表获取信息 // 如果选择VIP客户,从VIP表获取信息
@@ -29,25 +34,30 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$log_data = json_encode(['location' => 'index.php:28', 'message' => 'VIP customer data', 'data' => ['vip_id' => $vip_id, 'has_car_model' => isset($vip_customer['car_model']), 'has_car_number' => isset($vip_customer['car_number'])], 'timestamp' => time() * 1000, 'sessionId' => 'debug-session', 'runId' => 'run1', 'hypothesisId' => 'A']); $log_data = json_encode(['location' => 'index.php:28', 'message' => 'VIP customer data', 'data' => ['vip_id' => $vip_id, 'has_car_model' => isset($vip_customer['car_model']), 'has_car_number' => isset($vip_customer['car_number'])], 'timestamp' => time() * 1000, 'sessionId' => 'debug-session', 'runId' => 'run1', 'hypothesisId' => 'A']);
file_put_contents('.cursor/debug.log', $log_data . "\n", FILE_APPEND); file_put_contents('.cursor/debug.log', $log_data . "\n", FILE_APPEND);
// #endregion // #endregion
$car_model = isset($vip_customer['car_model']) && $vip_customer['car_model'] ? $vip_customer['car_model'] : ''; // 允许覆盖 // VIP客户信息优先,但允许通过POST覆盖(如果用户想修改)
$car_number = isset($vip_customer['car_number']) && $vip_customer['car_number'] ? $vip_customer['car_number'] : ''; // 允许覆盖 $car_model = isset($_POST['car_model']) && trim($_POST['car_model']) ? trim($_POST['car_model']) : (isset($vip_customer['car_model']) && $vip_customer['car_model'] ? $vip_customer['car_model'] : '');
$car_number = isset($_POST['car_number']) && trim($_POST['car_number']) ? trim($_POST['car_number']) : (isset($vip_customer['car_number']) && $vip_customer['car_number'] ? $vip_customer['car_number'] : '');
$member_type = 'VIP会员'; $member_type = 'VIP会员';
} else { } else {
// 新客户录入 // 新客户录入
$customer_name = trim($_POST['customer_name']); $customer_name = trim($_POST['customer_name'] ?? '');
$phone = trim($_POST['phone']); $phone = trim($_POST['phone'] ?? '');
$car_model = trim($_POST['car_model'] ?? '');
$car_number = trim($_POST['car_number'] ?? '');
} }
$package_id = (int)($_POST['package_id'] ?? 0);
$car_model = trim($_POST['car_model']);
$car_number = trim($_POST['car_number']);
$package_id = (int)$_POST['package_id'];
$custom_services = trim($_POST['custom_services'] ?? ''); $custom_services = trim($_POST['custom_services'] ?? '');
$appointment_date = $_POST['appointment_date']; $appointment_date = $_POST['appointment_date'] ?? '';
$appointment_time = $_POST['appointment_time']; $appointment_time = $_POST['appointment_time'] ?? '';
$duration = (int)$_POST['duration']; $duration = (int)($_POST['duration'] ?? 60);
$notes = trim($_POST['notes'] ?? ''); $notes = trim($_POST['notes'] ?? '');
$member_type = $_POST['member_type'];
$source = $_POST['source']; // 验证member_type和source
$allowed_member_types = ['普通客户', 'VIP会员'];
$member_type = isset($_POST['member_type']) && in_array($_POST['member_type'], $allowed_member_types) ? $_POST['member_type'] : '普通客户';
$allowed_sources = ['抖音', '微信', '快手', '朋友介绍', '其他'];
$source = isset($_POST['source']) && in_array($_POST['source'], $allowed_sources) ? $_POST['source'] : '其他';
// 验证必填字段 // 验证必填字段
if (empty($customer_name) || empty($phone) || empty($car_model) || if (empty($customer_name) || empty($phone) || empty($car_model) ||
@@ -86,16 +96,23 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$end_time = date('Y-m-d H:i:s', strtotime($start_time . " +{$duration} minutes")); $end_time = date('Y-m-d H:i:s', strtotime($start_time . " +{$duration} minutes"));
// 检查时间冲突 // 检查时间冲突
// 两个时间段重叠的条件:现有预约的开始时间 < 新预约的结束时间 AND 现有预约的结束时间 > 新预约的开始时间
// #region agent log
$log_data = json_encode(['location' => 'index.php:98', 'message' => 'Checking time conflict', 'data' => ['start_time' => $start_time, 'end_time' => $end_time, 'duration' => $duration], 'timestamp' => time() * 1000, 'sessionId' => 'debug-session', 'runId' => 'run1', 'hypothesisId' => 'F']);
file_put_contents('.cursor/debug.log', $log_data . "\n", FILE_APPEND);
// #endregion
$stmt = $pdo->prepare("SELECT COUNT(*) FROM bookings $stmt = $pdo->prepare("SELECT COUNT(*) FROM bookings
WHERE status != '已取消' WHERE status != '已取消'
AND ( AND start_time < ?
(start_time <= ? AND end_time > ?) AND end_time > ?");
OR (start_time < ? AND end_time >= ?) $stmt->execute([$end_time, $start_time]);
OR (start_time >= ? AND end_time <= ?) $conflict_count = $stmt->fetchColumn();
)"); // #region agent log
$stmt->execute([$start_time, $start_time, $end_time, $end_time, $start_time, $end_time]); $log_data = json_encode(['location' => 'index.php:107', 'message' => 'Time conflict check result', 'data' => ['conflict_count' => $conflict_count], 'timestamp' => time() * 1000, 'sessionId' => 'debug-session', 'runId' => 'run1', 'hypothesisId' => 'F']);
file_put_contents('.cursor/debug.log', $log_data . "\n", FILE_APPEND);
// #endregion
if ($stmt->fetchColumn() > 0) { if ($conflict_count > 0) {
throw new Exception('该时间段已被预约,请选择其他时间'); throw new Exception('该时间段已被预约,请选择其他时间');
} }