0
|
1 <?
|
|
2 require "mconfig.inc.php";
|
|
3 require "msite.inc.php";
|
|
4
|
|
5 // Check if we are allowed to execute
|
|
6 if (!stCheckHTTPS() || !stAuthSession())
|
|
7 {
|
|
8 header("Status: 404 Not Found");
|
|
9 exit;
|
|
10 }
|
|
11
|
|
12 header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
|
|
13 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
|
|
14
|
|
15
|
|
16 // Open PDO database connection
|
|
17 if (!stConnectSQLDB())
|
|
18 die("Could not connect to SQL database.");
|
|
19
|
|
20
|
|
21 function setStatus($val, $msg)
|
|
22 {
|
|
23 global $statusSet;
|
|
24 if (!$statusSet)
|
|
25 {
|
|
26 header("Status: ".$val." ".$msg);
|
|
27 }
|
|
28 $statusSet = TRUE;
|
|
29 }
|
|
30
|
|
31
|
|
32 function execSQLCond($sql, $okmsg)
|
|
33 {
|
|
34 if (($res = stExecSQL($sql)) !== FALSE)
|
|
35 {
|
|
36 if ($okmsg != "")
|
|
37 setStatus(200, $okmsg);
|
|
38 return $res;
|
|
39 }
|
|
40 else
|
|
41 {
|
|
42 setStatus(900, "Error in SQL execution.");
|
|
43 return FALSE;
|
|
44 }
|
|
45 }
|
|
46
|
|
47
|
|
48 // XMLHttp responses
|
|
49 $action = "ERROR";
|
|
50 if (stChkRequestItem("action") && stChkRequestItem("type"))
|
|
51 {
|
|
52 $action = $_REQUEST["action"];
|
|
53 $type = $_REQUEST["type"];
|
|
54 }
|
|
55
|
|
56
|
|
57 switch ($action)
|
|
58 {
|
|
59 case "dump":
|
|
60 if (($res = execSQLCond(
|
|
61 "SELECT * FROM attendees WHERE email NOT NULL AND email != '' ORDER BY regtime DESC",
|
|
62 "Dump OK.")) !== FALSE)
|
|
63 {
|
|
64 $out1 = array();
|
|
65 $out2 = array();
|
|
66
|
|
67 foreach ($res as $item)
|
|
68 {
|
|
69 $out1[] = $item["name"]." <".$item["email"].">";
|
|
70 $out2[] = $item["email"];
|
|
71 }
|
|
72
|
|
73 echo "<br /><hr />".
|
|
74 implode(", ", $out1)."<br /><hr /><br />".
|
|
75 implode("<br />", $out1)."<br /><hr /><br />".
|
|
76 implode(", ", $out2)."<br /><hr /><br />".
|
|
77 implode("<br />", $out2)."<br /><hr />";
|
|
78
|
|
79 }
|
|
80 break;
|
|
81
|
|
82 case "get":
|
|
83 switch ($type)
|
|
84 {
|
|
85 case "news":
|
|
86 $sql = "SELECT * FROM news ORDER BY utime DESC";
|
|
87 break;
|
|
88
|
|
89 case "attendees":
|
|
90 $sql = "SELECT * FROM attendees ORDER BY regtime DESC";
|
|
91 break;
|
|
92
|
|
93 case "compos":
|
|
94 $sql = "SELECT * FROM compos ORDER BY id DESC";
|
|
95 break;
|
|
96
|
|
97 case "entries":
|
|
98 stGetCompoList(TRUE);
|
|
99
|
|
100 foreach ($compos as $id => $compo)
|
|
101 {
|
|
102 echo
|
|
103 "<form>\n".
|
|
104 " <table class=\"misc\">\n".
|
|
105 " <tr>\n".
|
|
106 " <th colspan=\"3\">".chentities($compo["name"])."</th>\n".
|
|
107 " </tr>\n".
|
|
108 " <tr>\n".
|
|
109 " <th>Title</th>\n".
|
|
110 " <th>Author</th>\n".
|
|
111 " <th>Actions</th>\n".
|
|
112 " </tr>\n";
|
|
113
|
|
114 $prefix = "en";
|
|
115 foreach ($compo["entries"] as $eid => $entry)
|
|
116 {
|
|
117 echo
|
|
118 " <tr id=\"entry".$eid."\">\n".
|
|
119 " <td>".stGetFormTextInput(40, 64, "name", $eid, "en", $entry["name"])."</td>\n".
|
|
120 " <td>".stGetFormTextInput(40, 64, "author", $eid, "en", $entry["author"])."</td>\n".
|
|
121 " <td>".
|
|
122 stGetFormButtonInput("update", $eid, $prefix, " Update ", "updateEntry(".$eid.")").
|
|
123 stGetFormButtonInput("delete", $eid, $prefix, " Delete ", "deleteEntry(".$eid.")").
|
|
124 "</td>\n".
|
|
125 " </tr>\n";
|
|
126 }
|
|
127 $prefix = "ne";
|
|
128 echo
|
|
129 " <tr>\n".
|
|
130 " <td>".stGetFormTextInput(40, 64, "name", $id, "ne", "")."</td>\n".
