Mercurial > hg > fapweb

comparison ajax.php @ 0:8019b357cc03

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial import.
author Matti Hamalainen <ccr@tnsp.org>
date Tue, 04 Dec 2012 19:07:18 +0200
parents
children 916623924bd5
comparison
equal deleted inserted replaced
-1:000000000000 0:8019b357cc03
1 <?
2 require "mconfig.inc.php";
3 require "msite.inc.php";
4
5 // Check if we are allowed to execute
6 if (!stCheckHTTPS() || !stAuthSession())
7 {
8 header("Status: 404 Not Found");
9 exit;
10 }
11
12 header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
13 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
14
15
16 // Open PDO database connection
17 if (!stConnectSQLDB())
18 die("Could not connect to SQL database.");
19
20
21 function setStatus($val, $msg)
22 {
23 global $statusSet;
24 if (!$statusSet)
25 {
26 header("Status: ".$val." ".$msg);
27 }
28 $statusSet = TRUE;
29 }
30
31
32 function execSQLCond($sql, $okmsg)
33 {
34 if (($res = stExecSQL($sql)) !== FALSE)
35 {
36 if ($okmsg != "")
37 setStatus(200, $okmsg);
38 return $res;
39 }
40 else
41 {
42 setStatus(900, "Error in SQL execution.");
43 return FALSE;
44 }
45 }
46
47
48 // XMLHttp responses
49 $action = "ERROR";
50 if (stChkRequestItem("action") && stChkRequestItem("type"))
51 {
52 $action = $_REQUEST["action"];
53 $type = $_REQUEST["type"];
54 }
55
56
57 switch ($action)
58 {
59 case "dump":
60 if (($res = execSQLCond(
61 "SELECT * FROM attendees WHERE email NOT NULL AND email != '' ORDER BY regtime DESC",
62 "Dump OK.")) !== FALSE)
63 {
64 $out1 = array();
65 $out2 = array();
66
67 foreach ($res as $item)
68 {
69 $out1[] = $item["name"]." &lt;".$item["email"]."&gt;";
70 $out2[] = $item["email"];
71 }
72
73 echo "<br /><hr />".
74 implode(", ", $out1)."<br /><hr /><br />".
75 implode("<br />", $out1)."<br /><hr /><br />".
76 implode(", ", $out2)."<br /><hr /><br />".
77 implode("<br />", $out2)."<br /><hr />";
78
79 }
80 break;
81
82 case "get":
83 switch ($type)
84 {
85 case "news":
86 $sql = "SELECT * FROM news ORDER BY utime DESC";
87 break;
88
89 case "attendees":
90 $sql = "SELECT * FROM attendees ORDER BY regtime DESC";
91 break;
92
93 case "compos":
94 $sql = "SELECT * FROM compos ORDER BY id DESC";
95 break;
96
97 case "entries":
98 stGetCompoList(TRUE);
99
100 foreach ($compos as $id => $compo)
101 {
102 echo
103 "<form>\n".
104 " <table class=\"misc\">\n".
105 " <tr>\n".
106 " <th colspan=\"3\">".chentities($compo["name"])."</th>\n".
107 " </tr>\n".
108 " <tr>\n".
109 " <th>Title</th>\n".
110 " <th>Author</th>\n".
111 " <th>Actions</th>\n".
112 " </tr>\n";
113
114 $prefix = "en";
115 foreach ($compo["entries"] as $eid => $entry)
116 {
117 echo
118 " <tr id=\"entry".$eid."\">\n".
119 " <td>".stGetFormTextInput(40, 64, "name", $eid, "en", $entry["name"])."</td>\n".
120 " <td>".stGetFormTextInput(40, 64, "author", $eid, "en", $entry["author"])."</td>\n".
121 " <td>".
122 stGetFormButtonInput("update", $eid, $prefix, " Update ", "updateEntry(".$eid.")").
123 stGetFormButtonInput("delete", $eid, $prefix, " Delete ", "deleteEntry(".$eid.")").
124 "</td>\n".
