Mercurial > hg > fapweb
annotate ajax.php @ 5:76c3b89d7b11
Improve voting, clean up the code, etc.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Wed, 05 Dec 2012 08:08:58 +0200 |
parents | 916623924bd5 |
children | 4c5f651aa107 |
rev | line source |
---|---|
0 | 1 <? |
2 require "mconfig.inc.php"; | |
3 require "msite.inc.php"; | |
4 | |
5 // Check if we are allowed to execute | |
5
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
6 if (!stCheckHTTPS() || !stAdmSessionAuth()) |
0 | 7 { |
8 header("Status: 404 Not Found"); | |
9 exit; | |
10 } | |
11 | |
12 header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 | |
13 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past | |
14 | |
15 | |
16 // Open PDO database connection | |
17 if (!stConnectSQLDB()) | |
18 die("Could not connect to SQL database."); | |
19 | |
20 | |
21 function setStatus($val, $msg) | |
22 { | |
23 global $statusSet; | |
24 if (!$statusSet) | |
25 { | |
26 header("Status: ".$val." ".$msg); | |
27 } | |
28 $statusSet = TRUE; | |
29 } | |
30 | |
31 | |
32 function execSQLCond($sql, $okmsg) | |
33 { | |
34 if (($res = stExecSQL($sql)) !== FALSE) | |
35 { | |
36 if ($okmsg != "") | |
37 setStatus(200, $okmsg); | |
38 return $res; | |
39 } | |
40 else | |
41 { | |
42 setStatus(900, "Error in SQL execution."); | |
43 return FALSE; | |
44 } | |
45 } | |
46 | |
47 | |
48 // XMLHttp responses | |
49 $action = "ERROR"; | |
50 if (stChkRequestItem("action") && stChkRequestItem("type")) | |
51 { | |
52 $action = $_REQUEST["action"]; | |
53 $type = $_REQUEST["type"]; | |
54 } | |
55 | |
56 | |
57 switch ($action) | |
58 { | |
59 case "dump": | |
60 if (($res = execSQLCond( | |
61 "SELECT * FROM attendees WHERE email NOT NULL AND email != '' ORDER BY regtime DESC", | |
62 "Dump OK.")) !== FALSE) | |
63 { | |
64 $out1 = array(); | |
65 $out2 = array(); | |
66 | |
67 foreach ($res as $item) | |
68 { | |
69 $out1[] = $item["name"]." <".$item["email"].">"; | |
70 $out2[] = $item["email"]; | |
71 } | |
72 | |
73 echo "<br /><hr />". | |
74 implode(", ", $out1)."<br /><hr /><br />". | |
75 implode("<br />", $out1)."<br /><hr /><br />". | |
76 implode(", ", $out2)."<br /><hr /><br />". | |
77 implode("<br />", $out2)."<br /><hr />"; | |
78 | |
79 } | |
80 break; | |
81 | |
82 case "get": | |
83 switch ($type) | |
84 { | |
85 case "news": | |
86 $sql = "SELECT * FROM news ORDER BY utime DESC"; | |
87 break; | |
88 | |
89 case "attendees": | |
90 $sql = "SELECT * FROM attendees ORDER BY regtime DESC"; | |
91 break; | |
92 | |
93 case "compos": | |
94 $sql = "SELECT * FROM compos ORDER BY id DESC"; | |
95 break; | |
96 | |
97 case "entries": | |
98 stGetCompoList(TRUE); | |
99 | |
100 foreach ($compos as $id => $compo) | |
101 { | |
102 echo | |
103 "<form>\n". | |
104 " <table class=\"misc\">\n". | |
105 " <tr>\n". | |
106 " <th colspan=\"3\">".chentities($compo["name"])."</th>\n". | |
107 " </tr>\n". | |
108 " <tr>\n". | |
109 " <th>Title</th>\n". | |
110 " <th>Author</th>\n". | |
111 " <th>Actions</th>\n". | |
112 " </tr>\n"; | |
113 | |
114 $prefix = "en"; | |
115 foreach ($compo["entries"] as $eid => $entry) | |
116 { | |
117 echo | |
118 " <tr id=\"entry".$eid."\">\n". | |
119 " <td>".stGetFormTextInput(40, 64, "name", $eid, "en", $entry["name"])."</td>\n". | |
120 " <td>".stGetFormTextInput(40, 64, "author", $eid, "en", $entry["author"])."</td>\n". | |
121 " <td>". | |
122 stGetFormButtonInput("update", $eid, $prefix, " Update ", "updateEntry(".$eid.")"). | |
123 stGetFormButtonInput("delete", $eid, $prefix, " Delete ", "deleteEntry(".$eid.")"). | |
124 "</td>\n". | |
125 " </tr>\n"; | |
126 } | |
127 $prefix = "ne"; | |
128 echo | |
129 " <tr>\n". | |
130 " <td>".stGetFormTextInput(40, 64, "name", $id, "ne", "")."</td>\n". | |
131 " <td>".stGetFormTextInput(40, 64, "author", $id, "ne", "")."</td>\n". | |
132 " <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n". | |
