Mercurial > hg > fapweb
view ajax.php @ 61:e85ed35585fc
Work on attendee editing, etc.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Sat, 05 Oct 2013 12:33:59 +0300 |
parents | e5e38ed4e837 |
children | 230aacc22cb4 |
line wrap: on
line source
<? // // AJAX request handler backend module // $sessionType = "admin"; require "mconfig.inc.php"; require "msite.inc.php"; require "msession.inc.php"; // Check if we are allowed to execute if (!stCheckHTTPS() || !stAdmSessionAuth()) { stSetupCacheControl(); stSessionEnd(SESS_ADMIN); header("Location: news"); exit; } stSetupCacheControl(); // Initiate SQL database connection if (!stConnectSQLDB()) die("Could not connect to SQL database."); // Fetch non-"hardcoded" settings from SQL database stReloadSettings(); function saveButton() { return "<input type=\"submit\" value=\" Save \" />\n"; } function setStatus($val, $msg) { global $statusSet; if (!$statusSet) { header("Status: ".$val." ".$msg); } $statusSet = TRUE; } function execSQLCond($sql, $okmsg) { if (($res = stExecSQL($sql)) !== FALSE) { if ($okmsg != "") setStatus(200, $okmsg); return $res; } else { setStatus(900, "Error in SQL execution."); return FALSE; } } // XMLHttp responses $action = "ERROR"; if (stChkRequestItem("action") && stChkRequestItem("type")) { $action = $_REQUEST["action"]; $type = $_REQUEST["type"]; } switch ($action) { case "dump": // // Perform generic data dump // if (($res = execSQLCond( "SELECT * FROM attendees WHERE email NOT NULL AND email != '' ORDER BY regtime DESC", "Dump OK.")) !== FALSE) { $out1 = array(); $out2 = array(); foreach ($res as $item) { $out1[] = $item["name"]." <".$item["email"].">"; $out2[] = $item["email"]; } echo "<br /><hr />". implode(", ", $out1)."<br /><hr /><br />". implode("<br />", $out1)."<br /><hr /><br />". implode(", ", $out2)."<br /><hr /><br />". implode("<br />", $out2)."<br /><hr />"; } break; case "get": // // Get specific data // switch ($type) { case "news": $sql = "SELECT * FROM news ORDER BY utime DESC"; break; case "attendees": $sql = "SELECT * FROM attendees ORDER BY regtime DESC"; break; case "compos": $sql = "SELECT * FROM compos ORDER BY id DESC"; break; case "settings": $prefix = "st"; echo "<h1>Site settings</h1>\n". "<table>\n"; foreach (stExecSQL("SELECT * FROM settings WHERE vtype<>".VT_TEXT) as $item) { echo " <tr>\n". " <td>"; $id = $item["key"]; switch ($item["vtype"]) { case VT_INT: echo stGetFormTextInput(10, 10, "", $id, $prefix, $item["vint"]); break; case VT_STR: echo stGetFormTextInput(40, 128, "", $id, $prefix, $item["vstr"]); break; case VT_BOOL: echo stGetFormCheckBoxInput("", $id, $prefix, $item["vint"], ""); break; } echo "</td>\n". " <td>".$item["desc"]."</td>\n". " </tr>\n"; } echo "</table>\n".saveButton(); foreach (stExecSQL("SELECT * FROM settings WHERE vtype=".VT_TEXT) as $item) { echo "<h2>".chentities($item["desc"])."</h2>\n". stGetFormTextArea(10, 60, "", $item["key"], $prefix, $item["vtext"]). "\n<br />\n".saveButton(); } break; case "entries": stGetCompoList(FALSE, FALSE); foreach ($compos as $id => $compo) { echo "<form>\n". " <table class=\"misc\">\n". " <tr>\n". " <th colspan=\"5\">#".$id." - ".chentities($compo["name"])."</th>\n". " </tr>\n". " <tr>\n". " <th style=\"width:1%;\">Compo</th>\n". " <th>Title</th>\n". " <th>Author(s)</th>\n". " <th>Filename</th>\n". " <th>Actions</th>\n". " </tr>\n"; $prefix = "en"; foreach ($compo["entries"] as $eid => $entry) { echo " <tr id=\"entry".$eid."\">\n". " <td>".stGetFormTextInput(5, 5, "compo_id", $eid, "en", $id)."</td>\n". " <td>".stGetFormTextInput(30, 64, "name", $eid, "en", $entry["name"])."