125 " </tr>\n";
126 }
127 $prefix = "ne";
128 echo
129 " <tr>\n".
130 " <td>".stGetFormTextInput(40, 64, "name", $id, "ne", "")."</td>\n".
131 " <td>".stGetFormTextInput(40, 64, "author", $id, "ne", "")."</td>\n".
132 " <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n".
133 " </tr>\n".
134 " </table>\n".
135 "</form>\n";
136 }
137 break;
138
139 case "voters":
140 $sql = "SELECT * FROM voters ORDER BY id ASC";
141 }
142
143 if (isset($sql) && ($res = execSQLCond($sql, "")) !== FALSE)
144 {
145 if ($type == "news")
146 {
147 foreach ($res as $item)
148 {
149 $id = $item["id"];
150 stPrintNewsItem($item,
151 "<br />".
152 " <button class=\"button\" id=\"ndel".$id.
153 "\" type=\"button\" onclick=\"deleteNews(".$id.
154 ")\">Delete</button>\n"
155 );
156 }
157 }
158 else
159 if ($type == "attendees")
160 {
161 echo
162 "<table class=\"attendees\">\n".
163 " <tr>\n".
164 " <th>Name</th>\n".
165 " <th class=\"groups\">Group(s)</th>\n".
166 " <th class=\"regtime\">Registered</th>\n".
167 " <th class=\"oneliner\">Oneliner</th>\n".
168 " <th class=\"email\">E-mail</th>\n".
169 " <th>Actions</th>\n".
170 " </tr>\n";
171 $row = 0;
172 foreach ($res as $item)
173 stPrintAttendee($item, $row++, TRUE);
174 echo "</table>\n";
175 }
176 else
177 if ($type == "compos")
178 {
179 foreach ($res as $item)
180 {
181 $id = $item["id"];
182 $prefix = "co";
183 echo
184 "<div id=\"compo".$id."\">\n".
185 "<h2>#".$id." - ".chentities($item["name"])."</h2>\n".
186 stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"])."\n".
187 stGetFormCheckBoxInput("enabled", $id, $prefix, $item["enabled"], "Enabled")."<br />\n".
188 stGetFormTextArea(5, 60, "description", $id, $prefix, $item["description"])."\n<br />\n".
189 stGetFormButtonInput("update", $id, $prefix, " Update ", "updateCompo(".$id.")")."\n".
190 "</div>\n".
191 "<hr />\n";
192 }
193 }
194 else
195 if ($type == "voters")
196 {
197 echo
198 "<table class=\"misc\">\n".
199 " <tr>\n".
200 " <th style=\"width: 5%; text-align: center;\">#</th>\n".
201 " <th style=\"\">Vote key</th>\n".
202 " <th style=\"\">Name</th>\n".
203 " <th style=\"width: 5%; text-align: center;\">Active</th>\n".
204 " </tr>\n";
205 $row = 0;
206 foreach ($res as $item)
207 {
208 $id = $item["id"];
209 $prefix = "vo";
210 echo
211 " <tr>\n".
212 " <tr class=\"".($row % 2 == 1 ? "rodd" : "reven")."\" id=\"voter".$id."\">\n".
213 " <td>".sprintf("%04d", $id)."</td>\n".
214 " <td>".chentities($item["key"])."</td>\n".
215 " <td>".stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"],
216 "onBlur=\"updateVoter(".$id.")\" autocomplete=\"off\"")."</td>\n".
217 " <td>".stGetFormCheckBoxInput("enabled", $id, $prefix, $item["enabled"], "Active",
218 "onClick=\"updateVoter(".$id.")\"")."</td>\n".