133 " </tr>\n". | |
134 " </table>\n". | |
135 "</form>\n"; | |
136 } | |
137 break; | |
138 | |
139 case "voters": | |
140 $sql = "SELECT * FROM voters ORDER BY id ASC"; | |
141 } | |
142 | |
143 if (isset($sql) && ($res = execSQLCond($sql, "")) !== FALSE) | |
144 { | |
145 if ($type == "news") | |
146 { | |
147 foreach ($res as $item) | |
148 { | |
149 $id = $item["id"]; | |
150 stPrintNewsItem($item, | |
151 "<br />". | |
152 " <button class=\"button\" id=\"ndel".$id. | |
153 "\" type=\"button\" onclick=\"deleteNews(".$id. | |
154 ")\">Delete</button>\n" | |
155 ); | |
156 } | |
157 } | |
158 else | |
159 if ($type == "attendees") | |
160 { | |
161 echo | |
162 "<table class=\"attendees\">\n". | |
163 " <tr>\n". | |
164 " <th>Name</th>\n". | |
165 " <th class=\"groups\">Group(s)</th>\n". | |
166 " <th class=\"regtime\">Registered</th>\n". | |
167 " <th class=\"oneliner\">Oneliner</th>\n". | |
168 " <th class=\"email\">E-mail</th>\n". | |
169 " <th>Actions</th>\n". | |
170 " </tr>\n"; | |
171 $row = 0; | |
172 foreach ($res as $item) | |
173 stPrintAttendee($item, $row++, TRUE); | |
174 echo "</table>\n"; | |
175 } | |
176 else | |
177 if ($type == "compos") | |
178 { | |
179 foreach ($res as $item) | |
180 { | |
181 $id = $item["id"]; | |
182 $prefix = "co"; | |
183 echo | |
184 "<div id=\"compo".$id."\">\n". | |
185 "<h2>#".$id." - ".chentities($item["name"])."</h2>\n". | |
186 stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"])."\n". | |
187 stGetFormCheckBoxInput("enabled", $id, $prefix, $item["enabled"], "Enabled")."<br />\n". | |
188 stGetFormTextArea(5, 60, "description", $id, $prefix, $item["description"])."\n<br />\n". | |
189 stGetFormButtonInput("update", $id, $prefix, " Update ", "updateCompo(".$id.")")."\n". | |
190 "</div>\n". | |
191 "<hr />\n"; | |
192 } | |
193 } | |
194 else | |
195 if ($type == "voters") | |
196 { | |
197 echo | |
5
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
198 "<table class=\"voters\">\n". |
0 | 199 " <tr>\n". |
5
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
200 " <th class=\"vid\">#</th>\n". |
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
201 " <th class=\"vkey\">Vote key</th>\n". |
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
202 " <th class=\"vname\">Name</th>\n". |
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
203 " <th style=\"vactive\">Active</th>\n". |
0 | 204 " </tr>\n"; |
205 $row = 0; | |
206 foreach ($res as $item) | |
207 { | |
208 $id = $item["id"]; | |
209 $prefix = "vo"; | |
210 echo | |
211 " <tr>\n". | |
5
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
212 " <tr class=\"".($item["enabled"] ? "vactive " : ""). |
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
213 ($row % 2 == 1 ? "rodd" : "reven")."\" id=\"voter".$id."\">\n". |
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
214 " <td class=\"vid\">".sprintf("%04d", $id)."</td>\n". |
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
215 " <td class=\"vkey\">".chentities($item["key"])."</td>\n". |
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
216 " <td class=\"vname\">".stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"], |
0 | 217 "onBlur=\"updateVoter(".$id.")\" autocomplete=\"off\"")."</td>\n". |
5
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
218 " <td class=\"vactive\">".stGetFormCheckBoxInput("enabled", $id, $prefix, $item["enabled"], "", |
0 | 219 "onClick=\"updateVoter(".$id.")\"")."</td>\n". |
220 " </tr>\n"; | |
221 $row++; | |
222 } | |
223 echo "</table>\n"; | |
224 } | |
225 } | |
226 break; | |
227 | |
228 case "delete": | |
229 if (stChkRequestItem("id")) | |
230 { | |
231 $id = intval(stGetRequestItem("id")); | |
232 | |
233 if ($type == "news") | |
234 $sql = stPrepareSQL("DELETE FROM news WHERE id=%d AND persist=0", $id); | |
235 else | |
236 if ($type == "attendees") | |
