Mercurial > hg > fapweb
annotate ajax.php @ 5:76c3b89d7b11
Improve voting, clean up the code, etc.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Wed, 05 Dec 2012 08:08:58 +0200 |
| parents | 916623924bd5 |
| children | 4c5f651aa107 |
| rev | line source |
|---|---|
| 0 | 1 <? |
| 2 require "mconfig.inc.php"; | |
| 3 require "msite.inc.php"; | |
| 4 | |
| 5 // Check if we are allowed to execute | |
|
5
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
6 if (!stCheckHTTPS() || !stAdmSessionAuth()) |
| 0 | 7 { |
| 8 header("Status: 404 Not Found"); | |
| 9 exit; | |
| 10 } | |
| 11 | |
| 12 header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 | |
| 13 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past | |
| 14 | |
| 15 | |
| 16 // Open PDO database connection | |
| 17 if (!stConnectSQLDB()) | |
| 18 die("Could not connect to SQL database."); | |
| 19 | |
| 20 | |
| 21 function setStatus($val, $msg) | |
| 22 { | |
| 23 global $statusSet; | |
| 24 if (!$statusSet) | |
| 25 { | |
| 26 header("Status: ".$val." ".$msg); | |
| 27 } | |
| 28 $statusSet = TRUE; | |
| 29 } | |
| 30 | |
| 31 | |
| 32 function execSQLCond($sql, $okmsg) | |
| 33 { | |
| 34 if (($res = stExecSQL($sql)) !== FALSE) | |
| 35 { | |
| 36 if ($okmsg != "") | |
| 37 setStatus(200, $okmsg); | |
| 38 return $res; | |
| 39 } | |
| 40 else | |
| 41 { | |
| 42 setStatus(900, "Error in SQL execution."); | |
| 43 return FALSE; | |
| 44 } | |
| 45 } | |
| 46 | |
| 47 | |
| 48 // XMLHttp responses | |
| 49 $action = "ERROR"; | |
| 50 if (stChkRequestItem("action") && stChkRequestItem("type")) | |
| 51 { | |
| 52 $action = $_REQUEST["action"]; | |
| 53 $type = $_REQUEST["type"]; | |
| 54 } | |
| 55 | |
| 56 | |
| 57 switch ($action) | |
| 58 { | |
| 59 case "dump": | |
| 60 if (($res = execSQLCond( | |
| 61 "SELECT * FROM attendees WHERE email NOT NULL AND email != '' ORDER BY regtime DESC", | |
| 62 "Dump OK.")) !== FALSE) | |
| 63 { | |
| 64 $out1 = array(); | |
| 65 $out2 = array(); | |
| 66 | |
| 67 foreach ($res as $item) | |
| 68 { | |
| 69 $out1[] = $item["name"]." <".$item["email"].">"; | |
| 70 $out2[] = $item["email"]; | |
| 71 } | |
| 72 | |
| 73 echo "<br /><hr />". | |
| 74 implode(", ", $out1)."<br /><hr /><br />". | |
| 75 implode("<br />", $out1)."<br /><hr /><br />". | |
| 76 implode(", ", $out2)."<br /><hr /><br />". | |
| 77 implode("<br />", $out2)."<br /><hr />"; | |
| 78 | |
| 79 } | |
| 80 break; | |
| 81 | |
| 82 case "get": | |
| 83 switch ($type) | |
| 84 { | |
| 85 case "news": | |
| 86 $sql = "SELECT * FROM news ORDER BY utime DESC"; | |
| 87 break; | |
| 88 | |
| 89 case "attendees": | |
| 90 $sql = "SELECT * FROM attendees ORDER BY regtime DESC"; | |
| 91 break; | |
| 92 | |
| 93 case "compos": | |
| 94 $sql = "SELECT * FROM compos ORDER BY id DESC"; | |
| 95 break; | |
| 96 | |
| 97 case "entries": | |
| 98 stGetCompoList(TRUE); | |
| 99 | |
| 100 foreach ($compos as $id => $compo) | |
| 101 { | |
| 102 echo | |
| 103 "<form>\n". | |
| 104 " <table class=\"misc\">\n". | |
| 105 " <tr>\n". | |
| 106 " <th colspan=\"3\">".chentities($compo["name"])."</th>\n". | |