|
|
131 " <td>".stGetFormTextInput(40, 64, "author", $id, "ne", "")."</td>\n".
|
|
132 " <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n".
|
|
133 " </tr>\n".
|
|
134 " </table>\n".
|
|
135 "</form>\n";
|
|
136 }
|
|
137 break;
|
|
138
|
|
139 case "voters":
|
|
140 $sql = "SELECT * FROM voters ORDER BY id ASC";
|
|
141 }
|
|
142
|
|
143 if (isset($sql) && ($res = execSQLCond($sql, "")) !== FALSE)
|
|
144 {
|
|
145 if ($type == "news")
|
|
146 {
|
|
147 foreach ($res as $item)
|
|
148 {
|
|
149 $id = $item["id"];
|
|
150 stPrintNewsItem($item,
|
|
151 "<br />".
|
|
152 " <button class=\"button\" id=\"ndel".$id.
|
|
153 "\" type=\"button\" onclick=\"deleteNews(".$id.
|
|
154 ")\">Delete</button>\n"
|
|
155 );
|
|
156 }
|
|
157 }
|
|
158 else
|
|
159 if ($type == "attendees")
|
|
160 {
|
|
161 echo
|
|
162 "<table class=\"attendees\">\n".
|
|
163 " <tr>\n".
|
|
164 " <th>Name</th>\n".
|
|
165 " <th class=\"groups\">Group(s)</th>\n".
|
|
166 " <th class=\"regtime\">Registered</th>\n".
|
|
167 " <th class=\"oneliner\">Oneliner</th>\n".
|
|
168 " <th class=\"email\">E-mail</th>\n".
|
|
169 " <th>Actions</th>\n".
|
|
170 " </tr>\n";
|
|
171 $row = 0;
|
|
172 foreach ($res as $item)
|
|
173 stPrintAttendee($item, $row++, TRUE);
|
|
174 echo "</table>\n";
|
|
175 }
|
|
176 else
|
|
177 if ($type == "compos")
|
|
178 {
|
|
179 foreach ($res as $item)
|
|
180 {
|
|
181 $id = $item["id"];
|
|
182 $prefix = "co";
|
|
183 echo
|
|
184 "<div id=\"compo".$id."\">\n".
|
|
185 "<h2>#".$id." - ".chentities($item["name"])."</h2>\n".
|
|
186 stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"])."\n".
|
|
187 stGetFormCheckBoxInput("enabled", $id, $prefix, $item["enabled"], "Enabled")."<br />\n".
|
|
188 stGetFormTextArea(5, 60, "description", $id, $prefix, $item["description"])."\n<br />\n".
|
|
189 stGetFormButtonInput("update", $id, $prefix, " Update ", "updateCompo(".$id.")")."\n".
|
|
190 "</div>\n".
|
|
191 "<hr />\n";
|
|
192 }
|
|
193 }
|
|
194 else
|
|
195 if ($type == "voters")
|
|
196 {
|
|
197 echo
|
|
198 "<table class=\"misc\">\n".
|
|
199 " <tr>\n".
|
|
200 " <th style=\"width: 5%; text-align: center;\">#</th>\n".
|
|
201 " <th style=\"\">Vote key</th>\n".
|
|
202 " <th style=\"\">Name</th>\n".
|
|
203 " <th style=\"width: 5%; text-align: center;\">Active</th>\n".
|
|
204 " </tr>\n";
|
|
205 $row = 0;
|
|
206 foreach ($res as $item)
|
|
207 {
|
|
208 $id = $item["id"];
|
|
209 $prefix = "vo";
|
|
210 echo
|
|
211 " <tr>\n".
|
|
212 " <tr class=\"".($row % 2 == 1 ? "rodd" : "reven")."\" id=\"voter".$id."\">\n".
|
|
213 " <td>".sprintf("%04d", $id)."</td>\n".
|
|
214 " <td>".chentities($item["key"])."</td>\n".
|
|
215 " <td>".stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"],
|
|
216 "onBlur=\"updateVoter(".$id.")\" autocomplete=\"off\"")."</td>\n".
|
|
217 " <td>".stGetFormCheckBoxInput("enabled", $id, $prefix, $item["enabled"], "Active",
|
|
218 "onClick=\"updateVoter(".$id.")\"")."</td>\n".