219 " </tr>\n";
220 $row++;
221 }
222 echo "</table>\n";
223 }
224 }
225 break;
226
227 case "delete":
228 if (stChkRequestItem("id"))
229 {
230 $id = intval(stGetRequestItem("id"));
231
232 if ($type == "news")
233 $sql = stPrepareSQL("DELETE FROM news WHERE id=%d AND persist=0", $id);
234 else
235 if ($type == "attendees")
236 $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id);
237 else
238 if ($type == "entries")
239 $sql = stPrepareSQL("DELETE FROM entries WHERE id=%d", $id);
240
241 execSQLCond($sql, "OK, ".$type." item ".$id." deleted.");
242 }
243 else
244 setStatus(901, "No ID specified.");
245 break;
246
247 case "add":
248 if ($type == "news" && stChkRequestItem("text") && stChkRequestItem("author") && stChkRequestItem("title"))
249 {
250 $sql = stPrepareSQL(
251 "INSERT INTO news (utime,title,text,author) VALUES (%d,%S,%Q,%S)",
252 time(), "title", "text", "author");
253
254 execSQLCond($sql, "OK, news item added.");
255 }
256 else
257 if ($type == "compo" && stChkRequestItem("name") && stChkRequestItem("description"))
258 {
259 $sql = stPrepareSQL(
260 "INSERT INTO compos (name,description,enabled) VALUES (%S,%Q,0)",
261 "name", "description", 0);
262
263 execSQLCond($sql, "OK, compo added.");
264 }
265 else
266 if ($type == "entry" && stChkRequestItem("name") && stChkRequestItem("author") && stChkRequestItem("compo_id"))
267 {
268 $sql = stPrepareSQL(
269 "INSERT INTO entries (name,author,compo_id) VALUES (%S,%Q,%D)",
270 "name", "author", "compo_id");
271
272 execSQLCond($sql, "OK, entry added.");
273 }
274 else
275 setStatus(902, "No data.");
276 break;
277
278 case "update":
279 if ($type == "attendees" && stChkRequestItem("id") &&
280 stChkRequestItem("email") && stChkRequestItem("oneliner"))
281 {
282 $sql = stPrepareSQLUpdate("attendees",
283 "WHERE id=".intval(stGetRequestItem("id")),
284 array(
285 "email" => "S",
286 "oneliner" => "S",
287 ));
288
289 execSQLCond($sql, "OK, attendee updated.");
290 }
291 else
292 if ($type == "news" && stChkRequestItem("id") &&
293 stChkRequestItem("text") && stChkRequestItem("author") &&
294 stChkRequestItem("title"))
295 {
296 $sql = stPrepareSQLUpdate("news",
297 "WHERE id=".intval(stGetRequestItem("id")),
298 array(
299 "title" => "S",
300 "text" => "Q",
301 "author" => "S"
302 ));
303
304 execSQLCond($sql, "OK, news item updated.");
305 }
306 else
307 if ($type == "compo" && stChkRequestItem("id") &&
308 stChkRequestItem("name") && stChkRequestItem("description") &&
309 stChkRequestItem("enabled"))
310 {
311 $sql = stPrepareSQLUpdate("compos",
312 "WHERE id=".intval(stGetRequestItem("id")),
313 array(
314 "name" => "S",
315 "description" => "Q",
316 "enabled" => "B",
317 ));
318
319 execSQLCond($sql, "OK, compo updated.");
320 }
321 else
322 if ($type == "voter" && stChkRequestItem("id") &&
323 stChkRequestItem("name") && stChkRequestItem("enabled"))
324 {
325 $sql = stPrepareSQLUpdate("voters",
326 "WHERE id=".intval(stGetRequestItem("id")),
327 array(
328 "name" => "S",
329 "enabled" => "B",
330 ));
331
332 execSQLCond($sql, "OK, voter updated.");
333 }
334 else
335 if ($type == "entry" && stChkRequestItem("id") &&
336 stChkRequestItem("compo_id") && stChkRequestItem("name") &&
337 stChkRequestItem("author"))
338 {
339 $sql = stPrepareSQLUpdate("entries",
340 "WHERE id=".intval(stGetRequestItem("id").
341 " AND compo_id=".intval(stGetRequestItem("compo_id"))),
342 array(
343 "name" => "S",
344 "author" => "S",
345 ));
346
347 execSQLCond($sql, "OK, voter updated.");
348 }
349 else
350 setStatus(902, "No data.");
351 break;
352
353 default:
354 setStatus(404, "Not Found");
355 break;
356 }
357
358 ?>