72 lines
2.3 KiB
PHP
72 lines
2.3 KiB
PHP
<?php
|
|
session_start();
|
|
require_once 'db/config.php';
|
|
|
|
if (!isset($_SESSION['user_id'])) {
|
|
http_response_code(403);
|
|
echo json_encode(['error' => 'Acceso no autorizado.']);
|
|
exit;
|
|
}
|
|
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
|
|
if (!$data || !isset($data['id']) || !isset($data['field']) || !isset($data['value'])) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Datos incompletos.']);
|
|
exit;
|
|
}
|
|
|
|
$video_id = $data['id'];
|
|
$field = $data['field'];
|
|
$value = $data['value'];
|
|
|
|
// Whitelist allowed fields for security
|
|
$allowed_fields = ['costo_producto', 'costo_fijo_film', 'comision_asesora', 'delivery', 'costo_publicitario', 'promo_1'];
|
|
if (!in_array($field, $allowed_fields)) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Campo no permitido.']);
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
|
|
// Check if record exists
|
|
$stmt = $pdo->prepare("SELECT id FROM marketing_costos WHERE video_id = ?");
|
|
$stmt->execute([$video_id]);
|
|
$exists = $stmt->fetch();
|
|
|
|
if ($exists) {
|
|
$sql = "UPDATE marketing_costos SET $field = ? WHERE video_id = ?";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([$value, $video_id]);
|
|
} else {
|
|
$sql = "INSERT INTO marketing_costos (video_id, $field) VALUES (?, ?)";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute([$video_id, $value]);
|
|
}
|
|
|
|
// Recalculate inversion_total
|
|
$stmt = $pdo->prepare("SELECT costo_producto, costo_fijo_film, comision_asesora, delivery, costo_publicitario FROM marketing_costos WHERE video_id = ?");
|
|
$stmt->execute([$video_id]);
|
|
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
$total = ($row['costo_producto'] ?? 0) +
|
|
($row['costo_fijo_film'] ?? 0) +
|
|
($row['comision_asesora'] ?? 0) +
|
|
($row['delivery'] ?? 0) +
|
|
($row['costo_publicitario'] ?? 0);
|
|
|
|
$stmt = $pdo->prepare("UPDATE marketing_costos SET inversion_total = ? WHERE video_id = ?");
|
|
$stmt->execute([$total, $video_id]);
|
|
|
|
echo json_encode([
|
|
'success' => true,
|
|
'message' => 'Campo actualizado correctamente.',
|
|
'new_total' => $total
|
|
]);
|
|
} catch (PDOException $e) {
|
|
http_response_code(500);
|
|
echo json_encode(['error' => 'Error al actualizar la base de datos: ' . $e->getMessage()]);
|
|
}
|
|
?>
|