</td>\n". " <td>".stGetFormTextInput(30, 64, "author", $eid, "en", $entry["author"])."</td>\n". " <td>".stGetFormTextInput(20, 64, "filename", $eid, "en", $entry["filename"])."</td>\n". " <td>". stGetFormButtonInput("update", $eid, $prefix, " Upd ", "updateEntry(".$eid.")"). stGetFormButtonInput("delete", $eid, $prefix, " Del ", "deleteEntry(".$eid.")"). "</td>\n". " </tr>\n"; } $prefix = "ne"; echo " <tr>\n". " <td></td>\n". " <td>".stGetFormTextInput(30, 64, "name", $id, "ne", "")."</td>\n". " <td>".stGetFormTextInput(30, 64, "author", $id, "ne", "")."</td>\n". " <td>".stGetFormTextInput(20, 64, "filename", $id, "ne", "")."</td>\n". " <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n". " </tr>\n". " </table>\n". "</form>\n"; } break; } // // Perform query if we need to, output results // if (isset($sql) && ($res = execSQLCond($sql, "")) !== FALSE) { if ($type == "news") { foreach ($res as $item) { $id = $item["id"]; stPrintNewsItem($item, "<br />". " <button class=\"button\" id=\"ndel".$id. "\" type=\"button\" onclick=\"deleteNews(".$id. ")\">Delete</button>\n" ); } } else if ($type == "attendees") { echo "<table class=\"attendees\">\n". " <tr>\n". " <th class=\"rname\">Name</th>\n". " <th class=\"oneliner\">Oneliner</th>\n". " <th class=\"email\">E-mail</th>\n". " <th>Actions</th>\n". " <th class=\"vkey\">Vote key</th>\n". " <th class=\"vactive\">Active</th>\n". " </tr>\n"; $row = 0; foreach ($res as $item) stPrintAttendee($item, $row++, TRUE); $prefix = "ne"; echo "</table>\n". "<hr />\n". "<table>\n". " <tr>\n". " <th>Name</th>\n". " <th>Groups</th>\n". " <th>E-mail</th>\n". " <th>Oneliner</th>\n". " <th>Actions</th>\n". " </tr>\n". " <tr>\n". " <td>".stGetFormTextInput(20, 64, "name", "x", $prefix, "")."</td>\n". " <td>".stGetFormTextInput(20, 64, "groups", "x", $prefix, "")."</td>\n". " <td>".stGetFormTextInput(20, 64, "email", "x", $prefix, "")."</td>\n". " <td>".stGetFormTextInput(30, 64, "oneliner", "x", $prefix, "")."</td>\n". " <td>".stGetFormButtonInput("add", "", $prefix, " Add new ", "addAttendee()")."</td>\n". " </tr>\n". "</table>\n"; } else if ($type == "compos") { foreach ($res as $item) { $id = $item["id"]; $prefix = "co"; echo "<div id=\"compo".$id."\">\n". "<h2>#".$id." - ".chentities($item["name"])."</h2>\n". stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"])."\n". stGetFormCheckBoxInput("visible", $id, $prefix, $item["visible"], "Visible")."\n". stGetFormCheckBoxInput("showAuthors", $id, $prefix, $item["showAuthors"], "Show authors")."\n". stGetFormCheckBoxInput("voting", $id, $prefix, $item["voting"], "Enable voting")."<br />\n". stGetFormTextArea(5, 60, "description", $id, $prefix, $item["description"])."\n<br />\n". stGetFormButtonInput("update", $id, $prefix, " Update ", "updateCompo(".$id.")")."\n". "</div>\n". "<hr />\n"; } } } break; case "delete": // // Delete entry // if (stChkRequestItem("id")) { $id = intval(stGetRequestItem("id")); if ($type == "news") { $sql = stPrepareSQL("DELETE FROM news WHERE id=%d AND persist=0", $id); execSQLCond($sql, "OK, news item ".$id." deleted."); } else if ($type == "attendees") { // Attendees require some more work $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id); execSQLCond($sql, "OK, attendee ".$id." deleted."); $sql = stPrepareSQL("DELETE FROM votes WHERE voter_id=%d", $id); execSQLCond($sql, "OK, attendee ".$id." votes deleted."); } else if ($type == "entries") { // .. as do compo entries $sql = stPrepareSQL("DELETE FROM entries WHERE id=%d", $id); execSQLCond($sql, "OK, entry ".