| 107 " </tr>\n". | |
| 108 " <tr>\n". | |
| 109 " <th>Title</th>\n". | |
| 110 " <th>Author</th>\n". | |
| 111 " <th>Actions</th>\n". | |
| 112 " </tr>\n"; | |
| 113 | |
| 114 $prefix = "en"; | |
| 115 foreach ($compo["entries"] as $eid => $entry) | |
| 116 { | |
| 117 echo | |
| 118 " <tr id=\"entry".$eid."\">\n". | |
| 119 " <td>".stGetFormTextInput(40, 64, "name", $eid, "en", $entry["name"])."</td>\n". | |
| 120 " <td>".stGetFormTextInput(40, 64, "author", $eid, "en", $entry["author"])."</td>\n". | |
| 121 " <td>". | |
| 122 stGetFormButtonInput("update", $eid, $prefix, " Update ", "updateEntry(".$eid.")"). | |
| 123 stGetFormButtonInput("delete", $eid, $prefix, " Delete ", "deleteEntry(".$eid.")"). | |
| 124 "</td>\n". | |
| 125 " </tr>\n"; | |
| 126 } | |
| 127 $prefix = "ne"; | |
| 128 echo | |
| 129 " <tr>\n". | |
| 130 " <td>".stGetFormTextInput(40, 64, "name", $id, "ne", "")."</td>\n". | |
| 131 " <td>".stGetFormTextInput(40, 64, "author", $id, "ne", "")."</td>\n". | |
| 132 " <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n". | |
| 133 " </tr>\n". | |
| 134 " </table>\n". | |
| 135 "</form>\n"; | |
| 136 } | |
| 137 break; | |
| 138 | |
| 139 case "voters": | |
| 140 $sql = "SELECT * FROM voters ORDER BY id ASC"; | |
| 141 } | |
| 142 | |
| 143 if (isset($sql) && ($res = execSQLCond($sql, "")) !== FALSE) | |
| 144 { | |
| 145 if ($type == "news") | |
| 146 { | |
| 147 foreach ($res as $item) | |
| 148 { | |
| 149 $id = $item["id"]; | |
| 150 stPrintNewsItem($item, | |
| 151 "<br />". | |
| 152 " <button class=\"button\" id=\"ndel".$id. | |
| 153 "\" type=\"button\" onclick=\"deleteNews(".$id. | |
| 154 ")\">Delete</button>\n" | |
| 155 ); | |
| 156 } | |
| 157 } | |
| 158 else | |
| 159 if ($type == "attendees") | |
| 160 { | |
| 161 echo | |
| 162 "<table class=\"attendees\">\n". | |
| 163 " <tr>\n". | |
| 164 " <th>Name</th>\n". | |
| 165 " <th class=\"groups\">Group(s)</th>\n". | |
| 166 " <th class=\"regtime\">Registered</th>\n". | |
| 167 " <th class=\"oneliner\">Oneliner</th>\n". | |
| 168 " <th class=\"email\">E-mail</th>\n". | |
| 169 " <th>Actions</th>\n". | |
| 170 " </tr>\n"; | |
| 171 $row = 0; | |
| 172 foreach ($res as $item) | |
| 173 stPrintAttendee($item, $row++, TRUE); | |
| 174 echo "</table>\n"; | |
| 175 } | |
| 176 else | |
| 177 if ($type == "compos") | |
| 178 { | |
| 179 foreach ($res as $item) | |
| 180 { | |
| 181 $id = $item["id"]; | |
| 182 $prefix = "co"; | |
| 183 echo | |
| 184 "<div id=\"compo".$id."\">\n". | |
| 185 "<h2>#".$id." - ".chentities($item["name"])."</h2>\n". | |
| 186 stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"])."\n". | |
| 187 stGetFormCheckBoxInput("enabled", $id, $prefix, $item["enabled"], "Enabled")."<br />\n". | |
| 188 stGetFormTextArea(5, 60, "description", $id, $prefix, $item["description"])."\n<br />\n". | |
| 189 stGetFormButtonInput("update", $id, $prefix, " Update ", "updateCompo(".$id.")")."\n". | |
| 190 "</div>\n". | |
| 191 "<hr />\n"; | |
| 192 } | |
| 193 } | |
| 194 else | |
| 195 if ($type == "voters") | |
| 196 { | |
| 197 echo | |
|
5