237 $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id); | |
238 else | |
239 if ($type == "entries") | |
240 $sql = stPrepareSQL("DELETE FROM entries WHERE id=%d", $id); | |
241 | |
242 execSQLCond($sql, "OK, ".$type." item ".$id." deleted."); | |
243 } | |
244 else | |
245 setStatus(901, "No ID specified."); | |
246 break; | |
247 | |
248 case "add": | |
249 if ($type == "news" && stChkRequestItem("text") && stChkRequestItem("author") && stChkRequestItem("title")) | |
250 { | |
251 $sql = stPrepareSQL( | |
252 "INSERT INTO news (utime,title,text,author) VALUES (%d,%S,%Q,%S)", | |
253 time(), "title", "text", "author"); | |
254 | |
255 execSQLCond($sql, "OK, news item added."); | |
256 } | |
257 else | |
258 if ($type == "compo" && stChkRequestItem("name") && stChkRequestItem("description")) | |
259 { | |
260 $sql = stPrepareSQL( | |
261 "INSERT INTO compos (name,description,enabled) VALUES (%S,%Q,0)", | |
262 "name", "description", 0); | |
263 | |
264 execSQLCond($sql, "OK, compo added."); | |
265 } | |
266 else | |
267 if ($type == "entry" && stChkRequestItem("name") && stChkRequestItem("author") && stChkRequestItem("compo_id")) | |
268 { | |
269 $sql = stPrepareSQL( | |
270 "INSERT INTO entries (name,author,compo_id) VALUES (%S,%Q,%D)", | |
271 "name", "author", "compo_id"); | |
272 | |
273 execSQLCond($sql, "OK, entry added."); | |
274 } | |
275 else | |
276 setStatus(902, "No data."); | |
277 break; | |
278 | |
279 case "update": | |
280 if ($type == "attendees" && stChkRequestItem("id") && | |
281 stChkRequestItem("email") && stChkRequestItem("oneliner")) | |
282 { | |
283 $sql = stPrepareSQLUpdate("attendees", | |
284 "WHERE id=".intval(stGetRequestItem("id")), | |
285 array( | |
286 "email" => "S", | |
287 "oneliner" => "S", | |
288 )); | |
289 | |
290 execSQLCond($sql, "OK, attendee updated."); | |
291 } | |
292 else | |
293 if ($type == "news" && stChkRequestItem("id") && | |
294 stChkRequestItem("text") && stChkRequestItem("author") && | |
295 stChkRequestItem("title")) | |
296 { | |
297 $sql = stPrepareSQLUpdate("news", | |
298 "WHERE id=".intval(stGetRequestItem("id")), | |
299 array( | |
300 "title" => "S", | |
301 "text" => "Q", | |
302 "author" => "S" | |
303 )); | |
304 | |
305 execSQLCond($sql, "OK, news item updated."); | |
306 } | |
307 else | |
308 if ($type == "compo" && stChkRequestItem("id") && | |
309 stChkRequestItem("name") && stChkRequestItem("description") && | |
310 stChkRequestItem("enabled")) | |
311 { | |
312 $sql = stPrepareSQLUpdate("compos", | |
313 "WHERE id=".intval(stGetRequestItem("id")), | |
314 array( | |
315 "name" => "S", | |
316 "description" => "Q", | |
317 "enabled" => "B", | |
318 )); | |
319 | |
320 execSQLCond($sql, "OK, compo updated."); | |
321 } | |
322 else | |
323 if ($type == "voter" && stChkRequestItem("id") && | |
324 stChkRequestItem("name") && stChkRequestItem("enabled")) | |
325 { | |
326 $sql = stPrepareSQLUpdate("voters", | |
327 "WHERE id=".intval(stGetRequestItem("id")), | |
328 array( | |
329 "name" => "S", | |
330 "enabled" => "B", | |
331 )); | |
332 | |
333 execSQLCond($sql, "OK, voter updated."); | |
334 } | |
335 else | |
336 if ($type == "entry" && stChkRequestItem("id") && | |
3
916623924bd5
More work on the party management and voting system.
Matti Hamalainen <ccr@tnsp.org>
parents:
0
diff
changeset
|
337 stChkRequestItem("name") && stChkRequestItem("author")) |
0 | 338 { |
339 $sql = stPrepareSQLUpdate("entries", | |
340 "WHERE id=".intval(stGetRequestItem("id"). | |
341 " AND compo_id=".intval(stGetRequestItem("compo_id"))), | |
342 array( | |
343 "name" => "S", | |
344 "author" => "S", | |
345 )); | |
346 | |
347 execSQLCond($sql, "OK, voter updated."); | |
348 } | |
349 else | |
350 setStatus(902, "No data."); | |
351 break; | |
352 | |
353 default: | |
354 setStatus(404, "Not Found"); | |
355 break; | |
356 } | |
357 | |
358 ?> |