|
|
219 " </tr>\n";
|
|
220 $row++;
|
|
221 }
|
|
222 echo "</table>\n";
|
|
223 }
|
|
224 }
|
|
225 break;
|
|
226
|
|
227 case "delete":
|
|
228 if (stChkRequestItem("id"))
|
|
229 {
|
|
230 $id = intval(stGetRequestItem("id"));
|
|
231
|
|
232 if ($type == "news")
|
|
233 $sql = stPrepareSQL("DELETE FROM news WHERE id=%d AND persist=0", $id);
|
|
234 else
|
|
235 if ($type == "attendees")
|
|
236 $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id);
|
|
237 else
|
|
238 if ($type == "entries")
|
|
239 $sql = stPrepareSQL("DELETE FROM entries WHERE id=%d", $id);
|
|
240
|
|
241 execSQLCond($sql, "OK, ".$type." item ".$id." deleted.");
|
|
242 }
|
|
243 else
|
|
244 setStatus(901, "No ID specified.");
|
|
245 break;
|
|
246
|
|
247 case "add":
|
|
248 if ($type == "news" && stChkRequestItem("text") && stChkRequestItem("author") && stChkRequestItem("title"))
|
|
249 {
|
|
250 $sql = stPrepareSQL(
|
|
251 "INSERT INTO news (utime,title,text,author) VALUES (%d,%S,%Q,%S)",
|
|
252 time(), "title", "text", "author");
|
|
253
|
|
254 execSQLCond($sql, "OK, news item added.");
|
|
255 }
|
|
256 else
|
|
257 if ($type == "compo" && stChkRequestItem("name") && stChkRequestItem("description"))
|
|
258 {
|
|
259 $sql = stPrepareSQL(
|
|
260 "INSERT INTO compos (name,description,enabled) VALUES (%S,%Q,0)",
|
|
261 "name", "description", 0);
|
|
262
|
|
263 execSQLCond($sql, "OK, compo added.");
|
|
264 }
|
|
265 else
|
|
266 if ($type == "entry" && stChkRequestItem("name") && stChkRequestItem("author") && stChkRequestItem("compo_id"))
|
|
267 {
|
|
268 $sql = stPrepareSQL(
|
|
269 "INSERT INTO entries (name,author,compo_id) VALUES (%S,%Q,%D)",
|
|
270 "name", "author", "compo_id");
|
|
271
|
|
272 execSQLCond($sql, "OK, entry added.");
|
|
273 }
|
|
274 else
|
|
275 setStatus(902, "No data.");
|
|
276 break;
|
|
277
|
|
278 case "update":
|
|
279 if ($type == "attendees" && stChkRequestItem("id") &&
|
|
280 stChkRequestItem("email") && stChkRequestItem("oneliner"))
|
|
281 {
|
|
282 $sql = stPrepareSQLUpdate("attendees",
|
|
283 "WHERE id=".intval(stGetRequestItem("id")),
|
|
284 array(
|
|
285 "email" => "S",
|
|
286 "oneliner" => "S",
|
|
287 ));
|
|
288
|
|
289 execSQLCond($sql, "OK, attendee updated.");
|
|
290 }
|
|
291 else
|
|
292 if ($type == "news" && stChkRequestItem("id") &&
|
|
293 stChkRequestItem("text") && stChkRequestItem("author") &&
|
|
294 stChkRequestItem("title"))
|
|
295 {
|
|
296 $sql = stPrepareSQLUpdate("news",
|
|
297 "WHERE id=".intval(stGetRequestItem("id")),
|
|
298 array(
|
|
299 "title" => "S",
|
|
300 "text" => "Q",
|
|
301 "author" => "S"
|
|
302 ));
|
|
303
|
|
304 execSQLCond($sql, "OK, news item updated.");
|
|
305 }
|
|
306 else
|
|
307 if ($type == "compo" && stChkRequestItem("id") &&
|
|
308 stChkRequestItem("name") && stChkRequestItem("description") &&
|
|
309 stChkRequestItem("enabled"))
|
|
310 {
|
|
311 $sql = stPrepareSQLUpdate("compos",
|
|
312 "WHERE id=".intval(stGetRequestItem("id")),
|
|
313 array(
|
|
314 "name" => "S",
|
|
315 "description" => "Q",
|
|
316 "enabled" => "B",
|
|
317 ));
|
|
318
|
|
319 execSQLCond($sql, "OK, compo updated.");
|
|
320 }
|
|
321 else
|
|
322 if ($type == "voter" && stChkRequestItem("id") &&
|
|
323 stChkRequestItem("name") && stChkRequestItem("enabled"))
|
|
324 {
|
|
325 $sql = stPrepareSQLUpdate("voters",
|
|
326 "WHERE id=".intval(stGetRequestItem("id")),
|
|
327 array(
|
|
328 "name" => "S",
|
|
329 "enabled" => "B",
|
|
330 ));
|
|
331
|
|
332 execSQLCond($sql, "OK, voter updated.");
|
|
333 }
|
|
334 else
|
|
335 if ($type == "entry" && stChkRequestItem("id") &&
|
|
336 stChkRequestItem("compo_id") && stChkRequestItem("name") &&
|
|
337 stChkRequestItem("author"))
|
|
338 {
|
|
339 $sql = stPrepareSQLUpdate("entries",
|
|
340 "WHERE id=".intval(stGetRequestItem("id").
|
|
341 " AND compo_id=".intval(stGetRequestItem("compo_id"))),
|
|
342 array(
|
|
343 "name" => "S",
|
|
344 "author" => "S",
|
|
345 ));
|
|
346
|
|
347 execSQLCond($sql, "OK, voter updated.");
|
|
348 }
|
|
349 else
|
|
350 setStatus(902, "No data.");
|
|
351 break;
|
|
352
|
|
353 default:
|
|
354 setStatus(404, "Not Found");
|
|
355 break;
|
|
356 }
|
|
357
|
|
358 ?> |