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
198 "<table class=\"voters\">\n". |
| 0 | 199 " <tr>\n". |
|
5
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
200 " <th class=\"vid\">#</th>\n". |
|
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
201 " <th class=\"vkey\">Vote key</th>\n". |
|
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
202 " <th class=\"vname\">Name</th>\n". |
|
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
203 " <th style=\"vactive\">Active</th>\n". |
| 0 | 204 " </tr>\n"; |
| 205 $row = 0; | |
| 206 foreach ($res as $item) | |
| 207 { | |
| 208 $id = $item["id"]; | |
| 209 $prefix = "vo"; | |
| 210 echo | |
| 211 " <tr>\n". | |
|
5
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
212 " <tr class=\"".($item["enabled"] ? "vactive " : ""). |
|
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
213 ($row % 2 == 1 ? "rodd" : "reven")."\" id=\"voter".$id."\">\n". |
|
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
214 " <td class=\"vid\">".sprintf("%04d", $id)."</td>\n". |
|
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
215 " <td class=\"vkey\">".chentities($item["key"])."</td>\n". |
|
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
216 " <td class=\"vname\">".stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"], |
| 0 | 217 "onBlur=\"updateVoter(".$id.")\" autocomplete=\"off\"")."</td>\n". |
|
5
76c3b89d7b11
Improve voting, clean up the code, etc.
Matti Hamalainen <ccr@tnsp.org>
parents:
3
diff
changeset
|
218 " <td class=\"vactive\">".stGetFormCheckBoxInput("enabled", $id, $prefix, $item["enabled"], "", |
| 0 | 219 "onClick=\"updateVoter(".$id.")\"")."</td>\n". |
| 220 " </tr>\n"; | |
| 221 $row++; | |
| 222 } | |
| 223 echo "</table>\n"; | |
| 224 } | |
| 225 } | |
| 226 break; | |
| 227 | |
| 228 case "delete": | |
| 229 if (stChkRequestItem("id")) | |
| 230 { | |
| 231 $id = intval(stGetRequestItem("id")); | |
| 232 | |
| 233 if ($type == "news") | |
| 234 $sql = stPrepareSQL("DELETE FROM news WHERE id=%d AND persist=0", $id); | |
| 235 else | |
| 236 if ($type == "attendees") | |
| 237 $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id); | |
| 238 else | |
| 239 if ($type == "entries") | |
| 240 $sql = stPrepareSQL("DELETE FROM entries WHERE id=%d", $id); | |
| 241 | |
| 242 execSQLCond($sql, "OK, ".$type." item ".$id." deleted."); | |
| 243 } | |
| 244 else | |
| 245 setStatus(901, "No ID specified."); | |
| 246 break; | |
| 247 | |
| 248 case "add": | |
| 249 if ($type == "news" && stChkRequestItem("text") && stChkRequestItem("author") && stChkRequestItem("title")) | |
| 250 { | |
| 251 $sql = stPrepareSQL( | |
| 252 "INSERT INTO news (utime,title,text,author) VALUES (%d,%S,%Q,%S)", | |
| 253 time(), "title", "text", "author"); | |
| 254 | |
| 255 execSQLCond($sql, "OK, news item added."); | |
| 256 } | |
| 257 else | |
| 258 if ($type == "compo" && stChkRequestItem("name") && stChkRequestItem("description")) | |
| 259 { | |
| 260 $sql = stPrepareSQL( | |
| 261 "INSERT INTO compos (name,description,enabled) VALUES (%S,%Q,0)", | |
| 262 "name", "description", 0); | |