$id." deleted."); $sql = stPrepareSQL("DELETE FROM votes WHERE entry_id=%d", $id); execSQLCond($sql, "OK, entry ".$id." votes deleted."); } } else setStatus(901, "No ID specified."); break; case "add": // // Add new entry // if ($type == "news" && stChkRequestItem("text") && stChkRequestItem("author") && stChkRequestItem("title")) { $sql = stPrepareSQL( "INSERT INTO news (utime,title,text,author) VALUES (%d,%S,%Q,%S)", time(), "title", "text", "author"); execSQLCond($sql, "OK, news item added."); } else if ($type == "compo" && stChkRequestItem("name") && stChkRequestItem("description")) { $sql = stPrepareSQL( "INSERT INTO compos (name,description,visible,voting,showAuthors) VALUES (%S,%Q,0,0,0)", "name", "description"); execSQLCond($sql, "OK, compo added."); } else if ($type == "attendees" && stChkRequestItem("name") && stChkRequestItem("groups") && stChkRequestItem("email") && stChkRequestItem("oneliner")) { $sql = stPrepareSQL( "INSERT INTO attendees (regtime,name,groups,oneliner,email) VALUES (%d,%S,%S,%S,%S)", time(), "name", "groups", "oneliner", "email"); execSQLCond($sql, "OK, attendee added."); } else if ($type == "entry" && stChkRequestItem("name") && stChkRequestItem("author") && stChkRequestItem("compo_id")) { $sql = stPrepareSQL( "INSERT INTO entries (name,author,compo_id,filename) VALUES (%S,%S,%D,%S)", "name", "author", "compo_id", "filename"); execSQLCond($sql, "OK, entry added."); } else setStatus(902, "No data."); break; case "update": // // Update existing entry // if ($type == "attendees" && stChkRequestItem("id") && stChkRequestItem("email") && stChkRequestItem("oneliner") && stChkRequestItem("active")) { $sql = stPrepareSQLUpdate("attendees", "WHERE id=".intval(stGetRequestItem("id")), array( "email" => "S", "oneliner" => "S", "active" => "B", )); execSQLCond($sql, "OK, attendee updated."); } else if ($type == "news" && stChkRequestItem("id") && stChkRequestItem("text") && stChkRequestItem("author") && stChkRequestItem("title")) { $sql = stPrepareSQLUpdate("news", "WHERE id=".intval(stGetRequestItem("id")), array( "title" => "S", "text" => "Q", "author" => "S" )); execSQLCond($sql, "OK, news item updated."); } else if ($type == "compo" && stChkRequestItem("id") && stChkRequestItem("name") && stChkRequestItem("description") && stChkRequestItem("visible") && stChkRequestItem("voting") && stChkRequestItem("showAuthors")) { $sql = stPrepareSQLUpdate("compos", "WHERE id=".intval(stGetRequestItem("id")), array( "name" => "S", "description" => "Q", "visible" => "B", "voting" => "B", "showAuthors" => "B", )); execSQLCond($sql, "OK, compo updated."); } else if ($type == "entry" && stChkRequestItem("id") && stChkRequestItem("name") && stChkRequestItem("author") && stChkRequestItem("compo_id")) { $sql = stPrepareSQLUpdate("entries", "WHERE id=".intval(stGetRequestItem("id")), array( "name" => "S", "author" => "S", "filename" => "S", "compo_id" => "D", )); execSQLCond($sql, "OK, entry updated."); } else if ($type == "settings") { foreach (stExecSQL("SELECT * FROM settings") as $item) if (stChkRequestItem($item["key"])) { $val = stGetRequestItem($item["key"]); switch ($item["vtype"]) { case VT_INT: $vsql = stPrepareSQL("vint=%d", $val); break; case VT_BOOL: $vsql = stPrepareSQL("vint=%d", $val ? 1 : 0); break; case VT_STR: $vsql = stPrepareSQL("vstr=%s", $val); break; case VT_TEXT: $vsql = stPrepareSQL("vtext=%s", $val); break; } $sql = "UPDATE settings SET ".$vsql." WHERE key=".$db->quote($item["key"]); execSQLCond($sql, "OK, setting updated."); } } else setStatus(902, "No data."); break; default: setStatus(404, "Not Found"); break; } ?>