| 263 | |
| 264 execSQLCond($sql, "OK, compo added."); | |
| 265 } | |
| 266 else | |
| 267 if ($type == "entry" && stChkRequestItem("name") && stChkRequestItem("author") && stChkRequestItem("compo_id")) | |
| 268 { | |
| 269 $sql = stPrepareSQL( | |
| 270 "INSERT INTO entries (name,author,compo_id) VALUES (%S,%Q,%D)", | |
| 271 "name", "author", "compo_id"); | |
| 272 | |
| 273 execSQLCond($sql, "OK, entry added."); | |
| 274 } | |
| 275 else | |
| 276 setStatus(902, "No data."); | |
| 277 break; | |
| 278 | |
| 279 case "update": | |
| 280 if ($type == "attendees" && stChkRequestItem("id") && | |
| 281 stChkRequestItem("email") && stChkRequestItem("oneliner")) | |
| 282 { | |
| 283 $sql = stPrepareSQLUpdate("attendees", | |
| 284 "WHERE id=".intval(stGetRequestItem("id")), | |
| 285 array( | |
| 286 "email" => "S", | |
| 287 "oneliner" => "S", | |
| 288 )); | |
| 289 | |
| 290 execSQLCond($sql, "OK, attendee updated."); | |
| 291 } | |
| 292 else | |
| 293 if ($type == "news" && stChkRequestItem("id") && | |
| 294 stChkRequestItem("text") && stChkRequestItem("author") && | |
| 295 stChkRequestItem("title")) | |
| 296 { | |
| 297 $sql = stPrepareSQLUpdate("news", | |
| 298 "WHERE id=".intval(stGetRequestItem("id")), | |
| 299 array( | |
| 300 "title" => "S", | |
| 301 "text" => "Q", | |
| 302 "author" => "S" | |
| 303 )); | |
| 304 | |
| 305 execSQLCond($sql, "OK, news item updated."); | |
| 306 } | |
| 307 else | |
| 308 if ($type == "compo" && stChkRequestItem("id") && | |
| 309 stChkRequestItem("name") && stChkRequestItem("description") && | |
| 310 stChkRequestItem("enabled")) | |
| 311 { | |
| 312 $sql = stPrepareSQLUpdate("compos", | |
| 313 "WHERE id=".intval(stGetRequestItem("id")), | |
| 314 array( | |
| 315 "name" => "S", | |
| 316 "description" => "Q", | |
| 317 "enabled" => "B", | |
| 318 )); | |
| 319 | |
| 320 execSQLCond($sql, "OK, compo updated."); | |
| 321 } | |
| 322 else | |
| 323 if ($type == "voter" && stChkRequestItem("id") && | |
| 324 stChkRequestItem("name") && stChkRequestItem("enabled")) | |
| 325 { | |
| 326 $sql = stPrepareSQLUpdate("voters", | |
| 327 "WHERE id=".intval(stGetRequestItem("id")), | |
| 328 array( | |
| 329 "name" => "S", | |
| 330 "enabled" => "B", | |
| 331 )); | |
| 332 | |
| 333 execSQLCond($sql, "OK, voter updated."); | |
| 334 } | |
| 335 else | |
| 336 if ($type == "entry" && stChkRequestItem("id") && | |
|
3
916623924bd5
More work on the party management and voting system.
Matti Hamalainen <ccr@tnsp.org>
parents:
0
diff
changeset
|
337 stChkRequestItem("name") && stChkRequestItem("author")) |
| 0 | 338 { |
| 339 $sql = stPrepareSQLUpdate("entries", | |
| 340 "WHERE id=".intval(stGetRequestItem("id"). | |
| 341 " AND compo_id=".intval(stGetRequestItem("compo_id"))), | |
| 342 array( | |
| 343 "name" => "S", | |
| 344 "author" => "S", | |
| 345 )); | |
| 346 | |
| 347 execSQLCond($sql, "OK, voter updated."); | |
| 348 } | |
| 349 else | |
| 350 setStatus(902, "No data."); | |
| 351 break; | |
| 352 | |
| 353 default: | |
| 354 setStatus(404, "Not Found"); | |
| 355 break; | |
| 356 } | |
| 357 | |
| 358 ?> |